xref: /qemu/include/authz/list.h (revision 8110fa1d) 
1 /*
2  * QEMU list authorization driver
3  *
4  * Copyright (c) 2018 Red Hat, Inc.
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  *
19  */
20 
21 #ifndef QAUTHZ_LIST_H
22 #define QAUTHZ_LIST_H
23 
24 #include "authz/base.h"
25 #include "qapi/qapi-types-authz.h"
26 #include "qom/object.h"
27 
28 #define TYPE_QAUTHZ_LIST "authz-list"
29 
30 typedef struct QAuthZList QAuthZList;
31 typedef struct QAuthZListClass QAuthZListClass;
32 DECLARE_OBJ_CHECKERS(QAuthZList, QAuthZListClass,
33                      QAUTHZ_LIST, TYPE_QAUTHZ_LIST)
34 
35 
36 
37 /**
38  * QAuthZList:
39  *
40  * This authorization driver provides a list mechanism
41  * for granting access by matching user names against a
42  * list of globs. Each match rule has an associated policy
43  * and a catch all policy applies if no rule matches
44  *
45  * To create an instance of this class via QMP:
46  *
47  *  {
48  *    "execute": "object-add",
49  *    "arguments": {
50  *      "qom-type": "authz-list",
51  *      "id": "authz0",
52  *      "props": {
53  *        "rules": [
54  *           { "match": "fred", "policy": "allow", "format": "exact" },
55  *           { "match": "bob", "policy": "allow", "format": "exact" },
56  *           { "match": "danb", "policy": "deny", "format": "exact" },
57  *           { "match": "dan*", "policy": "allow", "format": "glob" }
58  *        ],
59  *        "policy": "deny"
60  *      }
61  *    }
62  *  }
63  *
64  */
65 struct QAuthZList {
66     QAuthZ parent_obj;
67 
68     QAuthZListPolicy policy;
69     QAuthZListRuleList *rules;
70 };
71 
72 
73 struct QAuthZListClass {
74     QAuthZClass parent_class;
75 };
76 
77 
78 QAuthZList *qauthz_list_new(const char *id,
79                             QAuthZListPolicy policy,
80                             Error **errp);
81 
82 ssize_t qauthz_list_append_rule(QAuthZList *auth,
83                                 const char *match,
84                                 QAuthZListPolicy policy,
85                                 QAuthZListFormat format,
86                                 Error **errp);
87 
88 ssize_t qauthz_list_insert_rule(QAuthZList *auth,
89                                 const char *match,
90                                 QAuthZListPolicy policy,
91                                 QAuthZListFormat format,
92                                 size_t index,
93                                 Error **errp);
94 
95 ssize_t qauthz_list_delete_rule(QAuthZList *auth,
96                                 const char *match);
97 
98 
99 #endif /* QAUTHZ_LIST_H */
100