[X2Go-Commits] x2gobroker.git - build-main (branch) updated: 0.0.0.1-51-gd5ae323
X2Go dev team
git-admin at x2go.org
Sun May 19 13:04:47 CEST 2013
The branch, build-main has been updated
via d5ae323df36f2fab5dfe9ddfd8643dd9a98c817a (commit)
from 64dc9fba445fcf69a7ed2d5f28180a112cb3fa91 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
debian/changelog | 2 +
sbin/x2gobroker-keygen | 127 ++++++++++++++++++++++++++++++++++++++++++++++++
x2gobroker/defaults.py | 5 ++
3 files changed, 134 insertions(+)
create mode 100755 sbin/x2gobroker-keygen
The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index a44162f..be93ac2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -15,6 +15,8 @@ x2gobroker (0.0.0.2-0~x2go1) UNRELEASED; urgency=low
- Set log level to CRITICAL if running unit tests.
- Perform PAM authentication via an authentication service (the broker
runs as non-privileged user, the authentication service as root).
+ - Add tool: x2gobroker-keygen. Generate pub/priv SSH keypair for the
+ system user x2gobroker.
* /debian/control:
+ Add bin:package x2gobroker-agent.
* /debian/x2gobroker-daemon.init:
diff --git a/sbin/x2gobroker-keygen b/sbin/x2gobroker-keygen
new file mode 100755
index 0000000..efe0ac2
--- /dev/null
+++ b/sbin/x2gobroker-keygen
@@ -0,0 +1,127 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# This file is part of the X2Go Project - http://www.x2go.org
+# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder at obviously-nice.de>
+# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing at obviously-nice.de>
+# Copyright (C) 2012 by Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+#
+# X2Go Session Broker is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# X2Go Session Broker is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program; if not, write to the
+# Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
+import os
+import sys
+import setproctitle
+import argparse
+import logging
+import binascii
+import paramiko
+
+try:
+ import x2gobroker.defaults
+except ImportError:
+ sys.path.insert(0, os.path.join(os.getcwd(), '..'))
+ import x2gobroker.defaults
+
+supported_key_types = ('RSA', 'DSA')
+
+PROG_NAME = os.path.basename(sys.argv[0])
+PROG_OPTIONS = sys.argv[1:]
+setproctitle.setproctitle("%s %s" % (PROG_NAME, " ".join(PROG_OPTIONS)))
+
+from x2gobroker import __VERSION__
+from x2gobroker import __AUTHOR__
+from x2gobroker.loggers import logger_broker, logger_error
+
+if os.geteuid() == 0:
+ # propagate msgs for the broker logger to the root logger (i.e. to stderr)
+ logger_broker.propagate = 1
+ logger_error.propagate = 1
+
+# raise log level to DEBUG if requested...
+if x2gobroker.defaults.X2GOBROKER_DEBUG and not x2gobroker.defaults.X2GOBROKER_TESTSUITE:
+ logger_broker.setLevel(logging.DEBUG)
+
+logger_broker.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__))
+logger_broker.info('Setting up the key generator\'s environment...')
+logger_broker.info(' X2GOBROKER_DEBUG: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DEBUG))
+logger_broker.info(' X2GOBROKER_DAEMON_USER: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DAEMON_USER))
+logger_broker.info(' X2GOBROKER_DAEMON_GROUP: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP))
+
+# check effective UID the broker runs as and complain appropriately...
+if os.geteuid() != 0:
+ logger_error.error('X2Go Session Broker\'s key generator has to run with root privileges. Exiting...')
