From 477befa7c4a141e8b33325608511ff73429cd9b4 Mon Sep 17 00:00:00 2001 From: Evan Broder Date: Sat, 14 Feb 2009 22:18:26 -0500 Subject: [PATCH 1/1] Don't encrypt requests to the PRDB if config.authz.auth is set to False. svn path=/trunk/packages/invirt-web/; revision=2119 --- code/getafsgroups.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) mode change 100644 => 100755 code/getafsgroups.py diff --git a/code/getafsgroups.py b/code/getafsgroups.py old mode 100644 new mode 100755 index d8ba297..7067e53 --- a/code/getafsgroups.py +++ b/code/getafsgroups.py @@ -1,6 +1,7 @@ #!/usr/bin/python import pprint import subprocess +from invirt.config import structs as config # import ldap # l = ldap.open("W92-130-LDAP-2.mit.edu") @@ -28,8 +29,12 @@ class AfsProcessError(Exception): pass def getAfsGroupMembers(group, cell): + encrypt = True + for c in config.authz: + if c.type == 'afs' and c.cell == cell and hasattr(c, 'auth'): + encrypt = c.auth subprocess.check_call(['aklog', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE) - p = subprocess.Popen(["pts", "membership", "-encrypt", group, '-c', cell], + p = subprocess.Popen(["pts", "membership", "-encrypt" if encrypt else '-noauth', group, '-c', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE) err = p.stderr.read() if err: #Error code doesn't reveal missing groups, but stderr does -- 1.7.9.5