x2gobroker.brokers.base_broker module¶
x2gobroker.brokers.base_broker.X2GoBroker
class - base skeleton for X2GoBroker implementations
-
class
x2gobroker.brokers.base_broker.
X2GoBroker
(config_file=None, config_defaults=None)[source]¶ Bases:
object
x2gobroker.brokers.base_broker.X2GoBroker
is an abstract class for X2Go broker implementations.This class needs to be inherited from a concrete broker class.
- Currently available broker classes are::
zeroconf.X2GoBroker
(working)inifile.X2GoBroker
(working)ldap.X2GoBroker
(in prep)
-
authmech_module
= None¶
-
backend_name
= 'base'¶
-
change_password
(new='', old='')[source]¶ Modify the authenticated user’s password on the X2Go infrastructure (normally, one user in one X2Go site setup should have the same password on all machines).
This function is a dummy function and needs to be overridden in specific broker backend implementations
Parameters: - new (
str
) – the new password that is to be set - old (
str
) – the currently set password
Returns: whether the password change has been successful
Return type: bool
- new (
-
check_access
(username='', password='', ip='', cookie=None, override_password_auth=False)[source]¶ Check if a given user with a given password may gain access to the X2Go session broker.
Parameters: - username (
str
) – a username known to the session broker - password (
str
) – a password that authenticates the user against the X2Go session broker - ip (
str
) – the ip address of the client - cookie (
str
) – an extra (static or dynamic) authentication token - override_password_auth (
bool
) – let password auth always succeed, needed for SSH broker (where SSH handled the password (or key) based authentication
Returns: returns
True
if the authentication has been successfulReturn type: bool
,``str``- username (
-
check_for_sessions
(profile_id)[source]¶ Detect from the session profile, if we should query the remote broker agent for running or suspended sessions.
Parameters: profile_id ( str
) – ID of a valid session profileReturns: True
if the remote broker agent should be queried for running/suspended sessionsReturn type: bool
-
check_profile_acls
(username, acls)[source]¶ Test if a given user can get through an ACL check using <acls> as a list of allow and deny rules.
Parameters: - username (
str
) – the username of interest - acls (
dict
) – a dictionary data structure containing ACL information (seex2gobroker.defaults.X2GOBROKER_SESSIONPROFILE_DEFAULTS
)
- username (
-
get_acl_defaults
()[source]¶ Get the ACL defaults for session profiles. The defaults are hard-coded in
x2gobroker.defaults
for classx2gobroker.brokers.base_broker.X2GoBroker
.Returns: a dictionary containing the ACL defaults for all session profiles Return type: dict
-
get_agent_hostkey_policy
(profile_id)[source]¶ Get the agent hostkey policy (either of ‘RejectPolicy’, ‘AutoAddPolicy’ or ‘WarningPolicy’) that is configured for this X2Go Session Broker instance.
The returned policy names match the MissingHostkeyPolicy class names as found in Python Paramiko.
Returns: agent hostkey policy Return type: str
-
get_agent_query_mode
(profile_id)[source]¶ Get the agent query mode (LOCAL or SSH, normally) that is configured for this X2Go Session Broker instance.
Returns: agent query mode Return type: str
-
get_all_remote_agents
(profile_id)[source]¶ Get all remote agents.
Parameters: profile_id ( str
) – choose remote agent for this profile IDReturns: list
of remote agents for the given profile IDReturn type: list
-
get_authentication_mechanism
()[source]¶ Get the name of the authentication mechanism that is configured for this X2Go Session Broker instance.
Returns: auth-mech name Return type: str
Get the default location of server-side authorized_keys files used with the X2Go Session Broker.
The file location can be configured broker-wide. It is also possible to provide a broker-authorized-keys file in session profiles. The latter will override the broker-wide conigured file location.
Returns: authorized_keys location on the remote server Return type: str
-
get_backend_config
()[source]¶ Get the configuration section of a specific backend.
Returns: all backend configuration parameters Return type: dict
-
get_backend_value
(backend='zeroconf', option='enable')[source]¶ Get the configuration setting for backend
backend
and optionoption
.Parameters: - backend (
str
) – the name of the backend - option (
str
) – option name of the backend’s configuration section
Returns: the value for the given
backend
option
Return type: bool
,str
,int
orlist
- backend (
-
get_client_address
()[source]¶ Get the client IP address (if set).
Returns: the client IP (either IPv4 or IPv6) Return type: str
-
get_client_address_type
()[source]¶ Get the client IP address type of the client address (if set).
