The branch, build-main has been updated via bd1f9e0e3e0f14d7d98c537ef3bfeb19b025a9e5 (commit) from 57030875e10c269c360ac2b1c1623b9f427d6714 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: Makefile | 4 +- Makefile.PL | 9 - README.dangerous-piece-of-code | 11 - X2Go/Broker.pm | 60 -- X2Go/Broker/Common.pm | 49 -- X2Go/Broker/LDAP.pm | 633 --------------------- X2Go/Broker/Simple.pm | 633 --------------------- X2Go/Broker/ZeroConf.pm | 184 ------ cgi/x2gobroker.cgi | 97 ---- cgi/x2gobroker.py | 152 +++++ debian/rules | 8 +- debian/x2gobroker-common.install | 1 + debian/x2gobroker.pam | 2 - lib/x2gobroker-agent.pl | 28 +- pam/x2gobroker | 2 + etc/x2gobroker-ldap.cfg => setup.py | 27 +- etc/x2gobroker-ldap.cfg => x2gobroker/__init__.py | 13 +- x2gobroker/__init__.pyc | Bin 0 -> 208 bytes x2gobroker/base.py | 157 +++++ x2gobroker/base.pyc | Bin 0 -> 4707 bytes etc/x2gobroker-ldap.cfg => x2gobroker/ldap.py | 35 +- etc/x2gobroker-ldap.cfg => x2gobroker/simple.py | 35 +- x2gobroker/zeroconf.py | 56 ++ x2gobroker/zeroconf.pyc | Bin 0 -> 1126 bytes 24 files changed, 470 insertions(+), 1726 deletions(-) delete mode 100644 Makefile.PL delete mode 100644 README.dangerous-piece-of-code delete mode 100644 X2Go/Broker.pm delete mode 100644 X2Go/Broker/Common.pm delete mode 100644 X2Go/Broker/LDAP.pm delete mode 100644 X2Go/Broker/Simple.pm delete mode 100644 X2Go/Broker/ZeroConf.pm delete mode 100755 cgi/x2gobroker.cgi create mode 100755 cgi/x2gobroker.py delete mode 100644 debian/x2gobroker.pam create mode 100644 pam/x2gobroker copy etc/x2gobroker-ldap.cfg => setup.py (59%) mode change 100644 => 100755 copy etc/x2gobroker-ldap.cfg => x2gobroker/__init__.py (69%) create mode 100644 x2gobroker/__init__.pyc create mode 100644 x2gobroker/base.py create mode 100644 x2gobroker/base.pyc copy etc/x2gobroker-ldap.cfg => x2gobroker/ldap.py (59%) copy etc/x2gobroker-ldap.cfg => x2gobroker/simple.py (59%) create mode 100644 x2gobroker/zeroconf.py create mode 100644 x2gobroker/zeroconf.pyc The diff of changes is: diff --git a/Makefile b/Makefile index 0cf6a8b..3a68e40 100755 --- a/Makefile +++ b/Makefile @@ -55,8 +55,8 @@ build_setuidwrappers: gcc -fPIE -pie -o lib/x2gobroker-agent src/x2gobroker-agent.c build-indep: - $(PERL) Makefile.PL INSTALLDIRS=vendor - $(MAKE) -f Makefile.perl +# $(PERL) Makefile.PL INSTALLDIRS=vendor +# $(MAKE) -f Makefile.perl distclean: clean diff --git a/Makefile.PL b/Makefile.PL deleted file mode 100644 index 1b63b56..0000000 --- a/Makefile.PL +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/perl - -use ExtUtils::MakeMaker; - -WriteMakefile(FIRST_MAKEFILE => 'Makefile.perl', - PMLIBDIRS => ['X2Go'], - NAME => '', - VERSION => '0.0.0.1', - ); diff --git a/README.dangerous-piece-of-code b/README.dangerous-piece-of-code deleted file mode 100644 index 0909f32..0000000 --- a/README.dangerous-piece-of-code +++ /dev/null @@ -1,11 +0,0 @@ -X2Go subproject: X2Go Session Broker (x2gobroker.git) ------------------------------------------------------ - -Whoever takes a look at this piece of code... - -It is currently a quite dangerous piece of software and not at all usable. - -Please stay away from it. - -light+love, 20120916 -Mike Gabriel diff --git a/X2Go/Broker.pm b/X2Go/Broker.pm deleted file mode 100644 index 62d0da0..0000000 --- a/X2Go/Broker.pm +++ /dev/null @@ -1,60 +0,0 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> -# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> -# -# X2Go Session Broker is free software; you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# X2Go Session Broker is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program; if not, write to the -# Free Software Foundation, Inc., -# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. - -package X2Go::Broker; - -=head1 NAME - -X2Go::Broker - X2GO Session Broker modules for Perl - -=head1 DESCRIPTION - -An X2Go Session Broker allows to manage X2Go server farms TTW (using -https protocol). - -=head1 VERSION - -Version 0.0.0.1 - -=head1 AUTHOR - -Oleksandr Shneyder, C<< <oleksandr.shneyder at obviously-nice.de> >> - -Mike Gabriel, C<< <mike.gabriel at das-netzwerkteam.de> >> - -=head1 LICENSE AND COPYRIGHT - -Copyright 2011-2012, Oleksandr Shneyder, C<< <oleksandr.shneyder at obviously-nice.de> >> - -Copyright 2012, Mike Gabriel, C<< <mike.gabriel at das-netzwerkteam.de> >> - -This program is free software; you can redistribute it and/or modify it -under the terms of the AGPL-3+ license. - -=cut - -use strict; - -### for debugging purposes... -#use Data::Dumper; - -use base 'Exporter'; -our @EXPORT = ( ); - diff --git a/X2Go/Broker/Common.pm b/X2Go/Broker/Common.pm deleted file mode 100644 index f480082..0000000 --- a/X2Go/Broker/Common.pm +++ /dev/null @@ -1,49 +0,0 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> -# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> -# -# X2Go Session Broker is free software; you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# X2Go Session Broker is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program; if not, write to the -# Free Software Foundation, Inc., -# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. - -package X2Go::Broker::Common; - -use strict; - -### for debugging purposes... -#use Data::Dumper; - -use base 'Exporter'; -our @EXPORT = ('ExecBrokerAgent', ); - -### -### public functions -### - -sub ExecBrokerAgent -{ - my ($user, $hostname, $cmd)=@_; - my $res=`ssh -o ConnectTimeout=15 -o UserKnownHostsFile=/etc/x2go/x2gobroker/ts_known_hosts x2gobroker\@$hostname -i /etc/x2go/x2gobroker/id_x2gobroker_dsa \"/usr/lib/x2go/x2gobroker-agent $user $cmd 2>/dev/null\"`; - my @rarr=split("\n",$res); - my $stat; - if( @rarr[0] eq 'OK' ) - { - $stat=1; - } else { - $stat=0; - } - shift(@rarr); - return($stat,join("\n",@rarr)); -} diff --git a/X2Go/Broker/LDAP.pm b/X2Go/Broker/LDAP.pm deleted file mode 100644 index d05d63f..0000000 --- a/X2Go/Broker/LDAP.pm +++ /dev/null @@ -1,633 +0,0 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> -# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> -# -# X2Go Session Broker is free software; you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# X2Go Session Broker is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program; if not, write to the -# Free Software Foundation, Inc., -# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. - -package x2gobroker-ldap; - -use strict; -use Net::LDAP; -use Config::Simple; -use Crypt::SaltedHash; -use MIME::Base64; -use Data::Dumper; - - -my $cfg=new Config::Simple(syntax=>'ini'); -$cfg->read("/etc/x2go/x2gobroker-ldap.cfg"); -my $ldapuri=$cfg->param('ldapuri'); -my $replica=$cfg->param('replica'); -my $binddn=$cfg->param('binddn'); -my $bindpw=$cfg->param('bindpw'); - -use base 'Exporter'; -our @EXPORT = ('checkAccess', 'listSessions', 'selectSession', 'setPass'); - -sub getBase -### -### FIXME: provide that in /etc/x2go/x2gobroker-ldap.cfg -### FIXME: put the pid of this process in the lock files -{ - my $login=shift; - $login=~s/cn=ldapadmin,//; - return $login; -} - -sub initLdap -### -### FIXME: lock files have to be in /run or /var/run... -### -{ - my $masterlocked=0; - my $replicalocked=0; - if ( ( -e "/etc/x2go/x2gobroker/masterldap.lock") && ( -e "/etc/x2go/x2gobroker/replicaldap.lock" ) ) - { - die "Can't connect to LDAP server"; - } - if ( -e "/etc/x2go/x2gobroker/replicaldap.lock" ) - { - $masterlocked=1; - my ($ldap,$error)=initLDAPServer( $ldapuri ); - if( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/masterldap.lock`; - die "Can't connect to LDAP server"; - } - return $ldap; - } - if( -e "/etc/x2go/x2gobroker/masterldap.lock" ) - { - $replicalocked=1; - my ($ldap,$error)=initLDAPServer( $replica ); - if ( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/replicaldap.lock`; - die "Can't connect to LDAP server"; - } - return $ldap; - } - if( ! int(rand(2)) ) - { - my ($ldap,$error)=initLDAPServer( $ldapuri ); - if( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/masterldap.lock`; - return initLdap(); - } - return $ldap; - } else { - my ($ldap,$error)=initLDAPServer( $replica ); - if(!