Alex Dehnert [Sun, 16 Sep 2012 01:53:40 +0000 (21:53 -0400)]
Wrappers for safely calling commands in a new PAG
The usual mechanism for starting a new PAG is pagsh(1). Unfortunately, because
it basically just execvp(3) /bin/sh passing the appropriate arguments, it isn't
immediately obvious how to safely pass arguments that may contain shell
metacharacters. By using the shell's exec and taking advantage of the fact that
later arguments to /bin/sh end up in $@ we can safely avoid shell
metacharacters. We wrap subprocess.check_{call,output} in
pag_check_{call,output}, which perform appropriate contortions to establish the
PAG before safely executing the passed commands without evaluating any
metacharacters.
Alex Dehnert [Sun, 18 Dec 2011 05:49:59 +0000 (00:49 -0500)]
Function to create an MIT user with LDAP data
This adds a function get_or_create_mit_user. As with the "get_or_create"
methods on managers, this returns an object satisfying some conditions,
creating it if necessary. In this case, we return a User object that's
populated using data from MIT's LDAP. If the user does not exist and
cannot be found in LDAP, we raise an exception.