Re: [Qemu-devel] [PATCH v6 5/7] util: add QAuthZ object as an authorization base class

[Marc-André Lureau]

Hi

On Tue, Jun 14, 2016 at 6:07 PM, Daniel P. Berrange <address@hidden> wrote:
> The current qemu_acl module provides a simple access control
> list facility inside QEMU, which is used via a set of monitor
> commands acl_show, acl_policy, acl_add, acl_remove & acl_reset.
>
> Note there is no ability to create ACLs - the network services
> (eg VNC server) were expected to create ACLs that they want to
> check.
>
> There is also no way to define ACLs on the command line, nor
> potentially integrate with external authorization systems like
> polkit, pam, ldap lookup, etc.
>
> The QAuthZ object defines a minimal abstract QOM class that can
> be subclassed for creating different authorization providers.
>
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
>  MAINTAINERS          |  7 +++++
>  Makefile             |  1 +
>  Makefile.objs        |  2 ++
>  Makefile.target      |  2 ++
>  include/qemu/authz.h | 89 
> ++++++++++++++++++++++++++++++++++++++++++++++++++++
>  util/Makefile.objs   |  2 ++
>  util/authz.c         | 46 +++++++++++++++++++++++++++
>  7 files changed, 149 insertions(+)
>  create mode 100644 include/qemu/authz.h
>  create mode 100644 util/authz.c
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index df990a8..f8fa73a 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -1324,6 +1324,13 @@ F: include/qemu/throttle.h
>  F: util/throttle.c
>  L: address@hidden
>
> +Authorization
> +M: Daniel P. Berrange <address@hidden>
> +S: Maintained
> +F: util/authz*
> +F: include/qemu/authz*
> +F: tests/test-authz-*
> +
>  Usermode Emulation
>  ------------------
>  Overall
> diff --git a/Makefile b/Makefile
> index ed4032a..421c390 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -148,6 +148,7 @@ endif
>  dummy := $(call unnest-vars,, \
>                  stub-obj-y \
>                  util-obj-y \
> +                util-qom-obj-y \
>                  qga-obj-y \
>                  ivshmem-client-obj-y \
>                  ivshmem-server-obj-y \
> diff --git a/Makefile.objs b/Makefile.objs
> index da49b71..24db7f7 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -4,6 +4,8 @@ stub-obj-y = stubs/ crypto/
>  util-obj-y = util/ qobject/ qapi/
>  util-obj-y += qmp-introspect.o qapi-types.o qapi-visit.o qapi-event.o
>
> +util-qom-obj-y += util/
> +
>  #######################################################################
>  # block-obj-y is code used by both qemu system emulation and qemu-img
>
> diff --git a/Makefile.target b/Makefile.target
> index 495b474..e79d942 100644
> --- a/Makefile.target
> +++ b/Makefile.target
> @@ -176,6 +176,7 @@ include $(SRC_PATH)/Makefile.objs
>  dummy := $(call unnest-vars,,target-obj-y)
>  target-obj-y-save := $(target-obj-y)
>  dummy := $(call unnest-vars,.., \
> +               util-qom-obj-y \
>                 block-obj-y \
>                 block-obj-m \
>                 crypto-obj-y \
> @@ -188,6 +189,7 @@ target-obj-y := $(target-obj-y-save)
>  all-obj-y += $(common-obj-y)
>  all-obj-y += $(target-obj-y)
>  all-obj-y += $(qom-obj-y)
> +all-obj-y += $(util-qom-obj-y)
>  all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y)
>  all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y)
>  all-obj-$(CONFIG_SOFTMMU) += $(crypto-obj-y)
> diff --git a/include/qemu/authz.h b/include/qemu/authz.h
> new file mode 100644
> index 0000000..6a73063
> --- /dev/null
> +++ b/include/qemu/authz.h
> @@ -0,0 +1,89 @@
> +/*
> + * QEMU authorization framework
> + *
> + * Copyright (c) 2016 Red Hat, Inc.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see 
> <http://www.gnu.org/licenses/>.
> + *
> + */
> +
> +#ifndef QAUTHZ_H__
> +#define QAUTHZ_H__
> +
> +#include "qemu-common.h"
> +#include "qapi/error.h"
> +#include "qom/object.h"
> +
> +
> +#define TYPE_QAUTHZ "authz"
> +
> +#define QAUTHZ_CLASS(klass) \
> +     OBJECT_CLASS_CHECK(QAuthZClass, (klass), \
> +                        TYPE_QAUTHZ)
> +#define QAUTHZ_GET_CLASS(obj) \
> +     OBJECT_GET_CLASS(QAuthZClass, (obj), \
> +                      TYPE_QAUTHZ)
> +#define QAUTHZ(obj) \
> +     INTERFACE_CHECK(QAuthZ, (obj), \
> +                     TYPE_QAUTHZ)
> +
> +typedef struct QAuthZ QAuthZ;
> +typedef struct QAuthZClass QAuthZClass;
> +
> +/**
> + * QAuthZ:
> + *
> + * The QAuthZ class defines an API contract to be used
> + * for providing an authorization driver for services
> + * with user identities.
> + */
> +
> +struct QAuthZ {
> +    Object parent_obj;
> +};
> +
> +
> +struct QAuthZClass {
> +    ObjectClass parent_class;
> +
> +    bool (*is_allowed)(QAuthZ *authz,
> +                       const char *identity,
> +                       Error **errp);
> +};
> +
> +
> +/**
> + * qauthz_is_allowed:
> + * @authz: the authorization object
> + * @identity: the user identity to authorize
> + * @errp: pointer to a NULL initialized error object
> + *
> + * Check if a user @identity is authorized. If an error
> + * occurrs this method will return false to indicate

