[X2Go-Commits] x2gobroker.git - build-main (branch) updated: 0.0.1.0-24-g5d0e87d
X2Go dev team
git-admin at x2go.org
Tue Apr 23 23:21:53 CEST 2013
The branch, build-main has been updated
via 5d0e87dc21b65c1ddbc3b9de20d6cd9424625e1e (commit)
from 5c84b2ac39cabc4f1ae3051fb220c7f65149d561 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
debian/changelog | 2 +
sbin/x2gobroker-authservice | 96 +++++++++++++++++++++++++++++++++++--------
x2gobroker/authservice.py | 81 ++++--------------------------------
3 files changed, 90 insertions(+), 89 deletions(-)
The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index f5c5c79..622208b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,8 @@ x2gobroker (0.0.1.1-0~x2go1) UNRELEASED; urgency=low
- x2gobroker-pubkeyauthorizer: no logging-to-file support anymore.
(Fixes: #175).
- Fix name of get() method for /pubkeys/ URL path. (Fixes: #176).
+ - Move AuthService server code fully into x2gobroker-authservice
+ daemon script.
* /debian/control:
+ Fix --root parameter in DEB_PYTHON_INSTALL_ARGS.
+ Let bin:package x2gobroker-authservice depend on python-x2gobroker (of the
diff --git a/sbin/x2gobroker-authservice b/sbin/x2gobroker-authservice
index 5f0bd13..534a532 100755
--- a/sbin/x2gobroker-authservice
+++ b/sbin/x2gobroker-authservice
@@ -26,12 +26,10 @@ import sys
import setproctitle
import argparse
import logging
-
-try:
- import x2gobroker.authservice
-except ImportError:
- sys.path.insert(0, os.path.join(os.getcwd(), '..'))
- import x2gobroker.authservice
+import asyncore
+import socket
+import getpass
+import logging.config
PROG_NAME = os.path.basename(sys.argv[0])
PROG_OPTIONS = sys.argv[1:]
@@ -40,23 +38,89 @@ setproctitle.setproctitle("%s %s" % (PROG_NAME, " ".join(PROG_OPTIONS)))
from x2gobroker import __VERSION__
from x2gobroker import __AUTHOR__
+
+class AuthService(asyncore.dispatcher_with_send):
+
+ def __init__(self, socketfile, owner='root', group_owner='root', permissions='0660'):
+ asyncore.dispatcher_with_send.__init__(self)
+ self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM)
+ self.set_reuse_addr()
+ self.bind(socketfile)
+ os.chown(socketfile, getpwnam(owner).pw_uid, getgrnam(group_owner).gr_gid)
+ os.chmod(socketfile, int(permissions, 8))
+ self.listen(1)
+
+ def handle_accept(self):
+ conn, _ = self.accept()
+ AuthClient(conn)
+
+
+def loop():
+ asyncore.loop()
+
+
+# normally this would go into defaults.py, however, we do not want to pull in defaults.py here as that will create
+# unwanted logfiles (access.log, broker.log, error.log) when x2gobroker-authservice is installed as standalone service
+if os.environ.has_key('X2GOBROKER_DEBUG'):
+ X2GOBROKER_DEBUG = ( os.environ['X2GOBROKER_DEBUG'].lower() in ('1', 'on', 'true', 'yes', ) )
+else:
+ X2GOBROKER_DEBUG = False
+if os.environ.has_key('X2GOBROKER_TESTSUITE'):
+ X2GOBROKER_TESTSUITE = ( os.environ['X2GOBROKER_TESTSUITE'].lower() in ('1', 'on', 'true', 'yes', ) )
+else:
+ X2GOBROKER_TESTSUITE = False
+if os.environ.has_key('X2GOBROKER_DAEMON_USER'):
+ X2GOBROKER_DAEMON_USER=os.environ['X2GOBROKER_DAEMON_USER']
+else:
+ X2GOBROKER_DAEMON_USER="x2gobroker"
+if os.environ.has_key('X2GOBROKER_AUTHSERVICE_LOGCONFIG'):
+ X2GOBROKER_AUTHSERVICE_LOGCONFIG=os.environ['X2GOBROKER_AUTHSERVICE_LOGCONFIG']
+else:
+ X2GOBROKER_AUTHSERVICE_LOGCONFIG="/etc/x2go/broker/x2gobroker-authservice-logger.conf"
+if os.environ.has_key('X2GOBROKER_AUTHSERVICE_SOCKET'):
+ X2GOBROKER_AUTHSERVICE_SOCKET=os.environ['X2GOBROKER_AUTHSERVICE_SOCKET']
+else:
+ X2GOBROKER_AUTHSERVICE_SOCKET="/run/x2gobroker/x2gobroker-authservice.socket"
+
+# standalone daemon mode (x2gobroker-authservice as daemon) or interactive mode (called from the cmdline)?
