[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH v4 00/10]Provide a QOM-based authorization API

From: Daniel P. Berrange
Subject: [Qemu-devel] [PATCH v4 00/10]Provide a QOM-based authorization API
Date: Wed, 11 May 2016 14:15:23 +0100

This is a followup of previously posted work in 2.6 cycle:

 v1: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg04618.html
 v2: https://lists.gnu.org/archive/html/qemu-devel/2016-03/msg01454.html
 v3: https://lists.gnu.org/archive/html/qemu-devel/2016-03/msg02498.html

Many years ago I was responsible for adding the 'qemu_acl' type
and associated HMP commands. Looking back at it now, it is quite
a poor facility with a couple of bad limitations. First, the
responsibility for creating the ACLs was left with the QEMU network
service (VNC server was only thing ever doing it). This meant you
could not share ACLs across multiple services. Second, there was
no way to populate ACLs on the command line, you had no choice but
to use the HMP commands. Third, the API was hardcoded around the
idea of an in-QEMU implementation, leaving no scope for plugging
in alternative implementations backed by, for example, LDAP or PAM.

This series introduces a much better authorization API design
to QEMU that addresses all these problems, and maintains back
compatibility. It of course is based on the QOM framework, so
that immediately gives us ability to create objects via the
CLI, HMP or QMP. There is an abstract base clss "QAuthZ" which
defines the basic API for QEMU network services to use, and a
specific implementation "QAuthZ" simple which replicates the
functionality of 'qemu_acl'. It is thus possible to add other
impls, without changing any other part of QEMU in the future.
Finally, the user is responsible for creating the ACL objects,
so they can have one ACL associated with all their TLS enabled
network services.

There was only one small problem with this, specifically the
-object CLI arg and HMP 'object_add' command had no way to let
the user specify non-scalar properties for objects. eg if an
object had a property which is a list of structs, you are out
of luck if you want to create it without using QMP.

Thus the first three patches do some work around QAPI / QOM
to make it possible to specify non-scalar properties with
the -object CLI arg and HMP 'object_add' command. See the
respective patches for illustration of the syntax used. Some
of Max's recent block patches also depend on the qdict_crumple
method in patch 1.

The patches 4 and 5 introduce the new base class and specific

Patch 6 kills the old qemu_acl code, updating any existing
callers of it to use the QAuthZSimple QOM class instead.

Patches 7-10 add support for associating ACLs with the
network services supporting TLS encryption (NBD, chardev
and VNC).

Changed in v4:

 - Ensure examples use shell escaping for '*' (Eric)
 - Add more tests for crumple impl (Eric)
 - Raise error if sasl-acl/tls-acl are requested but
   sasl/tls auth are not enabled (Eric)
 - Document return codes for auth check more clearly (Eric)
 - Don't silently turn a glob match into a strcmp
   if fnmatch is not present (Eric)
 - Other misc small typos/fixes (Eric)

Changed in v3:

 - Created separate qdict_list_size method (Max)
 - Added unit tests for case of empty dict (Max)
 - Fix variable names to use underscore separator (Max)
 - Fix potential free of uninitialized variables (Max)
 - Use QObject APIs for casts, instead of C type casts (Max)

Changed in v2:

 - Adapt to changes in qapi visitor APIs
 - Add a 'bool recursive' flag to qdict_crumple (Max)
 - Fix memory leaks in qdict_crumple (Max)
 - Split out key splitting code from qdict_crumple (Max)
 - Use saner variable names in qdict_crumple (Max)
 - Added some tests for bad inputs to qdict_crumple

Daniel P. Berrange (10):
  qdict: implement a qdict_crumple method for un-flattening a dict
  qapi: allow QmpInputVisitor to auto-cast types
  qom: support arbitrary non-scalar properties with -object
  util: add QAuthZ object as an authorization base class
  util: add QAuthZSimple object type for a simple access control list
  acl: delete existing ACL implementation
  qemu-nbd: add support for ACLs for TLS clients
  nbd: allow an ACL to be set with nbd-server-start QMP command
  chardev: add support for ACLs for TLS clients
  vnc: allow specifying a custom ACL object name

 MAINTAINERS                      |   7 +
 Makefile                         |   9 +-
 Makefile.objs                    |   2 +
 Makefile.target                  |   2 +
 blockdev-nbd.c                   |  10 +-
 crypto/tlssession.c              |  28 +++-
 hmp.c                            |  20 +--
 include/qapi/qmp-input-visitor.h |   3 +
 include/qapi/qmp/qdict.h         |   1 +
 include/qemu/acl.h               |  74 ---------
 include/qemu/authz-simple.h      | 115 ++++++++++++++
 include/qemu/authz.h             |  89 +++++++++++
 monitor.c                        | 181 ++++++++++++++--------
 qapi-schema.json                 |   8 +-
 qapi/block.json                  |   4 +-
 qapi/opts-visitor.c              |   1 +
 qapi/qmp-input-visitor.c         |  96 ++++++++++--
 qapi/util.json                   |  47 ++++++
 qemu-char.c                      |  11 +-
 qemu-nbd.c                       |  13 +-
 qemu-nbd.texi                    |   4 +
 qmp-commands.hx                  |   2 +-
 qobject/qdict.c                  | 282 +++++++++++++++++++++++++++++++++++
 qom/object_interfaces.c          |  19 ++-
 tests/.gitignore                 |   1 +
 tests/Makefile                   |   5 +-
 tests/check-qdict.c              | 228 ++++++++++++++++++++++++++++
 tests/check-qom-proplist.c       | 295 +++++++++++++++++++++++++++++++++++-
 tests/test-authz-simple.c        | 183 +++++++++++++++++++++++
 tests/test-crypto-tlssession.c   |  13 +-
 tests/test-io-channel-tls.c      |  14 +-
 tests/test-qmp-input-visitor.c   | 115 +++++++++++++-
 ui/vnc-auth-sasl.c               |   2 +-
 ui/vnc-auth-sasl.h               |   4 +-
 ui/vnc.c                         |  80 ++++++++--
 util/Makefile.objs               |   4 +-
 util/acl.c                       | 188 -----------------------
 util/authz-simple.c              | 314 +++++++++++++++++++++++++++++++++++++++
 util/authz.c                     |  46 ++++++
 39 files changed, 2117 insertions(+), 403 deletions(-)
 delete mode 100644 include/qemu/acl.h
 create mode 100644 include/qemu/authz-simple.h
 create mode 100644 include/qemu/authz.h
 create mode 100644 qapi/util.json
 create mode 100644 tests/test-authz-simple.c
 delete mode 100644 util/acl.c
 create mode 100644 util/authz-simple.c
 create mode 100644 util/authz.c


reply via email to

[Prev in Thread] Current Thread [Next in Thread]