x2gobroker.brokers.base_broker module¶
x2gobroker.brokers.base_broker.X2GoBroker
class - base skeleton for X2GoBroker implementations
-
class
x2gobroker.brokers.base_broker.
X2GoBroker
(config_file=None, config_defaults=None)[source]¶ Bases:
object
x2gobroker.brokers.base_broker.X2GoBroker
is an abstract class for X2Go broker implementations.This class needs to be inherited from a concrete broker class.
- Currently available broker classes are::
zeroconf.X2GoBroker
(working)inifile.X2GoBroker
(working)ldap.X2GoBroker
(in prep)
-
authmech_module
= None¶
-
backend_name
= 'base'¶
-
change_password
(new='', old='')[source]¶ Modify the authenticated user’s password on the X2Go infrastructure (normally, one user in one X2Go site setup should have the same password on all machines).
This function is a dummy function and needs to be overridden in specific broker backend implementations
Parameters: - new (
str
) – the new password that is to be set - old (
str
) – the currently set password
Returns: whether the password change has been successful
Return type: bool
- new (
-
check_access
(username='', password='', ip='', cookie=None, override_password_auth=False)[source]¶ Check if a given user with a given password may gain access to the X2Go session broker.
Parameters: - username (
str
) – a username known to the session broker - password (
str
) – a password that authenticates the user against the X2Go session broker - ip (
str
) – the ip address of the client - cookie (
str
) – an extra (static or dynamic) authentication token - override_password_auth (
bool
) – let password auth always succeed, needed for SSH broker (where SSH handled the password (or key) based authentication
Returns: returns
True
if the authentication has been successfulReturn type: bool
,``str``- username (
-
check_for_sessions
(profile_id)[source]¶ Detect from the session profile, if we should query the remote broker agent for running or suspended sessions.
Parameters: profile_id ( str
) – ID of a valid session profileReturns: True
if the remote broker agent should be queried for running/suspended sessionsReturn type: bool
-
check_profile_acls
(username, acls)[source]¶ Test if a given user can get through an ACL check using <acls> as a list of allow and deny rules.
Parameters: - username (
str
) – the username of interest - acls (
dict
) – a dictionary data structure containing ACL information (seex2gobroker.defaults.X2GOBROKER_SESSIONPROFILE_DEFAULTS
)
- username (
-
get_acl_defaults
()[source]¶ Get the ACL defaults for session profiles. The defaults are hard-coded in
x2gobroker.defaults
for classx2gobroker.brokers.base_broker.X2GoBroker
.Returns: a dictionary containing the ACL defaults for all session profiles Return type: dict
-
get_agent_query_mode
(profile_id)[source]¶ Get the agent query mode (LOCAL or SSH, normally) that is configured for this X2Go Session Broker instance.
Returns: agent query mode Return type: str
-
get_all_remote_agents
(profile_id)[source]¶ Get all remote agents.
Parameters: profile_id ( str
) – choose remote agent for this profile IDReturns: list
of remote agents for the given profile IDReturn type: list
-
get_authentication_mechanism
()[source]¶ Get the name of the authentication mechanism that is configured for this X2Go Session Broker instance.
Returns: auth-mech name Return type: str
Get the default location of server-side authorized_keys files used with the X2Go Session Broker.
The file location can be configured broker-wide. It is also possible to provide a broker-authorized-keys file in session profiles. The latter will override the broker-wide conigured file location.
Returns: authorized_keys location on the remote server Return type: str
-
get_backend_config
()[source]¶ Get the configuration section of a specific backend.
Returns: all backend configuration parameters Return type: dict
-
get_backend_value
(backend='zeroconf', option='enable')[source]¶ Get the configuration setting for backend
backend
and optionoption
.Parameters: - backend (
str
) – the name of the backend - option (
str
) – option name of the backend’s configuration section
Returns: the value for the given
backend
option
Return type: bool
,str
,int
orlist
- backend (
-
get_client_address
()[source]¶ Get the client IP address (if set).
Returns: the client IP (either IPv4 or IPv6) Return type: str
-
get_client_address_type
()[source]¶ Get the client IP address type of the client address (if set).
Returns: the client address type (4: IPv4, 6: IPv6) Return type: int
-
get_global_config
()[source]¶ Get the global section of the configuration file.
Returns: all global configuration parameters Return type: dict
-
get_global_value
(option)[source]¶ Get the configuration setting for an option in the global section of the configuration file.
