s390/hvc_iucv: add simple wildcard matches to the iucv allow filter

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Introduce a wildcard character to filter a range of z/VM user IDs with a single
filter entry. Only the leading portion up to the wildcard of an filter entry
contributes to the match.

This reduces the filter size and avoids configuration updates when deploying
new terminal server instances.

Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

authored by

Hendrik Brueckner and committed by

Martin Schwidefsky 11 years ago 926a7336 2ec50493

+24 -7

1 changed file

expand all

drivers

tty

hvc

hvc_iucv.c

+24 -7

drivers/tty/hvc/hvc_iucv.c

··· 1 1 /* 2 - * hvc_iucv.c - z/VM IUCV hypervisor console (HVC) device driver 2 + * z/VM IUCV hypervisor console (HVC) device driver 3 3 * 4 4 * This HVC device driver provides terminal access using 5 5 * z/VM IUCV communication paths. 6 6 * 7 - * Copyright IBM Corp. 2008, 2009 7 + * Copyright IBM Corp. 2008, 2013 8 8 * 9 9 * Author(s): Hendrik Brueckner <brueckner@linux.vnet.ibm.com> 10 10 */ ··· 102 102 #define IUCV_HVC_CON_IDX (0) 103 103 /* List of z/VM user ID filter entries (struct iucv_vmid_filter) */ 104 104 #define MAX_VMID_FILTER (500) 105 + #define FILTER_WILDCARD_CHAR '*' 105 106 static size_t hvc_iucv_filter_size; 106 107 static void *hvc_iucv_filter; 107 108 static const char *hvc_iucv_filter_string; ··· 735 734 * hvc_iucv_filter_connreq() - Filter connection request based on z/VM user ID 736 735 * @ipvmid: Originating z/VM user ID (right padded with blanks) 737 736 * 738 - * Returns 0 if the z/VM user ID @ipvmid is allowed to connection, otherwise 739 - * non-zero. 737 + * Returns 0 if the z/VM user ID that is specified with @ipvmid is permitted to 738 + * connect, otherwise non-zero. 740 739 */ 741 740 static int hvc_iucv_filter_connreq(u8 ipvmid[8]) 742 741 { 743 - size_t i; 742 + const char *wildcard, *filter_entry; 743 + size_t i, len; 744 744 745 745 /* Note: default policy is ACCEPT if no filter is set */ 746 746 if (!hvc_iucv_filter_size) 747 747 return 0; 748 748 749 - for (i = 0; i < hvc_iucv_filter_size; i++) 750 - if (0 == memcmp(ipvmid, hvc_iucv_filter + (8 * i), 8)) 749 + for (i = 0; i < hvc_iucv_filter_size; i++) { 750 + filter_entry = hvc_iucv_filter + (8 * i); 751 + 752 + /* If a filter entry contains the filter wildcard character, 753 + * reduce the length to match the leading portion of the user 754 + * ID only (wildcard match). Characters following the wildcard 755 + * are ignored. 756 + */ 757 + wildcard = strnchr(filter_entry, 8, FILTER_WILDCARD_CHAR); 758 + len = (wildcard) ? wildcard - filter_entry : 8; 759 + if (0 == memcmp(ipvmid, filter_entry, len)) 751 760 return 0; 761 + } 752 762 return 1; 753 763 } 754 764 ··· 1178 1166 /** 1179 1167 * hvc_iucv_parse_filter() - Parse filter for a single z/VM user ID 1180 1168 * @filter: String containing a comma-separated list of z/VM user IDs 1169 + * @dest: Location where to store the parsed z/VM user ID 1181 1170 */ 1182 1171 static const char *hvc_iucv_parse_filter(const char *filter, char *dest) 1183 1172 { ··· 1200 1187 /* check for '\n' (if called from sysfs) */ 1201 1188 if (filter[len - 1] == '\n') 1202 1189 len--; 1190 + 1191 + /* prohibit filter entries containing the wildcard character only */ 1192 + if (len == 1 && *filter == FILTER_WILDCARD_CHAR) 1193 + return ERR_PTR(-EINVAL); 1203 1194 1204 1195 if (len > 8) 1205 1196 return ERR_PTR(-EINVAL);