This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit 9cfc3b98f0d3e859cc7f9703d2f9081d43b6fcbd Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Tue Mar 18 19:29:04 2014 +0100 Allow for broker clients to send in public SSH keys that the client may use for authentication to X2Go Servers. --- debian/changelog | 2 ++ x2gobroker/brokers/base_broker.py | 61 +++++++++++++++++++++++++------------ x2gobroker/web/json.py | 3 +- x2gobroker/web/plain.py | 3 +- 4 files changed, 47 insertions(+), 22 deletions(-) diff --git a/debian/changelog b/debian/changelog index 0ac02f0..d0f227a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -99,6 +99,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low - Session profiles with marker user=BROKER_USER will now auto-fill-in the broker username into the session profile's 'user' option. - Provide tool: x2gobroker-testagent. + - Allow for broker clients to send in public SSH keys that the client may use + for authentication to X2Go Servers. * debian/control: + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. + Fix SYNOPSIS texts. diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py index 0edb946..9b52aef 100644 --- a/x2gobroker/brokers/base_broker.py +++ b/x2gobroker/brokers/base_broker.py @@ -946,7 +946,7 @@ class X2GoBroker(object): return list_of_profiles - def select_session(self, profile_id, username=None): + def select_session(self, profile_id, username=None, pubkey=None): """\ Start/resume a session by selecting a profile name offered by the X2Go client. @@ -957,6 +957,9 @@ class X2GoBroker(object): @type profile_id: C{unicode} @param username: specify username that this operation runs for @type username: C{unicode} + @param pubkey: The broker clients may send us a public key that we may + temporarily install into a remote X2Go Server for non-interactive login + @type pubkey: C{unicode} """ try: @@ -1092,25 +1095,43 @@ class X2GoBroker(object): # session autologin feature if remote_agent and self.get_session_autologin(profile_id) and username: - # FIXME: we somehow have to find out about the username of the person at the broker client-side... - # using the username used for broker login for now... - pubkey, privkey = x2gobroker.agent.genkeypair(local_username=username, client_address=self.get_client_address()) - x2gobroker.agent.add_authorized_key(username=username, - pubkey_hash=pubkey, - authorized_keys_file=self.get_authorized_keys_file(profile_id), - query_mode=agent_query_mode, - remote_agent=remote_agent, - ), - selected_session.update({ - 'authentication_privkey': privkey, - }) - x2gobroker.agent.delete_authorized_key(username=username, - pubkey_hash=pubkey, - authorized_keys_file=self.get_authorized_keys_file(profile_id), - query_mode=agent_query_mode, - remote_agent=remote_agent, - delay_deletion=20, - ) + if not pubkey: + # if the broker client has not provided a public SSH key, we will generate one + # this is the OLD style of the auto login feature + + # FIXME: we somehow have to find out about the username of the person at the broker client-side... + # using the username used for broker login for now... + pubkey, privkey = x2gobroker.agent.genkeypair(local_username=username, client_address=self.get_client_address()) + x2gobroker.agent.add_authorized_key(username=username, + pubkey_hash=pubkey, + authorized_keys_file=self.get_authorized_keys_file(profile_id), + query_mode=agent_query_mode, + remote_agent=remote_agent, + ), + selected_session.update({ + 'authentication_privkey': privkey, + }) + x2gobroker.agent.delete_authorized_key(username=username, + pubkey_hash=pubkey, + authorized_keys_file=self.get_authorized_keys_file(profile_id), + query_mode=agent_query_mode, + remote_agent=remote_agent, + delay_deletion=20, + ) + else: + x2gobroker.agent.add_authorized_key(username=username, + pubkey_hash=pubkey, + authorized_keys_file=self.get_authorized_keys_file(profile_id), + query_mode=agent_query_mode, + remote_agent=remote_agent, + ), + x2gobroker.agent.delete_authorized_key(username=username, + pubkey_hash=pubkey, + authorized_keys_file=self.get_authorized_keys_file(profile_id), + query_mode=agent_query_mode, + remote_agent=remote_agent, + delay_deletion=20, + ) return selected_session diff --git a/x2gobroker/web/json.py b/x2gobroker/web/json.py index bbbcb81..a1f9300 100644 --- a/x2gobroker/web/json.py +++ b/x2gobroker/web/json.py @@ -112,6 +112,7 @@ class X2GoBrokerWeb(_RequestHandler): username = self.get_argument('user', default='') password = self.get_argument('password', default='') cookie = self.get_argument('authid', default='') + pubkey = self.get_argument('pubkey', default='') task = self.get_argument('task', default='') profile_id = self.get_argument('profile-id', default='') new_password = self.get_argument('newpass', default='') @@ -171,7 +172,7 @@ class X2GoBrokerWeb(_RequestHandler): selected_session = {} - profile_info = broker_backend.select_session(profile_id=profile_id, username=username) + profile_info = broker_backend.select_session(profile_id=profile_id, username=username, pubkey=pubkey) if profile_info.has_key('server'): selected_session['server'] = "{server}".format(server=profile_info['server']) if profile_info.has_key('port'): diff --git a/x2gobroker/web/plain.py b/x2gobroker/web/plain.py index f9e8531..150818b 100644 --- a/x2gobroker/web/plain.py +++ b/x2gobroker/web/plain.py @@ -108,6 +108,7 @@ class X2GoBrokerWeb(_RequestHandler): username = self.get_argument('user', default='') password = self.get_argument('password', default='') cookie = self.get_argument('authid', default='') + pubkey = self.get_argument('pubkey', default='') task = self.get_argument('task', default='') profile_id = self.get_argument('sid', default='') new_password = self.get_argument('newpass', default='') @@ -190,7 +191,7 @@ class X2GoBrokerWeb(_RequestHandler): if profile_id: - profile_info = broker_backend.select_session(profile_id=profile_id, username=username) + profile_info = broker_backend.select_session(profile_id=profile_id, username=username, pubkey=pubkey) if profile_info.has_key('server'): output += "SERVER:" output += profile_info['server'] -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git