[X2Go-Commits] x2gobroker.git - build-main (branch) updated: 1bcff08085a4d7816d8258bb972ead1688b068e5

X2Go dev team git-admin at x2go.org
Sun May 19 13:04:40 CEST 2013


The branch, build-main has been updated
       via  1bcff08085a4d7816d8258bb972ead1688b068e5 (commit)
      from  16e9356345684e24cf259701a79a28934762c867 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 etc/x2gobroker.conf                              |    5 ++
 x2gobroker/brokers/base_broker.py                |   22 +++++--
 x2gobroker/defaults.py                           |    1 +
 x2gobroker/nameservices/testsuite_nameservice.py |    7 ++-
 x2gobroker/tests/test_broker_base.py             |   70 ++++++++++++++++++++++
 5 files changed, 98 insertions(+), 7 deletions(-)

The diff of changes is:
diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf
index 024c388..0999376 100644
--- a/etc/x2gobroker.conf
+++ b/etc/x2gobroker.conf
@@ -85,6 +85,11 @@
 #default-user-db = libnss
 #default-group-db = libnss
 
+# on large deployments it is recommended to ignore primary group memberships
+# traversing into all user accounts for primary group detection can be quite
+# CPU intensive on the X2Go Broker server.
+#ignore-primary-group-memberships = True
+
 ###
 ### BACKEND section
 ###
diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py
index be2aa89..85984d3 100644
--- a/x2gobroker/brokers/base_broker.py
+++ b/x2gobroker/brokers/base_broker.py
@@ -86,6 +86,20 @@ class X2GoBroker(object):
         """
         return self.config.get_section('global')
 
+    def get_global_value(self, option):
+        """\
+        Get the configuration setting for an option in the global section of the
+        configuration file.
+
+        @param option: option name in the global configuration section
+        @type option: C{unicode}
+
+        @return: the value for the given global C{option}
+        @rtype: C{bool}, C{unicode}, C{int} or C{list}
+
+        """
+        return self.config.get_value('global', option)
+
     def get_backend_config(self):
         """\
         Get the configuration section of a specific backend.
@@ -102,12 +116,12 @@ class X2GoBroker(object):
         C{option}.
 
         @param backend: the name of the backend
-        @type backend: C{str}
+        @type backend: C{unicode}
         @param option: option name of the backend's configuration section
-        @type option: C{str}
+        @type option: C{unicode}
 
         @return: the value for the given C{backend} C{option}
-        @rtype: C{dict}
+        @rtype: C{bool}, C{unicode}, C{int} or C{list}
 
         """
         return self.config.get_value(backend, option)
@@ -266,7 +280,7 @@ class X2GoBroker(object):
             _allow_group = False
             _deny_group = False
 
-            _user_groups = [u'ALL'] + self.get_user_groups(username, primary_groups=True)
+            _user_groups = [u'ALL'] + self.get_user_groups(username, primary_groups=not self.get_global_value('ignore-primary-group-memberships'))
 
             _allow_group = bool(len(set(_user_groups).intersection( set(_acls[u'acl-groups-allow']) )))
             _deny_group = bool(len(set(_user_groups).intersection( set(_acls[u'acl-groups-deny']) )))
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index f2b67e4..81dc346 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -60,6 +60,7 @@ X2GOBROKER_CONFIG_DEFAULTS = {
         u'default-auth-mech': u'pam',
         u'default-user-db': u'libnss',
         u'default-group-db': u'libnss',
+        u'ignore-primary-group-memberships': True,
     },
     'zeroconf': {
         u'enable': True,
diff --git a/x2gobroker/nameservices/testsuite_nameservice.py b/x2gobroker/nameservices/testsuite_nameservice.py
index a0ea7e2..90c9b33 100644
--- a/x2gobroker/nameservices/testsuite_nameservice.py
+++ b/x2gobroker/nameservices/testsuite_nameservice.py
@@ -46,8 +46,9 @@ class X2GoBrokerNameService(base.X2GoBrokerNameService):
         _members = []
         if group in _groups.keys():
             _members.extend(_groups[group])
-        for username in self.get_users():
-            if unicode(group) == self.get_primary_group(username):
-                _members.append(username)
+        if primary_groups:
+            for username in self.get_users():
+                if unicode(group) == self.get_primary_group(username):
+                    _members.append(username)
         return _members
 
diff --git a/x2gobroker/tests/test_broker_base.py b/x2gobroker/tests/test_broker_base.py
index 14a9e21..8891103 100644
--- a/x2gobroker/tests/test_broker_base.py
+++ b/x2gobroker/tests/test_broker_base.py
@@ -504,6 +504,76 @@ enable = true
         }
         self.assertEqual(base_backend.check_profile_acls(username, acls), False)
 
+    def test_checkprofileacls_group_primarygroups(self):
+        username_f = 'flip' # is a male grasshopper
+        username_m = 'maja' # is a female bee
+        username_w = 'willi' # is a drone (male bee)
+        _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
+        _config = """
+[global]
+default-user-db = testsuite
+default-group-db = testsuite
+
+[base]
+enable = true
+"""
+        tf = tempfile.NamedTemporaryFile()
+        print >> tf, _config
+        tf.seek(0)
+        base_backend = base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults)
+        acls = {
+            'acl-groups-allow': ['bees','flip'],
+            'acl-groups-deny': ['ALL'],
+            'acl-groups-order': 'deny-allow',
+        }
+        self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
+        self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
+        self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
+        _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
+        _config = """
+[global]
+default-user-db = testsuite
+default-group-db = testsuite
+ignore-primary-group-memberships = true
+
+[base]
+enable = true
+"""
+        tf = tempfile.NamedTemporaryFile()
+        print >> tf, _config
+        tf.seek(0)
+        base_backend = base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults)
+        acls = {
+            'acl-groups-allow': ['bees','flip'],
+            'acl-groups-deny': ['ALL'],
+            'acl-groups-order': 'deny-allow',
+        }
+        self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
+        self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
+        self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
+        _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
+        _config = """
+[global]
+default-user-db = testsuite
+default-group-db = testsuite
+ignore-primary-group-memberships = false
+
+[base]
+enable = true
+"""
+        tf = tempfile.NamedTemporaryFile()
+        print >> tf, _config
+        tf.seek(0)
+        base_backend = base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults)
+        acls = {
+            'acl-groups-allow': ['bees','flip'],
+            'acl-groups-deny': ['ALL'],
+            'acl-groups-order': 'deny-allow',
+        }
+        self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
+        self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
+        self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
+
     def test_checkprofileacls_group_combitests(self):
         _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
         _config = """


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).




More information about the x2go-commits mailing list