[X2go-Commits] x2gobroker.git - master (branch) updated: 0.0.0.1-51-gd5ae323

X2Go dev team git-admin at x2go.org
Thu Feb 21 10:39:39 CET 2013


The branch, master has been updated
       via  d5ae323df36f2fab5dfe9ddfd8643dd9a98c817a (commit)
       via  64dc9fba445fcf69a7ed2d5f28180a112cb3fa91 (commit)
       via  8717014388ce389a78a590b6ef7bf80752f27fba (commit)
       via  a2812b2002642d90235c96462e993f6d5d667642 (commit)
      from  9999ded2eb06bb37af92e788dc4396d4885e9006 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d5ae323df36f2fab5dfe9ddfd8643dd9a98c817a
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Thu Feb 21 10:42:32 2013 +0100

    Add tool: x2gobroker-keygen. Generate pub/priv SSH keypair for the system user x2gobroker.

commit 64dc9fba445fcf69a7ed2d5f28180a112cb3fa91
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Thu Feb 21 10:41:28 2013 +0100

    drop empty line, make the encoding be recognized again

commit 8717014388ce389a78a590b6ef7bf80752f27fba
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Thu Feb 21 09:59:49 2013 +0100

    typo fix

commit a2812b2002642d90235c96462e993f6d5d667642
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Thu Feb 21 09:59:32 2013 +0100

    use stderr rather than stdout for display log messages

-----------------------------------------------------------------------

Summary of changes:
 debian/changelog                   |    2 +
 etc/broker/x2gobroker-loggers.conf |    8 +--
 sbin/x2gobroker                    |    1 -
 sbin/x2gobroker-authservice        |    3 +-
 sbin/x2gobroker-keygen             |  127 ++++++++++++++++++++++++++++++++++++
 x2gobroker/defaults.py             |    5 ++
 x2gobroker/loggers.py              |   16 ++---
 7 files changed, 147 insertions(+), 15 deletions(-)
 create mode 100755 sbin/x2gobroker-keygen

The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index a44162f..be93ac2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -15,6 +15,8 @@ x2gobroker (0.0.0.2-0~x2go1) UNRELEASED; urgency=low
     - Set log level to CRITICAL if running unit tests.
     - Perform PAM authentication via an authentication service (the broker
       runs as non-privileged user, the authentication service as root).
+    - Add tool: x2gobroker-keygen. Generate pub/priv SSH keypair for the
+      system user x2gobroker.
   * /debian/control:
     + Add bin:package x2gobroker-agent.
   * /debian/x2gobroker-daemon.init:
diff --git a/etc/broker/x2gobroker-loggers.conf b/etc/broker/x2gobroker-loggers.conf
index 4c395a2..87d7dca 100644
--- a/etc/broker/x2gobroker-loggers.conf
+++ b/etc/broker/x2gobroker-loggers.conf
@@ -25,17 +25,17 @@ keys=root,broker,authservice,access,error
 
 [logger_root]
 level=NOTSET
-handlers=stdoutHandler
+handlers=stderrHandler
 
 [handlers]
-keys=stdoutHandler,brokerFileHandler,authserviceFileHandler,accessFileHandler,errorFileHandler
+keys=stderrHandler,brokerFileHandler,authserviceFileHandler,accessFileHandler,errorFileHandler
 
 [formatters]
 keys=brokerFormatter,authserviceFormatter,accessFormatter,errorFormatter
 
-[handler_stdoutHandler]
+[handler_stderrHandler]
 class=StreamHandler
-args=(sys.stdout,)
+args=(sys.stderr,)
 
 [logger_broker]
 level=DEBUG
diff --git a/sbin/x2gobroker b/sbin/x2gobroker
index 33e9580..566b57c 100755
--- a/sbin/x2gobroker
+++ b/sbin/x2gobroker
@@ -1,5 +1,4 @@
 #!/usr/bin/env python
-
 # -*- coding: utf-8 -*-
 
 # This file is part of the  X2Go Project - http://www.x2go.org
diff --git a/sbin/x2gobroker-authservice b/sbin/x2gobroker-authservice
index 2d9af94..e17271e 100755
--- a/sbin/x2gobroker-authservice
+++ b/sbin/x2gobroker-authservice
@@ -1,5 +1,4 @@
 #!/usr/bin/env python
-
 # -*- coding: utf-8 -*-
 
 # This file is part of the  X2Go Project - http://www.x2go.org
@@ -55,7 +54,7 @@ logger_authservice.info('  X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=
 
