x2gobroker.brokers.base_broker module

x2gobroker.brokers.base_broker.X2GoBroker class - base skeleton for X2GoBroker implementations

class x2gobroker.brokers.base_broker.X2GoBroker(config_file=None, config_defaults=None)[source]

Bases: object

x2gobroker.brokers.base_broker.X2GoBroker is an abstract class for X2Go broker implementations.

This class needs to be inherited from a concrete broker class.

Currently available broker classes are::
zeroconf.X2GoBroker (working) inifile.X2GoBroker (working) ldap.X2GoBroker (in prep)
authmech_module = None
backend_name = 'base'
change_password(new='', old='')[source]

Modify the authenticated user’s password on the X2Go infrastructure (normally, one user in one X2Go site setup should have the same password on all machines).

This function is a dummy function and needs to be overridden in specific broker backend implementations

Parameters:
  • new (str) – the new password that is to be set
  • old (str) – the currently set password
Returns:

whether the password change has been successful

Return type:

bool

check_access(username='', password='', ip='', cookie=None, override_password_auth=False)[source]

Check if a given user with a given password may gain access to the X2Go session broker.

Parameters:
  • username (str) – a username known to the session broker
  • password (str) – a password that authenticates the user against the X2Go session broker
  • ip (str) – the ip address of the client
  • cookie (str) – an extra (static or dynamic) authentication token
  • override_password_auth (bool) – let password auth always succeed, needed for SSH broker (where SSH handled the password (or key) based authentication
Returns:

returns True if the authentication has been successful

Return type:

bool,``str``

check_for_sessions(profile_id)[source]

Detect from the session profile, if we should query the remote broker agent for running or suspended sessions.

Parameters:profile_id (str) – ID of a valid session profile
Returns:True if the remote broker agent should be queried for running/suspended sessions
Return type:bool
check_profile_acls(username, acls)[source]

Test if a given user can get through an ACL check using <acls> as a list of allow and deny rules.

Parameters:
  • username (str) – the username of interest
  • acls (dict) – a dictionary data structure containing ACL information (see x2gobroker.defaults.X2GOBROKER_SESSIONPROFILE_DEFAULTS)
disable()[source]

Disable this broker backend.

enable()[source]

Enable this broker backend.

get_acl_defaults()[source]

Get the ACL defaults for session profiles. The defaults are hard-coded in x2gobroker.defaults for class x2gobroker.brokers.base_broker.X2GoBroker.

Returns:a dictionary containing the ACL defaults for all session profiles
Return type:dict
get_agent_query_mode(profile_id)[source]

Get the agent query mode (LOCAL or SSH, normally) that is configured for this X2Go Session Broker instance.

Returns:agent query mode
Return type:str
get_all_remote_agents(profile_id)[source]

Get all remote agents.

Parameters:profile_id (str) – choose remote agent for this profile ID
Returns:list of remote agents for the given profile ID
Return type:list
get_authentication_mechanism()[source]

Get the name of the authentication mechanism that is configured for this X2Go Session Broker instance.

Returns:auth-mech name
Return type:str
get_authorized_keys_file(profile_id)[source]

Get the default location of server-side authorized_keys files used with the X2Go Session Broker.

The file location can be configured broker-wide. It is also possible to provide a broker-authorized-keys file in session profiles. The latter will override the broker-wide conigured file location.

Returns:authorized_keys location on the remote server
Return type:str
get_backend_config()[source]

Get the configuration section of a specific backend.

Returns:all backend configuration parameters
Return type:dict
get_backend_value(backend='zeroconf', option='enable')[source]

Get the configuration setting for backend backend and option option.

Parameters:
  • backend (str) – the name of the backend
  • option (str) – option name of the backend’s configuration section
Returns:

the value for the given backend option

Return type:

bool, str, int or list

get_client_address()[source]

Get the client IP address (if set).

Returns:the client IP (either IPv4 or IPv6)
Return type:str
get_client_address_type()[source]

Get the client IP address type of the client address (if set).

Returns:the client address type (4: IPv4, 6: IPv6)
Return type:int
get_global_config()[source]

Get the global section of the configuration file.

Returns:all global configuration parameters
Return type:dict
get_global_value(option)[source]

Get the configuration setting for an option in the global section of the configuration file.

