5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
30 def __init__(self, name = None):
31 # Filtering through the pwd module is beneficial because
32 # it will raise a KeyError exception for an invalid
36 pwnam = pwd.getpwuid(euid)
40 pwnam = pwd.getpwnam(name)
44 self.profiles = self.get_profiles()
45 self.auths = self.get_auths()
47 def get_profiles(self):
48 cmd = ["/usr/bin/profiles", self.name]
50 outdata,errdata = util.run_command(cmd)
51 for line in outdata.split('\n'):
56 line.index(self.name + " :")
58 profiles.append(line.strip())
59 # Remove "All" because it's (seemingly) meaningless
61 profiles.remove("All")
67 cmd = ["/usr/bin/auths", self.name]
69 outdata,errdata = util.run_command(cmd)
70 auths = outdata.rstrip().split(",")
73 def has_profile(self, profile):
74 # root is all powerful
78 self.profiles.index(profile)
83 def has_auth(self, auth):
84 """ Checks the user's authorisations to see if "auth" is
85 assigned to the user. Recursively searches higher up
86 for glob matching eg. solaris.network.hosts.read ->
87 solaris.network.hosts.* -> solaris.network.* ->
88 solaris.*, until a valid authorisation is found.
89 Returns True if user has the "auth" authorisation,
92 self.auths.index(auth)
95 subpattern = auth.rsplit(".", 1)
96 # If there are still more "."s in the string
97 if subpattern[0] != auth:
98 # Try using the glob pattern if auth is not
99 # already a glob pattern eg. solaris.device.*
100 if subpattern[1] != "*":
102 self.auths.index("%s.*" % subpattern[0])
106 # Strip another "." off the auth and carry on searching
107 subsearch = subpattern[0].rsplit(".", 1)
108 if subsearch[0] != subpattern[0]:
109 return self.has_auth("%s.*" % subsearch[0])
112 if __name__ == "__main__":