[yast-commit] <rest-service> master : don't silently fail if granting permissions fail (bnc#554946)

30 Nov 2009

ref: refs/heads/master
commit 4190a4384614d5d84ed3d540c463765917c0b26c
Author: Josef Reidinger <jreidinger@suse.cz>
Date:   Mon Nov 30 10:36:23 2009 +0100

    don't silently fail if granting permissions fail (bnc#554946)
---
 webservice/package/grantwebyastrights    |  118 ++++++++++++++---------------
 webservice/package/yast2-webservice.spec |   14 +++-
 2 files changed, 67 insertions(+), 65 deletions(-)

diff --git a/webservice/package/grantwebyastrights b/webservice/package/grantwebyastrights
index 8ed63c7..2b0eb28 100755
--- a/webservice/package/grantwebyastrights
+++ b/webservice/package/grantwebyastrights
@@ -15,15 +15,16 @@ $debug = 0
 
 def usage why
 	STDERR.puts why
+  STDERR.puts ""
 	STDERR.puts "Usage: grantwebyastrights --user <user> --action (show|grant|revoke)"
-        STDERR.puts "NOTE: This program should be run by user root"
-        STDERR.puts ""
-        STDERR.puts "This call grant/revoke ALL permissions for the YaST Webservice."
-        STDERR.puts "In order to grant/revoke single rights use:"
-        STDERR.puts "polkit-auth --user <user> (--grant|-revoke) <policyname>"
-        STDERR.puts ""
-        STDERR.puts "In order to show all possible permissions use:"
-        STDERR.puts "polkit-action"
+  STDERR.puts "NOTE: This program should be run by user root"
+  STDERR.puts ""
+  STDERR.puts "This call grant/revoke ALL permissions for the YaST Webservice."
+  STDERR.puts "In order to grant/revoke single rights use:"
+  STDERR.puts "polkit-auth --user <user> (--grant|-revoke) <policyname>"
+  STDERR.puts ""
+  STDERR.puts "In order to show all possible permissions use:"
+  STDERR.puts "polkit-action"
 	exit 1
 end
 
@@ -36,70 +37,65 @@ user = nil
 action = nil
 
 
-begin
 options.each do |opt, arg|
   case opt
     when "--user": user = arg
     when "--action": action = arg
     when "--debug": $debug += 1
     else
-	STDERR.puts "Ignoring unrecognized option #{opt}"
+	    usage "Unrecognized option #{opt}"
   end
 end
-rescue
-end
 
 $debug = nil if $debug == 0
 
-usage "excessive arguments" unless ARGV.empty?
-usage "--user parameter missing" unless user
-usage "--action parameter (show|grant|revoke) missing" unless action
+usage "excessive arguments"  unless ARGV.empty?
+usage "user parameter missing" unless user
+usage "action parameter (show|grant|revoke) missing" unless action
 
-begin
-   SuseString = "org.opensuse.yast"
-   if action == "grant"
-      # run "polkit-action" to list all registered policies
-      IO.popen( "polkit-action", 'r+' ) do |pipe|
-         loop do
-            break if pipe.eof?
-            l = pipe.read
-	    # polkit-action prints one policy per line
-            policies = l.split("\n")
-	    # now 'blindly' grant org.opensuse.yast.*
-            policies.each do |policy|
-               if policy.include? SuseString and not policy.include? ".scr"
-                  STDOUT.puts "granting: #{policy}"
-                  command = "polkit-auth --user " + user + " --grant " + policy
-                  unless system(command)
-		    STDERR.puts "#{command} failed !"
-		  end
-               end
-            end
-         end
-      end
-   else
-      command = "polkit-auth --user " + user + " --explicit"
-      IO.popen( command, 'r+' ) do |pipe|
-         loop do
-            break if pipe.eof?
-            l = pipe.read
-            case action
-               when "show"
-                  STDOUT.puts l
-               when "revoke"
-                  policies = l.split("\n")
-                  policies.each do |policy|
-                    if policy.include? SuseString and not policy.include? ".scr"
-                      STDOUT.puts "revoking: #{policy}"
-                      command = "polkit-auth --user " + user + " --revoke " + policy
-		      unless system(command)
-			STDERR.puts "#{command} failed !"
-		      end
-                    end
-                 end
-            end
-         end
-      end
-   end
+SuseString = "org.opensuse.yast"
+
+def webyast_perm?(perm)
+  return (perm.include? SuseString) && (not perm.include? ".scr")
+end
+
+def granted_perms(user)
+  perms = `polkit-auth --user '#{user}' --explicit`
+  raise "polkit-auth failed with ret code #{$?.exitstatus}. Output: #{perms}" unless $?.exitstatus.zero?
+  perms = perms.split "\n"
+  perms.reject! { |perm| not webyast_perm?(perm) }
+  return perms
 end
 