+if getpass.getuser() in (X2GOBROKER_DAEMON_USER, 'root'):
+
+ # we run in standalone daemon mode, so let's use the system configuration for logging
+ logging.config.fileConfig(X2GOBROKER_AUTHSERVICE_LOGCONFIG)
+
+ # create authservice logger
+ logger_authservice = logging.getLogger('authservice')
+
+else:
+ logger_root = logging.getLogger()
+ stderr_handler = logging.StreamHandler(sys.stderr)
+ stderr_handler.setFormatter(logging.Formatter(fmt='%(asctime)s - %(name)s - %(levelname)s - %(message)s', datefmt=''))
+
+ # all loggers stream to stderr...
+ logger_root.addHandler(stderr_handler)
+
+ logger_authservice = logging.getLogger('authservice')
+ logger_authservice.addHandler(stderr_handler)
+ logger_authservice.propagate = 0
+
+
# raise log level to DEBUG if requested...
-if x2gobroker.authservice.X2GOBROKER_DEBUG and not x2gobroker.authservice.X2GOBROKER_TESTSUITE:
- x2gobroker.authservice.logger_authservice.setLevel(logging.DEBUG)
+if X2GOBROKER_DEBUG and not X2GOBROKER_TESTSUITE:
+ logger_authservice.setLevel(logging.DEBUG)
-x2gobroker.authservice.logger_authservice.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__))
-x2gobroker.authservice.logger_authservice.info('Setting up the PAM authentication service\'s environment...')
-x2gobroker.authservice.logger_authservice.info(' X2GOBROKER_DEBUG: {value}'.format(value=x2gobroker.authservice.X2GOBROKER_DEBUG))
-x2gobroker.authservice.logger_authservice.info(' X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=x2gobroker.authservice.X2GOBROKER_AUTHSERVICE_SOCKET))
+logger_authservice.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__))
+logger_authservice.info('Setting up the PAM authentication service\'s environment...')
+logger_authservice.info(' X2GOBROKER_DEBUG: {value}'.format(value=X2GOBROKER_DEBUG))
+logger_authservice.info(' X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=X2GOBROKER_AUTHSERVICE_SOCKET))
# check effective UID the broker runs as and complain appropriately...
if os.geteuid() != 0:
- x2gobroker.authservice.logger_authservice.warn('X2Go Session Broker\'s PAM authentication service should run with root privileges to guarantee proper access to all PAM modules.')
+ logger_authservice.warn('X2Go Session Broker\'s PAM authentication service should run with root privileges to guarantee proper access to all PAM modules.')
if __name__ == '__main__':
common_options = [
- {'args':['-s','--socket-file'], 'default': x2gobroker.authservice.X2GOBROKER_AUTHSERVICE_SOCKET, 'metavar': 'AUTHSOCKET', 'help': 'socket file for AuthService communication', },
+ {'args':['-s','--socket-file'], 'default': X2GOBROKER_AUTHSERVICE_SOCKET, 'metavar': 'AUTHSOCKET', 'help': 'socket file for AuthService communication', },
{'args':['-o','--owner'], 'default': 'root', 'help': 'owner of the AuthService socket file', },
{'args':['-g','--group'], 'default': 'root', 'help': 'group ownership of the AuthService socket file', },
{'args':['-p','--permissions'], 'default': '0660', 'help': 'set these file permissions for the AuthService socket file', },
@@ -76,8 +140,8 @@ if __name__ == '__main__':
cmdline_args = p.parse_args()
socket_file = cmdline_args.socket_file
- x2gobroker.authservice.AuthService(socket_file, owner=cmdline_args.owner, group_owner=cmdline_args.group, permissions=cmdline_args.permissions)
+ AuthService(socket_file, owner=cmdline_args.owner, group_owner=cmdline_args.group, permissions=cmdline_args.permissions)
try:
- x2gobroker.authservice.loop()
+ loop()
except KeyboardInterrupt:
pass
diff --git a/x2gobroker/authservice.py b/x2gobroker/authservice.py
index 0f97a29..ae1518a 100644
--- a/x2gobroker/authservice.py
+++ b/x2gobroker/authservice.py
@@ -22,58 +22,13 @@
import os
import asyncore
-import pam
import socket
import getpass
-import logging
-import logging.config
-from pwd import getpwnam
-from grp import getgrnam
+# X2Go Session Broker modules
+import x2gobroker.defaults
+from x2gobroker.loggers import logger_broker
-# normally this would go into defaults.py, however, we do not want to pull in defaults.py here as that will create
-# unwanted logfiles (access.log, broker.log, error.log) when x2gobroker-authservice is installed as standalone service
-if os.environ.has_key('X2GOBROKER_DEBUG'):
