[X2Go-Commits] [x2gobroker] 05/05: x2gobroker-authservice: Restructure logging. Enable log messages for authentication requests.
git-admin at x2go.org
git-admin at x2go.org
Thu Oct 30 06:17:38 CET 2014
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository x2gobroker.
commit 0a05cc11344a56842d59d5e1167461a33848892d
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Thu Oct 30 06:15:47 2014 +0100
x2gobroker-authservice: Restructure logging. Enable log messages for authentication requests.
---
debian/changelog | 2 +
sbin/x2gobroker-authservice | 104 ++++++++++++++++++++++---------------------
2 files changed, 56 insertions(+), 50 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index b8ecbed..1eeadd9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -185,6 +185,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low
X2GOBROKER_DEFAULT_BACKEND from x2gobroker.defaults instead.
- x2gobroker-testauth: Improve help text of --backend option. Display
the current backend default.
+ - x2gobroker-authservice: Restructure logging. Enable log messages
+ for authentication requests.
* debian/control:
+ Provide separate bin:package for SSH brokerage: x2gobroker-ssh.
+ Replace LDAP support with session brokerage support in LONG_DESCRIPTION.
diff --git a/sbin/x2gobroker-authservice b/sbin/x2gobroker-authservice
index 52b2367..8e21cab 100755
--- a/sbin/x2gobroker-authservice
+++ b/sbin/x2gobroker-authservice
@@ -59,7 +59,8 @@ from x2gobroker import __AUTHOR__
class AuthClient(asyncore.dispatcher_with_send):
- def __init__(self, sock):
+ def __init__(self, sock, logger=None):
+ self.logger = logger
asyncore.dispatcher_with_send.__init__(self, sock)
self._buf = ''
@@ -75,11 +76,14 @@ class AuthClient(asyncore.dispatcher_with_send):
user, passwd, service = req.split()
except:
self.send('bad\n')
+ self.logger.warning('bad authentication data received')
else:
if pam.authenticate(user, passwd, service):
self.send('ok\n')
+ self.logger.info('successful authentication for \'{user}\' with password \'<hidden>\' against PAM service \'{service}\''.format(user=user, service=service))
else:
self.send('fail\n')
+ self.logger.info('authentication failure for \'{user}\' with password \'<hidden>\' against PAM service \'{service}\''.format(user=user, service=service))
def handle_close(self):
self.close()
@@ -87,7 +91,8 @@ class AuthClient(asyncore.dispatcher_with_send):
class AuthService(asyncore.dispatcher_with_send):
- def __init__(self, socketfile, owner='root', group_owner='root', permissions='0660'):
+ def __init__(self, socketfile, owner='root', group_owner='root', permissions='0660', logger=None):
+ self.logger = logger
asyncore.dispatcher_with_send.__init__(self)
self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM)
self.set_reuse_addr()
@@ -98,7 +103,7 @@ class AuthService(asyncore.dispatcher_with_send):
def handle_accept(self):
conn, _ = self.accept()
- AuthClient(conn)
+ AuthClient(conn, logger=self.logger)
def loop():
@@ -130,14 +135,6 @@ elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_DEBUG'):
X2GOBROKER_DEBUG=iniconfig.get('common', 'X2GOBROKER_DEBUG')
else:
X2GOBROKER_DEBUG = False
-if os.environ.has_key('X2GOBROKER_TESTSUITE'):
- X2GOBROKER_TESTSUITE = ( os.environ['X2GOBROKER_TESTSUITE'].lower() in ('1', 'on', 'true', 'yes', ) )
-elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_TESTSUITE'):
- X2GOBROKER_TESTSUITE=iniconfig.get(iniconfig_section, 'X2GOBROKER_TESTSUITE')
-elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_TESTSUITE'):
- X2GOBROKER_TESTSUITE=iniconfig.get('common', 'X2GOBROKER_TESTSUITE')
-else:
- X2GOBROKER_TESTSUITE = False
if os.environ.has_key('X2GOBROKER_DAEMON_USER'):
X2GOBROKER_DAEMON_USER=os.environ['X2GOBROKER_DAEMON_USER']
@@ -167,41 +164,6 @@ else:
X2GOBROKER_AUTHSERVICE_SOCKET="{run}/x2gobroker/x2gobroker-authservice.socket".format(run=RUNDIR)
-# standalone daemon mode (x2gobroker-authservice as daemon) or interactive mode (called from the cmdline)?
-if getpass.getuser() in (X2GOBROKER_DAEMON_USER, 'root'):
-
- # we run in standalone daemon mode, so let's use the system configuration for logging
- logging.config.fileConfig(X2GOBROKER_AUTHSERVICE_LOGCONFIG)
-
- # create authservice logger
- logger_authservice = logging.getLogger('authservice')
-
-else:
- logger_root = logging.getLogger()
- stderr_handler = logging.StreamHandler(sys.stderr)
- stderr_handler.setFormatter(logging.Formatter(fmt='%(asctime)s - %(name)s - %(levelname)s - %(message)s', datefmt=''))
-
- # all loggers stream to stderr...
