[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3 04/10] util: add QAuthZ object as an authoriz
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] [PATCH v3 04/10] util: add QAuthZ object as an authorization base class |
Date: |
Tue, 22 Mar 2016 16:43:32 +0000 |
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Tue, Mar 22, 2016 at 10:33:42AM -0600, Eric Blake wrote:
> On 03/10/2016 11:59 AM, Daniel P. Berrange wrote:
> > The current qemu_acl module provides a simple access control
> > list facility inside QEMU, which is used via a set of monitor
> > commands acl_show, acl_policy, acl_add, acl_remove & acl_reset.
> >
> > Note there is no ability to create ACLs - the network services
> > (eg VNC server) were expected to create ACLs that they want to
> > check.
> >
> > There is also no way to define ACLs on the command line, nor
> > potentially integrate with external authorization systems like
> > polkit, pam, ldap lookup, etc.
> >
> > The QAuthZ object defines a minimal abstract QOM class that can
> > be subclassed for creating different authorization providers.
> >
> > Signed-off-by: Daniel P. Berrange <address@hidden>
> > ---
>
> > +++ b/include/qemu/authz.h
> > +
> > +/**
> > + * QAuthZ:
> > + *
> > + * The QAuthZ class defines an API contract to be used
> > + * for providing an authorization driver for network
> > + * services.
>
> Just network services? Or is it broader than that?
>
> > +/**
> > + * qauthz_is_allowed:
> > + * @authz: the authorization object
> > + * @identity: the user identity to authorize
> > + * @errp: pointer to a NULL initialized error object
> > + *
> > + * Check if a user @identity is authorized
> > + *
> > + * Returns: true if @identity is authorizd, false otherwise
>
> s/authorizd/authorized/
>
> I think you need more documentation on return semantics. Do we have
> strict binary return (either we returned true and errp is unset, or we
> returned false and errp is set), or is it a ternary (we return true and
> errp is unset: permission is explicitly granted; we return false and
> errp is unset: permission is explicitly denied; or we set errp: we could
> not determine permission). And if a ternary, do we also want to require
> that setting 'errp' also requires a return of false, or is the return
> undefined in that case?
It is intended to be ternary, and if errp is set, the return value
should be false.
ie you should be able todo
if (qauthz_is_allowed(authz, identity, NULL))
....
safe in the knowledge that any error that you're ignoring will
result in denial of permission
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
- [Qemu-devel] [PATCH v3 03/10] qom: support arbitrary non-scalar properties with -object, (continued)
[Qemu-devel] [PATCH v3 07/10] qemu-nbd: add support for ACLs for TLS clients, Daniel P. Berrange, 2016/03/10
[Qemu-devel] [PATCH v3 04/10] util: add QAuthZ object as an authorization base class, Daniel P. Berrange, 2016/03/10
[Qemu-devel] [PATCH v3 09/10] chardev: add support for ACLs for TLS clients, Daniel P. Berrange, 2016/03/10
[Qemu-devel] [PATCH v3 05/10] util: add QAuthZSimple object type for a simple access control list, Daniel P. Berrange, 2016/03/10
[Qemu-devel] [PATCH v3 10/10] vnc: allow specifying a custom ACL object name, Daniel P. Berrange, 2016/03/10
[Qemu-devel] [PATCH v3 06/10] acl: delete existing ACL implementation, Daniel P. Berrange, 2016/03/10