root / acl.c @ 72cf2d4f
History | View | Annotate | Download (4.4 kB)
1 | 76655d6d | aliguori | /*
|
---|---|---|---|
2 | 76655d6d | aliguori | * QEMU access control list management
|
3 | 76655d6d | aliguori | *
|
4 | 76655d6d | aliguori | * Copyright (C) 2009 Red Hat, Inc
|
5 | 76655d6d | aliguori | *
|
6 | 76655d6d | aliguori | * Permission is hereby granted, free of charge, to any person obtaining a copy
|
7 | 76655d6d | aliguori | * of this software and associated documentation files (the "Software"), to deal
|
8 | 76655d6d | aliguori | * in the Software without restriction, including without limitation the rights
|
9 | 76655d6d | aliguori | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
10 | 76655d6d | aliguori | * copies of the Software, and to permit persons to whom the Software is
|
11 | 76655d6d | aliguori | * furnished to do so, subject to the following conditions:
|
12 | 76655d6d | aliguori | *
|
13 | 76655d6d | aliguori | * The above copyright notice and this permission notice shall be included in
|
14 | 76655d6d | aliguori | * all copies or substantial portions of the Software.
|
15 | 76655d6d | aliguori | *
|
16 | 76655d6d | aliguori | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
17 | 76655d6d | aliguori | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
18 | 76655d6d | aliguori | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
19 | 76655d6d | aliguori | * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
20 | 76655d6d | aliguori | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
21 | 76655d6d | aliguori | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
22 | 76655d6d | aliguori | * THE SOFTWARE.
|
23 | 76655d6d | aliguori | */
|
24 | 76655d6d | aliguori | |
25 | 76655d6d | aliguori | |
26 | 76655d6d | aliguori | #include "qemu-common.h" |
27 | 76655d6d | aliguori | #include "sysemu.h" |
28 | 76655d6d | aliguori | #include "acl.h" |
29 | 76655d6d | aliguori | |
30 | 56ffaf25 | Juan Quintela | #ifdef CONFIG_FNMATCH
|
31 | 76655d6d | aliguori | #include <fnmatch.h> |
32 | 76655d6d | aliguori | #endif
|
33 | 76655d6d | aliguori | |
34 | 76655d6d | aliguori | |
35 | 76655d6d | aliguori | static unsigned int nacls = 0; |
36 | 76655d6d | aliguori | static qemu_acl **acls = NULL; |
37 | 76655d6d | aliguori | |
38 | 76655d6d | aliguori | |
39 | 76655d6d | aliguori | |
40 | 76655d6d | aliguori | qemu_acl *qemu_acl_find(const char *aclname) |
41 | 76655d6d | aliguori | { |
42 | 76655d6d | aliguori | int i;
|
43 | 76655d6d | aliguori | for (i = 0 ; i < nacls ; i++) { |
44 | 28a76be8 | aliguori | if (strcmp(acls[i]->aclname, aclname) == 0) |
45 | 28a76be8 | aliguori | return acls[i];
|
46 | 76655d6d | aliguori | } |
47 | 76655d6d | aliguori | |
48 | 76655d6d | aliguori | return NULL; |
49 | 76655d6d | aliguori | } |
50 | 76655d6d | aliguori | |
51 | 76655d6d | aliguori | qemu_acl *qemu_acl_init(const char *aclname) |
52 | 76655d6d | aliguori | { |
53 | 76655d6d | aliguori | qemu_acl *acl; |
54 | 76655d6d | aliguori | |
55 | 76655d6d | aliguori | acl = qemu_acl_find(aclname); |
