X2Go Bug report logs - #449
[PATCH] Add support to run pre and post authentication scripts.

Full log

🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#449: [PATCH] Add support to run pre and post authentication scripts.
Reply-To: Josh Lukens <jlukens@botch.com>, 449@bugs.x2go.org
Resent-From: Josh Lukens <jlukens@botch.com>
Resent-To: x2go-dev@lists.berlios.de
Resent-CC: X2Go Developers <x2go-dev@lists.berlios.de>
X-Loop: owner@bugs.x2go.org
Resent-Date: Fri, 07 Mar 2014 02:05:01 +0000
Resent-Message-ID: <handler.449.B.13941578331868@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: report 449
X-X2Go-PR-Package: x2gobroker
X-X2Go-PR-Keywords: 
Received: via spool by submit@bugs.x2go.org id=B.13941578331868
          (code B); Fri, 07 Mar 2014 02:05:01 +0000
Received: (at submit) by bugs.x2go.org; 7 Mar 2014 02:03:53 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
	T_FILL_THIS_FORM_SHORT,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from felt.botch.com (felt.botch.com [207.145.43.98])
	by ymir (Postfix) with ESMTP id 8C4DA5DA6C
	for <submit@bugs.x2go.org>; Fri,  7 Mar 2014 03:03:47 +0100 (CET)
Received: from [127.0.0.1] (unknown [192.168.254.1])
	(Authenticated sender: jlukens)
	by felt.botch.com (Postfix) with ESMTP id EDCD21AC0C5
	for <submit@bugs.x2go.org>; Thu,  6 Mar 2014 21:03:35 -0500 (EST)
Date: Thu, 6 Mar 2014 21:03:29 -0500
From: Josh Lukens <jlukens@botch.com>
To: submit@bugs.x2go.org
Message-ID: <412D0A4E81684FFE8037B5C8F7AD7025@botch.com>
X-Mailer: sparrow 1.6.4 (build 1178)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Package: x2gobroker
Version: 0.0.2.4
Severity: wishlist



Diff is on top of patch in bug 447.  This allows for things like logging to external systems, adjusting firewall rules for connecting users, mangling user data for various reasons before returning session info, etc.  Follows similar approach to authmech but allows for multiple scripts to run.

---
etc/x2gobroker.conf | 7 +++++++
x2gobroker/defaults.py | 2 ++
x2gobroker/optional_scripts/__init__.py | 20 ++++++++++++++++++++
x2gobroker/optional_scripts/base_script.py | 24 ++++++++++++++++++++++++
x2gobroker/web/plain.py | 25 +++++++++++++++++++++++++
5 files changed, 78 insertions(+)
create mode 100755 x2gobroker/optional_scripts/__init__.py
create mode 100755 x2gobroker/optional_scripts/base_script.py

diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf
index b8b8974..64967a9 100644
--- a/etc/x2gobroker.conf
+++ b/etc/x2gobroker.conf
@@ -48,6 +48,13 @@
# the permissions are set to allow the x2go broker process to write to this directory
#cookie-directory = '/var/log/x2gobroker/cookies'

