Bug#927789: [pre-upload-approval] unblock: x2gobroker/0.0.4.1-1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package x2gobroker
* New upstream release (with specific fixes, targetting Debian buster).
- Make builds reproducible. Thanks to Chris Lamb for providing a patch.
(Closes: #922137).
-> In the previous version, a UUID got generated at build time. Chris
provided a patch to handle this differently.
- Correctly initialize the loggers when using x2gobroker via WSGI in
Apache2. (Closes: #922042).
-> Unfortunately, (with my upstream hat on) I realized too late that I
never really tested the WSGI integration code on Debian buster. Luckily,
Linnea Skogtvedt did this recently and provided very good bug reports to
pin the open issues down.
- x2gobroker-wsgi: Place WSGI script symlink (pointing to
<BINDIR>/x2gobroker) into a dedicated folder and configure Apache2
to use WSGIScriptAlias from that folder. (Closes: #922040).
-> Something that worked on stretch, but now fails on buster.
- Permit `asyncio` to create event loops on any thread (required on
multithreaded WSGI servers using Python 3). (Closes: #925102).
-> Problem in python3-tornado. In fact, in buster+1 (which probably will have
tornado 0.6.x (or beyond), we (as in upstream) will have to re-implement
the WSGI integration entirely, as tornado will drop WSGI support then.
- Make remote agent's SSH HostKey policy configurable globally, backend-wise
and per session profile. Fallback to RejectPolicy by default.
(Closes: #922314).
-> This is the most evasive bit of the attached .debdiff. However, missing host key
checks are convenient, but an obvious security risk. Thanks to Linnea Skogtvedt for
getting me to implement this.
- x2gobroker/brokers/base_broker.py: Log IP address of authentication
attempts. (Closes: #922458).
-> Nice to have when debugging unwanted access to the X2Go Session Broker.
* debian/patches:
+ Drop all patches. All changes applied upstream.
-> So there are some other changes to the upstream code (see upstream
ChangeLog), that x2gobroker in Debian shipped patch-wise in earlier
0.0.4.0-X releases.
* debian/changelog:
+ Fix indentation in previous changelog stanza.
* debian/po:
+ Add French debconf translation. Thanks to Jean-Pierre Giraud. (Closes:
#923381).
+ Add Dutch debconf translation. Thanks to Frans Spiesschaert. (Closes:
#922774).
+ Add Portuguese debconf translation file. Thanks to Américo Monteiro.
(Closes: #922527).
-> self-explaining
* debian/x2gobroker-wsgi.install:
+ Add WSGIScriptAlias symlink path.
-> Part of the upstream fix for #922040.
light+love,
Mike
unblock x2gobroker/0.0.4.1-1
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru x2gobroker-0.0.4.0/bin/x2gobroker x2gobroker-0.0.4.1/bin/x2gobroker
--- x2gobroker-0.0.4.0/bin/x2gobroker 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/bin/x2gobroker 2019-04-22 09:38:50.000000000 +0200
@@ -299,16 +299,18 @@
urls = ()
settings = {}
-# raise log level to DEBUG if requested...
-if x2gobroker.defaults.X2GOBROKER_DEBUG and not x2gobroker.defaults.X2GOBROKER_TESTSUITE:
- logger_broker.setLevel(logging.DEBUG)
- logger_access.setLevel(logging.DEBUG)
- logger_error.setLevel(logging.DEBUG)
+
# run the Python Tornado standalone daemon or handle interactive command line execution (via SSH)
if __name__ == "__main__":
+ # raise log level to DEBUG if requested...
+ if x2gobroker.defaults.X2GOBROKER_DEBUG and not x2gobroker.defaults.X2GOBROKER_TESTSUITE:
+ logger_broker.setLevel(logging.DEBUG)
+ logger_access.setLevel(logging.DEBUG)
+ logger_error.setLevel(logging.DEBUG)
+
logfile_prelude(mode=cmdline_args.mode.upper())
if cmdline_args.mode.upper() == 'HTTP' or PROG_NAME == 'x2gobroker-daemon':
@@ -371,6 +373,20 @@
### launch as WSGI application ###
+ import asyncio
+ from tornado.platform.asyncio import AnyThreadEventLoopPolicy
+ asyncio.set_event_loop_policy(AnyThreadEventLoopPolicy())
+
+ logger_broker = x2gobroker.loggers.logger_broker
+ logger_access = x2gobroker.loggers.logger_broker
+ logger_error = x2gobroker.loggers.logger_error
+
+ # raise log level to DEBUG if requested...
+ if x2gobroker.defaults.X2GOBROKER_DEBUG and not x2gobroker.defaults.X2GOBROKER_TESTSUITE:
+ logger_broker.setLevel(logging.DEBUG)
+ logger_access.setLevel(logging.DEBUG)
+ logger_error.setLevel(logging.DEBUG)
+
prep_http_mode()
import tornado.wsgi
diff -Nru x2gobroker-0.0.4.0/ChangeLog x2gobroker-0.0.4.1/ChangeLog
--- x2gobroker-0.0.4.0/ChangeLog 2019-02-02 22:12:26.000000000 +0100
+++ x2gobroker-0.0.4.1/ChangeLog 2019-04-22 09:38:50.000000000 +0200
@@ -1,3 +1,54 @@
+x2gobroker (0.0.4.1-0x2go1) unstable; urgency=medium
+
+ [ Mike Gabriel ]
+ * New upstream version (0.0.4.1):
+ - Makefile.docupload: Ignore clean failures. Helpful to Debian package
+ build chain.
+ - Fix some man page typos.
+ - x2gobroker/defaults.py: Support offline builds with no DNS or other
+ means of hostname resolution..
+ - sbin/x2gobroker-keygen: Fix call to
+ x2gobroker.utils.get_fingerprint_with_colons(). Thanks to Linnea Skogtvedt
+ for spotting and reporting this.
+ - Make builds reproducible. Thanks to Chris Lamb for providing a patch.
+ (See Debian bug #922137).
+ - Correctly initialize the loggers when using x2gobroker via WSGI in
+ Apache2.
+ - x2gobroker-wsgi: Place WSGI script symlink (pointing to
+ <BINDIR>/x2gobroker) into a dedicated folder and configure Apache2
+ to use WSGIScriptAlias from that folder. (See Debian bug #922040).
+ - sbin/x2gobroker-testagent: Fix retrieval of available tasks.
+ - Permit `asyncio` to create event loops on any thread (required on
+ multithreaded WSGI servers using Python 3).
+ - Make remote agent's SSH HostKey policy configurable globally, backend-wise
+ and per session profile. Fallback to RejectPolicy by default. (See Debian
+ bug #922314).
+ - x2gobroker/agent.py: Assure that remote_agent['host_key_policy'] is always
+ the name of the Parmiko MissingHostKeyPolicy, not the class object itself.
+ - sbin/x2gobroker-testagent: Fix indentation, set 'host_key_policy' as a
+ string (not class).
+ - etc/x2gobroker.conf: Update info about default-agent-hostkey-policy
+ parameter.
+ * debian/po:
+ + Adopt debconf translations from Debian.
+
+ [ Linnea Skogtvedt ]
+ * New upstream version (0.0.4.1):
+ - x2gobroker/brokers/base_broker.py: Log IP address of authentication
+ attempts. (See Debian bug #922458).
+
+ [ Mihai Moldovan ]
+ * New upstream version (0.0.4.1):
+ - man/*: update date and version stamps pre-release.
+ * x2gobroker.spec:
+ + Install new wsgi symlink for %{_bindir}/x2gobroker-wsgi.
+ + Fix wsgi symlink location.
+ + Also own %{_libexecdir}/x2gobroker (in wsgi package, for now).
+ + Also own %{_libexecdir}/x2gobroker/wsgi (in wsgi package).
+ + Switch to python36 on EPEL 7.
+
+ -- X2Go Release Manager <git-admin@x2go.org> Mon, 22 Apr 2019 09:26:58 +0200
+
x2gobroker (0.0.4.0-0x2go1) unstable; urgency=medium
[ Mike Gabriel ]
diff -Nru x2gobroker-0.0.4.0/debian/changelog x2gobroker-0.0.4.1/debian/changelog
--- x2gobroker-0.0.4.0/debian/changelog 2019-02-06 19:41:33.000000000 +0100
+++ x2gobroker-0.0.4.1/debian/changelog 2019-04-23 11:24:49.000000000 +0200
@@ -1,9 +1,42 @@
+x2gobroker (0.0.4.1-1) unstable; urgency=medium
+
+ * New upstream release (with specific fixes, targetting Debian buster).
+ - Make builds reproducible. Thanks to Chris Lamb for providing a patch.
+ (Closes: #922137).
+ - Correctly initialize the loggers when using x2gobroker via WSGI in
+ Apache2. (Closes: #922042).
