This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit 051ceb6ae48da4b47e4367e5de55d5f9229f1895 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Thu Apr 3 12:24:48 2014 +0200 Several fixes while re-working the unittests... - Rename sections for broker backends in x2gobroker.conf - Fix run - Make config object of x2gobroker.conf available in authentication mechanism backends. - Fix SSH based broker client. - Fix several failing tests, adapt tests to current code base. --- debian/changelog | 6 ++++ etc/x2gobroker.conf | 6 ++-- x2gobroker/authmechs/base_authmech.py | 2 +- x2gobroker/authmechs/https_get_authmech.py | 16 +++++----- x2gobroker/authmechs/none_authmech.py | 2 +- x2gobroker/authmechs/pam_authmech.py | 2 +- x2gobroker/authmechs/testsuite_authmech.py | 2 +- x2gobroker/brokers/base_broker.py | 44 ++++++++++++++++++---------- x2gobroker/client/plain.py | 14 ++++----- x2gobroker/defaults.py | 9 ++++-- 10 files changed, 61 insertions(+), 42 deletions(-) diff --git a/debian/changelog b/debian/changelog index 98e95f7..f6486b3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -118,6 +118,12 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low session profiles. - JSON webUI: run pre and post auth scripts also via this backend. - x2gobroker-daemon: become wrapper script, enable --mode HTTP by default. + - Rename sections for broker backends in x2gobroker.conf + - Fix run + - Make config object of x2gobroker.conf available in authentication mechanism + backends. + - Fix SSH based broker client. + - Fix several failing tests, adapt tests to current code base. * debian/control: + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. + Fix SYNOPSIS texts. diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf index edd3ada..b55becc 100644 --- a/etc/x2gobroker.conf +++ b/etc/x2gobroker.conf @@ -242,18 +242,18 @@ # # For small-scale deployments the IniFile backend is the recommended backend. -[zeroconf] +[broker_zeroconf] #enable = false #auth-mech = pam #user-db = libnss #group-db = libnss #desktop-shell = KDE -[inifile] +[broker_inifile] #enable = true #session-profiles = /etc/x2go/broker/x2gobroker-sessionprofiles.conf -#[ldap] -> MUSIC OF THE FUTURE +#[broker_ldap] -> MUSIC OF THE FUTURE #enable = false #auth-mech = ldap #user-db = ldap diff --git a/x2gobroker/authmechs/base_authmech.py b/x2gobroker/authmechs/base_authmech.py index 832d25e..f8206af 100644 --- a/x2gobroker/authmechs/base_authmech.py +++ b/x2gobroker/authmechs/base_authmech.py @@ -20,5 +20,5 @@ class X2GoBrokerAuthMech(object): - def authenticate(self, username, password): + def authenticate(self, username, password, **kwargs): return False diff --git a/x2gobroker/authmechs/https_get_authmech.py b/x2gobroker/authmechs/https_get_authmech.py index d3817ed..4f42d71 100644 --- a/x2gobroker/authmechs/https_get_authmech.py +++ b/x2gobroker/authmechs/https_get_authmech.py @@ -41,16 +41,18 @@ from x2gobroker.defaults import X2GOBROKER_CONFIG as _X2GOBROKER_CONFIG class X2GoBrokerAuthMech(object): - def authenticate(self, username, password): + def authenticate(self, username, password, config=None, **kwargs): ## FIXME: these should really be specificed in master config file and have better error checking - config = ConfigParser.RawConfigParser() - config.read(_X2GOBROKER_CONFIG) - - host = config.get('authmech_https_get','host') - path = config.get('authmech_https_get','path') - port = config.get('authmech_https_get','port') + if config: + host = config.get_value('authmech_https_get','host') + path = config.get_value('authmech_https_get','path') + port = config.get_value('authmech_https_get','port') + else: + host = "localhost" + path = "/auth" + port = "80" # base64 encode the username and password auth = base64.standard_b64encode('%s:%s' % (username, password)).replace('\n', '') diff --git a/x2gobroker/authmechs/none_authmech.py b/x2gobroker/authmechs/none_authmech.py index 6a75f1f..6535f4b 100644 --- a/x2gobroker/authmechs/none_authmech.py +++ b/x2gobroker/authmechs/none_authmech.py @@ -20,5 +20,5 @@ class X2GoBrokerAuthMech(object): - def authenticate(self, username, password): + def authenticate(self, username, password, **kwargs): return True diff --git a/x2gobroker/authmechs/pam_authmech.py b/x2gobroker/authmechs/pam_authmech.py index c1b0625..9e7b85b 100644 --- a/x2gobroker/authmechs/pam_authmech.py +++ b/x2gobroker/authmechs/pam_authmech.py @@ -29,7 +29,7 @@ from x2gobroker.loggers import logger_error class X2GoBrokerAuthMech(object): - def authenticate(self, username, password): + def authenticate(self, username, password, **kwargs): if username and password: try: diff --git a/x2gobroker/authmechs/testsuite_authmech.py b/x2gobroker/authmechs/testsuite_authmech.py index 8fda0a9..2df02c4 100644 --- a/x2gobroker/authmechs/testsuite_authmech.py +++ b/x2gobroker/authmechs/testsuite_authmech.py @@ -20,7 +20,7 @@ class X2GoBrokerAuthMech(object): - def authenticate(self, username, password): + def authenticate(self, username, password, **kwargs): # return C{True} for user test with password sweet... (used by the unit tests) if username == 'test' and password == 'sweet': diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py index 8aef096..603d443 100644 --- a/x2gobroker/brokers/base_broker.py +++ b/x2gobroker/brokers/base_broker.py @@ -41,6 +41,9 @@ import x2gobroker.x2gobroker_exceptions from x2gobroker.loggers import logger_broker, logger_error +from x2gobroker.defaults import X2GOBROKER_USER as _X2GOBROKER_USER +from x2gobroker.defaults import X2GOBROKER_DAEMON_USER as _X2GOBROKER_DAEMON_USER + class X2GoBroker(object): """\ L{base.X2GoBroker} is an abstract class for X2Go broker implementations. @@ -68,7 +71,7 @@ class X2GoBroker(object): if self.config_file is None: self.config_file = x2gobroker.defaults.X2GOBROKER_CONFIG if config_defaults is None: config_defaults = x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS self.config = x2gobroker.config.X2GoBrokerConfigFile(config_files=self.config_file, defaults=config_defaults) - self.enabled = self.config.get_value(self.backend_name, 'enable') + self.enabled = self.config.get_value('broker_{backend}'.format(backend=self.backend_name), 'enable') self._dynamic_cookie_map = {} self._client_address = None @@ -183,7 +186,7 @@ class X2GoBroker(object): @rtype: C{dict} """ - return self.config.get_section(self.backend_name) + return self.config.get_section('broker_{backend}'.format(backend=self.backend_name)) def get_backend_value(self, backend='zeroconf', option='enable'): """\ @@ -448,7 +451,7 @@ class X2GoBroker(object): if self._import_authmech_module(mech=self.get_authentication_mechanism()): logger_broker.debug('base_broker.X2GoBroker._do_authenticate(): authenticating user={username} with password=<hidden> against backend={backend}.'.format(username=username, backend=self.backend_name)) - return self.authmech_module.X2GoBrokerAuthMech().authenticate(username, password) + return self.authmech_module.X2GoBrokerAuthMech().authenticate(username, password, config=self.config) else: return False @@ -464,8 +467,8 @@ class X2GoBroker(object): _default_auth_mech = "pam" _auth_mech = "" - if self.config.has_value(self.backend_name, 'auth-mech') and self.config.get_value(self.backend_name, 'auth-mech'): - _auth_mech = self.config.get_value(self.backend_name, 'auth-mech').lower() + if self.config.has_value('broker_{backend}'.format(backend=self.backend_name), 'auth-mech') and self.config.get_value('broker_{backend}'.format(backend=self.backend_name), 'auth-mech'): + _auth_mech = self.config.get_value('broker_{backend}'.format(backend=self.backend_name), 'auth-mech').lower() logger_broker.debug('base_broker.X2GoBroker.get_authentication_mechanism(): found auth-mech in backend config section »{backend}«: {value}. This one has precendence over the default value.'