From nobody Fri May  3 21:29:56 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1610613547; cv=none;
	d=zohomail.com; s=zohoarc;
	b=b6WJVdVz9C8cTXLCWiuu5k4/bor3vqDgYKxt/778/LOlOgCu2grVvF9CUp9jQ+FtQGfyn7FkGNHDtZ29rmFv2FgUGkEKGFE8eAojrqyFKuwdJLVN2+nkhU66muZ9GFOXld9oQ1FjmSUvy9kCvojOBbigvkaKPpPFkeoJjyong1A=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1610613547;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=LVnIYRSxU6JZbJI/Uk4f/DCRV3zx41JZ6YpxKGc701c=;
	b=DTfUSKO0ohunUxk8T9AS3ZXNc11o36aXUKEn4apBu50NG2sQB0QNZj1YQutsivIZo11CdX9SvYQTVfHvhXqfiFAWQWloyHzlyKDghng7qa9N/wfEppInQBJeye2+RIjqv4mCW5z5N6NrbmWt+7brHMNcH8YJxKIK+R7jkiwEp4c=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1610613547541741.0045212940662;
 Thu, 14 Jan 2021 00:39:07 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-101-Z3BNv8YHMKmOY0TEOzMhFA-1; Thu, 14 Jan 2021 03:38:59 -0500
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 954F71927805;
	Thu, 14 Jan 2021 08:38:52 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 720575C239;
	Thu, 14 Jan 2021 08:38:52 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3CCE21809CA2;
	Thu, 14 Jan 2021 08:38:52 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 10E8cbVl022253 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 14 Jan 2021 03:38:37 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 322AF2166B2F; Thu, 14 Jan 2021 08:38:37 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 2CB3A2166B2C
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 08:38:33 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[207.211.31.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id CA96B803DCE
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 08:38:33 +0000 (UTC)
Received: from szxga05-in.huawei.com (szxga05-in.huawei.com
	[45.249.212.191]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-511-uoYwzAlDPqO3zxDnWVND7Q-1; Thu, 14 Jan 2021 03:38:30 -0500
Received: from DGGEMS409-HUB.china.huawei.com (unknown [172.30.72.58])
	by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4DGccR3YjLzMKFQ
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 16:17:27 +0800 (CST)
Received: from DESKTOP-F1615D3.china.huawei.com (10.174.186.85) by
	DGGEMS409-HUB.china.huawei.com (10.3.19.209) with Microsoft SMTP Server
	id 14.3.498.0; Thu, 14 Jan 2021 16:18:37 +0800
X-MC-Unique: Z3BNv8YHMKmOY0TEOzMhFA-1
X-MC-Unique: uoYwzAlDPqO3zxDnWVND7Q-1
From: Zihao Chang <changzihao1@huawei.com>
To: <libvir-list@redhat.com>
Subject: [PATCH 1/6] authz: support parsing authz devices
Date: Thu, 14 Jan 2021 16:18:16 +0800
Message-ID: <20210114081821.146-2-changzihao1@huawei.com>
In-Reply-To: <20210114081821.146-1-changzihao1@huawei.com>
References: <20210114081821.146-1-changzihao1@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.174.186.85]
X-CFilter-Loop: Reflected
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 10E8cbVl022253
X-loop: libvir-list@redhat.com
Cc: oscar.zhangbo@huawei.com, changzihao1@huawei.com, xiexiangyou@huawei.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

support parsing authz devices, which is like:
<authzs type=3D"sasl" mode=3D"simple" index=3D'1' identity=3D'test'/>

