qemu/include/authz/list.h
<<
>>
Prefs
   1/*
   2 * QEMU list authorization driver
   3 *
   4 * Copyright (c) 2018 Red Hat, Inc.
   5 *
   6 * This library is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU Lesser General Public
   8 * License as published by the Free Software Foundation; either
   9 * version 2 of the License, or (at your option) any later version.
  10 *
  11 * This library is distributed in the hope that it will be useful,
  12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 * Lesser General Public License for more details.
  15 *
  16 * You should have received a copy of the GNU Lesser General Public
  17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18 *
  19 */
  20
  21#ifndef QAUTHZ_LIST_H
  22#define QAUTHZ_LIST_H
  23
  24#include "authz/base.h"
  25#include "qapi/qapi-types-authz.h"
  26
  27#define TYPE_QAUTHZ_LIST "authz-list"
  28
  29#define QAUTHZ_LIST_CLASS(klass)                        \
  30    OBJECT_CLASS_CHECK(QAuthZListClass, (klass),        \
  31                       TYPE_QAUTHZ_LIST)
  32#define QAUTHZ_LIST_GET_CLASS(obj)              \
  33    OBJECT_GET_CLASS(QAuthZListClass, (obj),    \
  34                      TYPE_QAUTHZ_LIST)
  35#define QAUTHZ_LIST(obj) \
  36    OBJECT_CHECK(QAuthZList, (obj), \
  37                 TYPE_QAUTHZ_LIST)
  38
  39typedef struct QAuthZList QAuthZList;
  40typedef struct QAuthZListClass QAuthZListClass;
  41
  42
  43/**
  44 * QAuthZList:
  45 *
  46 * This authorization driver provides a list mechanism
  47 * for granting access by matching user names against a
  48 * list of globs. Each match rule has an associated policy
  49 * and a catch all policy applies if no rule matches
  50 *
  51 * To create an instance of this class via QMP:
  52 *
  53 *  {
  54 *    "execute": "object-add",
  55 *    "arguments": {
  56 *      "qom-type": "authz-list",
  57 *      "id": "authz0",
  58 *      "props": {
  59 *        "rules": [
  60 *           { "match": "fred", "policy": "allow", "format": "exact" },
  61 *           { "match": "bob", "policy": "allow", "format": "exact" },
  62 *           { "match": "danb", "policy": "deny", "format": "exact" },
  63 *           { "match": "dan*", "policy": "allow", "format": "glob" }
  64 *        ],
  65 *        "policy": "deny"
  66 *      }
  67 *    }
  68 *  }
  69 *
  70 */
  71struct QAuthZList {
  72    QAuthZ parent_obj;
  73
  74    QAuthZListPolicy policy;
  75    QAuthZListRuleList *rules;
  76};
  77
  78
  79struct QAuthZListClass {
  80    QAuthZClass parent_class;
  81};
  82
  83
  84QAuthZList *qauthz_list_new(const char *id,
  85                            QAuthZListPolicy policy,
  86                            Error **errp);
  87
  88ssize_t qauthz_list_append_rule(QAuthZList *auth,
  89                                const char *match,
  90                                QAuthZListPolicy policy,
  91                                QAuthZListFormat format,
  92                                Error **errp);
  93
  94ssize_t qauthz_list_insert_rule(QAuthZList *auth,
  95                                const char *match,
  96                                QAuthZListPolicy policy,
  97                                QAuthZListFormat format,
  98                                size_t index,
  99                                Error **errp);
 100
 101ssize_t qauthz_list_delete_rule(QAuthZList *auth,
 102                                const char *match);
 103
 104
 105#endif /* QAUTHZ_LIST_H */
 106