[X2Go-Commits] x2gobroker.git - master (branch) updated: 0.0.2.3-17-g4123481

X2Go dev team git-admin at x2go.org
Mon Aug 19 11:14:51 CEST 2013


The branch, master has been updated
       via  412348110510de7c77fda9f76b039ddfd7a1b7f2 (commit)
      from  9176b71273c66f2e949f3229e498705ab1f84a6a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 412348110510de7c77fda9f76b039ddfd7a1b7f2
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Sun Aug 18 21:53:09 2013 +0200

    Get the cookie based extra-authentication working.

-----------------------------------------------------------------------

Summary of changes:
 debian/changelog                  |    1 +
 x2gobroker/brokers/base_broker.py |   13 +++--
 x2gobroker/client/plain.py        |  113 +++++++++++++++++++------------------
 3 files changed, 69 insertions(+), 58 deletions(-)

The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index 94431cc..64ee398 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,7 @@ x2gobroker (0.0.3.0-0~x2go1) UNRELEASED; urgency=low
     - SSH broker: Only allow context change to another user for the
       magic user (default: x2gobroker).
     - Fix logrotate script: x2gobroker-wsgi. (Fixes: #275).
+    - Get the cookie based extra-authentication working.
   * /debian/control:
     + Replace LDAP support with session brokerage support in LONG_DESCRIPTION.
 
diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py
index 5431a99..3a7aa7a 100644
--- a/x2gobroker/brokers/base_broker.py
+++ b/x2gobroker/brokers/base_broker.py
@@ -706,7 +706,7 @@ class X2GoBroker(object):
         else:
             return []
 
-    def check_access(self, username='', password='', cookie=None, ):
+    def check_access(self, username='', password='', cookie=None, cookie_only=False):
         """\
         Check if a given user with a given password may gain access to the
         X2Go session broker.
@@ -717,6 +717,8 @@ class X2GoBroker(object):
         @type password: C{unicode}
         @param cookie: an extra (static or dynamic) authentication token
         @type cookie: C{unicode}
+        @param cookie_only: do only check the auth_cookie, not username/password
+        @type cookie_only: C{bool}
 
         @return: returns C{True} if the authentication has been successful
         @rtype: C{bool}
@@ -733,13 +735,16 @@ class X2GoBroker(object):
         ### when inheriting from the base.X2GoBroker class.
 
         access = False
-        access = self._do_authenticate(username=username, password=password)
-        logger_broker.debug('base_broker.X2GoBroker.check_access(): result of authentication check is: {access}'.format(access=access))
+        if cookie_only is False:
+            access = self._do_authenticate(username=username, password=password)
+            logger_broker.debug('base_broker.X2GoBroker.check_access(): result of authentication check is: {access}'.format(access=access))
+        else:
+            access = True
 
         ### HANDLING OF DYNAMIC AUTHENTICATION ID HASHES
 
         # using cookie authentication as extra security?
-        if self.config.get_value('global', 'require-cookie-authentication'):
+        if self.config.get_value('global', 'require-cookie-auth'):
 
             if type(cookie) is types.StringType:
                 cookie = unicode(cookie)
diff --git a/x2gobroker/client/plain.py b/x2gobroker/client/plain.py
index 73bc210..f6df4b6 100644
--- a/x2gobroker/client/plain.py
+++ b/x2gobroker/client/plain.py
@@ -66,75 +66,80 @@ class X2GoBrokerClient(object):
 
             output = ''
 
-            logger_broker.debug ('username: {username}, task: {task}, profile_id: {profile_id}'.format(username=username, task=task, profile_id=profile_id))
+            if broker_backend.check_access(cookie=cookie, cookie_only=True):
 
-            ###
-            ### CONFIRM SUCCESSFUL AUTHENTICATION FIRST
-            ###
+                logger_broker.debug ('username: {username}, task: {task}, profile_id: {profile_id}'.format(username=username, task=task, profile_id=profile_id))
 
-            if global_config['require-cookie-auth']:
-
-                ### FIXME: make up a nice protocol for this, disabled for now
-                #output += "AUTHID: {authid}<br />".format(authid=broker_backend.get_next_authid(username=data.user))
-                pass
+                ###
+                ### CONFIRM SUCCESSFUL AUTHENTICATION FIRST
+                ###
 
-            output += "Access granted\n"
-            ###
-            ### X2GO BROKER TASKS
-            ###
+                if global_config['require-cookie-auth'] and not global_config['use-static-cookie']:
 