+ - x2gobroker-wsgi: Place WSGI script symlink (pointing to
+ <BINDIR>/x2gobroker) into a dedicated folder and configure Apache2
+ to use WSGIScriptAlias from that folder. (Closes: #922040).
+ - Permit `asyncio` to create event loops on any thread (required on
+ multithreaded WSGI servers using Python 3). (Closes: #925102).
+ - Make remote agent's SSH HostKey policy configurable globally, backend-wise
+ and per session profile. Fallback to RejectPolicy by default.
+ (Closes: #922314).
+ - x2gobroker/brokers/base_broker.py: Log IP address of authentication
+ attempts. (Closes: #922458).
+ * debian/patches:
+ + Drop all patches. All changes applied upstream.
+ * debian/changelog:
+ + Fix indentation in previous changelog stanza.
+ * debian/po:
+ + Add French debconf translation. Thanks to Jean-Pierre Giraud. (Closes:
+ #923381).
+ + Add Dutch debconf translation. Thanks to Frans Spiesschaert. (Closes:
+ #922774).
+ + Add Portuguese debconf translation file. Thanks to Américo Monteiro.
+ (Closes: #922527).
+ * debian/x2gobroker-wsgi.install:
+ + Add WSGIScriptAlias symlink path.
+
+ -- Mike Gabriel <sunweaver@debian.org> Tue, 23 Apr 2019 11:24:49 +0200
+
x2gobroker (0.0.4.0-3) unstable; urgency=medium
* debian/patches:
+ Add 0001_sbin-x2gobroker-keygen-Fix-call-to-x2gobroker.utils..patch.
- Fix call to x2gobroker.utils.get_key_fingerprint_with_colons(). Thanks
- to Linnea Skogtvedt for spotting and reporting this.
+ Fix call to x2gobroker.utils.get_key_fingerprint_with_colons(). Thanks
+ to Linnea Skogtvedt for spotting and reporting this.
-- Mike Gabriel <sunweaver@debian.org> Wed, 06 Feb 2019 19:41:33 +0100
diff -Nru x2gobroker-0.0.4.0/debian/patches/0001_sbin-x2gobroker-keygen-Fix-call-to-x2gobroker.utils..patch x2gobroker-0.0.4.1/debian/patches/0001_sbin-x2gobroker-keygen-Fix-call-to-x2gobroker.utils..patch
--- x2gobroker-0.0.4.0/debian/patches/0001_sbin-x2gobroker-keygen-Fix-call-to-x2gobroker.utils..patch 2019-02-06 19:37:11.000000000 +0100
+++ x2gobroker-0.0.4.1/debian/patches/0001_sbin-x2gobroker-keygen-Fix-call-to-x2gobroker.utils..patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,27 +0,0 @@
-From c5d6f8492a31d526fdb5c5a2fecbcfd880841a9c Mon Sep 17 00:00:00 2001
-From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
-Date: Wed, 6 Feb 2019 19:36:42 +0100
-Subject: [PATCH] sbin/x2gobroker-keygen: Fix call to
- x2gobroker.utils.get_fingerprint_with_colons(). Thanks to Linnea Skgtvedt for
- spotting and reporting this.
-
----
- sbin/x2gobroker-keygen | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/sbin/x2gobroker-keygen b/sbin/x2gobroker-keygen
-index b259e4c..bbbd78c 100755
---- a/sbin/x2gobroker-keygen
-+++ b/sbin/x2gobroker-keygen
-@@ -124,7 +124,7 @@ if __name__ == '__main__':
- key = paramiko.DSSKey.generate(1024)
- id_file = 'id_dsa'
-
-- logger_broker.info(' The {key_type} key has been generated, fingerprint: {fingerprint}'.format(key_type=cmdline_args.key_type.upper(), fingerprint=x2gobroker.utils.get_fingerprint_with_colons(key)))
-+ logger_broker.info(' The {key_type} key has been generated, fingerprint: {fingerprint}'.format(key_type=cmdline_args.key_type.upper(), fingerprint=x2gobroker.utils.get_key_fingerprint_with_colons(key)))
-
- if os.path.exists('{home}/.ssh/{id_file}'.format(home=broker_home, id_file=id_file)) and not cmdline_args.force:
- logger_broker.error(' Private key {home}/.ssh/{id_file} exists. Use --force to overwrite'.format(home=broker_home, id_file=id_file))
---
-2.11.0
-
diff -Nru x2gobroker-0.0.4.0/debian/patches/1001_silently-fail-on-make-docbuild-clean.patch x2gobroker-0.0.4.1/debian/patches/1001_silently-fail-on-make-docbuild-clean.patch
--- x2gobroker-0.0.4.0/debian/patches/1001_silently-fail-on-make-docbuild-clean.patch 2019-02-03 10:58:43.000000000 +0100
+++ x2gobroker-0.0.4.1/debian/patches/1001_silently-fail-on-make-docbuild-clean.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,14 +0,0 @@
-Description: Ignore clean failures. Helpful to Debian package build chain.
-Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
-
---- a/Makefile.docupload
-+++ b/Makefile.docupload
-@@ -10,7 +10,7 @@
- doc: docbuild docupload
-
- clean:
-- ${MAKE} -C docs/ clean
-+ -${MAKE} -C docs/ clean
-
- apidoc:
- sphinx-apidoc -f -e -o docs/source/ x2gobroker x2gobroker/tests/
diff -Nru x2gobroker-0.0.4.0/debian/patches/1002_man-page-spelling-fixes.patch x2gobroker-0.0.4.1/debian/patches/1002_man-page-spelling-fixes.patch
--- x2gobroker-0.0.4.0/debian/patches/1002_man-page-spelling-fixes.patch 2019-02-03 13:22:30.000000000 +0100
+++ x2gobroker-0.0.4.1/debian/patches/1002_man-page-spelling-fixes.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,25 +0,0 @@
-Description: Fix man page typos.
-Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
-
---- a/man/man8/x2gobroker-testagent.8
-+++ b/man/man8/x2gobroker-testagent.8
-@@ -41,7 +41,7 @@
- \*(T<\fB\-h, \-\-help\fR\*(T>
- Display a help with all available command line options and exit.
- .SH REQUIRED OPTIONS
--You can either list the broker agent's tasks that are avilable for testing:
-+You can either list the broker agent's tasks that are available for testing:
- .TP
- \*(T<\fB\-\-list\-tasks\fR\*(T>
- Render a list of available broker agent tasks. This list shows what can be tested. The capabilities
---- a/man/man1/x2gobroker.1
-+++ b/man/man1/x2gobroker.1
-@@ -110,7 +110,7 @@
- in \fI/etc/x2go/broker/defaults.conf\fR on systemd systems or \fI/etc/defaults/python-x2gobroker\fR
- on SystemV systems).
- .SH SECURITY NOTICE / DISCLAIMER
--Users are advised to not misinterpret X2Go Session Broker's capabilites as a
-+Users are advised to not misinterpret X2Go Session Broker's capabilities as a
- security feature. Even when using X2Go Session Broker, it is still possible for
- users to locally configure an X2Go Client with any settings they want, and
- use that to connect. So if you're trying to keep users from running a
diff -Nru x2gobroker-0.0.4.0/debian/patches/1003_handle-offline-builds.patch x2gobroker-0.0.4.1/debian/patches/1003_handle-offline-builds.patch
--- x2gobroker-0.0.4.0/debian/patches/1003_handle-offline-builds.patch 2019-02-03 13:43:06.000000000 +0100
+++ x2gobroker-0.0.4.1/debian/patches/1003_handle-offline-builds.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,23 +0,0 @@
-Description: Gracefully handle API documentation builds during offline builds.
-Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
-
---- a/x2gobroker/defaults.py
-+++ b/x2gobroker/defaults.py
-@@ -205,10 +205,13 @@
- ### static / hard-coded defaults
- ###
-
--if socket.gethostname().find('.') >= 0:
-- X2GOBROKER_HOSTNAME = socket.gethostname()
--else:
-- X2GOBROKER_HOSTNAME = socket.gethostbyaddr(socket.gethostname())[0]
-+try:
-+ if socket.gethostname().find('.') >= 0:
-+ X2GOBROKER_HOSTNAME = socket.gethostname()
-+ else:
-+ X2GOBROKER_HOSTNAME = socket.gethostbyaddr(socket.gethostname())[0]
-+except socket.gaierror:
-+ X2GOBROKER_HOSTNAME = 'localhost'
-
- # the home directory of the user that the daemon/cgi runs as
- X2GOBROKER_HOME = os.path.normpath(os.path.expanduser('~{broker_uid}'.format(broker_uid=X2GOBROKER_DAEMON_USER)))
diff -Nru x2gobroker-0.0.4.0/debian/patches/series x2gobroker-0.0.4.1/debian/patches/series
--- x2gobroker-0.0.4.0/debian/patches/series 2019-02-06 19:38:43.000000000 +0100
+++ x2gobroker-0.0.4.1/debian/patches/series 2019-04-23 11:03:12.000000000 +0200
@@ -1,4 +0,0 @@
-1001_silently-fail-on-make-docbuild-clean.patch
-1002_man-page-spelling-fixes.patch
-1003_handle-offline-builds.patch
-0001_sbin-x2gobroker-keygen-Fix-call-to-x2gobroker.utils..patch
diff -Nru x2gobroker-0.0.4.0/debian/po/fr.po x2gobroker-0.0.4.1/debian/po/fr.po
--- x2gobroker-0.0.4.0/debian/po/fr.po 1970-01-01 01:00:00.000000000 +0100
+++ x2gobroker-0.0.4.1/debian/po/fr.po 2019-03-18 10:48:41.000000000 +0100
@@ -0,0 +1,162 @@
+# Translation of x2gobroker debconf templates to French
+# Copyright (C) 2019 Debian French l10n Team <debian-l10n-french@lists.debian.org>
+# This file is distributed under the same license as the x2gobroker package.
