diff options
author | Rajith Muditha Attapattu <rajith@apache.org> | 2008-11-06 20:07:14 +0000 |
---|---|---|
committer | Rajith Muditha Attapattu <rajith@apache.org> | 2008-11-06 20:07:14 +0000 |
commit | e1132d45340a4d1c91648cac856803428d2a60f4 (patch) | |
tree | 5109e258e838c67371d762fd73240f777efa2c50 /cpp | |
parent | ee4d8230649fa7ebb5a8688b7a5fdc7da519f1f7 (diff) | |
download | qpid-python-e1132d45340a4d1c91648cac856803428d2a60f4.tar.gz |
Removed the --enforce-acl option. Instead if a policy file is specified acl will be enabled.
Also removed Route from the Object list and did a bit of code cleanup.
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@711957 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'cpp')
-rw-r--r-- | cpp/src/qpid/acl/Acl.cpp | 22 | ||||
-rw-r--r-- | cpp/src/qpid/acl/Acl.h | 5 | ||||
-rw-r--r-- | cpp/src/qpid/acl/AclPlugin.cpp | 20 | ||||
-rw-r--r-- | cpp/src/qpid/broker/AclModule.h | 14 | ||||
-rwxr-xr-x | cpp/src/tests/run_acl_tests | 2 |
5 files changed, 24 insertions, 39 deletions
diff --git a/cpp/src/qpid/acl/Acl.cpp b/cpp/src/qpid/acl/Acl.cpp index ff1d4b066b..238ab9df6c 100644 --- a/cpp/src/qpid/acl/Acl.cpp +++ b/cpp/src/qpid/acl/Acl.cpp @@ -64,28 +64,26 @@ Acl::Acl (AclValues& av, broker::Broker& b): aclValues(av), broker(&b), transfer bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& name, std::map<Property, std::string>* params) { - if (!aclValues.enforce) return true; boost::shared_ptr<AclData> dataLocal = data; //rcu copy - - // add real ACL check here... + + // add real ACL check here... AclResult aclreslt = dataLocal->lookup(id,action,objType,name,params); - - - return result(aclreslt, id, action, objType, name); + + + return result(aclreslt, id, action, objType, name); } bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& ExchangeName, const std::string& RoutingKey) { - if (!aclValues.enforce) return true; boost::shared_ptr<AclData> dataLocal = data; //rcu copy - + // only use dataLocal here... - AclResult aclreslt = dataLocal->lookup(id,action,objType,ExchangeName,RoutingKey); - - return result(aclreslt, id, action, objType, ExchangeName); + AclResult aclreslt = dataLocal->lookup(id,action,objType,ExchangeName,RoutingKey); + + return result(aclreslt, id, action, objType, ExchangeName); } - + bool Acl::result(const AclResult& aclreslt, const std::string& id, const Action& action, const ObjectType& objType, const std::string& name) { switch (aclreslt) diff --git a/cpp/src/qpid/acl/Acl.h b/cpp/src/qpid/acl/Acl.h index 72a44a5450..2a522bc56d 100644 --- a/cpp/src/qpid/acl/Acl.h +++ b/cpp/src/qpid/acl/Acl.h @@ -42,10 +42,7 @@ class Broker; namespace acl { struct AclValues { - bool enforce; - std::string aclFile; - - AclValues() {enforce = false; aclFile = "policy.acl"; } + std::string aclFile; }; diff --git a/cpp/src/qpid/acl/AclPlugin.cpp b/cpp/src/qpid/acl/AclPlugin.cpp index 6f20ea09be..ffba8d44cf 100644 --- a/cpp/src/qpid/acl/AclPlugin.cpp +++ b/cpp/src/qpid/acl/AclPlugin.cpp @@ -36,13 +36,11 @@ using namespace std; * New boost allows a shared_ptr but that's not compatible with old boost. */ struct AclOptions : public Options { - AclValues& values; + AclValues& values; AclOptions(AclValues& v) : Options("ACL