File:  [Qemu by Fabrice Bellard] / qemu / acl.c
Revision 1.1.1.2 (vendor branch): download - view: text, annotated - select for diffs
Tue Apr 24 17:34:08 2018 UTC (2 years, 1 month ago) by root
Branches: qemu, MAIN
CVS tags: qemu0150, qemu0141, qemu0140, qemu0130, qemu0125, qemu0124, qemu0123, qemu0122, qemu0121, qemu0120, HEAD
qemu 0.12.0

    1: /*
    2:  * QEMU access control list management
    3:  *
    4:  * Copyright (C) 2009 Red Hat, Inc
    5:  *
    6:  * Permission is hereby granted, free of charge, to any person obtaining a copy
    7:  * of this software and associated documentation files (the "Software"), to deal
    8:  * in the Software without restriction, including without limitation the rights
    9:  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
   10:  * copies of the Software, and to permit persons to whom the Software is
   11:  * furnished to do so, subject to the following conditions:
   12:  *
   13:  * The above copyright notice and this permission notice shall be included in
   14:  * all copies or substantial portions of the Software.
   15:  *
   16:  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
   17:  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   18:  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
   19:  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
   20:  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
   21:  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
   22:  * THE SOFTWARE.
   23:  */
   24: 
   25: 
   26: #include "qemu-common.h"
   27: #include "sysemu.h"
   28: #include "acl.h"
   29: 
   30: #ifdef CONFIG_FNMATCH
   31: #include <fnmatch.h>
   32: #endif
   33: 
   34: 
   35: static unsigned int nacls = 0;
   36: static qemu_acl **acls = NULL;
   37: 
   38: 
   39: 
   40: qemu_acl *qemu_acl_find(const char *aclname)
   41: {
   42:     int i;
   43:     for (i = 0 ; i < nacls ; i++) {
   44:         if (strcmp(acls[i]->aclname, aclname) == 0)
   45:             return acls[i];
   46:     }
   47: 
   48:     return NULL;
   49: }
   50: 
   51: qemu_acl *qemu_acl_init(const char *aclname)
   52: {
   53:     qemu_acl *acl;
   54: 
   55:     acl = qemu_acl_find(aclname);
   56:     if (acl)
   57:         return acl;
   58: 
   59:     acl = qemu_malloc(sizeof(*acl));
   60:     acl->aclname = qemu_strdup(aclname);
   61:     /* Deny by default, so there is no window of "open
   62:      * access" between QEMU starting, and the user setting
   63:      * up ACLs in the monitor */
   64:     acl->defaultDeny = 1;
   65: 
   66:     acl->nentries = 0;
   67:     QTAILQ_INIT(&acl->entries);
   68: 
   69:     acls = qemu_realloc(acls, sizeof(*acls) * (nacls +1));
   70:     acls[nacls] = acl;
   71:     nacls++;
   72: 
   73:     return acl;
   74: }
   75: 
   76: int qemu_acl_party_is_allowed(qemu_acl *acl,
   77:                               const char *party)
   78: {
   79:     qemu_acl_entry *entry;
   80: 
   81:     QTAILQ_FOREACH(entry, &acl->entries, next) {
   82: #ifdef CONFIG_FNMATCH
   83:         if (fnmatch(entry->match, party, 0) == 0)
   84:             return entry->deny ? 0 : 1;
   85: #else
   86:         /* No fnmatch, so fallback to exact string matching
   87:          * instead of allowing wildcards */
   88:         if (strcmp(entry->match, party) == 0)
   89:             return entry->deny ? 0 : 1;
   90: #endif
   91:     }
   92: 
   93:     return acl->defaultDeny ? 0 : 1;
   94: }
   95: 
   96: 
   97: void qemu_acl_reset(qemu_acl *acl)
   98: {
   99:     qemu_acl_entry *entry;
  100: 
  101:     /* Put back to deny by default, so there is no window
  102:      * of "open access" while the user re-initializes the
  103:      * access control list */
  104:     acl->defaultDeny = 1;
  105:     QTAILQ_FOREACH(entry, &acl->entries, next) {
  106:         QTAILQ_REMOVE(&acl->entries, entry, next);
  107:         free(entry->match);
  108:         free(entry);
  109:     }
  110:     acl->nentries = 0;
  111: }
  112: 
  113: 
  114: int qemu_acl_append(qemu_acl *acl,
  115:                     int deny,
  116:                     const char *match)
  117: {
  118:     qemu_acl_entry *entry;
  119: 
  120:     entry = qemu_malloc(sizeof(*entry));
  121:     entry->match = qemu_strdup(match);
  122:     entry->deny = deny;
  123: 
  124:     QTAILQ_INSERT_TAIL(&acl->entries, entry, next);
  125:     acl->nentries++;
  126: 
  127:     return acl->nentries;
  128: }
  129: 
  130: 
  131: int qemu_acl_insert(qemu_acl *acl,
  132:                     int deny,
  133:                     const char *match,
  134:                     int index)
  135: {
  136:     qemu_acl_entry *entry;
  137:     qemu_acl_entry *tmp;
  138:     int i = 0;
  139: 
  140:     if (index <= 0)
  141:         return -1;
  142:     if (index >= acl->nentries)
  143:         return qemu_acl_append(acl, deny, match);
  144: 
  145: 
  146:     entry = qemu_malloc(sizeof(*entry));
  147:     entry->match = qemu_strdup(match);
  148:     entry->deny = deny;
  149: 
  150:     QTAILQ_FOREACH(tmp, &acl->entries, next) {
  151:         i++;
  152:         if (i == index) {
  153:             QTAILQ_INSERT_BEFORE(tmp, entry, next);
  154:             acl->nentries++;
  155:             break;
  156:         }
  157:     }
  158: 
  159:     return i;
  160: }
  161: 
  162: int qemu_acl_remove(qemu_acl *acl,
  163:                     const char *match)
  164: {
  165:     qemu_acl_entry *entry;
  166:     int i = 0;
  167: 
  168:     QTAILQ_FOREACH(entry, &acl->entries, next) {
  169:         i++;
  170:         if (strcmp(entry->match, match) == 0) {
  171:             QTAILQ_REMOVE(&acl->entries, entry, next);
  172:             return i;
  173:         }
  174:     }
  175:     return -1;
  176: }
  177: 
  178: 
  179: /*
  180:  * Local variables:
  181:  *  c-indent-level: 4
  182:  *  c-basic-offset: 4
  183:  *  tab-width: 8
  184:  * End:
  185:  */

unix.superglobalmegacorp.com