From nobody Wed May 15 21:02:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1541812153586956.8104438896733; Fri, 9 Nov 2018 17:09:13 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4DDED58E44; Sat, 10 Nov 2018 01:09:11 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0D47260C64; Sat, 10 Nov 2018 01:09:11 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id AE84518005CB; Sat, 10 Nov 2018 01:09:10 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wAA0dgTs012910 for ; Fri, 9 Nov 2018 19:39:42 -0500 Received: by smtp.corp.redhat.com (Postfix) id 9505D5D96E; Sat, 10 Nov 2018 00:39:42 +0000 (UTC) Received: from unknown4CEB42C824F4.redhat.com (ovpn-116-107.phx2.redhat.com [10.3.116.107]) by smtp.corp.redhat.com (Postfix) with ESMTP id 57C365D968 for ; Sat, 10 Nov 2018 00:39:42 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Fri, 9 Nov 2018 19:39:36 -0500 Message-Id: <20181110003937.6960-2-jferlan@redhat.com> In-Reply-To: <20181110003937.6960-1-jferlan@redhat.com> References: <20181110003937.6960-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 1/2] util: Fix VIR_ERR_ACCESS_DENIED formatting X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Sat, 10 Nov 2018 01:09:12 +0000 (UTC) Content-Type: text/plain; charset="utf-8" In commit ccc72d5cb I thought I had the brilliant idea that I could alter an error message in virErrorMsg to take two arguments "drivername" and NULL. Then passing the failed drivername for VIR_ERR_ACCESS_DENIED users would magically allow any "real" error message to be included. Of course it worked for the majority of errors, except for 1 teeny, tiny, problem - there was a caller using VIR_ERR_ACCESS_DENIED that actually passed "real" error message - virAccessDriverPolkitGetCaller, but didn't pass a driver name. So when this code went to call virErrorMsg it resulted in garbage being printed in that second argument because that's not how things are written. So in order to avoid that issue, reset the error back to the usual if info =3D=3D NULL, the print just some text; otherwise, print a formatted output. For a majority of error messages this will print the driver name after "access deined from:". For the one case in question, the correct error message will be displayed and no garbage chars. Signed-off-by: John Ferlan --- src/util/virerror.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util/virerror.c b/src/util/virerror.c index 10f1b55c5f..df239bf371 100644 --- a/src/util/virerror.c +++ b/src/util/virerror.c @@ -1442,9 +1442,9 @@ virErrorMsg(virErrorNumber error, const char *info) break; case VIR_ERR_ACCESS_DENIED: if (info =3D=3D NULL) - errmsg =3D _("access denied from '%s'"); + errmsg =3D _("access denied"); else - errmsg =3D _("access denied from '%s': %s"); + errmsg =3D _("access denied from: %s"); break; case VIR_ERR_DBUS_SERVICE: if (info =3D=3D NULL) --=20 2.17.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 15 21:02:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1541811950853232.37606898698004; Fri, 9 Nov 2018 17:05:50 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CEC99307D840; Sat, 10 Nov 2018 01:05:46 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B2E2C608C2; Sat, 10 Nov 2018 01:05:44 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D9E8E4BB79; Sat, 10 Nov 2018 01:05:40 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wAA0dhtM012915 for ; Fri, 9 Nov 2018 19:39:43 -0500 Received: by smtp.corp.redhat.com (Postfix) id 077555D96E; Sat, 10 Nov 2018 00:39:43 +0000 (UTC) Received: from unknown4CEB42C824F4.redhat.com (ovpn-116-107.phx2.redhat.com [10.3.116.107]) by smtp.corp.redhat.com (Postfix) with ESMTP id BA5615D968 for ; Sat, 10 Nov 2018 00:39:42 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Fri, 9 Nov 2018 19:39:37 -0500 Message-Id: <20181110003937.6960-3-jferlan@redhat.com> In-Reply-To: <20181110003937.6960-1-jferlan@redhat.com> References: <20181110003937.6960-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 2/2] qemu: Set identity for the reconnect all thread X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Sat, 10 Nov 2018 01:05:48 +0000 (UTC) Content-Type: text/plain; charset="utf-8" https://bugzilla.redhat.com/show_bug.cgi?id=3D1631622 If polkit authentication is enabled, an attempt to open the connection failed during virAccessDriverPolkitGetCaller when the call to virIdentityGetCurrent returned NULL resulting in the errors: virAccessDriverPolkitGetCaller:87 : access denied from: Policy kit denied action org.libvirt.api.connect.getattr from virAccessManagerSanitizeError:204 : access denied from: nwfilter Because qemuProcessReconnect runs in a thread during daemonRunStateInit processing it doesn't have the thread local identity. Thus when the virGetConnectNWFilter is called as part of the qemuProcessFiltersInstantiate when virDomainConfNWFilterInstantiate is run the attempt to get the idenity fails and results in the anonymous error above. To fix this, let's grab/use the virIdenityPtr of the process that will be creating the thread, e.g. what daemonRunStateInit has set and use that for our thread. That way any other similar processing that uses/requires an identity for any other call that would have previously been successfully run won't fail in a similar manner. Signed-off-by: John Ferlan --- src/qemu/qemu_process.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 06a65b44e4..93f6a2279a 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -81,6 +81,7 @@ #include "netdev_bandwidth_conf.h" #include "virresctrl.h" #include "virvsock.h" +#include "viridentity.h" =20 #define VIR_FROM_THIS VIR_FROM_QEMU =20 @@ -7716,6 +7717,7 @@ qemuProcessRefreshCPU(virQEMUDriverPtr driver, struct qemuProcessReconnectData { virQEMUDriverPtr driver; virDomainObjPtr obj; + virIdentityPtr identity; }; /* * Open an existing VM's monitor, re-detect VCPU threads @@ -7753,6 +7755,7 @@ qemuProcessReconnect(void *opaque) bool retry =3D true; bool tryMonReconn =3D false; =20 + virIdentitySetCurrent(data->identity); VIR_FREE(data); =20 qemuDomainObjRestoreJob(obj, &oldjob); @@ -7979,6 +7982,7 @@ qemuProcessReconnect(void *opaque) virObjectUnref(cfg); virObjectUnref(caps); virNWFilterUnlockFilterUpdates(); + virIdentitySetCurrent(NULL); return; =20 error: @@ -8022,6 +8026,7 @@ qemuProcessReconnectHelper(virDomainObjPtr obj, =20 memcpy(data, src, sizeof(*data)); data->obj =3D obj; + data->identity =3D virIdentityGetCurrent(); =20 virNWFilterReadLockFilterUpdates(); =20 --=20 2.17.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list