1. 02 2月, 2018 1 次提交
  2. 04 1月, 2018 1 次提交
    • M
      rpc: virnetserver: Fix race on srv->nclients_unauth · 94bbbcee
      Marc Hartmayer 提交于
      There is a race between virNetServerProcessClients (main thread) and
      remoteDispatchAuthList/remoteDispatchAuthPolkit/remoteSASLFinish (worker
      thread) that can lead to decrementing srv->nclients_unauth when it's
      zero. Since virNetServerCheckLimits relies on the value
      srv->nclients_unauth the underrun causes libvirtd to stop accepting
      new connections forever.
      
      Example race scenario (assuming libvirtd is using policykit and the
      client is privileged):
        1. The client calls the RPC remoteDispatchAuthList =>
           remoteDispatchAuthList is executed on a worker thread (Thread
           T1). We're assuming now the execution stops for some time before
           the line 'virNetServerClientSetAuth(client, 0)'
        2. The client closes the connection irregularly. This causes the
           event loop to wake up and virNetServerProcessClient to be
           called (on the main thread T0). During the
           virNetServerProcessClients the srv lock is hold. The condition
           virNetServerClientNeedAuth(client) will be checked and as the
           authentication is not finished right now
           virNetServerTrackCompletedAuthLocked(srv) will be called =>
           --srv->nclients_unauth => 0
        3. The Thread T1 continues, marks the client as authenticated, and
           calls virNetServerTrackCompletedAuthLocked(srv) =>
           --srv->nclients_unauth => --0 => wrap around as nclient_unauth is
           unsigned
        4. virNetServerCheckLimits(srv) will disable the services forever
      
      To fix it, add an auth_pending field to the client struct so that it
      is now possible to determine if the authentication process has already
      been handled for this client.
      
      Setting the authentication method to none for the client in
      virNetServerProcessClients is not a proper way to indicate that the
      counter has been decremented, as this would imply that the client is
      authenticated.
      
      Additionally, adjust the existing test cases for this new field.
      Signed-off-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com>
      Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com>
      94bbbcee
  3. 05 5月, 2016 1 次提交
  4. 03 5月, 2016 2 次提交
    • E
      rpc: virnetserverclient: Introduce new attribute conn_time to client · a32135b3
      Erik Skultety 提交于
      Besides ID, libvirt should provide several parameters to help the user
      distinguish two clients from each other. One of them is the connection
      timestamp. This patch also adds a testcase for proper JSON formatting of the
      new attribute too (proper formatting of older clients that did not support
      this attribute yet is included in the existing tests) - in order to
      testGenerateJSON to work, a mock of time_t time(time_t *timer) needed to be
      created.
      Signed-off-by: NErik Skultety <eskultet@redhat.com>
      a32135b3
    • E
      rpc: virnetserverclient: Identify clients by an integer ID · 5841d64d
      Erik Skultety 提交于
      Admin API needs a way of addressing specific clients. Unlike servers, which we
      are happy to address by names both because its name reflects its purpose (to
      some extent) and we only have two of them (so far), naming clients doesn't make
      any sense, since a) each client is an anonymous, i.e. not recognized after a
      disconnect followed by a reconnect, b) we can't predict what kind of requests
      it's going to send to daemon, and c) the are loads of them comming and going,
      so the only viable option is to use an ID which is of a reasonably wide data
      type.
      Signed-off-by: NErik Skultety <eskultet@redhat.com>
      5841d64d
  5. 17 2月, 2016 1 次提交
  6. 10 8月, 2015 1 次提交
    • M
      rpc: Remove keepalive_required option · a8743c39
      Martin Kletzander 提交于
      Since its introduction in 2011 (particularly in commit f4324e32),
      the option doesn't work.  It just effectively disables all incoming
      connections.  That's because the client private data that contain the
      'keepalive_supported' boolean, are initialized to zeroes so the bool is
      false and the only other place where the bool is used is when checking
      whether the client supports keepalive.  Thus, according to the server,
      no client supports keepalive.
      
      Removing this instead of fixing it is better because a) apparently
      nobody ever tried it since 2011 (4 years without one month) and b) we
      cannot know whether the client supports keepalive until we get a ping or
      pong keepalive packet.  And that won't happen until after we dispatched
      the ConnectOpen call.
      
      Another two reasons would be c) the keepalive_required was tracked on
      the server level, but keepalive_supported was in private data of the
      client as well as the check that was made in the remote layer, thus
      making all other instances of virNetServer miss this feature unless they
      all implemented it for themselves and d) we can always add it back in
      case there is a request and a use-case for it.
      Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      a8743c39
  7. 16 6月, 2015 1 次提交