Get tokens for a cell before getting a list membership from that cell.

[invirt/packages/invirt-web.git] / code / main.py

diff --git a/code/main.py b/code/main.py
index 5037a09..8a5e001 100755 (executable)
--- a/code/main.py
+++ b/code/main.py
@@ -201,8 +201,7 @@ def getListDict(username, state):
     checkpoint.checkpoint('Got max mem/disk')
     defaults = Defaults(max_memory=max_memory,
                         max_disk=max_disk,
     checkpoint.checkpoint('Got max mem/disk')
     defaults = Defaults(max_memory=max_memory,
                         max_disk=max_disk,

-                        owner=username,
-                        cdrom='gutsy-i386')
+                        owner=username)

     checkpoint.checkpoint('Got defaults')
     def sortkey(machine):
         return (machine.owner != username, machine.owner, machine.name)
     checkpoint.checkpoint('Got defaults')
     def sortkey(machine):
         return (machine.owner != username, machine.owner, machine.name)

@@ -246,7 +245,7 @@ def vnc(username, state, path, fields):
     """
     machine = validation.Validate(username, state, machine_id=fields.getfirst('machine_id')).machine
 
     """
     machine = validation.Validate(username, state, machine_id=fields.getfirst('machine_id')).machine
 

-    token = control.vnctoken(machine)
+    token = controls.vnctoken(machine)

     host = controls.listHost(machine)
     if host:
         port = 10003 + [h.hostname for h in config.hosts].index(host)
     host = controls.listHost(machine)
     if host:
         port = 10003 + [h.hostname for h in config.hosts].index(host)

@@ -388,7 +387,6 @@ def modifyDict(username, state, fields):
 
         session.save_or_update(machine)
         if update_acl:
 
         session.save_or_update(machine)
         if update_acl:

-            print >> sys.stderr, machine, machine.administrator

             cache_acls.refreshMachine(machine)
         session.commit()
     except:
             cache_acls.refreshMachine(machine)
         session.commit()
     except:

@@ -427,15 +425,39 @@ def helpHandler(username, state, path, fields):
     simple = fields.getfirst('simple')
     subjects = fields.getlist('subject')
 
     simple = fields.getfirst('simple')
     subjects = fields.getlist('subject')
 

-    help_mapping = {'ParaVM Console': """
+    help_mapping = {
+                    'Autoinstalls': """
+The autoinstaller builds a minimal Debian or Ubuntu system to run as a
+ParaVM.  You can access the resulting system by logging into the <a
+href="help?simple=true&subject=ParaVM+Console">serial console server</a>
+with your Kerberos tickets; there is no root password so sshd will
+refuse login.</p>
+
+<p>Under the covers, the autoinstaller uses our own patched version of
+xen-create-image, which is a tool based on debootstrap.  If you log
+into the serial console while the install is running, you can watch
+it.
+""",
+                    'ParaVM Console': """

 ParaVM machines do not support local console access over VNC.  To
 access the serial console of these machines, you can SSH with Kerberos
 ParaVM machines do not support local console access over VNC.  To
 access the serial console of these machines, you can SSH with Kerberos

-to console.%s, using the name of the machine as your
-username.""" % config.dns.domains[0],
+to %s, using the name of the machine as your
+username.""" % config.console.hostname,

                     'HVM/ParaVM': """
 HVM machines use the virtualization features of the processor, while
                     'HVM/ParaVM': """
 HVM machines use the virtualization features of the processor, while

-ParaVM machines use Xen's emulation of virtualization features.  You
-want an HVM virtualized machine.""",
+ParaVM machines rely on a modified kernel to communicate directly with
+the hypervisor.  HVMs support boot CDs of any operating system, and
+the VNC console applet.  The three-minute autoinstaller produces
+ParaVMs.  ParaVMs typically are more efficient, and always support the
+<a href="help?subject=ParaVM+Console">console server</a>.</p>
+
+<p>More details are <a
+href="https://xvm.scripts.mit.edu/wiki/Paravirtualization">on the
+wiki</a>, including steps to prepare an HVM guest to boot as a ParaVM
+(which you can skip by using the autoinstaller to begin with.)</p>
+
+<p>We recommend using a ParaVM when possible and an HVM when necessary.
+""",

                     'CPU Weight': """
 Don't ask us!  We're as mystified as you are.""",
                     'Owner': """
                     'CPU Weight': """
 Don't ask us!  We're as mystified as you are.""",
                     'Owner': """

@@ -633,7 +655,8 @@ Subject: %s
 
 %s
 """ % (to, config.web.hostname, subject, body)
 
 %s
 """ % (to, config.web.hostname, subject, body)

-    p = subprocess.Popen(['/usr/sbin/sendmail', to], stdin=subprocess.PIPE)
+    p = subprocess.Popen(['/usr/sbin/sendmail', '-f', to, to],
+                         stdin=subprocess.PIPE)

     p.stdin.write(mail)
     p.stdin.close()
     p.wait()
     p.stdin.write(mail)
     p.stdin.close()
     p.wait()

@@ -652,7 +675,18 @@ def show_error(op, username, fields, err, emsg, traceback):
 
 def getUser(environ):
     """Return the current user based on the SSL environment variables"""
 
 def getUser(environ):
     """Return the current user based on the SSL environment variables"""

-    return environ.get('REMOTE_USER', None)
+    user = environ.get('REMOTE_USER')
+    if user is None:
+        return
+    
+    if environ.get('AUTH_TYPE') == 'Negotiate':
+        # Convert the krb5 principal into a krb4 username
+        if not user.endswith('@%s' % config.kerberos.realm):
+            return
+        else:
+            return user.split('@')[0].replace('/', '.')
+    else:
+        return user

 
 def handler(username, state, path, fields):
     operation, path = pathSplit(path)
 
 def handler(username, state, path, fields):
     operation, path = pathSplit(path)