2 * QEMU access control list authorization driver
4 * Copyright (c) 2018 Red Hat, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include "qemu/osdep.h"
22 #include "authz/list.h"
24 #include "qom/object_interfaces.h"
25 #include "qapi/qapi-visit-authz.h"
26 #include "qemu/module.h"
28 static bool qauthz_list_is_allowed(QAuthZ
*authz
,
32 QAuthZList
*lauthz
= QAUTHZ_LIST(authz
);
33 QAuthZListRuleList
*rules
= lauthz
->rules
;
36 QAuthZListRule
*rule
= rules
->value
;
37 QAuthZListFormat format
= rule
->has_format
? rule
->format
:
38 QAUTHZ_LIST_FORMAT_EXACT
;
40 trace_qauthz_list_check_rule(authz
, rule
->match
, identity
,
41 format
, rule
->policy
);
43 case QAUTHZ_LIST_FORMAT_EXACT
:
44 if (g_str_equal(rule
->match
, identity
)) {
45 return rule
->policy
== QAUTHZ_LIST_POLICY_ALLOW
;
48 case QAUTHZ_LIST_FORMAT_GLOB
:
49 if (g_pattern_match_simple(rule
->match
, identity
)) {
50 return rule
->policy
== QAUTHZ_LIST_POLICY_ALLOW
;
60 trace_qauthz_list_default_policy(authz
, identity
, lauthz
->policy
);
61 return lauthz
->policy
== QAUTHZ_LIST_POLICY_ALLOW
;
66 qauthz_list_prop_set_policy(Object
*obj
,
68 Error
**errp G_GNUC_UNUSED
)
70 QAuthZList
*lauthz
= QAUTHZ_LIST(obj
);
72 lauthz
->policy
= value
;
77 qauthz_list_prop_get_policy(Object
*obj
,
78 Error
**errp G_GNUC_UNUSED
)
80 QAuthZList
*lauthz
= QAUTHZ_LIST(obj
);
82 return lauthz
->policy
;
87 qauthz_list_prop_get_rules(Object
*obj
, Visitor
*v
, const char *name
,
88 void *opaque
, Error
**errp
)
90 QAuthZList
*lauthz
= QAUTHZ_LIST(obj
);
92 visit_type_QAuthZListRuleList(v
, name
, &lauthz
->rules
, errp
);
96 qauthz_list_prop_set_rules(Object
*obj
, Visitor
*v
, const char *name
,
97 void *opaque
, Error
**errp
)
99 QAuthZList
*lauthz
= QAUTHZ_LIST(obj
);
100 QAuthZListRuleList
*oldrules
;
102 oldrules
= lauthz
->rules
;
103 visit_type_QAuthZListRuleList(v
, name
, &lauthz
->rules
, errp
);
105 qapi_free_QAuthZListRuleList(oldrules
);
110 qauthz_list_finalize(Object
*obj
)
112 QAuthZList
*lauthz
= QAUTHZ_LIST(obj
);
114 qapi_free_QAuthZListRuleList(lauthz
->rules
);
119 qauthz_list_class_init(ObjectClass
*oc
, void *data
)
121 QAuthZClass
*authz
= QAUTHZ_CLASS(oc
);
123 object_class_property_add_enum(oc
, "policy",
125 &QAuthZListPolicy_lookup
,
126 qauthz_list_prop_get_policy
,
127 qauthz_list_prop_set_policy
);
129 object_class_property_add(oc
, "rules", "QAuthZListRule",
130 qauthz_list_prop_get_rules
,
131 qauthz_list_prop_set_rules
,
134 authz
->is_allowed
= qauthz_list_is_allowed
;
138 QAuthZList
*qauthz_list_new(const char *id
,
139 QAuthZListPolicy policy
,
143 object_new_with_props(TYPE_QAUTHZ_LIST
,
144 object_get_objects_root(),
146 "policy", QAuthZListPolicy_str(policy
),
150 ssize_t
qauthz_list_append_rule(QAuthZList
*auth
,
152 QAuthZListPolicy policy
,
153 QAuthZListFormat format
,
156 QAuthZListRule
*rule
;
157 QAuthZListRuleList
*rules
, *tmp
;
160 rule
= g_new0(QAuthZListRule
, 1);
161 rule
->policy
= policy
;
162 rule
->match
= g_strdup(match
);
163 rule
->format
= format
;
164 rule
->has_format
= true;
166 tmp
= g_new0(QAuthZListRuleList
, 1);
171 while (rules
->next
) {
184 ssize_t
qauthz_list_insert_rule(QAuthZList
*auth
,
186 QAuthZListPolicy policy
,
187 QAuthZListFormat format
,
191 QAuthZListRule
*rule
;
192 QAuthZListRuleList
*rules
, *tmp
;
195 rule
= g_new0(QAuthZListRule
, 1);
196 rule
->policy
= policy
;
197 rule
->match
= g_strdup(match
);
198 rule
->format
= format
;
199 rule
->has_format
= true;
201 tmp
= g_new0(QAuthZListRuleList
, 1);
205 if (rules
&& index
> 0) {
206 while (rules
->next
&& i
< (index
- 1)) {
210 tmp
->next
= rules
->next
;
214 tmp
->next
= auth
->rules
;
221 ssize_t
qauthz_list_delete_rule(QAuthZList
*auth
, const char *match
)
223 QAuthZListRule
*rule
;
224 QAuthZListRuleList
*rules
, *prev
;
231 if (g_str_equal(rule
->match
, match
)) {
233 prev
->next
= rules
->next
;
235 auth
->rules
= rules
->next
;
238 qapi_free_QAuthZListRuleList(rules
);
250 static const TypeInfo qauthz_list_info
= {
251 .parent
= TYPE_QAUTHZ
,
252 .name
= TYPE_QAUTHZ_LIST
,
253 .instance_size
= sizeof(QAuthZList
),
254 .instance_finalize
= qauthz_list_finalize
,
255 .class_size
= sizeof(QAuthZListClass
),
256 .class_init
= qauthz_list_class_init
,
257 .interfaces
= (InterfaceInfo
[]) {
258 { TYPE_USER_CREATABLE
},
265 qauthz_list_register_types(void)
267 type_register_static(&qauthz_list_info
);
271 type_init(qauthz_list_register_types
);