[X2Go-Commits] x2gobroker.git - tmp (branch) updated: 1bcff08085a4d7816d8258bb972ead1688b068e5

X2Go dev team git-admin at x2go.org
Tue Apr 23 21:08:41 CEST 2013


The branch, tmp has been updated
       via  1bcff08085a4d7816d8258bb972ead1688b068e5 (commit)
      from  16e9356345684e24cf259701a79a28934762c867 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 etc/x2gobroker.conf                              |    5 ++
 x2gobroker/brokers/base_broker.py                |   22 +++++--
 x2gobroker/defaults.py                           |    1 +
 x2gobroker/nameservices/testsuite_nameservice.py |    7 ++-
 x2gobroker/tests/test_broker_base.py             |   70 ++++++++++++++++++++++
 5 files changed, 98 insertions(+), 7 deletions(-)

The diff of changes is:
diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf
index 024c388..0999376 100644
--- a/etc/x2gobroker.conf
+++ b/etc/x2gobroker.conf
@@ -85,6 +85,11 @@
 #default-user-db = libnss
 #default-group-db = libnss
 
+# on large deployments it is recommended to ignore primary group memberships
+# traversing into all user accounts for primary group detection can be quite
+# CPU intensive on the X2Go Broker server.
+#ignore-primary-group-memberships = True
+
 ###
 ### BACKEND section
 ###
diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py
index be2aa89..85984d3 100644
--- a/x2gobroker/brokers/base_broker.py
+++ b/x2gobroker/brokers/base_broker.py
@@ -86,6 +86,20 @@ class X2GoBroker(object):
         """
         return self.config.get_section('global')
 
+    def get_global_value(self, option):
+        """\
+        Get the configuration setting for an option in the global section of the
+        configuration file.
+
+        @param option: option name in the global configuration section
+        @type option: C{unicode}
+
+        @return: the value for the given global C{option}
+        @rtype: C{bool}, C{unicode}, C{int} or C{list}
+
+        """
+        return self.config.get_value('global', option)
+
     def get_backend_config(self):
         """\
         Get the configuration section of a specific backend.
@@ -102,12 +116,12 @@ class X2GoBroker(object):
         C{option}.
 
         @param backend: the name of the backend
-        @type backend: C{str}
+        @type backend: C{unicode}
         @param option: option name of the backend's configuration section
-        @type option: C{str}
+        @type option: C{unicode}
 
         @return: the value for the given C{backend} C{option}
-        @rtype: C{dict}
+        @rtype: C{bool}, C{unicode}, C{int} or C{list}
 
         """
         return self.config.get_value(backend, option)
@@ -266,7 +280,7 @@ class X2GoBroker(object):
             _allow_group = False
             _deny_group = False
 
-            _user_groups = [u'ALL'] + self.get_user_groups(username, primary_groups=True)
+            _user_groups = [u'ALL'] + self.get_user_groups(username, primary_groups=not self.get_global_value('ignore-primary-group-memberships'))
 
             _allow_group = bool(len(set(_user_groups).intersection( set(_acls[u'acl-groups-allow']) )))
             _deny_group = bool(len(set(_user_groups).intersection( set(_acls[u'acl-groups-deny']) )))
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index f2b67e4..81dc346 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -60,6 +60,7 @@ X2GOBROKER_CONFIG_DEFAULTS = {
         u'default-auth-mech': u'pam',
         u'default-user-db': u'libnss',
         u'default-group-db': u'libnss',
+        u'ignore-primary-group-memberships': True,
     },
     'zeroconf': {
         u'enable': True,
diff --git a/x2gobroker/nameservices/testsuite_nameservice.py b/x2gobroker/nameservices/testsuite_nameservice.py
index a0ea7e2..90c9b33 100644
--- a/x2gobroker/nameservices/testsuite_nameservice.py
+++ b/x2gobroker/nameservices/testsuite_nameservice.py
@@ -46,8 +46,9 @@ class X2GoBrokerNameService(base.X2GoBrokerNameService):
         _members = []
         if group in _groups.keys():
             _members.extend(_groups[group])
-        for username in self.get_users():
-            if unicode(group) == self.get_primary_group(username):
-                _members.append(username)
+        if primary_groups:
+            for username in self.get_users():
+                if unicode(group) == self.get_primary_group(username):
+                    _members.append(username)
         return _members
 
diff --git a/x2gobroker/tests/test_broker_base.py b/x2gobroker/tests/test_broker_base.py
index 14a9e21..8891103 100644
--- a/x2gobroker/tests/test_broker_base.py
+++ b/x2gobroker/tests/test_broker_base.py
@@ -504,6 +504,76 @@ enable = true
         }
         self.assertEqual(base_backend.check_profile_acls(username, acls), False)
 
+    def test_checkprofileacls_group_primarygroups(self):
+        username_f = 'flip' # is a male grasshopper
+        username_m = 'maja' # is a female bee
+        username_w = 'willi' # is a drone (male bee)
+        _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
+        _config = """
+[global]
+default-user-db = testsuite
+default-group-db = testsuite
+
+[base]
+enable = true
+"""
+        tf = tempfile.NamedTemporaryFile()
+        print >> tf, _config
+        tf.seek(0)
+        base_backend = base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults)
+        acls = {
+            'acl-groups-allow': ['bees','flip'],
+            'acl-groups-deny': ['ALL'],
+            'acl-groups-order': 'deny-allow',
+        }
+        self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
+        self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
+        self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
+        _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
+        _config = """
+[global]
+default-user-db = testsuite
+default-group-db = testsuite
+ignore-primary-group-memberships = true
+
+[base]
+enable = true
+"""
+        tf = tempfile.NamedTemporaryFile()
+        print >> tf, _config
+        tf.seek(0)
+        base_backend = base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults)
+        acls = {
+            'acl-groups-allow': ['bees','flip'],
+            'acl-groups-deny': ['ALL'],
+            'acl-groups-order': 'deny-allow',
+        }
+        self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
+        self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
+        self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
+        _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
+        _config = """
+[global]
+default-user-db = testsuite
+default-group-db = testsuite
+ignore-primary-group-memberships = false
+
+[base]
+enable = true
+"""
+        tf = tempfile.NamedTemporaryFile()
+        print >> tf, _config
+        tf.seek(0)
+        base_backend = base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults)
+        acls = {
+            'acl-groups-allow': ['bees','flip'],
+            'acl-groups-deny': ['ALL'],
+            'acl-groups-order': 'deny-allow',
+        }
+        self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
+        self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
+        self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
+
     def test_checkprofileacls_group_combitests(self):
         _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
         _config = """


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).




More information about the x2go-commits mailing list