Google Git
Sign in
qemu / qemu / 8a36283e120ab3633557d6732fa700366e0137c7 / . / util / acl.c
blob: c105addadcbad8b6c9a6aab66e45273a8777e18d [file] [log] [blame]
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]1/*
2 * QEMU access control list management
3 *
4 * Copyright (C) 2009 Red Hat, Inc
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25
Peter Maydellaafd7582016-01-29 17:49:55 +0000[diff] [blame]26#include "qemu/osdep.h"
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]27#include "qemu-common.h"
Paolo Bonzini1de7afc2012-12-17 18:20:00 +0100[diff] [blame]28#include "qemu/acl.h"
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]29
Juan Quintela56ffaf22009-07-27 16:13:00 +0200[diff] [blame]30#ifdef CONFIG_FNMATCH
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]31#include <fnmatch.h>
32#endif
33
34
35static unsigned int nacls = 0;
36static qemu_acl **acls = NULL;
37
38
39
40qemu_acl *qemu_acl_find(const char *aclname)
41{
42 int i;
43 for (i = 0 ; i < nacls ; i++) {
aliguori28a76be2009-03-06 20:27:40 +0000[diff] [blame]44 if (strcmp(acls[i]->aclname, aclname) == 0)
45 return acls[i];
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]46 }
47
48 return NULL;
49}
50
51qemu_acl *qemu_acl_init(const char *aclname)
52{
53 qemu_acl *acl;
54
55 acl = qemu_acl_find(aclname);
56 if (acl)
aliguori28a76be2009-03-06 20:27:40 +0000[diff] [blame]57 return acl;
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]58
Anthony Liguori7267c092011-08-20 22:09:37 -0500[diff] [blame]59 acl = g_malloc(sizeof(*acl));
60 acl->aclname = g_strdup(aclname);
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]61 /* Deny by default, so there is no window of "open
62 * access" between QEMU starting, and the user setting
63 * up ACLs in the monitor */
64 acl->defaultDeny = 1;
65
66 acl->nentries = 0;
Blue Swirl72cf2d42009-09-12 07:36:22 +0000[diff] [blame]67 QTAILQ_INIT(&acl->entries);
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]68
Anthony Liguori7267c092011-08-20 22:09:37 -0500[diff] [blame]69 acls = g_realloc(acls, sizeof(*acls) * (nacls +1));
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]70 acls[nacls] = acl;
71 nacls++;
72
73 return acl;
74}
75
76int qemu_acl_party_is_allowed(qemu_acl *acl,
aliguori28a76be2009-03-06 20:27:40 +0000[diff] [blame]77 const char *party)
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]78{
79 qemu_acl_entry *entry;
80
Blue Swirl72cf2d42009-09-12 07:36:22 +0000[diff] [blame]81 QTAILQ_FOREACH(entry, &acl->entries, next) {
Juan Quintela56ffaf22009-07-27 16:13:00 +0200[diff] [blame]82#ifdef CONFIG_FNMATCH
aliguori28a76be2009-03-06 20:27:40 +0000[diff] [blame]83 if (fnmatch(entry->match, party, 0) == 0)
84 return entry->deny ? 0 : 1;
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]85#else
aliguori28a76be2009-03-06 20:27:40 +0000[diff] [blame]86 /* No fnmatch, so fallback to exact string matching
87 * instead of allowing wildcards */
88 if (strcmp(entry->match, party) == 0)
89 return entry->deny ? 0 : 1;
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]90#endif
91 }
92
93 return acl->defaultDeny ? 0 : 1;
94}
95
96
97void qemu_acl_reset(qemu_acl *acl)
98{
Markus Armbruster0ce6a432011-10-28 17:07:02 +0200[diff] [blame]99 qemu_acl_entry *entry, *next_entry;
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]100
101 /* Put back to deny by default, so there is no window
