diff options
| author | Adrian Likins <root@grimlock.devel.redhat.com> | 2008-05-01 23:52:12 -0400 |
|---|---|---|
| committer | root <root@grimlock.devel.redhat.com> | 2008-05-01 23:52:12 -0400 |
| commit | 85c52572b2a74a1e7934feeca4e3dddafeebd7fd (patch) | |
| tree | 389ecf643366c82d05337e6c9a998237e2d11217 /func | |
| parent | 448a55ad6456d85c0ae2fa6cb18814d8d07b6c69 (diff) | |
| download | third_party-func-85c52572b2a74a1e7934feeca4e3dddafeebd7fd.tar.gz third_party-func-85c52572b2a74a1e7934feeca4e3dddafeebd7fd.tar.xz third_party-func-85c52572b2a74a1e7934feeca4e3dddafeebd7fd.zip | |
turn on some acl logging so I can debug this
Diffstat (limited to 'func')
| -rw-r--r-- | func/commonconfig.py | 1 | ||||
| -rw-r--r-- | func/minion/acls.py | 33 | ||||
| -rwxr-xr-x | func/minion/server.py | 2 |
3 files changed, 26 insertions, 10 deletions
diff --git a/func/commonconfig.py b/func/commonconfig.py index 66f4cfc..0f5ea55 100644 --- a/func/commonconfig.py +++ b/func/commonconfig.py @@ -20,3 +20,4 @@ from config import BaseConfig, BoolOption, Option class FuncdConfig(BaseConfig): log_level = Option('INFO') acl_dir = Option('/etc/func/minion-acl.d') + certmaster_overrides_acls = BoolOption(True) diff --git a/func/minion/acls.py b/func/minion/acls.py index 786a9c5..c592bd6 100644 --- a/func/minion/acls.py +++ b/func/minion/acls.py @@ -14,14 +14,20 @@ import fnmatch import glob import os +from func import logger # TODO: need to track which file got which config from class Acls(object): - def __init__(self, acldir=None): - self.acldir = acldir + def __init__(self, config=None): + self.config = config + + self.acldir = self.config.acl_dir self.acls = {} + self.logger = logger.Logger().logger + self.certmaster_overrides_acls = self.config.certmaster_overrides_acls + self.load() def load(self): """ @@ -39,7 +45,7 @@ class Acls(object): files = glob.glob(acl_glob) for acl_file in files: - + self.logger.debug("acl_file", acl_file) try: fo = open(acl_file, 'r') except (IOError, OSError), e: @@ -58,22 +64,31 @@ class Acls(object): if not self.acls.has_key(host): self.acls[host] = [] self.acls[host].extend(methods) - + + self.logger.debug("acls", self.acls) + return self.acls def check(self, cm_cert, cert, ip, method, params): # certmaster always gets to run things - ca_cn = cm_cert.get_subject().CN - ca_hash = cm_cert.subject_name_hash() - ca_key = '%s-%s' % (ca_cn, ca_hash) - self.acls[ca_key] = ['*'] + # unless we are testing, and need to turn it off.. -al; + + + if self.config.certmaster_overrides_acls: + ca_cn = cm_cert.get_subject().CN + ca_hash = cm_cert.subject_name_hash() + ca_key = '%s-%s' % (ca_cn, ca_hash) + self.acls[ca_key] = ['*'] cn = cert.get_subject().CN sub_hash = cert.subject_name_hash() + self.logger.debug("cn: %s sub_hash: %s" % (cn, sub_hash)) + self.logger.debug("acls %s" % self.acls) if self.acls: allow_list = [] hostkey = '%s-%s' % (cn, sub_hash) + self.logger.debug("hostkey %s" % hostkey) # search all the keys, match to 'cn-subhash' for hostmatch in self.acls.keys(): if fnmatch.fnmatch(hostkey, hostmatch): @@ -86,7 +101,7 @@ class Acls(object): return False def save(self): - for + pass def add(self, acl, host): pass diff --git a/func/minion/server.py b/func/minion/server.py index c371680..2750afc 100755 --- a/func/minion/server.py +++ b/func/minion/server.py @@ -185,7 +185,7 @@ class FuncSSLXMLRPCServer(AuthedXMLRPCServer.AuthedSSLXMLRPCServer, self._our_ca = certs.retrieve_cert_from_file(self.ca) - self.acls = acls_mod.Acls(acldir=self.config.acl_dir) + self.acls = acls_mod.Acls(config=self.config) AuthedXMLRPCServer.AuthedSSLXMLRPCServer.__init__(self, ("", 51234), self.key, self.cert, |