source: server/common/oursrc/accountadm/admof.in @ 450

Last change on this file since 450 was 450, checked in by andersk, 15 years ago
Rewrite admof to suck somewhat less. In particular, do pts membership in the right cell.
File size: 3.3 KB
Line 
1#!/usr/bin/perl
2use strict;
3
4# admof
5# Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
6#
7# This program is free software; you can redistribute it and/or
8# modify it under the terms of the GNU General Public License
9# as published by the Free Software Foundation; either version 2
10# of the License, or (at your option) any later version.
11#
12# This program is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15# GNU General Public License for more details.
16#
17# You should have received a copy of the GNU General Public License
18# along with this program; if not, write to the Free Software
19# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
20#
21# See /COPYRIGHT in this repository for more information.
22
23$ENV{PATH} = '';
24
25my $targetuser;
26unless(($targetuser) = ($ARGV[0] =~ /^([\w._-]+)$/)) {
27  error("Invalid locker name: <$ARGV[0]>.");
28}
29my $curuser;
30unless(($curuser) = ($ARGV[1] =~ /^([\w._\/-]+)\@ATHENA\.MIT\.EDU$/)) {
31  error("An internal error has occurred.\nContact scripts\@mit.edu for assistance.");
32}
33
34($curuser) =~ s|/|.|; # Replace first instance of a / only; pts membership prints foo/root as foo.root
35
36if (($curuser) =~ m|/|) { # There were two /'s in their name. What?
37  error("An internal error has occurred.\nContact scripts\@mit.edu for assistance.");
38}
39
40my (undef, undef, $uid, undef, undef, undef, undef, $home, undef, undef)
41  = getpwnam $targetuser;
42if(defined $uid) {
43  error() if ($uid <= 1000);
44} else {
45  $home = "/mit/$targetuser";
46}
47
48my $cell;
49unless(open WHICHCELL, '-|') {
50  close STDERR;
51  exec '@fs_path@', 'whichcell', '-path', $home;
52  die;
53}
54
55unless(($cell) = (<WHICHCELL> =~ /^File \Q$home\E lives in cell '(.*)'$/)) {
56  error("Cannot find locker <$targetuser>.");
57}
58close WHICHCELL;
59
60open LISTACL, '-|', '@fs_path@', 'listacl', '-path', $home;
61
62#Access list for . is
63#Normal rights:
64#  system:scripts-root rlidwka
65#  system:anyuser rl
66
67unless(<LISTACL> eq "Access list for $home is\n" &&
68       <LISTACL> eq "Normal rights:\n") {
69  error("Cannot find locker <$targetuser>.");
70}
71
72if($ARGV[2] && !defined $uid) {
73  error("Locker <$targetuser> does not have a scripts.mit.edu account.");
74}
75
76while(<LISTACL>) {
77  last unless /^  /;
78  my ($name) = /^  ([\w:_.-]+) \w*a\w*$/ or next;
79  if($name eq $curuser) { success(); }
80  elsif($name =~ /:/) {
81    unless(open MEMBERSHIP, '-|') {
82      close STDERR;
83      exec '@pts_path@', 'membership', '-nameorid', $name, '-cell', $cell;
84      die;
85    }
86
87#Members of system:scripts-root (id: -56104) are:
88#  hartmans
89#  jbarnold
90#  presbrey
91#  tabbott
92#  hartmans.root
93
94    next unless(<MEMBERSHIP> =~ /^Members of \Q$name\E \(id: \S+\) are:$/);
95    while(<MEMBERSHIP>) {
96      success() if($_ eq "  $curuser\n");
97    }
98    close MEMBERSHIP;
99  }
100}
101
102print <<END;
103
104ERROR:
105It appears as though you are not an administrator of locker <$targetuser>.
106In order to be able to su to <$targetuser>, you must have full AFS access
107to the root directory of locker <$targetuser>.  Try running the command
108fs sa /mit/$targetuser $curuser all
109on Athena in order to explicitly grant yourself full AFS access.
110Contact scripts\@mit.edu if you are unable to solve the problem.
111
112END
113
114exit(1);
115
116sub error {
117  print "\nERROR:\n$_[0]\n\n";
118  exit(1);
119}
120
121sub success {
122  print "yes";
123  exit(33);
124}
Note: See TracBrowser for help on using the repository browser.