xref: /openbmc/qemu/include/authz/listfile.h (revision 64f7aece)
1 /*
2  * QEMU list file authorization driver
3  *
4  * Copyright (c) 2018 Red Hat, Inc.
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  *
19  */
20 
21 #ifndef QAUTHZ_LISTFILE_H
22 #define QAUTHZ_LISTFILE_H
23 
24 #include "authz/list.h"
25 #include "qemu/filemonitor.h"
26 #include "qom/object.h"
27 
28 #define TYPE_QAUTHZ_LIST_FILE "authz-list-file"
29 
30 OBJECT_DECLARE_SIMPLE_TYPE(QAuthZListFile, qauthz_list_file,
31                            QAUTHZ_LIST_FILE, QAuthZClass)
32 
33 
34 
35 /**
36  * QAuthZListFile:
37  *
38  * This authorization driver provides a file mechanism
39  * for granting access by matching user names against a
40  * file of globs. Each match rule has an associated policy
41  * and a catch all policy applies if no rule matches
42  *
43  * To create an instance of this class via QMP:
44  *
45  *  {
46  *    "execute": "object-add",
47  *    "arguments": {
48  *      "qom-type": "authz-list-file",
49  *      "id": "authz0",
50  *      "props": {
51  *        "filename": "/etc/qemu/myvm-vnc.acl",
52  *        "refresh": true
53  *      }
54  *    }
55  *  }
56  *
57  * If 'refresh' is 'yes', inotify is used to monitor for changes
58  * to the file and auto-reload the rules.
59  *
60  * The myvm-vnc.acl file should contain the parameters for
61  * the QAuthZList object in JSON format:
62  *
63  *      {
64  *        "rules": [
65  *           { "match": "fred", "policy": "allow", "format": "exact" },
66  *           { "match": "bob", "policy": "allow", "format": "exact" },
67  *           { "match": "danb", "policy": "deny", "format": "exact" },
68  *           { "match": "dan*", "policy": "allow", "format": "glob" }
69  *        ],
70  *        "policy": "deny"
71  *      }
72  *
73  * The object can be created on the command line using
74  *
75  *   -object authz-list-file,id=authz0,\
76  *           filename=/etc/qemu/myvm-vnc.acl,refresh=yes
77  *
78  */
79 struct QAuthZListFile {
80     QAuthZ parent_obj;
81 
82     QAuthZ *list;
83     char *filename;
84     bool refresh;
85     QFileMonitor *file_monitor;
86     int64_t file_watch;
87 };
88 
89 
90 
91 
92 QAuthZListFile *qauthz_list_file_new(const char *id,
93                                      const char *filename,
94                                      bool refresh,
95                                      Error **errp);
96 
97 #endif /* QAUTHZ_LISTFILE_H */
98