[X2Go-Commits] [python-x2go] 02/02: Handle injection of PKey (Paramiko SSH key) objects for authentication from the broker session profiles backend.
git-admin at x2go.org
git-admin at x2go.org
Thu Mar 20 08:36:33 CET 2014
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository python-x2go.
commit ce97f345fb0e8b3d8cd2c2261242961a61b479c1
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Thu Mar 20 08:36:28 2014 +0100
Handle injection of PKey (Paramiko SSH key) objects for authentication from the broker session profiles backend.
---
debian/changelog | 2 ++
x2go/backends/profiles/base.py | 20 ++++++++++++++++++
x2go/backends/profiles/httpbroker.py | 13 ++++++++++++
x2go/client.py | 8 ++++++++
x2go/registry.py | 7 ++++++-
x2go/session.py | 2 +-
x2go/utils.py | 37 ++++++++++++++++++++++++++++++++++
7 files changed, 87 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index d2bb58a..1907a4b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,6 +13,8 @@ python-x2go (0.5.0.0-0x2go1) UNRELEASED; urgency=low
- Make session profile backends more unicode robust.
- X2GoSessionProfile.get_server_hostname must return unicode objects.
- Speed-optimize session profile ID <-> name mapping.
+ - Handle injection of PKey (Paramiko SSH key) objects for authentication
+ from the broker session profiles backend.
* debian/control:
+ Add dependencies: python-requests, python-simplejson.
* python-x2go.spec:
diff --git a/x2go/backends/profiles/base.py b/x2go/backends/profiles/base.py
index 3aff841..7630a8a 100644
--- a/x2go/backends/profiles/base.py
+++ b/x2go/backends/profiles/base.py
@@ -722,3 +722,23 @@ class X2GoSessionProfiles():
"""
return 22
+ def get_pkey_object(self, profile_id):
+ """\
+ If available, return a PKey (Paramiko/SSH private key) object.
+
+ @param profile_id: the profile's unique ID
+ @type profile_id: C{str}
+
+ @return: a Paramiko/SSH PKey object
+ @rtype: C{obj}
+
+ """
+ return self._get_pkey_object(profile_id)
+
+ def _get_pkey_object(self, profile_id):
+ """\
+ Inherit from this class and provide a way for actually
+ providing such a PKey object.
+
+ """
+ return None
diff --git a/x2go/backends/profiles/httpbroker.py b/x2go/backends/profiles/httpbroker.py
index 569e851..30e9b54 100644
--- a/x2go/backends/profiles/httpbroker.py
+++ b/x2go/backends/profiles/httpbroker.py
@@ -30,6 +30,7 @@ import re
import requests
import copy
import types
+import time
try: import simplejson as json
except ImportError: import json
@@ -38,6 +39,7 @@ from x2go.defaults import X2GO_SESSIONPROFILE_DEFAULTS as _X2GO_SESSIONPROFILE_D
from x2go.defaults import CURRENT_LOCAL_USER as _CURRENT_LOCAL_USER
import x2go.backends.profiles.base as base
import x2go.log as log
+from x2go.utils import genkeypair
from x2go.x2go_exceptions import X2GoNotImplementedYetException
@@ -110,6 +112,9 @@ class X2GoSessionProfiles(base.X2GoSessionProfiles):
self._broker_type = "http"
+ # for broker based autologin, we have to be able to provide public/private key pair
+ self.broker_my_pubkey, self.broker_my_privkey = genkeypair(local_username=_CURRENT_LOCAL_USER, client_address='127.0.0.1')
+
def get_broker_noauth(self):
return self.broker_noauth
@@ -190,6 +195,7 @@ class X2GoSessionProfiles(base.X2GoSessionProfiles):
'profile-id': profile_id,
'user': self.broker_username,
'password': self.broker_password,
+ 'pubkey': self.broker_my_pubkey,
}
r = requests.post(self.broker_url, data=request_data)
if r.status_code == 200 and r.headers['content-type'].startswith("text/json"):
@@ -273,3 +279,10 @@ class X2GoSessionProfiles(base.X2GoSessionProfiles):
def _get_server_port(self, profile_id):
selected_session = self.broker_selectsession(profile_id)
return int(selected_session['port'])
+
+ def _get_pkey_object(self, profile_id):
+ selected_session = self.broker_selectsession(profile_id)
+ if selected_session.has_key('authentication_pubkey') and selected_session['authentication_pubkey'] == 'ACCEPTED':
+ time.sleep(2)
+ return self.broker_my_privkey
+ return None
diff --git a/x2go/client.py b/x2go/client.py
index b1fa978..95fb444 100644
--- a/x2go/client.py
+++ b/x2go/client.py
@@ -924,6 +924,14 @@ class X2GoClient(object):
