x2gobroker.git - master (branch) updated: 0.0.2.3-61-gde2cd9e - x2go-commits

4 Nov 2013

The branch, master has been updated
       via  de2cd9ede46b1e74f92d2907729a6fc9cc62a77e (commit)
      from  b421552475f78cfc2a954ac8368d05eb112fe3aa (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit de2cd9ede46b1e74f92d2907729a6fc9cc62a77e
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Mon Nov 4 11:14:02 2013 +0100

    Add password prompt to x2gobroker-testauth. Password prompt is used if the --password option is not used.

-----------------------------------------------------------------------

Summary of changes:
 bin/x2gobroker-testauth              |   15 +++++++++------
 debian/changelog                     |    2 ++
 x2gobroker/authmechs/pam_authmech.py |    2 ++
 3 files changed, 13 insertions(+), 6 deletions(-)

The diff of changes is:

diff --git a/bin/x2gobroker-testauth b/bin/x2gobroker-testauth
index bc97751..2c3893a 100755
--- a/bin/x2gobroker-testauth
+++ b/bin/x2gobroker-testauth
@@ -25,6 +25,7 @@ import sys
 import setproctitle
 import argparse
 import logging
+import getpass
 
 # perform an authentication against the authentication mechanism configured for WSGI
 try:
@@ -48,7 +49,7 @@ if __name__ == "__main__":
 
     auth_options = [
         {'args':['-u','--username', '--user'], 'default': None, 'metavar': 'USERNAME', 'help': 'Test authentication for the account with this username', },
-        {'args':['-p', '--password'], 'default': None, 'metavar': 'PASSWORD', 'help': 'Test authentication using this password', },
+        {'args':['-p', '--password'], 'default': None, 'metavar': 'PASSWORD', 'help': 'Test authentication using this password (not recommend!!! please prefer using the provided password prompt instead)', },
     ]
     misc_options = [
         {'args':['-C','--config-file'], 'default': None, 'metavar': 'CONFIG_FILE', 'help': 'Specify a special configuration file name, default is: {default}'.format(default=x2gobroker.defaults.X2GOBROKER_CONFIG), },
@@ -56,7 +57,6 @@ if __name__ == "__main__":
         {'args':['-d','--debug'], 'default': False, 'action': 'store_true', 'help': 'enable debugging code', },
     ]
     p = argparse.ArgumentParser(description='X2Go Session Broker (Authentication Test Utility)',\
-                                epilog="WARNING: Using this utility from the command line is not recommended!!!\nYour credentials will get revealed in your shells history file.",\
                                 formatter_class=argparse.RawDescriptionHelpFormatter, \
                                 add_help=True, argument_default=None)
     p_auth = p.add_argument_group('authentication parameters')
@@ -70,10 +70,10 @@ if __name__ == "__main__":
 
     cmdline_args = p.parse_args()
 
-    if cmdline_args.username is None or cmdline_args.password is None:
+    if cmdline_args.username is None:
         p.print_help()
         print
-        print "*** Cannot continue without username and password... ***"
+        print "*** Cannot continue without username... ***"
         print
         sys.exit(-1)
 
@@ -115,9 +115,12 @@ def check_password(username, password):
 
 if __name__ == "__main__":
 
+    if password is None:
+        password = getpass.getpass()
+
     if check_password(username, password):
-        print "authentication succeeded"
+        print "Authentication succeeded."
         sys.exit(0)
     else:
-        print "authentication failed"
+        print "Authentication failed!"
         sys.exit(-1)
diff --git a/debian/changelog b/debian/changelog
index b17af94..04d5f12 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -50,6 +50,8 @@ x2gobroker (0.0.3.0-0~x2go1) UNRELEASED; urgency=low
       style.
     - WSGI implementation: keep SCRIPT_NAME in environ, as removing it causes
       AssertionErrors whenever we trigger a tornado.web.HTTPError.
+    - Add password prompt to x2gobroker-testauth. Password prompt is used
+      if the --password option is not used.
   * /debian/control:
     + Replace LDAP support with session brokerage support in LONG_DESCRIPTION.
     + Recommend apache2 and libapache2-mod-wsgi for x2gobroker-wsgi.
diff --git a/x2gobroker/authmechs/pam_authmech.py b/x2gobroker/authmechs/pam_authmech.py
index 76c0a71..b10e0f9 100644
--- a/x2gobroker/authmechs/pam_authmech.py
+++ b/x2gobroker/authmechs/pam_authmech.py
@@ -20,6 +20,7 @@
 
 # modules
 from socket import error
+import getpass
 import pam
 
 # X2Go Session Broker modules
@@ -38,6 +39,7 @@ class X2GoBrokerAuthMech(object):
 
             except error:
                 logger_error.error('Authentication against authentication service failed, trying direct PAM authentication (which is likely to fail on most PAM setups).')
+                logger_error.error('Make sure the current user ({user}) is allowed to use the PAM authentication mechanism.'.format(user=getpass.getuser()))
                 # fallback to direct PAM authentication against the PAM service ,,x2gobroker''
                 if pam.authenticate(username, password, service="x2gobroker"):
                     return True


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).

    