xemu/tests
Daniel P. Berrange 8953caf3cd authz: add QAuthZPAM object type for authorizing using PAM
Add an authorization backend that talks to PAM to check whether the user
identity is allowed. This only uses the PAM account validation facility,
which is essentially just a check to see if the provided username is permitted
access. It doesn't use the authentication or session parts of PAM, since
that's dealt with by the relevant part of QEMU (eg VNC server).

Consider starting QEMU with a VNC server and telling it to use TLS with
x509 client certificates and configuring it to use an PAM to validate
the x509 distinguished name. In this example we're telling it to use PAM
for the QAuthZ impl with a service name of "qemu-vnc"

 $ qemu-system-x86_64 \
     -object tls-creds-x509,id=tls0,dir=/home/berrange/security/qemutls,\
             endpoint=server,verify-peer=yes \
     -object authz-pam,id=authz0,service=qemu-vnc \
     -vnc :1,tls-creds=tls0,tls-authz=authz0

This requires an /etc/pam/qemu-vnc file to be created with the auth
rules. A very simple file based whitelist can be setup using

  $ cat > /etc/pam/qemu-vnc <<EOF
  account         requisite       pam_listfile.so item=user sense=allow file=/etc/qemu/vnc.allow
  EOF

The /etc/qemu/vnc.allow file simply contains one username per line. Any
username not in the file is denied. The usernames in this example are
the x509 distinguished name from the client's x509 cert.

  $ cat > /etc/qemu/vnc.allow <<EOF
  CN=laptop.berrange.com,O=Berrange Home,L=London,ST=London,C=GB
  EOF

More interesting would be to configure PAM to use an LDAP backend, so
that the QEMU authorization check data can be centralized instead of
requiring each compute host to have file maintained.

The main limitation with this PAM module is that the rules apply to all
QEMU instances on the host. Setting up different rules per VM, would
require creating a separate PAM service name & config file for every
guest. An alternative approach for the future might be to not pass in
the plain username to PAM, but instead combine the VM name or UUID with
the username. This requires further consideration though.

Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2019-02-26 15:32:19 +00:00
..
acceptance Acceptance tests: add Linux initrd checking test 2019-01-17 17:52:40 -02:00
data acpi: update expected files 2019-01-17 21:10:57 -05:00
decode scripts: Add decodetree.py 2018-02-22 15:44:07 -08:00
docker tests/docker: peg netmap code to a specific version 2019-02-22 09:32:32 +00:00
fp tests/fp/platform.h: include config-host.h 2019-01-22 20:48:15 +00:00
guest-debug tests/guest-debug: fix scoping of failcount 2018-11-13 10:47:59 +00:00
image-fuzzer python: futurize -f lib2to3.fixes.fix_renames 2018-06-08 14:39:24 -03:00
keys tests: Add a test key pair 2017-09-22 10:46:25 +08:00
libqos qemu/queue.h: simplify reverse access to QTAILQ 2019-01-11 15:46:55 +01:00
migration migration-test: Only generate a single target architecture 2018-10-11 19:58:26 +01:00
multiboot tests/multiboot: Add .gitignore 2018-03-21 15:13:40 +01:00
qapi-schema qapi: Clean up modular built-in code generation a bit 2019-02-18 14:44:04 +01:00
qemu-iotests dirty-bitmap: Expose persistent flag to 'query-block' 2019-02-19 17:49:43 -05:00
rocker tests: Avoid non-portable 'echo -ARG' 2017-07-11 17:45:00 +02:00
tcg tests/tcg: target/mips: Add wrappers for MSA integer compare instructions 2019-02-21 19:36:47 +01:00
vm tests/vm: Be verbose while extracting compressed images 2019-02-11 12:47:08 +00:00
vmstate-static-checker-data
.gitignore tests/.gitignore: don't ignore docker tests 2018-07-24 11:45:25 +01:00
ac97-test.c
acpi-utils.c tests: acpi: reuse fetch_table() in vmgenid-test 2019-01-17 21:10:57 -05:00
acpi-utils.h tests: acpi: use AcpiSdtTable::aml instead of AcpiSdtTable::header::signature 2019-01-17 21:10:57 -05:00
ahci-test.c Testing patches for 2018-08-16 2018-08-16 09:50:54 +01:00
atomic64-bench.c tests: use g_usleep instead of rem = sleep(time) 2019-01-14 14:52:30 +00:00
atomic_add-bench.c tests: use g_usleep instead of rem = sleep(time) 2019-01-14 14:52:30 +00:00
benchmark-crypto-cipher.c crypto: expand algorithm coverage for cipher benchmark 2018-10-24 19:03:37 +01:00
benchmark-crypto-hash.c tests/crypto: Use the IEC binary prefix definitions 2018-07-02 15:41:17 +02:00
benchmark-crypto-hmac.c tests/crypto: Use the IEC binary prefix definitions 2018-07-02 15:41:17 +02:00
bios-tables-test.c tests: acpi: use AcpiSdtTable::aml instead of AcpiSdtTable::header::signature 2019-01-17 21:10:57 -05:00
boot-order-test.c tests/boot-order: Make test independent of global_qtest 2019-01-22 05:14:32 +01:00
boot-sector.c tests/boot-sector: Add magic bytes to s390x boot code header 2018-06-08 13:17:39 -04:00
boot-sector.h tests/boot-sector: Drop dependence on global_qtest 2018-02-14 11:43:41 +01:00
boot-serial-test.c tests: Exit boot-serial-test loop if child dies 2018-12-17 15:37:50 +01:00
cdrom-test.c tests/cdrom-test: only include isapc cdrom test when g_test_slow() 2019-02-22 09:32:32 +00:00
check-block-qdict.c tests: fix crumple/recursive leak 2018-08-15 08:12:19 +02:00
check-block.sh qemu-iotests: convert pwd and $(pwd) to $PWD 2018-11-19 10:08:19 -06:00
check-qdict.c tests: Restore check-qdict unit test 2018-10-10 08:00:00 +02:00
check-qjson.c json: Fix % handling when not interpolating 2019-01-24 15:20:59 +01:00
check-qlist.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
check-qlit.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
check-qnull.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
check-qnum.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
check-qobject.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
check-qom-interface.c qom: make interface types abstract 2018-12-11 15:45:22 -02:00
check-qom-proplist.c tests/qom-proplist: check class properties iterator 2018-10-05 16:27:09 +04:00
check-qstring.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
cpu-plug-test.c hw/i386: Remove deprecated machines pc-0.10 and pc-0.11 2018-12-20 11:19:12 -05:00
crypto-tls-psk-helpers.c crypto: Implement TLS Pre-Shared Keys (PSK). 2018-07-03 13:04:38 +01:00
crypto-tls-psk-helpers.h crypto: Implement TLS Pre-Shared Keys (PSK). 2018-07-03 13:04:38 +01:00
crypto-tls-x509-helpers.c tests: call qcrypto_init instead of gnutls_global_init 2018-07-24 17:33:39 +01:00
crypto-tls-x509-helpers.h crypto: require gnutls >= 3.1.18 for building QEMU 2018-10-19 12:26:57 +01:00
