[X2Go-Commits] x2gobroker.git - uccsoutput (branch) updated: 0.0.1.0-46-gb487008

X2Go dev team git-admin at x2go.org
Wed Apr 17 01:25:29 CEST 2013


The branch, uccsoutput has been updated
       via  b487008f79052cc4da52e7e6093ff99a3d1a80af (commit)
       via  8c27295aedf58ab801edad949dde0ca121eb5f18 (commit)
       via  e1c90224f4e364345e9e76aa3db086988e03a056 (commit)
       via  e6bbdb5bb97de5ee01cd9e659ba43f1dde5c7376 (commit)
       via  6ab6f454d8976ab5c42937e44e81ab2bf570f9e6 (commit)
       via  e19494d1cf6fa3f04f946d50196c3a5123835ba2 (commit)
       via  c09f1966fdde02156a5371b2a909b13b3620dc4f (commit)
       via  5b884430d73643ab81fc0aac11f22e52be8706ee (commit)
       via  3fd14f204a2f570d88c95b455fdcffd57b99ed4e (commit)
       via  870b98422e7e2ceff6e2f2c5f90172e63109b75a (commit)
      from  8546ee4fcd4c094b1a1a7a04ba81ed549055920e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b487008f79052cc4da52e7e6093ff99a3d1a80af
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Wed Apr 17 01:24:03 2013 +0200

    Add Apache2 configuration for WSGI support that shows how to setup a VirtualHost for X2Go Session Broker.
    
    Conflicts (resolved by Mike Gabriel):
    	debian/changelog

commit 8c27295aedf58ab801edad949dde0ca121eb5f18
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Wed Apr 17 01:20:22 2013 +0200

    postrm script for x2gobroker-authservice

commit e1c90224f4e364345e9e76aa3db086988e03a056
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Wed Apr 17 01:19:54 2013 +0200

    implement: basicauth, my-uccs-url-base global config option, several fixed in uccsjson.py, WSGI passthrough of authorization requests. This commit makes communication between thin-client-config-agent and the X2GO Session Broker possible

commit e6bbdb5bb97de5ee01cd9e659ba43f1dde5c7376
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Tue Apr 16 23:06:54 2013 +0200

    divert GET method of UCCS frontend to head() method

commit 6ab6f454d8976ab5c42937e44e81ab2bf570f9e6
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Tue Apr 16 22:55:36 2013 +0200

    remote-login-service uses HEAD request method, the URL contains the API version

commit e19494d1cf6fa3f04f946d50196c3a5123835ba2
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Tue Apr 16 12:10:08 2013 +0200

    throw a 404 if broker backend cannot be found (html webui)

commit c09f1966fdde02156a5371b2a909b13b3620dc4f
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Tue Apr 16 12:09:53 2013 +0200

    throw a 404 if broker backend cannot be found (uccs webui)

commit 5b884430d73643ab81fc0aac11f22e52be8706ee
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Tue Apr 16 12:09:41 2013 +0200

    throw a 404 if broker backend cannot be found (plain webui)

commit 3fd14f204a2f570d88c95b455fdcffd57b99ed4e
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Tue Apr 16 12:03:05 2013 +0200

    Fix hard-coded path to x2gobroker's authservice socket.

commit 870b98422e7e2ceff6e2f2c5f90172e63109b75a
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Tue Apr 16 11:51:08 2013 +0200

    add more debug messages to authservice

-----------------------------------------------------------------------

Summary of changes:
 debian/changelog                                   |    3 +
 ...daemon.postrm => x2gobroker-authservice.postrm} |   12 +--
 debian/x2gobroker-wsgi.install                     |    3 +-
 debian/x2gobroker-wsgi.links                       |    3 +-
 etc/x2gobroker-wsgi.apache.conf                    |    1 +
 etc/x2gobroker-wsgi.apache.vhost                   |   75 +++++++++++++++
 etc/x2gobroker.conf                                |    2 +
 x2gobroker/authservice.py                          |    7 +-
 x2gobroker/brokers/base_broker.py                  |    3 +
 x2gobroker/defaults.py                             |    3 +-
 x2gobroker/uccsjson.py                             |   30 +++---
 x2gobroker/web/html.py                             |   10 +-
 x2gobroker/web/plain.py                            |   11 ++-
 x2gobroker/web/uccs.py                             |   97 ++++++++++++++------
 14 files changed, 196 insertions(+), 64 deletions(-)
 copy debian/{x2gobroker-daemon.postrm => x2gobroker-authservice.postrm} (62%)
 create mode 100644 etc/x2gobroker-wsgi.apache.vhost

The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index a550fc2..adbbcd8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,11 +3,14 @@ x2gobroker (0.0.1.1-0~x2go1) UNRELEASED; urgency=low
   * New upstream version (0.0.1.1):
     - Add WSGI support to X2Go Session Broker. Allows plugging into
       Apache2 by using the mod_wsgi module.
+    - Add Apache2 configuration for WSGI support that shows how to
+      setup a VirtualHost for X2Go Session Broker.
     - Add cmd and directrdp session profile parameters to defaults.
     - Fix wrong usage of session option »cmd«, has to be »command«.
     - For sessions profiles with autologin enable, add a dummy key
       session profile parameter that triggers key based auth in X2Go Client.
       (Fixes: #154).
+    - Fix hard-coded path to x2gobroker's authservice socket.
   * /debian/control:
     + Fix --root parameter in DEB_PYTHON_INSTALL_ARGS.
   * Properly remove the X2Go Session broker log files on package purgal.
diff --git a/debian/x2gobroker-daemon.postrm b/debian/x2gobroker-authservice.postrm
similarity index 62%
copy from debian/x2gobroker-daemon.postrm
copy to debian/x2gobroker-authservice.postrm
index 3eba400..284e881 100755
--- a/debian/x2gobroker-daemon.postrm
+++ b/debian/x2gobroker-authservice.postrm
@@ -1,5 +1,5 @@
 #! /bin/sh
-# postrm script for x2gobroker-daemon
+# postrm script for x2gobroker-authservice
 #
 # see: dh_installdeb(1)
 # summary of how this script can be called:
@@ -19,21 +19,13 @@ set -e
 case "$1" in
 	purge)
 
-		if [ ! -d /usr/share/doc/x2gobroker-agent ] && [ ! -d /usr/share/doc/x2gobroker-authservice ] && [ ! -d /usr/share/doc/x2gobroker-wsgi ]; then
+		if [ ! -d /usr/share/doc/x2gobroker-daemon ] && [ ! -d /usr/share/doc/x2gobroker-wsgi ] && [ ! -d /usr/share/doc/x2gobroker-agent ] ; then
 			if dpkg-statoverride --list /var/log/x2gobroker 1>/dev/null; then
 				dpkg-statoverride --remove /var/log/x2gobroker
 			fi
 			rm -Rf /var/log/x2gobroker
 		fi
 
-		if [ ! -d /usr/share/doc/x2gobroker-agent ] && [ ! -d /usr/share/doc/x2gobroker-wsgi ]; then
-			# remove user/group x2gobroker from system (only if not in use by x2gobroker-agent
-			getent passwd x2gobroker 1>/dev/null && deluser x2gobroker
-			getent group x2gobroker 1>/dev/null && delgroup x2gobroker
-			getent group x2gobroker 1>/dev/null && delgroup x2gobroker
-			rm -Rf /var/lib/x2gobroker
-		fi
-
 		;;
 	remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
 		;;
diff --git a/debian/x2gobroker-wsgi.install b/debian/x2gobroker-wsgi.install
index 40b18c5..26c32b7 100644
--- a/debian/x2gobroker-wsgi.install
+++ b/debian/x2gobroker-wsgi.install
@@ -1 +1,2 @@
-etc/x2gobroker-wsgi.apache.conf /etc/x2go/
\ No newline at end of file
+etc/x2gobroker-wsgi.apache.conf /etc/x2go/
+etc/x2gobroker-wsgi.apache.vhost /etc/x2go/
\ No newline at end of file
diff --git a/debian/x2gobroker-wsgi.links b/debian/x2gobroker-wsgi.links
index 99e592a..e1659e5 100644
--- a/debian/x2gobroker-wsgi.links
+++ b/debian/x2gobroker-wsgi.links
@@ -1 +1,2 @@
-/etc/x2go/x2gobroker-wsgi.apache.conf /etc/apache2/conf.d/x2gobroker-wsgi
\ No newline at end of file
+/etc/x2go/x2gobroker-wsgi.apache.conf /etc/apache2/conf.d/x2gobroker-wsgi
+/etc/x2go/x2gobroker-wsgi.apache.vhost /etc/apache2/sites-available/x2gobroker
diff --git a/etc/x2gobroker-wsgi.apache.conf b/etc/x2gobroker-wsgi.apache.conf
index 92c432f..63ba34a 100644
--- a/etc/x2gobroker-wsgi.apache.conf
+++ b/etc/x2gobroker-wsgi.apache.conf
@@ -5,6 +5,7 @@
 #X2GOBROKER_DAEMON_USER=x2gobroker
 #X2GOBROKER_DAEMON_GROUP=x2gobroker
 WSGIDaemonProcess x2gobroker user=x2gobroker group=x2gobroker processes=5 threads=15
+WSGIPassAuthorization On
 
