root / acl.c @ 73f5e313
History | View | Annotate | Download (4.4 kB)
1 | 76655d6d | aliguori | /*
|
---|---|---|---|
2 | 76655d6d | aliguori | * QEMU access control list management
|
3 | 76655d6d | aliguori | *
|
4 | 76655d6d | aliguori | * Copyright (C) 2009 Red Hat, Inc
|
5 | 76655d6d | aliguori | *
|
6 | 76655d6d | aliguori | * Permission is hereby granted, free of charge, to any person obtaining a copy
|
7 | 76655d6d | aliguori | * of this software and associated documentation files (the "Software"), to deal
|
8 | 76655d6d | aliguori | * in the Software without restriction, including without limitation the rights
|
9 | 76655d6d | aliguori | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
10 | 76655d6d | aliguori | * copies of the Software, and to permit persons to whom the Software is
|
11 | 76655d6d | aliguori | * furnished to do so, subject to the following conditions:
|
12 | 76655d6d | aliguori | *
|
13 | 76655d6d | aliguori | * The above copyright notice and this permission notice shall be included in
|
14 | 76655d6d | aliguori | * all copies or substantial portions of the Software.
|
15 | 76655d6d | aliguori | *
|
16 | 76655d6d | aliguori | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
17 | 76655d6d | aliguori | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
18 | 76655d6d | aliguori | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
19 | 76655d6d | aliguori | * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
20 | 76655d6d | aliguori | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
21 | 76655d6d | aliguori | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
22 | 76655d6d | aliguori | * THE SOFTWARE.
|
23 | 76655d6d | aliguori | */
|
24 | 76655d6d | aliguori | |
25 | 76655d6d | aliguori | |
26 | 76655d6d | aliguori | #include "qemu-common.h" |
27 | 76655d6d | aliguori | #include "acl.h" |
28 | 76655d6d | aliguori | |
29 | 56ffaf25 | Juan Quintela | #ifdef CONFIG_FNMATCH
|
30 | 76655d6d | aliguori | #include <fnmatch.h> |
31 | 76655d6d | aliguori | #endif
|
32 | 76655d6d | aliguori | |
33 | 76655d6d | aliguori | |
34 | 76655d6d | aliguori | static unsigned int nacls = 0; |
35 | 76655d6d | aliguori | static qemu_acl **acls = NULL; |
36 | 76655d6d | aliguori | |
37 | 76655d6d | aliguori | |
38 | 76655d6d | aliguori | |
39 | 76655d6d | aliguori | qemu_acl *qemu_acl_find(const char *aclname) |
40 | 76655d6d | aliguori | { |
41 | 76655d6d | aliguori | int i;
|
42 | 76655d6d | aliguori | for (i = 0 ; i < nacls ; i++) { |
43 | 28a76be8 | aliguori | if (strcmp(acls[i]->aclname, aclname) == 0) |
44 | 28a76be8 | aliguori | return acls[i];
|
45 | 76655d6d | aliguori | } |
46 | 76655d6d | aliguori | |
47 | 76655d6d | aliguori | return NULL; |
48 | 76655d6d | aliguori | } |
49 | 76655d6d | aliguori | |
50 | 76655d6d | aliguori | qemu_acl *qemu_acl_init(const char *aclname) |
51 | 76655d6d | aliguori | { |
52 | 76655d6d | aliguori | qemu_acl *acl; |
53 | 76655d6d | aliguori | |
54 | 76655d6d | aliguori | acl = qemu_acl_find(aclname); |
55 | 76655d6d | aliguori | if (acl)
|