Signed-off-by: Zihao Chang <changzihao1@huawei.com>
---
 src/conf/domain_conf.c         | 103 +++++++++++++++++++++++++++++++++
 src/conf/domain_conf.h         |  28 +++++++++
 src/conf/domain_validate.c     |   1 +
 src/conf/virconftypes.h        |   3 +
 src/libvirt_private.syms       |   2 +
 src/qemu/qemu_command.c        |   1 +
 src/qemu/qemu_domain.c         |   1 +
 src/qemu/qemu_domain_address.c |   2 +
 src/qemu/qemu_driver.c         |   5 ++
 src/qemu/qemu_hotplug.c        |   3 +
 src/qemu/qemu_validate.c       |   1 +
 11 files changed, 150 insertions(+)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 349fc28c2a79..d547a93e16cd 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -302,6 +302,7 @@ VIR_ENUM_IMPL(virDomainDevice,
               "iommu",
               "vsock",
               "audio",
+              "authz",
 );
=20
 VIR_ENUM_IMPL(virDomainDiskDevice,
@@ -1331,6 +1332,19 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
               "sev",
 );
=20
+VIR_ENUM_IMPL(virDomainAuthzType,
+                VIR_DOMAIN_AUTHZ_TYPE_LAST,
+                "tls",
+                "sasl",
+);
+VIR_ENUM_IMPL(virDomainAuthzMode,
+                VIR_DOMAIN_AUTHZ_MODE_LAST,
+                "simple",
+                "list",
+                "listfile",
+                "pam",
+);
+
 static virClassPtr virDomainObjClass;
 static virClassPtr virDomainXMLOptionClass;
 static void virDomainObjDispose(void *obj);
@@ -2859,6 +2873,14 @@ void virDomainAudioDefFree(virDomainAudioDefPtr def)
     VIR_FREE(def);
 }
=20
+void virDomainAuthzDefFree(virDomainAuthzDefPtr def)
+{
+    if (!def)
+        return;
+    VIR_FREE(def->identity);
+    VIR_FREE(def);
+}
+
 virDomainSoundDefPtr
 virDomainSoundDefRemove(virDomainDefPtr def, size_t idx)
 {
@@ -3200,6 +3222,9 @@ void virDomainDeviceDefFree(virDomainDeviceDefPtr def)
     case VIR_DOMAIN_DEVICE_AUDIO:
         virDomainAudioDefFree(def->data.audio);
         break;
+    case VIR_DOMAIN_DEVICE_AUTHZ:
+        virDomainAuthzDefFree(def->data.authz);
+        break;
     case VIR_DOMAIN_DEVICE_LAST:
     case VIR_DOMAIN_DEVICE_NONE:
         break;
@@ -4051,6 +4076,7 @@ virDomainDeviceGetInfo(virDomainDeviceDefPtr device)
     case VIR_DOMAIN_DEVICE_GRAPHICS:
     case VIR_DOMAIN_DEVICE_IOMMU:
     case VIR_DOMAIN_DEVICE_AUDIO:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
     case VIR_DOMAIN_DEVICE_LAST:
     case VIR_DOMAIN_DEVICE_NONE:
         break;
@@ -4148,6 +4174,9 @@ virDomainDeviceSetData(virDomainDeviceDefPtr device,
     case VIR_DOMAIN_DEVICE_AUDIO:
         device->data.audio =3D devicedata;
         break;
+    case VIR_DOMAIN_DEVICE_AUTHZ:
+        device->data.authz =3D devicedata;
+        break;
     case VIR_DOMAIN_DEVICE_NONE:
     case VIR_DOMAIN_DEVICE_LAST:
         break;
@@ -4410,6 +4439,7 @@ virDomainDeviceInfoIterateFlags(virDomainDefPtr def,
     case VIR_DOMAIN_DEVICE_IOMMU:
     case VIR_DOMAIN_DEVICE_VSOCK:
     case VIR_DOMAIN_DEVICE_AUDIO:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
         break;
     }
 #endif
@@ -5393,6 +5423,7 @@ virDomainDeviceDefPostParseCommon(virDomainDeviceDefP=
tr dev,
     case VIR_DOMAIN_DEVICE_MEMORY:
     case VIR_DOMAIN_DEVICE_IOMMU:
     case VIR_DOMAIN_DEVICE_AUDIO:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
         ret =3D 0;
         break;
=20
@@ -15669,6 +15700,44 @@ virDomainVsockDefParseXML(virDomainXMLOptionPtr xm=
lopt,
     return g_steal_pointer(&vsock);
 }
=20
+static virDomainAuthzDefPtr
+virDomainAuthzDefParseXML(xmlNodePtr node)
+{
+    g_autofree char *mode =3D NULL;
+    g_autofree char *identity =3D NULL;
+    g_autofree char *tmp =3D NULL;
+    virDomainAuthzDefPtr def;
+
+    def =3D g_new0(virDomainAuthzDef, 1);
+
+    if (!(mode =3D virXMLPropString(node, "mode")))
+        def->mode =3D VIR_DOMAIN_AUTHZ_MODE_SIMPLE;
+
+    if ((def->mode =3D virDomainAuthzModeTypeFromString(mode)) < 0) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("unknown authz mode: %s"), mode);
+        goto error;
+    }
+
+    if ((tmp =3D virXMLPropString(node, "index")) &&
+        virStrToLong_ulp(tmp, NULL, 10, &def->index) < 0) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("invalid authz index: %s"), tmp);
+        goto error;
+    }
+
+    if (!(def->identity =3D virXMLPropString(node, "identity"))) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("authz identity must be set"));
+        goto error;
+    }
+
+    return def;
+ error:
+    virDomainAuthzDefFree(def);
+    return NULL;
+}
+
 virDomainDeviceDefPtr
 virDomainDeviceDefParse(const char *xmlStr,
                         const virDomainDef *def,
@@ -15827,6 +15896,10 @@ virDomainDeviceDefParse(const char *xmlStr,
                                                           flags)))
             return NULL;
         break;
+    case VIR_DOMAIN_DEVICE_AUTHZ:
+        if (!(dev->data.authz =3D virDomainAuthzDefParseXML(node)))
+            return NULL;
+        break;
     case VIR_DOMAIN_DEVICE_NONE:
     case VIR_DOMAIN_DEVICE_LAST:
         break;
@@ -20704,6 +20777,20 @@ virDomainDefParseXML(xmlDocPtr xml,
     }
     VIR_FREE(nodes);
=20
+    /* analysis of the authz devices */
+    if ((n =3D virXPathNodeSet("./devices/authz", ctxt, &nodes)) < 0)
+        goto error;
+    if (n)
+        def->authzs =3D g_new0(virDomainAuthzDefPtr, n);
+
+    for (i =3D 0; i < n; i++) {
+        virDomainAuthzDefPtr authzs =3D virDomainAuthzDefParseXML(nodes[i]=
);
+        if (!authzs)
+            goto error;
+        def->authzs[def->nauthzs++] =3D authzs;
+    }
+    VIR_FREE(nodes);
+
     /* analysis of the graphics devices */
     if ((n =3D virXPathNodeSet("./devices/graphics", ctxt, &nodes)) < 0)
         goto error;
@@ -23371,6 +23458,7 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr =
src,
     case VIR_DOMAIN_DEVICE_IOMMU:
     case VIR_DOMAIN_DEVICE_VSOCK:
     case VIR_DOMAIN_DEVICE_AUDIO:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
         break;
     }
 #endif
@@ -26217,6 +26305,18 @@ virDomainAudioDefFormat(virBufferPtr buf,
 }
=20
=20
+static int
+virDomainAuthzDefFormat(virBufferPtr buf,
+                        virDomainAuthzDefPtr def)
+{
+    virBufferAsprintf(buf, "<authz mode=3D'%s' index=3D'%lu' identity=3D'%=
s'/>\n",
+                      virDomainAuthzModeTypeToString(def->mode),
+                      def->index,
+                      def->identity);
+    return 0;
+}
+
+
 static int
 virDomainMemballoonDefFormat(virBufferPtr buf,
                              virDomainMemballoonDefPtr def,
@@ -30045,6 +30145,9 @@ virDomainDeviceDefCopy(virDomainDeviceDefPtr src,
     case VIR_DOMAIN_DEVICE_AUDIO:
         rc =3D virDomainAudioDefFormat(&buf, src->data.audio);
         break;
+    case VIR_DOMAIN_DEVICE_AUTHZ:
+        rc =3D virDomainAuthzDefFormat(&buf, src->data.authz);
+        break;
=20
     case VIR_DOMAIN_DEVICE_NONE:
     case VIR_DOMAIN_DEVICE_SMARTCARD:
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index ec43bbe18668..01e04250c28b 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -86,6 +86,7 @@ typedef enum {
     VIR_DOMAIN_DEVICE_IOMMU,
     VIR_DOMAIN_DEVICE_VSOCK,
     VIR_DOMAIN_DEVICE_AUDIO,
+    VIR_DOMAIN_DEVICE_AUTHZ,
=20
     VIR_DOMAIN_DEVICE_LAST
 } virDomainDeviceType;
@@ -118,6 +119,7 @@ struct _virDomainDeviceDef {
         virDomainIOMMUDefPtr iommu;
         virDomainVsockDefPtr vsock;
         virDomainAudioDefPtr audio;
+        virDomainAuthzDefPtr authz;
     } data;
 };
=20
@@ -1461,6 +1463,26 @@ struct _virDomainAudioDef {
     } backend;
 };
=20
+typedef enum {
+    VIR_DOMAIN_AUTHZ_TYPE_TLS,
+    VIR_DOMAIN_AUTHZ_TYPE_SASL,
+    VIR_DOMAIN_AUTHZ_TYPE_LAST
+} virDomainAuthzType;
+
+typedef enum {
+    VIR_DOMAIN_AUTHZ_MODE_SIMPLE,
+    VIR_DOMAIN_AUTHZ_MODE_LIST,
+    VIR_DOMAIN_AUTHZ_MODE_LISTFILE,
+    VIR_DOMAIN_AUTHZ_MODE_PAM,
+    VIR_DOMAIN_AUTHZ_MODE_LAST
+} virDomainAuthzMode;
+
+struct _virDomainAuthzDef {
+    int mode;
+    unsigned long index;
+    char *identity;
+};
+
 typedef enum {
     VIR_DOMAIN_WATCHDOG_MODEL_I6300ESB,
     VIR_DOMAIN_WATCHDOG_MODEL_IB700,
@@ -2627,6 +2649,9 @@ struct _virDomainDef {
=20
     virDomainClockDef clock;
=20
+    size_t nauthzs;
+    virDomainAuthzDefPtr *authzs;
+
     size_t ngraphics;
     virDomainGraphicsDefPtr *graphics;
=20
@@ -3108,6 +3133,7 @@ ssize_t virDomainSoundDefFind(const virDomainDef *def,
 void virDomainSoundDefFree(virDomainSoundDefPtr def);
 virDomainSoundDefPtr virDomainSoundDefRemove(virDomainDefPtr def, size_t i=
dx);
 void virDomainAudioDefFree(virDomainAudioDefPtr def);
+void virDomainAuthzDefFree(virDomainAuthzDefPtr def);
 void virDomainMemballoonDefFree(virDomainMemballoonDefPtr def);
 void virDomainNVRAMDefFree(virDomainNVRAMDefPtr def);
 void virDomainWatchdogDefFree(virDomainWatchdogDefPtr def);
@@ -3674,6 +3700,8 @@ VIR_ENUM_DECL(virDomainChrSpicevmc);
 VIR_ENUM_DECL(virDomainSoundCodec);
 VIR_ENUM_DECL(virDomainSoundModel);
 VIR_ENUM_DECL(virDomainAudioType);
+VIR_ENUM_DECL(virDomainAuthzType);
+VIR_ENUM_DECL(virDomainAuthzMode);
 VIR_ENUM_DECL(virDomainKeyWrapCipherName);
 VIR_ENUM_DECL(virDomainMemballoonModel);
 VIR_ENUM_DECL(virDomainSmbiosMode);
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 988aff8dd7fe..3b5ddd241b46 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -1542,6 +1542,7 @@ virDomainDeviceDefValidateInternal(const virDomainDev=
iceDef *dev,
     case VIR_DOMAIN_DEVICE_TPM:
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_IOMMU:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
     case VIR_DOMAIN_DEVICE_NONE:
     case VIR_DOMAIN_DEVICE_LAST:
         break;
diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h
index 9042a2b34fb1..697bd60a04e2 100644
--- a/src/conf/virconftypes.h
+++ b/src/conf/virconftypes.h
@@ -96,6 +96,9 @@ typedef virDomainABIStability *virDomainABIStabilityPtr;
 typedef struct _virDomainActualNetDef virDomainActualNetDef;
 typedef virDomainActualNetDef *virDomainActualNetDefPtr;
=20
+typedef struct _virDomainAuthzDef virDomainAuthzDef;
+typedef virDomainAuthzDef *virDomainAuthzDefPtr;
+
 typedef struct _virDomainBackupDef virDomainBackupDef;
 typedef virDomainBackupDef *virDomainBackupDefPtr;
=20
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index c325040b60bf..e731c12458f7 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -228,6 +228,8 @@ virDiskNameToIndex;
 virDomainActualNetDefFree;
 virDomainAudioTypeTypeFromString;
 virDomainAudioTypeTypeToString;
+virDomainAuthzModeTypeToString;
+virDomainAuthzTypeTypeToString;
 virDomainBlockedReasonTypeFromString;
 virDomainBlockedReasonTypeToString;
 virDomainBlockIoTuneInfoCopy;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 6f970a312896..d5f0bcb81877 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -546,6 +546,7 @@ qemuBuildVirtioDevStr(virBufferPtr buf,
         case VIR_DOMAIN_DEVICE_IOMMU:
         case VIR_DOMAIN_DEVICE_AUDIO:
         case VIR_DOMAIN_DEVICE_LAST:
+        case VIR_DOMAIN_DEVICE_AUTHZ:
         default:
             return 0;
     }
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 0765dc72d2e2..f83407903e27 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5532,6 +5532,7 @@ qemuDomainDeviceDefPostParse(virDomainDeviceDefPtr de=
v,
     case VIR_DOMAIN_DEVICE_RNG:
     case VIR_DOMAIN_DEVICE_IOMMU:
     case VIR_DOMAIN_DEVICE_AUDIO:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
         ret =3D 0;
         break;
=20
diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c
index f0ba318cc844..47aa574e67ca 100644
--- a/src/qemu/qemu_domain_address.c
+++ b/src/qemu/qemu_domain_address.c
@@ -532,6 +532,7 @@ qemuDomainDeviceSupportZPCI(virDomainDeviceDefPtr devic=
e)
     case VIR_DOMAIN_DEVICE_IOMMU:
     case VIR_DOMAIN_DEVICE_VSOCK:
     case VIR_DOMAIN_DEVICE_AUDIO:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
         break;
=20
     case VIR_DOMAIN_DEVICE_NONE:
@@ -1018,6 +1019,7 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDev=
iceDefPtr dev,
     case VIR_DOMAIN_DEVICE_GRAPHICS:
     case VIR_DOMAIN_DEVICE_IOMMU:
     case VIR_DOMAIN_DEVICE_AUDIO:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
     case VIR_DOMAIN_DEVICE_LAST:
     case VIR_DOMAIN_DEVICE_NONE:
         return 0;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 027617deefc7..17ef8451bf34 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -7013,6 +7013,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_IOMMU:
     case VIR_DOMAIN_DEVICE_AUDIO:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
     case VIR_DOMAIN_DEVICE_LAST:
         virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
                        _("live attach of device '%s' is not supported"),
@@ -7148,6 +7149,7 @@ qemuDomainUpdateDeviceLive(virDomainObjPtr vm,
     case VIR_DOMAIN_DEVICE_IOMMU:
     case VIR_DOMAIN_DEVICE_VSOCK:
     case VIR_DOMAIN_DEVICE_AUDIO:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
     case VIR_DOMAIN_DEVICE_LAST:
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
                        _("live update of device '%s' is not supported"),
@@ -7365,6 +7367,7 @@ qemuDomainAttachDeviceConfig(virDomainDefPtr vmdef,
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_IOMMU:
     case VIR_DOMAIN_DEVICE_AUDIO:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
     case VIR_DOMAIN_DEVICE_LAST:
          virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
                         _("persistent attach of device '%s' is not support=
ed"),
@@ -7568,6 +7571,7 @@ qemuDomainDetachDeviceConfig(virDomainDefPtr vmdef,
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_IOMMU:
     case VIR_DOMAIN_DEVICE_AUDIO:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
     case VIR_DOMAIN_DEVICE_LAST:
         virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
                        _("persistent detach of device '%s' is not supporte=
d"),
@@ -7676,6 +7680,7 @@ qemuDomainUpdateDeviceConfig(virDomainDefPtr vmdef,
     case VIR_DOMAIN_DEVICE_IOMMU:
     case VIR_DOMAIN_DEVICE_VSOCK:
     case VIR_DOMAIN_DEVICE_AUDIO:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
     case VIR_DOMAIN_DEVICE_LAST:
         virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
                        _("persistent update of device '%s' is not supporte=
d"),
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index f336a90c8eb5..49cc461970bc 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -5048,6 +5048,7 @@ qemuDomainRemoveAuditDevice(virDomainObjPtr vm,
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_IOMMU:
     case VIR_DOMAIN_DEVICE_AUDIO:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
     case VIR_DOMAIN_DEVICE_LAST:
         /* libvirt doesn't yet support detaching these devices */
         break;
@@ -5147,6 +5148,7 @@ qemuDomainRemoveDevice(virQEMUDriverPtr driver,
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_IOMMU:
     case VIR_DOMAIN_DEVICE_AUDIO:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
     case VIR_DOMAIN_DEVICE_LAST:
         virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
                        _("don't know how to remove a %s device"),
@@ -5961,6 +5963,7 @@ qemuDomainDetachDeviceLive(virDomainObjPtr vm,
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_IOMMU:
     case VIR_DOMAIN_DEVICE_AUDIO:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
     case VIR_DOMAIN_DEVICE_LAST:
         virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
                        _("live detach of device '%s' is not supported"),
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index eadf3af8b396..63a7c1789363 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -4788,6 +4788,7 @@ qemuValidateDomainDeviceDef(const virDomainDeviceDef =
*dev,
     case VIR_DOMAIN_DEVICE_LEASE:
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_AUDIO:
+    case VIR_DOMAIN_DEVICE_AUTHZ:
     case VIR_DOMAIN_DEVICE_NONE:
     case VIR_DOMAIN_DEVICE_LAST:
         break;
--=20
2.28.0


