LXR qemu/include/authz/listfile.h

   1/*
   2 * QEMU list file authorization driver
   3 *
   4 * Copyright (c) 2018 Red Hat, Inc.
   5 *
   6 * This library is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU Lesser General Public
   8 * License as published by the Free Software Foundation; either
   9 * version 2.1 of the License, or (at your option) any later version.
  10 *
  11 * This library is distributed in the hope that it will be useful,
  12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 * Lesser General Public License for more details.
  15 *
  16 * You should have received a copy of the GNU Lesser General Public
  17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18 *
  19 */
  20
  21#ifndef QAUTHZ_LISTFILE_H
  22#define QAUTHZ_LISTFILE_H
  23
  24#include "authz/list.h"
  25#include "qemu/filemonitor.h"
  26#include "qom/object.h"
  27
  28#define TYPE_QAUTHZ_LIST_FILE "authz-list-file"
  29
  30OBJECT_DECLARE_SIMPLE_TYPE(QAuthZListFile,
  31                           QAUTHZ_LIST_FILE)
  32
  33
  34
  35/**
  36 * QAuthZListFile:
  37 *
  38 * This authorization driver provides a file mechanism
  39 * for granting access by matching user names against a
  40 * file of globs. Each match rule has an associated policy
  41 * and a catch all policy applies if no rule matches
  42 *
  43 * To create an instance of this class via QMP:
  44 *
  45 *  {
  46 *    "execute": "object-add",
  47 *    "arguments": {
  48 *      "qom-type": "authz-list-file",
  49 *      "id": "authz0",
  50 *      "props": {
  51 *        "filename": "/etc/qemu/myvm-vnc.acl",
  52 *        "refresh": true
  53 *      }
  54 *    }
  55 *  }
  56 *
  57 * If 'refresh' is 'yes', inotify is used to monitor for changes
  58 * to the file and auto-reload the rules.
  59 *
  60 * The myvm-vnc.acl file should contain the parameters for
  61 * the QAuthZList object in JSON format:
  62 *
  63 *      {
  64 *        "rules": [
  65 *           { "match": "fred", "policy": "allow", "format": "exact" },
  66 *           { "match": "bob", "policy": "allow", "format": "exact" },
  67 *           { "match": "danb", "policy": "deny", "format": "exact" },
  68 *           { "match": "dan*", "policy": "allow", "format": "glob" }
  69 *        ],
  70 *        "policy": "deny"
  71 *      }
  72 *
  73 * The object can be created on the command line using
  74 *
  75 *   -object authz-list-file,id=authz0,\
  76 *           filename=/etc/qemu/myvm-vnc.acl,refresh=on
  77 *
  78 */
  79struct QAuthZListFile {
  80    QAuthZ parent_obj;
  81
  82    QAuthZ *list;
  83    char *filename;
  84    bool refresh;
  85    QFileMonitor *file_monitor;
  86    int64_t file_watch;
  87};
  88
  89
  90
  91
  92QAuthZListFile *qauthz_list_file_new(const char *id,
  93                                     const char *filename,
  94                                     bool refresh,
  95                                     Error **errp);
  96
  97#endif /* QAUTHZ_LISTFILE_H */
  98