[X2go-Commits] x2gobroker.git - master (branch) updated: e4c48da663e47c7fa1afc0892effdb871c93d027

The branch, master has been updated via e4c48da663e47c7fa1afc0892effdb871c93d027 (commit) via bd1f9e0e3e0f14d7d98c537ef3bfeb19b025a9e5 (commit) from 57030875e10c269c360ac2b1c1623b9f427d6714 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e4c48da663e47c7fa1afc0892effdb871c93d027 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Thu Nov 29 12:45:42 2012 +0100 first draft of packaging the Python approach of x2gobroker.git commit bd1f9e0e3e0f14d7d98c537ef3bfeb19b025a9e5 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Thu Nov 29 10:13:57 2012 +0100 migrate Perl-based code into a Python-based solution using web.py ----------------------------------------------------------------------- Summary of changes: Makefile | 4 +- Makefile.PL | 9 - NEWS | 12 + README | 8 + README.dangerous-piece-of-code | 11 - TODO | 7 + X2Go/Broker.pm | 60 -- X2Go/Broker/Common.pm | 49 -- X2Go/Broker/LDAP.pm | 633 -------------------- X2Go/Broker/Simple.pm | 633 -------------------- X2Go/Broker/ZeroConf.pm | 184 ------ cgi/x2gobroker.cgi | 97 --- debian/changelog | 11 +- debian/control | 101 ++-- debian/copyright | 10 +- ...x2gobroker-ldap.dirs => python-x2gobroker.dirs} | 1 + ...gobroker-common.docs => python-x2gobroker.docs} | 0 debian/python-x2gobroker.install | 3 + debian/rules | 8 +- debian/x2gobroker-agent.dirs | 1 - .../x2gobroker-cgi.install | 0 debian/x2gobroker-common.dirs | 2 - debian/x2gobroker-common.install | 1 - debian/x2gobroker-daemon.default | 4 + debian/x2gobroker-daemon.init | 72 +++ debian/x2gobroker-ldap.docs | 3 - debian/x2gobroker-ldap.install | 1 - debian/x2gobroker-ldap.links | 1 - debian/x2gobroker-simple.dirs | 1 - debian/x2gobroker-simple.docs | 3 - debian/x2gobroker-simple.install | 1 - debian/x2gobroker-simple.links | 1 - debian/x2gobroker-zeroconf.dirs | 1 - debian/x2gobroker-zeroconf.docs | 3 - debian/x2gobroker-zeroconf.links | 1 - debian/x2gobroker.install | 1 + debian/x2gobroker.pam | 2 - etc/{x2gobroker-ldap.cfg => x2gobroker.conf} | 7 + lib/x2gobroker-agent.pl | 28 +- pam/x2gobroker | 2 + sbin/x2gobroker | 152 +++++ etc/x2gobroker-ldap.cfg => setup.py | 27 +- etc/x2gobroker-ldap.cfg => x2gobroker/__init__.py | 13 +- x2gobroker/base.py | 157 +++++ etc/x2gobroker-ldap.cfg => x2gobroker/ldap.py | 35 +- etc/x2gobroker-ldap.cfg => x2gobroker/simple.py | 35 +- x2gobroker/zeroconf.py | 56 ++ 47 files changed, 627 insertions(+), 1825 deletions(-) delete mode 100644 Makefile.PL delete mode 100644 README.dangerous-piece-of-code delete mode 100644 X2Go/Broker.pm delete mode 100644 X2Go/Broker/Common.pm delete mode 100644 X2Go/Broker/LDAP.pm delete mode 100644 X2Go/Broker/Simple.pm delete mode 100644 X2Go/Broker/ZeroConf.pm delete mode 100755 cgi/x2gobroker.cgi rename debian/{x2gobroker-ldap.dirs => python-x2gobroker.dirs} (50%) rename debian/{x2gobroker-common.docs => python-x2gobroker.docs} (100%) create mode 100644 debian/python-x2gobroker.install delete mode 100644 debian/x2gobroker-agent.dirs rename etc/x2gobroker-simple.cfg => debian/x2gobroker-cgi.install (100%) delete mode 100644 debian/x2gobroker-common.dirs delete mode 100644 debian/x2gobroker-common.install create mode 100644 debian/x2gobroker-daemon.default create mode 100644 debian/x2gobroker-daemon.init delete mode 100644 debian/x2gobroker-ldap.docs delete mode 100644 debian/x2gobroker-ldap.install delete mode 100644 debian/x2gobroker-ldap.links delete mode 100644 debian/x2gobroker-simple.dirs delete mode 100644 debian/x2gobroker-simple.docs delete mode 100644 debian/x2gobroker-simple.install delete mode 100644 debian/x2gobroker-simple.links delete mode 100644 debian/x2gobroker-zeroconf.dirs delete mode 100644 debian/x2gobroker-zeroconf.docs delete mode 100644 debian/x2gobroker-zeroconf.links create mode 100644 debian/x2gobroker.install delete mode 100644 debian/x2gobroker.pam copy etc/{x2gobroker-ldap.cfg => x2gobroker.conf} (95%) create mode 100644 pam/x2gobroker create mode 100755 sbin/x2gobroker copy etc/x2gobroker-ldap.cfg => setup.py (59%) mode change 100644 => 100755 copy etc/x2gobroker-ldap.cfg => x2gobroker/__init__.py (69%) create mode 100644 x2gobroker/base.py copy etc/x2gobroker-ldap.cfg => x2gobroker/ldap.py (59%) rename etc/x2gobroker-ldap.cfg => x2gobroker/simple.py (59%) create mode 100644 x2gobroker/zeroconf.py The diff of changes is: diff --git a/Makefile b/Makefile index 0cf6a8b..3a68e40 100755 --- a/Makefile +++ b/Makefile @@ -55,8 +55,8 @@ build_setuidwrappers: gcc -fPIE -pie -o lib/x2gobroker-agent src/x2gobroker-agent.c build-indep: - $(PERL) Makefile.PL INSTALLDIRS=vendor - $(MAKE) -f Makefile.perl +# $(PERL) Makefile.PL INSTALLDIRS=vendor +# $(MAKE) -f Makefile.perl distclean: clean diff --git a/Makefile.PL b/Makefile.PL deleted file mode 100644 index 1b63b56..0000000 --- a/Makefile.PL +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/perl - -use ExtUtils::MakeMaker; - -WriteMakefile(FIRST_MAKEFILE => 'Makefile.perl', - PMLIBDIRS => ['X2Go'], - NAME => '', - VERSION => '0.0.0.1', - ); diff --git a/NEWS b/NEWS index e69de29..37d39b4 100644 --- a/NEWS +++ b/NEWS @@ -0,0 +1,12 @@ +NEWS on X2Go Session Broker +=========================== + +X2Go Session Broker is a Web project that provides +session brokerage for X2Go via HTTP(S). + +The framework was originally designed in Perl and his +been rewritten in Python using the web.py framework +in 2012/2013. + +light+love, +Mike Gabriel, 20121129 \ No newline at end of file diff --git a/README b/README index e69de29..763a825 100644 --- a/README +++ b/README @@ -0,0 +1,8 @@ +README for X2Go Session Broker +============================== + +X2Go Session Broker is a Web project that provides +session brokerage for X2Go via HTTP(S). + +light+love, +Mike Gabriel, 20121129 \ No newline at end of file diff --git a/README.dangerous-piece-of-code b/README.dangerous-piece-of-code deleted file mode 100644 index 0909f32..0000000 --- a/README.dangerous-piece-of-code +++ /dev/null @@ -1,11 +0,0 @@ -X2Go subproject: X2Go Session Broker (x2gobroker.git) ------------------------------------------------------ - -Whoever takes a look at this piece of code... - -It is currently a quite dangerous piece of software and not at all usable. - -Please stay away from it. - -light+love, 20120916 -Mike Gabriel diff --git a/TODO b/TODO index e69de29..4787426 100644 --- a/TODO +++ b/TODO @@ -0,0 +1,7 @@ +TODO list for X2Go Session Broker +================================= + +Plenty of work in the loop... + +light+love, +Mike Gabriel, 20121129 \ No newline at end of file diff --git a/X2Go/Broker.pm b/X2Go/Broker.pm deleted file mode 100644 index 62d0da0..0000000 --- a/X2Go/Broker.pm +++ /dev/null @@ -1,60 +0,0 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> -# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> -# -# X2Go Session Broker is free software; you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# X2Go Session Broker is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program; if not, write to the -# Free Software Foundation, Inc., -# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. - -package X2Go::Broker; - -=head1 NAME - -X2Go::Broker - X2GO Session Broker modules for Perl - -=head1 DESCRIPTION - -An X2Go Session Broker allows to manage X2Go server farms TTW (using -https protocol). - -=head1 VERSION - -Version 0.0.0.1 - -=head1 AUTHOR - -Oleksandr Shneyder, C<< <oleksandr.shneyder at obviously-nice.de> >> - -Mike Gabriel, C<< <mike.gabriel at das-netzwerkteam.de> >> - -=head1 LICENSE AND COPYRIGHT - -Copyright 2011-2012, Oleksandr Shneyder, C<< <oleksandr.shneyder at obviously-nice.de> >> - -Copyright 2012, Mike Gabriel, C<< <mike.gabriel at das-netzwerkteam.de> >> - -This program is free software; you can redistribute it and/or modify it -under the terms of the AGPL-3+ license. - -=cut - -use strict; - -### for debugging purposes... -#use Data::Dumper; - -use base 'Exporter'; -our @EXPORT = ( ); - diff --git a/X2Go/Broker/Common.pm b/X2Go/Broker/Common.pm deleted file mode 100644 index f480082..0000000 --- a/X2Go/Broker/Common.pm +++ /dev/null @@ -1,49 +0,0 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> -# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> -# -# X2Go Session Broker is free software; you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# X2Go Session Broker is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program; if not, write to the -# Free Software Foundation, Inc., -# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. - -package X2Go::Broker::Common; - -use strict; - -### for debugging purposes... -#use Data::Dumper; - -use base 'Exporter'; -our @EXPORT = ('ExecBrokerAgent', ); - -### -### public functions -### - -sub ExecBrokerAgent -{ - my ($user, $hostname, $cmd)=@_; - my $res=`ssh -o ConnectTimeout=15 -o UserKnownHostsFile=/etc/x2go/x2gobroker/ts_known_hosts x2gobroker\@$hostname -i /etc/x2go/x2gobroker/id_x2gobroker_dsa \"/usr/lib/x2go/x2gobroker-agent $user $cmd 2>/dev/null\"`; - my @rarr=split("\n",$res); - my $stat; - if( @rarr[0] eq 'OK' ) - { - $stat=1; - } else { - $stat=0; - } - shift(@rarr); - return($stat,join("\n",@rarr)); -} diff --git a/X2Go/Broker/LDAP.pm b/X2Go/Broker/LDAP.pm deleted file mode 100644 index d05d63f..0000000 --- a/X2Go/Broker/LDAP.pm +++ /dev/null @@ -1,633 +0,0 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> -# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> -# -# X2Go Session Broker is free software; you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# X2Go Session Broker is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program; if not, write to the -# Free Software Foundation, Inc., -# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. - -package x2gobroker-ldap; - -use strict; -use Net::LDAP; -use Config::Simple; -use Crypt::SaltedHash; -use MIME::Base64; -use Data::Dumper; - - -my $cfg=new Config::Simple(syntax=>'ini'); -$cfg->read("/etc/x2go/x2gobroker-ldap.cfg"); -my $ldapuri=$cfg->param('ldapuri'); -my $replica=$cfg->param('replica'); -my $binddn=$cfg->param('binddn'); -my $bindpw=$cfg->param('bindpw'); - -use base 'Exporter'; -our @EXPORT = ('checkAccess', 'listSessions', 'selectSession', 'setPass'); - -sub getBase -### -### FIXME: provide that in /etc/x2go/x2gobroker-ldap.cfg -### FIXME: put the pid of this process in the lock files -{ - my $login=shift; - $login=~s/cn=ldapadmin,//; - return $login; -} - -sub initLdap -### -### FIXME: lock files have to be in /run or /var/run... -### -{ - my $masterlocked=0; - my $replicalocked=0; - if ( ( -e "/etc/x2go/x2gobroker/masterldap.lock") && ( -e "/etc/x2go/x2gobroker/replicaldap.lock" ) ) - { - die "Can't connect to LDAP server"; - } - if ( -e "/etc/x2go/x2gobroker/replicaldap.lock" ) - { - $masterlocked=1; - my ($ldap,$error)=initLDAPServer( $ldapuri ); - if( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/masterldap.lock`; - die "Can't connect to LDAP server"; - } - return $ldap; - } - if( -e "/etc/x2go/x2gobroker/masterldap.lock" ) - { - $replicalocked=1; - my ($ldap,$error)=initLDAPServer( $replica ); - if ( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/replicaldap.lock`; - die "Can't connect to LDAP server"; - } - return $ldap; - } - if( ! int(rand(2)) ) - { - my ($ldap,$error)=initLDAPServer( $ldapuri ); - if( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/masterldap.lock`; - return initLdap(); - } - return $ldap; - } else { - my ($ldap,$error)=initLDAPServer( $replica ); - if(!$ldap) - { - `touch /etc/x2go/x2gobroker/replicaldap.lock`; - return initLdap(); - } - return $ldap; - } -} - -sub initMasterLdap -{ - if(-e "/etc/x2go/x2gobroker/masterldap.lock") - { - die "Master LDAP server is down\n"; - } - my ($ldap,$error)=initLDAPServer( $ldapuri ); - if( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/masterldap.lock`; - die $error; - } - return $ldap; -} - -sub initLDAPServer -{ - my $url=shift; - my $ldap=Net::LDAP->new( $url ); - if( ! $ldap ) - { - notify("LDAP server $url is down ($@). Please, repair it and remove lock file in /etc/x2go/x2gobroker\n"); - return (0,"$@"); - } - my $message = $ldap->bind($binddn,password=>$bindpw); - if(!$message) - { - notify("LDAP server $url is down ($@). Please, repair it and remove lock file in /etc/x2go/x2gobroker\n"); - return (0,"$@"); - } - return ($ldap,0); -} - -sub setPass -{ - my ($user, $newpass)=@_; - # check if we have master ldap here - - my $attr; - - my $csh=Crypt::SaltedHash->new(algorithm => 'SHA-1'); - $csh->add($newpass); - $newpass=$csh->generate; - - push(@$attr,'userPassword'=>$newpass); - my $changes; - push(@$changes,'replace'=>$attr); - - my $ldap = initMasterLdap(); - - my $dn="cn=$user,ou=BrokerUsers".getBase($binddn); - my $message=$ldap->modify($dn, changes => $changes); - - if($message->code) - { - die $message->error.": ".$message->error_desc; - } - print "\n<br>CHANGING PASS OK<br>\n"; -} - -sub selectSession -{ - my ($user, $sid)=@_; - my @words=split("\@",$sid); - my $sess_id=@words[1]; - my $host=@words[0]; - checkAndStartSession($user, $host, $sess_id); -} - -sub getExtCon -{ - my $host=shift; - - my $ldap = initLdap(); - - my $dn="cn=$host,ou=Servers,ou=ON".getBase($binddn); - #### - #### FIXME: get scope from config file in /etc/x2go/x2gobroker-*.conf - #### - my $message=$ldap->search(base => $dn, - scope => 'base', - filter => '(objectClass=ipHost)' - ); - - if($message->code) - { - die $message->error.": ".$message->error_desc; - } - foreach ($message->entries) - { - my $asn=$_->{'asn'}; - my $attr=$asn->{'attributes'}; - foreach (@$attr) - { - my $type=$_->{'type'}; - my $value=$_->{'vals'}[0]; - if( $type eq 'description' ) - { - my @words=split(":",$value); - return (@words[0], @words[1]); - } - } - } -} - -sub checkAndStartSession -{ - my ($uid,$host,$sid)=@_; - my ($status,$sessions)=check_ts($host,$uid); - if(!$status) - { - print "ERROR check TS\n"; - return; - } - my $running=0; - if( $sessions ) - { - my @sinfo=split("\\|",$sessions); - my $sess_stat=@sinfo[4]; - my $sess_srv=@sinfo[3]; - $sid=@sinfo[1]; - if( $sess_stat eq 'R' ) - { - $running=1; - my $str; - ($status,$str)=remoteBroker($host,$uid,"suspend $sid"); - $sessions=~s/\|R\|/\|S\|/; - } - if( $sess_stat eq 'S' ) - { - $running=1; - } - } - - my($ip,$port)=getExtCon($host); - print "SERVER:$ip:$port\n"; - if($running) - { - print "SESSION_INFO:".(split("\n",$sessions))[0]."\n"; - } -} - -sub checkRunningSession -{ - my ($sess_srv, $sess_stat, $server_dn, $uid, $sid, $ldap)=@_; - my @dn_el=split(',',$server_dn); - shift(@dn_el); - shift(@dn_el); - my $node_dn="cn=".$sess_srv.",ou=Hosts,".join(',',@dn_el); - #### - #### FIXME: get scope from config file in /etc/x2go/x2gobroker-*.conf - #### - my $mesg=$ldap->search(base => $node_dn, - scope => 'base', - filter => '(objectClass=X2GoServerNode)' - ); - if(!$mesg->code) - { - my @entries=$mesg->entries(); - if(@entries[0]->get_value('serverStatus') eq 'TRUE') - { - my $node_ref={}; - $node_ref->{'ip'}=@entries[0]->get_value('ipHostNumber'); - $node_ref->{'dn'}=$node_dn; - my $status; - my $str; - if( $sess_stat eq 'R' ) - { - print "session running, suspend session $sid\n"; - ($status,$str)=remoteBroker($node_ref->{'ip'},$uid,"suspend $sid",$node_ref->{'dn'}, $ldap); - } else { - print "session not running, ping node\n"; - ($status,$str)=remoteBroker($node_ref->{'ip'},$uid,'ping',$node_ref->{'dn'}, $ldap); - } - if($status) - { - return $node_ref; - } - print "error executing remote broker \n"; - } - print "node is down \n"; - return 0; - } - print "error searching $node_dn: ".$mesg->error."\n"; - return 0; -} - -sub startNewSession -{ - my ($dn, $ldap, $uid)=@_; - #### - #### FIXME: get scope from config file in /etc/x2go/x2gobroker-*.conf - #### - my $mesg=$ldap->search(base => $dn, - scope => 'base', - filter => '(objectClass=X2GoServer)' - ); - - if($mesg->code) - { - return 0; - } - - my @entries=$mesg->entries(); - my $ref = @entries[0]->get_value ( 'serverNode', asref => 1 ); - my $nodes; - foreach(@$ref) - { - my $server=$_; - my @sdn=split(",",$dn); - shift(@sdn); - shift(@sdn); - my $server_dn="cn=$server,ou=Hosts,".join(",",@sdn); - - my $mesg=$ldap->search(base => $server_dn, - scope => 'base', - filter => '(objectClass=X2GoServerNode)' - ); - if( ! $mesg->code ) - { - my @entries=$mesg->entries(); - if(@entries[0]->get_value('serverStatus') eq 'TRUE') - { - my $node_ref={}; - $node_ref->{'ip'}=@entries[0]->get_value('ipHostNumber'); - $node_ref->{'sessions'}=0; - $node_ref->{'dn'}=$server_dn; - $nodes->{$server}=$node_ref; - } - } - } - return findBestServer($nodes,$ldap, $uid); -} - -sub findBestServer -{ - my ($nodes, $ldap, $user)=@_; - my $servers; - my $status; - while( my ($key,$value) = each(%$nodes)) - { - if( ! $status ) - { - my $ip=$value->{'ip'}; - my $dn=$value->{'dn'}; - ($status,$servers)=remoteBroker($ip,$user,'getservers',$dn, $ldap); - if(!$status) - { - delete $nodes->{$key}; - } - } - } - if( ! $status ) - { - return 0; - } - my @srvlines=split("\n",$servers); - foreach(@srvlines) - { - my @words=split(' ',$_); - my $ref=$nodes->{@words[0]}; - if( $ref ) - { - $ref->{'sessions'}=1*@words[1]; - } - } - return checkServers($nodes, $ldap, $user); -} - -sub checkServers -{ - my ($nodes, $ldap, $user)=@_; - my $bestnode=0; - my $bestnodekey; - my $key; - my $value; - while( ($key,$value) = each(%$nodes)) - { - if(! $bestnode) - { - $bestnode=$value; - $bestnodekey=$key; - } else { - if($value->{'sessions'}<$bestnode->{'sessions'}) - { - $bestnode=$value; - $bestnodekey=$key; - } - } - } - if( ! $bestnode ) - { - print "bestnode is null: \n"; - return 0; - } else { - my $ip=$bestnode->{'ip'}; - my $dn=$bestnode->{'dn'}; - my ($status,$fakearr)=remoteBroker($ip,$user,'ping',$dn, $ldap); - if( ! $status ) - { - delete $nodes->{$bestnodekey}; - return checkServers($nodes, $ldap, $user); - } else { - return $bestnode; - } - } -} - - -sub check_ts -{ - my ($host, $user)=@_; - my $server_dn; - my $ldap; - my($status,$sessions)=getSessionRunning($server_dn, $host, $user, $ldap); - if( $status ) - { - return (1,$sessions); - } - return (0,0); -} - -sub getSessionRunning -{ - my ($dn,$ip,$user, $ldap)=@_; - my ($status,$sessions)=remoteBroker($ip,$user,'listsessions', $dn, $ldap); - if( ! $status ) - { - return (0,0); - } else { - return (1,$sessions); - } -} - -sub remoteBroker -{ - my ($ip, $user, $cmd, $dn, $ldap)=@_; - my $res=`ssh -o ConnectTimeout=15 -o UserKnownHostsFile=/etc/x2go/x2gobroker/ts_known_hosts x2gobroker\@$ip -i /etc/x2go/x2gobroker/id_x2gobroker_dsa \"/usr/lib/x2go/broker/x2gobroker-command $user $cmd 2>/dev/null\"`; - my @rarr=split("\n",$res); - my $stat; - if(@rarr[0] eq 'OK') - { - $stat=1; - } else { - $stat=0; - # setNodeDown($dn, $ldap, $cmd, $user); - } - shift(@rarr); - return($stat,join("\n",@rarr)); -} - -sub notify -{ - my $message=shift; - open (F,">>/tmp/x2gobroker.log"); - print F `date`.