[X2Go-Commits] x2gobroker.git - build-main (branch) updated: 0.0.0.1-36-gfbb1f87
X2Go dev team
git-admin at x2go.org
Sun May 19 13:03:12 CEST 2013
The branch, build-main has been updated
via fbb1f8755341c5f318b3e3ee2602487005612e4e (commit)
from d9c17a236357d7939415afae5b420917f0e2f212 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
debian/control | 37 +++++++++++-
debian/x2gobroker-authservice.default | 19 ++++++
debian/x2gobroker-authservice.init | 102 ++++++++++++++++++++++++++++++++
debian/x2gobroker-authservice.install | 1 +
debian/x2gobroker-authservice.manpages | 1 +
debian/x2gobroker-daemon.init | 36 ++---------
debian/x2gobroker.install | 1 -
etc/broker/x2gobroker-loggers.conf | 23 ++++++-
sbin/x2gobroker-authservice | 14 ++---
x2gobroker/authservice.py | 23 +++++--
x2gobroker/defaults.py | 1 +
x2gobroker/loggers.py | 5 ++
12 files changed, 215 insertions(+), 48 deletions(-)
create mode 100644 debian/x2gobroker-authservice.default
create mode 100755 debian/x2gobroker-authservice.init
create mode 100644 debian/x2gobroker-authservice.install
create mode 100644 debian/x2gobroker-authservice.manpages
The diff of changes is:
diff --git a/debian/control b/debian/control
index 3b222bc..4a7be0d 100644
--- a/debian/control
+++ b/debian/control
@@ -20,8 +20,9 @@ Depends:
${misc:Depends},
${python:Depends},
python,
- python-x2gobroker (>= ${source:Version}), python-x2gobroker (<< ${source:Version}.1~),
+ python-argparse,
python-setproctitle,
+ python-x2gobroker (>= ${source:Version}), python-x2gobroker (<< ${source:Version}.1~),
Suggests:
apache2 | httpd,
Description: X2Go http(s) based session broker (executable)
@@ -45,12 +46,46 @@ Description: X2Go http(s) based session broker (executable)
.
This package contains the x2gobroker executable.
+Package: x2gobroker-authservice
+Architecture: all
+Depends:
+ python,
+ python-argparse,
+ python-setproctitle,
+ ${misc:Depends},
+ ${python:Depends},
+Suggests:
+ apache2 | httpd,
+Description: X2Go http(s) based session broker (PAM authentication service)
+ X2Go is a server based computing environment with
+ - session resuming
+ - low bandwidth support
+ - LDAP support
+ - client side mass storage mounting support
+ - client side printing support
+ - audio support
+ - authentication by smartcard and USB stick
+ .
+ The session broker is a server tool for X2Go that
+ tells your X2Go Client application in a terminal
+ server cluster what servers and session types are
+ most appropriate for the user in front of the
+ X2Go terminal.
+ .
+ A session broker is most useful in load balanced
+ X2Go server farms.
+ .
+ This package contains the authentication service
+ against the PAM system.
+
Package: x2gobroker-daemon
Architecture: all
Depends:
${misc:Depends},
${python:Depends},
x2gobroker (>= ${source:Version}), x2gobroker (<< ${source:Version}.1~),
+Recommends:
+ x2gobroker-authservice,
Suggests:
apache2 | httpd,
Description: X2Go http(s) based session broker (daemon)
diff --git a/debian/x2gobroker-authservice.default b/debian/x2gobroker-authservice.default
new file mode 100644
index 0000000..9f89cd4
--- /dev/null
+++ b/debian/x2gobroker-authservice.default
@@ -0,0 +1,19 @@
+# X2Go Session Broker (PAM Authentication Service) configuration for Debian
+
+# For PAM authentication the X2Go Session Broker needs its authentication
+# service. The session broker itself runs as a non-privileged user (see below)
+# whereas the authentication service must run as super-user root.
+#
+# If you do not use PAM as authentication mechanism with the X2Go Session Broker,
+# you can disable the authentication service here.
+START_AUTHSERVICE=true
+
+# The posix user ID the broker runs under (do not change!)
+# if you change it nonetheless, make sure that the log file
+# directory (default: /var/log/x2gobroker) and files in there are
+# writable by that user
+#X2GOBROKER_DAEMON_GROUP=x2gobroker
+
+# The unix socket file for communication between the broker and the authentication service.
