Don't do polkit auth as root

dumpxml didn't match up with what was used to define the pool to begin with.

libvirt-0.4.1-polkit.patch

@@ -0,0 +1,400 @@
+diff -rup libvirt-0.4.1.orig/configure.in libvirt-0.4.1.new/configure.in
+--- libvirt-0.4.1.orig/configure.in	2008-03-03 09:14:19.000000000 -0500
++++ libvirt-0.4.1.new/configure.in	2008-04-03 15:37:49.000000000 -0400
+@@ -450,10 +450,6 @@ if test "x$with_polkit" = "xyes" -o "x$w
+     CFLAGS="$old_CFLAGS"
+     LDFLAGS="$old_LDFLAGS"
+ 
+-    AC_PATH_PROG(POLKIT_GRANT, polkit-grant)
+-    if test "x$POLKIT_GRANT" != "x"; then
+-      AC_DEFINE_UNQUOTED([POLKIT_GRANT],["$POLKIT_GRANT"],[Location of polkit-grant program])
+-    fi
+     AC_PATH_PROG(POLKIT_AUTH, polkit-auth)
+     if test "x$POLKIT_AUTH" != "x"; then
+       AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program])
+diff -rup libvirt-0.4.1.orig/qemud/internal.h libvirt-0.4.1.new/qemud/internal.h
+--- libvirt-0.4.1.orig/qemud/internal.h	2008-01-24 12:07:43.000000000 -0500
++++ libvirt-0.4.1.new/qemud/internal.h	2008-04-03 15:38:03.000000000 -0400
+@@ -179,6 +179,9 @@ void qemudLog(int priority, const char *
+ void remoteDispatchClientRequest (struct qemud_server *server,
+                                   struct qemud_client *client);
+ 
++#if HAVE_POLKIT
++int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid);
++#endif
+ 
+ #endif
+ 
+diff -rup libvirt-0.4.1.orig/qemud/qemud.c libvirt-0.4.1.new/qemud/qemud.c
+--- libvirt-0.4.1.orig/qemud/qemud.c	2008-04-03 15:39:15.000000000 -0400
++++ libvirt-0.4.1.new/qemud/qemud.c	2008-04-03 15:38:03.000000000 -0400
+@@ -1040,6 +1040,28 @@ remoteCheckAccess (struct qemud_client *
+     return 0;
+ }
+ 
++#if HAVE_POLKIT
++int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid) {
++#ifdef SO_PEERCRED
++    struct ucred cr;
++    unsigned int cr_len = sizeof (cr);
++
++    if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) < 0) {
++        qemudLog(QEMUD_ERR, _("Failed to verify client credentials: %s"),
++                 strerror(errno));
++        return -1;
++    }
++
++    *pid = cr.pid;
++    *uid = cr.uid;
++#else
++    /* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/
++#error "UNIX socket credentials not supported/implemented on this platform yet..."
++#endif
++    return 0;
++}
++#endif
++
+ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket *sock) {
+     int fd;
+     struct sockaddr_storage addr;
+@@ -1075,6 +1097,26 @@ static int qemudDispatchServer(struct qe
+     memcpy (&client->addr, &addr, sizeof addr);
+     client->addrlen = addrlen;
+ 
++#if HAVE_POLKIT
++    /* Only do policy checks for non-root - allow root user
++       through with no checks, as a fail-safe - root can easily
++       change policykit policy anyway, so its pointless trying
++       to restrict root */
++    if (client->auth == REMOTE_AUTH_POLKIT) {
++        uid_t uid;
++        pid_t pid;
++
++        if (qemudGetSocketIdentity(client->fd, &uid, &pid) < 0)
++            goto cleanup;
++
++        /* Cient is running as root, so disable auth */
++        if (uid == 0) {
++            qemudLog(QEMUD_INFO, _("Turn off polkit auth for privileged client %d"), pid);
++            client->auth = REMOTE_AUTH_NONE;
++        }
++    }
++#endif
++
+     if (client->type != QEMUD_SOCK_TYPE_TLS) {
+         client->mode = QEMUD_MODE_RX_HEADER;
+         client->bufferLength = REMOTE_MESSAGE_HEADER_XDR_LEN;
+diff -rup libvirt-0.4.1.orig/qemud/remote.c libvirt-0.4.1.new/qemud/remote.c
+--- libvirt-0.4.1.orig/qemud/remote.c	2008-02-29 11:23:17.000000000 -0500
++++ libvirt-0.4.1.new/qemud/remote.c	2008-04-03 15:38:03.000000000 -0400
+@@ -2564,27 +2564,6 @@ remoteDispatchAuthSaslStep (struct qemud
+ 
+ 
+ #if HAVE_POLKIT
