summaryrefslogtreecommitdiff
path: root/cpp
diff options
context:
space:
mode:
authorRajith Muditha Attapattu <rajith@apache.org>2008-11-06 20:07:14 +0000
committerRajith Muditha Attapattu <rajith@apache.org>2008-11-06 20:07:14 +0000
commite1132d45340a4d1c91648cac856803428d2a60f4 (patch)
tree5109e258e838c67371d762fd73240f777efa2c50 /cpp
parentee4d8230649fa7ebb5a8688b7a5fdc7da519f1f7 (diff)
downloadqpid-python-e1132d45340a4d1c91648cac856803428d2a60f4.tar.gz
Removed the --enforce-acl option. Instead if a policy file is specified acl will be enabled.
Also removed Route from the Object list and did a bit of code cleanup. git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@711957 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'cpp')
-rw-r--r--cpp/src/qpid/acl/Acl.cpp22
-rw-r--r--cpp/src/qpid/acl/Acl.h5
-rw-r--r--cpp/src/qpid/acl/AclPlugin.cpp20
-rw-r--r--cpp/src/qpid/broker/AclModule.h14
-rwxr-xr-xcpp/src/tests/run_acl_tests2
5 files changed, 24 insertions, 39 deletions
diff --git a/cpp/src/qpid/acl/Acl.cpp b/cpp/src/qpid/acl/Acl.cpp
index ff1d4b066b..238ab9df6c 100644
--- a/cpp/src/qpid/acl/Acl.cpp
+++ b/cpp/src/qpid/acl/Acl.cpp
@@ -64,28 +64,26 @@ Acl::Acl (AclValues& av, broker::Broker& b): aclValues(av), broker(&b), transfer
bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& name, std::map<Property, std::string>* params)
{
- if (!aclValues.enforce) return true;
boost::shared_ptr<AclData> dataLocal = data; //rcu copy
-
- // add real ACL check here...
+
+ // add real ACL check here...
AclResult aclreslt = dataLocal->lookup(id,action,objType,name,params);
-
-
- return result(aclreslt, id, action, objType, name);
+
+
+ return result(aclreslt, id, action, objType, name);
}
bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& ExchangeName, const std::string& RoutingKey)
{
- if (!aclValues.enforce) return true;
boost::shared_ptr<AclData> dataLocal = data; //rcu copy
-
+
// only use dataLocal here...
- AclResult aclreslt = dataLocal->lookup(id,action,objType,ExchangeName,RoutingKey);
-
- return result(aclreslt, id, action, objType, ExchangeName);
+ AclResult aclreslt = dataLocal->lookup(id,action,objType,ExchangeName,RoutingKey);
+
+ return result(aclreslt, id, action, objType, ExchangeName);
}
-
+
bool Acl::result(const AclResult& aclreslt, const std::string& id, const Action& action, const ObjectType& objType, const std::string& name)
{
switch (aclreslt)
diff --git a/cpp/src/qpid/acl/Acl.h b/cpp/src/qpid/acl/Acl.h
index 72a44a5450..2a522bc56d 100644
--- a/cpp/src/qpid/acl/Acl.h
+++ b/cpp/src/qpid/acl/Acl.h
@@ -42,10 +42,7 @@ class Broker;
namespace acl {
struct AclValues {
- bool enforce;
- std::string aclFile;
-
- AclValues() {enforce = false; aclFile = "policy.acl"; }
+ std::string aclFile;
};
diff --git a/cpp/src/qpid/acl/AclPlugin.cpp b/cpp/src/qpid/acl/AclPlugin.cpp
index 6f20ea09be..ffba8d44cf 100644
--- a/cpp/src/qpid/acl/AclPlugin.cpp
+++ b/cpp/src/qpid/acl/AclPlugin.cpp
@@ -36,13 +36,11 @@ using namespace std;
* New boost allows a shared_ptr but that's not compatible with old boost.
