[X2Go-Commits] [x2gobroker] 05/05: Several fixes while re-working the unittests...
git-admin at x2go.org
git-admin at x2go.org
Thu Apr 3 12:24:54 CEST 2014
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository x2gobroker.
commit 051ceb6ae48da4b47e4367e5de55d5f9229f1895
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Thu Apr 3 12:24:48 2014 +0200
Several fixes while re-working the unittests...
- Rename sections for broker backends in x2gobroker.conf
- Fix run
- Make config object of x2gobroker.conf available in authentication mechanism
backends.
- Fix SSH based broker client.
- Fix several failing tests, adapt tests to current code base.
---
debian/changelog | 6 ++++
etc/x2gobroker.conf | 6 ++--
x2gobroker/authmechs/base_authmech.py | 2 +-
x2gobroker/authmechs/https_get_authmech.py | 16 +++++-----
x2gobroker/authmechs/none_authmech.py | 2 +-
x2gobroker/authmechs/pam_authmech.py | 2 +-
x2gobroker/authmechs/testsuite_authmech.py | 2 +-
x2gobroker/brokers/base_broker.py | 44 ++++++++++++++++++----------
x2gobroker/client/plain.py | 14 ++++-----
x2gobroker/defaults.py | 9 ++++--
10 files changed, 61 insertions(+), 42 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 98e95f7..f6486b3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -118,6 +118,12 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low
session profiles.
- JSON webUI: run pre and post auth scripts also via this backend.
- x2gobroker-daemon: become wrapper script, enable --mode HTTP by default.
+ - Rename sections for broker backends in x2gobroker.conf
+ - Fix run
+ - Make config object of x2gobroker.conf available in authentication mechanism
+ backends.
+ - Fix SSH based broker client.
+ - Fix several failing tests, adapt tests to current code base.
* debian/control:
+ Replace LDAP support with session brokerage support in LONG_DESCRIPTION.
+ Fix SYNOPSIS texts.
diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf
index edd3ada..b55becc 100644
--- a/etc/x2gobroker.conf
+++ b/etc/x2gobroker.conf
@@ -242,18 +242,18 @@
#
# For small-scale deployments the IniFile backend is the recommended backend.
-[zeroconf]
+[broker_zeroconf]
#enable = false
#auth-mech = pam
#user-db = libnss
#group-db = libnss
#desktop-shell = KDE
-[inifile]
+[broker_inifile]
#enable = true
#session-profiles = /etc/x2go/broker/x2gobroker-sessionprofiles.conf
-#[ldap] -> MUSIC OF THE FUTURE
+#[broker_ldap] -> MUSIC OF THE FUTURE
#enable = false
#auth-mech = ldap
#user-db = ldap
diff --git a/x2gobroker/authmechs/base_authmech.py b/x2gobroker/authmechs/base_authmech.py
index 832d25e..f8206af 100644
--- a/x2gobroker/authmechs/base_authmech.py
+++ b/x2gobroker/authmechs/base_authmech.py
@@ -20,5 +20,5 @@
class X2GoBrokerAuthMech(object):
- def authenticate(self, username, password):
+ def authenticate(self, username, password, **kwargs):
return False
diff --git a/x2gobroker/authmechs/https_get_authmech.py b/x2gobroker/authmechs/https_get_authmech.py
index d3817ed..4f42d71 100644
--- a/x2gobroker/authmechs/https_get_authmech.py
+++ b/x2gobroker/authmechs/https_get_authmech.py
@@ -41,16 +41,18 @@ from x2gobroker.defaults import X2GOBROKER_CONFIG as _X2GOBROKER_CONFIG
class X2GoBrokerAuthMech(object):
- def authenticate(self, username, password):
+ def authenticate(self, username, password, config=None, **kwargs):
## FIXME: these should really be specificed in master config file and have better error checking
- config = ConfigParser.RawConfigParser()
- config.read(_X2GOBROKER_CONFIG)
-
- host = config.get('authmech_https_get','host')
- path = config.get('authmech_https_get','path')
- port = config.get('authmech_https_get','port')
