"""
checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
"""
- print user, group
- p = subprocess.Popen(["pts", "membership", group, '-c', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
- p2 = subprocess.Popen(["grep", "-v", "^Members"], stdin=p.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
- if p2.wait():
+ p = subprocess.Popen(["pts", "membership", group, '-c', cell],
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ if p.wait():
return False
- for member in p2.stdout.read().split():
- if member == user:
+ for line in p.stdout.readlines()[1:]:
+ if line.strip() == user:
return True
return False
-def checkLockerOwner(user, locker):
+def checkLockerOwner(user, locker, verbose=False):
"""
checkLockerOwner(user, locker) returns True if and only if user administers locker
"""
- p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
- if (p.wait()):
+ p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker],
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ if p.wait():
+ if verbose:
+ return p.stderr.read()
return False
cell = p.stdout.read().split()[-1][1:-1]
- p = subprocess.Popen(["fs", "listacl", "/mit/" + locker], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
- p2 = subprocess.Popen(["grep", "^ .* rlidwka$"], stdin=p.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
- if (p2.wait()):
+ p = subprocess.Popen(["fs", "listacl", "/mit/" + locker],
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ if p.wait():
+ if verbose:
+ return p.stderr.read()
return False
- for line in p2.stdout.read().split('\n'):
+ for line in p.stdout.readlines()[1:]:
entry = line.split()
- if entry == [] or entry[0] == "Negative":
+ if not entry or entry[0] == "Negative":
break
if entry[1] == "rlidwka":
- if entry[0] == user or (entry[0][0:6] == "system" and checkAfsGroup(user, entry[0], cell)):
+ if entry[0] == user or (entry[0][0:6] == "system" and
+ checkAfsGroup(user, entry[0], cell)):
return True
+ if verbose:
+ return "You don't have admin bits on /mit/" + locker
return False