+-static int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid) {
+-#ifdef SO_PEERCRED
+-    struct ucred cr;
+-    unsigned int cr_len = sizeof (cr);
+-
+-    if (getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) < 0) {
+-        qemudLog(QEMUD_ERR, _("Failed to verify client credentials: %s"),
+-                 strerror(errno));
+-        return -1;
+-    }
+-
+-    *pid = cr.pid;
+-    *uid = cr.uid;
+-#else
+-    /* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/
+-#error "UNIX socket credentials not supported/implemented on this platform yet..."
+-#endif
+-    return 0;
+-}
+-
+-
+ static int
+ remoteDispatchAuthPolkit (struct qemud_server *server ATTRIBUTE_UNUSED,
+                           struct qemud_client *client,
+@@ -2594,6 +2573,15 @@ remoteDispatchAuthPolkit (struct qemud_s
+ {
+     pid_t callerPid;
+     uid_t callerUid;
++    PolKitCaller *pkcaller = NULL;
++    PolKitAction *pkaction = NULL;
++    PolKitContext *pkcontext = NULL;
++    PolKitError *pkerr = NULL;
++    PolKitResult pkresult;
++    DBusError err;
++    const char *action = client->readonly ?
++        "org.libvirt.unix.monitor" :
++        "org.libvirt.unix.manage";
+ 
+     REMOTE_DEBUG("Start PolicyKit auth %d", client->fd);
+     if (client->auth != REMOTE_AUTH_POLKIT) {
+@@ -2609,98 +2597,78 @@ remoteDispatchAuthPolkit (struct qemud_s
+         return -2;
+     }
+ 
+-    /* Only do policy checks for non-root - allow root user
+-       through with no checks, as a fail-safe - root can easily
+-       change policykit policy anyway, so its pointless trying
+-       to restrict root */
+-    if (callerUid == 0) {
+-        qemudLog(QEMUD_INFO, _("Allowing PID %d running as root"), callerPid);
+-        ret->complete = 1;
+-        client->auth = REMOTE_AUTH_NONE;
+-    } else {
+-        PolKitCaller *pkcaller = NULL;
+-        PolKitAction *pkaction = NULL;
+-        PolKitContext *pkcontext = NULL;
+-        PolKitError *pkerr = NULL;
+-        PolKitResult pkresult;
+-        DBusError err;
+-        const char *action = client->readonly ?
+-            "org.libvirt.unix.monitor" :
+-            "org.libvirt.unix.manage";
+-
+-        qemudLog(QEMUD_INFO, _("Checking PID %d running as %d"),
+-                 callerPid, callerUid);
+-        dbus_error_init(&err);
+-        if (!(pkcaller = polkit_caller_new_from_pid(server->sysbus,
+-                                                    callerPid, &err))) {
+-            qemudLog(QEMUD_ERR, _("Failed to lookup policy kit caller: %s"),
+-                     err.message);
+-            dbus_error_free(&err);
+-            remoteDispatchFailAuth(client, req);
+-            return -2;
+-        }
+-
+-        if (!(pkaction = polkit_action_new())) {
+-            qemudLog(QEMUD_ERR, _("Failed to create polkit action %s\n"),
+-                                  strerror(errno));
+-            polkit_caller_unref(pkcaller);
+-            remoteDispatchFailAuth(client, req);
+-            return -2;
+-        }
+-        polkit_action_set_action_id(pkaction, action);
+-
+-        if (!(pkcontext = polkit_context_new()) ||
+-            !polkit_context_init(pkcontext, &pkerr)) {
+-            qemudLog(QEMUD_ERR, _("Failed to create polkit context %s\n"),
+-                     (pkerr ? polkit_error_get_error_message(pkerr)
+-                      : strerror(errno)));
+-            if (pkerr)
+-                polkit_error_free(pkerr);
+-            polkit_caller_unref(pkcaller);
+-            polkit_action_unref(pkaction);
+-            dbus_error_free(&err);
+-            remoteDispatchFailAuth(client, req);
+-            return -2;
+-        }
++    qemudLog(QEMUD_INFO, _("Checking PID %d running as %d"),
++             callerPid, callerUid);
++    dbus_error_init(&err);
