source: trunk/web/templates/getafsgroups.py @ 171

Last change on this file since 171 was 161, checked in by ecprice, 17 years ago

Add support for
(A) modifying VM names, memory, disksize
(B) transferring ownership, hostname

Has issues with multiple disks/nics because of current interface.

(tabbott is the real author here)

File size: 3.1 KB
Line 
1#!/usr/bin/python
2import pprint
3import subprocess
4
5# import ldap
6# l = ldap.open("W92-130-LDAP-2.mit.edu")
7# # ldap.mit.edu is 1/2 broken right now so we're going to the working backend
8# l.simple_bind_s("", "")
9
10# def getLdapGroups(user):
11#     """
12#     getLdapGroups(user): returns a generator for the list of LDAP groups containing user
13#     """
14#     for user_data in l.search_s("ou=affiliates,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uid=" + user, []):
15#         for group_data in l.search_s("ou=groups,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uniqueMember="+user_data[0], ['cn']):
16#             yield group_data[1]['cn'][0]
17
18# def checkLdapGroups(user, group):
19#     """
20#     checkLdapGroups(user, group): returns True if and only if user is in LDAP group group
21#     """
22#     for result_data in l.search_s("ou=affiliates,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "uid=" + user, []):
23#         if l.search_s("ou=groups,dc=mit,dc=edu", ldap.SCOPE_ONELEVEL, "(&(cn=" + group + ")(uniqueMember="+result_data[0] + "))", []) != []:
24#             return True
25#     return False
26
27def checkAfsGroup(user, group, cell):
28    """
29    checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
30    """
31    print user, group
32    p = subprocess.Popen(["pts", "membership", group, '-c', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
33    p2 = subprocess.Popen(["grep", "-v", "^Members"], stdin=p.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
34    if p2.wait():
35        return False
36    for member in p2.stdout.read().split():
37        if member == user:
38            return True
39    return False
40
41def checkLockerOwner(user, locker):
42    """
43    checkLockerOwner(user, locker) returns True if and only if user administers locker
44    """
45    p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
46    if (p.wait()):
47        return False
48    cell = p.stdout.read().split()[-1][1:-1]
49    p = subprocess.Popen(["fs", "listacl", "/mit/" + locker], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
50    p2 = subprocess.Popen(["grep", "^  .* rlidwka$"], stdin=p.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
51    if (p2.wait()):
52        return False
53    for line in p2.stdout.read().split('\n'):
54        entry = line.split()
55        if entry == [] or entry[0] == "Negative":
56            break
57        if entry[1] == "rlidwka":
58            if entry[0] == user or (entry[0][0:6] == "system" and checkAfsGroup(user, entry[0], cell)):
59                return True
60    return False
61
62
63if __name__ == "__main__":
64#    print list(getldapgroups("tabbott"))
65    print checkAfsGroup("tabbott", "system:debathena", 'athena.mit.edu')
66    print checkAfsGroup("tabbott", "system:debathena", 'sipb.mit.edu')
67    print checkAfsGroup("tabbott", "system:debathena-root", 'athena.mit.edu')
68    print checkAfsGroup("tabbott", "system:hmmt-request", 'athena.mit.edu')
69    print checkLockerOwner("tabbott", "tabbott")
70    print checkLockerOwner("tabbott", "debathena")
71    print checkLockerOwner("tabbott", "sipb")
72    print checkLockerOwner("tabbott", "lsc")
73    print checkLockerOwner("tabbott", "scripts")
74    print checkLockerOwner("ecprice", "hmmt")
Note: See TracBrowser for help on using the repository browser.