Re: [PATCH v3 1/3] polkit: Adjust message when authentication agent isn't found

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Feb 12, 2016 at 12:12:31PM -0500, John Ferlan wrote:
> When there isn't a ssh -X type session running and a user has not
> been added to the libvirt group, attempts to run 'virsh -c qemu:///system'
> commands from an otherwise unprivileged user will fail with rather
> generic or opaque error message:
> 
>     "error: authentication failed: no agent is available to authenticate"
> 
> This patch will adjust the error code and message to help reflect the
> situation that the problem is the requested mechanism is UNAVAILABLE and
> a slightly more descriptive error. The result on a failure then becomes:
> 
>     "error: authentication unavailable: no polkit agent available to
>             authenticate action 'org.libvirt.unix.manage'"
> 
> A bit more history on this - at one time a failure generated the
> following type message when running the 'pkcheck' as a subprocess:
> 
> "error: authentication failed: polkit\56retains_authorization_after_challenge=1
> Authorization requires authentication but no agent is available."
> 
> but, a patch was generated to adjust the error message to help provide
> more details about what failed. This was pushed as commit id '96a108c99'.
> That patch prepended a "polkit: " to the output. It really didn't solve
> the problem, but gave a hint.
> 
> After some time it was deemed using DBus API calls directly was a
> better way to go (since pkcheck calls them anyway). So, commit id
> '1b854c76' (more or less) copied the code from remoteDispatchAuthPolkit
> and adjusted it. Then commit id 'c7542573' adjusted the remote.c
> code to call the new API (virPolkitCheckAuth). Finally, commit id
> '308c0c5a' altered the code to call DBus APIs directly. In doing
> so, it reverted the failing error message to the generic message
> that would have been received from DBus anyway.
> 
> Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
> ---
>  include/libvirt/virterror.h | 3 ++-
>  src/util/virerror.c         | 8 +++++++-
>  src/util/virpolkit.c        | 8 +++++---
>  tests/virpolkittest.c       | 7 ++++---
>  4 files changed, 18 insertions(+), 8 deletions(-)

ACK

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]