xref: /openbmc/qemu/include/authz/list.h (revision ca693d1c)
1 /*
2  * QEMU list authorization driver
3  *
4  * Copyright (c) 2018 Red Hat, Inc.
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  *
19  */
20 
21 #ifndef QAUTHZ_LIST_H
22 #define QAUTHZ_LIST_H
23 
24 #include "authz/base.h"
25 #include "qapi/qapi-types-authz.h"
26 
27 #define TYPE_QAUTHZ_LIST "authz-list"
28 
29 #define QAUTHZ_LIST_CLASS(klass)                        \
30     OBJECT_CLASS_CHECK(QAuthZListClass, (klass),        \
31                        TYPE_QAUTHZ_LIST)
32 #define QAUTHZ_LIST_GET_CLASS(obj)              \
33     OBJECT_GET_CLASS(QAuthZListClass, (obj),    \
34                       TYPE_QAUTHZ_LIST)
35 #define QAUTHZ_LIST(obj) \
36     OBJECT_CHECK(QAuthZList, (obj), \
37                  TYPE_QAUTHZ_LIST)
38 
39 typedef struct QAuthZList QAuthZList;
40 typedef struct QAuthZListClass QAuthZListClass;
41 
42 
43 /**
44  * QAuthZList:
45  *
46  * This authorization driver provides a list mechanism
47  * for granting access by matching user names against a
48  * list of globs. Each match rule has an associated policy
49  * and a catch all policy applies if no rule matches
50  *
51  * To create an instance of this class via QMP:
52  *
53  *  {
54  *    "execute": "object-add",
55  *    "arguments": {
56  *      "qom-type": "authz-list",
57  *      "id": "authz0",
58  *      "props": {
59  *        "rules": [
60  *           { "match": "fred", "policy": "allow", "format": "exact" },
61  *           { "match": "bob", "policy": "allow", "format": "exact" },
62  *           { "match": "danb", "policy": "deny", "format": "exact" },
63  *           { "match": "dan*", "policy": "allow", "format": "glob" }
64  *        ],
65  *        "policy": "deny"
66  *      }
67  *    }
68  *  }
69  *
70  */
71 struct QAuthZList {
72     QAuthZ parent_obj;
73 
74     QAuthZListPolicy policy;
75     QAuthZListRuleList *rules;
76 };
77 
78 
79 struct QAuthZListClass {
80     QAuthZClass parent_class;
81 };
82 
83 
84 QAuthZList *qauthz_list_new(const char *id,
85                             QAuthZListPolicy policy,
86                             Error **errp);
87 
88 ssize_t qauthz_list_append_rule(QAuthZList *auth,
89                                 const char *match,
90                                 QAuthZListPolicy policy,
91                                 QAuthZListFormat format,
92                                 Error **errp);
93 
94 ssize_t qauthz_list_insert_rule(QAuthZList *auth,
95                                 const char *match,
96                                 QAuthZListPolicy policy,
97                                 QAuthZListFormat format,
98                                 size_t index,
99                                 Error **errp);
100 
101 ssize_t qauthz_list_delete_rule(QAuthZList *auth,
102                                 const char *match);
103 
104 
105 #endif /* QAUTHZ_LIST_H */
106