1c8c99887SDaniel P. Berrange /* 2c8c99887SDaniel P. Berrange * QEMU list authorization driver 3c8c99887SDaniel P. Berrange * 4c8c99887SDaniel P. Berrange * Copyright (c) 2018 Red Hat, Inc. 5c8c99887SDaniel P. Berrange * 6c8c99887SDaniel P. Berrange * This library is free software; you can redistribute it and/or 7c8c99887SDaniel P. Berrange * modify it under the terms of the GNU Lesser General Public 8c8c99887SDaniel P. Berrange * License as published by the Free Software Foundation; either 9*036a80cdSChetan Pant * version 2.1 of the License, or (at your option) any later version. 10c8c99887SDaniel P. Berrange * 11c8c99887SDaniel P. Berrange * This library is distributed in the hope that it will be useful, 12c8c99887SDaniel P. Berrange * but WITHOUT ANY WARRANTY; without even the implied warranty of 13c8c99887SDaniel P. Berrange * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14c8c99887SDaniel P. Berrange * Lesser General Public License for more details. 15c8c99887SDaniel P. Berrange * 16c8c99887SDaniel P. Berrange * You should have received a copy of the GNU Lesser General Public 17c8c99887SDaniel P. Berrange * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18c8c99887SDaniel P. Berrange * 19c8c99887SDaniel P. Berrange */ 20c8c99887SDaniel P. Berrange 21a8b991b5SMarkus Armbruster #ifndef QAUTHZ_LIST_H 22a8b991b5SMarkus Armbruster #define QAUTHZ_LIST_H 23c8c99887SDaniel P. Berrange 24c8c99887SDaniel P. Berrange #include "authz/base.h" 25c8c99887SDaniel P. Berrange #include "qapi/qapi-types-authz.h" 26db1015e9SEduardo Habkost #include "qom/object.h" 27c8c99887SDaniel P. Berrange 28c8c99887SDaniel P. Berrange #define TYPE_QAUTHZ_LIST "authz-list" 29c8c99887SDaniel P. Berrange 3030b5707cSEduardo Habkost OBJECT_DECLARE_SIMPLE_TYPE(QAuthZList, 31c734cd40SEduardo Habkost QAUTHZ_LIST) 32c8c99887SDaniel P. Berrange 33c8c99887SDaniel P. Berrange 34c8c99887SDaniel P. Berrange 35c8c99887SDaniel P. Berrange /** 36c8c99887SDaniel P. Berrange * QAuthZList: 37c8c99887SDaniel P. Berrange * 38c8c99887SDaniel P. Berrange * This authorization driver provides a list mechanism 39c8c99887SDaniel P. Berrange * for granting access by matching user names against a 40c8c99887SDaniel P. Berrange * list of globs. Each match rule has an associated policy 41c8c99887SDaniel P. Berrange * and a catch all policy applies if no rule matches 42c8c99887SDaniel P. Berrange * 43c8c99887SDaniel P. Berrange * To create an instance of this class via QMP: 44c8c99887SDaniel P. Berrange * 45c8c99887SDaniel P. Berrange * { 46c8c99887SDaniel P. Berrange * "execute": "object-add", 47c8c99887SDaniel P. Berrange * "arguments": { 48c8c99887SDaniel P. Berrange * "qom-type": "authz-list", 49c8c99887SDaniel P. Berrange * "id": "authz0", 50c8c99887SDaniel P. Berrange * "props": { 51c8c99887SDaniel P. Berrange * "rules": [ 52c8c99887SDaniel P. Berrange * { "match": "fred", "policy": "allow", "format": "exact" }, 53c8c99887SDaniel P. Berrange * { "match": "bob", "policy": "allow", "format": "exact" }, 54c8c99887SDaniel P. Berrange * { "match": "danb", "policy": "deny", "format": "exact" }, 55c8c99887SDaniel P. Berrange * { "match": "dan*", "policy": "allow", "format": "glob" } 56c8c99887SDaniel P. Berrange * ], 57c8c99887SDaniel P. Berrange * "policy": "deny" 58c8c99887SDaniel P. Berrange * } 59c8c99887SDaniel P. Berrange * } 60c8c99887SDaniel P. Berrange * } 61c8c99887SDaniel P. Berrange * 62c8c99887SDaniel P. Berrange */ 63c8c99887SDaniel P. Berrange struct QAuthZList { 64c8c99887SDaniel P. Berrange QAuthZ parent_obj; 65c8c99887SDaniel P. Berrange 66c8c99887SDaniel P. Berrange QAuthZListPolicy policy; 67c8c99887SDaniel P. Berrange QAuthZListRuleList *rules; 68c8c99887SDaniel P. Berrange }; 69c8c99887SDaniel P. Berrange 70c8c99887SDaniel P. Berrange 71c8c99887SDaniel P. Berrange 72c8c99887SDaniel P. Berrange 73c8c99887SDaniel P. Berrange QAuthZList *qauthz_list_new(const char *id, 74c8c99887SDaniel P. Berrange QAuthZListPolicy policy, 75c8c99887SDaniel P. Berrange Error **errp); 76c8c99887SDaniel P. Berrange 77c8c99887SDaniel P. Berrange ssize_t qauthz_list_append_rule(QAuthZList *auth, 78c8c99887SDaniel P. Berrange const char *match, 79c8c99887SDaniel P. Berrange QAuthZListPolicy policy, 80c8c99887SDaniel P. Berrange QAuthZListFormat format, 81c8c99887SDaniel P. Berrange Error **errp); 82c8c99887SDaniel P. Berrange 83c8c99887SDaniel P. Berrange ssize_t qauthz_list_insert_rule(QAuthZList *auth, 84c8c99887SDaniel P. Berrange const char *match, 85c8c99887SDaniel P. Berrange QAuthZListPolicy policy, 86c8c99887SDaniel P. Berrange QAuthZListFormat format, 87c8c99887SDaniel P. Berrange size_t index, 88c8c99887SDaniel P. Berrange Error **errp); 89c8c99887SDaniel P. Berrange 90c8c99887SDaniel P. Berrange ssize_t qauthz_list_delete_rule(QAuthZList *auth, 91c8c99887SDaniel P. Berrange const char *match); 92c8c99887SDaniel P. Berrange 93c8c99887SDaniel P. Berrange 94a8b991b5SMarkus Armbruster #endif /* QAUTHZ_LIST_H */ 95