| # -*- Mode: Python -*- |
| # vim: filetype=python |
| |
| ## |
| # = User authorization |
| ## |
| |
| ## |
| # @QAuthZListPolicy: |
| # |
| # The authorization policy result |
| # |
| # @deny: deny access |
| # @allow: allow access |
| # |
| # Since: 4.0 |
| ## |
| { 'enum': 'QAuthZListPolicy', |
| 'prefix': 'QAUTHZ_LIST_POLICY', |
| 'data': ['deny', 'allow']} |
| |
| ## |
| # @QAuthZListFormat: |
| # |
| # The authorization policy match format |
| # |
| # @exact: an exact string match |
| # @glob: string with ? and * shell wildcard support |
| # |
| # Since: 4.0 |
| ## |
| { 'enum': 'QAuthZListFormat', |
| 'prefix': 'QAUTHZ_LIST_FORMAT', |
| 'data': ['exact', 'glob']} |
| |
| ## |
| # @QAuthZListRule: |
| # |
| # A single authorization rule. |
| # |
| # @match: a string or glob to match against a user identity |
| # @policy: the result to return if @match evaluates to true |
| # @format: the format of the @match rule (default 'exact') |
| # |
| # Since: 4.0 |
| ## |
| { 'struct': 'QAuthZListRule', |
| 'data': {'match': 'str', |
| 'policy': 'QAuthZListPolicy', |
| '*format': 'QAuthZListFormat'}} |
| |
| ## |
| # @AuthZListProperties: |
| # |
| # Properties for authz-list objects. |
| # |
| # @policy: Default policy to apply when no rule matches (default: deny) |
| # |
| # @rules: Authorization rules based on matching user |
| # |
| # Since: 4.0 |
| ## |
| { 'struct': 'AuthZListProperties', |
| 'data': { '*policy': 'QAuthZListPolicy', |
| '*rules': ['QAuthZListRule'] } } |
| |
| ## |
| # @AuthZListFileProperties: |
| # |
| # Properties for authz-listfile objects. |
| # |
| # @filename: File name to load the configuration from. The file must |
| # contain valid JSON for AuthZListProperties. |
| # |
| # @refresh: If true, inotify is used to monitor the file, automatically |
| # reloading changes. If an error occurs during reloading, all |
| # authorizations will fail until the file is next successfully |
| # loaded. (default: true if the binary was built with |
| # CONFIG_INOTIFY1, false otherwise) |
| # |
| # Since: 4.0 |
| ## |
| { 'struct': 'AuthZListFileProperties', |
| 'data': { 'filename': 'str', |
| '*refresh': 'bool' } } |
| |
| ## |
| # @AuthZPAMProperties: |
| # |
| # Properties for authz-pam objects. |
| # |
| # @service: PAM service name to use for authorization |
| # |
| # Since: 4.0 |
| ## |
| { 'struct': 'AuthZPAMProperties', |
| 'data': { 'service': 'str' } } |
| |
| ## |
| # @AuthZSimpleProperties: |
| # |
| # Properties for authz-simple objects. |
| # |
| # @identity: Identifies the allowed user. Its format depends on the network |
| # service that authorization object is associated with. For |
| # authorizing based on TLS x509 certificates, the identity must be |
| # the x509 distinguished name. |
| # |
| # Since: 4.0 |
| ## |
| { 'struct': 'AuthZSimpleProperties', |
| 'data': { 'identity': 'str' } } |