[X2go-Commits] x2gobroker.git - master (branch) updated: 1bcff08085a4d7816d8258bb972ead1688b068e5

X2Go dev team git-admin at x2go.org
Tue Jan 29 05:57:59 CET 2013


The branch, master has been updated
       via  1bcff08085a4d7816d8258bb972ead1688b068e5 (commit)
       via  16e9356345684e24cf259701a79a28934762c867 (commit)
      from  75a711dd713a90b74f0c0e372a20287ed3ace747 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1bcff08085a4d7816d8258bb972ead1688b068e5
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Tue Jan 29 05:58:50 2013 +0100

    add config option (global): ignore-primary-group-memberships, defaults to true

commit 16e9356345684e24cf259701a79a28934762c867
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Tue Jan 29 05:46:22 2013 +0100

    fix typo

-----------------------------------------------------------------------

Summary of changes:
 etc/x2gobroker.conf                              |    5 ++
 x2gobroker/brokers/base_broker.py                |   24 ++++++--
 x2gobroker/defaults.py                           |    1 +
 x2gobroker/nameservices/testsuite_nameservice.py |    7 ++-
 x2gobroker/tests/test_broker_base.py             |   70 ++++++++++++++++++++++
 5 files changed, 99 insertions(+), 8 deletions(-)

The diff of changes is:
diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf
index 024c388..0999376 100644
--- a/etc/x2gobroker.conf
+++ b/etc/x2gobroker.conf
@@ -85,6 +85,11 @@
 #default-user-db = libnss
 #default-group-db = libnss
 
+# on large deployments it is recommended to ignore primary group memberships
+# traversing into all user accounts for primary group detection can be quite
+# CPU intensive on the X2Go Broker server.
+#ignore-primary-group-memberships = True
+
 ###
 ### BACKEND section
 ###
diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py
index 1daf79a..85984d3 100644
--- a/x2gobroker/brokers/base_broker.py
+++ b/x2gobroker/brokers/base_broker.py
@@ -86,6 +86,20 @@ class X2GoBroker(object):
         """
         return self.config.get_section('global')
 
+    def get_global_value(self, option):
+        """\
+        Get the configuration setting for an option in the global section of the
+        configuration file.
+
+        @param option: option name in the global configuration section
+        @type option: C{unicode}
+
+        @return: the value for the given global C{option}
+        @rtype: C{bool}, C{unicode}, C{int} or C{list}
+
+        """
+        return self.config.get_value('global', option)
+
     def get_backend_config(self):
         """\
         Get the configuration section of a specific backend.
@@ -96,18 +110,18 @@ class X2GoBroker(object):
         """
         return self.config.get_section(self.backend_name)
 
-    def get_backend_value(self, backend='zeroconf', option='enabled'):
+    def get_backend_value(self, backend='zeroconf', option='enable'):
         """\
         Get the configuration setting for backend C{backend} and option
         C{option}.
 
         @param backend: the name of the backend
-        @type backend: C{str}
+        @type backend: C{unicode}
         @param option: option name of the backend's configuration section
-        @type option: C{str}
+        @type option: C{unicode}
 
         @return: the value for the given C{backend} C{option}
-        @rtype: C{dict}
+        @rtype: C{bool}, C{unicode}, C{int} or C{list}
 
         """
         return self.config.get_value(backend, option)
@@ -266,7 +280,7 @@ class X2GoBroker(object):
             _allow_group = False
             _deny_group = False
 
-            _user_groups = [u'ALL'] + self.get_user_groups(username, primary_groups=True)
+            _user_groups = [u'ALL'] + self.get_user_groups(username, primary_groups=not self.get_global_value('ignore-primary-group-memberships'))
 