 # check effective UID the broker runs as and complain appropriately...
 if os.geteuid() != 0:
-    logger_authservice.warn('X2Go Session Broker\'PAM authentication service should run with root privileges to guarantee proper access to all PAM modules.')
+    logger_authservice.warn('X2Go Session Broker\'s PAM authentication service should run with root privileges to guarantee proper access to all PAM modules.')
 
 if __name__ == '__main__':
 
diff --git a/sbin/x2gobroker-keygen b/sbin/x2gobroker-keygen
new file mode 100755
index 0000000..efe0ac2
--- /dev/null
+++ b/sbin/x2gobroker-keygen
@@ -0,0 +1,127 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# This file is part of the  X2Go Project - http://www.x2go.org
+# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder at obviously-nice.de>
+# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing at obviously-nice.de>
+# Copyright (C) 2012 by Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+#
+# X2Go Session Broker is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# X2Go Session Broker is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program; if not, write to the
+# Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
+import os
+import sys
+import setproctitle
+import argparse
+import logging
+import binascii
+import paramiko
+
+try:
+    import x2gobroker.defaults
+except ImportError:
+    sys.path.insert(0, os.path.join(os.getcwd(), '..'))
+    import x2gobroker.defaults
+
+supported_key_types = ('RSA', 'DSA')
+
+PROG_NAME = os.path.basename(sys.argv[0])
+PROG_OPTIONS = sys.argv[1:]
+setproctitle.setproctitle("%s %s" % (PROG_NAME, " ".join(PROG_OPTIONS)))
+
+from x2gobroker import __VERSION__
+from x2gobroker import __AUTHOR__
+from x2gobroker.loggers import logger_broker, logger_error
+
+if os.geteuid() == 0:
+    # propagate msgs for  the broker logger to the root logger (i.e. to stderr)
+    logger_broker.propagate = 1
+    logger_error.propagate = 1
+
+# raise log level to DEBUG if requested...
+if x2gobroker.defaults.X2GOBROKER_DEBUG and not x2gobroker.defaults.X2GOBROKER_TESTSUITE:
+    logger_broker.setLevel(logging.DEBUG)
+
+logger_broker.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__))
+logger_broker.info('Setting up the key generator\'s environment...')
+logger_broker.info('  X2GOBROKER_DEBUG: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DEBUG))
+logger_broker.info('  X2GOBROKER_DAEMON_USER: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DAEMON_USER))
+logger_broker.info('  X2GOBROKER_DAEMON_GROUP: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP))
+
+# check effective UID the broker runs as and complain appropriately...
+if os.geteuid() != 0:
+    logger_error.error('X2Go Session Broker\'s key generator has to run with root privileges. Exiting...')
+    sys.exit(-1)
+
+if __name__ == '__main__':
+
+    common_options = [
+        {'args':['-t','--type'], 'default': 'RSA', 'help': 'Choose a key type for the X2Go Session Broker pub/priv SSH key pair (available: RSA, DSA).', },
+        {'args':['-f','--force'], 'default': False, 'action': 'store_true', 'help': 'Enforce the creation of a public/private key pair. WARNING: This will overwrite earlier created keys.', },
+    ]
+    p = argparse.ArgumentParser(description='X2Go Session Broker (Key Generator)',\
+                                formatter_class=argparse.RawDescriptionHelpFormatter, \
+                                add_help=True, argument_default=None)
+    p_common = p.add_argument_group('common parameters')
+
+    for (p_group, opts) in ( (p_common, common_options), ):
+        for opt in opts:
+            args = opt['args']
+            del opt['args']
+            p_group.add_argument(*args, **opt)
+
+    cmdline_args = p.parse_args()
+
+    if cmdline_args.key_type.upper() not in supported_key_types:
+        logger_error.error(u'Unknown key type »{key_type}«. Possible key types are RSA and DSA. Exiting...'.format(key_type=cmdline_args.key_type.upper()))
+        sys.exit(-2)
+
+    broker_uid = x2gobroker.defaults.X2GOBROKER_DAEMON_USER
+    broker_uidnumber = getpwnam(broker_uid).pw_uid
+    broker_gid = x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP
+    broker_gidnumber = getgrnam(_broker_gid).gr_gid
+    broker_home = x2gobroker.defaults.X2GOBROKER_HOME
+
+    if not os.path.exists(broker_home):
+        logger_error.error('The home directory {home} of user {user} does not exists. Cannot continue. Exiting...'.format(home=broker_home, user=broker_uid))
+        sys.exit(-2)
+
+    logger_broker.info('Creating pub/priv key pair for X2Go Session Broker...')
+    if not path.exists('{home}/.ssh'.format(home=broker_home)):
+        os.mkdir('{home}/.ssh'.format(home=broker_home))
+        os.chown('{home}/.ssh'.format(home=broker_home), broker_uidnumber, broker_gidnumber)
+        os.chmod('{home}/.ssh'.format(home=broker_home), 0750)
+        logger_broker.info('  Created {home}/.ssh'.format(home=broker_home))
+
+    # generate key pair
+    if cmdline_args.key_type.upper() == 'RSA':
+        key = paramiko.RSAKey.generate(2048)
+    elif cmdine_args.key_type.upper() == 'DSA':
+        key = paramiko.DSAKey.generate(2048)
+
+    logger_broker.info('  {key_type} key has been generated, fingerprint is {fingerprint}'.format(key_type=cmdine_args.key_type.upper(), fingerprint=binascii.hexlify(key.get_fingerprint())))
+
+    key.write_private_key_file('{home}/.ssh/id_rsa'.format(home=broker_home))
+    os.chown('{home}/.ssh/id_rsa'.format(home=broker_home), broker_uidnumber, broker_gidnumber)
+    os.chmod('{home}/.ssh/id_rsa'.format(home=broker_home), 0600)
+    logger_broker.info('  Private key written to file {key_file}'.format(key_file='{home}/.ssh/id_rsa'.format(home=broker_home)))
+
+    pubkey_file = open('{home}/.ssh/id_rsa.pub'.format(home=broker_home),'w')
+    pubkey_file.write("ssh-rsa " +key.get_base64())
+    pubkey_file.close()
+    os.chown('{home}/.ssh/id_rsa'.format(home=broker_home), broker_uidnumber, broker_gidnumber)
+    os.chmod('{home}/.ssh/id_rsa'.format(home=broker_home), 0600)
+    logger_broker.info('  Public key written to file {key_file}'.format(key_file='{home}/.ssh/id_rsa.pub'.format(home=broker_home)))
+
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index e777142..4368a67 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -29,6 +29,11 @@ from loggers import logger_broker, logger_access, logger_error, X2GOBROKER_DAEMO
 