++    if (!(pkcaller = polkit_caller_new_from_pid(server->sysbus,
++                                                callerPid, &err))) {
++        qemudLog(QEMUD_ERR, _("Failed to lookup policy kit caller: %s"),
++                 err.message);
++        dbus_error_free(&err);
++        remoteDispatchFailAuth(client, req);
++        return -2;
++    }
++
++    if (!(pkaction = polkit_action_new())) {
++        qemudLog(QEMUD_ERR, _("Failed to create polkit action %s\n"),
++                 strerror(errno));
++        polkit_caller_unref(pkcaller);
++        remoteDispatchFailAuth(client, req);
++        return -2;
++    }
++    polkit_action_set_action_id(pkaction, action);
++
++    if (!(pkcontext = polkit_context_new()) ||
++        !polkit_context_init(pkcontext, &pkerr)) {
++        qemudLog(QEMUD_ERR, _("Failed to create polkit context %s\n"),
++                 (pkerr ? polkit_error_get_error_message(pkerr)
++                  : strerror(errno)));
++        if (pkerr)
++            polkit_error_free(pkerr);
++        polkit_caller_unref(pkcaller);
++        polkit_action_unref(pkaction);
++        dbus_error_free(&err);
++        remoteDispatchFailAuth(client, req);
++        return -2;
++    }
+ 
+ #if HAVE_POLKIT_CONTEXT_IS_CALLER_AUTHORIZED
+-        pkresult = polkit_context_is_caller_authorized(pkcontext,
+-                                                       pkaction,
+-                                                       pkcaller,
+-                                                       0,
+-                                                       &pkerr);
+-        if (pkerr && polkit_error_is_set(pkerr)) {
+-            qemudLog(QEMUD_ERR,
+-                     _("Policy kit failed to check authorization %d %s"),
+-                     polkit_error_get_error_code(pkerr),
+-                     polkit_error_get_error_message(pkerr));
+-            remoteDispatchFailAuth(client, req);
+-            return -2;
+-        }
++    pkresult = polkit_context_is_caller_authorized(pkcontext,
++                                                   pkaction,
++                                                   pkcaller,
++                                                   0,
++                                                   &pkerr);
++    if (pkerr && polkit_error_is_set(pkerr)) {
++        qemudLog(QEMUD_ERR,
++                 _("Policy kit failed to check authorization %d %s"),
++                 polkit_error_get_error_code(pkerr),
++                 polkit_error_get_error_message(pkerr));
++        remoteDispatchFailAuth(client, req);
++        return -2;
++    }
+ #else
+-        pkresult = polkit_context_can_caller_do_action(pkcontext,
+-                                                       pkaction,
+-                                                       pkcaller);
++    pkresult = polkit_context_can_caller_do_action(pkcontext,
++                                                   pkaction,
++                                                   pkcaller);
+ #endif
+-        polkit_context_unref(pkcontext);
+-        polkit_caller_unref(pkcaller);
+-        polkit_action_unref(pkaction);
+-        if (pkresult != POLKIT_RESULT_YES) {
+-            qemudLog(QEMUD_ERR,
+-                     _("Policy kit denied action %s from pid %d, uid %d,"
+-                       " result: %s\n"),
+-                     action, callerPid, callerUid,
+-                     polkit_result_to_string_representation(pkresult));
+-            remoteDispatchFailAuth(client, req);
+-            return -2;
+-        }
+-        qemudLog(QEMUD_INFO,
+-                 _("Policy allowed action %s from pid %d, uid %d, result %s"),
++    polkit_context_unref(pkcontext);
++    polkit_caller_unref(pkcaller);
++    polkit_action_unref(pkaction);
