From nobody Thu May 15 06:24:49 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1513078655857857.6925592668616;
 Tue, 12 Dec 2017 03:37:35 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 2F6D52C971F;
	Tue, 12 Dec 2017 11:37:34 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 0B765620C1;
	Tue, 12 Dec 2017 11:37:34 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id C4545180474B;
	Tue, 12 Dec 2017 11:37:33 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id vBCBb2iU030110 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 12 Dec 2017 06:37:02 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 7118551C75; Tue, 12 Dec 2017 11:37:02 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx05.extmail.prod.ext.phx2.redhat.com
	[10.5.110.29])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 6A67E5D756
	for <libvir-list@redhat.com>; Tue, 12 Dec 2017 11:37:02 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 45DF319CF27
	for <libvir-list@redhat.com>; Tue, 12 Dec 2017 11:37:01 +0000 (UTC)
Received: from pps.filterd (m0098393.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id
	vBCBaU75134989
	for <libvir-list@redhat.com>; Tue, 12 Dec 2017 06:37:01 -0500
Received: from e06smtp12.uk.ibm.com (e06smtp12.uk.ibm.com [195.75.94.108])
	by mx0a-001b2d01.pphosted.com with ESMTP id 2etam0t9we-1
	(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)
	for <libvir-list@redhat.com>; Tue, 12 Dec 2017 06:37:00 -0500
Received: from localhost
	by e06smtp12.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <libvir-list@redhat.com> from <mhartmay@linux.vnet.ibm.com>;
	Tue, 12 Dec 2017 11:36:58 -0000
Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196)
	by e06smtp12.uk.ibm.com (192.168.101.142) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Tue, 12 Dec 2017 11:36:55 -0000
Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com
	[9.149.105.61])
	by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id vBCBatPN47120448
	for <libvir-list@redhat.com>; Tue, 12 Dec 2017 11:36:55 GMT
Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id DFCD011C04C
	for <libvir-list@redhat.com>; Tue, 12 Dec 2017 11:31:15 +0000 (GMT)
Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id C2C1411C04A
	for <libvir-list@redhat.com>; Tue, 12 Dec 2017 11:31:15 +0000 (GMT)
Received: from marc-ibm.boeblingen.de.ibm.com (unknown [9.152.224.46])
	by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP
	for <libvir-list@redhat.com>; Tue, 12 Dec 2017 11:31:15 +0000 (GMT)
From: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
To: Libvirt Mailing List <libvir-list@redhat.com>
Date: Tue, 12 Dec 2017 12:36:32 +0100
In-Reply-To: <20171212113636.28518-1-mhartmay@linux.vnet.ibm.com>
References: <20171212113636.28518-1-mhartmay@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 17121211-0008-0000-0000-000004B62702
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 17121211-0009-0000-0000-00001E4931F0
Message-Id: <20171212113636.28518-11-mhartmay@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
	definitions=2017-12-12_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=2 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1712120169
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.29]); Tue, 12 Dec 2017 11:37:01 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.29]);
	Tue, 12 Dec 2017 11:37:01 +0000 (UTC) for IP:'148.163.156.1'
	DOMAIN:'mx0a-001b2d01.pphosted.com'
	HELO:'mx0a-001b2d01.pphosted.com'
	FROM:'mhartmay@linux.vnet.ibm.com' RCPT:''
X-RedHat-Spam-Score: -0.701  (RCVD_IN_DNSWL_LOW,
	RCVD_IN_MSPIKE_H2) 148.163.156.1
	mx0a-001b2d01.pphosted.com 148.163.156.1
	mx0a-001b2d01.pphosted.com <mhartmay@linux.vnet.ibm.com>
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.29
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 10/14] rpc: Introduce
	virNetServerSetClientAuthenticated
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]);
 Tue, 12 Dec 2017 11:37:34 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Introduce a function which marks the client as authenticated and also
it tracks on the server that the authentication for this client has
been completed. Afterwords it will check for the limits of the server.