+ if config:
+ host = config.get_value('authmech_https_get','host')
+ path = config.get_value('authmech_https_get','path')
+ port = config.get_value('authmech_https_get','port')
+ else:
+ host = "localhost"
+ path = "/auth"
+ port = "80"
# base64 encode the username and password
auth = base64.standard_b64encode('%s:%s' % (username, password)).replace('\n', '')
diff --git a/x2gobroker/authmechs/none_authmech.py b/x2gobroker/authmechs/none_authmech.py
index 6a75f1f..6535f4b 100644
--- a/x2gobroker/authmechs/none_authmech.py
+++ b/x2gobroker/authmechs/none_authmech.py
@@ -20,5 +20,5 @@
class X2GoBrokerAuthMech(object):
- def authenticate(self, username, password):
+ def authenticate(self, username, password, **kwargs):
return True
diff --git a/x2gobroker/authmechs/pam_authmech.py b/x2gobroker/authmechs/pam_authmech.py
index c1b0625..9e7b85b 100644
--- a/x2gobroker/authmechs/pam_authmech.py
+++ b/x2gobroker/authmechs/pam_authmech.py
@@ -29,7 +29,7 @@ from x2gobroker.loggers import logger_error
class X2GoBrokerAuthMech(object):
- def authenticate(self, username, password):
+ def authenticate(self, username, password, **kwargs):
if username and password:
try:
diff --git a/x2gobroker/authmechs/testsuite_authmech.py b/x2gobroker/authmechs/testsuite_authmech.py
index 8fda0a9..2df02c4 100644
--- a/x2gobroker/authmechs/testsuite_authmech.py
+++ b/x2gobroker/authmechs/testsuite_authmech.py
@@ -20,7 +20,7 @@
class X2GoBrokerAuthMech(object):
- def authenticate(self, username, password):
+ def authenticate(self, username, password, **kwargs):
# return C{True} for user test with password sweet... (used by the unit tests)
if username == 'test' and password == 'sweet':
diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py
index 8aef096..603d443 100644
--- a/x2gobroker/brokers/base_broker.py
+++ b/x2gobroker/brokers/base_broker.py
@@ -41,6 +41,9 @@ import x2gobroker.x2gobroker_exceptions
from x2gobroker.loggers import logger_broker, logger_error
+from x2gobroker.defaults import X2GOBROKER_USER as _X2GOBROKER_USER
+from x2gobroker.defaults import X2GOBROKER_DAEMON_USER as _X2GOBROKER_DAEMON_USER
+
class X2GoBroker(object):
"""\
L{base.X2GoBroker} is an abstract class for X2Go broker implementations.
@@ -68,7 +71,7 @@ class X2GoBroker(object):
if self.config_file is None: self.config_file = x2gobroker.defaults.X2GOBROKER_CONFIG
if config_defaults is None: config_defaults = x2gobroker.defaults.X2GOBROKER_CONFIG_DEFAULTS
self.config = x2gobroker.config.X2GoBrokerConfigFile(config_files=self.config_file, defaults=config_defaults)
- self.enabled = self.config.get_value(self.backend_name, 'enable')
+ self.enabled = self.config.get_value('broker_{backend}'.format(backend=self.backend_name), 'enable')
self._dynamic_cookie_map = {}
self._client_address = None
@@ -183,7 +186,7 @@ class X2GoBroker(object):
@rtype: C{dict}
"""
- return self.config.get_section(self.backend_name)
+ return self.config.get_section('broker_{backend}'.format(backend=self.backend_name))
def get_backend_value(self, backend='zeroconf', option='enable'):
"""\
@@ -448,7 +451,7 @@ class X2GoBroker(object):
if self._import_authmech_module(mech=self.get_authentication_mechanism()):
logger_broker.debug('base_broker.X2GoBroker._do_authenticate(): authenticating user={username} with password=<hidden> against backend={backend}.'.format(username=username, backend=self.backend_name))
- return self.authmech_module.X2GoBrokerAuthMech().authenticate(username, password)
+ return self.authmech_module.X2GoBrokerAuthMech().authenticate(username, password, config=self.config)
else:
return False
@@ -464,8 +467,8 @@ class X2GoBroker(object):
