From unknown Tue Mar 19 09:54:41 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#553: Session resume doesn't take profile's host list into account Reply-To: Josh Lukens , 553@bugs.x2go.org Resent-From: Josh Lukens Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Fri, 18 Jul 2014 01:55:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: report 553 X-X2Go-PR-Package: x2gobroker X-X2Go-PR-Keywords: Received: via spool by submit@bugs.x2go.org id=B.140564837123419 (code B); Fri, 18 Jul 2014 01:55:01 +0000 Received: (at submit) by bugs.x2go.org; 18 Jul 2014 01:52:51 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=ham version=3.3.2 Received: from felt.botch.com (felt.botch.com [207.145.43.98]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 514125DB2C for ; Fri, 18 Jul 2014 03:52:50 +0200 (CEST) Received: from [127.0.0.1] (unknown [192.168.254.1]) (Authenticated sender: jlukens) by felt.botch.com (Postfix) with ESMTP id 717B11AC0CB for ; Thu, 17 Jul 2014 21:52:48 -0400 (EDT) Date: Thu, 17 Jul 2014 21:52:49 -0400 From: Josh Lukens To: submit@bugs.x2go.org Message-ID: X-Mailer: sparrow 1.6.4 (build 1178) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="53c87df1_25e45d32_2b2" --53c87df1_25e45d32_2b2 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Package: x2gobroker Version: 0.0.3.0 Severity: normal When a broker has multiple profiles with mutually exclusive host lists but a shared database session state is appropriately sent to the client when listing sessions but if a user attempts to select a non-suspended profile the suspended (different) profile will be resumed instead. Draft patch attached which filters both load balancing decisions and resume decisions based on server_list for selected profile. Patch is really only a handful of lines but indentation of other lines bloats diff. --53c87df1_25e45d32_2b2 Content-Type: application/octet-stream Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="resume.patch" ZGlmZiAtLWdpdCBhL3gyZ29icm9rZXIvYnJva2Vycy9iYXNlX2Jyb2tlci5weSBiL3gyZ29icm9r ZXIvYnJva2Vycy9iYXNlX2Jyb2tlci5weQppbmRleCBlOTJjN2Q4Li43M2QwZTgyIDEwMDY0NAot LS0gYS94MmdvYnJva2VyL2Jyb2tlcnMvYmFzZV9icm9rZXIucHkKKysrIGIveDJnb2Jyb2tlci9i cm9rZXJzL2Jhc2VfYnJva2VyLnB5CkBAIC0xMTA1LDYgKzExMDUsMTAgQEAgY2xhc3MgWDJHb0Jy b2tlcihvYmplY3QpOgogICAgICAgICAgICAgICAgICAgICBpZiBzZXJ2ZXIgbm90IGluIGJ1c3lf c2VydmVycy5rZXlzKCk6CiAgICAgICAgICAgICAgICAgICAgICAgICBidXN5X3NlcnZlcnNbc2Vy dmVyXSA9IDAKIAorICAgICAgICAgICAgICAgIGZvciBzZXJ2ZXIgaW4gYnVzeV9zZXJ2ZXJzLmtl eXMoKToKKyAgICAgICAgICAgICAgICAgICAgaWYgc2VydmVyIG5vdCBpbiBzZXJ2ZXJfbGlzdDoK KyAgICAgICAgICAgICAgICAgICAgICAgIGRlbCBidXN5X3NlcnZlcnNbc2VydmVyXQorCiAgICAg ICAgICAgICAgICAgYnVzeV9zZXJ2ZXJfbGlzdCA9IFsgKGxvYWQsIHNlcnZlcikgZm9yIHNlcnZl ciwgbG9hZCBpbiBidXN5X3NlcnZlcnMuaXRlbXMoKSBdCiAgICAgICAgICAgICAgICAgYnVzeV9z ZXJ2ZXJfbGlzdC5zb3J0KCkKIApAQCAtMTE0NywzMiArMTE1MSwzNSBAQCBjbGFzcyBYMkdvQnJv a2VyKG9iamVjdCk6CiAgICAgICAgICAgICAgICAgICAgIHJ1bm5pbmdfc2Vzc2lvbnMgPSBbXQog ICAgICAgICAgICAgICAgICAgICBzdXNwZW5kZWRfc2Vzc2lvbnMgPSBbXQogICAgICAgICAgICAg ICAgICAgICBmb3Igc2Vzc2lvbl9pbmZvIGluIHNlc3Npb25fbGlzdDoKLSAgICAgICAgICAgICAg ICAgICAgICAgIGlmIHNlc3Npb25faW5mby5zcGxpdCgnfCcpWzRdID09ICdSJzoKLSAgICAgICAg ICAgICAgICAgICAgICAgICAgICBydW5uaW5nX3Nlc3Npb25zLmFwcGVuZChzZXNzaW9uX2luZm8p Ci0gICAgICAgICAgICAgICAgICAgICAgICBpZiBzZXNzaW9uX2luZm8uc3BsaXQoJ3wnKVs0XSA9 PSAnUyc6Ci0gICAgICAgICAgICAgICAgICAgICAgICAgICAgc3VzcGVuZGVkX3Nlc3Npb25zLmFw cGVuZChzZXNzaW9uX2luZm8pCi0KLSAgICAgICAgICAgICAgICAgICAgIyB3ZSBwcmVmZXIgc3Vz cGVuZGVkIHNlc3Npb25zIGZvciByZXN1bWluZyBpZiB3ZSBmaW5kIHNlc3Npb25zIHdpdGggYm90 aCBzdGF0ZXMgb2YgYWN0aXZpdHkKLSAgICAgICAgICAgICAgICAgICAgaWYgc3VzcGVuZGVkX3Nl c3Npb25zOgotICAgICAgICAgICAgICAgICAgICAgICAgc2Vzc2lvbl9pbmZvID0gc3VzcGVuZGVk X3Nlc3Npb25zWzBdCi0gICAgICAgICAgICAgICAgICAgIGVsc2U6Ci0gICAgICAgICAgICAgICAg ICAgICAgICBzZXNzaW9uX2luZm8gPSBydW5uaW5nX3Nlc3Npb25zWzBdCi0gICAgICAgICAgICAg ICAgICAgICAgICB4MmdvYnJva2VyLmFnZW50LnN1c3BlbmRfc2Vzc2lvbih1c2VybmFtZT11c2Vy bmFtZSwgc2Vzc2lvbl9uYW1lPXNlc3Npb25faW5mby5zcGxpdCgnfCcpWzFdLCByZW1vdGVfYWdl bnQ9cmVtb3RlX2FnZW50KQotICAgICAgICAgICAgICAgICAgICAgICAgIyB0aGlzIGlzIHRoZSB0 dXJuLWFyb3VuZCBpbiB4MmdvY2xlYW5zZXNzaW9ucywgc28gd2FpdGluZyBhcyBhbG9uZyBhcyB0 aGUgZGFlbW9uIHRoYXQgd2lsbCBzdXNwZW5kIHRoZSBzZXNzaW9uCi0gICAgICAgICAgICAgICAg ICAgICAgICB0aW1lLnNsZWVwKDIpCi0gICAgICAgICAgICAgICAgICAgICAgICBzZXNzaW9uX2lu Zm8gPSBzZXNzaW9uX2luZm8ucmVwbGFjZSgnfFJ8JywgJ3xTfCcpCi0gICAgICAgICAgICAgICAg ICAgIHNlcnZlcl9uYW1lID0gc2Vzc2lvbl9pbmZvLnNwbGl0KCd8JylbM10KLQotICAgICAgICAg ICAgICAgICAgICAjIGlmIHdlIGhhdmUgYW4gZXhwbGljaXQgSVAgYWRkcmVzcyBmb3Igc2VydmVy X25hbWUsIGxldCdzIHVzZSB0aGF0IGluc3RlYWQuLi4KLSAgICAgICAgICAgICAgICAgICAgdHJ5 OgotICAgICAgICAgICAgICAgICAgICAgICAgc2VydmVyX25hbWUgPSBwcm9maWxlWydob3N0PXto b3N0bmFtZX0nLmZvcm1hdChob3N0bmFtZT1zZXJ2ZXJfbmFtZSldCi0gICAgICAgICAgICAgICAg ICAgIGV4Y2VwdCBLZXlFcnJvcjoKLSAgICAgICAgICAgICAgICAgICAgICAgIHBhc3MKLQotICAg ICAgICAgICAgICAgICAgICBzZWxlY3RlZF9zZXNzaW9uLnVwZGF0ZSh7Ci0gICAgICAgICAgICAg ICAgICAgICAgICAnc2VydmVyJzogc2VydmVyX25hbWUsCi0gICAgICAgICAgICAgICAgICAgICAg ICAnc2Vzc2lvbl9pbmZvJzogc2Vzc2lvbl9pbmZvLAotICAgICAgICAgICAgICAgICAgICB9KQor ICAgICAgICAgICAgICAgICAgICAgICAgbXlob3N0LG15ZG9tYWluID0gc2Vzc2lvbl9pbmZvLnNw bGl0KCd8JylbM10uc3BsaXQoJy4nLCAxKQorICAgICAgICAgICAgICAgICAgICAgICAgaWYgbXlo b3N0IGluIHNlcnZlcl9saXN0OgorICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmIHNlc3Np b25faW5mby5zcGxpdCgnfCcpWzRdID09ICdSJzoKKyAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgcnVubmluZ19zZXNzaW9ucy5hcHBlbmQoc2Vzc2lvbl9pbmZvKQorICAgICAgICAgICAg ICAgICAgICAgICAgICAgIGlmIHNlc3Npb25faW5mby5zcGxpdCgnfCcpWzRdID09ICdTJzoKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3VzcGVuZGVkX3Nlc3Npb25zLmFwcGVuZChz ZXNzaW9uX2luZm8pCisKKyAgICAgICAgICAgICAgICAgICAgaWYgc3VzcGVuZGVkX3Nlc3Npb25z IG9yIHJ1bm5pbmdfc2Vzc2lvbnM6CisgICAgICAgICAgICAgICAgICAgICAgICAjIHdlIHByZWZl ciBzdXNwZW5kZWQgc2Vzc2lvbnMgZm9yIHJlc3VtaW5nIGlmIHdlIGZpbmQgc2Vzc2lvbnMgd2l0 aCBib3RoIHN0YXRlcyBvZiBhY3Rpdml0eQorICAgICAgICAgICAgICAgICAgICAgICAgaWYgc3Vz cGVuZGVkX3Nlc3Npb25zOgorICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNlc3Npb25faW5m byA9IHN1c3BlbmRlZF9zZXNzaW9uc1swXQorICAgICAgICAgICAgICAgICAgICAgICAgZWxzZToK KyAgICAgICAgICAgICAgICAgICAgICAgICAgICBzZXNzaW9uX2luZm8gPSBydW5uaW5nX3Nlc3Np b25zWzBdCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgeDJnb2Jyb2tlci5hZ2VudC5zdXNw ZW5kX3Nlc3Npb24odXNlcm5hbWU9dXNlcm5hbWUsIHNlc3Npb25fbmFtZT1zZXNzaW9uX2luZm8u c3BsaXQoJ3wnKVsxXSwgcmVtb3RlX2FnZW50PXJlbW90ZV9hZ2VudCkKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAjIHRoaXMgaXMgdGhlIHR1cm4tYXJvdW5kIGluIHgyZ29jbGVhbnNlc3Np b25zLCBzbyB3YWl0aW5nIGFzIGFsb25nIGFzIHRoZSBkYWVtb24gdGhhdCB3aWxsIHN1c3BlbmQg dGhlIHNlc3Npb24KKyAgICAgICAgICAgICAgICAgICAgICAgICAgICB0aW1lLnNsZWVwKDIpCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Vzc2lvbl9pbmZvID0gc2Vzc2lvbl9pbmZvLnJl cGxhY2UoJ3xSfCcsICd8U3wnKQorICAgICAgICAgICAgICAgICAgICAgICAgc2VydmVyX25hbWUg PSBzZXNzaW9uX2luZm8uc3BsaXQoJ3wnKVszXQorCisgICAgICAgICAgICAgICAgICAgICAgICAj IGlmIHdlIGhhdmUgYW4gZXhwbGljaXQgSVAgYWRkcmVzcyBmb3Igc2VydmVyX25hbWUsIGxldCdz IHVzZSB0aGF0IGluc3RlYWQuLi4KKyAgICAgICAgICAgICAgICAgICAgICAgIHRyeToKKyAgICAg ICAgICAgICAgICAgICAgICAgICAgICBzZXJ2ZXJfbmFtZSA9IHByb2ZpbGVbJ2hvc3Q9e2hvc3Ru YW1lfScuZm9ybWF0KGhvc3RuYW1lPXNlcnZlcl9uYW1lKV0KKyAgICAgICAgICAgICAgICAgICAg ICAgIGV4Y2VwdCBLZXlFcnJvcjoKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICBwYXNzCisK KyAgICAgICAgICAgICAgICAgICAgICAgIHNlbGVjdGVkX3Nlc3Npb24udXBkYXRlKHsKKyAgICAg ICAgICAgICAgICAgICAgICAgICAgICAnc2VydmVyJzogc2VydmVyX25hbWUsCisgICAgICAgICAg ICAgICAgICAgICAgICAgICAgJ3Nlc3Npb25faW5mbyc6IHNlc3Npb25faW5mbywKKyAgICAgICAg ICAgICAgICAgICAgICAgIH0pCiAKICAgICAgICAgICAgICAgICBleGNlcHQgSW5kZXhFcnJvcjoK IAo= --53c87df1_25e45d32_2b2-- From unknown Tue Mar 19 09:54:41 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#553: X2Go issue (in src:x2gobroker) has been marked as pending for release Reply-To: Mike Gabriel , 553@bugs.x2go.org Resent-From: Mike Gabriel Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Thu, 11 Sep 2014 22:35:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 553 X-X2Go-PR-Package: x2gobroker X-X2Go-PR-Keywords: Received: via spool by 