The branch, uccsoutput has been updated via e34d0691e5830ab901da3ba0998a73e5f7fb0c31 (commit) via 2b634eef55315243b77ad07cd81d2c8e722e2542 (commit) via 3d70999fd322b0d4ae0724ea9e6d7a2598286e57 (commit) via b38f22b7ebbcbf943f7a554d5ee1f0a5c08c335b (commit) from a23c56abf93b0f641589132105e52e9105cbbab8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e34d0691e5830ab901da3ba0998a73e5f7fb0c31 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Fri Apr 19 12:54:00 2013 +0200 Add forgotten file: x2gobroker-authservice-logger.conf. (Fixes: #180). commit 2b634eef55315243b77ad07cd81d2c8e722e2542 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Fri Apr 19 00:24:56 2013 +0200 Move AuthService server code fully into x2gobroker-authservice daemon script. commit 3d70999fd322b0d4ae0724ea9e6d7a2598286e57 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Fri Apr 19 00:04:14 2013 +0200 return empty page instead of 404 if no pubkeys for x2gobroker exist, fix args+kwargs in get() method commit b38f22b7ebbcbf943f7a554d5ee1f0a5c08c335b Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Thu Apr 18 17:17:26 2013 +0200 fix changelog entry ----------------------------------------------------------------------- Summary of changes: debian/changelog | 5 +- .../broker/x2gobroker-authservice-logger.conf | 37 ++++++-- sbin/x2gobroker-authservice | 96 ++++++++++++++++---- x2gobroker/authservice.py | 81 ++--------------- x2gobroker/web/extras.py | 5 +- 5 files changed, 123 insertions(+), 101 deletions(-) copy x2gobroker/web/json.py => etc/broker/x2gobroker-authservice-logger.conf (62%) The diff of changes is: diff --git a/debian/changelog b/debian/changelog index b8bd4ea..8195e1e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -15,7 +15,10 @@ x2gobroker (0.0.1.1-0~x2go1) UNRELEASED; urgency=low the logging in x2gobroker. (Fixes: #172). - x2gobroker-pubkeyauthorizer: no logging-to-file support anymore. (Fixes: #175). - - Fix name of get() for /pubkeys/ URL path. (Fixes: #176). + - Fix name of get() method for /pubkeys/ URL path. (Fixes: #176). + - Move AuthService server code fully into x2gobroker-authservice + daemon script. + - Add forgotten file: x2gobroker-authservice-logger.conf. (Fixes: #180). * /debian/control: + Fix --root parameter in DEB_PYTHON_INSTALL_ARGS. + Let bin:package x2gobroker-authservice depend on python-x2gobroker (of the diff --git a/x2gobroker/web/json.py b/etc/broker/x2gobroker-authservice-logger.conf similarity index 62% copy from x2gobroker/web/json.py copy to etc/broker/x2gobroker-authservice-logger.conf index 2e97f89..9c3e0c9 100644 --- a/x2gobroker/web/json.py +++ b/etc/broker/x2gobroker-authservice-logger.conf @@ -1,5 +1,3 @@ -#!/usr/bin/env python - # This file is part of the X2Go Project - http://www.x2go.org # Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> # Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> @@ -20,11 +18,36 @@ # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. -# modules -import tornado.web +# WARNING: only modify this file if you _exactly_ know what you are doing!!! + +[loggers] +keys=root,authservice + +[logger_root] +level=NOTSET +handlers=stderrHandler + +[handlers] +keys=stderrHandler,authserviceFileHandler + +[formatters] +keys=authserviceFormatter + +[handler_stderrHandler] +class=StreamHandler +args=(sys.stderr,) +[logger_authservice] +level=DEBUG +handlers=authserviceFileHandler +qualname=authservice +propagate=0 -class X2GoBrokerWeb(tornado.web.RequestHandler): +[handler_authserviceFileHandler] +class=FileHandler +formatter=authserviceFormatter +args=('/var/log/x2gobroker/authservice.log',) - # MUSIC OF THE FUTURE - pass \ No newline at end of file +[formatter_authserviceFormatter] +format=%(asctime)s - %(name)s - %(levelname)s - %(message)s +datefmt= diff --git a/sbin/x2gobroker-authservice b/sbin/x2gobroker-authservice index 5f0bd13..534a532 100755 --- a/sbin/x2gobroker-authservice +++ b/sbin/x2gobroker-authservice @@ -26,12 +26,10 @@ import sys import setproctitle import argparse import logging - -try: - import x2gobroker.authservice -except ImportError: - sys.path.insert(0, os.path.join(os.getcwd(), '..')) - import x2gobroker.authservice +import asyncore +import socket +import getpass +import logging.config PROG_NAME = os.path.basename(sys.argv[0]) PROG_OPTIONS = sys.argv[1:] @@ -40,23 +38,89 @@ setproctitle.setproctitle("%s %s" % (PROG_NAME, " ".join(PROG_OPTIONS))) from x2gobroker import __VERSION__ from x2gobroker import __AUTHOR__ + +class AuthService(asyncore.dispatcher_with_send): + + def __init__(self, socketfile, owner='root', group_owner='root', permissions='0660'): + asyncore.dispatcher_with_send.__init__(self) + self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM) + self.set_reuse_addr() + self.bind(socketfile) + os.chown(socketfile, getpwnam(owner).pw_uid, getgrnam(group_owner).gr_gid) + os.chmod(socketfile, int(permissions, 8)) + self.listen(1) + + def handle_accept(self): + conn, _ = self.accept() + AuthClient(conn) + + +def loop(): + asyncore.loop() + + +# normally this would go into defaults.py, however, we do not want to pull in defaults.py here as that will create +# unwanted logfiles (access.log, broker.log, error.log) when x2gobroker-authservice is installed as standalone service +if os.environ.has_key('X2GOBROKER_DEBUG'): + X2GOBROKER_DEBUG = ( os.environ['X2GOBROKER_DEBUG'].lower() in ('1', 'on', 'true', 'yes', ) ) +else: + X2GOBROKER_DEBUG = False +if os.environ.has_key('X2GOBROKER_TESTSUITE'): + X2GOBROKER_TESTSUITE = ( os.environ['X2GOBROKER_TESTSUITE'].lower() in ('1', 'on', 'true', 'yes', ) ) +else: + X2GOBROKER_TESTSUITE = False +if os.environ.has_key('X2GOBROKER_DAEMON_USER'): + X2GOBROKER_DAEMON_USER=os.environ['X2GOBROKER_DAEMON_USER'] +else: + X2GOBROKER_DAEMON_USER="x2gobroker" +if os.environ.has_key('X2GOBROKER_AUTHSERVICE_LOGCONFIG'): + X2GOBROKER_AUTHSERVICE_LOGCONFIG=os.environ['X2GOBROKER_AUTHSERVICE_LOGCONFIG'] +else: + X2GOBROKER_AUTHSERVICE_LOGCONFIG="/etc/x2go/broker/x2gobroker-authservice-logger.conf" +if os.environ.has_key('X2GOBROKER_AUTHSERVICE_SOCKET'): + X2GOBROKER_AUTHSERVICE_SOCKET=os.environ['X2GOBROKER_AUTHSERVICE_SOCKET'] +else: + X2GOBROKER_AUTHSERVICE_SOCKET="/run/x2gobroker/x2gobroker-authservice.socket" + +# standalone daemon mode (x2gobroker-authservice as daemon) or interactive mode (called from the cmdline)? +if getpass.getuser() in (X2GOBROKER_DAEMON_USER, 'root'): + + # we run in standalone daemon mode, so let's use the system configuration for logging + logging.config.fileConfig(X2GOBROKER_AUTHSERVICE_LOGCONFIG) + + # create authservice logger + logger_authservice = logging.getLogger('authservice') + +else: + logger_root = logging.getLogger() + stderr_handler = logging.StreamHandler(sys.stderr) + stderr_handler.setFormatter(logging.Formatter(fmt='%(asctime)s - %(name)s - %(levelname)s - %(message)s', datefmt='')) + + # all loggers stream to stderr... + logger_root.addHandler(stderr_handler) + + logger_authservice = logging.getLogger('authservice') + logger_authservice.addHandler(stderr_handler) + logger_authservice.propagate = 0 + + # raise log level to DEBUG if requested... -if x2gobroker.authservice.X2GOBROKER_DEBUG and not x2gobroker.authservice.X2GOBROKER_TESTSUITE: - x2gobroker.authservice.logger_authservice.setLevel(logging.DEBUG) +if X2GOBROKER_DEBUG and not X2GOBROKER_TESTSUITE: + logger_authservice.setLevel(logging.DEBUG) -x2gobroker.authservice.logger_authservice.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__)) -x2gobroker.authservice.logger_authservice.info('Setting up the PAM authentication service\'s environment...') -x2gobroker.authservice.logger_authservice.info(' X2GOBROKER_DEBUG: {value}'.format(value=x2gobroker.authservice.X2GOBROKER_DEBUG)) -x2gobroker.authservice.logger_authservice.info(' X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=x2gobroker.authservice.X2GOBROKER_AUTHSERVICE_SOCKET)) +logger_authservice.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__)) +logger_authservice.info('Setting up the PAM authentication service\'s environment...') +logger_authservice.info(' X2GOBROKER_DEBUG: {value}'.format(value=X2GOBROKER_DEBUG)) +logger_authservice.info(' X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=X2GOBROKER_AUTHSERVICE_SOCKET)) # check effective UID the broker runs as and complain appropriately... if os.geteuid() != 0: - x2gobroker.authservice.logger_authservice.warn('X2Go Session Broker\'s PAM authentication service should run with root privileges to guarantee proper access to all PAM modules.') + logger_authservice.warn('X2Go Session Broker\'s PAM authentication service should run with root privileges to guarantee proper access to all PAM modules.') if __name__ == '__main__': common_options = [ - {'args':['-s','--socket-file'], 'default': x2gobroker.authservice.X2GOBROKER_AUTHSERVICE_SOCKET, 'metavar': 'AUTHSOCKET', 'help': 'socket file for AuthService communication', }, + {'args':['-s','--socket-file'], 'default': X2GOBROKER_AUTHSERVICE_SOCKET, 'metavar': 'AUTHSOCKET', 'help': 'socket file for AuthService communication', }, {'args':['-o','--owner'], 'default': 'root', 'help': 'owner of the AuthService socket file', }, {'args':['-g','--group'], 'default': 'root', 'help': 'group ownership of the AuthService socket file', }, {'args':['-p','--permissions'], 'default': '0660', 'help': 'set these file permissions for the AuthService socket file', }, @@ -76,8 +140,8 @@ if __name__ == '__main__': cmdline_args = p.parse_args() socket_file = cmdline_args.socket_file - x2gobroker.authservice.AuthService(socket_file, owner=cmdline_args.owner, group_owner=cmdline_args.group, permissions=cmdline_args.permissions) + AuthService(socket_file, owner=cmdline_args.owner, group_owner=cmdline_args.group, permissions=cmdline_args.permissions) try: - x2gobroker.authservice.loop() + loop() except KeyboardInterrupt: pass diff --git a/x2gobroker/authservice.py b/x2gobroker/authservice.py index 0f97a29..ae1518a 100644 --- a/x2gobroker/authservice.py +++ b/x2gobroker/authservice.py @@ -22,58 +22,13 @@ import os import asyncore -import pam import socket import getpass -import logging -import logging.config -from pwd import getpwnam -from grp import getgrnam +# X2Go Session Broker modules +import x2gobroker.defaults +from x2gobroker.loggers import logger_broker -# normally this would go into defaults.py, however, we do not want to pull in defaults.py here as that will create -# unwanted logfiles (access.log, broker.log, error.log) when x2gobroker-authservice is installed as standalone service -if os.environ.has_key('X2GOBROKER_DEBUG'): - X2GOBROKER_DEBUG = ( os.environ['X2GOBROKER_DEBUG'].lower() in ('1', 'on', 'true', 'yes', ) ) -else: - X2GOBROKER_DEBUG = False -if os.environ.has_key('X2GOBROKER_TESTSUITE'): - X2GOBROKER_TESTSUITE = ( os.environ['X2GOBROKER_TESTSUITE'].lower() in ('1', 'on', 'true', 'yes', ) ) -else: - X2GOBROKER_TESTSUITE = False -if os.environ.has_key('X2GOBROKER_DAEMON_USER'): - X2GOBROKER_DAEMON_USER=os.environ['X2GOBROKER_DAEMON_USER'] -else: - X2GOBROKER_DAEMON_USER="x2gobroker" -if os.environ.has_key('X2GOBROKER_AUTHSERVICE_LOGCONFIG'): - X2GOBROKER_AUTHSERVICE_LOGCONFIG=os.environ['X2GOBROKER_AUTHSERVICE_LOGCONFIG'] -else: - X2GOBROKER_AUTHSERVICE_LOGCONFIG="/etc/x2go/broker/x2gobroker-authservice-logger.conf" -if os.environ.has_key('X2GOBROKER_AUTHSERVICE_SOCKET'): - X2GOBROKER_AUTHSERVICE_SOCKET=os.environ['X2GOBROKER_AUTHSERVICE_SOCKET'] -else: - X2GOBROKER_AUTHSERVICE_SOCKET="/run/x2gobroker/x2gobroker-authservice.socket" - -# standalone daemon mode (x2gobroker-authservice as daemon) or interactive mode (called from the cmdline)? -if getpass.getuser() in (X2GOBROKER_DAEMON_USER, 'root'): - - # we run in