[Libvir] FYI: configure.in (ALL_LINGUAS): Fix typo: s/Latn/latin/
by Jim Meyering
FYI, I committed this:
Mon Apr 8 17:32:07 CET 2008 Jim Meyering <meyering(a)redhat.com>
+ * configure.in (ALL_LINGUAS): Fix typo: s/Latn/latin/.
+
Don't fail to read a file because it's non-seekable (e.g., a pipe).
* src/util.c (fread_file_lim): New function.
(__virFileReadAll): Use fread_file_lim, rather than requiring
diff --git a/configure.in b/configure.in
index cc41185..bd6b744 100644
--- a/configure.in
+++ b/configure.in
@@ -888,7 +888,7 @@ if test -d po
then
ALL_LINGUAS=`(cd po > /dev/null && ls *.po) | sed 's+\.po$++'`
else
- ALL_LINGUAS="af am ar as be bg bn_IN bn ca cs cy da de el en_GB es et eu_ES fa fi fr gl gu he hi hr hu hy id is it ja ka kn ko ku lo lt lv mk ml mr ms my nb nl nn no nso or pa pl pt_BR pt ro ru si sk sl sq sr@Latn sr sv ta te th tr uk ur vi zh_CN zh_TW zu"
+ ALL_LINGUAS="af am ar as be bg bn_IN bn ca cs cy da de el en_GB es et eu_ES fa fi fr gl gu he hi hr hu hy id is it ja ka kn ko ku lo lt lv mk ml mr ms my nb nl nn no nso or pa pl pt_BR pt ro ru si sk sl sq sr@latin sr sv ta te th tr uk ur vi zh_CN zh_TW zu"
fi
dnl Extra link-time flags for Cygwin.
--
1.5.5.rc3.14.g78bf3
16 years, 8 months
[Libvir] Zombie KVMs?
by Henri Cook
Hey all,
Does anyone ever see:
root 18628 3.2 0.0 0 0 ? Z 17:30 0:40 \_
[kvm] <defunct>
Zombie copies of KVM under libvirtd? They're unkillable (without
restarting libvirtd) - although libvirt all still functions as normal
Henri
16 years, 8 months
[Libvir] [PATCH] Add xen and hvm guest types to test drive caps
by Cole Robinson
The attached patch adds xen and hvm guest types to the test driver's
capabilities. It was currently set to offer only a 'linux' type which
doesn't seem to follow the conventions of the other drivers, so I
removed that. Please yell if I'm wrong :)
Thanks,
Cole
diff --git a/src/test.c b/src/test.c
index f401d7d..9b2ca56 100644
--- a/src/test.c
+++ b/src/test.c
@@ -984,6 +984,8 @@ static char *testGetCapabilities (virConnectPtr conn)
char *xml;
int cell1[] = { 0, 2, 4, 6, 8, 10, 12, 14 };
int cell2[] = { 1, 3, 5, 7, 9, 11, 13, 15 };
+ const char *guest_types[] = { "hvm", "xen" };
+ int num_guest_types = 2, i;
if ((caps = virCapabilitiesNew(TEST_MODEL, 0, 0)) == NULL)
goto no_memory;
@@ -998,29 +1000,33 @@ static char *testGetCapabilities (virConnectPtr conn)
if (virCapabilitiesAddHostNUMACell(caps, 1, 8, cell2) < 0)
goto no_memory;
- if ((guest = virCapabilitiesAddGuest(caps,
- "linux",
- TEST_MODEL,
- TEST_MODEL_WORDSIZE,
- NULL,
- NULL,
- 0,
- NULL)) == NULL)
- goto no_memory;
-
- if (virCapabilitiesAddGuestDomain(guest,
- "test",
- NULL,
- NULL,
- 0,
- NULL) == NULL)
- goto no_memory;
-
-
- if (virCapabilitiesAddGuestFeature(guest, "pae", 1, 1) == NULL)
- goto no_memory;
- if (virCapabilitiesAddGuestFeature(guest ,"nonpae", 1, 1) == NULL)
- goto no_memory;
+ for (i = 0; i < num_guest_types; ++i) {
+
+ if ((guest = virCapabilitiesAddGuest(caps,
+ guest_types[i],
+ TEST_MODEL,
+ TEST_MODEL_WORDSIZE,
+ NULL,
+ NULL,
+ 0,
+ NULL)) == NULL)
+ goto no_memory;
+
+ if (virCapabilitiesAddGuestDomain(guest,
+ "test",
+ NULL,
+ NULL,
+ 0,
+ NULL) == NULL)
+ goto no_memory;
+
+ if (strcmp(guest_types[i], "xen")) {
+ if (virCapabilitiesAddGuestFeature(guest, "pae", 1, 1) == NULL)
+ goto no_memory;
+ if (virCapabilitiesAddGuestFeature(guest ,"nonpae", 1, 1) == NULL)
+ goto no_memory;
+ }
+ }
if ((xml = virCapabilitiesFormatXML(caps)) == NULL)
goto no_memory;
16 years, 8 months
[Libvir] Web Interface Question
by Henri Cook
Hey guys,
I'm designing a web interface for libvirt so that my customers can
manage their DomUs - unless you know of a good one that already exists???
