diff options
author | Charles E. Rolke <chug@apache.org> | 2014-03-04 21:18:15 +0000 |
---|---|---|
committer | Charles E. Rolke <chug@apache.org> | 2014-03-04 21:18:15 +0000 |
commit | 32ff4915c0ad83a6c832c96edb319c794c7d3ced (patch) | |
tree | 1e2d715590949d34428774dda66d1044a19654ac | |
parent | 83cb92ee0a6f4763da2670538a2429e271dde129 (diff) | |
download | qpid-python-32ff4915c0ad83a6c832c96edb319c794c7d3ced.tar.gz |
QPID-5599: C++ Broker silently ignores --max-connections option when no ACL file is loaded.
Always create an ACL object. If no ACL file is specified then create
a permissive, empty ACL rule set.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1574208 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | qpid/cpp/src/qpid/acl/Acl.cpp | 37 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/acl/Acl.h | 1 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/acl/AclPlugin.cpp | 15 |
3 files changed, 41 insertions, 12 deletions
diff --git a/qpid/cpp/src/qpid/acl/Acl.cpp b/qpid/cpp/src/qpid/acl/Acl.cpp index aeee42563c..e75573b623 100644 --- a/qpid/cpp/src/qpid/acl/Acl.cpp +++ b/qpid/cpp/src/qpid/acl/Acl.cpp @@ -77,10 +77,16 @@ Acl::Acl (AclValues& av, Broker& b): aclValues(av), broker(&b), transferAcl(fals mgmtObject->set_maxConnectionsPerUser(aclValues.aclMaxConnectPerUser); mgmtObject->set_maxQueuesPerUser(aclValues.aclMaxQueuesPerUser); } - std::string errorString; - if (!readAclFile(errorString)){ - if (mgmtObject!=0) mgmtObject->set_enforcingAcl(0); - throw Exception("Could not read ACL file " + errorString); + + if (!aclValues.aclFile.empty()) { + std::string errorString; + if (!readAclFile(errorString)){ + if (mgmtObject!=0) mgmtObject->set_enforcingAcl(0); + throw Exception("Could not read ACL file " + errorString); + } + } else { + loadEmptyAclRuleset(); + QPID_LOG(debug, "ACL loaded empty rule set"); } broker->getConnectionObservers().add(connectionCounter); QPID_LOG(info, "ACL Plugin loaded"); @@ -280,6 +286,29 @@ bool Acl::readAclFile(std::string& aclFile, std::string& errorText) { return true; } +// +// loadEmptyAclRuleset() +// +// No ACL file is specified but ACL should run. +// Create a ruleset as if only "ACL ALLOW ALL ALL" was in a file +// +void Acl::loadEmptyAclRuleset() { + boost::shared_ptr<AclData> d(new AclData); + d->decisionMode = ALLOW; + d->aclSource = ""; + { + Mutex::ScopedLock locker(dataLock); + data = d; + } + if (mgmtObject!=0){ + mgmtObject->set_transferAcl(transferAcl?1:0); + mgmtObject->set_policyFile(""); + sys::AbsTime now = sys::AbsTime::now(); + int64_t ns = sys::Duration(sys::EPOCH, now); + mgmtObject->set_lastAclLoad(ns); + agent->raiseEvent(_qmf::EventFileLoaded("")); + } +} // // management lookup function performs general query on acl engine diff --git a/qpid/cpp/src/qpid/acl/Acl.h b/qpid/cpp/src/qpid/acl/Acl.h index ea3c6586a3..d1d7033fe3 100644 --- a/qpid/cpp/src/qpid/acl/Acl.h +++ b/qpid/cpp/src/qpid/acl/Acl.h @@ -115,6 +115,7 @@ private: const std::string& name); bool readAclFile(std::string& errorText); bool readAclFile(std::string& aclFile, std::string& errorText); + void loadEmptyAclRuleset(); Manageable::status_t lookup (management::Args& args, std::string& text); Manageable::status_t lookupPublish(management::Args& args, std::string& text); virtual qpid::management::ManagementObject::shared_ptr GetManagementObject(void) const; diff --git a/qpid/cpp/src/qpid/acl/AclPlugin.cpp b/qpid/cpp/src/qpid/acl/AclPlugin.cpp index 2e254f7a9a..8a8223230f 100644 --- a/qpid/cpp/src/qpid/acl/AclPlugin.cpp +++ b/qpid/cpp/src/qpid/acl/AclPlugin.cpp @@ -62,17 +62,16 @@ struct AclPlugin : public Plugin { Options* getOptions() { return &options; } void init(broker::Broker& b) { - if (values.aclFile.empty()){ - QPID_LOG(info, "Policy file not specified. ACL Disabled, no ACL checking being done!"); - return; - } - if (acl) throw Exception("ACL plugin cannot be initialized twice in one process."); - sys::Path aclFile(values.aclFile); - sys::Path dataDir(b.getDataDir().getPath()); - if (!aclFile.isAbsolute() && !dataDir.empty()) + if (values.aclFile.empty()){ + QPID_LOG(info, "ACL Policy file not specified."); + } else { + sys::Path aclFile(values.aclFile); + sys::Path dataDir(b.getDataDir().getPath()); + if (!aclFile.isAbsolute() && !dataDir.empty()) values.aclFile = (dataDir + aclFile).str(); + } acl = new Acl(values, b); b.setAcl(acl.get()); |