553-submit@bugs.x2go.org id=B553.141047464721298 (code B ref 553); Thu, 11 Sep 2014 22:35:02 +0000 Received: (at 553) by bugs.x2go.org; 11 Sep 2014 22:30:47 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 69B5B5DEAB; Fri, 12 Sep 2014 00:30:28 +0200 (CEST) From: Mike Gabriel To: 553-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 553@bugs.x2go.org Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Mailer: http://snipr.com/post-receive-tag-pending Message-Id: <20140911223028.69B5B5DEAB@ymir.das-netzwerkteam.de> Date: Fri, 12 Sep 2014 00:30:28 +0200 (CEST) tag #553 pending fixed #553 0.0.3.0 thanks Hello, X2Go issue #553 (src:x2gobroker) reported by you has been fixed in X2Go Git. You can see the changelog below, and you can check the diff of the fix at: http://code.x2go.org/gitweb?p=x2gobroker.git;a=commitdiff;h=214ddad The issue will most likely be fixed in src:x2gobroker (0.0.3.0). light+love X2Go Git Admin (on behalf of the sender of this mail) --- commit 214ddadd62b6d5ba0e6b2e9dbd38563bbbc9f233 Author: Mike Gabriel Date: Thu Sep 11 23:59:47 2014 +0200 On session resumption take profile's host list into account. Don't resume sessions the profile has not been configured for. (Fixes: #553). diff --git a/debian/changelog b/debian/changelog index 4f207a1..cfe0cf4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -199,6 +199,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low - Fix typos and host/port mixups in the remote_sshproxy logic. (Fixes: #544). - Make sure find_busy_servers in agent.py returns a tuple (recent API change) to not break profiles with multiple servers. (Fixes: #545). + - On session resumption take profile's host list into account. Don't resume + sessions the profile has not been configured for. (Fixes: #553). -- Mike Gabriel Fri, 07 Jun 2013 23:25:30 +0200 From unknown Tue Mar 19 09:54:41 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#553: X2Go issue (in src:x2gobroker) has been marked as closed Reply-To: X2Go Release Manager , 553@bugs.x2go.org Resent-From: X2Go Release Manager Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Sat, 20 Jun 2015 12:15:23 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 553 X-X2Go-PR-Package: x2gobroker X-X2Go-PR-Keywords: pending Received: via spool by 553-submit@bugs.x2go.org id=B553.143480231529720 (code B ref 553); Sat, 20 Jun 2015 12:15:23 +0000 Received: (at 553) by bugs.x2go.org; 20 Jun 2015 12:11:55 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 66FC95DAA3; Sat, 20 Jun 2015 14:10:25 +0200 (CEST) From: X2Go Release Manager To: 553-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 553@bugs.x2go.org Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20150620121025.66FC95DAA3@ymir.das-netzwerkteam.de> Date: Sat, 20 Jun 2015 14:10:25 +0200 (CEST) close #553 thanks Hello, we are very hopeful that X2Go issue #553 reported by you has been resolved in the new release (0.0.3.0) of the X2Go source project »src:x2gobroker«. You can view the complete changelog entry of src:x2gobroker (0.0.3.0) below, and you can use the following link to view all the code changes between this and the last release of src:x2gobroker. http://code.x2go.org/gitweb?p=x2gobroker.git;a=commitdiff;h=30c316e66f4173d0e3577fe85817e73f822a479e;hp=81e28ea24b269fb24559d70c462b846cf2f56edd If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2gobroker. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2gobroker Version: 0.0.3.0-0x2go1 Status: RELEASE Date: Sat, 20 Jun 2015 13:58:49 +0200 Fixes: 153 217 275 306 360 379 380 447 449 450 469 470 484 491 493 494 544 545 553 562 665 666 685 686 692 706 716 784 834 835 836 Changes: x2gobroker (0.0.3.0-0x2go1) RELEASED; urgency=low . [ Mike Gabriel ] * New upstream version (0.0.3.0): - Add SSH support to X2Go Session Broker. (Fixes: #153). - Move x2gobroker executable to /usr/bin. - Update x2gobroker man page. - SSH broker: Only allow context change to another user for the magic user (default: x2gobroker). - Fix logrotate script: x2gobroker-wsgi. (Fixes: #275). - Get the cookie based extra-authentication working for SSH mode. - Get the cookie based extra-authentication working for HTTP mode. - Fix output of HTTP based connectivity test. - Do not let the broker crash if an agent is not reachable. Capture X2GoBrokerAgentExceptions when pinging the remote agent. (Fixes: #306). - When calling the agent's suspend_session function, make sure to pass on the remote_agent dictionary. - Provide empty directory /etc/x2go/broker/ssl. - Re-order x2gobroker main file. Move logging further to the back to allow taking command-line options into account. - Modify default x2gobroker-sessionprofiles.conf and provide something that will work with every default setup. - New broker session profile parameter: broker-agent-query-mode. Define agent query methods per session profile. - Rename base broker's use_session_autologin to get_session_autologin. - Fix Python2'isms in three exceptions. Thanks to Mathias Ewald for spotting. - Make test_suite callable via setup.py. - Provide a test function that checks if the basic broker agent setup (SSH private/public key pair) is available. If not, no SSH broker usage will be attempted. - Let a portscan preceed the SSH ping command. This notably reduces timeout duration if the host running the queried broker agent is down). - Catch RequestHandler errors and write them to the error log channel. - Raised verbosity level to INFO for session broker utilities. - Add sanity checks to x2gobroker-pubkeyauthorizer. - Report stderr results to the broker log channel (broker.log). This allows debugging of X2Go Session Broker Agent via the X2Go Session Broker logging instance. (Fixes: #217). - Fix the ping task in x2gobroker-agent.pl, process it without checking the given username. - Fix remote agent detection in case of some agents being down. - Add utils function: matching_hostnames(): test hostname lists for matching hostnames (with/without domain name). - Add fuzzy tolerance when comparing host name lists as found in session profile configuration and as reported by broker agent. - In x2gobroker.conf: describe the manifold ways of providing a second authorized_keys file location in SSH server daemon. Thanks to Stefan Heitmüller for pointing out more recent SSH server's configuration style. - WSGI implementation: keep SCRIPT_NAME in environ, as removing it causes AssertionErrors whenever we trigger a tornado.web.HTTPError. - Add password prompt to x2gobroker-testauth. Password prompt is used if the --password option is not used. - New authentication mechanism: none. Always authenticate a user, even if password is not provided or wrong. - Ship python2.6 asyncore patch (Debian squeeze python2.6 version) in python-x2gobroker's docs folder. - Show correct environment variables in log file prelude when WSGI is used. - Fix check-credentials = false for UCCS web frontend. - Add a start page (,,It works''). - Use IP addresses in apache2 config rather than hostnames. - Add new helper tool: x2gobroker-daemon-debug. - Add man page for x2gobroker-daemon-debug. - WebUI "plain": throw explainative log errors for every 404 http error. - Fix man pages (layout issues on x2gobroker-authservice man page). - Adapt man page installation to moval of x2gobroker(-testauth) from an sbin to a bin directory (executable for any user). - Make the inifile broker backend the default backend. (Fixes: #360). - Support daemonizing of the http broker. - Default to http broker mode when daemonizing the broker. - Support daemonizing of the authservice. - Detect RUNDIR in x2gobroker-authservice and use it for the default location of the authservice socket file. - Detect RUNDIR in x2gobroker Python module and use it for the default location of the authservice socket file. - Let x2gobroker-authservice take care of tidying up its own socket file. - Provide PAM config file for Debian and RHEL separately (as they differ). - Makefile: Clean up x2gobroker-agent binary. - Be more precise in Debian et al. init scripts when checking if the service is already running. - Add JSON WebUI backend for X2Go Session Broker. - JSON WebUI backend renders data of content