This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit 5820a876a107ed99b11a0805988f80e563a87627 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Fri Nov 30 09:31:16 2018 +0100 SSH broker: Add --login option. This now supports X2Go Broker user and X2Go Server username being different accounts. --- bin/x2gobroker | 16 +++++++++++++--- debian/changelog | 2 ++ x2gobroker/brokers/base_broker.py | 4 ++-- x2gobroker/client/plain.py | 19 ++++++++++--------- x2gobroker/tests/test_client_plain_base.py | 1 + 5 files changed, 28 insertions(+), 14 deletions(-) diff --git a/bin/x2gobroker b/bin/x2gobroker index bf3dfa9..16c44df 100755 --- a/bin/x2gobroker +++ b/bin/x2gobroker @@ -130,7 +130,8 @@ if __name__ == "__main__": sshbroker_options = [ {'args':['--task'], 'default': None, 'metavar': 'BROKER_TASK', 'help': 'broker task (listsessions, selectsession, setpass, testcon)', }, - {'args':['--user'], 'default': None, 'metavar': 'USER_NAME', 'help': 'Operate on behalf of this user name', }, + {'args':['--user'], 'default': None, 'metavar': 'USER_NAME', 'help': 'Operate on behalf of this X2Go Broker user name', }, + {'args':['--login'], 'default': None, 'metavar': 'LOGIN_NAME', 'help': 'Operate on behalf of this X2Go Server user name', }, {'args':['--auth-cookie', '--next-authid', '--authid', ], 'default': None, 'metavar': 'AUTH_ID', 'help': 'Pre-shared (dynamic) authentication ID', }, {'args':['--profile-id', '--sid', ], 'default': None, 'metavar': 'PROFILE_ID', 'help': 'for task: the profile ID selected from the list of available session profiles', }, {'args':['--backend'], 'default': None, 'metavar': 'BROKER_BACKEND', 'help': 'select a non-default broker backend', }, @@ -182,11 +183,20 @@ if __name__ == "__main__": if cmdline_args.profile_id and cmdline_args.task != 'selectsession': #logger_broker.warn('ignoring option --sid as it only has a meaning with ,,--task selectsession\'\'') pass + + # is a specific X2Go Broker user given on the command line? if cmdline_args.user is None: cmdline_args.user = os.environ['LOGNAME'] - elif cmdline_args.user != x2gobroker.defaults.X2GOBROKER_DAEMON_USER: - #logger_broker.warn('denying context change to user `{user}\', only allowed for magic user `{magic_user}\''.format(user=cmdline_args.user, magic_user=x2gobroker.defaults.X2GOBROKER_DAEMON_USER)) + elif os.environ['LOGNAME'] != x2gobroker.defaults.X2GOBROKER_DAEMON_USER: + logger_broker.warn('denying context change to user `{user}\', only allowed for magic user `{magic_user}\''.format(user=cmdline_args.user, magic_user=x2gobroker.defaults.X2GOBROKER_DAEMON_USER)) cmdline_args.user = os.environ['LOGNAME'] + + # is a specific X2Go Server login name given on the command line? + # if not, assume broker user and X2Go Server login are the same... + if cmdline_args.login is None: + cmdline_args.login = cmdline_args.user + + # bail out if no task is given on the command line if cmdline_args.task is None: print("") p.print_usage() diff --git a/debian/changelog b/debian/changelog index f2bc8ba..f37e161 100644 --- a/debian/changelog +++ b/debian/changelog @@ -83,6 +83,8 @@ x2gobroker (0.0.4.0-0x2go1) UNRELEASED; urgency=medium - x2gobroker/loadchecker.py: Avoid rare cases where at the end of a load checking cycle a negative sleep time would have been calculated. (Fixes: #1315). Thanks to Walid Moghrabi for catching this. + - SSH broker: Add --login option. This now supports X2Go Broker user and + X2Go Server username being different accounts. * debian/*: + Trigger Makefile's install target and install those files. Drop debhelper from-source-installation magic. diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py index 9c1e68d..b6c9b3f 100644 --- a/x2gobroker/brokers/base_broker.py +++ b/x2gobroker/brokers/base_broker.py @@ -1306,7 +1306,7 @@ class X2GoBroker(object): :param profile_id: the selected profile ID. This matches one of the dictionary keys offered by the ``list_profiles`` method :type profile_id: ``str`` - :param username: specify username that this operation runs for + :param username: specify X2Go Server username that this operation runs for :type username: ``str`` :param pubkey: The broker clients may send us a public key that we may temporarily install into a remote X2Go Server for non-interactive login @@ -1642,7 +1642,7 @@ class X2GoBroker(object): # this is the OLD style of the auto login feature # FIXME: we somehow have to find out about the username of the person at the broker client-side... - # using the username used for broker login for now... + # using the username used