1 | |
---|
2 | #!/usr/bin/perl |
---|
3 | use strict; |
---|
4 | |
---|
5 | # admof |
---|
6 | # Copyright (C) 2006 Jeff Arnold <jbarnold@mit.edu> |
---|
7 | # |
---|
8 | # This program is free software; you can redistribute it and/or |
---|
9 | # modify it under the terms of the GNU General Public License |
---|
10 | # as published by the Free Software Foundation; either version 2 |
---|
11 | # of the License, or (at your option) any later version. |
---|
12 | # |
---|
13 | # This program is distributed in the hope that it will be useful, |
---|
14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
16 | # GNU General Public License for more details. |
---|
17 | # |
---|
18 | # You should have received a copy of the GNU General Public License |
---|
19 | # along with this program; if not, write to the Free Software |
---|
20 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
---|
21 | # |
---|
22 | # See /COPYRIGHT in this repository for more information. |
---|
23 | |
---|
24 | $ENV{PATH} = ''; |
---|
25 | |
---|
26 | my $targetuser; |
---|
27 | unless(($targetuser) = ($ARGV[0] =~ /^([\w._-]+)$/)) { |
---|
28 | error("Invalid locker name: <$ARGV[0]>."); |
---|
29 | } |
---|
30 | my $curuser; |
---|
31 | unless(($curuser) = ($ARGV[1] =~ /^([\w._\/-]+)\@ATHENA\.MIT\.EDU$/)) { |
---|
32 | error("An internal error has occurred.\nContact scripts\@mit.edu for assistance."); |
---|
33 | } |
---|
34 | |
---|
35 | ($curuser) =~ s|/|.|; # Replace first instance of a / only; pts membership prints foo/root as foo.root |
---|
36 | |
---|
37 | if (($curuser) =~ m|/|) { # There were two /'s in their name. What? |
---|
38 | error("An internal error has occurred.\nContact scripts\@mit.edu for assistance."); |
---|
39 | } |
---|
40 | |
---|
41 | my (undef, undef, $uid, undef, undef, undef, undef, $home, undef, undef) |
---|
42 | = getpwnam $targetuser; |
---|
43 | if(defined $uid) { |
---|
44 | error() if ($uid <= 1000); |
---|
45 | } else { |
---|
46 | $home = "/mit/$targetuser"; |
---|
47 | } |
---|
48 | |
---|
49 | my $cell; |
---|
50 | unless(open WHICHCELL, '-|') { |
---|
51 | close STDERR; |
---|
52 | exec '@fs_path@', 'whichcell', '-path', $home; |
---|
53 | die; |
---|
54 | } |
---|
55 | |
---|
56 | unless(($cell) = (<WHICHCELL> =~ /^File \Q$home\E lives in cell '(.*)'$/)) { |
---|
57 | error("Cannot find locker <$targetuser>."); |
---|
58 | } |
---|
59 | close WHICHCELL; |
---|
60 | |
---|
61 | open LISTACL, '-|', '@fs_path@', 'listacl', '-path', $home; |
---|
62 | |
---|
63 | #Access list for . is |
---|
64 | #Normal rights: |
---|
65 | # system:scripts-root rlidwka |
---|
66 | # system:anyuser rl |
---|
67 | |
---|
68 | unless(<LISTACL> eq "Access list for $home is\n" && |
---|
69 | <LISTACL> eq "Normal rights:\n") { |
---|
70 | error("Cannot find locker <$targetuser>."); |
---|
71 | } |
---|
72 | |
---|
73 | if($ARGV[2] && !defined $uid) { |
---|
74 | error("Locker <$targetuser> does not have a scripts.mit.edu account."); |
---|
75 | } |
---|
76 | |
---|
77 | my @targetacl = <LISTACL>; |
---|
78 | push(@targetacl, " system:scripts-root rlidwka"); |
---|
79 | |
---|
80 | close LISTACL; |
---|
81 | |
---|
82 | foreach(@targetacl) { |
---|
83 | last unless /^ /; |
---|
84 | my ($name) = /^ ([\w:_.-]+) \w*a\w*$/ or next; |
---|
85 | if($name eq $curuser) { success(); } |
---|
86 | elsif($name =~ /:/) { |
---|
87 | unless(open MEMBERSHIP, '-|') { |
---|
88 | close STDERR; |
---|
89 | exec '@pts_path@', 'membership', '-nameorid', $name, '-cell', $cell; |
---|
90 | die; |
---|
91 | } |
---|
92 | |
---|
93 | #Members of system:scripts-root (id: -56104) are: |
---|
94 | # hartmans |
---|
95 | # jbarnold |
---|
96 | # presbrey |
---|
97 | # tabbott |
---|
98 | # hartmans.root |
---|
99 | |
---|
100 | next unless(<MEMBERSHIP> =~ /^Members of \Q$name\E \(id: \S+\) are:$/); |
---|
101 | while(<MEMBERSHIP>) { |
---|
102 | success() if($_ eq " $curuser\n"); |
---|
103 | } |
---|
104 | close MEMBERSHIP; |
---|
105 | } |
---|
106 | } |
---|
107 | |
---|
108 | print <<END; |
---|
109 | |
---|
110 | ERROR: |
---|
111 | It appears as though you are not an administrator of locker <$targetuser>. |
---|
112 | In order to be able to su to <$targetuser>, you must have full AFS access |
---|
113 | to the root directory of locker <$targetuser>. Try running the command |
---|
114 | fs sa /mit/$targetuser $curuser all |
---|
115 | on Athena in order to explicitly grant yourself full AFS access. |
---|
116 | Contact scripts\@mit.edu if you are unable to solve the problem. |
---|
117 | |
---|
118 | END |
---|
119 | |
---|
120 | exit(1); |
---|
121 | |
---|
122 | sub error { |
---|
123 | print "\nERROR:\n$_[0]\n\n"; |
---|
124 | exit(1); |
---|
125 | } |
---|
126 | |
---|
127 | sub success { |
---|
128 | print "yes"; |
---|
129 | exit(33); |
---|
130 | } |
---|