Returns: the client address type (4: IPv4, 6: IPv6) Return type: int
-
get_global_config
()[source]¶ Get the global section of the configuration file.
Returns: all global configuration parameters Return type: dict
-
get_global_value
(option)[source]¶ Get the configuration setting for an option in the global section of the configuration file.
Parameters: option ( str
) – option name in the global configuration sectionReturns: the value for the given global option
Return type: bool
,str
,int
orlist
-
get_group_members
(group, primary_groups=False)[source]¶ Get the list of members in group
<group>
.Parameters: - group (
str
) – valid group name - primary_groups (
bool
) – include primary groups found with the user db service
Returns: list of users belonging to the given group
Return type: list
- group (
-
get_groupdb_service
()[source]¶ Get the name of the backend being used for retrieving group information from the system.
Returns: group service name Return type: str
-
get_groups
()[source]¶ Get list of known groups.
Returns: returns list of known groups Return type: list
Get the pre-set authentication cookie UUID hash that clients have to use on their first connection attempt (if the global config option “require-cookie” has been set).
Returns: the pre-set authentication cookie UUID hash Return type: str
-
get_name
()[source]¶ Accessor for self.backend_name property.
Returns: the backend name Return type: str
-
get_portscan_x2goservers
(profile_id)[source]¶ Detect if the given profile is configured to try portscanning on X2Go Servers before offering an X2Go Server hostname to the client.
Returns: True
if X2Go Servers shall be probed before offering it to clientsReturn type: bool
-
get_primary_group
(username)[source]¶ Get the primary group of a given user.
Parameters: username ( str
) – get primary group for this usernameReturns: returns the name of the primary group Return type: str
-
get_profile
(profile_id)[source]¶ Get the session profile for profile ID <profile_id>.
Parameters: profile_id ( str
) – the ID of a profileReturns: a dictionary representing the session profile for ID <profile_id> Return type: dict
-
get_profile_acls
(profile_id)[source]¶ Get the ACLs for session profile with profile ID <profile_id>.
Parameters: profile_id ( str
) – the ID of a profileReturns: a dictionary representing the ACLs for session profile with ID <profile_id> Return type: dict
-
get_profile_broker
(profile_id)[source]¶ Get broker-specific session profile options from the session profile with profile ID <profile_id>.
Parameters: profile_id ( str
) – the ID of a profileReturns: a dictionary representing the session profile for ID <profile_id> Return type: dict
-
get_profile_defaults
()[source]¶ Get the session profile defaults, i.e. profile options that all configured session profiles have in common.
The defaults are hard-coded in
x2gobroker.defaults
for classx2gobroker.brokers.base_broker.X2GoBroker
.Returns: a dictionary containing the session profile defaults Return type: dict
-
get_profile_for_user
(profile_id, username, broker_frontend=None)[source]¶ Expect a profile id and perform some checks and preparations to make it ready for exporting to a broker client:
- drop internal host=<hostname> and sshport=<port> keys from the profile, broker clients cannot handle those
- drop keys with value “not-set”
- replace BROKER_USER by the name of the authenticated user
- test if autologin is possible
- fix rootless session profile option for non-desktop sessions
- perform an ACL check (return
None
if it fails) - query a remote agent (if configured) to check if we have running / suspended sessions on the remote X2Go Server
Parameters: - profile_id (
str
) – ID of a valid session profile - username (
str
) – prepare session profile for this (authenticated) user - broker_frontend (
str
) – some broker frontend (e.g. UCCS) require special treatment by this method
Returns: session profile as a dictionary (ready for sending out to a broker client)
Return type: dict
-
get_profile_ids
()[source]¶ Retrieve the complete list of session profile IDs.
Returns: list of profile IDs Return type: list
-
get_profile_ids_for_user
(username)[source]¶ Retrieve the list of session profile IDs for a given user.
Parameters: username ( str
) – query profile id list for this userReturns: list of profile IDs Return type: list
-
get_remote_agent
(profile_id, exclude_agents=[])[source]¶ Randomly choose a remote agent for agent query.
Parameters: - profile_id (
str
) – choose remote agent for this profile ID - exclude_agents (
list
) – a list of remote agent dict objects to be exclude from the random choice
Returns: remote agent to use for queries for profile ID
Return type: dict
- profile_id (
-
get_session_autologin
(profile_id)[source]¶ Detect if the given profile is configured to try automatic session logons.
Returns: True
to denote that automatic session login should be attemptedReturn type: bool
Get the default location of SSH proxy server-side authorized_keys files used with the X2Go Session Broker.
The file location can be configured broker-wide. It is also possible to provide a broker-authorized-keys file in session profiles. The latter will override the broker-wide conigured file location.
