[X2Go-Commits] python-x2go.git - twofactorauth (branch) updated: 0.2.1.1-16-gb1c28c7
X2Go dev team
git-admin at x2go.org
Sat Sep 14 15:57:57 CEST 2013
The branch, twofactorauth has been updated
via b1c28c749e6d34ae51d5169e360ba4f3409d1d81 (commit)
from f787a0620a5fee6cc9df2a53a92abb81d5a99880 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
debian/changelog | 3 +++
x2go/backends/control/_stdout.py | 9 ++++++++-
x2go/checkhosts.py | 24 ++++++++++++++++++------
x2go/client.py | 2 +-
x2go/session.py | 2 +-
x2go/sshproxy.py | 33 +++++++++++++++++++++++++++++++--
x2go/utils.py | 14 +++++++-------
7 files changed, 69 insertions(+), 18 deletions(-)
The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index a8da37f..ca60226 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,9 @@ python-x2go (0.2.1.2-0~x2go1) UNRELEASED; urgency=low
- Add session profile option ,,display'' to default session profile options.
- Catch any kind of exception when writing session profile files and return
True or False in cases where I/O errors occur.
+ - Avoid the known_hosts file being flushed with localhost:[<someport>]
+ entries. Store host keys of SSH-proxied hosts under the [<address>]:<port>
+ the system has _behind_ the SSH proxy gateway.
-- Mike Gabriel <mike.gabriel at das-netzwerkteam.de> Thu, 20 Dec 2012 08:58:44 +0100
diff --git a/x2go/backends/control/_stdout.py b/x2go/backends/control/_stdout.py
index fdb80d4..d7e0aec 100644
--- a/x2go/backends/control/_stdout.py
+++ b/x2go/backends/control/_stdout.py
@@ -718,6 +718,8 @@ class X2goControlSessionSTDOUT(paramiko.SSHClient):
@raise X2goRemoteHomeException: if the remote home directory does not exist or is not accessible
"""
+ _fake_hostname = None
+
if use_sshproxy and sshproxy_host and sshproxy_user:
try:
self.sshproxy_session = sshproxy.X2goSSHProxy(known_hosts=self.known_hosts,
@@ -734,6 +736,11 @@ class X2goControlSessionSTDOUT(paramiko.SSHClient):
session_instance=session_instance,
logger=self.logger,
)
+ hostname = self.sshproxy_session.get_local_proxy_host()
+ port = self.sshproxy_session.get_local_proxy_port()
+ _fake_hostname = self.sshproxy_session.get_remote_host()
+ _fake_port = self.sshproxy_session.get_remote_port()
+ _fake_hostname = "[%s]:%s" % (_fake_hostname, _fake_port)
except:
if self.sshproxy_session:
@@ -750,7 +757,7 @@ class X2goControlSessionSTDOUT(paramiko.SSHClient):
port = self.sshproxy_session.get_local_proxy_port()
if not add_to_known_hosts and session_instance:
- self.set_missing_host_key_policy(checkhosts.X2goInteractiveAddPolicy(caller=self, session_instance=session_instance))
+ self.set_missing_host_key_policy(checkhosts.X2goInteractiveAddPolicy(caller=self, session_instance=session_instance, fake_hostname=_fake_hostname))
if add_to_known_hosts:
self.set_missing_host_key_policy(paramiko.AutoAddPolicy())
diff --git a/x2go/checkhosts.py b/x2go/checkhosts.py
index 98badbb..aedb08d 100644
--- a/x2go/checkhosts.py
+++ b/x2go/checkhosts.py
@@ -50,7 +50,7 @@ class X2goInteractiveAddPolicy(paramiko.MissingHostKeyPolicy):
method and hook some interactive user dialog to either of them.
