[libvirt] problems with remote authentication with policykit
Daniel P. Berrange
berrange at redhat.com
Thu Jun 18 14:05:01 UTC 2009
On Wed, Jun 17, 2009 at 07:27:22PM -0400, Jim Paris wrote:
> I wrote:
> > > Ok, this bit definitely sounds like a server side bug, unless
> > > perhaps there is some buffering taking place in ssh or nc
> > > causing the errore reply packet to not be send back promptly
> >
> > I'll try to get some better traces of what's going on here.
>
> The error is getting back to the client. On the client,
> remoteAuthenticate does fail and return -1. The client then
> ends up blocked in the waitpid at remote_internal.c:877:
>
> 865 failed:
> 866 /* Close the socket if we failed. */
> 867 if (priv->sock >= 0) {
> 868 if (priv->uses_tls && priv->session) {
> 869 gnutls_bye (priv->session, GNUTLS_SHUT_RDWR);
> 870 gnutls_deinit (priv->session);
> 871 }
> 872 close (priv->sock);
> 873 #ifndef WIN32
> 874 if (priv->pid > 0) {
> 875 pid_t reap;
> 876 do {
> 877 reap = waitpid(priv->pid, NULL, 0);
> 878 if (reap == -1 && errno == EINTR)
> 879 continue;
> 880 } while (reap != -1 && reap != priv->pid);
> 881 }
> 882 #endif
> 883 }
>
> Nothing gets printed up until this point, which is why there's no
> output.
>
> I guess the client is waiting for SSH to die, which isn't happening
> for some reason. That must be a bug on the server side, although
> the client should also probably be more robust in this case..
We close the socket to the 'nc' process here so in theory it should
be getting a HUP event from poll or EOF from read, etc and then
exiting. Ominously though I see several patches to Fedora's 'nc'
RPM at least one of which is related to nc hanging forever after
getting HUP fback from poll(). What distro are you using ?
http://cvs.fedoraproject.org/viewvc/rpms/nc/F-11/
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list