From nobody Fri May  3 21:29:56 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 63.128.21.124 as permitted sender) client-ip=63.128.21.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1610613541; cv=none;
	d=zohomail.com; s=zohoarc;
	b=FEvJHQ7QwhcHwpu2+6fUKD3uji0B5sPuUzmmz4L5KcTxm/faXu2GIi05pBRLPoVh/McQlcFBKxCONU0Smm3MmWRDp7ZWUY0wVHf/DqOXsYxiO/bugtMuHjlBaDL+6V9U9sF9wSDOfv1VRZKaYH+tJxxUntXmIqwMIiarIAH7F5Y=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1610613541;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=MOF/bZ/gWsk7jalh4/ARwApmmHN6MtKaBZkpA3mwfi8=;
	b=h0W6gVSzxfymWZ4p6BpfwGTE+/LeKrFjcbwwqNHVpI7G9pTzgse5L8BdOMJRplYnS+dajQcQXvTmOzZ1A9uPzPG332MPeTkO3FzSRDXnZMb7hYVOFvHVtFQdmJkFNYPUpPQQQ3VPkl0b4At9oIWWnYnzc1i1x4W0puHFYSC4pHE=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com
	with SMTPS id 1610613541262654.8138121419689;
 Thu, 14 Jan 2021 00:39:01 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-528-VspVIqozMuashO7myFGnTg-1; Thu, 14 Jan 2021 03:38:58 -0500
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 87D70839A00;
	Thu, 14 Jan 2021 08:38:52 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 642C160C6A;
	Thu, 14 Jan 2021 08:38:52 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2FFB84EA6C;
	Thu, 14 Jan 2021 08:38:52 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 10E8cbkA022254 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 14 Jan 2021 03:38:37 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 324F62166B30; Thu, 14 Jan 2021 08:38:37 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 2CE1A2166B2D
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 08:38:35 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7F3DE82DFE2
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 08:38:35 +0000 (UTC)
Received: from szxga05-in.huawei.com (szxga05-in.huawei.com
	[45.249.212.191]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-409-lrtkgQBhPE-2UE6LwEQaZQ-1; Thu, 14 Jan 2021 03:38:31 -0500
Received: from DGGEMS409-HUB.china.huawei.com (unknown [172.30.72.58])
	by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4DGccR3JbVzMKDC
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 16:17:27 +0800 (CST)
Received: from DESKTOP-F1615D3.china.huawei.com (10.174.186.85) by
	DGGEMS409-HUB.china.huawei.com (10.3.19.209) with Microsoft SMTP Server
	id 14.3.498.0; Thu, 14 Jan 2021 16:18:39 +0800
X-MC-Unique: VspVIqozMuashO7myFGnTg-1
X-MC-Unique: lrtkgQBhPE-2UE6LwEQaZQ-1
From: Zihao Chang <changzihao1@huawei.com>
To: <libvir-list@redhat.com>
Subject: [PATCH 2/6] authz: support passing authz device to qemu cmd
Date: Thu, 14 Jan 2021 16:18:17 +0800
Message-ID: <20210114081821.146-3-changzihao1@huawei.com>
In-Reply-To: <20210114081821.146-1-changzihao1@huawei.com>
References: <20210114081821.146-1-changzihao1@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.174.186.85]
X-CFilter-Loop: Reflected
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 10E8cbkA022254
X-loop: libvir-list@redhat.com
Cc: oscar.zhangbo@huawei.com, changzihao1@huawei.com, xiexiangyou@huawei.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

