root / acl.c @ a74cdab4
History | View | Annotate | Download (4.4 kB)
1 |
/*
|
---|---|
2 |
* QEMU access control list management
|
3 |
*
|
4 |
* Copyright (C) 2009 Red Hat, Inc
|
5 |
*
|
6 |
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
7 |
* of this software and associated documentation files (the "Software"), to deal
|
8 |
* in the Software without restriction, including without limitation the rights
|
9 |
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
10 |
* copies of the Software, and to permit persons to whom the Software is
|
11 |
* furnished to do so, subject to the following conditions:
|
12 |
*
|
13 |
* The above copyright notice and this permission notice shall be included in
|
14 |
* all copies or substantial portions of the Software.
|
15 |
*
|
16 |
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
17 |
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
18 |
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
19 |
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
20 |
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
21 |
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
22 |
* THE SOFTWARE.
|
23 |
*/
|
24 |
|
25 |
|
26 |
#include "qemu-common.h" |
27 |
#include "acl.h" |
28 |
|
29 |
#ifdef CONFIG_FNMATCH
|
30 |
#include <fnmatch.h> |
31 |
#endif
|
32 |
|
33 |
|
34 |
static unsigned int nacls = 0; |
35 |
static qemu_acl **acls = NULL; |
36 |
|
37 |
|
38 |
|
39 |
qemu_acl *qemu_acl_find(const char *aclname) |
40 |
{ |
41 |
int i;
|
42 |
for (i = 0 ; i < nacls ; i++) { |
43 |
if (strcmp(acls[i]->aclname, aclname) == 0) |
44 |
return acls[i];
|
45 |
} |
46 |
|
47 |
return NULL; |
48 |
} |
49 |
|
50 |
qemu_acl *qemu_acl_init(const char *aclname) |
51 |
{ |
52 |
qemu_acl *acl; |
53 |
|
54 |
acl = qemu_acl_find(aclname); |
55 |
if (acl)
|
56 |
return acl;
|
57 |
|
58 |
acl = qemu_malloc(sizeof(*acl));
|
59 |
acl->aclname = qemu_strdup(aclname); |
60 |
/* Deny by default, so there is no window of "open
|
61 |
* access" between QEMU starting, and the user setting
|
62 |
* up ACLs in the monitor */
|
63 |
acl->defaultDeny = 1;
|
64 |
|
65 |
acl->nentries = 0;
|
66 |
QTAILQ_INIT(&acl->entries); |
67 |
|
68 |
acls = qemu_realloc(acls, sizeof(*acls) * (nacls +1)); |
69 |
acls[nacls] = acl; |
70 |
nacls++; |
71 |
|
72 |
return acl;
|
73 |
} |
74 |
|
75 |
int qemu_acl_party_is_allowed(qemu_acl *acl,
|
76 |
const char *party) |
77 |
{ |
78 |
qemu_acl_entry *entry; |
79 |
|
80 |
QTAILQ_FOREACH(entry, &acl->entries, next) { |
81 |
#ifdef CONFIG_FNMATCH
|
82 |
if (fnmatch(entry->match, party, 0) == 0) |
83 |
return entry->deny ? 0 : 1; |
84 |
#else
|
85 |
/* No fnmatch, so fallback to exact string matching
|
86 |
* instead of allowing wildcards */
|
87 |
if (strcmp(entry->match, party) == 0) |
88 |
return entry->deny ? 0 : 1; |
89 |
#endif
|
90 |
} |
91 |
|
92 |
return acl->defaultDeny ? 0 : 1; |
93 |
} |
94 |
|
95 |
|
96 |
void qemu_acl_reset(qemu_acl *acl)
|
97 |
{ |
98 |
qemu_acl_entry *entry; |
99 |
|
100 |
/* Put back to deny by default, so there is no window
|
101 |
* of "open access" while the user re-initializes the
|
102 |
* access control list */
|
103 |
acl->defaultDeny = 1;
|
104 |
QTAILQ_FOREACH(entry, &acl->entries, next) { |
105 |
QTAILQ_REMOVE(&acl->entries, entry, next); |
106 |
free(entry->match); |
107 |
free(entry); |
108 |
} |
109 |
acl->nentries = 0;
|
110 |
} |
111 |
|
112 |
|
113 |
int qemu_acl_append(qemu_acl *acl,
|
114 |
int deny,
|
115 |
const char *match) |
116 |
{ |
117 |
qemu_acl_entry *entry; |
118 |
|
119 |
entry = qemu_malloc(sizeof(*entry));
|
120 |
entry->match = qemu_strdup(match); |
121 |
entry->deny = deny; |
122 |
|
123 |
QTAILQ_INSERT_TAIL(&acl->entries, entry, next); |
124 |
acl->nentries++; |
125 |
|
126 |
return acl->nentries;
|
127 |
} |
128 |
|
129 |
|
130 |
int qemu_acl_insert(qemu_acl *acl,
|
131 |
int deny,
|
132 |
const char *match, |
133 |
int index)
|
134 |
{ |
135 |
qemu_acl_entry *entry; |
136 |
qemu_acl_entry *tmp; |
137 |
int i = 0; |
138 |
|
139 |
if (index <= 0) |
140 |
return -1; |
141 |
if (index >= acl->nentries)
|
142 |
return qemu_acl_append(acl, deny, match);
|
143 |
|
144 |
|
145 |
entry = qemu_malloc(sizeof(*entry));
|
146 |
entry->match = qemu_strdup(match); |
147 |
entry->deny = deny; |
148 |
|
149 |
QTAILQ_FOREACH(tmp, &acl->entries, next) { |
150 |
i++; |
151 |
if (i == index) {
|
152 |
QTAILQ_INSERT_BEFORE(tmp, entry, next); |
153 |
acl->nentries++; |
154 |
break;
|
155 |
} |
156 |
} |
157 |
|
158 |
return i;
|
159 |
} |
160 |
|
161 |
int qemu_acl_remove(qemu_acl *acl,
|
162 |
const char *match) |
163 |
{ |
164 |
qemu_acl_entry *entry; |
165 |
int i = 0; |
166 |
|
167 |
QTAILQ_FOREACH(entry, &acl->entries, next) { |
168 |
i++; |
169 |
if (strcmp(entry->match, match) == 0) { |
170 |
QTAILQ_REMOVE(&acl->entries, entry, next); |
171 |
return i;
|
172 |
} |
173 |
} |
174 |
return -1; |
175 |
} |
176 |
|
177 |
|
178 |
/*
|
179 |
* Local variables:
|
180 |
* c-indent-level: 4
|
181 |
* c-basic-offset: 4
|
182 |
* tab-width: 8
|
183 |
* End:
|
184 |
*/
|