Parameters: option ( str
) – option name in the global configuration sectionReturns: the value for the given global option
Return type: bool
,str
,int
orlist
-
get_group_members
(group, primary_groups=False)[source]¶ Get the list of members in group
<group>
.Parameters: - group (
str
) – valid group name - primary_groups (
bool
) – include primary groups found with the user db service
Returns: list of users belonging to the given group
Return type: list
- group (
-
get_groupdb_service
()[source]¶ Get the name of the backend being used for retrieving group information from the system.
Returns: group service name Return type: str
-
get_groups
()[source]¶ Get list of known groups.
Returns: returns list of known groups Return type: list
Get the pre-set authentication cookie UUID hash that clients have to use on their first connection attempt (if the global config option “require-cookie” has been set).
Returns: the pre-set authentication cookie UUID hash Return type: str
-
get_name
()[source]¶ Accessor for self.backend_name property.
Returns: the backend name Return type: str
-
get_portscan_x2goservers
(profile_id)[source]¶ Detect if the given profile is configured to try portscanning on X2Go Servers before offering an X2Go Server hostname to the client.
Returns: True
if X2Go Servers shall be probed before offering it to clientsReturn type: bool
-
get_primary_group
(username)[source]¶ Get the primary group of a given user.
Parameters: username ( str
) – get primary group for this usernameReturns: returns the name of the primary group Return type: str
-
get_profile
(profile_id)[source]¶ Get the session profile for profile ID <profile_id>.
Parameters: profile_id ( str
) – the ID of a profileReturns: a dictionary representing the session profile for ID <profile_id> Return type: dict
-
get_profile_acls
(profile_id)[source]¶ Get the ACLs for session profile with profile ID <profile_id>.
Parameters: profile_id ( str
) – the ID of a profileReturns: a dictionary representing the ACLs for session profile with ID <profile_id> Return type: dict
-
get_profile_broker
(profile_id)[source]¶ Get broker-specific session profile options from the session profile with profile ID <profile_id>.
Parameters: profile_id ( str
) – the ID of a profileReturns: a dictionary representing the session profile for ID <profile_id> Return type: dict
-
get_profile_defaults
()[source]¶ Get the session profile defaults, i.e. profile options that all configured session profiles have in common.
The defaults are hard-coded in
x2gobroker.defaults
for classx2gobroker.brokers.base_broker.X2GoBroker
.Returns: a dictionary containing the session profile defaults Return type: dict
-
get_profile_for_user
(profile_id, username, broker_frontend=None)[source]¶ Expect a profile id and perform some checks and preparations to make it ready for exporting to a broker client:
- drop internal host=<hostname> and sshport=<port> keys from the profile, broker clients cannot handle those
- drop keys with value “not-set”
- replace BROKER_USER by the name of the authenticated user
- test if autologin is possible
- fix rootless session profile option for non-desktop sessions
- perform an ACL check (return
None
if it fails) - query a remote agent (if configured) to check if we have running / suspended sessions on the remote X2Go Server
Parameters: - profile_id (
str
) – ID of a valid session profile - username (
str
) – prepare session profile for this (authenticated) user - broker_frontend (
str
) – some broker frontend (e.g. UCCS) require special treatment by this method
Returns: session profile as a dictionary (ready for sending out to a broker client)
Return type: dict
-
get_profile_ids
()[source]¶ Retrieve the complete list of session profile IDs.
Returns: list of profile IDs Return type: list
-
get_profile_ids_for_user
(username)[source]¶ Retrieve the list of session profile IDs for a given user.
Parameters: username ( str
) – query profile id list for this userReturns: list of profile IDs Return type: list
-
get_remote_agent
(profile_id, exclude_agents=[])[source]¶ Randomly choose a remote agent for agent query.
Parameters: - profile_id (
str
) – choose remote agent for this profile ID - exclude_agents (
list
) – a list of remote agent dict objects to be exclude from the random choice
Returns: remote agent to use for queries for profile ID
Return type: dict
- profile_id (
-
get_session_autologin
(profile_id)[source]¶ Detect if the given profile is configured to try automatic session logons.
Returns: True
to denote that automatic session login should be attemptedReturn type: bool
Get the default location of SSH proxy server-side authorized_keys files used with the X2Go Session Broker.
The file location can be configured broker-wide. It is also possible to provide a broker-authorized-keys file in session profiles. The latter will override the broker-wide conigured file location.
