qemu

FORK: QEMU emulator
git clone https://git.neptards.moe/neptards/qemu.git
Log | Files | Refs | Submodules | LICENSE

pamacct.h (2343B)

      1 /*
      2  * QEMU PAM authorization driver
      3  *
      4  * Copyright (c) 2018 Red Hat, Inc.
      5  *
      6  * This library is free software; you can redistribute it and/or
      7  * modify it under the terms of the GNU Lesser General Public
      8  * License as published by the Free Software Foundation; either
      9  * version 2.1 of the License, or (at your option) any later version.
     10  *
     11  * This library is distributed in the hope that it will be useful,
     12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
     13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14  * Lesser General Public License for more details.
     15  *
     16  * You should have received a copy of the GNU Lesser General Public
     17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     18  *
     19  */
     20 
     21 #ifndef QAUTHZ_PAMACCT_H
     22 #define QAUTHZ_PAMACCT_H
     23 
     24 #include "authz/base.h"
     25 #include "qom/object.h"
     26 
     27 
     28 #define TYPE_QAUTHZ_PAM "authz-pam"
     29 
     30 OBJECT_DECLARE_SIMPLE_TYPE(QAuthZPAM,
     31                            QAUTHZ_PAM)
     32 
     33 
     34 
     35 /**
     36  * QAuthZPAM:
     37  *
     38  * This authorization driver provides a PAM mechanism
     39  * for granting access by matching user names against a
     40  * list of globs. Each match rule has an associated policy
     41  * and a catch all policy applies if no rule matches
     42  *
     43  * To create an instance of this class via QMP:
     44  *
     45  *  {
     46  *    "execute": "object-add",
     47  *    "arguments": {
     48  *      "qom-type": "authz-pam",
     49  *      "id": "authz0",
     50  *      "parameters": {
     51  *        "service": "qemu-vnc-tls"
     52  *      }
     53  *    }
     54  *  }
     55  *
     56  * The driver only uses the PAM "account" verification
     57  * subsystem. The above config would require a config
     58  * file /etc/pam.d/qemu-vnc-tls. For a simple file
     59  * lookup it would contain
     60  *
     61  *   account requisite  pam_listfile.so item=user sense=allow \
     62  *           file=/etc/qemu/vnc.allow
     63  *
     64  * The external file would then contain a list of usernames.
     65  * If x509 cert was being used as the username, a suitable
     66  * entry would match the distinguish name:
     67  *
     68  *  CN=laptop.berrange.com,O=Berrange Home,L=London,ST=London,C=GB
     69  *
     70  * On the command line it can be created using
     71  *
     72  *   -object authz-pam,id=authz0,service=qemu-vnc-tls
     73  *
     74  */
     75 struct QAuthZPAM {
     76     QAuthZ parent_obj;
     77 
     78     char *service;
     79 };
     80 
     81 
     82 
     83 
     84 QAuthZPAM *qauthz_pam_new(const char *id,
     85                           const char *service,
     86                           Error **errp);
     87 
     88 #endif /* QAUTHZ_PAMACCT_H */