e4d95ac7ae309b744489b65f3817a55d85dd1295
[x2gobroker.git] / x2gobroker / defaults.py
1 # -*- coding: utf-8 -*-
2
3 # Copyright (C) 2012-2014 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
4 # Copyright (C) 2012-2014 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de>
5 # Copyright (C) 2012-2014 by Heinz-Markus Graesing <heinz-m.graesing@obviously-nice.de>
6 #
7 # X2Go Session Broker is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU Affero General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
11 #
12 # X2Go Session Broker is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 # GNU Affero General Public License for more details.
16 #
17 # You should have received a copy of the GNU Affero General Public License
18 # along with this program; if not, write to the
19 # Free Software Foundation, Inc.,
20 # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
21
22 # modules
23 import os
24 import sys
25 import uuid
26 import getpass
27 import socket
28 import ConfigParser
29 import pwd, grp
30
31 import logging
32 from loggers import logger_broker, logger_access, logger_error, X2GOBROKER_DAEMON_USER
33
34 X2GOBROKER_USER =  pwd.getpwuid(os.geteuid())[0]
35 X2GOBROKER_GROUP =  grp.getgrgid(pwd.getpwuid(os.geteuid())[3])[0]
36 os.environ['HOME'] = pwd.getpwuid(os.geteuid())[5]
37
38 PROG_NAME = os.path.basename(sys.argv[0])
39
40 iniconfig_loaded = None
41 iniconfig_section = '-'.join(PROG_NAME.split('-')[1:])
42 X2GOBROKER_DEFAULTS = "/etc/x2go/broker/defaults.conf"
43 if os.path.isfile(X2GOBROKER_DEFAULTS) and os.access(X2GOBROKER_DEFAULTS, os.R_OK):
44     iniconfig = ConfigParser.SafeConfigParser()
45     iniconfig.optionxform = str
46     iniconfig_loaded = iniconfig.read(X2GOBROKER_DEFAULTS)
47
48 if os.environ.has_key('X2GOBROKER_DAEMON_GROUP'):
49     X2GOBROKER_DAEMON_GROUP=os.environ['X2GOBROKER_DAEMON_GROUP']
50 elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_DAEMON_GROUP'):
51     X2GOBROKER_DAEMON_GROUP=iniconfig.get(iniconfig_section, 'X2GOBROKER_DAEMON_GROUP')
52 elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_DAEMON_GROUP'):
53     X2GOBROKER_DAEMON_GROUP=iniconfig.get('common', 'X2GOBROKER_DAEMON_GROUP')
54 else:
55     X2GOBROKER_DAEMON_GROUP="x2gobroker"
56 if os.environ.has_key('X2GOBROKER_AGENT_USER'):
57     X2GOBROKER_AGENT_USER=os.environ['X2GOBROKER_AGENT_USER']
58 elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_AGENT_USER'):
59     X2GOBROKER_AGENT_USER=iniconfig.get(iniconfig_section, 'X2GOBROKER_AGENT_USER')
60 elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_AGENT_USER'):
61     X2GOBROKER_AGENT_USER=iniconfig.get('common', 'X2GOBROKER_AGENT_USER')
62 else:
63     X2GOBROKER_AGENT_USER="x2gobroker"
64
65 ###
66 ### dynamic default values, influencable through os.environ...
