templates/getafsgroups.py

   1 #!/usr/bin/python
   2 import pprint
   3 import subprocess
   4
   5 # import ldap
   6 # l = ldap.open("W92-130-LDAP-2.mit.edu")
   7 # # ldap.mit.edu is 1/2 broken right now so we're going to the working backend
   8 # l.simple_bind_s("", "")
   9
  10 # def getLdapGroups(user):
  11 #     """
  12 #     getLdapGroups(user): returns a generator for the list of LDAP groups containing user
  13 #     """
  14 #     for user_data in l.search_s("ou=affiliates,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uid=" + user, []):
  15 #         for group_data in l.search_s("ou=groups,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uniqueMember="+user_data[0], ['cn']):
  16 #             yield group_data[1]['cn'][0]
  17
  18 # def checkLdapGroups(user, group):
  19 #     """
  20 #     checkLdapGroups(user, group): returns True if and only if user is in LDAP group group
  21 #     """
  22 #     for result_data in l.search_s("ou=affiliates,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uid=" + user, []):
  23 #         if l.search_s("ou=groups,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "(&(cn=" + group + ")(uniqueMember="+result_data[0] + "))", []) != []:
  24 #             return True
  25 #     return False
  26
  27 def checkAfsGroup(user, group, cell):
  28     """
  29     checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
  30     """
  31     p = subprocess.Popen(["pts", "membership", group, '-c', cell],
  32                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  33     if p.wait():
  34         return False
  35     for line in p.stdout.readlines()[1:]:
  36         if line.strip() == user:
  37             return True
  38     return False
  39
  40 def checkLockerOwner(user, locker, verbose=False):
  41     """
  42     checkLockerOwner(user, locker) returns True if and only if user administers locker.
  43
  44     If verbose is true, instead return the reason for failure, or None
  45     if there is no failure.
  46     """
  47     p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker],
  48                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  49     if p.wait():
  50         if verbose:
  51             return p.stderr.read()
  52         return False
  53     cell = p.stdout.read().split()[-1][1:-1]
  54     p = subprocess.Popen(["fs", "listacl", "/mit/" + locker],
  55                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  56     if p.wait():
  57         if verbose:
  58             return p.stderr.read()
  59         return False
  60     for line in p.stdout.readlines()[1:]:
  61         entry = line.split()
  62         if not entry or entry[0] == "Negative":
  63             break
  64         if entry[1] == "rlidwka":
  65             if entry[0] == user or (entry[0][0:6] == "system" and
  66                                     checkAfsGroup(user, entry[0], cell)):
  67                 if verbose:
  68                     return None
  69                 return True
  70     if verbose:
  71         return "You don't have admin bits on /mit/" + locker
  72     return False
  73
  74
  75 if __name__ == "__main__":
  76 #    print list(getldapgroups("tabbott"))
  77     print checkAfsGroup("tabbott", "system:debathena", 'athena.mit.edu')
  78     print checkAfsGroup("tabbott", "system:debathena", 'sipb.mit.edu')
  79     print checkAfsGroup("tabbott", "system:debathena-root", 'athena.mit.edu')
  80     print checkAfsGroup("tabbott", "system:hmmt-request", 'athena.mit.edu')
  81     print checkLockerOwner("tabbott", "tabbott")
  82     print checkLockerOwner("tabbott", "debathena")
  83     print checkLockerOwner("tabbott", "sipb")
  84     print checkLockerOwner("tabbott", "lsc")
  85     print checkLockerOwner("tabbott", "scripts")
  86     print checkLockerOwner("ecprice", "hmmt")