X2Go Bug report logs -
#449
[PATCH] Add support to run pre and post authentication scripts.
Reported by: Josh Lukens <jlukens@botch.com>
Date: Fri, 7 Mar 2014 02:05:01 UTC
Severity: wishlist
Tags: pending
Found in version 0.0.2.4
Fixed in version 0.0.3.0
Done: X2Go Release Manager <git-admin@x2go.org>
Bug is archived. No further changes may be made.
Full log
🔗
View this message in rfc822 format
Package: x2gobroker
Version: 0.0.2.4
Severity: wishlist
Diff is on top of patch in bug 447. This allows for things like logging to external systems, adjusting firewall rules for connecting users, mangling user data for various reasons before returning session info, etc. Follows similar approach to authmech but allows for multiple scripts to run.
---
etc/x2gobroker.conf | 7 +++++++
x2gobroker/defaults.py | 2 ++
x2gobroker/optional_scripts/__init__.py | 20 ++++++++++++++++++++
x2gobroker/optional_scripts/base_script.py | 24 ++++++++++++++++++++++++
x2gobroker/web/plain.py | 25 +++++++++++++++++++++++++
5 files changed, 78 insertions(+)
create mode 100755 x2gobroker/optional_scripts/__init__.py
create mode 100755 x2gobroker/optional_scripts/base_script.py
diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf
index b8b8974..64967a9 100644
--- a/etc/x2gobroker.conf
+++ b/etc/x2gobroker.conf
@@ -48,6 +48,13 @@
# the permissions are set to allow the x2go broker process to write to this directory
#cookie-directory = '/var/log/x2gobroker/cookies'
+# Pre and Post authentication scripts give you the option to run outside scripts
+# or adjust the values of variables for users logging in. Pre scripts run just
+# before user authentication and Post scripts run just after. Set to list of
+# scripts, comma seperated, with no spaces between.
+#pre_auth_scripts =
+#post_auth_scripts =
+
# Every server-client communication (between X2Go Client and broker) has to be
# accompanied by this initial authentication cookie if require-cookie is set above.
# This should be in the format of a UUID.
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index 9027ed0..d4bfaaf 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -186,6 +186,8 @@ X2GOBROKER_CONFIG_DEFAULTS = {
u'auth-timeout': 36000,
u'cookie-directory': '/var/log/x2gobroker/cookies',
u'verify-ip': True,
+ u'pre_auth_scripts': [],
+ u'post_auth_scripts': [],
u'my-cookie': uuid.uuid4(),
u'enable-plain-output': True,
u'enable-json-output': True,
diff --git a/x2gobroker/optional_scripts/__init__.py b/x2gobroker/optional_scripts/__init__.py
new file mode 100755
index 0000000..d3eff3c
--- /dev/null
+++ b/x2gobroker/optional_scripts/__init__.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2012-2014 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de (mailto:mike.gabriel@das-netzwerkteam.de)>
+# Copyright (C) 2012-2014 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de (mailto:oleksandr.shneyder@obviously-nice.de)>
+#
+# X2Go Session Broker is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# X2Go Session Broker is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program; if not, write to the
+# Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
diff --git a/x2gobroker/optional_scripts/base_script.py b/x2gobroker/optional_scripts/base_script.py
new file mode 100755
index 0000000..e284362
--- /dev/null
+++ b/x2gobroker/optional_scripts/base_script.py
@@ -0,0 +1,24 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2012-2014 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de (mailto:mike.gabriel@das-netzwerkteam.de)>
+# Copyright (C) 2012-2014 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de (mailto:oleksandr.shneyder@obviously-nice.de)>
+#
+# X2Go Session Broker is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# X2Go Session Broker is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program; if not, write to the
+# Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
+class X2GoBrokerOptionalScript(object):
+
+ def run_me(self, username, password, task, profile_id, ip, cookie):
+ return username, password, task, profile_id, ip, cookie
diff --git a/x2gobroker/web/plain.py b/x2gobroker/web/plain.py
index 254c9d2..cd623a9 100644
--- a/x2gobroker/web/plain.py
+++ b/x2gobroker/web/plain.py
@@ -114,9 +114,34 @@ class X2GoBrokerWeb(_RequestHandler):
output = ''
+ if len(global_config['pre_auth_scripts']) != 0:
+ for script in global_config['pre_auth_scripts']:
+ try:
+ post_auth_script=None
+ exec("import x2gobroker.optional_scripts.{script}_script".format(script=script))
+ exec("pre_auth_script = x2gobroker.optional_scripts.{script}_script.X2GoBrokerOptionalScript()".format(script=script))
+ logger_broker.debug ('Calling pre-auth script {script} with username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, ip: {ip}, cookie: {cookie}'.format(script=script,username=username, password='XXXXX', task=task, profile_id=profile_id, ip=ip, cookie=cookie))
+ username, password, task, profile_id, ip, cookie = pre_auth_script.run_me(username=username, password=password, task=task, profile_id=profile_id, ip=ip, cookie=cookie)
+ logger_broker.debug ('Pre-auth script {script} finished with username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, ip: {ip}, cookie: {cookie}'.format(script=script,username=username, password='XXXXX', task=task, profile_id=profile_id, ip=ip, cookie=cookie))
+ except ImportError:
+ logger_error.error('No such optional script \'{script}\''.format(script=script))
+
+
logger_broker.debug ('username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, cookie: {cookie}'.format(username=username, password='XXXXX', task=task, profile_id=profile_id, cookie=cookie))
access, next_cookie = broker_backend.check_access(username=username, password=password, ip=ip, cookie=cookie)
if access:
+ if len(global_config['post_auth_scripts']) != 0:
+ for script in global_config['post_auth_scripts']:
+ try:
+ post_auth_script=None
+ exec("import x2gobroker.optional_scripts.{script}_script".format(script=script))
+ exec("post_auth_script = x2gobroker.optional_scripts.{script}_script.X2GoBrokerOptionalScript()".format(script=script))
+ logger_broker.debug ('Calling post-auth script {script} with username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, ip: {ip}, cookie: {cookie}'.format(script=script,username=username, password='XXXXX', task=task, profile_id=profile_id, ip=ip, cookie=cookie))
+ username, password, task, profile_id, ip, cookie = post_auth_script.run_me(username=username, password=password, task=task, profile_id=profile_id, ip=ip, cookie=cookie)
+ logger_broker.debug ('Post-auth script {script} finished with username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, ip: {ip}, cookie: {cookie}'.format(script=script,username=username, password='XXXXX', task=task, profile_id=profile_id, ip=ip, cookie=cookie))
+ except ImportError:
+ logger_error.error('No such optional script \'{script}\''.format(script=script))
+
###
### CONFIRM SUCCESSFUL AUTHENTICATION FIRST
--
1.8.3.4 (Apple Git-47)
Send a report that this bug log contains spam.
X2Go Developers <owner@bugs.x2go.org>.
Last modified:
Thu Nov 21 20:18:12 2024;
Machine Name:
ymir.das-netzwerkteam.de
X2Go Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.