After using this new function the function
virNetServerTrackCompletedAuth was superfluous and is therefore
removed. In addition, it is not very common that a
'{{function}}' (virNetServerTrackCompletedAuth) does more than just
the locking compared to
'{{function}}Locked' (virNetServerTrackCompletedAuthLocked).

virNetServerTrackPendingAuth was already superfluous and therefore
it's also removed.

Signed-off-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
 daemon/remote.c              |  9 +++------
 src/libvirt_remote.syms      |  5 ++---
 src/rpc/virnetserver.c       | 40 ++++++++++++++++++++++------------------
 src/rpc/virnetserver.h       |  3 +--
 src/rpc/virnetserverclient.c |  5 ++---
 src/rpc/virnetserverclient.h |  2 +-
 6 files changed, 31 insertions(+), 33 deletions(-)

diff --git a/daemon/remote.c b/daemon/remote.c
index 6f78f17178f7..a9dd228b8273 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -3263,8 +3263,7 @@ remoteDispatchAuthList(virNetServerPtr server,
                             (long long) callerPid, (int) callerUid) < 0)
                 goto cleanup;
             VIR_INFO("Bypass polkit auth for privileged client %s", ident);
-            virNetServerClientSetAuth(client, VIR_NET_SERVER_SERVICE_AUTH_=
NONE);
-            virNetServerTrackCompletedAuth(server);
+            virNetServerSetClientAuthenticated(server, client);
             auth =3D VIR_NET_SERVER_SERVICE_AUTH_NONE;
             VIR_FREE(ident);
         }
@@ -3407,8 +3406,7 @@ remoteSASLFinish(virNetServerPtr server,
     if (!(clnt_identity =3D virNetServerClientGetIdentity(client)))
         goto error;
=20
-    virNetServerClientSetAuth(client, VIR_NET_SERVER_SERVICE_AUTH_NONE);
-    virNetServerTrackCompletedAuth(server);
+    virNetServerSetClientAuthenticated(server, client);
     virNetServerClientSetSASLSession(client, priv->sasl);
     virIdentitySetSASLUserName(clnt_identity, identity);
=20
@@ -3731,8 +3729,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server,
              action, (long long) callerPid, callerUid);
     ret->complete =3D 1;
=20
-    virNetServerClientSetAuth(client, VIR_NET_SERVER_SERVICE_AUTH_NONE);
-    virNetServerTrackCompletedAuth(server);
+    virNetServerSetClientAuthenticated(server, client);
     virMutexUnlock(&priv->lock);
=20
     return 0;
diff --git a/src/libvirt_remote.syms b/src/libvirt_remote.syms
index efdf912ec563..7fcae970484d 100644
--- a/src/libvirt_remote.syms
+++ b/src/libvirt_remote.syms
@@ -116,9 +116,8 @@ virNetServerNewPostExecRestart;
 virNetServerNextClientID;
 virNetServerPreExecRestart;
 virNetServerProcessClients;
+virNetServerSetClientAuthenticated;
 virNetServerStart;
-virNetServerTrackCompletedAuth;
-virNetServerTrackPendingAuth;
 virNetServerUpdateServices;
=20
=20
@@ -152,7 +151,7 @@ virNetServerClientRemoteAddrStringSASL;
 virNetServerClientRemoteAddrStringURI;
 virNetServerClientRemoveFilter;
 virNetServerClientSendMessage;
-virNetServerClientSetAuth;
+virNetServerClientSetAuthLocked;
 virNetServerClientSetCloseHook;
 virNetServerClientSetDispatcher;
 virNetServerClientStartKeepAlive;
diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
index d03bd3e91905..72105cd9318f 100644
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
@@ -737,6 +737,28 @@ int virNetServerSetTLSContext(virNetServerPtr srv,
 #endif
=20
=20
+/**
+ * virNetServerSetClientAuthenticated:
+ * @srv: server must be unlocked
+ * @client: client must be unlocked
+ *
+ * Mark @client as authenticated and tracks on @srv that the
+ * authentication of this @client has been completed. Also it checks
+ * the limits of @srv.