 # default broker backend (default: zeroconf)
 SetEnv X2GOBROKER_DEFAULT_BACKEND zeroconf
diff --git a/etc/x2gobroker-wsgi.apache.vhost b/etc/x2gobroker-wsgi.apache.vhost
new file mode 100644
index 0000000..4de60a8
--- /dev/null
+++ b/etc/x2gobroker-wsgi.apache.vhost
@@ -0,0 +1,75 @@
+###
+### Virtual Host configuration for an X2Go Session Broker
+###
+
+#
+# Make sure to disabled /etc/apache2/x2gobroker-wsgi completely if you
+# prefer setting up the X2Go Session Broker as a virtual host.
+#
+
+# enable debugging
+#SetEnv X2GOBROKER_DEBUG off
+
+# the default user/group that this WSGI application runs as
+#X2GOBROKER_DAEMON_USER=x2gobroker
+#X2GOBROKER_DAEMON_GROUP=x2gobroker
+WSGIDaemonProcess x2gobroker user=x2gobroker group=x2gobroker processes=5 threads=15
+WSGIPassAuthorization On
+
+# default broker backend (default: zeroconf)
+#SetEnv X2GOBROKER_DEFAULT_BACKEND zeroconf
+#SetEnv X2GOBROKER_DEFAULT_BACKEND inifile
+#SetEnv X2GOBROKER_DEFAULT_BACKEND ldap
+#SetEnv X2GOBROKER_DEFAULT_BACKEND <some-other-broker-backend>
+
+# path to the X2Go Session Broker's configuration file
+#SetEnv X2GOBROKER_CONFIG /etc/x2go/x2gobroker.conf
+
+# path to the X2Go Session Broker's session profiles file (when using the inifile backend)
+#SetEnv X2GOBROKER_SESSIONPROFILES /etc/x2go/broker/x2gobroker-sessionprofiles.conf
+
+# path to the X2Go Session Broker's agent command
+#SetEnv X2GOBROKER_AGENT_CMD /usr/lib/x2go/x2gobroker-agent
+
+# authentication socket of the X2Go Broker's PAM Authentication Service
+#SetEnv X2GOBROKER_AUTHSOCKET /run/x2gobroker/x2gobroker-authservice.socket
+
+# if you have to-be-statically-served files somewhere below the broker URL
+#Alias /x2gobroker/static /some/static/path/
+
+WSGIScriptAlias / /usr/sbin/x2gobroker
+WSGIProcessGroup x2gobroker
+
+<VirtualHost *:443>
+
+    ServerName localhost
+    ServerAdmin webmaster at localhost
+
+    SSLEngine on
+    #   SSL Cipher Suite:
+    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+    #   Server Certificate:
+    SSLCertificateFile /etc/x2go/broker/ssl/broker.crt
+    #   Server Private Key:
+    SSLCertificateKeyFile /etc/x2go/broker/ssl/broker.key
+    #SSLCertificateChainFile /etc/x2go/broker/ssl/cacert.key
+    #SetEnvIf User-Agent ".*MSIE.*" \
+    #    nokeepalive ssl-unclean-shutdown \
+    #    downgrade-1.0 force-response-1.0
+
+    <Directory /usr/sbin/x2gobroker>
+        Order deny,allow
+        Deny from all
+
+        # grant explicit access below
+        Allow from localhost
+        Allow from localhost-ip6
+
+        Options +FollowSymLinks
+        Options -Indexes
+
+        SSLOptions +StdEnvVars
+
+    </Directory>
+
+</VirtualHost>
diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf
index 85eaa77..cf544bb 100644
--- a/etc/x2gobroker.conf
+++ b/etc/x2gobroker.conf
@@ -73,6 +73,8 @@
 
