[qemu.git] / util / acl.c

/*
 * QEMU access control list management
 *
 * Copyright (C) 2009 Red Hat, Inc
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */


#include "qemu-common.h"
#include "qemu/acl.h"

#ifdef CONFIG_FNMATCH
#include <fnmatch.h>
#endif


static unsigned int nacls = 0;
static qemu_acl **acls = NULL;


qemu_acl *qemu_acl_find(const char *aclname)
{
    int i;
    for (i = 0 ; i < nacls ; i++) {
        if (strcmp(acls[i]->aclname, aclname) == 0)
            return acls[i];
    }

    return NULL;
}

qemu_acl *qemu_acl_init(const char *aclname)
{
    qemu_acl *acl;

    acl = qemu_acl_find(aclname);
    if (acl)
        return acl;

    acl = g_malloc(sizeof(*acl));
    acl->aclname = g_strdup(aclname);
    /* Deny by default, so there is no window of "open
     * access" between QEMU starting, and the user setting
     * up ACLs in the monitor */
    acl->defaultDeny = 1;

    acl->nentries = 0;
    QTAILQ_INIT(&acl->entries);

    acls = g_realloc(acls, sizeof(*acls) * (nacls +1));
    acls[nacls] = acl;
    nacls++;

    return acl;
}

int qemu_acl_party_is_allowed(qemu_acl *acl,
                              const char *party)
{
    qemu_acl_entry *entry;

    QTAILQ_FOREACH(entry, &acl->entries, next) {
#ifdef CONFIG_FNMATCH
        if (fnmatch(entry->match, party, 0) == 0)
            return entry->deny ? 0 : 1;
#else
        /* No fnmatch, so fallback to exact string matching
         * instead of allowing wildcards */
        if (strcmp(entry->match, party) == 0)
            return entry->deny ? 0 : 1;
#endif
    }

    return acl->defaultDeny ? 0 : 1;
}


void qemu_acl_reset(qemu_acl *acl)
{
    qemu_acl_entry *entry, *next_entry;

    /* Put back to deny by default, so there is no window
     * of "open access" while the user re-initializes the
     * access control list */
    acl->defaultDeny = 1;
    QTAILQ_FOREACH_SAFE(entry, &acl->entries, next, next_entry) {
        QTAILQ_REMOVE(&acl->entries, entry, next);
        g_free(entry->match);
        g_free(entry);
    }
    acl->nentries = 0;
}


int qemu_acl_append(qemu_acl *acl,
                    int deny,
                    const char *match)
{
    qemu_acl_entry *entry;

    entry = g_malloc(sizeof(*entry));
    entry->match = g_strdup(match);
    entry->deny = deny;

    QTAILQ_INSERT_TAIL(&acl->entries, entry, next);
    acl->nentries++;

    return acl->nentries;
}


int qemu_acl_insert(qemu_acl *acl,
                    int deny,
                    const char *match,
                    int index)
{
    qemu_acl_entry *entry;
    qemu_acl_entry *tmp;
    int i = 0;

    if (index <= 0)
        return -1;
    if (index > acl->nentries) {
        return qemu_acl_append(acl, deny, match);
    }

    entry = g_malloc(sizeof(*entry));
    entry->match = g_strdup(match);
    entry->deny = deny;

    QTAILQ_FOREACH(tmp, &acl->entries, next) {
        i++;
        if (i == index) {
            QTAILQ_INSERT_BEFORE(tmp, entry, next);
            acl->nentries++;
            break;
        }
    }

    return i;
}

int qemu_acl_remove(qemu_acl *acl,
                    const char *match)
{
    qemu_acl_entry *entry;
    int i = 0;

    QTAILQ_FOREACH(entry, &acl->entries, next) {
        i++;
        if (strcmp(entry->match, match) == 0) {
            QTAILQ_REMOVE(&acl->entries, entry, next);
            acl->nentries--;
            g_free(entry->match);
            g_free(entry);
            return i;
        }
    }
    return -1;
}