_default_auth_mech = "pam"
_auth_mech = ""
- if self.config.has_value(self.backend_name, 'auth-mech') and self.config.get_value(self.backend_name, 'auth-mech'):
- _auth_mech = self.config.get_value(self.backend_name, 'auth-mech').lower()
+ if self.config.has_value('broker_{backend}'.format(backend=self.backend_name), 'auth-mech') and self.config.get_value('broker_{backend}'.format(backend=self.backend_name), 'auth-mech'):
+ _auth_mech = self.config.get_value('broker_{backend}'.format(backend=self.backend_name), 'auth-mech').lower()
logger_broker.debug('base_broker.X2GoBroker.get_authentication_mechanism(): found auth-mech in backend config section »{backend}«: {value}. This one has precendence over the default value.'.format(backend=self.backend_name, value=_auth_mech))
elif self.config.has_value('global', 'default-auth-mech'):
@@ -492,8 +495,8 @@ class X2GoBroker(object):
_agent_query_mode = _profile[u'broker-agent-query-mode']
logger_broker.debug('base_broker.X2GoBroker.get_agent_query_mode(): found broker-agent-query-mode in session profile with ID {id}: {value}. This one has precendence over the default and the backend value.'.format(id=profile_id, value=_agent_query_mode))
- elif self.config.has_value(self.backend_name, 'agent-query-mode') and self.config.get_value(self.backend_name, 'agent-query-mode'):
- _backend_agent_query_mode = self.config.get_value(self.backend_name, 'agent-query-mode').lower()
+ elif self.config.has_value('broker_{backend}'.format(backend=self.backend_name), 'agent-query-mode') and self.config.get_value('broker_{backend}'.format(backend=self.backend_name), 'agent-query-mode'):
+ _backend_agent_query_mode = self.config.get_value('broker_{backend}'.format(backend=self.backend_name), 'agent-query-mode').lower()
logger_broker.debug('base_broker.X2GoBroker.get_agent_query_mode(): found agent-query-mode in backend config section »{backend}«: {value}. This one has precendence over the default value.'.format(backend=self.backend_name, value=_agent_query_mode))
elif self.config.has_value('global', 'default-agent-query-mode') and self.config.get_value('global', 'default-agent-query-mode'):
@@ -566,8 +569,8 @@ class X2GoBroker(object):
if self.config.has_value('global', 'default-user-db'):
_user_db = self.config.get_value('global', 'default-user-db').lower() or _user_db
- if self.config.has_value(self.backend_name, 'user-db'):
- _user_db = self.config.get_value(self.backend_name, 'user-db').lower() or _user_db
+ if self.config.has_value('broker_{backend}'.format(backend=self.backend_name), 'user-db'):
+ _user_db = self.config.get_value('broker_{backend}'.format(backend=self.backend_name), 'user-db').lower() or _user_db
return unicode(_user_db)
@@ -584,8 +587,8 @@ class X2GoBroker(object):
if self.config.has_value('global', 'default-group-db'):
_group_db = self.config.get_value('global', 'default-group-db').lower() or _group_db
- if self.config.has_value(self.backend_name, 'group-db'):
- _group_db = self.config.get_value(self.backend_name, 'group-db').lower() or _group_db
+ if self.config.has_value('broker_{backend}'.format(backend=self.backend_name), 'group-db'):
+ _group_db = self.config.get_value('broker_{backend}'.format(backend=self.backend_name), 'group-db').lower() or _group_db
return unicode(_group_db)
@@ -728,7 +731,7 @@ class X2GoBroker(object):
else:
return []
- def check_access(self, username='', password='', ip='', cookie=None):
+ def check_access(self, username='', password='', ip='', cookie=None, override_password_auth=False):
"""\
Check if a given user with a given password may gain access to the
X2Go session broker.
