| /openbmc/qemu/authz/ |
| H A D | base.c | 26 bool qauthz_is_allowed(QAuthZ *authz, in qauthz_is_allowed() argument
30 QAuthZClass *cls = QAUTHZ_GET_CLASS(authz); in qauthz_is_allowed()
33 allowed = cls->is_allowed(authz, identity, errp); in qauthz_is_allowed()
34 trace_qauthz_is_allowed(authz, identity, allowed); in qauthz_is_allowed()
44 QAuthZ *authz; in qauthz_is_allowed_by_id() local
63 authz = QAUTHZ(obj); in qauthz_is_allowed_by_id()
65 return qauthz_is_allowed(authz, identity, errp); in qauthz_is_allowed_by_id()
|
| H A D | trace-events | 4 qauthz_is_allowed(void *authz, const char *identity, bool allowed) "AuthZ %p check identity=%s allo…
7 qauthz_simple_is_allowed(void *authz, const char *wantidentity, const char *gotidentity) "AuthZ sim…
10 qauthz_list_check_rule(void *authz, const char *identity, const char *rule, int format, int policy)…
11 qauthz_list_default_policy(void *authz, const char *identity, int policy) "AuthZ list %p default id…
14 qauthz_list_file_load(void *authz, const char *filename) "AuthZ file %p load filename=%s"
15 qauthz_list_file_refresh(void *authz, const char *filename, int success) "AuthZ file %p load filena…
18 qauthz_pam_check(void *authz, const char *identity, const char *service) "AuthZ PAM %p identity=%s …
|
| H A D | simple.c | 27 static bool qauthz_simple_is_allowed(QAuthZ *authz, in qauthz_simple_is_allowed() argument
31 QAuthZSimple *sauthz = QAUTHZ_SIMPLE(authz); in qauthz_simple_is_allowed()
33 trace_qauthz_simple_is_allowed(authz, sauthz->identity, identity); in qauthz_simple_is_allowed()
83 QAuthZClass *authz = QAUTHZ_CLASS(oc); in qauthz_simple_class_init() local
87 authz->is_allowed = qauthz_simple_is_allowed; in qauthz_simple_class_init()
|
| H A D | pamacct.c | 30 static bool qauthz_pam_is_allowed(QAuthZ *authz, in qauthz_pam_is_allowed() argument
34 QAuthZPAM *pauthz = QAUTHZ_PAM(authz); in qauthz_pam_is_allowed()
39 trace_qauthz_pam_check(authz, identity, pauthz->service); in qauthz_pam_is_allowed()
109 QAuthZClass *authz = QAUTHZ_CLASS(oc); in qauthz_pam_class_init() local
112 authz->is_allowed = qauthz_pam_is_allowed; in qauthz_pam_class_init()
|
| H A D | listfile.c | 37 qauthz_list_file_is_allowed(QAuthZ *authz, in qauthz_list_file_is_allowed() argument
41 QAuthZListFile *fauthz = QAUTHZ_LIST_FILE(authz); in qauthz_list_file_is_allowed()
226 QAuthZClass *authz = QAUTHZ_CLASS(oc); in qauthz_list_file_class_init() local
237 authz->is_allowed = qauthz_list_file_is_allowed; in qauthz_list_file_class_init()
244 QAuthZListFile *authz = QAUTHZ_LIST_FILE(obj); in qauthz_list_file_init() local
246 authz->file_watch = -1; in qauthz_list_file_init()
248 authz->refresh = true; in qauthz_list_file_init()
|
| H A D | list.c | 28 static bool qauthz_list_is_allowed(QAuthZ *authz, in qauthz_list_is_allowed() argument
32 QAuthZList *lauthz = QAUTHZ_LIST(authz); in qauthz_list_is_allowed()
40 trace_qauthz_list_check_rule(authz, rule->match, identity, in qauthz_list_is_allowed()
60 trace_qauthz_list_default_policy(authz, identity, lauthz->policy); in qauthz_list_is_allowed()
121 QAuthZClass *authz = QAUTHZ_CLASS(oc); in qauthz_list_class_init() local
134 authz->is_allowed = qauthz_list_is_allowed; in qauthz_list_class_init()
|
| /openbmc/qemu/tests/unit/ |
| H A D | test-authz-simple.c | 30 QAuthZSimple *authz = qauthz_simple_new("authz0", in test_authz_simple() local
34 g_assert(!qauthz_is_allowed(QAUTHZ(authz), "cthul", &error_abort)); in test_authz_simple()
35 g_assert(qauthz_is_allowed(QAUTHZ(authz), "cthulu", &error_abort)); in test_authz_simple()
36 g_assert(!qauthz_is_allowed(QAUTHZ(authz), "cthuluu", &error_abort)); in test_authz_simple()
37 g_assert(!qauthz_is_allowed(QAUTHZ(authz), "fred", &error_abort)); in test_authz_simple()
39 object_unparent(OBJECT(authz)); in test_authz_simple()
|
| H A D | meson.build | 84 'test-authz-simple': [authz],
85 'test-authz-list': [authz],
86 'test-authz-listfile': [authz],
111 tests += {'test-authz-pam': [authz]}
|
| /openbmc/qemu/docs/system/ |
| H A D | authz.rst | 78 "qom-type": "authz-simple",
89 -object authz-simple,id=authz0,identity=fred
109 "qom-type": "authz-list",
140 "qom-type": "authz-list-file",
171 -object authz-list-file,id=authz0,\
189 "qom-type": "authz-pam",
222 -object authz-pam,id=authz0,service=qemu-vnc-tls
238 will provide ``tls-authz`` property, while any server using SASL will provide
239 a ``sasl-authz`` property.