 # enable {base_url}/uccs/
 #enable-uccs-output = false
+# use this URL base to create URL field in UCCS-style JSON output
+#my-uccs-url-base = http://localhost:8080/
 
 # enable {base_url}/json/ (THIS IS FUTURE, mg-20121129)
 #enable-json-output = false
diff --git a/x2gobroker/authservice.py b/x2gobroker/authservice.py
index fa7ce84..bebc2ab 100644
--- a/x2gobroker/authservice.py
+++ b/x2gobroker/authservice.py
@@ -28,13 +28,16 @@ import socket
 from pwd import getpwnam
 from grp import getgrnam
 
+# set up the broker's environment
+import x2gobroker.defaults
+
 from loggers import logger_authservice
 
 logger_authservice.info('X2Go Session Broker PAM Authentication Service: Setting up the broker\'s environment...')
 if os.environ.has_key('X2GOBROKER_AUTHSERVICE_SOCKET'):
     X2GOBROKER_AUTHSERVICE_SOCKET=os.environ['X2GOBROKER_AUTHSERVICE_SOCKET']
 else:
-    X2GOBROKER_AUTHSERVICE_SOCKET="/var/run/x2gobroker-authservice.socket"
+    X2GOBROKER_AUTHSERVICE_SOCKET="/run/x2gobroker/x2gobroker-authservice.socket"
 logger_authservice.info('  X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=X2GOBROKER_AUTHSERVICE_SOCKET))
 
 
@@ -88,7 +91,9 @@ def loop():
 
 def authenticate(username, password, service="x2gobroker"):
     s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+    logger_authservice.debug('connecting to authentication service socket {socket}'.format(socket=X2GOBROKER_AUTHSERVICE_SOCKET))
     s.connect(X2GOBROKER_AUTHSERVICE_SOCKET)
+    logger_authservice.debug('sending username={username}, password=<hidden>, service={service} to authentication service'.format(username=username, service=service))
     s.send('{username} {password} {service}\n'.format(username=username, password=password, service=service))
     result = s.recv(1024)
     s.close()
diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py
index 76ed8ef..365ce0b 100644
--- a/x2gobroker/brokers/base_broker.py
+++ b/x2gobroker/brokers/base_broker.py
@@ -715,6 +715,9 @@ class X2GoBroker(object):
 
         access = False
         access = self._do_authenticate(username=username, password=password)
+        if not access and "@" in username:
+            _username = username.split('@')[0]
+            access = self._do_authenticate(username=_username, password=password)
         logger_broker.debug('base_broker.X2GoBroker.check_access(): result of authentication check is: {access}'.format(access=access))
 
         ### HANDLING OF DYNAMIC AUTHENTICATION ID HASHES
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index 9e61d83..d734cc6 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -77,7 +77,7 @@ else:
 if os.environ.has_key('X2GOBROKER_AUTHSERVICE_SOCKET'):
     X2GOBROKER_AUTHSERVICE_SOCKET=os.environ['X2GOBROKER_AUTHSERVICE_SOCKET']
 else:
-    X2GOBROKER_AUTHSERVICE_SOCKET="/var/run/x2gobroker-authservice.socket"
+    X2GOBROKER_AUTHSERVICE_SOCKET="/run/x2gobroker/x2gobroker-authservice.socket"
 
 if os.environ.has_key('X2GOBROKER_DEFAULT_BACKEND'):
     X2GOBROKER_DEFAULT_BACKEND = os.environ['X2GOBROKER_DEFAULT_BACKEND']
@@ -119,6 +119,7 @@ X2GOBROKER_CONFIG_DEFAULTS = {
         u'my-cookie': uuid.uuid4(),
         u'enable-plain-output': True,
         u'enable-uccs-output': False,
+        u'my-uccs-url-base': 'http://localhost:8080/',
         u'enable-json-output': False,
         u'enable-html-output':  False,
         u'default-auth-mech': u'pam',
diff --git a/x2gobroker/uccsjson.py b/x2gobroker/uccsjson.py
index abbcd80..efbbc32 100644
--- a/x2gobroker/uccsjson.py
+++ b/x2gobroker/uccsjson.py
@@ -85,7 +85,7 @@ class ManagementServer():
         Dump this instance as JSON object.
 