Returns: authorized_keys location on the remote SSH proxy server Return type: str
-
get_use_load_checker
()[source]¶ Is this broker backend configured to access an X2Go Broker LoadChecker daemon.
Returns: True
if there should a load checker daemon running.Return type: bool
-
get_user_groups
(username, primary_groups=False)[source]¶ Get all groups a given user is member of.
Parameters: - username (
str
) – get groups for this user - primary_groups (
bool
) – ifTrue
, include the user’s primary group in the group list
Returns: list of groups the given user is member of
Return type: list
- username (
-
get_userdb_service
()[source]¶ Get the name of the backend being used for retrieving user information from the system.
Returns: user service name Return type: str
-
has_group
(group)[source]¶ Test if the broker knows group
<group>
.Parameters: group ( str
) – test for existence of this groupReturns: returns True
if a group existsReturn type: bool
-
has_user
(username)[source]¶ Test if the broker knows user
<username>
.Parameters: username ( str
) – test for existence of this userReturns: returns True
if a user existsReturn type: bool
-
is_group_member
(username, group, primary_groups=False)[source]¶ Check if a user is member of a given group.
Parameters: - username (
str
) – check group membership of this user - group (
str
) – test if user is member of this group - primary_groups (
bool
) – ifTrue
, test for primary group membership, as well
Returns: returns
True
if the user is member of the given groupReturn type: bool
- username (
-
is_shadow_profile
(profile_id)[source]¶ Detect from the session profile, if it defines a desktop sharing (shadow) session.
Parameters: profile_id ( str
) – ID of a valid session profileReturns: True
if the session profile defines a desktop sharing (shadow) sessionReturn type: bool
-
list_profiles
(username)[source]¶ Retrieve a list of available session profiles for the authenticated user.
Parameters: username ( str
) – query session profile list for this userReturns: list of profile dictionaries Return type: dict
-
nameservice_module
= None¶
-
run_optional_script
(script_type, username, password, task, profile_id, ip, cookie, authed=None, server=None)[source]¶ Run all optional scripts of type script_type. Called with 3 different script types:
- pre_auth_scripts - before authentication happens
- post_auth_scripts - after authentication but before anything else occurs
- select_session_scripts - after load balancing before a specific server is sent to the client
These scripts allow for both addional actions to be performed as well as the mangling of any relevant fields.
Parameters: - script_type (
str
) – name of the script type to be executed (pre_auth_scripts
,post_auth_scripts
,select_session_scripts
) - username (
str
) – name of the X2Go session user a script will run for - password (
str
) – password for the X2Go session - task (
str
) – the broker task that currently being processed - profile_id (
str
) – the session profile ID that is being operated upon - ip (
str
) – the client machine’s IP address - cookie (
str
) – the currently valid authentication cookie - authed (
bool
) – authentication status (already authenticated or not) - server (
str
) – hostname or IP address of the X2Go server being operated upon
Returns: Pass-through of the return value returned by the to-be-run optional script (i.e., success or failure)
Return type: bool
-
select_session
(profile_id, username=None, pubkey=None)[source]¶ Start/resume a session by selecting a profile name offered by the X2Go client.
The X2Go server that the session is launched on is selected automatically by the X2Go session broker.
Parameters: - profile_id (
str
) – the selected profile ID. This matches one of the dictionary keys offered by thelist_profiles
method - username (
str
) – specify X2Go Server username that this operation runs for - pubkey (
str
) – The broker clients may send us a public key that we may temporarily install into a remote X2Go Server for non-interactive login
Returns: the seclected session (X2Go session ID)
Return type: str
- profile_id (
-
set_client_address
(address)[source]¶ Set the client IP address.
Parameters: address ( str
) – the client IP
-
use_load_checker
(profile_id)[source]¶ Actually query the load checker daemon for the given session profile ID. This method will check:
- broker backend configured per backend or globally to use load checker daemon?
- or on a per session profile basis?
- plus: more than one host configured for the given session profile?
Parameters: profile_id ( str
) – choose remote agent for this profile IDReturns: True
if there is a load checker daemon running.Return type: bool
-
use_portscan_x2goservers
(profile_id)¶ Detect if the given profile is configured to try portscanning on X2Go Servers before offering an X2Go Server hostname to the client.
Returns: True
if X2Go Servers shall be probed before offering it to clientsReturn type: bool
-
use_session_autologin
(profile_id)¶ Detect if the given profile is configured to try automatic session logons.
Returns: True
to denote that automatic session login should be attemptedReturn type: bool