[X2Go-Commits] python-x2go.git - build-baikal (branch) updated: 0.2.0.10-92-g64dbd1b
X2Go dev team
git-admin at x2go.org
Wed Jan 8 15:29:31 CET 2014
The branch, build-baikal has been updated
via 64dbd1b29eeefb88427ee92a5ba0ccfef2cb309f (commit)
from 8b51f4435d5042e8f8a3d38767d8cf70d38a67b6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
x2go/backends/control/_stdout.py | 25 ++++++++++++------
x2go/client.py | 8 +++++-
x2go/session.py | 54 ++++++++++++++++----------------------
x2go/sshproxy.py | 27 ++++++++++++-------
4 files changed, 64 insertions(+), 50 deletions(-)
The diff of changes is:
diff --git a/x2go/backends/control/_stdout.py b/x2go/backends/control/_stdout.py
index b95e916..7e29166 100644
--- a/x2go/backends/control/_stdout.py
+++ b/x2go/backends/control/_stdout.py
@@ -613,7 +613,7 @@ class X2goControlSessionSTDOUT(paramiko.SSHClient):
def connect(self, hostname, port=22, username='', password='', pkey=None,
key_filename=None, timeout=None, allow_agent=False, look_for_keys=False,
- use_sshproxy=False, sshproxy_host='', sshproxy_port=22, sshproxy_user='', sshproxy_password='',
+ use_sshproxy=False, sshproxy_host='', sshproxy_port=22, sshproxy_user='', sshproxy_password='', sshproxy_force_password_auth=False,
sshproxy_key_filename='', sshproxy_pkey=None, sshproxy_look_for_keys=False, sshproxy_allow_agent=False,
sshproxy_tunnel='',
forward_sshagent=None,
@@ -689,6 +689,8 @@ class X2goControlSessionSTDOUT(paramiko.SSHClient):
@param sshproxy_password: a password to use for SSH proxy authentication or for unlocking
a private key
@type sshproxy_password: C{str}
+ @param sshproxy_force_password_auth: enforce using a given C{sshproxy_password} even if a key(file) is given
+ @type sshproxy_force_password_auth: C{bool}
@param sshproxy_key_filename: local file location of the private key file
@type sshproxy_key_filename: C{str}
@param sshproxy_pkey: an optional private key to use for SSH proxy authentication
@@ -723,6 +725,7 @@ class X2goControlSessionSTDOUT(paramiko.SSHClient):
sshproxy_port=sshproxy_port,
sshproxy_user=sshproxy_user,
sshproxy_password=sshproxy_password,
+ sshproxy_force_password_auth=sshproxy_force_password_auth,
sshproxy_key_filename=sshproxy_key_filename,
sshproxy_pkey=sshproxy_pkey,
sshproxy_look_for_keys=sshproxy_look_for_keys,
@@ -773,30 +776,36 @@ class X2goControlSessionSTDOUT(paramiko.SSHClient):
if forward_sshagent is not None:
self.forward_sshagent = forward_sshagent
- if (key_filename and os.path.exists(os.path.normpath(key_filename))) or pkey or look_for_keys or allow_agent or (password and force_password_auth):
+ if key_filename or pkey or look_for_keys or allow_agent or (password and force_password_auth):
try:
if password and force_password_auth:
self.logger('trying keyboard-interactive SSH authentication with server', loglevel=log.loglevel_DEBUG)
paramiko.SSHClient.connect(self, _hostname, port=port, username=username, pkey=None, password=password,
key_filename=None, timeout=timeout, allow_agent=False,
look_for_keys=False)
- elif key_filename or pkey:
+ elif (key_filename and os.path.exists(os.path.normpath(key_filename))) or pkey:
self.logger('trying SSH pub/priv key authentication with server', loglevel=log.loglevel_DEBUG)
paramiko.SSHClient.connect(self, _hostname, port=port, username=username, pkey=pkey,
key_filename=key_filename, timeout=timeout, allow_agent=allow_agent,
look_for_keys=look_for_keys)
else:
self.logger('trying SSH key discovery or agent authentication with server', loglevel=log.loglevel_DEBUG)
- paramiko.SSHClient.connect(self, _hostname, port=port, username=username, pkey=None,
- key_filename=None, timeout=timeout, allow_agent=allow_agent,
- look_for_keys=look_for_keys)
+ try:
+ paramiko.SSHClient.connect(self, _hostname, port=port, username=username, pkey=None,
+ key_filename=None, timeout=timeout, allow_agent=allow_agent,
+ look_for_keys=look_for_keys)
+ except paramiko.SSHException, e:
+ if str(e) == 'No authentication methods available':
+ raise paramiko.AuthenticationException('Interactive password authentication required!')