             _allow_group = bool(len(set(_user_groups).intersection( set(_acls[u'acl-groups-allow']) )))
             _deny_group = bool(len(set(_user_groups).intersection( set(_acls[u'acl-groups-deny']) )))
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index f2b67e4..81dc346 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -60,6 +60,7 @@ X2GOBROKER_CONFIG_DEFAULTS = {
         u'default-auth-mech': u'pam',
         u'default-user-db': u'libnss',
         u'default-group-db': u'libnss',
+        u'ignore-primary-group-memberships': True,
     },
     'zeroconf': {
         u'enable': True,
diff --git a/x2gobroker/nameservices/testsuite_nameservice.py b/x2gobroker/nameservices/testsuite_nameservice.py
index a0ea7e2..90c9b33 100644
--- a/x2gobroker/nameservices/testsuite_nameservice.py
+++ b/x2gobroker/nameservices/testsuite_nameservice.py
@@ -46,8 +46,9 @@ class X2GoBrokerNameService(base.X2GoBrokerNameService):
         _members = []
         if group in _groups.keys():
             _members.extend(_groups[group])
-        for username in self.get_users():
-            if unicode(group) == self.get_primary_group(username):
-                _members.append(username)
+        if primary_groups:
+            for username in self.get_users():
+                if unicode(group) == self.get_primary_group(username):
+                    _members.append(username)
         return _members
 
diff --git a/x2gobroker/tests/test_broker_base.py b/x2gobroker/tests/test_broker_base.py
index 14a9e21..8891103 100644
--- a/x2gobroker/tests/test_broker_base.py
+++ b/x2gobroker/tests/test_broker_base.py
@@ -504,6 +504,76 @@ enable = true
         }
         self.assertEqual(base_backend.check_profile_acls(username, acls), False)
 
+    def test_checkprofileacls_group_primarygroups(self):
+        username_f = 'flip' # is a male grasshopper
+        username_m = 'maja' # is a female bee
+        username_w = 'willi' # is a drone (male bee)
+        _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
+        _config = """
+[global]
+default-user-db = testsuite
+default-group-db = testsuite
+
+[base]
+enable = true
+"""
+        tf = tempfile.NamedTemporaryFile()
+        print >> tf, _config
+        tf.seek(0)
+        base_backend = base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults)
+        acls = {
+            'acl-groups-allow': ['bees','flip'],
+            'acl-groups-deny': ['ALL'],
+            'acl-groups-order': 'deny-allow',
+        }
+        self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
+        self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
+        self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
+        _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
+        _config = """
+[global]
+default-user-db = testsuite
+default-group-db = testsuite
+ignore-primary-group-memberships = true
+
+[base]
+enable = true
+"""
+        tf = tempfile.NamedTemporaryFile()
+        print >> tf, _config
+        tf.seek(0)
+        base_backend = base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults)
+        acls = {
+            'acl-groups-allow': ['bees','flip'],
+            'acl-groups-deny': ['ALL'],
+            'acl-groups-order': 'deny-allow',
+        }
+        self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
+        self.assertEqual(base_backend.check_profile_acls(username_f, acls), False)
+        self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
+        _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
+        _config = """
+[global]
+default-user-db = testsuite
+default-group-db = testsuite
+ignore-primary-group-memberships = false
+
+[base]
+enable = true
+"""
+        tf = tempfile.NamedTemporaryFile()
+        print >> tf, _config
+        tf.seek(0)
+        base_backend = base.X2GoBroker(config_file=tf.name, config_defaults=_config_defaults)
+        acls = {
+            'acl-groups-allow': ['bees','flip'],
+            'acl-groups-deny': ['ALL'],
+            'acl-groups-order': 'deny-allow',
+        }
+        self.assertEqual(base_backend.check_profile_acls(username_m, acls), True)
+        self.assertEqual(base_backend.check_profile_acls(username_f, acls), True)
+        self.assertEqual(base_backend.check_profile_acls(username_w, acls), True)
+
     def test_checkprofileacls_group_combitests(self):
         _config_defaults = copy.deepcopy(x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS)
         _config = """


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).




More information about the x2go-commits mailing list