From: Evan Broder Date: Sun, 15 Feb 2009 03:18:26 +0000 (-0500) Subject: Don't encrypt requests to the PRDB if config.authz.auth is set to False. X-Git-Tag: 0.0.19~2 X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/commitdiff_plain/477befa7c4a141e8b33325608511ff73429cd9b4?hp=79537c1e720c144825008c3f50f7f34209f17a52 Don't encrypt requests to the PRDB if config.authz.auth is set to False. svn path=/trunk/packages/invirt-web/; revision=2119 --- diff --git a/code/getafsgroups.py b/code/getafsgroups.py old mode 100644 new mode 100755 index d8ba297..7067e53 --- a/code/getafsgroups.py +++ b/code/getafsgroups.py @@ -1,6 +1,7 @@ #!/usr/bin/python import pprint import subprocess +from invirt.config import structs as config # import ldap # l = ldap.open("W92-130-LDAP-2.mit.edu") @@ -28,8 +29,12 @@ class AfsProcessError(Exception): pass def getAfsGroupMembers(group, cell): + encrypt = True + for c in config.authz: + if c.type == 'afs' and c.cell == cell and hasattr(c, 'auth'): + encrypt = c.auth subprocess.check_call(['aklog', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE) - p = subprocess.Popen(["pts", "membership", "-encrypt", group, '-c', cell], + p = subprocess.Popen(["pts", "membership", "-encrypt" if encrypt else '-noauth', group, '-c', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE) err = p.stderr.read() if err: #Error code doesn't reveal missing groups, but stderr does