Hi Vincent,
Thanks for your report. Yes, I understand it from the messages that on
your machines getpwuid() returns a username including this "@domain"
part, but the server_xscreensaver_version() which queries the server,
strips away all "@" parts (I don't even know if XGetWindowProperty()
returns the @domain part here).
First, I am not familiar enough with SSSD to know if pw_name should
include the "@domain" part, but I will assume it for the following
suggestions, in preferred order:
1) if XGetWindowProperty() returns user@domain@host, this simple patch
could solve it by only stripping the last "@" part:
diff --git a/driver/remote.c b/driver/remote.c
index 83254e0..e409ebc 100644
--- a/driver/remote.c
+++ b/driver/remote.c
@@ -681,7 +681,7 @@ server_xscreensaver_version (Display *dpy,
{
char *o = 0, *p = 0, *c = 0;
o = strchr ((char *) id, '(');
- if (o) p = strchr (o, '@');
+ if (o) p = strrchr (o, '@');
if (p) c = strchr (p, ')');
if (c)
{
2) in case XGetWindowProperty() doesn't return the "@domain" part,
canonicalize the username received via server_xscreensaver_version so
it should match the getpwuid() result:
diff --git a/driver/demo-Gtk.c b/driver/demo-Gtk.c
index da98c53..14f82c1 100644
--- a/driver/demo-Gtk.c
+++ b/driver/demo-Gtk.c
@@ -4477,6 +4477,17 @@ the_network_is_not_the_computer (state *s)
server_xscreensaver_version (dpy, &rversion, &ruser, &rhost);
+ /* canonical name in case of directory service */
+ if (ruser)
+ {
+ const char *new_ruser = getpwnam(ruser)->pw_name;
+ if (new_ruser)
+ {
+ free(ruser);
+ ruser = strdup(new_ruser);
+ }
+ }
+
/* Make a buffer that's big enough for a number of copies of all the
strings, plus some. */
msg = (char *) malloc (10 * ((rversion ? strlen(rversion) : 0
3) the hammer, strip away any "@" part in the getpwuid() result:
diff --git a/driver/demo-Gtk.c b/driver/demo-Gtk.c
index da98c53..d2c9b6a 100644
--- a/driver/demo-Gtk.c
+++ b/driver/demo-Gtk.c
@@ -4471,7 +4471,13 @@ the_network_is_not_the_computer (state *s)
# endif /* !HAVE_UNAME && !VMS */
if (p && p->pw_name)
- luser = p->pw_name;
+ {
+ char *domain;
+ luser = p->pw_name;
+ domain = strchr(luser, '@');
+ if (domain)
+ *domain = '\0';
+ }
else
luser = "???";
@@ -4496,7 +4502,7 @@ the_network_is_not_the_computer (state *s)
"on display \"%s\". Launch it now?"),
d);
}
- else if (p && ruser && *ruser && !!strcmp (ruser, p->pw_name))
+ else if (p && ruser && *ruser && !!strcmp (ruser, luser))
{
/* Warn that the two processes are running as different users.
*/
(Presenting all three just because I already have them, having jumped
on (3) then (2) before I had thought through it)
If you are willing to build and test, please try it on the latest
version from https://salsa.debian.org/debian/xscreensaver
Regards,
Tormod
On Wed, Apr 8, 2020 at 10:57 PM Vincent Danjean wrote:
>
> I run xscreensaver (with xfce4) on machines that use SSSD
> to managed its users. There are several source of authentification
> (as allowed by SSSD) but the main one (and default one) is to
> authenticate against an AD (windows kind of ldap/kerberos).
> The important thing is that user names (ie logins) are of the
> form name@domain
> I suspect the message is due to the fact that xscreensaver(-demo?)
> stores the login and the machine name under the form login@machine
> but fails to correctly parse such string when login contains a '@'
> character, as this is the case here.
>
> Regards,
> Vincent
