[X2Go-Commits] x2gobroker.git - tmp (branch) updated: 0.0.0.1-36-gfbb1f87

X2Go dev team git-admin at x2go.org
Tue Apr 23 21:08:46 CEST 2013


The branch, tmp has been updated
       via  fbb1f8755341c5f318b3e3ee2602487005612e4e (commit)
      from  d9c17a236357d7939415afae5b420917f0e2f212 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 debian/control                         |   37 +++++++++++-
 debian/x2gobroker-authservice.default  |   19 ++++++
 debian/x2gobroker-authservice.init     |  102 ++++++++++++++++++++++++++++++++
 debian/x2gobroker-authservice.install  |    1 +
 debian/x2gobroker-authservice.manpages |    1 +
 debian/x2gobroker-daemon.init          |   36 ++---------
 debian/x2gobroker.install              |    1 -
 etc/broker/x2gobroker-loggers.conf     |   23 ++++++-
 sbin/x2gobroker-authservice            |   14 ++---
 x2gobroker/authservice.py              |   23 +++++--
 x2gobroker/defaults.py                 |    1 +
 x2gobroker/loggers.py                  |    5 ++
 12 files changed, 215 insertions(+), 48 deletions(-)
 create mode 100644 debian/x2gobroker-authservice.default
 create mode 100755 debian/x2gobroker-authservice.init
 create mode 100644 debian/x2gobroker-authservice.install
 create mode 100644 debian/x2gobroker-authservice.manpages

The diff of changes is:
diff --git a/debian/control b/debian/control
index 3b222bc..4a7be0d 100644
--- a/debian/control
+++ b/debian/control
@@ -20,8 +20,9 @@ Depends:
  ${misc:Depends},
  ${python:Depends},
  python,
- python-x2gobroker (>= ${source:Version}), python-x2gobroker (<< ${source:Version}.1~),
+ python-argparse,
  python-setproctitle,
+ python-x2gobroker (>= ${source:Version}), python-x2gobroker (<< ${source:Version}.1~),
 Suggests:
  apache2 | httpd,
 Description: X2Go http(s) based session broker (executable)
@@ -45,12 +46,46 @@ Description: X2Go http(s) based session broker (executable)
  .
  This package contains the x2gobroker executable.
 