+ else:
+ raise(e)
# since Paramiko 1.7.7.1 there is compression available, let's use it if present...
t = self.get_transport()
if x2go._paramiko.PARAMIKO_FEATURE['use-compression']:
t.use_compression(compress=True)
- except (paramiko.AuthenticationException, paramiko.SSHException), e:
+ except paramiko.AuthenticationException, e:
self.close()
if password:
self.logger('next auth mechanism we\'ll try is keyboard-interactive authentication', loglevel=log.loglevel_DEBUG)
@@ -812,7 +821,7 @@ class X2goControlSessionSTDOUT(paramiko.SSHClient):
self.close()
if self.sshproxy_session:
self.sshproxy_session.stop_thread()
- raise(paramiko.AuthenticationException('Interactive password authentication required!'))
+ raise(e)
except:
self.close()
diff --git a/x2go/client.py b/x2go/client.py
index 8619e26..c1e5358 100644
--- a/x2go/client.py
+++ b/x2go/client.py
@@ -1283,7 +1283,9 @@ class X2goClient(object):
sshproxy_user='',
sshproxy_password='',
add_to_known_hosts=False,
- force_password_auth=False):
+ force_password_auth=False,
+ sshproxy_force_password_auth=False,
+ ):
"""\
Connect to a registered X2Go session with registry hash C{session_uuid}
This method basically wraps around paramiko.SSHClient.connect() for the
@@ -1307,6 +1309,9 @@ class X2goClient(object):
@param force_password_auth: disable SSH pub/priv key authentication mechanisms
completely
@type force_password_auth: C{bool}
+ @param sshproxy_force_password_auth: disable SSH pub/priv key authentication mechanisms
+ completely for SSH proxy connection
+ @type sshproxy_force_password_auth: C{bool}
@return: returns True if this method has been successful
@rtype: C{bool}
@@ -1316,6 +1321,7 @@ class X2goClient(object):
sshproxy_user=sshproxy_user, sshproxy_password=sshproxy_password,
add_to_known_hosts=add_to_known_hosts,
force_password_auth=force_password_auth,
+ sshproxy_force_password_auth=sshproxy_force_password_auth,
)
if self.auto_register_sessions:
self.session_registry.register_available_server_sessions(profile_name=self.get_session_profile_name(session_uuid),
diff --git a/x2go/session.py b/x2go/session.py
index 0348ae3..e1159f1 100644
--- a/x2go/session.py
+++ b/x2go/session.py
@@ -60,6 +60,9 @@ import gevent
import re
import threading
+# FIXME: we need the list of keys from a potentially used SSH agent. This part of code has to be moved into the control session code
+import paramiko
+
# Python X2Go modules
import defaults
import log
@@ -67,7 +70,6 @@ import utils
import session
import x2go_exceptions
-
from x2go.backends.control import X2goControlSession as _X2goControlSession
from x2go.backends.terminal import X2goTerminalSession as _X2goTerminalSession
from x2go.backends.info import X2goServerSessionInfo as _X2goServerSessionInfo
@@ -1078,13 +1080,15 @@ class X2goSession(object):
if self.use_sshproxy:
if self.sshproxy_params.has_key('sshproxy_key_filename') and self.sshproxy_params['sshproxy_key_filename'] and os.path.exists(os.path.normpath(self.sshproxy_params['sshproxy_key_filename'])):
return True
+ elif self.sshproxy_reuse_authinfo and self.control_params.has_key('key_filename') and self.control_params['key_filename'] and os.path.exists(os.path.normpath(self.control_params['key_filename'])):
+ return True
elif self.sshproxy_params.has_key('sshproxy_pkey') and self.sshproxy_params['sshproxy_pkey']:
return True
- ### FIXME -- we do not know by 100% if this will work just by checking the presence of ,,sshproxy_look_for_keys''...
- elif self.sshproxy_params.has_key('sshproxy_look_for_keys') and self.sshproxy_params['sshproxy_look_for_keys']:
+ elif self.sshproxy_reuse_authinfo and self.control_params.has_key('pkey') and self.control_params['pkey']:
+ return True
+ elif self.sshproxy_params.has_key('sshproxy_look_for_keys') and self.sshproxy_params['sshproxy_look_for_keys'] and (os.path.exists(os.path.expanduser('~/.ssh/id_rsa')) or os.path.exists(os.path.expanduser('~/.ssh/id_dsa'))):
return True
- ### FIXME -- we do not know by 100% if this will work just by checking the presence of ,,sshproxy_allow_agent''...