$message."\n"; - close(F); -} - -sub setNodeDown -{ - my($dn, $ldap, $cmd, $user)=@_; - my $attr; - push(@$attr,'serverStatus' => 'FALSE'); - my $changes; - push (@$changes, 'replace' => $attr); - $ldap->modify($dn,changes => $changes); - notify ("set status of $dn to \"down\", failed command: \"$cmd\", user: \"$user\"\n"); -} - -sub setServerDown -{ - my($dn, $ldap)=@_; - my $attr; - push(@$attr,'serverStatus' => 'FALSE'); - my $changes; - push (@$changes, 'replace' => $attr); - $ldap->modify($dn,changes => $changes); - notify ("set status of $dn to \"down\", all nodes are down\n"); -} - -sub checkAccess -{ - my ($user,$pass)=@_; - - my $ldap = initLdap(); - - my $dn="uid=$user,ou=People".getBase($binddn); - my $mesg=$ldap->search(base => $dn, - scope => 'base', - filter => '(objectClass=posixAccount)' - ); - - if( $mesg->code ) - { - return 0; - } - - my @entries=$mesg->entries(); - my $crypted=@entries[0]->get_value('userPassword'); - $mesg = $ldap->unbind; - if ( Crypt::SaltedHash->validate($crypted, $pass) ) - { - return 1; - } - return 0; -} - -sub listSessions -{ - my $user=shift; - - my $ldap = initLdap(); - - my $dn="ou=Servers,ou=ON".getBase($binddn); - my $message=$ldap->search(base => $dn, - scope => 'sub', - filter => '(objectClass=ipHost)' - ); - - if($message->code) - { - die $message->error.": ".$message->error_desc; - } - # print Dumper($message->entries); - print "START_USER_SESSIONS<br>"; - foreach ($message->entries) - { - my $asn=$_->{'asn'}; - my $attr=$asn->{'attributes'}; - my $host; - my $int_ip; - my $ext_ip; - my $ext_port; - foreach (@$attr) - { - my $type=$_->{'type'}; - my $value=$_->{'vals'}[0]; - if( $type eq 'cn' ) - { - $host=$value; - } - } - my($status,$sessions)=getSessionRunning($dn,$host,$user, $ldap); - if($status) - { - my $sess_srv; - if($sessions) - { - my @sinfo=split("\\|",$sessions); - my $sess_stat=@sinfo[4]; - $sess_srv=@sinfo[3]; - my $sid=@sinfo[1]; - print "<br>[$host\@$sid]<br>"; - print "status=$sess_stat<br>"; - #get ip - #get port - } else { - my $sessions; - ($sess_srv,$ext_ip,$ext_port, $sessions)=getBestNode($dn, $ldap, $user, $host, $message); - print "<br>[$host]<br>"; - } - #print "host=$ext_ip<br>"; - print "user=$user<br>"; - #print "sshport=$ext_port<br>"; - print "name=Stadt Treuchtlingen<br>"; - goto loop_end; - } - } - loop_end: - print "END_USER_SESSIONS<br>"; - $ldap->unbind(); -} - -sub getBestNode -{ - my ($dn, $ldap, $user, $ip, $message)=@_; - my $servers; - my $status; - ($status,$servers)=remoteBroker($ip,$user,'getservers',$dn, $ldap); - my $srvref={}; - my @srvlines=split("\n",$servers); - foreach(@srvlines) - { - my @words=split(' ',$_); - $srvref->{@words[0]}=1*@words[1]; - } - my $bestval=-1; - my $bestsrv; - my $bestext_ip; - my $bestext_port; - foreach ($message->entries) - { - my $asn=$_->{'asn'}; - my $attr=$asn->{'attributes'}; - my $host; - my $ext_ip; - my $ext_port; - foreach (@$attr) - { - my $type=$_->{'type'}; - my $value=$_->{'vals'}[0]; - if( $type eq 'cn' ) - { - $host=$value; - } - if($type eq 'description') - { - my @words=split(":",$value); - $ext_ip=@words[0]; - $ext_port=@words[1]; - } - } - my $sess=$srvref->{$host}; - if( ! $sess ) - { - return($host, $ext_ip, $ext_port,0); - } - if($sess < $bestval || $bestval == -1) - { - $bestval=$sess; - $bestsrv=$host; - $bestext_ip=$ext_ip; - $bestext_port=$ext_port; - } - } - return($bestsrv, $bestext_ip, $bestext_port, $bestval); -} - -1; diff --git a/X2Go/Broker/Simple.pm b/X2Go/Broker/Simple.pm deleted file mode 100644 index 5e56c28..0000000 --- a/X2Go/Broker/Simple.pm +++ /dev/null @@ -1,633 +0,0 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> -# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> -# -# X2Go Session Broker is free software; you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# X2Go Session Broker is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program; if not, write to the -# Free Software Foundation, Inc., -# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. - -package x2gobroker-simple; - -use strict; -use Net::LDAP; -use Config::Simple; -use Crypt::SaltedHash; -use MIME::Base64; -use Data::Dumper; - - -my $cfg=new Config::Simple(syntax=>'ini'); -$cfg->read("/etc/x2go/x2gobroker-simple.cfg"); -my $ldapuri=$cfg->param('ldapuri'); -my $replica=$cfg->param('replica'); -my $binddn=$cfg->param('binddn'); -my $bindpw=$cfg->param('bindpw'); - -use base 'Exporter'; -our @EXPORT = ('checkAccess', 'listSessions', 'selectSession', 'setPass'); - -sub getBase -### -### FIXME: provide that in /etc/x2go/x2gobroker-simple.cfg -### FIXME: put the pid of this process in the lock files -{ - my $login=shift; - $login=~s/cn=ldapadmin,//; - return $login; -} - -sub initLdap -### -### FIXME: lock files have to be in /run or /var/run... -### -{ - my $masterlocked=0; - my $replicalocked=0; - if ( ( -e "/etc/x2go/x2gobroker/masterldap.lock") && ( -e "/etc/x2go/x2gobroker/replicaldap.lock" ) ) - { - die "Can't connect to LDAP server"; - } - if ( -e "/etc/x2go/x2gobroker/replicaldap.lock" ) - { - $masterlocked=1; - my ($ldap,$error)=initLDAPServer( $ldapuri ); - if( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/masterldap.lock`; - die "Can't connect to LDAP server"; - } - return $ldap; - } - if( -e "/etc/x2go/x2gobroker/masterldap.lock" ) - { - $replicalocked=1; - my ($ldap,$error)=initLDAPServer( $replica ); - if ( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/replicaldap.lock`; - die "Can't connect to LDAP server"; - } - return $ldap; - } - if( ! int(rand(2)) ) - { - my ($ldap,$error)=initLDAPServer( $ldapuri ); - if( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/masterldap.lock`; - return initLdap(); - } - return $ldap; - } else { - my ($ldap,$error)=initLDAPServer( $replica ); - if(!$ldap) - { - `touch /etc/x2go/x2gobroker/replicaldap.lock`; - return initLdap(); - } - return $ldap; - } -} - -sub initMasterLdap -{ - if(-e "/etc/x2go/x2gobroker/masterldap.lock") - { - die "Master LDAP server is down\n"; - } - my ($ldap,$error)=initLDAPServer( $ldapuri ); - if( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/masterldap.lock`; - die $error; - } - return $ldap; -} - -sub initLDAPServer -{ - my $url=shift; - my $ldap=Net::LDAP->new( $url ); - if( ! $ldap ) - { - notify("LDAP server $url is down ($@). Please, repair it and remove lock file in /etc/x2go/x2gobroker\n"); - return (0,"$@"); - } - my $message = $ldap->bind($binddn,password=>$bindpw); - if(!$message) - { - notify("LDAP server $url is down ($@). Please, repair it and remove lock file in /etc/x2go/x2gobroker\n"); - return (0,"$@"); - } - return ($ldap,0); -} - -sub setPass -{ - my ($user, $newpass)=@_; - # check if we have master ldap here - - my $attr; - - my $csh=Crypt::SaltedHash->new(algorithm => 'SHA-1'); - $csh->add($newpass); - $newpass=$csh->generate; - - push(@$attr,'userPassword'=>$newpass); - my $changes; - push(@$changes,'replace'=>$attr); - - my $ldap = initMasterLdap(); - - my $dn="cn=$user,ou=BrokerUsers".getBase($binddn); - my $message=$ldap->modify($dn, changes => $changes); - - if($message->code) - { - die $message->error.": ".$message->error_desc; - } - print "\n<br>CHANGING PASS OK<br>\n"; -} - -sub selectSession -{ - my ($user, $sid)=@_; - my @words=split("\@",$sid); - my $sess_id=@words[1]; - my $host=@words[0]; - checkAndStartSession($user, $host, $sess_id); -} - -sub getExtCon -{ - my $host=shift; - - my $ldap = initLdap(); - - my $dn="cn=$host,ou=Servers,ou=ON".getBase($binddn); - #### - #### FIXME: get scope from config file in /etc/x2go/x2gobroker-*.conf - #### - my $message=$ldap->search(base => $dn, - scope => 'base', - filter => '(objectClass=ipHost)' - ); - - if($message->code) - { - die $message->error.": ".$message->error_desc; - } - foreach ($message->entries) - { - my $asn=$_->{'asn'}; - my $attr=$asn->{'attributes'}; - foreach (@$attr) - { - my $type=$_->{'type'}; - my $value=$_->{'vals'}[0]; - if( $type eq 'description' ) - { - my @words=split(":",$value); - return (@words[0], @words[1]); - } - } - } -} - -sub checkAndStartSession -{ - my ($uid,$host,$sid)=@_; - my ($status,$sessions)=check_ts($host,$uid); - if(!$status) - { - print "ERROR check TS\n"; - return; - } - my $running=0; - if( $sessions ) - { - my @sinfo=split("\\|",$sessions); - my $sess_stat=@sinfo[4]; - my $sess_srv=@sinfo[3]; - $sid=@sinfo[1]; - if( $sess_stat eq 'R' ) - { - $running=1; - my $str; - ($status,$str)=remoteBroker($host,$uid,"suspend $sid"); - $sessions=~s/\|R\|/\|S\|/; - } - if( $sess_stat eq 'S' ) - { - $running=1; - } - } - - my($ip,$port)=getExtCon($host); - print "SERVER:$ip:$port\n"; - if($running) - { - print "SESSION_INFO:".