LXR qemu/util/acl.c

   1/*
   2 * QEMU access control list management
   3 *
   4 * Copyright (C) 2009 Red Hat, Inc
   5 *
   6 * Permission is hereby granted, free of charge, to any person obtaining a copy
   7 * of this software and associated documentation files (the "Software"), to deal
   8 * in the Software without restriction, including without limitation the rights
   9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  10 * copies of the Software, and to permit persons to whom the Software is
  11 * furnished to do so, subject to the following conditions:
  12 *
  13 * The above copyright notice and this permission notice shall be included in
  14 * all copies or substantial portions of the Software.
  15 *
  16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
  19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  22 * THE SOFTWARE.
  23 */
  24
  25
  26#include "qemu/osdep.h"
  27#include "qemu-common.h"
  28#include "qemu/acl.h"
  29
  30#ifdef CONFIG_FNMATCH
  31#include <fnmatch.h>
  32#endif
  33
  34
  35static unsigned int nacls = 0;
  36static qemu_acl **acls = NULL;
  37
  38
  39
  40qemu_acl *qemu_acl_find(const char *aclname)
  41{
  42    int i;
  43    for (i = 0 ; i < nacls ; i++) {
  44        if (strcmp(acls[i]->aclname, aclname) == 0)
  45            return acls[i];
  46    }
  47
  48    return NULL;
  49}
  50
  51qemu_acl *qemu_acl_init(const char *aclname)
  52{
  53    qemu_acl *acl;
  54
  55    acl = qemu_acl_find(aclname);
  56    if (acl)
  57        return acl;
  58
  59    acl = g_malloc(sizeof(*acl));
  60    acl->aclname = g_strdup(aclname);
  61    /* Deny by default, so there is no window of "open
  62     * access" between QEMU starting, and the user setting
  63     * up ACLs in the monitor */
  64    acl->defaultDeny = 1;
  65
  66    acl->nentries = 0;
  67    QTAILQ_INIT(&acl->entries);
  68
  69    acls = g_realloc(acls, sizeof(*acls) * (nacls +1));
  70    acls[nacls] = acl;
  71    nacls++;
  72
  73    return acl;
  74}
  75
  76int qemu_acl_party_is_allowed(qemu_acl *acl,
  77                              const char *party)
  78{
  79    qemu_acl_entry *entry;
  80
  81    QTAILQ_FOREACH(entry, &acl->entries, next) {
  82#ifdef CONFIG_FNMATCH
  83        if (fnmatch(entry->match, party, 0) == 0)
  84            return entry->deny ? 0 : 1;
  85#else
  86        /* No fnmatch, so fallback to exact string matching
  87         * instead of allowing wildcards */
  88        if (strcmp(entry->match, party) == 0)
  89            return entry->deny ? 0 : 1;
  90#endif
  91    }
  92
  93    return acl->defaultDeny ? 0 : 1;
  94}
  95
  96
  97void qemu_acl_reset(qemu_acl *acl)
  98{
  99    qemu_acl_entry *entry, *next_entry;
 100
 101    /* Put back to deny by default, so there is no window
 102     * of "open access" while the user re-initializes the
 103     * access control list */
 104    acl->defaultDeny = 1;
 105    QTAILQ_FOREACH_SAFE(entry, &acl->entries, next, next_entry) {
 106        QTAILQ_REMOVE(&acl->entries, entry, next);
 107        g_free(entry->match);
 108        g_free(entry);
 109    }
 110    acl->nentries = 0;
 111}
 112
 113
 114int qemu_acl_append(qemu_acl *acl,
 115                    int deny,
 116                    const char *match)
 117{
 118    qemu_acl_entry *entry;
 119
 120    entry = g_malloc(sizeof(*entry));
 121    entry->match = g_strdup(match);
 122    entry->deny = deny;
 123
 124    QTAILQ_INSERT_TAIL(&acl->entries, entry, next);
 125    acl->nentries++;
 126
 127    return acl->nentries;
 128}
 129
 130
 131int qemu_acl_insert(qemu_acl *acl,
 132                    int deny,
 133                    const char *match,
 134                    int index)
 135{
 136    qemu_acl_entry *tmp;
 137    int i = 0;
 138
 139    if (index <= 0)
 140        return -1;
 141    if (index > acl->nentries) {
 142        return qemu_acl_append(acl, deny, match);
 143    }
 144
 145    QTAILQ_FOREACH(tmp, &acl->entries, next) {
 146        i++;
 147        if (i == index) {
 148            qemu_acl_entry *entry;
 149            entry = g_malloc(sizeof(*entry));
 150            entry->match = g_strdup(match);
 151            entry->deny = deny;
 152
 153            QTAILQ_INSERT_BEFORE(tmp, entry, next);
 154            acl->nentries++;
 155            break;
 156        }
 157    }
 158
 159    return i;
 160}
 161
 162int qemu_acl_remove(qemu_acl *acl,
 163                    const char *match)
 164{
 165    qemu_acl_entry *entry;
 166    int i = 0;
 167
 168    QTAILQ_FOREACH(entry, &acl->entries, next) {
 169        i++;
 170        if (strcmp(entry->match, match) == 0) {
 171            QTAILQ_REMOVE(&acl->entries, entry, next);
 172            acl->nentries--;
 173            g_free(entry->match);
 174            g_free(entry);
 175            return i;
 176        }
 177    }
 178    return -1;
 179}
 180