Introduce a function which marks the client as authenticated and also
it tracks on the server that the authentication for this client has
been completed. Afterwords it will check for the limits of the server.
After using this new function the function
virNetServerTrackCompletedAuth was superfluous and is therefore
removed. In addition, it is not very common that a
'{{function}}' (virNetServerTrackCompletedAuth) does more than just
the locking compared to
'{{function}}Locked' (virNetServerTrackCompletedAuthLocked).
virNetServerTrackPendingAuth was already superfluous and therefore
it's also removed.
Signed-off-by: Marc Hartmayer <mhartmay(a)linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy(a)linux.vnet.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi(a)linux.vnet.ibm.com>
---
daemon/remote.c | 9 +++------
src/libvirt_remote.syms | 5 ++---
src/rpc/virnetserver.c | 40 ++++++++++++++++++++++------------------
src/rpc/virnetserver.h | 3 +--
src/rpc/virnetserverclient.c | 5 ++---
src/rpc/virnetserverclient.h | 2 +-
6 files changed, 31 insertions(+), 33 deletions(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index 6f78f17178f7..a9dd228b8273 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -3263,8 +3263,7 @@ remoteDispatchAuthList(virNetServerPtr server,
(long long) callerPid, (int) callerUid) < 0)
goto cleanup;
VIR_INFO("Bypass polkit auth for privileged client %s", ident);
- virNetServerClientSetAuth(client, VIR_NET_SERVER_SERVICE_AUTH_NONE);
- virNetServerTrackCompletedAuth(server);
+ virNetServerSetClientAuthenticated(server, client);
auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
VIR_FREE(ident);
}
@@ -3407,8 +3406,7 @@ remoteSASLFinish(virNetServerPtr server,
if (!(clnt_identity = virNetServerClientGetIdentity(client)))
goto error;
- virNetServerClientSetAuth(client, VIR_NET_SERVER_SERVICE_AUTH_NONE);
- virNetServerTrackCompletedAuth(server);
+ virNetServerSetClientAuthenticated(server, client);
virNetServerClientSetSASLSession(client, priv->sasl);
virIdentitySetSASLUserName(clnt_identity, identity);
@@ -3731,8 +3729,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server,
action, (long long) callerPid, callerUid);
ret->complete = 1;
- virNetServerClientSetAuth(client, VIR_NET_SERVER_SERVICE_AUTH_NONE);
- virNetServerTrackCompletedAuth(server);
+ virNetServerSetClientAuthenticated(server, client);
virMutexUnlock(&priv->lock);
return 0;
diff --git a/src/libvirt_remote.syms b/src/libvirt_remote.syms
index efdf912ec563..7fcae970484d 100644
--- a/src/libvirt_remote.syms
+++ b/src/libvirt_remote.syms
@@ -116,9 +116,8 @@ virNetServerNewPostExecRestart;
virNetServerNextClientID;
virNetServerPreExecRestart;
virNetServerProcessClients;
+virNetServerSetClientAuthenticated;
virNetServerStart;
-virNetServerTrackCompletedAuth;
-virNetServerTrackPendingAuth;
virNetServerUpdateServices;
@@ -152,7 +151,7 @@ virNetServerClientRemoteAddrStringSASL;
virNetServerClientRemoteAddrStringURI;
virNetServerClientRemoveFilter;
virNetServerClientSendMessage;
-virNetServerClientSetAuth;
+virNetServerClientSetAuthLocked;
virNetServerClientSetCloseHook;
virNetServerClientSetDispatcher;
virNetServerClientStartKeepAlive;
diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
index d03bd3e91905..72105cd9318f 100644
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
@@ -737,6 +737,28 @@ int virNetServerSetTLSContext(virNetServerPtr srv,
#endif
+/**
+ * virNetServerSetClientAuthenticated:
+ * @srv: server must be unlocked
+ * @client: client must be unlocked
+ *
+ * Mark @client as authenticated and tracks on @srv that the
+ * authentication of this @client has been completed. Also it checks
+ * the limits of @srv.
+ */
+void
+virNetServerSetClientAuthenticated(virNetServerPtr srv, virNetServerClientPtr client)
+{
+ virObjectLock(srv);
+ virObjectLock(client);
+ virNetServerClientSetAuthLocked(client, VIR_NET_SERVER_SERVICE_AUTH_NONE);
+ virNetServerTrackCompletedAuthLocked(srv);
+ virNetServerCheckLimits(srv);
+ virObjectUnlock(client);
+ virObjectUnlock(srv);
+}
+
+
static void
virNetServerUpdateServicesLocked(virNetServerPtr srv,
bool enabled)
@@ -813,24 +835,6 @@ virNetServerTrackCompletedAuthLocked(virNetServerPtr srv)
return --srv->nclients_unauth;
}
-size_t virNetServerTrackPendingAuth(virNetServerPtr srv)
-{
- size_t ret;
- virObjectLock(srv);
- ret = virNetServerTrackPendingAuthLocked(srv);
- virObjectUnlock(srv);
- return ret;
-}
-
-size_t virNetServerTrackCompletedAuth(virNetServerPtr srv)
-{
- size_t ret;
- virObjectLock(srv);
- ret = virNetServerTrackCompletedAuthLocked(srv);
- virNetServerCheckLimits(srv);
- virObjectUnlock(srv);
- return ret;
-}
bool
virNetServerHasClients(virNetServerPtr srv)
diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h
index 6a79d15370e5..7728a67f5fcb 100644
--- a/src/rpc/virnetserver.h
+++ b/src/rpc/virnetserver.h
@@ -73,13 +73,12 @@ int virNetServerSetTLSContext(virNetServerPtr srv,
virNetTLSContextPtr tls);
# endif
-size_t virNetServerTrackPendingAuth(virNetServerPtr srv);
-size_t virNetServerTrackCompletedAuth(virNetServerPtr srv);
int virNetServerAddClient(virNetServerPtr srv,
virNetServerClientPtr client);
bool virNetServerHasClients(virNetServerPtr srv);
void virNetServerProcessClients(virNetServerPtr srv);
+void virNetServerSetClientAuthenticated(virNetServerPtr srv, virNetServerClientPtr
client);
void virNetServerUpdateServices(virNetServerPtr srv, bool enabled);
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
index 3101b555a90d..6adc3ec3ec01 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -639,11 +639,10 @@ int virNetServerClientGetAuth(virNetServerClientPtr client)
return auth;
}
-void virNetServerClientSetAuth(virNetServerClientPtr client, int auth)
+/* @client needs to be locked by the caller */
+void virNetServerClientSetAuthLocked(virNetServerClientPtr client, int auth)
{
- virObjectLock(client);
client->auth = auth;
- virObjectUnlock(client);
}
bool virNetServerClientGetReadonly(virNetServerClientPtr client)
diff --git a/src/rpc/virnetserverclient.h b/src/rpc/virnetserverclient.h
index 9ec18588a858..19f20b808284 100644
--- a/src/rpc/virnetserverclient.h
+++ b/src/rpc/virnetserverclient.h
@@ -79,7 +79,7 @@ void virNetServerClientRemoveFilter(virNetServerClientPtr client,
int filterID);
int virNetServerClientGetAuth(virNetServerClientPtr client);
-void virNetServerClientSetAuth(virNetServerClientPtr client, int auth);
+void virNetServerClientSetAuthLocked(virNetServerClientPtr client, int auth);
bool virNetServerClientGetReadonly(virNetServerClientPtr client);
unsigned long long virNetServerClientGetID(virNetServerClientPtr client);
long long virNetServerClientGetTimestamp(virNetServerClientPtr client);
--
2.13.4