1 /* 2 * QEMU list authorization driver 3 * 4 * Copyright (c) 2018 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #ifndef QAUTHZ_LIST_H 22 #define QAUTHZ_LIST_H 23 24 #include "authz/base.h" 25 #include "qapi/qapi-types-authz.h" 26 #include "qom/object.h" 27 28 #define TYPE_QAUTHZ_LIST "authz-list" 29 30 typedef struct QAuthZList QAuthZList; 31 typedef struct QAuthZListClass QAuthZListClass; 32 #define QAUTHZ_LIST_CLASS(klass) \ 33 OBJECT_CLASS_CHECK(QAuthZListClass, (klass), \ 34 TYPE_QAUTHZ_LIST) 35 #define QAUTHZ_LIST_GET_CLASS(obj) \ 36 OBJECT_GET_CLASS(QAuthZListClass, (obj), \ 37 TYPE_QAUTHZ_LIST) 38 #define QAUTHZ_LIST(obj) \ 39 OBJECT_CHECK(QAuthZList, (obj), \ 40 TYPE_QAUTHZ_LIST) 41 42 43 44 /** 45 * QAuthZList: 46 * 47 * This authorization driver provides a list mechanism 48 * for granting access by matching user names against a 49 * list of globs. Each match rule has an associated policy 50 * and a catch all policy applies if no rule matches 51 * 52 * To create an instance of this class via QMP: 53 * 54 * { 55 * "execute": "object-add", 56 * "arguments": { 57 * "qom-type": "authz-list", 58 * "id": "authz0", 59 * "props": { 60 * "rules": [ 61 * { "match": "fred", "policy": "allow", "format": "exact" }, 62 * { "match": "bob", "policy": "allow", "format": "exact" }, 63 * { "match": "danb", "policy": "deny", "format": "exact" }, 64 * { "match": "dan*", "policy": "allow", "format": "glob" } 65 * ], 66 * "policy": "deny" 67 * } 68 * } 69 * } 70 * 71 */ 72 struct QAuthZList { 73 QAuthZ parent_obj; 74 75 QAuthZListPolicy policy; 76 QAuthZListRuleList *rules; 77 }; 78 79 80 struct QAuthZListClass { 81 QAuthZClass parent_class; 82 }; 83 84 85 QAuthZList *qauthz_list_new(const char *id, 86 QAuthZListPolicy policy, 87 Error **errp); 88 89 ssize_t qauthz_list_append_rule(QAuthZList *auth, 90 const char *match, 91 QAuthZListPolicy policy, 92 QAuthZListFormat format, 93 Error **errp); 94 95 ssize_t qauthz_list_insert_rule(QAuthZList *auth, 96 const char *match, 97 QAuthZListPolicy policy, 98 QAuthZListFormat format, 99 size_t index, 100 Error **errp); 101 102 ssize_t qauthz_list_delete_rule(QAuthZList *auth, 103 const char *match); 104 105 106 #endif /* QAUTHZ_LIST_H */ 107