15b76dd13SDaniel P. Berrange /*
25b76dd13SDaniel P. Berrange * QEMU authorization framework base class
35b76dd13SDaniel P. Berrange *
45b76dd13SDaniel P. Berrange * Copyright (c) 2018 Red Hat, Inc.
55b76dd13SDaniel P. Berrange *
65b76dd13SDaniel P. Berrange * This library is free software; you can redistribute it and/or
75b76dd13SDaniel P. Berrange * modify it under the terms of the GNU Lesser General Public
85b76dd13SDaniel P. Berrange * License as published by the Free Software Foundation; either
9*036a80cdSChetan Pant * version 2.1 of the License, or (at your option) any later version.
105b76dd13SDaniel P. Berrange *
115b76dd13SDaniel P. Berrange * This library is distributed in the hope that it will be useful,
125b76dd13SDaniel P. Berrange * but WITHOUT ANY WARRANTY; without even the implied warranty of
135b76dd13SDaniel P. Berrange * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
145b76dd13SDaniel P. Berrange * Lesser General Public License for more details.
155b76dd13SDaniel P. Berrange *
165b76dd13SDaniel P. Berrange * You should have received a copy of the GNU Lesser General Public
175b76dd13SDaniel P. Berrange * License along with this library; if not, see <http://www.gnu.org/licenses/>.
185b76dd13SDaniel P. Berrange *
195b76dd13SDaniel P. Berrange */
205b76dd13SDaniel P. Berrange
215b76dd13SDaniel P. Berrange #include "qemu/osdep.h"
225b76dd13SDaniel P. Berrange #include "authz/base.h"
230b8fa32fSMarkus Armbruster #include "qemu/module.h"
2445b1f68cSMarkus Armbruster #include "trace.h"
255b76dd13SDaniel P. Berrange
qauthz_is_allowed(QAuthZ * authz,const char * identity,Error ** errp)265b76dd13SDaniel P. Berrange bool qauthz_is_allowed(QAuthZ *authz,
275b76dd13SDaniel P. Berrange const char *identity,
285b76dd13SDaniel P. Berrange Error **errp)
295b76dd13SDaniel P. Berrange {
305b76dd13SDaniel P. Berrange QAuthZClass *cls = QAUTHZ_GET_CLASS(authz);
315b76dd13SDaniel P. Berrange bool allowed;
325b76dd13SDaniel P. Berrange
335b76dd13SDaniel P. Berrange allowed = cls->is_allowed(authz, identity, errp);
345b76dd13SDaniel P. Berrange trace_qauthz_is_allowed(authz, identity, allowed);
355b76dd13SDaniel P. Berrange
365b76dd13SDaniel P. Berrange return allowed;
375b76dd13SDaniel P. Berrange }
385b76dd13SDaniel P. Berrange
395b76dd13SDaniel P. Berrange
qauthz_is_allowed_by_id(const char * authzid,const char * identity,Error ** errp)405b76dd13SDaniel P. Berrange bool qauthz_is_allowed_by_id(const char *authzid,
415b76dd13SDaniel P. Berrange const char *identity,
425b76dd13SDaniel P. Berrange Error **errp)
435b76dd13SDaniel P. Berrange {
445b76dd13SDaniel P. Berrange QAuthZ *authz;
455b76dd13SDaniel P. Berrange Object *obj;
465b76dd13SDaniel P. Berrange Object *container;
475b76dd13SDaniel P. Berrange
485b76dd13SDaniel P. Berrange container = object_get_objects_root();
495b76dd13SDaniel P. Berrange obj = object_resolve_path_component(container,
505b76dd13SDaniel P. Berrange authzid);
515b76dd13SDaniel P. Berrange if (!obj) {
525b76dd13SDaniel P. Berrange error_setg(errp, "Cannot find QAuthZ object ID %s",
535b76dd13SDaniel P. Berrange authzid);
545b76dd13SDaniel P. Berrange return false;
555b76dd13SDaniel P. Berrange }
565b76dd13SDaniel P. Berrange
575b76dd13SDaniel P. Berrange if (!object_dynamic_cast(obj, TYPE_QAUTHZ)) {
585b76dd13SDaniel P. Berrange error_setg(errp, "Object '%s' is not a QAuthZ subclass",
595b76dd13SDaniel P. Berrange authzid);
605b76dd13SDaniel P. Berrange return false;
615b76dd13SDaniel P. Berrange }
625b76dd13SDaniel P. Berrange
635b76dd13SDaniel P. Berrange authz = QAUTHZ(obj);
645b76dd13SDaniel P. Berrange
655b76dd13SDaniel P. Berrange return qauthz_is_allowed(authz, identity, errp);
665b76dd13SDaniel P. Berrange }
675b76dd13SDaniel P. Berrange
685b76dd13SDaniel P. Berrange
695b76dd13SDaniel P. Berrange static const TypeInfo authz_info = {
705b76dd13SDaniel P. Berrange .parent = TYPE_OBJECT,
715b76dd13SDaniel P. Berrange .name = TYPE_QAUTHZ,
725b76dd13SDaniel P. Berrange .instance_size = sizeof(QAuthZ),
735b76dd13SDaniel P. Berrange .class_size = sizeof(QAuthZClass),
745b76dd13SDaniel P. Berrange .abstract = true,
755b76dd13SDaniel P. Berrange };
765b76dd13SDaniel P. Berrange
qauthz_register_types(void)775b76dd13SDaniel P. Berrange static void qauthz_register_types(void)
785b76dd13SDaniel P. Berrange {
795b76dd13SDaniel P. Berrange type_register_static(&authz_info);
805b76dd13SDaniel P. Berrange }
815b76dd13SDaniel P. Berrange
825b76dd13SDaniel P. Berrange type_init(qauthz_register_types)
835b76dd13SDaniel P. Berrange
84