[X2Go-Commits] [x2gobroker] 01/01: x2gobroker-ssh: When agent query mode is set to LOCAL, Execute x2gobroker-agent via sudo as group "X2GOBROKER_DAEMON_GROUP". (Fixes: #835).
git-admin at x2go.org
git-admin at x2go.org
Thu Apr 2 16:08:00 CEST 2015
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository x2gobroker.
commit 7f0f216383f8729306a685693b58d473e41d216b
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Thu Apr 2 16:02:44 2015 +0200
x2gobroker-ssh: When agent query mode is set to LOCAL, Execute x2gobroker-agent via sudo as group "X2GOBROKER_DAEMON_GROUP". (Fixes: #835).
---
Makefile | 8 ++++++--
debian/changelog | 3 +++
debian/rules | 2 ++
debian/x2gobroker-ssh.install | 1 +
lib/x2gobroker-agent.pl | 9 ++++++---
x2gobroker-ssh.sudo | 3 +++
x2gobroker.spec | 1 +
x2gobroker/agent.py | 16 ++++++++++++++--
8 files changed, 36 insertions(+), 7 deletions(-)
diff --git a/Makefile b/Makefile
index 29e4303..025eb07 100755
--- a/Makefile
+++ b/Makefile
@@ -141,14 +141,18 @@ install:
"${DESTDIR}${BINDIR}/x2gobroker-daemon"
${INSTALL_PROGRAM} sbin/x2gobroker-daemon-debug \
"${DESTDIR}${SBINDIR}/"
-
+
# x2gobroker-ssh
mkdir -p "${DESTDIR}${BINDIR}" "${DESTDIR}${SBINDIR}" \
- "${DESTDIR}${MANDIR}/man1"
+ "${DESTDIR}${ETCDIR}/sudoers.d" \
+ "${DESTDIR}${MANDIR}/man1"
${INSTALL_FILE} man/man1/x2gobroker-ssh.1* \
"${DESTDIR}${MANDIR}/man1"
${INSTALL_PROGRAM} bin/x2gobroker-ssh \
"${DESTDIR}${BINDIR}/"
+ ${INSTALL_FILE} x2gobroker-ssh.sudo \
+ "${DESTDIR}${ETCDIR}/sudoers.d/"
+ mv "${DESTDIR}${ETCDIR}/sudoers.d/x2gobroker-ssh.sudo" "${DESTDIR}${ETCDIR}/sudoers.d/x2gobroker-ssh"
# x2gobroker-wsgi
mkdir -p "${DESTDIR}${ETCDIR}" "${DESTDIR}/etc/logrotate.d"
diff --git a/debian/changelog b/debian/changelog
index 3d4759e..88e28c5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -312,6 +312,9 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low
auto-detect the client-side DPI value and use that for the X2Go session.
(Fixes: #834).
- Add run-optional-script support to SSH broker.
+ - x2gobroker-ssh: When agent query mode is set to LOCAL, Execute
+ x2gobroker-agent via sudo as group "X2GOBROKER_DAEMON_GROUP". (Fixes:
+ #835).
* debian/control:
+ Provide separate bin:package for SSH brokerage: x2gobroker-ssh.
+ Replace LDAP support with session brokerage support in LONG_DESCRIPTION.
diff --git a/debian/rules b/debian/rules
index a899e11..af8f246 100755
--- a/debian/rules
+++ b/debian/rules
@@ -34,7 +34,9 @@ include /usr/share/cdbs/1/class/python-distutils.mk
common-binary-indep::
mkdir -p debian/tmp/usr
cp pam/x2gobroker.Debian pam/x2gobroker
+ cp x2gobroker-ssh.sudo x2gobroker-ssh
clean::
rm -f pam/x2gobroker
rm -f lib/x2gobroker-agent
+ rm -f x2gobroker-ssh
diff --git a/debian/x2gobroker-ssh.install b/debian/x2gobroker-ssh.install
index dc75192..834efe0 100644
--- a/debian/x2gobroker-ssh.install
+++ b/debian/x2gobroker-ssh.install
@@ -1 +1,2 @@
bin/x2gobroker-ssh usr/bin/
+x2gobroker-ssh etc/sudoers.d/
diff --git a/lib/x2gobroker-agent.pl b/lib/x2gobroker-agent.pl
index 0403d28..249a62d 100755
--- a/lib/x2gobroker-agent.pl
+++ b/lib/x2gobroker-agent.pl
@@ -31,6 +31,9 @@ if ($ENV{"SSH_ORIGINAL_COMMAND"} =~ m/\/usr\/.*\/x2go\/x2gobroker-agent\ .*/ ) {
@ARGV = @ARGV[1..$#ARGV];
}
+my $username=shift or die;
+my $mode=shift or die;
+
my @available_tasks = (
"availabletasks",
"addauthkey",
@@ -75,6 +78,9 @@ sub InitX2GoUser
#}
}
}
+ if (($ENV{"SUDO_USER"}) && ("$ENV{'SUDO_USER'}" ne "$username")) {
+ die "You cannot execute x2gobroker-agent for any other user except you!";
+ }
}
sub AddAuthKey
@@ -137,9 +143,6 @@ $< = $>;
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
$ENV{'PATH'} = '/bin:/usr/bin';
-my $username=shift or die;
-my $mode=shift or die;
-
if($mode eq 'ping')
{
print "OK\n";
diff --git a/x2gobroker-ssh.sudo b/x2gobroker-ssh.sudo
new file mode 100644
index 0000000..f438968
--- /dev/null
+++ b/x2gobroker-ssh.sudo
@@ -0,0 +1,3 @@
+# Allow members of group x2gobroker-users to execute any /usr/lib/x2go/x2gobroker-agent
+%x2gobroker-users ALL=(:x2gobroker) NOPASSWD: /usr/lib/x2go/x2gobroker-agent
+
diff --git a/x2gobroker.spec b/x2gobroker.spec
index 2349217..6658515 100644
--- a/x2gobroker.spec
+++ b/x2gobroker.spec
@@ -765,6 +765,7 @@ fi
%defattr(-,root,root)
%attr(04550,x2gobroker,x2gobroker-users) %_bindir/x2gobroker-ssh
%_mandir/man1/x2gobroker-ssh.1*
+%_sysconfdir/sudoers.d/x2gobroker-ssh
%files wsgi
diff --git a/x2gobroker/agent.py b/x2gobroker/agent.py
index bf7ecfe..ef6024a 100644
--- a/x2gobroker/agent.py
+++ b/x2gobroker/agent.py
@@ -129,11 +129,23 @@ def _call_local_broker_agent(username, task, cmdline_args=[], logger=None):
if logger is None:
logger = logger_broker
- cmd_line = [
+ cmd_line = []
+
+ try:
+ if os.stat("/usr/local/bin/x2gobroker-ssh").st_gid in os.getgroups():
+ cmd_line.append(["sudo", "-g", x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP])
+ except OSError:
+ try:
+ if os.stat("/usr/bin/x2gobroker-ssh").st_gid in os.getgroups():
+ cmd_line.extend(["sudo", "-g", x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP])
+ except OSError:
+ pass
+
+ cmd_line.extend([
'{x2gobroker_agent_binary}'.format(x2gobroker_agent_binary=x2gobroker.defaults.X2GOBROKER_AGENT_CMD),
'{username}'.format(username=username),
'{task}'.format(task=task),
- ]
+ ])
for cmdline_arg in cmdline_args:
cmd_line.append('{arg}'.format(arg=cmdline_arg))
--
Alioth's /srv/git/code.x2go.org/x2gobroker.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
More information about the x2go-commits
mailing list