And are these session ids, which are sent from clients to engine, sent further to client? I was not successful in deciphering the packets on the enine -vdsm channel, as I don't know the session key which wireshark needs ( for channel client - engine it was easier), so not sure what rpc fields are. For example, in libvirt itself there is no user information sent in rpc fields.

пн, 26 нояб. 2018 г. в 15:55, Greg Sheremeta <gshereme@redhat.com>:

On Sun, Nov 25, 2018 at 10:24 PM Anastasiya Ruzhanskaya <anastasiya.ruzhanskaya@frtk.ru> wrote:
Hello everyone!

I wanted to find out how the impersonation technique used in oVirt works? I know from libvirt developers, that oVirt opens one connection only for multiple clients. How does this work?

vdsm, on the hypervisor machine, funnels all the traffic from engine to libvirt. vdsm is therefore the only "client" of libvirt.
 

Also I found out in source code that in ActionParameterBase class the sessionId field is marked transient but, for example, for GWT rpc message, which goes to the server and says what action will be made (shut down, pause vm) this is the only field in all sent information which says what the session is. Where is the session sent instead? There was also a field with session id in https headers, but this was related to cookie so I am not completely sure if this can help to identify the current user.

Yes, that's it. From the headers view in Chrome, on the GWT RPC messages:
Cookie: JSESSIONID=VdzARh0xFJ8sVZXgG96dF_123cBUpQNfC3Kdz6e0.hostedengine
 
_______________________________________________
Devel mailing list -- devel@ovirt.org
To unsubscribe send an email to devel-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/MHUIQLODX454RUCI3MY5LGVG4W6NYL37/


--

GREG SHEREMETA

SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX

Red Hat NA

gshereme@redhat.com    IRC: gshereme