diff options
| author | Daniel P. Berrangé <berrange@redhat.com> | 2021-02-19 17:47:31 +0000 |
|---|---|---|
| committer | Daniel P. Berrangé <berrange@redhat.com> | 2021-03-18 09:22:55 +0000 |
| commit | 5994dcb8d8525ac044a31913c6bceeee788ec700 (patch) | |
| tree | 8016ae5b1a56d284a8d55599aee05ff0357a1ffd /monitor | |
| parent | 571d413b5da6bc6f1c2aaca8484717642255ddb0 (diff) | |
ui, monitor: remove deprecated VNC ACL option and HMP commands
The VNC ACL concept has been replaced by the pluggable "authz" framework
which does not use monitor commands.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'monitor')
| -rw-r--r-- | monitor/misc.c | 187 |
1 files changed, 0 insertions, 187 deletions
diff --git a/monitor/misc.c b/monitor/misc.c index a7650ed747..d9ed2bacef 100644 --- a/monitor/misc.c +++ b/monitor/misc.c @@ -1045,193 +1045,6 @@ static void hmp_wavcapture(Monitor *mon, const QDict *qdict) QLIST_INSERT_HEAD (&capture_head, s, entries); } -static QAuthZList *find_auth(Monitor *mon, const char *name) -{ - Object *obj; - Object *container; - - container = object_get_objects_root(); - obj = object_resolve_path_component(container, name); - if (!obj) { - monitor_printf(mon, "acl: unknown list '%s'\n", name); - return NULL; - } - - return QAUTHZ_LIST(obj); -} - -static bool warn_acl; -static void hmp_warn_acl(void) -{ - if (warn_acl) { - return; - } - error_report("The acl_show, acl_reset, acl_policy, acl_add, acl_remove " - "commands are deprecated with no replacement. Authorization " - "for VNC should be performed using the pluggable QAuthZ " - "objects"); - warn_acl = true; -} - -static void hmp_acl_show(Monitor *mon, const QDict *qdict) -{ - const char *aclname = qdict_get_str(qdict, "aclname"); - QAuthZList *auth = find_auth(mon, aclname); - QAuthZListRuleList *rules; - size_t i = 0; - - hmp_warn_acl(); - - if (!auth) { - return; - } - - monitor_printf(mon, "policy: %s\n", - QAuthZListPolicy_str(auth->policy)); - - rules = auth->rules; - while (rules) { - QAuthZListRule *rule = rules->value; - i++; - monitor_printf(mon, "%zu: %s %s\n", i, - QAuthZListPolicy_str(rule->policy), - rule->match); - rules = rules->next; - } -} - -static void hmp_acl_reset(Monitor *mon, const QDict *qdict) -{ - const char *aclname = qdict_get_str(qdict, "aclname"); - QAuthZList *auth = find_auth(mon, aclname); - - hmp_warn_acl(); - - if (!auth) { - return; - } - - auth->policy = QAUTHZ_LIST_POLICY_DENY; - qapi_free_QAuthZListRuleList(auth->rules); - auth->rules = NULL; - monitor_printf(mon, "acl: removed all rules\n"); -} - -static void hmp_acl_policy(Monitor *mon, const QDict *qdict) -{ - const char *aclname = qdict_get_str(qdict, "aclname"); - const char *policy = qdict_get_str(qdict, "policy"); - QAuthZList *auth = find_auth(mon, aclname); - int val; - Error *err = NULL; - - hmp_warn_acl(); - - if (!auth) { - return; - } - - val = qapi_enum_parse(&QAuthZListPolicy_lookup, - policy, - QAUTHZ_LIST_POLICY_DENY, - &err); - if (err) { - error_free(err); - monitor_printf(mon, "acl: unknown policy '%s', " - "expected 'deny' or 'allow'\n", policy); - } else { - auth->policy = val; - if (auth->policy == QAUTHZ_LIST_POLICY_ALLOW) { - monitor_printf(mon, "acl: policy set to 'allow'\n"); - } else { - monitor_printf(mon, "acl: policy set to 'deny'\n"); - } - } -} - -static QAuthZListFormat hmp_acl_get_format(const char *match) -{ - if (strchr(match, '*')) { - return QAUTHZ_LIST_FORMAT_GLOB; - } else { - return QAUTHZ_LIST_FORMAT_EXACT; - } -} - -static void hmp_acl_add(Monitor *mon, const QDict *qdict) -{ - const char *aclname = qdict_get_str(qdict, "aclname"); - const char *match = qdict_get_str(qdict, "match"); - const char *policystr = qdict_get_str(qdict, "policy"); - int has_index = qdict_haskey(qdict, "index"); - int index = qdict_get_try_int(qdict, "index", -1); - QAuthZList *auth = find_auth(mon, aclname); - Error *err = NULL; - QAuthZListPolicy policy; - QAuthZListFormat format; - size_t i = 0; - - hmp_warn_acl(); - - if (!auth) { - return; - } - - policy = qapi_enum_parse(&QAuthZListPolicy_lookup, - policystr, - QAUTHZ_LIST_POLICY_DENY, - &err); - if (err) { - error_free(err); - monitor_printf(mon, "acl: unknown policy '%s', " - "expected 'deny' or 'allow'\n", policystr); - return; - } - - format = hmp_acl_get_format(match); - - if (has_index && index == 0) { - monitor_printf(mon, "acl: unable to add acl entry\n"); - return; - } - - if (has_index) { - i = qauthz_list_insert_rule(auth, match, policy, - format, index - 1, &err); - } else { - i = qauthz_list_append_rule(auth, match, policy, - format, &err); - } - if (err) { - monitor_printf(mon, "acl: unable to add rule: %s", - error_get_pretty(err)); - error_free(err); - } else { - monitor_printf(mon, "acl: added rule at position %zu\n", i + 1); - } -} - -static void hmp_acl_remove(Monitor *mon, const QDict *qdict) -{ - const char *aclname = qdict_get_str(qdict, "aclname"); - const char *match = qdict_get_str(qdict, "match"); - QAuthZList *auth = find_auth(mon, aclname); - ssize_t i = 0; - - hmp_warn_acl(); - - if (!auth) { - return; - } - - i = qauthz_list_delete_rule(auth, match); - if (i >= 0) { - monitor_printf(mon, "acl: removed rule at position %zu\n", i + 1); - } else { - monitor_printf(mon, "acl: no matching acl entry\n"); - } -} - void qmp_getfd(const char *fdname, Error **errp) { Monitor *cur_mon = monitor_cur(); |