1 | #!/usr/bin/perl |
---|
2 | use strict; |
---|
3 | |
---|
4 | # admof |
---|
5 | # Copyright (C) 2006 Jeff Arnold <jbarnold@mit.edu> |
---|
6 | # |
---|
7 | # This program is free software; you can redistribute it and/or |
---|
8 | # modify it under the terms of the GNU General Public License |
---|
9 | # as published by the Free Software Foundation; either version 2 |
---|
10 | # of the License, or (at your option) any later version. |
---|
11 | # |
---|
12 | # This program is distributed in the hope that it will be useful, |
---|
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
15 | # GNU General Public License for more details. |
---|
16 | # |
---|
17 | # You should have received a copy of the GNU General Public License |
---|
18 | # along with this program; if not, write to the Free Software |
---|
19 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
---|
20 | # |
---|
21 | # See /COPYRIGHT in this repository for more information. |
---|
22 | |
---|
23 | $ENV{PATH} = ''; |
---|
24 | |
---|
25 | my $targetuser; |
---|
26 | unless(($targetuser) = ($ARGV[0] =~ /^([\w._-]+)$/)) { |
---|
27 | error("Invalid locker name: <$ARGV[0]>."); |
---|
28 | } |
---|
29 | my $curuser; |
---|
30 | unless(($curuser) = ($ARGV[1] =~ /^([\w._-]+)\@ATHENA\.MIT\.EDU$/)) { |
---|
31 | error("An internal error has occurred.\nContact scripts\@mit.edu for assistance."); |
---|
32 | } |
---|
33 | |
---|
34 | my $fs = `@fs_path@ 2>/dev/null la /mit/$targetuser/`; |
---|
35 | my @fs = split(/\n/, $fs); |
---|
36 | |
---|
37 | #Access list for . is |
---|
38 | #Normal rights: |
---|
39 | # system:scripts-root rlidwka |
---|
40 | # system:anyuser rl |
---|
41 | |
---|
42 | unless($fs[0] =~ /^Access list for \/mit\/$targetuser\/ is$/ && |
---|
43 | $fs[1] =~ /^Normal rights:$/) { |
---|
44 | error("Cannot find locker <$targetuser>."); |
---|
45 | } |
---|
46 | |
---|
47 | if($ARGV[2] && !getpwnam($targetuser)) { |
---|
48 | error("Locker <$targetuser> does not have a scripts.mit.edu account."); |
---|
49 | } |
---|
50 | |
---|
51 | for(my $i = 2; $i < @fs; $i++) { |
---|
52 | my ($id) = ($fs[$i] =~ /^ ([\w:_-]+) rlidwka$/); |
---|
53 | if($id eq "") { next; } |
---|
54 | my $group; |
---|
55 | if($id eq $curuser) { success(); } |
---|
56 | elsif(($group) = ($id =~ /^(system:.+)/)) { |
---|
57 | my $mems = `@pts_path@ 2>/dev/null membership $group`; |
---|
58 | my @mems = split(/\n/, $mems); |
---|
59 | |
---|
60 | #Members of system:scripts-root (id: -56104) are: |
---|
61 | # hartmans |
---|
62 | # jbarnold |
---|
63 | # presbrey |
---|
64 | # tabbott |
---|
65 | # hartmans.root |
---|
66 | |
---|
67 | next if($mems[0] !~ /^Members of $group \(id: \S+\) are:$/); |
---|
68 | |
---|
69 | if($mems =~ /\s+\Q$curuser\E\s+/) { |
---|
70 | success(); |
---|
71 | } |
---|
72 | } |
---|
73 | } |
---|
74 | |
---|
75 | print <<END; |
---|
76 | |
---|
77 | ERROR: |
---|
78 | It appears as though you are not an administrator of locker <$targetuser>. |
---|
79 | In order to be able to su to <$targetuser>, you must have full AFS access |
---|
80 | to the root directory of locker <$targetuser>. Try running the command |
---|
81 | fs sa /mit/$targetuser $curuser all |
---|
82 | on Athena in order to explicitly grant yourself full AFS access. |
---|
83 | Contact scripts\@mit.edu if you are unable to solve the problem. |
---|
84 | |
---|
85 | END |
---|
86 | |
---|
87 | exit(1); |
---|
88 | |
---|
89 | sub error { |
---|
90 | print STDERR "\nERROR:\n$_[0]\n\n"; |
---|
91 | exit(1); |
---|
92 | } |
---|
93 | |
---|
94 | sub success { |
---|
95 | print STDERR "\n== SUCCESS ==\nYou are now logged in as user <$targetuser>.\n"; |
---|
96 | print STDERR "To return to being <$curuser>, type \"exit\".\n\n"; |
---|
97 | exit(33); |
---|
98 | } |
---|