+Package: x2gobroker-authservice
+Architecture: all
+Depends:
+ python,
+ python-argparse,
+ python-setproctitle,
+ ${misc:Depends},
+ ${python:Depends},
+Suggests:
+ apache2 | httpd,
+Description: X2Go http(s) based session broker (PAM authentication service)
+ X2Go is a server based computing environment with
+    - session resuming
+    - low bandwidth support
+    - LDAP support
+    - client side mass storage mounting support
+    - client side printing support
+    - audio support
+    - authentication by smartcard and USB stick
+ .
+ The session broker is a server tool for X2Go that
+ tells your X2Go Client application in a terminal
+ server cluster what servers and session types are
+ most appropriate for the user in front of the
+ X2Go terminal.
+ .
+ A session broker is most useful in load balanced
+ X2Go server farms.
+ .
+ This package contains the authentication service
+ against the PAM system.
+
 Package: x2gobroker-daemon
 Architecture: all
 Depends:
  ${misc:Depends},
  ${python:Depends},
  x2gobroker (>= ${source:Version}), x2gobroker (<< ${source:Version}.1~),
+Recommends:
+ x2gobroker-authservice,
 Suggests:
  apache2 | httpd,
 Description: X2Go http(s) based session broker (daemon)
diff --git a/debian/x2gobroker-authservice.default b/debian/x2gobroker-authservice.default
new file mode 100644
index 0000000..9f89cd4
--- /dev/null
+++ b/debian/x2gobroker-authservice.default
@@ -0,0 +1,19 @@
+# X2Go Session Broker (PAM Authentication Service) configuration for Debian
+
+# For PAM authentication the X2Go Session Broker needs its authentication
+# service. The session broker itself runs as a non-privileged user (see below)
+# whereas the authentication service must run as super-user root.
+#
+# If you do not use PAM as authentication mechanism with the X2Go Session Broker,
+# you can disable the authentication service here.
+START_AUTHSERVICE=true
+
+# The posix user ID the broker runs under (do not change!)
+# if you change it nonetheless, make sure that the log file
+# directory (default: /var/log/x2gobroker) and files in there are
+# writable by that user
+#X2GOBROKER_DAEMON_GROUP=x2gobroker
+
+# The unix socket file for communication between the broker and the authentication service.
+#X2GOBROKER_AUTHSERVICE_SOCKET=/run/x2gobroker/x2gobroker-authservice.socket
+
diff --git a/debian/x2gobroker-authservice.init b/debian/x2gobroker-authservice.init
new file mode 100755
index 0000000..ccbad0a
--- /dev/null
+++ b/debian/x2gobroker-authservice.init
@@ -0,0 +1,102 @@
+#!/bin/sh
+#
+# Start the X2Go Session Broker PAM Authentication Service
+#
+# Copyright © 2012 Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+# Distributable under the terms of the GNU AGPL version 2.
+#
+### BEGIN INIT INFO
+# Provides:          x2gobroker-authservice
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: X2Go Session Broker PAM Authentication Service
+# Description:       PAM authentication service for X2Go Session Broker
+### END INIT INFO
+#
+
+set -eu
+
+AUTHSERVICE=/usr/sbin/x2gobroker-authservice
+test -d /run && RUNDIR=/run || RUNDIR=/var/run
+PIDFILE_AUTHSERVICE=$RUNDIR/x2gobroker/x2gobroker-authservice.pid
+DEBIANCONFIG=/etc/default/x2gobroker-authservice
+
+test -x "$AUTHSERVICE" || exit 0
+
+START_AUTHSERVICE=false
+X2GOBROKER_DAEMON_USER='x2gobroker'
+X2GOBROKER_DAEMON_GROUP='x2gobroker'
+X2GOBROKER_AUTHSERVICE_SOCKET="$RUNDIR/x2gobroker/x2gobroker-authservice.socket"
+test -f $DEBIANCONFIG && . $DEBIANCONFIG
+
+
+if ! getent passwd $X2GOBROKER_DAEMON_USER 1>/dev/null 2>/dev/null; then
+	X2GOBROKER_DAEMON_USER=nobody
+fi
+if ! getent group $X2GOBROKER_DAEMON_GROUP 1>/dev/null 2>/dev/null; then
+	X2GOBROKER_DAEMON_USER=nogroup
+fi
+
+# create PID directory
+mkdir -p $RUNDIR/x2gobroker
+chown $X2GOBROKER_DAEMON_USER:$X2GOBROKER_DAEMON_GROUP $RUNDIR/x2gobroker
+chmod 0700 $RUNDIR/x2gobroker
+
+export X2GOBROKER_DAEMON_USER
+export X2GOBROKER_DAEMON_GROUP
+export X2GOBROKER_AUTHSERVICE_SOCKET
+
+. /lib/lsb/init-functions
+
+is_true()
+{
+	case "${1:-}" in
+		[Yy]es|[Yy]|1|[Tt]|[Tt]rue) return 0;;
+		*) return 1;
+	esac
+}
+
+case "${1:-}" in
+	start)
+		if [ -f $PIDFILE_AUTHSERVICE ]; then
+			if ps -u root | grep $(basename $AUTHSERVICE) 1>/dev/null 2>/dev/null; then
+				log_warning_msg "X2Go Broker Authentication Service already running"
+			else
+				log_warning_msg "X2Go Broker Authentication Service: stale PID file ($PIDFILE_AUTHSERVICE). Delete it manually!"
+			fi
+			START_AUTHSERVICE=no
+		fi
+		if is_true $START_AUTHSERVICE; then
+			set +e
+			# once we are here, we have to make sure the authservice.socket does not exist
+			rm -f $X2GOBROKER_AUTHSERVICE_SOCKET
+			# and now we can start the auth service
+			log_daemon_msg "Starting X2Go Broker Authentication Service" "$(basename $AUTHSERVICE)"
+			start-stop-daemon -b -m -S -p $PIDFILE_AUTHSERVICE -x $AUTHSERVICE -- -s $X2GOBROKER_AUTHSERVICE_SOCKET -o root -g $X2GOBROKER_DAEMON_GROUP -p 0660
+			set -e
+			log_end_msg $?
+		fi
+	;;
+	stop)
+		if [ -f $PIDFILE_AUTHSERVICE ] ; then
+			log_daemon_msg "X2Go Broker Authentication Service" "$(basename $AUTHSERVICE)"
+			set +e
+			start-stop-daemon -K -p $PIDFILE_AUTHSERVICE
+			rm -f $PIDFILE_AUTHSERVICE
+			log_end_msg $?
+			set -e
+		fi
+	;;
+	restart|reload|force-reload)
+		${0:-} stop
+		${0:-} start
+	;;
+	*)
+		echo "Usage: ${0:-} {start|stop|restart|reload|force-reload}" >&2
+		exit 1
+		;;
+esac
+
+exit 0
diff --git a/debian/x2gobroker-authservice.install b/debian/x2gobroker-authservice.install
new file mode 100644
index 0000000..03fb37c
--- /dev/null
+++ b/debian/x2gobroker-authservice.install
@@ -0,0 +1 @@
+sbin/x2gobroker-authservice usr/sbin/
\ No newline at end of file
diff --git a/debian/x2gobroker-authservice.manpages b/debian/x2gobroker-authservice.manpages
new file mode 100644
index 0000000..f32e545
--- /dev/null
+++ b/debian/x2gobroker-authservice.manpages
@@ -0,0 +1 @@
+#man/man8/x2gobroker-authservice.8
\ No newline at end of file
diff --git a/debian/x2gobroker-daemon.init b/debian/x2gobroker-daemon.init
index 67276e4..a632a86 100755
--- a/debian/x2gobroker-daemon.init
+++ b/debian/x2gobroker-daemon.init
@@ -7,7 +7,7 @@
 #
 ### BEGIN INIT INFO
 # Provides:          x2gobroker-daemon
-# Required-Start:    $remote_fs $syslog
+# Required-Start:    $remote_fs $syslog x2gobroker-authservice
 # Required-Stop:     $remote_fs $syslog
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
@@ -19,16 +19,14 @@
 set -eu
 
