diff options
| author | Jan Kiszka <jan.kiszka@web.de> | 2009-06-25 08:22:08 +0200 |
|---|---|---|
| committer | Anthony Liguori <aliguori@us.ibm.com> | 2009-06-29 14:18:08 -0500 |
| commit | 15dfcd454cb99fd8c65b6ecda24acd9dabd570a7 (patch) | |
| tree | 27df643cf96f7531e37cee828b67b7b449807195 /qemu-monitor.hx | |
| parent | f3353c6bc3c7ef4ce018aa4faa1b02aa59d9d178 (diff) | |
| download | qemu-15dfcd454cb99fd8c65b6ecda24acd9dabd570a7.tar.gz | |
monitor: Refactor acl commnds
Refactor the ACL monitor interface to make full use of the monitor
command dispatcher. This also gives proper help formatting and command
completion. Note that 'acl allow' and 'acl deny' were combined to
'acl_add aclname match allow|deny [index]' for consistency reasons.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'qemu-monitor.hx')
| -rw-r--r-- | qemu-monitor.hx | 76 |
1 files changed, 39 insertions, 37 deletions
diff --git a/qemu-monitor.hx b/qemu-monitor.hx index a87530ca7c..aa29a91738 100644 --- a/qemu-monitor.hx +++ b/qemu-monitor.hx @@ -569,48 +569,50 @@ STEXI Change watchdog action. ETEXI - { "acl", "sss?i?", do_acl, "<command> <aclname> [<match> [<index>]]\n", - "acl show vnc.username\n" - "acl policy vnc.username deny\n" - "acl allow vnc.username fred\n" - "acl deny vnc.username bob\n" - "acl reset vnc.username\n" }, + { "acl_show", "s", do_acl_show, "aclname", + "list rules in the access control list" }, STEXI -@item acl @var{subcommand} @var{aclname} @var{match} @var{index} - -Manage access control lists for network services. There are currently -two named access control lists, @var{vnc.x509dname} and @var{vnc.username} -matching on the x509 client certificate distinguished name, and SASL -username respectively. +@item acl_show @var{aclname} +List all the matching rules in the access control list, and the default +policy. There are currently two named access control lists, +@var{vnc.x509dname} and @var{vnc.username} matching on the x509 client +certificate distinguished name, and SASL username respectively. +ETEXI -@table @option -@item acl show <aclname> -list all the match rules in the access control list, and the default -policy -@item acl policy <aclname> @code{allow|deny} -set the default access control list policy, used in the event that + { "acl_policy", "ss", do_acl_policy, "aclname allow|deny", + "set default access control list policy" }, +STEXI +@item acl_policy @var{aclname] @code{allow|deny} +Set the default access control list policy, used in the event that none of the explicit rules match. The default policy at startup is -always @code{deny} -@item acl allow <aclname> <match> [<index>] -add a match to the access control list, allowing access. The match will -normally be an exact username or x509 distinguished name, but can -optionally include wildcard globs. eg @code{*@@EXAMPLE.COM} to allow -all users in the @code{EXAMPLE.COM} kerberos realm. The match will -normally be appended to the end of the ACL, but can be inserted -earlier in the list if the optional @code{index} parameter is supplied. -@item acl deny <aclname> <match> [<index>] -add a match to the access control list, denying access. The match will -normally be an exact username or x509 distinguished name, but can -optionally include wildcard globs. eg @code{*@@EXAMPLE.COM} to allow -all users in the @code{EXAMPLE.COM} kerberos realm. The match will +always @code{deny}. +ETEXI + + { "acl_add", "sssi?", do_acl_add, "aclname match allow|deny [index]", + "add a match rule to the access control list" }, +STEXI +@item acl_allow @var{aclname} @var{match} @code{allow|deny} [@var{index}] +Add a match rule to the access control list, allowing or denying access. +The match will normally be an exact username or x509 distinguished name, +but can optionally include wildcard globs. eg @code{*@@EXAMPLE.COM} to +allow all users in the @code{EXAMPLE.COM} kerberos realm. The match will normally be appended to the end of the ACL, but can be inserted -earlier in the list if the optional @code{index} parameter is supplied. -@item acl remove <aclname> <match> -remove the specified match rule from the access control list. -@item acl reset <aclname> -remove all matches from the access control list, and set the default +earlier in the list if the optional @var{index} parameter is supplied. +ETEXI + + { "acl_remove", "ss", do_acl_remove, "aclname match", + "remove a match rule from the access control list" }, +STEXI +@item acl_remove @var{aclname} @var{match} +Remove the specified match rule from the access control list. +ETEXI + + { "acl_reset", "s", do_acl_reset, "aclname", + "reset the access control list" }, +STEXI +@item acl_remove @var{aclname} @var{match} +Remove all matches from the access control list, and set the default policy back to @code{deny}. -@end table ETEXI STEXI |