[X2Go-Commits] [x2gobroker] 05/05: x2gobroker-authservice: Restructure logging. Enable log messages for authentication requests.

git-admin at x2go.org git-admin at x2go.org
Thu Oct 30 06:17:38 CET 2014


This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch master
in repository x2gobroker.

commit 0a05cc11344a56842d59d5e1167461a33848892d
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Thu Oct 30 06:15:47 2014 +0100

    x2gobroker-authservice: Restructure logging. Enable log messages for authentication requests.
---
 debian/changelog            |    2 +
 sbin/x2gobroker-authservice |  104 ++++++++++++++++++++++---------------------
 2 files changed, 56 insertions(+), 50 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index b8ecbed..1eeadd9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -185,6 +185,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low
       X2GOBROKER_DEFAULT_BACKEND from x2gobroker.defaults instead.
     - x2gobroker-testauth: Improve help text of --backend option. Display
       the current backend default.
+    - x2gobroker-authservice: Restructure logging. Enable log messages
+      for authentication requests.
   * debian/control:
     + Provide separate bin:package for SSH brokerage: x2gobroker-ssh.
     + Replace LDAP support with session brokerage support in LONG_DESCRIPTION.
diff --git a/sbin/x2gobroker-authservice b/sbin/x2gobroker-authservice
index 52b2367..8e21cab 100755
--- a/sbin/x2gobroker-authservice
+++ b/sbin/x2gobroker-authservice
@@ -59,7 +59,8 @@ from x2gobroker import __AUTHOR__
 
 class AuthClient(asyncore.dispatcher_with_send):
 
-    def __init__(self, sock):
+    def __init__(self, sock, logger=None):
+        self.logger = logger
         asyncore.dispatcher_with_send.__init__(self, sock)
         self._buf = ''
 
@@ -75,11 +76,14 @@ class AuthClient(asyncore.dispatcher_with_send):
                 user, passwd, service = req.split()
             except:
                 self.send('bad\n')
+                self.logger.warning('bad authentication data received')
             else:
                 if pam.authenticate(user, passwd, service):
                     self.send('ok\n')
+                    self.logger.info('successful authentication for \'{user}\' with password \'<hidden>\' against PAM service \'{service}\''.format(user=user, service=service))
                 else:
                     self.send('fail\n')
+                    self.logger.info('authentication failure for \'{user}\' with password \'<hidden>\' against PAM service \'{service}\''.format(user=user, service=service))
 
     def handle_close(self):
         self.close()
@@ -87,7 +91,8 @@ class AuthClient(asyncore.dispatcher_with_send):
 
 class AuthService(asyncore.dispatcher_with_send):
 
-    def __init__(self, socketfile, owner='root', group_owner='root', permissions='0660'):
+    def __init__(self, socketfile, owner='root', group_owner='root', permissions='0660', logger=None):
+        self.logger = logger
         asyncore.dispatcher_with_send.__init__(self)
         self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM)
         self.set_reuse_addr()
@@ -98,7 +103,7 @@ class AuthService(asyncore.dispatcher_with_send):
 
     def handle_accept(self):
         conn, _ = self.accept()
-        AuthClient(conn)
+        AuthClient(conn, logger=self.logger)
 
 
 def loop():
@@ -130,14 +135,6 @@ elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_DEBUG'):
     X2GOBROKER_DEBUG=iniconfig.get('common', 'X2GOBROKER_DEBUG')
 else:
     X2GOBROKER_DEBUG = False
-if os.environ.has_key('X2GOBROKER_TESTSUITE'):
-    X2GOBROKER_TESTSUITE = ( os.environ['X2GOBROKER_TESTSUITE'].lower() in ('1', 'on', 'true', 'yes', ) )
-elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_TESTSUITE'):
-    X2GOBROKER_TESTSUITE=iniconfig.get(iniconfig_section, 'X2GOBROKER_TESTSUITE')
-elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_TESTSUITE'):
-    X2GOBROKER_TESTSUITE=iniconfig.get('common', 'X2GOBROKER_TESTSUITE')
-else:
-    X2GOBROKER_TESTSUITE = False
 
 if os.environ.has_key('X2GOBROKER_DAEMON_USER'):
     X2GOBROKER_DAEMON_USER=os.environ['X2GOBROKER_DAEMON_USER']
@@ -167,41 +164,6 @@ else:
     X2GOBROKER_AUTHSERVICE_SOCKET="{run}/x2gobroker/x2gobroker-authservice.socket".format(run=RUNDIR)
 