Parameters:option (str) – option name in the global configuration section
Returns:the value for the given global option
Return type:bool, str, int or list
get_group_members(group, primary_groups=False)[source]

Get the list of members in group <group>.

Parameters:
  • group (str) – valid group name
  • primary_groups (bool) – include primary groups found with the user db service
Returns:

list of users belonging to the given group

Return type:

list

get_groupdb_service()[source]

Get the name of the backend being used for retrieving group information from the system.

Returns:group service name
Return type:str
get_groups()[source]

Get list of known groups.

Returns:returns list of known groups
Return type:list

Get the pre-set authentication cookie UUID hash that clients have to use on their first connection attempt (if the global config option “require-cookie” has been set).

Returns:the pre-set authentication cookie UUID hash
Return type:str
get_name()[source]

Accessor for self.backend_name property.

Returns:the backend name
Return type:str
get_portscan_x2goservers(profile_id)[source]

Detect if the given profile is configured to try portscanning on X2Go Servers before offering an X2Go Server hostname to the client.

Returns:True if X2Go Servers shall be probed before offering it to clients
Return type:bool
get_primary_group(username)[source]

Get the primary group of a given user.

Parameters:username (str) – get primary group for this username
Returns:returns the name of the primary group
Return type:str
get_profile(profile_id)[source]

Get the session profile for profile ID <profile_id>.

Parameters:profile_id (str) – the ID of a profile
Returns:a dictionary representing the session profile for ID <profile_id>
Return type:dict
get_profile_acls(profile_id)[source]

Get the ACLs for session profile with profile ID <profile_id>.

Parameters:profile_id (str) – the ID of a profile
Returns:a dictionary representing the ACLs for session profile with ID <profile_id>
Return type:dict
get_profile_broker(profile_id)[source]

Get broker-specific session profile options from the session profile with profile ID <profile_id>.

Parameters:profile_id (str) – the ID of a profile
Returns:a dictionary representing the session profile for ID <profile_id>
Return type:dict
get_profile_defaults()[source]

Get the session profile defaults, i.e. profile options that all configured session profiles have in common.

The defaults are hard-coded in x2gobroker.defaults for class x2gobroker.brokers.base_broker.X2GoBroker.

Returns:a dictionary containing the session profile defaults
Return type:dict
get_profile_for_user(profile_id, username, broker_frontend=None)[source]

Expect a profile id and perform some checks and preparations to make it ready for exporting to a broker client:

  • drop internal host=<hostname> and sshport=<port> keys from the profile, broker clients cannot handle those
  • drop keys with value “not-set”
  • replace BROKER_USER by the name of the authenticated user
  • test if autologin is possible
  • fix rootless session profile option for non-desktop sessions
  • perform an ACL check (return None if it fails)
  • query a remote agent (if configured) to check if we have running / suspended sessions on the remote X2Go Server
Parameters:
  • profile_id (str) – ID of a valid session profile
  • username (str) – prepare session profile for this (authenticated) user
  • broker_frontend (str) – some broker frontend (e.g. UCCS) require special treatment by this method
Returns:

session profile as a dictionary (ready for sending out to a broker client)

Return type:

dict

get_profile_ids()[source]

Retrieve the complete list of session profile IDs.

Returns:list of profile IDs
Return type:list
get_profile_ids_for_user(username)[source]

Retrieve the list of session profile IDs for a given user.

Parameters:username (str) – query profile id list for this user
Returns:list of profile IDs
Return type:list
get_remote_agent(profile_id, exclude_agents=[])[source]

Randomly choose a remote agent for agent query.

Parameters:
  • profile_id (str) – choose remote agent for this profile ID
  • exclude_agents (list) – a list of remote agent dict objects to be exclude from the random choice
Returns:

remote agent to use for queries for profile ID

Return type:

dict

get_session_autologin(profile_id)[source]

Detect if the given profile is configured to try automatic session logons.

Returns:True to denote that automatic session login should be attempted
Return type:bool
get_sshproxy_authorized_keys_file(profile_id)[source]

Get the default location of SSH proxy server-side authorized_keys files used with the X2Go Session Broker.

The file location can be configured broker-wide. It is also possible to provide a broker-authorized-keys file in session profiles. The latter will override the broker-wide conigured file location.

Returns:authorized_keys location on the remote SSH proxy server
Return type:str
get_use_load_checker()[source]

Is this broker backend configured to access an X2Go Broker LoadChecker daemon.