+#X2GOBROKER_AUTHSERVICE_SOCKET=/run/x2gobroker/x2gobroker-authservice.socket
+
diff --git a/debian/x2gobroker-authservice.init b/debian/x2gobroker-authservice.init
new file mode 100755
index 0000000..ccbad0a
--- /dev/null
+++ b/debian/x2gobroker-authservice.init
@@ -0,0 +1,102 @@
+#!/bin/sh
+#
+# Start the X2Go Session Broker PAM Authentication Service
+#
+# Copyright © 2012 Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+# Distributable under the terms of the GNU AGPL version 2.
+#
+### BEGIN INIT INFO
+# Provides: x2gobroker-authservice
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: X2Go Session Broker PAM Authentication Service
+# Description: PAM authentication service for X2Go Session Broker
+### END INIT INFO
+#
+
+set -eu
+
+AUTHSERVICE=/usr/sbin/x2gobroker-authservice
+test -d /run && RUNDIR=/run || RUNDIR=/var/run
+PIDFILE_AUTHSERVICE=$RUNDIR/x2gobroker/x2gobroker-authservice.pid
+DEBIANCONFIG=/etc/default/x2gobroker-authservice
+
+test -x "$AUTHSERVICE" || exit 0
+
+START_AUTHSERVICE=false
+X2GOBROKER_DAEMON_USER='x2gobroker'
+X2GOBROKER_DAEMON_GROUP='x2gobroker'
+X2GOBROKER_AUTHSERVICE_SOCKET="$RUNDIR/x2gobroker/x2gobroker-authservice.socket"
+test -f $DEBIANCONFIG && . $DEBIANCONFIG
+
+
+if ! getent passwd $X2GOBROKER_DAEMON_USER 1>/dev/null 2>/dev/null; then
+ X2GOBROKER_DAEMON_USER=nobody
+fi
+if ! getent group $X2GOBROKER_DAEMON_GROUP 1>/dev/null 2>/dev/null; then
+ X2GOBROKER_DAEMON_USER=nogroup
+fi
+
+# create PID directory
+mkdir -p $RUNDIR/x2gobroker
+chown $X2GOBROKER_DAEMON_USER:$X2GOBROKER_DAEMON_GROUP $RUNDIR/x2gobroker
+chmod 0700 $RUNDIR/x2gobroker
+
+export X2GOBROKER_DAEMON_USER
+export X2GOBROKER_DAEMON_GROUP
+export X2GOBROKER_AUTHSERVICE_SOCKET
+
+. /lib/lsb/init-functions
+
+is_true()
+{
+ case "${1:-}" in
+ [Yy]es|[Yy]|1|[Tt]|[Tt]rue) return 0;;
+ *) return 1;
+ esac
+}
+
+case "${1:-}" in
+ start)
+ if [ -f $PIDFILE_AUTHSERVICE ]; then
+ if ps -u root | grep $(basename $AUTHSERVICE) 1>/dev/null 2>/dev/null; then
+ log_warning_msg "X2Go Broker Authentication Service already running"
+ else
+ log_warning_msg "X2Go Broker Authentication Service: stale PID file ($PIDFILE_AUTHSERVICE). Delete it manually!"
+ fi
+ START_AUTHSERVICE=no
+ fi
+ if is_true $START_AUTHSERVICE; then
+ set +e
+ # once we are here, we have to make sure the authservice.socket does not exist
+ rm -f $X2GOBROKER_AUTHSERVICE_SOCKET
+ # and now we can start the auth service
+ log_daemon_msg "Starting X2Go Broker Authentication Service" "$(basename $AUTHSERVICE)"
+ start-stop-daemon -b -m -S -p $PIDFILE_AUTHSERVICE -x $AUTHSERVICE -- -s $X2GOBROKER_AUTHSERVICE_SOCKET -o root -g $X2GOBROKER_DAEMON_GROUP -p 0660
+ set -e
+ log_end_msg $?
+ fi
+ ;;
+ stop)
+ if [ -f $PIDFILE_AUTHSERVICE ] ; then
+ log_daemon_msg "X2Go Broker Authentication Service" "$(basename $AUTHSERVICE)"
+ set +e
+ start-stop-daemon -K -p $PIDFILE_AUTHSERVICE
+ rm -f $PIDFILE_AUTHSERVICE
+ log_end_msg $?
