Package: x2gobroker; Maintainer for x2gobroker is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2gobroker is src:x2gobroker.
Reported by: Josh Lukens <jlukens@botch.com>
Date: Thu, 6 Mar 2014 04:40:02 UTC
Severity: wishlist
Tags: pending
Found in version 0.0.2.4
Fixed in version 0.0.3.0
Done: X2Go Release Manager <git-admin@x2go.org>
Bug is archived. No further changes may be made.
🔗 View this message in rfc822 format
MIME-Version: 1.0 X-Mailer: MIME-tools 5.502 (Entity 5.502) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#447 closed by X2Go Release Manager <git-admin@x2go.org> (X2Go issue (in src:x2gobroker) has been marked as closed) Message-ID: <handler.447.c.143480225329306.notifdone@bugs.x2go.org> References: <20150620121014.1C3115DA91@ymir.das-netzwerkteam.de> X-X2go-PR-Keywords: pending X-X2go-PR-Message: they-closed 447 X-X2go-PR-Package: x2gobroker X-X2go-PR-Source: x2gobroker Date: Sat, 20 Jun 2015 12:15:44 +0000 Content-Type: multipart/mixed; boundary="----------=_1434802544-13341-0"
[Message part 1 (text/plain, inline)]
This is an automatic notification regarding your Bug report which was filed against the x2gobroker package: #447: [PATCH] Add support for cookie based auth after initial password auth It has been closed by X2Go Release Manager <git-admin@x2go.org>. Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact X2Go Release Manager <git-admin@x2go.org> by replying to this email. -- X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems
[Message part 2 (message/rfc822, inline)]
From: X2Go Release Manager <git-admin@x2go.org>To: 447-submitter@bugs.x2go.orgCc: control@bugs.x2go.org, 447@bugs.x2go.orgSubject: X2Go issue (in src:x2gobroker) has been marked as closedDate: Sat, 20 Jun 2015 14:10:13 +0200 (CEST)close #447 thanks Hello, we are very hopeful that X2Go issue #447 reported by you has been resolved in the new release (0.0.3.0) of the X2Go source project »src:x2gobroker«. You can view the complete changelog entry of src:x2gobroker (0.0.3.0) below, and you can use the following link to view all the code changes between this and the last release of src:x2gobroker. http://code.x2go.org/gitweb?p=x2gobroker.git;a=commitdiff;h=30c316e66f4173d0e3577fe85817e73f822a479e;hp=81e28ea24b269fb24559d70c462b846cf2f56edd If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2gobroker. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2gobroker Version: 0.0.3.0-0x2go1 Status: RELEASE Date: Sat, 20 Jun 2015 13:58:49 +0200 Fixes: 153 217 275 306 360 379 380 447 449 450 469 470 484 491 493 494 544 545 553 562 665 666 685 686 692 706 716 784 834 835 836 Changes: x2gobroker (0.0.3.0-0x2go1) RELEASED; urgency=low . [ Mike Gabriel ] * New upstream version (0.0.3.0): - Add SSH support to X2Go Session Broker. (Fixes: #153). - Move x2gobroker executable to /usr/bin. - Update x2gobroker man page. - SSH broker: Only allow context change to another user for the magic user (default: x2gobroker). - Fix logrotate script: x2gobroker-wsgi. (Fixes: #275). - Get the cookie based extra-authentication working for SSH mode. - Get the cookie based extra-authentication working for HTTP mode. - Fix output of HTTP based connectivity test. - Do not let the broker crash if an agent is not reachable. Capture X2GoBrokerAgentExceptions when pinging the remote agent. (Fixes: #306). - When calling the agent's suspend_session function, make sure to pass on the remote_agent dictionary. - Provide empty directory /etc/x2go/broker/ssl. - Re-order x2gobroker main file. Move logging further to the back to allow taking command-line options into account. - Modify default x2gobroker-sessionprofiles.conf and provide something that will work with every default setup. - New broker session profile parameter: broker-agent-query-mode. Define agent query methods per session profile. - Rename base broker's use_session_autologin to get_session_autologin. - Fix Python2'isms in three exceptions. Thanks to Mathias Ewald for spotting. - Make test_suite callable via setup.py. - Provide a test function that checks if the basic broker agent setup (SSH private/public key pair) is available. If not, no SSH broker usage will be attempted. - Let a portscan preceed the SSH ping command. This notably reduces timeout duration if the host running the queried broker agent is down). - Catch RequestHandler errors and write them to the error log channel. - Raised verbosity level to INFO for session broker utilities. - Add sanity checks to x2gobroker-pubkeyauthorizer. - Report stderr results to the broker log channel (broker.log). This allows debugging of X2Go Session Broker Agent via the X2Go Session Broker logging instance. (Fixes: #217). - Fix the ping task in x2gobroker-agent.pl, process it without checking the given username. - Fix remote agent detection in case of some agents being down. - Add utils function: matching_hostnames(): test hostname lists for matching