type "text/json". - Provide configuration alternative to having /etc/defaults/* scripts parsed in by init scripts. Make X2Go Session Broker ready for being run via systemd. - Provide symlink x2gobroker-daemon. - Provide systemd service files for x2gobroker-daemon and x2gobroker-authservice. (Fixes: #379, #380). - Add --drop-privileges feature so that x2gobroker-daemon can drop root privileges when started via systemd. Only drop privileges if x2gobroker(-daemon) is run as uidNumber 0. - Implement dynamic authid for JSON WebUI frontend. Add a generic metadata top level to the JSON output tree. - Store cookies in /var/lib/x2gobroker (path is more appropriate than previously suggested path /var/log/x2gobroker). - Handle selectsessions calls with a non-existent profile ID gracefully. - Session profiles with marker user=BROKER_USER will now auto-fill-in the broker username into the session profile's 'user' option. - Provide tool: x2gobroker-testagent. - Allow for broker clients to send in public SSH keys that the client may use for authentication to X2Go Servers. - broker agent: avoid one option system() calls in Perl. (Fixes: #784). - For user context changes: set the HOME dir of the new user correctly. - Reduce Paramiko/SSH verbosity (logging.ERROR) when connecting to remote broker agents. - Support adding remote broker agent's host keys via the x2gobroker-testagent tool. - If we received an SSH public key from a broker client, mark it as ACCEPTED after we deployed it, so that the client knows that it can its corresponding private key. - Fix https brokerage in x2gobroker-daemon-debug. - Load X2GOBROKER_DAEMON_USER's known_hosts key file before doing remote agent calls. - Fully rewrite agent.py. - Fix broker crashes when no session status is available for certain session profiles. - JSON webUI: run pre and post auth scripts also via this backend. - x2gobroker-daemon: become wrapper script, enable --mode HTTP by default. Provide some intelligence when run as daemon (killing children processes on reception of a SIGTERM, SIGINT, SIGQUIT, EXIT signal). - Rename sections for broker backends in x2gobroker.conf - Make config object of x2gobroker.conf available in authentication mechanism backends. - Fix SSH based broker client. - Fix several failing tests, adapt tests to current code base. - Introduce new global parameter for x2gobroker.conf: my-cookie-file. Allow storing the initial authentication cookie/ID in a read-protected file. - Explicitly set detach_process to True when calling daemon.DaemonContext(). Otherwise the daemons start but don't return to the cmdline prompt. (Fixes: #484). - Change agent API: all functions return a tuple where the first element denotes if the underlying agent call has been successful. - Correctly detect $HOME of the user that runs x2gobroker (including setuid calls via x2gobroker-ssh). - Enforce SSH agent query mode (instead of LOCAL mode) for SSH brokerage (as LOCAL query mode won't work due to a permission koan that has not yet been solved). - Fix interpretation of SSH_CLIENT env variable. - Make x2gobroker-agent usable/installable on non-X2Go server machines. (Fixes: #493). - Provide autologin support for session profiles that have an SSH proxy host configured. (Fixes: #494). - Fix IPv6 binding of the X2Go Session Broker daemon. If no bind port is given via the cmdline, obtain it from other means (via x2gobroker.defaults). - Rename LICENSE file to COPYING. - X2Go Broker Agent: Test if queried username exists on the system before performing the query. - Make sure bind_address and bind_port are correctly detected from /etc/default/x2gobroker-daemon and /etc/x2go/broker/defaults.cfg. - Move split_host_address() code into x2gobroker.utils. - Report to log what the broker agent replied to us. - Provide support for load-balancing to hosts that are all reachable over the same IP address, but different TCP/IP ports (e.g. docker instances or hosts behind a reverse NATed IPv4 gateway). This ended up in a rewrite of the complete selection_session() method of the base broker code. - Use physical host address and port (if provided) for contacting remote broker agent via SSH. - Update README and TODO. - Update copyright holders. Copyright is held only by people who actually contributed to the current code base. - logrotate configs: Rotated logs via "su x2gobroker adm". - Use hostname as hard-coded in server_list (from session profile configuration), don't try to strip off the domain name. - Consolidate x2gobroker.utils.split_host_address() with a test and rewrite completely. - Make sure that without configuration files, the HTTP broker listens to port 8080. - Provide legacy support for deprecated x2gobroker.conf global parameter 'check-credentials'. - Configure broker / authservice environment via .service files. - Load defaults.conf via authservices and for logger configuration, as well. - x2gobroker-authservice: Make sure socket file directory is created before trying to create the socket file itself. - Don't load defaults.conf twice. Only load it when initializing the loggers. - Provide a special PAM configuration file for SUSE systems (identical to the PAM configuration file for Debian). - defaults.conf: Mention X2GOBROKER_DEBUG not only in the global section, but also in the [daemon] and [authservice] section. - x2gobroker-testauth: Don't use hard-coded default backend. Obtain X2GOBROKER_DEFAULT_BACKEND from x2gobroker.defaults instead. - x2gobroker-testauth: Improve help text of --backend option. Display the current backend default. - x2gobroker-authservice: Restructure logging. Enable log messages for authentication requests. - Get several issues around select_session fixed via tests in the broker's backend base.py. - Add tests for broker agent queries. - Fix setting the remote agent's SSH port if the host option is of style " (:)". - During select_session: Re-add subdomain (if possible) to the hostname to make sure we can detect the host's : further down in the code. - Properly set (/var)/run/x2gobroker directory permissions when started via systemd. - Fix privilege check for the broker daemon's log directory. - Enable basic/random load-balancing for UCCS broker frontend. Make UCCS frontend aware of host session profile options of the form "host= (:). - Do a portscan on the remote's SSH port before querying a remote agent via SSH. - Don't return X2Go Servers that are actually down, currently. The X2Go Servers get probed via a short portscan on the remote's SSH port. If that portscan fails, another remote X2Go Server is chosen from the list of available server (if any). This portscanning functionality can be switched off via "default-portscan-x2goservers" in x2gobroker.conf or via "broker-portscan-x2goservers" per session profile. (Fixes: #692). - When load-balancing, switch to chosen server as remote broker agent before deploying SSH keys. - Allow resuming sessions from servers even if one offline server has left bogus in the session DB (plus unit tests). - Fix remote agent detection if one ore more X2Go Servers are offline and hostname does not match host address (plus unit test). - Allow remote agent calls via hostname or host address when using the format " ()" in the session profile. This can be useful if the is a valid address on the local network (broker <-> communication), but the host address is valid for clients (client <-> server communication). - Don't check for running/suspended session if the session profile will request a shadowing session. - Disabled broker agent calls and load-balancing for session profiles that will request shadowing sessions. - Mention "usebrokerpass" session profile option in x2gobroker-sessionprofiles.conf. - Provide desktop sharing (shadow session) example in x2gobroker-sessionprofiles.conf. - Makefile: Add installation rules for x2gobroker-loadchecker. - x2gobroker.1: Since systemd there are not only init scripts. Rephrasing man page. - New feature: x2gobroker-loadchecker daemon. (Fixes: #686). - x2gobroker-agent.pl: Use var name server_usage instead of server_load. Reflects better what that var denotes. - agent.py: Completion of several __doc__ strings (missing @return:, @rtype: fields). - X2GoBroker.check_for_sessions(): Fix check for shadow / non-shadow sessions. - x2gobroker.1: Mention x2gobroker-ssh in its man page, differentiate between the different modes (http/ssh) of the x2gobroker application. - Pre-release pyflakes cleanup. - agent.py: Capture login failures in checkload() function. - agent.py: Allow providing a custom logger instance in all functions. - LoadChecker.loadchecker(): Use load checker daemon's logger instance for logging actions taken place in agent.py. - agent.py: Make agent query mode LOCAL behave similar to agent query mode SSH if things go wrong. - agent.py: Set result to None, if SSH connection to broker agent fails. - Calculate our own MemAvailable value in x2gobroker-agent.pl. Only kernels newer than v3.14 offer the MemAvailable: field in /proc/meminfo. - x2gobroker-agent.pl: Fix regexp for detecting number of CPUs and CPU frequency. - x2gobroker-agent.pl: Fall-back CPU detection for virtualized systems (e.g. QEMU hosts). - LoadChecker.loadchecker(): Report about query failures, as well, in query cycle summary. - LoadCheckerServiceHandler(): Add line breaks in per-profile output. Return nothing if the load checker service is unreachable. - agent.py: Let get_servers() return a dictionary with hostnames as keys and number of sessions as values. - Fix X2GoBroker.use_load_checker(): Obtain broker-* option via X2GoBroker.get_profile_broker(), not via X2GoBroker.get_profile(). - Various improvements / fixes for session selection via the load checker daemon. - Adapt tests to new load checker service feature. - Only check for 'load_factors' key in remote_agent dict, if agent query mode is SSH. - Fix detection of running x2gobroker-daemon process in Debian's SystemV init script. - Set default log level to "WARNING", not "DEBUG". - defaults/x2gobroker-logchecker.default: Fix copy+paste errors. - doc/README.x2goclient+broker.getting-started: Mention how to launch PyHoca-GUI in broker mode. - etc/broker/defaults.conf: Fix copy+paste errors. - etc/x2gobroker-wsgi.*.conf: Make host ACLs Apache2.4 compliant. - logrotate/x2gobroker-loadchecker: The loadchecker.log file needs to be owned by user x2gobroker. - rpm/x2gobroker-*.init: Fix copy+paste errors. - man pages: Update date. - If non-load-balanced session profiles reference a non-reachable host, hand-back the system's hostname to X2Go Client / Python X2Go. - Add security notice / disclaimer to x2gbroker.1 man page as suggested by Stefan Baur. (Fixes: #666). - Provide x2gobroker system user public keys to broker agents with SSH options--strongly restricting the key usage--now. Modify x2gobroker- pubkeyauthorizer in a way that it replaces non-option keys with the newly provided optionized/restricted pubkeys. (Fixes: #685). - etc/x2gobroker.conf: Switch over to using dynamic auth cookies by default. - X2GoBroker.get_agent_query_mode(): Immediately return overridden query mode. Avoid logging of the configured query mode. Write the overridden query mode to the logger instance instead. - Don't enforce agent query mode "SSH" for x2gobroker-ssh anymore. - If a single-host is unreachable, return the host address, not the hostname and let X2Go Client release itself, that the host is unreachable. - x2gobroker-loadchecker: Don't freeze if load information for a complete load-balanced server farm is unavailable. - x2gobroker-pubkeyauthorizer: Handle replacement of SSH pubkeys with wrong/ old SSH options. - x2gobroker-agent.pl: Add %U (uidNumber) and %G (primary gidNumber) as further possible substitutions for deriving the full path of the authorized_keys file where X2Go Broker Agent's deploys public SSH user keys to. (Fixes: #665). - agent.py: Use os.fork() instead of threading.Thread() to handle delayed executions of broker agent tasks. This assures that SSH pub keys are removed via the delauthkey broker agent task, if the SSH broker is used. (Fixes: #491). - Add run-optional-script support to SSH broker. - x2gobroker-ssh: When agent query mode is set to LOCAL, Execute x2gobroker-agent via sudo as group "X2GOBROKER_DAEMON_GROUP". (Fixes: #835). - When the x2gobroker-agent command call is shipped via $SSH_ORIGINAL_COMMAND environment var, make sure to strip-off "sh -c" from the command's beginning. - x2gobroker-agent.pl: Fix detection of X2Go's library path (x2gopath lib). - Implement "not-set" value for X2Go Client parameters. If a parameter is set to "not-set", the parameter won't be handed over to X2Go Client. (Fixes: #834, #836). - agent.py: Fix missing "task" parameter for task "ping" against a local broker agent. - Fix task ping when tested via the x2gobroker-testagent script. - Transliterate commands in session profiles to uppercase when checking if the command is supposed to launch a desktop session. * debian/control: + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. + Fix SYNOPSIS texts. + Recommend apache2 and libapache2-mod-wsgi for x2gobroker-wsgi. + Fix position of XS-Python-Version: field. + Rework LONG_DESCRIPTION of bin:package x2gobroker-agent. Imporve line breaks, so that we now have lines that are close to 80 chars long. + Make x2gobroker-daemon a symlink and recognize HTTP mode by the executable's name. + Bump Standards: to 3.9.6. No changes needed. + Add to D (python-x2gobroker): python-urllib3. * debian/copyright: + Update file to match current status quo of upstream source files. * debian/x2gobroker-agent.dirs: + Provide empty log file directory. * debian/x2gobroker-wsgi postinst/postrm: + Make bin:package x2gobroker-wsgi compliant Debian's packaging style of Apache2.4 / Apache2.2. + On package purgal: Disable Apache2 config first and then attempt the removal of the x2gobroker user/group. + Pass $@ to our apacheconf_configure, apacheconf_remove functions to not break apache2-maintscript-helper. * debian/x2gobroker-ssh.postinst: + Assure proper file permissions, owner and group settings for x2gobroker-ssh. * debian/x2gobroker-ssh.prerm: + Drop dpkg-statoverride of /usr/bin/x2gobroker-ssh before package removal. * debian/*.postinst: + Assure that the log directory always exists (no matter what combination of packages got installed). * debian/python-x2gobroker.install: + Install defaults.conf into bin:package python-x2gobroker. * debian/source/format: + Switch to format 1.0. * rpm/*.init: + Provide initscripts that are likely to work on RHEL plus derivatives. * x2gobroker.spec: + Provide x2gobroker.spec file for building RPM packages. Inspired by the packaging work in OpenSuSE. + Split out python-x2gobroker sub-package. + Install Apache2 config symlinks to /etc/httpd (not /etc/apache2). + Make sure x2gobroker-agent wrapper gets installed into x2gobroker-agent sub-package. + Builds for EPEL-7 also have to systemd aware. + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Adapt to building on openSUSE/SLES. + Rework Description: of bin:package x2gobroker-agent. Imporve line breaks, so that we now have lines that are close to 80 chars long. + Add x2gobroker-rpmlintrc file. + Don't package x2gobroker-daemon.1 nor x2gobroker-ssh.1 man pages twice. + On SUSE, we have /etc/apache2, not /etc/httpd. + On SUSE, we have to provide our own python-pampy package (and depend on that). In Fedora and RHEL, the same (upstream) software is named python-pam. (Fixes: #562). + For distro versions with systemd, provide /etc/x2go/broker/defaults.conf. For SysV distro versions, use /etc/defaults/* and source them via the init scripts. + No adm group on non-Debian systems by default. Using root instead on RPM based systems. + For Fedora 22 and beyond explicitly call python2 in all shebangs. + Add to BR: sudo (to have /etc/sudoers.d owned by some package). . [ Josh Lukens ] * New upstream version (0.0.3.0): - Add support for dynamic cookie based auth after initial password auth. (Fixes: #447). - Add support to run pre and post authentication scripts. (Fixes: #449). - Add auth mechanism https_get. (Fixes: #450). - Change pre and post scripts to use common codebase across frontends. (Fixes: #469). - Add ability to have script run in select session after server is selected. - Add basic support for pulling https_get