From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Andreas Färber" <afaerber@suse.de>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Eric Blake" <eblake@redhat.com>,
"Markus Armbruster" <armbru@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v5 00/11] Add a standard authorization framework
Date: Thu, 18 Oct 2018 16:19:28 +0100 [thread overview]
Message-ID: <20181018151928.GH20424@redhat.com> (raw)
In-Reply-To: <20181009130442.26296-1-berrange@redhat.com>
ping, is anyone able to review the patches in this series. We are
awfully close to soft freeze and KVM forum...
On Tue, Oct 09, 2018 at 02:04:31PM +0100, Daniel P. Berrangé wrote:
> An update to
>
> v2: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg04469.html
> v3: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg05660.html
> v4: https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg02961.html
>
> The current network services now support encryption via TLS and in some
> cases support authentication via SASL. In cases where SASL is not
> available, x509 client certificates can be used as a crude authorization
> scheme, but using a sub-CA and controlling who you give certs to. In
> general this is not very flexible though, so this series introduces a
> new standard authorization framework.
>
> It comes with four initial authorization mechanisms
>
> - Simple - an exact username match. This is useful when there is
> exactly one user that is known to connect. For example when live
> migrating from one QEMU to another with TLS, libvirt would use
> the simple scheme to whitelist the TLS cert of the source QEMU.
>
> - List - an full access control list, with optional regex matching.
> This is more flexible and is used to provide 100% backcompat with
> the existing HMP ACL commands. The caveat is that we can't create
> these via the CLI -object arg yet.
>
> - ListFile - the same as List, but with the rules stored in JSON
> format in an external file. This avoids the -object limitation
> while also allowing the admin to change list entries on the file.
> QEMU uses inotify to notice these changes and auto-reload the
> file contents. This is likely a good default choice for most
> network services, if the "simple" mechanism isn't sufficient.
>
> - PAM - delegate the username lookup to a PAM module, which opens
> the door to many options including things like SQL/LDAP lookups.
>
> A later series that follows will integrate this framework into the VNC,
> NBD, migration, and character device servers.
>
> Changed in v5:
>
> - Rebase to latest git master
>
> Changed in v4:
>
> - Rebase to latest git master
>
> Changed in v3:
>
> - Added docs for object types in qemu-options.hx
> - Added example CLI syntax in header files
> - Improved commit messages
>
> Changed in v2:
>
> - Switch to a global shared instance of the file monitor so only
> a single inotify file descriptor is required
>
> - Require all watches to be registered against directories. File
> watches are useless in Linux, since they are tied to inodes, and
> so stop working when editors save by doing a tmpfile + rename
> dance.
>
> - Change auth list impl to use a directory based watch instead
> of filename
>
> - Put MTP const-ness fixes in separate patch
>
> - Split QOM change off into separate patch
>
> - Fix conditionals on Win32 build
>
> Daniel P. Berrangé (11):
> util: add helper APIs for dealing with inotify in portable manner
> qom: don't require user creatable objects to be registered
> hw/usb: don't set IN_ISDIR for inotify watch in MTP driver
> hw/usb: fix const-ness for string params in MTP driver
> hw/usb: switch MTP to use new inotify APIs
> authz: add QAuthZ object as an authorization base class
> authz: add QAuthZSimple object type for easy whitelist auth checks
> authz: add QAuthZList object type for an access control list
> authz: add QAuthZListFile object type for a file access control list
> authz: add QAuthZPAM object type for authorizing using PAM
> authz: delete existing ACL implementation
>
> .gitignore | 4 +
> MAINTAINERS | 14 ++
> Makefile | 17 +-
> Makefile.objs | 10 ++
> Makefile.target | 2 +
> authz/Makefile.objs | 7 +
> authz/base.c | 82 +++++++++
> authz/list.c | 315 +++++++++++++++++++++++++++++++++
> authz/listfile.c | 284 +++++++++++++++++++++++++++++
> authz/pamacct.c | 149 ++++++++++++++++
> authz/simple.c | 122 +++++++++++++
> authz/trace-events | 18 ++
> configure | 37 ++++
> crypto/tlssession.c | 35 ++--
> crypto/trace-events | 2 +-
> hw/usb/dev-mtp.c | 257 ++++++++++-----------------
> hw/usb/trace-events | 2 +-
> include/authz/base.h | 112 ++++++++++++
> include/authz/list.h | 106 +++++++++++
> include/authz/listfile.h | 110 ++++++++++++
> include/authz/pamacct.h | 100 +++++++++++
