File grantwebyastrights of Package webyast-base-ws

#!/usr/bin/ruby
#
#--
# Webyast Webservice framework
#
# Copyright (C) 2009, 2010 Novell, Inc. 
#   This library is free software; you can redistribute it and/or modify
# it only under the terms of version 2.1 of the GNU Lesser General Public
# License as published by the Free Software Foundation. 
#
#   This library is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 
# details. 
#
#   You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software 
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
#++
#
# grantwebyastrights
#
# show, grant and revoke policies for YaST webservice
#
# run: grantwebyastrights
#
# FIXME grant really All rights to run webyast, (so also packagekit rights, hal rights for system plugin etc)
#
require 'fileutils'
require 'getoptlong'

$debug = 0

def usage why
  STDERR.puts why
  STDERR.puts ""
  STDERR.puts "Usage: grantwebyastrights --user <user> --action (show|grant|revoke)"
  STDERR.puts "NOTE: This program should be run by user root"
  STDERR.puts ""
  STDERR.puts "This call grant/revoke ALL permissions for the YaST Webservice."
  STDERR.puts "In order to grant/revoke single rights use:"
  STDERR.puts "polkit-auth --user <user> (--grant|-revoke) <policyname>"
  STDERR.puts ""
  STDERR.puts "In order to show all possible permissions use:"
  STDERR.puts "polkit-action"
  exit 1
end

options = GetoptLong.new(
  [ "--user",   GetoptLong::REQUIRED_ARGUMENT ],
  [ "--action", GetoptLong::REQUIRED_ARGUMENT ]
)

user = nil
action = nil

begin
  options.each do |opt, arg|
    case opt
    when "--user": user = arg
    when "--action": action = arg
    when "--debug": $debug += 1
    end
  end
rescue GetoptLong::InvalidOption => o
  usage "Invalid option #{o}"
end

$debug = nil if $debug == 0

usage "excessive arguments"  unless ARGV.empty?
usage "user parameter missing" unless user
usage "action parameter (show|grant|revoke) missing" unless action

SuseString = "org.opensuse.yast"

def webyast_perm?(perm)
  return (perm.include? SuseString) && (not perm.include? ".scr")
end

def granted_perms(user)
  perms = `polkit-auth --user '#{user}' --explicit`
  #do NOT raise if an error happens here cause while the package installation this call returns always an error
  #  raise "polkit-auth failed with ret code #{$?.exitstatus}. Output: #{perms}" unless $?.exitstatus.zero?
  perms = perms.split "\n"
  perms.reject! { |perm| not webyast_perm?(perm) }
  return perms
end

def webyast_perms
  perms = `polkit-action`
  raise "polkit-action failed with ret code #{$?.exitstatus}. Output: #{perms}" unless $?.exitstatus.zero?
  perms = perms.split "\n"
  perms.reject! { |perm| not webyast_perm?(perm) }
  return perms
end

begin
  case action
  when "grant" then
    granted = granted_perms user
    non_granted = webyast_perms.reject{ |perm| granted.include? perm }
    non_granted.each do |policy|
      STDOUT.puts "granting: #{policy}"
      out = `polkit-auth --user '#{user}' --grant '#{policy}'`
      #do NOT raise if an error happens here cause while the package installation this call can return an error for already existing 
      #permissions ( It is not possible to check this before)
      #raise "Granting permissions failed with ret code #{$?.exitstatus}. Output: #{out}" unless $?.exitstatus.zero?
    end
  when "show"
    STDOUT.puts granted_perms(user).join("\n")
  when "revoke"
    granted = granted_perms user
    granted.each do |policy|
      STDOUT.puts "revoking: #{policy}"
      out = `polkit-auth --user '#{user}' --revoke '#{policy}'`
      raise "Revoking permissions failed with ret code #{$?.exitstatus}. Output: #{out}" unless $?.exitstatus.zero?
    end
  end
rescue Exception => e
  STDERR.puts e.message
  Process.exit! 1
end