-            # FIXME: the ,,testcon'' task can be object to DoS attacks...
-            if task == 'testcon':
+                    ### FIXME: make up a nice protocol for this, disabled for now
+                    #output += "AUTHID: {authid}<br />".format(authid=broker_backend.get_next_authid(username=data.user))
+                    pass
 
+                output += "Access granted\n"
                 ###
-                ### TEST THE CONNECTION
+                ### X2GO BROKER TASKS
                 ###
 
-                return broker_backend.test_connection()
-
-            if task == 'listsessions':
-
-                profiles = broker_backend.list_profiles(username)
-                if profiles:
-                    output += "START_USER_SESSIONS\n\n"
-                    profile_ids = profiles.keys()
-                    profile_ids.sort()
-                    for profile_id in profile_ids:
-                        output += "[{profile_id}]\n".format(profile_id=profile_id)
-                        for key in profiles[profile_id].keys():
-                            if key == u'user' and not profiles[profile_id][key]:
-                                profiles[profile_id][key] = username
-                            if type(profiles[profile_id][key]) in (types.UnicodeType, types.StringType):
-                                output += "{key}={value}".format(key=key, value=unicode(profiles[profile_id][key]))
-                            elif type(profiles[profile_id][key]) in (types.ListType, types.TupleType):
-                                output += "{key}={value}".format(key=key, value=unicode(",".join(profiles[profile_id][key])))
-                            else:
-                                output += "{key}={value}".format(key=key, value=unicode(int(profiles[profile_id][key])))
-
+                # FIXME: the ,,testcon'' task can be object to DoS attacks...
+                if task == 'testcon':
+
+                    ###
+                    ### TEST THE CONNECTION
+                    ###
+
+                    return broker_backend.test_connection()
+
+                if task == 'listsessions':
+
+                    profiles = broker_backend.list_profiles(username)
+                    if profiles:
+                        output += "START_USER_SESSIONS\n\n"
+                        profile_ids = profiles.keys()
+                        profile_ids.sort()
+                        for profile_id in profile_ids:
+                            output += "[{profile_id}]\n".format(profile_id=profile_id)
+                            for key in profiles[profile_id].keys():
+                                if key == u'user' and not profiles[profile_id][key]:
+                                    profiles[profile_id][key] = username
+                                if type(profiles[profile_id][key]) in (types.UnicodeType, types.StringType):
+                                    output += "{key}={value}".format(key=key, value=unicode(profiles[profile_id][key]))
+                                elif type(profiles[profile_id][key]) in (types.ListType, types.TupleType):
+                                    output += "{key}={value}".format(key=key, value=unicode(",".join(profiles[profile_id][key])))
+                                else:
+                                    output += "{key}={value}".format(key=key, value=unicode(int(profiles[profile_id][key])))
+
+                                output += "\n"
                             output += "\n"
-                        output += "\n"
 
-                    output += "END_USER_SESSIONS\n"
+                        output += "END_USER_SESSIONS\n"
 
-            elif task == 'selectsession':
+                elif task == 'selectsession':
 
-                if profile_id:
+                    if profile_id:
 
-                    profile_info = broker_backend.select_session(profile_id=profile_id, username=username)
-                    if profile_info.has_key('server'):
-                        output += "SERVER:"
-                        output += profile_info['server']
-                        if profile_info.has_key('port'):
-                            output += ":{port}".format(port=profile_info['port'])
-                        output += "\n"
-                        if profile_info.has_key('authentication_privkey'):
-                            output += profile_info['authentication_privkey']
-                        if profile_info.has_key('session_info'):
-                            output += "SESSION_INFO:"
-                            output += profile_info['session_info'] + "\n"
+                        profile_info = broker_backend.select_session(profile_id=profile_id, username=username)
+                        if profile_info.has_key('server'):
+                            output += "SERVER:"
+                            output += profile_info['server']
+                            if profile_info.has_key('port'):
+                                output += ":{port}".format(port=profile_info['port'])
+                            output += "\n"
+                            if profile_info.has_key('authentication_privkey'):
+                                output += profile_info['authentication_privkey']
+                            if profile_info.has_key('session_info'):
+                                output += "SESSION_INFO:"
+                                output += profile_info['session_info'] + "\n"
+
+            else:
+                logger_broker.error ('cookie authentication failed')
 
             return output
 
-        logger_broker.warn ('broker backend ,,{backend}\'\' is disabled on this system'.format(backend=backend))
+        logger_broker.error ('broker backend ,,{backend}\'\' is disabled on this system'.format(backend=backend))
 
 


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).




More information about the x2go-commits mailing list