Committing the patch attached to QPID-2488

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@932148 13f79535-47bb-0310-9956-ffa450edef68

5 files changed, 232 insertions, 1 deletions

diff --git a/cpp/src/CMakeLists.txt b/cpp/src/CMakeLists.txt
index eda106c0c7..164b02d822 100644
--- a/cpp/src/CMakeLists.txt
+++ b/cpp/src/CMakeLists.txt
@@ -412,6 +412,8 @@ if (BUILD_ACL)
        qpid/acl/AclPlugin.cpp
        qpid/acl/AclReader.cpp
        qpid/acl/AclReader.h
+       qpid/acl/AclValidator.cpp
+       qpid/acl/AclValidator.h
       )
   # Windows builds the ACL code into the qpidbroker library; see QPID-1842
   # for history and rationale. If this is changed, remove the acl_SOURCES from
diff --git a/cpp/src/acl.mk b/cpp/src/acl.mk
index 95b47acc1c..cedac7d881 100644
--- a/cpp/src/acl.mk
+++ b/cpp/src/acl.mk
@@ -28,7 +28,9 @@ acl_la_SOURCES = \
   qpid/acl/AclData.h \
   qpid/acl/AclPlugin.cpp \
   qpid/acl/AclReader.cpp \
-  qpid/acl/AclReader.h
+  qpid/acl/AclReader.h \
+  qpid/acl/AclValidator.cpp \
+  qpid/acl/AclValidator.h
 
 acl_la_LIBADD = libqpidbroker.la
 if SUNOS
diff --git a/cpp/src/qpid/acl/Acl.cpp b/cpp/src/qpid/acl/Acl.cpp
index e510920f6c..0e1379d7aa 100644
--- a/cpp/src/qpid/acl/Acl.cpp
+++ b/cpp/src/qpid/acl/Acl.cpp
@@ -18,6 +18,7 @@
 
 #include "qpid/acl/Acl.h"
 #include "qpid/acl/AclData.h"
+#include "qpid/acl/AclValidator.h"
 
 #include "qpid/broker/Broker.h"
 #include "qpid/Plugin.h"
@@ -129,6 +130,9 @@ Acl::Acl (AclValues& av, Broker& b): aclValues(av), broker(&b), transferAcl(fals
           return false;
       }
 
