The counter gets incremented on each unauthenticated client added to the
server and decremented whenever the client authenticates.
Signed-off-by: Michal Privoznik mpriv...@redhat.com
---
daemon/remote.c| 21 +
src/rpc/virnetserver.c | 36 +---
src/rpc/virnetserver.h | 2 ++
3 files changed, 48 insertions(+), 11 deletions(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index decaecc..8354376 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -2298,7 +2298,7 @@ cleanup:
/*-*/
static int
-remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED,
+remoteDispatchAuthList(virNetServerPtr server,
virNetServerClientPtr client,
virNetMessagePtr msg ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr,
@@ -2328,6 +2328,7 @@ remoteDispatchAuthList(virNetServerPtr server
ATTRIBUTE_UNUSED,
goto cleanup;
VIR_INFO(Bypass polkit auth for privileged client %s, ident);
virNetServerClientSetAuth(client, 0);
+virNetServerClientAuth(server, false);
auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
VIR_FREE(ident);
}
@@ -2443,7 +2444,8 @@ authfail:
* Returns 0 if ok, -1 on error, -2 if rejected
*/
static int
-remoteSASLFinish(virNetServerClientPtr client)
+remoteSASLFinish(virNetServerPtr server,
+ virNetServerClientPtr client)
{
const char *identity;
struct daemonClientPrivate *priv =
virNetServerClientGetPrivateData(client);
@@ -2468,6 +2470,7 @@ remoteSASLFinish(virNetServerClientPtr client)
return -2;
virNetServerClientSetAuth(client, 0);
+virNetServerClientAuth(server, false);
virNetServerClientSetSASLSession(client, priv-sasl);
VIR_DEBUG(Authentication successful %d, virNetServerClientGetFD(client));
@@ -2489,7 +2492,7 @@ error:
* This starts the SASL authentication negotiation.
*/
static int
-remoteDispatchAuthSaslStart(virNetServerPtr server ATTRIBUTE_UNUSED,
+remoteDispatchAuthSaslStart(virNetServerPtr server,
virNetServerClientPtr client,
virNetMessagePtr msg ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr,
@@ -2547,7 +2550,7 @@ remoteDispatchAuthSaslStart(virNetServerPtr server
ATTRIBUTE_UNUSED,
ret-complete = 0;
} else {
/* Check username whitelist ACL */
-if ((err = remoteSASLFinish(client)) 0) {
+if ((err = remoteSASLFinish(server, client)) 0) {
if (err == -2)
goto authdeny;
else
@@ -2587,7 +2590,7 @@ error:
static int
-remoteDispatchAuthSaslStep(virNetServerPtr server ATTRIBUTE_UNUSED,
+remoteDispatchAuthSaslStep(virNetServerPtr server,
virNetServerClientPtr client,
virNetMessagePtr msg ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr,
@@ -2645,7 +2648,7 @@ remoteDispatchAuthSaslStep(virNetServerPtr server
ATTRIBUTE_UNUSED,
ret-complete = 0;
} else {
/* Check username whitelist ACL */
-if ((err = remoteSASLFinish(client)) 0) {
+if ((err = remoteSASLFinish(server, client)) 0) {
if (err == -2)
goto authdeny;
else
@@ -2730,7 +2733,7 @@ remoteDispatchAuthSaslStep(virNetServerPtr server
ATTRIBUTE_UNUSED,
#if WITH_POLKIT1
static int
-remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
+remoteDispatchAuthPolkit(virNetServerPtr server,
virNetServerClientPtr client,
virNetMessagePtr msg ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr,
@@ -2822,6 +2825,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server
ATTRIBUTE_UNUSED,
ret-complete = 1;
virNetServerClientSetAuth(client, 0);
+virNetServerClientAuth(server, false);
virMutexUnlock(priv-lock);
virCommandFree(cmd);
VIR_FREE(pkout);
@@ -2862,7 +2866,7 @@ authdeny:
}
#elif WITH_POLKIT0
static int
-remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
+remoteDispatchAuthPolkit(virNetServerPtr server,
virNetServerClientPtr client,
virNetMessagePtr msg ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr,
@@ -2977,6 +2981,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server
ATTRIBUTE_UNUSED,
ret-complete = 1;
virNetServerClientSetAuth(client, 0);
+virNetServerClientAuth(server, false);
virMutexUnlock(priv-lock);
VIR_FREE(ident);
return 0;
diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
index 8907768..1b2c6d4 100644
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
@@ -87,9 +87,10 @@ struct _virNetServer {
size_t nprograms;