+ set -e
+ fi
+ ;;
+ restart|reload|force-reload)
+ ${0:-} stop
+ ${0:-} start
+ ;;
+ *)
+ echo "Usage: ${0:-} {start|stop|restart|reload|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/debian/x2gobroker-authservice.install b/debian/x2gobroker-authservice.install
new file mode 100644
index 0000000..03fb37c
--- /dev/null
+++ b/debian/x2gobroker-authservice.install
@@ -0,0 +1 @@
+sbin/x2gobroker-authservice usr/sbin/
\ No newline at end of file
diff --git a/debian/x2gobroker-authservice.manpages b/debian/x2gobroker-authservice.manpages
new file mode 100644
index 0000000..f32e545
--- /dev/null
+++ b/debian/x2gobroker-authservice.manpages
@@ -0,0 +1 @@
+#man/man8/x2gobroker-authservice.8
\ No newline at end of file
diff --git a/debian/x2gobroker-daemon.init b/debian/x2gobroker-daemon.init
index 67276e4..a632a86 100755
--- a/debian/x2gobroker-daemon.init
+++ b/debian/x2gobroker-daemon.init
@@ -7,7 +7,7 @@
#
### BEGIN INIT INFO
# Provides: x2gobroker-daemon
-# Required-Start: $remote_fs $syslog
+# Required-Start: $remote_fs $syslog x2gobroker-authservice
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
@@ -19,16 +19,14 @@
set -eu
DAEMON=/usr/sbin/x2gobroker
-AUTHSERVICE=/usr/sbin/x2gobroker-authservice
test -d /run && RUNDIR=/run || RUNDIR=/var/run
PIDFILE_BROKER=$RUNDIR/x2gobroker/x2gobroker-daemon.pid
-PIDFILE_AUTHSERVICE=$RUNDIR/x2gobroker/x2gobroker-authservice.pid
DEBIANCONFIG=/etc/default/x2gobroker-daemon
+DEBIANCONFIG_AUTHSERVICE=/etc/default/x2gobroker-daemon
test -x "$DAEMON" || exit 0
START_BROKER=false
-START_AUTHSERVICE=false
DAEMON_BIND_ADDRESS=127.0.0.1:8080
X2GOBROKER_DEBUG=0
X2GOBROKER_DAEMON_USER='x2gobroker'
@@ -40,16 +38,12 @@ X2GOBROKER_AUTHSERVICE_SOCKET="$RUNDIR/x2gobroker/x2gobroker-authservice.socket"
X2GOBROKER_SSL_CERTFILE=
X2GOBROKER_SSL_KEYFILE=
test -f $DEBIANCONFIG && . $DEBIANCONFIG
+test -f $DEBIANCONFIG_AUTHSERVICE && . $DEBIANCONFIG_AUTHSERVICE
if ! getent passwd $X2GOBROKER_DAEMON_USER 1>/dev/null 2>/dev/null; then
X2GOBROKER_DAEMON_USER=nobody
fi
-# create PID directory
-mkdir -p $RUNDIR/x2gobroker
-chown $X2GOBROKER_DAEMON_USER:nogroup $RUNDIR/x2gobroker
-chmod 0700 $RUNDIR/x2gobroker
-
# mend user ID variables when --chuid $X2GOBROKER_DAEMON_USER is used with start-stop-daemon
export LOGNAME=$X2GOBROKER_DAEMON_USER
export USER=$X2GOBROKER_DAEMON_USER
@@ -77,7 +71,7 @@ is_true()
case "${1:-}" in
start)
- if [ -e $PIDFILE_BROKER ]; then
+ if [ -f $PIDFILE_BROKER ]; then
if ps -u $X2GOBROKER_DAEMON_USER | grep $(basename $DAEMON) 1>/dev/null 2>/dev/null; then
log_warning_msg "X2Go Session Broker already running"
else
@@ -91,20 +85,6 @@ case "${1:-}" in
start-stop-daemon --chuid $X2GOBROKER_DAEMON_USER -b -m -S -p $PIDFILE_BROKER -x $DAEMON -- -b $DAEMON_BIND_ADDRESS
log_end_msg $?
set -e
- if [ -e $PIDFILE_AUTHSERVICE ]; then
- if ps -u root | grep $(basename $AUTHSERVICE) 1>/dev/null 2>/dev/null; then
- log_warning_msg "X2Go Broker Authentication Service already running"
- else
- log_warning_msg "X2Go Broker Authentication Service: stale PID file ($PIDFILE_AUTHSERVICE). Delete it manually!"
