source: server/common/oursrc/accountadm/admof.in @ 298

Last change on this file since 298 was 243, checked in by jbarnold, 19 years ago
security++
File size: 2.7 KB
RevLine 
[1]1#!/usr/bin/perl
2use strict;
3
4# admof
5# Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
6#
7# This program is free software; you can redistribute it and/or
8# modify it under the terms of the GNU General Public License
9# as published by the Free Software Foundation; either version 2
10# of the License, or (at your option) any later version.
11#
12# This program is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15# GNU General Public License for more details.
16#
17# You should have received a copy of the GNU General Public License
18# along with this program; if not, write to the Free Software
19# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
20#
21# See /COPYRIGHT in this repository for more information.
22
23$ENV{PATH} = '';
24
25my $targetuser;
26unless(($targetuser) = ($ARGV[0] =~ /^([\w._-]+)$/)) {
27  error("Invalid locker name: <$ARGV[0]>.");
28}
29my $curuser;
[14]30unless(($curuser) = ($ARGV[1] =~ /^([\w._-]+)\@ATHENA\.MIT\.EDU$/)) {
[1]31  error("An internal error has occurred.\nContact scripts\@mit.edu for assistance.");
32}
33
[170]34my $uid = getpwnam $targetuser;
[243]35if(defined $uid && $uid <= 1000) {
[170]36  error();
37}
38
[1]39my $fs = `@fs_path@ 2>/dev/null la /mit/$targetuser/`;
40my @fs = split(/\n/, $fs);
41
42#Access list for . is
43#Normal rights:
44#  system:scripts-root rlidwka
45#  system:anyuser rl
46
47unless($fs[0] =~ /^Access list for \/mit\/$targetuser\/ is$/ &&
48       $fs[1] =~ /^Normal rights:$/) {
49  error("Cannot find locker <$targetuser>.");
50}
51
52if($ARGV[2] && !getpwnam($targetuser)) {
53  error("Locker <$targetuser> does not have a scripts.mit.edu account.");
54}
55
56for(my $i = 2; $i < @fs; $i++) {
57  my ($id) = ($fs[$i] =~ /^  ([\w:_-]+) rlidwka$/);
58  if($id eq "") { next; }
59  my $group;
60  if($id eq $curuser) { success(); }
61  elsif(($group) = ($id =~ /^(system:.+)/)) {
62    my $mems = `@pts_path@ 2>/dev/null membership $group`;
63    my @mems = split(/\n/, $mems);
64
65#Members of system:scripts-root (id: -56104) are:
66#  hartmans
67#  jbarnold
68#  presbrey
69#  tabbott
70#  hartmans.root
71
72    next if($mems[0] !~ /^Members of $group \(id: \S+\) are:$/);
73   
[22]74    if($mems =~ /\s+\Q$curuser\E\s+/) {
[1]75        success();
76    }
77  }
78}
79
80print <<END;
81
82ERROR:
83It appears as though you are not an administrator of locker <$targetuser>.
84In order to be able to su to <$targetuser>, you must have full AFS access
85to the root directory of locker <$targetuser>.  Try running the command
86fs sa /mit/$targetuser $curuser all
87on Athena in order to explicitly grant yourself full AFS access.
88Contact scripts\@mit.edu if you are unable to solve the problem.
89
90END
91
92exit(1);
93
94sub error {
[124]95  print "\nERROR:\n$_[0]\n\n";
[1]96  exit(1);
97}
98
99sub success {
[124]100  print "yes";
[1]101  exit(33);
102}
Note: See TracBrowser for help on using the repository browser.