server = self.session_profiles.get_server_hostname(_profile_id)
_params['port'] = self.session_profiles.get_server_port(_profile_id)
+ _pkey = self.session_profiles.get_pkey_object(_profile_id)
+ if _pkey is not None:
+ self.logger('received PKey object for authentication, ignoring all other auth mechanisms', log.loglevel_NOTICE, tag=self._logger_tag)
+ _params['pkey'] = _pkey
+ _params['allow_agent'] = False
+ _params['look_for_keys'] = False
+ _params['key_filename'] = []
+
del _params['server']
_params['client_instance'] = self
diff --git a/x2go/registry.py b/x2go/registry.py
index ffe0708..1625dbd 100644
--- a/x2go/registry.py
+++ b/x2go/registry.py
@@ -533,6 +533,12 @@ class X2GoSessionRegistry(object):
if _k in kwargs.keys():
_params[_k] = kwargs[_k]
+ # allow injection of PKey objects (Paramiko's private SSH keys)
+ if kwargs.has_key('pkey'):
+ _params['pkey'] = kwargs['pkey']
+ if kwargs.has_key('sshproxy_pkey'):
+ _params['sshproxy_pkey'] = kwargs['sshproxy_pkey']
+
# when starting a new session, we will try to use unused registered virgin sessions
# depending on your application layout, there should either be one or no such virgin session at all
_virgin_sessions = [ s for s in self.virgin_sessions_of_profile_name(profile_name, return_objects=True) if not s.activated ]
@@ -560,7 +566,6 @@ class X2GoSessionRegistry(object):
try: del _params['profile_id']
except: pass
- print _params['port']
s = session.X2GoSession(server=server, control_session=control_session,
profile_id=profile_id, profile_name=profile_name,
session_name=session_name,
diff --git a/x2go/session.py b/x2go/session.py
index ec2cdc9..c7943ae 100644
--- a/x2go/session.py
+++ b/x2go/session.py
@@ -325,7 +325,7 @@ class X2GoSession(object):
if self.logger.get_loglevel() & log.loglevel_DEBUG:
self.logger('X2Go control session parameters for profile %s:' % profile_name, loglevel=log.loglevel_DEBUG)
- for p in self.control_params:
+ for p in [ _p for _p in self.control_params if not _p.endswith('pkey') ]:
self.logger(' %s: %s' % (p, self.control_params[p]), log.loglevel_DEBUG)
self.logger('X2Go terminal session parameters for profile %s:' % profile_name, loglevel=log.loglevel_DEBUG)
for p in self.terminal_params:
diff --git a/x2go/utils.py b/x2go/utils.py
index 7f182ed..78ed642 100644
--- a/x2go/utils.py
+++ b/x2go/utils.py
@@ -34,6 +34,7 @@ import gevent
import string
import subprocess
import distutils.version
+import paramiko
# Python X2Go modules
from defaults import X2GOCLIENT_OS as _X2GOCLIENT_OS
@@ -843,3 +844,39 @@ def _get_backend_class(backend, class_name):
else:
raise x2go_exceptions.X2GoBackendException('unknown backend name %s for class %s' % (backend, class_name))
return _this_class
+
+def genkeypair(local_username, client_address, key_type='RSA'):
+ """\
+ Generate an SSH pub/priv key pair without writing the private key to file.
+
+ @param local_username: the key is for this user
+ @type local_username: C{unicode}
+ @param client_address: the key is only valid for this client
+ @type client_address: C{unicode}
+ @param key_type: either of: RSA, DSA
+ @type key_type: C{unicode}
+
+ """
+ key = None
+ pubkey = None
+ privkey = None
+
+ # generate key pair
+ if unicode(key_type) == u'RSA':
+ key = paramiko.RSAKey.generate(2048)
+ elif unicode(key_type) == u'DSA':
+ key = paramiko.DSSKey.generate(1024)
+
+ if key:
+
+ # assemble the public key
+ if key_type == "RSA":
+ pubkey_type = 'ssh-rsa'
+ elif key_type == "DSA":
+ pubkey_type = 'ssh-dss'
+
+ # FIXME: the from option does not work properly by some reason. Fix it later
+ #pubkey = "from={client_address},no-X11-forwarding,no-pty,no-user-rc {pubkey_type} {pubkey} {local_username}@{client_address}".format(pubkey=key.get_base64(), pubkey_type=pubkey_type, local_username=local_username, client_address=client_address)
+ pubkey = "no-X11-forwarding,no-pty,no-user-rc {pubkey_type} {pubkey} {local_username}@{client_address}".format(pubkey=key.get_base64(), pubkey_type=pubkey_type, local_username=local_username, client_address=client_address)
+
+ return (pubkey, key)
--
Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/python-x2go.git
More information about the x2go-commits
mailing list