[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v4 00/10]Provide a QOM-based authorization API
From: |
Daniel P. Berrange |
Subject: |
[Qemu-devel] [PATCH v4 00/10]Provide a QOM-based authorization API |
Date: |
Wed, 11 May 2016 14:15:23 +0100 |
This is a followup of previously posted work in 2.6 cycle:
v1: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg04618.html
v2: https://lists.gnu.org/archive/html/qemu-devel/2016-03/msg01454.html
v3: https://lists.gnu.org/archive/html/qemu-devel/2016-03/msg02498.html
Many years ago I was responsible for adding the 'qemu_acl' type
and associated HMP commands. Looking back at it now, it is quite
a poor facility with a couple of bad limitations. First, the
responsibility for creating the ACLs was left with the QEMU network
service (VNC server was only thing ever doing it). This meant you
could not share ACLs across multiple services. Second, there was
no way to populate ACLs on the command line, you had no choice but
to use the HMP commands. Third, the API was hardcoded around the
idea of an in-QEMU implementation, leaving no scope for plugging
in alternative implementations backed by, for example, LDAP or PAM.
This series introduces a much better authorization API design
to QEMU that addresses all these problems, and maintains back
compatibility. It of course is based on the QOM framework, so
that immediately gives us ability to create objects via the
CLI, HMP or QMP. There is an abstract base clss "QAuthZ" which
defines the basic API for QEMU network services to use, and a
specific implementation "QAuthZ" simple which replicates the
functionality of 'qemu_acl'. It is thus possible to add other
impls, without changing any other part of QEMU in the future.
Finally, the user is responsible for creating the ACL objects,
so they can have one ACL associated with all their TLS enabled
network services.
There was only one small problem with this, specifically the
-object CLI arg and HMP 'object_add' command had no way to let
the user specify non-scalar properties for objects. eg if an
object had a property which is a list of structs, you are out
of luck if you want to create it without using QMP.
Thus the first three patches do some work around QAPI / QOM
to make it possible to specify non-scalar properties with
the -object CLI arg and HMP 'object_add' command. See the
respective patches for illustration of the syntax used. Some
of Max's recent block patches also depend on the qdict_crumple
method in patch 1.
The patches 4 and 5 introduce the new base class and specific
implementation.
Patch 6 kills the old qemu_acl code, updating any existing
callers of it to use the QAuthZSimple QOM class instead.
Patches 7-10 add support for associating ACLs with the
network services supporting TLS encryption (NBD, chardev
and VNC).
Changed in v4:
- Ensure examples use shell escaping for '*' (Eric)
- Add more tests for crumple impl (Eric)
- Raise error if sasl-acl/tls-acl are requested but
sasl/tls auth are not enabled (Eric)
- Document return codes for auth check more clearly (Eric)
- Don't silently turn a glob match into a strcmp
if fnmatch is not present (Eric)
- Other misc small typos/fixes (Eric)
Changed in v3:
- Created separate qdict_list_size method (Max)
- Added unit tests for case of empty dict (Max)
- Fix variable names to use underscore separator (Max)
- Fix potential free of uninitialized variables (Max)
- Use QObject APIs for casts, instead of C type casts (Max)
Changed in v2:
- Adapt to changes in qapi visitor APIs
- Add a 'bool recursive' flag to qdict_crumple (Max)
- Fix memory leaks in qdict_crumple (Max)