device-introspect-test.c tests/device-introspect: Test with all machines, not only with "none" 2018-08-23 18:46:25 +02:00
display-vga-test.c tests/display-vga: Enable virtio-vga test 2019-01-11 11:45:00 +01:00
drive_del-test.c tests: add qmp_assert_error_class() 2018-08-31 09:53:10 +02:00
ds1338-test.c libqos: Use explicit QTestState for i2c operations 2018-02-14 11:43:41 +01:00
e1000-test.c tests: fix e1000-test leak 2017-03-01 11:51:28 +04:00
e1000e-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
eepro100-test.c tests: fix eepro100-test leak 2017-03-01 11:51:05 +04:00
endianness-test.c tests/endianesss: Make test independent of global_qtest 2019-01-22 05:14:32 +01:00
es1370-test.c
fdc-test.c libqtest: Remove qtest_qmp_discard_response() & friends 2018-08-16 08:42:06 +02:00
fw_cfg-test.c fw_cfg: import & use linux/qemu_fw_cfg.h 2018-08-23 18:46:25 +02:00
hd-geo-test.c block: Remove deprecated -drive geometry options 2018-08-15 12:50:39 +02:00
hexloader-test.c tests/hexloader-test: Don't pass -nographic to the QEMU under test 2019-01-22 06:26:32 +01:00
i440fx-test.c libqos: Track QTestState with QPCIBus 2018-02-14 11:43:02 +01:00
i82801b11-test.c
ide-test.c tests/ide: Free pcibus when finishing a test 2018-11-19 21:59:44 +01:00
intel-hda-test.c
io-channel-helpers.c Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
io-channel-helpers.h
ioh3420-test.c
iothread.c
iothread.h
ipmi-bt-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
ipmi-kcs-test.c tests: fix ipmi-kcs-test leak 2017-03-01 11:51:05 +04:00
ipoctal232-test.c
ivshmem-test.c chardev: forbid 'wait' option with client sockets 2019-02-12 17:35:56 +01:00
libqtest.c chardev: forbid 'wait' option with client sockets 2019-02-12 17:35:56 +01:00
libqtest.h tests/libqtest: Introduce qtest_init_with_serial() 2019-01-29 11:46:04 +00:00
m25p80-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
m48t59-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
machine-none-test.c tests/machine-none: Make test independent of global_qtest 2018-12-17 15:36:40 +01:00
Makefile.include authz: add QAuthZPAM object type for authorizing using PAM 2019-02-26 15:32:19 +00:00
megasas-test.c libqos: Use explicit QTestState for remaining libqos operations 2018-02-14 11:43:41 +01:00
microbit-test.c tests/microbit-test: Add tests for nRF51 NVMC 2019-02-01 15:32:17 +00:00
migration-test.c test: execute g_test_run when tests are skipped 2019-01-11 13:57:25 +01:00
ne2000-test.c
numa-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
nvme-test.c nvme: fix out-of-bounds access to the CMB 2018-11-22 16:43:52 +01:00
pca9552-test.c misc: add pca9552 LED blinker model 2018-06-08 13:15:32 +01:00
pcnet-test.c
pkix_asn1_tab.c
pnv-xscom-test.c tests/pnv-xscom: Make test independent of global_qtest 2019-01-22 05:14:32 +01:00
prom-env-test.c tests/prom-env: Make test independent of global_qtest 2018-12-17 15:36:40 +01:00
ptimer-test-stubs.c qemu-timer: introduce timer attributes 2018-10-19 13:44:03 +02:00
ptimer-test.c ptimer: Add TRIGGER_ONLY_ON_DECREMENT policy option 2018-07-09 14:51:34 +01:00
ptimer-test.h
pvpanic-test.c tests/pvpanic: Make the pvpanic test independent of global_qtest 2018-12-17 15:36:40 +01:00
pxe-test.c tests/pxe: Make test independent of global_qtest 2018-12-17 15:36:40 +01:00
q35-test.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
qemu-iotests-quick.sh
qht-bench.c tests: use g_usleep instead of rem = sleep(time) 2019-01-14 14:52:30 +00:00
qmp-cmd-test.c tests: add qmp/object-add-without-props test 2018-08-31 09:53:10 +02:00
qmp-test.c Revert "tests: Add parameter to qtest_init_without_qmp_handshake" 2018-12-12 10:28:27 +01:00
qom-test.c tests: Skip old versioned machine types in quick testing mode 2018-08-23 18:46:23 +02:00
rcutorture.c rcutorture: remove synchronize_rcu from readers 2018-03-12 16:12:47 +01:00
requirements.txt Acceptance tests: add make rule for running them 2018-10-30 21:13:54 -03:00
rtas-test.c libqos: Use explicit QTestState for remaining libqos operations 2018-02-14 11:43:41 +01:00
rtc-test.c rtc-test: introduce more update tests 2017-08-01 17:27:33 +02:00
rtl8139-test.c libqos: Track QTestState with QPCIBus 2018-02-14 11:43:02 +01:00
sdhci-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