(split("\n",$sessions))[0]."\n"; - } -} - -sub checkRunningSession -{ - my ($sess_srv, $sess_stat, $server_dn, $uid, $sid, $ldap)=@_; - my @dn_el=split(',',$server_dn); - shift(@dn_el); - shift(@dn_el); - my $node_dn="cn=".$sess_srv.",ou=Hosts,".join(',',@dn_el); - #### - #### FIXME: get scope from config file in /etc/x2go/x2gobroker-*.conf - #### - my $mesg=$ldap->search(base => $node_dn, - scope => 'base', - filter => '(objectClass=X2GoServerNode)' - ); - if(!$mesg->code) - { - my @entries=$mesg->entries(); - if(@entries[0]->get_value('serverStatus') eq 'TRUE') - { - my $node_ref={}; - $node_ref->{'ip'}=@entries[0]->get_value('ipHostNumber'); - $node_ref->{'dn'}=$node_dn; - my $status; - my $str; - if( $sess_stat eq 'R' ) - { - print "session running, suspend session $sid\n"; - ($status,$str)=remoteBroker($node_ref->{'ip'},$uid,"suspend $sid",$node_ref->{'dn'}, $ldap); - } else { - print "session not running, ping node\n"; - ($status,$str)=remoteBroker($node_ref->{'ip'},$uid,'ping',$node_ref->{'dn'}, $ldap); - } - if($status) - { - return $node_ref; - } - print "error executing remote broker \n"; - } - print "node is down \n"; - return 0; - } - print "error searching $node_dn: ".$mesg->error."\n"; - return 0; -} - -sub startNewSession -{ - my ($dn, $ldap, $uid)=@_; - #### - #### FIXME: get scope from config file in /etc/x2go/x2gobroker-*.conf - #### - my $mesg=$ldap->search(base => $dn, - scope => 'base', - filter => '(objectClass=X2GoServer)' - ); - - if($mesg->code) - { - return 0; - } - - my @entries=$mesg->entries(); - my $ref = @entries[0]->get_value ( 'serverNode', asref => 1 ); - my $nodes; - foreach(@$ref) - { - my $server=$_; - my @sdn=split(",",$dn); - shift(@sdn); - shift(@sdn); - my $server_dn="cn=$server,ou=Hosts,".join(",",@sdn); - - my $mesg=$ldap->search(base => $server_dn, - scope => 'base', - filter => '(objectClass=X2GoServerNode)' - ); - if( ! $mesg->code ) - { - my @entries=$mesg->entries(); - if(@entries[0]->get_value('serverStatus') eq 'TRUE') - { - my $node_ref={}; - $node_ref->{'ip'}=@entries[0]->get_value('ipHostNumber'); - $node_ref->{'sessions'}=0; - $node_ref->{'dn'}=$server_dn; - $nodes->{$server}=$node_ref; - } - } - } - return findBestServer($nodes,$ldap, $uid); -} - -sub findBestServer -{ - my ($nodes, $ldap, $user)=@_; - my $servers; - my $status; - while( my ($key,$value) = each(%$nodes)) - { - if( ! $status ) - { - my $ip=$value->{'ip'}; - my $dn=$value->{'dn'}; - ($status,$servers)=remoteBroker($ip,$user,'getservers',$dn, $ldap); - if(!$status) - { - delete $nodes->{$key}; - } - } - } - if( ! $status ) - { - return 0; - } - my @srvlines=split("\n",$servers); - foreach(@srvlines) - { - my @words=split(' ',$_); - my $ref=$nodes->{@words[0]}; - if( $ref ) - { - $ref->{'sessions'}=1*@words[1]; - } - } - return checkServers($nodes, $ldap, $user); -} - -sub checkServers -{ - my ($nodes, $ldap, $user)=@_; - my $bestnode=0; - my $bestnodekey; - my $key; - my $value; - while( ($key,$value) = each(%$nodes)) - { - if(! $bestnode) - { - $bestnode=$value; - $bestnodekey=$key; - } else { - if($value->{'sessions'}<$bestnode->{'sessions'}) - { - $bestnode=$value; - $bestnodekey=$key; - } - } - } - if( ! $bestnode ) - { - print "bestnode is null: \n"; - return 0; - } else { - my $ip=$bestnode->{'ip'}; - my $dn=$bestnode->{'dn'}; - my ($status,$fakearr)=remoteBroker($ip,$user,'ping',$dn, $ldap); - if( ! $status ) - { - delete $nodes->{$bestnodekey}; - return checkServers($nodes, $ldap, $user); - } else { - return $bestnode; - } - } -} - - -sub check_ts -{ - my ($host, $user)=@_; - my $server_dn; - my $ldap; - my($status,$sessions)=getSessionRunning($server_dn, $host, $user, $ldap); - if( $status ) - { - return (1,$sessions); - } - return (0,0); -} - -sub getSessionRunning -{ - my ($dn,$ip,$user, $ldap)=@_; - my ($status,$sessions)=remoteBroker($ip,$user,'listsessions', $dn, $ldap); - if( ! $status ) - { - return (0,0); - } else { - return (1,$sessions); - } -} - -sub remoteBroker -{ - my ($ip, $user, $cmd, $dn, $ldap)=@_; - my $res=`ssh -o ConnectTimeout=15 -o UserKnownHostsFile=/etc/x2go/x2gobroker/ts_known_hosts x2gobroker\@$ip -i /etc/x2go/x2gobroker/id_x2gobroker_dsa \"/usr/lib/x2go/broker/x2gobroker-command $user $cmd 2>/dev/null\"`; - my @rarr=split("\n",$res); - my $stat; - if(@rarr[0] eq 'OK') - { - $stat=1; - } else { - $stat=0; - # setNodeDown($dn, $ldap, $cmd, $user); - } - shift(@rarr); - return($stat,join("\n",@rarr)); -} - -sub notify -{ - my $message=shift; - open (F,">>/tmp/x2gobroker.log"); - print F `date`.$message."\n"; - close(F); -} - -sub setNodeDown -{ - my($dn, $ldap, $cmd, $user)=@_; - my $attr; - push(@$attr,'serverStatus' => 'FALSE'); - my $changes; - push (@$changes, 'replace' => $attr); - $ldap->modify($dn,changes => $changes); - notify ("set status of $dn to \"down\", failed command: \"$cmd\", user: \"$user\"\n"); -} - -sub setServerDown -{ - my($dn, $ldap)=@_; - my $attr; - push(@$attr,'serverStatus' => 'FALSE'); - my $changes; - push (@$changes, 'replace' => $attr); - $ldap->modify($dn,changes => $changes); - notify ("set status of $dn to \"down\", all nodes are down\n"); -} - -sub checkAccess -{ - my ($user,$pass)=@_; - - my $ldap = initLdap(); - - my $dn="uid=$user,ou=People".getBase($binddn); - my $mesg=$ldap->search(base => $dn, - scope => 'base', - filter => '(objectClass=posixAccount)' - ); - - if( $mesg->code ) - { - return 0; - } - - my @entries=$mesg->entries(); - my $crypted=@entries[0]->get_value('userPassword'); - $mesg = $ldap->unbind; - if ( Crypt::SaltedHash->validate($crypted, $pass) ) - { - return 1; - } - return 0; -} - -sub listSessions -{ - my $user=shift; - - my $ldap = initLdap(); - - my $dn="ou=Servers,ou=ON".getBase($binddn); - my $message=$ldap->search(base => $dn, - scope => 'sub', - filter => '(objectClass=ipHost)' - ); - - if($message->code) - { - die $message->error.": ".$message->error_desc; - } - # print Dumper($message->entries); - print "START_USER_SESSIONS<br>"; - foreach ($message->entries) - { - my $asn=$_->{'asn'}; - my $attr=$asn->{'attributes'}; - my $host; - my $int_ip; - my $ext_ip; - my $ext_port; - foreach (@$attr) - { - my $type=$_->{'type'}; - my $value=$_->{'vals'}[0]; - if( $type eq 'cn' ) - { - $host=$value; - } - } - my($status,$sessions)=getSessionRunning($dn,$host,$user, $ldap); - if($status) - { - my $sess_srv; - if($sessions) - { - my @sinfo=split("\\|",$sessions); - my $sess_stat=@sinfo[4]; - $sess_srv=@sinfo[3]; - my $sid=@sinfo[1]; - print "<br>[$host\@$sid]<br>"; - print "status=$sess_stat<br>"; - #get ip - #get port - } else { - my $sessions; - ($sess_srv,$ext_ip,$ext_port, $sessions)=getBestNode($dn, $ldap, $user, $host, $message); - print "<br>[$host]<br>"; - } - #print "host=$ext_ip<br>"; - print "user=$user<br>"; - #print "sshport=$ext_port<br>"; - print "name=Stadt Treuchtlingen<br>"; - goto loop_end; - } - } - loop_end: - print "END_USER_SESSIONS<br>"; - $ldap->unbind(); -} - -sub getBestNode -{ - my ($dn, $ldap, $user, $ip, $message)=@_; - my $servers; - my $status; - ($status,$servers)=remoteBroker($ip,$user,'getservers',$dn, $ldap); - my $srvref={}; - my @srvlines=split("\n",$servers); - foreach(@srvlines) - { - my @words=split(' ',$_); - $srvref->{@words[0]}=1*@words[1]; - } - my $bestval=-1; - my $bestsrv; - my $bestext_ip; - my $bestext_port; - foreach ($message->entries) - { - my $asn=$_->{'asn'}; - my $attr=$asn->{'attributes'}; - my $host; - my $ext_ip; - my $ext_port; - foreach (@$attr) - { - my $type=$_->{'type'}; - my $value=$_->{'vals'}[0]; - if( $type eq 'cn' ) - { - $host=$value; - } - if($type eq 'description') - { - my @words=split(":",$value); - $ext_ip=@words[0]; - $ext_port=@words[1]; - } - } - my $sess=$srvref->{$host}; - if( ! $sess ) - { - return($host, $ext_ip, $ext_port,0); - } - if($sess < $bestval || $bestval == -1) - { - $bestval=$sess; - $bestsrv=$host; - $bestext_ip=$ext_ip; - $bestext_port=$ext_port; - } - } - return($bestsrv, $bestext_ip, $bestext_port, $bestval); -} - -1; diff --git a/X2Go/Broker/ZeroConf.pm b/X2Go/Broker/ZeroConf.pm deleted file mode 100644 index da4eb98..0000000 --- a/X2Go/Broker/ZeroConf.pm +++ /dev/null @@ -1,184 +0,0 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> -# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> -# -# X2Go Session Broker is free software; you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# X2Go Session Broker is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program; if not, write to the -# Free Software Foundation, Inc., -# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. - -package X2Go::Broker::ZeroConf; - -use strict; -use Sys::Hostname; -use Authen::PAM; -use Authen::Simple::PAM; -use X2Go::Broker::Common; - -### for debugging purposes... -#use Data::Dumper; - -use base 'Exporter'; -our @EXPORT = ('CheckAccess', 'ListSessions', 'SelectSession', 'SetPass', ); - -my $hostname = hostname; - -### -### public functions, available to broker cgi -### - -my $username; -my $password; - -### exported function ### -sub CheckAccess -{ - # zeroconf broker: use PAM to perform authentication against - # the local