aboutsummaryrefslogtreecommitdiff
path: root/hmp-commands.hx
diff options
context:
space:
mode:
authorDaniel P. Berrangé <berrange@redhat.com>2021-02-19 17:47:31 +0000
committerDaniel P. Berrangé <berrange@redhat.com>2021-03-18 09:22:55 +0000
commit5994dcb8d8525ac044a31913c6bceeee788ec700 (patch)
tree8016ae5b1a56d284a8d55599aee05ff0357a1ffd /hmp-commands.hx
parent571d413b5da6bc6f1c2aaca8484717642255ddb0 (diff)
ui, monitor: remove deprecated VNC ACL option and HMP commands
The VNC ACL concept has been replaced by the pluggable "authz" framework which does not use monitor commands. Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'hmp-commands.hx')
-rw-r--r--hmp-commands.hx76
1 files changed, 0 insertions, 76 deletions
diff --git a/hmp-commands.hx b/hmp-commands.hx
index d4001f9c5d..b500b8526d 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1434,82 +1434,6 @@ SRST
ERST
{
- .name = "acl_show",
- .args_type = "aclname:s",
- .params = "aclname",
- .help = "list rules in the access control list",
- .cmd = hmp_acl_show,
- },
-
-SRST
-``acl_show`` *aclname*
- List all the matching rules in the access control list, and the default
- policy. There are currently two named access control lists,
- *vnc.x509dname* and *vnc.username* matching on the x509 client
- certificate distinguished name, and SASL username respectively.
-ERST
-
- {
- .name = "acl_policy",
- .args_type = "aclname:s,policy:s",
- .params = "aclname allow|deny",
- .help = "set default access control list policy",
- .cmd = hmp_acl_policy,
- },
-
-SRST
-``acl_policy`` *aclname* ``allow|deny``
- Set the default access control list policy, used in the event that
- none of the explicit rules match. The default policy at startup is
- always ``deny``.
-ERST
-
- {
- .name = "acl_add",
- .args_type = "aclname:s,match:s,policy:s,index:i?",
- .params = "aclname match allow|deny [index]",
- .help = "add a match rule to the access control list",
- .cmd = hmp_acl_add,
- },
-
-SRST
-``acl_add`` *aclname* *match* ``allow|deny`` [*index*]
- Add a match rule to the access control list, allowing or denying access.
- The match will normally be an exact username or x509 distinguished name,
- but can optionally include wildcard globs. eg ``*@EXAMPLE.COM`` to
- allow all users in the ``EXAMPLE.COM`` kerberos realm. The match will
- normally be appended to the end of the ACL, but can be inserted
- earlier in the list if the optional *index* parameter is supplied.
-ERST
-
- {
- .name = "acl_remove",
- .args_type = "aclname:s,match:s",
- .params = "aclname match",
- .help = "remove a match rule from the access control list",
- .cmd = hmp_acl_remove,
- },
-
-SRST
-``acl_remove`` *aclname* *match*
- Remove the specified match rule from the access control list.
-ERST
-
- {
- .name = "acl_reset",
- .args_type = "aclname:s",
- .params = "aclname",
- .help = "reset the access control list",
- .cmd = hmp_acl_reset,
- },
-
-SRST
-``acl_reset`` *aclname*
- Remove all matches from the access control list, and set the default
- policy back to ``deny``.
-ERST
-
- {
.name = "nbd_server_start",
.args_type = "all:-a,writable:-w,uri:s",
.params = "nbd_server_start [-a] [-w] host:port",