The branch, build-main has been updated via 9a385f3d881a59c8e589c3c373eeba8f66049d6e (commit) from fbb1f8755341c5f318b3e3ee2602487005612e4e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: debian/control | 1 + debian/python-x2gobroker.default | 29 +++++++++++++++++++++++++++ debian/x2gobroker-authservice.default | 9 --------- debian/x2gobroker-authservice.init | 11 +++++++---- debian/x2gobroker-daemon.default | 35 --------------------------------- debian/x2gobroker-daemon.init | 18 +++++++++++++---- sbin/x2gobroker | 30 +++++++++++++++++++++++++++- sbin/x2gobroker-authservice | 24 ++++++++++++++++++++-- setup.py | 7 +++++-- x2gobroker/__init__.py | 5 ++--- x2gobroker/authservice.py | 4 ++-- x2gobroker/defaults.py | 25 ----------------------- 12 files changed, 111 insertions(+), 87 deletions(-) create mode 100644 debian/python-x2gobroker.default The diff of changes is: diff --git a/debian/control b/debian/control index 4a7be0d..833c10f 100644 --- a/debian/control +++ b/debian/control @@ -22,6 +22,7 @@ Depends: python, python-argparse, python-setproctitle, + python-webpy (>= 1:0.37), python-x2gobroker (>= ${source:Version}), python-x2gobroker (<< ${source:Version}.1~), Suggests: apache2 | httpd, diff --git a/debian/python-x2gobroker.default b/debian/python-x2gobroker.default new file mode 100644 index 0000000..f34e313 --- /dev/null +++ b/debian/python-x2gobroker.default @@ -0,0 +1,29 @@ +# X2Go Broker Session Broker (common) configuration for Debian + +# The posix user/group ID the broker runs under (do not change!) +# if you change those nonetheless, make sure that the log file +# directory (default: /var/log/x2gobroker) and files in there are +# writable by that user +#X2GOBROKER_DAEMON_USER=x2gobroker +#X2GOBROKER_DAEMON_GROUP=x2gobroker + +# Run X2Go Session Broker in debug mode, this will make the broker +# available through http GET method calls (otherwise: POST method +# only) and you will be able to test the broker through your web +# browser (0=disable, 1=enable). +#X2GOBROKER_DEBUG=0 + +# Default X2Go Session Broker backend (available: zeroconf, inifile) +#X2GOBROKER_DEFAULT_BACKEND=zeroconf + +# Path to the X2Go Session Broker's configuration file +#X2GOBROKER_CONFIG=/etc/x2go/x2gobroker.conf + +# Path to the X2Go Session Broker's session profiles file (when using the inifile backend) +#X2GOBROKER_SESSIONPROFILES=/etc/x2go/broker/x2gobroker-sessionprofiles.conf + +# Path to the X2Go Session Broker's agent command +#X2GOBROKER_AGENT_CMD=/usr/lib/x2go/x2gobroker-agent + +# The unix socket file for communication between the broker and the authentication service. +#X2GOBROKER_AUTHSERVICE_SOCKET=/run/x2gobroker/x2gobroker-authservice.socket diff --git a/debian/x2gobroker-authservice.default b/debian/x2gobroker-authservice.default index 9f89cd4..017b75c 100644 --- a/debian/x2gobroker-authservice.default +++ b/debian/x2gobroker-authservice.default @@ -8,12 +8,3 @@ # you can disable the authentication service here. START_AUTHSERVICE=true -# The posix user ID the broker runs under (do not change!) -# if you change it nonetheless, make sure that the log file -# directory (default: /var/log/x2gobroker) and files in there are -# writable by that user -#X2GOBROKER_DAEMON_GROUP=x2gobroker - -# The unix socket file for communication between the broker and the authentication service. -#X2GOBROKER_AUTHSERVICE_SOCKET=/run/x2gobroker/x2gobroker-authservice.socket - diff --git a/debian/x2gobroker-authservice.init b/debian/x2gobroker-authservice.init index ccbad0a..d531f78 100755 --- a/debian/x2gobroker-authservice.init +++ b/debian/x2gobroker-authservice.init @@ -21,16 +21,18 @@ set -eu AUTHSERVICE=/usr/sbin/x2gobroker-authservice test -d /run && RUNDIR=/run || RUNDIR=/var/run PIDFILE_AUTHSERVICE=$RUNDIR/x2gobroker/x2gobroker-authservice.pid -DEBIANCONFIG=/etc/default/x2gobroker-authservice +DEBIANCONFIG_COMMON=/etc/default/python-x2gobroker +DEBIANCONFIG_AUTHSERVICE=/etc/default/x2gobroker-authservice test -x "$AUTHSERVICE" || exit 0 START_AUTHSERVICE=false +X2GOBROKER_DEBUG=0 X2GOBROKER_DAEMON_USER='x2gobroker' X2GOBROKER_DAEMON_GROUP='x2gobroker' X2GOBROKER_AUTHSERVICE_SOCKET="$RUNDIR/x2gobroker/x2gobroker-authservice.socket" -test -f $DEBIANCONFIG && . $DEBIANCONFIG - +test -f $DEBIANCONFIG_COMMON && . $DEBIANCONFIG_COMMON +test -f $DEBIANCONFIG_AUTHSERVICE && . $DEBIANCONFIG_AUTHSERVICE if ! getent passwd $X2GOBROKER_DAEMON_USER 1>/dev/null 2>/dev/null; then X2GOBROKER_DAEMON_USER=nobody @@ -42,8 +44,9 @@ fi # create PID directory mkdir -p $RUNDIR/x2gobroker chown $X2GOBROKER_DAEMON_USER:$X2GOBROKER_DAEMON_GROUP $RUNDIR/x2gobroker -chmod 0700 $RUNDIR/x2gobroker +chmod 0770 $RUNDIR/x2gobroker +export X2GOBROKER_DEBUG export X2GOBROKER_DAEMON_USER export X2GOBROKER_DAEMON_GROUP export X2GOBROKER_AUTHSERVICE_SOCKET diff --git a/debian/x2gobroker-daemon.default b/debian/x2gobroker-daemon.default index f3c5bc0..bff0410 100644 --- a/debian/x2gobroker-daemon.default +++ b/debian/x2gobroker-daemon.default @@ -3,44 +3,9 @@ # Uncomment to enable the X2Go Session Broker standalone daemon START_BROKER=true -# For PAM authentication the X2Go Session Broker needs its authentication -# service. The session broker itself runs as a non-privileged user (see below) -# whereas the authentication service must run as super-user root. -# -# If you do not use PAM as authentication mechanism with the X2Go Session Broker, -# you can disable the authentication service here. -START_AUTHSERVICE=true - -# The posix user ID the broker runs under (do not change!) -# if you change it nonetheless, make sure that the log file -# directory (default: /var/log/x2gobroker) and files in there are -# writable by that user -#X2GOBROKER_DAEMON_USER=x2gobroker - -# Run X2Go Session Broker in debug mode, this will make the broker -# available through http GET method calls (otherwise: POST method -# only) and you will be able to test the broker through your web -# browser (0=disable, 1=enable). -#X2GOBROKER_DEBUG=0 - # Bind standalone daemon to this address:port #DAEMON_BIND_ADDRESS=127.0.0.1:8080 -# Default X2Go Session Broker backend (available: zeroconf, inifile) -#X2GOBROKER_DEFAULT_BACKEND=zeroconf - -# Path to the X2Go Session Broker's configuration file -#X2GOBROKER_CONFIG=/etc/x2go/x2gobroker.conf - -# Path to the X2Go Session Broker's session profiles file (when using the inifile backend) -#X2GOBROKER_SESSIONPROFILES=/etc/x2go/broker/x2gobroker-sessionprofiles.conf - -# Path to the X2Go Session Broker's agent command -#X2GOBROKER_AGENT_CMD=/usr/lib/x2go/x2gobroker-agent - -# The unix socket file for communication between the broker and the authentication service. -#X2GOBROKER_AUTHSERVICE_SOCKET=/run/x2gobroker/x2gobroker-authservice.socket - ########################################################## ### ### diff --git a/debian/x2gobroker-daemon.init b/debian/x2gobroker-daemon.init index a632a86..0a8b90a 100755 --- a/debian/x2gobroker-daemon.init +++ b/debian/x2gobroker-daemon.init @@ -21,8 +21,8 @@ set -eu DAEMON=/usr/sbin/x2gobroker test -d /run && RUNDIR=/run || RUNDIR=/var/run PIDFILE_BROKER=$RUNDIR/x2gobroker/x2gobroker-daemon.pid -DEBIANCONFIG=/etc/default/x2gobroker-daemon -DEBIANCONFIG_AUTHSERVICE=/etc/default/x2gobroker-daemon +DEBIANCONFIG_COMMON=/etc/default/python-x2gobroker +DEBIANCONFIG_DAEMON=/etc/default/x2gobroker-daemon test -x "$DAEMON" || exit 0 @@ -30,6 +30,7 @@ START_BROKER=false DAEMON_BIND_ADDRESS=127.0.0.1:8080 X2GOBROKER_DEBUG=0 