I'm thinking that the best way to run this is have the web server
connected to libvirtd - but I can't find any documentation about the API
it presents - can you help?
I considered giving the web server access to virsh and parsing that, but
that has obvious security implications as it would need root/sudo access
Regards,
Henri
16 years, 8 months
Re: [Libvir] Web Interface Question
by Henri Cook
That sounds quite exciting; is it open source?
I'm looking at build something that works with KVM/Xen but i'm sure many
of the operations are the same; especially for status type, read only
queries.
Do you know if there's anything like an RFC document for libvirtd? What
did you base all your queries off while making the product?
Thanks for getting back to me,
Henri
Shuveb Hussain wrote:
> Hello Henri,
>
> On Sun, Apr 6, 2008 at 2:05 AM, Henri Cook
> <henri(a)theplayboymansion.net <mailto:henri@theplayboymansion.net>> wrote:
>
> Hey guys,
>
> I'm designing a web interface for libvirt so that my customers can
> manage their DomUs - unless you know of a good one that already
> exists???
>
>
> We, from BinaryKarma are the folks who contributed OpenVZ support for
> Libvirt and are experts in the area. We already have a product FluidVM
> that manages Xen and OpenVZ based virtual machines with support for
> Linux Containers and VMWare ESX coming up. FluidVM also ships with a
> browser based interface.
>
> Currently, there is also VPSCart, a free application built on top of
> the FluidVM platform available where you can create plans and expose
> them on a portal. customers can then choose and buy any of them.
> Users with the right privileges are automatically provisioned. They
> can login and manage their VPSs. Usage of VPSCart is completely optional.
>
> FluidVM ships with support for Local and SAN storage as well. You can
> evaluate a fully capable copy of FluidVM for a period of 45 days by
> downloading it from our web site. Here are the details:
>
> *FluidVM Screenshots:*
> http://www.binarykarma.com/fluidvm_screenshots.php
>
> *FluidVM Demo Videos:*
> http://www.binarykarma.com/demo.php
>
> *FluidVM Manuals, free License and User Manuals:*
> http://www.binarykarma.com/download.php
>
> If you have any further questions, we'll be happy to clarify them.
>
>
> Thanks & regards,
> --
> Shuveb Hussain
> B I N A R Y K A R M A
> Chennai, India.
> Phone : +91 44-64621656
> Mobile: +91 98403-80386
> http://www.binarykarma.com
16 years, 8 months
[Libvir] [PATCH] add error message for the case of "vcpupin" fails
by S.Sakamoto
Hi,
When I set a number that is bigger than
virtual CPU's setting of guest_dom to <vcpu>,
No error-messages are shown.
I try follow,
# virsh vcpupin guest_dom 100 0,1
[no error messages]
# echo $?
1
I make the patch to solve this problem.
Thanks,
Shigeki Sakamoto.
Index: virsh.c
===================================================================
RCS file: /data/cvs/libvirt/src/virsh.c,v
retrieving revision 1.140
diff -u -p -r1.140 virsh.c
--- virsh.c 27 Mar 2008 13:43:01 -0000 1.140
+++ virsh.c 4 Apr 2008 05:21:47 -0000
@@ -1747,6 +1747,7 @@ cmdVcpupin(vshControl * ctl, vshCmd * cm
}
if (vcpu >= info.nrVirtCpu) {
+ vshError(ctl, FALSE, _("vcpupin: Invalid vCPU number."));
virDomainFree(dom);
return FALSE;
}
16 years, 8 months
[Libvir] virsh define appears to succeed, but doesn't add bridge
by Jim Meyering
While trying to test this tiny script on rawhide,
http://hg.et.redhat.com/virt/websites/ovirt-web--devel?f=e4f3ee8de5a1;fil...
I was surprised to see I couldn't provoke this failure:
echo 1>&2 "$0: you seem to have already run this script"; exit 1; }
The idea is to dump xml, insert 4 lines describing a bridge,
and use virsh "define" to apply the new definition.
However, that last step doesn't seem to work, even though
virsh exits successfully.
If the new XML is somehow insufficient, the least it could
do is give a diagnostic. Otherwise it has to honor the request.
# cat $tmpfile
<domain type='kvm' id='1'>
<name>developer</name>
<uuid>f2af0696-77ea-dd8f-3f6c-cf3f38d5216e</uuid>
<memory>524288</memory>
<currentMemory>524288</currentMemory>
<vcpu>1</vcpu>
<os>
<type>hvm</type>
<boot dev='cdrom'/>
</os>
<features>
<acpi/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>destroy</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-kvm</emulator>
<disk type='file' device='disk'>
<source file='/var/lib/libvirt/images/developer.img'/>
<target dev='hda'/>
</disk>
<disk type='file' device='cdrom'>
<source file='/var/lib/libvirt/images/Fedora-8-x86_64-rescuecd.iso'/>
<target dev='hdc'/>
<readonly/>
</disk>
<interface type='network'>
<mac address='00:16:3e:46:e2:8a'/>
<source network='default'/>
<target dev='vnet0'/>
</interface>
<interface type="bridge">
<mac address="00:16:3e:12:34:56"/>
<source bridge="dummybridge"/>
</interface>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='5900' listen='127.0.0.1'/>
</devices>
</domain>
# virsh -c qemu:///system define "$tmpfile"
Domain developer defined from /t/jt2884.FGSiY6/tmp.JVPZ4LBMVf
# virsh -c qemu:///system dumpxml developer
<domain type='kvm' id='1'>
<name>developer</name>
<uuid>f2af0696-77ea-dd8f-3f6c-cf3f38d5216e</uuid>
<memory>524288</memory>
<currentMemory>524288</currentMemory>
<vcpu>1</vcpu>
<os>
<type>hvm</type>
<boot dev='cdrom'/>
</os>
<features>
<acpi/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>destroy</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-kvm</emulator>
<disk type='file' device='disk'>
<source file='/var/lib/libvirt/images/developer.img'/>
<target dev='hda'/>
</disk>
<disk type='file' device='cdrom'>
<source file='/var/lib/libvirt/images/Fedora-8-x86_64-rescuecd.iso'/>
<target dev='hdc'/>
<readonly/>
</disk>
<interface type='network'>
<mac address='00:16:3e:46:e2:8a'/>
<source network='default'/>
<target dev='vnet0'/>
</interface>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='5900' listen='127.0.0.1'/>
</devices>
</domain>
16 years, 8 months
[Libvir] FYI: Reporting 'upstream' bugs for libvirt & virt tools
by Daniel P. Berrange
This is a quick mail to let people know of a new bug reporting policy for
virtualization related tools.
1. Only, if you are using binary RPMs from official Fedora repositories,
bugs should be reported under the 'Fedora' product, with the component
matching the RPM you're reporting against:
https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora
2. For all other cases. ie If you are using self-built binaries, or
checkouts from the source repos, or forwarding bugs from a non-Fedora
distribution, then use the generic 'Virtualization Tools' product:
https://bugzilla.redhat.com/enter_bug.cgi?product=Virtualization%20Tools
This is our master 'upstream' bug tracking product now.
This is important because Fedora recently instituted a number of bug house
keeping policies against things under 'Fedora', which may result in your
bugs being incorrectly closed. Using 'Virtualization Tools' product in
bugzilla ensures we can distinguish upstream bugs from Fedora bugs.
This applies to the following applications:
libvirt
virt-df
virt-manager
virt-p2v
virt-top
virt-viewer
virtinst
Regards,
Daniel.
--
|: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
16 years, 8 months
[Libvir] PATCH: Don't request polkit auth if client is root
by Daniel P. Berrange
This patch makes two adjustments to the way policy kit authentication is
done.