 DAEMON=/usr/sbin/x2gobroker
-AUTHSERVICE=/usr/sbin/x2gobroker-authservice
 test -d /run && RUNDIR=/run || RUNDIR=/var/run
 PIDFILE_BROKER=$RUNDIR/x2gobroker/x2gobroker-daemon.pid
-PIDFILE_AUTHSERVICE=$RUNDIR/x2gobroker/x2gobroker-authservice.pid
 DEBIANCONFIG=/etc/default/x2gobroker-daemon
+DEBIANCONFIG_AUTHSERVICE=/etc/default/x2gobroker-daemon
 
 test -x "$DAEMON" || exit 0
 
 START_BROKER=false
-START_AUTHSERVICE=false
 DAEMON_BIND_ADDRESS=127.0.0.1:8080
 X2GOBROKER_DEBUG=0
 X2GOBROKER_DAEMON_USER='x2gobroker'
@@ -40,16 +38,12 @@ X2GOBROKER_AUTHSERVICE_SOCKET="$RUNDIR/x2gobroker/x2gobroker-authservice.socket"
 X2GOBROKER_SSL_CERTFILE=
 X2GOBROKER_SSL_KEYFILE=
 test -f $DEBIANCONFIG && . $DEBIANCONFIG
+test -f $DEBIANCONFIG_AUTHSERVICE && . $DEBIANCONFIG_AUTHSERVICE
 
 if ! getent passwd $X2GOBROKER_DAEMON_USER 1>/dev/null 2>/dev/null; then
 	X2GOBROKER_DAEMON_USER=nobody
 fi
 