*/
struct AclOptions : public Options {
- AclValues& values;
+ AclValues& values;
AclOptions(AclValues& v) : Options("ACL Options"), values(v) {
addOptions()
- ("enforce-acl", optValue(values.enforce), "Enforce ACL")
- ("acl-file", optValue(values.aclFile, "FILE"), "The policy file to load from, loaded from data dir")
- ;
+ ("acl-file", optValue(values.aclFile, "FILE"), "The policy file to load from, loaded from data dir");
}
};
@@ -51,20 +49,22 @@ struct AclPlugin : public Plugin {
AclValues values;
AclOptions options;
boost::intrusive_ptr<Acl> acl;
-
+
AclPlugin() : options(values) {}
Options* getOptions() { return &options; }
void init(broker::Broker& b) {
- if (!values.enforce){
- QPID_LOG(info, "ACL Disabled, no ACL checking being done.");
- return;
- }
- if (acl) throw Exception("ACL plugin cannot be initialized twice in one process.");
+ if (values.aclFile.empty()){
+ QPID_LOG(info, "Policy file not specified. ACL Disabled, no ACL checking being done!");
+ return;
+ }
+
+ if (acl) throw Exception("ACL plugin cannot be initialized twice in one process.");
std::ostringstream oss;
oss << b.getDataDir().getPath() << "/" << values.aclFile;
values.aclFile = oss.str();
+
acl = new Acl(values, b);
b.setAcl(acl.get());
b.addFinalizer(boost::bind(&AclPlugin::shutdown, this));
diff --git a/cpp/src/qpid/broker/AclModule.h b/cpp/src/qpid/broker/AclModule.h
index 92dac50220..4bb6ca12b4 100644
--- a/cpp/src/qpid/broker/AclModule.h
+++ b/cpp/src/qpid/broker/AclModule.h
@@ -33,7 +33,7 @@ namespace qpid {
namespace acl {
-enum ObjectType {OBJ_QUEUE, OBJ_EXCHANGE, OBJ_BROKER, OBJ_LINK, OBJ_ROUTE,
+enum ObjectType {OBJ_QUEUE, OBJ_EXCHANGE, OBJ_BROKER, OBJ_LINK,
OBJ_METHOD, OBJECTSIZE}; // OBJECTSIZE must be last in list
enum Action {ACT_CONSUME, ACT_PUBLISH, ACT_CREATE, ACT_ACCESS, ACT_BIND,
ACT_UNBIND, ACT_DELETE, ACT_PURGE, ACT_UPDATE,
@@ -79,7 +79,6 @@ class AclHelper {
if (str.compare("exchange") == 0) return OBJ_EXCHANGE;
if (str.compare("broker") == 0) return OBJ_BROKER;
if (str.compare("link") == 0) return OBJ_LINK;
- if (str.compare("route") == 0) return OBJ_ROUTE;
if (str.compare("method") == 0) return OBJ_METHOD;
throw str;
}
@@ -89,7 +88,6 @@ class AclHelper {
case OBJ_EXCHANGE: return "exchange";
case OBJ_BROKER: return "broker";
case OBJ_LINK: return "link";
- case OBJ_ROUTE: return "route";
case OBJ_METHOD: return "method";
default: assert(false); // should never get here
}
@@ -237,16 +235,8 @@ class AclHelper {
actionMapPtr a2(new actionMap);
a2->insert(actionPair(ACT_CREATE, p0));
-
- map->insert(objectPair(OBJ_LINK, a2));
-
- // == Route ==
- actionMapPtr a3(new actionMap);
- a3->insert(actionPair(ACT_CREATE, p0));
- a3->insert(actionPair(ACT_DELETE, p0));
-
- map->insert(objectPair(OBJ_ROUTE, a3));
+ map->insert(objectPair(OBJ_LINK, a2));
// == Method ==
diff --git a/cpp/src/tests/run_acl_tests b/cpp/src/tests/run_acl_tests
index 11186961b8..0cf673228a 100755
--- a/cpp/src/tests/run_acl_tests
+++ b/cpp/src/tests/run_acl_tests
@@ -7,7 +7,7 @@ DATA_DIR=`pwd`/data_dir
trap stop_brokers INT TERM QUIT
start_brokers() {
- ../qpidd --daemon --port 0 --no-module-dir --data-dir $DATA_DIR --load-module ../.libs/acl.so --enforce-acl --auth no > qpidd.port
+ ../qpidd --daemon --port 0 --no-module-dir --data-dir $DATA_DIR --load-module ../.libs/acl.so --acl-file policy.acl --auth no > qpidd.port
LOCAL_PORT=`cat qpidd.port`
}