- Split out key splitting code from qdict_crumple (Max)
- Use saner variable names in qdict_crumple (Max)
- Added some tests for bad inputs to qdict_crumple
Daniel P. Berrange (10):
qdict: implement a qdict_crumple method for un-flattening a dict
qapi: allow QmpInputVisitor to auto-cast types
qom: support arbitrary non-scalar properties with -object
util: add QAuthZ object as an authorization base class
util: add QAuthZSimple object type for a simple access control list
acl: delete existing ACL implementation
qemu-nbd: add support for ACLs for TLS clients
nbd: allow an ACL to be set with nbd-server-start QMP command
chardev: add support for ACLs for TLS clients
vnc: allow specifying a custom ACL object name
MAINTAINERS | 7 +
Makefile | 9 +-
Makefile.objs | 2 +
Makefile.target | 2 +
blockdev-nbd.c | 10 +-
crypto/tlssession.c | 28 +++-
hmp.c | 20 +--
include/qapi/qmp-input-visitor.h | 3 +
include/qapi/qmp/qdict.h | 1 +
include/qemu/acl.h | 74 ---------
include/qemu/authz-simple.h | 115 ++++++++++++++
include/qemu/authz.h | 89 +++++++++++
monitor.c | 181 ++++++++++++++--------
qapi-schema.json | 8 +-
qapi/block.json | 4 +-
qapi/opts-visitor.c | 1 +
qapi/qmp-input-visitor.c | 96 ++++++++++--
qapi/util.json | 47 ++++++
qemu-char.c | 11 +-
qemu-nbd.c | 13 +-
qemu-nbd.texi | 4 +
qmp-commands.hx | 2 +-
qobject/qdict.c | 282 +++++++++++++++++++++++++++++++++++
qom/object_interfaces.c | 19 ++-
tests/.gitignore | 1 +
tests/Makefile | 5 +-
tests/check-qdict.c | 228 ++++++++++++++++++++++++++++
tests/check-qom-proplist.c | 295 +++++++++++++++++++++++++++++++++++-
tests/test-authz-simple.c | 183 +++++++++++++++++++++++
tests/test-crypto-tlssession.c | 13 +-
tests/test-io-channel-tls.c | 14 +-
tests/test-qmp-input-visitor.c | 115 +++++++++++++-
ui/vnc-auth-sasl.c | 2 +-
ui/vnc-auth-sasl.h | 4 +-
ui/vnc.c | 80 ++++++++--
util/Makefile.objs | 4 +-
util/acl.c | 188 -----------------------
util/authz-simple.c | 314 +++++++++++++++++++++++++++++++++++++++
util/authz.c | 46 ++++++
39 files changed, 2117 insertions(+), 403 deletions(-)
delete mode 100644 include/qemu/acl.h
create mode 100644 include/qemu/authz-simple.h
create mode 100644 include/qemu/authz.h
create mode 100644 qapi/util.json
create mode 100644 tests/test-authz-simple.c
delete mode 100644 util/acl.c
create mode 100644 util/authz-simple.c
create mode 100644 util/authz.c
--
2.5.5
- [Qemu-devel] [PATCH v4 00/10]Provide a QOM-based authorization API,
Daniel P. Berrange <=
- [Qemu-devel] [PATCH v4 04/10] util: add QAuthZ object as an authorization base class, Daniel P. Berrange, 2016/05/11
- [Qemu-devel] [PATCH v4 07/10] qemu-nbd: add support for ACLs for TLS clients, Daniel P. Berrange, 2016/05/11
- [Qemu-devel] [PATCH v4 01/10] qdict: implement a qdict_crumple method for un-flattening a dict, Daniel P. Berrange, 2016/05/11
- [Qemu-devel] [PATCH v4 02/10] qapi: allow QmpInputVisitor to auto-cast types, Daniel P. Berrange, 2016/05/11
- [Qemu-devel] [PATCH v4 03/10] qom: support arbitrary non-scalar properties with -object, Daniel P. Berrange, 2016/05/11
- [Qemu-devel] [PATCH v4 06/10] acl: delete existing ACL implementation, Daniel P. Berrange, 2016/05/11
- [Qemu-devel] [PATCH v4 05/10] util: add QAuthZSimple object type for a simple access control list, Daniel P. Berrange, 2016/05/11
- [Qemu-devel] [PATCH v4 09/10] chardev: add support for ACLs for TLS clients, Daniel P. Berrange, 2016/05/11
- [Qemu-devel] [PATCH v4 08/10] nbd: allow an ACL to be set with nbd-server-start QMP command, Daniel P. Berrange, 2016/05/11
- [Qemu-devel] [PATCH v4 10/10] vnc: allow specifying a custom ACL object name, Daniel P. Berrange, 2016/05/11