- elif self.sshproxy_params.has_key('sshproxy_allow_agent') and self.sshproxy_params['sshproxy_allow_agent']:
+ elif self.sshproxy_params.has_key('sshproxy_allow_agent') and self.sshproxy_params['sshproxy_allow_agent'] and paramiko.Agent().get_keys():
return True
else:
return False
@@ -1105,39 +1109,23 @@ class X2goSession(object):
if self.control_session is None:
return None
+ _can_sshproxy_auto_connect = self.can_sshproxy_auto_connect()
+
# do we have a key file passed as control parameter?
if self.control_params.has_key('key_filename') and self.control_params['key_filename'] and os.path.exists(os.path.normpath(self.control_params['key_filename'])):
- _can_sshproxy_auto_connect = self.can_sshproxy_auto_connect()
- if _can_sshproxy_auto_connect is not None:
- return _can_sshproxy_auto_connect
- else:
- return True
+ return (_can_sshproxy_auto_connect is not None) or _can_sshproxy_auto_connect
# or a private key?
elif self.control_params.has_key('pkey') and self.control_params['pkey']:
- _can_sshproxy_auto_connect = self.can_sshproxy_auto_connect()
- if _can_sshproxy_auto_connect is not None:
- return _can_sshproxy_auto_connect
- else:
- return True
+ return (_can_sshproxy_auto_connect is not None) or _can_sshproxy_auto_connect
# or a key auto discovery?
- ### FIXME -- we do not know by 100% if this will work just by checking the presence of ,,look_for_keys''...
- elif self.control_params.has_key('look_for_keys') and self.control_params['look_for_keys']:
- _can_sshproxy_auto_connect = self.can_sshproxy_auto_connect()
- if _can_sshproxy_auto_connect is not None:
- return _can_sshproxy_auto_connect
- else:
- return True
+ elif self.control_params.has_key('look_for_keys') and self.control_params['look_for_keys'] and (os.path.exists(os.path.expanduser('~/.ssh/id_rsa')) or os.path.exists(os.path.expanduser('~/.ssh/id_dsa'))):
+ return (_can_sshproxy_auto_connect is not None) or _can_sshproxy_auto_connect
- # or a SSH agent usage?
- ### FIXME -- we do not know by 100% if this will work just by checking the presence of ,,allow_agent''...
- elif self.control_params.has_key('allow_agent') and self.control_params['allow_agent']:
- _can_sshproxy_auto_connect = self.can_sshproxy_auto_connect()
- if _can_sshproxy_auto_connect is not None:
- return _can_sshproxy_auto_connect
- else:
- return True
+ # or an SSH agent usage?
+ elif self.control_params.has_key('allow_agent') and self.control_params['allow_agent'] and paramiko.Agent().get_keys():
+ return (_can_sshproxy_auto_connect is not None) or _can_sshproxy_auto_connect
else:
return False
@@ -1163,7 +1151,7 @@ class X2goSession(object):
def connect(self, username='', password='', add_to_known_hosts=False, force_password_auth=False,
look_for_keys=None, allow_agent=None,
- use_sshproxy=None, sshproxy_reuse_authinfo=False, sshproxy_user='', sshproxy_password=''):
+ use_sshproxy=None, sshproxy_reuse_authinfo=False, sshproxy_user='', sshproxy_password='', sshproxy_force_password_auth=False):
"""\
Connects to the L{X2goSession}'s server host. This method basically wraps around
the C{X2goControlSession*.connect()} method.