> include/authz/simple.h | 84 +++++++++
> include/qemu/acl.h | 66 -------
> include/qemu/filemonitor.h | 117 ++++++++++++
> monitor.c | 180 ++++++++++++-------
> qapi/authz.json | 58 ++++++
> qapi/qapi-schema.json | 1 +
> qemu-options.hx | 103 +++++++++++
> qom/object.c | 12 +-
> qom/object_interfaces.c | 16 +-
> tests/Makefile.include | 8 +-
> tests/test-authz-list.c | 171 ++++++++++++++++++
> tests/test-crypto-tlssession.c | 15 +-
> tests/test-io-channel-tls.c | 16 +-
> ui/vnc-auth-sasl.c | 23 ++-
> ui/vnc-auth-sasl.h | 5 +-
> ui/vnc-auth-vencrypt.c | 2 +-
> ui/vnc-ws.c | 2 +-
> ui/vnc.c | 37 ++--
> ui/vnc.h | 4 +-
> util/Makefile.objs | 2 +-
> util/acl.c | 179 -------------------
> util/filemonitor.c | 315 +++++++++++++++++++++++++++++++++
> util/trace-events | 9 +
> 44 files changed, 2671 insertions(+), 539 deletions(-)
> create mode 100644 authz/Makefile.objs
> create mode 100644 authz/base.c
> create mode 100644 authz/list.c
> create mode 100644 authz/listfile.c
> create mode 100644 authz/pamacct.c
> create mode 100644 authz/simple.c
> create mode 100644 authz/trace-events
> create mode 100644 include/authz/base.h
> create mode 100644 include/authz/list.h
> create mode 100644 include/authz/listfile.h
> create mode 100644 include/authz/pamacct.h
> create mode 100644 include/authz/simple.h
> delete mode 100644 include/qemu/acl.h
> create mode 100644 include/qemu/filemonitor.h
> create mode 100644 qapi/authz.json
> create mode 100644 tests/test-authz-list.c
> delete mode 100644 util/acl.c
> create mode 100644 util/filemonitor.c
>
> --
> 2.17.1
>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2018-10-18 15:19 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-09 13:04 [Qemu-devel] [PATCH v5 00/11] Add a standard authorization framework Daniel P. Berrangé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 01/11] util: add helper APIs for dealing with inotify in portable manner Daniel P. Berrangé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 02/11] qom: don't require user creatable objects to be registered Daniel P. Berrangé
2018-10-10 15:11 ` Philippe Mathieu-Daudé
2018-10-18 18:04 ` Philippe Mathieu-Daudé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 03/11] hw/usb: don't set IN_ISDIR for inotify watch in MTP driver Daniel P. Berrangé
2018-10-10 17:00 ` Philippe Mathieu-Daudé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 04/11] hw/usb: fix const-ness for string params " Daniel P. Berrangé
2018-10-10 15:12 ` Philippe Mathieu-Daudé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 05/11] hw/usb: switch MTP to use new inotify APIs Daniel P. Berrangé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 06/11] authz: add QAuthZ object as an authorization base class Daniel P. Berrangé
2018-10-18 18:03 ` Philippe Mathieu-Daudé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 07/11] authz: add QAuthZSimple object type for easy whitelist auth checks Daniel P. Berrangé
2018-10-18 17:53 ` Philippe Mathieu-Daudé
2018-10-19 12:31 ` Daniel P. Berrangé
2018-10-19 9:56 ` Philippe Mathieu-Daudé
2018-10-19 12:32 ` Daniel P. Berrangé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 08/11] authz: add QAuthZList object type for an access control list Daniel P. Berrangé
2018-10-19 9:18 ` Philippe Mathieu-Daudé
2018-10-19 9:20 ` Daniel P. Berrangé
2018-10-19 9:33 ` Philippe Mathieu-Daudé
2018-10-19 13:13 ` Daniel P. Berrangé
2018-10-19 9:57 ` Philippe Mathieu-Daudé
2018-10-19 12:41 ` Daniel P. Berrangé
2018-10-19 12:55 ` Philippe Mathieu-Daudé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 09/11] authz: add QAuthZListFile object type for a file " Daniel P. Berrangé
2018-10-19 9:41 ` Philippe Mathieu-Daudé
2018-10-19 12:53 ` Daniel P. Berrangé
2018-10-19 12:57 ` Philippe Mathieu-Daudé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 10/11] authz: add QAuthZPAM object type for authorizing using PAM Daniel P. Berrangé
2018-10-19 10:02 ` Philippe Mathieu-Daudé
2018-10-19 11:04 ` Daniel P. Berrangé
2018-10-19 11:54 ` Philippe Mathieu-Daudé
2018-10-19 12:55 ` Daniel P. Berrangé
2018-10-19 12:58 ` Philippe Mathieu-Daudé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 11/11] authz: delete existing ACL implementation Daniel P. Berrangé
2018-10-19 6:10 ` Philippe Mathieu-Daudé
2018-10-18 15:19 ` Daniel P. Berrangé [this message]
2018-10-19 10:06 ` [Qemu-devel] [PATCH v5 00/11] Add a standard authorization framework Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181018151928.GH20424@redhat.com \
--to=berrange@redhat.com \
--cc=afaerber@suse.de \
--cc=armbru@redhat.com \
--cc=dgilbert@redhat.com \
--cc=eblake@redhat.com \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).