Annotation of qemu/acl.c, revision 1.1.1.4

1.1       root        1: /*
                      2:  * QEMU access control list management
                      3:  *
                      4:  * Copyright (C) 2009 Red Hat, Inc
                      5:  *
                      6:  * Permission is hereby granted, free of charge, to any person obtaining a copy
                      7:  * of this software and associated documentation files (the "Software"), to deal
                      8:  * in the Software without restriction, including without limitation the rights
                      9:  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
                     10:  * copies of the Software, and to permit persons to whom the Software is
                     11:  * furnished to do so, subject to the following conditions:
                     12:  *
                     13:  * The above copyright notice and this permission notice shall be included in
                     14:  * all copies or substantial portions of the Software.
                     15:  *
                     16:  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
                     17:  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
                     18:  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
                     19:  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
                     20:  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                     21:  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
                     22:  * THE SOFTWARE.
                     23:  */
                     24: 
                     25: 
                     26: #include "qemu-common.h"
                     27: #include "acl.h"
                     28: 
1.1.1.2   root       29: #ifdef CONFIG_FNMATCH
1.1       root       30: #include <fnmatch.h>
                     31: #endif
                     32: 
                     33: 
                     34: static unsigned int nacls = 0;
                     35: static qemu_acl **acls = NULL;
                     36: 
                     37: 
                     38: 
                     39: qemu_acl *qemu_acl_find(const char *aclname)
                     40: {
                     41:     int i;
                     42:     for (i = 0 ; i < nacls ; i++) {
                     43:         if (strcmp(acls[i]->aclname, aclname) == 0)
                     44:             return acls[i];
                     45:     }
                     46: 
                     47:     return NULL;
                     48: }
                     49: 
                     50: qemu_acl *qemu_acl_init(const char *aclname)
                     51: {
                     52:     qemu_acl *acl;
                     53: 
                     54:     acl = qemu_acl_find(aclname);
                     55:     if (acl)
                     56:         return acl;
                     57: 
1.1.1.4 ! root       58:     acl = g_malloc(sizeof(*acl));
        !            59:     acl->aclname = g_strdup(aclname);
1.1       root       60:     /* Deny by default, so there is no window of "open
                     61:      * access" between QEMU starting, and the user setting
                     62:      * up ACLs in the monitor */
                     63:     acl->defaultDeny = 1;
                     64: 
                     65:     acl->nentries = 0;
1.1.1.2   root       66:     QTAILQ_INIT(&acl->entries);
1.1       root       67: 
1.1.1.4 ! root       68:     acls = g_realloc(acls, sizeof(*acls) * (nacls +1));
1.1       root       69:     acls[nacls] = acl;
                     70:     nacls++;
                     71: 
                     72:     return acl;
                     73: }
                     74: 
                     75: int qemu_acl_party_is_allowed(qemu_acl *acl,
                     76:                               const char *party)
                     77: {
                     78:     qemu_acl_entry *entry;
                     79: 
1.1.1.2   root       80:     QTAILQ_FOREACH(entry, &acl->entries, next) {
                     81: #ifdef CONFIG_FNMATCH
1.1       root       82:         if (fnmatch(entry->match, party, 0) == 0)
                     83:             return entry->deny ? 0 : 1;
                     84: #else
                     85:         /* No fnmatch, so fallback to exact string matching
                     86:          * instead of allowing wildcards */
                     87:         if (strcmp(entry->match, party) == 0)
                     88:             return entry->deny ? 0 : 1;
                     89: #endif
                     90:     }
                     91: 
                     92:     return acl->defaultDeny ? 0 : 1;
                     93: }
                     94: 
                     95: 
                     96: void qemu_acl_reset(qemu_acl *acl)
                     97: {
1.1.1.4 ! root       98:     qemu_acl_entry *entry, *next_entry;
1.1       root       99: 
                    100:     /* Put back to deny by default, so there is no window
                    101:      * of "open access" while the user re-initializes the
                    102:      * access control list */
                    103:     acl->defaultDeny = 1;
1.1.1.4 ! root      104:     QTAILQ_FOREACH_SAFE(entry, &acl->entries, next, next_entry) {
1.1.1.2   root      105:         QTAILQ_REMOVE(&acl->entries, entry, next);
1.1       root      106:         free(entry->match);
                    107:         free(entry);
                    108:     }
                    109:     acl->nentries = 0;
                    110: }
                    111: 
                    112: 
                    113: int qemu_acl_append(qemu_acl *acl,
                    114:                     int deny,
                    115:                     const char *match)
                    116: {
                    117:     qemu_acl_entry *entry;
                    118: 
1.1.1.4 ! root      119:     entry = g_malloc(sizeof(*entry));
        !           120:     entry->match = g_strdup(match);
1.1       root      121:     entry->deny = deny;
                    122: 
1.1.1.2   root      123:     QTAILQ_INSERT_TAIL(&acl->entries, entry, next);
1.1       root      124:     acl->nentries++;
                    125: 
                    126:     return acl->nentries;
                    127: }
                    128: 
                    129: 
                    130: int qemu_acl_insert(qemu_acl *acl,
                    131:                     int deny,
                    132:                     const char *match,
                    133:                     int index)
                    134: {
                    135:     qemu_acl_entry *entry;
                    136:     qemu_acl_entry *tmp;
                    137:     int i = 0;
                    138: 
                    139:     if (index <= 0)
                    140:         return -1;
                    141:     if (index >= acl->nentries)
                    142:         return qemu_acl_append(acl, deny, match);
                    143: 
                    144: 
1.1.1.4 ! root      145:     entry = g_malloc(sizeof(*entry));
        !           146:     entry->match = g_strdup(match);
1.1       root      147:     entry->deny = deny;
                    148: 
1.1.1.2   root      149:     QTAILQ_FOREACH(tmp, &acl->entries, next) {
1.1       root      150:         i++;
                    151:         if (i == index) {
1.1.1.2   root      152:             QTAILQ_INSERT_BEFORE(tmp, entry, next);
1.1       root      153:             acl->nentries++;
                    154:             break;
                    155:         }
                    156:     }
                    157: 
                    158:     return i;
                    159: }
                    160: 
                    161: int qemu_acl_remove(qemu_acl *acl,
                    162:                     const char *match)
                    163: {
                    164:     qemu_acl_entry *entry;
                    165:     int i = 0;
                    166: 
1.1.1.2   root      167:     QTAILQ_FOREACH(entry, &acl->entries, next) {
1.1       root      168:         i++;
                    169:         if (strcmp(entry->match, match) == 0) {
1.1.1.2   root      170:             QTAILQ_REMOVE(&acl->entries, entry, next);
1.1       root      171:             return i;
                    172:         }
                    173:     }
                    174:     return -1;
                    175: }
                    176: 
                    177: 
                    178: /*
                    179:  * Local variables:
                    180:  *  c-indent-level: 4
                    181:  *  c-basic-offset: 4
                    182:  *  tab-width: 8
                    183:  * End:
                    184:  */

unix.superglobalmegacorp.com