fix pts mem vulnerability, with new -encrypt option

[invirt/packages/invirt-web.git] / code / getafsgroups.py

diff --git a/code/getafsgroups.py b/code/getafsgroups.py
index c775a01..a35a4f1 100644 (file)
--- a/code/getafsgroups.py
+++ b/code/getafsgroups.py
@@ -28,7 +28,7 @@ class AfsProcessError(Exception):
     pass
 
 def getAfsGroupMembers(group, cell):
-    p = subprocess.Popen(["pts", "membership", "-noauth", group, '-c', cell], 
+    p = subprocess.Popen(["pts", "membership", "-encrypt", group, '-c', cell],
                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     err = p.stderr.read()
     if err: #Error code doesn't reveal missing groups, but stderr does
@@ -48,15 +48,10 @@ def getCell(locker):
     return p.stdout.read().split()[-1][1:-1]
 
 def getLockerAcl(locker):
-    try:
-        p = subprocess.Popen(["fs", "listacl", getLockerPath(locker)], 
-                             stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-        if p.wait():
-            raise AfsProcessError(p.stderr.read())
-    except AfsProcessError, e:
-        if e.message.startswith("fs: You don't have the required access rights on"):
-            return []
-        raise
+    p = subprocess.Popen(["fs", "listacl", getLockerPath(locker)], 
+                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    if p.wait():
+        raise AfsProcessError(p.stderr.read())
     lines = p.stdout.readlines()
     values = []
     for line in lines[1:]: