LXR qemu/include/authz/list.h

   1/*
   2 * QEMU list authorization driver
   3 *
   4 * Copyright (c) 2018 Red Hat, Inc.
   5 *
   6 * This library is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU Lesser General Public
   8 * License as published by the Free Software Foundation; either
   9 * version 2.1 of the License, or (at your option) any later version.
  10 *
  11 * This library is distributed in the hope that it will be useful,
  12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 * Lesser General Public License for more details.
  15 *
  16 * You should have received a copy of the GNU Lesser General Public
  17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18 *
  19 */
  20
  21#ifndef QAUTHZ_LIST_H
  22#define QAUTHZ_LIST_H
  23
  24#include "authz/base.h"
  25#include "qapi/qapi-types-authz.h"
  26#include "qom/object.h"
  27
  28#define TYPE_QAUTHZ_LIST "authz-list"
  29
  30OBJECT_DECLARE_SIMPLE_TYPE(QAuthZList,
  31                           QAUTHZ_LIST)
  32
  33
  34
  35/**
  36 * QAuthZList:
  37 *
  38 * This authorization driver provides a list mechanism
  39 * for granting access by matching user names against a
  40 * list of globs. Each match rule has an associated policy
  41 * and a catch all policy applies if no rule matches
  42 *
  43 * To create an instance of this class via QMP:
  44 *
  45 *  {
  46 *    "execute": "object-add",
  47 *    "arguments": {
  48 *      "qom-type": "authz-list",
  49 *      "id": "authz0",
  50 *      "props": {
  51 *        "rules": [
  52 *           { "match": "fred", "policy": "allow", "format": "exact" },
  53 *           { "match": "bob", "policy": "allow", "format": "exact" },
  54 *           { "match": "danb", "policy": "deny", "format": "exact" },
  55 *           { "match": "dan*", "policy": "allow", "format": "glob" }
  56 *        ],
  57 *        "policy": "deny"
  58 *      }
  59 *    }
  60 *  }
  61 *
  62 */
  63struct QAuthZList {
  64    QAuthZ parent_obj;
  65
  66    QAuthZListPolicy policy;
  67    QAuthZListRuleList *rules;
  68};
  69
  70
  71
  72
  73QAuthZList *qauthz_list_new(const char *id,
  74                            QAuthZListPolicy policy,
  75                            Error **errp);
  76
  77ssize_t qauthz_list_append_rule(QAuthZList *auth,
  78                                const char *match,
  79                                QAuthZListPolicy policy,
  80                                QAuthZListFormat format,
  81                                Error **errp);
  82
  83ssize_t qauthz_list_insert_rule(QAuthZList *auth,
  84                                const char *match,
  85                                QAuthZListPolicy policy,
  86                                QAuthZListFormat format,
  87                                size_t index,
  88                                Error **errp);
  89
  90ssize_t qauthz_list_delete_rule(QAuthZList *auth,
  91                                const char *match);
  92
  93
  94#endif /* QAUTHZ_LIST_H */
  95