+#
+# Jean-Pierre Giraud <jean-pierregiraud@neuf.fr>, 2019.
+msgid ""
+msgstr ""
+"Project-Id-Version: x2gobroker\n"
+"Report-Msgid-Bugs-To: x2gobroker@packages.debian.org\n"
+"POT-Creation-Date: 2019-02-03 11:44+0100\n"
+"PO-Revision-Date: 2019-02-14 11:27+0100\n"
+"Last-Translator: Jean-Pierre Giraud <jean-pierregiraud@neuf.fr>\n"
+"Language-Team: French <debian-l10n-french@lists.debian.org>\n"
+"Language: fr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+"X-Generator: Lokalize 2.0\n"
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:2001
+msgid "Create group for X2Go Broker SSH access now?"
+msgstr "Faut-il créer maintenant un groupe pour l'accès SSH au courtier X2Go ?"
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:2001
+msgid ""
+"In X2Go Session Broker, SSH-based broker access is controlled via the broker "
+"users' membership in a dedicated group (default: x2gobroker-users)."
+msgstr ""
+"Avec le courtier de session X2Go, l'accès au courtier basé sur SSH est "
+"contrôlé grâce à l'appartenance des utilisateurs du courtier à un groupe "
+"dédié (par défaut : x2gobroker-users)."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:2001
+msgid ""
+"If this group is not created now, you will be asked to assign this privilege "
+"to an existing group instead."
+msgstr ""
+"Si ce groupe n'est pas déjà créé, il vous sera demandé d'assigner à la place "
+"ces droits à un groupe déjà existant."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:3001
+msgid "Use an already existing group for X2Go Session Broker SSH access?"
+msgstr ""
+"Faut-il utiliser un groupe déjà existant pour l'accès SSH au courtier de "
+"session X2Go ?"
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:3001
+msgid ""
+"If there already exists a group (e.g. in an LDAP database) that you would "
+"like to use for controlling X2Go Session Broker SSH access with, then you "
+"can specify this group name with the next step."
+msgstr ""
+"S'il existe déjà un groupe, (par exemple dans une base de données LDAP) que "
+"vous souhaiteriez utiliser pour contrôler l'accès SSH au courtier de session "
+"X2Go, vous pouvez spécifier ce nom de groupe dans l'étape suivante."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:4001
+msgid "Set up X2Go Session Broker SSH access later?"
+msgstr ""
+"Voulez-vous configurer plus tard l'accès SSH au courtier de session X2Go ?"
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:4001
+msgid ""
+"Without an existing group for X2Go Session Broker SSH access, the SSH broker "
+"will not be usable by users. You have to set up things later, either "
+"manually or via this configuration helper."
+msgstr ""
+"S'il n'existe pas de groupe pour l'accès SSH au courtier de session X2Go, le "
+"courtier SSH ne sera pas accessible aux utilisateurs. Vous devrez configurer "
+"cela plus tard soit manuellement, soit avec cet assistant de configuration."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:4001
+msgid ""
+"A manual setup is only recommended, if you really know what have to do for "
+"this."
+msgstr ""
+"La configuration manuelle n'est recommandée que si vous savez vraiment ce "
+"qu'il faut faire pour la mener à bien."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:4001
+msgid "Alternatively, the setup questions can be asked once more..."
+msgstr "Sinon, les questions de configuration peuvent être à nouveau "
+"posées..."
+
+#. Type: string
+#. Description
+#: ../x2gobroker-ssh.templates:5001
+msgid "X2Go Session Broker SSH access group:"
+msgstr "Groupe d'accès SSH au courtier de session X2Go :"
+
+#. Type: string
+#. Description
+#: ../x2gobroker-ssh.templates:5001
+msgid ""
+"Please specify the group name for users with full X2Go Session Broker access "
+"via SSH now."
+msgstr ""
+"Veuillez spécifier maintenant le nom du groupe pour les utilisateurs dotés "
+"d'un droit d'accès au courtier de session X2Go à travers SSH."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:6001
+msgid ""
+"Delete the group that was formerly used for X2Go Session Broker SSH access?"
+msgstr "Faut-il supprimer le groupe précédemment utilisé pour l'accès SSH au "
+"courtier de session X2Go ?"
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:6001
+msgid "The group for X2Go Session Broker SSH access has been modified."
+msgstr "Le groupe d'accès SSH au courtier de session X2Go a été modifié."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:6001
+msgid ""
+"Please specify whether the old group should be deleted from your system. If "
+"unsure, keep the formerly used group and manually investigate later."
+msgstr ""
+"Veuillez préciser si l'ancien groupe doit être supprimé sur la machine. Si "
+"vous n'êtes pas sûr, conservez le groupe anciennement utilisé et poursuivez "
+"votre recherche plus tard."
+
+#. Type: note
+#. Description
+#: ../x2gobroker-ssh.templates:7001
+msgid "The specified group does not exist on the system"
+msgstr "Le groupe spécifié n'existe pas sur la machine."
+
+#. Type: note
+#. Description
+#: ../x2gobroker-ssh.templates:7001
+msgid "Please enter a group name that is currently available on your system."
+msgstr ""
+"Veuillez entrer un nom de groupe existant réellement sur votre machine."
+
+#. Type: note
+#. Description
+#: ../x2gobroker-ssh.templates:7001
+msgid "Please, try again!"
+msgstr "Veuillez essayer à nouveau !"
diff -Nru x2gobroker-0.0.4.0/debian/po/nl.po x2gobroker-0.0.4.1/debian/po/nl.po
--- x2gobroker-0.0.4.0/debian/po/nl.po 1970-01-01 01:00:00.000000000 +0100
+++ x2gobroker-0.0.4.1/debian/po/nl.po 2019-03-18 10:48:46.000000000 +0100
@@ -0,0 +1,161 @@
+# Dutch translation of x2gobroker debconf templates.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the x2gobroker package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2019.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: x2gobroker_0.0.4.0-2\n"
+"Report-Msgid-Bugs-To: x2gobroker@packages.debian.org\n"
+"POT-Creation-Date: 2019-02-03 11:44+0100\n"
+"PO-Revision-Date: 2019-02-07 16:35+0100\n"
+"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
+"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
+"Language: nl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Gtranslator 2.91.7\n"
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:2001
+msgid "Create group for X2Go Broker SSH access now?"
+msgstr "Nu een groep aanmaken voor SSH-toegang tot X2Go Broker?"
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:2001
+msgid ""
+"In X2Go Session Broker, SSH-based broker access is controlled via the broker "
+"users' membership in a dedicated group (default: x2gobroker-users)."
+msgstr ""
+"In X2Go Session Broker wordt SSH-gebaseerde toegang tot broker (het "
+"makelaarsmechanisme) geregeld door het feit dat broker-gebruikers lid zijn "
+"van een gereserveerde groep (standaard: x2gobroker-users)."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:2001
+msgid ""
+"If this group is not created now, you will be asked to assign this privilege "
+"to an existing group instead."
+msgstr ""
+"Indien deze groep nu niet aangemaakt wordt, zal u gevraagd worden om in de "
+"plaats daarvan dit recht te koppelen aan een bestaande groep."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:3001
+msgid "Use an already existing group for X2Go Session Broker SSH access?"
+msgstr ""
+"Een reeds bestaande groep gebruiken voor SSH-toegang tot X2Go Session Broker?"
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:3001
+msgid ""
+"If there already exists a group (e.g. in an LDAP database) that you would "
+"like to use for controlling X2Go Session Broker SSH access with, then you "
+"can specify this group name with the next step."
+msgstr ""
+"Indien er reeds een groep bestaat (bijv. in een LDAP-database) welke u wilt "
+"gebruiken voor de controle van SSH-toegang tot X2Go Session Broker, dan kunt "
+"u de naam van die groep opgeven bij de volgende stap."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:4001
+msgid "Set up X2Go Session Broker SSH access later?"
