1. Patchew
  2. Libvirt
  3. [libvirt] [PATCH 00/14] Fix race on srv->nclients_unauth and some other changes
  4. View patch

[libvirt] [PATCH 08/14] rpc: Refactor the condition whether a client needs authentication

Marc Hartmayer posted 14 patches 7 years, 10 months ago
There is a newer version of this series
[libvirt] [PATCH 08/14] rpc: Refactor the condition whether a client needs authentication
Posted by Marc Hartmayer 7 years, 10 months ago 
Add virNetServerClientAuthMethodImpliesAuthenticated() for deciding
whether a authentication method implies that a client is automatically
authenticated or not. Use this new function in
virNetServerClientNeedAuth().

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
---
 src/rpc/virnetserverclient.c | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
index 96fd1e6d15c2..616b6fe115e5 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -354,6 +354,23 @@ static void virNetServerClientSockTimerFunc(int timer,
 }
 
 
+/**
+ * virNetServerClientAuthMethodImpliesAuthenticated:
+ * @auth: authentication method to check
+ *
+ * Check if the passed authentication method implies that a client is
+ * automatically authenticated.
+ *
+ * Returns true if @auth implies that a client is automatically
+ * authenticated, otherwise false.
+ */
+static bool
+virNetServerClientAuthMethodImpliesAuthenticated(int auth)
+{
+    return auth == VIR_NET_SERVER_SERVICE_AUTH_NONE;
+}
+
+
 static virNetServerClientPtr
 virNetServerClientNewInternal(unsigned long long id,
                               virNetSocketPtr sock,
@@ -1515,10 +1532,9 @@ int virNetServerClientSendMessage(virNetServerClientPtr client,
 
 bool virNetServerClientNeedAuth(virNetServerClientPtr client)
 {
-    bool need = true;
+    bool need;
     virObjectLock(client);
-    if (client->auth == VIR_NET_SERVER_SERVICE_AUTH_NONE)
-        need = false;
+    need = !virNetServerClientAuthMethodImpliesAuthenticated(client->auth);
     virObjectUnlock(client);
     return need;
 }
-- 
2.13.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 08/14] rpc: Refactor the condition whether a client needs authentication
Posted by Daniel P. Berrange 7 years, 10 months ago 
On Tue, Dec 12, 2017 at 12:36:30PM +0100, Marc Hartmayer wrote:
> Add virNetServerClientAuthMethodImpliesAuthenticated() for deciding
> whether a authentication method implies that a client is automatically
> authenticated or not. Use this new function in
> virNetServerClientNeedAuth().
> 
> Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
> Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
> ---
>  src/rpc/virnetserverclient.c | 22 +++++++++++++++++++---
>  1 file changed, 19 insertions(+), 3 deletions(-)
> 
> diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
> index 96fd1e6d15c2..616b6fe115e5 100644
> --- a/src/rpc/virnetserverclient.c
> +++ b/src/rpc/virnetserverclient.c
> @@ -354,6 +354,23 @@ static void virNetServerClientSockTimerFunc(int timer,
>  }
>  
>  
> +/**
> + * virNetServerClientAuthMethodImpliesAuthenticated:
> + * @auth: authentication method to check
> + *
> + * Check if the passed authentication method implies that a client is
> + * automatically authenticated.
> + *
> + * Returns true if @auth implies that a client is automatically
> + * authenticated, otherwise false.
> + */
> +static bool
> +virNetServerClientAuthMethodImpliesAuthenticated(int auth)
> +{
> +    return auth == VIR_NET_SERVER_SERVICE_AUTH_NONE;
> +}

This just seems to be functionally identical to the existing
virNetServerClientNeedAuth method you're refactoring. The only
difference is whether ther mutex is held or not. Giving it a
completely different name is just confusing in this case. Our
normal practice is to just name the method the same, but add
a "Locked" suffix to indicate that the caller must already
hold the lock.

> +
> +
>  static virNetServerClientPtr
>  virNetServerClientNewInternal(unsigned long long id,
>                                virNetSocketPtr sock,
> @@ -1515,10 +1532,9 @@ int virNetServerClientSendMessage(virNetServerClientPtr client,
>  
>  bool virNetServerClientNeedAuth(virNetServerClientPtr client)
>  {
> -    bool need = true;
> +    bool need;
>      virObjectLock(client);
> -    if (client->auth == VIR_NET_SERVER_SERVICE_AUTH_NONE)
> -        need = false;
> +    need = !virNetServerClientAuthMethodImpliesAuthenticated(client->auth);
>      virObjectUnlock(client);
>      return need;
>  }
> -- 
> 2.13.4
> 
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 08/14] rpc: Refactor the condition whether a client needs authentication
Posted by John Ferlan 7 years, 10 months ago 

On 12/12/2017 06:36 AM, Marc Hartmayer wrote:
> Add virNetServerClientAuthMethodImpliesAuthenticated() for deciding
> whether a authentication method implies that a client is automatically
> authenticated or not. Use this new function in
> virNetServerClientNeedAuth().
> 
> Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
> Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
> ---
>  src/rpc/virnetserverclient.c | 22 +++++++++++++++++++---
>  1 file changed, 19 insertions(+), 3 deletions(-)
> 

I see Daniel has been looking too - and I think if you extract parts of
the subsequent patch into this patch with the *Locked name then perhaps
there'd be less difference in the subsequent patch.

