Support fqan ACLs by yaim.

diff --git a/org.glite.lb.doc/src/LBAG-Installation.tex b/org.glite.lb.doc/src/LBAG-Installation.tex
index a8f9413..845aeb7 100644 (file)
--- a/org.glite.lb.doc/src/LBAG-Installation.tex
+++ b/org.glite.lb.doc/src/LBAG-Installation.tex
@@ -246,11 +246,12 @@ According to local retention policy you may want to use different purge timeouts
 
 Authorization:
 \begin{itemize}
-\item \texttt{GLITE\_LB\_SUPER\_USERS} -- additional super-users (default: empty)\footnote{The use of this parameter is a FAQ. See section \ref{FAQ:WMS_superusers}.}
+\item \texttt{GLITE\_LB\_SUPER\_USERS} -- additional DNs of super-users (default: empty)\footnote{The use of this parameter is a FAQ. See section \ref{FAQ:WMS_superusers}.}
 \item \texttt{GLITE\_LB\_WMS\_DN} -- DNs of WMS servers (default: empty)\footnotemark[\thefootnote]
 \item \texttt{GLITE\_LB\_RTM\_DN} -- DNs using to get notifications from \LB server\\
-(default: \texttt{heppc24.hep.ph.ic.ac.uk} machine certificate)
-\item \texttt{GLITE\_LB\_AUTHZ\_<category>} -- more detailed tuning of access grants, see Section~\ref{inst:authz} (default: empty, '\texttt{.*}' for logging and job registrations)
+(default: \texttt{rtmsrv00.hep.ph.ic.ac.uk} machine certificate)
+\item \texttt{GLITE\_LB\_AUTHZ\_<category>} -- more detailed tuning of access grants using certificate DNs, see Section~\ref{inst:authz} (default: empty, '\texttt{.*}' for logging and job registrations)
+\item \texttt{GLITE\_LB\_AUTHZ\_<category>\_FQAN} -- more detailed tuning of access grants using VOMS FQANs, see Section~\ref{inst:authz} (default: empty)
 \end{itemize}
 
 Additional helper or legacy parameters:

diff --git a/org.glite.lb.doc/src/LBUG-Troubleshooting.tex b/org.glite.lb.doc/src/LBUG-Troubleshooting.tex
index 50994c2..8d6465f 100644 (file)
--- a/org.glite.lb.doc/src/LBUG-Troubleshooting.tex
+++ b/org.glite.lb.doc/src/LBUG-Troubleshooting.tex
@@ -25,7 +25,7 @@ Apparent software bugs are tracked in Savannah at
 \url{https://savannah.cern.ch/bugs/?func=additem&group=jra1mdw}
 \end{center}
 
-When submitting a \LB spcecific problem/bug, the following information might be useful:
+When submitting a \LB specific problem/bug, the following information might be useful:
 \begin{itemize}
 \item version of software used (all \verb'glite-lb-*' packages installed at your site)
 \item description of the problem, the \verb'jobId', addresses of all relevant

diff --git a/org.glite.lb.yaim/config/functions/config_glite_lb.in b/org.glite.lb.yaim/config/functions/config_glite_lb.in
index 1919609..5ae83a0 100644 (file)
--- a/org.glite.lb.yaim/config/functions/config_glite_lb.in
+++ b/org.glite.lb.yaim/config/functions/config_glite_lb.in
@@ -135,6 +135,7 @@ resource "LB" {
 EOF
        for section in ADMIN_ACCESS STATUS_FOR_MONITORING GET_STATISTICS REGISTER_JOBS READ_ALL PURGE GRANT_OWNERSHIP LOG_WMS_EVENTS LOG_CE_EVENTS LOG_GENERAL_EVENTS; do
                eval value=\"$`echo GLITE_LB_AUTHZ_$section`\"
+               eval value_fqan=\"$`echo GLITE_LB_AUTHZ_${section}_FQAN`\"
                case "$section" in
                ADMIN_ACCESS) value="$value,$superusers" ;;
                GET_STATISTICS) value="$value,$wms" ;;
@@ -143,11 +144,15 @@ EOF
                LOG_WMS_EVENTS) value="$value,$wms" ;;
                esac
                value="`echo \"$value\" | tr ',' '\n' | grep -v ^$ | sed 's/\(.*\)/\trule permit {\n\t\tsubject = \"\1\"\n\t}/'`"
+               value_fqan="`echo \"$value_fqan\" | tr ',' '\n' | grep -v ^$ | sed 's/\(.*\)/\trule permit {\n\t\tfqan = \"\1\"\n\t}/'`"
+               if test -n "$value"; then value="$value
+"; fi
+               if test -n "$value_fqan"; then value_fqan="$value_fqan
+"; fi
                cat <<EOF >> "$authconf".new
 
 action "$section" {
-$value
-}
+$value$value_fqan}
 EOF
        done
        cat <<EOF >> "$authconf".new