- X2GOBROKER_DEBUG = ( os.environ['X2GOBROKER_DEBUG'].lower() in ('1', 'on', 'true', 'yes', ) )
-else:
- X2GOBROKER_DEBUG = False
-if os.environ.has_key('X2GOBROKER_TESTSUITE'):
- X2GOBROKER_TESTSUITE = ( os.environ['X2GOBROKER_TESTSUITE'].lower() in ('1', 'on', 'true', 'yes', ) )
-else:
- X2GOBROKER_TESTSUITE = False
-if os.environ.has_key('X2GOBROKER_DAEMON_USER'):
- X2GOBROKER_DAEMON_USER=os.environ['X2GOBROKER_DAEMON_USER']
-else:
- X2GOBROKER_DAEMON_USER="x2gobroker"
-if os.environ.has_key('X2GOBROKER_AUTHSERVICE_LOGCONFIG'):
- X2GOBROKER_AUTHSERVICE_LOGCONFIG=os.environ['X2GOBROKER_AUTHSERVICE_LOGCONFIG']
-else:
- X2GOBROKER_AUTHSERVICE_LOGCONFIG="/etc/x2go/broker/x2gobroker-authservice-logger.conf"
-if os.environ.has_key('X2GOBROKER_AUTHSERVICE_SOCKET'):
- X2GOBROKER_AUTHSERVICE_SOCKET=os.environ['X2GOBROKER_AUTHSERVICE_SOCKET']
-else:
- X2GOBROKER_AUTHSERVICE_SOCKET="/run/x2gobroker/x2gobroker-authservice.socket"
-
-# standalone daemon mode (x2gobroker-authservice as daemon) or interactive mode (called from the cmdline)?
-if getpass.getuser() in (X2GOBROKER_DAEMON_USER, 'root'):
-
- # we run in standalone daemon mode, so let's use the system configuration for logging
- logging.config.fileConfig(X2GOBROKER_AUTHSERVICE_LOGCONFIG)
-
- # create authservice logger
- logger_authservice = logging.getLogger('authservice')
-
-else:
- logger_root = logging.getLogger()
- stderr_handler = logging.StreamHandler(sys.stderr)
- stderr_handler.setFormatter(logging.Formatter(fmt='%(asctime)s - %(name)s - %(levelname)s - %(message)s', datefmt=''))
-
- # all loggers stream to stderr...
- logger_root.addHandler(stderr_handler)
-
- logger_authservice = logging.getLogger('authservice')
- logger_authservice.addHandler(stderr_handler)
- logger_authservice.propagate = 0
class AuthClient(asyncore.dispatcher_with_send):
@@ -103,36 +58,16 @@ class AuthClient(asyncore.dispatcher_with_send):
self.close()
-class AuthService(asyncore.dispatcher_with_send):
-
- def __init__(self, socketfile, owner='root', group_owner='root', permissions='0660'):
- asyncore.dispatcher_with_send.__init__(self)
- self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM)
- self.set_reuse_addr()
- self.bind(socketfile)
- os.chown(socketfile, getpwnam(owner).pw_uid, getgrnam(group_owner).gr_gid)
- os.chmod(socketfile, int(permissions, 8))
- self.listen(1)
-
- def handle_accept(self):
- conn, _ = self.accept()
- AuthClient(conn)
-
-
-def loop():
- asyncore.loop()
-
-
def authenticate(username, password, service="x2gobroker"):
s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
- logger_authservice.debug('connecting to authentication service socket {socket}'.format(socket=X2GOBROKER_AUTHSERVICE_SOCKET))
- s.connect(X2GOBROKER_AUTHSERVICE_SOCKET)
- logger_authservice.debug('sending username={username}, password=<hidden>, service={service} to authentication service'.format(username=username, service=service))
+ logger_broker.debug('connecting to authentication service socket {socket}'.format(socket=x2gobroker.defaults.X2GOBROKER_AUTHSERVICE_SOCKET))
+ s.connect(x2gobroker.defaults.X2GOBROKER_AUTHSERVICE_SOCKET)
+ logger_broker.debug('sending username={username}, password=<hidden>, service={service} to authentication service'.format(username=username, service=service))
s.send('{username} {password} {service}\n'.format(username=username, password=password, service=service))
result = s.recv(1024)
s.close()
if result.startswith('ok'):
- logger_authservice.info('authentication against PAM service »{service}« succeeded for user »{username}«'.format(username=username, service=service))
+ logger_broker.info('authentication against PAM service »{service}« succeeded for user »{username}«'.format(username=username, service=service))
return True
- logger_authservice.info('authentication against service »{service}« failed for user »{username}«'.format(username=username, service=service))
+ logger_broker.info('authentication against service »{service}« failed for user »{username}«'.format(username=username, service=service))
return False
hooks/post-receive
--
x2gobroker.git (HTTP(S) Session broker for X2Go)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).
More information about the x2go-commits
mailing list