Re: [Spacewalk-devel] [PATCH] - RHBZ#508936 - Run remote command works even when run is disabled on the client

Marcelo Moreira de Mello Thu, 14 Jul 2011 09:37:50 -0700

Hello,

  Follow attached a new patch which include the 3 modifications:


     1) Change KickstartFormatter.java to create the "run" file instead
of "all";

     2) Adds a %post script to move any existing "all" to "run", making
it consistent with the documentation and with the new kickstart

     3) Disable any actions based on the
/etc/sysconfig/rhn/allowed-actions/script/all and make it only use the
"run" file.
 

  Thank you!

Cheers,
Marcelo Moreira de Mello

On 07/14/2011 11:58 AM, Marcelo Moreira de Mello wrote:
> On 07/14/2011 09:58 AM, Jan Pazdziora wrote:
>> On Thu, Jul 14, 2011 at 02:54:41PM +0200, Jan Pazdziora wrote:
>>> On Wed, Jul 06, 2011 at 02:05:12PM -0300, Marcelo Moreira de Mello wrote:
>>>> Howdy, 
>>>>  
>>>>   Any news regarding this patch? 
>>> Marcelo,
>>>
>>> could you explain in deeper detail what in the current (Spacewalk)
>>> code makes both 'all' and 'run' to be taken as True for the
>>> script.run action?
>> The reason I ask is:
>>
>> If both the current and old versions of rhncfg* observe
>> the /etc/sysconfig/rhn/allowed-actions/script/run file correctly, then
>> there would be no problem changing the touch in
>> KickstartFormatter.java to create the "run" file instead of "all". So
>> no new installation would have the "all" file there.
> Yes. Agreed. That what I have I thought when I submitted the first patch.
>> Since the rhn-actions-control only seems to create and remove the
>> "run" file, we could then use %post script of some of the rhncfg
>> package to move any existing "all" to "run", to make it consistent
>> with the documentation and with new kickstart.
> Great! Sounds goods!
>> Then we would also need to disable any actions based on the
>> /etc/sysconfig/rhn/allowed-actions/script/all file in the rhncfg*
>> packages, and make it only use the "run" file as its flag.
> OK. I'm working into this.
> Cheers,
> mmello
>

From: Marcelo Moreira de Mello <mme...@redhat.com>
Date: Thu, 14 Jul 2011 13:26:22 -0300
Subject: [PATCH] RHBZ#508936 - rhn-actions-control honor the  allowed-actions/scripts/run for remote commands

---
 client/tools/rhncfg/actions/configfiles.py         |    5 ++++-
 client/tools/rhncfg/rhncfg.spec                    |    4 ++++
 .../rhn/manager/kickstart/KickstartFormatter.java  |    2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/client/tools/rhncfg/actions/configfiles.py b/client/tools/rhncfg/actions/configfiles.py
index 76671ab..609e1d9 100755
--- a/client/tools/rhncfg/actions/configfiles.py
+++ b/client/tools/rhncfg/actions/configfiles.py
@@ -51,7 +51,10 @@ def _local_permission_check(action_type):
 
     for i in range(len(atype_structure)):
         all_structure = atype_structure[:i]
-        all_structure.append('all')
+        if action_type == "script.run":
+            all_structure.append('run')
+        else:
+            all_structure.append('all')
 
         potential_all_path = apply(os.path.join, all_structure)
         if os.path.exists(os.path.join(_permission_root_dir, potential_all_path)):
diff --git a/client/tools/rhncfg/rhncfg.spec b/client/tools/rhncfg/rhncfg.spec
index 8f53731..5bd4f21 100644
--- a/client/tools/rhncfg/rhncfg.spec
+++ b/client/tools/rhncfg/rhncfg.spec
@@ -104,6 +104,10 @@ rm -rf $RPM_BUILD_ROOT
 %config(noreplace) %{client_caps_dir}/*
 %{_mandir}/man8/rhn-actions-control.8*
 
+%post
+test -f /etc/sysconfig/rhn/allowed-actions/script/all \
+    && mv /etc/sysconfig/rhn/allowed-actions/script/all /etc/sysconfig/rhn/allowed-actions/script/run
+
 # $Id$
 %changelog
 * Thu Jun 16 2011 Jan Pazdziora 5.10.8-1
diff --git a/java/code/src/com/redhat/rhn/manager/kickstart/KickstartFormatter.java b/java/code/src/com/redhat/rhn/manager/kickstart/KickstartFormatter.java
index 0aa0f75..a4c761a 100644
--- a/java/code/src/com/redhat/rhn/manager/kickstart/KickstartFormatter.java
+++ b/java/code/src/com/redhat/rhn/manager/kickstart/KickstartFormatter.java
@@ -120,7 +120,7 @@ public class KickstartFormatter {
     private static final String WGET_RPMS = "wget -P /tmp/rhn_rpms ";
     private static final String REMOTE_CMD =
         "mkdir -p /etc/sysconfig/rhn/allowed-actions/script" + NEWLINE +
-        "touch /etc/sysconfig/rhn/allowed-actions/script/all";
+        "touch /etc/sysconfig/rhn/allowed-actions/script/run";
     private static final String CONFIG_CMD =
         "mkdir -p /etc/sysconfig/rhn/allowed-actions/configfiles" + NEWLINE +
         "touch /etc/sysconfig/rhn/allowed-actions/configfiles/all";
-- 
1.7.6

_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel

Re: [Spacewalk-devel] [PATCH] - RHBZ#508936 - Run remote command works even when run is disabled on the client

Reply via email to