- fi
- START_AUTHSERVICE=no
- fi
- if is_true $START_AUTHSERVICE; then
- set +e
- log_daemon_msg "Starting X2Go Broker Authentication Service" "$(basename $AUTHSERVICE)"
- start-stop-daemon -b -m -S -p $PIDFILE_AUTHSERVICE -x $AUTHSERVICE -- -s $X2GOBROKER_AUTHSERVICE_SOCKET
- set -e
- fi
fi
;;
stop)
@@ -116,14 +96,6 @@ case "${1:-}" in
log_end_msg $?
set -e
fi
- if [ -f $PIDFILE_AUTHSERVICE ] ; then
- log_daemon_msg "X2Go Broker Authentication Service" "$(basename $AUTHSERVICE)"
- set +e
- start-stop-daemon -K -p $PIDFILE_AUTHSERVICE
- rm -f $PIDFILE_AUTHSERVICE
- log_end_msg $?
- set -e
- fi
;;
restart|reload|force-reload)
${0:-} stop
diff --git a/debian/x2gobroker.install b/debian/x2gobroker.install
index 29dc1c0..fac20e4 100644
--- a/debian/x2gobroker.install
+++ b/debian/x2gobroker.install
@@ -1,2 +1 @@
sbin/x2gobroker usr/sbin/
-sbin/x2gobroker-authservice usr/sbin/
\ No newline at end of file
diff --git a/etc/broker/x2gobroker-loggers.conf b/etc/broker/x2gobroker-loggers.conf
index 36d5e3e..4c395a2 100644
--- a/etc/broker/x2gobroker-loggers.conf
+++ b/etc/broker/x2gobroker-loggers.conf
@@ -18,18 +18,20 @@
# Free Software Foundation, Inc.,
# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+# WARNING: only modify this file if you _exactly_ know what you are doing!!!
+
[loggers]
-keys=root,broker,access,error
+keys=root,broker,authservice,access,error
[logger_root]
level=NOTSET
handlers=stdoutHandler
[handlers]
-keys=stdoutHandler,brokerFileHandler,accessFileHandler,errorFileHandler
+keys=stdoutHandler,brokerFileHandler,authserviceFileHandler,accessFileHandler,errorFileHandler
[formatters]
-keys=brokerFormatter,accessFormatter,errorFormatter
+keys=brokerFormatter,authserviceFormatter,accessFormatter,errorFormatter
[handler_stdoutHandler]
class=StreamHandler
@@ -50,6 +52,21 @@ args=('/var/log/x2gobroker/broker.log',)
format=%(asctime)s - %(name)s - %(levelname)s - %(message)s
datefmt=
+[logger_authservice]
+level=DEBUG
+handlers=authserviceFileHandler
+qualname=authservice
+propagate=0
+
+[handler_authserviceFileHandler]
+class=FileHandler
+formatter=authserviceFormatter
+args=('/var/log/x2gobroker/authservice.log',)
+
+[formatter_authserviceFormatter]
+format=%(asctime)s - %(name)s - %(levelname)s - %(message)s
+datefmt=
+
[logger_access]
level=DEBUG
handlers=accessFileHandler
diff --git a/sbin/x2gobroker-authservice b/sbin/x2gobroker-authservice
index 12974f8..6ff6423 100755
--- a/sbin/x2gobroker-authservice
+++ b/sbin/x2gobroker-authservice
@@ -40,10 +40,13 @@ setproctitle.setproctitle("%s %s" % (PROG_NAME, " ".join(PROG_OPTIONS)))
if __name__ == '__main__':
common_options = [
- {'args':['-s','--socket-file'], 'default': x2gobroker.defaults.X2GOBROKER_AUTHSERVICE_SOCKET, 'metavar': 'AUTHSOCKET', 'help': 'socket file for AuthService communication', },
- {'args':['-d','--debug'], 'default': False, 'action': 'store_true', 'help': 'enable debugging code', },
+ {'args':['-s','--socket-file'], 'default': x2gobroker.authservice.X2GOBROKER_AUTHSERVICE_SOCKET, 'metavar': 'AUTHSOCKET', 'help': 'socket file for AuthService communication', },
+ {'args':['-o','--owner'], 'default': 'root', 'help': 'owner of the AuthService socket file', },
+ {'args':['-g','--group'], 'default': 'root', 'help': 'group ownership of the AuthService socket file', },
+ {'args':['-p','--permissions'], 'default': '0660', 'help': 'set these file permissions for the AuthService socket file', },
+
]
- p = argparse.ArgumentParser(description='X2Go Session Broker (PAM Auth Service)',\
+ p = argparse.ArgumentParser(description='X2Go Session Broker (PAM Authentication Service)',\
formatter_class=argparse.RawDescriptionHelpFormatter, \
add_help=True, argument_default=None)
p_common = p.add_argument_group('common parameters')
@@ -56,11 +59,8 @@ if __name__ == '__main__':
cmdline_args = p.parse_args()
- if cmdline_args.debug:
- x2gobroker.defaults.X2GOBROKER_DEBUG = cmdline_args.debug
-
socket_file = cmdline_args.socket_file
- x2gobroker.authservice.AuthService(socket_file)
+ x2gobroker.authservice.AuthService(socket_file, owner=cmdline_args.owner, group_owner=cmdline_args.group, permissions=cmdline_args.permissions)
try:
x2gobroker.authservice.loop()
except KeyboardInterrupt:
diff --git a/x2gobroker/authservice.py b/x2gobroker/authservice.py
index 018be90..7b12bb9 100644
--- a/x2gobroker/authservice.py
+++ b/x2gobroker/authservice.py
@@ -20,11 +20,23 @@
# Free Software Foundation, Inc.,
# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+import os
import asyncore
import pam
import socket
-import x2gobroker.defaults
+from pwd import getpwnam
+from grp import getgrnam
+
+from loggers import logger_authservice
+
+logger_authservice.info('X2Go Session Broker PAM Authentication Service: Setting up the broker\'s environment...')