+msgstr "SSH-toegang tot X2Go Session Broker later instellen?"
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:4001
+msgid ""
+"Without an existing group for X2Go Session Broker SSH access, the SSH broker "
+"will not be usable by users. You have to set up things later, either "
+"manually or via this configuration helper."
+msgstr ""
+"Zonder een bestaande groep voor SSH-toegang tot X2Go Session Broker, zal de "
+"SSH-broker (SSH-makelaar) niet bruikbaar zijn voor gebruikers. U zult later "
+"de zaken moeten instellen, ofwel handmatig, ofwel via deze configuratiehulp."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:4001
+msgid ""
+"A manual setup is only recommended, if you really know what have to do for "
+"this."
+msgstr ""
+"Een handmatige configuratie wordt enkel aanbevolen indien u echt weet wat u "
+"daarvoor dient te doen."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:4001
+msgid "Alternatively, the setup questions can be asked once more..."
+msgstr ""
+"In het andere geval kunnen de vragen in verband met de configuratie nogmaals "
+"gesteld worden..."
+
+#. Type: string
+#. Description
+#: ../x2gobroker-ssh.templates:5001
+msgid "X2Go Session Broker SSH access group:"
+msgstr "Groep voor SSH-toegang tot X2Go Session Broker:"
+
+#. Type: string
+#. Description
+#: ../x2gobroker-ssh.templates:5001
+msgid ""
+"Please specify the group name for users with full X2Go Session Broker access "
+"via SSH now."
+msgstr ""
+"Geef nu de naam op van de gebruikersgroep die via SSH volledige toegang "
+"heeft tot X2Go Session Broker."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:6001
+msgid ""
+"Delete the group that was formerly used for X2Go Session Broker SSH access?"
+msgstr ""
+"De groep die vroeger gebruikt werd voor SSH-toegang tot X2Go Session Broker, "
+"verwijderen?"
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:6001
+msgid "The group for X2Go Session Broker SSH access has been modified."
+msgstr "De groep voor SSH-toegang tot X2Go Session Broker werd gewijzigd."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:6001
+msgid ""
+"Please specify whether the old group should be deleted from your system. If "
+"unsure, keep the formerly used group and manually investigate later."
+msgstr ""
+"Geef aan of de oude groep verwijderd moet worden van uw systeem. Indien u "
+"twijfelt, behoud dan de vroeger gebruikte groep en onderzoek dit later zelf."
+
+#. Type: note
+#. Description
+#: ../x2gobroker-ssh.templates:7001
+msgid "The specified group does not exist on the system"
+msgstr "De opgegeven groep bestaat niet op het systeem"
+
+#. Type: note
+#. Description
+#: ../x2gobroker-ssh.templates:7001
+msgid "Please enter a group name that is currently available on your system."
+msgstr "Geef een naam op van een groep die momenteel bestaat op uw systeem."
+
+#. Type: note
+#. Description
+#: ../x2gobroker-ssh.templates:7001
+msgid "Please, try again!"
+msgstr "Probeer nogmaals"
diff -Nru x2gobroker-0.0.4.0/debian/po/pt.po x2gobroker-0.0.4.1/debian/po/pt.po
--- x2gobroker-0.0.4.0/debian/po/pt.po 1970-01-01 01:00:00.000000000 +0100
+++ x2gobroker-0.0.4.1/debian/po/pt.po 2019-03-18 10:48:52.000000000 +0100
@@ -0,0 +1,161 @@
+# Translation of x2gobroker's debconf messages to European Portuguese
+# Copyright (C) 2019 THE x2gobroker'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the x2gobroker package.
+#
+# Américo Monteiro <a_monteiro@gmx.com>, 2019.
+msgid ""
+msgstr ""
+"Project-Id-Version: x2gobroker 0.0.4.0-3\n"
+"Report-Msgid-Bugs-To: x2gobroker@packages.debian.org\n"
+"POT-Creation-Date: 2019-02-03 11:44+0100\n"
+"PO-Revision-Date: 2019-02-17 18:12+0000\n"
+"Last-Translator: Américo Monteiro <a_monteiro@gmx.com>\n"
+"Language-Team: Portuguese <>\n"
+"Language: pt\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Lokalize 2.0\n"
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:2001
+msgid "Create group for X2Go Broker SSH access now?"
+msgstr "Criar agora o grupo para acesso X2Go Broker SSH?"
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:2001
+msgid ""
+"In X2Go Session Broker, SSH-based broker access is controlled via the broker "
+"users' membership in a dedicated group (default: x2gobroker-users)."
+msgstr ""
+"No X2Go Session Broker, o acesso broker baseado em SSH é controlado via "
+"associação de utilizadores do broker, num grupo dedicado (predefinição: "
+"x2gobroker-users)."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:2001
+msgid ""
+"If this group is not created now, you will be asked to assign this privilege "
+"to an existing group instead."
+msgstr ""
+"Se este grupo não for criado agora, irá ser-lhe pedido para atribuir este "
+"privilégio a um grupo existente."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:3001
+msgid "Use an already existing group for X2Go Session Broker SSH access?"
+msgstr "Usar um grupo já existente para o acesso SSH a X2Go Session Broker?"
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:3001
+msgid ""
+"If there already exists a group (e.g. in an LDAP database) that you would "
+"like to use for controlling X2Go Session Broker SSH access with, then you "
+"can specify this group name with the next step."
+msgstr ""
+"Se já existir um grupo (ex. numa base de dados LDAP) que deseje usar para "
+"controlar o acesso SSH do X2Go Session Broker, então você pode indicar "
+"o nome deste grupo no próximo passo."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:4001
+msgid "Set up X2Go Session Broker SSH access later?"
+msgstr "Configurar o acesso SSH do X2Go Session Broker mais tarde?"
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:4001
+msgid ""
+"Without an existing group for X2Go Session Broker SSH access, the SSH broker "
+"will not be usable by users. You have to set up things later, either "
+"manually or via this configuration helper."
+msgstr ""
+"Sem um grupo existente para acesso SSH a X2Go Session Broker, o SSH broker "
+"não será utilizável pelos utilizadores. Você vai ter que configurar isto mais "
+"tarde, seja manualmente ou via este ajudante de configuração."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:4001
+msgid ""
+"A manual setup is only recommended, if you really know what have to do for "
+"this."
+msgstr ""
+"Apenas é recomendada uma configuração manual, se você realmente souber "
+"o que tem de fazer para isto."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:4001
+msgid "Alternatively, the setup questions can be asked once more..."
+msgstr ""
+"Em alternativa, as perguntas de configuração podem ser feitas de novo..."
+
+#. Type: string
+#. Description
+#: ../x2gobroker-ssh.templates:5001
+msgid "X2Go Session Broker SSH access group:"
+msgstr "Grupo de acesso SSH a X2Go Session Broker:"
+
+#. Type: string
+#. Description
+#: ../x2gobroker-ssh.templates:5001
+msgid ""
+"Please specify the group name for users with full X2Go Session Broker access "
+"via SSH now."
+msgstr ""
+"Por favor especifique agora o nome do grupo com acesso total a X2Go Session "
+"Broker via SSH."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:6001
+msgid ""
+"Delete the group that was formerly used for X2Go Session Broker SSH access?"
+msgstr ""
+"Apagar o grupo que era usado anteriormente para acesso SSH a X2Go Session "
+"Broker?"
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:6001
+msgid "The group for X2Go Session Broker SSH access has been modified."
+msgstr "O grupo para acesso SSH a X2Go Session Broker foi modificado."
+
+#. Type: boolean
+#. Description
+#: ../x2gobroker-ssh.templates:6001
+msgid ""
+"Please specify whether the old group should be deleted from your system. If "
+"unsure, keep the formerly used group and manually investigate later."
+msgstr ""
+"Por favor especifique se o grupo antigo deve ser removido do sistema. Em "
+"caso de dúvidas, mantenha o grupo usado e investigue manualmente depois."
+
+#. Type: note
+#. Description
+#: ../x2gobroker-ssh.templates:7001
+msgid "The specified group does not exist on the system"
+msgstr "O grupo especificado não existe no sistema."
+
+#. Type: note
+#. Description
+#: ../x2gobroker-ssh.templates:7001
+msgid "Please enter a group name that is currently available on your system."
+msgstr ""
+"Por favor insira um grupo que esteja actualmente disponível no seu sistema."
+
+#. Type: note
+#. Description
+#: ../x2gobroker-ssh.templates:7001
+msgid "Please, try again!"
+msgstr "Por favor, tente novamente!"
