X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-remote.git/blobdiff_plain/ccdd1009d00397d0f81fa9a95aa96faf448b9e94..9b2c6cb76b2935133c0c1ed1626d077614b460ec:/server/usr/sbin/invirt-remconffs?ds=sidebyside diff --git a/server/usr/sbin/invirt-remconffs b/server/usr/sbin/invirt-remconffs index 6389391..ac4fe15 100755 --- a/server/usr/sbin/invirt-remconffs +++ b/server/usr/sbin/invirt-remconffs @@ -14,6 +14,7 @@ class RemConfFS(routefs.RouteFS): """ RemConfFS creates a filesytem for configuring remctl, like this: / + |-- adminacl |-- acl | |-- machine1 | ... @@ -39,11 +40,12 @@ class RemConfFS(routefs.RouteFS): m.connect('', controller='getroot') m.connect('acl', controller='getmachines') m.connect('acl/:machine', controller='getacl') + m.connect('adminacl', controller='getadmin') m.connect('conf', controller='getconf') return m def getroot(self, **kw): - return ['acl', 'conf'] + return ['adminacl', 'acl', 'conf'] def getacl(self, machine, **kw): """Build the ACL file for a machine @@ -70,6 +72,14 @@ class RemConfFS(routefs.RouteFS): def getmachines(self, **kw): """Get the list of VMs in the database. Does not cache to prevent race conditions.""" return list(row[0] for row in database.session.execute(sa.sql.select([database.Machine.c.name]))) + + def getadmin(self, **kw): + """ + Get the list of administrators for the global ACL. + """ + acl = [self.userToPrinc(row[0]) for row in database.session.execute(sa.sql.select([database.admins_table.c.user]))] + acl.append('include /etc/remctl/acl/web\n') + return '\n'.join(acl) def userToPrinc(self, user): """Convert Kerberos v4-style names to v5-style and append a default @@ -79,7 +89,7 @@ class RemConfFS(routefs.RouteFS): (princ, realm) = user.split('@') else: princ = user - realm = config.authn[0].realm + realm = config.kerberos.realm return princ.replace('.', '/') + '@' + realm