2 * QEMU access control list authorization driver
4 * Copyright (c) 2018 Red Hat, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include "qemu/osdep.h"
22 #include "authz/list.h"
24 #include "qom/object_interfaces.h"
25 #include "qapi/qapi-visit-authz.h"
26 #include "qemu/module.h"
28 static bool qauthz_list_is_allowed(QAuthZ
*authz
,
32 QAuthZList
*lauthz
= QAUTHZ_LIST(authz
);
33 QAuthZListRuleList
*rules
= lauthz
->rules
;
36 QAuthZListRule
*rule
= rules
->value
;
37 QAuthZListFormat format
= rule
->has_format
? rule
->format
:
38 QAUTHZ_LIST_FORMAT_EXACT
;
40 trace_qauthz_list_check_rule(authz
, rule
->match
, identity
,
41 format
, rule
->policy
);
43 case QAUTHZ_LIST_FORMAT_EXACT
:
44 if (g_str_equal(rule
->match
, identity
)) {
45 return rule
->policy
== QAUTHZ_LIST_POLICY_ALLOW
;
48 case QAUTHZ_LIST_FORMAT_GLOB
:
49 if (g_pattern_match_simple(rule
->match
, identity
)) {
50 return rule
->policy
== QAUTHZ_LIST_POLICY_ALLOW
;
60 trace_qauthz_list_default_policy(authz
, identity
, lauthz
->policy
);
61 return lauthz
->policy
== QAUTHZ_LIST_POLICY_ALLOW
;
66 qauthz_list_prop_set_policy(Object
*obj
,
68 Error
**errp G_GNUC_UNUSED
)
70 QAuthZList
*lauthz
= QAUTHZ_LIST(obj
);
72 lauthz
->policy
= value
;
77 qauthz_list_prop_get_policy(Object
*obj
,
78 Error
**errp G_GNUC_UNUSED
)
80 QAuthZList
*lauthz
= QAUTHZ_LIST(obj
);
82 return lauthz
->policy
;
87 qauthz_list_prop_get_rules(Object
*obj
, Visitor
*v
, const char *name
,
88 void *opaque
, Error
**errp
)
90 QAuthZList
*lauthz
= QAUTHZ_LIST(obj
);
92 visit_type_QAuthZListRuleList(v
, name
, &lauthz
->rules
, errp
);
96 qauthz_list_prop_set_rules(Object
*obj
, Visitor
*v
, const char *name
,
97 void *opaque
, Error
**errp
)
99 QAuthZList
*lauthz
= QAUTHZ_LIST(obj
);
100 QAuthZListRuleList
*oldrules
;
102 oldrules
= lauthz
->rules
;
103 visit_type_QAuthZListRuleList(v
, name
, &lauthz
->rules
, errp
);
105 qapi_free_QAuthZListRuleList(oldrules
);
110 qauthz_list_finalize(Object
*obj
)
112 QAuthZList
*lauthz
= QAUTHZ_LIST(obj
);
114 qapi_free_QAuthZListRuleList(lauthz
->rules
);
119 qauthz_list_class_init(ObjectClass
*oc
, void *data
)
121 QAuthZClass
*authz
= QAUTHZ_CLASS(oc
);
123 object_class_property_add_enum(oc
, "policy",
125 &QAuthZListPolicy_lookup
,
126 qauthz_list_prop_get_policy
,
127 qauthz_list_prop_set_policy
,
130 object_class_property_add(oc
, "rules", "QAuthZListRule",
131 qauthz_list_prop_get_rules
,
132 qauthz_list_prop_set_rules
,
135 authz
->is_allowed
= qauthz_list_is_allowed
;
139 QAuthZList
*qauthz_list_new(const char *id
,
140 QAuthZListPolicy policy
,
144 object_new_with_props(TYPE_QAUTHZ_LIST
,
145 object_get_objects_root(),
147 "policy", QAuthZListPolicy_str(policy
),
151 ssize_t
qauthz_list_append_rule(QAuthZList
*auth
,
153 QAuthZListPolicy policy
,
154 QAuthZListFormat format
,
157 QAuthZListRule
*rule
;
158 QAuthZListRuleList
*rules
, *tmp
;
161 rule
= g_new0(QAuthZListRule
, 1);
162 rule
->policy
= policy
;
163 rule
->match
= g_strdup(match
);
164 rule
->format
= format
;
165 rule
->has_format
= true;
167 tmp
= g_new0(QAuthZListRuleList
, 1);
172 while (rules
->next
) {
185 ssize_t
qauthz_list_insert_rule(QAuthZList
*auth
,
187 QAuthZListPolicy policy
,
188 QAuthZListFormat format
,
192 QAuthZListRule
*rule
;
193 QAuthZListRuleList
*rules
, *tmp
;
196 rule
= g_new0(QAuthZListRule
, 1);
197 rule
->policy
= policy
;
198 rule
->match
= g_strdup(match
);
199 rule
->format
= format
;
200 rule
->has_format
= true;
202 tmp
= g_new0(QAuthZListRuleList
, 1);
206 if (rules
&& index
> 0) {
207 while (rules
->next
&& i
< (index
- 1)) {
211 tmp
->next
= rules
->next
;
215 tmp
->next
= auth
->rules
;
222 ssize_t
qauthz_list_delete_rule(QAuthZList
*auth
, const char *match
)
224 QAuthZListRule
*rule
;
225 QAuthZListRuleList
*rules
, *prev
;
232 if (g_str_equal(rule
->match
, match
)) {
234 prev
->next
= rules
->next
;
236 auth
->rules
= rules
->next
;
239 qapi_free_QAuthZListRuleList(rules
);
251 static const TypeInfo qauthz_list_info
= {
252 .parent
= TYPE_QAUTHZ
,
253 .name
= TYPE_QAUTHZ_LIST
,
254 .instance_size
= sizeof(QAuthZList
),
255 .instance_finalize
= qauthz_list_finalize
,
256 .class_size
= sizeof(QAuthZListClass
),
257 .class_init
= qauthz_list_class_init
,
258 .interfaces
= (InterfaceInfo
[]) {
259 { TYPE_USER_CREATABLE
},
266 qauthz_list_register_types(void)
268 type_register_static(&qauthz_list_info
);
272 type_init(qauthz_list_register_types
);