qemu/authz/base.c

5b76dd13SDaniel P. Berrange/*
5b76dd13SDaniel P. Berrange * QEMU authorization framework base class
5b76dd13SDaniel P. Berrange *
5b76dd13SDaniel P. Berrange * Copyright (c) 2018 Red Hat, Inc.
5b76dd13SDaniel P. Berrange *
5b76dd13SDaniel P. Berrange * This library is free software; you can redistribute it and/or
5b76dd13SDaniel P. Berrange * modify it under the terms of the GNU Lesser General Public
5b76dd13SDaniel P. Berrange * License as published by the Free Software Foundation; either
*036a80cdSChetan Pant * version 2.1 of the License, or (at your option) any later version.
5b76dd13SDaniel P. Berrange *
5b76dd13SDaniel P. Berrange * This library is distributed in the hope that it will be useful,
5b76dd13SDaniel P. Berrange * but WITHOUT ANY WARRANTY; without even the implied warranty of
5b76dd13SDaniel P. Berrange * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
5b76dd13SDaniel P. Berrange * Lesser General Public License for more details.
5b76dd13SDaniel P. Berrange *
5b76dd13SDaniel P. Berrange * You should have received a copy of the GNU Lesser General Public
5b76dd13SDaniel P. Berrange * License along with this library; if not, see <http://www.gnu.org/licenses/>.
5b76dd13SDaniel P. Berrange *
5b76dd13SDaniel P. Berrange */
5b76dd13SDaniel P. Berrange
5b76dd13SDaniel P. Berrange#include "qemu/osdep.h"
5b76dd13SDaniel P. Berrange#include "authz/base.h"
0b8fa32fSMarkus Armbruster#include "qemu/module.h"
45b1f68cSMarkus Armbruster#include "trace.h"
5b76dd13SDaniel P. Berrange
5b76dd13SDaniel P. Berrangebool qauthz_is_allowed(QAuthZ *authz,
5b76dd13SDaniel P. Berrange                       const char *identity,
5b76dd13SDaniel P. Berrange                       Error **errp)
5b76dd13SDaniel P. Berrange{
5b76dd13SDaniel P. Berrange    QAuthZClass *cls = QAUTHZ_GET_CLASS(authz);
5b76dd13SDaniel P. Berrange    bool allowed;
5b76dd13SDaniel P. Berrange
5b76dd13SDaniel P. Berrange    allowed = cls->is_allowed(authz, identity, errp);
5b76dd13SDaniel P. Berrange    trace_qauthz_is_allowed(authz, identity, allowed);
5b76dd13SDaniel P. Berrange
5b76dd13SDaniel P. Berrange    return allowed;
5b76dd13SDaniel P. Berrange}
5b76dd13SDaniel P. Berrange
5b76dd13SDaniel P. Berrange
5b76dd13SDaniel P. Berrangebool qauthz_is_allowed_by_id(const char *authzid,
5b76dd13SDaniel P. Berrange                             const char *identity,
5b76dd13SDaniel P. Berrange                             Error **errp)
5b76dd13SDaniel P. Berrange{
5b76dd13SDaniel P. Berrange    QAuthZ *authz;
5b76dd13SDaniel P. Berrange    Object *obj;
5b76dd13SDaniel P. Berrange    Object *container;
5b76dd13SDaniel P. Berrange
5b76dd13SDaniel P. Berrange    container = object_get_objects_root();
5b76dd13SDaniel P. Berrange    obj = object_resolve_path_component(container,
5b76dd13SDaniel P. Berrange                                        authzid);
5b76dd13SDaniel P. Berrange    if (!obj) {
5b76dd13SDaniel P. Berrange        error_setg(errp, "Cannot find QAuthZ object ID %s",
5b76dd13SDaniel P. Berrange                   authzid);
5b76dd13SDaniel P. Berrange        return false;
5b76dd13SDaniel P. Berrange    }
5b76dd13SDaniel P. Berrange
5b76dd13SDaniel P. Berrange    if (!object_dynamic_cast(obj, TYPE_QAUTHZ)) {
5b76dd13SDaniel P. Berrange        error_setg(errp, "Object '%s' is not a QAuthZ subclass",
5b76dd13SDaniel P. Berrange                   authzid);
5b76dd13SDaniel P. Berrange        return false;
5b76dd13SDaniel P. Berrange    }
5b76dd13SDaniel P. Berrange
5b76dd13SDaniel P. Berrange    authz = QAUTHZ(obj);
5b76dd13SDaniel P. Berrange
5b76dd13SDaniel P. Berrange    return qauthz_is_allowed(authz, identity, errp);
5b76dd13SDaniel P. Berrange}
5b76dd13SDaniel P. Berrange
5b76dd13SDaniel P. Berrange
5b76dd13SDaniel P. Berrangestatic const TypeInfo authz_info = {
5b76dd13SDaniel P. Berrange    .parent = TYPE_OBJECT,
5b76dd13SDaniel P. Berrange    .name = TYPE_QAUTHZ,
5b76dd13SDaniel P. Berrange    .instance_size = sizeof(QAuthZ),
5b76dd13SDaniel P. Berrange    .class_size = sizeof(QAuthZClass),
5b76dd13SDaniel P. Berrange    .abstract = true,
5b76dd13SDaniel P. Berrange};
5b76dd13SDaniel P. Berrange
5b76dd13SDaniel P. Berrangestatic void qauthz_register_types(void)
5b76dd13SDaniel P. Berrange{
5b76dd13SDaniel P. Berrange    type_register_static(&authz_info);
5b76dd13SDaniel P. Berrange}
5b76dd13SDaniel P. Berrange
5b76dd13SDaniel P. Berrangetype_init(qauthz_register_types)
5b76dd13SDaniel P. Berrange