On Thu, Jul 07, 2011 at 03:18:45PM -0600, Jim Fehlig wrote:
> Here's a hacked attempt at fixing the build on older distros using
> polkit0. It works and user is authorized or denied depending on
> settings in PolicyKit.conf.
Sorry for breaking this. It completely slipped my mind to
test this codepath
> I'm not too happy with it but haven't yet digested all the changes in
> rpc and daemon code. In the meantime, hopefully someone can suggest
> improvements.
> diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
> index 5e1719b..6e9eb2c 100644
> --- a/src/rpc/virnetserver.c
> +++ b/src/rpc/virnetserver.c
> @@ -39,6 +39,9 @@
> #if HAVE_AVAHI
> # include "virnetservermdns.h"
> #endif
> +#if HAVE_POLKIT0
> +# include <dbus/dbus.h>
> +#endif
>
> #define VIR_FROM_THIS VIR_FROM_RPC
> #define virNetError(code, ...) \
> @@ -84,6 +87,10 @@ struct _virNetServer {
> virNetServerMDNSGroupPtr mdnsGroup;
> #endif
>
> +#if HAVE_POLKIT0
> + DBusConnection *sysbus;
> +#endif
> +
> size_t nservices;
> virNetServerServicePtr *services;
>
> @@ -270,6 +277,7 @@ virNetServerPtr virNetServerNew(size_t min_workers,
> size_t max_workers,
> size_t max_clients,
> const char *mdnsGroupName,
> + bool usePolkit,
> virNetServerClientInitHook clientInitHook)
> {
> virNetServerPtr srv;
> @@ -306,6 +314,25 @@ virNetServerPtr virNetServerNew(size_t min_workers,
> }
> #endif
>
> +#if HAVE_POLKIT0
> + if (usePolkit) {
> + DBusError derr;
> +
> + dbus_connection_set_change_sigpipe(FALSE);
> + dbus_threads_init_default();
> +
> + dbus_error_init(&derr);
> + srv->sysbus = dbus_bus_get(DBUS_BUS_SYSTEM, &derr);
> + if (!(srv->sysbus)) {
> + VIR_ERROR(_("Failed to connect to system bus for PolicyKit auth: %s"),
> + derr.message);
> + dbus_error_free(&derr);
> + goto error;
> + }
> + dbus_connection_set_exit_on_disconnect(srv->sysbus, FALSE);
> + }
> +#endif
> +
> if (virMutexInit(&srv->lock) < 0) {
> virNetError(VIR_ERR_INTERNAL_ERROR, "%s",
> _("cannot initialize mutex"));
> @@ -363,6 +390,14 @@ bool virNetServerIsPrivileged(virNetServerPtr srv)
> }
>
>
> +#if HAVE_POLKIT0
> +DBusConnection* virNetServerGetDBusConn(virNetServerPtr srv)
> +{
> + return srv->sysbus;
> +}
> +#endif
> +
> +
> void virNetServerAutoShutdown(virNetServerPtr srv,
> unsigned int timeout,
> virNetServerAutoShutdownFunc func,
> @@ -747,6 +782,11 @@ void virNetServerFree(virNetServerPtr srv)
>
> VIR_FREE(srv->mdnsGroupName);
>
> +#if HAVE_POLKIT0
> + if (srv->sysbus)
> + dbus_connection_unref(srv->sysbus);
> +#endif
> +
> virNetServerUnlock(srv);
> virMutexDestroy(&srv->lock);
> VIR_FREE(srv);
> diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h
> index 6e7a21b..d96280e 100644
> --- a/src/rpc/virnetserver.h
> +++ b/src/rpc/virnetserver.h
> @@ -25,6 +25,9 @@
> # define __VIR_NET_SERVER_H__
>
> # include <signal.h>
> +# if HAVE_POLKIT0
> +# include <dbus/dbus.h>
> +# endif
>
> # include "virnettlscontext.h"
> # include "virnetserverprogram.h"
> @@ -38,6 +41,7 @@ virNetServerPtr virNetServerNew(size_t min_workers,
> size_t max_workers,
> size_t max_clients,
> const char *mdnsGroupName,
> + bool usePolkit,
> virNetServerClientInitHook clientInitHook);
>
> typedef int (*virNetServerAutoShutdownFunc)(virNetServerPtr srv, void *opaque);
> @@ -46,6 +50,10 @@ void virNetServerRef(virNetServerPtr srv);
>
> bool virNetServerIsPrivileged(virNetServerPtr srv);
>
> +# if HAVE_POLKIT0
> +DBusConnection* virNetServerGetDBusConn(virNetServerPtr srv);
> +# endif
> +
I'd like the virNetServer stuff to not have any mention of policy
kit in it. So rather than saying 'bool usePolkit', have a
'bool connectDBus', and just remove those HAVE_POLKIT0 conditionals
so that the DBus API is always available in virNetServer. The changes
you made under daemon/ are all fine
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list