Re: [PATCH 08/14] rpc: Refactor the condition whether a client needs authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 15, 2017 at 02:16 PM +0100, John Ferlan <jferlan@xxxxxxxxxx> wrote:
> On 12/12/2017 06:36 AM, Marc Hartmayer wrote:
>> Add virNetServerClientAuthMethodImpliesAuthenticated() for deciding
>> whether a authentication method implies that a client is automatically
>> authenticated or not. Use this new function in
>> virNetServerClientNeedAuth().
>>
>> Signed-off-by: Marc Hartmayer <mhartmay@xxxxxxxxxxxxxxxxxx>
>> Reviewed-by: Boris Fiuczynski <fiuczy@xxxxxxxxxxxxxxxxxx>
>> Reviewed-by: Stefan Zimmermann <stzi@xxxxxxxxxxxxxxxxxx>
>> ---
>>  src/rpc/virnetserverclient.c | 22 +++++++++++++++++++---
>>  1 file changed, 19 insertions(+), 3 deletions(-)
>>
>
> I see Daniel has been looking too - and I think if you extract parts of
> the subsequent patch into this patch with the *Locked name then perhaps
> there'd be less difference in the subsequent patch.
>
> In later patches where virNetServerClientAuthMethodImpliesAuthenticated
> is used in other parts of the code - I see no reason why we couldn't
> compare directly to VIR_NET_SERVER_SERVICE_AUTH_NONE.

The first time I read the code it was very strange to me that a user is
authenticated when the authentication method was set to none. This was
also the reason why I added this function - I tried to make it easier to
understand this code part. But if you think it’s self-explanatory enough
to test for none, then of course I can replace it :)

Thanks for reviewing.

> In particular I'm
> thinking of that auth_pending checking where there's no "client".
>
> This then just becomes "Introduce virNetServerClientNeedAuthLocked"
>
> John
>> diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
>> index 96fd1e6d15c2..616b6fe115e5 100644
>> --- a/src/rpc/virnetserverclient.c
>> +++ b/src/rpc/virnetserverclient.c
>> @@ -354,6 +354,23 @@ static void virNetServerClientSockTimerFunc(int timer,
>>  }
>>
>>
>> +/**
>> + * virNetServerClientAuthMethodImpliesAuthenticated:
>> + * @auth: authentication method to check
>> + *
>> + * Check if the passed authentication method implies that a client is
>> + * automatically authenticated.
>> + *
>> + * Returns true if @auth implies that a client is automatically
>> + * authenticated, otherwise false.
>> + */
>> +static bool
>> +virNetServerClientAuthMethodImpliesAuthenticated(int auth)
>> +{
>> +    return auth == VIR_NET_SERVER_SERVICE_AUTH_NONE;
>> +}
>> +
>> +
>>  static virNetServerClientPtr
>>  virNetServerClientNewInternal(unsigned long long id,
>>                                virNetSocketPtr sock,
>> @@ -1515,10 +1532,9 @@ int virNetServerClientSendMessage(virNetServerClientPtr client,
>>
>>  bool virNetServerClientNeedAuth(virNetServerClientPtr client)
>>  {
>> -    bool need = true;
>> +    bool need;
>>      virObjectLock(client);
>> -    if (client->auth == VIR_NET_SERVER_SERVICE_AUTH_NONE)
>> -        need = false;
>> +    need = !virNetServerClientAuthMethodImpliesAuthenticated(client->auth);
>>      virObjectUnlock(client);
>>      return need;
>>  }
>>
>
> --
> libvir-list mailing list
> libvir-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvir-list
>
--
Beste Grüße / Kind regards
   Marc Hartmayer

IBM Deutschland Research & Development GmbH
Vorsitzende des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux