source: server/common/oursrc/accountadm/admof.in @ 494

Last change on this file since 494 was 494, checked in by quentin, 15 years ago
Allow system:scripts-root to connect to any user account.
File size: 3.4 KB
Line 
1
2#!/usr/bin/perl
3use strict;
4
5# admof
6# Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
7#
8# This program is free software; you can redistribute it and/or
9# modify it under the terms of the GNU General Public License
10# as published by the Free Software Foundation; either version 2
11# of the License, or (at your option) any later version.
12#
13# This program is distributed in the hope that it will be useful,
14# but WITHOUT ANY WARRANTY; without even the implied warranty of
15# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16# GNU General Public License for more details.
17#
18# You should have received a copy of the GNU General Public License
19# along with this program; if not, write to the Free Software
20# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
21#
22# See /COPYRIGHT in this repository for more information.
23
24$ENV{PATH} = '';
25
26my $targetuser;
27unless(($targetuser) = ($ARGV[0] =~ /^([\w._-]+)$/)) {
28  error("Invalid locker name: <$ARGV[0]>.");
29}
30my $curuser;
31unless(($curuser) = ($ARGV[1] =~ /^([\w._\/-]+)\@ATHENA\.MIT\.EDU$/)) {
32  error("An internal error has occurred.\nContact scripts\@mit.edu for assistance.");
33}
34
35($curuser) =~ s|/|.|; # Replace first instance of a / only; pts membership prints foo/root as foo.root
36
37if (($curuser) =~ m|/|) { # There were two /'s in their name. What?
38  error("An internal error has occurred.\nContact scripts\@mit.edu for assistance.");
39}
40
41my (undef, undef, $uid, undef, undef, undef, undef, $home, undef, undef)
42  = getpwnam $targetuser;
43if(defined $uid) {
44  error() if ($uid <= 1000);
45} else {
46  $home = "/mit/$targetuser";
47}
48
49my $cell;
50unless(open WHICHCELL, '-|') {
51  close STDERR;
52  exec '@fs_path@', 'whichcell', '-path', $home;
53  die;
54}
55
56unless(($cell) = (<WHICHCELL> =~ /^File \Q$home\E lives in cell '(.*)'$/)) {
57  error("Cannot find locker <$targetuser>.");
58}
59close WHICHCELL;
60
61open LISTACL, '-|', '@fs_path@', 'listacl', '-path', $home;
62
63#Access list for . is
64#Normal rights:
65#  system:scripts-root rlidwka
66#  system:anyuser rl
67
68unless(<LISTACL> eq "Access list for $home is\n" &&
69       <LISTACL> eq "Normal rights:\n") {
70  error("Cannot find locker <$targetuser>.");
71}
72
73if($ARGV[2] && !defined $uid) {
74  error("Locker <$targetuser> does not have a scripts.mit.edu account.");
75}
76
77my @targetacl = <LISTACL>;
78push(@targetacl, "  system:scripts-root rlidwka");
79
80close LISTACL;
81
82foreach(@targetacl) {
83  last unless /^  /;
84  my ($name) = /^  ([\w:_.-]+) \w*a\w*$/ or next;
85  if($name eq $curuser) { success(); }
86  elsif($name =~ /:/) {
87    unless(open MEMBERSHIP, '-|') {
88      close STDERR;
89      exec '@pts_path@', 'membership', '-nameorid', $name, '-cell', $cell;
90      die;
91    }
92
93#Members of system:scripts-root (id: -56104) are:
94#  hartmans
95#  jbarnold
96#  presbrey
97#  tabbott
98#  hartmans.root
99
100    next unless(<MEMBERSHIP> =~ /^Members of \Q$name\E \(id: \S+\) are:$/);
101    while(<MEMBERSHIP>) {
102      success() if($_ eq "  $curuser\n");
103    }
104    close MEMBERSHIP;
105  }
106}
107
108print <<END;
109
110ERROR:
111It appears as though you are not an administrator of locker <$targetuser>.
112In order to be able to su to <$targetuser>, you must have full AFS access
113to the root directory of locker <$targetuser>.  Try running the command
114fs sa /mit/$targetuser $curuser all
115on Athena in order to explicitly grant yourself full AFS access.
116Contact scripts\@mit.edu if you are unable to solve the problem.
117
118END
119
120exit(1);
121
122sub error {
123  print "\nERROR:\n$_[0]\n\n";
124  exit(1);
125}
126
127sub success {
128  print "yes";
129  exit(33);
130}
Note: See TracBrowser for help on using the repository browser.