67 ###
68
69 if os.environ.has_key('X2GOBROKER_DEBUG'):
70     X2GOBROKER_DEBUG = ( os.environ['X2GOBROKER_DEBUG'].lower() in ('1', 'on', 'true', 'yes', ) )
71 elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_DEBUG'):
72     X2GOBROKER_DEBUG=iniconfig.get(iniconfig_section, 'X2GOBROKER_DEBUG')
73 elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_DEBUG'):
74     X2GOBROKER_DEBUG=iniconfig.get('common', 'X2GOBROKER_DEBUG')
75 else:
76     X2GOBROKER_DEBUG = False
77 if os.environ.has_key('X2GOBROKER_DEBUG_INTERACTIVELY'):
78     X2GOBROKER_DEBUG_INTERACTIVELY = ( os.environ['X2GOBROKER_DEBUG_INTERACTIVELY'].lower() in ('1', 'on', 'true', 'yes', ) )
79 elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_DEBUG_INTERACTIVELY'):
80     X2GOBROKER_DEBUG_INTERACTIVELY=iniconfig.get(iniconfig_section, 'X2GOBROKER_DEBUG_INTERACTIVELY')
81 elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_DEBUG_INTERACTIVELY'):
82     X2GOBROKER_DEBUG_INTERACTIVELY=iniconfig.get('common', 'X2GOBROKER_DEBUG_INTERACTIVELY')
83 else:
84     X2GOBROKER_DEBUG_INTERACTIVELY = False
85 if os.environ.has_key('X2GOBROKER_TESTSUITE'):
86     X2GOBROKER_TESTSUITE = ( os.environ['X2GOBROKER_TESTSUITE'].lower() in ('1', 'on', 'true', 'yes', ) )
87 elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_TESTSUITE'):
88     X2GOBROKER_TESTSUITE=iniconfig.get(iniconfig_section, 'X2GOBROKER_TESTSUITE')
89 elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_TESTSUITE'):
90     X2GOBROKER_TESTSUITE=iniconfig.get('common', 'X2GOBROKER_TESTSUITE')
91 else:
92     X2GOBROKER_TESTSUITE = False
93
94 # enforce debugging for interactive usage
95 if X2GOBROKER_USER != X2GOBROKER_DAEMON_USER:
96     X2GOBROKER_DEBUG = True
97
98 # raise log levels to CRITICAL if we are running the unittests...
99 if X2GOBROKER_TESTSUITE:
100     logger_broker.setLevel(logging.CRITICAL)
101     logger_access.setLevel(logging.CRITICAL)
102     logger_error.setLevel(logging.CRITICAL)
103
104 if os.environ.has_key('X2GOBROKER_CONFIG'):
105     X2GOBROKER_CONFIG = os.environ['X2GOBROKER_CONFIG']
106 elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_CONFIG'):
107     X2GOBROKER_CONFIG=iniconfig.get(iniconfig_section, 'X2GOBROKER_CONFIG')
108 elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_CONFIG'):
109     X2GOBROKER_CONFIG=iniconfig.get('common', 'X2GOBROKER_CONFIG')
110 else:
111     X2GOBROKER_CONFIG = "/etc/x2go/x2gobroker.conf"
112
113 if os.environ.has_key('X2GOBROKER_SESSIONPROFILES'):
114     X2GOBROKER_SESSIONPROFILES = os.environ['X2GOBROKER_SESSIONPROFILES']
115 elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_SESSIONPROFILES'):
116     X2GOBROKER_SESSIONPROFILES=iniconfig.get(iniconfig_section, 'X2GOBROKER_SESSIONPROFILES')
117 elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_SESSIONPROFILES'):
118     X2GOBROKER_SESSIONPROFILES=iniconfig.get('common', 'X2GOBROKER_SESSIONPROFILES')
119 else:
120     X2GOBROKER_SESSIONPROFILES = "/etc/x2go/broker/x2gobroker-sessionprofiles.conf"
121
122 if os.environ.has_key('X2GOBROKER_AGENT_CMD'):
123     X2GOBROKER_AGENT_CMD = os.environ['X2GOBROKER_AGENT_CMD']
124 elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_AGENT_CMD'):
125     X2GOBROKER_AGENT_CMD=iniconfig.get(iniconfig_section, 'X2GOBROKER_AGENT_CMD')
126 elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_AGENT_CMD'):
127     X2GOBROKER_AGENT_CMD=iniconfig.get('common', 'X2GOBROKER_AGENT_CMD')
128 else:
129     X2GOBROKER_AGENT_CMD = "/usr/lib/x2go/x2gobroker-agent"
130
131 if os.environ.has_key('X2GOBROKER_AUTHSERVICE_SOCKET'):
132     X2GOBROKER_AUTHSERVICE_SOCKET=os.environ['X2GOBROKER_AUTHSERVICE_SOCKET']
