This series builds on the core authorization framework:

  https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg04469.html

enabling its use with the VNC, chardev, NBD and migration network servers.

In combination with TLS x509 client certificates, this allows these
services to whitelist specific clients, which avoids the need to setup
restricted child certificate authorities.

In VNC it also allows whitelisting based on SASL user names.

Based-on: <20180615154203.11347-1-berra...@redhat.com>

Daniel P. Berrangé (6):
  qemu-nbd: add support for authorization of TLS clients
  nbd: allow authorization with nbd-server-start QMP command
  migration: add support for a "tls-authz" migration parameter
  chardev: add support for authorization for TLS clients
  vnc: allow specifying a custom authorization object name
  monitor: deprecate acl_show, acl_reset, acl_policy, acl_add,
    acl_remove

 blockdev-nbd.c        | 14 ++++++++---
 chardev/char-socket.c | 11 +++++++-
 chardev/char.c        |  3 +++
 hmp.c                 | 11 +++++++-
 include/block/nbd.h   |  4 +--
 migration/migration.c |  8 ++++++
 migration/tls.c       |  2 +-
 monitor.c             | 23 +++++++++++++++++
 nbd/server.c          | 12 +++++----
 qapi/block.json       |  4 ++-
 qapi/char.json        |  2 ++
 qapi/migration.json   | 12 ++++++++-
 qemu-doc.texi         | 19 ++++++++------
 qemu-nbd.c            | 13 +++++++++-
 qemu-nbd.texi         |  4 +++
 ui/vnc.c              | 58 ++++++++++++++++++++++++++++++++++++-------
 16 files changed, 167 insertions(+), 33 deletions(-)

-- 
2.17.0


Reply via email to