PAM login module - ($username, $password)=@_; - my $pam = Authen::Simple::PAM->new(service => 'x2gobroker'); - if ( $pam->authenticate( $username, $password ) ) { - # successfull authentication - return 0 - } - return 1; -} - -### exported function ### -sub SetPass -{ - ### - ### the broker API in X2Go Client currently requests a password change - ### without verifying the old password, this needs to be fixed... - ### - - my ($username, $oldpassword, $newpassword)=@_; - - # zeroconf broker: use PAM to initiate a local passwd change - my $service = "x2gobroker"; - my $pamh = new Authen::PAM($service, $username, \&passwd_conv_func) || - die "Error code \$pamh during PAM init!"; - my $state = 0; - my $res = $pamh->pam_chauthtok; - die $pamh->pam_strerror($res) unless $res == PAM_SUCCESS(); - - print "\n<br>CHANGING PASS OK<br>\n"; -} - -### exported function ### -sub SelectSession -{ - my ($user, $session_id)=@_; - my @words=split("\@",$session_id); - ### - ### FIXME: why the heck is the $session_id format <host>@<session>, - ### <session>@<host> would make much more sense!!! (for - ### the human eye...) - ### - my $session_id=@words[1]; - my $host=@words[0]; - check_and_start_session($user, $host, $session_id); -} - -### exported function ### -sub ListSessions -{ - # print Dumper($message->entries); - print "START_USER_SESSIONS<br>"; - my($status,$sessions)=CallBrokerAgent($hostname, $username, 'listsessions'); - if ( $status ) - { - if($sessions) - { - my @sinfo = split("\\|",$sessions); - my $session_status = @sinfo[4]; - my $session_id = @sinfo[1]; - print "<br>[$hostname\@$session_id]<br>"; - print "status=$session_status<br>"; - } else { - print "<br>[$hostname]<br>"; - } - } - print "END_USER_SESSIONS<br>"; -} - -### -### private functions, not available to broker cgi -### - -# helper function for SetPass -sub passwd_conv_func { - my @res; - while ( @_ ) { - my $code = shift; - my $msg = shift; - my $ans = ""; - my $state; - - my $oldpassword; - my $newpassword; - - $ans = $username if ( $code == PAM_PROMPT_ECHO_ON() ); - if ( $code == PAM_PROMPT_ECHO_OFF() ) { - $ans = $oldpassword if ($state == 0); - $ans = $newpassword if ($state == 1); - $ans = $newpassword if ($state == 2); - $state++; - } - push @res, (PAM_SUCCESS(),$ans); - } - push @res, PAM_SUCCESS(); - return @res; -} - -sub check_and_start_session -{ - my ($username, $hostname, $session_id) = @_; - my $running; - my ($status, $sessions)=ExecRemoteBroker($username, $hostname, 'listsessions'); - if ( ! $status ) - { - print "ERROR: X2Go server not available\n"; - return; - } - my $running_sessions = 0; - if ( $sessions ) - { - # suspend all running sessions first... - my @sinfo = split("\\|",$sessions); - my $session_status = @sinfo[4]; - my $session_server = @sinfo[3]; - $session_id=@sinfo[1]; - if( $session_status eq 'R' ) - { - $running = 1; - my $str; - ($status, $str) = ExecRemoteBroker($username, $hostname, "suspend $session_id"); - $sessions =~ s/\|R\|/\|S\|/; - } - if( $session_status eq 'S' ) - { - $running = 1; - } - } - - print "SERVER:$hostname\n"; - if($running) - { - # use first session in session list... - print "SESSION_INFO:".(split("\n",$sessions))[0]."\n"; - } -} - -1; diff --git a/cgi/x2gobroker.cgi b/cgi/x2gobroker.cgi deleted file mode 100755 index 3d44d52..0000000 --- a/cgi/x2gobroker.cgi +++ /dev/null @@ -1,97 +0,0 @@ -#!/usr/bin/perl - -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> -# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> -# -# X2Go Session Broker is free software; you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# X2Go Session Broker is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program; if not, write to the -# Free Software Foundation, Inc., -# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. - -use strict; -use File::Basename qw(basename); - -my $cgi_name = basename($0); -my $broker_backend = $cgi_name; -$broker_backend =~ s/x2gobroker-(.*)\.cgi/\1/; - -SWITCH: { - $broker_backend == "zeroconf" && do { use X2Go::Broker::ZeroConf qw(CheckAccess SetPass SelectSession ListSessions); last SWITCH; }; -# $broker_backend == "simple" && do { use X2Go::Broker::Simple qw(CheckAccess SetPass SelectSession ListSessions); last SWITCH; }; -# $broker_backend == "ldap" && do { use X2Go::Broker::LDAP qw(CheckAccess SetPass SelectSession ListSessions); last SWITCH; }; -} - -use CGI; -use CGI::Carp qw(fatalsToBrowser); - -my $cgi = new CGI; -my @formValues = $cgi->param(); - -print $cgi->header( - -type =>'text/html', - -expires =>'+1h' - ), - $cgi->start_html( - -title =>'X2Go Session Broker', - -author =>'X2Go Developers <x2go-dev@lists.berlios.de>', - -base =>'true', - -meta =>{'keywords' =>'X2Go', 'description'=>'X2Go Session Broker'} - ); - -if($cgi->param('task') eq 'testcon') -{ - for ( my $i=0;$i<2*1024*1024;$i++ ) - { - print int(rand(9)); - } - print $cgi->end_html(); -} - -if ( ! CheckAccess($cgi->param('user'), $cgi->param('password'), $cgi->param('authid')) == 1 ) -{ - print_no_access(); - print $cgi->end_html(); - exit (0); -} - -print $cgi->start_form(), -$cgi->strong('Access granted'); - -if ($cgi->param('task') eq 'listsessions') -{ - ListSessions($cgi->param('user')); -} - -if ($cgi->param('task') eq 'selectsession') -{ - SelectSession($cgi->param('user'), $cgi->param('sid')); -} - -if ($cgi->param('task') eq 'setpass') -{ - SetPass($cgi->param('user'), $cgi->param('newpass')); -} - -$cgi->hr(), -$cgi->end_form(); -print $cgi->end_html(); - -sub print_no_access -{ - print $cgi->start_form(), - $cgi->hr(), - $cgi->strong('Access denied'), - $cgi->end_form(); -} diff --git a/debian/changelog b/debian/changelog index 42e3641..f99aeb6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,14 +1,5 @@ x2gobroker (0.0.0.1-0~x2go1) UNRELEASED; urgency=low - [ Mike Gabriel ] - * Setting up new public X2Go project: x2gobroker. - - Using our own PAM service ,,x2gobroker''. - * /debian/control: - + Add an initial dependency selection to the various Depends fields. - + Make sure libx2go-broker-perl of the same version gets installed - with x2gobroker-common. - + Add dependencies: libauthen-pam-perl, libauthen-simple-pam-perl. - * Fix code indentations (spaces replaced by tabs, use proper indentation - levels). + * Initial upstream version. -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Wed, 15 Sep 2012 17:30:24 +0200 diff --git a/debian/control b/debian/control index 3381442..81ecded 100644 --- a/debian/control +++ b/debian/control @@ -1,5 +1,5 @@ Source: x2gobroker -Section: web +Section: python Priority: optional Maintainer: X2Go Developers <x2go-dev@lists.berlios.de> Uploaders: @@ -9,43 +9,20 @@ Build-Depends: debhelper (>= 7.0.50~), cdbs (>= 0.4.90~), dpkg-dev (>= 1.16.1~), + python (>= 2.6.6-3~), Standards-Version: 3.9.3 +XS-Python-Version: >= 2.4 -Package: libx2go-broker-perl +Package: x2gobroker Architecture: all -Section: perl Depends: ${misc:Depends}, - ${perl:Depends}, -Description: X2Go http(s) based session broker (Perl modules) - X2Go is a serverbased computing environment with - - session resuming - - low bandwidth support - - LDAP support - - client side mass storage mounting support - - client side printing support - - audio support - - authentication by smartcard and USB stick - . - The session broker is a server tool for X2Go that - tells your X2Go Client application in a terminal - server cluster what servers and session types are - most appropriate for the user in front of the - X2Go terminal. - . - A session broker is most useful in load balanced - X2Go server farms. - . - This package contains the related Perl modules needed - by the X2Go Session Broker scripts. - -Package: x2gobroker-common -Architecture: all -Depends: - ${misc:Depends}, - libx2go-broker-perl (>= ${source:Version}), libx2go-broker-perl (<< ${source:Version}.1~), -Description: X2Go http(s) based session broker (common files) - X2Go is a serverbased computing environment with + ${python:Depends}, + python, +Suggests: + apache2 | httpd, +Description: X2Go http(s) based session broker (executable) + X2Go is a server based computing environment with - session resuming - low bandwidth support - LDAP support @@ -63,18 +40,17 @@ Description: X2Go http(s) based session broker (common files) A session broker is most useful in load balanced X2Go server farms. . - This package contains common files needed by all X2Go session - brokers being package for this distribution. + This package contains the x2gobroker executable. -Package: x2gobroker-simple +Package: x2gobroker-daemon Architecture: all Depends: ${misc:Depends}, + ${python:Depends}, +Suggests: apache2 | httpd, - perl, - x2gobroker-common (>= ${source:Version}), x2gobroker-common (<< ${source:Version}.1~), -Description: X2Go http(s) session broker (simple broker) - X2Go is a serverbased computing environment with +Description: X2Go http(s) based session broker (daemon) + X2Go is a server based computing environment with - session resuming - low bandwidth support - LDAP support @@ -92,20 +68,19 @@ Description: X2Go http(s) session broker (simple broker) A session broker is most useful in load balanced X2Go server farms. . - This