@@ -1195,6 +1183,8 @@ class X2goSession(object):
@type sshproxy_user: C{str}
@param sshproxy_password: password for authentication against the SSH proxy host
@type sshproxy_password: C{str}
+ @param sshproxy_force_password_auth: enforce password authentication even is a key(file) is present
+ @type sshproxy_force_password_auth: C{bool}
@return: returns C{True} is the connection to the X2Go server has been successful
@rtype C{bool}
@@ -1230,6 +1220,8 @@ class X2goSession(object):
self.sshproxy_params['sshproxy_user'] = sshproxy_user
if sshproxy_password:
self.sshproxy_params['sshproxy_password'] = sshproxy_password
+ if sshproxy_force_password_auth:
+ self.sshproxy_params['sshproxy_force_password_auth'] = sshproxy_force_password_auth
self.control_params['password'] = password
diff --git a/x2go/sshproxy.py b/x2go/sshproxy.py
index 67b5f75..df50f2b 100644
--- a/x2go/sshproxy.py
+++ b/x2go/sshproxy.py
@@ -54,11 +54,11 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
"""
fw_tunnel = None
- def __init__(self, hostname=None, port=22, username=None, password=None, key_filename=None,
+ def __init__(self, hostname=None, port=22, username=None, password=None, force_password_auth=False, key_filename=None,
local_host='localhost', local_port=22022, remote_host='localhost', remote_port=22,
known_hosts=None, add_to_known_hosts=False, pkey=None, look_for_keys=False, allow_agent=False,
sshproxy_host=None, sshproxy_port=22, sshproxy_user=None,
- sshproxy_password=None, sshproxy_key_filename=None, sshproxy_pkey=None,
+ sshproxy_password=None, sshproxy_force_password_auth=False, sshproxy_key_filename=None, sshproxy_pkey=None,
sshproxy_look_for_keys=False, sshproxy_allow_agent=False,
sshproxy_tunnel=None,
ssh_rootdir=os.path.join(_LOCAL_HOME, _X2GO_SSH_ROOTDIR),
@@ -78,6 +78,8 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
@type key_filename: C{str}
@param pkey: a private DSA/RSA key object (as provided by Paramiko/SSH)
@type pkey: C{RSA/DSA key instance}
+ @param force_password_auth: enforce password authentication even if a key(file) is present
+ @type force_password_auth: C{bool}
@param look_for_keys: look for key files with standard names and try those if any can be found
@type look_for_keys: C{bool}
@param allow_agent: try authentication via a locally available SSH agent
@@ -110,6 +112,8 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
@type sshproxy_key_filename: C{str}
@param sshproxy_pkey: alias for C{pkey}
@type sshproxy_pkey: C{RSA/DSA key instance} (Paramiko)
+ @param sshproxy_force_password_auth: alias for C{force_password_auth}
+ @type sshproxy_force_password_auth: C{bool}
@param sshproxy_look_for_keys: alias for C{look_for_keys}
@type sshproxy_look_for_keys: C{bool}
@param sshproxy_allow_agent: alias for C{allow_agent}
@@ -155,6 +159,7 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
if sshproxy_user: self.username = sshproxy_user
if sshproxy_password: password = sshproxy_password
+ if sshproxy_force_password_auth: force_password_auth = sshproxy_force_password_auth
if sshproxy_key_filename: key_filename = sshproxy_key_filename
if sshproxy_pkey: pkey = sshproxy_pkey
if sshproxy_look_for_keys: look_for_keys = sshproxy_look_for_keys
@@ -208,10 +213,10 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
self.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
- if (key_filename and os.path.exists(os.path.normpath(key_filename))) or pkey or look_for_keys or allow_agent:
+ if key_filename or pkey or look_for_keys or allow_agent or (password and force_password_auth):
try:
- if password:
- self.connect(_hostname, port=self.port,
+ if password and force_password_auth:
+ self.connect(_hostname, port=self.port,
username=self.username,
password=password,
key_filename=None,
@@ -219,8 +224,8 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
look_for_keys=False,
allow_agent=False,
)
- elif key_filename or pkey:
- self.connect(_hostname, port=self.port,
+ elif (key_filename and os.path.exists(os.path.normpath(key_filename))) or pkey:
+ self.connect(_hostname, port=self.port,
username=self.username,
key_filename=key_filename,
pkey=pkey,
@@ -228,7 +233,7 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
allow_agent=allow_agent,
)
else:
- self.connect(_hostname, port=self.port,
+ self.connect(_hostname, port=self.port,
username=self.username,
look_for_keys=look_for_keys,
allow_agent=allow_agent,
@@ -237,8 +242,10 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
except x2go_exceptions.AuthenticationException, e:
self.close()
raise x2go_exceptions.X2goSSHProxyAuthenticationException('pubkey auth mechanisms both failed')
- except:
+ except x2go_exceptions.SSHException, e:
self.close()
+ raise x2go_exceptions.X2goSSHProxyAuthenticationException('interactive authentication required')
+ except:
raise
# since Paramiko 1.7.7.1 there is compression available, let's use it if present...
@@ -265,7 +272,7 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
self.close()
raise
- except x2go_exceptions.SSHException, e:
+ except (x2go_exceptions.SSHException, IOError), e:
self.close()
raise x2go_exceptions.X2goSSHProxyException(str(e))
except:
hooks/post-receive
--
python-x2go.git (Python X2Go Client API)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-x2go.git" (Python X2Go Client API).
More information about the x2go-commits
mailing list