From patchwork Thu Jun 2 16:46:22 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 9151001 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5FB2B60467 for ; Thu, 2 Jun 2016 17:12:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 47EFB282ED for ; Thu, 2 Jun 2016 17:12:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3BDFD28310; Thu, 2 Jun 2016 17:12:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.9 required=2.0 tests=BAYES_00,FSL_HELO_HOME, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id C3A3B282ED for ; Thu, 2 Jun 2016 17:12:08 +0000 (UTC) Received: from localhost ([::1]:49323 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b8WAB-00010m-HD for patchwork-qemu-devel@patchwork.kernel.org; Thu, 02 Jun 2016 13:12:07 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38638) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b8Vlw-0004qK-Ci for qemu-devel@nongnu.org; Thu, 02 Jun 2016 12:47:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b8Vlp-0003WB-70 for qemu-devel@nongnu.org; Thu, 02 Jun 2016 12:47:03 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50801) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b8Vle-0003PV-1M; Thu, 02 Jun 2016 12:46:46 -0400 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8BF3D627CF; Thu, 2 Jun 2016 16:46:45 +0000 (UTC) Received: from t530wlan.home.berrange.com.com (vpn1-7-181.ams2.redhat.com [10.36.7.181]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u52GkVdO023498; Thu, 2 Jun 2016 12:46:43 -0400 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Thu, 2 Jun 2016 17:46:22 +0100 Message-Id: <1464885987-4039-7-git-send-email-berrange@redhat.com> In-Reply-To: <1464885987-4039-1-git-send-email-berrange@redhat.com> References: <1464885987-4039-1-git-send-email-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 02 Jun 2016 16:46:45 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 06/11] acl: delete existing ACL implementation X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-block@nongnu.org, Markus Armbruster , Max Reitz , Paolo Bonzini , =?UTF-8?q?Andreas=20F=C3=A4rber?= Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The 'qemu_acl' type was a previous non-QOM based attempt to provide an authorization facility in QEMU. Because it is non-QOM based it cannot be created via the command line and requires special monitor commands to manipulate it. The new QAuthZ and QAuthZSimple QOM classes provide a superset of the functionality in qemu_acl, so the latter can now be deleted. The HMP 'acl_*' monitor commands are converted to use the new QAuthZSimple data type instead in order to provide backwards compatibility, but their use is discouraged. Signed-off-by: Daniel P. Berrange --- Makefile | 6 +- crypto/tlssession.c | 28 ++++-- include/qemu/acl.h | 74 ---------------- monitor.c | 181 ++++++++++++++++++++++++++------------- tests/Makefile | 2 +- tests/test-crypto-tlssession.c | 13 +-- tests/test-io-channel-tls.c | 14 +-- ui/vnc-auth-sasl.c | 2 +- ui/vnc-auth-sasl.h | 4 +- ui/vnc.c | 11 ++- util/Makefile.objs | 1 - util/acl.c | 188 ----------------------------------------- 12 files changed, 176 insertions(+), 348 deletions(-) delete mode 100644 include/qemu/acl.h delete mode 100644 util/acl.c diff --git a/Makefile b/Makefile index ae3ffac..97e13da 100644 --- a/Makefile +++ b/Makefile @@ -232,9 +232,9 @@ util/module.o-cflags = -D'CONFIG_BLOCK_MODULES=$(block-modules)' qemu-img.o: qemu-img-cmds.h -qemu-img$(EXESUF): qemu-img.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a -qemu-nbd$(EXESUF): qemu-nbd.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a -qemu-io$(EXESUF): qemu-io.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a +qemu-img$(EXESUF): qemu-img.