This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch master in repository x2gobroker. from 108e4b8 fix systemd service files once more new 94d7d74 defaults.conf: Mention X2GOBROKER_DEBUG not only in the global section, but also in the [daemon] and [authservice] section. new 0367822 x2gobroker-testauth: Don't use hard-coded default backend. Obtain X2GOBROKER_DEFAULT_BACKEND from x2gobroker.defaults instead. new e97b4cf x2gobroker-testauth: Improve help text of --backend option. Display the current backend default. new 42e39f5 fix changelog new 0a05cc1 x2gobroker-authservice: Restructure logging. Enable log messages for authentication requests. The 5 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: bin/x2gobroker-testauth | 2 +- debian/changelog | 8 ++++ etc/broker/defaults.conf | 14 +++++- sbin/x2gobroker-authservice | 104 ++++++++++++++++++++++--------------------- 4 files changed, 76 insertions(+), 52 deletions(-) -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit 94d7d74788e671fb36891024c9238e5b60eae56d Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Thu Oct 30 05:26:28 2014 +0100 defaults.conf: Mention X2GOBROKER_DEBUG not only in the global section, but also in the [daemon] and [authservice] section. --- debian/changelog | 2 ++ etc/broker/defaults.conf | 14 +++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index dd07727..22e0cfd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -189,6 +189,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low breaks, so that we now have lines that are close to 80 chars long. + Make x2gobroker-daemon a symlink and recognize HTTP mode by the executable's name. + + defaults.conf: Mention X2GOBROKER_DEBUG not only in the global section, + but also in the [daemon] and [authservice] section. * debian/x2gobroker-agent.dirs: + Provide empty log file directory. * x2gobroker-wsgi postinst/postrm: diff --git a/etc/broker/defaults.conf b/etc/broker/defaults.conf index b026c7b..01ca667 100644 --- a/etc/broker/defaults.conf +++ b/etc/broker/defaults.conf @@ -41,6 +41,11 @@ # Bind standalone daemon to this address:port #DAEMON_BIND_ADDRESS=127.0.0.1:8080 +# Produce verbose log output in the daemon's log files only. +# Enabling debug mode here does not affect other parts of the +# X2Go Session Broker. +#X2GOBROKER_DEBUG=0 + ########################################################## ### ### ### Enable SSL Support ### @@ -59,4 +64,11 @@ [authservice] # X2Go Session Broker (PAM Authentication Service) configuration for Debian # -# currently nothing to configure for the authentication service... \ No newline at end of file +# currently nothing to configure for the authentication service... + +# Control debug mode (0=disable, 1=enable). +# +# Produce verbose log output in the authservice's log file only. +# Enabling debug mode here does not affect other parts of the +# X2Go Session Broker. +#X2GOBROKER_DEBUG=0 -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit 0367822deea6015116f00c136888046ff7c0f9cd Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Thu Oct 30 05:34:22 2014 +0100 x2gobroker-testauth: Don't use hard-coded default backend. Obtain X2GOBROKER_DEFAULT_BACKEND from x2gobroker.defaults instead. --- bin/x2gobroker-testauth | 2 +- debian/changelog | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/x2gobroker-testauth b/bin/x2gobroker-testauth index fd844d9..7e264f1 100755 --- a/bin/x2gobroker-testauth +++ b/bin/x2gobroker-testauth @@ -51,7 +51,7 @@ if __name__ == "__main__": ] misc_options = [ {'args':['-C','--config-file'], 'default': None, 'metavar': 'CONFIG_FILE', 'help': 'Specify a special configuration file name, default is: {default}'.format(default=x2gobroker.defaults.X2GOBROKER_CONFIG), }, - {'args':['-b','--backend'], 'default': 'zeroconf', 'metavar': 'BACKEND', 'help': 'Use this specific backend for testing authentication, see x2gobroker.conf for a list of configured and enabled backends', }, + {'args':['-b','--backend'], 'default': x2gobroker.defaults.X2GOBROKER_DEFAULT_BACKEND, 'metavar': 'BACKEND', 'help': 'Use this specific backend for testing authentication, see x2gobroker.conf for a list of configured and enabled backends', }, {'args':['-d','--debug'], 'default': False, 'action': 'store_true', 