+
+
diff -Nru x2gobroker-0.0.4.0/debian/x2gobroker-wsgi.install x2gobroker-0.0.4.1/debian/x2gobroker-wsgi.install
--- x2gobroker-0.0.4.0/debian/x2gobroker-wsgi.install 2018-11-30 10:24:49.000000000 +0100
+++ x2gobroker-0.0.4.1/debian/x2gobroker-wsgi.install 2019-04-23 10:59:19.000000000 +0200
@@ -1,3 +1,4 @@
etc/x2go/x2gobroker-wsgi.apache.conf
etc/x2go/x2gobroker-wsgi.apache.vhost
etc/logrotate.d/x2gobroker-wsgi
+usr/lib/x2gobroker/wsgi/
diff -Nru x2gobroker-0.0.4.0/etc/x2gobroker.conf x2gobroker-0.0.4.1/etc/x2gobroker.conf
--- x2gobroker-0.0.4.0/etc/x2gobroker.conf 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/etc/x2gobroker.conf 2019-04-22 09:38:50.000000000 +0200
@@ -242,6 +242,41 @@
# below value is the default.
#default-agent-query-mode=NONE
+# X2Go Broker's Host Key Policy (if agent query mode is 'SSH')
+#
+# If X2Go Broker's agent query mode is SSH, the system needs to handle
+# X2Go Server side's SSH host keys in a secure and verifyable manner.
+#
+# The agent-hostkey-policy is the default policy to be used and can be
+# either AutoAddPolicy, WarningPolicy, or RejectPolicy. The policy names
+# match the corresponding class names in Paramiko SSH.
+#
+# IMPORTANT: As RejectPolicy is the only safe default, please be aware that
+# on fresh X2Go Broker setups, SSH agent queries will always fail, until a
+# properly maintained ~x2gobroker/.ssh/known_hosts file is in place.
+#
+# There are two simple ways to create this known_hosts file:
+#
+# (a) su - x2gobroker -c "ssh ssh -o HostKeyAlgorithms=ssh-rsa <x2goserver>"
+#
+# On the command line, you get prompted to confirm the remote
+# X2Go server's Follow OpenSSH interactive dialog for accepting
+# the remote host's host key.
+#
+# You will see an error coming from x2gobroker-agent.pl which can be
+# ignored. The important part is that you accepted the X2Go Server's
+# host key.
+#
+# (b) x2gobroker-testagent --add-to-known-hosts --host <x2goserver>
+#
+# This command will populate the known_hosts file with the remote
+# X2Go server's hostkey while trying to hail its X2Go Broker Agent
+# The host key's fingerprint will not be shown on stdout and there
+# will be no interactive confirmation (patches welcome!!!).
+# If unsure about this, use approach (a) given above.
+#
+#default-agent-hostkey-policy=RejectPolicy
+
# Probe SSH port of X2Go Servers (availability check)
#
# Just before offering an X2Go Server address to a broker client, the
diff -Nru x2gobroker-0.0.4.0/etc/x2gobroker-wsgi.apache.conf x2gobroker-0.0.4.1/etc/x2gobroker-wsgi.apache.conf
--- x2gobroker-0.0.4.0/etc/x2gobroker-wsgi.apache.conf 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/etc/x2gobroker-wsgi.apache.conf 2019-04-22 09:38:50.000000000 +0200
@@ -28,10 +28,10 @@
# if you have to-be-statically-served files somewhere below the broker URL
#Alias /x2gobroker/static /some/static/path/
-WSGIScriptAlias /x2gobroker /usr/bin/x2gobroker
+WSGIScriptAlias /x2gobroker /usr/lib/x2gobroker/wsgi/x2gobroker-wsgi
WSGIProcessGroup x2gobroker
-<Directory /usr/bin/x2gobroker>
+<Directory /usr/lib/x2gobroker/wsgi>
Require local
diff -Nru x2gobroker-0.0.4.0/etc/x2gobroker-wsgi.apache.vhost x2gobroker-0.0.4.1/etc/x2gobroker-wsgi.apache.vhost
--- x2gobroker-0.0.4.0/etc/x2gobroker-wsgi.apache.vhost 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/etc/x2gobroker-wsgi.apache.vhost 2019-04-22 09:38:50.000000000 +0200
@@ -42,10 +42,10 @@
# if you have to-be-statically-served files somewhere below the broker URL
#Alias /x2gobroker/static /some/static/path/
- WSGIScriptAlias / /usr/bin/x2gobroker
+ WSGIScriptAlias / /usr/lib/x2gobroker/wsgi/x2goroker-wsgi
WSGIProcessGroup x2gobroker
- <Directory /usr/bin/x2gobroker>
+ <Directory /usr/lib/x2gobroker/wsgi>
Require local
diff -Nru x2gobroker-0.0.4.0/Makefile x2gobroker-0.0.4.1/Makefile
--- x2gobroker-0.0.4.0/Makefile 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/Makefile 2019-04-22 09:38:50.000000000 +0200
@@ -182,6 +182,9 @@
${INSTALL_FILE} etc/x2gobroker-wsgi.apache.{conf,vhost} \
"${DESTDIR}${ETCDIR}/"
${INSTALL_FILE} logrotate/x2gobroker-wsgi "${DESTDIR}/etc/logrotate.d/"
+ mkdir -p "${DESTDIR}${LIBDIR}/x2gobroker/wsgi"
+ ${INSTALL_SYMLINK} "${BINDIR}/x2gobroker" \
+ "${DESTDIR}${LIBDIR}/x2gobroker/wsgi/x2gobroker-wsgi"
# x2gobroker
mkdir -p "${DESTDIR}${BINDIR}" "${DESTDIR}${SBINDIR}" \
diff -Nru x2gobroker-0.0.4.0/Makefile.docupload x2gobroker-0.0.4.1/Makefile.docupload
--- x2gobroker-0.0.4.0/Makefile.docupload 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/Makefile.docupload 2019-04-22 09:38:50.000000000 +0200
@@ -10,7 +10,7 @@
doc: docbuild docupload
clean:
- ${MAKE} -C docs/ clean
+ -${MAKE} -C docs/ clean
apidoc:
sphinx-apidoc -f -e -o docs/source/ x2gobroker x2gobroker/tests/
diff -Nru x2gobroker-0.0.4.0/man/man1/x2gobroker.1 x2gobroker-0.0.4.1/man/man1/x2gobroker.1
--- x2gobroker-0.0.4.0/man/man1/x2gobroker.1 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/man/man1/x2gobroker.1 2019-04-22 09:38:50.000000000 +0200
@@ -6,7 +6,7 @@
\\$2 \(la\\$1\(ra\\$3
..
.if \n(.g .mso www.tmac
-.TH x2gobroker 1 "Feb 2019" "Version 0.0.4.x" "X2Go Session Broker"
+.TH x2gobroker 1 "Apr 2019" "Version 0.0.4.x" "X2Go Session Broker"
.SH NAME
x2gobroker{,-daemon,-ssh} \- Session Broker for X2Go
.SH SYNOPSIS
@@ -110,7 +110,7 @@
in \fI/etc/x2go/broker/defaults.conf\fR on systemd systems or \fI/etc/defaults/python-x2gobroker\fR
on SystemV systems).
.SH SECURITY NOTICE / DISCLAIMER
-Users are advised to not misinterpret X2Go Session Broker's capabilites as a
+Users are advised to not misinterpret X2Go Session Broker's capabilities as a
security feature. Even when using X2Go Session Broker, it is still possible for
users to locally configure an X2Go Client with any settings they want, and
use that to connect. So if you're trying to keep users from running a
diff -Nru x2gobroker-0.0.4.0/man/man1/x2gobroker-testauth.1 x2gobroker-0.0.4.1/man/man1/x2gobroker-testauth.1
--- x2gobroker-0.0.4.0/man/man1/x2gobroker-testauth.1 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/man/man1/x2gobroker-testauth.1 2019-04-22 09:38:50.000000000 +0200
@@ -6,7 +6,7 @@
\\$2 \(la\\$1\(ra\\$3
..
.if \n(.g .mso www.tmac
-.TH x2gobroker-testauth 1 "Feb 2019" "Version 0.0.4.x" "X2Go Session Broker"
+.TH x2gobroker-testauth 1 "Apr 2019" "Version 0.0.4.x" "X2Go Session Broker"
.SH NAME
x2gobroker-testauth \- Session Broker for X2Go (Authentication Test Utility)
.SH SYNOPSIS
diff -Nru x2gobroker-0.0.4.0/man/man8/x2gobroker-authservice.8 x2gobroker-0.0.4.1/man/man8/x2gobroker-authservice.8
--- x2gobroker-0.0.4.0/man/man8/x2gobroker-authservice.8 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/man/man8/x2gobroker-authservice.8 2019-04-22 09:38:50.000000000 +0200
@@ -6,7 +6,7 @@
\\$2 \(la\\$1\(ra\\$3
..