"""
- def __init__(self, caller=None, session_instance=None):
+ def __init__(self, caller=None, session_instance=None, fake_hostname=None):
"""\
@param caller: calling instance
@type caller: C{class}
@@ -60,6 +60,7 @@ class X2goInteractiveAddPolicy(paramiko.MissingHostKeyPolicy):
"""
self.caller = caller
self.session_instance = session_instance
+ self.fake_hostname = fake_hostname
def missing_host_key(self, client, hostname, key):
"""\
@@ -95,6 +96,17 @@ class X2goInteractiveAddPolicy(paramiko.MissingHostKeyPolicy):
client._log(paramiko.common.DEBUG, 'Interactively Checking %s host key for %s: %s' %
(self.key.get_name(), self.hostname, binascii.hexlify(self.key.get_fingerprint())))
if self.session_instance:
+
+ if self.fake_hostname is not None:
+ server_key = client.get_transport().get_remote_server_key()
+ keytype = server_key.get_name()
+ our_server_key = client._system_host_keys.get(self.fake_hostname, {}).get(keytype, None)
+ if our_server_key is None:
+ our_server_key = client._host_keys.get(self.fake_hostname, {}).get(keytype, None)
+ if our_server_key is not None:
+ self.session_instance.logger('SSH host key verification for SSH-proxied host %s with %s fingerprint ,,%s\'\' succeeded. This host is known by the address it has behind the SSH proxy host.' % (self.fake_hostname, self.get_key_name(), self.get_key_fingerprint_with_colons()), loglevel=log.loglevel_NOTICE)
+ return
+
self.session_instance.logger('SSH host key verification for host %s with %s fingerprint ,,%s\'\' initiated. We are seeing this X2Go server for the first time.' % (self.get_hostname(), self.get_key_name(), self.get_key_fingerprint_with_colons()), loglevel=log.loglevel_NOTICE)
_valid = self.session_instance.HOOK_check_host_dialog(self.get_hostname_name(),
port=self.get_hostname_port(),
@@ -102,14 +114,14 @@ class X2goInteractiveAddPolicy(paramiko.MissingHostKeyPolicy):
fingerprint_type=self.get_key_name(),
)
if _valid:
- paramiko.AutoAddPolicy().missing_host_key(client, self.hostname, key)
+ paramiko.AutoAddPolicy().missing_host_key(client, self.get_hostname(), key)
else:
if type(self.caller) in (sshproxy.X2goSSHProxy, ):
- raise x2go_exceptions.X2goSSHProxyHostKeyException('Invalid host %s is not authorized for access. Add the host to Paramiko/SSH\'s known_hosts file.' % hostname)
+ raise x2go_exceptions.X2goSSHProxyHostKeyException('Invalid host %s is not authorized for access. Add the host to Paramiko/SSH\'s known_hosts file.' % self.get_hostname())
else:
- raise x2go_exceptions.X2goHostKeyException('Invalid host %s is not authorized for access. Add the host to Paramiko/SSH\'s known_hosts file.' % hostname)
+ raise x2go_exceptions.X2goHostKeyException('Invalid host %s is not authorized for access. Add the host to Paramiko/SSH\'s known_hosts file.' % self.get_hostname())
else:
- raise x2go_exceptions.SSHException('Policy has collected host key information on %s for further introspection' % hostname)
+ raise x2go_exceptions.SSHException('Policy has collected host key information on %s for further introspection' % self.get_hostname())
def get_client(self):
"""\
@@ -129,7 +141,7 @@ class X2goInteractiveAddPolicy(paramiko.MissingHostKeyPolicy):
@rtype: C{str}
"""
- return self.hostname
+ return self.fake_hostname or self.hostname
def get_hostname_name(self):
"""\
diff --git a/x2go/client.py b/x2go/client.py
index 9471cd2..f35961d 100644
--- a/x2go/client.py
+++ b/x2go/client.py
@@ -454,7 +454,7 @@ class X2goClient(object):
else:
self.logger('HOOK_printaction_error: incoming print job ,, %s'' caused error: %s' % (filename, err_msg), loglevel=log.loglevel_ERROR)
- def HOOK_check_host_dialog(self, profile_name='UNKNOWN', host='UNKNOWN', port=22, fingerprint='no fingerprint', fingerprint_type='RSA'):
+ def HOOK_check_host_dialog(self, profile_name='UNKNOWN', host='UNKNOWN', port=22, fingerprint='no fingerprint', fingerprint_type='UNKNOWN'):
"""\
HOOK method: called if a host check is requested. This hook has to either return C{True} (default) or C{False}.