'help': 'enable debugging code', }, ] p = argparse.ArgumentParser(description='X2Go Session Broker (Authentication Test Utility)',\ diff --git a/debian/changelog b/debian/changelog index 22e0cfd..4768c6f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -179,6 +179,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low loggers. - Provide a special PAM configuration file for SUSE systems (identical to the PAM configuration file for Debian). + - x2gobroker-testauth: Don't use hard-coded default backend. Obtain + X2GOBROKER_DEFAULT_BACKEND from x2gobroker.defaults instead. * debian/control: + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit e97b4cf8c87e722958cdc389fddcb1d49112bed6 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Thu Oct 30 05:38:43 2014 +0100 x2gobroker-testauth: Improve help text of --backend option. Display the current backend default. --- bin/x2gobroker-testauth | 2 +- debian/changelog | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/x2gobroker-testauth b/bin/x2gobroker-testauth index 7e264f1..ca15f6f 100755 --- a/bin/x2gobroker-testauth +++ b/bin/x2gobroker-testauth @@ -51,7 +51,7 @@ if __name__ == "__main__": ] misc_options = [ {'args':['-C','--config-file'], 'default': None, 'metavar': 'CONFIG_FILE', 'help': 'Specify a special configuration file name, default is: {default}'.format(default=x2gobroker.defaults.X2GOBROKER_CONFIG), }, - {'args':['-b','--backend'], 'default': x2gobroker.defaults.X2GOBROKER_DEFAULT_BACKEND, 'metavar': 'BACKEND', 'help': 'Use this specific backend for testing authentication, see x2gobroker.conf for a list of configured and enabled backends', }, + {'args':['-b','--backend'], 'default': x2gobroker.defaults.X2GOBROKER_DEFAULT_BACKEND, 'metavar': 'BACKEND', 'help': 'Use this specific backend for testing authentication, see x2gobroker.conf for a list of configured and enabled backends, default is: {default_backend}'.format(default_backend=x2gobroker.defaults.X2GOBROKER_DEFAULT_BACKEND), }, {'args':['-d','--debug'], 'default': False, 'action': 'store_true', 'help': 'enable debugging code', }, ] p = argparse.ArgumentParser(description='X2Go Session Broker (Authentication Test Utility)',\ diff --git a/debian/changelog b/debian/changelog index 4768c6f..63578a7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -181,6 +181,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low (identical to the PAM configuration file for Debian). - x2gobroker-testauth: Don't use hard-coded default backend. Obtain X2GOBROKER_DEFAULT_BACKEND from x2gobroker.defaults instead. + - x2gobroker-testauth: Improve help text of --backend option. Display + the current backend default. * debian/control: + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit 42e39f510b22b0538604564e999f75ae519a739c Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Thu Oct 30 05:38:59 2014 +0100 fix changelog --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 63578a7..b8ecbed 100644 --- a/debian/changelog +++ b/debian/changelog @@ -179,6 +179,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low loggers. - Provide a special PAM configuration file for SUSE systems (identical to the PAM configuration file for Debian). + - defaults.conf: Mention X2GOBROKER_DEBUG not only in the global section, + but also in the [daemon] and [authservice] section. - x2gobroker-testauth: Don't use hard-coded default backend. Obtain X2GOBROKER_DEFAULT_BACKEND from x2gobroker.defaults instead. - x2gobroker-testauth: Improve help text of --backend option. Display @@ -193,8 +195,6 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low breaks, so that we now have lines that are close to 80 chars long. + Make x2gobroker-daemon a symlink and recognize HTTP mode by the executable's name. - + defaults.conf: Mention X2GOBROKER_DEBUG not only in the global section, - but also in the [daemon] and [authservice] section. * debian/x2gobroker-agent.dirs: + Provide empty log file directory. * x2gobroker-wsgi postinst/postrm: -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit 0a05cc11344a56842d59d5e1167461a33848892d Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Thu Oct 30 06:15:47 2014 +0100 x2gobroker-authservice: Restructure logging. Enable log messages for authentication