[X2Go-Commits] [x2gobroker] 01/03: Allow switching to dynamic cookie auth, after the connection has been successfully established by a first successful user+password authentication.
git-admin at x2go.org
git-admin at x2go.org
Sun Mar 9 14:07:01 CET 2014
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository x2gobroker.
commit 31e2b0c99d26a5061fbb4c85fd86f0d229decfc5
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Sun Mar 9 13:56:50 2014 +0100
Allow switching to dynamic cookie auth, after the connection has been successfully established by a first successful user+password authentication.
---
debian/changelog | 3 +++
etc/x2gobroker.conf | 9 +++++++++
x2gobroker/brokers/base_broker.py | 12 +++++++++---
x2gobroker/defaults.py | 1 +
4 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index d09e2f4..ba6bb07 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -93,6 +93,9 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low
x2gobroker(-daemon) is run as uidNumber 0.
- Implement dynamic authid for JSON WebUI frontend. Add a generic metadata
top level to the JSON output tree.
+ - Allow switching to dynamic cookie auth, after the connection has been
+ successfully established by a first successful user+password
+ authentication.
* debian/control:
+ Replace LDAP support with session brokerage support in LONG_DESCRIPTION.
+ Fix SYNOPSIS texts.
diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf
index c275e30..4924a26 100644
--- a/etc/x2gobroker.conf
+++ b/etc/x2gobroker.conf
@@ -34,6 +34,15 @@
# to make the X2Go Session Broker require this feature
#require-cookie = false
+# If require-cookie is set to true, the user normally always needs an initial
+# authentication cookie to start the connection with (this is pre-shared key
+# the broker admin has to provide to X2Go Client users).
+#
+# Alternatively, you can allow a first authentication without cookie, but with
+# username and password only. Further authentication then can use the cookie
+# provided after first successful connect.
+#password-auth-initializes-cookie=true
+
# X2Go supports two different cookie authentication modes (static and dynamic).
# Dynamic cookies send new cookie to client on every request. This could possibly
# cause issues if a client ever tries multiple requests at the same time.
diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py
index 0fa010d..3a9de86 100644
--- a/x2gobroker/brokers/base_broker.py
+++ b/x2gobroker/brokers/base_broker.py
@@ -755,8 +755,6 @@ class X2GoBroker(object):
# this catches a validation check from the UCCS web frontend...
return False, None
- ### IMPLEMENT YOUR AUTHENTICATION LOGIC IN THE self._do_authenticate(**kwargs) METHOD
- ### when inheriting from the base.X2GoBroker class.
if type(cookie) is types.StringType:
cookie = unicode(cookie)
@@ -783,9 +781,17 @@ class X2GoBroker(object):
logger_broker.warning('base_broker.X2GoBroker.check_access(): could not create cookie-directory {cookie_directory} failing to authenticate'.format(cookie_directory=cookie_directory))
return False, None
- if access or cookie == None or cookie == "":
+ if access or cookie == None or cookie == "" or self.config.get_value('global', 'password-auth-initializes-cookie'):
# this should be the first time we have seen this user or they are using old client so verify their passwrd
+
+ ### IMPLEMENT YOUR AUTHENTICATION LOGIC IN THE self._do_authenticate(**kwargs) METHOD
+ ### when inheriting from the base.X2GoBroker class.
+
access = self._do_authenticate(username=username, password=password)
+
+ ###
+ ###
+
logger_broker.debug('base_broker.X2GoBroker.check_access(): checking for valid password: {access}'.format(access=access))
if access:
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index d4bfaaf..e6677f9 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -182,6 +182,7 @@ X2GOBROKER_CONFIG_DEFAULTS = {
'global': {
u'require-password': True,
u'require-cookie': False,
+ u'password-auth-initializes-cookie': True,
u'use-static-cookie': True,
u'auth-timeout': 36000,
u'cookie-directory': '/var/log/x2gobroker/cookies',
--
Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
More information about the x2go-commits
mailing list