++    if (pkresult != POLKIT_RESULT_YES) {
++        qemudLog(QEMUD_ERR,
++                 _("Policy kit denied action %s from pid %d, uid %d,"
++                   " result: %s\n"),
+                  action, callerPid, callerUid,
+                  polkit_result_to_string_representation(pkresult));
+-        ret->complete = 1;
+-        client->auth = REMOTE_AUTH_NONE;
++        remoteDispatchFailAuth(client, req);
++        return -2;
+     }
++    qemudLog(QEMUD_INFO,
++             _("Policy allowed action %s from pid %d, uid %d, result %s"),
++             action, callerPid, callerUid,
++             polkit_result_to_string_representation(pkresult));
++    ret->complete = 1;
++    client->auth = REMOTE_AUTH_NONE;
+ 
+     return 0;
+ }
+diff -rup libvirt-0.4.1.orig/src/libvirt.c libvirt-0.4.1.new/src/libvirt.c
+--- libvirt-0.4.1.orig/src/libvirt.c	2008-02-26 10:37:43.000000000 -0500
++++ libvirt-0.4.1.new/src/libvirt.c	2008-04-03 15:38:47.000000000 -0400
+@@ -19,6 +19,9 @@
+ #include <sys/stat.h>
+ #include <unistd.h>
+ #include <assert.h>
++#ifdef HAVE_SYS_WAIT_H
++#include <sys/wait.h>
++#endif
+ 
+ #include <libxml/parser.h>
+ #include <libxml/xpath.h>
+@@ -66,6 +69,39 @@ static int initialized = 0;
+ int debugFlag = 0;
+ #endif
+ 
++#if defined(POLKIT_AUTH)
++static int virConnectAuthGainPolkit(const char *privilege) {
++    const char *const args[] = {
++        POLKIT_AUTH, "--obtain", privilege, NULL
++    };
++    int childpid, status, ret;
++
++    /* Root has all rights */
++    if (getuid() == 0)
++        return 0;
++
++    if ((childpid = fork()) < 0)
++        return -1;
++
++    if (!childpid) {
++        execvp(args[0], (char **)args);
++        _exit(-1);
++    }
++
++    while ((ret = waitpid(childpid, &status, 0) == -1) && errno == EINTR);
++    if (ret == -1) {
++        return -1;
++    }
++
++    if (!WIFEXITED(status) ||
++        (WEXITSTATUS(status) != 0 && WEXITSTATUS(status) != 1)) {
++        return -1;
++    }
++
++    return 0;
++}
++#endif
++
+ static int virConnectAuthCallbackDefault(virConnectCredentialPtr cred,
+                                          unsigned int ncred,
+                                          void *cbdata ATTRIBUTE_UNUSED) {
+@@ -77,28 +113,25 @@ static int virConnectAuthCallbackDefault
+         size_t len;
+ 
+         switch (cred[i].type) {
+-#if defined(POLKIT_GRANT) || defined(POLKIT_AUTH)
+         case VIR_CRED_EXTERNAL: {
+             int ret;
+-            const char *const args[] = {
+-#if defined(POLKIT_GRANT)
+-                POLKIT_GRANT, "--gain", cred[i].prompt, NULL
+-#else
+-                POLKIT_AUTH, "--obtain", cred[i].prompt, NULL
+-#endif
+-            };
+-
+             if (STRNEQ(cred[i].challenge, "PolicyKit"))
+                 return -1;
+-            if (virRun(NULL, (char **) args, &ret) < 0)
+-                return -1;
+ 
+-            if (!WIFEXITED(ret) ||
+-                (WEXITSTATUS(ret) != 0 && WEXITSTATUS(ret) != 1))
++#if defined(POLKIT_AUTH)
++            if (virConnectAuthGainPolkit(cred[i].prompt) < 0)
+                 return -1;
++#else
++            /*
++             * Ignore & carry on. Although we can't auth
++             * directly, the user may have authenticated
++             * themselves already outside context of libvirt
++             */
++#endif
++
+             break;
+         }
+-#endif
++
+         case VIR_CRED_USERNAME:
+         case VIR_CRED_AUTHNAME:
+         case VIR_CRED_ECHOPROMPT:
+@@ -158,9 +191,7 @@ static int virConnectCredTypeDefault[] =
+     VIR_CRED_REALM,
+     VIR_CRED_PASSPHRASE,
+     VIR_CRED_NOECHOPROMPT,
+-#if defined(POLKIT_AUTH) || defined(POLKIT_GRANT)
+     VIR_CRED_EXTERNAL,
+-#endif
+ };
+ 
+ static virConnectAuth virConnectAuthDefault = {