support passing authz devices to qemu cmd, the cmd is like:
qemu-kvm ...
-object authz-simple,id=3Dauthz1,identity=3Dtest

Signed-off-by: Zihao Chang <changzihao1@huawei.com>
---
 src/qemu/qemu_command.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index d5f0bcb81877..8679c62d550f 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -3960,6 +3960,33 @@ qemuBuildInputCommandLine(virCommandPtr cmd,
 }
=20
=20
+static int
+qemuBuildAuthzCommandLine(virCommandPtr cmd,
+                          const virDomainDef *def)
+{
+    g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER;
+    size_t i;
+
+    for (i =3D 0; i < def->nauthzs; i++) {
+        virDomainAuthzDefPtr authzs =3D def->authzs[i];
+
+        virBufferFreeAndReset(&buf);
+
+        virCommandAddArg(cmd, "-object");
+
+        virBufferAsprintf(&buf, "authz-%s,id=3Dauthz%lu,identity=3D",
+                          virDomainAuthzModeTypeToString(authzs->mode),
+                          authzs->index);
+        virQEMUBuildBufferEscapeComma(&buf, authzs->identity);
+
+        virCommandAddArgBuffer(cmd, &buf);
+
+    }
+
+    return 0;
+}
+
+
 static char *
 qemuBuildSoundDevStr(const virDomainDef *def,
                      virDomainSoundDefPtr sound,
@@ -9965,6 +9992,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver,
     if (qemuBuildInputCommandLine(cmd, def, qemuCaps) < 0)
         return NULL;
=20
+    if (qemuBuildAuthzCommandLine(cmd, def) < 0)
+        return NULL;
+
     if (qemuBuildGraphicsCommandLine(cfg, cmd, def, qemuCaps) < 0)
         return NULL;
=20
--=20
2.28.0