authmech config from configuration file. (Fixes: #470). - Fix typos and host/port mixups in the remote_sshproxy logic. (Fixes: #544). - Make sure find_busy_servers in agent.py returns a tuple (recent API change) to not break profiles with multiple servers. (Fixes: #545). - On session resumption take profile's host list into account. Don't resume sessions the profile has not been configured for. (Fixes: #553). . [ Jason Alavaliant ] * New upstream version (0.0.3.0): - Handle spaces in broker login passwords when authservice is used. (Fixes: #706). - Don't strip off spaces from password strings. (Fixes: #716). . [ Mihai Moldovan ] * x2gobroker.spec: + Change all python-pampy references to python-pam on non-SUSE systems. + Fix %build scriptlet: add missing "done" in while; do; done shell script part. + Don't do a weird escape slash dance in sed's replace command. Simply use another separator. * debian/rules: + Try to call common-binary-indep from common-binary-arch. From unknown Tue Mar 19 09:54:41 2024 MIME-Version: 1.0 X-Mailer: MIME-tools 5.502 (Entity 5.502) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#553 closed by X2Go Release Manager (X2Go issue (in src:x2gobroker) has been marked as closed) Message-ID: References: <20150620121025.66FC95DAA3@ymir.das-netzwerkteam.de> X-X2go-PR-Keywords: pending X-X2go-PR-Message: they-closed 553 X-X2go-PR-Package: x2gobroker X-X2go-PR-Source: x2gobroker Date: Sat, 20 Jun 2015 12:20:05 +0000 Content-Type: multipart/mixed; boundary="----------=_1434802805-26176-0" This is a multi-part message in MIME format... ------------=_1434802805-26176-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 This is an automatic notification regarding your Bug report which was filed against the x2gobroker package: #553: Session resume doesn't take profile's host list into account It has been closed by X2Go Release Manager . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact X2Go Release Manager <= git-admin@x2go.org> by replying to this email. --=20 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems ------------=_1434802805-26176-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at control) by bugs.x2go.org; 20 Jun 2015 12:17:49 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 66FC95DAA3; Sat, 20 Jun 2015 14:10:25 +0200 (CEST) From: X2Go Release Manager To: 553-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 553@bugs.x2go.org Subject: X2Go issue (in src:x2gobroker) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20150620121025.66FC95DAA3@ymir.das-netzwerkteam.de> Date: Sat, 20 Jun 2015 14:10:25 +0200 (CEST) close #553 thanks Hello, we are very hopeful that X2Go issue #553 reported by you has been resolved in the new release (0.0.3.0) of the X2Go source project »src:x2gobroker«. You can view the complete changelog entry of src:x2gobroker (0.0.3.0) below, and you can use the following link to view all the code changes between this and the last release of src:x2gobroker. http://code.x2go.org/gitweb?p=x2gobroker.git;a=commitdiff;h=30c316e66f4173d0e3577fe85817e73f822a479e;hp=81e28ea24b269fb24559d70c462b846cf2f56edd If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2gobroker. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2gobroker Version: 0.0.3.0-0x2go1 Status: RELEASE Date: Sat, 20 Jun 2015 13:58:49 +0200 Fixes: 153 217 275 306 360 379 380 447 449 450 469 470 484 491 493 494 544 545 553 562 665 666 685 686 692 706 716 784 834 835 836 Changes: x2gobroker (0.0.3.0-0x2go1) RELEASED; urgency=low . [ Mike Gabriel ] * New upstream version (0.0.3.0): - Add SSH support to X2Go Session Broker. (Fixes: #153). - Move x2gobroker executable to /usr/bin. - Update x2gobroker man page. - SSH broker: Only allow context change to another user for the magic user (default: x2gobroker). - Fix logrotate script: x2gobroker-wsgi. (Fixes: #275). - Get the cookie based extra-authentication working for SSH mode. - Get the cookie based extra-authentication working for HTTP mode. - Fix output of HTTP based connectivity test. - Do not let the broker crash if an agent is not reachable. Capture X2GoBrokerAgentExceptions when pinging the remote agent. (Fixes: #306). - When calling the agent's suspend_session function, make sure to pass on the remote_agent dictionary. - Provide empty directory /etc/x2go/broker/ssl. - Re-order x2gobroker main file. Move logging further to the back to allow taking command-line options into account. - Modify default x2gobroker-sessionprofiles.conf and provide something that will work with every default setup. - New broker session profile parameter: broker-agent-query-mode. Define agent query methods per session profile. - Rename base broker's use_session_autologin to get_session_autologin. - Fix Python2'isms in three exceptions. Thanks to Mathias Ewald for spotting. - Make test_suite callable via setup.py. - Provide a test function that checks if the basic broker agent setup (SSH private/public key pair) is available. If not, no SSH broker usage will be attempted. - Let a portscan preceed the SSH ping command. This notably reduces timeout duration if the host running the queried broker agent is down). - Catch RequestHandler errors and write them to the error log channel. - Raised verbosity level to INFO for session broker utilities. - Add sanity checks to x2gobroker-pubkeyauthorizer. - Report stderr results to the broker log channel (broker.log). This allows debugging of X2Go Session Broker Agent via the X2Go Session Broker logging instance. (Fixes: #217). - Fix the ping task in x2gobroker-agent.pl, process it without checking the given username. - Fix remote agent detection in case of some agents being down. - Add utils function: matching_hostnames(): test hostname lists for matching hostnames (with/without domain name). - Add fuzzy tolerance when comparing host name lists as found in session profile configuration and as reported by broker agent. - In x2gobroker.conf: describe the manifold ways of providing a second authorized_keys file location in SSH server daemon. Thanks to Stefan Heitmüller for pointing out more recent SSH server's configuration style. - WSGI implementation: keep SCRIPT_NAME in environ, as removing it causes AssertionErrors whenever we trigger a tornado.web.HTTPError. - Add password prompt to x2gobroker-testauth. Password prompt is used if the --password option is not used. - New authentication mechanism: none. Always authenticate a user, even if password is not provided or wrong. - Ship python2.6 asyncore patch (Debian squeeze python2.6 version) in python-x2gobroker's docs folder. - Show correct environment variables in log file prelude when WSGI is used. - Fix check-credentials = false for UCCS web frontend. - Add a start page (,,It works''). - Use IP addresses in apache2 config rather than hostnames. - Add new helper tool: x2gobroker-daemon-debug. - Add man page for x2gobroker-daemon-debug. - WebUI "plain": throw explainative log errors for every 404 http error. - Fix man pages (layout issues on x2gobroker-authservice man page). - Adapt man page installation to moval of x2gobroker(-testauth) from an sbin to a bin directory (executable for any user). - Make the inifile broker backend the default backend. (Fixes: #360). - Support daemonizing of the http broker. - Default to http broker mode when daemonizing the broker. - Support daemonizing of the authservice. - Detect RUNDIR in x2gobroker-authservice and use it for the default location of the authservice socket file. - Detect RUNDIR in x2gobroker Python module and use it for the default location of the authservice socket file. - Let x2gobroker-authservice take care of tidying up its own socket file. - Provide PAM config file for Debian and RHEL separately (as they differ). - Makefile: Clean up x2gobroker-agent binary. - Be more precise in Debian et al. init scripts when checking if the service is already running. - Add JSON WebUI backend for X2Go Session Broker. - JSON WebUI backend renders data of content type "text/json". - Provide configuration alternative to having /etc/defaults/* scripts parsed in by init scripts. Make X2Go Session Broker ready for being run via systemd. - Provide