[X2Go-Commits] python-x2go.git - build-baikal (branch) updated: 0.2.0.10-92-g64dbd1b

X2Go dev team git-admin at x2go.org
Wed Jan 8 15:27:25 CET 2014


The branch, build-baikal has been updated
       via  64dbd1b29eeefb88427ee92a5ba0ccfef2cb309f (commit)
      from  8b51f4435d5042e8f8a3d38767d8cf70d38a67b6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 x2go/backends/control/_stdout.py |   25 ++++++++++++------
 x2go/client.py                   |    8 +++++-
 x2go/session.py                  |   54 ++++++++++++++++----------------------
 x2go/sshproxy.py                 |   27 ++++++++++++-------
 4 files changed, 64 insertions(+), 50 deletions(-)

The diff of changes is:
diff --git a/x2go/backends/control/_stdout.py b/x2go/backends/control/_stdout.py
index b95e916..7e29166 100644
--- a/x2go/backends/control/_stdout.py
+++ b/x2go/backends/control/_stdout.py
@@ -613,7 +613,7 @@ class X2goControlSessionSTDOUT(paramiko.SSHClient):
 
     def connect(self, hostname, port=22, username='', password='', pkey=None,
                 key_filename=None, timeout=None, allow_agent=False, look_for_keys=False,
-                use_sshproxy=False, sshproxy_host='', sshproxy_port=22, sshproxy_user='', sshproxy_password='',
+                use_sshproxy=False, sshproxy_host='', sshproxy_port=22, sshproxy_user='', sshproxy_password='', sshproxy_force_password_auth=False,
                 sshproxy_key_filename='', sshproxy_pkey=None, sshproxy_look_for_keys=False, sshproxy_allow_agent=False,
                 sshproxy_tunnel='',
                 forward_sshagent=None,
@@ -689,6 +689,8 @@ class X2goControlSessionSTDOUT(paramiko.SSHClient):
         @param sshproxy_password: a password to use for SSH proxy authentication or for unlocking
             a private key
         @type sshproxy_password: C{str}
+        @param sshproxy_force_password_auth: enforce using a given C{sshproxy_password} even if a key(file) is given
+        @type sshproxy_force_password_auth: C{bool}
         @param sshproxy_key_filename: local file location of the private key file
         @type sshproxy_key_filename: C{str}
         @param sshproxy_pkey: an optional private key to use for SSH proxy authentication
@@ -723,6 +725,7 @@ class X2goControlSessionSTDOUT(paramiko.SSHClient):
                                                               sshproxy_port=sshproxy_port,
                                                               sshproxy_user=sshproxy_user,
                                                               sshproxy_password=sshproxy_password,
+                                                              sshproxy_force_password_auth=sshproxy_force_password_auth,
                                                               sshproxy_key_filename=sshproxy_key_filename,
                                                               sshproxy_pkey=sshproxy_pkey,
                                                               sshproxy_look_for_keys=sshproxy_look_for_keys,
@@ -773,30 +776,36 @@ class X2goControlSessionSTDOUT(paramiko.SSHClient):
         if forward_sshagent is not None:
             self.forward_sshagent = forward_sshagent
 