- Currently the server unconditionally ask the client to do policykit
authentication. This is unnecessary if the remote client is running
as root, which we can check via UNIX socket credentials. Unconditionally
asking plays havoc with SSH tunneling, so this patch makes it check the
socket credentials ¬ ask for auth if the client is UID==0
- The virsh client will unconditionally call polkit-auth to request
credentials. This is also unneccessary if the client is running as
root, so this patch makes it skip that step as root.
The patch is bigger than it seems because removing an if() conditional
made a huge chunk be re-indented.
Dan.
Index: qemud/internal.h
===================================================================
RCS file: /data/cvs/libvirt/qemud/internal.h,v
retrieving revision 1.42
diff -u -p -r1.42 internal.h
--- qemud/internal.h 23 Jan 2008 14:54:41 -0000 1.42
+++ qemud/internal.h 3 Apr 2008 20:04:53 -0000
@@ -179,6 +179,9 @@ void qemudLog(int priority, const char *
void remoteDispatchClientRequest (struct qemud_server *server,
struct qemud_client *client);
+#if HAVE_POLKIT
+int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid);
+#endif
#endif
Index: qemud/qemud.c
===================================================================
RCS file: /data/cvs/libvirt/qemud/qemud.c,v
retrieving revision 1.91
diff -u -p -r1.91 qemud.c
--- qemud/qemud.c 14 Mar 2008 15:21:15 -0000 1.91
+++ qemud/qemud.c 3 Apr 2008 20:04:54 -0000
@@ -1040,6 +1040,28 @@ remoteCheckAccess (struct qemud_client *
return 0;
}
+#if HAVE_POLKIT
+int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid) {
+#ifdef SO_PEERCRED
+ struct ucred cr;
+ unsigned int cr_len = sizeof (cr);
+
+ if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) < 0) {
+ qemudLog(QEMUD_ERR, _("Failed to verify client credentials: %s"),
+ strerror(errno));
+ return -1;
+ }
+
+ *pid = cr.pid;
+ *uid = cr.uid;
+#else
+ /* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/
+#error "UNIX socket credentials not supported/implemented on this platform yet..."
+#endif
+ return 0;
+}
+#endif
+
static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket *sock) {
int fd;
struct sockaddr_storage addr;
@@ -1075,6 +1097,26 @@ static int qemudDispatchServer(struct qe
memcpy (&client->addr, &addr, sizeof addr);
client->addrlen = addrlen;
+#if HAVE_POLKIT
+ /* Only do policy checks for non-root - allow root user
+ through with no checks, as a fail-safe - root can easily
+ change policykit policy anyway, so its pointless trying
+ to restrict root */
+ if (client->auth == REMOTE_AUTH_POLKIT) {
+ uid_t uid;
+ pid_t pid;
+
+ if (qemudGetSocketIdentity(client->fd, &uid, &pid) < 0)
+ goto cleanup;
+
+ /* Cient is running as root, so disable auth */
+ if (uid == 0) {
+ qemudLog(QEMUD_INFO, _("Turn off polkit auth for privileged client %d"), pid);
+ client->auth = REMOTE_AUTH_NONE;
+ }
+ }
+#endif
+
if (client->type != QEMUD_SOCK_TYPE_TLS) {
client->mode = QEMUD_MODE_RX_HEADER;
client->bufferLength = REMOTE_MESSAGE_HEADER_XDR_LEN;
Index: qemud/remote.c
===================================================================
RCS file: /data/cvs/libvirt/qemud/remote.c,v
retrieving revision 1.27
diff -u -p -r1.27 remote.c
--- qemud/remote.c 27 Mar 2008 13:43:01 -0000 1.27
+++ qemud/remote.c 3 Apr 2008 20:04:54 -0000
@@ -2570,27 +2570,6 @@ remoteDispatchAuthSaslStep (struct qemud
#if HAVE_POLKIT
-static int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid) {
-#ifdef SO_PEERCRED
- struct ucred cr;
- unsigned int cr_len = sizeof (cr);
-
- if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) < 0) {
- qemudLog(QEMUD_ERR, _("Failed to verify client credentials: %s"),
- strerror(errno));
- return -1;
- }
-
- *pid = cr.pid;
- *uid = cr.uid;
-#else
- /* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/
-#error "UNIX socket credentials not supported/implemented on this platform yet..."