From nobody Fri May  3 21:29:56 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 63.128.21.124 as permitted sender) client-ip=63.128.21.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1610613532; cv=none;
	d=zohomail.com; s=zohoarc;
	b=mGZer4RjJ0ZeyNXPiF5lzRm9x4UQsFnapNwMwv1ISuOw/wXJVcnS6cII+aB1uxvLjclVE8YwS9UFm4gTz2UXc8PVNS2QI/Cw6bB7LjRFx2IPcf7O33zlEdUWSFuEjEQqzQ2edtZjPl3F1FnyeZz9NGr5NtpnbZ+xgcbr/zjw9JA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1610613532;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=ILiE4qXu0pIbDA7/H5XKR5tBKJiRsu0AP5K7CYKjO7A=;
	b=DqzX1K4TKlu1NeCMnEe12Stm6ERZco4dBlwrcB6EaCSV42gPsRxYjPVcTHCi3/5a4eBKJ+GwTfV5heXzcQpvR03HkI3S5n7v8aiYcamOwZx5agp4XjJeWGEV54hLAew5dUPwsmGgvZG7djEQ1/D40YMLFLa8yhChlrxtG/AL4iM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com
	with SMTPS id 1610613532632843.7733760571223;
 Thu, 14 Jan 2021 00:38:52 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-524-xqYLcI-6MCah9iBkMVLcoQ-1; Thu, 14 Jan 2021 03:38:48 -0500
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7F89BBBF1C;
	Thu, 14 Jan 2021 08:38:38 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 5C3495C67A;
	Thu, 14 Jan 2021 08:38:38 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9BB491809C9F;
	Thu, 14 Jan 2021 08:38:36 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 10E8cZQP022233 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 14 Jan 2021 03:38:35 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 259BC101F0B9; Thu, 14 Jan 2021 08:38:35 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 21CB61018CBD
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 08:38:35 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 141F4811E78
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 08:38:35 +0000 (UTC)
Received: from szxga04-in.huawei.com (szxga04-in.huawei.com
	[45.249.212.190]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-568-tv6l7hYCMbmEZyl_NNVt5A-1; Thu, 14 Jan 2021 03:38:30 -0500
Received: from DGGEMS409-HUB.china.huawei.com (unknown [172.30.72.59])
	by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4DGccs2w2Yz15sld
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 16:17:49 +0800 (CST)
Received: from DESKTOP-F1615D3.china.huawei.com (10.174.186.85) by
	DGGEMS409-HUB.china.huawei.com (10.3.19.209) with Microsoft SMTP Server
	id 14.3.498.0; Thu, 14 Jan 2021 16:18:40 +0800
X-MC-Unique: xqYLcI-6MCah9iBkMVLcoQ-1
X-MC-Unique: tv6l7hYCMbmEZyl_NNVt5A-1
From: Zihao Chang <changzihao1@huawei.com>
To: <libvir-list@redhat.com>
Subject: [PATCH 3/6] authz: support formating authz to xml
Date: Thu, 14 Jan 2021 16:18:18 +0800
Message-ID: <20210114081821.146-4-changzihao1@huawei.com>
In-Reply-To: <20210114081821.146-1-changzihao1@huawei.com>
References: <20210114081821.146-1-changzihao1@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.174.186.85]
X-CFilter-Loop: Reflected
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 10E8cZQP022233
X-loop: libvir-list@redhat.com
Cc: oscar.zhangbo@huawei.com, changzihao1@huawei.com, xiexiangyou@huawei.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

support formating vmdef's authz devices to xml
<authz mode=3D'%s' index=3D'%d' identity=3D'%s'/>

Signed-off-by: Zihao Chang <changzihao1@huawei.com>
---
 src/conf/domain_conf.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d547a93e16cd..540f1706fd23 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -28950,6 +28950,12 @@ virDomainDefFormatInternalSetRootName(virDomainDef=
Ptr def,
             return -1;
     }
=20
+    for (n =3D 0; n < def->nauthzs; n++) {
+        if (virDomainAuthzDefFormat(buf, def->authzs[n]) < 0)
+            return -1;
+
+    }
+
     for (n =3D 0; n < def->ngraphics; n++) {
         if (virDomainGraphicsDefFormat(buf, def->graphics[n], flags) < 0)
             return -1;
--=20
2.28.0


From nobody Fri May  3 21:29:56 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1610613533; cv=none;
	d=zohomail.com; s=zohoarc;
	b=iIoMVT58Fetjno0x0SIOfsbPcKYqk0koiZMSdIKXgUw19L00KlCQ/SwcjTgKj5codzXeQBKbceDrFBWJ8ci79dq+LmgoYrHBLiV1YtRoZObljDDvN9p3EqhqV8daQcw5dsDay+50TqFfFy1MqA5uPSOcPJDTQtiW+4lZsxU3JgE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1610613533;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=4P2S4f87H+FeaakSV+F/rkz5wdZc4+ChGUBGEtxBVEQ=;
	b=OIk1GgxxVuJQfn+bc5BoPmpSW4FQWVMopaQQoepZ5JlfIM0zPaPHE+o1k/QlVWrOyrwDqiN4wKIfMLmALK0dgXiTpoAS417jIkDzkn/nf9I8veY9Eimow6UZfn9e8TCrinJh2/Mn6H+Q6oa+/EJ5931WV7nzzwRl8miPNeNnL6M=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1610613533875429.86638761850145;
 Thu, 14 Jan 2021 00:38:53 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-353-HE8cdxKLNTuT8slg2aQybQ-1; Thu, 14 Jan 2021 03:38:50 -0500
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 063401084443;
	Thu, 14 Jan 2021 08:38:38 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id B78F071D60;
	Thu, 14 Jan 2021 08:38:37 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2D3D54A7C6;
	Thu, 14 Jan 2021 08:38:33 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
	[10.11.54.5])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 10E8cUJe022205 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 14 Jan 2021 03:38:31 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 9B81ADA691; Thu, 14 Jan 2021 08:38:30 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 96882D93D2
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 08:38:28 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[207.211.31.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7FCEE811E76
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 08:38:28 +0000 (UTC)
Received: from szxga04-in.huawei.com (szxga04-in.huawei.com
	[45.249.212.190]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-101-j8LTl0yAO2m4iTqF5KK8IQ-1; Thu, 14 Jan 2021 03:38:25 -0500
Received: from DGGEMS409-HUB.china.huawei.com (unknown [172.30.72.59])
	by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4DGccs2Vbnz15s90
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 16:17:49 +0800 (CST)
Received: from DESKTOP-F1615D3.china.huawei.com (10.174.186.85) by
	DGGEMS409-HUB.china.huawei.com (10.3.19.209) with Microsoft SMTP Server
	id 14.3.498.0; Thu, 14 Jan 2021 16:18:42 +0800
X-MC-Unique: HE8cdxKLNTuT8slg2aQybQ-1
X-MC-Unique: j8LTl0yAO2m4iTqF5KK8IQ-1
From: Zihao Chang <changzihao1@huawei.com>
To: <libvir-list@redhat.com>
Subject: [PATCH 4/6] authz: support parsing the authz element in vnc
Date: Thu, 14 Jan 2021 16:18:19 +0800
Message-ID: <20210114081821.146-5-changzihao1@huawei.com>
In-Reply-To: <20210114081821.146-1-changzihao1@huawei.com>
References: <20210114081821.146-1-changzihao1@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.174.186.85]
X-CFilter-Loop: Reflected
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 10E8cUJe022205
X-loop: libvir-list@redhat.com
Cc: oscar.zhangbo@huawei.com, changzihao1@huawei.com, xiexiangyou@huawei.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

