[libvirt] problems with remote authentication with policykit
Daniel P. Berrange
berrange at redhat.com
Thu Jun 18 13:57:50 UTC 2009
On Wed, Jun 17, 2009 at 06:36:16PM -0400, Jim Paris wrote:
> Daniel P. Berrange wrote:
> > On Wed, Jun 17, 2009 at 05:51:27PM -0400, Jim Paris wrote:
> > > Daniel P. Berrange wrote:
> > > 17:34:59.360: debug : call:6947 : Doing call 70 (nil)
> > > 17:34:59.360: debug : call:7017 : We have the buck 70 0xbccef0 0xbccef0
> > > 17:34:59.433: debug : processCallRecvLen:6605 : Got length, now need 128 total (124 more)
> > > 17:34:59.434: debug : processCalls:6873 : Giving up the buck 70 0xbccef0 (nil)
> > > 17:34:59.434: debug : call:7048 : All done with our call 70 (nil) 0xbccef0
> > > 17:34:59.434: error : server_error:7231 : authentication failed
> > > 17:35:13.585: debug : do_open:999 : driver 4 remote returned ERROR
> > > 17:35:13.585: debug : virUnrefConnect:232 : unref connection 0xbc6a60 1
> > > 17:35:13.585: debug : virReleaseConnect:191 : release connection 0xbc6a60
> > >
> > > If I kill the libvirtd process on the server, the client then finally prints:
> > >
> > > error: authentication failed
> > > error: failed to connect to the hypervisor
> > >
> > > and the client then exits.
> >
> > Ok, this bit definitely sounds like a server side bug, unless
> > perhaps there is some buffering taking place in ssh or nc
> > causing the errore reply packet to not be send back promptly
>
> I'll try to get some better traces of what's going on here.
>
>
> > > The hang aside, it seems libvirtd should be using
> > > org.libvirt.unix.monitor for the readonly connection?
> >
> > In this case the problem is that the remote client end is using
> > netcat on the wrong UNIX socket.
>
> Thanks, that's it. With the attached patch on the client side,
> virsh --readonly and virt-viewer work fine over qemu+ssh://.
>
> -jim
>
> --- libvirt-0.6.4-orig/src/remote_internal.c 2009-05-29 10:55:26.000000000 -0400
> +++ libvirt-0.6.4/src/remote_internal.c 2009-06-17 18:21:34.000000000 -0400
> @@ -700,7 +700,10 @@
> cmd_argv[j++] = strdup (priv->hostname);
> cmd_argv[j++] = strdup (netcat ? netcat : "nc");
> cmd_argv[j++] = strdup ("-U");
> - cmd_argv[j++] = strdup (sockname ? sockname : LIBVIRTD_PRIV_UNIX_SOCKET);
> + cmd_argv[j++] = strdup (sockname ? sockname :
> + (flags & VIR_CONNECT_RO
> + ? LIBVIRTD_PRIV_UNIX_SOCKET_RO
> + : LIBVIRTD_PRIV_UNIX_SOCKET));
> cmd_argv[j++] = 0;
> assert (j == nr_args);
> for (j = 0; j < (nr_args-1); j++)
Ok, I've committed this change
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list