mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-31 18:15:25 +00:00
Remove use of polkit-grant. Keep stdio open when running polkit-auth
This commit is contained in:
parent
c3501d4792
commit
8d2d44ad05
@ -1,3 +1,9 @@
|
||||
Tue Mar 11 10:45:53 EDT 2008 Daniel P. Berrange <berrange@redhat.com>
|
||||
|
||||
* src/libvirt.c, configure.in: Remove use of polkit-grant since
|
||||
it is fundamentally broken. Only use polkit-auth instead. Keep
|
||||
stdin/out/err open when running polkit-auth.
|
||||
|
||||
Tue Mar 11 10:21:53 EDT 2008 Daniel P. Berrange <berrange@redhat.com>
|
||||
|
||||
* src/virsh.c: Don't force connection to readonly as non-root
|
||||
|
@ -450,10 +450,6 @@ if test "x$with_polkit" = "xyes" -o "x$with_polkit" = "xcheck"; then
|
||||
CFLAGS="$old_CFLAGS"
|
||||
LDFLAGS="$old_LDFLAGS"
|
||||
|
||||
AC_PATH_PROG(POLKIT_GRANT, polkit-grant)
|
||||
if test "x$POLKIT_GRANT" != "x"; then
|
||||
AC_DEFINE_UNQUOTED([POLKIT_GRANT],["$POLKIT_GRANT"],[Location of polkit-grant program])
|
||||
fi
|
||||
AC_PATH_PROG(POLKIT_AUTH, polkit-auth)
|
||||
if test "x$POLKIT_AUTH" != "x"; then
|
||||
AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program])
|
||||
|
@ -19,6 +19,9 @@
|
||||
#include <sys/stat.h>
|
||||
#include <unistd.h>
|
||||
#include <assert.h>
|
||||
#ifdef HAVE_SYS_WAIT_H
|
||||
#include <sys/wait.h>
|
||||
#endif
|
||||
|
||||
#include <libxml/parser.h>
|
||||
#include <libxml/xpath.h>
|
||||
@ -66,6 +69,39 @@ static int initialized = 0;
|
||||
int debugFlag = 0;
|
||||
#endif
|
||||
|
||||
#if defined(POLKIT_AUTH)
|
||||
static int virConnectAuthGainPolkit(const char *privilege) {
|
||||
const char *const args[] = {
|
||||
POLKIT_AUTH, "--obtain", privilege, NULL
|
||||
};
|
||||
int childpid, status, ret;
|
||||
|
||||
/* Root has all rights */
|
||||
if (getuid() == 0)
|
||||
return 0;
|
||||
|
||||
if ((childpid = fork()) < 0)
|
||||
return -1;
|
||||
|
||||
if (!childpid) {
|
||||
execvp(args[0], (char **)args);
|
||||
_exit(-1);
|
||||
}
|
||||
|
||||
while ((ret = waitpid(childpid, &status, 0) == -1) && errno == EINTR);
|
||||
if (ret == -1) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!WIFEXITED(status) ||
|
||||
(WEXITSTATUS(status) != 0 && WEXITSTATUS(status) != 1)) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
static int virConnectAuthCallbackDefault(virConnectCredentialPtr cred,
|
||||
unsigned int ncred,
|
||||
void *cbdata ATTRIBUTE_UNUSED) {
|
||||
@ -77,25 +113,15 @@ static int virConnectAuthCallbackDefault(virConnectCredentialPtr cred,
|
||||
size_t len;
|
||||
|
||||
switch (cred[i].type) {
|
||||
#if defined(POLKIT_GRANT) || defined(POLKIT_AUTH)
|
||||
#if defined(POLKIT_AUTH)
|
||||
case VIR_CRED_EXTERNAL: {
|
||||
int ret;
|
||||
const char *const args[] = {
|
||||
#if defined(POLKIT_GRANT)
|
||||
POLKIT_GRANT, "--gain", cred[i].prompt, NULL
|
||||
#else
|
||||
POLKIT_AUTH, "--obtain", cred[i].prompt, NULL
|
||||
#endif
|
||||
};
|
||||
|
||||
if (STRNEQ(cred[i].challenge, "PolicyKit"))
|
||||
return -1;
|
||||
if (virRun(NULL, (char **) args, &ret) < 0)
|
||||
|
||||
if (virConnectAuthGainPolkit(cred[i].prompt) < 0)
|
||||
return -1;
|
||||
|
||||
if (!WIFEXITED(ret) ||
|
||||
(WEXITSTATUS(ret) != 0 && WEXITSTATUS(ret) != 1))
|
||||
return -1;
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
@ -158,7 +184,7 @@ static int virConnectCredTypeDefault[] = {
|
||||
VIR_CRED_REALM,
|
||||
VIR_CRED_PASSPHRASE,
|
||||
VIR_CRED_NOECHOPROMPT,
|
||||
#if defined(POLKIT_AUTH) || defined(POLKIT_GRANT)
|
||||
#if defined(POLKIT_AUTH)
|
||||
VIR_CRED_EXTERNAL,
|
||||
#endif
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user