support parsing the authz xml element in vnc.

Signed-off-by: Zihao Chang <changzihao1@huawei.com>
---
 src/conf/domain_conf.c  | 99 ++++++++++++++++++++++++++++++++++++++---
 src/conf/domain_conf.h  |  7 +++
 src/conf/virconftypes.h |  3 ++
 3 files changed, 104 insertions(+), 5 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 540f1706fd23..e303bd76b779 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -12751,9 +12751,9 @@ virDomainTimerDefParseXML(xmlNodePtr node,
=20
=20
 static int
-virDomainGraphicsAuthDefParseXML(xmlNodePtr node,
-                                 virDomainGraphicsAuthDefPtr def,
-                                 int type)
+virDomainGraphicsPasswdDefParseXML(xmlNodePtr node,
+                                   virDomainGraphicsAuthDefPtr def,
+                                   int type)
 {
     g_autofree char *validTo =3D NULL;
     g_autofree char *connected =3D virXMLPropString(node, "connected");
@@ -12819,6 +12819,95 @@ virDomainGraphicsAuthDefParseXML(xmlNodePtr node,
 }
=20
=20
+static int
+virDomainGraphicsAuthzDefParseXML(virDomainGraphicsAuthzDefPtr def,
+                                  xmlNodePtr node)
+{
+   int ret =3D -1;
+   g_autofree char *type =3D virXMLPropString(node, "type");
+   g_autofree char *id =3D virXMLPropString(node, "index");
+   unsigned int idVal;
+   int typeVal;
+
+   if (!type || !id) {
+       virReportError(VIR_ERR_XML_ERROR, "%s",
+                      _("graphics authz type and id must be specified"));
+       goto error;
+   }
+
+   if ((typeVal =3D virDomainAuthzTypeTypeFromString(type)) < 0) {
+       virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                      _("unknown graphics authz type '%s'"), type);
+       goto error;
+   }
+
+   if ((virStrToLong_uip(id, NULL, 10, &idVal) < 0)) {
+       virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                      _("invalid graphics authz index: %s"), id);
+       goto error;
+   }
+
+   def->type =3D typeVal;
+   def->index =3D idVal;
+
+   ret =3D 0;
+ error:
+   return ret;
+}
+
+
+static int
+virDomainGraphicsAuthzsDefParseXML(xmlNodePtr node,
+                                   virDomainGraphicsAuthDefPtr def,
+                                   xmlXPathContextPtr ctxt)
+{
+    VIR_XPATH_NODE_AUTORESTORE(ctxt)
+    int nAuthzs;
+    int ret =3D -1;
+    g_autofree xmlNodePtr *authzNodes =3D NULL;
+
+    ctxt->node =3D node;
+
+    /* parse the <authz> subelements for graphics types that support it */
+    nAuthzs =3D virXPathNodeSet("./authz", ctxt, &authzNodes);
+    if (nAuthzs < 0) {
+        goto cleanup;
+    }
+
+    if (nAuthzs > 0) {
+        size_t i;
+
+        def->authzs =3D g_new0(virDomainGraphicsAuthzDef, nAuthzs);
+
+        for (i =3D 0; i < nAuthzs; i++) {
+            if (virDomainGraphicsAuthzDefParseXML(&def->authzs[i],
+                                                  authzNodes[i]) < 0)
+                goto cleanup;
+
+            def->nAuthzs++;
+        }
+    }
+
+    ret =3D 0;
+
+ cleanup:
+    return ret;
+}
+
+
+static int
+virDomainGraphicsAuthDefParseXML(xmlNodePtr node,
+                                 virDomainGraphicsAuthDefPtr def,
+                                 xmlXPathContextPtr ctxt,
+                                 int type)
+{
+    if (virDomainGraphicsPasswdDefParseXML(node, def, type) ||
+        virDomainGraphicsAuthzsDefParseXML(node, def, ctxt))
+        return -1;
+    return 0;
+}
+
+
 /**
  * virDomainGraphicsListenDefParseXML:
  * @def: listen def pointer to be filled
@@ -13126,7 +13215,7 @@ virDomainGraphicsDefParseXMLVNC(virDomainGraphicsDe=
fPtr def,
     def->data.vnc.keymap =3D virXMLPropString(node, "keymap");
=20
     if (virDomainGraphicsAuthDefParseXML(node, &def->data.vnc.auth,
-                                         def->type) < 0)
+                                         ctxt, def->type) < 0)
         return -1;
=20
     return 0;
@@ -13312,7 +13401,7 @@ virDomainGraphicsDefParseXMLSpice(virDomainGraphics=
DefPtr def,
     def->data.spice.keymap =3D virXMLPropString(node, "keymap");
=20
     if (virDomainGraphicsAuthDefParseXML(node, &def->data.spice.auth,
-                                         def->type) < 0)
+                                         ctxt, def->type) < 0)
         return -1;
=20
     cur =3D node->children;
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 01e04250c28b..8cf7440f08aa 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1613,11 +1613,18 @@ typedef enum {
     VIR_DOMAIN_GRAPHICS_AUTH_CONNECTED_LAST
 } virDomainGraphicsAuthConnectedType;
=20
+struct _virDomainGraphicsAuthzDef {
+    virDomainAuthzType type;
+    unsigned long index;
+};
+
 struct _virDomainGraphicsAuthDef {
     char *passwd;
     bool expires; /* Whether there is an expiry time set */
     time_t validTo;  /* seconds since epoch */
     int connected; /* action if connected */
+    size_t nAuthzs;
+    virDomainGraphicsAuthzDefPtr authzs;
 };
=20
 typedef enum {
diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h
index 697bd60a04e2..e66f3c5124e7 100644
--- a/src/conf/virconftypes.h
+++ b/src/conf/virconftypes.h
@@ -162,6 +162,9 @@ typedef virDomainGraphicsDef *virDomainGraphicsDefPtr;
 typedef struct _virDomainGraphicsListenDef virDomainGraphicsListenDef;
 typedef virDomainGraphicsListenDef *virDomainGraphicsListenDefPtr;
=20
+typedef struct _virDomainGraphicsAuthzDef virDomainGraphicsAuthzDef;
+typedef virDomainGraphicsAuthzDef *virDomainGraphicsAuthzDefPtr;
+
 typedef struct _virDomainHostdevCaps virDomainHostdevCaps;
 typedef virDomainHostdevCaps *virDomainHostdevCapsPtr;
=20
--=20
2.28.0