hostnames (with/without domain name). - Add fuzzy tolerance when comparing host name lists as found in session profile configuration and as reported by broker agent. - In x2gobroker.conf: describe the manifold ways of providing a second authorized_keys file location in SSH server daemon. Thanks to Stefan Heitmüller for pointing out more recent SSH server's configuration style. - WSGI implementation: keep SCRIPT_NAME in environ, as removing it causes AssertionErrors whenever we trigger a tornado.web.HTTPError. - Add password prompt to x2gobroker-testauth. Password prompt is used if the --password option is not used. - New authentication mechanism: none. Always authenticate a user, even if password is not provided or wrong. - Ship python2.6 asyncore patch (Debian squeeze python2.6 version) in python-x2gobroker's docs folder. - Show correct environment variables in log file prelude when WSGI is used. - Fix check-credentials = false for UCCS web frontend. - Add a start page (,,It works''). - Use IP addresses in apache2 config rather than hostnames. - Add new helper tool: x2gobroker-daemon-debug. - Add man page for x2gobroker-daemon-debug. - WebUI "plain": throw explainative log errors for every 404 http error. - Fix man pages (layout issues on x2gobroker-authservice man page). - Adapt man page installation to moval of x2gobroker(-testauth) from an sbin to a bin directory (executable for any user). - Make the inifile broker backend the default backend. (Fixes: #360). - Support daemonizing of the http broker. - Default to http broker mode when daemonizing the broker. - Support daemonizing of the authservice. - Detect RUNDIR in x2gobroker-authservice and use it for the default location of the authservice socket file. - Detect RUNDIR in x2gobroker Python module and use it for the default location of the authservice socket file. - Let x2gobroker-authservice take care of tidying up its own socket file. - Provide PAM config file for Debian and RHEL separately (as they differ). - Makefile: Clean up x2gobroker-agent binary. - Be more precise in Debian et al. init scripts when checking if the service is already running. - Add JSON WebUI backend for X2Go Session Broker. - JSON WebUI backend renders data of content type "text/json". - Provide configuration alternative to having /etc/defaults/* scripts parsed in by init scripts. Make X2Go Session Broker ready for being run via systemd. - Provide symlink x2gobroker-daemon. - Provide systemd service files for x2gobroker-daemon and x2gobroker-authservice. (Fixes: #379, #380). - Add --drop-privileges feature so that x2gobroker-daemon can drop root privileges when started via systemd. Only drop privileges if x2gobroker(-daemon) is run as uidNumber 0. - Implement dynamic authid for JSON WebUI frontend. Add a generic metadata top level to the JSON output tree. - Store cookies in /var/lib/x2gobroker (path is more appropriate than previously suggested path /var/log/x2gobroker). - Handle selectsessions calls with a non-existent profile ID gracefully. - Session profiles with marker user=BROKER_USER will now auto-fill-in the broker username into the session profile's 'user' option. - Provide tool: x2gobroker-testagent. - Allow for broker clients to send in public SSH keys that the client may use for authentication to X2Go Servers. - broker agent: avoid one option system() calls in Perl. (Fixes: #784). - For user context changes: set the HOME dir of the new user correctly. - Reduce Paramiko/SSH verbosity (logging.ERROR) when connecting to remote broker agents. - Support adding remote broker agent's host keys via the x2gobroker-testagent tool. - If we received an SSH public key from a broker client, mark it as ACCEPTED after we deployed it, so that the client knows that it can its corresponding private key. - Fix https brokerage in x2gobroker-daemon-debug. - Load X2GOBROKER_DAEMON_USER's known_hosts key file before doing remote agent calls. - Fully rewrite agent.py. - Fix broker crashes when no session status is available for certain session profiles. - JSON webUI: run pre and post auth scripts also via this backend. - x2gobroker-daemon: become wrapper script, enable --mode HTTP by default. Provide some intelligence when run as daemon (killing children processes on reception of a SIGTERM, SIGINT, SIGQUIT, EXIT signal). - Rename sections for broker backends in x2gobroker.conf - Make config object of x2gobroker.conf available in authentication mechanism backends. - Fix SSH based broker client. - Fix several failing tests, adapt tests to current code base. - Introduce new global parameter for x2gobroker.conf: my-cookie-file. Allow storing the initial authentication cookie/ID in a read-protected file. - Explicitly set detach_process to True when calling daemon.DaemonContext(). Otherwise the daemons start but don't return to the cmdline prompt. (Fixes: #484). - Change agent API: all functions return a tuple where