occurs

> + * denial, as well as setting @errp to contain the details.
> + * Callers are recommended to treat the denial and error
> + * scenarios identically. Specifically the error info in
> + * @errp should never be fed back to the user being
> + * authorized, it is merely for benefit of administrator
> + * debugging.
> + *
> + * Returns: true if @identity is authorized, false if denied or if
> + * an error occurred.
> + */
> +bool qauthz_is_allowed(QAuthZ *authz,
> +                       const char *identity,
> +                       Error **errp);
> +
> +#endif /* QAUTHZ_H__ */
> +
> diff --git a/util/Makefile.objs b/util/Makefile.objs
> index 45f8794..0d83583 100644
> --- a/util/Makefile.objs
> +++ b/util/Makefile.objs
> @@ -34,3 +34,5 @@ util-obj-y += base64.o
>  util-obj-y += log.o
>  util-obj-y += qdist.o
>  util-obj-y += qht.o
> +
> +util-qom-obj-y += authz.o
> diff --git a/util/authz.c b/util/authz.c
> new file mode 100644
> index 0000000..fd9f84e
> --- /dev/null
> +++ b/util/authz.c
> @@ -0,0 +1,46 @@
> +/*
> + * QEMU authorization framework
> + *
> + * Copyright (c) 2016 Red Hat, Inc.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see 
> <http://www.gnu.org/licenses/>.
> + *
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qemu/authz.h"
> +
> +bool qauthz_is_allowed(QAuthZ *authz,
> +                       const char *identity,
> +                       Error **errp)
> +{
> +    QAuthZClass *cls = QAUTHZ_GET_CLASS(authz);
> +
> +    return cls->is_allowed(authz, identity, errp);
> +}
> +
> +static const TypeInfo authz_info = {
> +    .parent = TYPE_OBJECT,
> +    .name = TYPE_QAUTHZ,
> +    .instance_size = sizeof(QAuthZ),
> +    .class_size = sizeof(QAuthZClass),

.abstract = true? (perhaps it's not necessary, but that would be more clear)

> +};
> +
> +static void qauthz_register_types(void)
> +{
> +    type_register_static(&authz_info);
> +}
> +
> +type_init(qauthz_register_types)
> +
> --
> 2.5.5
>
>



-- 
Marc-André Lureau