Hi On Tue, Jun 14, 2016 at 6:07 PM, Daniel P. Berrange <[email protected]> wrote: > The current qemu_acl module provides a simple access control > list facility inside QEMU, which is used via a set of monitor > commands acl_show, acl_policy, acl_add, acl_remove & acl_reset. > > Note there is no ability to create ACLs - the network services > (eg VNC server) were expected to create ACLs that they want to > check. > > There is also no way to define ACLs on the command line, nor > potentially integrate with external authorization systems like > polkit, pam, ldap lookup, etc. > > The QAuthZ object defines a minimal abstract QOM class that can > be subclassed for creating different authorization providers. > > Signed-off-by: Daniel P. Berrange <[email protected]> > --- > MAINTAINERS | 7 +++++ > Makefile | 1 + > Makefile.objs | 2 ++ > Makefile.target | 2 ++ > include/qemu/authz.h | 89 > ++++++++++++++++++++++++++++++++++++++++++++++++++++ > util/Makefile.objs | 2 ++ > util/authz.c | 46 +++++++++++++++++++++++++++ > 7 files changed, 149 insertions(+) > create mode 100644 include/qemu/authz.h > create mode 100644 util/authz.c > > diff --git a/MAINTAINERS b/MAINTAINERS > index df990a8..f8fa73a 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -1324,6 +1324,13 @@ F: include/qemu/throttle.h > F: util/throttle.c > L: [email protected] > > +Authorization > +M: Daniel P. Berrange <[email protected]> > +S: Maintained > +F: util/authz* > +F: include/qemu/authz* > +F: tests/test-authz-* > + > Usermode Emulation > ------------------ > Overall > diff --git a/Makefile b/Makefile > index ed4032a..421c390 100644 > --- a/Makefile > +++ b/Makefile > @@ -148,6 +148,7 @@ endif > dummy := $(call unnest-vars,, \ > stub-obj-y \ > util-obj-y \ > + util-qom-obj-y \ > qga-obj-y \ > ivshmem-client-obj-y \ > ivshmem-server-obj-y \ > diff --git a/Makefile.objs b/Makefile.objs > index da49b71..24db7f7 100644 > --- a/Makefile.objs > +++ b/Makefile.objs > @@ -4,6 +4,8 @@ stub-obj-y = stubs/ crypto/ > util-obj-y = util/ qobject/ qapi/ > util-obj-y += qmp-introspect.o qapi-types.o qapi-visit.o qapi-event.o > > +util-qom-obj-y += util/ > + > ####################################################################### > # block-obj-y is code used by both qemu system emulation and qemu-img > > diff --git a/Makefile.target b/Makefile.target > index 495b474..e79d942 100644 > --- a/Makefile.target > +++ b/Makefile.target > @@ -176,6 +176,7 @@ include $(SRC_PATH)/Makefile.objs > dummy := $(call unnest-vars,,target-obj-y) > target-obj-y-save := $(target-obj-y) > dummy := $(call unnest-vars,.., \ > + util-qom-obj-y \ > block-obj-y \ > block-obj-m \ > crypto-obj-y \ > @@ -188,6 +189,7 @@ target-obj-y := $(target-obj-y-save) > all-obj-y += $(common-obj-y) > all-obj-y += $(target-obj-y) > all-obj-y += $(qom-obj-y) > +all-obj-y += $(util-qom-obj-y) > all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y) > all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y) > all-obj-$(CONFIG_SOFTMMU) += $(crypto-obj-y) > diff --git a/include/qemu/authz.h b/include/qemu/authz.h > new file mode 100644 > index 0000000..6a73063 > --- /dev/null > +++ b/include/qemu/authz.h > @@ -0,0 +1,89 @@ > +/* > + * QEMU authorization framework > + * > + * Copyright (c) 2016 Red Hat, Inc. > + * > + * This library is free software; you can redistribute it and/or > + * modify it under the terms of the GNU Lesser General Public > + * License as published by the Free Software Foundation; either > + * version 2 of the License, or (at your option) any later version. > + * > + * This library is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public > + * License along with this library; if not, see > <http://www.gnu.org/licenses/>. > + * > + */ > + > +#ifndef QAUTHZ_H__ > +#define QAUTHZ_H__ > + > +#include "qemu-common.h" > +#include "qapi/error.h" > +#include "qom/object.h" > + > + > +#define TYPE_QAUTHZ "authz" > + > +#define QAUTHZ_CLASS(klass) \ > + OBJECT_CLASS_CHECK(QAuthZClass, (klass), \ > + TYPE_QAUTHZ) > +#define QAUTHZ_GET_CLASS(obj) \ > + OBJECT_GET_CLASS(QAuthZClass, (obj), \ > + TYPE_QAUTHZ) > +#define QAUTHZ(obj) \ > + INTERFACE_CHECK(QAuthZ, (obj), \ > + TYPE_QAUTHZ) > + > +typedef struct QAuthZ QAuthZ; > +typedef struct QAuthZClass QAuthZClass; > + > +/** > + * QAuthZ: > + * > + * The QAuthZ class defines an API contract to be used > + * for providing an authorization driver for services > + * with user identities. > + */ > + > +struct QAuthZ { > + Object parent_obj; > +}; > + > + > +struct QAuthZClass { > + ObjectClass parent_class; > + > + bool (*is_allowed)(QAuthZ *authz, > + const char *identity, > + Error **errp); > +}; > + > + > +/** > + * qauthz_is_allowed: > + * @authz: the authorization object > + * @identity: the user identity to authorize > + * @errp: pointer to a NULL initialized error object > + * > + * Check if a user @identity is authorized. If an error > + * occurrs this method will return false to indicate
occurs > + * denial, as well as setting @errp to contain the details. > + * Callers are recommended to treat the denial and error > + * scenarios identically. Specifically the error info in > + * @errp should never be fed back to the user being > + * authorized, it is merely for benefit of administrator > + * debugging. > + * > + * Returns: true if @identity is authorized, false if denied or if > + * an error occurred. > + */ > +bool qauthz_is_allowed(QAuthZ *authz, > + const char *identity, > + Error **errp); > + > +#endif /* QAUTHZ_H__ */ > + > diff --git a/util/Makefile.objs b/util/Makefile.objs > index 45f8794..0d83583 100644 > --- a/util/Makefile.objs > +++ b/util/Makefile.objs > @@ -34,3 +34,5 @@ util-obj-y += base64.o > util-obj-y += log.o > util-obj-y += qdist.o > util-obj-y += qht.o > + > +util-qom-obj-y += authz.o > diff --git a/util/authz.c b/util/authz.c > new file mode 100644 > index 0000000..fd9f84e > --- /dev/null > +++ b/util/authz.c > @@ -0,0 +1,46 @@ > +/* > + * QEMU authorization framework > + * > + * Copyright (c) 2016 Red Hat, Inc. > + * > + * This library is free software; you can redistribute it and/or > + * modify it under the terms of the GNU Lesser General Public > + * License as published by the Free Software Foundation; either > + * version 2 of the License, or (at your option) any later version. > + * > + * This library is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public > + * License along with this library; if not, see > <http://www.gnu.org/licenses/>. > + * > + */ > + > +#include "qemu/osdep.h" > +#include "qemu/authz.h" > + > +bool qauthz_is_allowed(QAuthZ *authz, > + const char *identity, > + Error **errp) > +{ > + QAuthZClass *cls = QAUTHZ_GET_CLASS(authz); > + > + return cls->is_allowed(authz, identity, errp); > +} > + > +static const TypeInfo authz_info = { > + .parent = TYPE_OBJECT, > + .name = TYPE_QAUTHZ, > + .instance_size = sizeof(QAuthZ), > + .class_size = sizeof(QAuthZClass), .abstract = true? (perhaps it's not necessary, but that would be more clear) > +}; > + > +static void qauthz_register_types(void) > +{ > + type_register_static(&authz_info); > +} > + > +type_init(qauthz_register_types) > + > -- > 2.5.5 > > -- Marc-André Lureau
