From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Andreas Färber" <afaerber@suse.de>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Eric Blake" <eblake@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Markus Armbruster" <armbru@redhat.com>
Subject: [Qemu-devel] [PATCH v5 00/11] Add a standard authorization framework
Date: Tue, 9 Oct 2018 14:04:31 +0100 [thread overview]
Message-ID: <20181009130442.26296-1-berrange@redhat.com> (raw)
An update to
v2: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg04469.html
v3: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg05660.html
v4: https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg02961.html
The current network services now support encryption via TLS and in some
cases support authentication via SASL. In cases where SASL is not
available, x509 client certificates can be used as a crude authorization
scheme, but using a sub-CA and controlling who you give certs to. In
general this is not very flexible though, so this series introduces a
new standard authorization framework.
It comes with four initial authorization mechanisms
- Simple - an exact username match. This is useful when there is
exactly one user that is known to connect. For example when live
migrating from one QEMU to another with TLS, libvirt would use
the simple scheme to whitelist the TLS cert of the source QEMU.
- List - an full access control list, with optional regex matching.
This is more flexible and is used to provide 100% backcompat with
the existing HMP ACL commands. The caveat is that we can't create
these via the CLI -object arg yet.
- ListFile - the same as List, but with the rules stored in JSON
format in an external file. This avoids the -object limitation
while also allowing the admin to change list entries on the file.
QEMU uses inotify to notice these changes and auto-reload the
file contents. This is likely a good default choice for most
network services, if the "simple" mechanism isn't sufficient.
- PAM - delegate the username lookup to a PAM module, which opens
the door to many options including things like SQL/LDAP lookups.
A later series that follows will integrate this framework into the VNC,
NBD, migration, and character device servers.
Changed in v5:
- Rebase to latest git master
Changed in v4:
- Rebase to latest git master
Changed in v3:
- Added docs for object types in qemu-options.hx
- Added example CLI syntax in header files
- Improved commit messages
Changed in v2:
- Switch to a global shared instance of the file monitor so only
a single inotify file descriptor is required
- Require all watches to be registered against directories. File
watches are useless in Linux, since they are tied to inodes, and
so stop working when editors save by doing a tmpfile + rename
dance.
- Change auth list impl to use a directory based watch instead
of filename
- Put MTP const-ness fixes in separate patch
- Split QOM change off into separate patch
- Fix conditionals on Win32 build
Daniel P. Berrangé (11):
util: add helper APIs for dealing with inotify in portable manner
qom: don't require user creatable objects to be registered
hw/usb: don't set IN_ISDIR for inotify watch in MTP driver
hw/usb: fix const-ness for string params in MTP driver
hw/usb: switch MTP to use new inotify APIs
authz: add QAuthZ object as an authorization base class
authz: add QAuthZSimple object type for easy whitelist auth checks
authz: add QAuthZList object type for an access control list
authz: add QAuthZListFile object type for a file access control list
authz: add QAuthZPAM object type for authorizing using PAM
authz: delete existing ACL implementation
.gitignore | 4 +
MAINTAINERS | 14 ++
Makefile | 17 +-
Makefile.objs | 10 ++
Makefile.target | 2 +
authz/Makefile.objs | 7 +
authz/base.c | 82 +++++++++
authz/list.c | 315 +++++++++++++++++++++++++++++++++
authz/listfile.c | 284 +++++++++++++++++++++++++++++
authz/pamacct.c | 149 ++++++++++++++++
authz/simple.c | 122 +++++++++++++
authz/trace-events | 18 ++
configure | 37 ++++
crypto/tlssession.c | 35 ++--
crypto/trace-events | 2 +-
hw/usb/dev-mtp.c | 257 ++++++++++-----------------
hw/usb/trace-events | 2 +-
include/authz/base.h | 112 ++++++++++++
include/authz/list.h | 106 +++++++++++
include/authz/listfile.h | 110 ++++++++++++
include/authz/pamacct.h | 100 +++++++++++
include/authz/simple.h | 84 +++++++++
include/qemu/acl.h | 66 -------
