ping On 04/14/2016 03:41 PM, Cole Robinson wrote: > If you compile a client --without-polkit, and connect to a URI that needs > polkit auth, the connection will fail with: > > $ ./tools/virsh --connect qemu+ssh://crobinso@machine/system > error: failed to connect to the hypervisor > error: authentication failed: unsupported authentication type 2 > > This is because the client side portion of the polkit handling is > compiled out. However, nothing polkit specific is actually required > of the client. > > Fix that error by unconditionally compiling the basic polkit client > handling. > > https://bugzilla.redhat.com/show_bug.cgi?id=635529 > --- > Granted, if polkit needs to do any interaction at all, and you are > connecting to a remote machine, then things are going to fail anyways > with a 'missing agent' error. But if you're user is in the 'libvirt' > group polkit doesn't need to auth it should all work. > > > src/remote/remote_driver.c | 69 +++++++++++++++++++++------------------------- > 1 file changed, 31 insertions(+), 38 deletions(-) > > diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c > index da94411..6bed2c5 100644 > --- a/src/remote/remote_driver.c > +++ b/src/remote/remote_driver.c > @@ -132,11 +132,9 @@ static int remoteAuthenticate(virConnectPtr conn, struct private_data *priv, > #if WITH_SASL > static int remoteAuthSASL(virConnectPtr conn, struct private_data *priv, > virConnectAuthPtr auth, const char *mech); > -#endif > -#if WITH_POLKIT > +#endif /* WITH_SASL */ > static int remoteAuthPolkit(virConnectPtr conn, struct private_data *priv, > virConnectAuthPtr auth); > -#endif /* WITH_POLKIT */ > > static virDomainPtr get_nonnull_domain(virConnectPtr conn, remote_nonnull_domain domain); > static virNetworkPtr get_nonnull_network(virConnectPtr conn, remote_nonnull_network network); > @@ -3326,14 +3324,12 @@ remoteAuthenticate(virConnectPtr conn, struct private_data *priv, > } > #endif > > -#if WITH_POLKIT > case REMOTE_AUTH_POLKIT: > if (remoteAuthPolkit(conn, priv, auth) < 0) { > VIR_FREE(ret.types.types_val); > return -1; > } > break; > -#endif > > case REMOTE_AUTH_NONE: > /* Nothing todo, hurrah ! */ > @@ -3904,30 +3900,10 @@ remoteAuthSASL(virConnectPtr conn, struct private_data *priv, > #endif /* WITH_SASL */ > > > -#if WITH_POLKIT > -# if WITH_POLKIT1 > -static int > -remoteAuthPolkit(virConnectPtr conn, struct private_data *priv, > - virConnectAuthPtr auth ATTRIBUTE_UNUSED) > -{ > - remote_auth_polkit_ret ret; > - VIR_DEBUG("Client initialize PolicyKit-1 authentication"); > - > - memset(&ret, 0, sizeof(ret)); > - if (call(conn, priv, 0, REMOTE_PROC_AUTH_POLKIT, > - (xdrproc_t) xdr_void, (char *)NULL, > - (xdrproc_t) xdr_remote_auth_polkit_ret, (char *) &ret) != 0) { > - return -1; /* virError already set by call */ > - } > - > - VIR_DEBUG("PolicyKit-1 authentication complete"); > - return 0; > -} > -# elif WITH_POLKIT0 > -/* Perform the PolicyKit authentication process > - */ > +#if WITH_POLKIT0 > +/* Perform the PolicyKit0 authentication process */ > static int > -remoteAuthPolkit(virConnectPtr conn, struct private_data *priv, > +remoteAuthPolkit0(virConnectPtr conn, struct private_data *priv, > virConnectAuthPtr auth) > { > remote_auth_polkit_ret ret; > @@ -3943,14 +3919,8 @@ remoteAuthPolkit(virConnectPtr conn, struct private_data *priv, > }; > VIR_DEBUG("Client initialize PolicyKit-0 authentication"); > > - /* Check auth first and if it succeeds we are done. */ > - memset(&ret, 0, sizeof(ret)); > - if (call(conn, priv, 0, REMOTE_PROC_AUTH_POLKIT, > - (xdrproc_t) xdr_void, (char *)NULL, > - (xdrproc_t) xdr_remote_auth_polkit_ret, (char *) &ret) == 0) > - goto out; > - > - /* Auth failed. Ask client to obtain it and check again. */ > + /* We only make it here if auth already failed > + * Ask client to obtain it and check again. */ > if (auth && auth->cb) { > /* Check if the necessary credential type for PolicyKit is supported */ > for (i = 0; i < auth->ncredtype; i++) { > @@ -3986,8 +3956,31 @@ remoteAuthPolkit(virConnectPtr conn, struct private_data *priv, > VIR_DEBUG("PolicyKit-0 authentication complete"); > return 0; > } > -# endif /* WITH_POLKIT0 */ > -#endif /* WITH_POLKIT */ > +#endif /* WITH_POLKIT0 */ > + > +static int > +remoteAuthPolkit(virConnectPtr conn, struct private_data *priv, > + virConnectAuthPtr auth ATTRIBUTE_UNUSED) > +{ > + remote_auth_polkit_ret ret; > + VIR_DEBUG("Client initialize PolicyKit authentication"); > + > + memset(&ret, 0, sizeof(ret)); > + if (call(conn, priv, 0, REMOTE_PROC_AUTH_POLKIT, > + (xdrproc_t) xdr_void, (char *)NULL, > + (xdrproc_t) xdr_remote_auth_polkit_ret, (char *) &ret) != 0) { > + return -1; /* virError already set by call */ > + } > + > +#if WITH_POLKIT0 > + if (remoteAuthPolkit0(conn, priv, auth) < 0) > + return -1; > +#endif /* WITH_POLKIT0 */ > + > + VIR_DEBUG("PolicyKit authentication complete"); > + return 0; > +} > + > /*----------------------------------------------------------------------*/ > > static int > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list