projects
/
invirt/packages/invirt-web.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Better error messaging for invalid lockers.
[invirt/packages/invirt-web.git]
/
code
/
getafsgroups.py
diff --git
a/code/getafsgroups.py
b/code/getafsgroups.py
index
899de81
..
e2fece0
100644
(file)
--- a/
code/getafsgroups.py
+++ b/
code/getafsgroups.py
@@
-24,7
+24,7
@@
import subprocess
# return True
# return False
# return True
# return False
-class MyException(Exception):
+class AfsProcessError(Exception):
pass
def getAfsGroupMembers(group, cell):
pass
def getAfsGroupMembers(group, cell):
@@
-34,6
+34,11
@@
def getAfsGroupMembers(group, cell):
return []
return [line.strip() for line in p.stdout.readlines()[1:]]
return []
return [line.strip() for line in p.stdout.readlines()[1:]]
+def getLockerPath(locker):
+ if '/' in locker or locker in ['.', '..']:
+ raise AfsProcessError("Locker '%s' is invalid." % locker)
+ return '/mit/' + locker
+
def checkAfsGroup(user, group, cell):
"""
checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
def checkAfsGroup(user, group, cell):
"""
checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
@@
-41,24
+46,24
@@
def checkAfsGroup(user, group, cell):
return user in getAfsGroupMembers(group, cell)
def getCell(locker):
return user in getAfsGroupMembers(group, cell)
def getCell(locker):
- p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker],
+ p = subprocess.Popen(["fs", "whichcell", getLockerPath(locker)],
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
if p.wait():
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
if p.wait():
- raise MyException(p.stderr.read())
+ raise AfsProcessError(p.stderr.read())
return p.stdout.read().split()[-1][1:-1]
def getLockerAcl(locker):
return p.stdout.read().split()[-1][1:-1]
def getLockerAcl(locker):
- p = subprocess.Popen(["fs", "listacl", "/mit/" + locker],
+ p = subprocess.Popen(["fs", "listacl", getLockerPath(locker)],
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
if p.wait():
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
if p.wait():
- raise MyException(p.stderr.read())
+ raise AfsProcessError(p.stderr.read())
lines = p.stdout.readlines()
values = []
for line in lines[1:]:
fields = line.split()
if fields[0] == 'Negative':
break
lines = p.stdout.readlines()
values = []
for line in lines[1:]:
fields = line.split()
if fields[0] == 'Negative':
break
- if 'rlidwka' in fields[1]:
+ if 'a' in fields[1]:
values.append(fields[0])
return values
values.append(fields[0])
return values
@@
-72,14
+77,14
@@
def notLockerOwner(user, locker):
try:
cell = getCell(locker)
values = getLockerAcl(locker)
try:
cell = getCell(locker)
values = getLockerAcl(locker)
- except MyException, e:
+ except AfsProcessError, e:
return str(e)
for entry in values:
if entry == user or (entry[0:6] == "system" and
checkAfsGroup(user, entry, cell)):
return False
return str(e)
for entry in values:
if entry == user or (entry[0:6] == "system" and
checkAfsGroup(user, entry, cell)):
return False
- return "You don't have admin bits on /mit/" + locker
+ return "You don't have admin bits on " + getLockerPath(locker)
if __name__ == "__main__":
if __name__ == "__main__":
projects / invirt/packages/invirt-web.git / blobdiff