for server login for now... pubkey, privkey = x2gobroker.agent.genkeypair(local_username=username, client_address=self.get_client_address()) if remote_sshproxy_agent is not None: diff --git a/x2gobroker/client/plain.py b/x2gobroker/client/plain.py index dad51ab..fc8ddd9 100644 --- a/x2gobroker/client/plain.py +++ b/x2gobroker/client/plain.py @@ -58,7 +58,8 @@ class X2GoBrokerClient(object): logger_broker.info('client address is {address}'.format(address=ip)) broker_backend.set_client_address(ip) - username = args.user + broker_username = args.user + server_username = args.login cookie = args.auth_cookie task = args.task profile_id = args.profile_id @@ -67,13 +68,13 @@ class X2GoBrokerClient(object): broker_backend._do_authenticate = _override_do_authenticate - username, password, task, profile_id, ip, cookie, authed, server = broker_backend.run_optional_script(script_type='pre_auth_scripts', username=username, password="SSH", task=task, profile_id=profile_id, ip=ip, cookie=cookie) - access, next_cookie = broker_backend.check_access(username=username, ip=ip, cookie=cookie, override_password_auth=True) - username, password, task, profile_id, ip, cookie, authed, server = broker_backend.run_optional_script(script_type='post_auth_scripts', username=username, password="SSH", task=task, profile_id=profile_id, ip=ip, cookie=cookie, authed=access) + broker_username, password, task, profile_id, ip, cookie, authed, server = broker_backend.run_optional_script(script_type='pre_auth_scripts', username=broker_username, password="SSH", task=task, profile_id=profile_id, ip=ip, cookie=cookie) + access, next_cookie = broker_backend.check_access(username=broker_username, ip=ip, cookie=cookie, override_password_auth=True) + broker_username, password, task, profile_id, ip, cookie, authed, server = broker_backend.run_optional_script(script_type='post_auth_scripts', username=broker_username, password="SSH", task=task, profile_id=profile_id, ip=ip, cookie=cookie, authed=access) if access: - logger_broker.debug ('username: {username}, task: {task}, profile_id: {profile_id}'.format(username=username, task=task, profile_id=profile_id)) + logger_broker.debug ('broker_username: {broker_username}, server_username: {server_username}, task: {task}, profile_id: {profile_id}'.format(broker_username=broker_username, server_username=server_username, task=task, profile_id=profile_id)) ### ### CONFIRM SUCCESSFUL AUTHENTICATION FIRST @@ -98,7 +99,7 @@ class X2GoBrokerClient(object): if task == 'listsessions': - profiles = broker_backend.list_profiles(username) + profiles = broker_backend.list_profiles(broker_username) if profiles: output += "START_USER_SESSIONS\n\n" profile_ids = list(profiles.keys()) @@ -107,7 +108,7 @@ class X2GoBrokerClient(object): output += "[{profile_id}]\n".format(profile_id=profile_id) for key in list(profiles[profile_id].keys()): if key == 'user' and not profiles[profile_id][key]: - profiles[profile_id][key] = username + profiles[profile_id][key] = server_username if type(profiles[profile_id][key]) == str: output += "{key}={value}".format(key=key, value=profiles[profile_id][key]) elif type(profiles[profile_id][key]) in (list, tuple): @@ -124,9 +125,9 @@ class X2GoBrokerClient(object): if profile_id: - profile_info = broker_backend.select_session(profile_id=profile_id, username=username) + profile_info = broker_backend.select_session(profile_id=profile_id, username=server_username) - username, password, task, profile_id, ip, cookie, authed, server = broker_backend.run_optional_script(script_type='select_session_scripts', username=username, password="SSH", task=task, profile_id=profile_id, ip=ip, cookie=cookie, authed=access, server=profile_info['server']) + broker_username, password, task, profile_id, ip, cookie, authed, server = broker_backend.run_optional_script(script_type='select_session_scripts', username=broker_username, password="SSH", task=task, profile_id=profile_id, ip=ip, cookie=cookie, authed=access, server=profile_info['server']) if 'server' in profile_info: output += "SERVER:" diff --git a/x2gobroker/tests/test_client_plain_base.py b/x2gobroker/tests/test_client_plain_base.py index 34ce54f..c6c3c9f 100644 --- a/x2gobroker/tests/test_client_plain_base.py +++ b/x2gobroker/tests/test_client_plain_base.py @@ -29,6 +29,7 @@ from nose.tools import assert_equal, assert_true, assert_false class args(): def __init__(self): self.user = None + self.login = None self.auth_cookie = None self.task = None self.profile_id = None -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git