package contains a simple example of an X2Go session - broker. This session broker will be configured with a few steps, - no LDAP is required. + This package contains the start-stop script that + installs the X2Go Session Broker as standalone + daemon. -Package: x2gobroker-ldap +Package: x2gobroker-cgi Architecture: all Depends: ${misc:Depends}, + ${python:Depends}, +Suggests: apache2 | httpd, - perl, - libnet-ldap-perl, - x2gobroker-common (>= ${source:Version}), x2gobroker-common (<< ${source:Version}.1~), -Description: X2Go http(s) session broker (simple broker) - X2Go is a serverbased computing environment with +Description: X2Go http(s) based session broker (CGI) + X2Go is a server based computing environment with - session resuming - low bandwidth support - LDAP support @@ -123,21 +98,19 @@ Description: X2Go http(s) session broker (simple broker) A session broker is most useful in load balanced X2Go server farms. . - This package contains an LDAP based X2Go session broker. - This session broker is targeted for large production setups - with many X2Go servers managed via a session broker. + This package contains a configuration that installs + the X2Go Session Broker as a CGI script so it + can be run from within an existing httpd server. -Package: x2gobroker-zeroconf +Package: python-x2gobroker Architecture: all Depends: ${misc:Depends}, + ${python:Depends}, +Suggests: apache2 | httpd, - perl, - x2gobroker-common (>= ${source:Version}), x2gobroker-common (<< ${source:Version}.1~), - libauthen-pam-perl, - libauthen-simple-pam-perl, -Description: X2Go http(s) session broker (for demo purposes only) - X2Go is a serverbased computing environment with +Description: X2Go http(s) based session broker (Python modules) + X2Go is a server based computing environment with - session resuming - low bandwidth support - LDAP support @@ -155,21 +128,19 @@ Description: X2Go http(s) session broker (for demo purposes only) A session broker is most useful in load balanced X2Go server farms. . - This package contains a demo X2Go session broker that - runs out-of-the-box. However, it can not be configured - and it only manages one single X2Go server. This package - can be installed to test X2Go's clients, so you get an - idea of how your clients behave when set into broker mode. + This package contains common files needed by all X2Go session + brokers being package for this distribution. Package: x2gobroker-agent Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, + perl, adduser, x2goserver, Description: X2Go http(s) based session broker (common files) - X2Go is a serverbased computing environment with + X2Go is a server based computing environment with - session resuming - low bandwidth support - LDAP support diff --git a/debian/copyright b/debian/copyright index 1891023..7b2fde0 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,13 +1,15 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: X2Go Broker -Upstream-Contact: Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -Source: http://code.x2go.org/releases/source/x2gohttpbroker +Upstream-Contact: + Mike Gabriel <mike.gabriel@das-netzwerkteam.de> + Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> +Source: http://code.x2go.org/releases/source/x2gobroker Files: * Copyright: - 2011-2012, Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> - 2011-2012, Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> 2012, Mike Gabriel <mike.gabriel@das-netzwerkteam.de> + 2012, Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> + 2012, Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> License: AGPL-3+ Files: debian/* diff --git a/debian/x2gobroker-ldap.dirs b/debian/python-x2gobroker.dirs similarity index 50% rename from debian/x2gobroker-ldap.dirs rename to debian/python-x2gobroker.dirs index d973e65..2fd303e 100644 --- a/debian/x2gobroker-ldap.dirs +++ b/debian/python-x2gobroker.dirs @@ -1 +1,2 @@ /etc/x2go +/etc/pam.d \ No newline at end of file diff --git a/debian/x2gobroker-common.docs b/debian/python-x2gobroker.docs similarity index 100% rename from debian/x2gobroker-common.docs rename to debian/python-x2gobroker.docs diff --git a/debian/python-x2gobroker.install b/debian/python-x2gobroker.install new file mode 100644 index 0000000..99281cd --- /dev/null +++ b/debian/python-x2gobroker.install @@ -0,0 +1,3 @@ +etc/x2gobroker.conf etc/x2go/ +pam/x2gobroker etc/pam.d/ +usr/ diff --git a/debian/rules b/debian/rules index 8b53e5a..787fc72 100755 --- a/debian/rules +++ b/debian/rules @@ -21,8 +21,8 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all export DEB_CFLAGS_MAINT_APPEND = -Wall include /usr/share/dpkg/buildflags.mk -DEB_PERL_PACKAGES=libx2go-broker-perl -DEB_PERL_CLEAN_TARGET=realclean -include /usr/share/cdbs/1/class/perl-makemaker.mk +#DEB_PERL_PACKAGES=libx2go-broker-perl +#DEB_PERL_CLEAN_TARGET=realclean +#include /usr/share/cdbs/1/class/perl-makemaker.mk include /usr/share/cdbs/1/rules/debhelper.mk - +include /usr/share/cdbs/1/class/python-distutils.mk diff --git a/debian/x2gobroker-agent.dirs b/debian/x2gobroker-agent.dirs deleted file mode 100644 index 88c7d70..0000000 --- a/debian/x2gobroker-agent.dirs +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/x2go/broker \ No newline at end of file diff --git a/etc/x2gobroker-simple.cfg b/debian/x2gobroker-cgi.install similarity index 100% rename from etc/x2gobroker-simple.cfg rename to debian/x2gobroker-cgi.install diff --git a/debian/x2gobroker-common.dirs b/debian/x2gobroker-common.dirs deleted file mode 100644 index cec872f..0000000 --- a/debian/x2gobroker-common.dirs +++ /dev/null @@ -1,2 +0,0 @@ -/usr/lib/cgi-bin -/usr/lib/x2go/broker \ No newline at end of file diff --git a/debian/x2gobroker-common.install b/debian/x2gobroker-common.install deleted file mode 100644 index e9793a9..0000000 --- a/debian/x2gobroker-common.install +++ /dev/null @@ -1 +0,0 @@ -cgi/x2gobroker.cgi usr/lib/cgi-bin/ diff --git a/debian/x2gobroker-daemon.default b/debian/x2gobroker-daemon.default new file mode 100644 index 0000000..52a89c4 --- /dev/null +++ b/debian/x2gobroker-daemon.default @@ -0,0 +1,4 @@ +# X2Go Session Broker configuration for Debian + +# Uncomment to enable the X2Go Session Broker standalone daemon +#START_DAEMON=true \ No newline at end of file diff --git a/debian/x2gobroker-daemon.init b/debian/x2gobroker-daemon.init new file mode 100644 index 0000000..9901128 --- /dev/null +++ b/debian/x2gobroker-daemon.init @@ -0,0 +1,72 @@ +#!/bin/sh +# +# Start the X2Go Session Broker standalone daemon +# +# Copyright © 2012 Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# Distributable under the terms of the GNU AGPL version 2. +# +### BEGIN INIT INFO +# Provides: x2gobroker-daemon +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: X2Go Session Broker standalone daemon +# Description: X2Go Session Broker daemon comes with its own HTTP daemon +### END INIT INFO +# + +set -eu + +DAEMON=/usr/sbin/x2gobroker +test -d /run && RUNDIR=/run/ || RUNDIR=/var/run +PIDFILE=$RUNDIR/x2gobroker-daemon.pid +DEBIANCONFIG=/etc/default/x2gobroker-daemon + +test -x "$DAEMON" || exit 0 + +START_DAEMON=false +test -f $DEBIANCONFIG && . $DEBIANCONFIG + +. /lib/lsb/init-functions + +is_true() +{ + case "${1:-}" in + [Yy]es|[Yy]|1|[Tt]|[Tt]rue) return 0;; + *) return 1; + esac +} + +case "${1:-}" in + start) + if is_true $START_DAEMON; then + log_daemon_msg "Starting X2Go Session Broker standalone daemon" "x2gobroker" + mkdir -p $RUNDIR + set +e + start-stop-daemon -S -p $PIDFILE -x $DAEMON + log_end_msg $? + set -e + fi + ;; + stop) + if [ -f $PIDFILE ] ; then + log_daemon_msg "Stopping X2Go Session Broker standalone daemon" "x2gobroker" + set +e + start-stop-daemon -K -p $PIDFILE -x $DAEMON + rm -f $PIDFILE + log_end_msg $? + set -e + fi + ;; + restart|reload|force-reload) + ${0:-} stop + ${0:-} start + ;; + *) + echo "Usage: ${0:-} {start|stop|restart|reload|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/x2gobroker-ldap.docs b/debian/x2gobroker-ldap.docs deleted file mode 100644 index 5502ed8..0000000 --- a/debian/x2gobroker-ldap.docs +++ /dev/null @@ -1,3 +0,0 @@ -NEWS -README -TODO diff --git a/debian/x2gobroker-ldap.install b/debian/x2gobroker-ldap.install deleted file mode 100644 index c35da81..0000000 --- a/debian/x2gobroker-ldap.install +++ /dev/null @@ -1 +0,0 @@ -etc/x2gobroker-ldap.cfg etc/x2go/ diff --git a/debian/x2gobroker-ldap.links b/debian/x2gobroker-ldap.links deleted file mode 100644 index b8a8a9b..0000000 --- a/debian/x2gobroker-ldap.links +++ /dev/null @@ -1 +0,0 @@ -usr/lib/cgi-bin/x2gobroker.cgi usr/lib/cgi-bin/x2gobroker-ldap.cgi diff --git a/debian/x2gobroker-simple.dirs b/debian/x2gobroker-simple.dirs deleted file mode 100644 index d973e65..0000000 --- a/debian/x2gobroker-simple.dirs +++ /dev/null @@ -1 +0,0 @@ -/etc/x2go diff --git a/debian/x2gobroker-simple.docs b/debian/x2gobroker-simple.docs deleted file mode 100644 index 5502ed8..0000000 --- a/debian/x2gobroker-simple.docs +++ /dev/null @@ -1,3 +0,0 @@ -NEWS -README -TODO diff --git a/debian/x2gobroker-simple.install b/debian/x2gobroker-simple.install deleted file mode 100644 index 258c187..0000000 --- a/debian/x2gobroker-simple.install +++ /dev/null @@ -1 +0,0 @@ -etc/x2gobroker-simple.cfg etc/x2go/ diff --git a/debian/x2gobroker-simple.links b/debian/x2gobroker-simple.links deleted file mode 100644 index 27df28e..0000000 --- a/debian/x2gobroker-simple.links +++ /dev/null @@ -1 +0,0 @@ -usr/lib/cgi-bin/x2gobroker.cgi usr/lib/cgi-bin/x2gobroker-simple.cgi diff --git a/debian/x2gobroker-zeroconf.dirs b/debian/x2gobroker-zeroconf.dirs deleted file mode 100644 index d973e65..0000000 --- a/debian/x2gobroker-zeroconf.dirs +++ /dev/null @@ -1 +0,0 @@ -/etc/x2go diff --git a/debian/x2gobroker-zeroconf.docs b/debian/x2gobroker-zeroconf.docs deleted file mode 100644 index 5502ed8..0000000 --- a/debian/x2gobroker-zeroconf.docs +++ /dev/null @@ -1,3 +0,0 @@ -NEWS -README -TODO diff --git a/debian/x2gobroker-zeroconf.links b/debian/x2gobroker-zeroconf.links deleted file mode 100644 index 1d6c3cf..0000000 --- a/debian/x2gobroker-zeroconf.links +++ /dev/null @@ -1 +0,0 @@ -usr/lib/cgi-bin/x2gobroker.cgi usr/lib/cgi-bin/x2gobroker-zeroconf.cgi diff --git a/debian/x2gobroker.install b/debian/x2gobroker.install new file mode 100644 index 0000000..fac20e4 --- /dev/null +++ b/debian/x2gobroker.install @@ -0,0 +1 @@ +sbin/x2gobroker usr/sbin/ diff --git a/debian/x2gobroker.pam b/debian/x2gobroker.pam deleted file mode 100644 index 1eaad76..0000000 --- a/debian/x2gobroker.pam +++ /dev/null @@ -1,2 +0,0 @@ -@include common-auth -@include common-passwd diff --git a/etc/x2gobroker-ldap.cfg b/etc/x2gobroker.conf similarity index 95% copy from etc/x2gobroker-ldap.cfg copy to etc/x2gobroker.conf index fe8e9bd..a1b56f5 100644 --- a/etc/x2gobroker-ldap.cfg +++ b/etc/x2gobroker.conf @@ -18,6 +18,13 @@ # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. +[common] +backend=zeroconf + +[simple] +#... + +[ldap] ldapuri=ldap://<ldapmaster.localdomain> #replica=ldapi:/// binddn="cn=admin,dc=example,dc=net" diff --git a/lib/x2gobroker-agent.pl b/lib/x2gobroker-agent.pl index 0d5b559..6a64bbf 100755 --- a/lib/x2gobroker-agent.pl +++ b/lib/x2gobroker-agent.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -wU +#!/usr/bin/perl -XU # This file is part of the X2Go Project - http://www.x2go.org # Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> @@ -24,7 +24,7 @@ use strict; sub InitX2GoUser { - my ($user, $uid, $gid, $home)=@_; + my ($user, $uidNumber, $gidNumber, $home)=@_; if ( -f "/etc/x2go/x2gosql/sql" ) { @@ -56,11 +56,11 @@ sub CreateKey ### authorized_keys file is starting to get ### scared... (Mike) ### - #my ($uid, $gid, $home)=@_; + #my ($uidNumber, $gidNumber, $home)=@_; #if ( ! -d "$home/.ssh" ) #{ # mkdir ("$home/.ssh", 0700); - # chown ($uid, $gid, "$home/.ssh"); + # chown ($uidNumber, $gidNumber, "$home/.ssh"); #} #if( -e "$home/.ssh/authorized_keys" ) #{ @@ -84,41 +84,41 @@ $ENV{'PATH'} = '/bin:/usr/bin'; my $username=shift or die; my $mode=shift or die; -my ($name, $passwd, $uid, $gid, $quota, $comment, $gcos, $home, $shell, $expire) = getpwnam($username); +my ($uid, $passwd, $uidNumber, $gidNumber, $quota, $comment, $gcos, $home, $shell, $expire) = getpwnam($username); -if($uid < 1000) +if($uidNumber < 1000) { die 'operation on system user'; } if($mode eq 'listsessions') { - InitX2GoUser($name, $uid, $gid, $home); + InitX2GoUser($uid, $uidNumber, $gidNumber, $home); print "OK\n"; - system "/bin/su - ", $name, "-c", "x2golistsessions --all-servers"; + exec ("/bin/su - $uid -c \"x2golistsessions --all-servers\""); } if($mode eq 'getservers') { - InitX2GoUser($name, $uid, $gid, $home); + InitX2GoUser($uid, $uidNumber, $gidNumber, $home); print "OK\n"; - system "/bin/su - ", $name, "-c", "x2gogetservers"; + exec ("/bin/su - $uid -c \"x2gogetservers\""); } if($mode eq 'key') { - InitX2GoUser($name, $uid, $gid, $home); + InitX2GoUser($uid, $uidNumber, $gidNumber, $home); print "OK\n"; - createKey($uid, $gid, $home); + createKey($uidNumber, $gidNumber, $home); } if($mode eq 'suspend') { - InitX2GoUser($name, $uid, $gid, $home); + InitX2GoUser($uid, $uidNumber, $gidNumber, $home); print "OK\n"; my $sid=shift; - system "/bin/su - ", $name, "-c", "x2gosuspend-session $sid"; + exec ("/bin/su - $uid -c \"x2gosuspend-session $sid\""); } if($mode eq 'ping') diff --git a/pam/x2gobroker b/pam/x2gobroker new file mode 100644 index 0000000..b561496 --- /dev/null +++ b/pam/x2gobroker @@ -0,0 +1,2 @@ +@include common-auth +@include common-password diff --git a/sbin/x2gobroker b/sbin/x2gobroker new file mode 100755 index 0000000..103a6a5 --- /dev/null +++ b/sbin/x2gobroker @@ -0,0 +1,152 @@ +#!/usr/bin/env python + +# This file is part of the X2Go Project - http://www.x2go.org +# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> +# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> +# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# +# X2Go Session Broker is free software; you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# X2Go Session Broker is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program; if not, write to the +# Free Software Foundation, Inc., +# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +import sys +import os +import web + +try: + import x2gobroker +except ImportError: + sys.path.insert(0, os.path.join(os.getcwd(), '..')) + +# FIXME: here we have to add some code that genuinely detects the session broker backend... +broker_backend = "zeroconf" + +# load the requested broker +if broker_backend == "zeroconf": + import x2gobroker.zeroconf as broker +elif broker_backend == "simple": + import x2gobroker.simple as broker +elif broker_backend == "ldap": + import x2gobroker.ldap as broker + + +urls = ( '/', 'x2gobroker' ) + + +class x2gobroker: + + broker_backend = broker.X2GoBroker() + + http_header_items = { + 'Content-Type': 'text/html; charset=utf-8', + 'Expires': '+1h', + } + + page = web.template.Template("""$def with (html_header_items, output) +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html> +<head> +$for meta_tag in html_header_items["meta"]: + <meta $meta_tag="$html_header_items["meta"][meta_tag]"> +<title>$html_header_items['title']</title> +</head> + +<body> +$output +</body> +</html> +""" + ) + html_header_items = { + 'title': 'X2Go Session Broker', + 'meta': { + 'author': 'X2Go Developers <x2go-dev@lists.berlios.de>', + 'charset': 'utf-8', + 'keywords': 'X2Go', + 'description': 'X2Go Session Broker', + }, + } + + def _gen_http_header(self): + + for http_header_item in self.http_header_items.keys(): + web.header(http_header_item, self.http_header_items[http_header_item]) + + def GET(self): + + data = web.input() + output = '' + + self._gen_http_header() + + + # FIXME: the ,,testcon'' task can be object to DoS attacks... + if hasattr(data, 'task') and data.task == 'testcon': + + ### + ### TEST THE CONNECTION + ### + + return self.broker_backend.test_connection() + + if hasattr(data, 'user') and hasattr(data, 'password') and self.broker_backend.check_access(username=data.user, password=data.password): + + ### + ### PERFORM INITIAL AUTHENTICATION + ### + + output += "<strong>Access granted</strong><br />" + output += "AUTHID: {authid}<br />".format(authid=self.broker_backend.get_next_authid(username=data.user)) + return self.page(self.html_header_items, output) + + else: + return self.page(self.html_header_items, "<hr>Access denied") + + if hasattr(data, 'user') and hasattr(data, 'authid'): + + ### + ### X2GO BROKER TASKS + ### + + if self.broker_backend.check_access(username=data.user, authid=data.authid): + + if hasattr(data, 'task'): + task = data.task + + if task == 'listsessions': + + output += self.broker_backend.list_sessions() + + if task == 'selectsession': + + if hasattr(data, 'sid'): + + output += self.broker_backend.select_session(session_name=data.sid) + + if task == 'setpass': + + if hasattr(data, 'oldpass') and hasattr(data, 'newpass'): + + output += self.broker_backend.change_password(new=data.newpass, old=data.oldpass) + + return self.page(self.html_header_items, output) + + else: + return self.page(self.html_header_items, "<hr>Access denied") + + +if __name__ == "__main__": + app = web.application(urls, globals()) + app.internalerror = web.debugerror + app.run() diff --git a/etc/x2gobroker-ldap.cfg b/setup.py old mode 100644 new mode 100755 similarity index 59% copy from etc/x2gobroker-ldap.cfg copy to setup.py index fe8e9bd..e1fa4e8 --- a/etc/x2gobroker-ldap.cfg +++ b/setup.py @@ -1,7 +1,11 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# -*- coding: utf-8 -*- + # Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# Copyright (C) 2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> +# Copyright (C) 2012 by Heinz-M. Graesing <heint-m.graesing@obviously-nice.de> # # X2Go Session Broker is free software; you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by @@ -18,7 +22,16 @@ # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. -ldapuri=ldap://<ldapmaster.localdomain> -#replica=ldapi:/// -binddn="cn=admin,dc=example,dc=net" -bindpw="<very-secret>" +from setuptools import setup, find_packages +import x2gobroker + +setup( + name = "x2gobroker", + version = x2gobroker.