.if \n(.g .mso www.tmac
-.TH x2gobroker-authservice 8 "Feb 2019" "Version 0.0.4.x" "X2Go Session Broker"
+.TH x2gobroker-authservice 8 "Apr 2019" "Version 0.0.4.x" "X2Go Session Broker"
.SH NAME
x2gobroker-authservice \- PAM authentication service for X2Go Session Broker
.SH SYNOPSIS
diff -Nru x2gobroker-0.0.4.0/man/man8/x2gobroker-daemon-debug.8 x2gobroker-0.0.4.1/man/man8/x2gobroker-daemon-debug.8
--- x2gobroker-0.0.4.0/man/man8/x2gobroker-daemon-debug.8 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/man/man8/x2gobroker-daemon-debug.8 2019-04-22 09:38:50.000000000 +0200
@@ -6,7 +6,7 @@
\\$2 \(la\\$1\(ra\\$3
..
.if \n(.g .mso www.tmac
-.TH x2gobroker-daemon-debug 8 "Feb 2019" "Version 0.0.4.x" "X2Go Session Broker"
+.TH x2gobroker-daemon-debug 8 "Apr 2019" "Version 0.0.4.x" "X2Go Session Broker"
.SH NAME
x2gobroker-daemon-debug \- Debug X2Go Session Broker's Standalone Daemon
.SH SYNOPSIS
diff -Nru x2gobroker-0.0.4.0/man/man8/x2gobroker-keygen.8 x2gobroker-0.0.4.1/man/man8/x2gobroker-keygen.8
--- x2gobroker-0.0.4.0/man/man8/x2gobroker-keygen.8 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/man/man8/x2gobroker-keygen.8 2019-04-22 09:38:50.000000000 +0200
@@ -6,7 +6,7 @@
\\$2 \(la\\$1\(ra\\$3
..
.if \n(.g .mso www.tmac
-.TH x2gobroker-keygen 8 "Feb 2019" "Version 0.0.4.x" "X2Go Session Broker"
+.TH x2gobroker-keygen 8 "Apr 2019" "Version 0.0.4.x" "X2Go Session Broker"
.SH NAME
x2gobroker-keygen \- Generate SSH keys for X2Go Session Broker
.SH SYNOPSIS
diff -Nru x2gobroker-0.0.4.0/man/man8/x2gobroker-loadchecker.8 x2gobroker-0.0.4.1/man/man8/x2gobroker-loadchecker.8
--- x2gobroker-0.0.4.0/man/man8/x2gobroker-loadchecker.8 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/man/man8/x2gobroker-loadchecker.8 2019-04-22 09:38:50.000000000 +0200
@@ -6,7 +6,7 @@
\\$2 \(la\\$1\(ra\\$3
..
.if \n(.g .mso www.tmac
-.TH x2gobroker-loadchecker 8 "Feb 2019" "Version 0.0.4.x" "X2Go Session Broker"
+.TH x2gobroker-loadchecker 8 "Apr 2019" "Version 0.0.4.x" "X2Go Session Broker"
.SH NAME
x2gobroker-loadchecker \- Load checker service for X2Go Session Broker
.SH SYNOPSIS
diff -Nru x2gobroker-0.0.4.0/man/man8/x2gobroker-pubkeyauthorizer.8 x2gobroker-0.0.4.1/man/man8/x2gobroker-pubkeyauthorizer.8
--- x2gobroker-0.0.4.0/man/man8/x2gobroker-pubkeyauthorizer.8 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/man/man8/x2gobroker-pubkeyauthorizer.8 2019-04-22 09:38:50.000000000 +0200
@@ -6,7 +6,7 @@
\\$2 \(la\\$1\(ra\\$3
..
.if \n(.g .mso www.tmac
-.TH x2gobroker-pubkeyauthorizer 8 "Feb 2019" "Version 0.0.4.x" "X2Go Session Broker"
+.TH x2gobroker-pubkeyauthorizer 8 "Apr 2019" "Version 0.0.4.x" "X2Go Session Broker"
.SH NAME
x2gobroker-pubkeyauthorizer \- Retrieve public SSH keys from an X2Go Session Broker
.SH SYNOPSIS
diff -Nru x2gobroker-0.0.4.0/man/man8/x2gobroker-testagent.8 x2gobroker-0.0.4.1/man/man8/x2gobroker-testagent.8
--- x2gobroker-0.0.4.0/man/man8/x2gobroker-testagent.8 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/man/man8/x2gobroker-testagent.8 2019-04-22 09:38:50.000000000 +0200
@@ -6,7 +6,7 @@
\\$2 \(la\\$1\(ra\\$3
..
.if \n(.g .mso www.tmac
-.TH x2gobroker-testagent 8 "Feb 2019" "Version 0.0.4.x" "X2Go Session Broker"
+.TH x2gobroker-testagent 8 "Apr 2019" "Version 0.0.4.x" "X2Go Session Broker"
.SH NAME
x2gobroker-testagent \- Session Broker for X2Go (Agent Test Utility)
.SH SYNOPSIS
@@ -41,7 +41,7 @@
\*(T<\fB\-h, \-\-help\fR\*(T>
Display a help with all available command line options and exit.
.SH REQUIRED OPTIONS
-You can either list the broker agent's tasks that are avilable for testing:
+You can either list the broker agent's tasks that are available for testing:
.TP
\*(T<\fB\-\-list\-tasks\fR\*(T>
Render a list of available broker agent tasks. This list shows what can be tested. The capabilities
diff -Nru x2gobroker-0.0.4.0/sbin/x2gobroker-keygen x2gobroker-0.0.4.1/sbin/x2gobroker-keygen
--- x2gobroker-0.0.4.0/sbin/x2gobroker-keygen 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/sbin/x2gobroker-keygen 2019-04-22 09:38:50.000000000 +0200
@@ -124,7 +124,7 @@
key = paramiko.DSSKey.generate(1024)
id_file = 'id_dsa'
- logger_broker.info(' The {key_type} key has been generated, fingerprint: {fingerprint}'.format(key_type=cmdline_args.key_type.upper(), fingerprint=x2gobroker.utils.get_fingerprint_with_colons(key)))
+ logger_broker.info(' The {key_type} key has been generated, fingerprint: {fingerprint}'.format(key_type=cmdline_args.key_type.upper(), fingerprint=x2gobroker.utils.get_key_fingerprint_with_colons(key)))
if os.path.exists('{home}/.ssh/{id_file}'.format(home=broker_home, id_file=id_file)) and not cmdline_args.force:
logger_broker.error(' Private key {home}/.ssh/{id_file} exists. Use --force to overwrite'.format(home=broker_home, id_file=id_file))
diff -Nru x2gobroker-0.0.4.0/sbin/x2gobroker-pubkeyauthorizer x2gobroker-0.0.4.1/sbin/x2gobroker-pubkeyauthorizer
--- x2gobroker-0.0.4.0/sbin/x2gobroker-pubkeyauthorizer 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/sbin/x2gobroker-pubkeyauthorizer 2019-04-22 09:38:50.000000000 +0200
@@ -34,7 +34,7 @@
from pwd import getpwnam
from grp import getgrnam
-__VERSION__ = '0.0.4.0'
+__VERSION__ = '0.0.4.1'
__AUTHOR__ = 'Mike Gabriel (X2Go Project) <mike.gabriel@das-netzwerkteam.de>'
PROG_NAME = os.path.basename(sys.argv[0])
diff -Nru x2gobroker-0.0.4.0/sbin/x2gobroker-testagent x2gobroker-0.0.4.1/sbin/x2gobroker-testagent
--- x2gobroker-0.0.4.0/sbin/x2gobroker-testagent 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/sbin/x2gobroker-testagent 2019-04-22 09:38:50.000000000 +0200
@@ -120,16 +120,15 @@
list_tasks = cmdline_args.list_tasks
-local_agent = (hostname == 'LOCAL')
-query_mode = local_agent and 'LOCAL' or 'SSH'
-if local_agent: remote_agent = None
-else: remote_agent = {'hostaddr': hostname, 'port': port, }
-
-if remote_agent and cmdline_args.add_to_known_hosts:
- remote_agent.update({
- 'host_key_policy': AutoAddPolicy(),
- })
-
+ local_agent = (hostname == 'LOCAL')
+ query_mode = local_agent and 'LOCAL' or 'SSH'
+ if local_agent: remote_agent = None
+ else: remote_agent = {'hostaddr': hostname, 'port': port, }
+
+ if remote_agent and cmdline_args.add_to_known_hosts:
+ remote_agent.update({
+ 'host_key_policy': 'AutoAddPolicy',
+ })
def call_agent(task, **kwargs):
try:
@@ -156,7 +155,7 @@
agent_client_tasks = x2gobroker.agent.tasks
if 'availabletasks' in agent_client_tasks:
try:
- remote_agent_tasks = x2gobroker.agent.tasks_available(username=username, query_mode=query_mode, remote_agent=remote_agent)
+ (success, remote_agent_tasks) = x2gobroker.agent.tasks_available(username=username, query_mode=query_mode, remote_agent=remote_agent)
except x2gobroker.x2gobroker_exceptions.X2GoBrokerAgentException as e:
print("{errmsg}.".format(errmsg=e))
print()
diff -Nru x2gobroker-0.0.4.0/x2gobroker/agent.py x2gobroker-0.0.4.1/x2gobroker/agent.py
--- x2gobroker-0.0.4.0/x2gobroker/agent.py 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/x2gobroker/agent.py 2019-04-22 09:38:50.000000000 +0200
@@ -195,8 +195,15 @@
if remote_agent is None:
logger_error.error('With the SSH agent-query-mode a remote agent host (hostname, hostaddr, port) has to be specified!')
