The branch, master has been updated via 65db3d550c384ff0afbc0d9e97855ac1bf4bbea7 (commit) from c6fbb4cf743a450b4a251bf39e86822662b17a73 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 65db3d550c384ff0afbc0d9e97855ac1bf4bbea7 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Fri Mar 1 17:27:08 2013 +0100 rename specifiers for cookie authentication system, not in use, yet ----------------------------------------------------------------------- Summary of changes: etc/x2gobroker.conf | 18 +++++++++--------- x2gobroker/brokers/base_broker.py | 38 +++++++++++++++++++------------------ x2gobroker/defaults.py | 6 +++--- 3 files changed, 32 insertions(+), 30 deletions(-) The diff of changes is: diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf index 70d0906..3e9ee23 100644 --- a/etc/x2gobroker.conf +++ b/etc/x2gobroker.conf @@ -50,20 +50,20 @@ # profile mapping in LDAP -# Allow unauthenticated connections? Then set check_credentials to false. +# Allow unauthenticated connections? Then set check-credentials to false. #check-credentials = true # To secure server-client communication the client can start the communication -# with a pre-set, agreed on authentication ID. Set the below value to 1 to make -# use of this feature -#use-authid = false +# with a pre-set, agreed on authentication ID. Set the below value to true +# to make the X2Go Session Broker require this feature +#require-cookie-auth = false -# X2Go supports two different auth ID modes (static and dynamic), for now set -# the below value to true -#use-static-authid = true +# X2Go supports two different cookie authentication modes (static and dynamic). +#use-static-cookie = false -# Make up your own authid below... -#authid = <aaaavveeeerrrrryyyyylooonnnnggggssttrrriiinnnggg> +# Every server-client communication (between X2Go Client and broker) has to be +# accompanied by this initial authentication cookie. +#my-cookie = <aaaavveeeerrrrryyyyylooonnnnggggssttrrriiinnnggg> # X2Go Session Broker knows about two output formats: a text/html based output # and a text/json based output. The different outputs run under different URLs diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py index 2f9b6d2..c980119 100644 --- a/x2gobroker/brokers/base_broker.py +++ b/x2gobroker/brokers/base_broker.py @@ -66,7 +66,7 @@ class X2GoBroker(object): if config_defaults is None: config_defaults = x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS self.config = x2gobroker.config.X2GoBrokerConfigFile(config_files=self.config_file, defaults=config_defaults) - self._dynamic_authid_map = {} + self._dynamic_cookie_map = {} self._client_address = None def __del__(self): @@ -687,7 +687,7 @@ class X2GoBroker(object): else: return [] - def check_access(self, username='', password='', authid=None, ): + def check_access(self, username='', password='', cookie=None, ): """\ Check if a given user with a given password may gain access to the X2Go session broker. @@ -696,6 +696,8 @@ class X2GoBroker(object): @type username: C{unicode} @param password: a password that authenticates the user against the X2Go session broker @type password: C{unicode} + @param cookie: an extra (static or dynamic) authentication token + @type cookie: C{unicode} @return: returns C{True} if the authentication has been successful @rtype: C{bool} @@ -717,46 +719,46 @@ class X2GoBroker(object): ### HANDLING OF DYNAMIC AUTHENTICATION ID HASHES - # using authid as extra security? - if self.config.get_value('global', 'use-authid'): + # using cookie authentication as extra security? + if self.config.get_value('global', 'require-cookie-authentication'): - if type(authid) is types.StringType: - authid = unicode(authid) + if type(cookie) is types.StringType: + cookie = unicode(cookie) - if self.config.get_value('global', 'use-static-authid'): + if self.config.get_value('global', 'use-static-cookie'): # evaluate access based on static authentication ID feature - access = access and ( authid == self.config.get_value('global', 'authid') ) + access = access and ( cookie == self.config.get_value('global', 'my-cookie') ) else: # evaluate access based on dynamic authentication ID feature - if self._dynamic_authid_map.has_key(username): - access = access and ( authid == self._dynamic_authid_map[username] ) + if self._dynamic_cookie_map.has_key(username): + access = access and ( cookie == self._dynamic_cookie_map[username] ) if access: - self._dynamic_authid_map[username] = uuid.uuid5(namespace=authid, name=username) + self._dynamic_cookie_map[username] = uuid.uuid5(namespace=cookie, name=username) else: - access = access and ( authid == self.config.get_value('global', 'authid') ) + access = access and ( cookie == self.config.get_value('global', 'my-cookie') ) if access: # generate a first uuid, initialize the dynamic authencation ID security feature - self._dynamic_authid_map[username] = uuid.uuid4() + self._dynamic_cookie_map[username] = uuid.uuid4() return access - def get_next_authid(self, username): + def get_next_cookie(self, username): """\ - Get the next expected authentication ID for the given user name. + Get the next expected authentication cookie for the given user name. - @param username: query next auth ID for this user + @param username: query next authentication cookie for this user @type username: C{unicode} - @return: returns next authentication ID for the given username, None if no auth ID has been generated, yet. + @return: returns next authentication cookie for the given username, None if no cookie has been generated, yet @rtype: C{unicode} or C{None} """ try: - return self._dynamic_authid_map[username] + return self._dynamic_cookie_map[username] except KeyError: return None diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py index 8274e71..4e52156 100644 --- a/x2gobroker/defaults.py +++ b/x2gobroker/defaults.py @@ -114,9 +114,9 @@ X2GOBROKER_CONFIG_DEFAULTS = { 'global': { u'backend': u'zeroconf', u'check-credentials': True, - u'use-authid': False, - u'use-static-authid': True, - u'authid': uuid.uuid4(), + u'require-cookie-auth': False, + u'use-static-cookie': False, + u'my-cookie': uuid.uuid4(), u'enable-plain-output': True, u'enable-json-output': False, u'enable-html-output': False, hooks/post-receive -- x2gobroker.git (HTTP(S) Session broker for X2Go) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).