+ sys.exit(-1)
+
+if __name__ == '__main__':
+
+ common_options = [
+ {'args':['-t','--type'], 'default': 'RSA', 'help': 'Choose a key type for the X2Go Session Broker pub/priv SSH key pair (available: RSA, DSA).', },
+ {'args':['-f','--force'], 'default': False, 'action': 'store_true', 'help': 'Enforce the creation of a public/private key pair. WARNING: This will overwrite earlier created keys.', },
+ ]
+ p = argparse.ArgumentParser(description='X2Go Session Broker (Key Generator)',\
+ formatter_class=argparse.RawDescriptionHelpFormatter, \
+ add_help=True, argument_default=None)
+ p_common = p.add_argument_group('common parameters')
+
+ for (p_group, opts) in ( (p_common, common_options), ):
+ for opt in opts:
+ args = opt['args']
+ del opt['args']
+ p_group.add_argument(*args, **opt)
+
+ cmdline_args = p.parse_args()
+
+ if cmdline_args.key_type.upper() not in supported_key_types:
+ logger_error.error(u'Unknown key type »{key_type}«. Possible key types are RSA and DSA. Exiting...'.format(key_type=cmdline_args.key_type.upper()))
+ sys.exit(-2)
+
+ broker_uid = x2gobroker.defaults.X2GOBROKER_DAEMON_USER
+ broker_uidnumber = getpwnam(broker_uid).pw_uid
+ broker_gid = x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP
+ broker_gidnumber = getgrnam(_broker_gid).gr_gid
+ broker_home = x2gobroker.defaults.X2GOBROKER_HOME
+
+ if not os.path.exists(broker_home):
+ logger_error.error('The home directory {home} of user {user} does not exists. Cannot continue. Exiting...'.format(home=broker_home, user=broker_uid))
+ sys.exit(-2)
+
+ logger_broker.info('Creating pub/priv key pair for X2Go Session Broker...')
+ if not path.exists('{home}/.ssh'.format(home=broker_home)):
+ os.mkdir('{home}/.ssh'.format(home=broker_home))
+ os.chown('{home}/.ssh'.format(home=broker_home), broker_uidnumber, broker_gidnumber)
+ os.chmod('{home}/.ssh'.format(home=broker_home), 0750)
+ logger_broker.info(' Created {home}/.ssh'.format(home=broker_home))
+
+ # generate key pair
+ if cmdline_args.key_type.upper() == 'RSA':
+ key = paramiko.RSAKey.generate(2048)
+ elif cmdine_args.key_type.upper() == 'DSA':
+ key = paramiko.DSAKey.generate(2048)
+
+ logger_broker.info(' {key_type} key has been generated, fingerprint is {fingerprint}'.format(key_type=cmdine_args.key_type.upper(), fingerprint=binascii.hexlify(key.get_fingerprint())))
+
+ key.write_private_key_file('{home}/.ssh/id_rsa'.format(home=broker_home))
+ os.chown('{home}/.ssh/id_rsa'.format(home=broker_home), broker_uidnumber, broker_gidnumber)
+ os.chmod('{home}/.ssh/id_rsa'.format(home=broker_home), 0600)
+ logger_broker.info(' Private key written to file {key_file}'.format(key_file='{home}/.ssh/id_rsa'.format(home=broker_home)))
+
+ pubkey_file = open('{home}/.ssh/id_rsa.pub'.format(home=broker_home),'w')
+ pubkey_file.write("ssh-rsa " +key.get_base64())
+ pubkey_file.close()
+ os.chown('{home}/.ssh/id_rsa'.format(home=broker_home), broker_uidnumber, broker_gidnumber)
+ os.chmod('{home}/.ssh/id_rsa'.format(home=broker_home), 0600)
+ logger_broker.info(' Public key written to file {key_file}'.format(key_file='{home}/.ssh/id_rsa.pub'.format(home=broker_home)))
+
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index e777142..4368a67 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -29,6 +29,11 @@ from loggers import logger_broker, logger_access, logger_error, X2GOBROKER_DAEMO
X2GOBROKER_USER = getpass.getuser()
+if os.environ.has_key('X2GOBROKER_DAEMON_GROUP'):
+ X2GOBROKER_DAEMON_GROUP=os.environ['X2GOBROKER_DAEMON_GROUP']
+else:
+ X2GOBROKER_DAEMON_GROUP="x2gobroker"
+
###
### dynamic default values, influencable through os.environ...
###
hooks/post-receive
--
x2gobroker.git (HTTP(S) Session broker for X2Go)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).
More information about the x2go-commits
mailing list