projects / qemu.git / blame
| Commit | Line | Data |
|---|---|---|
| c8c99887 | 1 | # -*- Mode: Python -*- |
| f7160f32 | 2 | # vim: filetype=python |
| a1d12a21 MA |
3 | |
| 4 | ## | |
| 5 | # = User authorization | |
| 6 | ## | |
| c8c99887 DB |
7 | |
| 8 | ## | |
| 9 | # @QAuthZListPolicy: | |
| 10 | # | |
| 11 | # The authorization policy result | |
| 12 | # | |
| 13 | # @deny: deny access | |
| 14 | # @allow: allow access | |
| 15 | # | |
| 16 | # Since: 4.0 | |
| 17 | ## | |
| 18 | { 'enum': 'QAuthZListPolicy', | |
| 19 | 'prefix': 'QAUTHZ_LIST_POLICY', | |
| 20 | 'data': ['deny', 'allow']} | |
| 21 | ||
| 22 | ## | |
| 23 | # @QAuthZListFormat: | |
| 24 | # | |
| 25 | # The authorization policy match format | |
| 26 | # | |
| 27 | # @exact: an exact string match | |
| 28 | # @glob: string with ? and * shell wildcard support | |
| 29 | # | |
| 30 | # Since: 4.0 | |
| 31 | ## | |
| 32 | { 'enum': 'QAuthZListFormat', | |
| 33 | 'prefix': 'QAUTHZ_LIST_FORMAT', | |
| 34 | 'data': ['exact', 'glob']} | |
| 35 | ||
| 36 | ## | |
| 37 | # @QAuthZListRule: | |
| 38 | # | |
| 39 | # A single authorization rule. | |
| 40 | # | |
| 41 | # @match: a string or glob to match against a user identity | |
| 42 | # @policy: the result to return if @match evaluates to true | |
| 43 | # @format: the format of the @match rule (default 'exact') | |
| 44 | # | |
| 45 | # Since: 4.0 | |
| 46 | ## | |
| 47 | { 'struct': 'QAuthZListRule', | |
| 48 | 'data': {'match': 'str', | |
| 49 | 'policy': 'QAuthZListPolicy', | |
| 50 | '*format': 'QAuthZListFormat'}} | |
| 51 | ||
| 52 | ## | |
| 8825587b | 53 | # @AuthZListProperties: |
| c8c99887 | 54 | # |
| 8825587b KW |
55 | # Properties for authz-list objects. |
| 56 | # | |
| 57 | # @policy: Default policy to apply when no rule matches (default: deny) | |
| 58 | # | |
| 59 | # @rules: Authorization rules based on matching user | |
| 60 | # | |
| 61 | # Since: 4.0 | |
| 62 | ## | |
| 63 | { 'struct': 'AuthZListProperties', | |
| 64 | 'data': { '*policy': 'QAuthZListPolicy', | |
| 65 | '*rules': ['QAuthZListRule'] } } | |
| 66 | ||
| 67 | ## | |
| 68 | # @AuthZListFileProperties: | |
| 69 | # | |
| 70 | # Properties for authz-listfile objects. | |
| 71 | # | |
| 72 | # @filename: File name to load the configuration from. The file must | |
| 73 | # contain valid JSON for AuthZListProperties. | |
| 74 | # | |
| 75 | # @refresh: If true, inotify is used to monitor the file, automatically | |
| 76 | # reloading changes. If an error occurs during reloading, all | |
| 77 | # authorizations will fail until the file is next successfully | |
| 78 | # loaded. (default: true if the binary was built with | |
| 79 | # CONFIG_INOTIFY1, false otherwise) | |
| 80 | # | |
| 81 | # Since: 4.0 | |
| 82 | ## | |
| 83 | { 'struct': 'AuthZListFileProperties', | |
| 84 | 'data': { 'filename': 'str', | |
| 85 | '*refresh': 'bool' } } | |
| 86 | ||
| 87 | ## | |
| 88 | # @AuthZPAMProperties: | |
| 89 | # | |
| 90 | # Properties for authz-pam objects. | |
| 91 | # | |
| 92 | # @service: PAM service name to use for authorization | |
| 93 | # | |
| 94 | # Since: 4.0 | |
| 95 | ## | |
| 96 | { 'struct': 'AuthZPAMProperties', | |
| 97 | 'data': { 'service': 'str' } } | |
| 98 | ||
| 99 | ## | |
| 100 | # @AuthZSimpleProperties: | |
| 101 | # | |
| 102 | # Properties for authz-simple objects. | |
| 103 | # | |
| 104 | # @identity: Identifies the allowed user. Its format depends on the network | |
| 105 | # service that authorization object is associated with. For | |
| 106 | # authorizing based on TLS x509 certificates, the identity must be | |
| 107 | # the x509 distinguished name. | |
| c8c99887 DB |
108 | # |
| 109 | # Since: 4.0 | |
| 110 | ## | |
| 8825587b KW |
111 | { 'struct': 'AuthZSimpleProperties', |
| 112 | 'data': { 'identity': 'str' } } |