1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
/*
* QEMU list authorization driver
*
* Copyright (c) 2018 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
*
*/
#ifndef QAUTHZ_LIST_H
#define QAUTHZ_LIST_H
#include "authz/base.h"
#include "qapi/qapi-types-authz.h"
#include "qom/object.h"
#define TYPE_QAUTHZ_LIST "authz-list"
typedef struct QAuthZList QAuthZList;
typedef struct QAuthZListClass QAuthZListClass;
#define QAUTHZ_LIST_CLASS(klass) \
OBJECT_CLASS_CHECK(QAuthZListClass, (klass), \
TYPE_QAUTHZ_LIST)
#define QAUTHZ_LIST_GET_CLASS(obj) \
OBJECT_GET_CLASS(QAuthZListClass, (obj), \
TYPE_QAUTHZ_LIST)
#define QAUTHZ_LIST(obj) \
OBJECT_CHECK(QAuthZList, (obj), \
TYPE_QAUTHZ_LIST)
/**
* QAuthZList:
*
* This authorization driver provides a list mechanism
* for granting access by matching user names against a
* list of globs. Each match rule has an associated policy
* and a catch all policy applies if no rule matches
*
* To create an instance of this class via QMP:
*
* {
* "execute": "object-add",
* "arguments": {
* "qom-type": "authz-list",
* "id": "authz0",
* "props": {
* "rules": [
* { "match": "fred", "policy": "allow", "format": "exact" },
* { "match": "bob", "policy": "allow", "format": "exact" },
* { "match": "danb", "policy": "deny", "format": "exact" },
* { "match": "dan*", "policy": "allow", "format": "glob" }
* ],
* "policy": "deny"
* }
* }
* }
*
*/
struct QAuthZList {
QAuthZ parent_obj;
QAuthZListPolicy policy;
QAuthZListRuleList *rules;
};
struct QAuthZListClass {
QAuthZClass parent_class;
};
QAuthZList *qauthz_list_new(const char *id,
QAuthZListPolicy policy,
Error **errp);
ssize_t qauthz_list_append_rule(QAuthZList *auth,
const char *match,
QAuthZListPolicy policy,
QAuthZListFormat format,
Error **errp);
ssize_t qauthz_list_insert_rule(QAuthZList *auth,
const char *match,
QAuthZListPolicy policy,
QAuthZListFormat format,
size_t index,
Error **errp);
ssize_t qauthz_list_delete_rule(QAuthZList *auth,
const char *match);
#endif /* QAUTHZ_LIST_H */
|