the first element denotes if the underlying agent call has been successful. - Correctly detect $HOME of the user that runs x2gobroker (including setuid calls via x2gobroker-ssh). - Enforce SSH agent query mode (instead of LOCAL mode) for SSH brokerage (as LOCAL query mode won't work due to a permission koan that has not yet been solved). - Fix interpretation of SSH_CLIENT env variable. - Make x2gobroker-agent usable/installable on non-X2Go server machines. (Fixes: #493). - Provide autologin support for session profiles that have an SSH proxy host configured. (Fixes: #494). - Fix IPv6 binding of the X2Go Session Broker daemon. If no bind port is given via the cmdline, obtain it from other means (via x2gobroker.defaults). - Rename LICENSE file to COPYING. - X2Go Broker Agent: Test if queried username exists on the system before performing the query. - Make sure bind_address and bind_port are correctly detected from /etc/default/x2gobroker-daemon and /etc/x2go/broker/defaults.cfg. - Move split_host_address() code into x2gobroker.utils. - Report to log what the broker agent replied to us. - Provide support for load-balancing to hosts that are all reachable over the same IP address, but different TCP/IP ports (e.g. docker instances or hosts behind a reverse NATed IPv4 gateway). This ended up in a rewrite of the complete selection_session() method of the base broker code. - Use physical host address and port (if provided) for contacting remote broker agent via SSH. - Update README and TODO. - Update copyright holders. Copyright is held only by people who actually contributed to the current code base. - logrotate configs: Rotated logs via "su x2gobroker adm". - Use hostname as hard-coded in server_list (from session profile configuration), don't try to strip off the domain name. - Consolidate x2gobroker.utils.split_host_address() with a test and rewrite completely. - Make sure that without configuration files, the HTTP broker listens to port 8080. - Provide legacy support for deprecated x2gobroker.conf global parameter 'check-credentials'. - Configure broker / authservice environment via .service files. - Load defaults.conf via authservices and for logger configuration, as well. - x2gobroker-authservice: Make sure socket file directory is created before trying to create the socket file itself. - Don't load defaults.conf twice. Only load it when initializing the loggers. - Provide a special PAM configuration file for SUSE systems (identical to the PAM configuration file for Debian). - defaults.conf: Mention X2GOBROKER_DEBUG not only in the global section, but also in the [daemon] and [authservice] section. - x2gobroker-testauth: Don't use hard-coded default backend. Obtain X2GOBROKER_DEFAULT_BACKEND from x2gobroker.defaults instead. - x2gobroker-testauth: Improve help text of --backend option. Display the current backend default. - x2gobroker-authservice: Restructure logging. Enable log messages for authentication requests. - Get several issues around select_session fixed via tests in the broker's backend base.py. - Add tests for broker agent queries. - Fix setting the remote agent's SSH port if the host option is of style "<hostname> (<ip-address>:<port>)". - During select_session: Re-add subdomain (if possible) to the hostname to make sure we can detect the host's <ip-address>:<port> further down in the code. - Properly set (/var)/run/x2gobroker directory permissions when started via systemd. - Fix privilege check for the broker daemon's log directory. - Enable basic/random load-balancing for UCCS broker frontend. Make UCCS frontend aware of host session profile options of the form "host=<fqdn> (<ipaddr>:<port>). - Do a portscan on the remote's SSH port before querying a remote agent via SSH. - Don't return X2Go Servers that are actually down, currently. The X2Go Servers get probed via a short portscan on the remote's SSH port. If that portscan fails, another remote X2Go Server is chosen from the list of available server (if any). This portscanning functionality can be switched off via "default-portscan-x2goservers" in x2gobroker.conf or via "broker-portscan-x2goservers" per session profile. (Fixes: #692). - When load-balancing, switch to chosen server as remote broker agent before deploying SSH keys. - Allow resuming sessions from servers even if one offline server has left bogus in the session DB (plus unit tests). - Fix remote agent detection if one ore more X2Go Servers are offline and hostname does not match host address (plus unit test). - Allow remote agent calls via hostname or host address when using the format "<hostname> (<hostaddr>)" in the session profile. This can be useful if the <hostname> is a valid address on the local network (broker <-> <server> communication), but the host address is valid for clients (client <-> server communication). - Don't check for running/suspended session if the session profile will