-#endif
- return 0;
-}
-
-
static int
remoteDispatchAuthPolkit (struct qemud_server *server ATTRIBUTE_UNUSED,
struct qemud_client *client,
@@ -2600,6 +2579,15 @@ remoteDispatchAuthPolkit (struct qemud_s
{
pid_t callerPid;
uid_t callerUid;
+ PolKitCaller *pkcaller = NULL;
+ PolKitAction *pkaction = NULL;
+ PolKitContext *pkcontext = NULL;
+ PolKitError *pkerr = NULL;
+ PolKitResult pkresult;
+ DBusError err;
+ const char *action = client->readonly ?
+ "org.libvirt.unix.monitor" :
+ "org.libvirt.unix.manage";
REMOTE_DEBUG("Start PolicyKit auth %d", client->fd);
if (client->auth != REMOTE_AUTH_POLKIT) {
@@ -2615,98 +2603,78 @@ remoteDispatchAuthPolkit (struct qemud_s
return -2;
}
- /* Only do policy checks for non-root - allow root user
- through with no checks, as a fail-safe - root can easily
- change policykit policy anyway, so its pointless trying
- to restrict root */
- if (callerUid == 0) {
- qemudLog(QEMUD_INFO, _("Allowing PID %d running as root"), callerPid);
- ret->complete = 1;
- client->auth = REMOTE_AUTH_NONE;
- } else {
- PolKitCaller *pkcaller = NULL;
- PolKitAction *pkaction = NULL;
- PolKitContext *pkcontext = NULL;
- PolKitError *pkerr = NULL;
- PolKitResult pkresult;
- DBusError err;
- const char *action = client->readonly ?
- "org.libvirt.unix.monitor" :
- "org.libvirt.unix.manage";
-
- qemudLog(QEMUD_INFO, _("Checking PID %d running as %d"),
- callerPid, callerUid);
- dbus_error_init(&err);
- if (!(pkcaller = polkit_caller_new_from_pid(server->sysbus,
- callerPid, &err))) {
- qemudLog(QEMUD_ERR, _("Failed to lookup policy kit caller: %s"),
- err.message);
- dbus_error_free(&err);
- remoteDispatchFailAuth(client, req);
- return -2;
- }
-
- if (!(pkaction = polkit_action_new())) {
- qemudLog(QEMUD_ERR, _("Failed to create polkit action %s\n"),
- strerror(errno));
- polkit_caller_unref(pkcaller);
- remoteDispatchFailAuth(client, req);
- return -2;
- }
- polkit_action_set_action_id(pkaction, action);
-
- if (!(pkcontext = polkit_context_new()) ||
- !polkit_context_init(pkcontext, &pkerr)) {
- qemudLog(QEMUD_ERR, _("Failed to create polkit context %s\n"),
- (pkerr ? polkit_error_get_error_message(pkerr)
- : strerror(errno)));
- if (pkerr)
- polkit_error_free(pkerr);
- polkit_caller_unref(pkcaller);
- polkit_action_unref(pkaction);
- dbus_error_free(&err);
- remoteDispatchFailAuth(client, req);
- return -2;
- }
+ qemudLog(QEMUD_INFO, _("Checking PID %d running as %d"),
+ callerPid, callerUid);
+ dbus_error_init(&err);
+ if (!(pkcaller = polkit_caller_new_from_pid(server->sysbus,
+ callerPid, &err))) {
+ qemudLog(QEMUD_ERR, _("Failed to lookup policy kit caller: %s"),
+ err.message);
+ dbus_error_free(&err);
+ remoteDispatchFailAuth(client, req);
+ return -2;
+ }
+
+ if (!(pkaction = polkit_action_new())) {
+ qemudLog(QEMUD_ERR, _("Failed to create polkit action %s\n"),
+ strerror(errno));
+ polkit_caller_unref(pkcaller);
+ remoteDispatchFailAuth(client, req);
+ return -2;
+ }
+ polkit_action_set_action_id(pkaction, action);
+
+ if (!(pkcontext = polkit_context_new()) ||
+ !polkit_context_init(pkcontext, &pkerr)) {
+ qemudLog(QEMUD_ERR, _("Failed to create polkit context %s\n"),
+ (pkerr ? polkit_error_get_error_message(pkerr)
+ : strerror(errno)));
+ if (pkerr)
+ polkit_error_free(pkerr);
+ polkit_caller_unref(pkcaller);
+ polkit_action_unref(pkaction);
