The branch, master has been updated via 9217c85255f9737bfe37a61b4a8457764e190b37 (commit) via 40b5a345b349598d4da6bb2492a8f29b7a202dc4 (commit) from a03e031ce619f538ca1f14cd65c3a502ca49ec15 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9217c85255f9737bfe37a61b4a8457764e190b37 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Thu Feb 21 17:16:00 2013 +0100 To make SSH pubkey deployment easier, serve the broker's public SSH key(s) under this URL http(s)://<broker_hostname>:<port>/pubkeys/. commit 40b5a345b349598d4da6bb2492a8f29b7a202dc4 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Thu Feb 21 16:45:03 2013 +0100 log msg change ----------------------------------------------------------------------- Summary of changes: debian/changelog | 2 ++ sbin/x2gobroker | 18 ++++++++------- sbin/x2gobroker-keygen | 2 +- x2gobroker/defaults.py | 8 ++++++- x2gobroker/web/extras.py | 57 ++++++++++++++++++++++++++++++++++++++++++++++ x2gobroker/web/html.py | 2 +- x2gobroker/web/json.py | 2 +- x2gobroker/web/plain.py | 2 +- 8 files changed, 80 insertions(+), 13 deletions(-) create mode 100644 x2gobroker/web/extras.py The diff of changes is: diff --git a/debian/changelog b/debian/changelog index be93ac2..80c2bf8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -17,6 +17,8 @@ x2gobroker (0.0.0.2-0~x2go1) UNRELEASED; urgency=low runs as non-privileged user, the authentication service as root). - Add tool: x2gobroker-keygen. Generate pub/priv SSH keypair for the system user x2gobroker. + - To make SSH pubkey deployment easier, serve the broker's public SSH key(s) + under this URL http(s)://<broker_hostname>:<port>/pubkeys/. * /debian/control: + Add bin:package x2gobroker-agent. * /debian/x2gobroker-daemon.init: diff --git a/sbin/x2gobroker b/sbin/x2gobroker index 566b57c..3b847bd 100755 --- a/sbin/x2gobroker +++ b/sbin/x2gobroker @@ -57,10 +57,10 @@ if x2gobroker.defaults.X2GOBROKER_DEBUG and not x2gobroker.defaults.X2GOBROKER_T # check effective UID the broker runs as and complain appropriately... if x2gobroker.defaults.X2GOBROKER_USER != x2gobroker.defaults.X2GOBROKER_DAEMON_USER and os.geteuid() != 0: - logger_broker.warn('X2Go Session Broker has been started interactively by user {username}, better run as user {daemon_username}.'.format(username=X2GOBROKER_USER, daemon_username=X2GOBROKER_DAEMON_USER)) + logger_broker.warn('X2Go Session Broker has been started interactively by user {username}, better run as user {daemon_username}.'.format(username=x2gobroker.defaults.X2GOBROKER_USER, daemon_username=x2gobroker.defaults.X2GOBROKER_DAEMON_USER)) logger_broker.info('Automatically switching to DEBUG mode due to interactive launch of this application.') elif x2gobroker.defaults.X2GOBROKER_DAEMON_USER != 'root' and os.geteuid() == 0: - logger_broker.warn('X2Go Session Broker should not be run as root, better run as user {daemon_username}.'.format(daemon_username=X2GOBROKER_DAEMON_USER)) + logger_broker.warn('X2Go Session Broker should not be run as root, better run as user {daemon_username}.'.format(daemon_username=x2gobroker.defaults.X2GOBROKER_DAEMON_USER)) elif os.geteuid() == 0: logger_broker.warn('X2Go Session Broker should not be run as root, better run as non-privileged user') @@ -100,9 +100,10 @@ if __name__ == "__main__": # import classes serving the different web.py URLs -from x2gobroker.web.plain import * -#from x2gobroker.web.json import * -#from x2gobroker.web.html import * +import x2gobroker.web.plain +#import x2gobroker.web.json +#import x2gobroker.web.html +import x2gobroker.web.extras # switch on https:// mode if x2gobroker.defaults.X2GOBROKER_SSL_CERTFILE and x2gobroker.defaults.X2GOBROKER_SSL_KEYFILE: @@ -110,9 +111,10 @@ if x2gobroker.defaults.X2GOBROKER_SSL_CERTFILE and x2gobroker.defaults.X2GOBROKE CherryPyWSGIServer.ssl_private_key = x2gobroker.defaults.X2GOBROKER_SSL_KEYFILE # define the web.py URLs -urls = ( '/plain/(.*)', 'X2GoBrokerWebPlain', -# '/json/(.*)', 'X2GoBrokerWebJson', -# '/html/(.*)', 'X2GoBrokerWebHtml', +urls = ( '/plain/(.*)', 'x2gobroker.web.plainX2Go.BrokerWeb', +# '/json/(.*)', 'x2gobroker.web.json.X2GoBrokerWeb', +# '/html/(.