This patch against current virt-manager illustrates how the python API is used in a real world application to support Kerberos, Username/Password, and PolicyKit authentication Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
diff -r 562150b337ba src/virt-manager.py.in --- a/src/virt-manager.py.in Wed Nov 28 17:58:19 2007 -0500 +++ b/src/virt-manager.py.in Thu Nov 29 12:21:59 2007 -0500 @@ -172,12 +172,9 @@ def show_engine(engine, show, uri, uuid) if engine.config.get_connections() is None or len(engine.config.get_connections()) == 0: tryuri = None if os.path.exists("/var/lib/xend") and os.path.exists("/proc/xen"): - tryuri = "xen" + tryuri = "xen:///" elif os.path.exists("/usr/bin/qemu"): - if os.getuid() == 0: - tryuri = "qemu:///system" - else: - tryuri = "qemu:///session" + tryuri = "qemu:///system" if tryuri is not None: conn = engine.add_connection(tryuri) engine.show_manager() diff -r 562150b337ba src/virtManager/connect.py --- a/src/virtManager/connect.py Wed Nov 28 17:58:19 2007 -0500 +++ b/src/virtManager/connect.py Thu Nov 29 12:21:59 2007 -0500 @@ -28,8 +28,9 @@ HV_QEMU = 1 HV_QEMU = 1 CONN_LOCAL = 0 -CONN_TLS = 1 -CONN_SSH = 2 +CONN_TCP = 1 +CONN_TLS = 2 +CONN_SSH = 3 class vmmConnect(gobject.GObject): __gsignals__ = { @@ -95,23 +96,22 @@ class vmmConnect(gobject.GObject): pass elif hv == HV_XEN: if conn == CONN_LOCAL: - uri = "xen" - if os.getuid() != 0: - readOnly = True + uri = "xen:///" elif conn == CONN_TLS: uri = "xen+tls://" + host + "/" elif conn == CONN_SSH: uri = "xen+ssh://root@" + host + "/" + elif conn == CONN_TCP: + uri = "xen+tcp://" + host + "/" else: if conn == CONN_LOCAL: - if os.getuid() == 0: - uri = "qemu:///system" - else: - uri = "qemu:///session" + uri = "qemu:///system" elif conn == CONN_TLS: uri = "qemu+tls://" + host + "/system" elif conn == CONN_SSH: uri = "qemu+ssh://root@" + host + "/system" + elif conn == CONN_TCP: + uri = "qemu+tcp://" + host + "/system" logging.debug("Connection to open is %s" % uri) self.close() diff -r 562150b337ba src/virtManager/connection.py --- a/src/virtManager/connection.py Wed Nov 28 17:58:19 2007 -0500 +++ b/src/virtManager/connection.py Thu Nov 29 12:21:59 2007 -0500 @@ -294,22 +294,97 @@ class vmmConnection(gobject.GObject): self.connectThread.setDaemon(True) self.connectThread.start() + def _do_creds_polkit(self, action): + logging.debug("Doing policykit for %s" % action) + bus = dbus.SessionBus() + obj = bus.get_object("org.gnome.PolicyKit", "/org/gnome/PolicyKit/Manager") + pkit = dbus.Interface(obj, "org.gnome.PolicyKit.Manager") + pkit.ShowDialog(action, 0) + return 0 + + def _do_creds_dialog(self, creds): + try: + gtk.gdk.threads_enter() + return self._do_creds_dialog_main(creds) + finally: + gtk.gdk.threads_leave() + + def _do_creds_dialog_main(self, creds): + dialog = gtk.Dialog("Authentication required", None, 0, (gtk.STOCK_CANCEL, gtk.RESPONSE_CANCEL, gtk.STOCK_OK, gtk.RESPONSE_OK)) + label = [] + entry = [] + + box = gtk.Table(2, len(creds)) + + row = 0 + for cred in creds: + if cred[0] == libvirt.VIR_CRED_AUTHNAME or cred[0] == libvirt.VIR_CRED_PASSPHRASE: + label.append(gtk.Label(cred[1])) + else: + return -1 + + ent = gtk.Entry() + if cred[0] == libvirt.VIR_CRED_PASSPHRASE: + ent.set_visibility(False) + entry.append(ent) + + box.attach(label[row], 0, 1, row, row+1, 0, 0, 3, 3) + box.attach(entry[row], 1, 2, row, row+1, 0, 0, 3, 3) + row = row + 1 + + vbox = dialog.get_child() + vbox.add(box) + + dialog.show_all() + res = dialog.run() + dialog.hide() + + if res == gtk.RESPONSE_OK: + row = 0 + for cred in creds: + cred[4] = entry[row].get_text() + row = row + 1 + dialog.destroy() + return 0 + else: + dialog.destroy() + return -1 + + def _do_creds(self, creds, cbdata): + try: + if len(creds) == 1 and creds[0][0] == libvirt.VIR_CRED_EXTERNAL and creds[0][2] == "PolicyKit": + return self._do_creds_polkit(creds[0][1]) + + for cred in creds: + if creds[0] == libvirt.VIR_CRED_EXTERNAL: + return -1 + + return self._do_creds_dialog(creds) + except: + (type, value, stacktrace) = sys.exc_info () + # Detailed error message, in English so it can be Googled. + self.connectError = \ + ("Failed to get credentials '%s':\n" % + str(self.uri)) + \ + str(type) + " " + str(value) + "\n" + \ + traceback.format_exc (stacktrace) + logging.error(self.connectError) + return -1 def _open_thread(self): logging.debug("Background thread is running") try: - if self.readOnly is None: - try: - self.vmm = libvirt.open(self.uri) - self.readOnly = False - except: - self.vmm = libvirt.openReadOnly(self.uri) - self.readOnly = True - else: - if self.readOnly: - self.vmm = libvirt.openReadOnly(self.uri) - else: - self.vmm = libvirt.open(self.uri) + flags = 0 + if self.readOnly: + flags = libvirt.VIR_CONNECT_RO + + self.vmm = libvirt.openAuth(self.uri, + [[libvirt.VIR_CRED_AUTHNAME, + libvirt.VIR_CRED_PASSPHRASE, + libvirt.VIR_CRED_EXTERNAL], + self._do_creds, + None], flags) + self.state = self.STATE_ACTIVE except: self.state = self.STATE_DISCONNECTED diff -r 562150b337ba src/vmm-open-connection.glade --- a/src/vmm-open-connection.glade Wed Nov 28 17:58:19 2007 -0500 +++ b/src/vmm-open-connection.glade Thu Nov 29 12:21:59 2007 -0500 @@ -180,6 +180,7 @@ <widget class="GtkComboBox" id="connection"> <property name="visible">True</property> <property name="items" translatable="yes">Local +Remote Password or Kerberos Remote SSL/TLS with x509 certificate Remote tunnel over SSH</property> <property name="add_tearoffs">False</property>
-- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list