+def webyast_perms
+  perms = `polkit-action`
+  raise "polkit-action failed with ret code #{$?.exitstatus}. Output: #{perms}" unless $?.exitstatus.zero?
+  perms = perms.split "\n"
+  perms.reject! { |perm| not webyast_perm?(perm) }
+  return perms
+end
+
+begin
+  case action
+  when "grant" then
+    granted = granted_perms user
+    non_granted = webyast_perms.reject{ |perm| granted.include? perm }
+    non_granted.each do |policy|
+      STDOUT.puts "granting: #{policy}"
+      out = `polkit-auth --user '#{user}' --grant '#{policy}'`
+      raise "Granting permissions failed with ret code #{$?.exitstatus}. Output: #{out}" unless $?.exitstatus.zero?
+    end
+  when "show"
+    STDOUT.puts granted_perms(user).join("\n")
+  when "revoke"
+    granted = granted_perms user
+    granted.each do |policy|
+      STDOUT.puts "revoking: #{policy}"
+      out = `polkit-auth --user '#{user}' --revoke '#{policy}'`
+      raise "Revoking permissions failed with ret code #{$?.exitstatus}. Output: #{out}" unless $?.exitstatus.zero?
+    end
+  end
+rescue Exception => e
+  STDERR.puts e.message
+  Process.exit! 1
+end
diff --git a/webservice/package/yast2-webservice.spec b/webservice/package/yast2-webservice.spec
index 2fb7ad1..07cd732 100644
--- a/webservice/package/yast2-webservice.spec
+++ b/webservice/package/yast2-webservice.spec
@@ -162,13 +162,19 @@ rm -rf $RPM_BUILD_ROOT
 #
 #granting permissions for yastws
 #
-/usr/bin/polkit-auth --user yastws --grant org.freedesktop.packagekit.system-update >& /dev/null || :
-/usr/bin/polkit-auth --user yastws --grant org.freedesktop.policykit.read >& /dev/null || :
-/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.module-manager.import >& /dev/null || :
+if [ `/usr/bin/polkit-auth --user yastws | grep -c "org.freedesktop.packagekit.system-update"` -eq 0 ]; then
+  /usr/bin/polkit-auth --user yastws --grant org.freedesktop.packagekit.system-update > /dev/null
+fi
+if [ `/usr/bin/polkit-auth --user yastws | grep -c "org.freedesktop.policykit.read"` -eq 0 ]; then
+  /usr/bin/polkit-auth --user yastws --grant org.freedesktop.policykit.read > /dev/null
+fi
+if [ `/usr/bin/polkit-auth --user yastws | grep -c "org.opensuse.yast.module-manager.import"` -eq 0 ]; then
+  /usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.module-manager.import > /dev/null
+fi
 #
 # granting all permissions for root 
 #
-/usr/sbin/grantwebyastrights --user root --action grant >& /dev/null || :
+/usr/sbin/grantwebyastrights --user root --action grant > /dev/null
 #
 # create database 
 #
-- 
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org

    

Josef Reidinger

tags

participants (1)