libvirt-iscsi-sysfs4.patch

@@ -0,0 +1,146 @@
+--- a/src/storage_backend_iscsi.c	4 Mar 2008 20:02:34 -0000	1.3
++++ b/src/storage_backend_iscsi.c	26 Mar 2008 22:07:05 -0000
+@@ -170,20 +170,91 @@
+ virStorageBackendISCSIMakeLUN(virConnectPtr conn,
+                               virStoragePoolObjPtr pool,
+                               char **const groups,
+-                              void *data ATTRIBUTE_UNUSED)
++                              void *data)
+ {
+     virStorageVolDefPtr vol;
+     int fd = -1;
++    unsigned int target, channel, id, lun;
+     char lunid[100];
+-    char *dev = groups[4];
+     int opentries = 0;
+     char *devpath = NULL;
++    char *session = data;
++    char sysfs_path[PATH_MAX];
++    char *dev = NULL;
++    DIR *sysdir;
++    struct dirent *block_dirent;
++    struct stat sbuf;
++    int len;
++
++    if ((virStrToLong_ui(groups[0], NULL, 10, &target) < 0) ||
++        (virStrToLong_ui(groups[1], NULL, 10, &channel) < 0) ||
++        (virStrToLong_ui(groups[2], NULL, 10, &id) < 0) ||
++        (virStrToLong_ui(groups[3], NULL, 10, &lun) < 0)) {
++        virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
++                              _("Failed parsing iscsiadm commands"));
++        return -1;
++    }
++
++    if (lun == 0) {
++        /* the 0'th LUN isn't a real LUN, it's just a control LUN; skip it */
++        return 0;
++    }
++
++    snprintf(sysfs_path, PATH_MAX,
++             "/sys/class/iscsi_session/session%s/device/"
++             "target%d:%d:%d/%d:%d:%d:%d/block",
++             session, target, channel, id, target, channel, id, lun);
++
++    if (stat(sysfs_path, &sbuf) < 0) {
++        /* block path in subdir didn't exist; this is unexpected, so fail */
++        virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR,
++                              _("Failed to find the sysfs path for %d:%d:%d:%d: %s"),
++                              target, channel, id, lun, strerror(errno));
++        return -1;
++    }
++
++    sysdir = opendir(sysfs_path);
++    if (sysdir == NULL) {
++        /* we failed for some reason; return an error */
++        virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR,
++                              _("Failed to opendir sysfs path %s: %s"),
++                              sysfs_path, strerror(errno));
++        return -1;
++    }
++
++    while ((block_dirent = readdir(sysdir)) != NULL) {
++        len = strlen(block_dirent->d_name);
++        if ((len == 1 && block_dirent->d_name[0] == '.') ||
++            (len == 2 && block_dirent->d_name[0] == '.' && block_dirent->d_name[1] == '.')) {
++            /* the . and .. directories; just skip them */
++            continue;
++        }
++
++        /* OK, not . or ..; let's see if it is a SCSI device */
