qemu

FORK: QEMU emulator
git clone https://git.neptards.moe/neptards/qemu.git
Log | Files | Refs | Submodules | LICENSE

listfile.h (2733B)

      1 /*
      2  * QEMU list file authorization driver
      3  *
      4  * Copyright (c) 2018 Red Hat, Inc.
      5  *
      6  * This library is free software; you can redistribute it and/or
      7  * modify it under the terms of the GNU Lesser General Public
      8  * License as published by the Free Software Foundation; either
      9  * version 2.1 of the License, or (at your option) any later version.
     10  *
     11  * This library is distributed in the hope that it will be useful,
     12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
     13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14  * Lesser General Public License for more details.
     15  *
     16  * You should have received a copy of the GNU Lesser General Public
     17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     18  *
     19  */
     20 
     21 #ifndef QAUTHZ_LISTFILE_H
     22 #define QAUTHZ_LISTFILE_H
     23 
     24 #include "authz/list.h"
     25 #include "qemu/filemonitor.h"
     26 #include "qom/object.h"
     27 
     28 #define TYPE_QAUTHZ_LIST_FILE "authz-list-file"
     29 
     30 OBJECT_DECLARE_SIMPLE_TYPE(QAuthZListFile,
     31                            QAUTHZ_LIST_FILE)
     32 
     33 
     34 
     35 /**
     36  * QAuthZListFile:
     37  *
     38  * This authorization driver provides a file mechanism
     39  * for granting access by matching user names against a
     40  * file of globs. Each match rule has an associated policy
     41  * and a catch all policy applies if no rule matches
     42  *
     43  * To create an instance of this class via QMP:
     44  *
     45  *  {
     46  *    "execute": "object-add",
     47  *    "arguments": {
     48  *      "qom-type": "authz-list-file",
     49  *      "id": "authz0",
     50  *      "props": {
     51  *        "filename": "/etc/qemu/myvm-vnc.acl",
     52  *        "refresh": true
     53  *      }
     54  *    }
     55  *  }
     56  *
     57  * If 'refresh' is 'yes', inotify is used to monitor for changes
     58  * to the file and auto-reload the rules.
     59  *
     60  * The myvm-vnc.acl file should contain the parameters for
     61  * the QAuthZList object in JSON format:
     62  *
     63  *      {
     64  *        "rules": [
     65  *           { "match": "fred", "policy": "allow", "format": "exact" },
     66  *           { "match": "bob", "policy": "allow", "format": "exact" },
     67  *           { "match": "danb", "policy": "deny", "format": "exact" },
     68  *           { "match": "dan*", "policy": "allow", "format": "glob" }
     69  *        ],
     70  *        "policy": "deny"
     71  *      }
     72  *
     73  * The object can be created on the command line using
     74  *
     75  *   -object authz-list-file,id=authz0,\
     76  *           filename=/etc/qemu/myvm-vnc.acl,refresh=on
     77  *
     78  */
     79 struct QAuthZListFile {
     80     QAuthZ parent_obj;
     81 
     82     QAuthZ *list;
     83     char *filename;
     84     bool refresh;
     85     QFileMonitor *file_monitor;
     86     int64_t file_watch;
     87 };
     88 
     89 
     90 
     91 
     92 QAuthZListFile *qauthz_list_file_new(const char *id,
     93                                      const char *filename,
     94                                      bool refresh,
     95                                      Error **errp);
     96 
     97 #endif /* QAUTHZ_LISTFILE_H */