On Fri, Dec 15, 2017 at 02:16 PM +0100, John Ferlan <jferlan@redhat.com> wrote:
On 12/12/2017 06:36 AM, Marc Hartmayer wrote:
Add virNetServerClientAuthMethodImpliesAuthenticated() for deciding whether a authentication method implies that a client is automatically authenticated or not. Use this new function in virNetServerClientNeedAuth().
Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com> --- src/rpc/virnetserverclient.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-)
I see Daniel has been looking too - and I think if you extract parts of the subsequent patch into this patch with the *Locked name then perhaps there'd be less difference in the subsequent patch.
In later patches where virNetServerClientAuthMethodImpliesAuthenticated is used in other parts of the code - I see no reason why we couldn't compare directly to VIR_NET_SERVER_SERVICE_AUTH_NONE.
The first time I read the code it was very strange to me that a user is authenticated when the authentication method was set to none. This was also the reason why I added this function - I tried to make it easier to understand this code part. But if you think it’s self-explanatory enough to test for none, then of course I can replace it :) Thanks for reviewing.
In particular I'm thinking of that auth_pending checking where there's no "client".
This then just becomes "Introduce virNetServerClientNeedAuthLocked"
John
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c index 96fd1e6d15c2..616b6fe115e5 100644 --- a/src/rpc/virnetserverclient.c +++ b/src/rpc/virnetserverclient.c @@ -354,6 +354,23 @@ static void virNetServerClientSockTimerFunc(int timer, }
+/** + * virNetServerClientAuthMethodImpliesAuthenticated: + * @auth: authentication method to check + * + * Check if the passed authentication method implies that a client is + * automatically authenticated. + * + * Returns true if @auth implies that a client is automatically + * authenticated, otherwise false. + */ +static bool +virNetServerClientAuthMethodImpliesAuthenticated(int auth) +{ + return auth == VIR_NET_SERVER_SERVICE_AUTH_NONE; +} + + static virNetServerClientPtr virNetServerClientNewInternal(unsigned long long id, virNetSocketPtr sock, @@ -1515,10 +1532,9 @@ int virNetServerClientSendMessage(virNetServerClientPtr client,
bool virNetServerClientNeedAuth(virNetServerClientPtr client) { - bool need = true; + bool need; virObjectLock(client); - if (client->auth == VIR_NET_SERVER_SERVICE_AUTH_NONE) - need = false; + need = !virNetServerClientAuthMethodImpliesAuthenticated(client->auth); virObjectUnlock(client); return need; }
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
-- Beste Grüße / Kind regards Marc Hartmayer IBM Deutschland Research & Development GmbH Vorsitzende des Aufsichtsrats: Martina Koederitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294