QPID-5599: C++ Broker silently ignores --max-connections option when no ACL file is loaded.

Always create an ACL object. If no ACL file is specified then create 
a permissive, empty ACL rule set.



git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1574208 13f79535-47bb-0310-9956-ffa450edef68

3 files changed, 41 insertions, 12 deletions

diff --git a/qpid/cpp/src/qpid/acl/Acl.cpp b/qpid/cpp/src/qpid/acl/Acl.cpp
index aeee42563c..e75573b623 100644
--- a/qpid/cpp/src/qpid/acl/Acl.cpp
+++ b/qpid/cpp/src/qpid/acl/Acl.cpp
@@ -77,10 +77,16 @@ Acl::Acl (AclValues& av, Broker& b): aclValues(av), broker(&b), transferAcl(fals
         mgmtObject->set_maxConnectionsPerUser(aclValues.aclMaxConnectPerUser);
         mgmtObject->set_maxQueuesPerUser(aclValues.aclMaxQueuesPerUser);
     }
-    std::string errorString;
-    if (!readAclFile(errorString)){
-        if (mgmtObject!=0) mgmtObject->set_enforcingAcl(0);
-        throw Exception("Could not read ACL file " + errorString);
+
+    if (!aclValues.aclFile.empty()) {
+        std::string errorString;
+        if (!readAclFile(errorString)){
+            if (mgmtObject!=0) mgmtObject->set_enforcingAcl(0);
+            throw Exception("Could not read ACL file " + errorString);
+        }
+    } else {
+        loadEmptyAclRuleset();
+        QPID_LOG(debug, "ACL loaded empty rule set");
     }
     broker->getConnectionObservers().add(connectionCounter);
     QPID_LOG(info, "ACL Plugin loaded");
@@ -280,6 +286,29 @@ bool Acl::readAclFile(std::string& aclFile, std::string& errorText) {
     return true;
 }
 
+//
+// loadEmptyAclRuleset()
+//
+// No ACL file is specified but ACL should run.
+// Create a ruleset as if only "ACL ALLOW ALL ALL" was in a file
+//
+void Acl::loadEmptyAclRuleset() {
+    boost::shared_ptr<AclData> d(new AclData);
+    d->decisionMode = ALLOW;
+    d->aclSource = "";
+    {
+        Mutex::ScopedLock locker(dataLock);
+        data = d;
+    }
+    if (mgmtObject!=0){
+        mgmtObject->set_transferAcl(transferAcl?1:0);
+        mgmtObject->set_policyFile("");
+        sys::AbsTime now = sys::AbsTime::now();
+        int64_t ns = sys::Duration(sys::EPOCH, now);
+        mgmtObject->set_lastAclLoad(ns);
+        agent->raiseEvent(_qmf::EventFileLoaded(""));
+    }
+}
 
 //
 // management lookup function performs general query on acl engine
diff --git a/qpid/cpp/src/qpid/acl/Acl.h b/qpid/cpp/src/qpid/acl/Acl.h
index ea3c6586a3..d1d7033fe3 100644
--- a/qpid/cpp/src/qpid/acl/Acl.h
+++ b/qpid/cpp/src/qpid/acl/Acl.h
@@ -115,6 +115,7 @@ private:
         const std::string& name);
     bool readAclFile(std::string& errorText);
     bool readAclFile(std::string& aclFile, std::string& errorText);
+    void loadEmptyAclRuleset();
     Manageable::status_t lookup       (management::Args& args, std::string& text);
     Manageable::status_t lookupPublish(management::Args& args, std::string& text);
     virtual qpid::management::ManagementObject::shared_ptr GetManagementObject(void) const;
diff --git a/qpid/cpp/src/qpid/acl/AclPlugin.cpp b/qpid/cpp/src/qpid/acl/AclPlugin.cpp
index 2e254f7a9a..8a8223230f 100644
--- a/qpid/cpp/src/qpid/acl/AclPlugin.cpp
+++ b/qpid/cpp/src/qpid/acl/AclPlugin.cpp
@@ -62,17 +62,16 @@ struct AclPlugin : public Plugin {
     Options* getOptions() { return &options; }
 
     void init(broker::Broker& b) {
-        if (values.aclFile.empty()){
-            QPID_LOG(info, "Policy file not specified. ACL Disabled, no ACL checking being done!");
-        	return;
-        }
-
     	if (acl) throw Exception("ACL plugin cannot be initialized twice in one process.");
 
-        sys::Path aclFile(values.aclFile);
-        sys::Path dataDir(b.getDataDir().getPath());
-        if (!aclFile.isAbsolute() && !dataDir.empty())
+        if (values.aclFile.empty()){
+            QPID_LOG(info, "ACL Policy file not specified.");
+        } else {
+	  sys::Path aclFile(values.aclFile);
+	  sys::Path dataDir(b.getDataDir().getPath());
+	  if (!aclFile.isAbsolute() && !dataDir.empty())
             values.aclFile =  (dataDir + aclFile).str();
+	}
 
         acl = new Acl(values, b);
         b.setAcl(acl.get());