socket-helpers.c sockets: strengthen test suite IP protocol availability checks 2018-03-13 18:06:06 +00:00
socket-helpers.h sockets: strengthen test suite IP protocol availability checks 2018-03-13 18:06:06 +00:00
spapr-phb-test.c
tco-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
test-aio-multithread.c Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
test-aio.c coroutine: add test-aio coroutine queue chaining test case 2018-03-27 13:05:28 +01:00
test-arm-mptimer.c tests/test-arm-mptimer: Don't leak string memory 2018-12-14 13:30:54 +00:00
test-authz-list.c authz: add QAuthZList object type for an access control list 2019-02-26 15:32:18 +00:00
test-authz-listfile.c authz: add QAuthZListFile object type for a file access control list 2019-02-26 15:32:18 +00:00
test-authz-pam.c authz: add QAuthZPAM object type for authorizing using PAM 2019-02-26 15:32:19 +00:00
test-authz-simple.c authz: add QAuthZSimple object type for easy whitelist auth checks 2019-02-26 15:25:58 +00:00
test-base64.c
test-bdrv-drain.c tests/test-bdrv-drain: use QEMU_IOVEC_INIT_BUF 2019-02-22 09:42:13 +00:00
test-bitcnt.c
test-bitops.c
test-block-backend.c block: test blk_aio_flush() with blk->root == NULL 2018-03-02 18:39:07 +01:00
test-block-iothread.c block: Fix hangs in synchronous APIs with iothreads 2019-02-01 13:46:44 +01:00
test-blockjob-txn.c tests/test-blockjob-txn: move .exit to .clean 2018-09-25 15:31:15 +02:00
test-blockjob.c test-blockjob: Acquire AioContext around job_cancel_sync() 2018-09-25 15:50:15 +02:00
test-bufferiszero.c
test-char.c char: allow specifying a GMainContext at opening time 2019-02-13 14:23:39 +01:00
test-clone-visitor.c Eliminate qapi/qmp/types.h 2018-02-09 13:52:15 +01:00
test-coroutine.c lockable: add QemuLockable 2018-02-08 09:22:03 +08:00
test-crypto-afsplit.c
test-crypto-block.c crypto: support multiple threads accessing one QCryptoBlock 2018-12-12 11:16:49 +00:00
test-crypto-cipher.c
test-crypto-hash.c
test-crypto-hmac.c
test-crypto-ivgen.c
test-crypto-pbkdf.c test: execute g_test_run when tests are skipped 2019-01-11 13:57:25 +01:00
test-crypto-secret.c
test-crypto-tlscredsx509.c crypto: require gnutls >= 3.1.18 for building QEMU 2018-10-19 12:26:57 +01:00
test-crypto-tlssession.c tests: fix TLS handshake failure with TLS 1.3 2018-07-24 17:36:12 +01:00
test-crypto-xts.c crypto: add testing for unaligned buffers with XTS cipher mode 2018-10-24 19:03:37 +01:00
test-cutils.c cutils: Fix qemu_strtosz() & friends to reject non-finite sizes 2018-12-13 19:10:06 +01:00
test-filter-mirror.c test-filter-mirror: pass UNIX domain socket through fd 2019-02-04 16:03:20 +00:00
test-filter-redirector.c chardev: forbid 'wait' option with client sockets 2019-02-12 17:35:56 +01:00
test-hbitmap.c Revert "hbitmap: Add @advance param to hbitmap_iter_next()" 2019-01-15 18:26:50 -05:00
test-hmp.c tests: Skip old versioned machine types in quick testing mode 2018-08-23 18:46:23 +02:00
test-image-locking.c tests: Add unit tests for image locking 2018-11-12 17:46:57 +01:00
test-int128.c
test-io-channel-buffer.c
test-io-channel-command.c tests: fix leaks in test-io-channel-command 2017-03-01 00:09:28 +04:00
test-io-channel-file.c io: Fix QIOChannelFile when creating and opening read-write 2018-02-15 16:54:57 +00:00
test-io-channel-socket.c io: ensure UNIX client doesn't unlink server socket 2019-01-24 12:23:35 +00:00
test-io-channel-tls.c tests: use error_abort in places expecting errors 2018-07-24 17:35:57 +01:00
test-io-task.c qio: non-default context for threaded qtask 2018-03-06 10:19:05 +00:00
test-iov.c tests: Use real size for iov tests 2017-09-05 22:34:40 +02:00
test-keyval.c hw: Use IEC binary prefix definitions from "qemu/units.h" 2018-07-02 15:41:10 +02:00
test-logging.c
test-mul64.c
test-netfilter.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
test-opts-visitor.c qapi: Fix QemuOpts visitor regression on unvisited input 2017-03-22 19:24:34 +01:00
test-qapi-util.c Drop superfluous includes of qapi-types.h and test-qapi-types.h 2018-02-09 05:05:11 +01:00
test-qdev-global-props.c qdev: all globals are now user-provided 2019-01-07 16:18:42 +04:00
test-qdist.c
test-qemu-opts.c hw: Use IEC binary prefix definitions from "qemu/units.h" 2018-07-02 15:41:10 +02:00