++        if (len > 2 &&
++            block_dirent->d_name[0] == 's' &&
++            block_dirent->d_name[1] == 'd') {
++            /* looks like a scsi device, smells like scsi device; it must be
++               a scsi device */
++            dev = strdup(block_dirent->d_name);
++            break;
++        }
++    }
++    closedir(sysdir);
++
++    if (dev == NULL) {
++        /* we didn't find the sd? device we were looking for; fail */
++        virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR,
++                              _("Failed to find SCSI device for %d:%d:%d:%d: %s"),
++                              target, channel, id, lun, strerror(errno));
++        return -1;
++    }
+ 
+     snprintf(lunid, sizeof(lunid)-1, "lun-%s", groups[3]);
+ 
+     if ((vol = calloc(1, sizeof(virStorageVolDef))) == NULL) {
+         virStorageReportError(conn, VIR_ERR_NO_MEMORY, "%s", _("volume"));
+-        return -1;
++        goto cleanup;
+     }
+ 
+     if ((vol->name = strdup(lunid)) == NULL) {
+@@ -197,6 +268,8 @@
+     }
+     strcpy(devpath, "/dev/");
+     strcat(devpath, dev);
++    free(dev);
++    dev = NULL;
+     /* It can take a little while between logging into the ISCSI
+      * server and udev creating the /dev nodes, so if we get ENOENT
+      * we must retry a few times - they should eventually appear.
+@@ -258,6 +331,7 @@
+     if (fd != -1) close(fd);
+     free(devpath);
+     virStorageVolDefFree(vol);
++    free(dev);
+     return -1;
+ }
+ 
+@@ -281,14 +355,13 @@
+      *           scsi1 Channel 00 Id 0 Lun: 5
+      *                   Attached scsi disk sdg          State: running
+      *
+-     * Need 2 regex to match alternating lines
++     * Need a regex to match the Channel:Id:Lun lines
+      */
+     const char *regexes[] = {
+-        "^\\s*scsi(\\S+)\\s+Channel\\s+(\\S+)\\s+Id\\s+(\\S+)\\s+Lun:\\s+(\\S+)\\s*$",
+-        "^\\s*Attached\\s+scsi\\s+disk\\s+(\\S+)\\s+State:\\s+running\\s*$"
++        "^\\s*scsi(\\S+)\\s+Channel\\s+(\\S+)\\s+Id\\s+(\\S+)\\s+Lun:\\s+(\\S+)\\s*$"
+     };
+     int vars[] = {
+-        4, 1
++        4
+     };
+     const char *prog[] = {
+         ISCSIADM, "--mode", "session", "-r", session, "-P", "3", NULL,
+@@ -296,11 +369,11 @@
+ 
+     return virStorageBackendRunProgRegex(conn, pool,
+                                          prog,
+-                                         2,
++                                         1,
+                                          regexes,
+                                          vars,
+                                          virStorageBackendISCSIMakeLUN,
+-                                         NULL);
++                                         (void *)session);
+ }
+ 
+ 

