On Fri, Feb 12, 2016 at 12:12:31PM -0500, John Ferlan wrote: > When there isn't a ssh -X type session running and a user has not > been added to the libvirt group, attempts to run 'virsh -c qemu:///system' > commands from an otherwise unprivileged user will fail with rather > generic or opaque error message: > > "error: authentication failed: no agent is available to authenticate" > > This patch will adjust the error code and message to help reflect the > situation that the problem is the requested mechanism is UNAVAILABLE and > a slightly more descriptive error. The result on a failure then becomes: > > "error: authentication unavailable: no polkit agent available to > authenticate action 'org.libvirt.unix.manage'" > > A bit more history on this - at one time a failure generated the > following type message when running the 'pkcheck' as a subprocess: > > "error: authentication failed: polkit\56retains_authorization_after_challenge=1 > Authorization requires authentication but no agent is available." > > but, a patch was generated to adjust the error message to help provide > more details about what failed. This was pushed as commit id '96a108c99'. > That patch prepended a "polkit: " to the output. It really didn't solve > the problem, but gave a hint. > > After some time it was deemed using DBus API calls directly was a > better way to go (since pkcheck calls them anyway). So, commit id > '1b854c76' (more or less) copied the code from remoteDispatchAuthPolkit > and adjusted it. Then commit id 'c7542573' adjusted the remote.c > code to call the new API (virPolkitCheckAuth). Finally, commit id > '308c0c5a' altered the code to call DBus APIs directly. In doing > so, it reverted the failing error message to the generic message > that would have been received from DBus anyway. > > Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx> > --- > include/libvirt/virterror.h | 3 ++- > src/util/virerror.c | 8 +++++++- > src/util/virpolkit.c | 8 +++++--- > tests/virpolkittest.c | 7 ++++--- > 4 files changed, 18 insertions(+), 8 deletions(-) ACK Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list