$ldap) - { - `touch /etc/x2go/x2gobroker/replicaldap.lock`; - return initLdap(); - } - return $ldap; - } -} - -sub initMasterLdap -{ - if(-e "/etc/x2go/x2gobroker/masterldap.lock") - { - die "Master LDAP server is down\n"; - } - my ($ldap,$error)=initLDAPServer( $ldapuri ); - if( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/masterldap.lock`; - die $error; - } - return $ldap; -} - -sub initLDAPServer -{ - my $url=shift; - my $ldap=Net::LDAP->new( $url ); - if( ! $ldap ) - { - notify("LDAP server $url is down ($@). Please, repair it and remove lock file in /etc/x2go/x2gobroker\n"); - return (0,"$@"); - } - my $message = $ldap->bind($binddn,password=>$bindpw); - if(!$message) - { - notify("LDAP server $url is down ($@). Please, repair it and remove lock file in /etc/x2go/x2gobroker\n"); - return (0,"$@"); - } - return ($ldap,0); -} - -sub setPass -{ - my ($user, $newpass)=@_; - # check if we have master ldap here - - my $attr; - - my $csh=Crypt::SaltedHash->new(algorithm => 'SHA-1'); - $csh->add($newpass); - $newpass=$csh->generate; - - push(@$attr,'userPassword'=>$newpass); - my $changes; - push(@$changes,'replace'=>$attr); - - my $ldap = initMasterLdap(); - - my $dn="cn=$user,ou=BrokerUsers".getBase($binddn); - my $message=$ldap->modify($dn, changes => $changes); - - if($message->code) - { - die $message->error.": ".$message->error_desc; - } - print "\n<br>CHANGING PASS OK<br>\n"; -} - -sub selectSession -{ - my ($user, $sid)=@_; - my @words=split("\@",$sid); - my $sess_id=@words[1]; - my $host=@words[0]; - checkAndStartSession($user, $host, $sess_id); -} - -sub getExtCon -{ - my $host=shift; - - my $ldap = initLdap(); - - my $dn="cn=$host,ou=Servers,ou=ON".getBase($binddn); - #### - #### FIXME: get scope from config file in /etc/x2go/x2gobroker-*.conf - #### - my $message=$ldap->search(base => $dn, - scope => 'base', - filter => '(objectClass=ipHost)' - ); - - if($message->code) - { - die $message->error.": ".$message->error_desc; - } - foreach ($message->entries) - { - my $asn=$_->{'asn'}; - my $attr=$asn->{'attributes'}; - foreach (@$attr) - { - my $type=$_->{'type'}; - my $value=$_->{'vals'}[0]; - if( $type eq 'description' ) - { - my @words=split(":",$value); - return (@words[0], @words[1]); - } - } - } -} - -sub checkAndStartSession -{ - my ($uid,$host,$sid)=@_; - my ($status,$sessions)=check_ts($host,$uid); - if(!$status) - { - print "ERROR check TS\n"; - return; - } - my $running=0; - if( $sessions ) - { - my @sinfo=split("\\|",$sessions); - my $sess_stat=@sinfo[4]; - my $sess_srv=@sinfo[3]; - $sid=@sinfo[1]; - if( $sess_stat eq 'R' ) - { - $running=1; - my $str; - ($status,$str)=remoteBroker($host,$uid,"suspend $sid"); - $sessions=~s/\|R\|/\|S\|/; - } - if( $sess_stat eq 'S' ) - { - $running=1; - } - } - - my($ip,$port)=getExtCon($host); - print "SERVER:$ip:$port\n"; - if($running) - { - print "SESSION_INFO:".(split("\n",$sessions))[0]."\n"; - } -} - -sub checkRunningSession -{ - my ($sess_srv, $sess_stat, $server_dn, $uid, $sid, $ldap)=@_; - my @dn_el=split(',',$server_dn); - shift(@dn_el); - shift(@dn_el); - my $node_dn="cn=".$sess_srv.",ou=Hosts,".join(',',@dn_el); - #### - #### FIXME: get scope from config file in /etc/x2go/x2gobroker-*.conf - #### - my $mesg=$ldap->search(base => $node_dn, - scope => 'base', - filter => '(objectClass=X2GoServerNode)' - ); - if(!$mesg->code) - { - my @entries=$mesg->entries(); - if(@entries[0]->get_value('serverStatus') eq 'TRUE') - { - my $node_ref={}; - $node_ref->{'ip'}=@entries[0]->get_value('ipHostNumber'); - $node_ref->{'dn'}=$node_dn; - my $status; - my $str; - if( $sess_stat eq 'R' ) - { - print "session running, suspend session $sid\n"; - ($status,$str)=remoteBroker($node_ref->{'ip'},$uid,"suspend $sid",$node_ref->{'dn'}, $ldap); - } else { - print "session not running, ping node\n"; - ($status,$str)=remoteBroker($node_ref->{'ip'},$uid,'ping',$node_ref->{'dn'}, $ldap); - } - if($status) - { - return $node_ref; - } - print "error executing remote broker \n"; - } - print "node is down \n"; - return 0; - } - print "error searching $node_dn: ".$mesg->error."\n"; - return 0; -} - -sub startNewSession -{ - my ($dn, $ldap, $uid)=@_; - #### - #### FIXME: get scope from config file in /etc/x2go/x2gobroker-*.conf - #### - my $mesg=$ldap->search(base => $dn, - scope => 'base', - filter => '(objectClass=X2GoServer)' - ); - - if($mesg->code) - { - return 0; - } - - my @entries=$mesg->entries(); - my $ref = @entries[0]->get_value ( 'serverNode', asref => 1 ); - my $nodes; - foreach(@$ref) - { - my $server=$_; - my @sdn=split(",",$dn); - shift(@sdn); - shift(@sdn); - my $server_dn="cn=$server,ou=Hosts,".join(",",@sdn); - - my $mesg=$ldap->search(base => $server_dn, - scope => 'base', - filter => '(objectClass=X2GoServerNode)' - ); - if( ! $mesg->code ) - { - my @entries=$mesg->entries(); - if(@entries[0]->get_value('serverStatus') eq 'TRUE') - { - my $node_ref={}; - $node_ref->{'ip'}=@entries[0]->get_value('ipHostNumber'); - $node_ref->{'sessions'}=0; - $node_ref->{'dn'}=$server_dn; - $nodes->{$server}=$node_ref; - } - } - } - return findBestServer($nodes,$ldap, $uid); -} - -sub findBestServer -{ - my ($nodes, $ldap, $user)=@_; - my $servers; - my $status; - while( my ($key,$value) = each(%$nodes)) - { - if( ! $status ) - { - my $ip=$value->{'ip'}; - my $dn=$value->{'dn'}; - ($status,$servers)=remoteBroker($ip,$user,'getservers',$dn, $ldap); - if(!