In later patches where virNetServerClientAuthMethodImpliesAuthenticated
is used in other parts of the code - I see no reason why we couldn't
compare directly to VIR_NET_SERVER_SERVICE_AUTH_NONE. In particular I'm
thinking of that auth_pending checking where there's no "client".

This then just becomes "Introduce virNetServerClientNeedAuthLocked"

John
> diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
> index 96fd1e6d15c2..616b6fe115e5 100644
> --- a/src/rpc/virnetserverclient.c
> +++ b/src/rpc/virnetserverclient.c
> @@ -354,6 +354,23 @@ static void virNetServerClientSockTimerFunc(int timer,
>  }
>  
>  
> +/**
> + * virNetServerClientAuthMethodImpliesAuthenticated:
> + * @auth: authentication method to check
> + *
> + * Check if the passed authentication method implies that a client is
> + * automatically authenticated.
> + *
> + * Returns true if @auth implies that a client is automatically
> + * authenticated, otherwise false.
> + */
> +static bool
> +virNetServerClientAuthMethodImpliesAuthenticated(int auth)
> +{
> +    return auth == VIR_NET_SERVER_SERVICE_AUTH_NONE;
> +}
> +
> +
>  static virNetServerClientPtr
>  virNetServerClientNewInternal(unsigned long long id,
>                                virNetSocketPtr sock,
> @@ -1515,10 +1532,9 @@ int virNetServerClientSendMessage(virNetServerClientPtr client,
>  
>  bool virNetServerClientNeedAuth(virNetServerClientPtr client)
>  {
> -    bool need = true;
> +    bool need;
>      virObjectLock(client);
> -    if (client->auth == VIR_NET_SERVER_SERVICE_AUTH_NONE)
> -        need = false;
> +    need = !virNetServerClientAuthMethodImpliesAuthenticated(client->auth);
>      virObjectUnlock(client);
>      return need;
>  }
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 08/14] rpc: Refactor the condition whether a client needs authentication
Posted by Marc Hartmayer 7 years, 10 months ago 
On Fri, Dec 15, 2017 at 02:16 PM +0100, John Ferlan <jferlan@redhat.com> wrote:
> On 12/12/2017 06:36 AM, Marc Hartmayer wrote:
>> Add virNetServerClientAuthMethodImpliesAuthenticated() for deciding
>> whether a authentication method implies that a client is automatically
>> authenticated or not. Use this new function in
>> virNetServerClientNeedAuth().
>>
>> Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
>> Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
>> Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
>> ---
>>  src/rpc/virnetserverclient.c | 22 +++++++++++++++++++---
>>  1 file changed, 19 insertions(+), 3 deletions(-)
>>
>
> I see Daniel has been looking too - and I think if you extract parts of
> the subsequent patch into this patch with the *Locked name then perhaps
> there'd be less difference in the subsequent patch.
>
> In later patches where virNetServerClientAuthMethodImpliesAuthenticated
> is used in other parts of the code - I see no reason why we couldn't
> compare directly to VIR_NET_SERVER_SERVICE_AUTH_NONE.

The first time I read the code it was very strange to me that a user is
authenticated when the authentication method was set to none. This was
also the reason why I added this function - I tried to make it easier to
understand this code part. But if you think it’s self-explanatory enough
to test for none, then of course I can replace it :)

Thanks for reviewing.

> In particular I'm
> thinking of that auth_pending checking where there's no "client".
>
> This then just becomes "Introduce virNetServerClientNeedAuthLocked"
>
> John
>> diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
>> index 96fd1e6d15c2..616b6fe115e5 100644
>> --- a/src/rpc/virnetserverclient.c
>> +++ b/src/rpc/virnetserverclient.c
>> @@ -354,6 +354,23 @@ static void virNetServerClientSockTimerFunc(int timer,
>>  }
>>
>>
>> +/**
>> + * virNetServerClientAuthMethodImpliesAuthenticated:
>> + * @auth: authentication method to check
>> + *
>> + * Check if the passed authentication method implies that a client is
>> + * automatically authenticated.
>> + *
>> + * Returns true if @auth implies that a client is automatically
>> + * authenticated, otherwise false.
>> + */
>> +static bool
>> +virNetServerClientAuthMethodImpliesAuthenticated(int auth)
>> +{
>> +    return auth == VIR_NET_SERVER_SERVICE_AUTH_NONE;
>> +}
>> +
>> +
>>  static virNetServerClientPtr
>>  virNetServerClientNewInternal(unsigned long long id,
>>                                virNetSocketPtr sock,
>> @@ -1515,10 +1532,9 @@ int virNetServerClientSendMessage(virNetServerClientPtr client,
>>
>>  bool virNetServerClientNeedAuth(virNetServerClientPtr client)
>>  {
>> -    bool need = true;
>> +    bool need;
>>      virObjectLock(client);
>> -    if (client->auth == VIR_NET_SERVER_SERVICE_AUTH_NONE)
>> -        need = false;
>> +    need = !virNetServerClientAuthMethodImpliesAuthenticated(client->auth);
>>      virObjectUnlock(client);
>>      return need;
>>  }
>>
>
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
>
--
Beste Grüße / Kind regards
   Marc Hartmayer

IBM Deutschland Research & Development GmbH
Vorsitzende des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294


--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-8c64711

© 2016 - 2025 Red Hat, Inc.