qemu-block
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-block] [PATCH 6/6] monitor: deprecate acl_show, acl_reset, acl

From: Dr. David Alan Gilbert
Subject: Re: [Qemu-block] [PATCH 6/6] monitor: deprecate acl_show, acl_reset, acl_policy, acl_add, acl_remove
Date: Tue, 19 Jun 2018 13:31:40 +0100
User-agent: Mutt/1.10.0 (2018-05-17) 
* Daniel P. Berrangé (address@hidden) wrote:
> The various ACL related commands are obsolete now that the QAuthZ
> framework for authorization is fully integrated throughout QEMU network
> services. Mark it as deprecated with no replacement to be provided.
> 
> Signed-off-by: Daniel P. Berrangé <address@hidden>

OK, so I can do all these by using object_add/object_del with the right
type and parameters?

but looks OK:

Reviewed-by: Dr. David Alan Gilbert <address@hidden>


> ---
>  monitor.c     | 23 +++++++++++++++++++++++
>  qemu-doc.texi |  8 ++++++++
>  2 files changed, 31 insertions(+)
> 
> diff --git a/monitor.c b/monitor.c
> index 67c63013bd..c4a9ae5c85 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -2089,6 +2089,19 @@ static QAuthZList *find_auth(Monitor *mon, const char 
> *name)
>      return QAUTHZ_LIST(obj);
>  }
>  
> +static bool warn_acl;
> +static void hmp_warn_acl(void)
> +{
> +    if (warn_acl) {
> +        return;
> +    }
> +    error_report("The acl_show, acl_reset, acl_policy, acl_add, acl_remove "
> +                 "commands are deprecated with no replacement. Authorization 
> "
> +                 "for VNC should be performed using the pluggable QAuthZ "
> +                 "objects");
> +    warn_acl = true;
> +}
> +
>  static void hmp_acl_show(Monitor *mon, const QDict *qdict)
>  {
>      const char *aclname = qdict_get_str(qdict, "aclname");
> @@ -2096,6 +2109,8 @@ static void hmp_acl_show(Monitor *mon, const QDict 
> *qdict)
>      QAuthZListRuleList *rules;
>      size_t i = 0;
>  
> +    hmp_warn_acl();
> +
>      if (!auth) {
>          return;
>      }
> @@ -2119,6 +2134,8 @@ static void hmp_acl_reset(Monitor *mon, const QDict 
> *qdict)
>      const char *aclname = qdict_get_str(qdict, "aclname");
>      QAuthZList *auth = find_auth(mon, aclname);
>  
> +    hmp_warn_acl();
> +
>      if (!auth) {
>          return;
>      }
> @@ -2137,6 +2154,8 @@ static void hmp_acl_policy(Monitor *mon, const QDict 
> *qdict)
>      int val;
>      Error *err = NULL;
>  
> +    hmp_warn_acl();
> +
>      if (!auth) {
>          return;
>      }
> @@ -2172,6 +2191,8 @@ static void hmp_acl_add(Monitor *mon, const QDict 
> *qdict)
>      QAuthZListFormat format;
>      size_t i = 0;
>  
> +    hmp_warn_acl();
> +
>      if (!auth) {
>          return;
>      }
> @@ -2227,6 +2248,8 @@ static void hmp_acl_remove(Monitor *mon, const QDict 
> *qdict)
>      QAuthZList *auth = find_auth(mon, aclname);
>      ssize_t i = 0;
>  
> +    hmp_warn_acl();
> +
>      if (!auth) {
>          return;
>      }
> diff --git a/qemu-doc.texi b/qemu-doc.texi
> index 5b7e3faab2..c6aad94015 100644
> --- a/qemu-doc.texi
> +++ b/qemu-doc.texi
> @@ -2938,6 +2938,14 @@ The ``query-cpus'' command is replaced by the 
> ``query-cpus-fast'' command.
>  The ``arch'' output member of the ``query-cpus-fast'' command is
>  replaced by the ``target'' output member.
>  
> address@hidden Human Monitor Protocol (HMP) commands
> +
> address@hidden acl_show, acl_reset, acl_policy, acl_add, acl_remove (since 
> 3.0.0)
> +
> +The ``acl_show'', ``acl_reset'', ``acl_policy'', ``acl_add'', and
> +``acl_remove'' commands are deprecated with no replacement. Authorization
> +for VNC should be performed using the pluggable QAuthZ objects.
> +
>  @section System emulator devices
>  
>  @subsection ivshmem (since 2.6.0)
> -- 
> 2.17.0
> 
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK
reply via email to
[Prev in Thread] Current Thread [Next in Thread]