diff options
author | Pavel Moravec <pmoravec@apache.org> | 2014-03-11 09:40:08 +0000 |
---|---|---|
committer | Pavel Moravec <pmoravec@apache.org> | 2014-03-11 09:40:08 +0000 |
commit | 949e9f7f6e07fff5fadde2bbf20cde5fcc20be0a (patch) | |
tree | 6c6c422819dfec16024cc8f4557a3f68470487fc | |
parent | 336a39d03b5b4a9d23938c9efff0505ba0c261d2 (diff) | |
download | qpid-python-949e9f7f6e07fff5fadde2bbf20cde5fcc20be0a.tar.gz |
QPID-5621: [C++ broker] userId is not passed to ACL when DIGEST-MD5 is used while creating link
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1576248 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | qpid/cpp/src/qpid/broker/ConnectionHandler.cpp | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp b/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp index fe8a84dcce..f735d22cd3 100644 --- a/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp +++ b/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp @@ -196,27 +196,6 @@ void ConnectionHandler::Handler::startOk(const ConnectionStartOkBody& body) if (clientProperties.isSet(QPID_FED_TAG)) { connection.setFederationPeerTag(clientProperties.getAsString(QPID_FED_TAG)); } - if (connection.isFederationLink()) { - AclModule* acl = connection.getBroker().getAcl(); - if (acl && acl->userAclRules()) { - if (!acl->authorise(connection.getUserId(),acl::ACT_CREATE,acl::OBJ_LINK,"")){ - proxy.close(framing::connection::CLOSE_CODE_CONNECTION_FORCED, - QPID_MSG("ACL denied " << connection.getUserId() - << " creating a federation link")); - return; - } - } else { - Broker::Options& conf = connection.getBroker().getOptions(); - if (conf.auth) { - proxy.close(framing::connection::CLOSE_CODE_CONNECTION_FORCED, - QPID_MSG("User " << connection.getUserId() - << " federation connection denied. Systems with authentication " - "enabled must specify ACL create link rules.")); - return; - } - } - QPID_LOG(info, "Connection is a federation link"); - } } void ConnectionHandler::Handler::secureOk(const string& response) @@ -255,6 +234,27 @@ void ConnectionHandler::Handler::tuneOk(uint16_t /*channelmax*/, void ConnectionHandler::Handler::open(const string& /*virtualHost*/, const framing::Array& /*capabilities*/, bool /*insist*/) { + if (connection.isFederationLink()) { + AclModule* acl = connection.getBroker().getAcl(); + if (acl && acl->userAclRules()) { + if (!acl->authorise(connection.getUserId(),acl::ACT_CREATE,acl::OBJ_LINK,"")){ + proxy.close(framing::connection::CLOSE_CODE_CONNECTION_FORCED, + QPID_MSG("ACL denied " << connection.getUserId() + << " creating a federation link")); + return; + } + } else { + Broker::Options& conf = connection.getBroker().getOptions(); + if (conf.auth) { + proxy.close(framing::connection::CLOSE_CODE_CONNECTION_FORCED, + QPID_MSG("User " << connection.getUserId() + << " federation connection denied. Systems with authentication " + "enabled must specify ACL create link rules.")); + return; + } + } + QPID_LOG(info, "Connection is a federation link"); + } std::vector<Url> urls = connection.getBroker().getKnownBrokers(); framing::Array array(0x95); // str16 array for (std::vector<Url>::iterator i = urls.begin(); i < urls.end(); ++i) |