Remove use of polkit-grant. Keep stdio open when running polkit-auth

diff --git a/ChangeLog b/ChangeLog
index d9a012e1dec7d55a0e8cf9e976794772365277b6..44fbc7f76a84f24c099bf98d0250f4b37af3a20e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Tue Mar 11 10:45:53 EDT 2008 Daniel P. Berrange <berrange@redhat.com>
+
+       * src/libvirt.c, configure.in: Remove use of polkit-grant since
+       it is fundamentally broken. Only use polkit-auth instead. Keep
+       stdin/out/err open when running polkit-auth.
+
 Tue Mar 11 10:21:53 EDT 2008 Daniel P. Berrange <berrange@redhat.com>
 
        * src/virsh.c: Don't force connection to readonly as non-root

diff --git a/configure.in b/configure.in
index 15065d51957df57b6b1b004fac17640c9789e97c..50c14e089d595790fa171859074904a46c5e451a 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -450,10 +450,6 @@ if test "x$with_polkit" = "xyes" -o "x$with_polkit" = "xcheck"; then
     CFLAGS="$old_CFLAGS"
     LDFLAGS="$old_LDFLAGS"
 
-    AC_PATH_PROG(POLKIT_GRANT, polkit-grant)
-    if test "x$POLKIT_GRANT" != "x"; then
-      AC_DEFINE_UNQUOTED([POLKIT_GRANT],["$POLKIT_GRANT"],[Location of polkit-grant program])
-    fi
     AC_PATH_PROG(POLKIT_AUTH, polkit-auth)
     if test "x$POLKIT_AUTH" != "x"; then
       AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program])

diff --git a/src/libvirt.c b/src/libvirt.c
index 31213bbed47af092ddf0b65b0bc172c2e784842a..1152fcb984f00d9e0b3279012a4b725678a65e92 100644 (file)
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -19,6 +19,9 @@
 #include <sys/stat.h>
 #include <unistd.h>
 #include <assert.h>
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
 
 #include <libxml/parser.h>
 #include <libxml/xpath.h>
@@ -66,6 +69,39 @@ static int initialized = 0;
 int debugFlag = 0;
 #endif
 
+#if defined(POLKIT_AUTH)
+static int virConnectAuthGainPolkit(const char *privilege) {
+    const char *const args[] = {
+        POLKIT_AUTH, "--obtain", privilege, NULL
+    };
+    int childpid, status, ret;
+
+    /* Root has all rights */
+    if (getuid() == 0)
+        return 0;
+
+    if ((childpid = fork()) < 0)
+        return -1;
+
+    if (!childpid) {
+        execvp(args[0], (char **)args);
+        _exit(-1);
+    }
+
+    while ((ret = waitpid(childpid, &status, 0) == -1) && errno == EINTR);
+    if (ret == -1) {
+        return -1;
+    }
+
+    if (!WIFEXITED(status) ||
+        (WEXITSTATUS(status) != 0 && WEXITSTATUS(status) != 1)) {
+        return -1;
+    }
+
+    return 0;
+}
+#endif
+
 static int virConnectAuthCallbackDefault(virConnectCredentialPtr cred,
                                          unsigned int ncred,
                                          void *cbdata ATTRIBUTE_UNUSED) {
@@ -77,25 +113,15 @@ static int virConnectAuthCallbackDefault(virConnectCredentialPtr cred,
         size_t len;
 
         switch (cred[i].type) {
-#if defined(POLKIT_GRANT) || defined(POLKIT_AUTH)
+#if defined(POLKIT_AUTH)
         case VIR_CRED_EXTERNAL: {
             int ret;
-            const char *const args[] = {
-#if defined(POLKIT_GRANT)
-                POLKIT_GRANT, "--gain", cred[i].prompt, NULL
-#else
-                POLKIT_AUTH, "--obtain", cred[i].prompt, NULL
-#endif
-            };
-
             if (STRNEQ(cred[i].challenge, "PolicyKit"))
                 return -1;
-            if (virRun(NULL, (char **) args, &ret) < 0)
-                return -1;
 
-            if (!WIFEXITED(ret) ||
-                (WEXITSTATUS(ret) != 0 && WEXITSTATUS(ret) != 1))
+            if (virConnectAuthGainPolkit(cred[i].prompt) < 0)
                 return -1;
+
             break;
         }
 #endif
@@ -158,7 +184,7 @@ static int virConnectCredTypeDefault[] = {
     VIR_CRED_REALM,
     VIR_CRED_PASSPHRASE,
     VIR_CRED_NOECHOPROMPT,
-#if defined(POLKIT_AUTH) || defined(POLKIT_GRANT)
+#if defined(POLKIT_AUTH)
     VIR_CRED_EXTERNAL,
 #endif
 };