source: trunk/web/templates/getafsgroups.py @ 209

Last change on this file since 209 was 209, checked in by ecprice, 17 years ago

Split main.py in four.
File size: 3.3 KB
RevLine 
[161]1#!/usr/bin/python
2import pprint
3import subprocess
4
5# import ldap
6# l = ldap.open("W92-130-LDAP-2.mit.edu")
7# # ldap.mit.edu is 1/2 broken right now so we're going to the working backend
8# l.simple_bind_s("", "")
9
10# def getLdapGroups(user):
11#     """
12#     getLdapGroups(user): returns a generator for the list of LDAP groups containing user
13#     """
14#     for user_data in l.search_s("ou=affiliates,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uid=" + user, []):
15#         for group_data in l.search_s("ou=groups,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uniqueMember="+user_data[0], ['cn']):
16#             yield group_data[1]['cn'][0]
17
18# def checkLdapGroups(user, group):
19#     """
20#     checkLdapGroups(user, group): returns True if and only if user is in LDAP group group
21#     """
22#     for result_data in l.search_s("ou=affiliates,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uid=" + user, []):
23#         if l.search_s("ou=groups,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "(&(cn=" + group + ")(uniqueMember="+result_data[0] + "))", []) != []:
24#             return True
25#     return False
26
27def checkAfsGroup(user, group, cell):
28    """
29    checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
30    """
[177]31    p = subprocess.Popen(["pts", "membership", group, '-c', cell], 
32                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
33    if p.wait():
[161]34        return False
[177]35    for line in p.stdout.readlines()[1:]:
36        if line.strip() == user:
[161]37            return True
38    return False
39
[177]40def checkLockerOwner(user, locker, verbose=False):
[161]41    """
[209]42    checkLockerOwner(user, locker) returns True if and only if user administers locker.
43
44    If verbose is true, instead return the reason for failure, or None
45    if there is no failure.
[161]46    """
[177]47    p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker], 
48                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
49    if p.wait():
50        if verbose:
51            return p.stderr.read()
[161]52        return False
53    cell = p.stdout.read().split()[-1][1:-1]
[177]54    p = subprocess.Popen(["fs", "listacl", "/mit/" + locker], 
55                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
56    if p.wait():
57        if verbose:
58            return p.stderr.read()
[161]59        return False
[177]60    for line in p.stdout.readlines()[1:]:
[161]61        entry = line.split()
[177]62        if not entry or entry[0] == "Negative":
[161]63            break
64        if entry[1] == "rlidwka":
[177]65            if entry[0] == user or (entry[0][0:6] == "system" and 
66                                    checkAfsGroup(user, entry[0], cell)):
[209]67                if verbose:
68                    return None
[161]69                return True
[177]70    if verbose:
71        return "You don't have admin bits on /mit/" + locker
[161]72    return False
73
74
75if __name__ == "__main__":
76#    print list(getldapgroups("tabbott"))
77    print checkAfsGroup("tabbott", "system:debathena", 'athena.mit.edu')
78    print checkAfsGroup("tabbott", "system:debathena", 'sipb.mit.edu')
79    print checkAfsGroup("tabbott", "system:debathena-root", 'athena.mit.edu')
80    print checkAfsGroup("tabbott", "system:hmmt-request", 'athena.mit.edu')
81    print checkLockerOwner("tabbott", "tabbott")
82    print checkLockerOwner("tabbott", "debathena")
83    print checkLockerOwner("tabbott", "sipb")
84    print checkLockerOwner("tabbott", "lsc")
85    print checkLockerOwner("tabbott", "scripts")
86    print checkLockerOwner("ecprice", "hmmt")
Note: See TracBrowser for help on using the repository browser.