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(util-qom-obj-y) libqemuutil.a libqemustub.a +qemu-nbd$(EXESUF): qemu-nbd.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(util-qom-obj-y) libqemuutil.a libqemustub.a +qemu-io$(EXESUF): qemu-io.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(util-qom-obj-y) libqemuutil.a libqemustub.a qemu-bridge-helper$(EXESUF): qemu-bridge-helper.o libqemuutil.a libqemustub.a diff --git a/crypto/tlssession.c b/crypto/tlssession.c index a543e5a..78bb0f5 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -23,7 +23,7 @@ #include "crypto/tlscredsanon.h" #include "crypto/tlscredsx509.h" #include "qapi/error.h" -#include "qemu/acl.h" +#include "qemu/authz.h" #include "trace.h" #ifdef CONFIG_GNUTLS @@ -208,6 +208,7 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session, unsigned int nCerts, i; time_t now; gnutls_x509_crt_t cert = NULL; + Error *err = NULL; now = time(NULL); if (now == ((time_t)-1)) { @@ -296,16 +297,33 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session, goto error; } if (session->aclname) { - qemu_acl *acl = qemu_acl_find(session->aclname); - int allow; - if (!acl) { + QAuthZ *acl; + Object *obj; + Object *container; + bool allow; + + container = object_get_objects_root(); + obj = object_resolve_path_component(container, + session->aclname); + if (!obj) { error_setg(errp, "Cannot find ACL %s", session->aclname); goto error; } - allow = qemu_acl_party_is_allowed(acl, session->peername); + if (!object_dynamic_cast(obj, TYPE_QAUTHZ)) { + error_setg(errp, "Object '%s' is not a QAuthZ subclass", + session->aclname); + goto error; + } + acl = QAUTHZ(obj); + + allow = qauthz_is_allowed(acl, session->peername, &err); + if (err) { + error_propagate(errp, err); + goto error; + } if (!allow) { error_setg(errp, "TLS x509 ACL check for %s is denied", session->peername); diff --git a/include/qemu/acl.h b/include/qemu/acl.h deleted file mode 100644 index 116487e..0000000 --- a/include/qemu/acl.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * QEMU access control list management - * - * Copyright (C) 2009 Red Hat, Inc - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL - * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -#ifndef __QEMU_ACL_H__ -#define __QEMU_ACL_H__ - -#include "qemu/queue.h" - -typedef struct qemu_acl_entry qemu_acl_entry; -typedef struct qemu_acl qemu_acl; - -struct qemu_acl_entry { - char *match; - int deny; - - QTAILQ_ENTRY(qemu_acl_entry) next; -}; - -struct qemu_acl { - char *aclname; - unsigned int nentries; - QTAILQ_HEAD(,qemu_acl_entry) entries; - int defaultDeny; -}; - -qemu_acl *qemu_acl_init(const char *aclname); - -qemu_acl *qemu_acl_find(const char *aclname); - -int qemu_acl_party_is_allowed(qemu_acl *acl, - const char *party); - -void qemu_acl_reset(qemu_acl *acl); - -int qemu_acl_append(qemu_acl *acl, - int deny, - const char *match); -int qemu_acl_insert(qemu_acl *acl, - int deny, - const char *match, - int index); -int qemu_acl_remove(qemu_acl *acl, - const char *match); - -#endif /* __QEMU_ACL_H__ */ - -/* - * Local variables: - * c-indent-level: 4 - * c-basic-offset: 4 - * tab-width: 8 - * End: - */ diff --git a/monitor.c b/monitor.c index 404d594..83eb4ac 100644 --- a/monitor.c +++ b/monitor.c @@ -51,7 +51,7 @@ #include "qemu/timer.h" #include "migration/migration.h" #include "sysemu/kvm.h" -#include "qemu/acl.h" +#include "qemu/authz-simple.h" #include "sysemu/tpm.h" #include "qapi/qmp/qerror.h" #include "qapi/qmp/qint.h" @@ -62,6 +62,7 @@ #include "qapi/qmp/qjson.h" #include "qapi/qmp/json-streamer.h" #include "qapi/qmp/json-parser.h" +#include "qapi/util.h" #include #include "cpu.h" #include "trace.h" @@ -1596,61 +1597,88 @@ static void hmp_wavcapture(Monitor *mon, const QDict *qdict) QLIST_INSERT_HEAD (&capture_head, s, entries); } -static qemu_acl *find_acl(Monitor *mon, const char *name) +static QAuthZSimple *find_auth(Monitor *mon, const char *name) { - qemu_acl *acl = qemu_acl_find(name); + Object *obj; + Object *container; - if (!acl) { + container = object_get_objects_root(); + obj = object_resolve_path_component(container, name); + if (!obj) { monitor_printf(mon, "acl: unknown list '%s'\n", name); + return NULL; } - return acl; + + return QAUTHZ_SIMPLE(obj); } static void hmp_acl_show(Monitor *mon, const QDict *qdict) { const char *aclname = qdict_get_str(qdict, "aclname"); - qemu_acl *acl = find_acl(mon, aclname); - qemu_acl_entry *entry; - int i = 0; - - if (acl) { - monitor_printf(mon, "policy: %s\n", - acl->defaultDeny ? "deny" : "allow"); - QTAILQ_FOREACH(entry, &acl->entries, next) { - i++; - monitor_printf(mon, "%d: %s %s\n", i, - entry->deny ? "deny" : "allow", entry->match); - } + QAuthZSimple *auth = find_auth(mon, aclname); + QAuthZSimpleRuleList *rules; + size_t i = 0; + + if (!auth) { + return; + } + + monitor_printf(mon, "policy: %s\n", + QAuthZSimplePolicy_lookup[auth->policy]); + + rules = auth->rules; + while (rules) { + QAuthZSimpleRule *rule = rules->value; + i++; + monitor_printf(mon, "%zu: %s %s\n", i, + QAuthZSimplePolicy_lookup[rule->policy], + rule->match); + rules = rules->next; } } static void hmp_acl_reset(Monitor *mon, const QDict *qdict) { const char *aclname = qdict_get_str(qdict, "aclname"); - qemu_acl *acl = find_acl(mon, aclname); + QAuthZSimple *auth = find_auth(mon, aclname); - if (acl) { - qemu_acl_reset(acl); - monitor_printf(mon, "acl: removed all rules\n"); + if (!auth) { + return; } + + auth->policy = QAUTHZ_SIMPLE_POLICY_DENY; + qapi_free_QAuthZSimpleRuleList(auth->rules); + auth->rules = NULL; + monitor_printf(mon, "acl: removed all rules\n"); } static void hmp_acl_policy(Monitor *mon, const QDict *qdict) { const char *aclname = qdict_get_str(qdict, "aclname"); const char *policy = qdict_get_str(qdict, "policy"); - qemu_acl *acl = find_acl(mon, aclname); + QAuthZSimple *auth = find_auth(mon, aclname); + int val; + Error *err = NULL; - if (acl) { - if (strcmp(policy, "allow") == 0) { - acl->defaultDeny = 0; + if (!auth) { + return; + } + + val = qapi_enum_parse(QAuthZSimplePolicy_lookup, + policy, + QAUTHZ_SIMPLE_POLICY__MAX, + QAUTHZ_SIMPLE_POLICY_DENY, + &err); + if (err) { + error_free(err); + monitor_printf(mon, "acl: unknown policy '%s', " + "expected 'deny' or 'allow'\n", policy); + } else { + auth->policy = val; + if (auth->policy == QAUTHZ_SIMPLE_POLICY_ALLOW) { monitor_printf(mon, "acl: policy set to 'allow'\n"); - } else if (strcmp(policy, "deny") == 0) { - acl->defaultDeny = 1; - monitor_printf(mon, "acl: policy set to 'deny'\n"); } else { - monitor_printf(mon, "acl: unknown policy '%s', " - "expected 'deny' or 'allow'\n", policy); + monitor_printf(mon, "acl: policy set to 'deny'\n"); } } } @@ -1659,30 +1687,60 @@ static void hmp_acl_add(Monitor *mon, const QDict *qdict) { const char *aclname = qdict_get_str(qdict, "aclname"); const char *match = qdict_get_str(qdict, "match"); - const char *policy = qdict_get_str(qdict, "policy"); + const char *policystr = qdict_get_str(qdict, "policy"); int has_index = qdict_haskey(qdict, "index"); int index = qdict_get_try_int(qdict, "index", -1); - qemu_acl *acl = find_acl(mon, aclname); - int deny, ret; - - if (acl) { - if (strcmp(policy, "allow") == 0) { - deny = 0; - } else if (strcmp(policy, "deny") == 0) { - deny = 1; - } else { - monitor_printf(mon, "acl: unknown policy '%s', " - "expected 'deny' or 'allow'\n", policy); - return; - } - if (has_index) - ret = qemu_acl_insert(acl, deny, match, index); - else - ret = qemu_acl_append(acl, deny, match); - if (ret < 0) - monitor_printf(mon, "acl: unable to add acl entry\n"); - else - monitor_printf(mon, "acl: added rule at position %d\n", ret); + QAuthZSimple *auth = find_auth(mon, aclname); + Error *err = NULL; + QAuthZSimplePolicy policy; + QAuthZSimpleFormat format; + size_t i = 0; + + if (!auth) { + return; + } + + policy = qapi_enum_parse(QAuthZSimplePolicy_lookup, + policystr, + QAUTHZ_SIMPLE_POLICY__MAX, + QAUTHZ_SIMPLE_POLICY_DENY, + &err); + if (err) { + error_free(err); + monitor_printf(mon, "acl: unknown policy '%s', " + "expected 'deny' or 'allow'\n", policystr); + return; + } + +#ifdef CONFIG_FNMATCH + if (strchr(match, '*')) { + format = QAUTHZ_SIMPLE_FORMAT_GLOB; + } else { + format = QAUTHZ_SIMPLE_FORMAT_EXACT; + } +#else + /* Historically we silently degraded to plain strcmp + * when fnmatch() was missing */ + format = QAUTHZ_SIMPLE_FORMAT_EXACT; +#endif + + if (has_index && index == 0) { + monitor_printf(mon, "acl: unable to add acl entry\n"); + return; + } + + if (has_index) { + i = qauthz_simple_insert_rule(auth, match, policy, + format, index - 1, &err); + } else { + i = qauthz_simple_append_rule(auth, match, policy, + format, &err); + } + if (err) { + monitor_printf(mon, "acl: unable to add rule: %s", error_get_pretty(err)); + error_free(err); + } else { + monitor_printf(mon, "acl: added rule at position %zu\n", i + 1); } } @@ -1690,15 +1748,18 @@ static void hmp_acl_remove(Monitor *mon, const QDict *qdict) { const char *aclname = qdict_get_str(qdict, "aclname"); const char *match = qdict_get_str(qdict, "match"); - qemu_acl *acl = find_acl(mon, aclname); - int ret; + QAuthZSimple *auth = find_auth(mon, aclname); + ssize_t i = 0; - if (acl) { - ret = qemu_acl_remove(acl, match); - if (ret < 0) - monitor_printf(mon, "acl: no matching acl entry\n"); - else - monitor_printf(mon, "acl: removed rule at position %d\n", ret); + if (!auth) { + return; + } + + i = qauthz_simple_delete_rule(auth, match); + if (i >= 0) { + monitor_printf(mon, "acl: removed rule at position %zu\n", i + 1); + } else { + monitor_printf(mon, "acl: no matching acl entry\n"); } } diff --git a/tests/Makefile b/tests/Makefile index c4c5fc5..3d62b3f 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -405,7 +405,7 @@ test-qom-obj-y = $(qom-obj-y) $(test-util-obj-y) test-qapi-obj-y = tests/test-qapi-visit.o tests/test-qapi-types.o \ tests/test-qapi-event.o tests/test-qmp-introspect.o \ $(test-qom-obj-y) -test-crypto-obj-y = $(crypto-obj-y) $(test-qom-obj-y) +test-crypto-obj-y = $(crypto-obj-y) $(util-qom-obj-y) $(test-qom-obj-y) test-io-obj-y = $(io-obj-y) $(test-crypto-obj-y) test-block-obj-y = $(block-obj-y) $(test-io-obj-y) diff --git a/tests/test-crypto-tlssession.c b/tests/test-crypto-tlssession.c index 1a4a066..d3a30e9 100644 --- a/tests/test-crypto-tlssession.c +++ b/tests/test-crypto-tlssession.c @@ -26,7 +26,7 @@ #include "qom/object_interfaces.h" #include "qapi/error.h" #include "qemu/sockets.h" -#include "qemu/acl.h" +#include "qemu/authz-simple.h" #ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT @@ -111,7 +111,7 @@ static void test_crypto_tls_session(const void *opaque) QCryptoTLSCreds *serverCreds; QCryptoTLSSession *clientSess = NULL; QCryptoTLSSession *serverSess = NULL; - qemu_acl *acl; + QAuthZSimple *auth; const char * const *wildcards; int channel[2]; bool clientShake = false; @@ -170,11 +170,13 @@ static void test_crypto_tls_session(const void *opaque) &err); g_assert(serverCreds != NULL); - acl = qemu_acl_init("tlssessionacl"); - qemu_acl_reset(acl); + auth = qauthz_simple_new("tlssessionacl", + QAUTHZ_SIMPLE_POLICY_DENY, + &error_abort); wildcards = data->wildcards; while (wildcards && *wildcards) { - qemu_acl_append(acl, 