Re: [Qemu-devel] [PATCH v5 07/11] authz: add QAuthZSimple object type for easy whitelist auth checks

[Daniel P . Berrangé]

On Fri, Oct 19, 2018 at 11:56:00AM +0200, Philippe Mathieu-Daudé wrote:
> On 09/10/2018 15:04, Daniel P. Berrangé wrote:
> > In many cases a single VM will just need to whilelist a single identity
> > as the allowed user of network services. This is especially the case for
> > TLS live migration (optionally with NBD storage) where we just need to
> > whitelist the x509 certificate distinguished name of the source QEMU
> > host.
> >
> > Via QMP this can be configured with:
> >
> >   {
> >     "execute": "object-add",
> >     "arguments": {
> >       "qom-type": "authz-simple",
> >       "id": "authz0",
> >       "parameters": {
> >         "identity": "fred"
> >       }
> >     }
> >   }
> >
> > Or via the command line
> >
> >   -object authz-simple,id=authz0,identity=fred
> >
> > Signed-off-by: Daniel P. Berrange <address@hidden>
> > ---
> >  authz/Makefile.objs    |   1 +
> >  authz/simple.c         | 122 +++++++++++++++++++++++++++++++++++++++++
> >  authz/trace-events     |   3 +
> >  include/authz/simple.h |  84 ++++++++++++++++++++++++++++
> >  qemu-options.hx        |  21 +++++++
> >  5 files changed, 231 insertions(+)
> >  create mode 100644 authz/simple.c
> >  create mode 100644 include/authz/simple.h

> > +static void
> > +qauthz_simple_prop_set_identity(Object *obj,
> > +                                const char *value,
> > +                                Error **errp G_GNUC_UNUSED)
> > +{
> > +    QAuthZSimple *authz = QAUTHZ_SIMPLE(obj);
> > +
> 
> Hmm don't this miss:
> 
>          g_free(authz->identity);
> 
> > +    authz->identity = g_strdup(value);
> > +}

Yes, will squash that in


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|