request a shadowing session. - Disabled broker agent calls and load-balancing for session profiles that will request shadowing sessions. - Mention "usebrokerpass" session profile option in x2gobroker-sessionprofiles.conf. - Provide desktop sharing (shadow session) example in x2gobroker-sessionprofiles.conf. - Makefile: Add installation rules for x2gobroker-loadchecker. - x2gobroker.1: Since systemd there are not only init scripts. Rephrasing man page. - New feature: x2gobroker-loadchecker daemon. (Fixes: #686). - x2gobroker-agent.pl: Use var name server_usage instead of server_load. Reflects better what that var denotes. - agent.py: Completion of several __doc__ strings (missing @return:, @rtype: fields). - X2GoBroker.check_for_sessions(): Fix check for shadow / non-shadow sessions. - x2gobroker.1: Mention x2gobroker-ssh in its man page, differentiate between the different modes (http/ssh) of the x2gobroker application. - Pre-release pyflakes cleanup. - agent.py: Capture login failures in checkload() function. - agent.py: Allow providing a custom logger instance in all functions. - LoadChecker.loadchecker(): Use load checker daemon's logger instance for logging actions taken place in agent.py. - agent.py: Make agent query mode LOCAL behave similar to agent query mode SSH if things go wrong. - agent.py: Set result to None, if SSH connection to broker agent fails. - Calculate our own MemAvailable value in x2gobroker-agent.pl. Only kernels newer than v3.14 offer the MemAvailable: field in /proc/meminfo. - x2gobroker-agent.pl: Fix regexp for detecting number of CPUs and CPU frequency. - x2gobroker-agent.pl: Fall-back CPU detection for virtualized systems (e.g. QEMU hosts). - LoadChecker.loadchecker(): Report about query failures, as well, in query cycle summary. - LoadCheckerServiceHandler(): Add line breaks in per-profile output. Return nothing if the load checker service is unreachable. - agent.py: Let get_servers() return a dictionary with hostnames as keys and number of sessions as values. - Fix X2GoBroker.use_load_checker(): Obtain broker-* option via X2GoBroker.get_profile_broker(), not via X2GoBroker.get_profile(). - Various improvements / fixes for session selection via the load checker daemon. - Adapt tests to new load checker service feature. - Only check for 'load_factors' key in remote_agent dict, if agent query mode is SSH. - Fix detection of running x2gobroker-daemon process in Debian's SystemV init script. - Set default log level to "WARNING", not "DEBUG". - defaults/x2gobroker-logchecker.default: Fix copy+paste errors. - doc/README.x2goclient+broker.getting-started: Mention how to launch PyHoca-GUI in broker mode. - etc/broker/defaults.conf: Fix copy+paste errors. - etc/x2gobroker-wsgi.*.conf: Make host ACLs Apache2.4 compliant. - logrotate/x2gobroker-loadchecker: The loadchecker.log file needs to be owned by user x2gobroker. - rpm/x2gobroker-*.init: Fix copy+paste errors. - man pages: Update date. - If non-load-balanced session profiles reference a non-reachable host, hand-back the system's hostname to X2Go Client / Python X2Go. - Add security notice / disclaimer to x2gbroker.1 man page as suggested by Stefan Baur. (Fixes: #666). - Provide x2gobroker system user public keys to broker agents with SSH options--strongly restricting the key usage--now. Modify x2gobroker- pubkeyauthorizer in a way that it replaces non-option keys with the newly provided optionized/restricted pubkeys. (Fixes: #685). - etc/x2gobroker.conf: Switch over to using dynamic auth cookies by default. - X2GoBroker.get_agent_query_mode(): Immediately return overridden query mode. Avoid logging of the configured query mode. Write the overridden query mode to the logger instance instead. - Don't enforce agent query mode "SSH" for x2gobroker-ssh anymore. - If a single-host is unreachable, return the host address, not the hostname and let X2Go Client release itself, that the host is unreachable. - x2gobroker-loadchecker: Don't freeze if load information for a complete load-balanced server farm is unavailable. - x2gobroker-pubkeyauthorizer: Handle replacement of SSH pubkeys with wrong/ old SSH options. - x2gobroker-agent.pl: Add %U (uidNumber) and %G (primary gidNumber) as further possible substitutions for deriving the full path of the authorized_keys file where X2Go Broker Agent's deploys public SSH user keys to. (Fixes: #665). - agent.py: Use os.fork() instead of threading.Thread() to handle delayed executions of broker agent tasks. This assures that SSH pub keys are removed via the delauthkey broker agent task, if the SSH broker is used. (Fixes: #491). - Add run-optional-script support to SSH broker. - x2gobroker-ssh: When agent query mode is set to LOCAL, Execute x2gobroker-agent via sudo as group "X2GOBROKER_DAEMON_GROUP". (Fixes: #835). - When the x2gobroker-agent command call is shipped via $SSH_ORIGINAL_COMMAND environment var, make sure to