From 6425bed93f82b2990e8b8b11371da7b74199907a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= Date: Mon, 14 Jan 2013 16:19:17 +0000 Subject: [PATCH] Support fqan ACLs by yaim. --- org.glite.lb.doc/src/LBAG-Installation.tex | 7 ++++--- org.glite.lb.doc/src/LBUG-Troubleshooting.tex | 2 +- org.glite.lb.yaim/config/functions/config_glite_lb.in | 9 +++++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/org.glite.lb.doc/src/LBAG-Installation.tex b/org.glite.lb.doc/src/LBAG-Installation.tex index a8f9413..845aeb7 100644 --- a/org.glite.lb.doc/src/LBAG-Installation.tex +++ b/org.glite.lb.doc/src/LBAG-Installation.tex @@ -246,11 +246,12 @@ According to local retention policy you may want to use different purge timeouts Authorization: \begin{itemize} -\item \texttt{GLITE\_LB\_SUPER\_USERS} -- additional super-users (default: empty)\footnote{The use of this parameter is a FAQ. See section \ref{FAQ:WMS_superusers}.} +\item \texttt{GLITE\_LB\_SUPER\_USERS} -- additional DNs of super-users (default: empty)\footnote{The use of this parameter is a FAQ. See section \ref{FAQ:WMS_superusers}.} \item \texttt{GLITE\_LB\_WMS\_DN} -- DNs of WMS servers (default: empty)\footnotemark[\thefootnote] \item \texttt{GLITE\_LB\_RTM\_DN} -- DNs using to get notifications from \LB server\\ -(default: \texttt{heppc24.hep.ph.ic.ac.uk} machine certificate) -\item \texttt{GLITE\_LB\_AUTHZ\_} -- more detailed tuning of access grants, see Section~\ref{inst:authz} (default: empty, '\texttt{.*}' for logging and job registrations) +(default: \texttt{rtmsrv00.hep.ph.ic.ac.uk} machine certificate) +\item \texttt{GLITE\_LB\_AUTHZ\_} -- more detailed tuning of access grants using certificate DNs, see Section~\ref{inst:authz} (default: empty, '\texttt{.*}' for logging and job registrations) +\item \texttt{GLITE\_LB\_AUTHZ\_\_FQAN} -- more detailed tuning of access grants using VOMS FQANs, see Section~\ref{inst:authz} (default: empty) \end{itemize} Additional helper or legacy parameters: diff --git a/org.glite.lb.doc/src/LBUG-Troubleshooting.tex b/org.glite.lb.doc/src/LBUG-Troubleshooting.tex index 50994c2..8d6465f 100644 --- a/org.glite.lb.doc/src/LBUG-Troubleshooting.tex +++ b/org.glite.lb.doc/src/LBUG-Troubleshooting.tex @@ -25,7 +25,7 @@ Apparent software bugs are tracked in Savannah at \url{https://savannah.cern.ch/bugs/?func=additem&group=jra1mdw} \end{center} -When submitting a \LB spcecific problem/bug, the following information might be useful: +When submitting a \LB specific problem/bug, the following information might be useful: \begin{itemize} \item version of software used (all \verb'glite-lb-*' packages installed at your site) \item description of the problem, the \verb'jobId', addresses of all relevant diff --git a/org.glite.lb.yaim/config/functions/config_glite_lb.in b/org.glite.lb.yaim/config/functions/config_glite_lb.in index 1919609..5ae83a0 100644 --- a/org.glite.lb.yaim/config/functions/config_glite_lb.in +++ b/org.glite.lb.yaim/config/functions/config_glite_lb.in @@ -135,6 +135,7 @@ resource "LB" { EOF for section in ADMIN_ACCESS STATUS_FOR_MONITORING GET_STATISTICS REGISTER_JOBS READ_ALL PURGE GRANT_OWNERSHIP LOG_WMS_EVENTS LOG_CE_EVENTS LOG_GENERAL_EVENTS; do eval value=\"$`echo GLITE_LB_AUTHZ_$section`\" + eval value_fqan=\"$`echo GLITE_LB_AUTHZ_${section}_FQAN`\" case "$section" in ADMIN_ACCESS) value="$value,$superusers" ;; GET_STATISTICS) value="$value,$wms" ;; @@ -143,11 +144,15 @@ EOF LOG_WMS_EVENTS) value="$value,$wms" ;; esac value="`echo \"$value\" | tr ',' '\n' | grep -v ^$ | sed 's/\(.*\)/\trule permit {\n\t\tsubject = \"\1\"\n\t}/'`" + value_fqan="`echo \"$value_fqan\" | tr ',' '\n' | grep -v ^$ | sed 's/\(.*\)/\trule permit {\n\t\tfqan = \"\1\"\n\t}/'`" + if test -n "$value"; then value="$value +"; fi + if test -n "$value_fqan"; then value_fqan="$value_fqan +"; fi cat <> "$authconf".new action "$section" { -$value -} +$value$value_fqan} EOF done cat <> "$authconf".new -- 1.8.2.3