Annotation of qemu/acl.c, revision 1.1

1.1     ! root        1: /*
        !             2:  * QEMU access control list management
        !             3:  *
        !             4:  * Copyright (C) 2009 Red Hat, Inc
        !             5:  *
        !             6:  * Permission is hereby granted, free of charge, to any person obtaining a copy
        !             7:  * of this software and associated documentation files (the "Software"), to deal
        !             8:  * in the Software without restriction, including without limitation the rights
        !             9:  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        !            10:  * copies of the Software, and to permit persons to whom the Software is
        !            11:  * furnished to do so, subject to the following conditions:
        !            12:  *
        !            13:  * The above copyright notice and this permission notice shall be included in
        !            14:  * all copies or substantial portions of the Software.
        !            15:  *
        !            16:  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        !            17:  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        !            18:  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
        !            19:  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        !            20:  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        !            21:  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
        !            22:  * THE SOFTWARE.
        !            23:  */
        !            24: 
        !            25: 
        !            26: #include "qemu-common.h"
        !            27: #include "sysemu.h"
        !            28: #include "acl.h"
        !            29: 
        !            30: #ifdef HAVE_FNMATCH_H
        !            31: #include <fnmatch.h>
        !            32: #endif
        !            33: 
        !            34: 
        !            35: static unsigned int nacls = 0;
        !            36: static qemu_acl **acls = NULL;
        !            37: 
        !            38: 
        !            39: 
        !            40: qemu_acl *qemu_acl_find(const char *aclname)
        !            41: {
        !            42:     int i;
        !            43:     for (i = 0 ; i < nacls ; i++) {
        !            44:         if (strcmp(acls[i]->aclname, aclname) == 0)
        !            45:             return acls[i];
        !            46:     }
        !            47: 
        !            48:     return NULL;
        !            49: }
        !            50: 
        !            51: qemu_acl *qemu_acl_init(const char *aclname)
        !            52: {
        !            53:     qemu_acl *acl;
        !            54: 
        !            55:     acl = qemu_acl_find(aclname);
        !            56:     if (acl)
        !            57:         return acl;
        !            58: 
        !            59:     acl = qemu_malloc(sizeof(*acl));
        !            60:     acl->aclname = qemu_strdup(aclname);
        !            61:     /* Deny by default, so there is no window of "open
        !            62:      * access" between QEMU starting, and the user setting
        !            63:      * up ACLs in the monitor */
        !            64:     acl->defaultDeny = 1;
        !            65: 
        !            66:     acl->nentries = 0;
        !            67:     TAILQ_INIT(&acl->entries);
        !            68: 
        !            69:     acls = qemu_realloc(acls, sizeof(*acls) * (nacls +1));
        !            70:     acls[nacls] = acl;
        !            71:     nacls++;
        !            72: 
        !            73:     return acl;
        !            74: }
        !            75: 
        !            76: int qemu_acl_party_is_allowed(qemu_acl *acl,
        !            77:                               const char *party)
        !            78: {
        !            79:     qemu_acl_entry *entry;
        !            80: 
        !            81:     TAILQ_FOREACH(entry, &acl->entries, next) {
        !            82: #ifdef HAVE_FNMATCH_H
        !            83:         if (fnmatch(entry->match, party, 0) == 0)
        !            84:             return entry->deny ? 0 : 1;
        !            85: #else
        !            86:         /* No fnmatch, so fallback to exact string matching
        !            87:          * instead of allowing wildcards */
        !            88:         if (strcmp(entry->match, party) == 0)
        !            89:             return entry->deny ? 0 : 1;
        !            90: #endif
        !            91:     }
        !            92: 
        !            93:     return acl->defaultDeny ? 0 : 1;
        !            94: }
        !            95: 
        !            96: 
        !            97: void qemu_acl_reset(qemu_acl *acl)
        !            98: {
        !            99:     qemu_acl_entry *entry;
        !           100: 
        !           101:     /* Put back to deny by default, so there is no window
        !           102:      * of "open access" while the user re-initializes the
        !           103:      * access control list */
        !           104:     acl->defaultDeny = 1;
        !           105:     TAILQ_FOREACH(entry, &acl->entries, next) {
        !           106:         TAILQ_REMOVE(&acl->entries, entry, next);
        !           107:         free(entry->match);
        !           108:         free(entry);
        !           109:     }
        !           110:     acl->nentries = 0;
        !           111: }
        !           112: 
        !           113: 
        !           114: int qemu_acl_append(qemu_acl *acl,
        !           115:                     int deny,
        !           116:                     const char *match)
        !           117: {
        !           118:     qemu_acl_entry *entry;
        !           119: 
        !           120:     entry = qemu_malloc(sizeof(*entry));
        !           121:     entry->match = qemu_strdup(match);
        !           122:     entry->deny = deny;
        !           123: 
        !           124:     TAILQ_INSERT_TAIL(&acl->entries, entry, next);
        !           125:     acl->nentries++;
        !           126: 
        !           127:     return acl->nentries;
        !           128: }
        !           129: 
        !           130: 
        !           131: int qemu_acl_insert(qemu_acl *acl,
        !           132:                     int deny,
        !           133:                     const char *match,
        !           134:                     int index)
        !           135: {
        !           136:     qemu_acl_entry *entry;
        !           137:     qemu_acl_entry *tmp;
        !           138:     int i = 0;
        !           139: 
        !           140:     if (index <= 0)
        !           141:         return -1;
        !           142:     if (index >= acl->nentries)
        !           143:         return qemu_acl_append(acl, deny, match);
        !           144: 
        !           145: 
        !           146:     entry = qemu_malloc(sizeof(*entry));
        !           147:     entry->match = qemu_strdup(match);
        !           148:     entry->deny = deny;
        !           149: 
        !           150:     TAILQ_FOREACH(tmp, &acl->entries, next) {
        !           151:         i++;
        !           152:         if (i == index) {
        !           153:             TAILQ_INSERT_BEFORE(tmp, entry, next);
        !           154:             acl->nentries++;
        !           155:             break;
        !           156:         }
        !           157:     }
        !           158: 
        !           159:     return i;
        !           160: }
        !           161: 
        !           162: int qemu_acl_remove(qemu_acl *acl,
        !           163:                     const char *match)
        !           164: {
        !           165:     qemu_acl_entry *entry;
        !           166:     int i = 0;
        !           167: 
        !           168:     TAILQ_FOREACH(entry, &acl->entries, next) {
        !           169:         i++;
        !           170:         if (strcmp(entry->match, match) == 0) {
        !           171:             TAILQ_REMOVE(&acl->entries, entry, next);
        !           172:             return i;
        !           173:         }
        !           174:     }
        !           175:     return -1;
        !           176: }
        !           177: 
        !           178: 
        !           179: /*
        !           180:  * Local variables:
        !           181:  *  c-indent-level: 4
        !           182:  *  c-basic-offset: 4
        !           183:  *  tab-width: 8
        !           184:  * End:
        !           185:  */

unix.superglobalmegacorp.com