/*
 * Local variables:
 *  c-indent-level: 4
 *  c-basic-offset: 4
 *  tab-width: 8
 * End:
 */
Commit	Line	Data
76655d6d AL	1	/*
	2	* QEMU access control list management
	3	*
	4	* Copyright (C) 2009 Red Hat, Inc
	5	*
	6	* Permission is hereby granted, free of charge, to any person obtaining a copy
	7	* of this software and associated documentation files (the "Software"), to deal
	8	* in the Software without restriction, including without limitation the rights
	9	* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	10	* copies of the Software, and to permit persons to whom the Software is
	11	* furnished to do so, subject to the following conditions:
	12	*
	13	* The above copyright notice and this permission notice shall be included in
	14	* all copies or substantial portions of the Software.
	15	*
	16	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	17	* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	18	* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
	19	* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	20	* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	21	* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
	22	* THE SOFTWARE.
	23	*/
	24
	25
	26	#include "qemu-common.h"
1de7afc9	27	#include "qemu/acl.h"
76655d6d	28
56ffaf25	29	#ifdef CONFIG_FNMATCH
76655d6d AL	30	#include <fnmatch.h>
	31	#endif
	32
	33
	34	static unsigned int nacls = 0;
	35	static qemu_acl **acls = NULL;
	36
	37
	38
	39	qemu_acl qemu_acl_find(const char aclname)
	40	{
	41	int i;
	42	for (i = 0 ; i < nacls ; i++) {
28a76be8 AL	43	if (strcmp(acls[i]->aclname, aclname) == 0)
28a76be8 AL	44	return acls[i];
76655d6d AL	45	}
	46
	47	return NULL;
	48	}
	49
	50	qemu_acl qemu_acl_init(const char aclname)
	51	{
	52	qemu_acl *acl;
	53
	54	acl = qemu_acl_find(aclname);
	55	if (acl)
28a76be8	56	return acl;
76655d6d	57
7267c094 AL	58	acl = g_malloc(sizeof(*acl));
7267c094 AL	59	acl->aclname = g_strdup(aclname);
76655d6d AL	60	/* Deny by default, so there is no window of "open
	61	* access" between QEMU starting, and the user setting
	62	* up ACLs in the monitor */
	63	acl->defaultDeny = 1;
	64
	65	acl->nentries = 0;
72cf2d4f	66	QTAILQ_INIT(&acl->entries);
76655d6d	67
7267c094	68	acls = g_realloc(acls, sizeof(acls) (nacls +1));
76655d6d AL	69	acls[nacls] = acl;
	70	nacls++;
	71
	72	return acl;
	73	}
	74
	75	int qemu_acl_party_is_allowed(qemu_acl *acl,
28a76be8	76	const char *party)
76655d6d AL	77	{
	78	qemu_acl_entry *entry;
	79
72cf2d4f	80	QTAILQ_FOREACH(entry, &acl->entries, next) {
56ffaf25	81	#ifdef CONFIG_FNMATCH
28a76be8 AL	82	if (fnmatch(entry->match, party, 0) == 0)
28a76be8 AL	83	return entry->deny ? 0 : 1;
76655d6d	84	#else
28a76be8 AL	85	/* No fnmatch, so fallback to exact string matching
	86	* instead of allowing wildcards */
	87	if (strcmp(entry->match, party) == 0)
	88	return entry->deny ? 0 : 1;
76655d6d AL	89	#endif
	90	}
	91
	92	return acl->defaultDeny ? 0 : 1;
	93	}
	94
	95
	96	void qemu_acl_reset(qemu_acl *acl)
	97	{
0ce6a434	98	qemu_acl_entry entry, next_entry;
76655d6d AL	99
	100	/* Put back to deny by default, so there is no window
	101	* of "open access" while the user re-initializes the
	102	* access control list */
	103	acl->defaultDeny = 1;
0ce6a434	104	QTAILQ_FOREACH_SAFE(entry, &acl->entries, next, next_entry) {
72cf2d4f	105	QTAILQ_REMOVE(&acl->entries, entry, next);
038794cf MA	106	g_free(entry->match);
038794cf MA	107	g_free(entry);
76655d6d AL	108	}
	109	acl->nentries = 0;
	110	}
	111
	112
	113	int qemu_acl_append(qemu_acl *acl,
28a76be8 AL	114	int deny,
28a76be8 AL	115	const char *match)
76655d6d AL	116	{
	117	qemu_acl_entry *entry;
	118
7267c094 AL	119	entry = g_malloc(sizeof(*entry));
7267c094 AL	120	entry->match = g_strdup(match);
76655d6d AL	121	entry->deny = deny;
76655d6d AL	122
72cf2d4f	123	QTAILQ_INSERT_TAIL(&acl->entries, entry, next);
76655d6d AL	124	acl->nentries++;
	125
	126	return acl->nentries;
	127	}
	128
	129
	130	int qemu_acl_insert(qemu_acl *acl,
28a76be8 AL	131	int deny,
	132	const char *match,
	133	int index)
76655d6d AL	134	{
	135	qemu_acl_entry *entry;
	136	qemu_acl_entry *tmp;
	137	int i = 0;
	138
	139	if (index <= 0)
28a76be8	140	return -1;
4999f3a8	141	if (index > acl->nentries) {
28a76be8	142	return qemu_acl_append(acl, deny, match);
4999f3a8	143	}
76655d6d	144
7267c094 AL	145	entry = g_malloc(sizeof(*entry));
7267c094 AL	146	entry->match = g_strdup(match);
76655d6d AL	147	entry->deny = deny;
76655d6d AL	148
72cf2d4f	149	QTAILQ_FOREACH(tmp, &acl->entries, next) {
28a76be8 AL	150	i++;
28a76be8 AL	151	if (i == index) {
72cf2d4f	152	QTAILQ_INSERT_BEFORE(tmp, entry, next);
28a76be8 AL	153	acl->nentries++;
	154	break;
	155	}
76655d6d AL	156	}
	157
	158	return i;
	159	}
	160
	161	int qemu_acl_remove(qemu_acl *acl,
28a76be8	162	const char *match)
76655d6d AL	163	{
	164	qemu_acl_entry *entry;
	165	int i = 0;
	166
72cf2d4f	167	QTAILQ_FOREACH(entry, &acl->entries, next) {
28a76be8 AL	168	i++;
28a76be8 AL	169	if (strcmp(entry->match, match) == 0) {
72cf2d4f	170	QTAILQ_REMOVE(&acl->entries, entry, next);
c23c15d3 MA	171	acl->nentries--;
	172	g_free(entry->match);
	173	g_free(entry);
28a76be8 AL	174	return i;
28a76be8 AL	175	}
76655d6d AL	176	}
	177	return -1;
	178	}
	179
	180
	181	/*
	182	* Local variables:
	183	* c-indent-level: 4
	184	* c-basic-offset: 4
	185	* tab-width: 8
	186	* End:
	187	*/