+      AclValidator validator;
+      validator.validate(d);
+
       data = d;
 	  transferAcl = data->transferAcl; // any transfer ACL
       data->aclSource = aclFile; 
diff --git a/cpp/src/qpid/acl/AclValidator.cpp b/cpp/src/qpid/acl/AclValidator.cpp
new file mode 100644
index 0000000000..7c7fb231b5
--- /dev/null
+++ b/cpp/src/qpid/acl/AclValidator.cpp
@@ -0,0 +1,141 @@
+/*
+ *
+ * Copyright (c) 2006 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include "qpid/acl/AclValidator.h"
+#include "qpid/acl/AclData.h"
+#include "qpid/Exception.h"
+#include "qpid/log/Statement.h"
+#include "qpid/sys/IntegerTypes.h"
+#include <boost/lexical_cast.hpp>
+#include <numeric>
+#include <sstream>
+
+namespace qpid {
+namespace acl {
+
+AclValidator::AclIntProperty::AclIntProperty(int64_t i,int64_t j) : min(i), max(j){    
+}
+
+bool AclValidator::AclIntProperty::validate(const std::string& val) {
+  int64_t v;
+  try
+  {
+    v = boost::lexical_cast<int64_t>(val);
+  }catch(const boost::bad_lexical_cast& e){
+    return 0;
+  }
+
+  if (v < min || v >= max){
+    return 0;
+  }else{
+    return 1;
+  }
+}
+
+std::string AclValidator::AclIntProperty::allowedValues() {
+   return "values should be between " + 
+          boost::lexical_cast<std::string>(min) + " and " +
+          boost::lexical_cast<std::string>(max);
+}
+
+AclValidator::AclEnumProperty::AclEnumProperty(std::vector<std::string>& allowed): values(allowed){      
+}
+
+bool AclValidator::AclEnumProperty::validate(const std::string& val) {
+  for (std::vector<std::string>::iterator itr = values.begin(); itr != values.end(); ++itr ){
+     if (val.compare(*itr) == 0){
+        return 1;
+     }
+  }
+
+  return 0;
+}
+
+std::string AclValidator::AclEnumProperty::allowedValues() {
+   std::ostringstream oss;
+   oss << "possible values are one of { ";
+   for (std::vector<std::string>::iterator itr = values.begin(); itr != values.end(); itr++ ){
+        oss << "'" << *itr << "' ";
+   }
+   oss << "}";
+   return oss.str();
+}
+
+AclValidator::AclValidator(){
+  validators.insert(Validator(acl::PROP_MAXQUEUESIZE,
+                              boost::shared_ptr<AclProperty>(
+                                new AclIntProperty(0,std::numeric_limits<int64_t>::max()))
+                             )
+                   );
+
+  validators.insert(Validator(acl::PROP_MAXQUEUECOUNT,
+                              boost::shared_ptr<AclProperty>(
+                                new AclIntProperty(0,std::numeric_limits<int64_t>::max()))
+                             )
+                   );
+
+  std::string policyTypes[] = {"ring", "ring_strict", "flow_to_disk", "reject"};
+  std::vector<std::string> v(policyTypes, policyTypes + sizeof(policyTypes) / sizeof(std::string));
+  validators.insert(Validator(acl::PROP_POLICYTYPE,
+                              boost::shared_ptr<AclProperty>(new AclEnumProperty(v))
+                             )
+                   );
+  
+}
+
+AclValidator::~AclValidator(){
+}
+
+/* Iterate through the data model and validate the parameters. */
+void AclValidator::validate(boost::shared_ptr<AclData> d) {
+  
+    for (unsigned int cnt=0; cnt< qpid::acl::ACTIONSIZE; cnt++){
+
+        if (d->actionList[cnt]){
+
+	        for (unsigned int cnt1=0; cnt1< qpid::acl::OBJECTSIZE; cnt1++){
+
+		        if (d->actionList[cnt][cnt1]){
+
+                    for (AclData::actObjItr actionMapItr = d->actionList[cnt][cnt1]->begin(); 
+                      actionMapItr != d->actionList[cnt][cnt1]->end(); actionMapItr++) {
+
+                        for (AclData::ruleSetItr i = actionMapItr->second.begin(); i < actionMapItr->second.end(); i++) {
+                            
+                            for (AclData::propertyMapItr pMItr = i->props.begin(); pMItr != i->props.end(); pMItr++) {
+
+                               ValidatorItr itr = validators.find(pMItr->first);
+                               if (itr != validators.end()){
+                                 QPID_LOG(debug,"Found validator for property " << itr->second->allowedValues());
+
+                                 if (!itr->second->validate(pMItr->second)){
+                                    throw Exception( pMItr->second + " is not a valid value for '" + 
+                                                     AclHelper::getPropertyStr(pMItr->first) + "', " +
+                                                     itr->second->allowedValues());
+                                 }//if
+                               }//if
+                            }//for
+                        }//for 
+                    }//for
+                }//if 
+            }//for
+	    }//if
+	}//for
+}
+
+}}
diff --git a/cpp/src/qpid/acl/AclValidator.h b/cpp/src/qpid/acl/AclValidator.h
new file mode 100644
index 0000000000..1176d2e89c
--- /dev/null
+++ b/cpp/src/qpid/acl/AclValidator.h
@@ -0,0 +1,82 @@
+#ifndef QPID_ACL_ACLVALIDATOR_H
+#define QPID_ACL_ACLVALIDATOR_H
+
+
+/*
+ *
+ * Copyright (c) 2006 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include "qpid/broker/AclModule.h"
+#include "qpid/acl/AclData.h"
+#include "qpid/sys/IntegerTypes.h"
+#include <boost/shared_ptr.hpp>
+#include <vector>
+#include <sstream>
+
+namespace qpid {
+namespace acl {
+
+class AclValidator {
+
+    /* Base Property */
+   class AclProperty{        
+        public:
+            enum PropertyType { INT, STRING, ENUM };
+
+        public:
+            virtual int getType()=0;
+            virtual bool validate(const std::string& val)=0;
+            virtual std::string allowedValues()=0;
+   };
+
+   class AclIntProperty : public AclProperty{        
+            int64_t min;
+            int64_t max;
+        
+        public:
+            AclIntProperty(int64_t min,int64_t max);
+            int getType(){ return AclProperty::INT; }
+            virtual bool validate(const std::string& val);
+            virtual std::string allowedValues();
+   };
+
+   class AclEnumProperty : public AclProperty{
+            std::vector<std::string> values;               
+
+        public:
+            AclEnumProperty(std::vector<std::string>& allowed);
+            int getType(){ return AclProperty::ENUM; }
+            virtual bool validate(const std::string& val);
+            virtual std::string allowedValues();
+   };
+   
+   typedef std::pair<acl::Property,boost::shared_ptr<AclProperty> > Validator;
+   typedef std::map<acl::Property,boost::shared_ptr<AclProperty> > ValidatorMap;
+   typedef ValidatorMap::iterator ValidatorItr;
+ 
+   ValidatorMap validators;
+
+public:
+     
+   void validate(boost::shared_ptr<AclData> d);
+   AclValidator();
+   ~AclValidator();
+};
+    
+}} // namespace qpid::acl
+
+#endif // QPID_ACL_ACLVALIDATOR_H