File grantwebyastrights of Package webyast-base-ws
#!/usr/bin/ruby
#
#--
# Webyast Webservice framework
#
# Copyright (C) 2009, 2010 Novell, Inc.
# This library is free software; you can redistribute it and/or modify
# it only under the terms of version 2.1 of the GNU Lesser General Public
# License as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
# details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
#++
#
# grantwebyastrights
#
# show, grant and revoke policies for YaST webservice
#
# run: grantwebyastrights
#
# FIXME grant really All rights to run webyast, (so also packagekit rights, hal rights for system plugin etc)
#
require 'fileutils'
require 'getoptlong'
$debug = 0
def usage why
STDERR.puts why
STDERR.puts ""
STDERR.puts "Usage: grantwebyastrights --user <user> --action (show|grant|revoke)"
STDERR.puts "NOTE: This program should be run by user root"
STDERR.puts ""
STDERR.puts "This call grant/revoke ALL permissions for the YaST Webservice."
STDERR.puts "In order to grant/revoke single rights use:"
STDERR.puts "polkit-auth --user <user> (--grant|-revoke) <policyname>"
STDERR.puts ""
STDERR.puts "In order to show all possible permissions use:"
STDERR.puts "polkit-action"
exit 1
end
options = GetoptLong.new(
[ "--user", GetoptLong::REQUIRED_ARGUMENT ],
[ "--action", GetoptLong::REQUIRED_ARGUMENT ]
)
user = nil
action = nil
begin
options.each do |opt, arg|
case opt
when "--user": user = arg
when "--action": action = arg
when "--debug": $debug += 1
end
end
rescue GetoptLong::InvalidOption => o
usage "Invalid option #{o}"
end
$debug = nil if $debug == 0
usage "excessive arguments" unless ARGV.empty?
usage "user parameter missing" unless user
usage "action parameter (show|grant|revoke) missing" unless action
SuseString = "org.opensuse.yast"
def webyast_perm?(perm)
return (perm.include? SuseString) && (not perm.include? ".scr")
end
def granted_perms(user)
perms = `polkit-auth --user '#{user}' --explicit`
#do NOT raise if an error happens here cause while the package installation this call returns always an error
# raise "polkit-auth failed with ret code #{$?.exitstatus}. Output: #{perms}" unless $?.exitstatus.zero?
perms = perms.split "\n"
perms.reject! { |perm| not webyast_perm?(perm) }
return perms
end
def webyast_perms
perms = `polkit-action`
raise "polkit-action failed with ret code #{$?.exitstatus}. Output: #{perms}" unless $?.exitstatus.zero?
perms = perms.split "\n"
perms.reject! { |perm| not webyast_perm?(perm) }
return perms
end
begin
case action
when "grant" then
granted = granted_perms user
non_granted = webyast_perms.reject{ |perm| granted.include? perm }
non_granted.each do |policy|
STDOUT.puts "granting: #{policy}"
out = `polkit-auth --user '#{user}' --grant '#{policy}'`
#do NOT raise if an error happens here cause while the package installation this call can return an error for already existing
#permissions ( It is not possible to check this before)
#raise "Granting permissions failed with ret code #{$?.exitstatus}. Output: #{out}" unless $?.exitstatus.zero?
end
when "show"
STDOUT.puts granted_perms(user).join("\n")
when "revoke"
granted = granted_perms user
granted.each do |policy|
STDOUT.puts "revoking: #{policy}"
out = `polkit-auth --user '#{user}' --revoke '#{policy}'`
raise "Revoking permissions failed with ret code #{$?.exitstatus}. Output: #{out}" unless $?.exitstatus.zero?
end
end
rescue Exception => e
STDERR.puts e.message
Process.exit! 1
end
