X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/a14f1cec3751f18f56c28c7a5ea20b54ab319bc6..a3ce9fc07f5982d9bf2cc5f080e3998782b90e4f:/code/getafsgroups.py?ds=sidebyside diff --git a/code/getafsgroups.py b/code/getafsgroups.py old mode 100644 new mode 100755 index 13f8cf7..1c6b82e --- a/code/getafsgroups.py +++ b/code/getafsgroups.py @@ -1,6 +1,7 @@ #!/usr/bin/python import pprint import subprocess +from invirt.config import structs as config # import ldap # l = ldap.open("W92-130-LDAP-2.mit.edu") @@ -28,10 +29,18 @@ class AfsProcessError(Exception): pass def getAfsGroupMembers(group, cell): - p = subprocess.Popen(["pts", "membership", "-noauth", group, '-c', cell], + encrypt = True + for c in config.authz.afs.cells: + if c.cell == cell and hasattr(c, 'auth'): + encrypt = c.auth + if encrypt: + subprocess.check_call(['aklog', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + p = subprocess.Popen(["pts", "membership", "-encrypt" if encrypt else '-noauth', group, '-c', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE) err = p.stderr.read() if err: #Error code doesn't reveal missing groups, but stderr does + if err.startswith('pts: Permission denied ; unable to get membership of '): + return [] raise AfsProcessError(err) return [line.strip() for line in p.stdout.readlines()[1:]]