[X2Go-Commits] x2gobroker.git - build-main (branch) updated: 0.0.0.1-51-gd5ae323

Sun May 19 13:04:47 CEST 2013

The branch, build-main has been updated
       via  d5ae323df36f2fab5dfe9ddfd8643dd9a98c817a (commit)
      from  64dc9fba445fcf69a7ed2d5f28180a112cb3fa91 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 debian/changelog       |    2 +
 sbin/x2gobroker-keygen |  127 ++++++++++++++++++++++++++++++++++++++++++++++++
 x2gobroker/defaults.py |    5 ++
 3 files changed, 134 insertions(+)
 create mode 100755 sbin/x2gobroker-keygen

The diff of changes is:

diff --git a/debian/changelog b/debian/changelog
index a44162f..be93ac2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -15,6 +15,8 @@ x2gobroker (0.0.0.2-0~x2go1) UNRELEASED; urgency=low
     - Set log level to CRITICAL if running unit tests.
     - Perform PAM authentication via an authentication service (the broker
       runs as non-privileged user, the authentication service as root).
+    - Add tool: x2gobroker-keygen. Generate pub/priv SSH keypair for the
+      system user x2gobroker.
   * /debian/control:
     + Add bin:package x2gobroker-agent.
   * /debian/x2gobroker-daemon.init:
diff --git a/sbin/x2gobroker-keygen b/sbin/x2gobroker-keygen
new file mode 100755
index 0000000..efe0ac2
--- /dev/null
+++ b/sbin/x2gobroker-keygen
@@ -0,0 +1,127 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# This file is part of the  X2Go Project - http://www.x2go.org
+# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder at obviously-nice.de>
+# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing at obviously-nice.de>
+# Copyright (C) 2012 by Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+#
+# X2Go Session Broker is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# X2Go Session Broker is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program; if not, write to the
+# Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
+import os
+import sys
+import setproctitle
+import argparse
+import logging
+import binascii
+import paramiko
+
+try:
+    import x2gobroker.defaults
+except ImportError:
+    sys.path.insert(0, os.path.join(os.getcwd(), '..'))
+    import x2gobroker.defaults
+
+supported_key_types = ('RSA', 'DSA')
+
+PROG_NAME = os.path.basename(sys.argv[0])
+PROG_OPTIONS = sys.argv[1:]
+setproctitle.setproctitle("%s %s" % (PROG_NAME, " ".join(PROG_OPTIONS)))
+
+from x2gobroker import __VERSION__
+from x2gobroker import __AUTHOR__
+from x2gobroker.loggers import logger_broker, logger_error
+
+if os.geteuid() == 0:
+    # propagate msgs for  the broker logger to the root logger (i.e. to stderr)
+    logger_broker.propagate = 1
+    logger_error.propagate = 1
+
+# raise log level to DEBUG if requested...
+if x2gobroker.defaults.X2GOBROKER_DEBUG and not x2gobroker.defaults.X2GOBROKER_TESTSUITE:
+    logger_broker.setLevel(logging.DEBUG)
+
+logger_broker.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__))
+logger_broker.info('Setting up the key generator\'s environment...')
+logger_broker.info('  X2GOBROKER_DEBUG: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DEBUG))
+logger_broker.info('  X2GOBROKER_DAEMON_USER: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DAEMON_USER))
+logger_broker.info('  X2GOBROKER_DAEMON_GROUP: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP))
+
+# check effective UID the broker runs as and complain appropriately...
+if os.geteuid() != 0:
+    logger_error.error('X2Go Session Broker\'s key generator has to run with root privileges. Exiting...')
+    sys.exit(-1)
+
+if __name__ == '__main__':
+
+    common_options = [
+        {'args':['-t','--type'], 'default': 'RSA', 'help': 'Choose a key type for the X2Go Session Broker pub/priv SSH key pair (available: RSA, DSA).', },
