Re: [Spacewalk-devel] [PATCH] - RHBZ#508936 - Run remote command works even when run is disabled on the client

Marcelo Moreira de Mello Fri, 03 Jun 2011 08:22:37 -0700

Hello,

 Here follow a better patch which check if the action_type if
configfiles or script. Please, ignore the patch sent previously.


 Thank you!

Cheers,
Marcelo

On 06/02/2011 07:30 PM, Marcelo Moreira de Mello wrote:
> Hello,
>
>  Follow attached  the patch which fixes the BZ#508936.
>
> At RHN Satellite/Spacewalk documentation, to be able to execute remote
> commands, it must exists a file named "run" into
> /etc/sysconfig/rhn/allowed-actions/scripts directory.
>
> This patch fixes remote commands only be executed if the file "run"
> exists into allowed-actions/scripts directory. All the other files will
> be ignored. 
>
> To make it consistent, we also fixed KickstartFormatter.java, which now
> appends into kickstart the 'run' instead 'all' into
> /etc/sysconfig/rhn/allowed-actions directory when rendering the
> kickstart file.
>
> After patched, --report option works as expected  (ignoring all the
> other files created manually) and remote commands will be only executed
> when a file "run" exists at allowed-action/scripts directory.
>
> # rhn-actions-control --enable-all ; tree /etc/sysconfig/rhn/allowed-actions
> |-- configfiles
> |   `-- all
> `-- script
>     `-- run
>
> 2 directories, 2 files
>
> # rhn-actions-control --report
> deploy is enabled
> diff is enabled
> upload is enabled
> mtime_upload is enabled
> run is enabled
>
> # rhn-actions-control --disable-all ; tree
> /etc/sysconfig/rhn/allowed-actions/
> /etc/sysconfig/rhn/allowed-actions/
> |-- configfiles
> `-- script
>
> 2 directories, 0 files
>
> # rhn-actions-control --report
> deploy is disabled
> diff is disabled
> upload is disabled
> mtime_upload is disabled
> run is disabled
>
>
>  ** Even forcing the file, it will be ignored
> # touch /etc/sysconfig/rhn/allowed-actions/script/all
> # rhn-actions-control --report
> deploy is disabled
> diff is disabled
> upload is disabled
> mtime_upload is disabled
> run is disabled
>
>
> Cheers,
> Marcelo Moreira de Mello
>
>
>
> _______________________________________________
> Spacewalk-devel mailing list
> Spacewalk-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-devel


-- 
Marcelo Moreira de Mello
RHCA RHCSS RHCVA 
Software Maintenance Engineer/SEG           

gpg id: 2048R/FDB110E5
gpg fingerprint: 3BE7 EF71 4DD7 6812 D309  8F18 BD42 D095 FDB1 10E5

From: Marcelo Moreira de Mello <mme...@redhat.com>
Date: Fri, 3 Jun 2011 12:15:16 -0300
Subject: [PATCH] RHBZ#508936 - rhn-actions-control honor the 
allowed-actions/scripts/run for remote commands

  RHBZ#508936 - rhn-actions-control honor the allowed-actions/scripts/run for 
remote commands

---
 client/tools/rhncfg/actions/configfiles.py         |    5 ++++-
 .../rhn/manager/kickstart/KickstartFormatter.java  |    2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/client/tools/rhncfg/actions/configfiles.py 
b/client/tools/rhncfg/actions/configfiles.py
index 76671ab..609e1d9 100755
--- a/client/tools/rhncfg/actions/configfiles.py
+++ b/client/tools/rhncfg/actions/configfiles.py
@@ -51,7 +51,10 @@ def _local_permission_check(action_type):
 
     for i in range(len(atype_structure)):
         all_structure = atype_structure[:i]
-        all_structure.append('all')
+        if action_type == "script.run":
+            all_structure.append('run')
+        else:
+            all_structure.append('all')
 
         potential_all_path = apply(os.path.join, all_structure)
         if os.path.exists(os.path.join(_permission_root_dir, 
potential_all_path)):
diff --git 
a/java/code/src/com/redhat/rhn/manager/kickstart/KickstartFormatter.java 
b/java/code/src/com/redhat/rhn/manager/kickstart/KickstartFormatter.java
index 0aa0f75..a4c761a 100644
--- a/java/code/src/com/redhat/rhn/manager/kickstart/KickstartFormatter.java
+++ b/java/code/src/com/redhat/rhn/manager/kickstart/KickstartFormatter.java
@@ -120,7 +120,7 @@ public class KickstartFormatter {
     private static final String WGET_RPMS = "wget -P /tmp/rhn_rpms ";
     private static final String REMOTE_CMD =
         "mkdir -p /etc/sysconfig/rhn/allowed-actions/script" + NEWLINE +
-        "touch /etc/sysconfig/rhn/allowed-actions/script/all";
+        "touch /etc/sysconfig/rhn/allowed-actions/script/run";
     private static final String CONFIG_CMD =
         "mkdir -p /etc/sysconfig/rhn/allowed-actions/configfiles" + NEWLINE +
         "touch /etc/sysconfig/rhn/allowed-actions/configfiles/all";
-- 
1.7.5.2

_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel

Re: [Spacewalk-devel] [PATCH] - RHBZ#508936 - Run remote command works even when run is disabled on the client

Reply via email to