xref: /qemu/include/authz/list.h (revision db1015e9) 
1 /*
2  * QEMU list authorization driver
3  *
4  * Copyright (c) 2018 Red Hat, Inc.
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  *
19  */
20 
21 #ifndef QAUTHZ_LIST_H
22 #define QAUTHZ_LIST_H
23 
24 #include "authz/base.h"
25 #include "qapi/qapi-types-authz.h"
26 #include "qom/object.h"
27 
28 #define TYPE_QAUTHZ_LIST "authz-list"
29 
30 typedef struct QAuthZList QAuthZList;
31 typedef struct QAuthZListClass QAuthZListClass;
32 #define QAUTHZ_LIST_CLASS(klass)                        \
33     OBJECT_CLASS_CHECK(QAuthZListClass, (klass),        \
34                        TYPE_QAUTHZ_LIST)
35 #define QAUTHZ_LIST_GET_CLASS(obj)              \
36     OBJECT_GET_CLASS(QAuthZListClass, (obj),    \
37                       TYPE_QAUTHZ_LIST)
38 #define QAUTHZ_LIST(obj) \
39     OBJECT_CHECK(QAuthZList, (obj), \
40                  TYPE_QAUTHZ_LIST)
41 
42 
43 
44 /**
45  * QAuthZList:
46  *
47  * This authorization driver provides a list mechanism
48  * for granting access by matching user names against a
49  * list of globs. Each match rule has an associated policy
50  * and a catch all policy applies if no rule matches
51  *
52  * To create an instance of this class via QMP:
53  *
54  *  {
55  *    "execute": "object-add",
56  *    "arguments": {
57  *      "qom-type": "authz-list",
58  *      "id": "authz0",
59  *      "props": {
60  *        "rules": [
61  *           { "match": "fred", "policy": "allow", "format": "exact" },
62  *           { "match": "bob", "policy": "allow", "format": "exact" },
63  *           { "match": "danb", "policy": "deny", "format": "exact" },
64  *           { "match": "dan*", "policy": "allow", "format": "glob" }
65  *        ],
66  *        "policy": "deny"
67  *      }
68  *    }
69  *  }
70  *
71  */
72 struct QAuthZList {
73     QAuthZ parent_obj;
74 
75     QAuthZListPolicy policy;
76     QAuthZListRuleList *rules;
77 };
78 
79 
80 struct QAuthZListClass {
81     QAuthZClass parent_class;
82 };
83 
84 
85 QAuthZList *qauthz_list_new(const char *id,
86                             QAuthZListPolicy policy,
87                             Error **errp);
88 
89 ssize_t qauthz_list_append_rule(QAuthZList *auth,
90                                 const char *match,
91                                 QAuthZListPolicy policy,
92                                 QAuthZListFormat format,
93                                 Error **errp);
94 
95 ssize_t qauthz_list_insert_rule(QAuthZList *auth,
96                                 const char *match,
97                                 QAuthZListPolicy policy,
98                                 QAuthZListFormat format,
99                                 size_t index,
100                                 Error **errp);
101 
102 ssize_t qauthz_list_delete_rule(QAuthZList *auth,
103                                 const char *match);
104 
105 
106 #endif /* QAUTHZ_LIST_H */
107