include/qemu/filemonitor.h | 117 ++++++++++++
monitor.c | 180 ++++++++++++-------
qapi/authz.json | 58 ++++++
qapi/qapi-schema.json | 1 +
qemu-options.hx | 103 +++++++++++
qom/object.c | 12 +-
qom/object_interfaces.c | 16 +-
tests/Makefile.include | 8 +-
tests/test-authz-list.c | 171 ++++++++++++++++++
tests/test-crypto-tlssession.c | 15 +-
tests/test-io-channel-tls.c | 16 +-
ui/vnc-auth-sasl.c | 23 ++-
ui/vnc-auth-sasl.h | 5 +-
ui/vnc-auth-vencrypt.c | 2 +-
ui/vnc-ws.c | 2 +-
ui/vnc.c | 37 ++--
ui/vnc.h | 4 +-
util/Makefile.objs | 2 +-
util/acl.c | 179 -------------------
util/filemonitor.c | 315 +++++++++++++++++++++++++++++++++
util/trace-events | 9 +
44 files changed, 2671 insertions(+), 539 deletions(-)
create mode 100644 authz/Makefile.objs
create mode 100644 authz/base.c
create mode 100644 authz/list.c
create mode 100644 authz/listfile.c
create mode 100644 authz/pamacct.c
create mode 100644 authz/simple.c
create mode 100644 authz/trace-events
create mode 100644 include/authz/base.h
create mode 100644 include/authz/list.h
create mode 100644 include/authz/listfile.h
create mode 100644 include/authz/pamacct.h
create mode 100644 include/authz/simple.h
delete mode 100644 include/qemu/acl.h
create mode 100644 include/qemu/filemonitor.h
create mode 100644 qapi/authz.json
create mode 100644 tests/test-authz-list.c
delete mode 100644 util/acl.c
create mode 100644 util/filemonitor.c
--
2.17.1
next reply other threads:[~2018-10-09 13:05 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-09 13:04 Daniel P. Berrangé [this message]
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 01/11] util: add helper APIs for dealing with inotify in portable manner Daniel P. Berrangé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 02/11] qom: don't require user creatable objects to be registered Daniel P. Berrangé
2018-10-10 15:11 ` Philippe Mathieu-Daudé
2018-10-18 18:04 ` Philippe Mathieu-Daudé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 03/11] hw/usb: don't set IN_ISDIR for inotify watch in MTP driver Daniel P. Berrangé
2018-10-10 17:00 ` Philippe Mathieu-Daudé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 04/11] hw/usb: fix const-ness for string params " Daniel P. Berrangé
2018-10-10 15:12 ` Philippe Mathieu-Daudé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 05/11] hw/usb: switch MTP to use new inotify APIs Daniel P. Berrangé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 06/11] authz: add QAuthZ object as an authorization base class Daniel P. Berrangé
2018-10-18 18:03 ` Philippe Mathieu-Daudé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 07/11] authz: add QAuthZSimple object type for easy whitelist auth checks Daniel P. Berrangé
2018-10-18 17:53 ` Philippe Mathieu-Daudé
2018-10-19 12:31 ` Daniel P. Berrangé
2018-10-19 9:56 ` Philippe Mathieu-Daudé
2018-10-19 12:32 ` Daniel P. Berrangé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 08/11] authz: add QAuthZList object type for an access control list Daniel P. Berrangé
2018-10-19 9:18 ` Philippe Mathieu-Daudé
2018-10-19 9:20 ` Daniel P. Berrangé
2018-10-19 9:33 ` Philippe Mathieu-Daudé
2018-10-19 13:13 ` Daniel P. Berrangé
2018-10-19 9:57 ` Philippe Mathieu-Daudé
2018-10-19 12:41 ` Daniel P. Berrangé
2018-10-19 12:55 ` Philippe Mathieu-Daudé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 09/11] authz: add QAuthZListFile object type for a file " Daniel P. Berrangé
2018-10-19 9:41 ` Philippe Mathieu-Daudé
2018-10-19 12:53 ` Daniel P. Berrangé
2018-10-19 12:57 ` Philippe Mathieu-Daudé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 10/11] authz: add QAuthZPAM object type for authorizing using PAM Daniel P. Berrangé
2018-10-19 10:02 ` Philippe Mathieu-Daudé
2018-10-19 11:04 ` Daniel P. Berrangé
2018-10-19 11:54 ` Philippe Mathieu-Daudé
2018-10-19 12:55 ` Daniel P. Berrangé
2018-10-19 12:58 ` Philippe Mathieu-Daudé
2018-10-09 13:04 ` [Qemu-devel] [PATCH v5 11/11] authz: delete existing ACL implementation Daniel P. Berrangé
2018-10-19 6:10 ` Philippe Mathieu-Daudé
2018-10-18 15:19 ` [Qemu-devel] [PATCH v5 00/11] Add a standard authorization framework Daniel P. Berrangé
2018-10-19 10:06 ` Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181009130442.26296-1-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=afaerber@suse.de \
--cc=armbru@redhat.com \
--cc=dgilbert@redhat.com \
--cc=eblake@redhat.com \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.