[X2Go-Commits] x2gobroker.git - build-main (branch) updated: 1bcff08085a4d7816d8258bb972ead1688b068e5
X2Go dev team
git-admin at x2go.org
Sun May 19 13:04:40 CEST 2013
The branch, build-main has been updated
via 1bcff08085a4d7816d8258bb972ead1688b068e5 (commit)
from 16e9356345684e24cf259701a79a28934762c867 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
etc/x2gobroker.conf | 5 ++
x2gobroker/brokers/base_broker.py | 22 +++++--
x2gobroker/defaults.py | 1 +
x2gobroker/nameservices/testsuite_nameservice.py | 7 ++-
x2gobroker/tests/test_broker_base.py | 70 ++++++++++++++++++++++
5 files changed, 98 insertions(+), 7 deletions(-)
The diff of changes is:
diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf
index 024c388..0999376 100644
--- a/etc/x2gobroker.conf
+++ b/etc/x2gobroker.conf
@@ -85,6 +85,11 @@
#default-user-db = libnss
#default-group-db = libnss
+# on large deployments it is recommended to ignore primary group memberships
+# traversing into all user accounts for primary group detection can be quite
+# CPU intensive on the X2Go Broker server.
+#ignore-primary-group-memberships = True
+
###
### BACKEND section
###
diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py
index be2aa89..85984d3 100644
--- a/x2gobroker/brokers/base_broker.py
+++ b/x2gobroker/brokers/base_broker.py
@@ -86,6 +86,20 @@ class X2GoBroker(object):
"""
return self.config.get_section('global')
+ def get_global_value(self, option):
+ """\
+ Get the configuration setting for an option in the global section of the
+ configuration file.
+
+ @param option: option name in the global configuration section
+ @type option: C{unicode}
+
+ @return: the value for the given global C{option}
+ @rtype: C{bool}, C{unicode}, C{int} or C{list}
+
+ """
+ return self.config.get_value('global', option)
+
def get_backend_config(self):
"""\
Get the configuration section of a specific backend.
@@ -102,12 +116,12 @@ class X2GoBroker(object):
C{option}.
@param backend: the name of the backend
- @type backend: C{str}
+ @type backend: C{unicode}
@param option: option name of the backend's configuration section
- @type option: C{str}
+ @type option: C{unicode}
@return: the value for the given C{backend} C{option}
- @rtype: C{dict}
+ @rtype: C{bool}, C{unicode}, C{int} or C{list}
"""
return self.config.get_value(backend, option)
@@ -266,7 +280,7 @@ class X2GoBroker(object):
_allow_group = False
_deny_group = False
- _user_groups = [u'ALL'] + self.get_user_groups(username, primary_groups=True)
+ _user_groups = [u'ALL'] + self.get_user_groups(username, primary_groups=not self.get_global_value('ignore-primary-group-memberships'))
_allow_group = bool(len(set(_user_groups).intersection( set(_acls[u'acl-groups-allow']) )))
_deny_group = bool(len(set(_user_groups).intersection( set(_acls[u'acl-groups-deny']) )))
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index f2b67e4..81dc346 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -60,6 +60,7 @@ X2GOBROKER_CONFIG_DEFAULTS = {
u'default-auth-mech': u'pam',
u'default-user-db': u'libnss',
u'default-group-db': u'libnss',
+ u'ignore-primary-group-memberships': True,
},
'zeroconf': {
u'enable': True,
diff --git a/x2gobroker/nameservices/testsuite_nameservice.py b/x2gobroker/nameservices/testsuite_nameservice.py
index a0ea7e2..90c9b33 100644
--- a/x2gobroker/nameservices/testsuite_nameservice.py
+++ b/x2gobroker/nameservices/testsuite_nameservice.py
@@ -46,8 +46,9 @@ class X2GoBrokerNameService(base.X2GoBrokerNameService):
_members = []
if group in _groups.keys():
_members.extend(_groups[group])
- for username in self.get_users():
- if unicode(group) == self.get_primary_group(username):
- _members.append(username)
+ if primary_groups:
+ for username in self.get_users():
+ if unicode(group) == self.get_primary_group(username):
+ _members.append(username)
return _members
diff --git a/x2gobroker/tests/test_broker_base.py b/x2gobroker/tests/test_broker_base.py
index 14a9e21..8891103 100644
--- a/x2gobroker/tests/test_broker_base.py
+++ b/x2gobroker/tests/test_broker_base.py
@@ -504,6 +504,76 @@ enable = true
}
self.assertEqual(base_backend.check_profile_acls(username, acls), False)
+ def test_checkprofileacls_group_primarygroups(self):
+ username_f = 'flip' # is a male grasshopper
+ username_m = 'maja' # is a female bee
+ username_w = 'willi' # is a drone (male bee)
+ _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
+ _config = """
+[global]
+default-user-db = testsuite
+default-group-db = testsuite
+
+[base]
+enable = true
+"""
+ tf = tempfile.NamedTemporaryFile()
+ print >> tf, _config
+ tf.seek(0)
+ base_backend = base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults)
+ acls = {
+ 'acl-groups-allow': ['bees','flip'],
+ 'acl-groups-deny': ['ALL'],
+ 'acl-groups-order': 'deny-allow',
+ }
+ self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
+ _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
+ _config = """
+[global]
+default-user-db = testsuite
+default-group-db = testsuite
+ignore-primary-group-memberships = true
+
+[base]
+enable = true
+"""
+ tf = tempfile.NamedTemporaryFile()
+ print >> tf, _config
+ tf.seek(0)
+ base_backend = base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults)
+ acls = {
+ 'acl-groups-allow': ['bees','flip'],
+ 'acl-groups-deny': ['ALL'],
+ 'acl-groups-order': 'deny-allow',
+ }
+ self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
+ self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
+ _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
+ _config = """
+[global]
+default-user-db = testsuite
+default-group-db = testsuite
+ignore-primary-group-memberships = false
+
+[base]
+enable = true
+"""
+ tf = tempfile.NamedTemporaryFile()
+ print >> tf, _config
+ tf.seek(0)
+ base_backend = base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults)
+ acls = {
+ 'acl-groups-allow': ['bees','flip'],
+ 'acl-groups-deny': ['ALL'],
+ 'acl-groups-order': 'deny-allow',
+ }
+ self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
+ self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
+
def test_checkprofileacls_group_combitests(self):
_config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
_config = """
hooks/post-receive
--
x2gobroker.git (HTTP(S) Session broker for X2Go)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).
More information about the x2go-commits
mailing list