From 8d2d44ad05bad0ece6114017e5b113314059e6b0 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Tue, 11 Mar 2008 14:49:04 +0000
Subject: [PATCH] Remove use of polkit-grant. Keep stdio open when running
 polkit-auth

---
 ChangeLog     |  6 ++++++
 configure.in  |  4 ----
 src/libvirt.c | 54 ++++++++++++++++++++++++++++++++++++++-------------
 3 files changed, 46 insertions(+), 18 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index d9a012e1de..44fbc7f76a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Tue Mar 11 10:45:53 EDT 2008 Daniel P. Berrange <berrange@redhat.com>
+
+	* src/libvirt.c, configure.in: Remove use of polkit-grant since
+	it is fundamentally broken. Only use polkit-auth instead. Keep
+	stdin/out/err open when running polkit-auth.
+
 Tue Mar 11 10:21:53 EDT 2008 Daniel P. Berrange <berrange@redhat.com>
 
 	* src/virsh.c: Don't force connection to readonly as non-root
diff --git a/configure.in b/configure.in
index 15065d5195..50c14e089d 100644
--- a/configure.in
+++ b/configure.in
@@ -450,10 +450,6 @@ if test "x$with_polkit" = "xyes" -o "x$with_polkit" = "xcheck"; then
     CFLAGS="$old_CFLAGS"
     LDFLAGS="$old_LDFLAGS"
 
-    AC_PATH_PROG(POLKIT_GRANT, polkit-grant)
-    if test "x$POLKIT_GRANT" != "x"; then
-      AC_DEFINE_UNQUOTED([POLKIT_GRANT],["$POLKIT_GRANT"],[Location of polkit-grant program])
-    fi
     AC_PATH_PROG(POLKIT_AUTH, polkit-auth)
     if test "x$POLKIT_AUTH" != "x"; then
       AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program])
diff --git a/src/libvirt.c b/src/libvirt.c
index 31213bbed4..1152fcb984 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -19,6 +19,9 @@
 #include <sys/stat.h>
 #include <unistd.h>
 #include <assert.h>
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
 
 #include <libxml/parser.h>
 #include <libxml/xpath.h>
@@ -66,6 +69,39 @@ static int initialized = 0;
 int debugFlag = 0;
 #endif
 
+#if defined(POLKIT_AUTH)
+static int virConnectAuthGainPolkit(const char *privilege) {
+    const char *const args[] = {
+        POLKIT_AUTH, "--obtain", privilege, NULL
+    };
+    int childpid, status, ret;
+
+    /* Root has all rights */
+    if (getuid() == 0)
+        return 0;
+
+    if ((childpid = fork()) < 0)
+        return -1;
+
+    if (!childpid) {
+        execvp(args[0], (char **)args);
+        _exit(-1);
+    }
+
+    while ((ret = waitpid(childpid, &status, 0) == -1) && errno == EINTR);
+    if (ret == -1) {
+        return -1;
+    }
+
+    if (!WIFEXITED(status) ||
+        (WEXITSTATUS(status) != 0 && WEXITSTATUS(status) != 1)) {
+        return -1;
+    }
+
+    return 0;
+}
+#endif
+
 static int virConnectAuthCallbackDefault(virConnectCredentialPtr cred,
                                          unsigned int ncred,
                                          void *cbdata ATTRIBUTE_UNUSED) {
@@ -77,25 +113,15 @@ static int virConnectAuthCallbackDefault(virConnectCredentialPtr cred,
         size_t len;
 
         switch (cred[i].type) {
-#if defined(POLKIT_GRANT) || defined(POLKIT_AUTH)
+#if defined(POLKIT_AUTH)
         case VIR_CRED_EXTERNAL: {
             int ret;
-            const char *const args[] = {
-#if defined(POLKIT_GRANT)
-                POLKIT_GRANT, "--gain", cred[i].prompt, NULL
-#else
-                POLKIT_AUTH, "--obtain", cred[i].prompt, NULL
-#endif
-            };
-
             if (STRNEQ(cred[i].challenge, "PolicyKit"))
                 return -1;
-            if (virRun(NULL, (char **) args, &ret) < 0)
+
+            if (virConnectAuthGainPolkit(cred[i].prompt) < 0)
                 return -1;
 
-            if (!WIFEXITED(ret) ||
-                (WEXITSTATUS(ret) != 0 && WEXITSTATUS(ret) != 1))
-                return -1;
             break;
         }
 #endif
@@ -158,7 +184,7 @@ static int virConnectCredTypeDefault[] = {
     VIR_CRED_REALM,
     VIR_CRED_PASSPHRASE,
     VIR_CRED_NOECHOPROMPT,
-#if defined(POLKIT_AUTH) || defined(POLKIT_GRANT)
+#if defined(POLKIT_AUTH)
     VIR_CRED_EXTERNAL,
 #endif
 };