@@ -741,6 +744,9 @@ class X2GoBroker(object):
@type ip: C{unicode}
@param cookie: an extra (static or dynamic) authentication token
@type cookie: C{unicode}
+ @param override_password_auth: let password auth always succeed, needed for SSH broker (where SSH
+ handled the password (or key) based authentication
+ @type override_password_auth: C{bool}
@return: returns C{True} if the authentication has been successful
@rtype: C{bool},C{unicode}
@@ -775,7 +781,12 @@ class X2GoBroker(object):
if self.config.get_value('global', 'require-password'):
# using files to store persistant cookie information because global variables do not work across threads in WSGI
- cookie_directory=self.config.get_value('global', 'cookie-directory')
+ if _X2GOBROKER_USER == _X2GOBROKER_DAEMON_USER:
+ cookie_directory = self.config.get_value('global', 'cookie-directory')
+ cookie_directory = os.path.normpath(cookie_directory)
+ else:
+ cookie_directory=os.path.normpath(os.path.expanduser('~/.x2go/broker-cookies/'))
+
if (not os.path.isdir(cookie_directory)):
logger_broker.debug('base_broker.X2GoBroker.check_access(): cookie-directory {cookie_directory} does not exist trying to craete it'.format(cookie_directory=cookie_directory))
try:
@@ -790,7 +801,7 @@ class X2GoBroker(object):
### IMPLEMENT YOUR AUTHENTICATION LOGIC IN THE self._do_authenticate(**kwargs) METHOD
### when inheriting from the base.X2GoBroker class.
- access = self._do_authenticate(username=username, password=password)
+ access = self._do_authenticate(username=username, password=password) or override_password_auth
###
###
@@ -910,11 +921,11 @@ class X2GoBroker(object):
if key.startswith('host='):
del profile[key]
if key == 'user' and profile[key] == 'BROKER_USER':
- profile[key] = username
+ profile[key] = unicode(username)
if self.get_session_autologin(profile_id):
profile['autologin'] = True
- profile['key'] = '<will-be-provided-later>'
+ profile['key'] = u'<will-be-provided-later>'
# make sure that desktop sessions (that we know by name) do run with rootless=false
if profile['command'] in x2gobroker.defaults.X2GO_DESKTOP_SESSIONS:
@@ -1154,6 +1165,7 @@ class X2GoBroker(object):
"""
+ global_config = self.get_global_config()
if len(global_config[script_type]) != 0:
for script in global_config[script_type]:
try:
diff --git a/x2gobroker/client/plain.py b/x2gobroker/client/plain.py
index 8c37960..f730d40 100644
--- a/x2gobroker/client/plain.py
+++ b/x2gobroker/client/plain.py
@@ -66,21 +66,19 @@ class X2GoBrokerClient(object):
output = ''
- if broker_backend.check_access(cookie=cookie, cookie_only=True):
+ access, next_cookie = broker_backend.check_access(cookie=cookie, override_password_auth=True)
+ if access:
logger_broker.debug ('username: {username}, task: {task}, profile_id: {profile_id}'.format(username=username, task=task, profile_id=profile_id))
###
### CONFIRM SUCCESSFUL AUTHENTICATION FIRST
###
-
- if global_config['require-cookie-auth'] and not global_config['use-static-cookie']:
-
- ### FIXME: make up a nice protocol for this, disabled for now
- #output += "AUTHID: {authid}<br />".format(authid=broker_backend.get_next_authid(username=data.user))
- pass
+ if next_cookie is not None:
+ output += "AUTHID:{authid}\n".format(authid=next_cookie)
output += "Access granted\n"
+
###
### X2GO BROKER TASKS
###
@@ -141,5 +139,3 @@ class X2GoBrokerClient(object):
return output
logger_broker.error ('broker backend ,,{backend}\'\' is disabled on this system'.format(backend=backend))
-
-
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index 5ae9ccb..f06b301 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -202,21 +202,24 @@ X2GOBROKER_CONFIG_DEFAULTS = {
u'default-authorized-keys': u'%h/.x2go/authorized_keys',
u'default-agent-query-mode': u'NONE',
},
- 'zeroconf': {
+ 'broker_base': {
+ u'enable': False,
+ },
+ 'broker_zeroconf': {
u'enable': False,
u'auth-mech': u'pam',
u'user-db': u'libnss',
u'group-db': u'libnss',
u'desktop-shell': u'KDE',
},
- 'inifile': {
+ 'broker_inifile': {
u'enable': True,
u'session-profiles': u'/etc/x2go/broker/x2gobroker-sessionprofiles.conf',
u'auth-mech': u'',
u'user-db': u'',
u'group-db': u'',
},
- 'ldap': {
+ 'broker_ldap': {
u'enable': False,
u'auth-mech': u'ldap',
u'user-db': u'ldap',
--
Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
More information about the x2go-commits
mailing list