0, *wildcards); + qauthz_simple_append_rule(auth, *wildcards, + QAUTHZ_SIMPLE_POLICY_ALLOW); wildcards++; } @@ -264,6 +266,7 @@ static void test_crypto_tls_session(const void *opaque) object_unparent(OBJECT(serverCreds)); object_unparent(OBJECT(clientCreds)); + object_unparent(OBJECT(auth)); qcrypto_tls_session_free(serverSess); qcrypto_tls_session_free(clientSess); diff --git a/tests/test-io-channel-tls.c b/tests/test-io-channel-tls.c index 3c361a7..390d3e9 100644 --- a/tests/test-io-channel-tls.c +++ b/tests/test-io-channel-tls.c @@ -28,7 +28,7 @@ #include "io/channel-socket.h" #include "io-channel-helpers.h" #include "crypto/tlscredsx509.h" -#include "qemu/acl.h" +#include "qemu/authz-simple.h" #include "qom/object_interfaces.h" #ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT @@ -115,7 +115,7 @@ static void test_io_channel_tls(const void *opaque) QIOChannelTLS *serverChanTLS; QIOChannelSocket *clientChanSock; QIOChannelSocket *serverChanSock; - qemu_acl *acl; + QAuthZSimple *auth; const char * const *wildcards; int channel[2]; struct QIOChannelTLSHandshakeData clientHandshake = { false, false }; @@ -166,11 +166,13 @@ static void test_io_channel_tls(const void *opaque) &err); g_assert(serverCreds != NULL); - acl = qemu_acl_init("channeltlsacl"); - qemu_acl_reset(acl); + auth = qauthz_simple_new("channeltlsacl", + QAUTHZ_SIMPLE_POLICY_DENY, + &error_abort); wildcards = data->wildcards; while (wildcards && *wildcards) { - qemu_acl_append(acl, 0, *wildcards); + qauthz_simple_append_rule(auth, *wildcards, + QAUTHZ_SIMPLE_POLICY_ALLOW); wildcards++; } @@ -256,6 +258,8 @@ static void test_io_channel_tls(const void *opaque) object_unref(OBJECT(serverChanSock)); object_unref(OBJECT(clientChanSock)); + object_unparent(OBJECT(auth)); + close(channel[0]); close(channel[1]); } diff --git a/ui/vnc-auth-sasl.c b/ui/vnc-auth-sasl.c index 5ae29c1..b1064a7 100644 --- a/ui/vnc-auth-sasl.c +++ b/ui/vnc-auth-sasl.c @@ -150,7 +150,7 @@ static int vnc_auth_sasl_check_access(VncState *vs) return 0; } - allow = qemu_acl_party_is_allowed(vs->vd->sasl.acl, vs->sasl.username); + allow = qauthz_is_allowed(vs->vd->sasl.acl, vs->sasl.username, NULL); VNC_DEBUG("SASL client %s %s by ACL\n", vs->sasl.username, allow ? "allowed" : "denied"); diff --git a/ui/vnc-auth-sasl.h b/ui/vnc-auth-sasl.h index 3f59da6..a6ffb7e 100644 --- a/ui/vnc-auth-sasl.h +++ b/ui/vnc-auth-sasl.h @@ -32,7 +32,7 @@ typedef struct VncStateSASL VncStateSASL; typedef struct VncDisplaySASL VncDisplaySASL; -#include "qemu/acl.h" +#include "qemu/authz.h" #include "qemu/main-loop.h" struct VncStateSASL { @@ -61,7 +61,7 @@ struct VncStateSASL { }; struct VncDisplaySASL { - qemu_acl *acl; + QAuthZ *acl; }; void vnc_sasl_client_cleanup(VncState *vs); diff --git a/ui/vnc.c b/ui/vnc.c index d2ebf1f..ba07715 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -33,7 +33,7 @@ #include "qemu/error-report.h" #include "qemu/sockets.h" #include "qemu/timer.h" -#include "qemu/acl.h" +#include "qemu/authz-simple.h" #include "qemu/config-file.h" #include "qapi/qmp/qerror.h" #include "qapi/qmp/types.h" @@ -3707,7 +3707,9 @@ void vnc_display_open(const char *id, Error **errp) } else { vs->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vs->id); } - qemu_acl_init(vs->tlsaclname); + qauthz_simple_new(vs->tlsaclname, + QAUTHZ_SIMPLE_POLICY_DENY, + &error_abort); } #ifdef CONFIG_VNC_SASL if (acl && sasl) { @@ -3718,7 +3720,10 @@ void vnc_display_open(const char *id, Error **errp) } else { aclname = g_strdup_printf("vnc.