246 $QEMU --object authz-simple,id=authz0,identity=fred \
[all …]
|
| H A D | index.rst | 30 authz
|
| /openbmc/qemu/qapi/ |
| H A D | authz.json | 59 # Properties for authz-list objects.
75 # Properties for authz-listfile objects.
95 # Properties for authz-pam objects.
107 # Properties for authz-simple objects.
|
| H A D | block-export.json | 22 # @tls-authz: ID of the QAuthZ authorization object used to validate
38 '*tls-authz': 'str',
57 # @tls-authz: ID of the QAuthZ authorization object used to validate
76 '*tls-authz': 'str',
|
| H A D | qom.json | 7 { 'include': 'authz.json' }
1086 'authz-list',
1087 'authz-listfile',
1088 'authz-pam',
1089 'authz-simple',
1162 'authz-list': 'AuthZListProperties',
1163 'authz-listfile': 'AuthZListFileProperties',
1164 'authz-pam': 'AuthZPAMProperties',
1165 'authz-simple': 'AuthZSimpleProperties',
|
| H A D | qapi-schema.json | 60 { 'include': 'authz.json' }
|
| H A D | meson.build | 25 'authz',
|
| H A D | migration.json | 752 # @tls-authz: ID of the 'authz' object subclass that provides access
860 'tls-creds', 'tls-hostname', 'tls-authz', 'max-bandwidth',
933 # @tls-authz: ID of the 'authz' object subclass that provides access
1049 '*tls-authz': 'StrOrNull',
1145 # @tls-authz: ID of the 'authz' object subclass that provides access
1256 '*tls-authz': 'str',
|
| H A D | char.json | 252 # @tls-authz: the ID of the QAuthZ authorization object against which
295 '*tls-authz' : 'str',
|
| /openbmc/qemu/include/authz/ |
| H A D | base.h | 50 bool (*is_allowed)(QAuthZ *authz,
74 bool qauthz_is_allowed(QAuthZ *authz,
|
| /openbmc/qemu/ui/ |
| H A D | vnc-auth-sasl.h | 62 QAuthZ *authz; member
|
| /openbmc/qemu/docs/tools/ |
| H A D | qemu-storage-daemon.rst | 143 …er addr.type=inet,addr.host=<host>,addr.port=<port>[,tls-creds=<id>][,tls-authz=<id>][,max-connect…
144 …--nbd-server addr.type=unix,addr.path=<path>[,tls-creds=<id>][,tls-authz=<id>][,max-connections=<n…
145 --nbd-server addr.type=fd,addr.str=<fd>[,tls-creds=<id>][,tls-authz=<id>][,max-connections=<n>]
150 authz-* secrets (see below).
|
| H A D | qemu-nbd.rst | 192 .. option:: --tls-authz=ID
237 --object 'authz-simple,id=auth0,identity=CN=laptop.example.com,,\
239 --tls-creds tls0 --tls-authz auth0 \
|
| /openbmc/qemu/storage-daemon/qapi/ |
| H A D | qapi-schema.json | 36 { 'include': '../../qapi/authz.json' }
|
| /openbmc/qemu/tests/qemu-iotests/ |
| H A D | 233.out | 110 qemu-nbd: option negotiation failed: TLS x509 authz check for DISTINGUISHED-NAME is denied
111 qemu-nbd: option negotiation failed: TLS x509 authz check for DISTINGUISHED-NAME is denied
|
| H A D | 233 | 158 --tls-authz authz0 \
|
| /openbmc/qemu/ |
| H A D | meson.build | 3528 'authz',
3663 subdir('authz') subdir
3942 libauthz = static_library('authz', authz_ss.sources() + genh, build
3946 authz = declare_dependency(objects: libauthz.extract_all_objects(recursive: false), variable
3955 dependencies: [crypto_ss.dependencies(), authz, qom])
4013 system_ss.add(authz, blockdev, chardev, crypto, io, qmp)
4339 dependencies: [authz, block, crypto, io, qom, qemuutil], install: true)
4377 dependencies: [authz, crypto, io, qom, qemuutil,
4383 dependencies: [authz, crypto, io, qom, qemuutil,
|