$status) - { - delete $nodes->{$key}; - } - } - } - if( ! $status ) - { - return 0; - } - my @srvlines=split("\n",$servers); - foreach(@srvlines) - { - my @words=split(' ',$_); - my $ref=$nodes->{@words[0]}; - if( $ref ) - { - $ref->{'sessions'}=1*@words[1]; - } - } - return checkServers($nodes, $ldap, $user); -} - -sub checkServers -{ - my ($nodes, $ldap, $user)=@_; - my $bestnode=0; - my $bestnodekey; - my $key; - my $value; - while( ($key,$value) = each(%$nodes)) - { - if(! $bestnode) - { - $bestnode=$value; - $bestnodekey=$key; - } else { - if($value->{'sessions'}<$bestnode->{'sessions'}) - { - $bestnode=$value; - $bestnodekey=$key; - } - } - } - if( ! $bestnode ) - { - print "bestnode is null: \n"; - return 0; - } else { - my $ip=$bestnode->{'ip'}; - my $dn=$bestnode->{'dn'}; - my ($status,$fakearr)=remoteBroker($ip,$user,'ping',$dn, $ldap); - if( ! $status ) - { - delete $nodes->{$bestnodekey}; - return checkServers($nodes, $ldap, $user); - } else { - return $bestnode; - } - } -} - - -sub check_ts -{ - my ($host, $user)=@_; - my $server_dn; - my $ldap; - my($status,$sessions)=getSessionRunning($server_dn, $host, $user, $ldap); - if( $status ) - { - return (1,$sessions); - } - return (0,0); -} - -sub getSessionRunning -{ - my ($dn,$ip,$user, $ldap)=@_; - my ($status,$sessions)=remoteBroker($ip,$user,'listsessions', $dn, $ldap); - if( ! $status ) - { - return (0,0); - } else { - return (1,$sessions); - } -} - -sub remoteBroker -{ - my ($ip, $user, $cmd, $dn, $ldap)=@_; - my $res=`ssh -o ConnectTimeout=15 -o UserKnownHostsFile=/etc/x2go/x2gobroker/ts_known_hosts x2gobroker\@$ip -i /etc/x2go/x2gobroker/id_x2gobroker_dsa \"/usr/lib/x2go/broker/x2gobroker-command $user $cmd 2>/dev/null\"`; - my @rarr=split("\n",$res); - my $stat; - if(@rarr[0] eq 'OK') - { - $stat=1; - } else { - $stat=0; - # setNodeDown($dn, $ldap, $cmd, $user); - } - shift(@rarr); - return($stat,join("\n",@rarr)); -} - -sub notify -{ - my $message=shift; - open (F,">>/tmp/x2gobroker.log"); - print F `date`.$message."\n"; - close(F); -} - -sub setNodeDown -{ - my($dn, $ldap, $cmd, $user)=@_; - my $attr; - push(@$attr,'serverStatus' => 'FALSE'); - my $changes; - push (@$changes, 'replace' => $attr); - $ldap->modify($dn,changes => $changes); - notify ("set status of $dn to \"down\", failed command: \"$cmd\", user: \"$user\"\n"); -} - -sub setServerDown -{ - my($dn, $ldap)=@_; - my $attr; - push(@$attr,'serverStatus' => 'FALSE'); - my $changes; - push (@$changes, 'replace' => $attr); - $ldap->modify($dn,changes => $changes); - notify ("set status of $dn to \"down\", all nodes are down\n"); -} - -sub checkAccess -{ - my ($user,$pass)=@_; - - my $ldap = initLdap(); - - my $dn="uid=$user,ou=People".getBase($binddn); - my $mesg=$ldap->search(base => $dn, - scope => 'base', - filter => '(objectClass=posixAccount)' - ); - - if( $mesg->code ) - { - return 0; - } - - my @entries=$mesg->entries(); - my $crypted=@entries[0]->get_value('userPassword'); - $mesg = $ldap->unbind; - if ( Crypt::SaltedHash->validate($crypted, $pass) ) - { - return 1; - } - return 0; -} - -sub listSessions -{ - my $user=shift; - - my $ldap = initLdap(); - - my $dn="ou=Servers,ou=ON".getBase($binddn); - my $message=$ldap->search(base => $dn, - scope => 'sub', - filter => '(objectClass=ipHost)' - ); - - if($message->code) - { - die $message->error.": ".$message->error_desc; - } - # print Dumper($message->entries); - print "START_USER_SESSIONS<br>"; - foreach ($message->entries) - { - my $asn=$_->{'asn'}; - my $attr=$asn->{'attributes'}; - my $host; - my $int_ip; - my $ext_ip; - my $ext_port; - foreach (@$attr) - { - my $type=$_->{'type'}; - my $value=$_->{'vals'}[0]; - if( $type eq 'cn' ) - { - $host=$value; - } - } - my($status,$sessions)=getSessionRunning($dn,$host,$user, $ldap); - if($status) - { - my $sess_srv; - if($sessions) - { - my @sinfo=split("\\|",$sessions); - my $sess_stat=@sinfo[4]; - $sess_srv=@sinfo[3]; - my $sid=@sinfo[1]; - print "<br>[$host\@$sid]<br>"; - print "status=$sess_stat<br>"; - #get ip - #get port - } else { - my $sessions; - ($sess_srv,$ext_ip,$ext_port, $sessions)=getBestNode($dn, $ldap, $user, $host, $message); - print "<br>[$host]<br>"; - } - #print "host=$ext_ip<br>"; - print "user=$user<br>"; - #print "sshport=$ext_port<br>"; - print "name=Stadt Treuchtlingen<br>"; - goto loop_end; - } - } - loop_end: - print "END_USER_SESSIONS<br>"; - $ldap->unbind(); -} - -sub getBestNode -{ - my ($dn, $ldap, $user, $ip, $message)=@_; - my $servers; - my $status; - ($status,$servers)=remoteBroker($ip,$user,'getservers',$dn, $ldap); - my $srvref={}; - my @srvlines=split("\n",$servers); - foreach(@srvlines) - { - my @words=split(' ',$_); - $srvref->{@words[0]}=1*@words[1]; - } - my $bestval=-1; - my $bestsrv; - my $bestext_ip; - my $bestext_port; - foreach ($message->entries) - { - my $asn=$_->{'asn'}; - my $attr=$asn->{'attributes'}; - my $host; - my $ext_ip; - my $ext_port; - foreach (@$attr) - { - my $type=$_->{'type'}; - my $value=$_->{'vals'}[0]; - if( $type eq 'cn' ) - { - $host=$value; - } - if($type eq 'description') - { - my @words=split(":",$value); - $ext_ip=@words[0]; - $ext_port=@words[1]; - } - } - my $sess=$srvref->{$host}; - if( ! $sess ) - { - return($host, $ext_ip, $ext_port,0); - } - if($sess < $bestval || $bestval == -1) - { - $bestval=$sess; - $bestsrv=$host; - $bestext_ip=$ext_ip; - $bestext_port=$ext_port; - } - } - return($bestsrv, $bestext_ip, $bestext_port, $bestval); -} - -1; diff --git a/X2Go/Broker/Simple.pm b/X2Go/Broker/Simple.pm deleted file mode 100644 index 5e56c28..0000000 --- a/X2Go/Broker/Simple.pm +++ /dev/null @@ -1,633 +0,0 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> -# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> -# -# X2Go Session Broker is free software; you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# X2Go Session Broker is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program; if not, write to the -# Free Software Foundation, Inc., -# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. - -package x2gobroker-simple; - -use strict; -use Net::LDAP; -use Config::Simple; -use Crypt::SaltedHash; -use MIME::Base64; -use Data::Dumper; - - -my $cfg=new Config::Simple(syntax=>'ini'); -$cfg->read("/etc/x2go/x2gobroker-simple.cfg"); -my $ldapuri=$cfg->param('ldapuri'); -my $replica=$cfg->param('replica'); -my $binddn=$cfg->param('binddn'); -my $bindpw=$cfg->param('bindpw'); - -use base 'Exporter'; -our @EXPORT = ('checkAccess', 'listSessions', 'selectSession', 'setPass'); - -sub getBase -### -### FIXME: provide that in /etc/x2go/x2gobroker-simple.cfg -### FIXME: put the pid of this process in the lock files -{ - my $login=shift; - $login=~s/cn=ldapadmin,//; - return $login; -} - -sub initLdap -### -### FIXME: lock files have to be in /run or /var/run... -### -{ - my $masterlocked=0; - my $replicalocked=0; - if ( ( -e "/etc/x2go/x2gobroker/masterldap.lock") && ( -e "/etc/x2go/x2gobroker/replicaldap.lock" ) ) - { - die "Can't connect to LDAP server"; - } - if ( -e "/etc/x2go/x2gobroker/replicaldap.lock" ) - { - $masterlocked=1; - my ($ldap,$error)=initLDAPServer( $ldapuri ); - if( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/masterldap.lock`; - die "Can't connect to LDAP server"; - } - return $ldap; - } - if( -e "/etc/x2go/x2gobroker/masterldap.lock" ) - { - $replicalocked=1; - my ($ldap,$error)=initLDAPServer( $replica ); - if ( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/replicaldap.lock`; - die "Can't connect to LDAP server"; - } - return $ldap; - } - if( ! int(rand(2)) ) - { - my ($ldap,$error)=initLDAPServer( $ldapuri ); - if( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/masterldap.lock`; - return initLdap(); - } - return $ldap; - } else { - my ($ldap,$error)=initLDAPServer( $replica ); - if(!