.format(backend=self.backend_name, value=_auth_mech)) elif self.config.has_value('global', 'default-auth-mech'): @@ -492,8 +495,8 @@ class X2GoBroker(object): _agent_query_mode = _profile[u'broker-agent-query-mode'] logger_broker.debug('base_broker.X2GoBroker.get_agent_query_mode(): found broker-agent-query-mode in session profile with ID {id}: {value}. This one has precendence over the default and the backend value.'.format(id=profile_id, value=_agent_query_mode)) - elif self.config.has_value(self.backend_name, 'agent-query-mode') and self.config.get_value(self.backend_name, 'agent-query-mode'): - _backend_agent_query_mode = self.config.get_value(self.backend_name, 'agent-query-mode').lower() + elif self.config.has_value('broker_{backend}'.format(backend=self.backend_name), 'agent-query-mode') and self.config.get_value('broker_{backend}'.format(backend=self.backend_name), 'agent-query-mode'): + _backend_agent_query_mode = self.config.get_value('broker_{backend}'.format(backend=self.backend_name), 'agent-query-mode').lower() logger_broker.debug('base_broker.X2GoBroker.get_agent_query_mode(): found agent-query-mode in backend config section »{backend}«: {value}. This one has precendence over the default value.'.format(backend=self.backend_name, value=_agent_query_mode)) elif self.config.has_value('global', 'default-agent-query-mode') and self.config.get_value('global', 'default-agent-query-mode'): @@ -566,8 +569,8 @@ class X2GoBroker(object): if self.config.has_value('global', 'default-user-db'): _user_db = self.config.get_value('global', 'default-user-db').lower() or _user_db - if self.config.has_value(self.backend_name, 'user-db'): - _user_db = self.config.get_value(self.backend_name, 'user-db').lower() or _user_db + if self.config.has_value('broker_{backend}'.format(backend=self.backend_name), 'user-db'): + _user_db = self.config.get_value('broker_{backend}'.format(backend=self.backend_name), 'user-db').lower() or _user_db return unicode(_user_db) @@ -584,8 +587,8 @@ class X2GoBroker(object): if self.config.has_value('global', 'default-group-db'): _group_db = self.config.get_value('global', 'default-group-db').lower() or _group_db - if self.config.has_value(self.backend_name, 'group-db'): - _group_db = self.config.get_value(self.backend_name, 'group-db').lower() or _group_db + if self.config.has_value('broker_{backend}'.format(backend=self.backend_name), 'group-db'): + _group_db = self.config.get_value('broker_{backend}'.format(backend=self.backend_name), 'group-db').lower() or _group_db return unicode(_group_db) @@ -728,7 +731,7 @@ class X2GoBroker(object): else: return [] - def check_access(self, username='', password='', ip='', cookie=None): + def check_access(self, username='', password='', ip='', cookie=None, override_password_auth=False): """\ Check if a given user with a given password may gain access to the X2Go session broker. @@ -741,6 +744,9 @@ class X2GoBroker(object): @type ip: C{unicode} @param cookie: an extra (static or dynamic) authentication token @type cookie: C{unicode} + @param override_password_auth: let password auth always succeed, needed for SSH broker (where SSH + handled the password (or key) based authentication + @type override_password_auth: C{bool} @return: returns C{True} if the authentication has been successful @rtype: C{bool},C{unicode} @@ -775,7 +781,12 @@ class X2GoBroker(object): if self.config.get_value('global', 'require-password'): # using