standalone daemon mode, so let's use the system configuration for logging - logging.config.fileConfig(X2GOBROKER_AUTHSERVICE_LOGCONFIG) - - # create authservice logger - logger_authservice = logging.getLogger('authservice') - -else: - logger_root = logging.getLogger() - stderr_handler = logging.StreamHandler(sys.stderr) - stderr_handler.setFormatter(logging.Formatter(fmt='%(asctime)s - %(name)s - %(levelname)s - %(message)s', datefmt='')) - - # all loggers stream to stderr... - logger_root.addHandler(stderr_handler) - - logger_authservice = logging.getLogger('authservice') - logger_authservice.addHandler(stderr_handler) - logger_authservice.propagate = 0 class AuthClient(asyncore.dispatcher_with_send): @@ -103,36 +58,16 @@ class AuthClient(asyncore.dispatcher_with_send): self.close() -class AuthService(asyncore.dispatcher_with_send): - - def __init__(self, socketfile, owner='root', group_owner='root', permissions='0660'): - asyncore.dispatcher_with_send.__init__(self) - self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM) - self.set_reuse_addr() - self.bind(socketfile) - os.chown(socketfile, getpwnam(owner).pw_uid, getgrnam(group_owner).gr_gid) - os.chmod(socketfile, int(permissions, 8)) - self.listen(1) - - def handle_accept(self): - conn, _ = self.accept() - AuthClient(conn) - - -def loop(): - asyncore.loop() - - def authenticate(username, password, service="x2gobroker"): s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) - logger_authservice.debug('connecting to authentication service socket {socket}'.format(socket=X2GOBROKER_AUTHSERVICE_SOCKET)) - s.connect(X2GOBROKER_AUTHSERVICE_SOCKET) - logger_authservice.debug('sending username={username}, password=<hidden>, service={service} to authentication service'.format(username=username, service=service)) + logger_broker.debug('connecting to authentication service socket {socket}'.format(socket=x2gobroker.defaults.X2GOBROKER_AUTHSERVICE_SOCKET)) + s.connect(x2gobroker.defaults.X2GOBROKER_AUTHSERVICE_SOCKET) + logger_broker.debug('sending username={username}, password=<hidden>, service={service} to authentication service'.format(username=username, service=service)) s.send('{username} {password} {service}\n'.format(username=username, password=password, service=service)) result = s.recv(1024) s.close() if result.startswith('ok'): - logger_authservice.info('authentication against PAM service »{service}« succeeded for user »{username}«'.format(username=username, service=service)) + logger_broker.info('authentication against PAM service »{service}« succeeded for user »{username}«'.format(username=username, service=service)) return True - logger_authservice.info('authentication against service »{service}« failed for user »{username}«'.format(username=username, service=service)) + logger_broker.info('authentication against service »{service}« failed for user »{username}«'.format(username=username, service=service)) return False diff --git a/x2gobroker/web/extras.py b/x2gobroker/web/extras.py index f61c676..cdb810b 100644 --- a/x2gobroker/web/extras.py +++ b/x2gobroker/web/extras.py @@ -42,7 +42,7 @@ class X2GoBrokerPubKeyService(tornado.web.RequestHandler): for http_header_item in self.http_header_items.keys(): self.set_header(http_header_item, self.http_header_items[http_header_item]) - def get(self): + def get(self, *args, **kwargs): output = "" @@ -56,7 +56,4 @@ class X2GoBrokerPubKeyService(tornado.web.RequestHandler): pubkey = paramiko.DSSKey(filename='{home}/.ssh/id_dsa'.format(home=broker_home)) output += 'ssh-dss {pubkey} {user}@{hostname}\n'.format(pubkey=str(pubkey.get_base64()), user=x2gobroker.defaults.X2GOBROKER_DAEMON_USER, hostname=x2gobroker.defaults.X2GOBROKER_HOSTNAME) - if not output: - raise tornado.web.HTTPError(404) - self.write(output) hooks/post-receive -- x2gobroker.git (HTTP(S) Session broker for X2Go) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).