$ldap) - { - `touch /etc/x2go/x2gobroker/replicaldap.lock`; - return initLdap(); - } - return $ldap; - } -} - -sub initMasterLdap -{ - if(-e "/etc/x2go/x2gobroker/masterldap.lock") - { - die "Master LDAP server is down\n"; - } - my ($ldap,$error)=initLDAPServer( $ldapuri ); - if( ! $ldap ) - { - `touch /etc/x2go/x2gobroker/masterldap.lock`; - die $error; - } - return $ldap; -} - -sub initLDAPServer -{ - my $url=shift; - my $ldap=Net::LDAP->new( $url ); - if( ! $ldap ) - { - notify("LDAP server $url is down ($@). Please, repair it and remove lock file in /etc/x2go/x2gobroker\n"); - return (0,"$@"); - } - my $message = $ldap->bind($binddn,password=>$bindpw); - if(!$message) - { - notify("LDAP server $url is down ($@). Please, repair it and remove lock file in /etc/x2go/x2gobroker\n"); - return (0,"$@"); - } - return ($ldap,0); -} - -sub setPass -{ - my ($user, $newpass)=@_; - # check if we have master ldap here - - my $attr; - - my $csh=Crypt::SaltedHash->new(algorithm => 'SHA-1'); - $csh->add($newpass); - $newpass=$csh->generate; - - push(@$attr,'userPassword'=>$newpass); - my $changes; - push(@$changes,'replace'=>$attr); - - my $ldap = initMasterLdap(); - - my $dn="cn=$user,ou=BrokerUsers".getBase($binddn); - my $message=$ldap->modify($dn, changes => $changes); - - if($message->code) - { - die $message->error.": ".$message->error_desc; - } - print "\n<br>CHANGING PASS OK<br>\n"; -} - -sub selectSession -{ - my ($user, $sid)=@_; - my @words=split("\@",$sid); - my $sess_id=@words[1]; - my $host=@words[0]; - checkAndStartSession($user, $host, $sess_id); -} - -sub getExtCon -{ - my $host=shift; - - my $ldap = initLdap(); - - my $dn="cn=$host,ou=Servers,ou=ON".getBase($binddn); - #### - #### FIXME: get scope from config file in /etc/x2go/x2gobroker-*.conf - #### - my $message=$ldap->search(base => $dn, - scope => 'base', - filter => '(objectClass=ipHost)' - ); - - if($message->code) - { - die $message->error.": ".$message->error_desc; - } - foreach ($message->entries) - { - my $asn=$_->{'asn'}; - my $attr=$asn->{'attributes'}; - foreach (@$attr) - { - my $type=$_->{'type'}; - my $value=$_->{'vals'}[0]; - if( $type eq 'description' ) - { - my @words=split(":",$value); - return (@words[0], @words[1]); - } - } - } -} - -sub checkAndStartSession -{ - my ($uid,$host,$sid)=@_; - my ($status,$sessions)=check_ts($host,$uid); - if(!$status) - { - print "ERROR check TS\n"; - return; - } - my $running=0; - if( $sessions ) - { - my @sinfo=split("\\|",$sessions); - my $sess_stat=@sinfo[4]; - my $sess_srv=@sinfo[3]; - $sid=@sinfo[1]; - if( $sess_stat eq 'R' ) - { - $running=1; - my $str; - ($status,$str)=remoteBroker($host,$uid,"suspend $sid"); - $sessions=~s/\|R\|/\|S\|/; - } - if( $sess_stat eq 'S' ) - { - $running=1; - } - } - - my($ip,$port)=getExtCon($host); - print "SERVER:$ip:$port\n"; - if($running) - { - print "SESSION_INFO:".(split("\n",$sessions))[0]."\n"; - } -} - -sub checkRunningSession -{ - my ($sess_srv, $sess_stat, $server_dn, $uid, $sid, $ldap)=@_; - my @dn_el=split(',',$server_dn); - shift(@dn_el); - shift(@dn_el); - my $node_dn="cn=".$sess_srv.",ou=Hosts,".join(',',@dn_el); - #### - #### FIXME: get scope from config file in /etc/x2go/x2gobroker-*.conf - #### - my $mesg=$ldap->search(base => $node_dn, - scope => 'base', - filter => '(objectClass=X2GoServerNode)' - ); - if(!$mesg->code) - { - my @entries=$mesg->entries(); - if(@entries[0]->get_value('serverStatus') eq 'TRUE') - { - my $node_ref={}; - $node_ref->{'ip'}=@entries[0]->get_value('ipHostNumber'); - $node_ref->{'dn'}=$node_dn; - my $status; - my $str; - if( $sess_stat eq 'R' ) - { - print "session running, suspend session $sid\n"; - ($status,$str)=remoteBroker($node_ref->{'ip'},$uid,"suspend $sid",$node_ref->{'dn'}, $ldap); - } else { - print "session not running, ping node\n"; - ($status,$str)=remoteBroker($node_ref->{'ip'},$uid,'ping',$node_ref->{'dn'}, $ldap); - } - if($status) - { - return $node_ref; - } - print "error executing remote broker \n"; - } - print "node is down \n"; - return 0; - } - print "error searching $node_dn: ".$mesg->error."\n"; - return 0; -} - -sub startNewSession -{ - my ($dn, $ldap, $uid)=@_; - #### - #### FIXME: get scope from config file in /etc/x2go/x2gobroker-*.conf - #### - my $mesg=$ldap->search(base => $dn, - scope => 'base', - filter => '(objectClass=X2GoServer)' - ); - - if($mesg->code) - { - return 0; - } - - my @entries=$mesg->entries(); - my $ref = @entries[0]->get_value ( 'serverNode', asref => 1 ); - my $nodes; - foreach(@$ref) - { - my $server=$_; - my @sdn=split(",",$dn); - shift(@sdn); - shift(@sdn); - my $server_dn="cn=$server,ou=Hosts,".join(",",@sdn); - - my $mesg=$ldap->search(base => $server_dn, - scope => 'base', - filter => '(objectClass=X2GoServerNode)' - ); - if( ! $mesg->code ) - { - my @entries=$mesg->entries(); - if(@entries[0]->get_value('serverStatus') eq 'TRUE') - { - my $node_ref={}; - $node_ref->{'ip'}=@entries[0]->get_value('ipHostNumber'); - $node_ref->{'sessions'}=0; - $node_ref->{'dn'}=$server_dn; - $nodes->{$server}=$node_ref; - } - } - } - return findBestServer($nodes,$ldap, $uid); -} - -sub findBestServer -{ - my ($nodes, $ldap, $user)=@_; - my $servers; - my $status; - while( my ($key,$value) = each(%$nodes)) - { - if( ! $status ) - { - my $ip=$value->{'ip'}; - my $dn=$value->{'dn'}; - ($status,$servers)=remoteBroker($ip,$user,'getservers',$dn, $ldap); - if(!$status) - { - delete $nodes->{$key}; - } - } - } - if( ! $status ) - { - return 0; - } - my @srvlines=split("\n",$servers); - foreach(@srvlines) - { - my @words=split(' ',$_); - my $ref=$nodes->{@words[0]}; - if( $ref ) - { - $ref->{'sessions'}=1*@words[1]; - } - } - return checkServers($nodes, $ldap, $user); -} - -sub checkServers -{ - my ($nodes, $ldap, $user)=@_; - my $bestnode=0; - my $bestnodekey; - my $key; - my $value; - while( ($key,$value) = each(%$nodes)) - { - if(! $bestnode) - { - $bestnode=$value; - $bestnodekey=$key; - } else { - if($value->{'sessions'}<$bestnode->{'sessions'}) - { - $bestnode=$value; - $bestnodekey=$key; - } - } - } - if( ! $bestnode ) - { - print "bestnode is null: \n"; - return 0; - } else { - my $ip=$bestnode->{'ip'}; - my $dn=$bestnode->{'dn'}; - my ($status,$fakearr)=remoteBroker($ip,$user,'ping',$dn, $ldap); - if( ! $status ) - { - delete $nodes->{$bestnodekey}; - return checkServers($nodes, $ldap, $user); - } else { - return $bestnode; - } - } -} - - -sub check_ts -{ - my ($host, $user)=@_; - my $server_dn; - my $ldap; - my($status,$sessions)=getSessionRunning($server_dn, $host, $user, $ldap); - if( $status ) - { - return (1,$sessions); - } - return (0,0); -} - -sub getSessionRunning -{ - my ($dn,$ip,$user, $ldap)=@_; - my ($status,$sessions)=remoteBroker($ip,$user,'listsessions', $dn, $ldap); - if( ! $status ) - { - return (0,0); - } else { - return (1,$sessions); - } -} - -sub remoteBroker -{ - my ($ip, $user, $cmd, $dn, $ldap)=@_; - my $res=`ssh -o ConnectTimeout=15 -o UserKnownHostsFile=/etc/x2go/x2gobroker/ts_known_hosts x2gobroker\@$ip -i /etc/x2go/x2gobroker/id_x2gobroker_dsa \"/usr/lib/x2go/broker/x2gobroker-command $user $cmd 2>/dev/null\"`; - my @rarr=split("\n",$res); - my $stat; - if(@rarr[0] eq 'OK') - { - $stat=1; - } else { - $stat=0; - # setNodeDown($dn, $ldap, $cmd, $user); - } - shift(@rarr); - return($stat,join("\n",@rarr)); -} - -sub notify -{ - my $message=shift; - open (F,">>/tmp/x2gobroker.log"); - print F `date`.