meson: convert hw/audio
[qemu.git] / include / authz / base.h
1 /*
2 * QEMU authorization framework base class
3 *
4 * Copyright (c) 2018 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
20
21 #ifndef QAUTHZ_BASE_H
22 #define QAUTHZ_BASE_H
23
24 #include "qapi/error.h"
25 #include "qom/object.h"
26
27
28 #define TYPE_QAUTHZ "authz"
29
30 #define QAUTHZ_CLASS(klass) \
31 OBJECT_CLASS_CHECK(QAuthZClass, (klass), \
32 TYPE_QAUTHZ)
33 #define QAUTHZ_GET_CLASS(obj) \
34 OBJECT_GET_CLASS(QAuthZClass, (obj), \
35 TYPE_QAUTHZ)
36 #define QAUTHZ(obj) \
37 OBJECT_CHECK(QAuthZ, (obj), \
38 TYPE_QAUTHZ)
39
40 typedef struct QAuthZ QAuthZ;
41 typedef struct QAuthZClass QAuthZClass;
42
43 /**
44 * QAuthZ:
45 *
46 * The QAuthZ class defines an API contract to be used
47 * for providing an authorization driver for services
48 * with user identities.
49 */
50
51 struct QAuthZ {
52 Object parent_obj;
53 };
54
55
56 struct QAuthZClass {
57 ObjectClass parent_class;
58
59 bool (*is_allowed)(QAuthZ *authz,
60 const char *identity,
61 Error **errp);
62 };
63
64
65 /**
66 * qauthz_is_allowed:
67 * @authz: the authorization object
68 * @identity: the user identity to authorize
69 * @errp: pointer to a NULL initialized error object
70 *
71 * Check if a user @identity is authorized. If an error
72 * occurs this method will return false to indicate
73 * denial, as well as setting @errp to contain the details.
74 * Callers are recommended to treat the denial and error
75 * scenarios identically. Specifically the error info in
76 * @errp should never be fed back to the user being
77 * authorized, it is merely for benefit of administrator
78 * debugging.
79 *
80 * Returns: true if @identity is authorized, false if denied or if
81 * an error occurred.
82 */
83 bool qauthz_is_allowed(QAuthZ *authz,
84 const char *identity,
85 Error **errp);
86
87
88 /**
89 * qauthz_is_allowed_by_id:
90 * @authzid: ID of the authorization object
91 * @identity: the user identity to authorize
92 * @errp: pointer to a NULL initialized error object
93 *
94 * Check if a user @identity is authorized. If an error
95 * occurs this method will return false to indicate
96 * denial, as well as setting @errp to contain the details.
97 * Callers are recommended to treat the denial and error
98 * scenarios identically. Specifically the error info in
99 * @errp should never be fed back to the user being
100 * authorized, it is merely for benefit of administrator
101 * debugging.
102 *
103 * Returns: true if @identity is authorized, false if denied or if
104 * an error occurred.
105 */
106 bool qauthz_is_allowed_by_id(const char *authzid,
107 const char *identity,
108 Error **errp);
109
110 #endif /* QAUTHZ_BASE_H */