X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/1b80f0af7da61f9a9a22f9bb71193086fbf81434..6615e67c6de090b18e33aa77e87255bd9f65d9a9:/code/getafsgroups.py diff --git a/code/getafsgroups.py b/code/getafsgroups.py index 899de81..9e0f31f 100644 --- a/code/getafsgroups.py +++ b/code/getafsgroups.py @@ -1,6 +1,7 @@ #!/usr/bin/python import pprint import subprocess +from webcommon import InvalidInput # import ldap # l = ldap.open("W92-130-LDAP-2.mit.edu") @@ -34,6 +35,11 @@ def getAfsGroupMembers(group, cell): return [] return [line.strip() for line in p.stdout.readlines()[1:]] +def getLockerPath(locker): + if '/' in locker or locker in ['.', '..']: + raise InvalidInput('owner', locker, 'Locker name is invalid.') + return '/mit/' + locker + def checkAfsGroup(user, group, cell): """ checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell @@ -41,14 +47,14 @@ def checkAfsGroup(user, group, cell): return user in getAfsGroupMembers(group, cell) def getCell(locker): - p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker], + p = subprocess.Popen(["fs", "whichcell", getLockerPath(locker)], stdout=subprocess.PIPE, stderr=subprocess.PIPE) if p.wait(): raise MyException(p.stderr.read()) return p.stdout.read().split()[-1][1:-1] def getLockerAcl(locker): - p = subprocess.Popen(["fs", "listacl", "/mit/" + locker], + p = subprocess.Popen(["fs", "listacl", getLockerPath(locker)], stdout=subprocess.PIPE, stderr=subprocess.PIPE) if p.wait(): raise MyException(p.stderr.read()) @@ -58,7 +64,7 @@ def getLockerAcl(locker): fields = line.split() if fields[0] == 'Negative': break - if 'rlidwka' in fields[1]: + if 'a' in fields[1]: values.append(fields[0]) return values @@ -79,7 +85,7 @@ def notLockerOwner(user, locker): if entry == user or (entry[0:6] == "system" and checkAfsGroup(user, entry, cell)): return False - return "You don't have admin bits on /mit/" + locker + return "You don't have admin bits on " + getLockerPath(locker) if __name__ == "__main__":