strip-off "sh -c" from the command's beginning. - x2gobroker-agent.pl: Fix detection of X2Go's library path (x2gopath lib). - Implement "not-set" value for X2Go Client parameters. If a parameter is set to "not-set", the parameter won't be handed over to X2Go Client. (Fixes: #834, #836). - agent.py: Fix missing "task" parameter for task "ping" against a local broker agent. - Fix task ping when tested via the x2gobroker-testagent script. - Transliterate commands in session profiles to uppercase when checking if the command is supposed to launch a desktop session. * debian/control: + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. + Fix SYNOPSIS texts. + Recommend apache2 and libapache2-mod-wsgi for x2gobroker-wsgi. + Fix position of XS-Python-Version: field. + Rework LONG_DESCRIPTION of bin:package x2gobroker-agent. Imporve line breaks, so that we now have lines that are close to 80 chars long. + Make x2gobroker-daemon a symlink and recognize HTTP mode by the executable's name. + Bump Standards: to 3.9.6. No changes needed. + Add to D (python-x2gobroker): python-urllib3. * debian/copyright: + Update file to match current status quo of upstream source files. * debian/x2gobroker-agent.dirs: + Provide empty log file directory. * debian/x2gobroker-wsgi postinst/postrm: + Make bin:package x2gobroker-wsgi compliant Debian's packaging style of Apache2.4 / Apache2.2. + On package purgal: Disable Apache2 config first and then attempt the removal of the x2gobroker user/group. + Pass $@ to our apacheconf_configure, apacheconf_remove functions to not break apache2-maintscript-helper. * debian/x2gobroker-ssh.postinst: + Assure proper file permissions, owner and group settings for x2gobroker-ssh. * debian/x2gobroker-ssh.prerm: + Drop dpkg-statoverride of /usr/bin/x2gobroker-ssh before package removal. * debian/*.postinst: + Assure that the log directory always exists (no matter what combination of packages got installed). * debian/python-x2gobroker.install: + Install defaults.conf into bin:package python-x2gobroker. * debian/source/format: + Switch to format 1.0. * rpm/*.init: + Provide initscripts that are likely to work on RHEL plus derivatives. * x2gobroker.spec: + Provide x2gobroker.spec file for building RPM packages. Inspired by the packaging work in OpenSuSE. + Split out python-x2gobroker sub-package. + Install Apache2 config symlinks to /etc/httpd (not /etc/apache2). + Make sure x2gobroker-agent wrapper gets installed into x2gobroker-agent sub-package. + Builds for EPEL-7 also have to systemd aware. + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Adapt to building on openSUSE/SLES. + Rework Description: of bin:package x2gobroker-agent. Imporve line breaks, so that we now have lines that are close to 80 chars long. + Add x2gobroker-rpmlintrc file. + Don't package x2gobroker-daemon.1 nor x2gobroker-ssh.1 man pages twice. + On SUSE, we have /etc/apache2, not /etc/httpd. + On SUSE, we have to provide our own python-pampy package (and depend on that). In Fedora and RHEL, the same (upstream) software is named python-pam. (Fixes: #562). + For distro versions with systemd, provide /etc/x2go/broker/defaults.conf. For SysV distro versions, use /etc/defaults/* and source them via the init scripts. + No adm group on non-Debian systems by default. Using root instead on RPM based systems. + For Fedora 22 and beyond explicitly call python2 in all shebangs. + Add to BR: sudo (to have /etc/sudoers.d owned by some package). . [ Josh Lukens ] * New upstream version (0.0.3.0): - Add support for dynamic cookie based auth after initial password auth. (Fixes: #447). - Add support to run pre and post authentication scripts. (Fixes: #449). - Add auth mechanism https_get. (Fixes: #450). - Change pre and post scripts to use common codebase across frontends. (Fixes: #469). - Add ability to have script run in select session after server is selected. - Add basic support for pulling https_get authmech config from configuration file. (Fixes: #470). - Fix typos and host/port mixups in the remote_sshproxy logic. (Fixes: #544). - Make sure find_busy_servers in agent.py returns a tuple (recent API change) to not break profiles with multiple servers. (Fixes: #545). - On session resumption take profile's host list into account. Don't resume sessions the profile has not been configured for. (Fixes: #553). . [ Jason Alavaliant ] * New upstream version (0.0.3.0): - Handle spaces in broker login passwords when authservice is used. (Fixes: #706). - Don't strip off spaces from password strings. (Fixes: #716). . [ Mihai Moldovan ] * x2gobroker.spec: + Change all python-pampy references to python-pam on non-SUSE systems. + Fix %build scriptlet: add missing "done" in while; do; done shell script part. + Don't do a weird escape slash dance in sed's replace command. Simply use another separator. * debian/rules: + Try to call common-binary-indep from common-binary-arch.
[Message part 3 (message/rfc822, inline)]
From: Josh Lukens <jlukens@botch.com>To: submit@bugs.x2go.orgSubject: [PATCH] Add support for cookie based auth after initial password authDate: Wed, 5 Mar 2014 23:39:55 -0500Package: x2gobroker Version: 0.0.2.4 Severity: wishlist --- etc/x2gobroker.conf | 30 +++++++-- x2gobroker/brokers/base_broker.py | 133 +++++++++++++++++++++----------------- x2gobroker/defaults.py | 7 +- x2gobroker/web/json.py | 9 +-- x2gobroker/web/plain.py | 10 ++- x2gobroker/web/uccs.py | 4 +- 6 files changed, 112 insertions(+), 81 deletions(-) diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf index 19ea93b..b8b8974 100644 --- a/etc/x2gobroker.conf +++ b/etc/x2gobroker.conf @@ -24,20 +24,38 @@ [global] -# Allow unauthenticated connections? Then set check-credentials to false. -#check-credentials = true +# Allow unauthenticated connections? Then set both require-password and require-cookie to false. + +# Veriy username/password combination sent by client +#require-password = true # To secure server-client communication the client can start the communication # with a pre-set, agreed on authentication ID. Set the below value to true # to make the X2Go Session Broker require this feature -#require-cookie-auth = false ### NOT-IN-USE-YET +#require-cookie = false # X2Go supports two different cookie authentication modes (static and dynamic). -#use-static-cookie = true ### NOT-IN-USE-YET +# Dynamic cookies send new cookie to client on every request. This could possibly +# cause issues if a client ever tries multiple requests at the same time. +#use-static-cookie = true + +# Once a client is authenticated their password is not revalidated until this +# many seconds have elapsed from their initial authentication. +#auth-timeout = 36000 + +# Client cookies (both static and dynamic) must be stored as local files. +# This is the directory where those files will be stored. Please make sure +# the permissions are set to allow the x2go broker process to write to this directory +#cookie-directory = '/var/log/x2gobroker/cookies' # Every server-client communication (between X2Go Client and broker) has to be -# accompanied by this initial authentication cookie. -#my-cookie = <aaaavveeeerrrrryyyyylooonnnnggggssttrrriiinnnggg> ### NOT-IN-USE-YET +# accompanied by this initial authentication cookie if require-cookie is set above. +# This should be in the format of a UUID. +#my-cookie = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx + +# By default the broker will pin user sessions to the IP address from which they +# origionally authenticate. If you would like to skip that check set this to false. +#verify-ip = true # X2Go Session Broker knows about two output formats: a text/plain based output # and a text/json based output that is compatible with UCCS. The different outputs diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py index 7fb3172..2f7c7ad 100644 --- a/x2gobroker/brokers/base_broker.py +++ b/x2gobroker/brokers/base_broker.py @@ -726,7 +726,7 @@ class X2GoBroker(object): else: return [] - def check_access(self, username='', password='', cookie=None, cookie_only=False): + def check_access(self, username='', password='', ip='', cookie=None): """\ Check if a given user with a given password may gain access to the X2Go session broker. @@ -735,80 +735,95 @@ class X2GoBroker(object): @type username: C{unicode} @param password: a password that authenticates the user against the X2Go session broker @type password: C{unicode} + @param ip: the ip address of the client + @type ip: C{unicode} @param cookie: an extra (static or dynamic) authentication token @type cookie: C{unicode} - @param cookie_only: do only check the auth_cookie, not username/password - @type cookie_only: C{bool} @return: returns C{True} if the authentication has been successful - @rtype: C{bool} + @rtype: C{bool},C{unicode} """ ### FOR INTRANET LOAD BALANCER WE MAY JUST ALLOW ACCESS TO EVERYONE ### This is handled through the config file, normally /etc/x2go/x2gobroker.conf - if not self.config.get_value('global', 'check-credentials'): + if not self.config.get_value('global', 'require-password') and not self.config.get_value('global', 'require-cookie'): logger_broker.debug('base_broker.X2GoBroker.check_access(): access is granted without checking credentials, prevent this in {configfile}'.format(configfile=self.config_file)) - return True + return True,0 elif username == 'check-credentials' and password == 'FALSE': # this catches a validation check from the UCCS web frontend... - return False + return False,0 ### IMPLEMENT YOUR AUTHENTICATION LOGIC IN THE self._do_authenticate(**kwargs) METHOD ### when inheriting from the base.X2GoBroker class. - - access = False - if cookie_only is False: - access = self._do_authenticate(username=username, password=password) - logger_broker.debug('base_broker.X2GoBroker.check_access(): result of authentication check is: {access}'.format(access=access)) - else: - access = True - - ### HANDLING OF DYNAMIC AUTHENTICATION ID HASHES - - # using cookie authentication as extra security? - if self.config.get_value('global', 'require-cookie-auth'): - - if type(cookie) is types.StringType: - cookie = unicode(cookie) - - if self.config.get_value('global', 'use-static-cookie'): - - # evaluate access based on static authentication ID feature - access = access and ( cookie == self.config.get_value('global', 'my-cookie') ) - - else: - - # evaluate access based on dynamic authentication ID feature - if self._dynamic_cookie_map.has_key(username): - access = access and ( cookie == self._dynamic_cookie_map[username] ) - if access: - self._dynamic_cookie_map[username] = uuid.uuid5(namespace=cookie, name=username) - + if type(cookie) is types.StringType: + cookie = unicode(cookie) + + if (((cookie == None) or (cookie == "")) and self.config.get_value('global', 'require-cookie')): + #cookie required but we did not get one - catch wrong cookie case later + logger_broker.debug('base_broker.X2GoBroker.check_access(): cookie required but none given.') + return False, 0 + #check if cookie sent was our preset cookie from config file + next_cookie = self.config.get_value('global', 'my-cookie') + access = (cookie == next_cookie ) + logger_broker.debug('base_broker.X2GoBroker.check_access(): checking if our configured cookie was submitted: {access}'.format(access=access)) + #the require cookie but not password case falls through to returning value of access + + if self.config.get_value('global', 'require-password'): + #using files to store persistant cookie information because global variables do not work across threads in WSGI + import os.path + cookie_directory=self.config.get_value('global', 'cookie-directory') + if(not os.path.isdir(cookie_directory)): + logger_broker.debug('base_broker.X2GoBroker.check_access(): cookie-directory {cookie_directory} does not exist trying to craete it'.format(cookie_directory=cookie_directory)) + try: + os.makedirs(cookie_directory); + except: + logger_broker.warning('base_broker.X2GoBroker.check_access(): could not create cookie-directory {cookie_directory} failing to authenticate'.format(cookie_directory=cookie_directory)) + return False, 0 + if access or cookie == None or cookie == "": + # this should be the first time we have seen this user or they are using old client so verify their passwrd + access = self._do_authenticate(username=username, password=password) + logger_broker.debug('base_broker.X2GoBroker.check_access(): checking for valid password: {access}'.format(access=access)) + + if access: + #create new cookie for this user + #each user gets one or more tuples of IP, time stored as username_UUID files so they can connect from multiple sessions + next_cookie = str(uuid.uuid4()) + fh = open(cookie_directory+"/"+username+"_"+next_cookie,"w") + fh.write('{ip} {time}'.format(ip=ip, time=time.time())) + fh.close() + logger_broker.debug('base_broker.X2GoBroker.check_access(): Giving new cookie: {cookie} to user {username} at ip {ip}'.format(cookie=next_cookie,username=username,ip=ip)) + else: + # there is a cookie but its not ours so its either wrong or subsequent password auth + if os.path.isfile(cookie_directory+"/"+username+"_"+cookie): + logger_broker.debug('base_broker.X2GoBroker.check_access(): found valid auth key for user cookie: {usercookie}'.format(usercookie=username+"_"+cookie)) + fh=open(cookie_directory+"/"+username+"_"+cookie,"r") + origip,origtime= fh.read().split() + fh.close() + os.unlink(cookie_directory+"/"+username+"_"+cookie) + #found cookie - make sure IP and time are good + if self.config.get_value('global', 'verify-ip') and (ip != origip): + logger_broker.debug('base_broker.X2GoBroker.check_access(): IPs differ (new: {ip} old: {origip}) - rejecting user'.format(ip=ip,origip=origip)) + return False, 0 + if (time.time() - float(origtime)) > self.config.get_value('global', 'auth-timeout'): + logger_broker.debug('base_broker.X2GoBroker.check_access(): Too much time elapsed since origional auth - rejecting user') + return False, 0 + if self.config.get_value('global', 'use-static-cookie'): + #if using static cookies keep same cookie as user presented + next_cookie = cookie + else: + #otherwise give them new random cookie + next_cookie = str(uuid.uuid4()) + logger_broker.debug('base_broker.X2GoBroker.check_access(): Giving cookie: {cookie} to ip {ip}'.format(cookie=next_cookie, ip=ip)) + fh = open(cookie_directory+"/"+username+"_"+next_cookie,"w") + fh.write('{ip} {time}'.format(ip=ip, time=origtime)) + fh.close() + access = True else: - access = access and ( cookie == self.config.get_value('global', 'my-cookie') ) - if access: - # generate a first uuid, initialize the dynamic authencation ID security feature - self._dynamic_cookie_map[username] = uuid.uuid4() - - return access - - def get_next_cookie(self, username): - """\ - Get the next expected authentication cookie for the given user name. - - @param username: query next authentication cookie for this user - @type username: C{unicode} - - @return: returns next authentication cookie for the given username, None if no cookie has been generated, yet - @rtype: C{unicode} or C{None} - - """ - try: - return self._dynamic_cookie_map[username] - except KeyError: - return None - + # client sent us an unknown cookie so failing auth + logger_broker.debug('base_broker.X2GoBroker.check_access(): User {username} from {ip} presented cookie {cookie} which is not recognized - rejecting user'.format(username=username, cookie=cookie, ip=ip)) + return False, 0 + return access, next_cookie def get_remote_agent(self, profile_id, exclude_agents=[], ): """\ diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py index e65fd31..9027ed0 100644 --- a/x2gobroker/defaults.py +++ b/x2gobroker/defaults.py @@ -180,9 +180,12 @@ X2GOBROKER_HOME = os.path.normpath(os.path.expanduser('~{broker_uid}'.format(bro # defaults for X2Go Sessino Broker configuration file X2GOBROKER_CONFIG_DEFAULTS = { 'global': { - u'check-credentials': True, - u'require-cookie-auth': False, + u'require-password': True, + u'require-cookie': False, u'use-static-cookie': True, + u'auth-timeout': 36000, + u'cookie-directory': '/var/log/x2gobroker/cookies', + u'verify-ip': True, u'my-cookie': uuid.uuid4(), u'enable-plain-output': True, u'enable-json-output': True, diff --git a/x2gobroker/web/json.py b/x2gobroker/web/json.py index b217050..1f10b31 100644 --- a/x2gobroker/web/json.py +++ b/x2gobroker/web/json.py @@ -119,17 +119,14 @@ class X2GoBrokerWeb(_RequestHandler): output = '' logger_broker.debug ('username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, cookie: {cookie}'.format(username=username, password='XXXXX', task=task, profile_id=profile_id, cookie=cookie)) - if broker_backend.check_access(username=username, password=password, cookie=cookie): + access, next_cookie = broker_backend.check_access(username=username, password=password, ip=ip, cookie=cookie) + if access: ### ### CONFIRM SUCCESSFUL AUTHENTICATION FIRST ### - if global_config['require-cookie-auth'] and not global_config['use-static-cookie']: - - ### FIXME: make up a nice protocol for this, disabled for now - #output += "AUTHID: {authid}<br />".format(authid=broker_backend.get_next_authid(username=data.user)) - pass + ### FIXME: find good way to pass next cookie to client - stored in next_cookie ### ### X2GO BROKER TASKS diff --git a/x2gobroker/web/plain.py b/x2gobroker/web/plain.py index 9d58742..254c9d2 100644 --- a/x2gobroker/web/plain.py +++ b/x2gobroker/web/plain.py @@ -115,17 +115,15 @@ class X2GoBrokerWeb(_RequestHandler): output = '' logger_broker.debug ('username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, cookie: {cookie}'.format(username=username, password='XXXXX', task=task, profile_id=profile_id, cookie=cookie)) - if broker_backend.check_access(username=username, password=password, cookie=cookie): + access, next_cookie = broker_backend.check_access(username=username, password=password, ip=ip, cookie=cookie) + if access: ### ### CONFIRM SUCCESSFUL AUTHENTICATION FIRST ### - if global_config['require-cookie-auth'] and not global_config['use-static-cookie']: - - ### FIXME: make up a nice protocol for this, disabled for now - #output += "AUTHID: {authid}<br />".format(authid=broker_backend.get_next_authid(username=data.user)) - pass + if next_cookie != 0: + output += "AUTHID:{authid}\n".format(authid=next_cookie) output += "Access granted\n" ### diff --git a/x2gobroker/web/uccs.py b/x2gobroker/web/uccs.py index 917704f..87dc64a 100644 --- a/x2gobroker/web/uccs.py +++ b/x2gobroker/web/uccs.py @@ -42,11 +42,11 @@ def credentials_validate(username, password): # from x2gobroker.conf are available here... broker = x2gobroker.brokers.base_broker.X2GoBroker() broker.enable() - access = broker.check_access(username=username, password=password) + access, next_cookie = broker.check_access(username=username, password=password) # UCCS only allows email addresses for remote login if not access and "@" in username: username = username.split('@')[0] - access = broker.check_access(username=username, password=password) + access, next_cookie = broker.check_access(username=username, password=password) if username == 'check-credentials' and password == 'FALSE': username = 'anonymous' return username, access -- 1.8.3.4 (Apple Git-47)
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.