[X2Go-Commits] [x2gobroker] 09/17: SSH broker: Add --login option. This now supports X2Go Broker user and X2Go Server username being different accounts.
git-admin at x2go.org
git-admin at x2go.org
Fri Dec 14 09:56:12 CET 2018
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository x2gobroker.
commit 5820a876a107ed99b11a0805988f80e563a87627
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Fri Nov 30 09:31:16 2018 +0100
SSH broker: Add --login option. This now supports X2Go Broker user and X2Go Server username being different accounts.
---
bin/x2gobroker | 16 +++++++++++++---
debian/changelog | 2 ++
x2gobroker/brokers/base_broker.py | 4 ++--
x2gobroker/client/plain.py | 19 ++++++++++---------
x2gobroker/tests/test_client_plain_base.py | 1 +
5 files changed, 28 insertions(+), 14 deletions(-)
diff --git a/bin/x2gobroker b/bin/x2gobroker
index bf3dfa9..16c44df 100755
--- a/bin/x2gobroker
+++ b/bin/x2gobroker
@@ -130,7 +130,8 @@ if __name__ == "__main__":
sshbroker_options = [
{'args':['--task'], 'default': None, 'metavar': 'BROKER_TASK', 'help': 'broker task (listsessions, selectsession, setpass, testcon)', },
- {'args':['--user'], 'default': None, 'metavar': 'USER_NAME', 'help': 'Operate on behalf of this user name', },
+ {'args':['--user'], 'default': None, 'metavar': 'USER_NAME', 'help': 'Operate on behalf of this X2Go Broker user name', },
+ {'args':['--login'], 'default': None, 'metavar': 'LOGIN_NAME', 'help': 'Operate on behalf of this X2Go Server user name', },
{'args':['--auth-cookie', '--next-authid', '--authid', ], 'default': None, 'metavar': 'AUTH_ID', 'help': 'Pre-shared (dynamic) authentication ID', },
{'args':['--profile-id', '--sid', ], 'default': None, 'metavar': 'PROFILE_ID', 'help': 'for task: the profile ID selected from the list of available session profiles', },
{'args':['--backend'], 'default': None, 'metavar': 'BROKER_BACKEND', 'help': 'select a non-default broker backend', },
@@ -182,11 +183,20 @@ if __name__ == "__main__":
if cmdline_args.profile_id and cmdline_args.task != 'selectsession':
#logger_broker.warn('ignoring option --sid as it only has a meaning with ,,--task selectsession\'\'')
pass
+
+ # is a specific X2Go Broker user given on the command line?
if cmdline_args.user is None:
cmdline_args.user = os.environ['LOGNAME']
- elif cmdline_args.user != x2gobroker.defaults.X2GOBROKER_DAEMON_USER:
- #logger_broker.warn('denying context change to user `{user}\', only allowed for magic user `{magic_user}\''.format(user=cmdline_args.user, magic_user=x2gobroker.defaults.X2GOBROKER_DAEMON_USER))
+ elif os.environ['LOGNAME'] != x2gobroker.defaults.X2GOBROKER_DAEMON_USER:
+ logger_broker.warn('denying context change to user `{user}\', only allowed for magic user `{magic_user}\''.format(user=cmdline_args.user, magic_user=x2gobroker.defaults.X2GOBROKER_DAEMON_USER))
cmdline_args.user = os.environ['LOGNAME']
+
+ # is a specific X2Go Server login name given on the command line?
+ # if not, assume broker user and X2Go Server login are the same...
+ if cmdline_args.login is None:
+ cmdline_args.login = cmdline_args.user
+
+ # bail out if no task is given on the command line
if cmdline_args.task is None:
print("")
p.print_usage()
diff --git a/debian/changelog b/debian/changelog
index f2bc8ba..f37e161 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -83,6 +83,8 @@ x2gobroker (0.0.4.0-0x2go1) UNRELEASED; urgency=medium
- x2gobroker/loadchecker.py: Avoid rare cases where at the end of a load
checking cycle a negative sleep time would have been calculated.
(Fixes: #1315). Thanks to Walid Moghrabi for catching this.
+ - SSH broker: Add --login option. This now supports X2Go Broker user and
+ X2Go Server username being different accounts.
* debian/*:
+ Trigger Makefile's install target and install those files. Drop debhelper
from-source-installation magic.
diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py
index 9c1e68d..b6c9b3f 100644
--- a/x2gobroker/brokers/base_broker.py
+++ b/x2gobroker/brokers/base_broker.py
@@ -1306,7 +1306,7 @@ class X2GoBroker(object):
:param profile_id: the selected profile ID. This matches one of the dictionary keys offered by the ``list_profiles`` method
:type profile_id: ``str``
- :param username: specify username that this operation runs for
+ :param username: specify X2Go Server username that this operation runs for
:type username: ``str``
:param pubkey: The broker clients may send us a public key that we may
temporarily install into a remote X2Go Server for non-interactive login
@@ -1642,7 +1642,7 @@ class X2GoBroker(object):
# this is the OLD style of the auto login feature
# FIXME: we somehow have to find out about the username of the person at the broker client-side...
- # using the username used for broker login for now...
+ # using the username used for server login for now...
pubkey, privkey = x2gobroker.agent.genkeypair(local_username=username, client_address=self.get_client_address())
if remote_sshproxy_agent is not None:
diff --git a/x2gobroker/client/plain.py b/x2gobroker/client/plain.py
index dad51ab..fc8ddd9 100644
--- a/x2gobroker/client/plain.py
+++ b/x2gobroker/client/plain.py
@@ -58,7 +58,8 @@ class X2GoBrokerClient(object):
logger_broker.info('client address is {address}'.format(address=ip))
broker_backend.set_client_address(ip)
- username = args.user
+ broker_username = args.user
+ server_username = args.login
cookie = args.auth_cookie
task = args.task
profile_id = args.profile_id
@@ -67,13 +68,13 @@ class X2GoBrokerClient(object):
broker_backend._do_authenticate = _override_do_authenticate
- username, password, task, profile_id, ip, cookie, authed, server = broker_backend.run_optional_script(script_type='pre_auth_scripts', username=username, password="SSH", task=task, profile_id=profile_id, ip=ip, cookie=cookie)
- access, next_cookie = broker_backend.check_access(username=username, ip=ip, cookie=cookie, override_password_auth=True)
- username, password, task, profile_id, ip, cookie, authed, server = broker_backend.run_optional_script(script_type='post_auth_scripts', username=username, password="SSH", task=task, profile_id=profile_id, ip=ip, cookie=cookie, authed=access)
+ broker_username, password, task, profile_id, ip, cookie, authed, server = broker_backend.run_optional_script(script_type='pre_auth_scripts', username=broker_username, password="SSH", task=task, profile_id=profile_id, ip=ip, cookie=cookie)
+ access, next_cookie = broker_backend.check_access(username=broker_username, ip=ip, cookie=cookie, override_password_auth=True)
+ broker_username, password, task, profile_id, ip, cookie, authed, server = broker_backend.run_optional_script(script_type='post_auth_scripts', username=broker_username, password="SSH", task=task, profile_id=profile_id, ip=ip, cookie=cookie, authed=access)
if access:
- logger_broker.debug ('username: {username}, task: {task}, profile_id: {profile_id}'.format(username=username, task=task, profile_id=profile_id))
+ logger_broker.debug ('broker_username: {broker_username}, server_username: {server_username}, task: {task}, profile_id: {profile_id}'.format(broker_username=broker_username, server_username=server_username, task=task, profile_id=profile_id))
###
### CONFIRM SUCCESSFUL AUTHENTICATION FIRST
@@ -98,7 +99,7 @@ class X2GoBrokerClient(object):
if task == 'listsessions':
- profiles = broker_backend.list_profiles(username)
+ profiles = broker_backend.list_profiles(broker_username)
if profiles:
output += "START_USER_SESSIONS\n\n"
profile_ids = list(profiles.keys())
@@ -107,7 +108,7 @@ class X2GoBrokerClient(object):
output += "[{profile_id}]\n".format(profile_id=profile_id)
for key in list(profiles[profile_id].keys()):
if key == 'user' and not profiles[profile_id][key]:
- profiles[profile_id][key] = username
+ profiles[profile_id][key] = server_username
if type(profiles[profile_id][key]) == str:
output += "{key}={value}".format(key=key, value=profiles[profile_id][key])
elif type(profiles[profile_id][key]) in (list, tuple):
@@ -124,9 +125,9 @@ class X2GoBrokerClient(object):
if profile_id:
- profile_info = broker_backend.select_session(profile_id=profile_id, username=username)
+ profile_info = broker_backend.select_session(profile_id=profile_id, username=server_username)
- username, password, task, profile_id, ip, cookie, authed, server = broker_backend.run_optional_script(script_type='select_session_scripts', username=username, password="SSH", task=task, profile_id=profile_id, ip=ip, cookie=cookie, authed=access, server=profile_info['server'])
+ broker_username, password, task, profile_id, ip, cookie, authed, server = broker_backend.run_optional_script(script_type='select_session_scripts', username=broker_username, password="SSH", task=task, profile_id=profile_id, ip=ip, cookie=cookie, authed=access, server=profile_info['server'])
if 'server' in profile_info:
output += "SERVER:"
diff --git a/x2gobroker/tests/test_client_plain_base.py b/x2gobroker/tests/test_client_plain_base.py
index 34ce54f..c6c3c9f 100644
--- a/x2gobroker/tests/test_client_plain_base.py
+++ b/x2gobroker/tests/test_client_plain_base.py
@@ -29,6 +29,7 @@ from nose.tools import assert_equal, assert_true, assert_false
class args():
def __init__(self):
self.user = None
+ self.login = None
self.auth_cookie = None
self.task = None
self.profile_id = None
--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
More information about the x2go-commits
mailing list