X2GOBROKER_DAEMON_USER='x2gobroker' +X2GOBROKER_DAEMON_GROUP='x2gobroker' X2GOBROKER_DEFAULT_BACKEND="zeroconf" X2GOBROKER_CONFIG="/etc/x2go/x2gobroker.conf" X2GOBROKER_SESSIONPROFILES="/etc/x2go/broker/x2gobroker-sessionprofiles.conf" @@ -37,12 +38,20 @@ X2GOBROKER_AGENT_CMD="/usr/lib/x2go/x2gobroker-agent" X2GOBROKER_AUTHSERVICE_SOCKET="$RUNDIR/x2gobroker/x2gobroker-authservice.socket" X2GOBROKER_SSL_CERTFILE= X2GOBROKER_SSL_KEYFILE= -test -f $DEBIANCONFIG && . $DEBIANCONFIG -test -f $DEBIANCONFIG_AUTHSERVICE && . $DEBIANCONFIG_AUTHSERVICE +test -f $DEBIANCONFIG_COMMON && . $DEBIANCONFIG_COMMON +test -f $DEBIANCONFIG_DAEMON && . $DEBIANCONFIG_DAEMON if ! getent passwd $X2GOBROKER_DAEMON_USER 1>/dev/null 2>/dev/null; then X2GOBROKER_DAEMON_USER=nobody fi +if ! getent group $X2GOBROKER_DAEMON_GROUP 1>/dev/null 2>/dev/null; then + X2GOBROKER_DAEMON_GROUP=nogroup +fi + +# create PID directory +mkdir -p $RUNDIR/x2gobroker +chown $X2GOBROKER_DAEMON_USER:$X2GOBROKER_DAEMON_GROUP $RUNDIR/x2gobroker +chmod 0770 $RUNDIR/x2gobroker # mend user ID variables when --chuid $X2GOBROKER_DAEMON_USER is used with start-stop-daemon export LOGNAME=$X2GOBROKER_DAEMON_USER @@ -51,6 +60,7 @@ export USERNAME=$X2GOBROKER_DAEMON_USER export X2GOBROKER_DEBUG export X2GOBROKER_DAEMON_USER +export X2GOBROKER_DAEMON_GROUP export X2GOBROKER_CONFIG export X2GOBROKER_DEFAULT_BACKEND export X2GOBROKER_SESSIONPROFILES diff --git a/sbin/x2gobroker b/sbin/x2gobroker index bb52019..33e9580 100755 --- a/sbin/x2gobroker +++ b/sbin/x2gobroker @@ -22,10 +22,11 @@ # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. -import sys import os +import sys import argparse import socket +import logging import web from web.wsgiserver import CherryPyWSGIServer @@ -35,8 +36,35 @@ except ImportError: sys.path.insert(0, os.path.join(os.getcwd(), '..')) import x2gobroker.defaults +from x2gobroker import __VERSION__ +from x2gobroker import __AUTHOR__ from x2gobroker.loggers import logger_broker, logger_access, logger_error +logger_broker.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__)) +logger_broker.info('Setting up the broker\'s environment...') +logger_broker.info(' X2GOBROKER_DEBUG: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DEBUG)) +logger_broker.info(' X2GOBROKER_CONFIG: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_CONFIG)) +logger_broker.info(' X2GOBROKER_AGENT_CMD: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_AGENT_CMD)) +logger_broker.info(' X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_AUTHSERVICE_SOCKET)) +logger_broker.info(' X2GOBROKER_DEFAULT_BACKEND: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DEFAULT_BACKEND)) +logger_broker.info(' X2GOBROKER_SSL_CERTFILE: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_SSL_CERTFILE)) +logger_broker.info(' X2GOBROKER_SSL_KEYFILE: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_SSL_KEYFILE)) + +# raise log level to DEBUG if requested... +if x2gobroker.defaults.X2GOBROKER_DEBUG and not x2gobroker.defaults.X2GOBROKER_TESTSUITE: + logger_broker.setLevel(logging.DEBUG) + logger_access.setLevel(logging.DEBUG) + logger_error.setLevel(logging.DEBUG) + +# check effective UID the broker runs as and complain appropriately... +if x2gobroker.defaults.X2GOBROKER_USER != x2gobroker.defaults.X2GOBROKER_DAEMON_USER and os.geteuid() != 0: + logger_broker.warn('X2Go Session Broker has been started interactively by user {username}, better run as user {daemon_username}.'.format(username=X2GOBROKER_USER, daemon_username=X2GOBROKER_DAEMON_USER)) + logger_broker.info('Automatically switching to DEBUG mode due to interactive launch of this application.') +elif x2gobroker.defaults.X2GOBROKER_DAEMON_USER != 'root' and os.geteuid() == 0: + logger_broker.warn('X2Go Session Broker should not be run as root, better run as user {daemon_username}.'