diff --git a/x2go/session.py b/x2go/session.py
index bca32ec..43c9256 100644
--- a/x2go/session.py
+++ b/x2go/session.py
@@ -544,7 +544,7 @@ class X2goSession(object):
else:
self.logger('HOOK_sshfs_not_available: the remote X2Go server (%s) denies SSHFS access for session %s. This will result in client-side folder sharing, printing and the MIME box feature being unavailable' % (self.profile_name, self.session_name), loglevel=log.loglevel_WARN)
- def HOOK_check_host_dialog(self, host, port, fingerprint='no fingerprint', fingerprint_type='RSA'):
+ def HOOK_check_host_dialog(self, host, port, fingerprint='no fingerprint', fingerprint_type='UNKNOWN'):
"""\
HOOK method: called if a host check is requested. This hook has to either return C{True} (default) or C{False}.
diff --git a/x2go/sshproxy.py b/x2go/sshproxy.py
index df50f2b..4f66123 100644
--- a/x2go/sshproxy.py
+++ b/x2go/sshproxy.py
@@ -288,7 +288,6 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
Wraps around a Paramiko/SSH host key check.
"""
- # hostname rewrite for localhost, force to IPv4
_hostname = self.hostname
# force into IPv4 for localhost connections
@@ -298,7 +297,7 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
_valid = False
(_valid, _hostname, _port, _fingerprint, _fingerprint_type) = checkhosts.check_ssh_host_key(self, _hostname, port=self.port)
if not _valid and self.session_instance:
- _valid = self.session_instance.HOOK_check_host_dialog(_hostname, _port, fingerprint=_fingerprint, fingerprint_type=_fingerprint_type)
+ _valid = self.session_instance.HOOK_check_host_dialog(self.remote_host, self.remote_port, fingerprint=_fingerprint, fingerprint_type=_fingerprint_type)
return _valid
def run(self):
@@ -334,6 +333,16 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
else:
raise x2go_exceptions.X2goSSHProxyException('SSH proxy connection could not retrieve an SSH transport')
+ def get_local_proxy_host(self):
+ """\
+ Retrieve the local IP socket address this SSH proxying tunnel is (about to) bind/bound to.
+
+ @return: local IP socket address
+ @rtype: C{int}
+
+ """
+ return self.local_host
+
def get_local_proxy_port(self):
"""\
Retrieve the local IP socket port this SSH proxying tunnel is (about to) bind/bound to.
@@ -344,6 +353,26 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
"""
return self.local_port
+ def get_remote_host(self):
+ """\
+ Retrieve the remote IP socket address at the remote end of the SSH proxying tunnel.
+
+ @return: local IP socket address
+ @rtype: C{int}
+
+ """
+ return self.remote_host
+
+ def get_remote_port(self):
+ """\
+ Retrieve the remote IP socket port of the target system's SSH daemon.
+
+ @return: remote SSH port
+ @rtype: C{int}
+
+ """
+ return self.remote_port
+
def stop_thread(self):
"""\
Tear down the SSH proxying tunnel.
diff --git a/x2go/utils.py b/x2go/utils.py
index 5cbafa4..f621ece 100644
--- a/x2go/utils.py
+++ b/x2go/utils.py
@@ -205,8 +205,6 @@ def _convert_SessionProfileOptions_2_SessionParams(options):
'sshproxyport': 'sshproxy_port',
'sshproxyuser': 'sshproxy_user',
'sshproxykeyfile': 'sshproxy_key_filename',
- # FIXME: remove this next option...
- 'sshproxytunnel': 'sshproxy_tunnel',
'sessiontitle': 'session_title',
'setsessiontitle': 'set_session_title',
'published': 'published_applications',
@@ -329,11 +327,13 @@ def _convert_SessionProfileOptions_2_SessionParams(options):
_params['sshproxy_key_filename'] = _params['key_filename']
del _params['sshproxysamepass']
- #if options['sshproxytunnel']:
- # del _params['sshproxytunnel']
- #
- #if _params['use_sshproxy']:
- # _params['sshproxy_tunnel'] = 'localhost:44444:%s:%s' % (_params['server'], _params['port'])
+ if _params['use_sshproxy']:
+ _params['server'] = options['sshproxytunnel'].split(":")[-2]
+ _params['port'] = options['sshproxytunnel'].split(":")[-1]
+ _params['sshproxy_tunnel'] = 'localhost:44444:%s:%s' % (_params['server'], _params['port'])
+
+ if options['sshproxytunnel']:
+ del _params['sshproxytunnel']
# currently known but ignored in Python X2go
_ignored_options = [
hooks/post-receive
--
python-x2go.git (Python X2Go Client API)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-x2go.git" (Python X2Go Client API).
More information about the x2go-commits
mailing list