# -*- coding: utf-8 -*-
# vim:fenc=utf-8
# Copyright (C) 2012-2020 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
#
# X2Go Session Broker is free software; you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# X2Go Session Broker is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program; if not, write to the
# Free Software Foundation, Inc.,
# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
"""
X2Go Session Brokers uses many hard-coded defaults, that can be overridden in various ways:
* environment variables of the same name as the variable name in Python
* for **SysV init system**: environment variables set in a default configuration
file under ``/etc/default``; normally the naming scheme is
``/etc/default/<executable-name>``
* for **systemd init system**: in the file ``/etc/x2go/broker/defaults.conf``:
this file should be installed on your system, the file needs to be provided
in INI file format
"""
# modules
import os
import socket
import pwd, grp
import logging
from x2gobroker.loggers import logger_broker, logger_access, logger_error, X2GOBROKER_DAEMON_USER
from x2gobroker.loggers import iniconfig_loaded
if iniconfig_loaded:
from x2gobroker.loggers import iniconfig, iniconfig_section
X2GOBROKER_USER = '<some-user>'
"""The (system) user, X2Go Session Broker runs under. Whether this is a system user or e.g. your own user account depends on what component of the broker is used."""
if 'SPHINX_API_DOCUMENTATION_BUILD' in os.environ.keys():
X2GOBROKER_USER = pwd.getpwuid(os.geteuid())[0]
X2GOBROKER_GROUP = '<some-group>'
"""The (system) group, X2Go Session Broker runs under. Whether this is a system user or e.g. the x2gobroker-users group is dependent on what component of the broker is used."""
if 'SPHINX_API_DOCUMENTATION_BUILD' in os.environ.keys():
X2GOBROKER_GROUP = grp.getgrgid(pwd.getpwuid(os.geteuid())[3])[0]
os.environ['HOME'] = pwd.getpwuid(os.geteuid())[5]
X2GOBROKER_AGENT_USER="x2gobroker"
"""The system user to use when launching X2Go Broker Agent on remote X2Go Servers."""
if 'X2GOBROKER_DAEMON_GROUP' in os.environ:
X2GOBROKER_DAEMON_GROUP=os.environ['X2GOBROKER_DAEMON_GROUP']
elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_DAEMON_GROUP'):
X2GOBROKER_DAEMON_GROUP=iniconfig.get(iniconfig_section, 'X2GOBROKER_DAEMON_GROUP')
elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_DAEMON_GROUP'):
X2GOBROKER_DAEMON_GROUP=iniconfig.get('common', 'X2GOBROKER_DAEMON_GROUP')
else:
X2GOBROKER_DAEMON_GROUP="x2gobroker"
if 'X2GOBROKER_AGENT_USER' in os.environ:
X2GOBROKER_AGENT_USER=os.environ['X2GOBROKER_AGENT_USER']
elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_AGENT_USER'):
X2GOBROKER_AGENT_USER=iniconfig.get(iniconfig_section, 'X2GOBROKER_AGENT_USER')
elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_AGENT_USER'):
X2GOBROKER_AGENT_USER=iniconfig.get('common', 'X2GOBROKER_AGENT_USER')
###
### dynamic default values, influencable through os.environ...
###
X2GOBROKER_DEBUG_INTERACTIVELY = False
"""When set to ``True``, the X2Go Broker component this parameter is set for, runs in foreground and debugging mode."""
if 'X2GOBROKER_DEBUG' in os.environ:
X2GOBROKER_DEBUG = ( os.environ['X2GOBROKER_DEBUG'].lower() in ('1', 'on', 'true', 'yes', ) )
elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_DEBUG'):
X2GOBROKER_DEBUG=iniconfig.get(iniconfig_section, 'X2GOBROKER_DEBUG')
elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_DEBUG'):
X2GOBROKER_DEBUG=iniconfig.get('common', 'X2GOBROKER_DEBUG')
else:
X2GOBROKER_DEBUG = False
if 'X2GOBROKER_DEBUG_INTERACTIVELY' in os.environ:
X2GOBROKER_DEBUG_INTERACTIVELY = ( os.environ['X2GOBROKER_DEBUG_INTERACTIVELY'].lower() in ('1', 'on', 'true', 'yes', ) )
elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_DEBUG_INTERACTIVELY'):
X2GOBROKER_DEBUG_INTERACTIVELY=iniconfig.get(iniconfig_section, 'X2GOBROKER_DEBUG_INTERACTIVELY')
elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_DEBUG_INTERACTIVELY'):
X2GOBROKER_DEBUG_INTERACTIVELY=iniconfig.get('common', 'X2GOBROKER_DEBUG_INTERACTIVELY')
if 'X2GOBROKER_TESTSUITE' in os.environ:
X2GOBROKER_TESTSUITE = ( os.environ['X2GOBROKER_TESTSUITE'].lower() in ('1', 'on', 'true', 'yes', ) )
elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_TESTSUITE'):
X2GOBROKER_TESTSUITE=iniconfig.get(iniconfig_section, 'X2GOBROKER_TESTSUITE')
elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_TESTSUITE'):
X2GOBROKER_TESTSUITE=iniconfig.get('common', 'X2GOBROKER_TESTSUITE')
else:
X2GOBROKER_TESTSUITE = False
# enforce debugging for interactive usage
if X2GOBROKER_USER != X2GOBROKER_DAEMON_USER:
X2GOBROKER_DEBUG = True
# raise log levels to CRITICAL if we are running the unittests...
if X2GOBROKER_TESTSUITE:
logger_broker.setLevel(logging.CRITICAL)
logger_access.setLevel(logging.CRITICAL)
logger_error.setLevel(logging.CRITICAL)
X2GOBROKER_CONFIG = "/etc/x2go/x2gobroker.conf"
"""Location of X2Go Broker\'s global configuration file."""
if 'X2GOBROKER_CONFIG' in os.environ:
X2GOBROKER_CONFIG = os.environ['X2GOBROKER_CONFIG']
elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_CONFIG'):
X2GOBROKER_CONFIG=iniconfig.get(iniconfig_section, 'X2GOBROKER_CONFIG')
elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_CONFIG'):
X2GOBROKER_CONFIG=iniconfig.get('common', 'X2GOBROKER_CONFIG')
X2GOBROKER_SESSIONPROFILES = "/etc/x2go/broker/x2gobroker-sessionprofiles.conf"
"""Location of the INI file based broker backend \'s session profiles configuration file."""
if 'X2GOBROKER_SESSIONPROFILES' in os.environ:
X2GOBROKER_SESSIONPROFILES = os.environ['X2GOBROKER_SESSIONPROFILES']
elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_SESSIONPROFILES'):
X2GOBROKER_SESSIONPROFILES=iniconfig.get(iniconfig_section, 'X2GOBROKER_SESSIONPROFILES')
elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_SESSIONPROFILES'):
X2GOBROKER_SESSIONPROFILES=iniconfig.get('common', 'X2GOBROKER_SESSIONPROFILES')
X2GOBROKER_AGENT_CMD = "/usr/lib/x2go/x2gobroker-agent"
"""Path to the X2Go Broker Agent executable on remote X2Go Servers."""
if 'X2GOBROKER_AGENT_CMD' in os.environ:
X2GOBROKER_AGENT_CMD = os.environ['X2GOBROKER_AGENT_CMD']
elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_AGENT_CMD'):
X2GOBROKER_AGENT_CMD=iniconfig.get(iniconfig_section, 'X2GOBROKER_AGENT_CMD')
elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_AGENT_CMD'):
X2GOBROKER_AGENT_CMD=iniconfig.get('common', 'X2GOBROKER_AGENT_CMD')
if os.path.isdir('/run/x2gobroker'):
RUNDIR = '/run'
else:
RUNDIR = '/var/run/x2gobroker'
X2GOBROKER_AUTHSERVICE_SOCKET="{run}/x2gobroker/x2gobroker-authservice.socket".format(run=RUNDIR)
"""Location of the X2Go Broker Auth Service's authentication socket file."""
if 'X2GOBROKER_AUTHSERVICE_SOCKET' in os.environ:
X2GOBROKER_AUTHSERVICE_SOCKET=os.environ['X2GOBROKER_AUTHSERVICE_SOCKET']
elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_AUTHSERVICE_SOCKET'):
X2GOBROKER_AUTHSERVICE_SOCKET=iniconfig.get(iniconfig_section, 'X2GOBROKER_AUTHSERVICE_SOCKET')
elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_AUTHSERVICE_SOCKET'):
X2GOBROKER_AUTHSERVICE_SOCKET=iniconfig.get('common', 'X2GOBROKER_AUTHSERVICE_SOCKET')
if os.path.isdir('/run/x2gobroker'):
RUNDIR = '/run'
else:
RUNDIR = '/var/run/x2gobroker'
X2GOBROKER_LOADCHECKER_SOCKET="{run}/x2gobroker/x2gobroker-loadchecker.socket".format(run=RUNDIR)
"""Location of the X2Go Broker Load Checker's communication socket file."""
