projects
/
invirt/packages/invirt-base.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Store AFS cell configuration at authz.afs.cells instead of just
[invirt/packages/invirt-base.git]
/
python
/
invirt
/
authz
/
locker.py
diff --git
a/python/invirt/authz/locker.py
b/python/invirt/authz/locker.py
index
cf33d5e
..
cbfc28a
100644
(file)
--- a/
python/invirt/authz/locker.py
+++ b/
python/invirt/authz/locker.py
@@
-58,7
+58,7
@@
def expandAdmin(name, owner):
administrator is always interpreted as an AFS entry (either a user
or a group) in the home cell (athena.mit.edu for XVM).
"""
administrator is always interpreted as an AFS entry (either a user
or a group) in the home cell (athena.mit.edu for XVM).
"""
- cell = config.authz.cells[0].cell
+ cell = config.authz.afs.cells[0].cell
auth = _authenticate(cell)
return _expandGroup(name, cell=cell, auth=auth)
auth = _authenticate(cell)
return _expandGroup(name, cell=cell, auth=auth)
@@
-84,7
+84,7
@@
def _authenticate(cell):
which authenticate directly against the machine's home realm and
cells distantly related to the machine's home realm.
"""
which authenticate directly against the machine's home realm and
cells distantly related to the machine's home realm.
"""
- for c in config.authz.cells:
+ for c in config.authz.afs.cells:
if c.cell == cell and not c.auth:
return False
if c.cell == cell and not c.auth:
return False
@@
-110,7
+110,8
@@
def _expandGroup(name, cell=None, auth=False):
to retrieve its membership, we assume it's empty.
"""
try:
to retrieve its membership, we assume it's empty.
"""
try:
- ent = pts.PTS(cell, 3 if auth else 0).getEntry(name)
+ ent = pts.PTS(cell, pts.PTS_ENCRYPT if auth else pts.PTS_UNAUTH).\
+ getEntry(name)
if ent.id > 0:
return set([ent.name])
else:
if ent.id > 0:
return set([ent.name])
else:
projects / invirt/packages/invirt-base.git / blobdiff