+ */
+void
+virNetServerSetClientAuthenticated(virNetServerPtr srv, virNetServerClient=
Ptr client)
+{
+    virObjectLock(srv);
+    virObjectLock(client);
+    virNetServerClientSetAuthLocked(client, VIR_NET_SERVER_SERVICE_AUTH_NO=
NE);
+    virNetServerTrackCompletedAuthLocked(srv);
+    virNetServerCheckLimits(srv);
+    virObjectUnlock(client);
+    virObjectUnlock(srv);
+}
+
+
 static void
 virNetServerUpdateServicesLocked(virNetServerPtr srv,
                                  bool enabled)
@@ -813,24 +835,6 @@ virNetServerTrackCompletedAuthLocked(virNetServerPtr s=
rv)
     return --srv->nclients_unauth;
 }
=20
-size_t virNetServerTrackPendingAuth(virNetServerPtr srv)
-{
-    size_t ret;
-    virObjectLock(srv);
-    ret =3D virNetServerTrackPendingAuthLocked(srv);
-    virObjectUnlock(srv);
-    return ret;
-}
-
-size_t virNetServerTrackCompletedAuth(virNetServerPtr srv)
-{
-    size_t ret;
-    virObjectLock(srv);
-    ret =3D virNetServerTrackCompletedAuthLocked(srv);
-    virNetServerCheckLimits(srv);
-    virObjectUnlock(srv);
-    return ret;
-}
=20
 bool
 virNetServerHasClients(virNetServerPtr srv)
diff --git a/src/rpc/virnetserver.h b/src/rpc/virnetserver.h
index 6a79d15370e5..7728a67f5fcb 100644
--- a/src/rpc/virnetserver.h
+++ b/src/rpc/virnetserver.h
@@ -73,13 +73,12 @@ int virNetServerSetTLSContext(virNetServerPtr srv,
                               virNetTLSContextPtr tls);
 # endif
=20
-size_t virNetServerTrackPendingAuth(virNetServerPtr srv);
-size_t virNetServerTrackCompletedAuth(virNetServerPtr srv);
=20
 int virNetServerAddClient(virNetServerPtr srv,
                           virNetServerClientPtr client);
 bool virNetServerHasClients(virNetServerPtr srv);
 void virNetServerProcessClients(virNetServerPtr srv);
+void virNetServerSetClientAuthenticated(virNetServerPtr srv, virNetServerC=
lientPtr client);
=20
 void virNetServerUpdateServices(virNetServerPtr srv, bool enabled);
=20
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
index 3101b555a90d..6adc3ec3ec01 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -639,11 +639,10 @@ int virNetServerClientGetAuth(virNetServerClientPtr c=
lient)
     return auth;
 }
=20
-void virNetServerClientSetAuth(virNetServerClientPtr client, int auth)
+/* @client needs to be locked by the caller */
+void virNetServerClientSetAuthLocked(virNetServerClientPtr client, int aut=
h)
 {
-    virObjectLock(client);
     client->auth =3D auth;
-    virObjectUnlock(client);
 }
=20
 bool virNetServerClientGetReadonly(virNetServerClientPtr client)
diff --git a/src/rpc/virnetserverclient.h b/src/rpc/virnetserverclient.h
index 9ec18588a858..19f20b808284 100644
--- a/src/rpc/virnetserverclient.h
+++ b/src/rpc/virnetserverclient.h
@@ -79,7 +79,7 @@ void virNetServerClientRemoveFilter(virNetServerClientPtr=
 client,
                                     int filterID);
=20
 int virNetServerClientGetAuth(virNetServerClientPtr client);
-void virNetServerClientSetAuth(virNetServerClientPtr client, int auth);
+void virNetServerClientSetAuthLocked(virNetServerClientPtr client, int aut=
h);
 bool virNetServerClientGetReadonly(virNetServerClientPtr client);
 unsigned long long virNetServerClientGetID(virNetServerClientPtr client);
 long long virNetServerClientGetTimestamp(virNetServerClientPtr client);
--=20
2.13.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list