diff options
author | Alan Conway <aconway@apache.org> | 2011-10-12 18:31:07 +0000 |
---|---|---|
committer | Alan Conway <aconway@apache.org> | 2011-10-12 18:31:07 +0000 |
commit | 6879ee47e9030cd43a48c3d2c06928852cfc912e (patch) | |
tree | db8b1292e0d9dce6f4ede89d21382f1ddc13e17e | |
parent | 50b65fe31f427a1fe6eb1b92014b76b9a4d4771a (diff) | |
download | qpid-python-6879ee47e9030cd43a48c3d2c06928852cfc912e.tar.gz |
QPID-3544: ACL denials while replicating exclusive queues to a newly joined node.
Changes missed from previous commit.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1182514 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | qpid/cpp/src/qpid/broker/ConnectionHandler.cpp | 7 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/broker/ConnectionHandler.h | 1 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/broker/SemanticState.cpp | 5 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/broker/SemanticState.h | 1 |
4 files changed, 5 insertions, 9 deletions
diff --git a/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp b/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp index 82b72d3f52..7cd91ae539 100644 --- a/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp +++ b/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp @@ -108,13 +108,10 @@ ConnectionHandler::ConnectionHandler(Connection& connection, bool isClient, bool ConnectionHandler::Handler::Handler(Connection& c, bool isClient, bool isShadow) : proxy(c.getOutput()), - connection(c), serverMode(!isClient), acl(0), secured(0), + connection(c), serverMode(!isClient), secured(0), isOpen(false) { if (serverMode) { - - acl = connection.getBroker().getAcl(); - FieldTable properties; Array mechanisms(0x95); @@ -168,6 +165,8 @@ void ConnectionHandler::Handler::startOk(const ConnectionStartOkBody& body) connection.setFederationPeerTag(clientProperties.getAsString(QPID_FED_TAG)); } if (connection.isFederationLink()) { + AclModule* acl = connection.getBroker().getAcl(); + FieldTable properties; if (acl && !acl->authorise(connection.getUserId(),acl::ACT_CREATE,acl::OBJ_LINK,"")){ proxy.close(framing::connection::CLOSE_CODE_CONNECTION_FORCED,"ACL denied creating a federation link"); return; diff --git a/qpid/cpp/src/qpid/broker/ConnectionHandler.h b/qpid/cpp/src/qpid/broker/ConnectionHandler.h index f3e7d7d21d..05c5f00c57 100644 --- a/qpid/cpp/src/qpid/broker/ConnectionHandler.h +++ b/qpid/cpp/src/qpid/broker/ConnectionHandler.h @@ -59,7 +59,6 @@ class ConnectionHandler : public framing::FrameHandler Connection& connection; bool serverMode; std::auto_ptr<SaslAuthenticator> authenticator; - AclModule* acl; SecureConnection* secured; bool isOpen; diff --git a/qpid/cpp/src/qpid/broker/SemanticState.cpp b/qpid/cpp/src/qpid/broker/SemanticState.cpp index 380ec656cb..fbcb21eab9 100644 --- a/qpid/cpp/src/qpid/broker/SemanticState.cpp +++ b/qpid/cpp/src/qpid/broker/SemanticState.cpp @@ -75,9 +75,7 @@ SemanticState::SemanticState(DeliveryAdapter& da, SessionContext& ss) userName(getSession().getConnection().getUserId().substr(0,getSession().getConnection().getUserId().find('@'))), isDefaultRealm(userID.find('@') != std::string::npos && getSession().getBroker().getOptions().realm == userID.substr(userID.find('@')+1,userID.size())), closeComplete(false) -{ - acl = getSession().getBroker().getAcl(); -} +{} SemanticState::~SemanticState() { closed(); @@ -488,6 +486,7 @@ void SemanticState::route(intrusive_ptr<Message> msg, Deliverable& strategy) { throw UnauthorizedAccessException(QPID_MSG("authorised user id : " << userID << " but user id in message declared as " << id)); } + AclModule* acl = getSession().getBroker().getAcl(); if (acl && acl->doTransferAcl()) { if (!acl->authorise(getSession().getConnection().getUserId(),acl::ACT_PUBLISH,acl::OBJ_EXCHANGE,exchangeName, msg->getRoutingKey() )) diff --git a/qpid/cpp/src/qpid/broker/SemanticState.h b/qpid/cpp/src/qpid/broker/SemanticState.h index 12ccc75f11..6d88dd56d9 100644 --- a/qpid/cpp/src/qpid/broker/SemanticState.h +++ b/qpid/cpp/src/qpid/broker/SemanticState.h @@ -165,7 +165,6 @@ class SemanticState : private boost::noncopyable { DtxBufferMap suspendedXids; framing::SequenceSet accumulatedAck; boost::shared_ptr<Exchange> cacheExchange; - AclModule* acl; const bool authMsg; const std::string userID; const std::string userName; |