From 4bb8a672514ee100de0987012fb59286f3139959 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Oct 05 2009 19:09:10 +0000 Subject: Allow SASL auth (bz 484099) Use ACPI for windows on KVM (bz 479977) --- diff --git a/python-virtinst.spec b/python-virtinst.spec index b543409..c26a134 100644 --- a/python-virtinst.spec +++ b/python-virtinst.spec @@ -17,7 +17,7 @@ Summary: Python modules and utilities for installing virtual machines Name: python-%{appname} Version: 0.400.3 -Release: 10%{_extra_release} +Release: 11%{_extra_release} Source0: http://virt-manager.org/download/sources/%{appname}/%{appname}-%{version}.tar.gz Patch1: %{appname}-%{version}-fix-virtimage-scratch.patch Patch2: %{appname}-%{version}-hostdev-libvirt-calls.patch @@ -43,6 +43,10 @@ Patch12: %{appname}-%{version}-virtio-dev-limit.patch Patch13: %{appname}-%{version}-preview-detection.patch # Add F12 to os dictionary Patch14: %{appname}-%{version}-f12-distro.patch +# Allow SASL auth (bz 484099) +Patch15: %{appname}-%{version}-sasl-auth.patch +# Use ACPI for windows on KVM (bz 479977) +Patch16: %{appname}-%{version}-windows-acpi.patch License: GPLv2+ Group: Development/Libraries @@ -84,6 +88,8 @@ and install new VMs) and virt-clone (clone an existing virtual machine). %patch12 -p1 %patch13 -p1 %patch14 -p1 +%patch15 -p1 +%patch16 -p1 %build python setup.py build @@ -119,6 +125,10 @@ rm -rf $RPM_BUILD_ROOT %{_bindir}/virt-convert %changelog +* Mon Oct 05 2009 Cole Robinson - 0.400.3-11.fc11 +- Allow SASL auth (bz 484099) +- Use ACPI for windows on KVM (bz 479977) + * Mon Oct 05 2009 Cole Robinson - 0.400.3-10.fc11 - Fix detection of fedora preview trees (bz 499718) - Add F12 to os dictionary diff --git a/virtinst-0.400.3-sasl-auth.patch b/virtinst-0.400.3-sasl-auth.patch new file mode 100644 index 0000000..c6cb388 --- /dev/null +++ b/virtinst-0.400.3-sasl-auth.patch @@ -0,0 +1,128 @@ +# HG changeset patch +# User Cole Robinson +# Date 1241723712 14400 +# Node ID 5d6dc8af58b592b00035f28334ab1284ae1a0f21 +# Parent bec888f2890f7eff9c7d05c46a5059172497dba4 +Allow PolicyKit and SASL authentication. + +Use openAuth when opening the initial connection: allows PolicyKit and +SASA username/password auth. + +diff -r bec888f2890f -r 5d6dc8af58b5 virtinst/cli.py +--- a/virtinst/cli.py Tue May 26 12:43:46 2009 -0400 ++++ b/virtinst/cli.py Thu May 07 15:15:12 2009 -0400 +@@ -145,6 +145,7 @@ + print _("Exiting at user request.") + sys.exit(0) + ++# Connection opening helper functions + def getConnection(connect): + if not User.current().has_priv(User.PRIV_CREATE_DOMAIN, connect): + fail(_("Must be root to create Xen guests")) +@@ -152,7 +153,105 @@ + fail(_("Could not find usable default libvirt connection.")) + + logging.debug("Using libvirt URI '%s'" % connect) +- return libvirt.open(connect) ++ return open_connection(connect) ++ ++def open_connection(uri): ++ open_flags = 0 ++ valid_auth_options = [libvirt.VIR_CRED_AUTHNAME, ++ libvirt.VIR_CRED_PASSPHRASE, ++ libvirt.VIR_CRED_EXTERNAL] ++ authcb = do_creds ++ authcb_data = None ++ ++ return libvirt.openAuth(uri, [valid_auth_options, authcb, authcb_data], ++ open_flags) ++ ++def do_creds(creds, cbdata): ++ try: ++ return _do_creds(creds, cbdata) ++ except: ++ _util.log_exception("Error in creds callback.") ++ raise ++ ++def _do_creds(creds, cbdata_ignore): ++ ++ if (len(creds) == 1 and ++ creds[0][0] == libvirt.VIR_CRED_EXTERNAL and ++ creds[0][2] == "PolicyKit"): ++ return _do_creds_polkit(creds[0][1]) ++ ++ for cred in creds: ++ if cred[0] == libvirt.VIR_CRED_EXTERNAL: ++ return -1 ++ ++ return _do_creds_authname(creds) ++ ++# PolicyKit auth ++def _do_creds_polkit(action): ++ if os.getuid() == 0: ++ logging.debug("Skipping policykit check as root") ++ return 0 # Success ++ logging.debug("Doing policykit for %s" % action) ++ ++ import subprocess ++ import commands ++ ++ bin_path = "/usr/bin/polkit-auth" ++ ++ if not os.path.exists(bin_path): ++ logging.debug("%s not present, skipping polkit auth." % bin_path) ++ return 0 ++ ++ cmdstr = "%s %s" % (bin_path, "--explicit") ++ output = commands.getstatusoutput(cmdstr) ++ if output[1].count(action): ++ logging.debug("User already authorized for %s." % action) ++ # Hide spurious output from polkit-auth ++ popen_stdout = subprocess.PIPE ++ popen_stderr = subprocess.PIPE ++ else: ++ popen_stdout = None ++ popen_stderr = None ++ ++ # Force polkit prompting to be text mode. Not strictly required, but ++ # launching a dialog is overkill. ++ env = os.environ.copy() ++ env["POLKIT_AUTH_FORCE_TEXT"] = "set" ++ ++ cmd = [bin_path, "--obtain", action] ++ proc = subprocess.Popen(cmd, env=env, stdout=popen_stdout, ++ stderr=popen_stderr) ++ out, err = proc.communicate() ++ ++ if out and popen_stdout: ++ logging.debug("polkit-auth stdout: %s" % out) ++ if err and popen_stderr: ++ logging.debug("polkit-auth stderr: %s" % err) ++ ++ return 0 ++ ++# SASL username/pass auth ++def _do_creds_authname(creds): ++ retindex = 4 ++ ++ for cred in creds: ++ credtype, prompt, ignore, ignore, ignore = cred ++ prompt += ": " ++ ++ res = cred[retindex] ++ if credtype == libvirt.VIR_CRED_AUTHNAME: ++ res = raw_input(prompt) ++ elif credtype == libvirt.VIR_CRED_PASSPHRASE: ++ import getpass ++ res = getpass.getpass(prompt) ++ else: ++ logging.debug("Unknown auth type in creds callback: %d" % ++ credtype) ++ return -1 ++ ++ cred[retindex] = res ++ ++ return 0 + + # + # Prompting diff --git a/virtinst-0.400.3-windows-acpi.patch b/virtinst-0.400.3-windows-acpi.patch new file mode 100644 index 0000000..fe38709 --- /dev/null +++ b/virtinst-0.400.3-windows-acpi.patch @@ -0,0 +1,167 @@ +# HG changeset patch +# User Cole Robinson +# Date 1247587582 14400 +# Node ID 8b5d60a01fe3f4300683b105c8cd3bffd62649bf +# Parent 020c0a312e7fc3b39936b731f6373398aad1dcf2 +Refactor osdict lookup routines. + +Allow specifying minimally supported libvirt and hypervisor version for +various parameters. Move most of this code out of Guest and into osdict. + +diff -r 020c0a312e7f -r 8b5d60a01fe3 virtinst/Guest.py +--- a/virtinst/Guest.py Tue Jul 14 09:53:46 2009 -0400 ++++ b/virtinst/Guest.py Tue Jul 14 12:06:22 2009 -0400 +@@ -816,34 +816,16 @@ + Using self.os_type and self.os_variant to find key in OSTYPES + @returns: dict value, or None if os_type/variant wasn't set + """ +- typ = self.os_type +- var = self.os_variant +- if typ: +- if var and self._OS_TYPES[typ]["variants"][var].has_key(key): +- return self._OS_TYPES[typ]["variants"][var][key] +- elif self._OS_TYPES[typ].has_key(key): +- return self._OS_TYPES[typ][key] +- return self._DEFAULTS[key] ++ return osdict.lookup_osdict_key(self.conn, self.type, self.os_type, ++ self.os_variant, key) + + def _lookup_device_param(self, device_key, param): + """ + Check the OS dictionary for the prefered device setting for passed + device type and param (bus, model, etc.) + """ +- os_devs = self._lookup_osdict_key("devices") +- default_devs = self._DEFAULTS["devices"] +- for devs in [os_devs, default_devs]: +- if not devs.has_key(device_key): +- continue +- for ent in devs[device_key][param]: +- hv_types = ent[0] +- param_value = ent[1] +- if self.type in hv_types: +- return param_value +- elif "all" in