.format(daemon_username=X2GOBROKER_DAEMON_USER)) +elif os.geteuid() == 0: + logger_broker.warn('X2Go Session Broker should not be run as root, better run as non-privileged user') + # parse-in potential command line options cmdline_args = None if __name__ == "__main__": diff --git a/sbin/x2gobroker-authservice b/sbin/x2gobroker-authservice index 6ff6423..2d9af94 100755 --- a/sbin/x2gobroker-authservice +++ b/sbin/x2gobroker-authservice @@ -26,17 +26,37 @@ import os import sys import setproctitle import argparse +import logging try: - import x2gobroker.authservice + import x2gobroker.defaults except ImportError: sys.path.insert(0, os.path.join(os.getcwd(), '..')) - import x2gobroker.authservice + import x2gobroker.defaults + +import x2gobroker.authservice PROG_NAME = os.path.basename(sys.argv[0]) PROG_OPTIONS = sys.argv[1:] setproctitle.setproctitle("%s %s" % (PROG_NAME, " ".join(PROG_OPTIONS))) +from x2gobroker import __VERSION__ +from x2gobroker import __AUTHOR__ +from x2gobroker.loggers import logger_authservice + +# raise log level to DEBUG if requested... +if x2gobroker.defaults.X2GOBROKER_DEBUG and not x2gobroker.defaults.X2GOBROKER_TESTSUITE: + logger_authservice.setLevel(logging.DEBUG) + +logger_authservice.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__)) +logger_authservice.info('Setting up the PAM authentication service\'s environment...') +logger_authservice.info(' X2GOBROKER_DEBUG: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DEBUG)) +logger_authservice.info(' X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_AUTHSERVICE_SOCKET)) + +# check effective UID the broker runs as and complain appropriately... +if os.geteuid() != 0: + logger_authservice.warn('X2Go Session Broker\'PAM authentication service should run with root privileges to guarantee proper access to all PAM modules.') + if __name__ == '__main__': common_options = [ diff --git a/setup.py b/setup.py index 8745c3f..f6d9aba 100755 --- a/setup.py +++ b/setup.py @@ -28,15 +28,18 @@ import os for line in file(os.path.join('x2gobroker', '__init__.py')).readlines(): if (line.startswith('__VERSION__')): exec(line.strip()) +for line in file(os.path.join('x2gobroker', '__init__.py')).readlines(): + if (line.startswith('__AUTHOR__')): + exec(line.strip()) MODULE_VERSION = __VERSION__ - +MODULE_AUTHOR = __AUTHOR__ setup( name = "x2gobroker", version = MODULE_VERSION, description = "X2Go Session Broker", license = 'AGPLv3+', - author = 'Mike Gabriel', + author = MODULE_AUTHOR, url = 'http://www.x2go.org', packages = find_packages('.'), package_dir = {'': '.'}, diff --git a/x2gobroker/__init__.py b/x2gobroker/__init__.py index ad8c1e4..d9172cc 100644 --- a/x2gobroker/__init__.py +++ b/x2gobroker/__init__.py @@ -18,6 +18,5 @@ # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. -__VERSION__ = '0.0.0.1' - - +__VERSION__ = '0.0.0.2' +__AUTHOR__ = 'Mike Gabriel (X2Go Project) <mike.gabriel@das-netzwerkteam.de>' diff --git a/x2gobroker/authservice.py b/x2gobroker/authservice.py index 7b12bb9..fa7ce84 100644 --- a/x2gobroker/authservice.py +++ b/x2gobroker/authservice.py @@ -93,7 +93,7 @@ def authenticate(username, password, service="x2gobroker"): result = s.recv(1024) s.close() if result.startswith('ok'): - logger_authservice.info('authentication against PAM service {service} succeeded for {username}'.format(username=username, service=service)) + logger_authservice.info('authentication against PAM service »{service}« succeeded for user »{username}«'.format(username=username, service=service)) return True - logger_authservice.info('authentication against service {service} failed for user {username}'.format(username=username, service=service)) + logger_authservice.info('authentication against service »{service}« failed for user »{username}«'.format(username=username, service=service)) return False diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py index f56a566..720fa94 100644 --- a/x2gobroker/defaults.py +++ b/x2gobroker/defaults.py @@ -46,36 +46,16 @@ else: if X2GOBROKER_USER != X2GOBROKER_DAEMON_USER: X2GOBROKER_DEBUG = True -# raise log level to DEBUG if requested... -if X2GOBROKER_DEBUG and not X2GOBROKER_TESTSUITE: - logger_broker.setLevel(logging.DEBUG) - logger_access.setLevel(logging.DEBUG) - logger_error.setLevel(logging.DEBUG) - # drop og level to CRITICAL if we are running the unittests... if X2GOBROKER_TESTSUITE: logger_broker.setLevel(logging.CRITICAL) logger_access.setLevel(logging.CRITICAL) logger_error.setLevel(logging.CRITICAL) -# check effective UID the broker runs as and complain appropriately... -if X2GOBROKER_USER != X2GOBROKER_DAEMON_USER and os.geteuid() != 0: - logger_broker.warn('X2Go Session Broker has been started interactively by user {username}, better run as user {daemon_username}.'.format(username=X2GOBROKER_USER, daemon_username=X2GOBROKER_DAEMON_USER)) - logger_broker.info('Automatically switching to DEBUG mode due to interactive launch of this application.') -elif X2GOBROKER_DAEMON_USER != 'root' and os.geteuid() == 0: - logger_broker.warn('X2Go Session Broker should not be run as root, better run as user {daemon_username}.'.format(daemon_username=X2GOBROKER_DAEMON_USER)) -elif os.geteuid() == 0: - logger_broker.warn('X2Go Session Broker should not be run as root, better run as non-privileged user') - -logger_broker.info('Setting up the broker\'s environment...') -logger_broker.info('X2Go Session Broker: Setting up the broker\'s environment...') -logger_broker.info(' X2GOBROKER_DEBUG: {value}'.format(value=X2GOBROKER_DEBUG)) - if os.environ.has_key('X2GOBROKER_CONFIG'): X2GOBROKER_CONFIG = os.environ['X2GOBROKER_CONFIG'] else: X2GOBROKER_CONFIG = "/etc/x2go/x2gobroker.conf" -logger_broker.info(' X2GOBROKER_CONFIG: {value}'.format(value=X2GOBROKER_CONFIG)) X2GOBROKER_SESSIONPROFILES = "/etc/x2go/broker/x2gobroker-sessionprofiles.conf" @@ -83,31 +63,26 @@ if os.environ.has_key('X2GOBROKER_AGENT_CMD'): X2GOBROKER_AGENT_CMD = os.environ['X2GOBROKER_AGENT_CMD'] else: X2GOBROKER_AGENT_CMD = "/usr/lib/x2go/x2gobroker-agent" -logger_broker.info(' X2GOBROKER_AGENT_CMD: {value}'.format(value=X2GOBROKER_AGENT_CMD)) if os.environ.has_key('X2GOBROKER_AUTHSERVICE_SOCKET'): X2GOBROKER_AUTHSERVICE_SOCKET=os.environ['X2GOBROKER_AUTHSERVICE_SOCKET'] else: X2GOBROKER_AUTHSERVICE_SOCKET="/var/run/x2gobroker-authservice.socket" -logger_broker.info(' X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=X2GOBROKER_AUTHSERVICE_SOCKET)) if os.environ.has_key('X2GOBROKER_DEFAULT_BACKEND'): X2GOBROKER_DEFAULT_BACKEND = os.environ['X2GOBROKER_DEFAULT_BACKEND'] else: X2GOBROKER_DEFAULT_BACKEND = "zeroconf" -logger_broker.info(' X2GOBROKER_DEFAULT_BACKEND: {value}'.format(value=X2GOBROKER_DEFAULT_BACKEND)) if os.environ.has_key('X2GOBROKER_SSL_CERTFILE'): X2GOBROKER_SSL_CERTFILE = os.environ['X2GOBROKER_SSL_CERTFILE'] else: X2GOBROKER_SSL_CERTFILE = "" -logger_broker.info(' X2GOBROKER_SSL_CERTFILE: {value}'.format(value=X2GOBROKER_SSL_CERTFILE)) if os.environ.has_key('X2GOBROKER_SSL_KEYFILE'): X2GOBROKER_SSL_KEYFILE = os.environ['X2GOBROKER_SSL_KEYFILE'] else: X2GOBROKER_SSL_KEYFILE = "" -logger_broker.info(' X2GOBROKER_SSL_KEYFILE: {value}'.format(value=X2GOBROKER_SSL_KEYFILE)) ### hooks/post-receive -- x2gobroker.git (HTTP(S) Session broker for X2Go) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).