1 /*
2 * QEMU access control list management
3 *
4 * Copyright (C) 2009 Red Hat, Inc
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25
26 #include "qemu-common.h"
27 #include "sysemu.h"
28 #include "acl.h"
29
30 #ifdef HAVE_FNMATCH_H
31 #include <fnmatch.h>
32 #endif
33
34
35 static unsigned int nacls = 0;
36 static qemu_acl **acls = NULL;
37
38
39
qemu_acl_find(const char * aclname)40 qemu_acl *qemu_acl_find(const char *aclname)
41 {
42 int i;
43 for (i = 0 ; i < nacls ; i++) {
44 if (strcmp(acls[i]->aclname, aclname) == 0)
45 return acls[i];
46 }
47
48 return NULL;
49 }
50
qemu_acl_init(const char * aclname)51 qemu_acl *qemu_acl_init(const char *aclname)
52 {
53 qemu_acl *acl;
54
55 acl = qemu_acl_find(aclname);
56 if (acl)
57 return acl;
58
59 acl = qemu_malloc(sizeof(*acl));
60 acl->aclname = qemu_strdup(aclname);
61 /* Deny by default, so there is no window of "open
62 * access" between QEMU starting, and the user setting
63 * up ACLs in the monitor */
64 acl->defaultDeny = 1;
65
66 acl->nentries = 0;
67 TAILQ_INIT(&acl->entries);
68
69 acls = qemu_realloc(acls, sizeof(*acls) * (nacls +1));
70 acls[nacls] = acl;
71 nacls++;
72
73 return acl;
74 }
75
qemu_acl_party_is_allowed(qemu_acl * acl,const char * party)76 int qemu_acl_party_is_allowed(qemu_acl *acl,
77 const char *party)
78 {
79 qemu_acl_entry *entry;
80
81 TAILQ_FOREACH(entry, &acl->entries, next) {
82 #ifdef HAVE_FNMATCH_H
83 if (fnmatch(entry->match, party, 0) == 0)
84 return entry->deny ? 0 : 1;
85 #else
86 /* No fnmatch, so fallback to exact string matching
87 * instead of allowing wildcards */
88 if (strcmp(entry->match, party) == 0)
89 return entry->deny ? 0 : 1;
90 #endif
91 }
92
93 return acl->defaultDeny ? 0 : 1;
94 }
95
96
qemu_acl_reset(qemu_acl * acl)97 void qemu_acl_reset(qemu_acl *acl)
98 {
99 qemu_acl_entry *entry;
100
101 /* Put back to deny by default, so there is no window
102 * of "open access" while the user re-initializes the
103 * access control list */
104 acl->defaultDeny = 1;
105 TAILQ_FOREACH(entry, &acl->entries, next) {
106 TAILQ_REMOVE(&acl->entries, entry, next);
107 free(entry->match);
108 free(entry);
109 }
110 acl->nentries = 0;
111 }
112
113
qemu_acl_append(qemu_acl * acl,int deny,const char * match)114 int qemu_acl_append(qemu_acl *acl,
115 int deny,
116 const char *match)
117 {
118 qemu_acl_entry *entry;
119
120 entry = qemu_malloc(sizeof(*entry));
121 entry->match = qemu_strdup(match);
122 entry->deny = deny;
123
124 TAILQ_INSERT_TAIL(&acl->entries, entry, next);
125 acl->nentries++;
126
127 return acl->nentries;
128 }
129
130
qemu_acl_insert(qemu_acl * acl,int deny,const char * match,int index)131 int qemu_acl_insert(qemu_acl *acl,
132 int deny,
133 const char *match,
134 int index)
135 {
136 qemu_acl_entry *entry;
137 qemu_acl_entry *tmp;
138 int i = 0;
139
140 if (index <= 0)
141 return -1;
142 if (index >= acl->nentries)
143 return qemu_acl_append(acl, deny, match);
144
145
146 entry = qemu_malloc(sizeof(*entry));
147 entry->match = qemu_strdup(match);
148 entry->deny = deny;
149
150 TAILQ_FOREACH(tmp, &acl->entries, next) {
151 i++;
152 if (i == index) {
153 TAILQ_INSERT_BEFORE(tmp, entry, next);
154 acl->nentries++;
155 break;
156 }
157 }
158
159 return i;
160 }
161
qemu_acl_remove(qemu_acl * acl,const char * match)162 int qemu_acl_remove(qemu_acl *acl,
163 const char *match)
164 {
165 qemu_acl_entry *entry;
166 int i = 0;
167
168 TAILQ_FOREACH(entry, &acl->entries, next) {
169 i++;
170 if (strcmp(entry->match, match) == 0) {
171 TAILQ_REMOVE(&acl->entries, entry, next);
172 return i;
173 }
174 }
175 return -1;
176 }
177
178
179 /*
180 * Local variables:
181 * c-indent-level: 4
182 * c-basic-offset: 4
183 * tab-width: 8
184 * End:
185 */
186