-        if (key_filename and os.path.exists(os.path.normpath(key_filename))) or pkey or look_for_keys or allow_agent or (password and force_password_auth):
+        if key_filename or pkey or look_for_keys or allow_agent or (password and force_password_auth):
             try:
                 if password and force_password_auth:
                     self.logger('trying keyboard-interactive SSH authentication with server', loglevel=log.loglevel_DEBUG)
                     paramiko.SSHClient.connect(self, _hostname, port=port, username=username, pkey=None, password=password,
                                                key_filename=None, timeout=timeout, allow_agent=False,
                                                look_for_keys=False)
-                elif key_filename or pkey:
+                elif (key_filename and os.path.exists(os.path.normpath(key_filename))) or pkey:
                     self.logger('trying SSH pub/priv key authentication with server', loglevel=log.loglevel_DEBUG)
                     paramiko.SSHClient.connect(self, _hostname, port=port, username=username, pkey=pkey,
                                                key_filename=key_filename, timeout=timeout, allow_agent=allow_agent,
                                                look_for_keys=look_for_keys)
                 else:
                     self.logger('trying SSH key discovery or agent authentication with server', loglevel=log.loglevel_DEBUG)
-                    paramiko.SSHClient.connect(self, _hostname, port=port, username=username, pkey=None,
-                                               key_filename=None, timeout=timeout, allow_agent=allow_agent,
-                                               look_for_keys=look_for_keys)
+                    try:
+                        paramiko.SSHClient.connect(self, _hostname, port=port, username=username, pkey=None,
+                                                      key_filename=None, timeout=timeout, allow_agent=allow_agent,
+                                                      look_for_keys=look_for_keys)
+                    except paramiko.SSHException, e:
+                        if str(e) == 'No authentication methods available':
+                            raise paramiko.AuthenticationException('Interactive password authentication required!')
+                        else:
+                            raise(e)
 
                 # since Paramiko 1.7.7.1 there is compression available, let's use it if present...
                 t = self.get_transport()
                 if x2go._paramiko.PARAMIKO_FEATURE['use-compression']:
                     t.use_compression(compress=True)
 
-            except (paramiko.AuthenticationException, paramiko.SSHException), e:
+            except paramiko.AuthenticationException, e:
                 self.close()
                 if password:
                     self.logger('next auth mechanism we\'ll try is keyboard-interactive authentication', loglevel=log.loglevel_DEBUG)
@@ -812,7 +821,7 @@ class X2goControlSessionSTDOUT(paramiko.SSHClient):
                     self.close()
                     if self.sshproxy_session:
                         self.sshproxy_session.stop_thread()
-                    raise(paramiko.AuthenticationException('Interactive password authentication required!'))
+                    raise(e)
 
             except:
                 self.close()
diff --git a/x2go/client.py b/x2go/client.py
index 8619e26..c1e5358 100644
--- a/x2go/client.py
+++ b/x2go/client.py
@@ -1283,7 +1283,9 @@ class X2goClient(object):
                         sshproxy_user='',
                         sshproxy_password='',
                         add_to_known_hosts=False,
-                        force_password_auth=False):
+                        force_password_auth=False,
+                        sshproxy_force_password_auth=False,
+                       ):
         """\
         Connect to a registered X2Go session with registry hash C{session_uuid}
         This method basically wraps around paramiko.SSHClient.connect() for the
@@ -1307,6 +1309,9 @@ class X2goClient(object):
         @param force_password_auth: disable SSH pub/priv key authentication mechanisms
             completely
         @type force_password_auth: C{bool}
+        @param sshproxy_force_password_auth: disable SSH pub/priv key authentication mechanisms
+            completely for SSH proxy connection
+        @type sshproxy_force_password_auth: C{bool}
 
         @return: returns True if this method has been successful
         @rtype: C{bool}
@@ -1316,6 +1321,7 @@ class X2goClient(object):
                                                                sshproxy_user=sshproxy_user, sshproxy_password=sshproxy_password,
                                                                add_to_known_hosts=add_to_known_hosts,
                                                                force_password_auth=force_password_auth,
+                                                               sshproxy_force_password_auth=sshproxy_force_password_auth,
                                                               )
         if self.auto_register_sessions:
             self.session_registry.register_available_server_sessions(profile_name=self.get_session_profile_name(session_uuid),
diff --git a/x2go/session.py b/x2go/session.py
index 0348ae3..e1159f1 100644
--- a/x2go/session.py
+++ b/x2go/session.py
@@ -60,6 +60,9 @@ import gevent
 import re
 import threading
 