133 elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_AUTHSERVICE_SOCKET'):
134     X2GOBROKER_AUTHSERVICE_SOCKET=iniconfig.get(iniconfig_section, 'X2GOBROKER_AUTHSERVICE_SOCKET')
135 elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_AUTHSERVICE_SOCKET'):
136     X2GOBROKER_AUTHSERVICE_SOCKET=iniconfig.get('common', 'X2GOBROKER_AUTHSERVICE_SOCKET')
137 else:
138     if os.path.isdir('/run'):
139         RUNDIR = '/run'
140     else:
141         RUNDIR = '/var/run'
142     X2GOBROKER_AUTHSERVICE_SOCKET="{run}/x2gobroker/x2gobroker-authservice.socket".format(run=RUNDIR)
143
144 if os.environ.has_key('X2GOBROKER_DEFAULT_BACKEND'):
145     X2GOBROKER_DEFAULT_BACKEND = os.environ['X2GOBROKER_DEFAULT_BACKEND']
146 elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_DEFAULT_BACKEND'):
147     X2GOBROKER_DEFAULT_BACKEND=iniconfig.get(iniconfig_section, 'X2GOBROKER_DEFAULT_BACKEND')
148 elif iniconfig_loaded and iniconfig.has_option('common', 'X2GOBROKER_DEFAULT_BACKEND'):
149     X2GOBROKER_DEFAULT_BACKEND=iniconfig.get('common', 'X2GOBROKER_DEFAULT_BACKEND')
150 else:
151     X2GOBROKER_DEFAULT_BACKEND = "inifile"
152
153 if os.environ.has_key('DAEMON_BIND_ADDRESS'):
154     DAEMON_BIND_ADDRESS = os.environ['DAEMON_BIND_ADDRESS']
155 elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'DAEMON_BIND_ADDRESS'):
156     DAEMON_BIND_ADDRESS = iniconfig.get(iniconfig_section, 'DAEMON_BIND_ADDRESS')
157 elif iniconfig_loaded and iniconfig.has_option('daemon', 'DAEMON_BIND_ADDRESS'):
158     DAEMON_BIND_ADDRESS = iniconfig.get('daemon', 'DAEMON_BIND_ADDRESS')
159 else:
160     DAEMON_BIND_ADDRESS = ""
161
162 if os.environ.has_key('X2GOBROKER_SSL_CERTFILE'):
163     X2GOBROKER_SSL_CERTFILE = os.environ['X2GOBROKER_SSL_CERTFILE']
164 elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_SSL_CERTFILE'):
165     X2GOBROKER_SSL_CERTFILE = iniconfig.get(iniconfig_section, 'X2GOBROKER_SSL_CERTFILE')
166 elif iniconfig_loaded and iniconfig.has_option('daemon', 'X2GOBROKER_SSL_CERTFILE'):
167     X2GOBROKER_SSL_CERTFILE = iniconfig.get('daemon', 'X2GOBROKER_SSL_CERTFILE')
168 else:
169     X2GOBROKER_SSL_CERTFILE = ""
170
171 if os.environ.has_key('X2GOBROKER_SSL_KEYFILE'):
172     X2GOBROKER_SSL_KEYFILE = os.environ['X2GOBROKER_SSL_KEYFILE']
173 elif iniconfig_loaded and iniconfig.has_option(iniconfig_section, 'X2GOBROKER_SSL_KEYFILE'):
174     X2GOBROKER_SSL_KEYFILE = iniconfig.get(iniconfig_section, 'X2GOBROKER_SSL_KEYFILE')
175 elif iniconfig_loaded and iniconfig.has_option('daemon', 'X2GOBROKER_SSL_KEYFILE'):
176     X2GOBROKER_SSL_KEYFILE = iniconfig.get('daemon', 'X2GOBROKER_SSL_KEYFILE')
177 else:
178     X2GOBROKER_SSL_KEYFILE = ""
179
180 ###
181 ### static / hard-coded defaults
182 ###
183
184 if socket.gethostname().find('.') >= 0:
185     X2GOBROKER_HOSTNAME = socket.gethostname()
186 else:
187     X2GOBROKER_HOSTNAME = socket.gethostbyaddr(socket.gethostname())[0]
188
189 # the home directory of the user that the daemon/cgi runs as
190 X2GOBROKER_HOME = os.path.normpath(os.path.expanduser('~{broker_uid}'.format(broker_uid=X2GOBROKER_DAEMON_USER)))
191
192 # defaults for X2Go Sessino Broker configuration file
193 X2GOBROKER_CONFIG_DEFAULTS = {
194     'global': {
195         u'require-password': True,
196         u'require-cookie': False,
197         u'use-static-cookie': True,
198         u'auth-timeout': 36000,
199         u'cookie-directory': '/var/lib/x2gobroker/cookies',
200         u'verify-ip': True,
201         u'pre_auth_scripts': [],
202         u'post_auth_scripts': [],
203         u'select_session_scripts': [],
204         u'my-cookie': uuid.uuid4(),