files to store persistant cookie information because global variables do not work across threads in WSGI - cookie_directory=self.config.get_value('global', 'cookie-directory') + if _X2GOBROKER_USER == _X2GOBROKER_DAEMON_USER: + cookie_directory = self.config.get_value('global', 'cookie-directory') + cookie_directory = os.path.normpath(cookie_directory) + else: + cookie_directory=os.path.normpath(os.path.expanduser('~/.x2go/broker-cookies/')) + if (not os.path.isdir(cookie_directory)): logger_broker.debug('base_broker.X2GoBroker.check_access(): cookie-directory {cookie_directory} does not exist trying to craete it'.format(cookie_directory=cookie_directory)) try: @@ -790,7 +801,7 @@ class X2GoBroker(object): ### IMPLEMENT YOUR AUTHENTICATION LOGIC IN THE self._do_authenticate(**kwargs) METHOD ### when inheriting from the base.X2GoBroker class. - access = self._do_authenticate(username=username, password=password) + access = self._do_authenticate(username=username, password=password) or override_password_auth ### ### @@ -910,11 +921,11 @@ class X2GoBroker(object): if key.startswith('host='): del profile[key] if key == 'user' and profile[key] == 'BROKER_USER': - profile[key] = username + profile[key] = unicode(username) if self.get_session_autologin(profile_id): profile['autologin'] = True - profile['key'] = '<will-be-provided-later>' + profile['key'] = u'<will-be-provided-later>' # make sure that desktop sessions (that we know by name) do run with rootless=false if profile['command'] in x2gobroker.defaults.X2GO_DESKTOP_SESSIONS: @@ -1154,6 +1165,7 @@ class X2GoBroker(object): """ + global_config = self.get_global_config() if len(global_config[script_type]) != 0: for script in global_config[script_type]: try: diff --git a/x2gobroker/client/plain.py b/x2gobroker/client/plain.py index 8c37960..f730d40 100644 --- a/x2gobroker/client/plain.py +++ b/x2gobroker/client/plain.py @@ -66,21 +66,19 @@ class X2GoBrokerClient(object): output = '' - if broker_backend.check_access(cookie=cookie, cookie_only=True): + access, next_cookie = broker_backend.check_access(cookie=cookie, override_password_auth=True) + if access: logger_broker.debug ('username: {username}, task: {task}, profile_id: {profile_id}'.format(username=username, task=task, profile_id=profile_id)) ### ### CONFIRM SUCCESSFUL AUTHENTICATION FIRST ### - - if global_config['require-cookie-auth'] and not global_config['use-static-cookie']: - - ### FIXME: make up a nice protocol for this, disabled for now - #output += "AUTHID: {authid}<br />".format(authid=broker_backend.get_next_authid(username=data.user)) - pass + if next_cookie is not None: + output += "AUTHID:{authid}\n".format(authid=next_cookie) output += "Access granted\n" + ### ### X2GO BROKER TASKS ### @@ -141,5 +139,3 @@ class X2GoBrokerClient(object): return output logger_broker.error ('broker backend ,,{backend}\'\' is disabled on this system'.format(backend=backend)) - - diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py index 5ae9ccb..f06b301 100644 --- a/x2gobroker/defaults.py +++ b/x2gobroker/defaults.py @@ -202,21 +202,24 @@ X2GOBROKER_CONFIG_DEFAULTS = { u'default-authorized-keys': u'%h/.x2go/authorized_keys', u'default-agent-query-mode': u'NONE', }, - 'zeroconf': { + 'broker_base': { + u'enable': False, + }, + 'broker_zeroconf': { u'enable': False, u'auth-mech': u'pam', u'user-db': u'libnss', u'group-db': u'libnss', u'desktop-shell': u'KDE', }, - 'inifile': { + 'broker_inifile': { u'enable': True, u'session-profiles': u'/etc/x2go/broker/x2gobroker-sessionprofiles.conf', u'auth-mech': u'', u'user-db': u'', u'group-db': u'', }, - 'ldap': { + 'broker_ldap': { u'enable': False, u'auth-mech': u'ldap', u'user-db': u'ldap', -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git