This series builds on the core authorization framework:
https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg04469.html
enabling its use with the VNC, chardev, NBD and migration network servers.
In combination with TLS x509 client certificates, this allows these
services to whitelist specific clients, which avoids the need to setup
restricted child certificate authorities.
In VNC it also allows whitelisting based on SASL user names.
Based-on: <20180615154203.11347-1-berra...@redhat.com>
Daniel P. Berrangé (6):
qemu-nbd: add support for authorization of TLS clients
nbd: allow authorization with nbd-server-start QMP command
migration: add support for a "tls-authz" migration parameter
chardev: add support for authorization for TLS clients
vnc: allow specifying a custom authorization object name
monitor: deprecate acl_show, acl_reset, acl_policy, acl_add,
acl_remove
blockdev-nbd.c | 14 ++++++++---
chardev/char-socket.c | 11 +++++++-
chardev/char.c | 3 +++
hmp.c | 11 +++++++-
include/block/nbd.h | 4 +--
migration/migration.c | 8 ++++++
migration/tls.c | 2 +-
monitor.c | 23 +++++++++++++++++
nbd/server.c | 12 +++++----
qapi/block.json | 4 ++-
qapi/char.json | 2 ++
qapi/migration.json | 12 ++++++++-
qemu-doc.texi | 19 ++++++++------
qemu-nbd.c | 13 +++++++++-
qemu-nbd.texi | 4 +++
ui/vnc.c | 58 ++++++++++++++++++++++++++++++++++++-------
16 files changed, 167 insertions(+), 33 deletions(-)
--
2.17.0
