• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * QEMU access control list management
3  *
4  * Copyright (C) 2009 Red Hat, Inc
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 
25 
26 #include "qemu-common.h"
27 #include "sysemu.h"
28 #include "acl.h"
29 
30 #ifdef HAVE_FNMATCH_H
31 #include <fnmatch.h>
32 #endif
33 
34 
35 static unsigned int nacls = 0;
36 static qemu_acl **acls = NULL;
37 
38 
39 
qemu_acl_find(const char * aclname)40 qemu_acl *qemu_acl_find(const char *aclname)
41 {
42     int i;
43     for (i = 0 ; i < nacls ; i++) {
44         if (strcmp(acls[i]->aclname, aclname) == 0)
45             return acls[i];
46     }
47 
48     return NULL;
49 }
50 
qemu_acl_init(const char * aclname)51 qemu_acl *qemu_acl_init(const char *aclname)
52 {
53     qemu_acl *acl;
54 
55     acl = qemu_acl_find(aclname);
56     if (acl)
57         return acl;
58 
59     acl = qemu_malloc(sizeof(*acl));
60     acl->aclname = qemu_strdup(aclname);
61     /* Deny by default, so there is no window of "open
62      * access" between QEMU starting, and the user setting
63      * up ACLs in the monitor */
64     acl->defaultDeny = 1;
65 
66     acl->nentries = 0;
67     TAILQ_INIT(&acl->entries);
68 
69     acls = qemu_realloc(acls, sizeof(*acls) * (nacls +1));
70     acls[nacls] = acl;
71     nacls++;
72 
73     return acl;
74 }
75 
qemu_acl_party_is_allowed(qemu_acl * acl,const char * party)76 int qemu_acl_party_is_allowed(qemu_acl *acl,
77                               const char *party)
78 {
79     qemu_acl_entry *entry;
80 
81     TAILQ_FOREACH(entry, &acl->entries, next) {
82 #ifdef HAVE_FNMATCH_H
83         if (fnmatch(entry->match, party, 0) == 0)
84             return entry->deny ? 0 : 1;
85 #else
86         /* No fnmatch, so fallback to exact string matching
87          * instead of allowing wildcards */
88         if (strcmp(entry->match, party) == 0)
89             return entry->deny ? 0 : 1;
90 #endif
91     }
92 
93     return acl->defaultDeny ? 0 : 1;
94 }
95 
96 
qemu_acl_reset(qemu_acl * acl)97 void qemu_acl_reset(qemu_acl *acl)
98 {
99     qemu_acl_entry *entry;
100 
101     /* Put back to deny by default, so there is no window
102      * of "open access" while the user re-initializes the
103      * access control list */
104     acl->defaultDeny = 1;
105     TAILQ_FOREACH(entry, &acl->entries, next) {
106         TAILQ_REMOVE(&acl->entries, entry, next);
107         free(entry->match);
108         free(entry);
109     }
110     acl->nentries = 0;
111 }
112 
113 
qemu_acl_append(qemu_acl * acl,int deny,const char * match)114 int qemu_acl_append(qemu_acl *acl,
115                     int deny,
116                     const char *match)
117 {
118     qemu_acl_entry *entry;
119 
120     entry = qemu_malloc(sizeof(*entry));
121     entry->match = qemu_strdup(match);
122     entry->deny = deny;
123 
124     TAILQ_INSERT_TAIL(&acl->entries, entry, next);
125     acl->nentries++;
126 
127     return acl->nentries;
128 }
129 
130 
qemu_acl_insert(qemu_acl * acl,int deny,const char * match,int index)131 int qemu_acl_insert(qemu_acl *acl,
132                     int deny,
133                     const char *match,
134                     int index)
135 {
136     qemu_acl_entry *entry;
137     qemu_acl_entry *tmp;
138     int i = 0;
139 
140     if (index <= 0)
141         return -1;
142     if (index >= acl->nentries)
143         return qemu_acl_append(acl, deny, match);
144 
145 
146     entry = qemu_malloc(sizeof(*entry));
147     entry->match = qemu_strdup(match);
148     entry->deny = deny;
149 
150     TAILQ_FOREACH(tmp, &acl->entries, next) {
151         i++;
152         if (i == index) {
153             TAILQ_INSERT_BEFORE(tmp, entry, next);
154             acl->nentries++;
155             break;
156         }
157     }
158 
159     return i;
160 }
161 
qemu_acl_remove(qemu_acl * acl,const char * match)162 int qemu_acl_remove(qemu_acl *acl,
163                     const char *match)
164 {
165     qemu_acl_entry *entry;
166     int i = 0;
167 
168     TAILQ_FOREACH(entry, &acl->entries, next) {
169         i++;
170         if (strcmp(entry->match, match) == 0) {
171             TAILQ_REMOVE(&acl->entries, entry, next);
172             return i;
173         }
174     }
175     return -1;
176 }
177 
178 
179 /*
180  * Local variables:
181  *  c-indent-level: 4
182  *  c-basic-offset: 4
183  *  tab-width: 8
184  * End:
185  */
186