cachepc-qemu

Fork of AMDESE/qemu with changes for cachepc side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-qemu
Log | Files | Refs | Submodules | LICENSE | sfeed.txt

pamacct.h (2343B)

      1/*
      2 * QEMU PAM authorization driver
      3 *
      4 * Copyright (c) 2018 Red Hat, Inc.
      5 *
      6 * This library is free software; you can redistribute it and/or
      7 * modify it under the terms of the GNU Lesser General Public
      8 * License as published by the Free Software Foundation; either
      9 * version 2.1 of the License, or (at your option) any later version.
     10 *
     11 * This library is distributed in the hope that it will be useful,
     12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
     13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14 * Lesser General Public License for more details.
     15 *
     16 * You should have received a copy of the GNU Lesser General Public
     17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     18 *
     19 */
     20
     21#ifndef QAUTHZ_PAMACCT_H
     22#define QAUTHZ_PAMACCT_H
     23
     24#include "authz/base.h"
     25#include "qom/object.h"
     26
     27
     28#define TYPE_QAUTHZ_PAM "authz-pam"
     29
     30OBJECT_DECLARE_SIMPLE_TYPE(QAuthZPAM,
     31                           QAUTHZ_PAM)
     32
     33
     34
     35/**
     36 * QAuthZPAM:
     37 *
     38 * This authorization driver provides a PAM mechanism
     39 * for granting access by matching user names against a
     40 * list of globs. Each match rule has an associated policy
     41 * and a catch all policy applies if no rule matches
     42 *
     43 * To create an instance of this class via QMP:
     44 *
     45 *  {
     46 *    "execute": "object-add",
     47 *    "arguments": {
     48 *      "qom-type": "authz-pam",
     49 *      "id": "authz0",
     50 *      "parameters": {
     51 *        "service": "qemu-vnc-tls"
     52 *      }
     53 *    }
     54 *  }
     55 *
     56 * The driver only uses the PAM "account" verification
     57 * subsystem. The above config would require a config
     58 * file /etc/pam.d/qemu-vnc-tls. For a simple file
     59 * lookup it would contain
     60 *
     61 *   account requisite  pam_listfile.so item=user sense=allow \
     62 *           file=/etc/qemu/vnc.allow
     63 *
     64 * The external file would then contain a list of usernames.
     65 * If x509 cert was being used as the username, a suitable
     66 * entry would match the distinguish name:
     67 *
     68 *  CN=laptop.berrange.com,O=Berrange Home,L=London,ST=London,C=GB
     69 *
     70 * On the command line it can be created using
     71 *
     72 *   -object authz-pam,id=authz0,service=qemu-vnc-tls
     73 *
     74 */
     75struct QAuthZPAM {
     76    QAuthZ parent_obj;
     77
     78    char *service;
     79};
     80
     81
     82
     83
     84QAuthZPAM *qauthz_pam_new(const char *id,
     85                          const char *service,
     86                          Error **errp);
     87
     88#endif /* QAUTHZ_PAMACCT_H */