-# create PID directory
-mkdir -p $RUNDIR/x2gobroker
-chown $X2GOBROKER_DAEMON_USER:nogroup $RUNDIR/x2gobroker
-chmod 0700 $RUNDIR/x2gobroker
-
 # mend user ID variables when --chuid $X2GOBROKER_DAEMON_USER is used with start-stop-daemon
 export LOGNAME=$X2GOBROKER_DAEMON_USER
 export USER=$X2GOBROKER_DAEMON_USER
@@ -77,7 +71,7 @@ is_true()
 
 case "${1:-}" in
 	start)
-		if [ -e $PIDFILE_BROKER ]; then
+		if [ -f $PIDFILE_BROKER ]; then
 			if ps -u $X2GOBROKER_DAEMON_USER | grep $(basename $DAEMON) 1>/dev/null 2>/dev/null; then
 				log_warning_msg "X2Go Session Broker already running"
 			else
@@ -91,20 +85,6 @@ case "${1:-}" in
 			start-stop-daemon --chuid $X2GOBROKER_DAEMON_USER -b -m -S -p $PIDFILE_BROKER -x $DAEMON -- -b $DAEMON_BIND_ADDRESS
 			log_end_msg $?
 			set -e
-			if [ -e $PIDFILE_AUTHSERVICE ]; then
-				if ps -u root | grep $(basename $AUTHSERVICE) 1>/dev/null 2>/dev/null; then
-					log_warning_msg "X2Go Broker Authentication Service already running"
-				else
-					log_warning_msg "X2Go Broker Authentication Service: stale PID file ($PIDFILE_AUTHSERVICE). Delete it manually!"
-				fi
-				START_AUTHSERVICE=no
-			fi
-			if is_true $START_AUTHSERVICE; then
-				set +e
-				log_daemon_msg "Starting X2Go Broker Authentication Service" "$(basename $AUTHSERVICE)"
-				start-stop-daemon -b -m -S -p $PIDFILE_AUTHSERVICE -x $AUTHSERVICE -- -s $X2GOBROKER_AUTHSERVICE_SOCKET
-				set -e
-			fi
 		fi
 	;;
 	stop)
@@ -116,14 +96,6 @@ case "${1:-}" in
 			log_end_msg $?
 			set -e
 		fi
-		if [ -f $PIDFILE_AUTHSERVICE ] ; then
-			log_daemon_msg "X2Go Broker Authentication Service" "$(basename $AUTHSERVICE)"
-			set +e
-			start-stop-daemon -K -p $PIDFILE_AUTHSERVICE
-			rm -f $PIDFILE_AUTHSERVICE
-			log_end_msg $?
-			set -e
-		fi
 	;;
 	restart|reload|force-reload)
 		${0:-} stop
diff --git a/debian/x2gobroker.install b/debian/x2gobroker.install
index 29dc1c0..fac20e4 100644
--- a/debian/x2gobroker.install
+++ b/debian/x2gobroker.install
@@ -1,2 +1 @@
 sbin/x2gobroker usr/sbin/
-sbin/x2gobroker-authservice usr/sbin/
\ No newline at end of file
diff --git a/etc/broker/x2gobroker-loggers.conf b/etc/broker/x2gobroker-loggers.conf
index 36d5e3e..4c395a2 100644
--- a/etc/broker/x2gobroker-loggers.conf
+++ b/etc/broker/x2gobroker-loggers.conf
@@ -18,18 +18,20 @@
 # Free Software Foundation, Inc.,
 # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
 
