git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Jim Fehlig <jfehlig@suse.com>
	Tue, 3 Jan 2012 18:35:06 +0000 (11:35 -0700)
committer	Jim Fehlig <jfehlig@suse.com>
	Mon, 9 Jan 2012 18:23:13 +0000 (11:23 -0700)
commit	9ae4ac7ac07d872cd32d0a3a1b1b44730b04bda7
tree	8ee42fedf587a53633f0d91727fbe36d7fda8800	tree
parent	177db087757e4adb02c211de56336a5991c8eb20	commit \| diff

PolicyKit: Check auth before asking client to obtain it

I previously mentioned [1] a PolicyKit issue where libvirt would
proceed with authentication even though polkit-auth failed:

testusr xen134:~> virsh list --all
Attempting to obtain authorization for org.libvirt.unix.manage.
polkit-grant-helper: given auth type (8 -> yes) is bogus
Failed to obtain authorization for org.libvirt.unix.manage.
Id Name                 State
----------------------------------
  0 Domain-0             running
  - sles11sp1-pv         shut off

AFAICT, libvirt attempts to obtain a privilege it already has,
causing polkit-auth to fail with above message.  Instead of calling
obtain and then checking auth, IMO the workflow should be for the
server to check auth first, and if that fails ask the client to
obtain it and check again.  This workflow also allows for checking
only successful exit of polkit-auth in virConnectAuthGainPolkit().

[1] https://www.redhat.com/archives/libvir-list/2011-December/msg00837.html

src/libvirt.c		diff \| blob \| blame \| history
src/remote/remote_driver.c		diff \| blob \| blame \| history