OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
qemu-e2k/include
History
Daniel P. Berrange 000194556b nbd: allow authorization with nbd-server-start QMP command 
As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.

First the client must create a QAuthZ object instance using the
'object-add' command:

   {
     'execute': 'object-add',
     'arguments': {
       'qom-type': 'authz-list',
       'id': 'authz0',
       'parameters': {
         'policy': 'deny',
         'rules': [
           {
             'match': '*CN=fred',
             'policy': 'allow'
           }
         ]
       }
     }
   }

They can then reference this in the new 'tls-authz' parameter when
executing the 'nbd-server-start' command:

   {
     'execute': 'nbd-server-start',
     'arguments': {
       'addr': {
           'type': 'inet',
           'host': '127.0.0.1',
           'port': '9000'
       },
       'tls-creds': 'tls0',
       'tls-authz': 'authz0'
     }
   }

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <20190227162035.18543-3-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
 		2019-03-06 11:05:27 -06:00
..
authz authz: add QAuthZPAM object type for authorizing using PAM 2019-02-26 15:32:19 +00:00
block nbd: allow authorization with nbd-server-start QMP command 2019-03-06 11:05:27 -06:00
chardev char: move SpiceChardev and open_spice_port() to spice.h header 2019-02-21 14:09:17 +01:00
crypto Don't talk about the LGPL if the file is licensed under the GPL 2019-01-30 10:51:20 +01:00
disas target/mips: Add disassembler support for nanoMIPS 2018-10-25 22:13:33 +02:00
exec migration: Add an ability to ignore shared RAM blocks 2019-03-06 10:49:17 +00:00
fpu softfloat: Implement float128_to_uint32 2019-02-26 14:05:19 +00:00
hw Migation pull 2019-03-06 2019-03-06 14:50:33 +00:00
io io: Make qio_channel_yield() interruptible 2019-02-25 15:03:19 +01:00
libdecnumber Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
migration migration/ram.c: add the free page optimization enable flag 2019-03-06 10:49:18 +00:00
monitor monitor: Remove "x-oob", offer capability "oob" unconditionally 2018-12-12 10:28:27 +01:00
net net: Add a network device specific self-announcement ability 2019-03-05 11:27:41 +08:00
qapi qapi: remove qmp_unregister_command() 2019-02-18 14:44:05 +01:00
qemu Migation pull 2019-03-06 2019-03-06 14:50:33 +00:00
qom arm: Clarify the logic of set_pc() 2019-02-01 14:55:46 +00:00
scsi avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
standard-headers * cpu-exec fixes (Emilio, Laurent) 2019-02-05 19:39:22 +00:00
sysemu migration: Switch to using announce timer 2019-03-05 11:27:41 +08:00
ui spice: set device address and device display ID in QXL interface 2019-02-21 10:15:26 +01:00
elf.h pvh: Boot uncompressed kernel using direct boot ABI 2019-02-05 16:50:16 +01:00
glib-compat.h slirp: Move g_spawn_async_with_fds_qemu compatibility to slirp/ 2019-02-07 15:49:08 +02:00
qemu-common.h qemu-common.h: Update copyright string for 2019 2019-02-06 15:45:23 +01:00
qemu-io.h qemu-io: Let command functions return error code 2018-06-11 16:18:45 +02:00
trace-tcg.h trace: get rid of generated-events.h/generated-events.c 2016-10-12 09:54:52 +02:00