This is related to QPID-1558.

The test case test_group_and_user_with_same_name covers the error condition in QPID-1545 git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@732466 13f79535-47bb-0310-9956-ffa450edef68
author: Rajith Muditha Attapattu <rajith@apache.org> 2009-01-07 20:24:42 +0000
committer: Rajith Muditha Attapattu <rajith@apache.org> 2009-01-07 20:24:42 +0000
commit: bd407181bd0a032042fb93ec04bf25b073b996eb (patch)
tree: f4fcbe499e42d0e274f7b296031676c64cedc33d /qpid/cpp/src
parent: 2cfef5219ca2534708afce9ad1b588a6a64bf6fe (diff)
download: qpid-python-bd407181bd0a032042fb93ec04bf25b073b996eb.tar.gz
3 files changed, 59 insertions, 4 deletions
diff --git a/qpid/cpp/src/qpid/acl/AclReader.cpp b/qpid/cpp/src/qpid/acl/AclReader.cpp
index c407339390..8f5e4f5b57 100644
--- a/qpid/cpp/src/qpid/acl/AclReader.cpp
+++ b/qpid/cpp/src/qpid/acl/AclReader.cpp
@@ -312,6 +312,7 @@ bool AclReader::processGroupLine(tokList& toks, const bool cont) {
                 errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Name \"" << toks[i] << "\" contains illegal characters.";
                 return false;
             }
+            if (!isValidUserName(toks[i])) return false;
             addName(toks[i], citr->second);
         }
     } else {
@@ -330,6 +331,7 @@ bool AclReader::processGroupLine(tokList& toks, const bool cont) {
                 errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Name \"" << toks[i] << "\" contains illegal characters.";
                 return false;
             }
+            if (!isValidUserName(toks[i])) return false;
             addName(toks[i], citr->second);
         }
     }
@@ -508,4 +510,14 @@ AclReader::nvPair AclReader::splitNameValuePair(const std::string& nvpString) {
     return nvPair(nvpString.substr(0, pos), nvpString.substr(pos+1));
 }
 
+// Returns true if a username has the name@realm format
+bool AclReader::isValidUserName(const std::string& name){
+	size_t pos = name.find('@');
+	if ( pos == std::string::npos || pos == name.length() -1){
+		errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Username '" << name << "' must contain a realm";
+		return false;
+	}
+	return true;
+}
+
 }} // namespace qpid::acl
diff --git a/qpid/cpp/src/qpid/acl/AclReader.h b/qpid/cpp/src/qpid/acl/AclReader.h
index d85dbeef6b..dccb450192 100644
--- a/qpid/cpp/src/qpid/acl/AclReader.h
+++ b/qpid/cpp/src/qpid/acl/AclReader.h
@@ -107,11 +107,12 @@ class AclReader {
 
     bool processAclLine(tokList& toks);
     void printRules() const; // debug aid
-    
+    bool isValidUserName(const std::string& name);
+
     static bool checkName(const std::string& name);
     static nvPair splitNameValuePair(const std::string& nvpString);
 };
-    
+
 }} // namespace qpid::acl
 
 #endif // QPID_ACL_ACLREADER_H
diff --git a/qpid/cpp/src/tests/acl.py b/qpid/cpp/src/tests/acl.py
index 671b2fe247..0cae148769 100755
--- a/qpid/cpp/src/tests/acl.py
+++ b/qpid/cpp/src/tests/acl.py
@@ -132,7 +132,35 @@ class ACLTests(TestBase010):
         except qpid.session.SessionException, e:
             self.assertEqual(530,e.args[0].error_code)                
         
-        
+
+    def test_group_and_user_with_same_name(self):
+        """
+        Test a group and user with same name
+        Ex. group admin admin 
+        """
+        aclf = ACLFile()
+        aclf.write('group bob@QPID bob@QPID\n')
+        aclf.write('acl deny bob@QPID bind exchange\n')
+        aclf.write('acl allow all all')
+        aclf.close()
+
+        self.reload_acl()
+
+        session = get_session('bob','bob')
+        try:
+            session.queue_declare(queue="allow_queue")
+        except qpid.session.SessionException, e:
+            if (530 == e.args[0].error_code):
+                self.fail("ACL should allow queue create request");
+            self.fail("Error during queue create request");
+
+        try:
+            session.exchange_bind(exchange="amq.direct", queue="allow_queue", binding_key="routing_key")
+            self.fail("ACL should deny queue bind request");
+        except qpid.session.SessionException, e:
+            self.assertEqual(530,e.args[0].error_code)
+       
+ 
    #=====================================
    # ACL file format tests
    #=====================================     
@@ -180,7 +208,21 @@ class ACLTests(TestBase010):
         if (result.text.find("contains illegal characters",0,len(result.text)) == -1):
             self.fail(result)
 
-            
+    def test_user_without_realm(self):
+        """
+        Test a user defined without a realm
+        Ex. group admin rajith
+        """
+        aclf = ACLFile()
+        aclf.write('group admin bob\n')
+        aclf.write('acl deny admin bind exchange\n')
+        aclf.write('acl allow all all')
+        aclf.close()
+         
+        result = self.reload_acl()
+        if (result.text.find("Username 'bob' must contain a realm",0,len(result.text)) == -1):
+            self.fail(result)
+
         
    #=====================================
    # ACL queue tests
author	Rajith Muditha Attapattu <rajith@apache.org>	2009-01-07 20:24:42 +0000
committer	Rajith Muditha Attapattu <rajith@apache.org>	2009-01-07 20:24:42 +0000
commit	bd407181bd0a032042fb93ec04bf25b073b996eb (patch)
tree	f4fcbe499e42d0e274f7b296031676c64cedc33d /qpid/cpp/src
parent	2cfef5219ca2534708afce9ad1b588a6a64bf6fe (diff)
download	qpid-python-bd407181bd0a032042fb93ec04bf25b073b996eb.tar.gz