%s.username", vs->id); } - vs->sasl.acl = qemu_acl_init(aclname); + vs->sasl.acl = + QAUTHZ(qauthz_simple_new(aclname, + QAUTHZ_SIMPLE_POLICY_DENY, + &error_abort)); g_free(aclname); } #endif diff --git a/util/Makefile.objs b/util/Makefile.objs index 4870905..44078c1 100644 --- a/util/Makefile.objs +++ b/util/Makefile.objs @@ -13,7 +13,6 @@ util-obj-y += envlist.o path.o module.o util-obj-$(call lnot,$(CONFIG_INT128)) += host-utils.o util-obj-y += bitmap.o bitops.o hbitmap.o util-obj-y += fifo8.o -util-obj-y += acl.o util-obj-y += error.o qemu-error.o util-obj-y += id.o util-obj-y += iov.o qemu-config.o qemu-sockets.o uri.o notify.o diff --git a/util/acl.c b/util/acl.c deleted file mode 100644 index 723b6a8..0000000 --- a/util/acl.c +++ /dev/null @@ -1,188 +0,0 @@ -/* - * QEMU access control list management - * - * Copyright (C) 2009 Red Hat, Inc - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL - * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - - -#include "qemu/osdep.h" -#include "qemu-common.h" -#include "qemu/acl.h" - -#ifdef CONFIG_FNMATCH -#include -#endif - - -static unsigned int nacls = 0; -static qemu_acl **acls = NULL; - - - -qemu_acl *qemu_acl_find(const char *aclname) -{ - int i; - for (i = 0 ; i < nacls ; i++) { - if (strcmp(acls[i]->aclname, aclname) == 0) - return acls[i]; - } - - return NULL; -} - -qemu_acl *qemu_acl_init(const char *aclname) -{ - qemu_acl *acl; - - acl = qemu_acl_find(aclname); - if (acl) - return acl; - - acl = g_malloc(sizeof(*acl)); - acl->aclname = g_strdup(aclname); - /* Deny by default, so there is no window of "open - * access" between QEMU starting, and the user setting - * up ACLs in the monitor */ - acl->defaultDeny = 1; - - acl->nentries = 0; - QTAILQ_INIT(&acl->entries); - - acls = g_realloc(acls, sizeof(*acls) * (nacls +1)); - acls[nacls] = acl; - nacls++; - - return acl; -} - -int qemu_acl_party_is_allowed(qemu_acl *acl, - const char *party) -{ - qemu_acl_entry *entry; - - QTAILQ_FOREACH(entry, &acl->entries, next) { -#ifdef CONFIG_FNMATCH - if (fnmatch(entry->match, party, 0) == 0) - return entry->deny ? 0 : 1; -#else - /* No fnmatch, so fallback to exact string matching - * instead of allowing wildcards */ - if (strcmp(entry->match, party) == 0) - return entry->deny ? 0 : 1; -#endif - } - - return acl->defaultDeny ? 0 : 1; -} - - -void qemu_acl_reset(qemu_acl *acl) -{ - qemu_acl_entry *entry, *next_entry; - - /* Put back to deny by default, so there is no window - * of "open access" while the user re-initializes the - * access control list */ - acl->defaultDeny = 1; - QTAILQ_FOREACH_SAFE(entry, &acl->entries, next, next_entry) { - QTAILQ_REMOVE(&acl->entries, entry, next); - g_free(entry->match); - g_free(entry); - } - acl->nentries = 0; -} - - -int qemu_acl_append(qemu_acl *acl, - int deny, - const char *match) -{ - qemu_acl_entry *entry; - - entry = g_malloc(sizeof(*entry)); - entry->match = g_strdup(match); - entry->deny = deny; - - QTAILQ_INSERT_TAIL(&acl->entries, entry, next); - acl->nentries++; - - return acl->nentries; -} - - -int qemu_acl_insert(qemu_acl *acl, - int deny, - const char *match, - int index) -{ - qemu_acl_entry *tmp; - int i = 0; - - if (index <= 0) - return -1; - if (index > acl->nentries) { - return qemu_acl_append(acl, deny, match); - } - - QTAILQ_FOREACH(tmp, &acl->entries, next) { - i++; - if (i == index) { - qemu_acl_entry *entry; - entry = g_malloc(sizeof(*entry)); - entry->match = g_strdup(match); - entry->deny = deny; - - QTAILQ_INSERT_BEFORE(tmp, entry, next); - acl->nentries++; - break; - } - } - - return i; -} - -int qemu_acl_remove(qemu_acl *acl, - const char *match) -{ - qemu_acl_entry *entry; - int i = 0; - - QTAILQ_FOREACH(entry, &acl->entries, next) { - i++; - if (strcmp(entry->match, match) == 0) { - QTAILQ_REMOVE(&acl->entries, entry, next); - acl->nentries--; - g_free(entry->match); - g_free(entry); - return i; - } - } - return -1; -} - - -/* - * Local variables: - * c-indent-level: 4 - * c-basic-offset: 4 - * tab-width: 8 - * End: - */