symlink x2gobroker-daemon. - Provide systemd service files for x2gobroker-daemon and x2gobroker-authservice. (Fixes: #379, #380). - Add --drop-privileges feature so that x2gobroker-daemon can drop root privileges when started via systemd. Only drop privileges if x2gobroker(-daemon) is run as uidNumber 0. - Implement dynamic authid for JSON WebUI frontend. Add a generic metadata top level to the JSON output tree. - Store cookies in /var/lib/x2gobroker (path is more appropriate than previously suggested path /var/log/x2gobroker). - Handle selectsessions calls with a non-existent profile ID gracefully. - Session profiles with marker user=BROKER_USER will now auto-fill-in the broker username into the session profile's 'user' option. - Provide tool: x2gobroker-testagent. - Allow for broker clients to send in public SSH keys that the client may use for authentication to X2Go Servers. - broker agent: avoid one option system() calls in Perl. (Fixes: #784). - For user context changes: set the HOME dir of the new user correctly. - Reduce Paramiko/SSH verbosity (logging.ERROR) when connecting to remote broker agents. - Support adding remote broker agent's host keys via the x2gobroker-testagent tool. - If we received an SSH public key from a broker client, mark it as ACCEPTED after we deployed it, so that the client knows that it can its corresponding private key. - Fix https brokerage in x2gobroker-daemon-debug. - Load X2GOBROKER_DAEMON_USER's known_hosts key file before doing remote agent calls. - Fully rewrite agent.py. - Fix broker crashes when no session status is available for certain session profiles. - JSON webUI: run pre and post auth scripts also via this backend. - x2gobroker-daemon: become wrapper script, enable --mode HTTP by default. Provide some intelligence when run as daemon (killing children processes on reception of a SIGTERM, SIGINT, SIGQUIT, EXIT signal). - Rename sections for broker backends in x2gobroker.conf - Make config object of x2gobroker.conf available in authentication mechanism backends. - Fix SSH based broker client. - Fix several failing tests, adapt tests to current code base. - Introduce new global parameter for x2gobroker.conf: my-cookie-file. Allow storing the initial authentication cookie/ID in a read-protected file. - Explicitly set detach_process to True when calling daemon.DaemonContext(). Otherwise the daemons start but don't return to the cmdline prompt. (Fixes: #484). - Change agent API: all functions return a tuple where the first element denotes if the underlying agent call has been successful. - Correctly detect $HOME of the user that runs x2gobroker (including setuid calls via x2gobroker-ssh). - Enforce SSH agent query mode (instead of LOCAL mode) for SSH brokerage (as LOCAL query mode won't work due to a permission koan that has not yet been solved). - Fix interpretation of SSH_CLIENT env variable. - Make x2gobroker-agent usable/installable on non-X2Go server machines. (Fixes: #493). - Provide autologin support for session profiles that have an SSH proxy host configured. (Fixes: #494). - Fix IPv6 binding of the X2Go Session Broker daemon. If no bind port is given via the cmdline, obtain it from other means (via x2gobroker.defaults). - Rename LICENSE file to COPYING. - X2Go Broker Agent: Test if queried username exists on the system before performing the query. - Make sure bind_address and bind_port are correctly detected from /etc/default/x2gobroker-daemon and /etc/x2go/broker/defaults.cfg. - Move split_host_address() code into x2gobroker.utils. - Report to log what the broker agent replied to us. - Provide support for load-balancing to hosts that are all reachable over the same IP address, but different TCP/IP ports (e.g. docker instances or hosts behind a reverse NATed IPv4 gateway). This ended up in a rewrite of the complete selection_session() method of the base broker code. - Use physical host address and port (if provided) for contacting remote broker agent via SSH. - Update README and TODO. - Update copyright holders. Copyright is held only by people who actually contributed to the current code base. - logrotate configs: Rotated logs via "su x2gobroker adm". - Use hostname as hard-coded in server_list (from session profile configuration), don't try to strip off the domain name. - Consolidate x2gobroker.utils.split_host_address() with a test and rewrite completely. - Make sure that without configuration files, the HTTP broker listens to port 8080. - Provide legacy support for deprecated x2gobroker.conf global parameter 'check-credentials'. - Configure broker / authservice environment via .service files. - Load defaults.conf via authservices and for logger configuration, as well. - x2gobroker-authservice: Make sure socket file directory is created before trying to create the socket file itself. - Don't load defaults.conf twice. Only load it when initializing the loggers. - Provide a special PAM configuration file for SUSE systems (identical to the PAM configuration file for Debian). - defaults.conf: Mention X2GOBROKER_DEBUG not only in the global section, but also in the [daemon] and [authservice] section. - x2gobroker-testauth: Don't use hard-coded default backend. Obtain X2GOBROKER_DEFAULT_BACKEND from x2gobroker.defaults instead. - x2gobroker-testauth: Improve help text of --backend option. Display the current backend default. - x2gobroker-authservice: Restructure logging. Enable log messages for authentication requests. - Get several issues around select_session fixed via tests in the broker's backend base.py. - Add tests for broker agent queries. - Fix setting the remote agent's SSH port if the host option is of style " (:)". - During select_session: Re-add subdomain (if possible) to the hostname to make sure we can detect the host's : further down in the code. - Properly set (/var)/run/x2gobroker directory permissions when started via systemd. - Fix privilege check for the broker daemon's log directory. - Enable basic/random load-balancing for UCCS broker frontend. Make UCCS frontend aware of host session profile options of the form "host= (:). - Do a portscan on the remote's SSH port before querying a remote agent via SSH. - Don't return X2Go Servers that are actually down, currently. The X2Go Servers get probed via a short portscan on the remote's SSH port. If that portscan fails, another remote X2Go Server is chosen from the list of available server (if any). This portscanning functionality can be switched off via "default-portscan-x2goservers" in x2gobroker.conf or via "broker-portscan-x2goservers" per session profile. (Fixes: #692). - When load-balancing, switch to chosen server as remote broker agent before deploying SSH keys. - Allow resuming sessions from servers even if one offline server has left bogus in the session DB (plus unit tests). - Fix remote agent detection if one ore more X2Go Servers are offline and hostname does not match host address (plus unit test). - Allow remote agent calls via hostname or host address when using the format " ()" in the session profile. This can be useful if the is a valid address on the local network (broker <-> communication), but the host address is valid for clients (client <-> server communication). - Don't check for running/suspended session if the session profile will request a shadowing session. - Disabled broker agent calls and load-balancing for session profiles that will request shadowing sessions. - Mention "usebrokerpass" session profile option in x2gobroker-sessionprofiles.conf. - Provide desktop sharing (shadow session) example in x2gobroker-sessionprofiles.conf. - Makefile: Add installation rules for x2gobroker-loadchecker. - x2gobroker.1: Since systemd there are not only init scripts. Rephrasing man page. - New feature: x2gobroker-loadchecker daemon. (Fixes: #686). - x2gobroker-agent.pl: Use var name server_usage instead of server_load. Reflects better what that var denotes. - agent.py: Completion of several __doc__ strings (missing @return:, @rtype: fields). - X2GoBroker.check_for_sessions(): Fix check for shadow / non-shadow sessions. - x2gobroker.1: Mention x2gobroker-ssh in its man page, differentiate