if 'X2GOBROKER_LOADCHECKER_SOCKET' in os.environ:
X2GOBROKER_LOADCHECKER_SOCKET=os.environ['X2GOBROKER_LOADCHECKER_SOCKET']
elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_LOADCHECKER_SOCKET'):
X2GOBROKER_LOADCHECKER_SOCKET=iniconfig.get(iniconfig_section, 'X2GOBROKER_LOADCHECKER_SOCKET')
elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_LOADCHECKER_SOCKET'):
X2GOBROKER_LOADCHECKER_SOCKET=iniconfig.get('common', 'X2GOBROKER_LOADCHECKER_SOCKET')
X2GOBROKER_DEFAULT_BACKEND = "inifile"
"""The broker backend to use by default."""
if 'X2GOBROKER_DEFAULT_BACKEND' in os.environ:
X2GOBROKER_DEFAULT_BACKEND = os.environ['X2GOBROKER_DEFAULT_BACKEND']
elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_DEFAULT_BACKEND'):
X2GOBROKER_DEFAULT_BACKEND=iniconfig.get(iniconfig_section, 'X2GOBROKER_DEFAULT_BACKEND')
elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_DEFAULT_BACKEND'):
X2GOBROKER_DEFAULT_BACKEND=iniconfig.get('common', 'X2GOBROKER_DEFAULT_BACKEND')
DAEMON_BIND_ADDRESS = ""
"""Bind address for the X2Go Session Broker standalone daemon."""
if 'DAEMON_BIND_ADDRESS' in os.environ:
DAEMON_BIND_ADDRESS = os.environ['DAEMON_BIND_ADDRESS']
elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'DAEMON_BIND_ADDRESS'):
DAEMON_BIND_ADDRESS = iniconfig.get(iniconfig_section, 'DAEMON_BIND_ADDRESS')
elif iniconfig_loaded and iniconfig.has_option('daemon', 'DAEMON_BIND_ADDRESS'):
DAEMON_BIND_ADDRESS = iniconfig.get('daemon', 'DAEMON_BIND_ADDRESS')
X2GOBROKER_SSL_CERTFILE = ""
"""Path to the SSL/TLS public certificate file."""
if 'X2GOBROKER_SSL_CERTFILE' in os.environ:
X2GOBROKER_SSL_CERTFILE = os.environ['X2GOBROKER_SSL_CERTFILE']
elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_SSL_CERTFILE'):
X2GOBROKER_SSL_CERTFILE = iniconfig.get(iniconfig_section, 'X2GOBROKER_SSL_CERTFILE')
elif iniconfig_loaded and iniconfig.has_option('daemon', 'X2GOBROKER_SSL_CERTFILE'):
X2GOBROKER_SSL_CERTFILE = iniconfig.get('daemon', 'X2GOBROKER_SSL_CERTFILE')
X2GOBROKER_SSL_KEYFILE = ""
"""Path to the SSL/TLS secret key file."""
if 'X2GOBROKER_SSL_KEYFILE' in os.environ:
X2GOBROKER_SSL_KEYFILE = os.environ['X2GOBROKER_SSL_KEYFILE']
elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_SSL_KEYFILE'):
X2GOBROKER_SSL_KEYFILE = iniconfig.get(iniconfig_section, 'X2GOBROKER_SSL_KEYFILE')
elif iniconfig_loaded and iniconfig.has_option('daemon', 'X2GOBROKER_SSL_KEYFILE'):
X2GOBROKER_SSL_KEYFILE = iniconfig.get('daemon', 'X2GOBROKER_SSL_KEYFILE')
###
### static / hard-coded defaults
###
try:
if socket.gethostname().find('.') >= 0:
X2GOBROKER_HOSTNAME = socket.gethostname()
else:
X2GOBROKER_HOSTNAME = socket.gethostbyaddr(socket.gethostname())[0]
except socket.gaierror:
X2GOBROKER_HOSTNAME = 'localhost'
# the home directory of the user that the daemon/cgi runs as
X2GOBROKER_HOME = os.path.normpath(os.path.expanduser('~{broker_uid}'.format(broker_uid=X2GOBROKER_DAEMON_USER)))
"""Home directory of the user that an X2Go Broker component runs under."""
# defaults for X2Go Sessino Broker configuration file
X2GOBROKER_CONFIG_DEFAULTS = {
'global': {
# legacy support for X2Go Session Broker << 0.0.3.0
# the check-credentials parameter has been slit up into the two params above
'check-credentials': True,
# use these two instead of check-credentials...
'require-password': True,
'require-cookie': False,
'use-static-cookie': False,
'auth-timeout': 36000,
'cookie-directory': '/var/lib/x2gobroker/cookies',
'verify-ip': True,
'pre_auth_scripts': [],
'post_auth_scripts': [],
'select_session_scripts': [],
'my-cookie': None,
'my-cookie-file': '/etc/x2go/broker/x2gobroker.authid',
'enable-plain-output': True,
'enable-json-output': True,
'enable-uccs-output': False,
'my-uccs-url-base': 'http://localhost:8080/',
'default-auth-mech': 'pam',
'default-user-db': 'libnss',
'default-group-db': 'libnss',
'ignore-primary-group-memberships': True,
'default-session-autologin': False,
'default-authorized-keys': '%h/.x2go/authorized_keys',
'default-sshproxy-authorized-keys': '%h/.x2go/authorized_keys',
'default-agent-query-mode': 'NONE',
'default-agent-hostkey-policy': 'RejectPolicy',
'default-portscan-x2goservers': True,
'default-use-load-checker': False,
'load-checker-intervals': 300,
},
'broker_base': {
'enable': False,
},
'broker_zeroconf': {
'enable': False,
'auth-mech': 'pam',
'user-db': 'libnss',
'group-db': 'libnss',
'desktop-shell': 'KDE',
'load-checker': False,
},
'broker_inifile': {
'enable': True,
'session-profiles': '/etc/x2go/broker/x2gobroker-sessionprofiles.conf',
'auth-mech': '',
'user-db': '',
'group-db': '',
'use-load-checker': True,
},
'broker_ldap': {
'enable': False,
'auth-mech': 'ldap',
'user-db': 'ldap',
'group-db': 'ldap',
'uri': 'ldap://localhost:389',
'base': 'dc=example,dc=org',
'user-search-filter': '(&(objectClass=posixAccount)(uid=*))',
'host-search-filter': '(&(objectClass=ipHost)(serial=X2GoServer)(cn=*))',
'group-search-filter': '(&(objectClass=posifxGroup)(cn=*))',
'starttls': False,
'agent-query-mode': 'SSH',
'load-checker': True,
},
}
"""Defaults of the global configuration file, see ``X2GOBROKER_CONFIG``."""
X2GO_DESKTOP_SESSIONS= [
'KDE',
'GNOME',
'XFCE',
'CINNAMON',
'MATE',
'XFCE',
'LXDE',
'TRINITY',
'UNITY',
'ICEWM',
'OPENBOX',
'XDMCP',
]
"""Desktop environment session types supported by X2Go."""
# defaults for X2Go Sessino Broker session profiles file
X2GOBROKER_SESSIONPROFILE_DEFAULTS = {
'DEFAULT': {
'command': 'TERMINAL',
'kdrive': False,
'defsndport': True,
'useiconv': False,
'iconvfrom': 'UTF-8',
'height': 600,
'export': '',
'quality': 9,
'fullscreen': False,
'layout': '',
'useexports': True,
'width': 800,
'speed': 2,
'soundsystem': 'pulse',
'print': True,
'type': 'auto',
'sndport': 4713,
'xinerama': True,
'variant': '',
'usekbd': True,
'fstunnel': True,
'applications': ['TERMINAL','WWWBROWSER','MAILCLIENT','OFFICE'],
'multidisp': False,
'sshproxyport': 22,
'sound': True,
'rootless': True,
'iconvto': 'UTF-8',
'soundtunnel': True,
'dpi': 96,
'sshport': 22,
'setdpi': 0,
'pack': '16m-jpeg',
'user': 'BROKER_USER',
'host': [ 'localhost', ],
'directrdp': False,
'acl-users-allow': [],
'acl-users-deny': [],
'acl-users-order': '',
'acl-groups-allow': [],
'acl-groups-deny': [],
'acl-groups-order': '',
'acl-clients-allow': [],
'acl-clients-deny': [],
'acl-clients-order': '',
'acl-any-order': 'deny-allow',
},
}
"""Default setting of a broker'ish session profile."""
X2GOBROKER_LATEST_UCCS_API_VERSION = 5
"""Latest known API of the UCCS protocol that we support."""