1 | 0000 #!/usr/bin/perl |
---|
2 | 0001 use strict; |
---|
3 | 0002 |
---|
4 | 0003 # admof |
---|
5 | 0004 # Copyright (C) 2006 Jeff Arnold <jbarnold@mit.edu> |
---|
6 | 0005 # |
---|
7 | 0006 # This program is free software; you can redistribute it and/or |
---|
8 | 0007 # modify it under the terms of the GNU General Public License |
---|
9 | 0008 # as published by the Free Software Foundation; either version 2 |
---|
10 | 0009 # of the License, or (at your option) any later version. |
---|
11 | 0010 # |
---|
12 | 0011 # This program is distributed in the hope that it will be useful, |
---|
13 | 0012 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
14 | 0013 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
15 | 0014 # GNU General Public License for more details. |
---|
16 | 0015 # |
---|
17 | 0016 # You should have received a copy of the GNU General Public License |
---|
18 | 0017 # along with this program; if not, write to the Free Software |
---|
19 | 0018 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
---|
20 | 0019 # |
---|
21 | 0020 # See /COPYRIGHT in this repository for more information. |
---|
22 | 0021 |
---|
23 | 0022 $ENV{PATH} = ''; |
---|
24 | 0023 |
---|
25 | 0024 my $targetuser; |
---|
26 | 0025 unless(($targetuser) = ($ARGV[0] =~ /^([\w._-]+)$/)) { |
---|
27 | 0026 error("Invalid locker name: <$ARGV[0]>."); |
---|
28 | 0027 } |
---|
29 | 0028 my $curuser; |
---|
30 | 0029 unless(($curuser) = ($ARGV[1] =~ /^([\w._-]+)\@ATHENA\.MIT\.EDU$/)) { |
---|
31 | 0030 error("An internal error has occurred.\nContact scripts\@mit.edu for assistance."); |
---|
32 | 0031 } |
---|
33 | 0032 |
---|
34 | 0033 my $fs = `@fs_path@ 2>/dev/null la /mit/$targetuser/`; |
---|
35 | 0034 my @fs = split(/\n/, $fs); |
---|
36 | 0035 |
---|
37 | 0036 #Access list for . is |
---|
38 | 0037 #Normal rights: |
---|
39 | 0038 # system:scripts-root rlidwka |
---|
40 | 0039 # system:anyuser rl |
---|
41 | 0040 |
---|
42 | 0041 unless($fs[0] =~ /^Access list for \/mit\/$targetuser\/ is$/ && |
---|
43 | 0042 $fs[1] =~ /^Normal rights:$/) { |
---|
44 | 0043 error("Cannot find locker <$targetuser>."); |
---|
45 | 0044 } |
---|
46 | 0045 |
---|
47 | 0046 if($ARGV[2] && !getpwnam($targetuser)) { |
---|
48 | 0047 error("Locker <$targetuser> does not have a scripts.mit.edu account."); |
---|
49 | 0048 } |
---|
50 | 0049 |
---|
51 | 0050 for(my $i = 2; $i < @fs; $i++) { |
---|
52 | 0051 my ($id) = ($fs[$i] =~ /^ ([\w:_-]+) rlidwka$/); |
---|
53 | 0052 if($id eq "") { next; } |
---|
54 | 0053 my $group; |
---|
55 | 0054 if($id eq $curuser) { success(); } |
---|
56 | 0055 elsif(($group) = ($id =~ /^(system:.+)/)) { |
---|
57 | 0056 my $mems = `@pts_path@ 2>/dev/null membership $group`; |
---|
58 | 0057 my @mems = split(/\n/, $mems); |
---|
59 | 0058 |
---|
60 | 0059 #Members of system:scripts-root (id: -56104) are: |
---|
61 | 0060 # hartmans |
---|
62 | 0061 # jbarnold |
---|
63 | 0062 # presbrey |
---|
64 | 0063 # tabbott |
---|
65 | 0064 # hartmans.root |
---|
66 | 0065 |
---|
67 | 0066 next if($mems[0] !~ /^Members of $group \(id: \S+\) are:$/); |
---|
68 | 0067 |
---|
69 | 0068 if($mems =~ /\s+$curuser\s+/) { |
---|
70 | 0069 success(); |
---|
71 | 0070 } |
---|
72 | 0071 } |
---|
73 | 0072 } |
---|
74 | 0073 |
---|
75 | 0074 print <<END; |
---|
76 | 0075 |
---|
77 | 0076 ERROR: |
---|
78 | 0077 It appears as though you are not an administrator of locker <$targetuser>. |
---|
79 | 0078 In order to be able to su to <$targetuser>, you must have full AFS access |
---|
80 | 0079 to the root directory of locker <$targetuser>. Try running the command |
---|
81 | 0080 fs sa /mit/$targetuser $curuser all |
---|
82 | 0081 on Athena in order to explicitly grant yourself full AFS access. |
---|
83 | 0082 Contact scripts\@mit.edu if you are unable to solve the problem. |
---|
84 | 0083 |
---|
85 | 0084 END |
---|
86 | 0085 |
---|
87 | 0086 exit(1); |
---|
88 | 0087 |
---|
89 | 0088 sub error { |
---|
90 | 0089 print STDERR "\nERROR:\n$_[0]\n\n"; |
---|
91 | 0090 exit(1); |
---|
92 | 0091 } |
---|
93 | 0092 |
---|
94 | 0093 sub success { |
---|
95 | 0094 print STDERR "\n== SUCCESS ==\nYou are now logged in as user <$targetuser>.\n"; |
---|
96 | 0095 print STDERR "To return to being <$curuser>, type \"exit\".\n\n"; |
---|
97 | 0096 exit(33); |
---|
98 | 0097 } |
---|