1 /* 2 * QEMU list authorization driver 3 * 4 * Copyright (c) 2018 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #ifndef QAUTHZ_LIST_H 22 #define QAUTHZ_LIST_H 23 24 #include "authz/base.h" 25 #include "qapi/qapi-types-authz.h" 26 #include "qom/object.h" 27 28 #define TYPE_QAUTHZ_LIST "authz-list" 29 30 typedef struct QAuthZList QAuthZList; 31 typedef struct QAuthZListClass QAuthZListClass; 32 DECLARE_OBJ_CHECKERS(QAuthZList, QAuthZListClass, 33 QAUTHZ_LIST, TYPE_QAUTHZ_LIST) 34 35 36 37 /** 38 * QAuthZList: 39 * 40 * This authorization driver provides a list mechanism 41 * for granting access by matching user names against a 42 * list of globs. Each match rule has an associated policy 43 * and a catch all policy applies if no rule matches 44 * 45 * To create an instance of this class via QMP: 46 * 47 * { 48 * "execute": "object-add", 49 * "arguments": { 50 * "qom-type": "authz-list", 51 * "id": "authz0", 52 * "props": { 53 * "rules": [ 54 * { "match": "fred", "policy": "allow", "format": "exact" }, 55 * { "match": "bob", "policy": "allow", "format": "exact" }, 56 * { "match": "danb", "policy": "deny", "format": "exact" }, 57 * { "match": "dan*", "policy": "allow", "format": "glob" } 58 * ], 59 * "policy": "deny" 60 * } 61 * } 62 * } 63 * 64 */ 65 struct QAuthZList { 66 QAuthZ parent_obj; 67 68 QAuthZListPolicy policy; 69 QAuthZListRuleList *rules; 70 }; 71 72 73 struct QAuthZListClass { 74 QAuthZClass parent_class; 75 }; 76 77 78 QAuthZList *qauthz_list_new(const char *id, 79 QAuthZListPolicy policy, 80 Error **errp); 81 82 ssize_t qauthz_list_append_rule(QAuthZList *auth, 83 const char *match, 84 QAuthZListPolicy policy, 85 QAuthZListFormat format, 86 Error **errp); 87 88 ssize_t qauthz_list_insert_rule(QAuthZList *auth, 89 const char *match, 90 QAuthZListPolicy policy, 91 QAuthZListFormat format, 92 size_t index, 93 Error **errp); 94 95 ssize_t qauthz_list_delete_rule(QAuthZList *auth, 96 const char *match); 97 98 99 #endif /* QAUTHZ_LIST_H */ 100