+# FIXME: we need the list of keys from a potentially used SSH agent. This part of code has to be moved into the control session code
+import paramiko
+
 # Python X2Go modules
 import defaults
 import log
@@ -67,7 +70,6 @@ import utils
 import session
 import x2go_exceptions
 
-
 from x2go.backends.control import X2goControlSession as _X2goControlSession
 from x2go.backends.terminal import X2goTerminalSession as _X2goTerminalSession
 from x2go.backends.info import X2goServerSessionInfo as _X2goServerSessionInfo
@@ -1078,13 +1080,15 @@ class X2goSession(object):
         if self.use_sshproxy:
             if self.sshproxy_params.has_key('sshproxy_key_filename') and self.sshproxy_params['sshproxy_key_filename'] and os.path.exists(os.path.normpath(self.sshproxy_params['sshproxy_key_filename'])):
                 return True
+            elif self.sshproxy_reuse_authinfo and self.control_params.has_key('key_filename') and self.control_params['key_filename'] and os.path.exists(os.path.normpath(self.control_params['key_filename'])):
+                return True
             elif self.sshproxy_params.has_key('sshproxy_pkey') and self.sshproxy_params['sshproxy_pkey']:
                 return True
-            ### FIXME -- we do not know by 100%  if this will work just by checking the presence of ,,sshproxy_look_for_keys''...
-            elif self.sshproxy_params.has_key('sshproxy_look_for_keys') and self.sshproxy_params['sshproxy_look_for_keys']:
+            elif self.sshproxy_reuse_authinfo and self.control_params.has_key('pkey') and self.control_params['pkey']:
+                return True
+            elif self.sshproxy_params.has_key('sshproxy_look_for_keys') and self.sshproxy_params['sshproxy_look_for_keys'] and (os.path.exists(os.path.expanduser('~/.ssh/id_rsa')) or os.path.exists(os.path.expanduser('~/.ssh/id_dsa'))):
                 return True
-            ### FIXME -- we do not know by 100% if this will work just by checking the presence of ,,sshproxy_allow_agent''...
-            elif self.sshproxy_params.has_key('sshproxy_allow_agent') and self.sshproxy_params['sshproxy_allow_agent']:
+            elif self.sshproxy_params.has_key('sshproxy_allow_agent') and self.sshproxy_params['sshproxy_allow_agent'] and paramiko.Agent().get_keys():
                 return True
             else:
                 return False
@@ -1105,39 +1109,23 @@ class X2goSession(object):
         if self.control_session is None:
             return None
 
+        _can_sshproxy_auto_connect = self.can_sshproxy_auto_connect()
+
         # do we have a key file passed as control parameter?
         if self.control_params.has_key('key_filename') and self.control_params['key_filename'] and os.path.exists(os.path.normpath(self.control_params['key_filename'])):
-            _can_sshproxy_auto_connect = self.can_sshproxy_auto_connect()
-            if _can_sshproxy_auto_connect is not None:
-                return _can_sshproxy_auto_connect
-            else:
-                return True
+            return (_can_sshproxy_auto_connect is not None) or _can_sshproxy_auto_connect
 
         # or a private key?
         elif self.control_params.has_key('pkey') and self.control_params['pkey']:
-            _can_sshproxy_auto_connect = self.can_sshproxy_auto_connect()
-            if _can_sshproxy_auto_connect is not None:
-                return _can_sshproxy_auto_connect
-            else:
-                return True
+            return (_can_sshproxy_auto_connect is not None) or _can_sshproxy_auto_connect
 
