[libvirt] problems with remote authentication with policykit

Daniel P. Berrange berrange at redhat.com
Thu Jun 18 14:05:01 UTC 2009 

On Wed, Jun 17, 2009 at 07:27:22PM -0400, Jim Paris wrote:
> I wrote:
> > > Ok, this bit definitely sounds like a server side bug, unless
> > > perhaps there is some buffering taking place in ssh or nc
> > > causing the errore reply packet to not be send back promptly
> > 
> > I'll try to get some better traces of what's going on here.
> 
> The error is getting back to the client.  On the client,
> remoteAuthenticate does fail and return -1.  The client then
> ends up blocked in the waitpid at remote_internal.c:877:
> 
> 865  failed:
> 866     /* Close the socket if we failed. */
> 867     if (priv->sock >= 0) {
> 868         if (priv->uses_tls && priv->session) {
> 869             gnutls_bye (priv->session, GNUTLS_SHUT_RDWR);
> 870             gnutls_deinit (priv->session);
> 871         }
> 872         close (priv->sock);
> 873 #ifndef WIN32
> 874         if (priv->pid > 0) {
> 875             pid_t reap;
> 876             do {
> 877                 reap = waitpid(priv->pid, NULL, 0);
> 878                 if (reap == -1 && errno == EINTR)
> 879                     continue;
> 880             } while (reap != -1 && reap != priv->pid);
> 881         }
> 882 #endif
> 883     }
> 
> Nothing gets printed up until this point, which is why there's no
> output.
> 
> I guess the client is waiting for SSH to die, which isn't happening
> for some reason.  That must be a bug on the server side, although 
> the client should also probably be more robust in this case..

We close the socket to the 'nc' process here so in theory it should
be getting a HUP event from poll or EOF from read, etc and then
exiting. Ominously though I see several patches to Fedora's 'nc'
RPM at least one of which is related to nc hanging forever after 
getting HUP fback from poll(). What distro are you using ? 

  http://cvs.fedoraproject.org/viewvc/rpms/nc/F-11/

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the libvir-list mailing list