This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit 0dcd15ff0334890df18592baf7f1a12bbf812a2a Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Tue Oct 28 18:45:39 2014 +0100 Provide legacy support for deprecated x2gobroker.conf global parameter 'check-credentials'. --- debian/changelog | 2 ++ x2gobroker/brokers/base_broker.py | 16 ++++++++++++---- x2gobroker/defaults.py | 4 ++++ 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/debian/changelog b/debian/changelog index 9bfaa0e..ed9222e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -169,6 +169,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low completely. - Make sure that without configuration files, the HTTP broker listens to port 8080. + - Provide legacy support for deprecated x2gobroker.conf global parameter + 'check-credentials'. * debian/control: + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py index 9473c70..3e60280 100644 --- a/x2gobroker/brokers/base_broker.py +++ b/x2gobroker/brokers/base_broker.py @@ -826,10 +826,18 @@ class X2GoBroker(object): @rtype: C{bool},C{unicode} """ + require_password = self.config.get_value('global', 'require-password') + require_cookie = self.config.get_value('global', 'require-cookie') + + # LEGACY support for X2Go Session Broker (<< 0.0.3.0) configuration files + if not self.config.get_value('global', 'check-credentials'): + logger_broker.warning('base_broker.X2GoBroker.check_access(): deprecated parameter \'check-credentials\' used in x2gobroker.conf (use \'require-password\' and \'require-cookie\' instead)!!!'.format(configfile=self.config_file)) + require_password = False + require_cookie = False + ### FOR INTRANET LOAD BALANCER WE MAY JUST ALLOW ACCESS TO EVERYONE ### This is handled through the config file, normally /etc/x2go/x2gobroker.conf - - if not self.config.get_value('global', 'require-password') and not self.config.get_value('global', 'require-cookie'): + if not require_password and not require_cookie: logger_broker.debug('base_broker.X2GoBroker.check_access(): access is granted without checking credentials, prevent this in {configfile}'.format(configfile=self.config_file)) return True, None elif username == 'check-credentials' and password == 'FALSE': @@ -841,7 +849,7 @@ class X2GoBroker(object): if type(cookie) is types.StringType: cookie = unicode(cookie) - if (((cookie == None) or (cookie == "")) and self.config.get_value('global', 'require-cookie')): + if (((cookie == None) or (cookie == "")) and require_cookie): #cookie required but we did not get one - catch wrong cookie case later logger_broker.debug('base_broker.X2GoBroker.check_access(): cookie required but none given.') return False, None @@ -852,7 +860,7 @@ class X2GoBroker(object): logger_broker.debug('base_broker.X2GoBroker.check_access(): checking if our configured cookie was submitted: {access}'.format(access=access)) # the require cookie but not password case falls through to returning value of access - if self.config.get_value('global', 'require-password'): + if require_password: # using files to store persistant cookie information because global variables do not work across threads in WSGI if _X2GOBROKER_USER == _X2GOBROKER_DAEMON_USER: diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py index 9451d4b..91931c7 100644 --- a/x2gobroker/defaults.py +++ b/x2gobroker/defaults.py @@ -190,6 +190,10 @@ X2GOBROKER_HOME = os.path.normpath(os.path.expanduser('~{broker_uid}'.format(bro # defaults for X2Go Sessino Broker configuration file X2GOBROKER_CONFIG_DEFAULTS = { 'global': { + # legacy support for X2Go Session Broker << 0.0.3.0 + # the check-credentials parameter has been slit up into the two params above + u'check-credentials': True, + # use these two instead of check-credentials... u'require-password': True, u'require-cookie': False, u'use-static-cookie': True, -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git