SSH URIs invoking askpass + sudo don't play well together

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



$ cat test.py
import os
import sys
import libvirt

def drop_tty():
    if os.fork() != 0:
        os._exit(0)
    os.setsid()

host = sys.argv[1]

# Need to drop controlling tty otherwise SSH won't call askpass
drop_tty()
libvirt.open("qemu+ssh://root@%s/system" % host)

$ python test.py localhost
<askpass pops up>

$ sudo python test.py localhost
libvir: RPC error : Cannot recv data: No protocol specified

(ssh-askpass:25684): Gtk-WARNING **: cannot open display: :0.0
: Connection reset by peered.
Traceback (most recent call last):
  File "test.py", line 14, in <module>
    libvirt.open("qemu+ssh://root@%s/system" % host)
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 236, in open
    if ret is None:raise libvirtError('virConnectOpen() failed')
libvirt.libvirtError: Cannot recv data: No protocol specified

(ssh-askpass:25684): Gtk-WARNING **: cannot open display: :0.0
: Connection reset by peered.


virt-manager does drop_tty by default so that users will get askpass if
applicable. however as shown above, doing sudo virt-manager prevents this from
working. The following libvirt patch makes everything work:

diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index d4c0bdd..ad1c02e 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -606,7 +606,8 @@ int virNetSocketNewConnectSSH(const char *nodename,
     virCommandAddEnvPass(cmd, "SSH_AUTH_SOCK");
     virCommandAddEnvPass(cmd, "SSH_ASKPASS");
     virCommandAddEnvPass(cmd, "DISPLAY");
-    virCommandClearCaps(cmd);
+    virCommandAddEnvPass(cmd, "XAUTHORITY");
+    //virCommandClearCaps(cmd);

     if (service)
         virCommandAddArgList(cmd, "-p", service, NULL);


However I assume that's too heavy handed. Anyone have thoughts?

FYI I don't think this is a regression or anything, since the original BZ was
against RHEL 6.1 which doesn't have the new RPC code:

https://bugzilla.redhat.com/show_bug.cgi?id=700523

Thanks,
Cole

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]