X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/eb558ecccf88e5606ecb3f961b624dd33c4a1faf..eabe84bd3f3ea514893ec700d598a06c2418f37e:/code/getafsgroups.py

diff --git a/code/getafsgroups.py b/code/getafsgroups.py
old mode 100644
new mode 100755
index a35a4f1..1c6b82e
--- a/code/getafsgroups.py
+++ b/code/getafsgroups.py
@@ -1,6 +1,7 @@
 #!/usr/bin/python
 import pprint
 import subprocess
+from invirt.config import structs as config
 
 # import ldap
 # l = ldap.open("W92-130-LDAP-2.mit.edu")
@@ -28,10 +29,18 @@ class AfsProcessError(Exception):
     pass
 
 def getAfsGroupMembers(group, cell):
-    p = subprocess.Popen(["pts", "membership", "-encrypt", group, '-c', cell],
+    encrypt = True
+    for c in config.authz.afs.cells:
+        if c.cell == cell and hasattr(c, 'auth'):
+            encrypt = c.auth
+    if encrypt:
+        subprocess.check_call(['aklog', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    p = subprocess.Popen(["pts", "membership", "-encrypt" if encrypt else '-noauth', group, '-c', cell],
                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     err = p.stderr.read()
     if err: #Error code doesn't reveal missing groups, but stderr does
+        if err.startswith('pts: Permission denied ; unable to get membership of '):
+            return []
         raise AfsProcessError(err)
     return [line.strip() for line in p.stdout.readlines()[1:]]