1 /*
2 * QEMU access control list management
3 *
4 * Copyright (C) 2009 Red Hat, Inc
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25
26 #include "qemu-common.h"
27 #include "acl.h"
28
29 #ifdef CONFIG_FNMATCH
30 #include <fnmatch.h>
31 #endif
32
33
34 static unsigned int nacls = 0;
35 static qemu_acl **acls = NULL;
36
37
38
qemu_acl_find(const char * aclname)39 qemu_acl *qemu_acl_find(const char *aclname)
40 {
41 int i;
42 for (i = 0 ; i < nacls ; i++) {
43 if (strcmp(acls[i]->aclname, aclname) == 0)
44 return acls[i];
45 }
46
47 return NULL;
48 }
49
qemu_acl_init(const char * aclname)50 qemu_acl *qemu_acl_init(const char *aclname)
51 {
52 qemu_acl *acl;
53
54 acl = qemu_acl_find(aclname);
55 if (acl)
56 return acl;
57
58 acl = qemu_malloc(sizeof(*acl));
59 acl->aclname = qemu_strdup(aclname);
60 /* Deny by default, so there is no window of "open
61 * access" between QEMU starting, and the user setting
62 * up ACLs in the monitor */
63 acl->defaultDeny = 1;
64
65 acl->nentries = 0;
66 QTAILQ_INIT(&acl->entries);
67
68 acls = qemu_realloc(acls, sizeof(*acls) * (nacls +1));
69 acls[nacls] = acl;
70 nacls++;
71
72 return acl;
73 }
74
qemu_acl_party_is_allowed(qemu_acl * acl,const char * party)75 int qemu_acl_party_is_allowed(qemu_acl *acl,
76 const char *party)
77 {
78 qemu_acl_entry *entry;
79
80 QTAILQ_FOREACH(entry, &acl->entries, next) {
81 #ifdef CONFIG_FNMATCH
82 if (fnmatch(entry->match, party, 0) == 0)
83 return entry->deny ? 0 : 1;
84 #else
85 /* No fnmatch, so fallback to exact string matching
86 * instead of allowing wildcards */
87 if (strcmp(entry->match, party) == 0)
88 return entry->deny ? 0 : 1;
89 #endif
90 }
91
92 return acl->defaultDeny ? 0 : 1;
93 }
94
95
qemu_acl_reset(qemu_acl * acl)96 void qemu_acl_reset(qemu_acl *acl)
97 {
98 qemu_acl_entry *entry;
99
100 /* Put back to deny by default, so there is no window
101 * of "open access" while the user re-initializes the
102 * access control list */
103 acl->defaultDeny = 1;
104 QTAILQ_FOREACH(entry, &acl->entries, next) {
105 QTAILQ_REMOVE(&acl->entries, entry, next);
106 free(entry->match);
107 free(entry);
108 }
109 acl->nentries = 0;
110 }
111
112
qemu_acl_append(qemu_acl * acl,int deny,const char * match)113 int qemu_acl_append(qemu_acl *acl,
114 int deny,
115 const char *match)
116 {
117 qemu_acl_entry *entry;
118
119 entry = qemu_malloc(sizeof(*entry));
120 entry->match = qemu_strdup(match);
121 entry->deny = deny;
122
123 QTAILQ_INSERT_TAIL(&acl->entries, entry, next);
124 acl->nentries++;
125
126 return acl->nentries;
127 }
128
129
qemu_acl_insert(qemu_acl * acl,int deny,const char * match,int index)130 int qemu_acl_insert(qemu_acl *acl,
131 int deny,
132 const char *match,
133 int index)
134 {
135 qemu_acl_entry *entry;
136 qemu_acl_entry *tmp;
137 int i = 0;
138
139 if (index <= 0)
140 return -1;
141 if (index >= acl->nentries)
142 return qemu_acl_append(acl, deny, match);
143
144
145 entry = qemu_malloc(sizeof(*entry));
146 entry->match = qemu_strdup(match);
147 entry->deny = deny;
148
149 QTAILQ_FOREACH(tmp, &acl->entries, next) {
150 i++;
151 if (i == index) {
152 QTAILQ_INSERT_BEFORE(tmp, entry, next);
153 acl->nentries++;
154 break;
155 }
156 }
157
158 return i;
159 }
160
qemu_acl_remove(qemu_acl * acl,const char * match)161 int qemu_acl_remove(qemu_acl *acl,
162 const char *match)
163 {
164 qemu_acl_entry *entry;
165 int i = 0;
166
167 QTAILQ_FOREACH(entry, &acl->entries, next) {
168 i++;
169 if (strcmp(entry->match, match) == 0) {
170 QTAILQ_REMOVE(&acl->entries, entry, next);
171 return i;
172 }
173 }
174 return -1;
175 }
176
177
178 /*
179 * Local variables:
180 * c-indent-level: 4
181 * c-basic-offset: 4
182 * tab-width: 8
183 * End:
184 */
185