On Fri, Dec 15, 2017 at 02:16 PM +0100, John Ferlan <jferlan@xxxxxxxxxx> wrote:
> On 12/12/2017 06:36 AM, Marc Hartmayer wrote:
>> Add virNetServerClientAuthMethodImpliesAuthenticated() for deciding
>> whether a authentication method implies that a client is automatically
>> authenticated or not. Use this new function in
>> virNetServerClientNeedAuth().
>>
>> Signed-off-by: Marc Hartmayer <mhartmay@xxxxxxxxxxxxxxxxxx>
>> Reviewed-by: Boris Fiuczynski <fiuczy@xxxxxxxxxxxxxxxxxx>
>> Reviewed-by: Stefan Zimmermann <stzi@xxxxxxxxxxxxxxxxxx>
>> ---
>> src/rpc/virnetserverclient.c | 22 +++++++++++++++++++---
>> 1 file changed, 19 insertions(+), 3 deletions(-)
>>
>
> I see Daniel has been looking too - and I think if you extract parts of
> the subsequent patch into this patch with the *Locked name then perhaps
> there'd be less difference in the subsequent patch.
>
> In later patches where virNetServerClientAuthMethodImpliesAuthenticated
> is used in other parts of the code - I see no reason why we couldn't
> compare directly to VIR_NET_SERVER_SERVICE_AUTH_NONE.
The first time I read the code it was very strange to me that a user is
authenticated when the authentication method was set to none. This was
also the reason why I added this function - I tried to make it easier to
understand this code part. But if you think it’s self-explanatory enough
to test for none, then of course I can replace it :)
Thanks for reviewing.
> In particular I'm
> thinking of that auth_pending checking where there's no "client".
>
> This then just becomes "Introduce virNetServerClientNeedAuthLocked"
>
> John
>> diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
>> index 96fd1e6d15c2..616b6fe115e5 100644
>> --- a/src/rpc/virnetserverclient.c
>> +++ b/src/rpc/virnetserverclient.c
>> @@ -354,6 +354,23 @@ static void virNetServerClientSockTimerFunc(int timer,
>> }
>>
>>
>> +/**
>> + * virNetServerClientAuthMethodImpliesAuthenticated:
>> + * @auth: authentication method to check
>> + *
>> + * Check if the passed authentication method implies that a client is
>> + * automatically authenticated.
>> + *
>> + * Returns true if @auth implies that a client is automatically
>> + * authenticated, otherwise false.
>> + */
>> +static bool
>> +virNetServerClientAuthMethodImpliesAuthenticated(int auth)
>> +{
>> + return auth == VIR_NET_SERVER_SERVICE_AUTH_NONE;
>> +}
>> +
>> +
>> static virNetServerClientPtr
>> virNetServerClientNewInternal(unsigned long long id,
>> virNetSocketPtr sock,
>> @@ -1515,10 +1532,9 @@ int virNetServerClientSendMessage(virNetServerClientPtr client,
>>
>> bool virNetServerClientNeedAuth(virNetServerClientPtr client)
>> {
>> - bool need = true;
>> + bool need;
>> virObjectLock(client);
>> - if (client->auth == VIR_NET_SERVER_SERVICE_AUTH_NONE)
>> - need = false;
>> + need = !virNetServerClientAuthMethodImpliesAuthenticated(client->auth);
>> virObjectUnlock(client);
>> return need;
>> }
>>
>
> --
> libvir-list mailing list
> libvir-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvir-list
>
--
Beste Grüße / Kind regards
Marc Hartmayer
IBM Deutschland Research & Development GmbH
Vorsitzende des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
