QPID-4631: C++ Broker federated links are protected by ACL policy.

This issue evolved a bit between the original discussion and the final commit. See https://reviews.apache.org/r/10658/ for the details. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1477112 13f79535-47bb-0310-9956-ffa450edef68
author: Charles E. Rolke <chug@apache.org> 2013-04-29 14:49:31 +0000
committer: Charles E. Rolke <chug@apache.org> 2013-04-29 14:49:31 +0000
commit: 40a881a99142e96b0fcc6d546deeaf88615b0315 (patch)
tree: fde6804213176bbe511a580d70b382d730e12374 /cpp/src/qpid/broker/ConnectionHandler.cpp
parent: 5783730b1d5ee16c884768c08dcf6a67dd2897cf (diff)
download: qpid-python-40a881a99142e96b0fcc6d546deeaf88615b0315.tar.gz
1 files changed, 16 insertions, 6 deletions
diff --git a/cpp/src/qpid/broker/ConnectionHandler.cpp b/cpp/src/qpid/broker/ConnectionHandler.cpp
index ac05178fce..d2ab675ecd 100644
--- a/cpp/src/qpid/broker/ConnectionHandler.cpp
+++ b/cpp/src/qpid/broker/ConnectionHandler.cpp
@@ -201,12 +201,22 @@ void ConnectionHandler::Handler::startOk(const ConnectionStartOkBody& body)
     }
     if (connection.isFederationLink()) {
         AclModule* acl =  connection.getBroker().getAcl();
-        FieldTable properties;
-    	if (acl && !acl->authorise(connection.getUserId(),acl::ACT_CREATE,acl::OBJ_LINK,"")){
-            proxy.close(framing::connection::CLOSE_CODE_CONNECTION_FORCED,
-                        QPID_MSG("ACL denied " << connection.getUserId()
-                                 << " creating a federation link"));
-            return;
+        if (acl) {
+            if (!acl->authorise(connection.getUserId(),acl::ACT_CREATE,acl::OBJ_LINK,"")){
+                proxy.close(framing::connection::CLOSE_CODE_CONNECTION_FORCED,
+                            QPID_MSG("ACL denied " << connection.getUserId()
+                                        << " creating a federation link"));
+                return;
+            }
+        } else {
+            Broker::Options& conf = connection.getBroker().getOptions();
+            if (conf.auth) {
+                proxy.close(framing::connection::CLOSE_CODE_CONNECTION_FORCED,
+                            QPID_MSG("User " << connection.getUserId()
+                                << " federation connection denied. Systems with authentication "
+                                   "enabled must specify ACL create link rules."));
+                return;
+            }
         }
         QPID_LOG(info, "Connection is a federation link");
     }
author	Charles E. Rolke <chug@apache.org>	2013-04-29 14:49:31 +0000
committer	Charles E. Rolke <chug@apache.org>	2013-04-29 14:49:31 +0000
commit	40a881a99142e96b0fcc6d546deeaf88615b0315 (patch)
tree	fde6804213176bbe511a580d70b382d730e12374 /cpp/src/qpid/broker/ConnectionHandler.cpp
parent	5783730b1d5ee16c884768c08dcf6a67dd2897cf (diff)
download	qpid-python-40a881a99142e96b0fcc6d546deeaf88615b0315.tar.gz