1 /* 2 * QEMU list file authorization driver 3 * 4 * Copyright (c) 2018 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #ifndef QAUTHZ_LISTFILE_H 22 #define QAUTHZ_LISTFILE_H 23 24 #include "authz/list.h" 25 #include "qemu/filemonitor.h" 26 #include "qom/object.h" 27 28 #define TYPE_QAUTHZ_LIST_FILE "authz-list-file" 29 30 OBJECT_DECLARE_SIMPLE_TYPE(QAuthZListFile, qauthz_list_file, 31 QAUTHZ_LIST_FILE, QAuthZClass) 32 33 34 35 /** 36 * QAuthZListFile: 37 * 38 * This authorization driver provides a file mechanism 39 * for granting access by matching user names against a 40 * file of globs. Each match rule has an associated policy 41 * and a catch all policy applies if no rule matches 42 * 43 * To create an instance of this class via QMP: 44 * 45 * { 46 * "execute": "object-add", 47 * "arguments": { 48 * "qom-type": "authz-list-file", 49 * "id": "authz0", 50 * "props": { 51 * "filename": "/etc/qemu/myvm-vnc.acl", 52 * "refresh": true 53 * } 54 * } 55 * } 56 * 57 * If 'refresh' is 'yes', inotify is used to monitor for changes 58 * to the file and auto-reload the rules. 59 * 60 * The myvm-vnc.acl file should contain the parameters for 61 * the QAuthZList object in JSON format: 62 * 63 * { 64 * "rules": [ 65 * { "match": "fred", "policy": "allow", "format": "exact" }, 66 * { "match": "bob", "policy": "allow", "format": "exact" }, 67 * { "match": "danb", "policy": "deny", "format": "exact" }, 68 * { "match": "dan*", "policy": "allow", "format": "glob" } 69 * ], 70 * "policy": "deny" 71 * } 72 * 73 * The object can be created on the command line using 74 * 75 * -object authz-list-file,id=authz0,\ 76 * filename=/etc/qemu/myvm-vnc.acl,refresh=yes 77 * 78 */ 79 struct QAuthZListFile { 80 QAuthZ parent_obj; 81 82 QAuthZ *list; 83 char *filename; 84 bool refresh; 85 QFileMonitor *file_monitor; 86 int64_t file_watch; 87 }; 88 89 90 91 92 QAuthZListFile *qauthz_list_file_new(const char *id, 93 const char *filename, 94 bool refresh, 95 Error **errp); 96 97 #endif /* QAUTHZ_LISTFILE_H */ 98