On Friday August 14th. from 9 p.m. to 9:30 p.m., we will upgrade GitLab software and its cloud platform release. Service may not be available during this maintenance window. Please schedule your work accordingly.

Commit 721db567 authored by Marcello Golfieri's avatar Marcello Golfieri

implemented safety checks to verify ownership and authority over AFS home directory detected

parent 5ee76d80
......@@ -8,16 +8,14 @@ __license__ = 'Apache License 2.0'
~~~~~~~~
Migrate your Stanford AFS home dir to gDrive
"""
import sys
import os
import argparse
import platform
import sys, os, argparse, platform, subprocess, re
import logging
logging.basicConfig(stream=sys.stdout, level=os.environ.get("LOGLEVEL", "INFO"), format='%(levelname)s %(message)s')
logger = logging.getLogger(__name__)
class SuAFS2gDrive(object):
AFS_USER_HOME=None
AFS_HOME_OWNER=None
OS=None
HOMES_PATH = {'Darwin': '/afs/ir/users/'}
SUNET=None
......@@ -33,8 +31,26 @@ class SuAFS2gDrive(object):
self.SUNET[0],
self.SUNET[1],
self.SUNET)
if subprocess.call(['klist', '-t'])!=0:
raise Exception('User {0} has no valid kerberos principal, obtain it with "kinit {0}"'.format(self.SUNET))
if subprocess.call(['aklog'])!=0:
raise Exception('aklog was not successful for user {0}"'.format(self.SUNET))
if not os.path.isdir(self.AFS_USER_HOME):
raise Exception('{} is not mounted, or path is wrong for user {}\'s home'.format(self.AFS_USER_HOME, self.SUNET))
os.chdir(self.AFS_USER_HOME)
acl_output = subprocess.check_output(['fs','la'])
logger.debug('fs la => {}'.format(acl_output))
non_system_matches = re.findall(rb'^\s+(?!.*system:).*$', acl_output, re.MULTILINE)
owner_match = re.search(rb'^\s+(?!.*system:).*rlidwka.*$', acl_output, re.MULTILINE).group()
owner_detected = owner_match.split()[0]
users_detected = [ x.split()[0] for x in non_system_matches]
self.AFS_HOME_OWNER = owner_detected
if not re.search(rb'^Callers access to \. is rlidwka$', subprocess.check_output(['fs','getcalleraccess'])) \
and self.AFS_HOME_OWNER != self.SUNET:
raise Exception('Principal {0} does not seem to be the rightful owner of {1}. User {2} was detected as owner instead"'.format(
self.SUNET,
self.AFS_USER_HOME,
self.AFS_HOME_OWNER))
if __name__ == '__main__':
parser = argparse.ArgumentParser()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment