Re: [Libvir] PATCH: 4/10: PolicyKit authentication support

This patch adds support for an PolicyKit authentication mechanism. This was previously described here: http://www.redhat.com/archives/libvir-list/2007-September/msg00168.html If PolicyKit is compiled in, then the UNIX domain sockets have their default settings changed to make sure of PolicyKit. Thus, when PolicyKit is enabled, both the RO & RW sockets are mode 0777. PolicyKit is then called upon client connect to decide whether to allow the client to gain access. The policyfile is shipped in /usr/share/PolicyKit/policy and has default settings to mimic current non-PolicyKit access. If making a read-only connection, any application will be granted access by default. If making a read-write connection, applications will need to authenticate against policykit by providing the user's own password. This is akin to 'sudo' style auth. The credentials persist until the user logs out. The file in /etc/PolicyKit/PolicyKit.conf can be used by the local sysadmin to override the default policy on a per-host basis. eg, they could restrict access to the read-only connections, or open up the read-write connections to more apps. See 'man PolicyKit.conf' for more info. The configure script will check for PolicyKit using pkg-config and only enable it if actually present. So any OS without PolicyKit will not be impacted by this patch. b/qemud/libvirtd.policy | 42 +++++++++++ configure.in | 25 ++++++ libvirt.spec.in | 3 qemud/Makefile.am | 11 ++ qemud/internal.h | 7 + qemud/libvirtd.conf | 18 +++- qemud/qemud.c | 37 +++++++++ qemud/remote.c | 135 +++++++++++++++++++++++++++++++++++- qemud/remote_dispatch_localvars.h | 1 qemud/remote_dispatch_proc_switch.h | 6 + qemud/remote_dispatch_prototypes.h | 1 qemud/remote_protocol.c | 9 ++ qemud/remote_protocol.h | 9 ++ qemud/remote_protocol.x | 10 ++ src/remote_internal.c | 35 +++++++++ 15 files changed, 340 insertions(+), 9 deletions(-)