- logger_root.addHandler(stderr_handler)
-
- logger_authservice = logging.getLogger('authservice')
- logger_authservice.addHandler(stderr_handler)
- logger_authservice.propagate = 0
-
-
-# raise log level to DEBUG if requested...
-if X2GOBROKER_DEBUG and not X2GOBROKER_TESTSUITE:
- logger_authservice.setLevel(logging.DEBUG)
-
-logger_authservice.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__))
-logger_authservice.info('Setting up the PAM authentication service\'s environment...')
-logger_authservice.info(' X2GOBROKER_DEBUG: {value}'.format(value=X2GOBROKER_DEBUG))
-logger_authservice.info(' X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=X2GOBROKER_AUTHSERVICE_SOCKET))
-
-# check effective UID the broker runs as and complain appropriately...
-if os.geteuid() != 0:
- logger_authservice.warn('X2Go Session Broker\'s PAM authentication service should run with root privileges to guarantee proper access to all PAM modules.')
-
if __name__ == '__main__':
common_options = [
@@ -209,7 +171,9 @@ if __name__ == '__main__':
{'args':['-o','--owner'], 'default': 'root', 'help': 'owner of the AuthService socket file', },
{'args':['-g','--group'], 'default': 'root', 'help': 'group ownership of the AuthService socket file', },
{'args':['-p','--permissions'], 'default': '0660', 'help': 'set these file permissions for the AuthService socket file', },
-
+ {'args':['-d','--debug'], 'default': False, 'action': 'store_true', 'help': 'enable debugging code', },
+ {'args':['-i','--debug-interactively'], 'default': False, 'action': 'store_true', 'help': 'force output of log message to the stderr (rather than to the log files)', },
+
]
if CAN_DAEMONIZE:
common_options.extend([
@@ -230,6 +194,43 @@ if __name__ == '__main__':
cmdline_args = p.parse_args()
+ # standalone daemon mode (x2gobroker-authservice as daemon) or interactive mode (called from the cmdline)?
+ if getpass.getuser() in (X2GOBROKER_DAEMON_USER, 'root') and not cmdline_args.debug_interactively:
+
+ # we run in standalone daemon mode, so let's use the system configuration for logging
+ logging.config.fileConfig(X2GOBROKER_AUTHSERVICE_LOGCONFIG)
+
+ # create authservice logger
+ logger_authservice = logging.getLogger('authservice')
+
+ else:
+ logger_root = logging.getLogger()
+ stderr_handler = logging.StreamHandler(sys.stderr)
+ stderr_handler.setFormatter(logging.Formatter(fmt='%(asctime)s - %(name)s - %(levelname)s - %(message)s', datefmt=''))
+
+ # all loggers stream to stderr...
+ logger_root.addHandler(stderr_handler)
+
+ logger_authservice = logging.getLogger('authservice')
+ logger_authservice.addHandler(stderr_handler)
+ logger_authservice.propagate = 0
+
+ if cmdline_args.debug_interactively:
+ cmdline_args.debug = True
+
+ # raise log level to DEBUG if requested...
+ if cmdline_args.debug or X2GOBROKER_DEBUG:
+ logger_authservice.setLevel(logging.DEBUG)
+
+ logger_authservice.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__))
+ logger_authservice.info('Setting up the PAM authentication service\'s environment...')
+ logger_authservice.info(' X2GOBROKER_DEBUG: {value}'.format(value=X2GOBROKER_DEBUG))
+ logger_authservice.info(' X2GOBROKER_AUTHSERVICE_SOCKET: {value}'.format(value=X2GOBROKER_AUTHSERVICE_SOCKET))
+
+ # check effective UID the broker runs as and complain appropriately...
+ if os.geteuid() != 0:
+ logger_authservice.warn('X2Go Session Broker\'s PAM authentication service should run with root privileges to guarantee proper access to all PAM modules.')
+
if CAN_DAEMONIZE and cmdline_args.daemonize:
# create directory for the PID file
@@ -271,10 +272,13 @@ if __name__ == '__main__':
if not os.path.exists(os.path.dirname(socket_file)):
os.makedirs(os.path.dirname(socket_file))
- os.chown(os.path.dirname(socket_file), getpwnam(cmdline_args.owner).pw_uid, getpwnam(cmdline_args.group).pw_gid)
- os.chmod(os.path.dirname(socket_file), int(cmdline_args.permissions, 8))
+ try:
+ os.chown(os.path.dirname(socket_file), getpwnam(cmdline_args.owner).pw_uid, getpwnam(cmdline_args.group).pw_gid)
+ os.chmod(os.path.dirname(socket_file), int(cmdline_args.permissions, 8))
+ except OSError:
+ pass
- AuthService(socket_file, owner=cmdline_args.owner, group_owner=cmdline_args.group, permissions=cmdline_args.permissions)
+ AuthService(socket_file, owner=cmdline_args.owner, group_owner=cmdline_args.group, permissions=cmdline_args.permissions, logger=logger_authservice)
atexit.register(cleanup_on_exit)
try:
if CAN_DAEMONIZE and cmdline_args.daemonize:
--
Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
More information about the x2go-commits
mailing list