The branch, statusflag has been updated via a0d62e0be475fa27152decbc15b009cdd937bb1d (commit) from 3626ac1dc3c22b870e7d337bf71179ff44977402 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: x2gobroker/backends/base.py | 109 +++++++++++++++++++- x2gobroker/{backends => nameservices}/__init__.py | 0 .../{backends/ldap.py => nameservices/base.py} | 30 ++++-- .../{backends/ldap.py => nameservices/libnss.py} | 33 ++++-- x2gobroker/tests/test_backend_base.py | 57 ++++++++-- 5 files changed, 201 insertions(+), 28 deletions(-) copy x2gobroker/{backends => nameservices}/__init__.py (100%) copy x2gobroker/{backends/ldap.py => nameservices/base.py} (58%) copy x2gobroker/{backends/ldap.py => nameservices/libnss.py} (52%) The diff of changes is: diff --git a/x2gobroker/backends/base.py b/x2gobroker/backends/base.py index 1bde0e7..f6f0dd6 100644 --- a/x2gobroker/backends/base.py +++ b/x2gobroker/backends/base.py @@ -48,6 +48,7 @@ class X2GoBroker(object): """ backend_name = 'base' + service_module = None def __init__(self, config_file=None, config_defaults=None): """\ @@ -329,12 +330,12 @@ class X2GoBroker(object): return unicode(_auth_mech) or unicode(_default_auth_mech) - def get_userdb_backend(self): + def get_userdb_service(self): """\ Get the name of the backend being used for retrieving user information from the system. - @return: user database backend name + @return: user service name @rtype: C{unicode} """ @@ -347,12 +348,12 @@ class X2GoBroker(object): return unicode(_user_db) - def get_groupdb_backend(self): + def get_groupdb_service(self): """\ Get the name of the backend being used for retrieving group information from the system. - @return: group database backend name + @return: group service name @rtype: C{unicode} """ @@ -365,6 +366,104 @@ class X2GoBroker(object): return unicode(_group_db) + def _import_service_module(self, service='libnss'): + try: + if self.service_module is None: + exec("import x2gobroker.nameservices.{service} as _service_module".format(service=service)) + self.service_module = _service_module + return True + except ImportError: + return False + + def has_user(self, username): + """\ + Test if the broker knows user C{<username>}. + + @param username: test for existence of this user + @type username: C{unicode} + + @return: returns C{True} if a user exists + @rtype: C{bool} + + """ + if self._import_service_module(service=self.get_userdb_service()): + return self.service_module.X2GoBrokerNameService().has_user(username=username) + else: + return False + + def get_users(self): + """\ + Get list of known users. + + @return: returns list of known users + @rtype: C{list} + + """ + if self._import_service_module(service=self.get_userdb_service()): + return self.service_module.X2GoBrokerNameService().get_users() + else: + return False + + def has_group(self, group): + """\ + Test if the broker knows group C{<group>}. + + @param group: test for existence of this group + @type group: C{unicode} + + @return: returns C{True} if a group exists + @rtype: C{bool} + + """ + if self._import_service_module(service=self.get_groupdb_service()): + return self.service_module.X2GoBrokerNameService().has_group(group=group) + else: + return False + + def get_groups(self): + """\ + Get list of known groups. + + @return: returns list of known groups + @rtype: C{list} + + """ + if self._import_service_module(service=self.get_groupdb_service()): + return self.service_module.X2GoBrokerNameService().get_groups() + else: + return False + + def is_group_member(self, username, group, primary_groups=False): + """\ + Check if a user is member of a given group. + + @return: returns C{True} if the user is member of the given group + @rtype: C{bool} + + """ + if self._import_service_module(service=self.get_groupdb_service()): + return self.service_module.X2GoBrokerNameService().is_group_member(username=username, group=group, primary_groups=primary_groups) + else: + return [] + + def get_group_members(self, group, primary_groups=False): + """\ + Get the list of members in group C{<group>}. + + @param group: valid group name + @type group: C{unicode} + @param primary_groups: include primary groups found with the user db service + @type primary_groups: C{bool} + + @return: list of users belonging to the given group + @rtype: C{list} + + """ + if self._import_service_module(service=self.get_groupdb_service()): + return self.service_module.X2GoBrokerNameService().get_group_members(group=group, primary_groups=primary_groups) + else: + return [] + def check_access(self, username='', password='', authid=None, ): """\ Check if a given user with a given password may gain access to the @@ -391,6 +490,8 @@ class X2GoBroker(object): access = False access = self._do_authenticate(username=username, password=password) + ### HANDLING OF DYNAMIC AUTHENTICATION ID HASHES + # using authid as extra security? if self.config.get_value('global', 'use-authid'): diff --git a/x2gobroker/backends/__init__.py b/x2gobroker/nameservices/__init__.py similarity index 100% copy from x2gobroker/backends/__init__.py copy to x2gobroker/nameservices/__init__.py diff --git a/x2gobroker/backends/ldap.py b/x2gobroker/nameservices/base.py similarity index 58% copy from x2gobroker/backends/ldap.py copy to x2gobroker/nameservices/base.py index 62b9801..48ac244 100644 --- a/x2gobroker/backends/ldap.py +++ b/x2gobroker/nameservices/base.py @@ -18,16 +18,28 @@ # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. -"""\ -X2goBrokerLDAP class - a production X2GoBroker implementations that uses LDAP as configuration backend +class X2GoBrokerNameService(object): -""" -__NAME__ = 'x2gobroker-pylib' + def has_user(self, username): + return username in self.get_users() -# modules -import x2gobroker.base + def get_users(self): + return [] -class X2GoBroker(x2gobroker.base.X2GoBroker): - """\ + def get_primary_group(self, username): + return [] - """ + def has_group(self, group): + return group in self.get_groups() + + def get_groups(self): + return [] + + def is_group_member(self, username, group, primary_groups=False): + _groups = self.get_group_members(group) + if primary_groups: + _groups.extend(self.get_primary_group(username)) + return username in _groups + + def get_group_members(self, group, primary_groups=False): + return [] diff --git a/x2gobroker/backends/ldap.py b/x2gobroker/nameservices/libnss.py similarity index 52% copy from x2gobroker/backends/ldap.py copy to x2gobroker/nameservices/libnss.py index 62b9801..4636a13 100644 --- a/x2gobroker/backends/ldap.py +++ b/x2gobroker/nameservices/libnss.py @@ -18,16 +18,31 @@ # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. -"""\ -X2goBrokerLDAP class - a production X2GoBroker implementations that uses LDAP as configuration backend +# modules +import pwd +import grp -""" -__NAME__ = 'x2gobroker-pylib' +# Python X2GoBroker modules +import base -# modules -import x2gobroker.base -class X2GoBroker(x2gobroker.base.X2GoBroker): - """\ +class X2GoBrokerNameService(base.X2GoBrokerNameService): + + def get_users(self): + return [ p.pw_name for p in pwd.getpwall() ] + + def get_primary_group(self, username): + prim_gid_number = [ p.pw_gid for p in pwd.getpwall() if p.pw_name == username ] + return [ g.gr_name for g in grp.getgrall() if g.gr_gid in prim_gid_number ] + + def get_groups(self): + return [ g.gr_name for g in grp.getgrall() ] + + def get_group_members(self, group, primary_groups=False): + _members_from_primgroups = [] + if primary_groups: + for username in self.get_users(): + if group in self.get_primary_group(username): + _members_from_primgroups.append(group) + return grp.getgrnam(group).gr_mem + _members_from_primgroups - """ diff --git a/x2gobroker/tests/test_backend_base.py b/x2gobroker/tests/test_backend_base.py index a00765b..d08538d 100644 --- a/x2gobroker/tests/test_backend_base.py +++ b/x2gobroker/tests/test_backend_base.py @@ -95,7 +95,7 @@ auth-mech = bar-auth-mech ### TEST CONFIGURATION: user DB backend (default-user-db vs. user-db in backend config) - def test_getuserdbbackend(self): + def test_getuserdbservice(self): _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS) _config_defaults.update({'base': {'enable': True, }, }) _config = """ @@ -109,7 +109,7 @@ enable = true print >> tf, _config tf.seek(0) base_backend = x2gobroker.backends.base.X2GoBroker(config_file=tf.name) - self.assertEqual(base_backend.get_userdb_backend(), 'foo-user-db') + self.assertEqual(base_backend.get_userdb_service(), 'foo-user-db') _config = """ [global] default-user-db = foo-user-db @@ -122,12 +122,12 @@ user-db = bar-user-db print >> tf, _config tf.seek(0) base_backend = x2gobroker.backends.base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults) - self.assertEqual(base_backend.get_userdb_backend(), 'bar-user-db') + self.assertEqual(base_backend.get_userdb_service(), 'bar-user-db') tf.close() ### TEST CONFIGURATION: group DB backend (default-group-db vs. group-db in backend config) - def test_getgroupdbbackend(self): + def test_getgroupdbservice(self): _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS) _config_defaults.update({'base': {'enable': True, }, }) _config = """ @@ -141,7 +141,7 @@ enable = true print >> tf, _config tf.seek(0) base_backend = x2gobroker.backends.base.X2GoBroker(config_file=tf.name) - self.assertEqual(base_backend.get_groupdb_backend(), 'foo-group-db') + self.assertEqual(base_backend.get_groupdb_service(), 'foo-group-db') _config = """ [global] default-group-db = foo-group-db @@ -154,9 +154,54 @@ group-db = bar-group-db print >> tf, _config tf.seek(0) base_backend = x2gobroker.backends.base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults) - self.assertEqual(base_backend.get_groupdb_backend(), 'bar-group-db') + self.assertEqual(base_backend.get_groupdb_service(), 'bar-group-db') tf.close() + def test_nameservicebase(self): + _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS) + _config_defaults.update({'base': {'enable': True, }, }) + _config = """ +[global] +default-user-db = base +default-group-db = base + +[base] +enable = true +""" + tf = tempfile.NamedTemporaryFile() + print >> tf, _config + tf.seek(0) + base_backend = x2gobroker.backends.base.X2GoBroker(config_file=tf.name) + self.assertEqual(base_backend.get_users(), []) + self.assertEqual(base_backend.has_user('any-user'), False) + self.assertEqual(base_backend.get_groups(), []) + self.assertEqual(base_backend.has_group('any-group'), False) + self.assertEqual(base_backend.is_group_member('any-user', 'any-group'), False) + self.assertEqual(base_backend.get_group_members('any-group'), []) + + def test_nameservicelibnss(self): + _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS) + _config_defaults.update({'base': {'enable': True, }, }) + _config = """ +[global] +default-user-db = libnss +default-group-db = libnss + +[base] +enable = true +""" + tf = tempfile.NamedTemporaryFile() + print >> tf, _config + tf.seek(0) + base_backend = x2gobroker.backends.base.X2GoBroker(config_file=tf.name) + self.assertTrue( ( 'root' in base_backend.get_users() ) ) + self.assertEqual(base_backend.has_user('root'), True) + self.assertTrue( ( 'root' in base_backend.get_groups() ) ) + self.assertEqual(base_backend.has_group('root'), True) + self.assertEqual(base_backend.is_group_member('root', 'root'), False) + self.assertEqual(base_backend.is_group_member('root', 'root', primary_groups=True), True) + self.assertTrue( ( 'root' not in base_backend.get_group_members('root') ) ) + self.assertTrue( ( 'root' in base_backend.get_group_members('root', primary_groups=True) ) ) ### TEST CONFIGURATION: global >> check-credentials = false hooks/post-receive -- x2gobroker.git (HTTP(S) Session broker for X2Go) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).