cachepc-qemu

Fork of AMDESE/qemu with changes for cachepc side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-qemu
Log | Files | Refs | Submodules | LICENSE | sfeed.txt

base.h (2976B)

      1/*
      2 * QEMU authorization framework base class
      3 *
      4 * Copyright (c) 2018 Red Hat, Inc.
      5 *
      6 * This library is free software; you can redistribute it and/or
      7 * modify it under the terms of the GNU Lesser General Public
      8 * License as published by the Free Software Foundation; either
      9 * version 2.1 of the License, or (at your option) any later version.
     10 *
     11 * This library is distributed in the hope that it will be useful,
     12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
     13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14 * Lesser General Public License for more details.
     15 *
     16 * You should have received a copy of the GNU Lesser General Public
     17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     18 *
     19 */
     20
     21#ifndef QAUTHZ_BASE_H
     22#define QAUTHZ_BASE_H
     23
     24#include "qapi/error.h"
     25#include "qom/object.h"
     26
     27
     28#define TYPE_QAUTHZ "authz"
     29
     30OBJECT_DECLARE_TYPE(QAuthZ, QAuthZClass,
     31                    QAUTHZ)
     32
     33
     34/**
     35 * QAuthZ:
     36 *
     37 * The QAuthZ class defines an API contract to be used
     38 * for providing an authorization driver for services
     39 * with user identities.
     40 */
     41
     42struct QAuthZ {
     43    Object parent_obj;
     44};
     45
     46
     47struct QAuthZClass {
     48    ObjectClass parent_class;
     49
     50    bool (*is_allowed)(QAuthZ *authz,
     51                       const char *identity,
     52                       Error **errp);
     53};
     54
     55
     56/**
     57 * qauthz_is_allowed:
     58 * @authz: the authorization object
     59 * @identity: the user identity to authorize
     60 * @errp: pointer to a NULL initialized error object
     61 *
     62 * Check if a user @identity is authorized. If an error
     63 * occurs this method will return false to indicate
     64 * denial, as well as setting @errp to contain the details.
     65 * Callers are recommended to treat the denial and error
     66 * scenarios identically. Specifically the error info in
     67 * @errp should never be fed back to the user being
     68 * authorized, it is merely for benefit of administrator
     69 * debugging.
     70 *
     71 * Returns: true if @identity is authorized, false if denied or if
     72 * an error occurred.
     73 */
     74bool qauthz_is_allowed(QAuthZ *authz,
     75                       const char *identity,
     76                       Error **errp);
     77
     78
     79/**
     80 * qauthz_is_allowed_by_id:
     81 * @authzid: ID of the authorization object
     82 * @identity: the user identity to authorize
     83 * @errp: pointer to a NULL initialized error object
     84 *
     85 * Check if a user @identity is authorized. If an error
     86 * occurs this method will return false to indicate
     87 * denial, as well as setting @errp to contain the details.
     88 * Callers are recommended to treat the denial and error
     89 * scenarios identically. Specifically the error info in
     90 * @errp should never be fed back to the user being
     91 * authorized, it is merely for benefit of administrator
     92 * debugging.
     93 *
     94 * Returns: true if @identity is authorized, false if denied or if
     95 * an error occurred.
     96 */
     97bool qauthz_is_allowed_by_id(const char *authzid,
     98                             const char *identity,
     99                             Error **errp);
    100
    101#endif /* QAUTHZ_BASE_H */