+if os.environ.has_key('X2GOBROKER_AUTHSERVICE_SOCKET'):
+ X2GOBROKER_AUTHSERVICE_SOCKET=os.environ['X2GOBROKER_AUTHSERVICE_SOCKET']
+else:
+ X2GOBROKER_AUTHSERVICE_SOCKET="/var/run/x2gobroker-authservice.socket"
+logger_authservice.info(' X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=X2GOBROKER_AUTHSERVICE_SOCKET))
+
class AuthClient(asyncore.dispatcher_with_send):
@@ -56,11 +68,13 @@ class AuthClient(asyncore.dispatcher_with_send):
class AuthService(asyncore.dispatcher_with_send):
- def __init__(self, socketfile):
+ def __init__(self, socketfile, owner='root', group_owner='root', permissions='0660'):
asyncore.dispatcher_with_send.__init__(self)
self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM)
self.set_reuse_addr()
self.bind(socketfile)
+ os.chown(socketfile, getpwnam(owner).pw_uid, getgrnam(group_owner).gr_gid)
+ os.chmod(socketfile, int(permissions, 8))
self.listen(1)
def handle_accept(self):
@@ -74,11 +88,12 @@ def loop():
def authenticate(username, password, service="x2gobroker"):
s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
- s.connect(x2gobroker.defaults.X2GOBROKER_AUTHSERVICE_SOCKET)
-
+ s.connect(X2GOBROKER_AUTHSERVICE_SOCKET)
s.send('{username} {password} {service}\n'.format(username=username, password=password, service=service))
result = s.recv(1024)
s.close()
if result.startswith('ok'):
+ logger_authservice.info('authentication against PAM service {service} succeeded for {username}'.format(username=username, service=service))
return True
+ logger_authservice.info('authentication against service {service} failed for user {username}'.format(username=username, service=service))
return False
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index c02ce43..f56a566 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -68,6 +68,7 @@ elif os.geteuid() == 0:
logger_broker.warn('X2Go Session Broker should not be run as root, better run as non-privileged user')
logger_broker.info('Setting up the broker\'s environment...')
+logger_broker.info('X2Go Session Broker: Setting up the broker\'s environment...')
logger_broker.info(' X2GOBROKER_DEBUG: {value}'.format(value=X2GOBROKER_DEBUG))
if os.environ.has_key('X2GOBROKER_CONFIG'):
diff --git a/x2gobroker/loggers.py b/x2gobroker/loggers.py
index 7791bbd..2dd9178 100644
--- a/x2gobroker/loggers.py
+++ b/x2gobroker/loggers.py
@@ -43,6 +43,7 @@ if getpass.getuser() == X2GOBROKER_DAEMON_USER:
# create loggers
logger_broker = logging.getLogger('broker')
+ logger_authservice = logging.getLogger('authservice')
logger_access = logging.getLogger('access')
logger_error = logging.getLogger('error')
@@ -58,6 +59,10 @@ else:
logger_broker.addHandler(stdout_handler)
logger_broker.propagate = 0
+ logger_authservice = logging.getLogger('authservice')
+ logger_authservice.addHandler(stdout_handler)
+ logger_authservice.propagate = 0
+
logger_access = logging.getLogger('access')
logger_access.addHandler(stdout_handler)
logger_access.propagate = 0
hooks/post-receive
--
x2gobroker.git (HTTP(S) Session broker for X2Go)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).
More information about the x2go-commits
mailing list