Options"), values(v) { addOptions() - ("enforce-acl", optValue(values.enforce), "Enforce ACL") - ("acl-file", optValue(values.aclFile, "FILE"), "The policy file to load from, loaded from data dir") - ; + ("acl-file", optValue(values.aclFile, "FILE"), "The policy file to load from, loaded from data dir"); } }; @@ -51,20 +49,22 @@ struct AclPlugin : public Plugin { AclValues values; AclOptions options; boost::intrusive_ptr<Acl> acl; - + AclPlugin() : options(values) {} Options* getOptions() { return &options; } void init(broker::Broker& b) { - if (!values.enforce){ - QPID_LOG(info, "ACL Disabled, no ACL checking being done."); - return; - } - if (acl) throw Exception("ACL plugin cannot be initialized twice in one process."); + if (values.aclFile.empty()){ + QPID_LOG(info, "Policy file not specified. ACL Disabled, no ACL checking being done!"); + return; + } + + if (acl) throw Exception("ACL plugin cannot be initialized twice in one process."); std::ostringstream oss; oss << b.getDataDir().getPath() << "/" << values.aclFile; values.aclFile = oss.str(); + acl = new Acl(values, b); b.setAcl(acl.get()); b.addFinalizer(boost::bind(&AclPlugin::shutdown, this)); diff --git a/cpp/src/qpid/broker/AclModule.h b/cpp/src/qpid/broker/AclModule.h index 92dac50220..4bb6ca12b4 100644 --- a/cpp/src/qpid/broker/AclModule.h +++ b/cpp/src/qpid/broker/AclModule.h @@ -33,7 +33,7 @@ namespace qpid { namespace acl { -enum ObjectType {OBJ_QUEUE, OBJ_EXCHANGE, OBJ_BROKER, OBJ_LINK, OBJ_ROUTE, +enum ObjectType {OBJ_QUEUE, OBJ_EXCHANGE, OBJ_BROKER, OBJ_LINK, OBJ_METHOD, OBJECTSIZE}; // OBJECTSIZE must be last in list enum Action {ACT_CONSUME, ACT_PUBLISH, ACT_CREATE, ACT_ACCESS, ACT_BIND, ACT_UNBIND, ACT_DELETE, ACT_PURGE, ACT_UPDATE, @@ -79,7 +79,6 @@ class AclHelper { if (str.compare("exchange") == 0) return OBJ_EXCHANGE; if (str.compare("broker") == 0) return OBJ_BROKER; if (str.compare("link") == 0) return OBJ_LINK; - if (str.compare("route") == 0) return OBJ_ROUTE; if (str.compare("method") == 0) return OBJ_METHOD; throw str; } @@ -89,7 +88,6 @@ class AclHelper { case OBJ_EXCHANGE: return "exchange"; case OBJ_BROKER: return "broker"; case OBJ_LINK: return "link"; - case OBJ_ROUTE: return "route"; case OBJ_METHOD: return "method"; default: assert(false); // should never get here } @@ -237,16 +235,8 @@ class AclHelper { actionMapPtr a2(new actionMap); a2->insert(actionPair(ACT_CREATE, p0)); - - map->insert(objectPair(OBJ_LINK, a2)); - - // == Route == - actionMapPtr a3(new actionMap); - a3->insert(actionPair(ACT_CREATE, p0)); - a3->insert(actionPair(ACT_DELETE, p0)); - - map->insert(objectPair(OBJ_ROUTE, a3)); + map->insert(objectPair(OBJ_LINK, a2)); // == Method == diff --git a/cpp/src/tests/run_acl_tests b/cpp/src/tests/run_acl_tests index 11186961b8..0cf673228a 100755 --- a/cpp/src/tests/run_acl_tests +++ b/cpp/src/tests/run_acl_tests @@ -7,7 +7,7 @@ DATA_DIR=`pwd`/data_dir trap stop_brokers INT TERM QUIT start_brokers() { - ../qpidd --daemon --port 0 --no-module-dir --data-dir $DATA_DIR --load-module ../.libs/acl.so --enforce-acl --auth no > qpidd.port + ../qpidd --daemon --port 0 --no-module-dir --data-dir $DATA_DIR --load-module ../.libs/acl.so --acl-file policy.acl --auth no > qpidd.port LOCAL_PORT=`cat qpidd.port` } |