requests. --- debian/changelog | 2 + sbin/x2gobroker-authservice | 104 ++++++++++++++++++++++--------------------- 2 files changed, 56 insertions(+), 50 deletions(-) diff --git a/debian/changelog b/debian/changelog index b8ecbed..1eeadd9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -185,6 +185,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low X2GOBROKER_DEFAULT_BACKEND from x2gobroker.defaults instead. - x2gobroker-testauth: Improve help text of --backend option. Display the current backend default. + - x2gobroker-authservice: Restructure logging. Enable log messages + for authentication requests. * debian/control: + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. diff --git a/sbin/x2gobroker-authservice b/sbin/x2gobroker-authservice index 52b2367..8e21cab 100755 --- a/sbin/x2gobroker-authservice +++ b/sbin/x2gobroker-authservice @@ -59,7 +59,8 @@ from x2gobroker import __AUTHOR__ class AuthClient(asyncore.dispatcher_with_send): - def __init__(self, sock): + def __init__(self, sock, logger=None): + self.logger = logger asyncore.dispatcher_with_send.__init__(self, sock) self._buf = '' @@ -75,11 +76,14 @@ class AuthClient(asyncore.dispatcher_with_send): user, passwd, service = req.split() except: self.send('bad\n') + self.logger.warning('bad authentication data received') else: if pam.authenticate(user, passwd, service): self.send('ok\n') + self.logger.info('successful authentication for \'{user}\' with password \'<hidden>\' against PAM service \'{service}\''.format(user=user, service=service)) else: self.send('fail\n') + self.logger.info('authentication failure for \'{user}\' with password \'<hidden>\' against PAM service \'{service}\''.format(user=user, service=service)) def handle_close(self): self.close() @@ -87,7 +91,8 @@ class AuthClient(asyncore.dispatcher_with_send): class AuthService(asyncore.dispatcher_with_send): - def __init__(self, socketfile, owner='root', group_owner='root', permissions='0660'): + def __init__(self, socketfile, owner='root', group_owner='root', permissions='0660', logger=None): + self.logger = logger asyncore.dispatcher_with_send.__init__(self) self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM) self.set_reuse_addr() @@ -98,7 +103,7 @@ class AuthService(asyncore.dispatcher_with_send): def handle_accept(self): conn, _ = self.accept() - AuthClient(conn) + AuthClient(conn, logger=self.logger) def loop(): @@ -130,14 +135,6 @@ elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_DEBUG'): X2GOBROKER_DEBUG=iniconfig.get('common', 'X2GOBROKER_DEBUG') else: X2GOBROKER_DEBUG = False -if os.environ.has_key('X2GOBROKER_TESTSUITE'): - X2GOBROKER_TESTSUITE = ( os.environ['X2GOBROKER_TESTSUITE'].lower() in ('1', 'on', 'true', 'yes', ) ) -elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_TESTSUITE'): - X2GOBROKER_TESTSUITE=iniconfig.get(iniconfig_section, 'X2GOBROKER_TESTSUITE') -elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_TESTSUITE'): - X2GOBROKER_TESTSUITE=iniconfig.get('common', 'X2GOBROKER_TESTSUITE') -else: - X2GOBROKER_TESTSUITE = False if os.environ.has_key('X2GOBROKER_DAEMON_USER'): X2GOBROKER_DAEMON_USER=os.environ['X2GOBROKER_DAEMON_USER'] @@ -167,41 +164,6 @@ else: X2GOBROKER_AUTHSERVICE_SOCKET="{run}/x2gobroker/x2gobroker-authservice.socket".format(run=RUNDIR) -# standalone daemon mode (x2gobroker-authservice as daemon) or interactive mode (called from the cmdline)? -if getpass.getuser() in (X2GOBROKER_DAEMON_USER, 'root'): - - # we run in standalone daemon mode, so let's use the system configuration for logging - logging.config.fileConfig(X2GOBROKER_AUTHSERVICE_LOGCONFIG) - - # create authservice logger - logger_authservice = logging.getLogger('authservice') - -else: - logger_root = logging.getLogger() - stderr_handler = logging.StreamHandler(sys.stderr) - stderr_handler.setFormatter(logging.Formatter(fmt='%(asctime)s - %(name)s - %(levelname)s - %(message)s', datefmt='')) - - # all loggers stream to stderr... - logger_root.addHandler(stderr_handler) - - logger_authservice = logging.getLogger('authservice') - logger_authservice.addHandler(stderr_handler) - logger_authservice.propagate = 0 - - -# raise log level to DEBUG if requested... -if X2GOBROKER_DEBUG and not X2GOBROKER_TESTSUITE: - logger_authservice.setLevel(logging.DEBUG) - -logger_authservice.