- elif 'host_key_policy' not in remote_agent:
- remote_agent['host_key_policy'] = paramiko.WarningPolicy()
+ elif 'host_key_policy' not in remote_agent or remote_agent['host_key_policy'] == 'WarningPolicy':
+ _hostkey_policy = paramiko.WarningPolicy()
+ elif remote_agent['host_key_policy'] == 'RejectPolicy':
+ _hostkey_policy = paramiko.RejectPolicy()
+ elif remote_agent['host_key_policy'] == 'AutoAddPolicy':
+ _hostkey_policy = paramiko.AutoAddPolicy()
+ else:
+ logger_error.error('Invalid SSH HostKey Policy: "{policy}", falling back to "RejectPolicy"!'.format(policy=remote_agent['host_key_policy']))
+ _hostkey_policy = paramiko.RejectPolicy()
remote_hostaddr = None
remote_hostname = None
@@ -237,7 +244,7 @@
client.load_system_host_keys()
if os.path.exists(os.path.expanduser("~/.ssh/known_hosts")):
client.load_host_keys(os.path.expanduser("~/.ssh/known_hosts"))
- client.set_missing_host_key_policy(remote_agent['host_key_policy'])
+ client.set_missing_host_key_policy(_hostkey_policy)
client.connect(_remote_sshserver, remote_port, remote_username, look_for_keys=True, allow_agent=True)
result = []
diff -Nru x2gobroker-0.0.4.0/x2gobroker/brokers/base_broker.py x2gobroker-0.0.4.1/x2gobroker/brokers/base_broker.py
--- x2gobroker-0.0.4.0/x2gobroker/brokers/base_broker.py 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/x2gobroker/brokers/base_broker.py 2019-04-22 09:38:50.000000000 +0200
@@ -82,6 +82,7 @@
self._dynamic_cookie_map = {}
self._client_address = None
+ self._cookie = None
def __del__(self):
"""\
@@ -199,6 +200,8 @@
my_cookie = unconfigured_my_cookie
deprecated_my_cookie = self.config.get_value('global', 'my-cookie')
+ if deprecated_my_cookie is None:
+ deprecated_my_cookie = uuid.uuid4()
my_cookie_file = self.config.get_value('global', 'my-cookie-file')
if os.path.isfile(my_cookie_file):
@@ -559,6 +562,44 @@
else:
return _mode
+ def get_agent_hostkey_policy(self, profile_id):
+ """\
+ Get the agent hostkey policy (either of 'RejectPolicy',
+ 'AutoAddPolicy' or 'WarningPolicy') that is configured for this
+ X2Go Session Broker instance.
+
+ The returned policy names match the MissingHostkeyPolicy class
+ names as found in Python Paramiko.
+
+ :returns: agent hostkey policy
+ :rtype: ``str``
+
+ """
+ _default_agent_hostkey_policy = "RejectPolicy"
+ _backend_agent_hostkey_policy = ""
+ _agent_hostkey_policy = ""
+
+ _profile = self.get_profile_broker(profile_id)
+ if _profile and 'broker-agent-hostkey-policy' in _profile and _profile['broker-agent-hostkey-policy']:
+ _agent_hostkey_policy = _profile['broker-agent-hostkey-policy']
+ logger_broker.debug('base_broker.X2GoBroker.get_agent_hostkey_policy(): found broker-agent-hostkey-policy in session profile with ID {id}: {value}. This one has precendence over the default and the backend value.'.format(id=profile_id, value=_agent_hostkey_policy))
+
+ elif self.config.has_value('broker_{backend}'.format(backend=self.backend_name), 'agent-hostkey-policy') and self.config.get_value('broker_{backend}'.format(backend=self.backend_name), 'agent-hostkey-policy'):
+ _backend_agent_hostkey_policy = self.config.get_value('broker_{backend}'.format(backend=self.backend_name), 'agent-hostkey-policy')
+ logger_broker.debug('base_broker.X2GoBroker.get_agent_hostkey_policy(): found agent-hostkey-policy in backend config section »{backend}«: {value}. This one has precendence over the default value.'.format(backend=self.backend_name, value=_agent_hostkey_policy))
+
+ elif self.config.has_value('global', 'default-agent-hostkey-policy') and self.config.get_value('global', 'default-agent-hostkey-policy'):
+ _default_agent_hostkey_policy = self.config.get_value('global', 'default-agent-hostkey-policy')
+ logger_broker.debug('base_broker.X2GoBroker.get_agent_hostkey_policy(): found default-agent-hostkey-policy in global config section: {value}'.format(value=_default_agent_hostkey_policy))
+
+ _policy = _agent_hostkey_policy or _backend_agent_hostkey_policy or _default_agent_hostkey_policy
+
+ if _policy not in ('AutoAddPolicy', 'RejectPolicy', 'WarningPolicy'):
+ logger_broker.warn('base_broker.X2GoBroker.get_agent_hostkey_policy(): given hostkey policy ({policy}) is invalid/unknown, falling back to default hostkey policy ({default_policy}).'.format(policy=_policy, default_policy=_default_agent_hostkey_policy))
+ _policy = _default_agent_hostkey_policy
+
+ return _policy
+
def get_session_autologin(self, profile_id):
"""\
Detect if the given profile is configured to try automatic session
@@ -981,9 +1022,8 @@
###
###
- logger_broker.debug('base_broker.X2GoBroker.check_access(): checking for valid authentication: {access}'.format(access=access))
-
if access:
+ logger_broker.warning('base_broker.X2GoBroker.check_access(): authentication succeeded for user {username} at ip {ip}'.format(username=username, ip=ip))
#create new cookie for this user
#each user gets one or more tuples of IP, time stored as username_UUID files so they can connect from multiple sessions
next_cookie = str(uuid.uuid4())
@@ -994,6 +1034,8 @@
if cookie_directory and username and cookie:
os.remove(cookie_directory+"/"+username+"_"+cookie)
logger_broker.debug('base_broker.X2GoBroker.check_access(): Giving new cookie: {cookie} to user {username} at ip {ip}'.format(cookie=next_cookie,username=username,ip=ip))
+ else:
+ logger_broker.warning('base_broker.X2GoBroker.check_access(): authentication failed for user {username} at ip {ip}'.format(username=username, ip=ip))
else:
# there is a cookie but its not ours so its either wrong or subsequent password auth
@@ -1092,7 +1134,9 @@
remote_agent = {
'hostname': remote_agent_hostname,
'hostaddr': remote_agent_hostaddr,
- 'port': remote_agent_port, }
+ 'port': remote_agent_port,
+ 'host_key_policy': self.get_agent_hostkey_policy(profile_id),
+ }
try:
if x2gobroker.agent.ping(remote_agent=remote_agent):
diff -Nru x2gobroker-0.0.4.0/x2gobroker/defaults.py x2gobroker-0.0.4.1/x2gobroker/defaults.py
--- x2gobroker-0.0.4.0/x2gobroker/defaults.py 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/x2gobroker/defaults.py 2019-04-22 09:38:50.000000000 +0200
@@ -32,7 +32,6 @@
# modules
import os
-import uuid
import socket
import pwd, grp
@@ -230,7 +229,7 @@
'pre_auth_scripts': [],
'post_auth_scripts': [],
'select_session_scripts': [],
- 'my-cookie': uuid.uuid4(),
+ 'my-cookie': None,
'my-cookie-file': '/etc/x2go/broker/x2gobroker.authid',
'enable-plain-output': True,
'enable-json-output': True,
@@ -244,6 +243,7 @@
'default-authorized-keys': '%h/.x2go/authorized_keys',
'default-sshproxy-authorized-keys': '%h/.x2go/authorized_keys',
'default-agent-query-mode': 'NONE',
+ 'default-agent-hostkey-policy': 'RejectPolicy',
'default-portscan-x2goservers': True,
'default-use-load-checker': False,
'load-checker-intervals': 300,
diff -Nru x2gobroker-0.0.4.0/x2gobroker/__init__.py x2gobroker-0.0.4.1/x2gobroker/__init__.py
--- x2gobroker-0.0.4.0/x2gobroker/__init__.py 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/x2gobroker/__init__.py 2019-04-22 09:38:50.000000000 +0200