Returns:True if there should a load checker daemon running.
Return type:bool
get_user_groups(username, primary_groups=False)[source]

Get all groups a given user is member of.

Parameters:
  • username (str) – get groups for this user
  • primary_groups (bool) – if True, include the user’s primary group in the group list
Returns:

list of groups the given user is member of

Return type:

list

get_userdb_service()[source]

Get the name of the backend being used for retrieving user information from the system.

Returns:user service name
Return type:str
get_users()[source]

Get list of known users.

Returns:returns list of known users
Return type:list
has_group(group)[source]

Test if the broker knows group <group>.

Parameters:group (str) – test for existence of this group
Returns:returns True if a group exists
Return type:bool
has_user(username)[source]

Test if the broker knows user <username>.

Parameters:username (str) – test for existence of this user
Returns:returns True if a user exists
Return type:bool
is_enabled()[source]

Check if this backend has been enabled in the configuration file.

is_group_member(username, group, primary_groups=False)[source]

Check if a user is member of a given group.

Parameters:
  • username (str) – check group membership of this user
  • group (str) – test if user is member of this group
  • primary_groups (bool) – if True, test for primary group membership, as well
Returns:

returns True if the user is member of the given group

Return type:

bool

is_shadow_profile(profile_id)[source]

Detect from the session profile, if it defines a desktop sharing (shadow) session.

Parameters:profile_id (str) – ID of a valid session profile
Returns:True if the session profile defines a desktop sharing (shadow) session
Return type:bool
list_profiles(username)[source]

Retrieve a list of available session profiles for the authenticated user.

Parameters:username (str) – query session profile list for this user
Returns:list of profile dictionaries
Return type:dict
nameservice_module = None
run_optional_script(script_type, username, password, task, profile_id, ip, cookie, authed=None, server=None)[source]

Run all optional scripts of type script_type. Called with 3 different script types:

  • pre_auth_scripts - before authentication happens
  • post_auth_scripts - after authentication but before anything else occurs
  • select_session_scripts - after load balancing before a specific server is sent to the client

These scripts allow for both addional actions to be performed as well as the mangling of any relevant fields.

Parameters:
  • script_type (str) – name of the script type to be executed (pre_auth_scripts, post_auth_scripts, select_session_scripts)
  • username (str) – name of the X2Go session user a script will run for
  • password (str) – password for the X2Go session
  • task (str) – the broker task that currently being processed
  • profile_id (str) – the session profile ID that is being operated upon
  • ip (str) – the client machine’s IP address
  • cookie (str) – the currently valid authentication cookie
  • authed (bool) – authentication status (already authenticated or not)
  • server (str) – hostname or IP address of the X2Go server being operated upon
Returns:

Pass-through of the return value returned by the to-be-run optional script (i.e., success or failure)

Return type:

bool

select_session(profile_id, username=None, pubkey=None)[source]

Start/resume a session by selecting a profile name offered by the X2Go client.

The X2Go server that the session is launched on is selected automatically by the X2Go session broker.

Parameters:
  • profile_id (str) – the selected profile ID. This matches one of the dictionary keys offered by the list_profiles method
  • username (str) – specify X2Go Server username that this operation runs for
  • pubkey (str) – The broker clients may send us a public key that we may temporarily install into a remote X2Go Server for non-interactive login
Returns:

the seclected session (X2Go session ID)

Return type:

str

set_client_address(address)[source]

Set the client IP address.

Parameters:address (str) – the client IP
test_connection()[source]
use_load_checker(profile_id)[source]

Actually query the load checker daemon for the given session profile ID. This method will check:

  • broker backend configured per backend or globally to use load checker daemon?
  • or on a per session profile basis?
  • plus: more than one host configured for the given session profile?
Parameters:profile_id (str) – choose remote agent for this profile ID
Returns:True if there is a load checker daemon running.
Return type:bool
use_portscan_x2goservers(profile_id)

Detect if the given profile is configured to try portscanning on X2Go Servers before offering an X2Go Server hostname to the client.

Returns:True if X2Go Servers shall be probed before offering it to clients
Return type:bool
use_session_autologin(profile_id)

Detect if the given profile is configured to try automatic session logons.

Returns:True to denote that automatic session login should be attempted
Return type:bool