__VERSION__, + description = "X2Go Session Broker", + license = 'AGPLv3+', + author = 'Mike Gabriel', + url = 'http://www.x2go.org', + packages = find_packages('.'), + package_dir = {'': '.'}, +) diff --git a/etc/x2gobroker-ldap.cfg b/x2gobroker/__init__.py similarity index 69% copy from etc/x2gobroker-ldap.cfg copy to x2gobroker/__init__.py index fe8e9bd..ad8c1e4 100644 --- a/etc/x2gobroker-ldap.cfg +++ b/x2gobroker/__init__.py @@ -1,7 +1,7 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> +# -*- coding: utf-8 -*- + # Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# Copyright (C) 2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> # # X2Go Session Broker is free software; you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by @@ -18,7 +18,6 @@ # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. -ldapuri=ldap://<ldapmaster.localdomain> -#replica=ldapi:/// -binddn="cn=admin,dc=example,dc=net" -bindpw="<very-secret>" +__VERSION__ = '0.0.0.1' + + diff --git a/x2gobroker/base.py b/x2gobroker/base.py new file mode 100644 index 0000000..a1fe0ca --- /dev/null +++ b/x2gobroker/base.py @@ -0,0 +1,157 @@ +# -*- coding: utf-8 -*- + +# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# Copyright (C) 2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> +# +# X2Go Session Broker is free software; you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# X2Go Session Broker is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program; if not, write to the +# Free Software Foundation, Inc., +# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +"""\ +X2goBrokerBASE class - base skeleton for X2GoBroker implementations + +""" +__NAME__ = 'x2gobroker-pylib' + +# modules +import types +import uuid + +class X2GoBroker(object): + """\ + X2GoBrokerBASE is an abstract class for X2Go broker implementations. + + This class needs to be inherited from a concrete broker class. + + Currently available broker classes are:: + L{zeroconf.X2GoBroker} + L{simple.X2GoBroker} + L{ldap.X2GoBroker} + + """ + def __init__(self): + """\ + Initialize a new X2GoBroker instance to control X2Go session through an + X2Go Client with an intermediate session broker. + """ + self._authid_dict = {} + + def __del__(self): + """\ + Cleanup on destruction of an L{X2GoBroker} instance. + + """ + pass + + def test_connection(self): + #if($cgi->param('task') eq 'testcon') + #{ + # for ( my $i=0;$i<2*1024*1024;$i++ ) + # { + # print int(rand(9)); + # } + # print $cgi->end_html(); + # exit (0); + #} + return 'OK' + + def check_access(self, username='', password='', authid=None): + """\ + Check if a given user with a given password may gain access to the + X2Go session broker. + + @param username: a username known to the session broker + @type username: C{unicode} + @param password: a password that authenticates the user against the X2Go session broker + @type password: C{unicode} + + @return: returns C{True} if the authentication has been successful + @rtype: C{bool} + + """ + + ### IMPLEMENT YOUR AUTHENTICATION LOGIC FIRST, then call base.X2GoBroker.check_access + ### to finalize the authentication process. + + # Before calling this code, you have to evaluate username and password. + # + # If the credentials (username, password) are considered as valid then + # set authid to True. + # + # If credentials are invalid, set authid to None. + + if type(authid) is types.StringType: + authid = unicode(authid) + + if type(authid) is types.UnicodeType: + + if authid == self._authid_dict[username]: + self._authid_dict[username] = uuid.uuid5(namespace=authid, name=username) + return True + + elif type(authid) is types.BooleanType and authid is True: + # generate a first uuid, initialize the connection + self._authid_dict[username] = uuid.uuid4() + return True + + return False + + def get_next_authid(self, username): + """\ + Get the next expected authentication ID for the given user name. + + @param username: query next auth ID for this user + @type username: C{unicode} + + @return: returns next authentication ID for the given username, None if no auth ID has been generated, yet. + @rtype: C{unicode} or C{None} + + """ + try: + return self._authid_dict[username] + except KeyError: + return None + + def list_sessions(self, username): + """\ + Retrieve a list of running/suspended sessions for the user that has authenticated to this + L{X2GoBroker} instance + + @param username: query session list for this user + @type username: C{unicode} + + return: list of session objects + rtype: C{obj} + + """ + return [] + + def select_session(self, session_name=None): + """\ + Select a running/suspended session to be transferred/resumed to the requesting X2Go Client. + If no C{session_name} is given, a new X2Go session is launched for the authenticated user. + + The X2Go server that the session is launched on is selected automatically by the X2Go session + broker. + + """ + return None + + def change_password(self, new='', old=''): + """\ + Modify the authenticated user's password on the X2Go infrastructure (normally, one user + in one X2Go site setup should have the same password on all machines). + + """ + return False diff --git a/etc/x2gobroker-ldap.cfg b/x2gobroker/ldap.py similarity index 59% copy from etc/x2gobroker-ldap.cfg copy to x2gobroker/ldap.py index fe8e9bd..25fc8b4 100644 --- a/etc/x2gobroker-ldap.cfg +++ b/x2gobroker/ldap.py @@ -1,7 +1,7 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> +# -*- coding: utf-8 -*- + # Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# Copyright (C) 2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> # # X2Go Session Broker is free software; you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by @@ -18,7 +18,28 @@ # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. -ldapuri=ldap://<ldapmaster.localdomain> -#replica=ldapi:/// -binddn="cn=admin,dc=example,dc=net" -bindpw="<very-secret>" +"""\ +X2goBrokerLDAP class - a production X2GoBroker implementations that uses LDAP as configuration backend + +""" +__NAME__ = 'x2gobroker-pylib' + +# modules +import x2gobroker.base + +class X2GoBroker(x2gobroker.base.X2GoBroker): + """\ + + """ + def __init__(self): + """\ + + """ + x2gobroker.base.X2GoBroker.__init__(self) + + def __del__(self): + """\ + + """ + x2gobroker.base.X2GoBroker.__del__(self) + diff --git a/etc/x2gobroker-ldap.cfg b/x2gobroker/simple.py similarity index 59% rename from etc/x2gobroker-ldap.cfg rename to x2gobroker/simple.py index fe8e9bd..ea3fc87 100644 --- a/etc/x2gobroker-ldap.cfg +++ b/x2gobroker/simple.py @@ -1,7 +1,7 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> +# -*- coding: utf-8 -*- + # Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# Copyright (C) 2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> # # X2Go Session Broker is free software; you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by @@ -18,7 +18,28 @@ # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. -ldapuri=ldap://<ldapmaster.localdomain> -#replica=ldapi:/// -binddn="cn=admin,dc=example,dc=net" -bindpw="<very-secret>" +"""\ +X2goBrokerSIMPLE class - a simple X2GoBroker implementations that uses text-based config files only + +""" +__NAME__ = 'x2gobroker-pylib' + +# modules +import x2gobroker.base + +class X2GoBroker(x2gobroker.base.X2GoBroker): + """\ + + """ + def __init__(self): + """\ + + """ + x2gobroker.base.X2GoBroker.__init__(self) + + def __del__(self): + """\ + + """ + x2gobroker.base.X2GoBroker.__del__(self) + diff --git a/x2gobroker/zeroconf.py b/x2gobroker/zeroconf.py new file mode 100644 index 0000000..af0da2d --- /dev/null +++ b/x2gobroker/zeroconf.py @@ -0,0 +1,56 @@ +# -*- coding: utf-8 -*- + +# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# Copyright (C) 2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> +# +# X2Go Session Broker is free software; you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# X2Go Session Broker is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program; if not, write to the +# Free Software Foundation, Inc., +# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +"""\ +X2goBrokerZEROCONF class - a demo X2GoBroker implementations that needs not configuration at all + +""" +__NAME__ = 'x2gobroker-pylib' + +# modules +import pam +import subprocess + +import x2gobroker.base + +from x2gobroker.defaults import X2GOBROKER_AGENT_CMD as _X2GOBROKER_AGENT_CMD + +class X2GoBroker(x2gobroker.base.X2GoBroker): + + def check_access(self, username='', password='', authid=None): + + # do a simple PAM authentication against the PAM service ,,x2gobroker'' + if authid is None: + if username and password: + if pam.authenticate(username, password, service="x2gobroker"): + authid = True + else: + authid = None + + return x2gobroker.base.X2GoBroker.check_access(self, username=username, password=password, authid=authid) + + def list_sessions(self, username): + + # simply call the local x2gobroker-agent to retrieve a session list for <username> + cmd_line = [ _X2GOBROKER_AGENT_CMD, username, "listsessions" ] + broker_agent = subprocess.Popen(cmd_line) + + return broker_agent.stdout() + hooks/post-receive -- x2gobroker.git (HTTP(S) Session broker for X2Go) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).