+ dbus_error_free(&err);
+ remoteDispatchFailAuth(client, req);
+ return -2;
+ }
#if HAVE_POLKIT_CONTEXT_IS_CALLER_AUTHORIZED
- pkresult = polkit_context_is_caller_authorized(pkcontext,
- pkaction,
- pkcaller,
- 0,
- &pkerr);
- if (pkerr && polkit_error_is_set(pkerr)) {
- qemudLog(QEMUD_ERR,
- _("Policy kit failed to check authorization %d %s"),
- polkit_error_get_error_code(pkerr),
- polkit_error_get_error_message(pkerr));
- remoteDispatchFailAuth(client, req);
- return -2;
- }
+ pkresult = polkit_context_is_caller_authorized(pkcontext,
+ pkaction,
+ pkcaller,
+ 0,
+ &pkerr);
+ if (pkerr && polkit_error_is_set(pkerr)) {
+ qemudLog(QEMUD_ERR,
+ _("Policy kit failed to check authorization %d %s"),
+ polkit_error_get_error_code(pkerr),
+ polkit_error_get_error_message(pkerr));
+ remoteDispatchFailAuth(client, req);
+ return -2;
+ }
#else
- pkresult = polkit_context_can_caller_do_action(pkcontext,
- pkaction,
- pkcaller);
+ pkresult = polkit_context_can_caller_do_action(pkcontext,
+ pkaction,
+ pkcaller);
#endif
- polkit_context_unref(pkcontext);
- polkit_caller_unref(pkcaller);
- polkit_action_unref(pkaction);
- if (pkresult != POLKIT_RESULT_YES) {
- qemudLog(QEMUD_ERR,
- _("Policy kit denied action %s from pid %d, uid %d,"
- " result: %s\n"),
- action, callerPid, callerUid,
- polkit_result_to_string_representation(pkresult));
- remoteDispatchFailAuth(client, req);
- return -2;
- }
- qemudLog(QEMUD_INFO,
- _("Policy allowed action %s from pid %d, uid %d, result %s"),
+ polkit_context_unref(pkcontext);
+ polkit_caller_unref(pkcaller);
+ polkit_action_unref(pkaction);
+ if (pkresult != POLKIT_RESULT_YES) {
+ qemudLog(QEMUD_ERR,
+ _("Policy kit denied action %s from pid %d, uid %d,"
+ " result: %s\n"),
action, callerPid, callerUid,
polkit_result_to_string_representation(pkresult));
- ret->complete = 1;
- client->auth = REMOTE_AUTH_NONE;
+ remoteDispatchFailAuth(client, req);
+ return -2;
}
+ qemudLog(QEMUD_INFO,
+ _("Policy allowed action %s from pid %d, uid %d, result %s"),
+ action, callerPid, callerUid,
+ polkit_result_to_string_representation(pkresult));
+ ret->complete = 1;
+ client->auth = REMOTE_AUTH_NONE;
return 0;
}
Index: src/libvirt.c
===================================================================
RCS file: /data/cvs/libvirt/src/libvirt.c,v
retrieving revision 1.132
diff -u -p -r1.132 libvirt.c
--- src/libvirt.c 21 Mar 2008 15:03:37 -0000 1.132
+++ src/libvirt.c 3 Apr 2008 20:04:54 -0000
@@ -116,17 +116,23 @@ static int virConnectAuthCallbackDefault
size_t len;
switch (cred[i].type) {
-#if defined(POLKIT_AUTH)
case VIR_CRED_EXTERNAL: {
if (STRNEQ(cred[i].challenge, "PolicyKit"))
return -1;
+#if defined(POLKIT_AUTH)
if (virConnectAuthGainPolkit(cred[i].prompt) < 0)
return -1;
-
+#else
+ /*
+ * Ignore & carry on. Although we can't auth
+ * directly, the user may have authenticated
+ * themselves already outside context of libvirt
+ */
+#endif
break;
}
-#endif
+
case VIR_CRED_USERNAME:
case VIR_CRED_AUTHNAME:
case VIR_CRED_ECHOPROMPT:
@@ -186,9 +192,7 @@ static int virConnectCredTypeDefault[] =
VIR_CRED_REALM,
VIR_CRED_PASSPHRASE,
VIR_CRED_NOECHOPROMPT,
-#if defined(POLKIT_AUTH)
VIR_CRED_EXTERNAL,
-#endif
};
static virConnectAuth virConnectAuthDefault = {
--
|: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
16 years, 8 months