$message."\n"; - close(F); -} - -sub setNodeDown -{ - my($dn, $ldap, $cmd, $user)=@_; - my $attr; - push(@$attr,'serverStatus' => 'FALSE'); - my $changes; - push (@$changes, 'replace' => $attr); - $ldap->modify($dn,changes => $changes); - notify ("set status of $dn to \"down\", failed command: \"$cmd\", user: \"$user\"\n"); -} - -sub setServerDown -{ - my($dn, $ldap)=@_; - my $attr; - push(@$attr,'serverStatus' => 'FALSE'); - my $changes; - push (@$changes, 'replace' => $attr); - $ldap->modify($dn,changes => $changes); - notify ("set status of $dn to \"down\", all nodes are down\n"); -} - -sub checkAccess -{ - my ($user,$pass)=@_; - - my $ldap = initLdap(); - - my $dn="uid=$user,ou=People".getBase($binddn); - my $mesg=$ldap->search(base => $dn, - scope => 'base', - filter => '(objectClass=posixAccount)' - ); - - if( $mesg->code ) - { - return 0; - } - - my @entries=$mesg->entries(); - my $crypted=@entries[0]->get_value('userPassword'); - $mesg = $ldap->unbind; - if ( Crypt::SaltedHash->validate($crypted, $pass) ) - { - return 1; - } - return 0; -} - -sub listSessions -{ - my $user=shift; - - my $ldap = initLdap(); - - my $dn="ou=Servers,ou=ON".getBase($binddn); - my $message=$ldap->search(base => $dn, - scope => 'sub', - filter => '(objectClass=ipHost)' - ); - - if($message->code) - { - die $message->error.": ".$message->error_desc; - } - # print Dumper($message->entries); - print "START_USER_SESSIONS<br>"; - foreach ($message->entries) - { - my $asn=$_->{'asn'}; - my $attr=$asn->{'attributes'}; - my $host; - my $int_ip; - my $ext_ip; - my $ext_port; - foreach (@$attr) - { - my $type=$_->{'type'}; - my $value=$_->{'vals'}[0]; - if( $type eq 'cn' ) - { - $host=$value; - } - } - my($status,$sessions)=getSessionRunning($dn,$host,$user, $ldap); - if($status) - { - my $sess_srv; - if($sessions) - { - my @sinfo=split("\\|",$sessions); - my $sess_stat=@sinfo[4]; - $sess_srv=@sinfo[3]; - my $sid=@sinfo[1]; - print "<br>[$host\@$sid]<br>"; - print "status=$sess_stat<br>"; - #get ip - #get port - } else { - my $sessions; - ($sess_srv,$ext_ip,$ext_port, $sessions)=getBestNode($dn, $ldap, $user, $host, $message); - print "<br>[$host]<br>"; - } - #print "host=$ext_ip<br>"; - print "user=$user<br>"; - #print "sshport=$ext_port<br>"; - print "name=Stadt Treuchtlingen<br>"; - goto loop_end; - } - } - loop_end: - print "END_USER_SESSIONS<br>"; - $ldap->unbind(); -} - -sub getBestNode -{ - my ($dn, $ldap, $user, $ip, $message)=@_; - my $servers; - my $status; - ($status,$servers)=remoteBroker($ip,$user,'getservers',$dn, $ldap); - my $srvref={}; - my @srvlines=split("\n",$servers); - foreach(@srvlines) - { - my @words=split(' ',$_); - $srvref->{@words[0]}=1*@words[1]; - } - my $bestval=-1; - my $bestsrv; - my $bestext_ip; - my $bestext_port; - foreach ($message->entries) - { - my $asn=$_->{'asn'}; - my $attr=$asn->{'attributes'}; - my $host; - my $ext_ip; - my $ext_port; - foreach (@$attr) - { - my $type=$_->{'type'}; - my $value=$_->{'vals'}[0]; - if( $type eq 'cn' ) - { - $host=$value; - } - if($type eq 'description') - { - my @words=split(":",$value); - $ext_ip=@words[0]; - $ext_port=@words[1]; - } - } - my $sess=$srvref->{$host}; - if( ! $sess ) - { - return($host, $ext_ip, $ext_port,0); - } - if($sess < $bestval || $bestval == -1) - { - $bestval=$sess; - $bestsrv=$host; - $bestext_ip=$ext_ip; - $bestext_port=$ext_port; - } - } - return($bestsrv, $bestext_ip, $bestext_port, $bestval); -} - -1; diff --git a/X2Go/Broker/ZeroConf.pm b/X2Go/Broker/ZeroConf.pm deleted file mode 100644 index da4eb98..0000000 --- a/X2Go/Broker/ZeroConf.pm +++ /dev/null @@ -1,184 +0,0 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> -# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> -# -# X2Go Session Broker is free software; you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# X2Go Session Broker is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program; if not, write to the -# Free Software Foundation, Inc., -# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. - -package X2Go::Broker::ZeroConf; - -use strict; -use Sys::Hostname; -use Authen::PAM; -use Authen::Simple::PAM; -use X2Go::Broker::Common; - -### for debugging purposes... -#use Data::Dumper; - -use base 'Exporter'; -our @EXPORT = ('CheckAccess', 'ListSessions', 'SelectSession', 'SetPass', ); - -my $hostname = hostname; - -### -### public functions, available to broker cgi -### - -my $username; -my $password; - -### exported function ### -sub CheckAccess -{ - # zeroconf broker: use PAM to perform authentication against - # the local PAM login module - ($username, $password)=@_; - my $pam = Authen::Simple::PAM->new(service => 'x2gobroker'); - if ( $pam->authenticate( $username, $password ) ) { - # successfull authentication - return 0 - } - return 1; -} - -### exported function ### -sub SetPass -{ - ### - ### the broker API in X2Go Client currently requests a password change - ### without verifying the old password, this needs to be fixed... - ### - - my ($username, $oldpassword, $newpassword)=@_; - - # zeroconf broker: use PAM to initiate a local passwd change - my $service = "x2gobroker"; - my $pamh = new Authen::PAM($service, $username, \&passwd_conv_func) || - die "Error code \$pamh during PAM init!"; - my $state = 0; - my $res = $pamh->pam_chauthtok; - die $pamh->pam_strerror($res) unless $res == PAM_SUCCESS(); - - print "\n<br>CHANGING PASS OK<br>\n"; -} - -### exported function ### -sub SelectSession -{ - my ($user, $session_id)=@_; - my @words=split("\@",$session_id); - ### - ### FIXME: why the heck is the $session_id format <host>@<session>, - ### <session>@<host> would make much more sense!!! (for - ### the human eye...) - ### - my $session_id=@words[1]; - my $host=@words[0]; - check_and_start_session($user, $host, $session_id); -} - -### exported function ### -sub ListSessions -{ - # print Dumper($message->entries); - print "START_USER_SESSIONS<br>"; - my($status,$sessions)=CallBrokerAgent($hostname, $username, 'listsessions'); - if ( $status ) - { - if($sessions) - { - my @sinfo = split("\\|",$sessions); - my $session_status = @sinfo[4]; - my $session_id = @sinfo[1]; - print "<br>[$hostname\@$session_id]<br>"; - print "status=$session_status<br>"; - } else { - print "<br>[$hostname]<br>"; - } - } - print "END_USER_SESSIONS<br>"; -} - -### -### private functions, not available to broker cgi -### - -# helper function for SetPass -sub passwd_conv_func { - my @res; - while ( @_ ) { - my $code = shift; - my $msg = shift; - my $ans = ""; - my $state; - - my $oldpassword; - my $newpassword; - - $ans = $username if ( $code == PAM_PROMPT_ECHO_ON() ); - if ( $code == PAM_PROMPT_ECHO_OFF() ) { - $ans = $oldpassword if ($state == 0); - $ans = $newpassword if ($state == 1); - $ans = $newpassword if ($state == 2); - $state++; - } - push @res, (PAM_SUCCESS(),$ans); - } - push @res, PAM_SUCCESS(); - return @res; -} - -sub check_and_start_session -{ - my ($username, $hostname, $session_id) = @_; - my $running; - my ($status, $sessions)=ExecRemoteBroker($username, $hostname, 'listsessions'); - if ( ! $status ) - { - print "ERROR: X2Go server not available\n"; - return; - } - my $running_sessions = 0; - if ( $sessions ) - { - # suspend all running sessions first... - my @sinfo = split("\\|",$sessions); - my $session_status = @sinfo[4]; - my $session_server = @sinfo[3]; - $session_id=@sinfo[1]; - if( $session_status eq 'R' ) - { - $running = 1; - my $str; - ($status, $str) = ExecRemoteBroker($username, $hostname, "suspend $session_id"); - $sessions =~ s/\|R\|/\|S\|/; - } - if( $session_status eq 'S' ) - { - $running = 1; - } - } - - print "SERVER:$hostname\n"; - if($running) - { - # use first session in session list... - print "SESSION_INFO:".(split("\n",$sessions))[0]."\n"; - } -} - -1; diff --git a/cgi/x2gobroker.cgi b/cgi/x2gobroker.cgi deleted file mode 100755 index 3d44d52..0000000 --- a/cgi/x2gobroker.cgi +++ /dev/null @@ -1,97 +0,0 @@ -#!/usr/bin/perl - -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> -# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> -# -# X2Go Session Broker is free software; you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# X2Go Session Broker is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program; if not, write to the -# Free Software Foundation, Inc., -# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. - -use strict; -use File::Basename qw(basename); - -my $cgi_name = basename($0); -my $broker_backend = $cgi_name; -$broker_backend =~ s/x2gobroker-(.*)\.cgi/\1/; - -SWITCH: { - $broker_backend == "zeroconf" && do { use X2Go::Broker::ZeroConf qw(CheckAccess SetPass SelectSession ListSessions); last SWITCH; }; -# $broker_backend == "simple" && do { use X2Go::Broker::Simple qw(CheckAccess SetPass SelectSession ListSessions); last SWITCH; }; -# $broker_backend == "ldap" && do { use X2Go::Broker::LDAP qw(CheckAccess SetPass SelectSession ListSessions); last SWITCH; }; -} - -use CGI; -use CGI::Carp qw(fatalsToBrowser); - -my $cgi = new CGI; -my @formValues = $cgi->param(); - -print $cgi->header( - -type =>'text/html', - -expires =>'+1h' - ), - $cgi->start_html( - -title =>'X2Go Session Broker', - -author =>'X2Go Developers <x2go-dev@lists.berlios.de>', - -base =>'true', - -meta =>{'keywords' =>'X2Go', 'description'=>'X2Go Session Broker'} - ); - -if($cgi->param('task') eq 'testcon') -{ - for ( my $i=0;$i<2*1024*1024;$i++ ) - { - print int(rand(9)); - } - print $cgi->end_html(); -} - -if ( ! CheckAccess($cgi->param('user'), $cgi->param('password'), $cgi->param('authid')) == 1 ) -{ - print_no_access(); - print $cgi->end_html(); - exit (0); -} - -print $cgi->start_form(), -$cgi->strong('Access granted'); - -if ($cgi->param('task') eq 'listsessions') -{ - ListSessions($cgi->param('user')); -} - -if ($cgi->param('task') eq 'selectsession') -{ - SelectSession($cgi->param('user'), $cgi->param('sid')); -} - -if ($cgi->param('task') eq 'setpass') -{ - SetPass($cgi->param('user'), $cgi->param('newpass')); -} - -$cgi->hr(), -$cgi->end_form(); -print $cgi->end_html(); - -sub print_no_access -{ - print $cgi->start_form(), - $cgi->hr(), - $cgi->strong('Access denied'), - $cgi->end_form(); -} diff --git a/cgi/x2gobroker.py b/cgi/x2gobroker.py new file mode 100755 index 0000000..103a6a5 --- /dev/null +++ b/cgi/x2gobroker.py @@ -0,0 +1,152 @@ +#!/usr/bin/env python + +# This file is part of the X2Go Project - http://www.x2go.org +# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> +# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> +# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# +# X2Go Session Broker is free software; you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# X2Go Session Broker is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program; if not, write to the +# Free Software Foundation, Inc., +# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +import sys +import os +import web + +try: + import x2gobroker +except ImportError: + sys.path.insert(0, os.path.join(os.getcwd(), '..')) + +# FIXME: here we have to add some code that genuinely detects the session broker backend... +broker_backend = "zeroconf" + +# load the requested broker +if broker_backend == "zeroconf": + import x2gobroker.zeroconf as broker +elif broker_backend == "simple": + import x2gobroker.simple as broker +elif broker_backend == "ldap": + import x2gobroker.ldap as broker + + +urls = ( '/', 'x2gobroker' ) + + +class x2gobroker: + + broker_backend = broker.X2GoBroker() + + http_header_items = { + 'Content-Type': 'text/html; charset=utf-8', + 'Expires': '+1h', + } + + page = web.template.Template("""$def with (html_header_items, output) +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html> +<head> +$for meta_tag in html_header_items["meta"]: + <meta $meta_tag="$html_header_items["meta"][meta_tag]"> +<title>$html_header_items['title']</title> +</head> + +<body> +$output +</body> +</html> +""" + ) + html_header_items = { + 'title': 'X2Go Session Broker', + 'meta': { + 'author': 'X2Go Developers <x2go-dev@lists.berlios.de>', + 'charset': 'utf-8', + 'keywords': 'X2Go', + 'description': 'X2Go Session Broker', + }, + } + + def _gen_http_header(self): + + for http_header_item in self.http_header_items.keys(): + web.header(http_header_item, self.http_header_items[http_header_item]) + + def GET(self): + + data = web.input() + output = '' + + self._gen_http_header() + + + # FIXME: the ,,testcon'' task can be object to DoS attacks... + if hasattr(data, 'task') and data.task == 'testcon': + + ### + ### TEST THE CONNECTION + ### + + return self.broker_backend.test_connection() + + if hasattr(data, 'user') and hasattr(data, 'password') and self.broker_backend.check_access(username=data.user, password=data.password): + + ### + ### PERFORM INITIAL AUTHENTICATION + ### + + output += "<strong>Access granted</strong><br />" + output += "AUTHID: {authid}<br />".format(authid=self.broker_backend.get_next_authid(username=data.user)) + return self.page(self.html_header_items, output) + + else: + return self.page(self.html_header_items, "<hr>Access denied") + + if hasattr(data, 'user') and hasattr(data, 'authid'): + + ### + ### X2GO BROKER TASKS + ### + + if self.broker_backend.check_access(username=data.user, authid=data.authid): + + if hasattr(data, 'task'): + task = data.task + + if task == 'listsessions': + + output += self.broker_backend.list_sessions() + + if task == 'selectsession': + + if hasattr(data, 'sid'): + + output += self.broker_backend.select_session(session_name=data.sid) + + if task == 'setpass': + + if hasattr(data, 'oldpass') and hasattr(data, 'newpass'): + + output += self.broker_backend.change_password(new=data.newpass, old=data.oldpass) + + return self.page(self.html_header_items, output) + + else: + return self.page(self.html_header_items, "<hr>Access denied") + + +if __name__ == "__main__": + app = web.application(urls, globals()) + app.internalerror = web.debugerror + app.run() diff --git a/debian/rules b/debian/rules index 8b53e5a..787fc72 100755 --- a/debian/rules +++ b/debian/rules @@ -21,8 +21,8 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all