From nobody Fri May  3 21:29:56 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1610613528; cv=none;
	d=zohomail.com; s=zohoarc;
	b=MZjjjq4azp33yAnEsyhnvb1gxZJR7vjz664GX8W4dmjHeFrW+hJJ47UbJZifI/g0DJK4pu0rc0yZHqg6obs9r1tOduBcN+Bd5wwNEY1drufk+B6Fh5wUKg3bFJpGams022+8qO+AdEM0ZygoCsdWV2UbX61xRCuOB/TNCLDEIiE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1610613528;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=oyVKnQ9b5uYTF+PfHi5SgyvajvcMBuMqED/16qSLt+w=;
	b=HXUWdBGeBt6dkvgNcHLtHbExxOl5reKYrE7TtuGBcEHxJsBu2bl4eTcZXp7hbEF1hjyrYxmmmSUNFAlK0LYUF7lL7sDFPSc3GTZxKVZ4VuXu9cafN8gu4hdt8dMh7YUuGMU+dHz9zkCA/93ddjrlY8zC+Zkem1EUpvmpqLQYb4o=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1610613528812412.577032083679;
 Thu, 14 Jan 2021 00:38:48 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-453-7IAVNWBiNMGGC-g6cBNyUw-1; Thu, 14 Jan 2021 03:38:45 -0500
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 78CCD8712EC;
	Thu, 14 Jan 2021 08:38:37 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id E4F5E5C67A;
	Thu, 14 Jan 2021 08:38:36 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2D767180954D;
	Thu, 14 Jan 2021 08:38:33 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 10E8cVhO022206 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 14 Jan 2021 03:38:31 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 05F00102044A; Thu, 14 Jan 2021 08:38:31 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 0210410F8E34
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 08:38:28 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7E0B4803DDF
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 08:38:28 +0000 (UTC)
Received: from szxga04-in.huawei.com (szxga04-in.huawei.com
	[45.249.212.190]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-101-XYT_KVyAPx-ERY8XJLh9MA-1; Thu, 14 Jan 2021 03:38:25 -0500
Received: from DGGEMS409-HUB.china.huawei.com (unknown [172.30.72.59])
	by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4DGccs2lJfz15sgK
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 16:17:49 +0800 (CST)
Received: from DESKTOP-F1615D3.china.huawei.com (10.174.186.85) by
	DGGEMS409-HUB.china.huawei.com (10.3.19.209) with Microsoft SMTP Server
	id 14.3.498.0; Thu, 14 Jan 2021 16:18:44 +0800
X-MC-Unique: 7IAVNWBiNMGGC-g6cBNyUw-1
X-MC-Unique: XYT_KVyAPx-ERY8XJLh9MA-1
From: Zihao Chang <changzihao1@huawei.com>
To: <libvir-list@redhat.com>
Subject: [PATCH 5/6] authz: support passing sasl acl in vnc to qemu cmd
Date: Thu, 14 Jan 2021 16:18:20 +0800
Message-ID: <20210114081821.146-6-changzihao1@huawei.com>
In-Reply-To: <20210114081821.146-1-changzihao1@huawei.com>
References: <20210114081821.146-1-changzihao1@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.174.186.85]
X-CFilter-Loop: Reflected
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 10E8cVhO022206
X-loop: libvir-list@redhat.com
Cc: oscar.zhangbo@huawei.com, changzihao1@huawei.com, xiexiangyou@huawei.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

support passing sasl acl in vnc to qemu cmd.
turn the xml example:
...
<graphics ...>
  <authz type=3D'sasl' index=3D'1'/>
</graphics>
...
into qemu cmd:
qemu-kvm
...
-vnc 0.0.0.0:0,sasl,sasl-authz=3Dauthz1

Signed-off-by: Zihao Chang <changzihao1@huawei.com>
---
 src/qemu/qemu_command.c | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 8679c62d550f..e1a07a6e7113 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7537,6 +7537,30 @@ qemuBuildGraphicsSDLCommandLine(virQEMUDriverConfigP=
tr cfg G_GNUC_UNUSED,
 }
=20
=20
+static int
+qemuBuildGraphicsVNCAuthzCommandLine(virBufferPtr opt,
+                                     virDomainGraphicsDefPtr graphics)
+{
+    size_t i;
+    int nAuthzs =3D graphics->data.vnc.auth.nAuthzs;
+    virDomainGraphicsAuthzDefPtr authzs =3D graphics->data.vnc.auth.authzs;
+
+    if (nAuthzs <=3D 0) {
+        return 0;
+    }
+
+    for (i =3D 0; i < nAuthzs; i++) {
+        if (authzs[i].type =3D=3D VIR_DOMAIN_AUTHZ_TYPE_SASL) {
+            virBufferAsprintf(opt, ",sasl-authz=3Dauthz%lu", authzs[i].ind=
ex);
+        } else if (authzs[i].type =3D=3D VIR_DOMAIN_AUTHZ_TYPE_TLS) {
+            virBufferAsprintf(opt, ",tls-authz=3Dauthz%lu", authzs[i].inde=
x);
+        }
+    }
+
+    return 0;
+}
+
+
 static int
 qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPtr cfg,
                                 virCommandPtr cmd,
@@ -7643,7 +7667,10 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigP=
tr cfg,
         if (cfg->vncSASLdir)
             virCommandAddEnvPair(cmd, "SASL_CONF_PATH", cfg->vncSASLdir);
=20
-        /* TODO: Support ACLs later */
+    }
+
+    if (cfg->vncSASL || cfg->vncTLS) {
+        qemuBuildGraphicsVNCAuthzCommandLine(&opt, graphics);
     }
=20
     virCommandAddArg(cmd, "-vnc");
--=20
2.28.0


