xref: /openbmc/qemu/include/authz/listfile.h (revision fa59483d)
1 /*
2  * QEMU list file authorization driver
3  *
4  * Copyright (c) 2018 Red Hat, Inc.
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  *
19  */
20 
21 #ifndef QAUTHZ_LIST_FILE_H__
22 #define QAUTHZ_LIST_FILE_H__
23 
24 #include "authz/list.h"
25 #include "qapi/qapi-types-authz.h"
26 #include "qemu/filemonitor.h"
27 
28 #define TYPE_QAUTHZ_LIST_FILE "authz-list-file"
29 
30 #define QAUTHZ_LIST_FILE_CLASS(klass)                        \
31     OBJECT_CLASS_CHECK(QAuthZListFileClass, (klass),        \
32                        TYPE_QAUTHZ_LIST_FILE)
33 #define QAUTHZ_LIST_FILE_GET_CLASS(obj)              \
34     OBJECT_GET_CLASS(QAuthZListFileClass, (obj),    \
35                       TYPE_QAUTHZ_LIST_FILE)
36 #define QAUTHZ_LIST_FILE(obj) \
37     INTERFACE_CHECK(QAuthZListFile, (obj),          \
38                     TYPE_QAUTHZ_LIST_FILE)
39 
40 typedef struct QAuthZListFile QAuthZListFile;
41 typedef struct QAuthZListFileClass QAuthZListFileClass;
42 
43 
44 /**
45  * QAuthZListFile:
46  *
47  * This authorization driver provides a file mechanism
48  * for granting access by matching user names against a
49  * file of globs. Each match rule has an associated policy
50  * and a catch all policy applies if no rule matches
51  *
52  * To create an instance of this class via QMP:
53  *
54  *  {
55  *    "execute": "object-add",
56  *    "arguments": {
57  *      "qom-type": "authz-list-file",
58  *      "id": "authz0",
59  *      "props": {
60  *        "filename": "/etc/qemu/myvm-vnc.acl",
61  *        "refresh": true
62  *      }
63  *    }
64  *  }
65  *
66  * If 'refresh' is 'yes', inotify is used to monitor for changes
67  * to the file and auto-reload the rules.
68  *
69  * The myvm-vnc.acl file should contain the parameters for
70  * the QAuthZList object in JSON format:
71  *
72  *      {
73  *        "rules": [
74  *           { "match": "fred", "policy": "allow", "format": "exact" },
75  *           { "match": "bob", "policy": "allow", "format": "exact" },
76  *           { "match": "danb", "policy": "deny", "format": "exact" },
77  *           { "match": "dan*", "policy": "allow", "format": "glob" }
78  *        ],
79  *        "policy": "deny"
80  *      }
81  *
82  * The object can be created on the command line using
83  *
84  *   -object authz-list-file,id=authz0,\
85  *           filename=/etc/qemu/myvm-vnc.acl,refresh=yes
86  *
87  */
88 struct QAuthZListFile {
89     QAuthZ parent_obj;
90 
91     QAuthZ *list;
92     char *filename;
93     bool refresh;
94     QFileMonitor *file_monitor;
95     int file_watch;
96 };
97 
98 
99 struct QAuthZListFileClass {
100     QAuthZClass parent_class;
101 };
102 
103 
104 QAuthZListFile *qauthz_list_file_new(const char *id,
105                                      const char *filename,
106                                      bool refresh,
107                                      Error **errp);
108 
109 
110 #endif /* QAUTHZ_LIST_FILE_H__ */
111 
112