|
From: | Eric Blake |
Subject: | Re: [Qemu-devel] [PATCH v2 1/6] qemu-nbd: add support for authorization of TLS clients |
Date: | Wed, 20 Jun 2018 09:28:58 -0500 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 |
On 06/20/2018 09:22 AM, Dr. David Alan Gilbert wrote:
For example to setup authorization that only allows connection from a client whose x509 certificate distinguished name is CN=laptop.example.com,O=Example Org,L=London,ST=London,C=GB use: qemu-nbd --object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\ endpoint=server,verify-peer=yes \ --object authz-simple,id=auth0,identity=CN=laptop.example.com,,\ O=Example Org,,L=London,,ST=London,,C=GB \I'm confused about how that gets parsed, what differentiates the ,s that separate the arguments (e.g. ,id= ,identity=) and the ,s that separate the options within the identity string (e.g. the ,ST=London) Would: --object authz-simple,identity=CN=laptop.example.com,,O=Example Org,,L=London,,ST=London,,C=GB,id=auth0 be equivalent?
Yes, once you take care of quoting the space and unfolding indentation. Our standard QemuOpt parser treats ',,' as a literal comma, and all other ',' as separating args. So either form is ultimately parsed as:
--object [type=]"authz-simple" id="auth0" identity="CN=laptop.example.com,O=Example Org,L=London,ST=London,C=GB" -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
[Prev in Thread] | Current Thread | [Next in Thread] |