[X2Go-Commits] x2gobroker.git - build-main (branch) updated: 0.0.0.5-13-g65db3d5

X2Go dev team git-admin at x2go.org
Sun May 19 13:04:53 CEST 2013


The branch, build-main has been updated
       via  65db3d550c384ff0afbc0d9e97855ac1bf4bbea7 (commit)
      from  c6fbb4cf743a450b4a251bf39e86822662b17a73 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 etc/x2gobroker.conf               |   18 +++++++++---------
 x2gobroker/brokers/base_broker.py |   38 +++++++++++++++++++------------------
 x2gobroker/defaults.py            |    6 +++---
 3 files changed, 32 insertions(+), 30 deletions(-)

The diff of changes is:
diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf
index 70d0906..3e9ee23 100644
--- a/etc/x2gobroker.conf
+++ b/etc/x2gobroker.conf
@@ -50,20 +50,20 @@
 # profile mapping in LDAP
 
 
-# Allow unauthenticated connections? Then set check_credentials to false.
+# Allow unauthenticated connections? Then set check-credentials to false.
 #check-credentials = true
 
 # To secure server-client communication the client can start the communication
-# with a pre-set, agreed on authentication ID. Set the below value to 1 to make
-# use of this feature
-#use-authid = false
+# with a pre-set, agreed on authentication ID. Set the below value to true
+# to make the X2Go Session Broker require this feature
+#require-cookie-auth = false
 
-# X2Go supports two different auth ID modes (static and dynamic), for now set
-# the below value to true
-#use-static-authid = true
+# X2Go supports two different cookie authentication modes (static and dynamic).
+#use-static-cookie = false
 
-# Make up your own authid below...
-#authid = <aaaavveeeerrrrryyyyylooonnnnggggssttrrriiinnnggg>
+# Every server-client communication (between X2Go Client and broker) has to be
+# accompanied by this initial authentication cookie.
+#my-cookie = <aaaavveeeerrrrryyyyylooonnnnggggssttrrriiinnnggg>
 
 # X2Go Session Broker knows about two output formats: a text/html based output
 # and a text/json based output. The different outputs run under different URLs
diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py
index 2f9b6d2..c980119 100644
--- a/x2gobroker/brokers/base_broker.py
+++ b/x2gobroker/brokers/base_broker.py
@@ -66,7 +66,7 @@ class X2GoBroker(object):
         if config_defaults is None: config_defaults = x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS
         self.config = x2gobroker.config.X2GoBrokerConfigFile(config_files=self.config_file, defaults=config_defaults)
 
-        self._dynamic_authid_map = {}
+        self._dynamic_cookie_map = {}
         self._client_address = None
 
     def __del__(self):
@@ -687,7 +687,7 @@ class X2GoBroker(object):
         else:
             return []
 
-    def check_access(self, username='', password='', authid=None, ):
+    def check_access(self, username='', password='', cookie=None, ):
         """\
         Check if a given user with a given password may gain access to the
         X2Go session broker.
@@ -696,6 +696,8 @@ class X2GoBroker(object):
         @type username: C{unicode}
         @param password: a password that authenticates the user against the X2Go session broker
         @type password: C{unicode}
+        @param cookie: an extra (static or dynamic) authentication token
+        @type cookie: C{unicode}
 
         @return: returns C{True} if the authentication has been successful
         @rtype: C{bool}
@@ -717,46 +719,46 @@ class X2GoBroker(object):
 
         ### HANDLING OF DYNAMIC AUTHENTICATION ID HASHES
 
-        # using authid as extra security?
-        if self.config.get_value('global', 'use-authid'):
+        # using cookie authentication as extra security?
+        if self.config.get_value('global', 'require-cookie-authentication'):
 
-            if type(authid) is types.StringType:
-                authid = unicode(authid)
+            if type(cookie) is types.StringType:
+                cookie = unicode(cookie)
 
-            if self.config.get_value('global', 'use-static-authid'):
+            if self.config.get_value('global', 'use-static-cookie'):
 
                 # evaluate access based on static authentication ID feature
-                access = access and ( authid == self.config.get_value('global', 'authid') )
+                access = access and ( cookie == self.config.get_value('global', 'my-cookie') )
 
             else:
 
                 # evaluate access based on dynamic authentication ID feature
-                if self._dynamic_authid_map.has_key(username):
-                    access = access and ( authid == self._dynamic_authid_map[username] )
+                if self._dynamic_cookie_map.has_key(username):
+                    access = access and ( cookie == self._dynamic_cookie_map[username] )
                     if access:
-                        self._dynamic_authid_map[username] = uuid.uuid5(namespace=authid, name=username)
+                        self._dynamic_cookie_map[username] = uuid.uuid5(namespace=cookie, name=username)
 
                 else:
-                    access = access and ( authid == self.config.get_value('global', 'authid') )
+                    access = access and ( cookie == self.config.get_value('global', 'my-cookie') )
                     if access:
                         # generate a first uuid, initialize the dynamic authencation ID security feature
-                        self._dynamic_authid_map[username] = uuid.uuid4()
+                        self._dynamic_cookie_map[username] = uuid.uuid4()
 
         return access
 
-    def get_next_authid(self, username):
+    def get_next_cookie(self, username):
         """\
-        Get the next expected authentication ID for the given user name.
+        Get the next expected authentication cookie for the given user name.
 
-        @param username: query next auth ID for this user
+        @param username: query next authentication cookie for this user
         @type username: C{unicode}
 
-        @return: returns next authentication ID for the given username, None if no auth ID has been generated, yet.
+        @return: returns next authentication cookie for the given username, None if no cookie has been generated, yet
         @rtype: C{unicode} or C{None}
 
         """
         try:
-            return self._dynamic_authid_map[username]
+            return self._dynamic_cookie_map[username]
         except KeyError:
             return None
 
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index 8274e71..4e52156 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -114,9 +114,9 @@ X2GOBROKER_CONFIG_DEFAULTS = {
     'global': {
         u'backend': u'zeroconf',
         u'check-credentials': True,
-        u'use-authid': False,
-        u'use-static-authid': True,
-        u'authid': uuid.uuid4(),
+        u'require-cookie-auth': False,
+        u'use-static-cookie': False,
+        u'my-cookie': uuid.uuid4(),
         u'enable-plain-output': True,
         u'enable-json-output': False,
         u'enable-html-output':  False,


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).




More information about the x2go-commits mailing list