+        {'args':['-f','--force'], 'default': False, 'action': 'store_true', 'help': 'Enforce the creation of a public/private key pair. WARNING: This will overwrite earlier created keys.', },
+    ]
+    p = argparse.ArgumentParser(description='X2Go Session Broker (Key Generator)',\
+                                formatter_class=argparse.RawDescriptionHelpFormatter, \
+                                add_help=True, argument_default=None)
+    p_common = p.add_argument_group('common parameters')
+
+    for (p_group, opts) in ( (p_common, common_options), ):
+        for opt in opts:
+            args = opt['args']
+            del opt['args']
+            p_group.add_argument(*args, **opt)
+
+    cmdline_args = p.parse_args()
+
+    if cmdline_args.key_type.upper() not in supported_key_types:
+        logger_error.error(u'Unknown key type »{key_type}«. Possible key types are RSA and DSA. Exiting...'.format(key_type=cmdline_args.key_type.upper()))
+        sys.exit(-2)
+
+    broker_uid = x2gobroker.defaults.X2GOBROKER_DAEMON_USER
+    broker_uidnumber = getpwnam(broker_uid).pw_uid
+    broker_gid = x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP
+    broker_gidnumber = getgrnam(_broker_gid).gr_gid
+    broker_home = x2gobroker.defaults.X2GOBROKER_HOME
+
+    if not os.path.exists(broker_home):
+        logger_error.error('The home directory {home} of user {user} does not exists. Cannot continue. Exiting...'.format(home=broker_home, user=broker_uid))
+        sys.exit(-2)
+
+    logger_broker.info('Creating pub/priv key pair for X2Go Session Broker...')
+    if not path.exists('{home}/.ssh'.format(home=broker_home)):
+        os.mkdir('{home}/.ssh'.format(home=broker_home))
+        os.chown('{home}/.ssh'.format(home=broker_home), broker_uidnumber, broker_gidnumber)
+        os.chmod('{home}/.ssh'.format(home=broker_home), 0750)
+        logger_broker.info('  Created {home}/.ssh'.format(home=broker_home))
+
+    # generate key pair
+    if cmdline_args.key_type.upper() == 'RSA':
+        key = paramiko.RSAKey.generate(2048)
+    elif cmdine_args.key_type.upper() == 'DSA':
+        key = paramiko.DSAKey.generate(2048)
+
+    logger_broker.info('  {key_type} key has been generated, fingerprint is {fingerprint}'.format(key_type=cmdine_args.key_type.upper(), fingerprint=binascii.hexlify(key.get_fingerprint())))
+
+    key.write_private_key_file('{home}/.ssh/id_rsa'.format(home=broker_home))
+    os.chown('{home}/.ssh/id_rsa'.format(home=broker_home), broker_uidnumber, broker_gidnumber)
+    os.chmod('{home}/.ssh/id_rsa'.format(home=broker_home), 0600)
+    logger_broker.info('  Private key written to file {key_file}'.format(key_file='{home}/.ssh/id_rsa'.format(home=broker_home)))
+
+    pubkey_file = open('{home}/.ssh/id_rsa.pub'.format(home=broker_home),'w')
+    pubkey_file.write("ssh-rsa " +key.get_base64())
+    pubkey_file.close()
+    os.chown('{home}/.ssh/id_rsa'.format(home=broker_home), broker_uidnumber, broker_gidnumber)
+    os.chmod('{home}/.ssh/id_rsa'.format(home=broker_home), 0600)
+    logger_broker.info('  Public key written to file {key_file}'.format(key_file='{home}/.ssh/id_rsa.pub'.format(home=broker_home)))
+
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index e777142..4368a67 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -29,6 +29,11 @@ from loggers import logger_broker, logger_access, logger_error, X2GOBROKER_DAEMO
 
 X2GOBROKER_USER =  getpass.getuser()
 
+if os.environ.has_key('X2GOBROKER_DAEMON_GROUP'):
+    X2GOBROKER_DAEMON_GROUP=os.environ['X2GOBROKER_DAEMON_GROUP']
+else:
+    X2GOBROKER_DAEMON_GROUP="x2gobroker"
+
 ###
 ### dynamic default values, influencable through os.environ...
 ###


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).


