diff options
| author | Charles E. Rolke <chug@apache.org> | 2013-04-18 19:00:00 +0000 |
|---|---|---|
| committer | Charles E. Rolke <chug@apache.org> | 2013-04-18 19:00:00 +0000 |
| commit | 731766b7a6b4d88c1a4d49bd3a4c655f24914db4 (patch) | |
| tree | 0a34fae6f29116c2f957948cf86c693e00898838 /qpid/cpp/src/tests | |
| parent | eabc78640f9523be08732058581d726ef5f0e358 (diff) | |
| download | qpid-python-qpid-4631.tar.gz | |
QPID-4631: Lock down link creation using ACLqpid-4631
This commit makes link creation contingent on having an ACL file and then having an ACL rule approve the request. There is no longer a requirement for an explicit CREATE LINK rule; either 'allow all all' or 'deny all all' is sufficient.
git-svn-id: https://svn.apache.org/repos/asf/qpid/branches/qpid-4631@1469525 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/cpp/src/tests')
| -rwxr-xr-x | qpid/cpp/src/tests/ha_test.py | 3 | ||||
| -rwxr-xr-x | qpid/cpp/src/tests/run_federation_sys_tests | 3 | ||||
| -rwxr-xr-x | qpid/cpp/src/tests/run_federation_tests | 3 | ||||
| -rwxr-xr-x | qpid/cpp/src/tests/sasl_fed | 3 |
4 files changed, 4 insertions, 8 deletions
diff --git a/qpid/cpp/src/tests/ha_test.py b/qpid/cpp/src/tests/ha_test.py index 5c42780f50..4e27675438 100755 --- a/qpid/cpp/src/tests/ha_test.py +++ b/qpid/cpp/src/tests/ha_test.py @@ -79,12 +79,11 @@ class HaBroker(Broker): if ha_replicate is not None: args += [ "--ha-replicate=%s"%ha_replicate ] if brokers_url: args += [ "--ha-brokers-url", brokers_url ] - # Set up default ACL file to allow all create link + # Set up default ACL acl=os.path.join(os.getcwd(), "unrestricted.acl") if not os.path.exists(acl): aclf=file(acl,"w") aclf.write(""" -acl allow all create link acl allow all all """) aclf.close() diff --git a/qpid/cpp/src/tests/run_federation_sys_tests b/qpid/cpp/src/tests/run_federation_sys_tests index f88d313b05..a55ab3f21f 100755 --- a/qpid/cpp/src/tests/run_federation_sys_tests +++ b/qpid/cpp/src/tests/run_federation_sys_tests @@ -42,8 +42,7 @@ SKIPTESTS="${SKIPTESTS} -i federation_sys.C_* -i federation_sys.D_*" start_brokers() { start_broker() { - echo acl allow all create link > $moduledir/federation-sys-tests.acl - echo acl allow all all >> $moduledir/federation-sys-tests.acl + echo acl allow all all > $moduledir/federation-sys-tests.acl ${QPIDD_EXEC} --daemon --port 0 --auth no --no-data-dir --load-module acl.so --acl-file $moduledir/federation-sys-tests.acl $1 > qpidd.port PORT=`cat qpidd.port` eval "$2=${PORT}" diff --git a/qpid/cpp/src/tests/run_federation_tests b/qpid/cpp/src/tests/run_federation_tests index 1e7fdcb047..1405454535 100755 --- a/qpid/cpp/src/tests/run_federation_tests +++ b/qpid/cpp/src/tests/run_federation_tests @@ -36,8 +36,7 @@ fi QPIDD_CMD="../qpidd --daemon --port 0 --no-data-dir $MODULES --auth no --log-enable=info+ --log-enable=debug+:Bridge --load-module acl.so --acl-file $moduledir/federation-tests.acl --log-to-file" start_brokers() { rm -f fed_local.log fed_remote.log fed_b1.log fed_b2.log $moduledir/federation-tests.acl - echo acl allow all create link > $moduledir/federation-tests.acl - echo acl allow all all >> $moduledir/federation-tests.acl + echo acl allow all all > $moduledir/federation-tests.acl LOCAL_PORT=$($QPIDD_CMD fed_local.log --federation-tag LOCAL) REMOTE_PORT=$($QPIDD_CMD fed_remote.log --federation-tag REMOTE) REMOTE_B1=$($QPIDD_CMD fed_b1.log --federation-tag B1) diff --git a/qpid/cpp/src/tests/sasl_fed b/qpid/cpp/src/tests/sasl_fed index 6a6e4ec161..bd7b15f2d8 100755 --- a/qpid/cpp/src/tests/sasl_fed +++ b/qpid/cpp/src/tests/sasl_fed @@ -47,8 +47,7 @@ tmp_root=/tmp/sasl_fed_$my_random_number mkdir -p $tmp_root # create ACL file to allow links -echo acl allow all create link > $tmp_root/sasl_fed.acl -echo acl allow all all >> $tmp_root/sasl_fed.acl +echo acl allow all all > $tmp_root/sasl_fed.acl #-------------------------------------------------- |