qemu

FORK: QEMU emulator
git clone https://git.neptards.moe/neptards/qemu.git
Log | Files | Refs | Submodules | LICENSE

base.h (2976B)

      1 /*
      2  * QEMU authorization framework base class
      3  *
      4  * Copyright (c) 2018 Red Hat, Inc.
      5  *
      6  * This library is free software; you can redistribute it and/or
      7  * modify it under the terms of the GNU Lesser General Public
      8  * License as published by the Free Software Foundation; either
      9  * version 2.1 of the License, or (at your option) any later version.
     10  *
     11  * This library is distributed in the hope that it will be useful,
     12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
     13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14  * Lesser General Public License for more details.
     15  *
     16  * You should have received a copy of the GNU Lesser General Public
     17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     18  *
     19  */
     20 
     21 #ifndef QAUTHZ_BASE_H
     22 #define QAUTHZ_BASE_H
     23 
     24 #include "qapi/error.h"
     25 #include "qom/object.h"
     26 
     27 
     28 #define TYPE_QAUTHZ "authz"
     29 
     30 OBJECT_DECLARE_TYPE(QAuthZ, QAuthZClass,
     31                     QAUTHZ)
     32 
     33 
     34 /**
     35  * QAuthZ:
     36  *
     37  * The QAuthZ class defines an API contract to be used
     38  * for providing an authorization driver for services
     39  * with user identities.
     40  */
     41 
     42 struct QAuthZ {
     43     Object parent_obj;
     44 };
     45 
     46 
     47 struct QAuthZClass {
     48     ObjectClass parent_class;
     49 
     50     bool (*is_allowed)(QAuthZ *authz,
     51                        const char *identity,
     52                        Error **errp);
     53 };
     54 
     55 
     56 /**
     57  * qauthz_is_allowed:
     58  * @authz: the authorization object
     59  * @identity: the user identity to authorize
     60  * @errp: pointer to a NULL initialized error object
     61  *
     62  * Check if a user @identity is authorized. If an error
     63  * occurs this method will return false to indicate
     64  * denial, as well as setting @errp to contain the details.
     65  * Callers are recommended to treat the denial and error
     66  * scenarios identically. Specifically the error info in
     67  * @errp should never be fed back to the user being
     68  * authorized, it is merely for benefit of administrator
     69  * debugging.
     70  *
     71  * Returns: true if @identity is authorized, false if denied or if
     72  * an error occurred.
     73  */
     74 bool qauthz_is_allowed(QAuthZ *authz,
     75                        const char *identity,
     76                        Error **errp);
     77 
     78 
     79 /**
     80  * qauthz_is_allowed_by_id:
     81  * @authzid: ID of the authorization object
     82  * @identity: the user identity to authorize
     83  * @errp: pointer to a NULL initialized error object
     84  *
     85  * Check if a user @identity is authorized. If an error
     86  * occurs this method will return false to indicate
     87  * denial, as well as setting @errp to contain the details.
     88  * Callers are recommended to treat the denial and error
     89  * scenarios identically. Specifically the error info in
     90  * @errp should never be fed back to the user being
     91  * authorized, it is merely for benefit of administrator
     92  * debugging.
     93  *
     94  * Returns: true if @identity is authorized, false if denied or if
     95  * an error occurred.
     96  */
     97 bool qauthz_is_allowed_by_id(const char *authzid,
     98                              const char *identity,
     99                              Error **errp);
    100 
    101 #endif /* QAUTHZ_BASE_H */