x2gobroker.git - master (branch) updated: 0.0.0.1-61-g8e5f855 - x2go-commits

21 Feb 2013

The branch, master has been updated
       via  8e5f855b236a1483ac6414d1a3782efcf124f2e0 (commit)
      from  9217c85255f9737bfe37a61b4a8457764e190b37 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8e5f855b236a1483ac6414d1a3782efcf124f2e0
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Thu Feb 21 18:10:25 2013 +0100

    improve the PubKey Authorizer, make it more robust and avoid ever-growing authorized_keys files

-----------------------------------------------------------------------

Summary of changes:
 sbin/x2gobroker-pubkeyauthorizer |  127 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 127 insertions(+)
 create mode 100755 sbin/x2gobroker-pubkeyauthorizer

The diff of changes is:

diff --git a/sbin/x2gobroker-pubkeyauthorizer b/sbin/x2gobroker-pubkeyauthorizer
new file mode 100755
index 0000000..0365b96
--- /dev/null
+++ b/sbin/x2gobroker-pubkeyauthorizer
@@ -0,0 +1,127 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# This file is part of the  X2Go Project - http://www.x2go.org
+# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de>
+# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de>
+# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+#
+# X2Go Session Broker is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# X2Go Session Broker is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program; if not, write to the
+# Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
+import os
+import sys
+import setproctitle
+import argparse
+import logging
+import binascii
+import paramiko
+import urllib
+
+from pwd import getpwnam
+from grp import getgrnam
+
+try:
+    import x2gobroker.defaults
+except ImportError:
+    sys.path.insert(0, os.path.join(os.getcwd(), '..'))
+    import x2gobroker.defaults
+
+PROG_NAME = os.path.basename(sys.argv[0])
+PROG_OPTIONS = sys.argv[1:]
+setproctitle.setproctitle("%s %s" % (PROG_NAME, " ".join(PROG_OPTIONS)))
+
+from x2gobroker import __VERSION__
+from x2gobroker import __AUTHOR__
+from x2gobroker.loggers import logger_broker, logger_error
+
+if os.geteuid() == 0:
+    # propagate msgs for  the broker logger to the root logger (i.e. to stderr)
+    logger_broker.propagate = 1
+    logger_error.propagate = 1
+
+# raise log level to DEBUG if requested...
+if x2gobroker.defaults.X2GOBROKER_DEBUG and not x2gobroker.defaults.X2GOBROKER_TESTSUITE:
+    logger_broker.setLevel(logging.DEBUG)
+
+logger_broker.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__))
+logger_broker.info('Setting up the »PubKey Authorizer«\'s environment...')
+logger_broker.info('  X2GOBROKER_DEBUG: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DEBUG))
+logger_broker.info('  X2GOBROKER_DAEMON_USER: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DAEMON_USER))
+logger_broker.info('  X2GOBROKER_DAEMON_GROUP: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP))
+
+# check effective UID the broker runs as and complain appropriately...
+if os.geteuid() != 0:
+    logger_error.error('X2Go Session Broker\'s »PubKey Authorizer« has to run with root privileges. Exiting...')
+    sys.exit(-1)
+
+if __name__ == '__main__':
+
+    common_options = [
+        {'args':['-t','--broker-url'], 'default': None, 'help': 'The URL of the X2Go Session Broker that we want to retrieve public keys from. The common pattern for this URL is http(s)://<broker_hostname>:<port>/pubkeys/.', },
+    ]
+    p = argparse.ArgumentParser(description='X2Go Session Broker (PubKey Installer)',\
+                                formatter_class=argparse.RawDescriptionHelpFormatter, \
+                                add_help=True, argument_default=None)
+    p_common = p.add_argument_group('common parameters')
+
+    for (p_group, opts) in ( (p_common, common_options), ):
+        for opt in opts:
+            args = opt['args']
+            del opt['args']
+            p_group.add_argument(*args, **opt)
+
+    print
+    cmdline_args = p.parse_args()
+
+    if cmdline_args.broker_url is None:
+        logger_error.error('Cannot proceed without having an URL specified. Use --broker-url as cmdline parameter. Exiting...')
+        sys.exit(-2)
+
+    logger_broker.info('Authorizing access to this X2Go server for X2Go Session Broker at URL {url}'.format(url=cmdline_args.broker_url))
+
+    # FIXME: this probably needs some sanity checks(?)
+    tmpfile_name, httpmsg = urllib.urlretrieve(cmdline_args.broker_url)
+
+    tmpfile = open(tmpfile_name, 'rb')
+    new_pubkeys = [ k for k in tmpfile.read().split('\n') if k ]
+    logger_broker.info('  Found {i} public keys at URL {url}'.format(i=len(new_pubkeys), url=cmdline_args.broker_url))
+    tmpfile.close()
+
+    try:
+        read_authorized_keys = open('{home}/.ssh/authorized_keys'.format(home=x2gobroker.defaults.X2GOBROKER_HOME), 'rb')
+        already_authorized_keys = read_authorized_keys.read().split('\n')
+        read_authorized_keys.close()
+    except IOError:
+        already_authorized_keys = []
+
+    append_authorized_keys = open('{home}/.ssh/authorized_keys'.format(home=x2gobroker.defaults.X2GOBROKER_HOME), 'ab')
+
+    i = 0
+    for new_pubkey in new_pubkeys:
+        i += 1
+        if new_pubkey not in already_authorized_keys:
+            append_authorized_keys.write('{k}\n'.format(k=new_pubkey))
+            logger_broker.info('  Adding new public key (counter={i}) to {authorized_keys}.'.format(i=i, authorized_keys='{home}/.ssh/authorized_keys'.format(home=x2gobroker.defaults.X2GOBROKER_HOME)))
+        else:
+            logger_broker.warning('  Skipping new public key (counter={i}), already in {authorized_keys}.'.format(i=i, authorized_keys='{home}/.ssh/authorized_keys'.format(home=x2gobroker.defaults.X2GOBROKER_HOME)))
+
+    append_authorized_keys.close()
+
+    # set proper file permissions
+    os.chown('{home}/.ssh/authorized_keys'.format(home=x2gobroker.defaults.X2GOBROKER_HOME), getpwnam(x2gobroker.defaults.X2GOBROKER_DAEMON_USER).pw_uid, getgrnam(x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP).gr_gid)
+    os.chmod('{home}/.ssh/authorized_keys'.format(home=x2gobroker.defaults.X2GOBROKER_HOME), 0644)
+
+    logger_broker.info('Completed successfully: X2Go Session Broker\'s PubKey Authorizer.'.format(url=cmdline_args.broker_url))


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).

    