@@ -18,5 +18,5 @@
# Free Software Foundation, Inc.,
# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
-__VERSION__ = '0.0.4.0'
+__VERSION__ = '0.0.4.1'
__AUTHOR__ = 'Mike Gabriel (X2Go Project) <mike.gabriel@das-netzwerkteam.de>'
diff -Nru x2gobroker-0.0.4.0/x2gobroker/tests/test_broker_agent.py x2gobroker-0.0.4.1/x2gobroker/tests/test_broker_agent.py
--- x2gobroker-0.0.4.0/x2gobroker/tests/test_broker_agent.py 2019-02-02 22:12:25.000000000 +0100
+++ x2gobroker-0.0.4.1/x2gobroker/tests/test_broker_agent.py 2019-04-22 09:38:50.000000000 +0200
@@ -110,23 +110,39 @@
name = testprofile5
host = host1.mydomain (10.0.2.4), host2.mydomain (10.0.2.5)
broker-agent-query-mode = SSH
+broker-agent-hostkey-policy = WarningPolicy
[testprofile6]
name = testprofile6
host = host1.mydomain (10.0.2.4), host2.mydomain (10.0.2.5)
sshport = 23467
broker-agent-query-mode = SSH
+broker-agent-hostkey-policy = WarningPolicy
[testprofile7]
name = testprofile7
host = docker-vm-1 (docker-server:22001), docker-vm-2 (docker-server:22002)
broker-agent-query-mode = SSH
+broker-agent-hostkey-policy = WarningPolicy
[testprofile8]
name = testprofile8
host = docker-vm-0 (docker-server), docker-vm-1 (docker-server:22001), docker-vm-2 (docker-server:22002)
sshport = 22000
broker-agent-query-mode = SSH
+broker-agent-hostkey-policy = WarningPolicy
+
+[testprofile9]
+name = testprofile9
+host = host1.mydomain (10.0.2.4)
+broker-agent-query-mode = SSH
+broker-agent-hostkey-policy = AutoAddPolicy
+
+[testprofile10]
+name = testprofile10
+host = host1.mydomain (10.0.2.4)
+broker-agent-query-mode = SSH
+broker-agent-hostkey-policy = SomeUnkownPolicy
"""
tf = tempfile.NamedTemporaryFile(mode='w')
@@ -207,7 +223,7 @@
i = 0
while i < 10:
_remoteagent5 = inifile_backend.get_remote_agent('testprofile5')
- self.assertTrue( _remoteagent5 == {'hostname': 'host1.mydomain', 'hostaddr': '10.0.2.4', 'port': 22, 'load_factors': {}, } or _remoteagent5 == {'hostname': 'host2.mydomain', 'hostaddr': '10.0.2.5', 'port': 22, 'load_factors': {}, } )
+ self.assertTrue( _remoteagent5 == {'hostname': 'host1.mydomain', 'hostaddr': '10.0.2.4', 'port': 22, 'load_factors': {}, 'host_key_policy': 'WarningPolicy'} or _remoteagent5 == {'hostname': 'host2.mydomain', 'hostaddr': '10.0.2.5', 'port': 22, 'load_factors': {}, 'host_key_policy': 'WarningPolicy', } )
_session5 = inifile_backend.select_session('testprofile5', 'foo5N')
self.assertTrue( _session5 == {'port': 22, 'server': '10.0.2.4', } or _session5 == {'port': 22, 'server': '10.0.2.5', } )
i += 1
@@ -221,7 +237,7 @@
self.assertTrue( _profile6['host'][0] in ('host1.mydomain', 'host2.mydomain') )
self.assertTrue( 'status' not in _profile6 )
_remoteagent6 = inifile_backend.get_remote_agent('testprofile6')
- self.assertTrue( _remoteagent6 == {'hostname': 'host1.mydomain', 'hostaddr': '10.0.2.4', 'port': 23467, 'load_factors': {}, } or _remoteagent6 == {'hostname': 'host2.mydomain', 'hostaddr': '10.0.2.5', 'port': 23467, 'load_factors': {}, } )
+ self.assertTrue( _remoteagent6 == {'hostname': 'host1.mydomain', 'hostaddr': '10.0.2.4', 'port': 23467, 'load_factors': {}, 'host_key_policy': 'WarningPolicy', } or _remoteagent6 == {'hostname': 'host2.mydomain', 'hostaddr': '10.0.2.5', 'port': 23467, 'load_factors': {}, 'host_key_policy': 'WarningPolicy', } )
_session6 = inifile_backend.select_session('testprofile6', 'foo6N')
self.assertTrue( _session6 == {'port': 23467, 'server': '10.0.2.4', } or _session6 == {'port': 23467, 'server': '10.0.2.5', } )
@@ -233,7 +249,7 @@
i = 0
while i < 10:
_remoteagent7 = inifile_backend.get_remote_agent('testprofile7')
- self.assertTrue( _remoteagent7 == {'hostname': 'docker-vm-1', 'hostaddr': 'docker-server', 'port': 22001, 'load_factors': {}, } or _remoteagent7 == {'hostname': 'docker-vm-2', 'hostaddr': 'docker-server', 'port': 22002, 'load_factors': {}, } )
+ self.assertTrue( _remoteagent7 == {'hostname': 'docker-vm-1', 'hostaddr': 'docker-server', 'port': 22001, 'load_factors': {}, 'host_key_policy': 'WarningPolicy', } or _remoteagent7 == {'hostname': 'docker-vm-2', 'hostaddr': 'docker-server', 'port': 22002, 'load_factors': {}, 'host_key_policy': 'WarningPolicy', } )
_session7 = inifile_backend.select_session('testprofile7', 'foo7N')
self.assertTrue( _session7 == {'port': 22001, 'server': 'docker-server', } or _session7 == {'port': 22001, 'server': 'docker-server', } )
i += 1
@@ -246,11 +262,31 @@
i = 0
while i < 10:
_remoteagent8 = inifile_backend.get_remote_agent('testprofile8')
- self.assertTrue( _remoteagent8 == {'hostname': 'docker-vm-0', 'hostaddr': 'docker-server', 'port': 22000, 'load_factors': {}, } or _remoteagent8 == {'hostname': 'docker-vm-1', 'hostaddr': 'docker-server', 'port': 22001, 'load_factors': {}, } or _remoteagent8 == {'hostname': 'docker-vm-2', 'hostaddr': 'docker-server', 'port': 22002, 'load_factors': {}, } )
+ self.assertTrue( _remoteagent8 == {'hostname': 'docker-vm-0', 'hostaddr': 'docker-server', 'port': 22000, 'load_factors': {}, 'host_key_policy': 'WarningPolicy', } or _remoteagent8 == {'hostname': 'docker-vm-1', 'hostaddr': 'docker-server', 'port': 22001, 'load_factors': {}, 'host_key_policy': 'WarningPolicy', } or _remoteagent8 == {'hostname': 'docker-vm-2', 'hostaddr': 'docker-server', 'port': 22002, 'load_factors': {}, 'host_key_policy': 'WarningPolicy', } )
_session8 = inifile_backend.select_session('testprofile8', 'foo8N')
self.assertTrue( _session8 == {'port': 22000, 'server': 'docker-server', } or _session8 == {'port': 22001, 'server': 'docker-server', } or _session8 == {'port': 22001, 'server': 'docker-server', } )
i += 1
+ # test "testprofile9", test if hostkey policy is propagated from session profile config to remote agent settings
+
+ _list9 = inifile_backend.list_profiles(username='foo9N')
+ _profile9 = _list9['testprofile9']
+ _profile9['host'].sort()
+ self.assertTrue( _profile9['host'][0] in ('host1.mydomain') )
+ self.assertTrue( 'status' not in _profile9 )
+ _remoteagent9 = inifile_backend.get_remote_agent('testprofile9')
+ self.assertTrue( _remoteagent9 == {'hostname': 'host1.mydomain', 'hostaddr': '10.0.2.4', 'port': 22, 'load_factors': {}, 'host_key_policy': 'AutoAddPolicy'})
+
+ # test "testprofile10", test if an invalid hostkey policy is propagated from session profile config to remote agent settings and ignored with RejectPolicy as fallback
+
+ _list10 = inifile_backend.list_profiles(username='foo10N')
+ _profile10 = _list10['testprofile10']
+ _profile10['host'].sort()
+ self.assertTrue( _profile10['host'][0] in ('host1.mydomain') )
+ self.assertTrue( 'status' not in _profile10 )
+ _remoteagent10 = inifile_backend.get_remote_agent('testprofile10')
+ self.assertTrue( _remoteagent10 == {'hostname': 'host1.mydomain', 'hostaddr': '10.0.2.4', 'port': 22, 'load_factors': {}, 'host_key_policy': 'RejectPolicy'})
+
x2gobroker.agent._call_local_broker_agent = _save_local_broker_agent_call
x2gobroker.agent._call_remote_broker_agent = _save_remote_broker_agent_call
x2gobroker.utils.portscan = _save_portscan
Reply to: