diff --git a/daemon/remote.c b/daemon/remote.c index c92223eacd..45c50f316f 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -2391,10 +2391,8 @@ remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED, goto cleanup; } VIR_INFO("Bypass polkit auth for privileged client %s", ident); - if (virNetServerClientSetIdentity(client, ident) < 0) - virResetLastError(); - else - auth = VIR_NET_SERVER_SERVICE_AUTH_NONE; + virNetServerClientSetAuth(client, 0); + auth = VIR_NET_SERVER_SERVICE_AUTH_NONE; VIR_FREE(ident); } } @@ -2535,9 +2533,7 @@ remoteSASLFinish(virNetServerClientPtr client) if (!virNetSASLContextCheckIdentity(saslCtxt, identity)) return -2; - if (virNetServerClientSetIdentity(client, identity) < 0) - goto error; - + virNetServerClientSetAuth(client, 0); virNetServerClientSetSASLSession(client, priv->sasl); VIR_DEBUG("Authentication successful %d", virNetServerClientGetFD(client)); @@ -2869,7 +2865,7 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, action, (long long) callerPid, callerUid); ret->complete = 1; - virNetServerClientSetIdentity(client, ident); + virNetServerClientSetAuth(client, 0); virMutexUnlock(&priv->lock); virCommandFree(cmd); VIR_FREE(pkout); @@ -3024,8 +3020,8 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, action, (long long) callerPid, callerUid, polkit_result_to_string_representation(pkresult)); ret->complete = 1; - virNetServerClientSetIdentity(client, ident); + virNetServerClientSetAuth(client, 0); virMutexUnlock(&priv->lock); VIR_FREE(ident); return 0; diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 8fe0b97a4f..6ee6b6939b 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -852,7 +852,6 @@ virNetServerClientClose; virNetServerClientDelayedClose; virNetServerClientGetAuth; virNetServerClientGetFD; -virNetServerClientGetIdentity; virNetServerClientGetPrivateData; virNetServerClientGetReadonly; virNetServerClientGetTLSKeySize; @@ -871,9 +870,9 @@ virNetServerClientPreExecRestart; virNetServerClientRemoteAddrString; virNetServerClientRemoveFilter; virNetServerClientSendMessage; +virNetServerClientSetAuth; virNetServerClientSetCloseHook; virNetServerClientSetDispatcher; -virNetServerClientSetIdentity; virNetServerClientStartKeepAlive; virNetServerClientWantClose; diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c index 446e1e9168..9e519e66c0 100644 --- a/src/rpc/virnetserverclient.c +++ b/src/rpc/virnetserverclient.c @@ -64,7 +64,6 @@ struct _virNetServerClient virNetSocketPtr sock; int auth; bool readonly; - char *identity; #if WITH_GNUTLS virNetTLSContextPtr tlsCtxt; virNetTLSSessionPtr tls; @@ -442,7 +441,6 @@ virNetServerClientPtr virNetServerClientNewPostExecRestart(virJSONValuePtr objec virJSONValuePtr child; virNetServerClientPtr client = NULL; virNetSocketPtr sock; - const char *identity = NULL; int auth; bool readonly; unsigned int nrequests_max; @@ -463,12 +461,6 @@ virNetServerClientPtr virNetServerClientNewPostExecRestart(virJSONValuePtr objec _("Missing nrequests_client_max field in JSON state document")); return NULL; } - if (virJSONValueObjectHasKey(object, "identity") && - (!(identity = virJSONValueObjectGetString(object, "identity")))) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Missing identity field in JSON state document")); - return NULL; - } if (!(child = virJSONValueObjectGet(object, "sock"))) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -493,10 +485,6 @@ virNetServerClientPtr virNetServerClientNewPostExecRestart(virJSONValuePtr objec } virObjectUnref(sock); - if (identity && - virNetServerClientSetIdentity(client, identity) < 0) - goto error; - if (privNew) { if (!(child = virJSONValueObjectGet(object, "privateData"))) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -536,10 +524,6 @@ virJSONValuePtr virNetServerClientPreExecRestart(virNetServerClientPtr client) if (virJSONValueObjectAppendNumberUint(object, "nrequests_max", client->nrequests_max) < 0) goto error; - if (client->identity && - virJSONValueObjectAppendString(object, "identity", client->identity) < 0) - goto error; - if (!(child = virNetSocketPreExecRestart(client->sock))) goto error; @@ -576,6 +560,13 @@ int virNetServerClientGetAuth(virNetServerClientPtr client) return auth; } +void virNetServerClientSetAuth(virNetServerClientPtr client, int auth) +{ + virObjectLock(client); + client->auth = auth; + virObjectUnlock(client); +} + bool virNetServerClientGetReadonly(virNetServerClientPtr client) { bool readonly; @@ -663,32 +654,6 @@ void virNetServerClientSetSASLSession(virNetServerClientPtr client, #endif -int virNetServerClientSetIdentity(virNetServerClientPtr client, - const char *identity) -{ - int ret = -1; - virObjectLock(client); - if (!(client->identity = strdup(identity))) { - virReportOOMError(); - goto error; - } - ret = 0; - -error: - virObjectUnlock(client); - return ret; -} - -const char *virNetServerClientGetIdentity(virNetServerClientPtr client) -{ - const char *identity; - virObjectLock(client); - identity = client->identity; - virObjectUnlock(client); - return identity; -} - - void *virNetServerClientGetPrivateData(virNetServerClientPtr client) { void *data; @@ -743,7 +708,6 @@ void virNetServerClientDispose(void *obj) client->privateDataFreeFunc) client->privateDataFreeFunc(client->privateData); - VIR_FREE(client->identity); #if WITH_SASL virObjectUnref(client->sasl); #endif @@ -1319,7 +1283,7 @@ bool virNetServerClientNeedAuth(virNetServerClientPtr client) { bool need = false; virObjectLock(client); - if (client->auth && !client->identity) + if (client->auth) need = true; virObjectUnlock(client); return need; diff --git a/src/rpc/virnetserverclient.h b/src/rpc/virnetserverclient.h index 325f5d9c4e..31414bc4d5 100644 --- a/src/rpc/virnetserverclient.h +++ b/src/rpc/virnetserverclient.h @@ -76,6 +76,7 @@ void virNetServerClientRemoveFilter(virNetServerClientPtr client, int filterID); int virNetServerClientGetAuth(virNetServerClientPtr client); +void virNetServerClientSetAuth(virNetServerClientPtr client, int auth); bool virNetServerClientGetReadonly(virNetServerClientPtr client); # ifdef WITH_GNUTLS @@ -92,10 +93,6 @@ int virNetServerClientGetFD(virNetServerClientPtr client); bool virNetServerClientIsSecure(virNetServerClientPtr client); -int virNetServerClientSetIdentity(virNetServerClientPtr client, - const char *identity); -const char *virNetServerClientGetIdentity(virNetServerClientPtr client); - int virNetServerClientGetUNIXIdentity(virNetServerClientPtr client, uid_t *uid, gid_t *gid, pid_t *pid);