The branch, build-main has been updated via d5ae323df36f2fab5dfe9ddfd8643dd9a98c817a (commit) from 64dc9fba445fcf69a7ed2d5f28180a112cb3fa91 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: debian/changelog | 2 + sbin/x2gobroker-keygen | 127 ++++++++++++++++++++++++++++++++++++++++++++++++ x2gobroker/defaults.py | 5 ++ 3 files changed, 134 insertions(+) create mode 100755 sbin/x2gobroker-keygen The diff of changes is: diff --git a/debian/changelog b/debian/changelog index a44162f..be93ac2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -15,6 +15,8 @@ x2gobroker (0.0.0.2-0~x2go1) UNRELEASED; urgency=low - Set log level to CRITICAL if running unit tests. - Perform PAM authentication via an authentication service (the broker runs as non-privileged user, the authentication service as root). + - Add tool: x2gobroker-keygen. Generate pub/priv SSH keypair for the + system user x2gobroker. * /debian/control: + Add bin:package x2gobroker-agent. * /debian/x2gobroker-daemon.init: diff --git a/sbin/x2gobroker-keygen b/sbin/x2gobroker-keygen new file mode 100755 index 0000000..efe0ac2 --- /dev/null +++ b/sbin/x2gobroker-keygen @@ -0,0 +1,127 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# This file is part of the X2Go Project - http://www.x2go.org +# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> +# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> +# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# +# X2Go Session Broker is free software; you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# X2Go Session Broker is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program; if not, write to the +# Free Software Foundation, Inc., +# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +import os +import sys +import setproctitle +import argparse +import logging +import binascii +import paramiko + +try: + import x2gobroker.defaults +except ImportError: + sys.path.insert(0, os.path.join(os.getcwd(), '..')) + import x2gobroker.defaults + +supported_key_types = ('RSA', 'DSA') + +PROG_NAME = os.path.basename(sys.argv[0]) +PROG_OPTIONS = sys.argv[1:] +setproctitle.setproctitle("%s %s" % (PROG_NAME, " ".join(PROG_OPTIONS))) + +from x2gobroker import __VERSION__ +from x2gobroker import __AUTHOR__ +from x2gobroker.loggers import logger_broker, logger_error + +if os.geteuid() == 0: + # propagate msgs for the broker logger to the root logger (i.e. to stderr) + logger_broker.propagate = 1 + logger_error.propagate = 1 + +# raise log level to DEBUG if requested... +if x2gobroker.defaults.X2GOBROKER_DEBUG and not x2gobroker.defaults.X2GOBROKER_TESTSUITE: + logger_broker.setLevel(logging.DEBUG) + +logger_broker.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__)) +logger_broker.info('Setting up the key generator\'s environment...') +logger_broker.info(' X2GOBROKER_DEBUG: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DEBUG)) +logger_broker.info(' X2GOBROKER_DAEMON_USER: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DAEMON_USER)) +logger_broker.info(' X2GOBROKER_DAEMON_GROUP: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP)) + +# check effective UID the broker runs as and complain appropriately... +if os.geteuid() != 0: + logger_error.error('X2Go Session Broker\'s key generator has to run with root privileges. Exiting...') + sys.exit(-1) + +if __name__ == '__main__': + + common_options = [ + {'args':['-t','--type'], 'default': 'RSA', 'help': 'Choose a key type for the X2Go Session Broker pub/priv SSH key pair (available: RSA, DSA).', }, + {'args':['-f','--force'], 'default': False, 'action': 'store_true', 'help': 'Enforce the creation of a public/private key pair. WARNING: This will overwrite earlier created keys.', }, + ] + p = argparse.ArgumentParser(description='X2Go Session Broker (Key Generator)',\ + formatter_class=argparse.RawDescriptionHelpFormatter, \ + add_help=True, argument_default=None) + p_common = p.add_argument_group('common parameters') + + for (p_group, opts) in ( (p_common, common_options), ): + for opt in opts: + args = opt['args'] + del opt['args'] + p_group.add_argument(*args, **opt) + + cmdline_args = p.parse_args() + + if cmdline_args.key_type.upper() not in supported_key_types: + logger_error.error(u'Unknown key type »{key_type}«. Possible key types are RSA and DSA. Exiting...'.format(key_type=cmdline_args.key_type.upper())) + sys.exit(-2) + + broker_uid = x2gobroker.defaults.X2GOBROKER_DAEMON_USER + broker_uidnumber = getpwnam(broker_uid).pw_uid + broker_gid = x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP + broker_gidnumber = getgrnam(_broker_gid).gr_gid + broker_home = x2gobroker.defaults.X2GOBROKER_HOME + + if not os.path.exists(broker_home): + logger_error.error('The home directory {home} of user {user} does not exists. Cannot continue. Exiting...'.format(home=broker_home, user=broker_uid)) + sys.exit(-2) + + logger_broker.info('Creating pub/priv key pair for X2Go Session Broker...') + if not path.exists('{home}/.ssh'.format(home=broker_home)): + os.mkdir('{home}/.ssh'.format(home=broker_home)) + os.chown('{home}/.ssh'.format(home=broker_home), broker_uidnumber, broker_gidnumber) + os.chmod('{home}/.ssh'.format(home=broker_home), 0750) + logger_broker.info(' Created {home}/.ssh'.format(home=broker_home)) + + # generate key pair + if cmdline_args.key_type.upper() == 'RSA': + key = paramiko.RSAKey.generate(2048) + elif cmdine_args.key_type.upper() == 'DSA': + key = paramiko.DSAKey.generate(2048) + + logger_broker.info(' {key_type} key has been generated, fingerprint is {fingerprint}'.format(key_type=cmdine_args.key_type.upper(), fingerprint=binascii.hexlify(key.get_fingerprint()))) + + key.write_private_key_file('{home}/.ssh/id_rsa'.format(home=broker_home)) + os.chown('{home}/.ssh/id_rsa'.format(home=broker_home), broker_uidnumber, broker_gidnumber) + os.chmod('{home}/.ssh/id_rsa'.format(home=broker_home), 0600) + logger_broker.info(' Private key written to file {key_file}'.format(key_file='{home}/.ssh/id_rsa'.format(home=broker_home))) + + pubkey_file = open('{home}/.ssh/id_rsa.pub'.format(home=broker_home),'w') + pubkey_file.write("ssh-rsa " +key.get_base64()) + pubkey_file.close() + os.chown('{home}/.ssh/id_rsa'.format(home=broker_home), broker_uidnumber, broker_gidnumber) + os.chmod('{home}/.ssh/id_rsa'.format(home=broker_home), 0600) + logger_broker.info(' Public key written to file {key_file}'.format(key_file='{home}/.ssh/id_rsa.pub'.format(home=broker_home))) + diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py index e777142..4368a67 100644 --- a/x2gobroker/defaults.py +++ b/x2gobroker/defaults.py @@ -29,6 +29,11 @@ from loggers import logger_broker, logger_access, logger_error, X2GOBROKER_DAEMO X2GOBROKER_USER = getpass.getuser() +if os.environ.has_key('X2GOBROKER_DAEMON_GROUP'): + X2GOBROKER_DAEMON_GROUP=os.environ['X2GOBROKER_DAEMON_GROUP'] +else: + X2GOBROKER_DAEMON_GROUP="x2gobroker" + ### ### dynamic default values, influencable through os.environ... ### hooks/post-receive -- x2gobroker.git (HTTP(S) Session broker for X2Go) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).