templates/getafsgroups.py

   1 #!/usr/bin/python
   2 import pprint
   3 import subprocess
   4
   5 # import ldap
   6 # l = ldap.open("W92-130-LDAP-2.mit.edu")
   7 # # ldap.mit.edu is 1/2 broken right now so we're going to the working backend
   8 # l.simple_bind_s("", "")
   9
  10 # def getLdapGroups(user):
  11 #     """
  12 #     getLdapGroups(user): returns a generator for the list of LDAP groups containing user
  13 #     """
  14 #     for user_data in l.search_s("ou=affiliates,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uid=" + user, []):
  15 #         for group_data in l.search_s("ou=groups,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uniqueMember="+user_data[0], ['cn']):
  16 #             yield group_data[1]['cn'][0]
  17
  18 # def checkLdapGroups(user, group):
  19 #     """
  20 #     checkLdapGroups(user, group): returns True if and only if user is in LDAP group group
  21 #     """
  22 #     for result_data in l.search_s("ou=affiliates,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uid=" + user, []):
  23 #         if l.search_s("ou=groups,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "(&(cn=" + group + ")(uniqueMember="+result_data[0] + "))", []) != []:
  24 #             return True
  25 #     return False
  26
  27 def checkAfsGroup(user, group, cell):
  28     """
  29     checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
  30     """
  31     print user, group
  32     p = subprocess.Popen(["pts", "membership", group, '-c', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  33     p2 = subprocess.Popen(["grep", "-v", "^Members"], stdin=p.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  34     if p2.wait():
  35         return False
  36     for member in p2.stdout.read().split():
  37         if member == user:
  38             return True
  39     return False
  40
  41 def checkLockerOwner(user, locker):
  42     """
  43     checkLockerOwner(user, locker) returns True if and only if user administers locker
  44     """
  45     p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  46     if (p.wait()):
  47         return False
  48     cell = p.stdout.read().split()[-1][1:-1]
  49     p = subprocess.Popen(["fs", "listacl", "/mit/" + locker], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  50     p2 = subprocess.Popen(["grep", "^  .* rlidwka$"], stdin=p.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  51     if (p2.wait()):
  52         return False
  53     for line in p2.stdout.read().split('\n'):
  54         entry = line.split()
  55         if entry == [] or entry[0] == "Negative":
  56             break
  57         if entry[1] == "rlidwka":
  58             if entry[0] == user or (entry[0][0:6] == "system" and checkAfsGroup(user, entry[0], cell)):
  59                 return True
  60     return False
  61
  62
  63 if __name__ == "__main__":
  64 #    print list(getldapgroups("tabbott"))
  65     print checkAfsGroup("tabbott", "system:debathena", 'athena.mit.edu')
  66     print checkAfsGroup("tabbott", "system:debathena", 'sipb.mit.edu')
  67     print checkAfsGroup("tabbott", "system:debathena-root", 'athena.mit.edu')
  68     print checkAfsGroup("tabbott", "system:hmmt-request", 'athena.mit.edu')
  69     print checkLockerOwner("tabbott", "tabbott")
  70     print checkLockerOwner("tabbott", "debathena")
  71     print checkLockerOwner("tabbott", "sipb")
  72     print checkLockerOwner("tabbott", "lsc")
  73     print checkLockerOwner("tabbott", "scripts")
  74     print checkLockerOwner("ecprice", "hmmt")