X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/55a1b4d83e6a40a12ec3b540692e98c50cef244e..48ee742135ea5c591b7636e0be9ae5c902fe05b0:/code/getafsgroups.py diff --git a/code/getafsgroups.py b/code/getafsgroups.py old mode 100644 new mode 100755 index c775a01..1c6b82e --- a/code/getafsgroups.py +++ b/code/getafsgroups.py @@ -1,6 +1,7 @@ #!/usr/bin/python import pprint import subprocess +from invirt.config import structs as config # import ldap # l = ldap.open("W92-130-LDAP-2.mit.edu") @@ -28,10 +29,18 @@ class AfsProcessError(Exception): pass def getAfsGroupMembers(group, cell): - p = subprocess.Popen(["pts", "membership", "-noauth", group, '-c', cell], + encrypt = True + for c in config.authz.afs.cells: + if c.cell == cell and hasattr(c, 'auth'): + encrypt = c.auth + if encrypt: + subprocess.check_call(['aklog', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + p = subprocess.Popen(["pts", "membership", "-encrypt" if encrypt else '-noauth', group, '-c', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE) err = p.stderr.read() if err: #Error code doesn't reveal missing groups, but stderr does + if err.startswith('pts: Permission denied ; unable to get membership of '): + return [] raise AfsProcessError(err) return [line.strip() for line in p.stdout.readlines()[1:]] @@ -48,15 +57,10 @@ def getCell(locker): return p.stdout.read().split()[-1][1:-1] def getLockerAcl(locker): - try: - p = subprocess.Popen(["fs", "listacl", getLockerPath(locker)], - stdout=subprocess.PIPE, stderr=subprocess.PIPE) - if p.wait(): - raise AfsProcessError(p.stderr.read()) - except AfsProcessError, e: - if e.message.startswith("fs: You don't have the required access rights on"): - return [] - raise + p = subprocess.Popen(["fs", "listacl", getLockerPath(locker)], + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + if p.wait(): + raise AfsProcessError(p.stderr.read()) lines = p.stdout.readlines() values = [] for line in lines[1:]: