This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch master in repository x2gobroker. from 73f9432 x2gobroker.conf: typo fix new 31e2b0c Allow switching to dynamic cookie auth, after the connection has been successfully established by a first successful user+password authentication. new 9226ced typo fix in comment new a5c2d20 dynamic cookie auth: add a note about handling old/stray cookie files The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: debian/changelog | 3 +++ etc/x2gobroker.conf | 9 +++++++++ x2gobroker/brokers/base_broker.py | 17 +++++++++++++---- x2gobroker/defaults.py | 1 + 4 files changed, 26 insertions(+), 4 deletions(-) -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit 9226ced1d1530105f191733b810e27ee91d0cf68 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Sun Mar 9 13:58:28 2014 +0100 typo fix in comment --- x2gobroker/brokers/base_broker.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py index 3a9de86..3dc859f 100644 --- a/x2gobroker/brokers/base_broker.py +++ b/x2gobroker/brokers/base_broker.py @@ -782,7 +782,7 @@ class X2GoBroker(object): return False, None if access or cookie == None or cookie == "" or self.config.get_value('global', 'password-auth-initializes-cookie'): - # this should be the first time we have seen this user or they are using old client so verify their passwrd + # this should be the first time we have seen this user or they are using old client so verify their password ### IMPLEMENT YOUR AUTHENTICATION LOGIC IN THE self._do_authenticate(**kwargs) METHOD ### when inheriting from the base.X2GoBroker class. -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit 31e2b0c99d26a5061fbb4c85fd86f0d229decfc5 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Sun Mar 9 13:56:50 2014 +0100 Allow switching to dynamic cookie auth, after the connection has been successfully established by a first successful user+password authentication. --- debian/changelog | 3 +++ etc/x2gobroker.conf | 9 +++++++++ x2gobroker/brokers/base_broker.py | 12 +++++++++--- x2gobroker/defaults.py | 1 + 4 files changed, 22 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index d09e2f4..ba6bb07 100644 --- a/debian/changelog +++ b/debian/changelog @@ -93,6 +93,9 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low x2gobroker(-daemon) is run as uidNumber 0. - Implement dynamic authid for JSON WebUI frontend. Add a generic metadata top level to the JSON output tree. + - Allow switching to dynamic cookie auth, after the connection has been + successfully established by a first successful user+password + authentication. * debian/control: + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. + Fix SYNOPSIS texts. diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf index c275e30..4924a26 100644 --- a/etc/x2gobroker.conf +++ b/etc/x2gobroker.conf @@ -34,6 +34,15 @@ # to make the X2Go Session Broker require this feature #require-cookie = false +# If require-cookie is set to true, the user normally always needs an initial +# authentication cookie to start the connection with (this is pre-shared key +# the broker admin has to provide to X2Go Client users). +# +# Alternatively, you can allow a first authentication without cookie, but with +# username and password only. Further authentication then can use the cookie +# provided after first successful connect. +#password-auth-initializes-cookie=true + # X2Go supports two different cookie authentication modes (static and dynamic). # Dynamic cookies send new cookie to client on every request. This could possibly # cause issues if a client ever tries multiple requests at the same time. diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py index 0fa010d..3a9de86 100644 --- a/x2gobroker/brokers/base_broker.py +++ b/x2gobroker/brokers/base_broker.py @@ -755,8 +755,6 @@ class X2GoBroker(object): # this catches a validation check from the UCCS web frontend... return False, None - ### IMPLEMENT YOUR AUTHENTICATION LOGIC IN THE self._do_authenticate(**kwargs) METHOD - ### when inheriting from the base.X2GoBroker class. if type(cookie) is types.StringType: cookie = unicode(cookie) @@ -783,9 +781,17 @@ class X2GoBroker(object): logger_broker.warning('base_broker.X2GoBroker.check_access(): could not create cookie-directory {cookie_directory} failing to authenticate'.format(cookie_directory=cookie_directory)) return False, None - if access or cookie == None or cookie == "": + if access or cookie == None or cookie == "" or self.config.get_value('global', 'password-auth-initializes-cookie'): # this should be the first time we have seen this user or they are using old client so verify their passwrd + + ### IMPLEMENT YOUR AUTHENTICATION LOGIC IN THE self._do_authenticate(**kwargs) METHOD + ### when inheriting from the base.X2GoBroker class. + access = self._do_authenticate(username=username, password=password) + + ### + ### + logger_broker.debug('base_broker.X2GoBroker.check_access(): checking for valid password: {access}'.format(access=access)) if access: diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py index d4bfaaf..e6677f9 100644 --- a/x2gobroker/defaults.py +++ b/x2gobroker/defaults.py @@ -182,6 +182,7 @@ X2GOBROKER_CONFIG_DEFAULTS = { 'global': { u'require-password': True, u'require-cookie': False, + u'password-auth-initializes-cookie': True, u'use-static-cookie': True, u'auth-timeout': 36000, u'cookie-directory': '/var/log/x2gobroker/cookies', -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit a5c2d208cf8045553d105b77eebe4376962a3a84 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Sun Mar 9 14:06:35 2014 +0100 dynamic cookie auth: add a note about handling old/stray cookie files --- x2gobroker/brokers/base_broker.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py index 3dc859f..66e92e5 100644 --- a/x2gobroker/brokers/base_broker.py +++ b/x2gobroker/brokers/base_broker.py @@ -833,6 +833,9 @@ class X2GoBroker(object): fh.close() access = True else: + + # FIXME: here we need some magic to remove deprecated cookie files (by their timestamp)!!! + # client sent us an unknown cookie so failing auth logger_broker.debug('base_broker.X2GoBroker.check_access(): User {username} from {ip} presented cookie {cookie} which is not recognized - rejecting user'.format(username=username, cookie=cookie, ip=ip)) return False, None -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
-
git-admin@x2go.org