 
-# standalone daemon mode (x2gobroker-authservice as daemon) or interactive mode (called from the cmdline)?
-if getpass.getuser() in (X2GOBROKER_DAEMON_USER, 'root'):
-
-    # we run in standalone daemon mode, so let's use the system configuration for logging
-    logging.config.fileConfig(X2GOBROKER_AUTHSERVICE_LOGCONFIG)
-
-    # create authservice logger
-    logger_authservice = logging.getLogger('authservice')
-
-else:
-    logger_root = logging.getLogger()
-    stderr_handler = logging.StreamHandler(sys.stderr)
-    stderr_handler.setFormatter(logging.Formatter(fmt='%(asctime)s - %(name)s - %(levelname)s - %(message)s', datefmt=''))
-
-    # all loggers stream to stderr...
-    logger_root.addHandler(stderr_handler)
-
-    logger_authservice = logging.getLogger('authservice')
-    logger_authservice.addHandler(stderr_handler)
-    logger_authservice.propagate = 0
-
-
-# raise log level to DEBUG if requested...
-if X2GOBROKER_DEBUG and not X2GOBROKER_TESTSUITE:
-    logger_authservice.setLevel(logging.DEBUG)
-
-logger_authservice.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__))
-logger_authservice.info('Setting up the PAM authentication service\'s environment...')
-logger_authservice.info('  X2GOBROKER_DEBUG: {value}'.format(value=X2GOBROKER_DEBUG))
-logger_authservice.info('  X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=X2GOBROKER_AUTHSERVICE_SOCKET))
-
-# check effective UID the broker runs as and complain appropriately...
-if os.geteuid() != 0:
-    logger_authservice.warn('X2Go Session Broker\'s PAM authentication service should run with root privileges to guarantee proper access to all PAM modules.')
-
 if __name__ == '__main__':
 
     common_options = [
@@ -209,7 +171,9 @@ if __name__ == '__main__':
         {'args':['-o','--owner'], 'default': 'root', 'help': 'owner of the AuthService socket file', },
         {'args':['-g','--group'], 'default': 'root', 'help': 'group ownership of the AuthService socket file', },
         {'args':['-p','--permissions'], 'default': '0660', 'help': 'set these file permissions for the AuthService socket file', },
-
+        {'args':['-d','--debug'], 'default': False, 'action': 'store_true', 'help': 'enable debugging code', },
+        {'args':['-i','--debug-interactively'], 'default': False, 'action': 'store_true', 'help': 'force output of log message to the stderr (rather than to the log files)', },
+ 
     ]
     if CAN_DAEMONIZE:
         common_options.extend([
@@ -230,6 +194,43 @@ if __name__ == '__main__':
 
     cmdline_args = p.parse_args()
 
+    # standalone daemon mode (x2gobroker-authservice as daemon) or interactive mode (called from the cmdline)?
+    if getpass.getuser() in (X2GOBROKER_DAEMON_USER, 'root') and not cmdline_args.debug_interactively:
+
+        # we run in standalone daemon mode, so let's use the system configuration for logging
+        logging.config.fileConfig(X2GOBROKER_AUTHSERVICE_LOGCONFIG)
+
+        # create authservice logger
+        logger_authservice = logging.getLogger('authservice')
+
+    else:
+        logger_root = logging.getLogger()
+        stderr_handler = logging.StreamHandler(sys.stderr)
+        stderr_handler.setFormatter(logging.Formatter(fmt='%(asctime)s - %(name)s - %(levelname)s - %(message)s', datefmt=''))
+
+        # all loggers stream to stderr...
+        logger_root.addHandler(stderr_handler)
+
+        logger_authservice = logging.getLogger('authservice')
+        logger_authservice.addHandler(stderr_handler)
+        logger_authservice.propagate = 0
+
+    if cmdline_args.debug_interactively:
+        cmdline_args.debug = True
+
+    # raise log level to DEBUG if requested...
+    if cmdline_args.debug or X2GOBROKER_DEBUG:
+        logger_authservice.setLevel(logging.DEBUG)
+
+    logger_authservice.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__))
+    logger_authservice.info('Setting up the PAM authentication service\'s environment...')
+    logger_authservice.info('  X2GOBROKER_DEBUG: {value}'.format(value=X2GOBROKER_DEBUG))
+    logger_authservice.info('  X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=X2GOBROKER_AUTHSERVICE_SOCKET))
+
+    # check effective UID the broker runs as and complain appropriately...
+    if os.geteuid() != 0:
+        logger_authservice.warn('X2Go Session Broker\'s PAM authentication service should run with root privileges to guarantee proper access to all PAM modules.')
+
     if CAN_DAEMONIZE and cmdline_args.daemonize:
 
         # create directory for the PID file
@@ -271,10 +272,13 @@ if __name__ == '__main__':
     if not os.path.exists(os.path.dirname(socket_file)):
         os.makedirs(os.path.dirname(socket_file))
 
-    os.chown(os.path.dirname(socket_file), getpwnam(cmdline_args.owner).pw_uid, getpwnam(cmdline_args.group).pw_gid)
-    os.chmod(os.path.dirname(socket_file), int(cmdline_args.permissions, 8))
+    try:
+        os.chown(os.path.dirname(socket_file), getpwnam(cmdline_args.owner).pw_uid, getpwnam(cmdline_args.group).pw_gid)
+        os.chmod(os.path.dirname(socket_file), int(cmdline_args.permissions, 8))
+    except OSError:
+        pass
 
-    AuthService(socket_file, owner=cmdline_args.owner, group_owner=cmdline_args.group, permissions=cmdline_args.permissions)
+    AuthService(socket_file, owner=cmdline_args.owner, group_owner=cmdline_args.group, permissions=cmdline_args.permissions, logger=logger_authservice)
     atexit.register(cleanup_on_exit)
     try:
         if CAN_DAEMONIZE and cmdline_args.daemonize:

--
Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git


More information about the x2go-commits mailing list