56 | 28a76be8 | aliguori | return acl;
|
57 | 76655d6d | aliguori | |
58 | 7267c094 | Anthony Liguori | acl = g_malloc(sizeof(*acl));
|
59 | 7267c094 | Anthony Liguori | acl->aclname = g_strdup(aclname); |
60 | 76655d6d | aliguori | /* Deny by default, so there is no window of "open
|
61 | 76655d6d | aliguori | * access" between QEMU starting, and the user setting
|
62 | 76655d6d | aliguori | * up ACLs in the monitor */
|
63 | 76655d6d | aliguori | acl->defaultDeny = 1;
|
64 | 76655d6d | aliguori | |
65 | 76655d6d | aliguori | acl->nentries = 0;
|
66 | 72cf2d4f | Blue Swirl | QTAILQ_INIT(&acl->entries); |
67 | 76655d6d | aliguori | |
68 | 7267c094 | Anthony Liguori | acls = g_realloc(acls, sizeof(*acls) * (nacls +1)); |
69 | 76655d6d | aliguori | acls[nacls] = acl; |
70 | 76655d6d | aliguori | nacls++; |
71 | 76655d6d | aliguori | |
72 | 76655d6d | aliguori | return acl;
|
73 | 76655d6d | aliguori | } |
74 | 76655d6d | aliguori | |
75 | 76655d6d | aliguori | int qemu_acl_party_is_allowed(qemu_acl *acl,
|
76 | 28a76be8 | aliguori | const char *party) |
77 | 76655d6d | aliguori | { |
78 | 76655d6d | aliguori | qemu_acl_entry *entry; |
79 | 76655d6d | aliguori | |
80 | 72cf2d4f | Blue Swirl | QTAILQ_FOREACH(entry, &acl->entries, next) { |
81 | 56ffaf25 | Juan Quintela | #ifdef CONFIG_FNMATCH
|
82 | 28a76be8 | aliguori | if (fnmatch(entry->match, party, 0) == 0) |
83 | 28a76be8 | aliguori | return entry->deny ? 0 : 1; |
84 | 76655d6d | aliguori | #else
|
85 | 28a76be8 | aliguori | /* No fnmatch, so fallback to exact string matching
|
86 | 28a76be8 | aliguori | * instead of allowing wildcards */
|
87 | 28a76be8 | aliguori | if (strcmp(entry->match, party) == 0) |
88 | 28a76be8 | aliguori | return entry->deny ? 0 : 1; |
89 | 76655d6d | aliguori | #endif
|
90 | 76655d6d | aliguori | } |
91 | 76655d6d | aliguori | |
92 | 76655d6d | aliguori | return acl->defaultDeny ? 0 : 1; |
93 | 76655d6d | aliguori | } |
94 | 76655d6d | aliguori | |
95 | 76655d6d | aliguori | |
96 | 76655d6d | aliguori | void qemu_acl_reset(qemu_acl *acl)
|
97 | 76655d6d | aliguori | { |
98 | 0ce6a434 | Markus Armbruster | qemu_acl_entry *entry, *next_entry; |
99 | 76655d6d | aliguori | |
100 | 76655d6d | aliguori | /* Put back to deny by default, so there is no window
|
101 | 76655d6d | aliguori | * of "open access" while the user re-initializes the
|
102 | 76655d6d | aliguori | * access control list */
|
103 | 76655d6d | aliguori | acl->defaultDeny = 1;
|
104 | 0ce6a434 | Markus Armbruster | QTAILQ_FOREACH_SAFE(entry, &acl->entries, next, next_entry) { |
105 | 72cf2d4f | Blue Swirl | QTAILQ_REMOVE(&acl->entries, entry, next); |
106 | 28a76be8 | aliguori | free(entry->match); |
107 | 28a76be8 | aliguori | free(entry); |
108 | 76655d6d | aliguori | } |
109 | 76655d6d | aliguori | acl->nentries = 0;
|
110 | 76655d6d | aliguori | } |
111 | 76655d6d | aliguori | |
112 | 76655d6d | aliguori | |
113 | 76655d6d | aliguori | int qemu_acl_append(qemu_acl *acl,
|
114 | 28a76be8 | aliguori | int deny,
|
115 | 28a76be8 | aliguori | const char *match) |
116 | 76655d6d | aliguori | { |