+# WARNING: only modify this file if you _exactly_ know what you are doing!!!
+
 [loggers]
-keys=root,broker,access,error
+keys=root,broker,authservice,access,error
 
 [logger_root]
 level=NOTSET
 handlers=stdoutHandler
 
 [handlers]
-keys=stdoutHandler,brokerFileHandler,accessFileHandler,errorFileHandler
+keys=stdoutHandler,brokerFileHandler,authserviceFileHandler,accessFileHandler,errorFileHandler
 
 [formatters]
-keys=brokerFormatter,accessFormatter,errorFormatter
+keys=brokerFormatter,authserviceFormatter,accessFormatter,errorFormatter
 
 [handler_stdoutHandler]
 class=StreamHandler
@@ -50,6 +52,21 @@ args=('/var/log/x2gobroker/broker.log',)
 format=%(asctime)s - %(name)s - %(levelname)s - %(message)s
 datefmt=
 
+[logger_authservice]
+level=DEBUG
+handlers=authserviceFileHandler
+qualname=authservice
+propagate=0
+
+[handler_authserviceFileHandler]
+class=FileHandler
+formatter=authserviceFormatter
+args=('/var/log/x2gobroker/authservice.log',)
+
+[formatter_authserviceFormatter]
+format=%(asctime)s - %(name)s - %(levelname)s - %(message)s
+datefmt=
+
 [logger_access]
 level=DEBUG
 handlers=accessFileHandler
diff --git a/sbin/x2gobroker-authservice b/sbin/x2gobroker-authservice
index 12974f8..6ff6423 100755
--- a/sbin/x2gobroker-authservice
+++ b/sbin/x2gobroker-authservice
@@ -40,10 +40,13 @@ setproctitle.setproctitle("%s %s" % (PROG_NAME, " ".join(PROG_OPTIONS)))
 if __name__ == '__main__':
 
     common_options = [
-        {'args':['-s','--socket-file'], 'default': x2gobroker.defaults.X2GOBROKER_AUTHSERVICE_SOCKET, 'metavar': 'AUTHSOCKET', 'help': 'socket file for AuthService communication', },
-        {'args':['-d','--debug'], 'default': False, 'action': 'store_true', 'help': 'enable debugging code', },
+        {'args':['-s','--socket-file'], 'default': x2gobroker.authservice.X2GOBROKER_AUTHSERVICE_SOCKET, 'metavar': 'AUTHSOCKET', 'help': 'socket file for AuthService communication', },
+        {'args':['-o','--owner'], 'default': 'root', 'help': 'owner of the AuthService socket file', },
+        {'args':['-g','--group'], 'default': 'root', 'help': 'group ownership of the AuthService socket file', },
+        {'args':['-p','--permissions'], 'default': '0660', 'help': 'set these file permissions for the AuthService socket file', },
+
     ]
-    p = argparse.ArgumentParser(description='X2Go Session Broker (PAM Auth Service)',\
+    p = argparse.ArgumentParser(description='X2Go Session Broker (PAM Authentication Service)',\
                                 formatter_class=argparse.RawDescriptionHelpFormatter, \
                                 add_help=True, argument_default=None)
     p_common = p.add_argument_group('common parameters')
@@ -56,11 +59,8 @@ if __name__ == '__main__':
 
     cmdline_args = p.parse_args()
 
-    if cmdline_args.debug:
-        x2gobroker.defaults.X2GOBROKER_DEBUG = cmdline_args.debug
-
     socket_file = cmdline_args.socket_file
-    x2gobroker.authservice.AuthService(socket_file)
+    x2gobroker.authservice.AuthService(socket_file, owner=cmdline_args.owner, group_owner=cmdline_args.group, permissions=cmdline_args.permissions)
     try:
         x2gobroker.authservice.loop()
     except KeyboardInterrupt:
diff --git a/x2gobroker/authservice.py b/x2gobroker/authservice.py
index 018be90..7b12bb9 100644
--- a/x2gobroker/authservice.py
+++ b/x2gobroker/authservice.py
@@ -20,11 +20,23 @@
 # Free Software Foundation, Inc.,
 # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
 
+import os
 import asyncore
 import pam
 import socket
 
-import x2gobroker.defaults
+from pwd import getpwnam
+from grp import getgrnam
+
+from loggers import logger_authservice
+
+logger_authservice.info('X2Go Session Broker PAM Authentication Service: Setting up the broker\'s environment...')
+if os.environ.has_key('X2GOBROKER_AUTHSERVICE_SOCKET'):
+    X2GOBROKER_AUTHSERVICE_SOCKET=os.environ['X2GOBROKER_AUTHSERVICE_SOCKET']
+else:
+    X2GOBROKER_AUTHSERVICE_SOCKET="/var/run/x2gobroker-authservice.socket"
+logger_authservice.info('  X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=X2GOBROKER_AUTHSERVICE_SOCKET))
+
 
 class AuthClient(asyncore.dispatcher_with_send):
 
@@ -56,11 +68,13 @@ class AuthClient(asyncore.dispatcher_with_send):
 
 class AuthService(asyncore.dispatcher_with_send):
 
-    def __init__(self, socketfile):
+    def __init__(self, socketfile, owner='root', group_owner='root', permissions='0660'):
         asyncore.dispatcher_with_send.__init__(self)
         self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM)
         self.set_reuse_addr()
         self.bind(socketfile)
+        os.chown(socketfile, getpwnam(owner).pw_uid, getgrnam(group_owner).gr_gid)
+        os.chmod(socketfile, int(permissions, 8))
         self.listen(1)
 
     def handle_accept(self):
@@ -74,11 +88,12 @@ def loop():
 
 def authenticate(username, password, service="x2gobroker"):
     s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
-    s.connect(x2gobroker.defaults.X2GOBROKER_AUTHSERVICE_SOCKET)
-
+    s.connect(X2GOBROKER_AUTHSERVICE_SOCKET)
     s.send('{username} {password} {service}\n'.format(username=username, password=password, service=service))
     result = s.recv(1024)
     s.close()
     if result.startswith('ok'):
+        logger_authservice.info('authentication against PAM service {service} succeeded for {username}'.format(username=username, service=service))
         return True
+    logger_authservice.info('authentication against service {service} failed for user {username}'.format(username=username, service=service))
     return False
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index c02ce43..f56a566 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -68,6 +68,7 @@ elif os.geteuid() == 0:
     logger_broker.warn('X2Go Session Broker should not be run as root, better run as non-privileged user')
 
 logger_broker.info('Setting up the broker\'s environment...')
+logger_broker.info('X2Go Session Broker: Setting up the broker\'s environment...')
 logger_broker.info('  X2GOBROKER_DEBUG: {value}'.format(value=X2GOBROKER_DEBUG))
 
 if os.environ.has_key('X2GOBROKER_CONFIG'):
diff --git a/x2gobroker/loggers.py b/x2gobroker/loggers.py
index 7791bbd..2dd9178 100644
--- a/x2gobroker/loggers.py
+++ b/x2gobroker/loggers.py
@@ -43,6 +43,7 @@ if getpass.getuser() == X2GOBROKER_DAEMON_USER:
 
     # create loggers
     logger_broker = logging.getLogger('broker')
+    logger_authservice = logging.getLogger('authservice')
     logger_access = logging.getLogger('access')
     logger_error = logging.getLogger('error')
 
@@ -58,6 +59,10 @@ else:
     logger_broker.addHandler(stdout_handler)
     logger_broker.propagate = 0
 
+    logger_authservice = logging.getLogger('authservice')
+    logger_authservice.addHandler(stdout_handler)
+    logger_authservice.propagate = 0
+
     logger_access = logging.getLogger('access')
     logger_access.addHandler(stdout_handler)
     logger_access.propagate = 0


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).




More information about the x2go-commits mailing list