Skip to content

Commit

Permalink
#1728: update proxy server to support multiple authenticator modules
Browse files Browse the repository at this point in the history 
git-svn-id: https://xpra.org/svn/Xpra/trunk@17777 3bb7dfac-3a0b-4e04-842a-767bc560f471
  • Loading branch information
@totaam
totaam committed Dec 29, 2017
1 parent 37a9f96 commit 435ff1b
Showing 1 changed file with 29 additions and 13 deletions.
42 changes: 29 additions & 13 deletions src/xpra/server/proxy/proxy_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@ def disconnect(reason, *extras):
self.send_disconnect(client_proto, reason, *extras)

#find the target server session:
if not client_proto.authenticator:
if not client_proto.authenticators:
log.error("Error: the proxy server requires an authentication mode,")
try:
log.error(" client connection '%s' does not specify one", client_proto._conn.socktype)
Expand All @@ -195,14 +195,20 @@ def disconnect(reason, *extras):
log.error(" use 'none' to disable authentication")
disconnect(SESSION_NOT_FOUND, "no sessions found")
return
try:
sessions = client_proto.authenticator.get_sessions()
except Exception as e:
authlog("failed to get the list of sessions", exc_info=True)
authlog.error("Error: failed to get the list of sessions using '%s' authenticator", client_proto.authenticator)
authlog.error(" %s", e)
disconnect(AUTHENTICATION_ERROR, "cannot access sessions")
return
sessions = []
for authenticator in client_proto.authenticators:
try:
auth_sessions = authenticator.get_sessions()
#don't add duplicates:
for x in auth_sessions:
if x not in sessions:
sessions.append(x)
except Exception as e:
authlog("failed to get the list of sessions from %s", authenticator, exc_info=True)
authlog.error("Error: failed to get the list of sessions using '%s' authenticator", authenticator)
authlog.error(" %s", e)
disconnect(AUTHENTICATION_ERROR, "cannot access sessions")
return
authlog("proxy_auth(%s, {..}, %s) found sessions: %s", client_proto, auth_caps, sessions)
if sessions is None:
disconnect(SESSION_NOT_FOUND, "no sessions found")
Expand All @@ -225,7 +231,11 @@ def disconnect(reason, *extras):
log("username(%i)=%s, groups=%s", uid, username, groups)
else:
#the auth module recorded the username we authenticate against
username = getattr(client_proto.authenticator, "username", "")
assert client_proto.authenticators
for authenticator in client_proto.authenticators:
username = getattr(authenticator, "username", "")
if username:
break
#ensure we don't loop back to the proxy:
proxy_virtual_display = os.environ.get("DISPLAY")
if proxy_virtual_display in displays:
Expand Down Expand Up @@ -329,7 +339,7 @@ def unexpected_packet(packet):
if auth_caps:
cipher = auth_caps.get("cipher")
if cipher:
encryption_key = self.get_encryption_key(client_proto.authenticator, client_proto.keyfile)
encryption_key = self.get_encryption_key(client_proto.authenticators, client_proto.keyfile)
log("start_proxy(..) client connection=%s", client_conn)
log("start_proxy(..) client state=%s", client_state)

Expand Down Expand Up @@ -483,8 +493,14 @@ def get_info(self, proto, *_args):
info.setdefault("server", {})["type"] = "Python/GLib/proxy"
#only show more info if we have authenticated
#as the user running the proxy server process:
if proto and proto.authenticator:
sessions = proto.authenticator.get_sessions()
if proto and proto.authenticators:
sessions = []
for authenticator in proto.authenticators:
auth_sessions = authenticator.get_sessions()
#don't add duplicates:
for x in auth_sessions:
if x not in sessions:
sessions.append(x)
if sessions:
uid, gid = sessions[:2]
if not POSIX or (uid==os.getuid() and gid==os.getgid()):
Expand Down

0 comments on commit 435ff1b

Please sign in to comment.