The branch, master has been updated via 1be2f404a96226fd28c4a39272b8eaf24987dd8d (commit) from 70d45f5895ec8ca79f3b6703d9e1e30997d39c51 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1be2f404a96226fd28c4a39272b8eaf24987dd8d Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Sun Sep 16 21:23:17 2012 +0200 mass code commit: transfer parts into a Perl module source tree, work on modules ----------------------------------------------------------------------- Summary of changes: Makefile | 16 +- Makefile.PL | 9 + Makefile => X2Go/Broker.pm | 57 +- etc/x2gobroker-ldap.cfg => X2Go/Broker/Common.pm | 33 +- lib/x2gobroker-ldap.pm => X2Go/Broker/LDAP.pm | 0 lib/x2gobroker-simple.pm => X2Go/Broker/Simple.pm | 0 X2Go/Broker/ZeroConf.pm | 177 ++++++ cgi/x2gobroker.cgi | 27 +- debian/control | 29 + debian/rules | 7 +- debian/x2gobroker-ldap.install | 1 - debian/x2gobroker-simple.install | 1 - debian/x2gobroker-zeroconf.install | 1 - lib/x2gobroker-agent.pl | 18 +- lib/x2gobroker-zeroconf.pm | 632 --------------------- 15 files changed, 319 insertions(+), 689 deletions(-) create mode 100644 Makefile.PL copy Makefile => X2Go/Broker.pm (57%) mode change 100755 => 100644 copy etc/x2gobroker-ldap.cfg => X2Go/Broker/Common.pm (63%) rename lib/x2gobroker-ldap.pm => X2Go/Broker/LDAP.pm (100%) rename lib/x2gobroker-simple.pm => X2Go/Broker/Simple.pm (100%) create mode 100644 X2Go/Broker/ZeroConf.pm delete mode 100644 debian/x2gobroker-zeroconf.install delete mode 100644 lib/x2gobroker-zeroconf.pm The diff of changes is: diff --git a/Makefile b/Makefile index 0a107b1..0cf6a8b 100755 --- a/Makefile +++ b/Makefile @@ -43,6 +43,8 @@ BIN_SCRIPTS=$(shell cd bin && echo *) SBIN_SCRIPTS=$(shell cd sbin && echo *) LIB_FILES=$(shell cd lib && echo *) +PERL ?= /usr/bin/perl + all: clean build build: build-arch build-indep @@ -53,9 +55,21 @@ build_setuidwrappers: gcc -fPIE -pie -o lib/x2gobroker-agent src/x2gobroker-agent.c build-indep: + $(PERL) Makefile.PL INSTALLDIRS=vendor + $(MAKE) -f Makefile.perl + +distclean: clean -clean: clean_arch +clean: clean_arch clean_indep clean_arch: rm -f lib/x2gobroker-agent +clean_indep: + -make -f Makefile.perl realclean + +test: + make -f Makefile.perl test + +install: + make -f Makefile.perl install diff --git a/Makefile.PL b/Makefile.PL new file mode 100644 index 0000000..1b63b56 --- /dev/null +++ b/Makefile.PL @@ -0,0 +1,9 @@ +#!/usr/bin/perl + +use ExtUtils::MakeMaker; + +WriteMakefile(FIRST_MAKEFILE => 'Makefile.perl', + PMLIBDIRS => ['X2Go'], + NAME => '', + VERSION => '0.0.0.1', + ); diff --git a/Makefile b/X2Go/Broker.pm old mode 100755 new mode 100644 similarity index 57% copy from Makefile copy to X2Go/Broker.pm index 0a107b1..62d0da0 --- a/Makefile +++ b/X2Go/Broker.pm @@ -1,5 +1,3 @@ -#!/usr/bin/make -f - # This file is part of the X2Go Project - http://www.x2go.org # Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> # Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> @@ -20,42 +18,43 @@ # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. -SRC_DIR=$(CURDIR) -SHELL=/bin/bash +package X2Go::Broker; + +=head1 NAME + +X2Go::Broker - X2GO Session Broker modules for Perl + +=head1 DESCRIPTION + +An X2Go Session Broker allows to manage X2Go server farms TTW (using +https protocol). + +=head1 VERSION + +Version 0.0.0.1 -INSTALL_DIR=install -d -o root -g root -m 755 -INSTALL_FILE=install -o root -g root -m 644 -INSTALL_PROGRAM=install -o root -g root -m 755 +=head1 AUTHOR -RM_FILE=rm -f -RM_DIR=rmdir -p --ignore-fail-on-non-empty +Oleksandr Shneyder, C<< <oleksandr.shneyder at obviously-nice.de> >> -DESTDIR= -PREFIX=/usr/local -ETCDIR=/etc/x2go -BINDIR=$(PREFIX)/bin -SBINDIR=$(PREFIX)/sbin -LIBDIR=$(PREFIX)/lib/x2go -MANDIR=$(PREFIX)/share/man -SHAREDIR=$(PREFIX)/share/x2go +Mike Gabriel, C<< <mike.gabriel at das-netzwerkteam.de> >> -BIN_SCRIPTS=$(shell cd bin && echo *) -SBIN_SCRIPTS=$(shell cd sbin && echo *) -LIB_FILES=$(shell cd lib && echo *) +=head1 LICENSE AND COPYRIGHT -all: clean build +Copyright 2011-2012, Oleksandr Shneyder, C<< <oleksandr.shneyder at obviously-nice.de> >> -build: build-arch build-indep +Copyright 2012, Mike Gabriel, C<< <mike.gabriel at das-netzwerkteam.de> >> -build-arch: build_setuidwrappers +This program is free software; you can redistribute it and/or modify it +under the terms of the AGPL-3+ license. -build_setuidwrappers: - gcc -fPIE -pie -o lib/x2gobroker-agent src/x2gobroker-agent.c +=cut -build-indep: +use strict; -clean: clean_arch +### for debugging purposes... +#use Data::Dumper; -clean_arch: - rm -f lib/x2gobroker-agent +use base 'Exporter'; +our @EXPORT = ( ); diff --git a/etc/x2gobroker-ldap.cfg b/X2Go/Broker/Common.pm similarity index 63% copy from etc/x2gobroker-ldap.cfg copy to X2Go/Broker/Common.pm index fe8e9bd..a81d85c 100644 --- a/etc/x2gobroker-ldap.cfg +++ b/X2Go/Broker/Common.pm @@ -18,7 +18,32 @@ # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. -ldapuri=ldap://<ldapmaster.localdomain> -#replica=ldapi:/// -binddn="cn=admin,dc=example,dc=net" -bindpw="<very-secret>" +package X2Go::Broker::Common; + +use strict; + +### for debugging purposes... +#use Data::Dumper; + +use base 'Exporter'; +our @EXPORT = ('ExecBrokerAgent', ); + +### +### public functions +### + +sub ExecBrokerAgent +{ + my ($user, $hostname, $cmd)=@_; + my $res=`ssh -o ConnectTimeout=15 -o UserKnownHostsFile=/etc/x2go/x2gobroker/ts_known_hosts x2gobroker\@$hostname -i /etc/x2go/x2gobroker/id_x2gobroker_dsa \"/usr/lib/x2go/broker/x2gobroker-agent $user $cmd 2>/dev/null\"`; + my @rarr=split("\n",$res); + my $stat; + if( @rarr[0] eq 'OK' ) + { + $stat=1; + } else { + $stat=0; + } + shift(@rarr); + return($stat,join("\n",@rarr)); +} diff --git a/lib/x2gobroker-ldap.pm b/X2Go/Broker/LDAP.pm similarity index 100% rename from lib/x2gobroker-ldap.pm rename to X2Go/Broker/LDAP.pm diff --git a/lib/x2gobroker-simple.pm b/X2Go/Broker/Simple.pm similarity index 100% rename from lib/x2gobroker-simple.pm rename to X2Go/Broker/Simple.pm diff --git a/X2Go/Broker/ZeroConf.pm b/X2Go/Broker/ZeroConf.pm new file mode 100644 index 0000000..d5c66a4 --- /dev/null +++ b/X2Go/Broker/ZeroConf.pm @@ -0,0 +1,177 @@ +# This file is part of the X2Go Project - http://www.x2go.org +# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> +# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> +# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# +# X2Go Session Broker is free software; you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# X2Go Session Broker is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program; if not, write to the +# Free Software Foundation, Inc., +# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +package X2Go::Broker::ZeroConf; + +use strict; +use Sys:Hostname; +use Authen::PAM; +use Authen::Simple::PAM; +#use Data::Dumper; +use X2Go::Broker::Common; + +### for debugging purposes... +#use Data::Dumper; + +use base 'Exporter'; +our @EXPORT = ('CheckAccess', 'ListSessions', 'SelectSession', 'SetPass', ); + +my $hostname = hostname; + +### +### public functions, available to broker cgi +### + +### exported function ### +sub CheckAccess +{ + # zeroconf broker: use PAM to perform authentication against + # the local PAM login module + my ($user,$pass)=@_; + my $pam = Authen::Simple::PAM->new(service => 'login'); + if ( $pam->authenticate( $username, $password ) ) { + # successfull authentication + return 0 + } + return 1; +} + +### exported function ### +sub SetPass +{ + ### + ### the broker API in X2Go Client currently requests a password change + ### without verifying the old password, this needs to be fixed... + ### + + my ($username, $oldpassword, $newpassword)=@_; + + # zeroconf broker: use PAM to initiate a local passwd change + my $service = "passwd"; + ref($pamh = new Authen::PAM($service, $username, \&passwd_conv_func)) || + die "Error code $pamh during PAM init!"; + $state = 0; + $res = $pamh->pam_chauthtok; + die $pamh->pam_strerror($res) unless $res == PAM_SUCCESS(); + + print "\n<br>CHANGING PASS OK<br>\n"; +} + +### exported function ### +sub SelectSession +{ + my ($user, $sid)=@_; + my @words=split("\@",$sid); + ### + ### FIXME: why the heck is the $sid format <host>@<session>, + ### <session>@<host> would make much more sense!!! (for + ### the human eye...) + ### + my $sess_id=@words[1]; + my $host=@words[0]; + check_and_start_session($user, $host, $sess_id); +} + +### exported function ### +sub ListSessions +{ + # print Dumper($message->entries); + print "START_USER_SESSIONS<br>"; + my($status,$sessions)=CallBrokerAgent($hostname, $user, 'listsessions'); + if ( $status ) + { + if($sessions) + { + my @sinfo = split("\\|",$sessions); + my $session_status = @sinfo[4]; + my $sid = @sinfo[1]; + print "<br>[$hostname\@$sid]<br>"; + print "status=$session_status<br>"; + } else { + print "<br>[$hostname]<br>"; + } + } + print "END_USER_SESSIONS<br>"; +} + +### +### private functions, not available to broker cgi +### + +# helper function for SetPass +sub passwd_conv_func { + my @res; + while ( @_ ) { + my $code = shift; + my $msg = shift; + my $ans = ""; + + $ans = $username if ( $code == PAM_PROMPT_ECHO_ON() ); + if ( $code == PAM_PROMPT_ECHO_OFF() ) { + $ans = $oldpassword if ($state == 0); + $ans = $newpassword if ($state == 1); + $ans = $newpassword if ($state == 2); + $state++; + } + push @res, (PAM_SUCCESS(),$ans); + } + push @res, PAM_SUCCESS(); + return @res; +} + +sub check_and_start_session +{ + my ($uid, $host, $sid) = @_; + my ($status, $sessions)=ExecRemoteBroker($user, $hostname, 'listsessions'); + if ( ! $status ) + { + print "ERROR: X2Go server not available\n"; + return; + } + my $running_sessions = 0; + if ( $sessions ) + { + # suspend all running sessions first... + my @sinfo = split("\\|",$sessions); + my $session_status = @sinfo[4]; + my $session_server = @sinfo[3]; + $sid=@sinfo[1]; + if( $session_status eq 'R' ) + { + $running = 1; + my $str; + ($status, $str) = ExecRemoteBroker($uid, $hostname, "suspend $sid"); + $sessions =~ s/\|R\|/\|S\|/; + } + if( $session_status eq 'S' ) + { + $running = 1; + } + } + + print "SERVER:$hostname:$port\n"; + if($running) + { + # use first session in session list... + print "SESSION_INFO:".(split("\n",$sessions))[0]."\n"; + } +} + +1; diff --git a/cgi/x2gobroker.cgi b/cgi/x2gobroker.cgi index fd62a62..06ed66b 100755 --- a/cgi/x2gobroker.cgi +++ b/cgi/x2gobroker.cgi @@ -28,14 +28,17 @@ my $broker_backend ~= s/x2gobroker-(.*)\.cgi/\1/ use lib "/usr/lib/x2go/"; use lib "/usr/lib/x2go/broker/"; -use x2gobroker-$broker_backend; + +switch ( $broker_backend ) { + case 'zeroconf' { use X2Go::Broker::ZeroConf qw(CheckAccess SetPass SelectSession ListSessions) } + case 'simple' { use X2Go::Broker::Simple qw(CheckAccess SetPass SelectSession ListSessions) } + case 'ldap' { use X2Go::Broker::LDAP qw(CheckAccess SetPass SelectSession ListSessions) } +} use CGI; use CGI::Carp qw(fatalsToBrowser); my $cgi = new CGI; - - my @formValues = $cgi->param(); print $cgi->header( @@ -49,11 +52,6 @@ print $cgi->header( -meta =>{'keywords' =>'X2Go', 'description'=>'X2Go Session Broker'} ); -#open (FL, ">>/tmp/x2gobroker.log"); -#print FL `date`; -#print FL "called method ".$cgi->param('task')." from ".$ENV{REMOTE_ADDR}."\n"; -#close (FL); - if($cgi->param('task') eq 'testcon') { for ( my $i=0;$i<2*1024*1024;$i++ ) @@ -63,10 +61,9 @@ if($cgi->param('task') eq 'testcon') print $cgi->end_html(); } - -if ( ! checkAccess($cgi->param('user'), $cgi->param('password'), $cgi->param('authid')) == 1 ) +if ( ! CheckAccess($cgi->param('user'), $cgi->param('password'), $cgi->param('authid')) == 1 ) { - printNoAccess(); + print_no_access(); print $cgi->end_html(); exit (0); } @@ -76,24 +73,24 @@ $cgi->strong('Access granted'); if ($cgi->param('task') eq 'listsessions') { - listSessions($cgi->param('user')); + ListSessions($cgi->param('user')); } if ($cgi->param('task') eq 'selectsession') { - selectSession($cgi->param('user'), $cgi->param('sid')); + SelectSession($cgi->param('user'), $cgi->param('sid')); } if ($cgi->param('task') eq 'setpass') { - setPass($cgi->param('user'), $cgi->param('newpass')); + SetPass($cgi->param('user'), $cgi->param('newpass')); } $cgi->hr(), $cgi->end_form(); print $cgi->end_html(); -sub printNoAccess +sub print_no_access { print $cgi->start_form(), $cgi->hr(), diff --git a/debian/control b/debian/control index 10dc11a..85c15df 100644 --- a/debian/control +++ b/debian/control @@ -8,8 +8,37 @@ Uploaders: Build-Depends: debhelper (>= 7.0.50~), cdbs (>= 0.4.90~), + dpkg-dev (>= 1.16.1~), Standards-Version: 3.9.3 +Package: libx2go-broker-perl +Architecture: all +Section: perl +Depends: + ${misc:Depends}, + ${perl:Depends}, +Description: X2Go http(s) based session broker (Perl modules) + X2Go is a serverbased computing environment with + - session resuming + - low bandwidth support + - LDAP support + - client side mass storage mounting support + - client side printing support + - audio support + - authentication by smartcard and USB stick + . + The session broker is a server tool for X2Go that + tells your X2Go Client application in a terminal + server cluster what servers and session types are + most appropriate for the user in front of the + X2Go terminal. + . + A session broker is most useful in load balanced + X2Go server farms. + . + This package contains the related Perl modules needed + by the X2Go Session Broker scripts. + Package: x2gobroker-common Architecture: all Depends: diff --git a/debian/rules b/debian/rules index 82087a5..8b53e5a 100755 --- a/debian/rules +++ b/debian/rules @@ -21,5 +21,8 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all export DEB_CFLAGS_MAINT_APPEND = -Wall include /usr/share/dpkg/buildflags.mk -include /usr/share/cdbs/1/class/makefile.mk -include /usr/share/cdbs/1/rules/debhelper.mk \ No newline at end of file +DEB_PERL_PACKAGES=libx2go-broker-perl +DEB_PERL_CLEAN_TARGET=realclean +include /usr/share/cdbs/1/class/perl-makemaker.mk +include /usr/share/cdbs/1/rules/debhelper.mk + diff --git a/debian/x2gobroker-ldap.install b/debian/x2gobroker-ldap.install index 71e503b..c35da81 100644 --- a/debian/x2gobroker-ldap.install +++ b/debian/x2gobroker-ldap.install @@ -1,2 +1 @@ etc/x2gobroker-ldap.cfg etc/x2go/ -lib/x2gobroker-ldap.pm usr/lib/x2go/broker/ diff --git a/debian/x2gobroker-simple.install b/debian/x2gobroker-simple.install index 4313377..258c187 100644 --- a/debian/x2gobroker-simple.install +++ b/debian/x2gobroker-simple.install @@ -1,2 +1 @@ etc/x2gobroker-simple.cfg etc/x2go/ -lib/x2gobroker-simple.pm usr/lib/x2go/broker/ diff --git a/debian/x2gobroker-zeroconf.install b/debian/x2gobroker-zeroconf.install deleted file mode 100644 index ea6bbbb..0000000 --- a/debian/x2gobroker-zeroconf.install +++ /dev/null @@ -1 +0,0 @@ -lib/x2gobroker-zeroconf.pm usr/lib/x2go/broker/ diff --git a/lib/x2gobroker-agent.pl b/lib/x2gobroker-agent.pl index 0bac8de..be9145c 100755 --- a/lib/x2gobroker-agent.pl +++ b/lib/x2gobroker-agent.pl @@ -26,11 +26,20 @@ sub initUser { my ($user, $uid, $gid, $home)=@_; if (! -d "$home") + ### + ### FIXME: it should no be our job to create homes...!!! + ### Use pam_mkhomedir.so or similar or just have a + ### genuine system administration tool... (Mike) + ### { mkdir ("$home", 0700); chown ($uid, $gid, $home); } if (! -e "$home/.x2go/sqlpass") + ### + ### FIXME: This code block will fail on most NFS mounted shares + ### and esp. on those mounted via NFSv4+Krb. (Mike) + ### { open my $save_out, ">&STDOUT"; close (STDOUT); @@ -41,6 +50,11 @@ sub initUser sub createKey { + ### + ### FIXME: This bit of code look dangerous... My + ### authorized_keys file is starting to get + ### scared... (Mike) + ### my ($uid, $gid, $home)=@_; if (! -d "$home/.ssh") { @@ -69,7 +83,7 @@ $ENV{'PATH'} = '/bin:/usr/bin'; my $username=shift or die; my $mode=shift or die; -my ($name,$passwd,$uid,$gid, $quota,$comment,$gcos,$home,$shell,$expire) = getpwnam($username); +my ($name, $passwd, $uid, $gid, $quota, $comment, $gcos, $home, $shell, $expire) = getpwnam($username); if($uid < 1000) { @@ -110,5 +124,3 @@ if($mode eq 'ping') { print "OK\n"; } - - diff --git a/lib/x2gobroker-zeroconf.pm b/lib/x2gobroker-zeroconf.pm deleted file mode 100644 index fae529a..0000000 --- a/lib/x2gobroker-zeroconf.pm +++ /dev/null @@ -1,632 +0,0 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> -# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> -# -# X2Go Session Broker is free software; you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# X2Go Session Broker is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program; if not, write to the -# Free Software Foundation, Inc., -# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. - -package x2gobroker-simple; - -use strict; -use Config::Simple; -use Crypt::SaltedHash; -use MIME::Base64; -use Data::Dumper; - - -my $cfg=new Config::Simple(syntax=>'ini'); -$cfg->read("/etc/x2go/x2gobroker-simple.cfg"); -my $ldapuri=$cfg->param('ldapuri'); -my $replica=$cfg->param('replica'); -my $binddn=$cfg->param('binddn'); -my $bindpw=$cfg->param('bindpw'); - -use base 'Exporter'; -our @EXPORT = ('checkAccess', 'listSessions', 'selectSession', 'setPass'); - -sub getBase -### -### FIXME: provide that in /etc/x2go/x2gobroker-simple.cfg -### FIXME: put the pid of this process in the lock files -{ - my $login=shift; - $login=~s/cn=ldapadmin,//; - return $login; -} - -sub initLdap -### -### FIXME: lock files have to be in /run or /var/run... -### -{ - my $masterlocked=0; - my $replicalocked=0; - if ( ( -e "/etc/x2go/x2gobroker/masterldap.lock") && ( -e "/etc/x2go/x2gobroker/replicaldap.lock" ) ) - { - die "Can't connect to LDAP server"; - } - if ( -e "/etc/x2go/x2gobroker/replicaldap.lock" ) - { - $masterlocked=1; - my ($ldap,$error)=initLDAPServer( $ldapuri ); - if( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/masterldap.lock`; - die "Can't connect to LDAP server"; - } - return $ldap; - } - if( -e "/etc/x2go/x2gobroker/masterldap.lock" ) - { - $replicalocked=1; - my ($ldap,$error)=initLDAPServer( $replica ); - if ( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/replicaldap.lock`; - die "Can't connect to LDAP server"; - } - return $ldap; - } - if( ! int(rand(2)) ) - { - my ($ldap,$error)=initLDAPServer( $ldapuri ); - if( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/masterldap.lock`; - return initLdap(); - } - return $ldap; - } else { - my ($ldap,$error)=initLDAPServer( $replica ); - if(!