 X2GOBROKER_USER =  getpass.getuser()
 
+if os.environ.has_key('X2GOBROKER_DAEMON_GROUP'):
+    X2GOBROKER_DAEMON_GROUP=os.environ['X2GOBROKER_DAEMON_GROUP']
+else:
+    X2GOBROKER_DAEMON_GROUP="x2gobroker"
+
 ###
 ### dynamic default values, influencable through os.environ...
 ###
diff --git a/x2gobroker/loggers.py b/x2gobroker/loggers.py
index 2dd9178..303e2b9 100644
--- a/x2gobroker/loggers.py
+++ b/x2gobroker/loggers.py
@@ -49,24 +49,24 @@ if getpass.getuser() == X2GOBROKER_DAEMON_USER:
 
 else:
     logger_root = logging.getLogger()
-    stdout_handler = logging.StreamHandler(sys.stdout)
-    stdout_handler.setFormatter(logging.Formatter(fmt='%(asctime)s - %(name)s - %(levelname)s - %(message)s', datefmt=''))
+    stderr_handler = logging.StreamHandler(sys.stderr)
+    stderr_handler.setFormatter(logging.Formatter(fmt='%(asctime)s - %(name)s - %(levelname)s - %(message)s', datefmt=''))
 
-    # all loggers stream to stdout...
-    logger_root.addHandler(stdout_handler)
+    # all loggers stream to stderr...
+    logger_root.addHandler(stderr_handler)
 
     logger_broker = logging.getLogger('broker')
-    logger_broker.addHandler(stdout_handler)
+    logger_broker.addHandler(stderr_handler)
     logger_broker.propagate = 0
 
     logger_authservice = logging.getLogger('authservice')
-    logger_authservice.addHandler(stdout_handler)
+    logger_authservice.addHandler(stderr_handler)
     logger_authservice.propagate = 0
 
     logger_access = logging.getLogger('access')
-    logger_access.addHandler(stdout_handler)
+    logger_access.addHandler(stderr_handler)
     logger_access.propagate = 0
 
     logger_error = logging.getLogger('error')
-    logger_error.addHandler(stdout_handler)
+    logger_error.addHandler(stderr_handler)
     logger_error.propagate = 0


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).




More information about the x2go-commits mailing list