*)', 'x2gobroker.web.html.X2GoBrokerWeb', + '/pubkeys/', 'x2gobroker.web.extras.X2GoBrokerPubKeyService', ) # run the web.py standalone daemon... diff --git a/sbin/x2gobroker-keygen b/sbin/x2gobroker-keygen index ab98a07..2d3c037 100755 --- a/sbin/x2gobroker-keygen +++ b/sbin/x2gobroker-keygen @@ -116,7 +116,7 @@ if __name__ == '__main__': key = paramiko.DSSKey.generate(1024) id_file = 'id_dsa' - logger_broker.info(' The {key_type} key has been generated, fingerprint is {fingerprint}'.format(key_type=cmdline_args.key_type.upper(), fingerprint=binascii.hexlify(key.get_fingerprint()))) + logger_broker.info(' The {key_type} key has been generated, fingerprint: {fingerprint}'.format(key_type=cmdline_args.key_type.upper(), fingerprint=binascii.hexlify(key.get_fingerprint()))) if os.path.exists('{home}/.ssh/{id_file}'.format(home=broker_home, id_file=id_file)) and not cmdline_args.force: logger_broker.error(' Private key {home}/.ssh/{id_file} exists. Use --force to overwrite the file and regenerate a new key pair. Exiting...'.format(home=broker_home, id_file=id_file)) diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py index 0a99af4..6c377c4 100644 --- a/x2gobroker/defaults.py +++ b/x2gobroker/defaults.py @@ -23,6 +23,7 @@ import os import uuid import getpass +import socket import logging from loggers import logger_broker, logger_access, logger_error, X2GOBROKER_DAEMON_USER @@ -89,11 +90,16 @@ if os.environ.has_key('X2GOBROKER_SSL_KEYFILE'): else: X2GOBROKER_SSL_KEYFILE = "" - ### ### static / hard-coded defaults ### +if socket.gethostname().find('.') >= 0: + X2GOBROKER_HOSTNAME = socket.gethostname() +else: + X2GOBROKER_HOSTNAME = socket.gethostbyaddr(socket.gethostname())[0] + + X2GOBROKER_SESSIONPROFILES = "/etc/x2go/broker/x2gobroker-sessionprofiles.conf" # the home directory of the user that the daemon/cgi runs as diff --git a/x2gobroker/web/extras.py b/x2gobroker/web/extras.py new file mode 100644 index 0000000..728aaec --- /dev/null +++ b/x2gobroker/web/extras.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python + +# This file is part of the X2Go Project - http://www.x2go.org +# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> +# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> +# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# +# X2Go Session Broker is free software; you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# X2Go Session Broker is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program; if not, write to the +# Free Software Foundation, Inc., +# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +# modules +import os.path +import paramiko +import x2gobroker.defaults + +class X2GoBrokerPubKeyService: + + http_header_items = { + 'Content-Type': 'text/plain; charset=utf-8', + 'Expires': '+1h', + } + + def _gen_http_header(self): + + for http_header_item in self.http_header_items.keys(): + web.header(http_header_item, self.http_header_items[http_header_item]) + + def GET(self): + + output = "" + + broker_home = x2gobroker.defaults.X2GOBROKER_HOME + + if os.path.exists('{home}/.ssh/id_rsa.pub'.format(home=broker_home)): + pubkey = paramiko.RSAKey(filename='{home}/.ssh/id_rsa'.format(home=broker_home)) + output += 'ssh-rsa {pubkey} {user}@{hostname}\n'.format(pubkey=str(pubkey.get_base64()), user=x2gobroker.defaults.X2GOBROKER_DAEMON_USER, hostname=x2gobroker.defaults.X2GOBROKER_HOSTNAME) + + if os.path.exists('{home}/.ssh/id_dsa.pub'.format(home=broker_home)): + pubkey = paramiko.DSSKey(filename='{home}/.ssh/id_dsa'.format(home=broker_home)) + output += 'ssh-dss {pubkey} {user}@{hostname}\n'.format(pubkey=str(pubkey.get_base64()), user=x2gobroker.defaults.X2GOBROKER_DAEMON_USER, hostname=x2gobroker.defaults.X2GOBROKER_HOSTNAME) + + if not output: + return web.notfound() + + return output diff --git a/x2gobroker/web/html.py b/x2gobroker/web/html.py index a85a1ff..1a0b1db 100644 --- a/x2gobroker/web/html.py +++ b/x2gobroker/web/html.py @@ -26,7 +26,7 @@ import web # Python X2Go Broker modules from x2gobroker.defaults import X2GOBROKER_DEFAULT_BACKEND as _X2GOBROKER_DEFAULT_BACKEND -class X2GoBrokerWebHtml: +class X2GoBrokerWeb: http_header_items = { 'Content-Type': 'text/html; charset=utf-8', diff --git a/x2gobroker/web/json.py b/x2gobroker/web/json.py index 04743b5..ef35a0f 100644 --- a/x2gobroker/web/json.py +++ b/x2gobroker/web/json.py @@ -22,7 +22,7 @@ # modules -class X2GoBrokerWebJson: +class X2GoBrokerWeb: # MUSIC OF THE FUTURE pass \ No newline at end of file diff --git a/x2gobroker/web/plain.py b/x2gobroker/web/plain.py index 2e88de9..07c36b2 100644 --- a/x2gobroker/web/plain.py +++ b/x2gobroker/web/plain.py @@ -29,7 +29,7 @@ import x2gobroker.defaults from x2gobroker.loggers import logger_broker, logger_error -class X2GoBrokerWebPlain: +class X2GoBrokerWeb: http_header_items = { 'Content-Type': 'text/plain; charset=utf-8', hooks/post-receive -- x2gobroker.git (HTTP(S) Session broker for X2Go) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).