         # or a key auto discovery?
-        ### FIXME -- we do not know by 100% if this will work just by checking the presence of ,,look_for_keys''...
-        elif self.control_params.has_key('look_for_keys') and self.control_params['look_for_keys']:
-            _can_sshproxy_auto_connect = self.can_sshproxy_auto_connect()
-            if _can_sshproxy_auto_connect is not None:
-                return _can_sshproxy_auto_connect
-            else:
-                return True
+        elif self.control_params.has_key('look_for_keys') and self.control_params['look_for_keys'] and (os.path.exists(os.path.expanduser('~/.ssh/id_rsa')) or os.path.exists(os.path.expanduser('~/.ssh/id_dsa'))):
+            return (_can_sshproxy_auto_connect is not None) or _can_sshproxy_auto_connect
 
-        # or a SSH agent usage?
-        ### FIXME -- we do not know by 100% if this will work just by checking the presence of ,,allow_agent''...
-        elif self.control_params.has_key('allow_agent') and self.control_params['allow_agent']:
-            _can_sshproxy_auto_connect = self.can_sshproxy_auto_connect()
-            if _can_sshproxy_auto_connect is not None:
-                return _can_sshproxy_auto_connect
-            else:
-                return True
+        # or an SSH agent usage?
+        elif self.control_params.has_key('allow_agent') and self.control_params['allow_agent'] and paramiko.Agent().get_keys():
+            return (_can_sshproxy_auto_connect is not None) or _can_sshproxy_auto_connect
 
         else:
             return False
@@ -1163,7 +1151,7 @@ class X2goSession(object):
 
     def connect(self, username='', password='', add_to_known_hosts=False, force_password_auth=False,
                 look_for_keys=None, allow_agent=None,
-                use_sshproxy=None, sshproxy_reuse_authinfo=False, sshproxy_user='', sshproxy_password=''):
+                use_sshproxy=None, sshproxy_reuse_authinfo=False, sshproxy_user='', sshproxy_password='', sshproxy_force_password_auth=False):
         """\
         Connects to the L{X2goSession}'s server host. This method basically wraps around 
         the C{X2goControlSession*.connect()} method.
@@ -1195,6 +1183,8 @@ class X2goSession(object):
         @type sshproxy_user: C{str}
         @param sshproxy_password: password for authentication against the SSH proxy host
         @type sshproxy_password: C{str}
+        @param sshproxy_force_password_auth: enforce password authentication even is a key(file) is present
+        @type sshproxy_force_password_auth: C{bool}
 
         @return: returns C{True} is the connection to the X2Go server has been successful
         @rtype C{bool}
@@ -1230,6 +1220,8 @@ class X2goSession(object):
                 self.sshproxy_params['sshproxy_user'] = sshproxy_user
             if sshproxy_password:
                 self.sshproxy_params['sshproxy_password'] = sshproxy_password
+            if sshproxy_force_password_auth:
+                self.sshproxy_params['sshproxy_force_password_auth'] = sshproxy_force_password_auth
 
             self.control_params['password'] = password
 
diff --git a/x2go/sshproxy.py b/x2go/sshproxy.py
index 67b5f75..df50f2b 100644
--- a/x2go/sshproxy.py
+++ b/x2go/sshproxy.py
@@ -54,11 +54,11 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
     """
     fw_tunnel = None
 