between the different modes (http/ssh) of the x2gobroker application. - Pre-release pyflakes cleanup. - agent.py: Capture login failures in checkload() function. - agent.py: Allow providing a custom logger instance in all functions. - LoadChecker.loadchecker(): Use load checker daemon's logger instance for logging actions taken place in agent.py. - agent.py: Make agent query mode LOCAL behave similar to agent query mode SSH if things go wrong. - agent.py: Set result to None, if SSH connection to broker agent fails. - Calculate our own MemAvailable value in x2gobroker-agent.pl. Only kernels newer than v3.14 offer the MemAvailable: field in /proc/meminfo. - x2gobroker-agent.pl: Fix regexp for detecting number of CPUs and CPU frequency. - x2gobroker-agent.pl: Fall-back CPU detection for virtualized systems (e.g. QEMU hosts). - LoadChecker.loadchecker(): Report about query failures, as well, in query cycle summary. - LoadCheckerServiceHandler(): Add line breaks in per-profile output. Return nothing if the load checker service is unreachable. - agent.py: Let get_servers() return a dictionary with hostnames as keys and number of sessions as values. - Fix X2GoBroker.use_load_checker(): Obtain broker-* option via X2GoBroker.get_profile_broker(), not via X2GoBroker.get_profile(). - Various improvements / fixes for session selection via the load checker daemon. - Adapt tests to new load checker service feature. - Only check for 'load_factors' key in remote_agent dict, if agent query mode is SSH. - Fix detection of running x2gobroker-daemon process in Debian's SystemV init script. - Set default log level to "WARNING", not "DEBUG". - defaults/x2gobroker-logchecker.default: Fix copy+paste errors. - doc/README.x2goclient+broker.getting-started: Mention how to launch PyHoca-GUI in broker mode. - etc/broker/defaults.conf: Fix copy+paste errors. - etc/x2gobroker-wsgi.*.conf: Make host ACLs Apache2.4 compliant. - logrotate/x2gobroker-loadchecker: The loadchecker.log file needs to be owned by user x2gobroker. - rpm/x2gobroker-*.init: Fix copy+paste errors. - man pages: Update date. - If non-load-balanced session profiles reference a non-reachable host, hand-back the system's hostname to X2Go Client / Python X2Go. - Add security notice / disclaimer to x2gbroker.1 man page as suggested by Stefan Baur. (Fixes: #666). - Provide x2gobroker system user public keys to broker agents with SSH options--strongly restricting the key usage--now. Modify x2gobroker- pubkeyauthorizer in a way that it replaces non-option keys with the newly provided optionized/restricted pubkeys. (Fixes: #685). - etc/x2gobroker.conf: Switch over to using dynamic auth cookies by default. - X2GoBroker.get_agent_query_mode(): Immediately return overridden query mode. Avoid logging of the configured query mode. Write the overridden query mode to the logger instance instead. - Don't enforce agent query mode "SSH" for x2gobroker-ssh anymore. - If a single-host is unreachable, return the host address, not the hostname and let X2Go Client release itself, that the host is unreachable. - x2gobroker-loadchecker: Don't freeze if load information for a complete load-balanced server farm is unavailable. - x2gobroker-pubkeyauthorizer: Handle replacement of SSH pubkeys with wrong/ old SSH options. - x2gobroker-agent.pl: Add %U (uidNumber) and %G (primary gidNumber) as further possible substitutions for deriving the full path of the authorized_keys file where X2Go Broker Agent's deploys public SSH user keys to. (Fixes: #665). - agent.py: Use os.fork() instead of threading.Thread() to handle delayed executions of broker agent tasks. This assures that SSH pub keys are removed via the delauthkey broker agent task, if the SSH broker is used. (Fixes: #491). - Add run-optional-script support to SSH broker. - x2gobroker-ssh: When agent query mode is set to LOCAL, Execute x2gobroker-agent via sudo as group "X2GOBROKER_DAEMON_GROUP". (Fixes: #835). - When the x2gobroker-agent command call is shipped via $SSH_ORIGINAL_COMMAND environment var, make sure to strip-off "sh -c" from the command's beginning. - x2gobroker-agent.pl: Fix detection of X2Go's library path (x2gopath lib). - Implement "not-set" value for X2Go Client parameters. If a parameter is set to "not-set", the parameter won't be handed over to X2Go Client. (Fixes: #834, #836). - agent.py: Fix missing "task" parameter for task "ping" against a local broker agent. - Fix task ping when tested via the x2gobroker-testagent script. - Transliterate commands in session profiles to uppercase when checking if the command is supposed to launch a desktop session. * debian/control: + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. + Fix SYNOPSIS texts. + Recommend apache2 and libapache2-mod-wsgi for x2gobroker-wsgi. + Fix position of XS-Python-Version: field. + Rework LONG_DESCRIPTION of bin:package x2gobroker-agent. Imporve line breaks, so that we now have lines that are close to 80 chars long. + Make x2gobroker-daemon a symlink and recognize HTTP mode by the executable's name. + Bump Standards: to 3.9.6. No changes needed. + Add to D (python-x2gobroker): python-urllib3. * debian/copyright: + Update file to match current status quo of upstream source files. * debian/x2gobroker-agent.dirs: + Provide empty log file directory. * debian/x2gobroker-wsgi postinst/postrm: + Make bin:package x2gobroker-wsgi compliant Debian's packaging style of Apache2.4 / Apache2.2. + On package purgal: Disable Apache2 config first and then attempt the removal of the x2gobroker user/group. + Pass $@ to our apacheconf_configure, apacheconf_remove functions to not break apache2-maintscript-helper. * debian/x2gobroker-ssh.postinst: + Assure proper file permissions, owner and group settings for x2gobroker-ssh. * debian/x2gobroker-ssh.prerm: + Drop dpkg-statoverride of /usr/bin/x2gobroker-ssh before package removal. * debian/*.postinst: + Assure that the log directory always exists (no matter what combination of packages got installed). * debian/python-x2gobroker.install: + Install defaults.conf into bin:package python-x2gobroker. * debian/source/format: + Switch to format 1.0. * rpm/*.init: + Provide initscripts that are likely to work on RHEL plus derivatives. * x2gobroker.spec: + Provide x2gobroker.spec file for building RPM packages. Inspired by the packaging work in OpenSuSE. + Split out python-x2gobroker sub-package. + Install Apache2 config symlinks to /etc/httpd (not /etc/apache2). + Make sure x2gobroker-agent wrapper gets installed into x2gobroker-agent sub-package. + Builds for EPEL-7 also have to systemd aware. + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Adapt to building on openSUSE/SLES. + Rework Description: of bin:package x2gobroker-agent. Imporve line breaks, so that we now have lines that are close to 80 chars long. + Add x2gobroker-rpmlintrc file. + Don't package x2gobroker-daemon.1 nor x2gobroker-ssh.1 man pages twice. + On SUSE, we have /etc/apache2, not /etc/httpd. + On SUSE, we have to provide our own python-pampy package (and depend on that). In Fedora and RHEL, the same (upstream) software is named python-pam. (Fixes: #562). + For distro versions with systemd, provide /etc/x2go/broker/defaults.conf. For SysV distro versions, use /etc/defaults/* and source them via the init scripts. + No adm group on non-Debian systems by default. Using root instead on RPM based systems. + For Fedora 22 and beyond explicitly call python2 in all shebangs. + Add to BR: sudo (to have /etc/sudoers.d owned by some package). . [ Josh Lukens ] * New upstream version (0.0.3.0): - Add support for dynamic cookie based auth after initial password auth. (Fixes: #447). - Add support to run pre and post authentication scripts. (Fixes: #449). - Add auth mechanism https_get. (Fixes: #450). - Change pre and post scripts to use common codebase across frontends. (Fixes: #469). - Add ability to have script run in select session after server is selected. - Add basic support for pulling https_get authmech config from configuration file. (Fixes: #470). - Fix typos and host/port mixups in the remote_sshproxy logic. (Fixes: #544). - Make sure find_busy_servers in agent.py returns a tuple (recent API change) to not break profiles with multiple servers. (Fixes: #545). - On session resumption take profile's host list into account. Don't resume sessions the profile has not been configured for. (Fixes: #553). . [ Jason Alavaliant ] * New upstream version (0.0.3.0): - Handle spaces in broker login passwords when authservice is used. (Fixes: #706). - Don't strip off spaces from password strings. (Fixes: #716). . [ Mihai Moldovan ] * x2gobroker.spec: + Change all python-pampy references to python-pam on non-SUSE systems. + Fix %build scriptlet: add missing "done" in while; do; done shell script part. + Don't do a weird escape slash dance in sed's replace command. Simply use another separator. * debian/rules: + Try to call common-binary-indep from common-binary-arch. ------------=_1434802805-26176-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.x2go.org; 18 Jul 2014 01:52:51 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=ham version=3.3.2 Received: from felt.botch.com (felt.botch.com [207.145.43.98]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 514125DB2C for ; Fri, 18 Jul 2014 03:52:50 +0200 (CEST) Received: from [127.0.0.1] (unknown [192.168.254.1]) (Authenticated sender: jlukens) by felt.botch.com (Postfix) with ESMTP id 717B11AC0CB for ; Thu, 17 Jul 2014 21:52:48 -0400 (EDT) Date: Thu, 17 Jul 2014 21:52:49 -0400 From: Josh Lukens To: submit@bugs.x2go.org Message-ID: Subject: Session resume doesn't take profile's host list into account X-Mailer: sparrow 1.6.4 (build 1178) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="53c87df1_25e45d32_2b2" --53c87df1_25e45d32_2b2 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Package: x2gobroker Version: 0.0.3.0 Severity: normal When a broker has multiple profiles with mutually exclusive host lists but a shared database session state is appropriately sent to the client when listing sessions but if a user attempts to select a non-suspended profile the suspended (different) profile will be resumed instead. Draft patch attached which filters both load balancing decisions and resume decisions based on server_list for selected profile. Patch is really only a handful of lines but indentation of other lines bloats diff. --53c87df1_25e45d32_2b2 Content-Type: application/octet-stream Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="resume.patch" ZGlmZiAtLWdpdCBhL3gyZ29icm9rZXIvYnJva2Vycy9iYXNlX2Jyb2tlci5weSBiL3gyZ29icm9r ZXIvYnJva2Vycy9iYXNlX2Jyb2tlci5weQppbmRleCBlOTJjN2Q4Li43M2QwZTgyIDEwMDY0NAot LS0gYS94MmdvYnJva2VyL2Jyb2tlcnMvYmFzZV9icm9rZXIucHkKKysrIGIveDJnb2Jyb2tlci9i cm9rZXJzL2Jhc2VfYnJva2VyLnB5CkBAIC0xMTA1LDYgKzExMDUsMTAgQEAgY2xhc3MgWDJHb0Jy b2tlcihvYmplY3QpOgogICAgICAgICAgICAgICAgICAgICBpZiBzZXJ2ZXIgbm90IGluIGJ1c3lf c2VydmVycy5rZXlzKCk6CiAgICAgICAgICAgICAgICAgICAgICAgICBidXN5X3NlcnZlcnNbc2Vy dmVyXSA9IDAKIAorICAgICAgICAgICAgICAgIGZvciBzZXJ2ZXIgaW4gYnVzeV9zZXJ2ZXJzLmtl eXMoKToKKyAgICAgICAgICAgICAgICAgICAgaWYgc2VydmVyIG5vdCBpbiBzZXJ2ZXJfbGlzdDoK KyAgICAgICAgICAgICAgICAgICAgICAgIGRlbCBidXN5X3NlcnZlcnNbc2VydmVyXQorCiAgICAg ICAgICAgICAgICAgYnVzeV9zZXJ2ZXJfbGlzdCA9IFsgKGxvYWQsIHNlcnZlcikgZm9yIHNlcnZl ciwgbG9hZCBpbiBidXN5X3NlcnZlcnMuaXRlbXMoKSBdCiAgICAgICAgICAgICAgICAgYnVzeV9z ZXJ2ZXJfbGlzdC5zb3J0KCkKIApAQCAtMTE0NywzMiArMTE1MSwzNSBAQCBjbGFzcyBYMkdvQnJv a2VyKG9iamVjdCk6CiAgICAgICAgICAgICAgICAgICAgIHJ1bm5pbmdfc2Vzc2lvbnMgPSBbXQog ICAgICAgICAgICAgICAgICAgICBzdXNwZW5kZWRfc2Vzc2lvbnMgPSBbXQogICAgICAgICAgICAg ICAgICAgICBmb3Igc2Vzc2lvbl9pbmZvIGluIHNlc3Npb25fbGlzdDoKLSAgICAgICAgICAgICAg ICAgICAgICAgIGlmIHNlc3Npb25faW5mby5zcGxpdCgnfCcpWzRdID09ICdSJzoKLSAgICAgICAg ICAgICAgICAgICAgICAgICAgICBydW5uaW5nX3Nlc3Npb25zLmFwcGVuZChzZXNzaW9uX2luZm8p Ci0gICAgICAgICAgICAgICAgICAgICAgICBpZiBzZXNzaW9uX2luZm8uc3BsaXQoJ3wnKVs0XSA9 PSAnUyc6Ci0gICAgICAgICAgICAgICAgICAgICAgICAgICAgc3VzcGVuZGVkX3Nlc3Npb25zLmFw cGVuZChzZXNzaW9uX2luZm8pCi0KLSAgICAgICAgICAgICAgICAgICAgIyB3ZSBwcmVmZXIgc3Vz cGVuZGVkIHNlc3Npb25zIGZvciByZXN1bWluZyBpZiB3ZSBmaW5kIHNlc3Npb25zIHdpdGggYm90 aCBzdGF0ZXMgb2YgYWN0aXZpdHkKLSAgICAgICAgICAgICAgICAgICAgaWYgc3VzcGVuZGVkX3Nl c3Npb25zOgotICAgICAgICAgICAgICAgICAgICAgICAgc2Vzc2lvbl9pbmZvID0gc3VzcGVuZGVk X3Nlc3Npb25zWzBdCi0gICAgICAgICAgICAgICAgICAgIGVsc2U6Ci0gICAgICAgICAgICAgICAg ICAgICAgICBzZXNzaW9uX2luZm8gPSBydW5uaW5nX3Nlc3Npb25zWzBdCi0gICAgICAgICAgICAg ICAgICAgICAgICB4MmdvYnJva2VyLmFnZW50LnN1c3BlbmRfc2Vzc2lvbih1c2VybmFtZT11c2Vy bmFtZSwgc2Vzc2lvbl9uYW1lPXNlc3Npb25faW5mby5zcGxpdCgnfCcpWzFdLCByZW1vdGVfYWdl bnQ9cmVtb3RlX2FnZW50KQotICAgICAgICAgICAgICAgICAgICAgICAgIyB0aGlzIGlzIHRoZSB0 dXJuLWFyb3VuZCBpbiB4MmdvY2xlYW5zZXNzaW9ucywgc28gd2FpdGluZyBhcyBhbG9uZyBhcyB0 aGUgZGFlbW9uIHRoYXQgd2lsbCBzdXNwZW5kIHRoZSBzZXNzaW9uCi0gICAgICAgICAgICAgICAg ICAgICAgICB0aW1lLnNsZWVwKDIpCi0gICAgICAgICAgICAgICAgICAgICAgICBzZXNzaW9uX2lu Zm8gPSBzZXNzaW9uX2luZm8ucmVwbGFjZSgnfFJ8JywgJ3xTfCcpCi0gICAgICAgICAgICAgICAg ICAgIHNlcnZlcl9uYW1lID0gc2Vzc2lvbl9pbmZvLnNwbGl0KCd8JylbM10KLQotICAgICAgICAg ICAgICAgICAgICAjIGlmIHdlIGhhdmUgYW4gZXhwbGljaXQgSVAgYWRkcmVzcyBmb3Igc2VydmVy X25hbWUsIGxldCdzIHVzZSB0aGF0IGluc3RlYWQuLi4KLSAgICAgICAgICAgICAgICAgICAgdHJ5 OgotICAgICAgICAgICAgICAgICAgICAgICAgc2VydmVyX25hbWUgPSBwcm9maWxlWydob3N0PXto b3N0bmFtZX0nLmZvcm1hdChob3N0bmFtZT1zZXJ2ZXJfbmFtZSldCi0gICAgICAgICAgICAgICAg ICAgIGV4Y2VwdCBLZXlFcnJvcjoKLSAgICAgICAgICAgICAgICAgICAgICAgIHBhc3MKLQotICAg ICAgICAgICAgICAgICAgICBzZWxlY3RlZF9zZXNzaW9uLnVwZGF0ZSh7Ci0gICAgICAgICAgICAg ICAgICAgICAgICAnc2VydmVyJzogc2VydmVyX25hbWUsCi0gICAgICAgICAgICAgICAgICAgICAg ICAnc2Vzc2lvbl9pbmZvJzogc2Vzc2lvbl9pbmZvLAotICAgICAgICAgICAgICAgICAgICB9KQor ICAgICAgICAgICAgICAgICAgICAgICAgbXlob3N0LG15ZG9tYWluID0gc2Vzc2lvbl9pbmZvLnNw bGl0KCd8JylbM10uc3BsaXQoJy4nLCAxKQorICAgICAgICAgICAgICAgICAgICAgICAgaWYgbXlo b3N0IGluIHNlcnZlcl9saXN0OgorICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmIHNlc3Np b25faW5mby5zcGxpdCgnfCcpWzRdID09ICdSJzoKKyAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgcnVubmluZ19zZXNzaW9ucy5hcHBlbmQoc2Vzc2lvbl9pbmZvKQorICAgICAgICAgICAg ICAgICAgICAgICAgICAgIGlmIHNlc3Npb25faW5mby5zcGxpdCgnfCcpWzRdID09ICdTJzoKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3VzcGVuZGVkX3Nlc3Npb25zLmFwcGVuZChz ZXNzaW9uX2luZm8pCisKKyAgICAgICAgICAgICAgICAgICAgaWYgc3VzcGVuZGVkX3Nlc3Npb25z IG9yIHJ1bm5pbmdfc2Vzc2lvbnM6CisgICAgICAgICAgICAgICAgICAgICAgICAjIHdlIHByZWZl ciBzdXNwZW5kZWQgc2Vzc2lvbnMgZm9yIHJlc3VtaW5nIGlmIHdlIGZpbmQgc2Vzc2lvbnMgd2l0 aCBib3RoIHN0YXRlcyBvZiBhY3Rpdml0eQorICAgICAgICAgICAgICAgICAgICAgICAgaWYgc3Vz cGVuZGVkX3Nlc3Npb25zOgorICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNlc3Npb25faW5m byA9IHN1c3BlbmRlZF9zZXNzaW9uc1swXQorICAgICAgICAgICAgICAgICAgICAgICAgZWxzZToK KyAgICAgICAgICAgICAgICAgICAgICAgICAgICBzZXNzaW9uX2luZm8gPSBydW5uaW5nX3Nlc3Np b25zWzBdCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgeDJnb2Jyb2tlci5hZ2VudC5zdXNw ZW5kX3Nlc3Npb24odXNlcm5hbWU9dXNlcm5hbWUsIHNlc3Npb25fbmFtZT1zZXNzaW9uX2luZm8u c3BsaXQoJ3wnKVsxXSwgcmVtb3RlX2FnZW50PXJlbW90ZV9hZ2VudCkKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAjIHRoaXMgaXMgdGhlIHR1cm4tYXJvdW5kIGluIHgyZ29jbGVhbnNlc3Np b25zLCBzbyB3YWl0aW5nIGFzIGFsb25nIGFzIHRoZSBkYWVtb24gdGhhdCB3aWxsIHN1c3BlbmQg dGhlIHNlc3Npb24KKyAgICAgICAgICAgICAgICAgICAgICAgICAgICB0aW1lLnNsZWVwKDIpCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Vzc2lvbl9pbmZvID0gc2Vzc2lvbl9pbmZvLnJl cGxhY2UoJ3xSfCcsICd8U3wnKQorICAgICAgICAgICAgICAgICAgICAgICAgc2VydmVyX25hbWUg PSBzZXNzaW9uX2luZm8uc3BsaXQoJ3wnKVszXQorCisgICAgICAgICAgICAgICAgICAgICAgICAj IGlmIHdlIGhhdmUgYW4gZXhwbGljaXQgSVAgYWRkcmVzcyBmb3Igc2VydmVyX25hbWUsIGxldCdz IHVzZSB0aGF0IGluc3RlYWQuLi4KKyAgICAgICAgICAgICAgICAgICAgICAgIHRyeToKKyAgICAg ICAgICAgICAgICAgICAgICAgICAgICBzZXJ2ZXJfbmFtZSA9IHByb2ZpbGVbJ2hvc3Q9e2hvc3Ru YW1lfScuZm9ybWF0KGhvc3RuYW1lPXNlcnZlcl9uYW1lKV0KKyAgICAgICAgICAgICAgICAgICAg ICAgIGV4Y2VwdCBLZXlFcnJvcjoKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICBwYXNzCisK KyAgICAgICAgICAgICAgICAgICAgICAgIHNlbGVjdGVkX3Nlc3Npb24udXBkYXRlKHsKKyAgICAg ICAgICAgICAgICAgICAgICAgICAgICAnc2VydmVyJzogc2VydmVyX25hbWUsCisgICAgICAgICAg ICAgICAgICAgICAgICAgICAgJ3Nlc3Npb25faW5mbyc6IHNlc3Npb25faW5mbywKKyAgICAgICAg ICAgICAgICAgICAgICAgIH0pCiAKICAgICAgICAgICAgICAgICBleGNlcHQgSW5kZXhFcnJvcjoK IAo= --53c87df1_25e45d32_2b2-- ------------=_1434802805-26176-0--