acl.c 4.51 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
/*
 * QEMU access control list management
 *
 * Copyright (C) 2009 Red Hat, Inc
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */


#include "qemu-common.h"
27
#include "qemu/acl.h"
28

29
#ifdef CONFIG_FNMATCH
30 31 32 33 34 35 36 37 38 39 40 41 42
#include <fnmatch.h>
#endif


static unsigned int nacls = 0;
static qemu_acl **acls = NULL;



qemu_acl *qemu_acl_find(const char *aclname)
{
    int i;
    for (i = 0 ; i < nacls ; i++) {
43 44
        if (strcmp(acls[i]->aclname, aclname) == 0)
            return acls[i];
45 46 47 48 49 50 51 52 53 54 55
    }

    return NULL;
}

qemu_acl *qemu_acl_init(const char *aclname)
{
    qemu_acl *acl;

    acl = qemu_acl_find(aclname);
    if (acl)
56
        return acl;
57

58 59
    acl = g_malloc(sizeof(*acl));
    acl->aclname = g_strdup(aclname);
60 61 62 63 64 65
    /* Deny by default, so there is no window of "open
     * access" between QEMU starting, and the user setting
     * up ACLs in the monitor */
    acl->defaultDeny = 1;

    acl->nentries = 0;
66
    QTAILQ_INIT(&acl->entries);
67

68
    acls = g_realloc(acls, sizeof(*acls) * (nacls +1));
69 70 71 72 73 74 75
    acls[nacls] = acl;
    nacls++;

    return acl;
}

int qemu_acl_party_is_allowed(qemu_acl *acl,
76
                              const char *party)
77 78 79
{
    qemu_acl_entry *entry;

80
    QTAILQ_FOREACH(entry, &acl->entries, next) {
81
#ifdef CONFIG_FNMATCH
82 83
        if (fnmatch(entry->match, party, 0) == 0)
            return entry->deny ? 0 : 1;
84
#else
85 86 87 88
        /* No fnmatch, so fallback to exact string matching
         * instead of allowing wildcards */
        if (strcmp(entry->match, party) == 0)
            return entry->deny ? 0 : 1;
89 90 91 92 93 94 95 96 97
#endif
    }

    return acl->defaultDeny ? 0 : 1;
}


void qemu_acl_reset(qemu_acl *acl)
{
98
    qemu_acl_entry *entry, *next_entry;
99 100 101 102 103

    /* Put back to deny by default, so there is no window
     * of "open access" while the user re-initializes the
     * access control list */
    acl->defaultDeny = 1;
104
    QTAILQ_FOREACH_SAFE(entry, &acl->entries, next, next_entry) {
105
        QTAILQ_REMOVE(&acl->entries, entry, next);
106 107
        g_free(entry->match);
        g_free(entry);
108 109 110 111 112 113
    }
    acl->nentries = 0;
}


int qemu_acl_append(qemu_acl *acl,
114 115
                    int deny,
                    const char *match)
116 117 118
{
    qemu_acl_entry *entry;

119 120
    entry = g_malloc(sizeof(*entry));
    entry->match = g_strdup(match);
121 122
    entry->deny = deny;

123
    QTAILQ_INSERT_TAIL(&acl->entries, entry, next);
124 125 126 127 128 129 130
    acl->nentries++;

    return acl->nentries;
}


int qemu_acl_insert(qemu_acl *acl,
131 132 133
                    int deny,
                    const char *match,
                    int index)
134 135 136 137 138
{
    qemu_acl_entry *tmp;
    int i = 0;

    if (index <= 0)
139
        return -1;
140
    if (index > acl->nentries) {
141
        return qemu_acl_append(acl, deny, match);
142
    }
143

144
    QTAILQ_FOREACH(tmp, &acl->entries, next) {
145 146
        i++;
        if (i == index) {
Gonglei's avatar
Gonglei committed
147 148 149 150 151
            qemu_acl_entry *entry;
            entry = g_malloc(sizeof(*entry));
            entry->match = g_strdup(match);
            entry->deny = deny;

152
            QTAILQ_INSERT_BEFORE(tmp, entry, next);
153 154 155
            acl->nentries++;
            break;
        }
156 157 158 159 160 161
    }

    return i;
}

int qemu_acl_remove(qemu_acl *acl,
162
                    const char *match)
163 164 165 166
{
    qemu_acl_entry *entry;
    int i = 0;

167
    QTAILQ_FOREACH(entry, &acl->entries, next) {
168 169
        i++;
        if (strcmp(entry->match, match) == 0) {
170
            QTAILQ_REMOVE(&acl->entries, entry, next);
171 172 173
            acl->nentries--;
            g_free(entry->match);
            g_free(entry);
174 175
            return i;
        }
176 177 178 179 180 181 182 183 184 185 186 187
    }
    return -1;
}


/*
 * Local variables:
 *  c-indent-level: 4
 *  c-basic-offset: 4
 *  tab-width: 8
 * End:
 */