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__)) -logger_authservice.info('Setting up the PAM authentication service\'s environment...') -logger_authservice.info(' X2GOBROKER_DEBUG: {value}'.format(value=X2GOBROKER_DEBUG)) -logger_authservice.info(' X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=X2GOBROKER_AUTHSERVICE_SOCKET)) - -# check effective UID the broker runs as and complain appropriately... -if os.geteuid() != 0: - logger_authservice.warn('X2Go Session Broker\'s PAM authentication service should run with root privileges to guarantee proper access to all PAM modules.') - if __name__ == '__main__': common_options = [ @@ -209,7 +171,9 @@ if __name__ == '__main__': {'args':['-o','--owner'], 'default': 'root', 'help': 'owner of the AuthService socket file', }, {'args':['-g','--group'], 'default': 'root', 'help': 'group ownership of the AuthService socket file', }, {'args':['-p','--permissions'], 'default': '0660', 'help': 'set these file permissions for the AuthService socket file', }, - + {'args':['-d','--debug'], 'default': False, 'action': 'store_true', 'help': 'enable debugging code', }, + {'args':['-i','--debug-interactively'], 'default': False, 'action': 'store_true', 'help': 'force output of log message to the stderr (rather than to the log files)', }, + ] if CAN_DAEMONIZE: common_options.extend([ @@ -230,6 +194,43 @@ if __name__ == '__main__': cmdline_args = p.parse_args() + # standalone daemon mode (x2gobroker-authservice as daemon) or interactive mode (called from the cmdline)? + if getpass.getuser() in (X2GOBROKER_DAEMON_USER, 'root') and not cmdline_args.debug_interactively: + + # we run in standalone daemon mode, so let's use the system configuration for logging + logging.config.fileConfig(X2GOBROKER_AUTHSERVICE_LOGCONFIG) + + # create authservice logger + logger_authservice = logging.getLogger('authservice') + + else: + logger_root = logging.getLogger() + stderr_handler = logging.StreamHandler(sys.stderr) + stderr_handler.setFormatter(logging.Formatter(fmt='%(asctime)s - %(name)s - %(levelname)s - %(message)s', datefmt='')) + + # all loggers stream to stderr... + logger_root.addHandler(stderr_handler) + + logger_authservice = logging.getLogger('authservice') + logger_authservice.addHandler(stderr_handler) + logger_authservice.propagate = 0 + + if cmdline_args.debug_interactively: + cmdline_args.debug = True + + # raise log level to DEBUG if requested... + if cmdline_args.debug or X2GOBROKER_DEBUG: + logger_authservice.setLevel(logging.DEBUG) + + logger_authservice.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__)) + logger_authservice.info('Setting up the PAM authentication service\'s environment...') + logger_authservice.info(' X2GOBROKER_DEBUG: {value}'.format(value=X2GOBROKER_DEBUG)) + logger_authservice.info(' X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=X2GOBROKER_AUTHSERVICE_SOCKET)) + + # check effective UID the broker runs as and complain appropriately... + if os.geteuid() != 0: + logger_authservice.warn('X2Go Session Broker\'s PAM authentication service should run with root privileges to guarantee proper access to all PAM modules.') + if CAN_DAEMONIZE and cmdline_args.daemonize: # create directory for the PID file @@ -271,10 +272,13 @@ if __name__ == '__main__': if not os.path.exists(os.path.dirname(socket_file)): os.makedirs(os.path.dirname(socket_file)) - os.chown(os.path.dirname(socket_file), getpwnam(cmdline_args.owner).pw_uid, getpwnam(cmdline_args.group).pw_gid) - os.chmod(os.path.dirname(socket_file), int(cmdline_args.permissions, 8)) + try: + os.chown(os.path.dirname(socket_file), getpwnam(cmdline_args.owner).pw_uid, getpwnam(cmdline_args.group).pw_gid) + os.chmod(os.path.dirname(socket_file), int(cmdline_args.permissions, 8)) + except OSError: + pass - AuthService(socket_file, owner=cmdline_args.owner, group_owner=cmdline_args.group, permissions=cmdline_args.permissions) + AuthService(socket_file, owner=cmdline_args.owner, group_owner=cmdline_args.group, permissions=cmdline_args.permissions, logger=logger_authservice) atexit.register(cleanup_on_exit) try: if CAN_DAEMONIZE and cmdline_args.daemonize: -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
-
git-admin@x2go.org