56 | 76655d6d | aliguori | if (acl)
|
57 | 28a76be8 | aliguori | return acl;
|
58 | 76655d6d | aliguori | |
59 | 76655d6d | aliguori | acl = qemu_malloc(sizeof(*acl));
|
60 | 76655d6d | aliguori | acl->aclname = qemu_strdup(aclname); |
61 | 76655d6d | aliguori | /* Deny by default, so there is no window of "open
|
62 | 76655d6d | aliguori | * access" between QEMU starting, and the user setting
|
63 | 76655d6d | aliguori | * up ACLs in the monitor */
|
64 | 76655d6d | aliguori | acl->defaultDeny = 1;
|
65 | 76655d6d | aliguori | |
66 | 76655d6d | aliguori | acl->nentries = 0;
|
67 | 72cf2d4f | Blue Swirl | QTAILQ_INIT(&acl->entries); |
68 | 76655d6d | aliguori | |
69 | 76655d6d | aliguori | acls = qemu_realloc(acls, sizeof(*acls) * (nacls +1)); |
70 | 76655d6d | aliguori | acls[nacls] = acl; |
71 | 76655d6d | aliguori | nacls++; |
72 | 76655d6d | aliguori | |
73 | 76655d6d | aliguori | return acl;
|
74 | 76655d6d | aliguori | } |
75 | 76655d6d | aliguori | |
76 | 76655d6d | aliguori | int qemu_acl_party_is_allowed(qemu_acl *acl,
|
77 | 28a76be8 | aliguori | const char *party) |
78 | 76655d6d | aliguori | { |
79 | 76655d6d | aliguori | qemu_acl_entry *entry; |
80 | 76655d6d | aliguori | |
81 | 72cf2d4f | Blue Swirl | QTAILQ_FOREACH(entry, &acl->entries, next) { |
82 | 56ffaf25 | Juan Quintela | #ifdef CONFIG_FNMATCH
|
83 | 28a76be8 | aliguori | if (fnmatch(entry->match, party, 0) == 0) |
84 | 28a76be8 | aliguori | return entry->deny ? 0 : 1; |
85 | 76655d6d | aliguori | #else
|
86 | 28a76be8 | aliguori | /* No fnmatch, so fallback to exact string matching
|
87 | 28a76be8 | aliguori | * instead of allowing wildcards */
|
88 | 28a76be8 | aliguori | if (strcmp(entry->match, party) == 0) |
89 | 28a76be8 | aliguori | return entry->deny ? 0 : 1; |
90 | 76655d6d | aliguori | #endif
|
91 | 76655d6d | aliguori | } |
92 | 76655d6d | aliguori | |
93 | 76655d6d | aliguori | return acl->defaultDeny ? 0 : 1; |
94 | 76655d6d | aliguori | } |
95 | 76655d6d | aliguori | |
96 | 76655d6d | aliguori | |
97 | 76655d6d | aliguori | void qemu_acl_reset(qemu_acl *acl)
|
98 | 76655d6d | aliguori | { |
99 | 76655d6d | aliguori | qemu_acl_entry *entry; |
100 | 76655d6d | aliguori | |
101 | 76655d6d | aliguori | /* Put back to deny by default, so there is no window
|
102 | 76655d6d | aliguori | * of "open access" while the user re-initializes the
|
103 | 76655d6d | aliguori | * access control list */
|
104 | 76655d6d | aliguori | acl->defaultDeny = 1;
|
105 | 72cf2d4f | Blue Swirl | QTAILQ_FOREACH(entry, &acl->entries, next) { |
106 | 72cf2d4f | Blue Swirl | QTAILQ_REMOVE(&acl->entries, entry, next); |
107 | 28a76be8 | aliguori | free(entry->match); |
108 | 28a76be8 | aliguori | free(entry); |
109 | 76655d6d | aliguori | } |
110 | 76655d6d | aliguori | acl->nentries = 0;
|
111 | 76655d6d | aliguori | } |
112 | 76655d6d | aliguori | |
113 | 76655d6d | aliguori | |
114 | 76655d6d | aliguori | int qemu_acl_append(qemu_acl *acl,
|
115 | 28a76be8 | aliguori | int deny,
|
116 | 28a76be8 | aliguori | const char *match) |
117 | 76655d6d | aliguori | { |
