git.osdn.net Git - qmiga/qemu.git/commit

author	Daniel P. Berrange <berrange@redhat.com>
	Wed, 27 Feb 2019 16:20:34 +0000 (16:20 +0000)
committer	Eric Blake <eblake@redhat.com>
	Wed, 6 Mar 2019 17:05:27 +0000 (11:05 -0600)
commit	000194556b65970a19ca437cd96b804a3f069f11
tree	3ca23aafe1f56a6e1345be4f2700a1f846a4bf71	tree \| snapshot
parent	b25e12daff2c3e5ba933f85e8ba278f5bcba8f4d	commit \| diff

nbd: allow authorization with nbd-server-start QMP command

As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.

First the client must create a QAuthZ object instance using the
'object-add' command:

   {
     'execute': 'object-add',
     'arguments': {
       'qom-type': 'authz-list',
       'id': 'authz0',
       'parameters': {
         'policy': 'deny',
         'rules': [
           {
             'match': '*CN=fred',
             'policy': 'allow'
           }
         ]
       }
     }
   }

They can then reference this in the new 'tls-authz' parameter when
executing the 'nbd-server-start' command:

   {
     'execute': 'nbd-server-start',
     'arguments': {
       'addr': {
           'type': 'inet',
           'host': '127.0.0.1',
           'port': '9000'
       },
       'tls-creds': 'tls0',
       'tls-authz': 'authz0'
     }
   }

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <20190227162035.18543-3-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>

blockdev-nbd.c		diff \| blob \| history
hmp.c		diff \| blob \| history
include/block/nbd.h		diff \| blob \| history
qapi/block.json		diff \| blob \| history