$ldap) - { - `touch /etc/x2go/x2gobroker/replicaldap.lock`; - return initLdap(); - } - return $ldap; - } -} - -sub initMasterLdap -{ - if(-e "/etc/x2go/x2gobroker/masterldap.lock") - { - die "Master LDAP server is down\n"; - } - my ($ldap,$error)=initLDAPServer( $ldapuri ); - if( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/masterldap.lock`; - die $error; - } - return $ldap; -} - -sub initLDAPServer -{ - my $url=shift; - my $ldap=Net::LDAP->new( $url ); - if( ! $ldap ) - { - notify("LDAP server $url is down ($@). Please, repair it and remove lock file in /etc/x2go/x2gobroker\n"); - return (0,"$@"); - } - my $message = $ldap->bind($binddn,password=>$bindpw); - if(!$message) - { - notify("LDAP server $url is down ($@). Please, repair it and remove lock file in /etc/x2go/x2gobroker\n"); - return (0,"$@"); - } - return ($ldap,0); -} - -sub setPass -{ - my ($user, $newpass)=@_; - # check if we have master ldap here - - my $attr; - - my $csh=Crypt::SaltedHash->new(algorithm => 'SHA-1'); - $csh->add($newpass); - $newpass=$csh->generate; - - push(@$attr,'userPassword'=>$newpass); - my $changes; - push(@$changes,'replace'=>$attr); - - my $ldap = initMasterLdap(); - - my $dn="cn=$user,ou=BrokerUsers".getBase($binddn); - my $message=$ldap->modify($dn, changes => $changes); - - if($message->code) - { - die $message->error.": ".$message->error_desc; - } - print "\n<br>CHANGING PASS OK<br>\n"; -} - -sub selectSession -{ - my ($user, $sid)=@_; - my @words=split("\@",$sid); - my $sess_id=@words[1]; - my $host=@words[0]; - checkAndStartSession($user, $host, $sess_id); -} - -sub getExtCon -{ - my $host=shift; - - my $ldap = initLdap(); - - my $dn="cn=$host,ou=Servers,ou=ON".getBase($binddn); - #### - #### FIXME: get scope from config file in /etc/x2go/x2gobroker-*.conf - #### - my $message=$ldap->search(base => $dn, - scope => 'base', - filter => '(objectClass=ipHost)' - ); - - if($message->code) - { - die $message->error.": ".$message->error_desc; - } - foreach ($message->entries) - { - my $asn=$_->{'asn'}; - my $attr=$asn->{'attributes'}; - foreach (@$attr) - { - my $type=$_->{'type'}; - my $value=$_->{'vals'}[0]; - if( $type eq 'description' ) - { - my @words=split(":",$value); - return (@words[0], @words[1]); - } - } - } -} - -sub checkAndStartSession -{ - my ($uid,$host,$sid)=@_; - my ($status,$sessions)=check_ts($host,$uid); - if(!$status) - { - print "ERROR check TS\n"; - return; - } - my $running=0; - if( $sessions ) - { - my @sinfo=split("\\|",$sessions); - my $sess_stat=@sinfo[4]; - my $sess_srv=@sinfo[3]; - $sid=@sinfo[1]; - if( $sess_stat eq 'R' ) - { - $running=1; - my $str; - ($status,$str)=remoteBroker($host,$uid,"suspend $sid"); - $sessions=~s/\|R\|/\|S\|/; - } - if( $sess_stat eq 'S' ) - { - $running=1; - } - } - - my($ip,$port)=getExtCon($host); - print "SERVER:$ip:$port\n"; - if($running) - { - print "SESSION_INFO:".(split("\n",$sessions))[0]."\n"; - } -} - -sub checkRunningSession -{ - my ($sess_srv, $sess_stat, $server_dn, $uid, $sid, $ldap)=@_; - my @dn_el=split(',',$server_dn); - shift(@dn_el); - shift(@dn_el); - my $node_dn="cn=".$sess_srv.",ou=Hosts,".join(',',@dn_el); - #### - #### FIXME: get scope from config file in /etc/x2go/x2gobroker-*.conf - #### - my $mesg=$ldap->search(base => $node_dn, - scope => 'base', - filter => '(objectClass=X2GoServerNode)' - ); - if(!$mesg->code) - { - my @entries=$mesg->entries(); - if(@entries[0]->get_value('serverStatus') eq 'TRUE') - { - my $node_ref={}; - $node_ref->{'ip'}=@entries[0]->get_value('ipHostNumber'); - $node_ref->{'dn'}=$node_dn; - my $status; - my $str; - if( $sess_stat eq 'R' ) - { - print "session running, suspend session $sid\n"; - ($status,$str)=remoteBroker($node_ref->{'ip'},$uid,"suspend $sid",$node_ref->{'dn'}, $ldap); - } else { - print "session not running, ping node\n"; - ($status,$str)=remoteBroker($node_ref->{'ip'},$uid,'ping',$node_ref->{'dn'}, $ldap); - } - if($status) - { - return $node_ref; - } - print "error executing remote broker \n"; - } - print "node is down \n"; - return 0; - } - print "error searching $node_dn: ".$mesg->error."\n"; - return 0; -} - -sub startNewSession -{ - my ($dn, $ldap, $uid)=@_; - #### - #### FIXME: get scope from config file in /etc/x2go/x2gobroker-*.conf - #### - my $mesg=$ldap->search(base => $dn, - scope => 'base', - filter => '(objectClass=X2GoServer)' - ); - - if($mesg->code) - { - return 0; - } - - my @entries=$mesg->entries(); - my $ref = @entries[0]->get_value ( 'serverNode', asref => 1 ); - my $nodes; - foreach(@$ref) - { - my $server=$_; - my @sdn=split(",",$dn); - shift(@sdn); - shift(@sdn); - my $server_dn="cn=$server,ou=Hosts,".join(",",@sdn); - - my $mesg=$ldap->search(base => $server_dn, - scope => 'base', - filter => '(objectClass=X2GoServerNode)' - ); - if( ! $mesg->code ) - { - my @entries=$mesg->entries(); - if(@entries[0]->get_value('serverStatus') eq 'TRUE') - { - my $node_ref={}; - $node_ref->{'ip'}=@entries[0]->get_value('ipHostNumber'); - $node_ref->{'sessions'}=0; - $node_ref->{'dn'}=$server_dn; - $nodes->{$server}=$node_ref; - } - } - } - return findBestServer($nodes,$ldap, $uid); -} - -sub findBestServer -{ - my ($nodes, $ldap, $user)=@_; - my $servers; - my $status; - while( my ($key,$value) = each(%$nodes)) - { - if( ! $status ) - { - my $ip=$value->{'ip'}; - my $dn=$value->{'dn'}; - ($status,$servers)=remoteBroker($ip,$user,'getservers',$dn, $ldap); - if(!$status) - { - delete $nodes->{$key}; - } - } - } - if( ! $status ) - { - return 0; - } - my @srvlines=split("\n",$servers); - foreach(@srvlines) - { - my @words=split(' ',$_); - my $ref=$nodes->{@words[0]}; - if( $ref ) - { - $ref->{'sessions'}=1*@words[1]; - } - } - return checkServers($nodes, $ldap, $user); -} - -sub checkServers -{ - my ($nodes, $ldap, $user)=@_; - my $bestnode=0; - my $bestnodekey; - my $key; - my $value; - while( ($key,$value) = each(%$nodes)) - { - if(! $bestnode) - { - $bestnode=$value; - $bestnodekey=$key; - } else { - if($value->{'sessions'}<$bestnode->{'sessions'}) - { - $bestnode=$value; - $bestnodekey=$key; - } - } - } - if( ! $bestnode ) - { - print "bestnode is null: \n"; - return 0; - } else { - my $ip=$bestnode->{'ip'}; - my $dn=$bestnode->{'dn'}; - my ($status,$fakearr)=remoteBroker($ip,$user,'ping',$dn, $ldap); - if( ! $status ) - { - delete $nodes->{$bestnodekey}; - return checkServers($nodes, $ldap, $user); - } else { - return $bestnode; - } - } -} - - -sub check_ts -{ - my ($host, $user)=@_; - my $server_dn; - my $ldap; - my($status,$sessions)=getSessionRunning($server_dn, $host, $user, $ldap); - if( $status ) - { - return (1,$sessions); - } - return (0,0); -} - -sub getSessionRunning -{ - my ($dn,$ip,$user, $ldap)=@_; - my ($status,$sessions)=remoteBroker($ip,$user,'listsessions', $dn, $ldap); - if( ! $status ) - { - return (0,0); - } else { - return (1,$sessions); - } -} - -sub remoteBroker -{ - my ($ip, $user, $cmd, $dn, $ldap)=@_; - my $res=`ssh -o ConnectTimeout=15 -o UserKnownHostsFile=/etc/x2go/x2gobroker/ts_known_hosts x2gobroker\@$ip -i /etc/x2go/x2gobroker/id_x2gobroker_dsa \"/usr/lib/x2go/broker/x2gobroker-command $user $cmd 2>/dev/null\"`; - my @rarr=split("\n",$res); - my $stat; - if(@rarr[0] eq 'OK') - { - $stat=1; - } else { - $stat=0; - # setNodeDown($dn, $ldap, $cmd, $user); - } - shift(@rarr); - return($stat,join("\n",@rarr)); -} - -sub notify -{ - my $message=shift; - open (F,">>/tmp/x2gobroker.log"); - print F `date`.