from Cheetah.Template import Template
import validation
import cache_acls
-from webcommon import InvalidInput, CodeError, State
+from webcommon import State
import controls
from getafsgroups import getAfsGroupMembers
from invirt import database
from invirt.database import Machine, CDROM, session, connect, MachineAccess, Type, Autoinstall
from invirt.config import structs as config
+from invirt.common import InvalidInput, CodeError
def pathSplit(path):
if path.startswith('/'):
"""
machine = validation.Validate(username, state, machine_id=fields.getfirst('machine_id')).machine
- TOKEN_KEY = "0M6W0U1IXexThi5idy8mnkqPKEq1LtEnlK/pZSn0cDrN"
-
- data = {}
- data["user"] = username
- data["machine"] = machine.name
- data["expires"] = time.time()+(5*60)
- pickled_data = cPickle.dumps(data)
- m = hmac.new(TOKEN_KEY, digestmod=sha)
- m.update(pickled_data)
- token = {'data': pickled_data, 'digest': m.digest()}
- token = cPickle.dumps(token)
- token = base64.urlsafe_b64encode(token)
+ token = controls.vnctoken(machine)
host = controls.listHost(machine)
if host:
port = 10003 + [h.hostname for h in config.hosts].index(host)
session.save_or_update(machine)
if update_acl:
- print >> sys.stderr, machine, machine.administrator
cache_acls.refreshMachine(machine)
session.commit()
except:
simple = fields.getfirst('simple')
subjects = fields.getlist('subject')
- help_mapping = {'ParaVM Console': """
+ help_mapping = {
+ 'Autoinstalls': """
+The autoinstaller builds a minimal Debian or Ubuntu system to run as a
+ParaVM. You can access the resulting system by logging into the <a
+href="help?simple=true&subject=ParaVM+Console">serial console server</a>
+with your Kerberos tickets; there is no root password and sshd will
+refuse login.</p>
+
+<p>Under the covers the autoinstaller uses our own patched version of
+xen-create-image, which is a tool based on debootstrap. If you're
+quick in logging into the serial console, you can see it running.
+""",
+ 'ParaVM Console': """
ParaVM machines do not support local console access over VNC. To
access the serial console of these machines, you can SSH with Kerberos
-to console.%s, using the name of the machine as your
-username.""" % config.dns.domains[0],
+to %s, using the name of the machine as your
+username.""" % config.console.hostname,
'HVM/ParaVM': """
HVM machines use the virtualization features of the processor, while
ParaVM machines use Xen's emulation of virtualization features. You
d = dict(op=op, user=username, fields=fields,
errorMessage=str(err), stderr=emsg, traceback=traceback)
details = templates.error_raw(searchList=[d])
- if False: #username not in config.web.errormail_exclude:
+ exclude = config.web.errormail_exclude
+ if username not in exclude and '*' not in exclude:
send_error_mail('xvm error on %s for %s: %s' % (op, username, err),
details)
d['details'] = details
def getUser(environ):
"""Return the current user based on the SSL environment variables"""
- return environ.get('REMOTE_USER', None)
+ user = environ.get('REMOTE_USER')
+ if user is None:
+ return
+
+ if environ.get('AUTH_TYPE') == 'Negotiate':
+ # Convert the krb5 principal into a krb4 username
+ if not user.endswith('@%s' % config.authn[0].realm):
+ return
+ else:
+ return user.split('@')[0].replace('/', '.')
+ else:
+ return user
def handler(username, state, path, fields):
operation, path = pathSplit(path)
projects / invirt/packages/invirt-web.git / blobdiff