qemu

FORK: QEMU emulator
git clone https://git.neptards.moe/neptards/qemu.git
Log | Files | Refs | Submodules | LICENSE

authz.json (2581B)

      1 # -*- Mode: Python -*-
      2 # vim: filetype=python
      3 
      4 ##
      5 # = User authorization
      6 ##
      7 
      8 ##
      9 # @QAuthZListPolicy:
     10 #
     11 # The authorization policy result
     12 #
     13 # @deny: deny access
     14 # @allow: allow access
     15 #
     16 # Since: 4.0
     17 ##
     18 { 'enum': 'QAuthZListPolicy',
     19   'prefix': 'QAUTHZ_LIST_POLICY',
     20   'data': ['deny', 'allow']}
     21 
     22 ##
     23 # @QAuthZListFormat:
     24 #
     25 # The authorization policy match format
     26 #
     27 # @exact: an exact string match
     28 # @glob: string with ? and * shell wildcard support
     29 #
     30 # Since: 4.0
     31 ##
     32 { 'enum': 'QAuthZListFormat',
     33   'prefix': 'QAUTHZ_LIST_FORMAT',
     34   'data': ['exact', 'glob']}
     35 
     36 ##
     37 # @QAuthZListRule:
     38 #
     39 # A single authorization rule.
     40 #
     41 # @match: a string or glob to match against a user identity
     42 # @policy: the result to return if @match evaluates to true
     43 # @format: the format of the @match rule (default 'exact')
     44 #
     45 # Since: 4.0
     46 ##
     47 { 'struct': 'QAuthZListRule',
     48   'data': {'match': 'str',
     49            'policy': 'QAuthZListPolicy',
     50            '*format': 'QAuthZListFormat'}}
     51 
     52 ##
     53 # @AuthZListProperties:
     54 #
     55 # Properties for authz-list objects.
     56 #
     57 # @policy: Default policy to apply when no rule matches (default: deny)
     58 #
     59 # @rules: Authorization rules based on matching user
     60 #
     61 # Since: 4.0
     62 ##
     63 { 'struct': 'AuthZListProperties',
     64   'data': { '*policy': 'QAuthZListPolicy',
     65             '*rules': ['QAuthZListRule'] } }
     66 
     67 ##
     68 # @AuthZListFileProperties:
     69 #
     70 # Properties for authz-listfile objects.
     71 #
     72 # @filename: File name to load the configuration from. The file must
     73 #            contain valid JSON for AuthZListProperties.
     74 #
     75 # @refresh: If true, inotify is used to monitor the file, automatically
     76 #           reloading changes. If an error occurs during reloading, all
     77 #           authorizations will fail until the file is next successfully
     78 #           loaded. (default: true if the binary was built with
     79 #           CONFIG_INOTIFY1, false otherwise)
     80 #
     81 # Since: 4.0
     82 ##
     83 { 'struct': 'AuthZListFileProperties',
     84   'data': { 'filename': 'str',
     85             '*refresh': 'bool' } }
     86 
     87 ##
     88 # @AuthZPAMProperties:
     89 #
     90 # Properties for authz-pam objects.
     91 #
     92 # @service: PAM service name to use for authorization
     93 #
     94 # Since: 4.0
     95 ##
     96 { 'struct': 'AuthZPAMProperties',
     97   'data': { 'service': 'str' } }
     98 
     99 ##
    100 # @AuthZSimpleProperties:
    101 #
    102 # Properties for authz-simple objects.
    103 #
    104 # @identity: Identifies the allowed user. Its format depends on the network
    105 #            service that authorization object is associated with. For
    106 #            authorizing based on TLS x509 certificates, the identity must be
    107 #            the x509 distinguished name.
    108 #
    109 # Since: 4.0
    110 ##
    111 { 'struct': 'AuthZSimpleProperties',
    112   'data': { 'identity': 'str' } }