/*-------------------------------------------------------------*/
static int
-remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED,
+remoteDispatchAuthList(virNetServerPtr server,
virNetServerClientPtr client,
virNetMessagePtr msg ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr,
goto cleanup;
VIR_INFO("Bypass polkit auth for privileged client %s", ident);
virNetServerClientSetAuth(client, 0);
+ virNetServerTrackCompletedAuth(server);
auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
VIR_FREE(ident);
}
* Returns 0 if ok, -1 on error, -2 if rejected
*/
static int
-remoteSASLFinish(virNetServerClientPtr client)
+remoteSASLFinish(virNetServerPtr server,
+ virNetServerClientPtr client)
{
const char *identity;
struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client);
return -2;
virNetServerClientSetAuth(client, 0);
+ virNetServerTrackCompletedAuth(server);
virNetServerClientSetSASLSession(client, priv->sasl);
VIR_DEBUG("Authentication successful %d", virNetServerClientGetFD(client));
* This starts the SASL authentication negotiation.
*/
static int
-remoteDispatchAuthSaslStart(virNetServerPtr server ATTRIBUTE_UNUSED,
+remoteDispatchAuthSaslStart(virNetServerPtr server,
virNetServerClientPtr client,
virNetMessagePtr msg ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr,
ret->complete = 0;
} else {
/* Check username whitelist ACL */
- if ((err = remoteSASLFinish(client)) < 0) {
+ if ((err = remoteSASLFinish(server, client)) < 0) {
if (err == -2)
goto authdeny;
else
static int
-remoteDispatchAuthSaslStep(virNetServerPtr server ATTRIBUTE_UNUSED,
+remoteDispatchAuthSaslStep(virNetServerPtr server,
virNetServerClientPtr client,
virNetMessagePtr msg ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr,
ret->complete = 0;
} else {
/* Check username whitelist ACL */
- if ((err = remoteSASLFinish(client)) < 0) {
+ if ((err = remoteSASLFinish(server, client)) < 0) {
if (err == -2)
goto authdeny;
else
#if WITH_POLKIT1
static int
-remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
+remoteDispatchAuthPolkit(virNetServerPtr server,
virNetServerClientPtr client,
virNetMessagePtr msg ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr,
ret->complete = 1;
virNetServerClientSetAuth(client, 0);
+ virNetServerTrackCompletedAuth(server);
virMutexUnlock(&priv->lock);
virCommandFree(cmd);
VIR_FREE(pkout);
}
#elif WITH_POLKIT0
static int
-remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
+remoteDispatchAuthPolkit(virNetServerPtr server,
virNetServerClientPtr client,
virNetMessagePtr msg ATTRIBUTE_UNUSED,
virNetMessageErrorPtr rerr,
ret->complete = 1;
virNetServerClientSetAuth(client, 0);
+ virNetServerTrackCompletedAuth(server);
virMutexUnlock(&priv->lock);
VIR_FREE(ident);
return 0;
size_t nprograms;
virNetServerProgramPtr *programs;
- size_t nclients;
- size_t nclients_max;
- virNetServerClientPtr *clients;
+ size_t nclients; /* Current clients count */
+ virNetServerClientPtr *clients; /* Clients */
+ size_t nclients_max; /* Max allowed clients count */
+ size_t nclients_unauth; /* Unauthenticated clients count */
int keepaliveInterval;
unsigned int keepaliveCount;
static void virNetServerDispose(void *obj);
static void virNetServerUpdateServicesLocked(virNetServerPtr srv,
bool enabled);
+static inline size_t virNetServerTrackPendingAuthLocked(virNetServerPtr srv);
+static inline size_t virNetServerTrackCompletedAuthLocked(virNetServerPtr srv);
static int virNetServerOnceInit(void)
{
srv->clients[srv->nclients-1] = client;
virObjectRef(client);
+ if (virNetServerClientNeedAuth(client))
+ virNetServerTrackPendingAuthLocked(srv);
+
if (srv->nclients == srv->nclients_max) {
/* Temporarily stop accepting new clients */
VIR_DEBUG("Temporarily suspending services due to max_clients");
VIR_DELETE_ELEMENT(srv->clients, i, srv->nclients);
+ if (virNetServerClientNeedAuth(client))
+ virNetServerTrackCompletedAuthLocked(srv);
+
/* Enable services if we can accept a new client.
* The new client can be accepted if we are at the limit. */
if (srv->nclients == srv->nclients_max - 1) {
virObjectUnlock(srv);
return required;
}
+
+static inline size_t
+virNetServerTrackPendingAuthLocked(virNetServerPtr srv)
+{
+ return ++srv->nclients_unauth;
+}
+
+static inline size_t
+virNetServerTrackCompletedAuthLocked(virNetServerPtr srv)
+{
+ return --srv->nclients_unauth;
+}
+
+size_t virNetServerTrackPendingAuth(virNetServerPtr srv)
+{
+ size_t ret;
+ virObjectLock(srv);
+ ret = virNetServerTrackPendingAuthLocked(srv);
+ virObjectUnlock(srv);
+ return ret;
+}
+
+size_t virNetServerTrackCompletedAuth(virNetServerPtr srv)
+{
+ size_t ret;
+ virObjectLock(srv);
+ ret = virNetServerTrackCompletedAuthLocked(srv);
+ virObjectUnlock(srv);
+ return ret;
+}
projects / libvirt.git / commitdiff