Returns: authorized_keys location on the remote SSH proxy server Return type: str
-
get_use_load_checker
()[source]¶ Is this broker backend configured to access an X2Go Broker LoadChecker daemon.
Returns: True
if there should a load checker daemon running.Return type: bool
-
get_user_groups
(username, primary_groups=False)[source]¶ Get all groups a given user is member of.
Parameters: - username (
str
) – get groups for this user - primary_groups (
bool
) – ifTrue
, include the user’s primary group in the group list
Returns: list of groups the given user is member of
Return type: list
- username (
-
get_userdb_service
()[source]¶ Get the name of the backend being used for retrieving user information from the system.
Returns: user service name Return type: str
-
has_group
(group)[source]¶ Test if the broker knows group
<group>
.Parameters: group ( str
) – test for existence of this groupReturns: returns True
if a group existsReturn type: bool
-
has_user
(username)[source]¶ Test if the broker knows user
<username>
.Parameters: username ( str
) – test for existence of this userReturns: returns True
if a user existsReturn type: bool
-
is_group_member
(username, group, primary_groups=False)[source]¶ Check if a user is member of a given group.
Parameters: - username (
str
) – check group membership of this user - group (
str
) – test if user is member of this group - primary_groups (
bool
) – ifTrue
, test for primary group membership, as well
Returns: returns
True
if the user is member of the given groupReturn type: bool
- username (
-
is_shadow_profile
(profile_id)[source]¶ Detect from the session profile, if it defines a desktop sharing (shadow) session.
Parameters: profile_id ( str
) – ID of a valid session profileReturns: True
if the session profile defines a desktop sharing (shadow) sessionReturn type: bool
-
list_profiles
(username)[source]¶ Retrieve a list of available session profiles for the authenticated user.
Parameters: username ( str
) – query session profile list for this userReturns: list of profile dictionaries Return type: dict
-
nameservice_module
= None¶
-
run_optional_script
(script_type, username, password, task, profile_id, ip, cookie, authed=None, server=None)[source]¶ Run all optional scripts of type script_type. Called with 3 different script types:
- pre_auth_scripts - before authentication happens
- post_auth_scripts - after authentication but before anything else occurs
- select_session_scripts - after load balancing before a specific server is sent to the client
These scripts allow for both addional actions to be performed as well as the mangling of any relevant fields.
Parameters: - script_type (
str
) – name of the script type to be executed (pre_auth_scripts
,post_auth_scripts
,select_session_scripts
) - username (
str
) – name of the X2Go session user a script will run for - password (
str
) – password for the X2Go session - task (
str
) – the broker task that currently being processed - profile_id (
str
) – the session profile ID that is being operated upon - ip (
str
) – the client machine’s IP address - cookie (
str
) – the currently valid authentication cookie - authed (
bool
) – authentication status (already authenticated or not) - server (
str
) – hostname or IP address of the X2Go server being operated upon
Returns: Pass-through of the return value returned by the to-be-run optional script (i.e., success or failure)
Return type: bool
-
select_session
(profile_id, username=None, pubkey=None)[source]¶ Start/resume a session by selecting a profile name offered by the X2Go client.
The X2Go server that the session is launched on is selected automatically by the X2Go session broker.
Parameters: - profile_id (
str
) – the selected profile ID. This matches one of the dictionary keys offered by thelist_profiles
method - username (
str
) – specify X2Go Server username that this operation runs for - pubkey (
str
) – The broker clients may send us a public key that we may temporarily install into a remote X2Go Server for non-interactive login
Returns: the seclected session (X2Go session ID)
Return type: str
- profile_id (
-
set_client_address
(address)[source]¶ Set the client IP address.
Parameters: address ( str
) – the client IP
-
use_load_checker
(profile_id)[source]¶ Actually query the load checker daemon for the given session profile ID. This method will check:
- broker backend configured per backend or globally to use load checker daemon?
- or on a per session profile basis?
- plus: more than one host configured for the given session profile?
Parameters: profile_id ( str
) – choose remote agent for this profile IDReturns: True
if there is a load checker daemon running.Return type: bool
-
use_portscan_x2goservers
(profile_id)¶ Detect if the given profile is configured to try portscanning on X2Go Servers before offering an X2Go Server hostname to the client.
Returns: True
if X2Go Servers shall be probed before offering it to clientsReturn type: bool
-
use_session_autologin
(profile_id)¶ Detect if the given profile is configured to try automatic session logons.
Returns: True
to denote that automatic session login should be attemptedReturn type: bool