diff options
author | Gordon Sim <gsim@apache.org> | 2013-06-25 13:28:15 +0000 |
---|---|---|
committer | Gordon Sim <gsim@apache.org> | 2013-06-25 13:28:15 +0000 |
commit | 3615070a058ee43b3305d6b4464ee3a6e39e7b99 (patch) | |
tree | 6bcdc2593132f88e02f7c3ecbc35c6e827322531 /qpid/cpp/src/qpid/broker/amqp/Incoming.cpp | |
parent | 59b8d464a2a3b36f0985c10c057e14b284e3bc7c (diff) | |
download | qpid-python-3615070a058ee43b3305d6b4464ee3a6e39e7b99.tar.gz |
QPID-4712: authorisation for AMQP 1.0 connections
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1496466 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/cpp/src/qpid/broker/amqp/Incoming.cpp')
-rw-r--r-- | qpid/cpp/src/qpid/broker/amqp/Incoming.cpp | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/qpid/cpp/src/qpid/broker/amqp/Incoming.cpp b/qpid/cpp/src/qpid/broker/amqp/Incoming.cpp index 14614b0b87..119d05af60 100644 --- a/qpid/cpp/src/qpid/broker/amqp/Incoming.cpp +++ b/qpid/cpp/src/qpid/broker/amqp/Incoming.cpp @@ -19,8 +19,10 @@ * */ #include "Incoming.h" +#include "Exception.h" #include "Message.h" #include "Session.h" +#include "qpid/amqp/descriptors.h" #include "qpid/broker/AsyncCompletion.h" #include "qpid/broker/Message.h" @@ -60,6 +62,30 @@ void Incoming::wakeup() { session.wakeup(); } + +void Incoming::verify(const std::string& u, const std::string& r) +{ + userid.init(u, r); +} + +Incoming::UserId::UserId() : inDefaultRealm(false) {} +void Incoming::UserId::init(const std::string& u, const std::string& defaultRealm) +{ + userid = u; + size_t at = userid.find('@'); + if (at != std::string::npos) { + unqualified = userid.substr(0, at); + inDefaultRealm = defaultRealm == userid.substr(at+1); + } +} +void Incoming::UserId::verify(const std::string& claimed) +{ + if(!userid.empty() && !claimed.empty() && userid != claimed && !(inDefaultRealm && claimed == unqualified)) { + throw Exception(qpid::amqp::error_conditions::NOT_ALLOWED, QPID_MSG("Authenticated user id is " << userid << " but user id in message declared as " << claimed)); + } +} + + namespace { class Transfer : public qpid::broker::AsyncCompletion::Callback { @@ -89,7 +115,7 @@ void DecodingIncoming::readable(pn_delivery_t* delivery) pn_link_advance(link); qpid::broker::Message message(received, received); - + userid.verify(message.getUserId()); handle(message); --window; received->begin(); |