+def _check_pin(uid, pin):
+ global _pin_uid
+ global _pin_uname
+ global _pin_pin
+ print "_check_pin('",uid,"',---)"
+ if uid != _pin_uid:
+ try:
+ info = pwd.getpwuid(uid)
+ except KeyError:
+ logging.info('getting pin for uid %d: user not in password file'%uid)
+ return None
+ if info.pw_dir == None: return False
+ pinfile = os.path.join(info.pw_dir, '.pin')
+ try:
+ s = os.stat(pinfile)
+ except OSError:
+ logging.info('getting pin for uid %d: .pin not found in home directory'%uid)
+ return None
+ if s.st_mode & 077:
+ logging.info('getting pin for uid %d: .pin has wrong permissions. Fixing.'%uid)
+ os.chmod(pinfile, 0600)
+ try:
+ f = file(pinfile)
+ except IOError:
+ logging.info('getting pin for uid %d: I cannot read pin file'%uid)
+ return None
+ pinstr = f.readline()
+ f.close()
+ if not re.search('^'+'[0-9]'*PIN_LENGTH+'$', pinstr):
+ logging.info('getting pin for uid %d: %s not a good pin'%(uid,repr(pinstr)))
+ return None
+ _pin_uid = uid
+ _pin_pin = pinstr
+ _pin_uname = info.pw_name
+ else:
+ pinstr = _pin_pin
+ if pin == int(pinstr):
+ logging.info("Pin correct for %d",uid)
+ else:
+ logging.info("Pin incorrect for %d",uid)
+ return pin == int(pinstr)
+
+def acct_is_disabled(name=None):
+ global _pin_uname
+ if name == None:
+ name = _pin_uname
+ acct, unused = Popen(['dispense', 'acct', _pin_uname], close_fds=True, stdout=PIPE).communicate()
+ # this is fucking appalling
+ flags = acct[acct.find("(")+1:acct.find(")")].strip()
+ if 'disabled' in flags:
+ return True
+ if 'internal' in flags:
+ return True
+ return False
+
+def has_good_pin(uid):
+ return _check_pin(uid, None) != None