[libvirt] [PATCH 0/3] Add capability for text based polkit authentication for virsh

John Ferlan jferlan at redhat.com
Thu Feb 11 17:53:36 UTC 2016 


On 02/11/2016 12:45 PM, Daniel P. Berrange wrote:
> On Thu, Feb 11, 2016 at 12:22:12PM -0500, John Ferlan wrote:
>>
>>
>> On 02/11/2016 05:11 AM, Daniel P. Berrange wrote:
>>> On Wed, Feb 10, 2016 at 02:46:33PM -0500, John Ferlan wrote:
>>>> https://bugzilla.redhat.com/show_bug.cgi?id=872166
>>>>
>>>> As an alternative to commit id 'e94979e90' which allows polkit
>>>> authentication by adding users to the 'libvirt' group, add the
>>>> ability to start and utilize a text based authentication agent
>>>> for virsh.
>>>>
>>>> At the very least patch 1 will suffice part of the issue listed
>>>> in the bz - the opaque error message related to "some agent".
>>>>
>>>> For patch 2, it was far easier to utilize what polkit provides
>>>> in pkttyagent and pkcheck utilities, than adding some code which
>>>> requires POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE being
>>>> #defined for compilation.
>>>
>>> Sigh, that define is a bit of a bad joke really. polkit was first
>>> added in Fedora 12, and comparing the header files between then
>>> and now, they've never broken their ABI. They're merely added new
>>> APIs.  IMHO, we can just define that, and use the API from libvirt
>>> without trouble.
>>>
>>
>> I had code generated that tried to use those API's, but couldn't find
>> the correct magic incantation to convince the build to find the
>> polkitagent/polkitagent.h file.
>>
>> #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
>> #include <polkitagent/polkitagent.h>
>>
>> ...
>> util/virpolkit.c:30:37: fatal error: polkitagent/polkitagent.h: No such
>> file or directory
>> ...
>>
>>
>> /usr/include/polkit-1/polkitagent/polkitagent.h
>>
>>
>> That is, how do I ensure that somehow automagically add that
>> -I/usr/include/polkit-1 ?
>>
>>
>> I did try to "follow" examples of adding POLKIT_AGENT_CFLAGS and
>> POLKIT_AGENT_LIBS to configure.ac and src/Makefile.am, but still no luck.
> 
> If you show your complete patch for this, I can take  a look  and
> see what's missing
> 

There's really not much to show...

I took src/util/polkit.c and added:

#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
#include <polkitagent/polkitagent.h>


For configure.ac, I tried adding :

POLKIT_AGENT_CFLAGS=
POLKIT_AGENT_LIBS=

Under the existing

POLKIT_CFLAGS=
POLKIT_LIBS=

and

AC_SUBST([POLKIT_AGENT_CFLAGS])
AC_SUBST([POLKIT_AGENT_LIBS])

after

 AC_SUBST([POLKIT_CFLAGS])
 AC_SUBST([POLKIT_LIBS])


Then in src/Makefile.am

I added $(POLKIT_AGENT_CFLAGS) after $(POLKIT_CFLAGS) and
$(POLKIT_AGENT_LIBS) after $(POLKIT_LIBS)


I usually try to avoid the configure.ac and Makefile.am - it's all black
magic to me.  Happy when it works...

John

More information about the libvir-list mailing list