Ignore:
Timestamp:
Apr 14, 2008, 12:44:00 AM (16 years ago)
Author:
ecprice
Message:

Resolve #69, by checking that administrators are either users or
groups in the athena cell.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/packages/sipb-xen-www/code/getafsgroups.py

    r412 r413  
    2929
    3030def getAfsGroupMembers(group, cell):
    31     p = subprocess.Popen(["pts", "membership", group, '-c', cell],
     31    p = subprocess.Popen(["pts", "membership", "-noauth", group, '-c', cell],
    3232                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    33     if p.wait():
    34         return []
     33    err = p.stderr.read()
     34    if err: #Error code doesn't reveal missing groups, but stderr does
     35        raise AfsProcessError(err)
    3536    return [line.strip() for line in p.stdout.readlines()[1:]]
    3637
     
    3940        raise AfsProcessError("Locker '%s' is invalid." % locker)
    4041    return '/mit/' + locker
    41 
    42 def checkAfsGroup(user, group, cell):
    43     """
    44     checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
    45     """
    46     return user in getAfsGroupMembers(group, cell)
    4742
    4843def getCell(locker):
     
    8277
    8378    for entry in values:
    84         if entry == user or (entry[0:6] == "system" and 
    85                                 checkAfsGroup(user, entry, cell)):
     79        if entry == user or (entry[0:6] == "system" and
     80                                user in getAfsGroupMembers(entry, cell)):
    8681            return False
    8782    return "You don't have admin bits on " + getLockerPath(locker)
     
    9085if __name__ == "__main__":
    9186#    print list(getldapgroups("tabbott"))
    92     print checkAfsGroup("tabbott", "system:debathena", 'athena.mit.edu')
    93     print checkAfsGroup("tabbott", "system:debathena", 'sipb.mit.edu')
    94     print checkAfsGroup("tabbott", "system:debathena-root", 'athena.mit.edu')
    95     print checkAfsGroup("tabbott", "system:hmmt-request", 'athena.mit.edu')
     87    print "tabbott" in getAfsGroupMembers("system:debathena", 'athena.mit.edu')
     88    print "tabbott" in getAfsGroupMembers("system:debathena", 'sipb.mit.edu')
     89    print "tabbott" in getAfsGroupMembers("system:debathena-root", 'athena.mit.edu')
     90    print "tabbott" in getAfsGroupMembers("system:hmmt-request", 'athena.mit.edu')
    9691    print notLockerOwner("tabbott", "tabbott")
    9792    print notLockerOwner("tabbott", "debathena")
Note: See TracChangeset for help on using the changeset viewer.