hv_types: +- return param_value +- raise RuntimeError(_("Invalid dictionary entry for device '%s %s'" % \ +- (device_key, param))) ++ return osdict.lookup_device_param(self.conn, self.type, self.os_type, ++ self.os_variant, device_key, param) + + def terminate_console(self): + if self._consolechild: +diff -r 020c0a312e7f -r 8b5d60a01fe3 virtinst/osdict.py +--- a/virtinst/osdict.py Tue Jul 14 09:53:46 2009 -0400 ++++ b/virtinst/osdict.py Tue Jul 14 12:06:22 2009 -0400 +@@ -19,6 +19,9 @@ + # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + # MA 02110-1301 USA. + ++import libvirt ++ ++import _util + + """ + Default values for OS_TYPES keys. Can be overwritten at os_type or +@@ -64,6 +67,68 @@ + + return retlist + ++def parse_key_entry(conn, hv_type, key_entry): ++ d = _util.get_uri_driver(conn.getURI()) ++ libver = libvirt.getVersion() ++ try: ++ drvver = libvirt.getVersion(d)[1] ++ except: ++ drvver = 0 ++ ++ if type(key_entry) == list: ++ # List of tuples with hv_type, version, etc. mappings ++ for tup in key_entry: ++ exp_hvs = tup[0] ++ if type(exp_hvs) != list: ++ exp_hvs = [exp_hvs] ++ exp_hv_ver = 0 ++ exp_lib_ver = 0 ++ val = tup[-1] ++ ++ if len(tup) > 2: ++ exp_hv_ver = tup[1] ++ if len(tup) > 3: ++ exp_lib_ver = tup[2] ++ ++ if hv_type not in exp_hvs and "all" not in exp_hvs: ++ continue ++ ++ if exp_hv_ver and drvver > exp_hv_ver: ++ continue ++ ++ if exp_lib_ver and libver > exp_lib_ver: ++ continue ++ ++ return val ++ else: ++ return key_entry ++ ++def lookup_osdict_key(conn, hv_type, os_type, var, key): ++ ++ dictval = DEFAULTS[key] ++ if os_type: ++ if var and OS_TYPES[os_type]["variants"][var].has_key(key): ++ dictval = OS_TYPES[os_type]["variants"][var][key] ++ elif OS_TYPES[os_type].has_key(key): ++ dictval = OS_TYPES[os_type][key] ++ ++ return parse_key_entry(conn, hv_type, dictval) ++ ++ ++def lookup_device_param(conn, hv_type, os_type, var, device_key, param): ++ ++ os_devs = lookup_osdict_key(conn, hv_type, os_type, var, "devices") ++ default_devs = DEFAULTS["devices"] ++ ++ for devs in [os_devs, default_devs]: ++ if not devs.has_key(device_key): ++ continue ++ ++ return parse_key_entry(conn, hv_type, devs[device_key][param]) ++ ++ raise RuntimeError(_("Invalid dictionary entry for device '%s %s'" % ++ (device_key, param))) ++ + # NOTE: keep variant keys using only lowercase so we can do case + # insensitive checks on user passed input + OS_TYPES = {\ +# HG changeset patch +# User Cole Robinson +# Date 1247588030 14400 +# Node ID 3c68ba7758a6190f28ec32ab20a3ce96f7802542 +# Parent 8b5d60a01fe3f4300683b105c8cd3bffd62649bf +Turn on ACPI/APIC for windows, except for Xen < 3.1.0. + +See discussion at: + +https://www.redhat.com/archives/et-mgmt-tools/2009-July/msg00000.html + +diff -r 8b5d60a01fe3 -r 3c68ba7758a6 virtinst/osdict.py +--- a/virtinst/osdict.py Tue Jul 14 12:06:22 2009 -0400 ++++ b/virtinst/osdict.py Tue Jul 14 12:13:50 2009 -0400 +@@ -225,10 +225,16 @@ + }, + "variants": { \ + "winxp":{ "label": "Microsoft Windows XP (x86)", +- "acpi": False, "apic": False }, ++ "acpi": [ ("xen", 3001000, False), ++ ("all", True ), ], ++ "apic": [ ("xen", 3001000, False), ++ ("all", True ), ], }, + "winxp64":{ "label": "Microsoft Windows XP (x86_64)" }, + "win2k": { "label": "Microsoft Windows 2000", +- "acpi": False, "apic": False }, ++ "acpi": [ ("xen", 3001000, False), ++ ("all", True ), ], ++ "apic": [ ("xen", 3001000, False), ++ ("all", True ), ], }, + "win2k3": { "label": "Microsoft Windows 2003" }, + "win2k8": { "label": "Microsoft Windows 2008" }, + "vista": { "label": "Microsoft Windows Vista" },