libvirt-source-dir-fix.patch

@@ -0,0 +1,17 @@
+Index: src/storage_conf.c
+===================================================================
+RCS file: /data/cvs/libvirt/src/storage_conf.c,v
+retrieving revision 1.3
+retrieving revision 1.4
+diff -u -r1.3 -r1.4
+--- a/src/storage_conf.c	27 Feb 2008 10:37:19 -0000	1.3
++++ b/src/storage_conf.c	28 Mar 2008 17:56:44 -0000	1.4
+@@ -479,7 +479,7 @@
+     }
+     if ((options->flags & VIR_STORAGE_BACKEND_POOL_SOURCE_DIR) &&
+         def->source.dir &&
+-        virBufferVSprintf(buf,"    <directory path='%s'/>\n", def->source.dir) < 0)
++        virBufferVSprintf(buf,"    <dir path='%s'/>\n", def->source.dir) < 0)
+         goto no_memory;
+     if ((options->flags & VIR_STORAGE_BACKEND_POOL_SOURCE_ADAPTER) &&
+         def->source.adapter &&

libvirt-storage-api-iscsi-sendtarget.patch

@@ -0,0 +1,17 @@
+--- /home/boston/clalance/devel/libvirt--devel/src/storage_backend_iscsi.c	2008-02-13 13:48:32.497466000 -0500
++++ libvirt-0.4.0/src/storage_backend_iscsi.c	2008-02-11 17:19:35.000000000 -0500
+@@ -143,6 +143,14 @@ static int virStorageBackendISCSIConnect
+         "--targetname", pool->def->source.devices[0].path, action, NULL
+     };
+ 
++    const char *cmdsendtarget[] = {
++        ISCSIADM, "--mode", "discovery", "--type", "sendtargets",
++        "--portal", portal, NULL
++    };
++
++    if (virRun(conn, (char **)cmdsendtarget, NULL) < 0)
++        return -1;
++
+     if (virRun(conn, (char **)cmdargv, NULL) < 0)
+         return -1;
+ 

libvirt.spec

@@ -21,7 +21,7 @@
 Summary: Library providing a simple API virtualization
 Name: libvirt
 Version: 0.4.1
-Release: 4%{?dist}%{?extra_release}
+Release: 7%{?dist}%{?extra_release}
 License: LGPL
 Group: Development/Libraries
 Source: libvirt-%{version}.tar.gz
@@ -31,6 +31,10 @@ Patch2: %{name}-%{version}-daemon-startup.patch
 Patch3: %{name}-%{version}-qemu-media-change.patch
 Patch4: %{name}-%{version}-xen-boot-device.patch
 Patch5: %{name}-%{version}-tap-ifname.patch
+Patch6: libvirt-storage-api-iscsi-sendtarget.patch 
+Patch7: libvirt-iscsi-sysfs4.patch 
+Patch8: libvirt-source-dir-fix.patch
+Patch9: %{name}-%{version}-polkit.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 URL: http://libvirt.org/
 BuildRequires: python python-devel
@@ -148,6 +152,10 @@ of recent versions of Linux (and other OSes).
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
 
 %build
 # Xen is available only on i386 x86_64 ia64
@@ -291,6 +299,19 @@ fi
 %doc docs/examples/python
 
 %changelog
+* Thu Apr  4 2008 Daniel P. Berrange <berrange@redhat.com> - 0.4.1-7.fc9
+- Don't run polkit-auth as root
+- Don't request polkit auth if client is root
+
+* Fri Mar 28 2008 Chris Lalancette <clalance@redhat.com> - 0.4.1-6.fc9
+- When dumping XML for a storage pool, make the <source> directory tag
+  match the <dir> tag used for specifying the pool in the first place
+
+* Thu Mar 27 2008 Chris Lalancette <clalance@redhat.com> - 0.4.1-5.fc9
+- Do iscsiadm sendtarget before trying to do login
+- Do sysfs scanning for iSCSI LUNs instead of trying to parse them from
+  iscsiadm session output
+
 * Thu Mar 13 2008 Daniel P. Berrange <berrange@redhat.com> - 0.4.1-4.fc9
 - Fix QEMU tap device setup
 - Fix Xen boot device XML processing