diff options
author | Alan Conway <aconway@apache.org> | 2011-10-12 18:31:07 +0000 |
---|---|---|
committer | Alan Conway <aconway@apache.org> | 2011-10-12 18:31:07 +0000 |
commit | 7a769f0e9ff0c52e45098653c9f67487ab2fc6c5 (patch) | |
tree | 93bbbaa7c66f8e6a9c81ddbd209acbea29659922 | |
parent | 23a0d956ffa79aa3e3fbf43e3755f1cea387b562 (diff) | |
download | qpid-python-7a769f0e9ff0c52e45098653c9f67487ab2fc6c5.tar.gz |
QPID-3544: ACL denials while replicating exclusive queues to a newly joined node.
Changes missed from previous commit.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1182514 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | cpp/src/qpid/broker/ConnectionHandler.cpp | 7 | ||||
-rw-r--r-- | cpp/src/qpid/broker/ConnectionHandler.h | 1 | ||||
-rw-r--r-- | cpp/src/qpid/broker/SemanticState.cpp | 5 | ||||
-rw-r--r-- | cpp/src/qpid/broker/SemanticState.h | 1 |
4 files changed, 5 insertions, 9 deletions
diff --git a/cpp/src/qpid/broker/ConnectionHandler.cpp b/cpp/src/qpid/broker/ConnectionHandler.cpp index 82b72d3f52..7cd91ae539 100644 --- a/cpp/src/qpid/broker/ConnectionHandler.cpp +++ b/cpp/src/qpid/broker/ConnectionHandler.cpp @@ -108,13 +108,10 @@ ConnectionHandler::ConnectionHandler(Connection& connection, bool isClient, bool ConnectionHandler::Handler::Handler(Connection& c, bool isClient, bool isShadow) : proxy(c.getOutput()), - connection(c), serverMode(!isClient), acl(0), secured(0), + connection(c), serverMode(!isClient), secured(0), isOpen(false) { if (serverMode) { - - acl = connection.getBroker().getAcl(); - FieldTable properties; Array mechanisms(0x95); @@ -168,6 +165,8 @@ void ConnectionHandler::Handler::startOk(const ConnectionStartOkBody& body) connection.setFederationPeerTag(clientProperties.getAsString(QPID_FED_TAG)); } if (connection.isFederationLink()) { + AclModule* acl = connection.getBroker().getAcl(); + FieldTable properties; if (acl && !acl->authorise(connection.getUserId(),acl::ACT_CREATE,acl::OBJ_LINK,"")){ proxy.close(framing::connection::CLOSE_CODE_CONNECTION_FORCED,"ACL denied creating a federation link"); return; diff --git a/cpp/src/qpid/broker/ConnectionHandler.h b/cpp/src/qpid/broker/ConnectionHandler.h index f3e7d7d21d..05c5f00c57 100644 --- a/cpp/src/qpid/broker/ConnectionHandler.h +++ b/cpp/src/qpid/broker/ConnectionHandler.h @@ -59,7 +59,6 @@ class ConnectionHandler : public framing::FrameHandler Connection& connection; bool serverMode; std::auto_ptr<SaslAuthenticator> authenticator; - AclModule* acl; SecureConnection* secured; bool isOpen; diff --git a/cpp/src/qpid/broker/SemanticState.cpp b/cpp/src/qpid/broker/SemanticState.cpp index 380ec656cb..fbcb21eab9 100644 --- a/cpp/src/qpid/broker/SemanticState.cpp +++ b/cpp/src/qpid/broker/SemanticState.cpp @@ -75,9 +75,7 @@ SemanticState::SemanticState(DeliveryAdapter& da, SessionContext& ss) userName(getSession().getConnection().getUserId().substr(0,getSession().getConnection().getUserId().find('@'))), isDefaultRealm(userID.find('@') != std::string::npos && getSession().getBroker().getOptions().realm == userID.substr(userID.find('@')+1,userID.size())), closeComplete(false) -{ - acl = getSession().getBroker().getAcl(); -} +{} SemanticState::~SemanticState() { closed(); @@ -488,6 +486,7 @@ void SemanticState::route(intrusive_ptr<Message> msg, Deliverable& strategy) { throw UnauthorizedAccessException(QPID_MSG("authorised user id : " << userID << " but user id in message declared as " << id)); } + AclModule* acl = getSession().getBroker().getAcl(); if (acl && acl->doTransferAcl()) { if (!acl->authorise(getSession().getConnection().getUserId(),acl::ACT_PUBLISH,acl::OBJ_EXCHANGE,exchangeName, msg->getRoutingKey() )) diff --git a/cpp/src/qpid/broker/SemanticState.h b/cpp/src/qpid/broker/SemanticState.h index 12ccc75f11..6d88dd56d9 100644 --- a/cpp/src/qpid/broker/SemanticState.h +++ b/cpp/src/qpid/broker/SemanticState.h @@ -165,7 +165,6 @@ class SemanticState : private boost::noncopyable { DtxBufferMap suspendedXids; framing::SequenceSet accumulatedAck; boost::shared_ptr<Exchange> cacheExchange; - AclModule* acl; const bool authMsg; const std::string userID; const std::string userName; |