On 06/20/2018 09:22 AM, Dr. David Alan Gilbert wrote:
For example to setup authorization that only allows connection from a client whose x509 certificate distinguished name is CN=laptop.example.com,O=Example Org,L=London,ST=London,C=GB use: qemu-nbd --object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\ endpoint=server,verify-peer=yes \ --object authz-simple,id=auth0,identity=CN=laptop.example.com,,\ O=Example Org,,L=London,,ST=London,,C=GB \I'm confused about how that gets parsed, what differentiates the ,s that separate the arguments (e.g. ,id= ,identity=) and the ,s that separate the options within the identity string (e.g. the ,ST=London) Would: --object authz-simple,identity=CN=laptop.example.com,,O=Example Org,,L=London,,ST=London,,C=GB,id=auth0 be equivalent?
Yes, once you take care of quoting the space and unfolding indentation. Our standard QemuOpt parser treats ',,' as a literal comma, and all other ',' as separating args. So either form is ultimately parsed as:
--object [type=]"authz-simple" id="auth0" identity="CN=laptop.example.com,O=Example Org,L=London,ST=London,C=GB" -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
