Show the cherrypy request object on the helloworld page

[invirt/packages/invirt-web.git] / code / getafsgroups.py

diff --git a/code/getafsgroups.py b/code/getafsgroups.py
old mode 100644 (file)
new mode 100755 (executable)
index 13f8cf7..fed3a6b
--- a/code/getafsgroups.py
+++ b/code/getafsgroups.py
@@ -1,6 +1,7 @@
 #!/usr/bin/python
 import pprint
 import subprocess
+from invirt.config import structs as config
 
 # import ldap
 # l = ldap.open("W92-130-LDAP-2.mit.edu")
@@ -28,10 +29,17 @@ class AfsProcessError(Exception):
     pass
 
 def getAfsGroupMembers(group, cell):
-    p = subprocess.Popen(["pts", "membership", "-noauth", group, '-c', cell], 
+    encrypt = True
+    for c in config.authz.afs.cells:
+        if c.cell == cell and hasattr(c, 'auth'):
+            encrypt = c.auth
+    subprocess.check_call(['aklog', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    p = subprocess.Popen(["pts", "membership", "-encrypt" if encrypt else '-noauth', group, '-c', cell],
                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     err = p.stderr.read()
     if err: #Error code doesn't reveal missing groups, but stderr does
+        if err.startswith('pts: Permission denied ; unable to get membership of '):
+            return []
         raise AfsProcessError(err)
     return [line.strip() for line in p.stdout.readlines()[1:]]