$message."\n"; - close(F); -} - -sub setNodeDown -{ - my($dn, $ldap, $cmd, $user)=@_; - my $attr; - push(@$attr,'serverStatus' => 'FALSE'); - my $changes; - push (@$changes, 'replace' => $attr); - $ldap->modify($dn,changes => $changes); - notify ("set status of $dn to \"down\", failed command: \"$cmd\", user: \"$user\"\n"); -} - -sub setServerDown -{ - my($dn, $ldap)=@_; - my $attr; - push(@$attr,'serverStatus' => 'FALSE'); - my $changes; - push (@$changes, 'replace' => $attr); - $ldap->modify($dn,changes => $changes); - notify ("set status of $dn to \"down\", all nodes are down\n"); -} - -sub checkAccess -{ - my ($user,$pass)=@_; - - my $ldap = initLdap(); - - my $dn="uid=$user,ou=People".getBase($binddn); - my $mesg=$ldap->search(base => $dn, - scope => 'base', - filter => '(objectClass=posixAccount)' - ); - - if( $mesg->code ) - { - return 0; - } - - my @entries=$mesg->entries(); - my $crypted=@entries[0]->get_value('userPassword'); - $mesg = $ldap->unbind; - if ( Crypt::SaltedHash->validate($crypted, $pass) ) - { - return 1; - } - return 0; -} - -sub listSessions -{ - my $user=shift; - - my $ldap = initLdap(); - - my $dn="ou=Servers,ou=ON".getBase($binddn); - my $message=$ldap->search(base => $dn, - scope => 'sub', - filter => '(objectClass=ipHost)' - ); - - if($message->code) - { - die $message->error.": ".$message->error_desc; - } - # print Dumper($message->entries); - print "START_USER_SESSIONS<br>"; - foreach ($message->entries) - { - my $asn=$_->{'asn'}; - my $attr=$asn->{'attributes'}; - my $host; - my $int_ip; - my $ext_ip; - my $ext_port; - foreach (@$attr) - { - my $type=$_->{'type'}; - my $value=$_->{'vals'}[0]; - if( $type eq 'cn' ) - { - $host=$value; - } - } - my($status,$sessions)=getSessionRunning($dn,$host,$user, $ldap); - if($status) - { - my $sess_srv; - if($sessions) - { - my @sinfo=split("\\|",$sessions); - my $sess_stat=@sinfo[4]; - $sess_srv=@sinfo[3]; - my $sid=@sinfo[1]; - print "<br>[$host\@$sid]<br>"; - print "status=$sess_stat<br>"; - #get ip - #get port - } else { - my $sessions; - ($sess_srv,$ext_ip,$ext_port, $sessions)=getBestNode($dn, $ldap, $user, $host, $message); - print "<br>[$host]<br>"; - } - #print "host=$ext_ip<br>"; - print "user=$user<br>"; - #print "sshport=$ext_port<br>"; - print "name=Stadt Treuchtlingen<br>"; - goto loop_end; - } - } - loop_end: - print "END_USER_SESSIONS<br>"; - $ldap->unbind(); -} - -sub getBestNode -{ - my ($dn, $ldap, $user, $ip, $message)=@_; - my $servers; - my $status; - ($status,$servers)=remoteBroker($ip,$user,'getservers',$dn, $ldap); - my $srvref={}; - my @srvlines=split("\n",$servers); - foreach(@srvlines) - { - my @words=split(' ',$_); - $srvref->{@words[0]}=1*@words[1]; - } - my $bestval=-1; - my $bestsrv; - my $bestext_ip; - my $bestext_port; - foreach ($message->entries) - { - my $asn=$_->{'asn'}; - my $attr=$asn->{'attributes'}; - my $host; - my $ext_ip; - my $ext_port; - foreach (@$attr) - { - my $type=$_->{'type'}; - my $value=$_->{'vals'}[0]; - if( $type eq 'cn' ) - { - $host=$value; - } - if($type eq 'description') - { - my @words=split(":",$value); - $ext_ip=@words[0]; - $ext_port=@words[1]; - } - } - my $sess=$srvref->{$host}; - if( ! $sess ) - { - return($host, $ext_ip, $ext_port,0); - } - if($sess < $bestval || $bestval == -1) - { - $bestval=$sess; - $bestsrv=$host; - $bestext_ip=$ext_ip; - $bestext_port=$ext_port; - } - } - return($bestsrv, $bestext_ip, $bestext_port, $bestval); -} - -1; hooks/post-receive -- x2gobroker.git (HTTP(S) Session broker for X2Go) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).