X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/c1698793a8a1d05b16c2dc362a7c28b2af0b69d3..11b6c2b07cba5d282483dc2f9a9beb59cbdb645c:/code/getafsgroups.py diff --git a/code/getafsgroups.py b/code/getafsgroups.py index e71ede4..13f8cf7 100644 --- a/code/getafsgroups.py +++ b/code/getafsgroups.py @@ -1,7 +1,6 @@ #!/usr/bin/python import pprint import subprocess -from webcommon import InvalidInput # import ldap # l = ldap.open("W92-130-LDAP-2.mit.edu") @@ -29,23 +28,18 @@ class AfsProcessError(Exception): pass def getAfsGroupMembers(group, cell): - p = subprocess.Popen(["pts", "membership", group, '-c', cell], + p = subprocess.Popen(["pts", "membership", "-noauth", group, '-c', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE) - if p.wait(): - return [] + err = p.stderr.read() + if err: #Error code doesn't reveal missing groups, but stderr does + raise AfsProcessError(err) return [line.strip() for line in p.stdout.readlines()[1:]] def getLockerPath(locker): if '/' in locker or locker in ['.', '..']: - raise InvalidInput('owner', locker, 'Locker name is invalid.') + raise AfsProcessError("Locker '%s' is invalid." % locker) return '/mit/' + locker -def checkAfsGroup(user, group, cell): - """ - checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell - """ - return user in getAfsGroupMembers(group, cell) - def getCell(locker): p = subprocess.Popen(["fs", "whichcell", getLockerPath(locker)], stdout=subprocess.PIPE, stderr=subprocess.PIPE) @@ -82,18 +76,18 @@ def notLockerOwner(user, locker): return str(e) for entry in values: - if entry == user or (entry[0:6] == "system" and - checkAfsGroup(user, entry, cell)): + if entry == user or (entry[0:6] == "system" and + user in getAfsGroupMembers(entry, cell)): return False return "You don't have admin bits on " + getLockerPath(locker) if __name__ == "__main__": # print list(getldapgroups("tabbott")) - print checkAfsGroup("tabbott", "system:debathena", 'athena.mit.edu') - print checkAfsGroup("tabbott", "system:debathena", 'sipb.mit.edu') - print checkAfsGroup("tabbott", "system:debathena-root", 'athena.mit.edu') - print checkAfsGroup("tabbott", "system:hmmt-request", 'athena.mit.edu') + print "tabbott" in getAfsGroupMembers("system:debathena", 'athena.mit.edu') + print "tabbott" in getAfsGroupMembers("system:debathena", 'sipb.mit.edu') + print "tabbott" in getAfsGroupMembers("system:debathena-root", 'athena.mit.edu') + print "tabbott" in getAfsGroupMembers("system:hmmt-request", 'athena.mit.edu') print notLockerOwner("tabbott", "tabbott") print notLockerOwner("tabbott", "debathena") print notLockerOwner("tabbott", "sipb")