205         u'my-cookie-file': '/etc/x2go/broker/x2gobroker.authid',
206         u'enable-plain-output': True,
207         u'enable-json-output': True,
208         u'enable-uccs-output': False,
209         u'my-uccs-url-base': 'http://localhost:8080/',
210         u'default-auth-mech': u'pam',
211         u'default-user-db': u'libnss',
212         u'default-group-db': u'libnss',
213         u'ignore-primary-group-memberships': True,
214         u'default-session-autologin': False,
215         u'default-authorized-keys': u'%h/.x2go/authorized_keys',
216         u'default-sshproxy-authorized-keys': u'%h/.x2go/authorized_keys',
217         u'default-agent-query-mode': u'NONE',
218     },
219     'broker_base': {
220         u'enable': False,
221     },
222     'broker_zeroconf': {
223         u'enable': False,
224         u'auth-mech': u'pam',
225         u'user-db': u'libnss',
226         u'group-db': u'libnss',
227         u'desktop-shell': u'KDE',
228     },
229     'broker_inifile': {
230         u'enable': True,
231         u'session-profiles': u'/etc/x2go/broker/x2gobroker-sessionprofiles.conf',
232         u'auth-mech': u'',
233         u'user-db': u'',
234         u'group-db': u'',
235     },
236     'broker_ldap': {
237         u'enable': False,
238         u'auth-mech': u'ldap',
239         u'user-db': u'ldap',
240         u'group-db': u'ldap',
241         u'uri': u'ldap://localhost:389',
242         u'base': u'dc=example,dc=org',
243         u'user-search-filter': u'(&(objectClass=posixAccount)(uid=*))',
244         u'host-search-filter': u'(&(objectClass=ipHost)(serial=X2GoServer)(cn=*))',
245         u'group-search-filter': u'(&(objectClass=posifxGroup)(cn=*))',
246         u'starttls': False,
247         u'agent-query-mode': u'SSH',
248     },
249 }
250
251 X2GO_DESKTOP_SESSIONS= [
252     'KDE',
253     'GNOME',
254     'XFCE',
255     'CINNAMON',
256     'MATE',
257     'XFCE',
258     'LXDE',
259     'TRINITY',
260     'UNITY',
261     'XDMCP',
262 ]
263
264 # defaults for X2Go Sessino Broker session profiles file
265 X2GOBROKER_SESSIONPROFILE_DEFAULTS = {
266     u'DEFAULT': {
267         u'command': u'TERMINAL',
268         u'defsndport': True,
269         u'useiconv': False,
270         u'iconvfrom': u'UTF-8',
271         u'height': 600,
272         u'export': u'',
273         u'quality': 9,
274         u'fullscreen': False,
275         u'layout': u'',
276         u'useexports': True,
277         u'width': 800,
278         u'speed': 2,
279         u'soundsystem': u'pulse',
280         u'print': True,
281         u'type': u'auto',
282         u'sndport': 4713,
283         u'xinerama': True,
284         u'variant': u'',
285         u'usekbd': True,
286         u'fstunnel': True,
287         u'applications': [u'TERMINAL',u'WWWBROWSER',u'MAILCLIENT',u'OFFICE'],
288         u'multidisp': False,
289         u'sshproxyport': 22,
290         u'sound': True,
291         u'rootless': True,
292         u'iconvto': u'UTF-8',
293         u'soundtunnel': True,
294         u'dpi': 96,
295         u'sshport': 22,
296         u'setdpi': 0,
297         u'pack': u'16m-jpeg',
298         u'user': 'BROKER_USER',
299         u'host': [ u'localhost', ],
300         u'directrdp': False,
301         u'acl-users-allow': [],
302         u'acl-users-deny': [],
303         u'acl-users-order': '',
304         u'acl-groups-allow': [],
305         u'acl-groups-deny': [],
306         u'acl-groups-order': '',
307         u'acl-clients-allow': [],
308         u'acl-clients-deny': [],
309         u'acl-clients-order': '',
310         u'acl-any-order': u'deny-allow',
311     },
312 }