         """
-        return json.dumps(self, default=convert_to_builtin_type)
+        return json.dumps(self, default=convert_to_builtin_type, sort_keys=True, indent=4)
 
 
 # NOT USED!!!
@@ -129,9 +129,9 @@ class RDPServer():
         @raise TypeError: domain has to be C{str} or C{unicode}
 
         """
-        if isinstance(domainName, str):
+        if isinstance(domain, str):
             self.WindowsDomain = unicode(domain)
-        elif isinstance(domainName, unicode):
+        elif isinstance(domain, unicode):
             self.WindowsDomain = domain
         else:
             raise TypeError("set_domain() expects a string or unicode argument")
@@ -141,7 +141,7 @@ class RDPServer():
         Dump this instance as JSON object.
 
         """
-        return json.dumps(self, default=convert_to_builtin_type)
+        return json.dumps(self, default=convert_to_builtin_type, sort_keys=True, indent=4)
 
 
 class ICAServer():
@@ -178,9 +178,9 @@ class ICAServer():
         @raise TypeError: domain has to be C{str} or C{unicode}
 
         """
-        if isinstance(domainName, str):
+        if isinstance(domain, str):
             self.WindowsDomain = unicode(domain)
-        elif isinstance(domainName, unicode):
+        elif isinstance(domain, unicode):
             self.WindowsDomain = domain
         else:
             raise TypeError("set_domain() expects a string or unicode argument")
@@ -190,7 +190,7 @@ class ICAServer():
         Dump this instance as JSON object.
 
         """
-        return json.dumps(self, default=convert_to_builtin_type)
+        return json.dumps(self, default=convert_to_builtin_type, sort_keys=True, indent=4)
 
 
 class X2GoServer():
@@ -210,12 +210,12 @@ class X2GoServer():
         @type password: C{unicode}
 
         """
-        self.URL = host
-        self.Name = name
-        self.Protocol = 'x2go'
+        self.URL = unicode(host)
+        self.Name = unicode(name)
+        self.Protocol = u'x2go'
         self.SessionTypeRequired = True
-        self.Username = username
-        self.Password = password
+        self.Username = unicode(username)
+        self.Password = unicode(password)
 
     def set_session_type(self, session_type):
         """\
@@ -227,8 +227,8 @@ class X2GoServer():
         @raise TypeError: session_type has to be C{str} or C{unicode}
 
         """
-        if isinstance(domainName, str):
-            self.SessionType = sessiontypeName
+        if isinstance(session_type, str):
+            self.SessionType = session_type
         else:
             raise TypeError("set_session_type() expects a string or unicode argument")
 
@@ -237,5 +237,5 @@ class X2GoServer():
         Dump this instance as JSON object.
 
         """
-        return json.dumps(self, default=convert_to_builtin_type)
+        return json.dumps(self, default=convert_to_builtin_type, sort_keys=True, indent=4)
 
diff --git a/x2gobroker/web/html.py b/x2gobroker/web/html.py
index fd76eb8..0e1988f 100644
--- a/x2gobroker/web/html.py
+++ b/x2gobroker/web/html.py
@@ -77,8 +77,14 @@ $output
 
         # silence pyflakes...
         broker_backend = None
-        exec("import x2gobroker.brokers.{backend}_broker".format(backend=backend))
-        exec("broker_backend = x2gobroker.brokers.{backend}_broker.X2GoBroker()".format(backend=backend))
+        try:
+            # dynamically detect broker backend from given URL
+            exec("import x2gobroker.brokers.{backend}_broker".format(backend=backend))
+            exec("broker_backend = x2gobroker.brokers.{backend}_broker.X2GoBroker()".format(backend=backend))
+        except ImportError:
+            # throw a 404 if the backend does not exist
+            raise tornado.web.HTTPError(404)
+
         global_config = broker_backend.get_global_config()
         backend_config = broker_backend.get_backend_config(backend)
 
diff --git a/x2gobroker/web/plain.py b/x2gobroker/web/plain.py
index c4deb42..8487e43 100644
--- a/x2gobroker/web/plain.py
+++ b/x2gobroker/web/plain.py
@@ -58,9 +58,14 @@ class X2GoBrokerWeb(tornado.web.RequestHandler):
 
         # silence pyflakes...
         broker_backend = None
-        # dynamically detect broker backend from given URL
-        exec("import x2gobroker.brokers.{backend}_broker".format(backend=backend))
-        exec("broker_backend = x2gobroker.brokers.{backend}_broker.X2GoBroker()".format(backend=backend))
+        try:
+            # dynamically detect broker backend from given URL
+            exec("import x2gobroker.brokers.{backend}_broker".format(backend=backend))
+            exec("broker_backend = x2gobroker.brokers.{backend}_broker.X2GoBroker()".format(backend=backend))
+        except ImportError:
+            # throw a 404 if the backend does not exist
+            raise tornado.web.HTTPError(404)
+
         global_config = broker_backend.get_global_config()
 
         # if the broker backend is disabled in the configuration, pretend to have nothing on offer
diff --git a/x2gobroker/web/uccs.py b/x2gobroker/web/uccs.py
index 394583c..db59f24 100644
--- a/x2gobroker/web/uccs.py
+++ b/x2gobroker/web/uccs.py
@@ -22,6 +22,8 @@
 
 # modules
 import types
+import re
+import base64
 import tornado.web
 from tornado.escape import native_str, parse_qs_bytes
 
@@ -31,6 +33,45 @@ import x2gobroker.defaults
 from x2gobroker.loggers import logger_broker, logger_error
 import x2gobroker.uccsjson
 
+def require_basic_auth(realm, validate_callback):
+    def require_basic_auth_decorator(handler_class):
+        def wrap_execute(handler_execute):
+            def require_basic_auth(handler, kwargs):
+                def create_auth_header():
+                    handler.set_status(401)
+                    handler.set_header('WWW-Authenticate', 'Basic realm="{realm}"'.format(realm=realm))
+                    handler._transforms = []
+                    handler.finish()
+
+                auth_header = handler.request.headers.get('Authorization')
+                if auth_header is None or not auth_header.startswith('Basic '):
+                    create_auth_header()
+                else:
+                    auth_decoded = base64.decodestring(auth_header[6:])
+                    kwargs['basicauth_user'], kwargs['basicauth_pass'] = [ unicode(s) for s in auth_decoded.split(':', 2) ]
+                    if validate_callback(handler_class, kwargs['basicauth_user'], kwargs['basicauth_pass']):
+                        return True
+                    else:
+                        create_auth_header()
+            def _execute(self, transforms, *args, **kwargs):
+                if not require_basic_auth(self, kwargs):
+                    return False
+                return handler_execute(self, transforms, *args, **kwargs)
+            return _execute
+
+        handler_class._execute = wrap_execute(handler_class._execute)
+        return handler_class
+    return require_basic_auth_decorator
+
+
+def credentials_validate(handler_class, username, password):
+    import x2gobroker.brokers.base_broker
+    # FIXME: with the below hack, the backend broker detection in X2GoBrokerWeb is disabled, only global options
+    #        from x2gobroker.conf are available here...
+    return x2gobroker.brokers.base_broker.X2GoBroker().check_access(username=username, password=password)
+
+
+ at require_basic_auth('Authentication required', credentials_validate)
 class X2GoBrokerWeb(tornado.web.RequestHandler):
 
     http_header_items = {
@@ -43,66 +84,64 @@ class X2GoBrokerWeb(tornado.web.RequestHandler):
         for http_header_item in self.http_header_items.keys():
             self.set_header(http_header_item, self.http_header_items[http_header_item])
 
-    def get(self, backend):
+    def get(self, backend, basicauth_user, basicauth_pass):
         if x2gobroker.defaults.X2GOBROKER_DEBUG:
             self._gen_http_header()
             logger_broker.warn('GET http request detected, if unwanted: disable X2GOBROKER_DEBUG')
-            return self.post(backend)
+            return self.head(backend, basicauth_user, basicauth_pass)
         raise tornado.web.HTTPError(404)
 