+# Pre and Post authentication scripts give you the option to run outside scripts
+# or adjust the values of variables for users logging in. Pre scripts run just
+# before user authentication and Post scripts run just after. Set to list of
+# scripts, comma seperated, with no spaces between.
+#pre_auth_scripts =
+#post_auth_scripts =
+
# Every server-client communication (between X2Go Client and broker) has to be
# accompanied by this initial authentication cookie if require-cookie is set above.
# This should be in the format of a UUID.
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index 9027ed0..d4bfaaf 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -186,6 +186,8 @@ X2GOBROKER_CONFIG_DEFAULTS = {
u'auth-timeout': 36000,
u'cookie-directory': '/var/log/x2gobroker/cookies',
u'verify-ip': True,
+ u'pre_auth_scripts': [],
+ u'post_auth_scripts': [],
u'my-cookie': uuid.uuid4(),
u'enable-plain-output': True,
u'enable-json-output': True,
diff --git a/x2gobroker/optional_scripts/__init__.py b/x2gobroker/optional_scripts/__init__.py
new file mode 100755
index 0000000..d3eff3c
--- /dev/null
+++ b/x2gobroker/optional_scripts/__init__.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2012-2014 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de (mailto:mike.gabriel@das-netzwerkteam.de)>
+# Copyright (C) 2012-2014 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de (mailto:oleksandr.shneyder@obviously-nice.de)>
+#
+# X2Go Session Broker is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# X2Go Session Broker is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program; if not, write to the
+# Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
diff --git a/x2gobroker/optional_scripts/base_script.py b/x2gobroker/optional_scripts/base_script.py
new file mode 100755
index 0000000..e284362
--- /dev/null
+++ b/x2gobroker/optional_scripts/base_script.py
@@ -0,0 +1,24 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2012-2014 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de (mailto:mike.gabriel@das-netzwerkteam.de)>
+# Copyright (C) 2012-2014 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de (mailto:oleksandr.shneyder@obviously-nice.de)>
+#
+# X2Go Session Broker is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# X2Go Session Broker is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program; if not, write to the
+# Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
+class X2GoBrokerOptionalScript(object):
+
+ def run_me(self, username, password, task, profile_id, ip, cookie):
+ return username, password, task, profile_id, ip, cookie
diff --git a/x2gobroker/web/plain.py b/x2gobroker/web/plain.py
index 254c9d2..cd623a9 100644
--- a/x2gobroker/web/plain.py
+++ b/x2gobroker/web/plain.py
@@ -114,9 +114,34 @@ class X2GoBrokerWeb(_RequestHandler):

output = ''

+ if len(global_config['pre_auth_scripts']) != 0:
+ for script in global_config['pre_auth_scripts']:
+ try:
+ post_auth_script=None
+ exec("import x2gobroker.optional_scripts.{script}_script".format(script=script))
+ exec("pre_auth_script = x2gobroker.optional_scripts.{script}_script.X2GoBrokerOptionalScript()".format(script=script))
+ logger_broker.debug ('Calling pre-auth script {script} with username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, ip: {ip}, cookie: {cookie}'.format(script=script,username=username, password='XXXXX', task=task, profile_id=profile_id, ip=ip, cookie=cookie))
+ username, password, task, profile_id, ip, cookie = pre_auth_script.run_me(username=username, password=password, task=task, profile_id=profile_id, ip=ip, cookie=cookie)
+ logger_broker.debug ('Pre-auth script {script} finished with username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, ip: {ip}, cookie: {cookie}'.format(script=script,username=username, password='XXXXX', task=task, profile_id=profile_id, ip=ip, cookie=cookie))
+ except ImportError:
+ logger_error.error('No such optional script \'{script}\''.format(script=script))
+
+
logger_broker.debug ('username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, cookie: {cookie}'.format(username=username, password='XXXXX', task=task, profile_id=profile_id, cookie=cookie))
access, next_cookie = broker_backend.check_access(username=username, password=password, ip=ip, cookie=cookie)
if access:
+ if len(global_config['post_auth_scripts']) != 0:
+ for script in global_config['post_auth_scripts']:
+ try:
+ post_auth_script=None
+ exec("import x2gobroker.optional_scripts.{script}_script".format(script=script))
+ exec("post_auth_script = x2gobroker.optional_scripts.{script}_script.X2GoBrokerOptionalScript()".format(script=script))
+ logger_broker.debug ('Calling post-auth script {script} with username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, ip: {ip}, cookie: {cookie}'.format(script=script,username=username, password='XXXXX', task=task, profile_id=profile_id, ip=ip, cookie=cookie))
+ username, password, task, profile_id, ip, cookie = post_auth_script.run_me(username=username, password=password, task=task, profile_id=profile_id, ip=ip, cookie=cookie)
+ logger_broker.debug ('Post-auth script {script} finished with username: {username}, password: {password}, task: {task}, profile_id: {profile_id}, ip: {ip}, cookie: {cookie}'.format(script=script,username=username, password='XXXXX', task=task, profile_id=profile_id, ip=ip, cookie=cookie))
+ except ImportError:
+ logger_error.error('No such optional script \'{script}\''.format(script=script))
+

###
### CONFIRM SUCCESSFUL AUTHENTICATION FIRST
-- 
1.8.3.4 (Apple Git-47)

Send a report that this bug log contains spam.