test-qga.c tests: add qmp_assert_error_class() 2018-08-31 09:53:10 +02:00
test-qht-par.c
test-qht.c qht: drop ht argument from qht iterators 2018-09-26 08:55:54 -07:00
test-qmp-cmds.c tests: add oob functional test for test-qmp-cmds 2018-12-12 10:28:27 +01:00
test-qmp-event.c qapi: Generate QAPIEvent stuff into separate files 2019-02-18 14:44:04 +01:00
test-qobject-input-visitor.c build-sys: move qmp-introspect per target 2019-02-18 14:44:04 +01:00
test-qobject-output-visitor.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
test-rcu-list.c qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
test-rcu-simpleq.c tests: add test-list-simpleq 2018-08-23 18:46:25 +02:00
test-rcu-tailq.c tests: add test-rcu-tailq 2018-08-23 18:46:25 +02:00
test-replication.c test-replication: Lock AioContext around blk_unref() 2018-10-01 19:13:55 +02:00
test-shift128.c
test-string-input-visitor.c test-string-input-visitor: Add range overflow tests 2018-12-13 19:10:06 +01:00
test-string-output-visitor.c tests/qapi: use ARRAY_SIZE macro 2018-02-10 10:45:14 +03:00
test-thread-pool.c Remove unnecessary variables for function return value 2018-05-20 08:48:13 +03:00
test-throttle.c block: convert ThrottleGroup to object with QOM 2017-09-05 18:12:21 +02:00
test-timed-average.c
test-util-filemonitor.c util: add helper APIs for dealing with inotify in portable manner 2019-02-26 15:25:58 +00:00
test-util-sockets.c monitor: Fix unsafe sharing of @cur_mon among threads 2018-07-23 14:00:03 +02:00
test-uuid.c util: add is_equal to UUID API 2017-12-20 22:01:24 +08:00
test-visitor-serialization.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
test-vmstate.c tests: add /vmstate/simple/array 2019-01-23 15:51:47 +00:00
test-write-threshold.c
test-x86-cpuid-compat.c build-sys: remove glib_subprocess check 2018-08-23 18:46:25 +02:00
test-x86-cpuid.c
test-xbzrle.c migration: Create migration/xbzrle.h 2017-05-18 18:04:54 +02:00
tmp105-test.c misc: add pca9552 LED blinker model 2018-06-08 13:15:32 +01:00
tpci200-test.c
tpm-crb-swtpm-test.c test: Pass TPM interface model to functions creating command line 2018-06-06 15:44:07 -04:00
tpm-crb-test.c tests: Fix signalling race condition in TPM tests 2018-09-07 16:37:47 -04:00
tpm-emu.c tests: Fix signalling race condition in TPM tests 2018-09-07 16:37:47 -04:00
tpm-emu.h tests: Fix signalling race condition in TPM tests 2018-09-07 16:37:47 -04:00
tpm-tests.c tests: tpm: Use g_test_message rather than fprintf 2018-11-14 16:12:24 -05:00
tpm-tests.h test: Pass TPM interface model to functions creating command line 2018-06-06 15:44:07 -04:00
tpm-tis-swtpm-test.c test: Add swtpm migration test for the TPM TIS interface 2018-06-06 15:44:12 -04:00
tpm-tis-test.c tests: Fix signalling race condition in TPM tests 2018-09-07 16:37:47 -04:00
tpm-util.c tests/tpm: Display if swtpm is not found or --tpm2 not supported 2018-10-30 13:53:15 -04:00
tpm-util.h Clean up includes 2018-12-20 10:29:08 +01:00
usb-hcd-ehci-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
usb-hcd-ohci-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
usb-hcd-uhci-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
usb-hcd-xhci-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
vhost-user-bridge.c Clean up includes 2018-12-20 10:29:08 +01:00
vhost-user-test.c char: allow specifying a GMainContext at opening time 2019-02-13 14:23:39 +01:00
virtio-9p-test.c libqos: Use explicit QTestState for remaining libqos operations 2018-02-14 11:43:41 +01:00
virtio-balloon-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
virtio-blk-test.c tests/virtio-blk: add test for DISCARD command 2019-02-22 09:42:17 +00:00
virtio-ccw-test.c tests: virtio: separate ccw tests from libqos 2018-08-23 13:32:50 +02:00
virtio-console-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
virtio-net-test.c virtio-net-test: add large tx buffer test 2018-12-04 11:06:15 +00:00
virtio-rng-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
virtio-scsi-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
virtio-serial-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
vmgenid-test.c uuid: Make qemu_uuid_bswap() take and return a QemuUUID 2019-02-01 13:46:45 +01:00
vmxnet3-test.c
wdt_ib700-test.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00