102 * of "open access" while the user re-initializes the
103 * access control list */
104 acl->defaultDeny = 1;
Markus Armbruster0ce6a432011-10-28 17:07:02 +0200[diff] [blame]105 QTAILQ_FOREACH_SAFE(entry, &acl->entries, next, next_entry) {
Blue Swirl72cf2d42009-09-12 07:36:22 +0000[diff] [blame]106 QTAILQ_REMOVE(&acl->entries, entry, next);
Markus Armbruster038794c2013-01-15 15:24:16 +0100[diff] [blame]107 g_free(entry->match);
108 g_free(entry);
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]109 }
110 acl->nentries = 0;
111}
112
113
114int qemu_acl_append(qemu_acl *acl,
aliguori28a76be2009-03-06 20:27:40 +0000[diff] [blame]115 int deny,
116 const char *match)
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]117{
118 qemu_acl_entry *entry;
119
Anthony Liguori7267c092011-08-20 22:09:37 -0500[diff] [blame]120 entry = g_malloc(sizeof(*entry));
121 entry->match = g_strdup(match);
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]122 entry->deny = deny;
123
Blue Swirl72cf2d42009-09-12 07:36:22 +0000[diff] [blame]124 QTAILQ_INSERT_TAIL(&acl->entries, entry, next);
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]125 acl->nentries++;
126
127 return acl->nentries;
128}
129
130
131int qemu_acl_insert(qemu_acl *acl,
aliguori28a76be2009-03-06 20:27:40 +0000[diff] [blame]132 int deny,
133 const char *match,
134 int index)
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]135{
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]136 qemu_acl_entry *tmp;
137 int i = 0;
138
139 if (index <= 0)
aliguori28a76be2009-03-06 20:27:40 +0000[diff] [blame]140 return -1;
Markus Armbruster4999f3a2013-06-18 10:05:23 +0200[diff] [blame]141 if (index > acl->nentries) {
aliguori28a76be2009-03-06 20:27:40 +0000[diff] [blame]142 return qemu_acl_append(acl, deny, match);
Markus Armbruster4999f3a2013-06-18 10:05:23 +0200[diff] [blame]143 }
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]144
Blue Swirl72cf2d42009-09-12 07:36:22 +0000[diff] [blame]145 QTAILQ_FOREACH(tmp, &acl->entries, next) {
aliguori28a76be2009-03-06 20:27:40 +0000[diff] [blame]146 i++;
147 if (i == index) {
Gonglei6cfcd862014-11-15 18:06:45 +0800[diff] [blame]148 qemu_acl_entry *entry;
149 entry = g_malloc(sizeof(*entry));
150 entry->match = g_strdup(match);
151 entry->deny = deny;
152
Blue Swirl72cf2d42009-09-12 07:36:22 +0000[diff] [blame]153 QTAILQ_INSERT_BEFORE(tmp, entry, next);
aliguori28a76be2009-03-06 20:27:40 +0000[diff] [blame]154 acl->nentries++;
155 break;
156 }
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]157 }
158
159 return i;
160}
161
162int qemu_acl_remove(qemu_acl *acl,
aliguori28a76be2009-03-06 20:27:40 +0000[diff] [blame]163 const char *match)
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]164{
165 qemu_acl_entry *entry;
166 int i = 0;
167
Blue Swirl72cf2d42009-09-12 07:36:22 +0000[diff] [blame]168 QTAILQ_FOREACH(entry, &acl->entries, next) {
aliguori28a76be2009-03-06 20:27:40 +0000[diff] [blame]169 i++;
170 if (strcmp(entry->match, match) == 0) {
Blue Swirl72cf2d42009-09-12 07:36:22 +0000[diff] [blame]171 QTAILQ_REMOVE(&acl->entries, entry, next);
Markus Armbrusterc23c15d2013-01-15 15:24:15 +0100[diff] [blame]172 acl->nentries--;
173 g_free(entry->match);
174 g_free(entry);
aliguori28a76be2009-03-06 20:27:40 +0000[diff] [blame]175 return i;
176 }
aliguori76655d62009-03-06 20:27:37 +0000[diff] [blame]177 }
178 return -1;
179}