This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit 770683c5ade94095482bdb28ea868ab2d69c2e24 Author: Josh Lukens <jlukens@botch.com> Date: Thu Mar 6 20:55:10 2014 -0500 Add support to run pre and post authentication scripts. (Fixes: #449). --- debian/changelog | 1 + etc/x2gobroker.conf | 7 +++++++ x2gobroker/defaults.py | 2 ++ x2gobroker/optional_scripts/__init__.py | 20 ++++++++++++++++++++ x2gobroker/optional_scripts/base_script.py | 24 ++++++++++++++++++++++++ x2gobroker/web/plain.py | 24 ++++++++++++++++++++++++ 6 files changed, 78 insertions(+) diff --git a/debian/changelog b/debian/changelog index 0b2dd12..bb4cb93 100644 --- a/debian/changelog +++ b/debian/changelog @@ -118,6 +118,7 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low * New upstream version (0.0.3.0): - Add support for dynamic cookie based auth after initial password auth. (Fixes: #447). + - Add support to run pre and post authentication scripts. (Fixes: #449). -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Fri, 07 Jun 2013 23:25:30 +0200 diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf index b8b8974..64967a9 100644 --- a/etc/x2gobroker.conf +++ b/etc/x2gobroker.conf @@ -48,6 +48,13 @@ # the permissions are set to allow the x2go broker process to write to this directory #cookie-directory = '/var/log/x2gobroker/cookies' +# Pre and Post authentication scripts give you the option to run outside scripts +# or adjust the values of variables for users logging in. Pre scripts run just +# before user authentication and Post scripts run just after. Set to list of +# scripts, comma seperated, with no spaces between. +#pre_auth_scripts = +#post_auth_scripts = + # Every server-client communication (between X2Go Client and broker) has to be # accompanied by this initial authentication cookie if require-cookie is set above. # This should be in the format of a UUID. diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py index 9027ed0..d4bfaaf 100644 --- a/x2gobroker/defaults.py +++ b/x2gobroker/defaults.py @@ -186,6 +186,8 @@ X2GOBROKER_CONFIG_DEFAULTS = { u'auth-timeout': 36000, u'cookie-directory': '/var/log/x2gobroker/cookies', u'verify-ip': True, + u'pre_auth_scripts': [], + u'post_auth_scripts': [], u'my-cookie': uuid.uuid4(), u'enable-plain-output': True, u'enable-json-output': True, diff --git a/x2gobroker/optional_scripts/__init__.py b/x2gobroker/optional_scripts/__init__.py new file mode 100755 index 0000000..d3eff3c --- /dev/null +++ b/x2gobroker/optional_scripts/__init__.py @@ -0,0 +1,20 @@ +# -*- coding: utf-8 -*- + +# Copyright (C) 2012-2014 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# Copyright (C) 2012-2014 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> +# +# X2Go Session Broker is free software; you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# X2Go Session Broker is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program; if not, write to the +# Free Software Foundation, Inc., +# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + diff --git a/x2gobroker/optional_scripts/base_script.py b/x2gobroker/optional_scripts/base_script.py new file mode 100755 index 0000000..e284362 --- /dev/null +++ b/x2gobroker/optional_scripts/base_script.py @@ -0,0 +1,24 @@ +# -*- coding: utf-8 -*- + +# Copyright (C) 2012-2014 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# Copyright (C) 2012-2014 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> +# +# X2Go Session Broker is free software; you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# X2Go Session Broker is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program; if not, write to the +# Free Software Foundation, Inc., +# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +class X2GoBrokerOptionalScript(object): + + def run_me(self, username, password, task, profile_id, ip, cookie): + return username, password, task, profile_id, ip, cookie diff --git a/x2gobroker/web/plain.py b/x2gobroker/web/plain.py index 22b4964..dcf853b 100644 --- a/x2gobroker/web/plain.py +++ b/x2gobroker/web/plain.py @@ -114,9 +114,33 @@ class X2GoBrokerWeb(_RequestHandler): output = '' + if len(global_config['pre_auth_scripts']) != 0: + for script in global_config['pre_auth_scripts']: + try: + post_auth_script=None + exec("import x2gobroker.optional_scripts.{script}_script".format(script=script)) + exec("pre_auth_script = x2gobroker.optional_scripts.{script}_script.X2GoBrokerOptionalScript()".format(script=script)) + logger_broker.debug ('Calling pre-auth script {script} with username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, ip: {ip}, cookie: {cookie}'.format(script=script,username=username, password='XXXXX', task=task, profile_id=profile_id, ip=ip, cookie=cookie)) + username, password, task, profile_id, ip, cookie = pre_auth_script.run_me(username=username, password=password, task=task, profile_id=profile_id, ip=ip, cookie=cookie) + logger_broker.debug ('Pre-auth script {script} finished with username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, ip: {ip}, cookie: {cookie}'.format(script=script,username=username, password='XXXXX', task=task, profile_id=profile_id, ip=ip, cookie=cookie)) + except ImportError: + logger_error.error('No such optional script \'{script}\''.format(script=script)) + logger_broker.debug ('username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, cookie: {cookie}'.format(username=username, password='XXXXX', task=task, profile_id=profile_id, cookie=cookie)) access, next_cookie = broker_backend.check_access(username=username, password=password, ip=ip, cookie=cookie) + if access: + if len(global_config['post_auth_scripts']) != 0: + for script in global_config['post_auth_scripts']: + try: + post_auth_script=None + exec("import x2gobroker.optional_scripts.{script}_script".format(script=script)) + exec("post_auth_script = x2gobroker.optional_scripts.{script}_script.X2GoBrokerOptionalScript()".format(script=script)) + logger_broker.debug ('Calling post-auth script {script} with username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, ip: {ip}, cookie: {cookie}'.format(script=script,username=username, password='XXXXX', task=task, profile_id=profile_id, ip=ip, cookie=cookie)) + username, password, task, profile_id, ip, cookie = post_auth_script.run_me(username=username, password=password, task=task, profile_id=profile_id, ip=ip, cookie=cookie) + logger_broker.debug ('Post-auth script {script} finished with username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, ip: {ip}, cookie: {cookie}'.format(script=script,username=username, password='XXXXX', task=task, profile_id=profile_id, ip=ip, cookie=cookie)) + except ImportError: + logger_error.error('No such optional script \'{script}\''.format(script=script)) ### ### CONFIRM SUCCESSFUL AUTHENTICATION FIRST -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git