NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

Remove use of polkit-grant. Keep stdio open when running polkit-auth

Browse Source
This commit is contained in:
Daniel P. Berrange 2008-03-11 14:49:04 +00:00
parent c3501d4792
commit 8d2d44ad05
3 changed files with 46 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
Tue Mar 11 10:45:53 EDT 2008 Daniel P. Berrange <berrange@redhat.com>
* src/libvirt.c, configure.in: Remove use of polkit-grant since
it is fundamentally broken. Only use polkit-auth instead. Keep
stdin/out/err open when running polkit-auth.
Tue Mar 11 10:21:53 EDT 2008 Daniel P. Berrange <berrange@redhat.com> Tue Mar 11 10:21:53 EDT 2008 Daniel P. Berrange <berrange@redhat.com>
* src/virsh.c: Don't force connection to readonly as non-root * src/virsh.c: Don't force connection to readonly as non-root

4
configure.in
View File

@ -450,10 +450,6 @@ if test "x$with_polkit" = "xyes" -o "x$with_polkit" = "xcheck"; then
CFLAGS="$old_CFLAGS" CFLAGS="$old_CFLAGS"
LDFLAGS="$old_LDFLAGS" LDFLAGS="$old_LDFLAGS"
AC_PATH_PROG(POLKIT_GRANT, polkit-grant)
if test "x$POLKIT_GRANT" != "x"; then
AC_DEFINE_UNQUOTED([POLKIT_GRANT],["$POLKIT_GRANT"],[Location of polkit-grant program])
fi
AC_PATH_PROG(POLKIT_AUTH, polkit-auth) AC_PATH_PROG(POLKIT_AUTH, polkit-auth)
if test "x$POLKIT_AUTH" != "x"; then if test "x$POLKIT_AUTH" != "x"; then
AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program]) AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program])

54
src/libvirt.c
View File

@ -19,6 +19,9 @@
#include <sys/stat.h> #include <sys/stat.h>
#include <unistd.h> #include <unistd.h>
#include <assert.h> #include <assert.h>
#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
#endif
#include <libxml/parser.h> #include <libxml/parser.h>
#include <libxml/xpath.h> #include <libxml/xpath.h>
@ -66,6 +69,39 @@ static int initialized = 0;
int debugFlag = 0; int debugFlag = 0;
#endif #endif
#if defined(POLKIT_AUTH)
static int virConnectAuthGainPolkit(const char *privilege) {
const char *const args[] = {
POLKIT_AUTH, "--obtain", privilege, NULL
};
int childpid, status, ret;
/* Root has all rights */
if (getuid() == 0)
return 0;
if ((childpid = fork()) < 0)
return -1;
if (!childpid) {
execvp(args[0], (char **)args);
_exit(-1);
}
while ((ret = waitpid(childpid, &status, 0) == -1) && errno == EINTR);
if (ret == -1) {
return -1;
}
if (!WIFEXITED(status) ||
(WEXITSTATUS(status) != 0 && WEXITSTATUS(status) != 1)) {
return -1;
}
return 0;
}
#endif
static int virConnectAuthCallbackDefault(virConnectCredentialPtr cred, static int virConnectAuthCallbackDefault(virConnectCredentialPtr cred,
unsigned int ncred, unsigned int ncred,
void *cbdata ATTRIBUTE_UNUSED) { void *cbdata ATTRIBUTE_UNUSED) {
@ -77,25 +113,15 @@ static int virConnectAuthCallbackDefault(virConnectCredentialPtr cred,
size_t len; size_t len;
switch (cred[i].type) { switch (cred[i].type) {
#if defined(POLKIT_GRANT) || defined(POLKIT_AUTH) #if defined(POLKIT_AUTH)
case VIR_CRED_EXTERNAL: { case VIR_CRED_EXTERNAL: {
int ret; int ret;
const char *const args[] = {
#if defined(POLKIT_GRANT)
POLKIT_GRANT, "--gain", cred[i].prompt, NULL
#else
POLKIT_AUTH, "--obtain", cred[i].prompt, NULL
#endif
};
if (STRNEQ(cred[i].challenge, "PolicyKit")) if (STRNEQ(cred[i].challenge, "PolicyKit"))
return -1; return -1;
if (virRun(NULL, (char **) args, &ret) < 0)
if (virConnectAuthGainPolkit(cred[i].prompt) < 0)
return -1; return -1;
if (!WIFEXITED(ret) ||
(WEXITSTATUS(ret) != 0 && WEXITSTATUS(ret) != 1))
return -1;
break; break;
} }
#endif #endif
@ -158,7 +184,7 @@ static int virConnectCredTypeDefault[] = {
VIR_CRED_REALM, VIR_CRED_REALM,
VIR_CRED_PASSPHRASE, VIR_CRED_PASSPHRASE,
VIR_CRED_NOECHOPROMPT, VIR_CRED_NOECHOPROMPT,
#if defined(POLKIT_AUTH) || defined(POLKIT_GRANT) #if defined(POLKIT_AUTH)
VIR_CRED_EXTERNAL, VIR_CRED_EXTERNAL,
#endif #endif
}; };