-    def post(self, backend):
+    def head(self, backend, basicauth_user, basicauth_pass):
 
         if not backend:
             backend = x2gobroker.defaults.X2GOBROKER_DEFAULT_BACKEND
         else:
             backend = backend.rstrip('/')
 
-        # silence pyflakes...
-        broker_backend = None
-        # dynamically detect broker backend from given URL
-        exec("import x2gobroker.brokers.{backend}_broker".format(backend=backend))
-        exec("broker_backend = x2gobroker.brokers.{backend}_broker.X2GoBroker()".format(backend=backend))
-        global_config = broker_backend.get_global_config()
+        api_version = 4
+        if re.match('.*/api/[0-9].*', backend):
+            # get the first and the third item as backend, api_version
+            backend, api_version = backend.split('/')[:3:2]
+            api_version = int(api_version)
+
+        try:
+            # dynamically detect broker backend from given URL
+            exec("import x2gobroker.brokers.{backend}_broker".format(backend=backend))
+            exec("self.broker_backend = x2gobroker.brokers.{backend}_broker.X2GoBroker()".format(backend=backend))
+        except ImportError:
+            # throw a 404 if the backend does not exist
+            raise tornado.web.HTTPError(404)
+
+        global_config = self.broker_backend.get_global_config()
 
         # if the broker backend is disabled in the configuration, pretend to have nothing on offer
-        if not broker_backend.is_enabled():
+        if not self.broker_backend.is_enabled():
             raise tornado.web.HTTPError(404)
 
-        # FIXME: this is to work around a bug in X2Go Client (http://bugs.x2go.org/138)
-        content_type = self.request.headers.get("Content-Type", "")
-        if not content_type.startswith("application/x-www-form-urlencoded"):
-            for name, values in parse_qs_bytes(native_str(self.request.body)).iteritems():
-                self.request.arguments.setdefault(name, []).extend(values)
-
         # set the client address for the broker backend
         ip = self.request.remote_ip
         if ip:
             logger_broker.info('client address is {address}'.format(address=ip))
-            broker_backend.set_client_address(ip)
+            self.broker_backend.set_client_address(ip)
         elif not x2gobroker.defaults.X2GOBROKER_DEBUG:
             # if the client IP is not set, we pretend to have nothing on offer
             logger_error.error('client could not provide an IP address, pretending: 404 Not Found')
             raise tornado.web.HTTPError(404)
 
-        username = 'foo'
-        #username = self.get_argument('user', default='')
-        #password = self.get_argument('password', default='')
-        #cookie = self.get_argument('cookie', default='')
-        #task = self.get_argument('task', default='')
-        #profile_id = self.get_argument('sid', default='')
-        #new_password = self.get_argument('newpass', default='')
+        username, password = basicauth_user, basicauth_pass
+        cookie = ''
 
         output = ''
 
-        #logger_broker.debug ('username: {username}, password: {password}, task: {task}, profile_id: {profile_id}'.format(username=username, password='XXXXX', task=task, profile_id=profile_id))
-        #if broker_backend.check_access(username=username, password=password, cookie=cookie):
+        logger_broker.debug ('Authenticated as username: {username}, with password: <hidden>'.format(username=username))
 
         ###
         ### CONFIRM SUCCESSFUL AUTHENTICATION FIRST
         ###
 
-        profiles = broker_backend.list_profiles(username)
-        ms = x2gobroker.uccsjson.ManagementServer('http://localhost:8080/uccs/{backend}'.format(backend=backend), 'X2Go Session Broker')
+        profiles = self.broker_backend.list_profiles(username)
+        urlbase = self.broker_backend.get_global_value('my-uccs-url-base').rstrip('/')
+        ms = x2gobroker.uccsjson.ManagementServer('{urlbase}/uccs/{backend}'.format(urlbase=urlbase, backend=backend), 'X2Go Session Broker')
 
         profile_ids = profiles.keys()
         profile_ids.sort()
@@ -124,5 +163,3 @@ class X2GoBrokerWeb(tornado.web.RequestHandler):
         self.write(output)
         return
 
-        #raise tornado.web.HTTPError(401)
-


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).




More information about the x2go-commits mailing list