From nobody Fri May  3 21:29:56 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1610613543; cv=none;
	d=zohomail.com; s=zohoarc;
	b=A0fUTUAcnTsHV96vOIMMIVsei3Ceup0K3LXgNoJpiMz7y81jHj9tIagmwd9+cBufhRHYxWzfkkVCmo1MP12+3OqWXdUnc7riuWGWmfXmyUfeg+33UIDuSZv8cQAqsyYOwhgDU02pTUUbHXdfun9UoL7C6TwXDvBMVohPrSnXzLQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1610613543;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=8iZqFAPGYJthC2gApC8TnOVaU5id50lZP//UoKb3K+4=;
	b=HT2Y6GRY74xDwA8lsy2je70IWb0BDxcffub6Dna4xjFfGAVI+xZl85KOHriH2TFbuwzs9+IdXsHePkdq5UXbAB1g/VoNJ7EOb0+SSkjaUp3kKQDfud14TG3mi/AdEaAji7F4Dri+imhj6eFb/mRSPQcrTTtofU4ylDYTrc9Mu0A=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1610613543322732.0605074704725;
 Thu, 14 Jan 2021 00:39:03 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-101-I1qx72i9OC2gmIEeVjP_jQ-1; Thu, 14 Jan 2021 03:38:59 -0500
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7D6FA1007481;
	Thu, 14 Jan 2021 08:38:52 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 5C15360C5D;
	Thu, 14 Jan 2021 08:38:52 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 271604E590;
	Thu, 14 Jan 2021 08:38:52 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com
	[10.11.54.4])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 10E8cYjb022231 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 14 Jan 2021 03:38:35 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id B22E12026D12; Thu, 14 Jan 2021 08:38:34 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id AD6B62026D47
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 08:38:32 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 89A4B80120A
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 08:38:32 +0000 (UTC)
Received: from szxga05-in.huawei.com (szxga05-in.huawei.com
	[45.249.212.191]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-582-nQkSP4GnMEWgLaaxTjpVEQ-1; Thu, 14 Jan 2021 03:38:29 -0500
Received: from DGGEMS409-HUB.china.huawei.com (unknown [172.30.72.58])
	by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4DGccd4Y5BzMKD8
	for <libvir-list@redhat.com>; Thu, 14 Jan 2021 16:17:37 +0800 (CST)
Received: from DESKTOP-F1615D3.china.huawei.com (10.174.186.85) by
	DGGEMS409-HUB.china.huawei.com (10.3.19.209) with Microsoft SMTP Server
	id 14.3.498.0; Thu, 14 Jan 2021 16:18:45 +0800
X-MC-Unique: I1qx72i9OC2gmIEeVjP_jQ-1
X-MC-Unique: nQkSP4GnMEWgLaaxTjpVEQ-1
From: Zihao Chang <changzihao1@huawei.com>
To: <libvir-list@redhat.com>
Subject: [PATCH 6/6] vnc: support authz ACL xml format
Date: Thu, 14 Jan 2021 16:18:21 +0800
Message-ID: <20210114081821.146-7-changzihao1@huawei.com>
In-Reply-To: <20210114081821.146-1-changzihao1@huawei.com>
References: <20210114081821.146-1-changzihao1@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.174.186.85]
X-CFilter-Loop: Reflected
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 10E8cYjb022231
X-loop: libvir-list@redhat.com
Cc: oscar.zhangbo@huawei.com, changzihao1@huawei.com, xiexiangyou@huawei.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

support authz ACL Xml format.

Signed-off-by: Zihao Chang <changzihao1@huawei.com>
---
 src/conf/domain_conf.c | 40 +++++++++++++++++++++++++++++++++++-----
 1 file changed, 35 insertions(+), 5 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index e303bd76b779..de1813227f03 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -26960,9 +26960,9 @@ virDomainTimerDefFormat(virBufferPtr buf,
 }
=20
 static void
-virDomainGraphicsAuthDefFormatAttr(virBufferPtr buf,
-                                   virDomainGraphicsAuthDefPtr def,
-                                   unsigned int flags)
+virDomainGraphicsPasswdDefFormatAttr(virBufferPtr buf,
+                                     virDomainGraphicsAuthDefPtr def,
+                                     unsigned int flags)
 {
     if (!def->passwd)
         return;
@@ -26986,6 +26986,34 @@ virDomainGraphicsAuthDefFormatAttr(virBufferPtr bu=
f,
 }
=20
=20
+static void
+virDomainGraphicsAuthzDefFormatAttr(virBufferPtr buf,
+                                    virDomainGraphicsAuthzDefPtr def)
+{
+    virBufferAsprintf(buf, "<authz type=3D'%s' index=3D'%lu'/>\n",
+                      virDomainAuthzTypeTypeToString(def->type),
+                      def->index);
+    return;
+}
+
+
+static void
+virDomainGraphicsAuthzsDefFormatAttr(virBufferPtr buf,
+                                     virDomainGraphicsAuthDefPtr def)
+{
+    size_t i;
+
+    if (!def->nAuthzs)
+        return;
+
+    for (i =3D 0; i < def->nAuthzs; i++) {
+        virDomainGraphicsAuthzDefFormatAttr(buf, &def->authzs[i]);
+    }
+
+    return;
+}
+
+
 static void
 virDomainGraphicsListenDefFormat(virBufferPtr buf,
                                  virDomainGraphicsListenDefPtr def,
@@ -27149,7 +27177,7 @@ virDomainGraphicsDefFormat(virBufferPtr buf,
                               virDomainGraphicsVNCSharePolicyTypeToString(
                               def->data.vnc.sharePolicy));
=20
-        virDomainGraphicsAuthDefFormatAttr(buf, &def->data.vnc.auth, flags=
);
+        virDomainGraphicsPasswdDefFormatAttr(buf, &def->data.vnc.auth, fla=
gs);
         break;
=20
     case VIR_DOMAIN_GRAPHICS_TYPE_SDL:
@@ -27261,7 +27289,7 @@ virDomainGraphicsDefFormat(virBufferPtr buf,
             virBufferAsprintf(buf, " defaultMode=3D'%s'",
               virDomainGraphicsSpiceChannelModeTypeToString(def->data.spic=
e.defaultMode));
=20
-        virDomainGraphicsAuthDefFormatAttr(buf, &def->data.spice.auth, fla=
gs);
+        virDomainGraphicsPasswdDefFormatAttr(buf, &def->data.spice.auth, f=
lags);
         break;
=20
     case VIR_DOMAIN_GRAPHICS_TYPE_EGL_HEADLESS:
@@ -27317,6 +27345,8 @@ virDomainGraphicsDefFormat(virBufferPtr buf,
         virDomainGraphicsListenDefFormat(buf, &def->listens[i], flags);
     }
=20
+    virDomainGraphicsAuthzsDefFormatAttr(buf, &def->data.vnc.auth);
+
     if (def->type =3D=3D VIR_DOMAIN_GRAPHICS_TYPE_SPICE) {
         for (i =3D 0; i < VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_LAST; i++) {
             int mode =3D def->data.spice.channels[i];
--=20
2.28.0