Don't encrypt requests to the PRDB if config.authz.auth is set to False.
authorEvan Broder <broder@mit.edu>
Sun, 15 Feb 2009 03:18:26 +0000 (22:18 -0500)
committerEvan Broder <broder@mit.edu>
Sun, 15 Feb 2009 03:18:26 +0000 (22:18 -0500)
svn path=/trunk/packages/invirt-web/; revision=2119

code/getafsgroups.py [changed mode: 0644->0755]

old mode 100644 (file)
new mode 100755 (executable)
index d8ba297..7067e53
@@ -1,6 +1,7 @@
 #!/usr/bin/python
 import pprint
 import subprocess
+from invirt.config import structs as config
 
 # import ldap
 # l = ldap.open("W92-130-LDAP-2.mit.edu")
@@ -28,8 +29,12 @@ class AfsProcessError(Exception):
     pass
 
 def getAfsGroupMembers(group, cell):
+    encrypt = True
+    for c in config.authz:
+        if c.type == 'afs' and c.cell == cell and hasattr(c, 'auth'):
+            encrypt = c.auth
     subprocess.check_call(['aklog', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-    p = subprocess.Popen(["pts", "membership", "-encrypt", group, '-c', cell],
+    p = subprocess.Popen(["pts", "membership", "-encrypt" if encrypt else '-noauth', group, '-c', cell],
                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     err = p.stderr.read()
     if err: #Error code doesn't reveal missing groups, but stderr does