source: trunk/web/templates/getafsgroups.py @ 222

Last change on this file since 222 was 209, checked in by ecprice, 17 years ago

Split main.py in four.

File size: 3.3 KB
Line 
1#!/usr/bin/python
2import pprint
3import subprocess
4
5# import ldap
6# l = ldap.open("W92-130-LDAP-2.mit.edu")
7# # ldap.mit.edu is 1/2 broken right now so we're going to the working backend
8# l.simple_bind_s("", "")
9
10# def getLdapGroups(user):
11#     """
12#     getLdapGroups(user): returns a generator for the list of LDAP groups containing user
13#     """
14#     for user_data in l.search_s("ou=affiliates,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uid=" + user, []):
15#         for group_data in l.search_s("ou=groups,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uniqueMember="+user_data[0], ['cn']):
16#             yield group_data[1]['cn'][0]
17
18# def checkLdapGroups(user, group):
19#     """
20#     checkLdapGroups(user, group): returns True if and only if user is in LDAP group group
21#     """
22#     for result_data in l.search_s("ou=affiliates,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uid=" + user, []):
23#         if l.search_s("ou=groups,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "(&(cn=" + group + ")(uniqueMember="+result_data[0] + "))", []) != []:
24#             return True
25#     return False
26
27def checkAfsGroup(user, group, cell):
28    """
29    checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
30    """
31    p = subprocess.Popen(["pts", "membership", group, '-c', cell], 
32                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
33    if p.wait():
34        return False
35    for line in p.stdout.readlines()[1:]:
36        if line.strip() == user:
37            return True
38    return False
39
40def checkLockerOwner(user, locker, verbose=False):
41    """
42    checkLockerOwner(user, locker) returns True if and only if user administers locker.
43
44    If verbose is true, instead return the reason for failure, or None
45    if there is no failure.
46    """
47    p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker], 
48                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
49    if p.wait():
50        if verbose:
51            return p.stderr.read()
52        return False
53    cell = p.stdout.read().split()[-1][1:-1]
54    p = subprocess.Popen(["fs", "listacl", "/mit/" + locker], 
55                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
56    if p.wait():
57        if verbose:
58            return p.stderr.read()
59        return False
60    for line in p.stdout.readlines()[1:]:
61        entry = line.split()
62        if not entry or entry[0] == "Negative":
63            break
64        if entry[1] == "rlidwka":
65            if entry[0] == user or (entry[0][0:6] == "system" and 
66                                    checkAfsGroup(user, entry[0], cell)):
67                if verbose:
68                    return None
69                return True
70    if verbose:
71        return "You don't have admin bits on /mit/" + locker
72    return False
73
74
75if __name__ == "__main__":
76#    print list(getldapgroups("tabbott"))
77    print checkAfsGroup("tabbott", "system:debathena", 'athena.mit.edu')
78    print checkAfsGroup("tabbott", "system:debathena", 'sipb.mit.edu')
79    print checkAfsGroup("tabbott", "system:debathena-root", 'athena.mit.edu')
80    print checkAfsGroup("tabbott", "system:hmmt-request", 'athena.mit.edu')
81    print checkLockerOwner("tabbott", "tabbott")
82    print checkLockerOwner("tabbott", "debathena")
83    print checkLockerOwner("tabbott", "sipb")
84    print checkLockerOwner("tabbott", "lsc")
85    print checkLockerOwner("tabbott", "scripts")
86    print checkLockerOwner("ecprice", "hmmt")
Note: See TracBrowser for help on using the repository browser.