qemu-e2k/migration
Daniel P. Berrange d2f1d29b95 migration: add support for a "tls-authz" migration parameter
The QEMU instance that runs as the server for the migration data
transport (ie the target QEMU) needs to be able to configure access
control so it can prevent unauthorized clients initiating an incoming
migration. This adds a new 'tls-authz' migration parameter that is used
to provide the QOM ID of a QAuthZ subclass instance that provides the
access control check. This is checked against the x509 certificate
obtained during the TLS handshake.

For example, when starting a QEMU for incoming migration, it is
possible to give an example identity of the source QEMU that is
intended to be connecting later:

  $QEMU \
     -monitor stdio \
     -incoming defer \
     ...other args...

  (qemu) object_add tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\
             endpoint=server,verify-peer=yes \
  (qemu) object_add authz-simple,id=auth0,identity=CN=laptop.example.com,,\
             O=Example Org,,L=London,,ST=London,,C=GB \
  (qemu) migrate_incoming tcp:localhost:9000

Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2019-03-25 18:13:47 +01:00
..
block-dirty-bitmap.c bitmaps: Fix typo in function name 2019-03-12 12:05:49 -04:00
block.c migration/block: use qemu_iovec_init_buf 2019-02-22 09:42:13 +00:00
block.h
channel.c migration: fix the multifd code when receiving less channels 2019-01-23 15:02:07 +00:00
channel.h migration: Route errors down through migration_channel_connect 2018-02-06 10:55:12 +00:00
colo-failover.c qapi/migration.json: Rename COLO unknown mode to none mode. 2018-10-19 11:15:03 +08:00
colo.c Migration/colo.c: Make COLO node running after failover 2019-03-06 10:49:18 +00:00
exec.c migration: unify incoming processing 2018-07-10 12:48:53 +01:00
exec.h
fd.c migration: unify incoming processing 2018-07-10 12:48:53 +01:00
fd.h
global_state.c migration: Use strnlen() for fixed-size string 2019-01-17 21:10:57 -05:00
Makefile.objs COLO: Remove colo_state migration struct 2018-10-19 11:15:03 +08:00
migration.c migration: add support for a "tls-authz" migration parameter 2019-03-25 18:13:47 +01:00
migration.h multifd: Drop x-multifd-page-count parameter 2019-03-25 18:13:41 +01:00
page_cache.c migration: use local path for local headers 2018-06-01 19:20:38 +03:00
page_cache.h
postcopy-ram.c migration: Add an ability to ignore shared RAM blocks 2019-03-06 10:49:17 +00:00
postcopy-ram.h postcopy: drop ram_pages parameter from postcopy_ram_incoming_init() 2018-06-27 13:28:31 +02:00
qemu-file-channel.c migration: invoke qio_channel_yield only when qemu_in_coroutine() 2018-08-22 12:13:59 +02:00
qemu-file-channel.h
qemu-file.c migration: disable RDMA WRITE after postcopy started 2018-08-22 12:12:07 +02:00
qemu-file.h slirp: use libslirp migration code 2019-03-07 12:46:31 +01:00
qjson.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
qjson.h typedefs: add QJSON 2018-06-15 14:40:56 +01:00
ram.c multifd: Add some padding 2019-03-25 18:13:44 +01:00
ram.h migration: multifd_save_cleanup() can't fail, simplify 2019-01-23 15:02:07 +00:00
rdma.c migration: Add an ability to ignore shared RAM blocks 2019-03-06 10:49:17 +00:00
rdma.h
savevm.c migration/ram.c: add a notifier chain for precopy 2019-03-06 10:49:18 +00:00
savevm.h savevm: split the process of different stages for loadvm/savevm 2018-10-19 11:15:03 +08:00
socket.c migration: fix memory leak 2019-03-12 15:18:40 +01:00
socket.h migration: Export functions to create send channels 2018-05-15 20:24:27 +02:00
tls.c migration: add support for a "tls-authz" migration parameter 2019-03-25 18:13:47 +01:00
tls.h
trace-events multifd: Create new next_packet_size field 2019-03-25 18:13:39 +01:00
vmstate-types.c vmstate: constify VMStateField 2018-11-27 15:35:15 +01:00
vmstate.c migration: Add post_save function to VMStateDescription 2019-01-21 10:38:55 +00:00
xbzrle.c
xbzrle.h