117 | 76655d6d | aliguori | qemu_acl_entry *entry; |
118 | 76655d6d | aliguori | |
119 | 7267c094 | Anthony Liguori | entry = g_malloc(sizeof(*entry));
|
120 | 7267c094 | Anthony Liguori | entry->match = g_strdup(match); |
121 | 76655d6d | aliguori | entry->deny = deny; |
122 | 76655d6d | aliguori | |
123 | 72cf2d4f | Blue Swirl | QTAILQ_INSERT_TAIL(&acl->entries, entry, next); |
124 | 76655d6d | aliguori | acl->nentries++; |
125 | 76655d6d | aliguori | |
126 | 76655d6d | aliguori | return acl->nentries;
|
127 | 76655d6d | aliguori | } |
128 | 76655d6d | aliguori | |
129 | 76655d6d | aliguori | |
130 | 76655d6d | aliguori | int qemu_acl_insert(qemu_acl *acl,
|
131 | 28a76be8 | aliguori | int deny,
|
132 | 28a76be8 | aliguori | const char *match, |
133 | 28a76be8 | aliguori | int index)
|
134 | 76655d6d | aliguori | { |
135 | 76655d6d | aliguori | qemu_acl_entry *entry; |
136 | 76655d6d | aliguori | qemu_acl_entry *tmp; |
137 | 76655d6d | aliguori | int i = 0; |
138 | 76655d6d | aliguori | |
139 | 76655d6d | aliguori | if (index <= 0) |
140 | 28a76be8 | aliguori | return -1; |
141 | 76655d6d | aliguori | if (index >= acl->nentries)
|
142 | 28a76be8 | aliguori | return qemu_acl_append(acl, deny, match);
|
143 | 76655d6d | aliguori | |
144 | 76655d6d | aliguori | |
145 | 7267c094 | Anthony Liguori | entry = g_malloc(sizeof(*entry));
|
146 | 7267c094 | Anthony Liguori | entry->match = g_strdup(match); |
147 | 76655d6d | aliguori | entry->deny = deny; |
148 | 76655d6d | aliguori | |
149 | 72cf2d4f | Blue Swirl | QTAILQ_FOREACH(tmp, &acl->entries, next) { |
150 | 28a76be8 | aliguori | i++; |
151 | 28a76be8 | aliguori | if (i == index) {
|
152 | 72cf2d4f | Blue Swirl | QTAILQ_INSERT_BEFORE(tmp, entry, next); |
153 | 28a76be8 | aliguori | acl->nentries++; |
154 | 28a76be8 | aliguori | break;
|
155 | 28a76be8 | aliguori | } |
156 | 76655d6d | aliguori | } |
157 | 76655d6d | aliguori | |
158 | 76655d6d | aliguori | return i;
|
159 | 76655d6d | aliguori | } |
160 | 76655d6d | aliguori | |
161 | 76655d6d | aliguori | int qemu_acl_remove(qemu_acl *acl,
|
162 | 28a76be8 | aliguori | const char *match) |
163 | 76655d6d | aliguori | { |
164 | 76655d6d | aliguori | qemu_acl_entry *entry; |
165 | 76655d6d | aliguori | int i = 0; |
166 | 76655d6d | aliguori | |
167 | 72cf2d4f | Blue Swirl | QTAILQ_FOREACH(entry, &acl->entries, next) { |
168 | 28a76be8 | aliguori | i++; |
169 | 28a76be8 | aliguori | if (strcmp(entry->match, match) == 0) { |
170 | 72cf2d4f | Blue Swirl | QTAILQ_REMOVE(&acl->entries, entry, next); |
171 | 28a76be8 | aliguori | return i;
|
172 | 28a76be8 | aliguori | } |
173 | 76655d6d | aliguori | } |
174 | 76655d6d | aliguori | return -1; |
175 | 76655d6d | aliguori | } |
176 | 76655d6d | aliguori | |
177 | 76655d6d | aliguori | |
178 | 76655d6d | aliguori | /*
|
179 | 76655d6d | aliguori | * Local variables:
|
180 | 76655d6d | aliguori | * c-indent-level: 4
|
181 | 76655d6d | aliguori | * c-basic-offset: 4
|
182 | 76655d6d | aliguori | * tab-width: 8
|
183 | 76655d6d | aliguori | * End:
|
184 | 76655d6d | aliguori | */ |