export DEB_CFLAGS_MAINT_APPEND = -Wall include /usr/share/dpkg/buildflags.mk -DEB_PERL_PACKAGES=libx2go-broker-perl -DEB_PERL_CLEAN_TARGET=realclean -include /usr/share/cdbs/1/class/perl-makemaker.mk +#DEB_PERL_PACKAGES=libx2go-broker-perl +#DEB_PERL_CLEAN_TARGET=realclean +#include /usr/share/cdbs/1/class/perl-makemaker.mk include /usr/share/cdbs/1/rules/debhelper.mk - +include /usr/share/cdbs/1/class/python-distutils.mk diff --git a/debian/x2gobroker-common.install b/debian/x2gobroker-common.install index e9793a9..a688ac6 100644 --- a/debian/x2gobroker-common.install +++ b/debian/x2gobroker-common.install @@ -1 +1,2 @@ cgi/x2gobroker.cgi usr/lib/cgi-bin/ +pam/x2gobroker etc/pam.d/ \ No newline at end of file diff --git a/debian/x2gobroker.pam b/debian/x2gobroker.pam deleted file mode 100644 index 1eaad76..0000000 --- a/debian/x2gobroker.pam +++ /dev/null @@ -1,2 +0,0 @@ -@include common-auth -@include common-passwd diff --git a/lib/x2gobroker-agent.pl b/lib/x2gobroker-agent.pl index 0d5b559..6a64bbf 100755 --- a/lib/x2gobroker-agent.pl +++ b/lib/x2gobroker-agent.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -wU +#!/usr/bin/perl -XU # This file is part of the X2Go Project - http://www.x2go.org # Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> @@ -24,7 +24,7 @@ use strict; sub InitX2GoUser { - my ($user, $uid, $gid, $home)=@_; + my ($user, $uidNumber, $gidNumber, $home)=@_; if ( -f "/etc/x2go/x2gosql/sql" ) { @@ -56,11 +56,11 @@ sub CreateKey ### authorized_keys file is starting to get ### scared... (Mike) ### - #my ($uid, $gid, $home)=@_; + #my ($uidNumber, $gidNumber, $home)=@_; #if ( ! -d "$home/.ssh" ) #{ # mkdir ("$home/.ssh", 0700); - # chown ($uid, $gid, "$home/.ssh"); + # chown ($uidNumber, $gidNumber, "$home/.ssh"); #} #if( -e "$home/.ssh/authorized_keys" ) #{ @@ -84,41 +84,41 @@ $ENV{'PATH'} = '/bin:/usr/bin'; my $username=shift or die; my $mode=shift or die; -my ($name, $passwd, $uid, $gid, $quota, $comment, $gcos, $home, $shell, $expire) = getpwnam($username); +my ($uid, $passwd, $uidNumber, $gidNumber, $quota, $comment, $gcos, $home, $shell, $expire) = getpwnam($username); -if($uid < 1000) +if($uidNumber < 1000) { die 'operation on system user'; } if($mode eq 'listsessions') { - InitX2GoUser($name, $uid, $gid, $home); + InitX2GoUser($uid, $uidNumber, $gidNumber, $home); print "OK\n"; - system "/bin/su - ", $name, "-c", "x2golistsessions --all-servers"; + exec ("/bin/su - $uid -c \"x2golistsessions --all-servers\""); } if($mode eq 'getservers') { - InitX2GoUser($name, $uid, $gid, $home); + InitX2GoUser($uid, $uidNumber, $gidNumber, $home); print "OK\n"; - system "/bin/su - ", $name, "-c", "x2gogetservers"; + exec ("/bin/su - $uid -c \"x2gogetservers\""); } if($mode eq 'key') { - InitX2GoUser($name, $uid, $gid, $home); + InitX2GoUser($uid, $uidNumber, $gidNumber, $home); print "OK\n"; - createKey($uid, $gid, $home); + createKey($uidNumber, $gidNumber, $home); } if($mode eq 'suspend') { - InitX2GoUser($name, $uid, $gid, $home); + InitX2GoUser($uid, $uidNumber, $gidNumber, $home); print "OK\n"; my $sid=shift; - system "/bin/su - ", $name, "-c", "x2gosuspend-session $sid"; + exec ("/bin/su - $uid -c \"x2gosuspend-session $sid\""); } if($mode eq 'ping') diff --git a/pam/x2gobroker b/pam/x2gobroker new file mode 100644 index 0000000..b561496 --- /dev/null +++ b/pam/x2gobroker @@ -0,0 +1,2 @@ +@include common-auth +@include common-password diff --git a/etc/x2gobroker-ldap.cfg b/setup.py old mode 100644 new mode 100755 similarity index 59% copy from etc/x2gobroker-ldap.cfg copy to setup.py index fe8e9bd..b791870 --- a/etc/x2gobroker-ldap.cfg +++ b/setup.py @@ -1,7 +1,11 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# -*- coding: utf-8 -*- + # Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# Copyright (C) 2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> +# Copyright (C) 2012 by Heinz-M. Graesing <heint-m.graesing@obviously-nice.de> # # X2Go Session Broker is free software; you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by @@ -18,7 +22,16 @@ # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. -ldapuri=ldap://<ldapmaster.localdomain> -#replica=ldapi:/// -binddn="cn=admin,dc=example,dc=net" -bindpw="<very-secret>" +from setuptools import setup, find_packages +import x2go + +setup( + name = "x2gobroker", + version = x2gobroker.__VERSION__, + description = "X2Go Session Broker", + license = 'AGPLv3+', + author = 'Mike Gabriel', + url = 'http://www.x2go.org', + packages = find_packages('.'), + package_dir = {'': '.'}, +) diff --git a/etc/x2gobroker-ldap.cfg b/x2gobroker/__init__.py similarity index 69% copy from etc/x2gobroker-ldap.cfg copy to x2gobroker/__init__.py index fe8e9bd..ad8c1e4 100644 --- a/etc/x2gobroker-ldap.cfg +++ b/x2gobroker/__init__.py @@ -1,7 +1,7 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> +# -*- coding: utf-8 -*- + # Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# Copyright (C) 2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> # # X2Go Session Broker is free software; you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by @@ -18,7 +18,6 @@ # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. -ldapuri=ldap://<ldapmaster.localdomain> -#replica=ldapi:/// -binddn="cn=admin,dc=example,dc=net" -bindpw="<very-secret>" +__VERSION__ = '0.0.0.1' + + diff --git a/x2gobroker/__init__.pyc b/x2gobroker/__init__.pyc new file mode 100644 index 0000000..302cf0f Binary files /dev/null and b/x2gobroker/__init__.pyc differ diff --git a/x2gobroker/base.py b/x2gobroker/base.py new file mode 100644 index 0000000..a1fe0ca --- /dev/null +++ b/x2gobroker/base.py @@ -0,0 +1,157 @@ +# -*- coding: utf-8 -*- + +# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# Copyright (C) 2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> +# +# X2Go Session Broker is free software; you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# X2Go Session Broker is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program; if not, write to the +# Free Software Foundation, Inc., +# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +"""\ +X2goBrokerBASE class - base skeleton for X2GoBroker implementations + +""" +__NAME__ = 'x2gobroker-pylib' + +# modules +import types +import uuid + +class X2GoBroker(object): + """\ + X2GoBrokerBASE is an abstract class for X2Go broker implementations. + + This class needs to be inherited from a concrete broker class. + + Currently available broker classes are:: + L{zeroconf.X2GoBroker} + L{simple.X2GoBroker} + L{ldap.X2GoBroker} + + """ + def __init__(self): + """\ + Initialize a new X2GoBroker instance to control X2Go session through an + X2Go Client with an intermediate session broker. + """ + self._authid_dict = {} + + def __del__(self): + """\ + Cleanup on destruction of an L{X2GoBroker} instance. + + """ + pass + + def test_connection(self): + #if($cgi->param('task') eq 'testcon') + #{ + # for ( my $i=0;$i<2*1024*1024;$i++ ) + # { + # print int(rand(9)); + # } + # print $cgi->end_html(); + # exit (0); + #} + return 'OK' + + def check_access(self, username='', password='', authid=None): + """\ + Check if a given user with a given password may gain access to the + X2Go session broker. + + @param username: a username known to the session broker + @type username: C{unicode} + @param password: a password that authenticates the user against the X2Go session broker + @type password: C{unicode} + + @return: returns C{True} if the authentication has been successful + @rtype: C{bool} + + """ + + ### IMPLEMENT YOUR AUTHENTICATION LOGIC FIRST, then call base.X2GoBroker.check_access + ### to finalize the authentication process. + + # Before calling this code, you have to evaluate username and password. + # + # If the credentials (username, password) are considered as valid then + # set authid to True. + # + # If credentials are invalid, set authid to None. + + if type(authid) is types.StringType: + authid = unicode(authid) + + if type(authid) is types.UnicodeType: + + if authid == self._authid_dict[username]: + self._authid_dict[username] = uuid.uuid5(namespace=authid, name=username) + return True + + elif type(authid) is types.BooleanType and authid is True: + # generate a first uuid, initialize the connection + self._authid_dict[username] = uuid.uuid4() + return True + + return False + + def get_next_authid(self, username): + """\ + Get the next expected authentication ID for the given user name. + + @param username: query next auth ID for this user + @type username: C{unicode} + + @return: returns next authentication ID for the given username, None if no auth ID has been generated, yet. + @rtype: C{unicode} or C{None} + + """ + try: + return self._authid_dict[username] + except KeyError: + return None + + def list_sessions(self, username): + """\ + Retrieve a list of running/suspended sessions for the user that has authenticated to this + L{X2GoBroker} instance + + @param username: query session list for this user + @type username: C{unicode} + + return: list of session objects + rtype: C{obj} + + """ + return [] + + def select_session(self, session_name=None): + """\ + Select a running/suspended session to be transferred/resumed to the requesting X2Go Client. + If no C{session_name} is given, a new X2Go session is launched for the authenticated user. + + The X2Go server that the session is launched on is selected automatically by the X2Go session + broker. + + """ + return None + + def change_password(self, new='', old=''): + """\ + Modify the authenticated user's password on the X2Go infrastructure (normally, one user + in one X2Go site setup should have the same password on all machines). + + """ + return False diff --git a/x2gobroker/base.pyc b/x2gobroker/base.pyc new file mode 100644 index 0000000..9a9b5ac Binary files /dev/null and b/x2gobroker/base.pyc differ diff --git a/etc/x2gobroker-ldap.cfg b/x2gobroker/ldap.py similarity index 59% copy from etc/x2gobroker-ldap.cfg copy to x2gobroker/ldap.py index fe8e9bd..25fc8b4 100644 --- a/etc/x2gobroker-ldap.cfg +++ b/x2gobroker/ldap.py @@ -1,7 +1,7 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> +# -*- coding: utf-8 -*- + # Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# Copyright (C) 2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> # # X2Go Session Broker is free software; you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by @@ -18,7 +18,28 @@ # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. -ldapuri=ldap://<ldapmaster.localdomain> -#replica=ldapi:/// -binddn="cn=admin,dc=example,dc=net" -bindpw="<very-secret>" +"""\ +X2goBrokerLDAP class - a production X2GoBroker implementations that uses LDAP as configuration backend + +""" +__NAME__ = 'x2gobroker-pylib' + +# modules +import x2gobroker.base + +class X2GoBroker(x2gobroker.base.X2GoBroker): + """\ + + """ + def __init__(self): + """\ + + """ + x2gobroker.base.X2GoBroker.__init__(self) + + def __del__(self): + """\ + + """ + x2gobroker.base.X2GoBroker.__del__(self) + diff --git a/etc/x2gobroker-ldap.cfg b/x2gobroker/simple.py similarity index 59% copy from etc/x2gobroker-ldap.cfg copy to x2gobroker/simple.py index fe8e9bd..ea3fc87 100644 --- a/etc/x2gobroker-ldap.cfg +++ b/x2gobroker/simple.py @@ -1,7 +1,7 @@ -# This file is part of the X2Go Project - http://www.x2go.org -# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> -# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de> +# -*- coding: utf-8 -*- + # Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# Copyright (C) 2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> # # X2Go Session Broker is free software; you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by @@ -18,7 +18,28 @@ # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. -ldapuri=ldap://<ldapmaster.localdomain> -#replica=ldapi:/// -binddn="cn=admin,dc=example,dc=net" -bindpw="<very-secret>" +"""\ +X2goBrokerSIMPLE class - a simple X2GoBroker implementations that uses text-based config files only + +""" +__NAME__ = 'x2gobroker-pylib' + +# modules +import x2gobroker.base + +class X2GoBroker(x2gobroker.base.X2GoBroker): + """\ + + """ + def __init__(self): + """\ + + """ + x2gobroker.base.X2GoBroker.__init__(self) + + def __del__(self): + """\ + + """ + x2gobroker.base.X2GoBroker.__del__(self) + diff --git a/x2gobroker/zeroconf.py b/x2gobroker/zeroconf.py new file mode 100644 index 0000000..af0da2d --- /dev/null +++ b/x2gobroker/zeroconf.py @@ -0,0 +1,56 @@ +# -*- coding: utf-8 -*- + +# Copyright (C) 2012 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# Copyright (C) 2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> +# +# X2Go Session Broker is free software; you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# X2Go Session Broker is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program; if not, write to the +# Free Software Foundation, Inc., +# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +"""\ +X2goBrokerZEROCONF class - a demo X2GoBroker implementations that needs not configuration at all + +""" +__NAME__ = 'x2gobroker-pylib' + +# modules +import pam +import subprocess + +import x2gobroker.base + +from x2gobroker.defaults import X2GOBROKER_AGENT_CMD as _X2GOBROKER_AGENT_CMD + +class X2GoBroker(x2gobroker.base.X2GoBroker): + + def check_access(self, username='', password='', authid=None): + + # do a simple PAM authentication against the PAM service ,,x2gobroker'' + if authid is None: + if username and password: + if pam.authenticate(username, password, service="x2gobroker"): + authid = True + else: + authid = None + + return x2gobroker.base.X2GoBroker.check_access(self, username=username, password=password, authid=authid) + + def list_sessions(self, username): + + # simply call the local x2gobroker-agent to retrieve a session list for <username> + cmd_line = [ _X2GOBROKER_AGENT_CMD, username, "listsessions" ] + broker_agent = subprocess.Popen(cmd_line) + + return broker_agent.stdout() + diff --git a/x2gobroker/zeroconf.pyc b/x2gobroker/zeroconf.pyc new file mode 100644 index 0000000..fbbca0e Binary files /dev/null and b/x2gobroker/zeroconf.pyc differ hooks/post-receive -- x2gobroker.git (HTTP(S) Session broker for X2Go) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).
-
git-admin@x2go.org