-    def __init__(self, hostname=None, port=22, username=None, password=None, key_filename=None,
+    def __init__(self, hostname=None, port=22, username=None, password=None, force_password_auth=False, key_filename=None,
                  local_host='localhost', local_port=22022, remote_host='localhost', remote_port=22,
                  known_hosts=None, add_to_known_hosts=False, pkey=None, look_for_keys=False, allow_agent=False,
                  sshproxy_host=None, sshproxy_port=22, sshproxy_user=None,
-                 sshproxy_password=None, sshproxy_key_filename=None, sshproxy_pkey=None,
+                 sshproxy_password=None, sshproxy_force_password_auth=False, sshproxy_key_filename=None, sshproxy_pkey=None,
                  sshproxy_look_for_keys=False, sshproxy_allow_agent=False,
                  sshproxy_tunnel=None,
                  ssh_rootdir=os.path.join(_LOCAL_HOME, _X2GO_SSH_ROOTDIR), 
@@ -78,6 +78,8 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
         @type key_filename: C{str}
         @param pkey: a private DSA/RSA key object (as provided by Paramiko/SSH)
         @type pkey: C{RSA/DSA key instance}
+        @param force_password_auth: enforce password authentication even if a key(file) is present
+        @type force_password_auth: C{bool}
         @param look_for_keys: look for key files with standard names and try those if any can be found
         @type look_for_keys: C{bool}
         @param allow_agent: try authentication via a locally available SSH agent
@@ -110,6 +112,8 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
         @type sshproxy_key_filename: C{str}
         @param sshproxy_pkey: alias for C{pkey}
         @type sshproxy_pkey: C{RSA/DSA key instance} (Paramiko)
+        @param sshproxy_force_password_auth: alias for C{force_password_auth}
+        @type sshproxy_force_password_auth: C{bool}
         @param sshproxy_look_for_keys: alias for C{look_for_keys}
         @type sshproxy_look_for_keys: C{bool}
         @param sshproxy_allow_agent: alias for C{allow_agent}
@@ -155,6 +159,7 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
 
         if sshproxy_user: self.username = sshproxy_user
         if sshproxy_password: password = sshproxy_password
+        if sshproxy_force_password_auth: force_password_auth = sshproxy_force_password_auth
         if sshproxy_key_filename: key_filename = sshproxy_key_filename
         if sshproxy_pkey: pkey = sshproxy_pkey
         if sshproxy_look_for_keys: look_for_keys = sshproxy_look_for_keys
@@ -208,10 +213,10 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
             self.set_missing_host_key_policy(paramiko.AutoAddPolicy())
 
         try:
-            if (key_filename and os.path.exists(os.path.normpath(key_filename))) or pkey or look_for_keys or allow_agent:
+            if key_filename or pkey or look_for_keys or allow_agent or (password and force_password_auth):
                 try:
-                    if password:
-                        self.connect(_hostname, port=self.port, 
+                    if password and force_password_auth:
+                        self.connect(_hostname, port=self.port,
                                      username=self.username,
                                      password=password,
                                      key_filename=None,
@@ -219,8 +224,8 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
                                      look_for_keys=False,
                                      allow_agent=False,
                                     )
-                    elif key_filename or pkey:
-                        self.connect(_hostname, port=self.port, 
+                    elif (key_filename and os.path.exists(os.path.normpath(key_filename))) or pkey:
+                        self.connect(_hostname, port=self.port,
                                      username=self.username, 
                                      key_filename=key_filename,
                                      pkey=pkey,
@@ -228,7 +233,7 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
                                      allow_agent=allow_agent,
                                     )
                     else:
-                        self.connect(_hostname, port=self.port, 
+                        self.connect(_hostname, port=self.port,
                                      username=self.username, 
                                      look_for_keys=look_for_keys,
                                      allow_agent=allow_agent,
@@ -237,8 +242,10 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
                 except x2go_exceptions.AuthenticationException, e:
                     self.close()
                     raise x2go_exceptions.X2goSSHProxyAuthenticationException('pubkey auth mechanisms both failed')
-                except:
+                except x2go_exceptions.SSHException, e:
                     self.close()
+                    raise x2go_exceptions.X2goSSHProxyAuthenticationException('interactive authentication required')
+                except:
                     raise
 
                 # since Paramiko 1.7.7.1 there is compression available, let's use it if present...
@@ -265,7 +272,7 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
                     self.close()
                     raise
 
-        except x2go_exceptions.SSHException, e:
+        except (x2go_exceptions.SSHException, IOError), e:
             self.close()
             raise x2go_exceptions.X2goSSHProxyException(str(e))
         except:


hooks/post-receive
-- 
python-x2go.git (Python X2Go Client API)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-x2go.git" (Python X2Go Client API).




More information about the x2go-commits mailing list