setacls.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

#!/usr/bin/python

# Copyright 2009  Jon Stanley
#
# This copyrighted material is made available to anyone wishing to use, modify,
# copy, or redistribute it subject to the terms and conditions of the GNU
# General Public License v.2.  This program is distributed in the hope that it
# will be useful, but WITHOUT ANY WARRANTY expressed or implied, including the
# implied warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU General Public License for more details.  You should have
# received a copy of the GNU General Public License along with this program;
# if not, write to the Free Software Foundation, Inc., 51 Franklin Street,
# Fifth Floor, Boston, MA 02110-1301, USA.
#
# Author(s): Jon Stanley <jonstanley@gmail.com>
#


import sys
import posix1e
import re
import grp
import pwd
import os
from optparse import OptionParser

CVSBASE = '/cvs/pkgs'
GROUP = re.compile('^@')
scm_admin_group = 'cvsadmin'
secondary_arch_groups = ['fedora-s390', 'fedora-ia64',
        'fedora-sparc']
version = '0.1'
newacls = {}

try:
    avail_file = open('avail.minimal','r')
except IOError:
    sys.stderr.write('Cannot open avail file!\n')
    sys.exit(1)

pkgs = {}

def get_one(pkg):
    pkg_ret = {}
    for item in pkgs.keys():
        acl_list = pkgs[item].strip().split(' | ')[1].split(',')

def get_all():
    '''Returns all packages in a dict of ACL objects. The keys of the dict are paths
    of the branches that we want to set ACL's on'''
    acls = {}
    for line in pkgs.keys():
        acl_list = pkgs[line]
        #print acl_list
        acls[line] = build_acl(acl_list)
    print acls
    for acl in acls.keys():
        print acls[acl]

def build_acl(acl_text):
    '''Builds an ACL from a line in the avail file. Expects a list of users and
    groups (groups should be prepended with an @), and returns an ACL object'''

    for item in acl_text:
        if GROUP.match(item):
            try:
                groups.append(item.lstrip('@'))
                #print 'groups appended' % groups
            except NameError:
                groups = [item.lstrip('@')]
                #print 'groups %s' % groups
        else:
            try:
                people.append(item)
                #print 'people appended %s' % people
            except NameError:
                people = [item]
                #print 'people %s' % people
    acl = posix1e.ACL()

    user = posix1e.Entry(acl)
    user.tag_type = posix1e.ACL_USER_OBJ
    user.permset.add(posix1e.ACL_READ | posix1e.ACL_WRITE |
            posix1e.ACL_EXECUTE)

    group = posix1e.Entry(acl)
    group.copy(user)
    group.tag_type=posix1e.ACL_GROUP_OBJ

    other = posix1e.Entry(acl)
    other.tag_type=posix1e.ACL_OTHER
    other.permset.add(posix1e.ACL_READ | posix1e.ACL_EXECUTE)

    mask = posix1e.Entry(acl)
    mask.tag_type=posix1e.ACL_MASK
    mask.permset.add(posix1e.ACL_READ | posix1e.ACL_WRITE |
            posix1e.ACL_EXECUTE)

    for item in groups:
        group_acl = posix1e.Entry(acl)
        group_acl.tag_type = posix1e.ACL_GROUP
        group_acl.qualifier = 500
        #group_acl.qualifier = grp.getgrnam(item).gr_gid
        group_acl.permset.add(posix1e.ACL_READ | posix1e.ACL_WRITE |
                posix1e.ACL_EXECUTE)
    for item in secondary_arch_groups:
        group_acl = posix1e.Entry(acl)
        group_acl.tag_type = posix1e.ACL_GROUP
        group_acl.qualifier = grp.getgrnam(item).gr_gid
        group_acl.permset.add(posix1e.ACL_READ | posix1e.ACL_WRITE |
                posix1e.ACL_EXECUTE)
    for item in people:
        people_acl = posix1e.Entry(acl)
        people_acl.tag_type = posix1e.ACL_USER
        people_acl.qualifier = 500
        #people_acl.qualifier = pwd.getpwnam(item).pw_uid
        people_acl.permset.add(posix1e.ACL_READ | posix1e.ACL_WRITE |
                posix1e.ACL_EXECUTE)
    #print acl
    #print 'acl is valid: %s' % acl.valid()
    #print '%s/%s' % ( CVSBASE, pkg )
    return acl

def main():
    usage = '%prog [options] [pkgs...]'
    parser = OptionParser(usage, version=version)
    parser.add_option('-a', '--all-packages', action='store_true',
            dest='all', help='Operate on all packages (slow and destructive')
    parser.add_option('-D', '--debug', action='store_true', dest='debug', help=
            'Print extra debug info')
    parser.add_option('-d', '--dry-run', action='store_true', dest='dr', help=
            'Just print what would be done')
    options, args = parser.parse_args()
    for line in avail_file.readlines():
        parsed, pkg = line.strip().split(' | ')[1].split(','), \
            line.strip().split(' | ')[2]
        pkgs[pkg] = parsed
    print pkgs


if __name__ == '__main__':
    main()
    get_all()
    print newacls
    for acl in newacls.keys():
        print newacls[acl]