Commit c2a4acd4 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Some rather crude privledge level hacks to allow admin people (real

shells on boss) to use the rpc server without an agent running.
Using the no-passphrase key, these changes allow us to use the server
from ops in a very restricted manner. This change is temporary, until
I have something better in place. In the meantime, admin people change
their auth keys files on *boss* as such:

command="/usr/testbed/sbin/ -ro",from="" ... rest of emulab generated key ...

Note the -ro argument; very important!
parent 6ad13f71
This diff is collapsed.
......@@ -18,6 +18,15 @@ from emulabserver import *
DEFAULT_MODULE = "EmulabServer"
ReadOnly = 0;
# Optional argument indicating read-only privs.
if len(sys.argv) > 1 and sys.argv[1] == "-ro":
ReadOnly = 1;
sys.argv = sys.argv[1:]
# Optional argument indicates the specific module the server wants to use.
......@@ -33,7 +42,7 @@ if len(sys.argv) > 1:
# just a single request this way, and then exit.
# Construct and wrap our object.
server = eval(module + "()")
server = eval(module + "(readonly=" + str(ReadOnly) + ")")
wrapper = sshxmlrpc.SSHServerWrapper(server)
# Handle the request on stdin and send the response to stdout.
wrapper.serve_forever((sys.stdin, sys.stdout))
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment