[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v3 04/10] util: add QAuthZ object as an authoriz

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCH v3 04/10] util: add QAuthZ object as an authorization base class
Date: Tue, 22 Mar 2016 10:33:42 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0

On 03/10/2016 11:59 AM, Daniel P. Berrange wrote:
> The current qemu_acl module provides a simple access control
> list facility inside QEMU, which is used via a set of monitor
> commands acl_show, acl_policy, acl_add, acl_remove & acl_reset.
> Note there is no ability to create ACLs - the network services
> (eg VNC server) were expected to create ACLs that they want to
> check.
> There is also no way to define ACLs on the command line, nor
> potentially integrate with external authorization systems like
> polkit, pam, ldap lookup, etc.
> The QAuthZ object defines a minimal abstract QOM class that can
> be subclassed for creating different authorization providers.
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---

> +++ b/include/qemu/authz.h
> +
> +/**
> + * QAuthZ:
> + *
> + * The QAuthZ class defines an API contract to be used
> + * for providing an authorization driver for network
> + * services.

Just network services? Or is it broader than that?

> +/**
> + * qauthz_is_allowed:
> + * @authz: the authorization object
> + * @identity: the user identity to authorize
> + * @errp: pointer to a NULL initialized error object
> + *
> + * Check if a user @identity is authorized
> + *
> + * Returns: true if @identity is authorizd, false otherwise


I think you need more documentation on return semantics.  Do we have
strict binary return (either we returned true and errp is unset, or we
returned false and errp is set), or is it a ternary (we return true and
errp is unset: permission is explicitly granted; we return false and
errp is unset: permission is explicitly denied; or we set errp: we could
not determine permission).  And if a ternary, do we also want to require
that setting 'errp' also requires a return of false, or is the return
undefined in that case?

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]