118 | 76655d6d | aliguori | qemu_acl_entry *entry; |
119 | 76655d6d | aliguori | |
120 | 76655d6d | aliguori | entry = qemu_malloc(sizeof(*entry));
|
121 | 76655d6d | aliguori | entry->match = qemu_strdup(match); |
122 | 76655d6d | aliguori | entry->deny = deny; |
123 | 76655d6d | aliguori | |
124 | 72cf2d4f | Blue Swirl | QTAILQ_INSERT_TAIL(&acl->entries, entry, next); |
125 | 76655d6d | aliguori | acl->nentries++; |
126 | 76655d6d | aliguori | |
127 | 76655d6d | aliguori | return acl->nentries;
|
128 | 76655d6d | aliguori | } |
129 | 76655d6d | aliguori | |
130 | 76655d6d | aliguori | |
131 | 76655d6d | aliguori | int qemu_acl_insert(qemu_acl *acl,
|
132 | 28a76be8 | aliguori | int deny,
|
133 | 28a76be8 | aliguori | const char *match, |
134 | 28a76be8 | aliguori | int index)
|
135 | 76655d6d | aliguori | { |
136 | 76655d6d | aliguori | qemu_acl_entry *entry; |
137 | 76655d6d | aliguori | qemu_acl_entry *tmp; |
138 | 76655d6d | aliguori | int i = 0; |
139 | 76655d6d | aliguori | |
140 | 76655d6d | aliguori | if (index <= 0) |
141 | 28a76be8 | aliguori | return -1; |
142 | 76655d6d | aliguori | if (index >= acl->nentries)
|
143 | 28a76be8 | aliguori | return qemu_acl_append(acl, deny, match);
|
144 | 76655d6d | aliguori | |
145 | 76655d6d | aliguori | |
146 | 76655d6d | aliguori | entry = qemu_malloc(sizeof(*entry));
|
147 | 76655d6d | aliguori | entry->match = qemu_strdup(match); |
148 | 76655d6d | aliguori | entry->deny = deny; |
149 | 76655d6d | aliguori | |
150 | 72cf2d4f | Blue Swirl | QTAILQ_FOREACH(tmp, &acl->entries, next) { |
151 | 28a76be8 | aliguori | i++; |
152 | 28a76be8 | aliguori | if (i == index) {
|
153 | 72cf2d4f | Blue Swirl | QTAILQ_INSERT_BEFORE(tmp, entry, next); |
154 | 28a76be8 | aliguori | acl->nentries++; |
155 | 28a76be8 | aliguori | break;
|
156 | 28a76be8 | aliguori | } |
157 | 76655d6d | aliguori | } |
158 | 76655d6d | aliguori | |
159 | 76655d6d | aliguori | return i;
|
160 | 76655d6d | aliguori | } |
161 | 76655d6d | aliguori | |
162 | 76655d6d | aliguori | int qemu_acl_remove(qemu_acl *acl,
|
163 | 28a76be8 | aliguori | const char *match) |
164 | 76655d6d | aliguori | { |
165 | 76655d6d | aliguori | qemu_acl_entry *entry; |
166 | 76655d6d | aliguori | int i = 0; |
167 | 76655d6d | aliguori | |
168 | 72cf2d4f | Blue Swirl | QTAILQ_FOREACH(entry, &acl->entries, next) { |
169 | 28a76be8 | aliguori | i++; |
170 | 28a76be8 | aliguori | if (strcmp(entry->match, match) == 0) { |
171 | 72cf2d4f | Blue Swirl | QTAILQ_REMOVE(&acl->entries, entry, next); |
172 | 28a76be8 | aliguori | return i;
|
173 | 28a76be8 | aliguori | } |
174 | 76655d6d | aliguori | } |
175 | 76655d6d | aliguori | return -1; |
176 | 76655d6d | aliguori | } |
177 | 76655d6d | aliguori | |
178 | 76655d6d | aliguori | |
179 | 76655d6d | aliguori | /*
|
180 | 76655d6d | aliguori | * Local variables:
|
181 | 76655d6d | aliguori | * c-indent-level: 4
|
182 | 76655d6d | aliguori | * c-basic-offset: 4
|
183 | 76655d6d | aliguori | * tab-width: 8
|
184 | 76655d6d | aliguori | * End:
|
185 | 76655d6d | aliguori | */ |