1 /* 2 * QEMU list authorization driver 3 * 4 * Copyright (c) 2018 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #ifndef QAUTHZ_LIST_H 22 #define QAUTHZ_LIST_H 23 24 #include "authz/base.h" 25 #include "qapi/qapi-types-authz.h" 26 27 #define TYPE_QAUTHZ_LIST "authz-list" 28 29 #define QAUTHZ_LIST_CLASS(klass) \ 30 OBJECT_CLASS_CHECK(QAuthZListClass, (klass), \ 31 TYPE_QAUTHZ_LIST) 32 #define QAUTHZ_LIST_GET_CLASS(obj) \ 33 OBJECT_GET_CLASS(QAuthZListClass, (obj), \ 34 TYPE_QAUTHZ_LIST) 35 #define QAUTHZ_LIST(obj) \ 36 OBJECT_CHECK(QAuthZList, (obj), \ 37 TYPE_QAUTHZ_LIST) 38 39 typedef struct QAuthZList QAuthZList; 40 typedef struct QAuthZListClass QAuthZListClass; 41 42 43 /** 44 * QAuthZList: 45 * 46 * This authorization driver provides a list mechanism 47 * for granting access by matching user names against a 48 * list of globs. Each match rule has an associated policy 49 * and a catch all policy applies if no rule matches 50 * 51 * To create an instance of this class via QMP: 52 * 53 * { 54 * "execute": "object-add", 55 * "arguments": { 56 * "qom-type": "authz-list", 57 * "id": "authz0", 58 * "props": { 59 * "rules": [ 60 * { "match": "fred", "policy": "allow", "format": "exact" }, 61 * { "match": "bob", "policy": "allow", "format": "exact" }, 62 * { "match": "danb", "policy": "deny", "format": "exact" }, 63 * { "match": "dan*", "policy": "allow", "format": "glob" } 64 * ], 65 * "policy": "deny" 66 * } 67 * } 68 * } 69 * 70 */ 71 struct QAuthZList { 72 QAuthZ parent_obj; 73 74 QAuthZListPolicy policy; 75 QAuthZListRuleList *rules; 76 }; 77 78 79 struct QAuthZListClass { 80 QAuthZClass parent_class; 81 }; 82 83 84 QAuthZList *qauthz_list_new(const char *id, 85 QAuthZListPolicy policy, 86 Error **errp); 87 88 ssize_t qauthz_list_append_rule(QAuthZList *auth, 89 const char *match, 90 QAuthZListPolicy policy, 91 QAuthZListFormat format, 92 Error **errp); 93 94 ssize_t qauthz_list_insert_rule(QAuthZList *auth, 95 const char *match, 96 QAuthZListPolicy policy, 97 QAuthZListFormat format, 98 size_t index, 99 Error **errp); 100 101 ssize_t qauthz_list_delete_rule(QAuthZList *auth, 102 const char *match); 103 104 105 #endif /* QAUTHZ_LIST_H */ 106