summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--qpid/cpp/src/qpid/acl/Acl.cpp31
-rw-r--r--qpid/cpp/src/qpid/acl/Acl.h8
-rw-r--r--qpid/cpp/src/qpid/acl/AclReader.cpp44
-rw-r--r--qpid/cpp/src/qpid/acl/AclReader.h4
4 files changed, 48 insertions, 39 deletions
diff --git a/qpid/cpp/src/qpid/acl/Acl.cpp b/qpid/cpp/src/qpid/acl/Acl.cpp
index bc932d836c..ff1d4b066b 100644
--- a/qpid/cpp/src/qpid/acl/Acl.cpp
+++ b/qpid/cpp/src/qpid/acl/Acl.cpp
@@ -53,8 +53,9 @@ Acl::Acl (AclValues& av, broker::Broker& b): aclValues(av), broker(&b), transfer
agent->addObject (mgmtObject);
}
- if (!readAclFile()){
- throw Exception("Could not read ACL file");
+ std::string errorString;
+ if (!readAclFile(errorString)){
+ throw Exception("Could not read ACL file " + errorString);
if (mgmtObject!=0) mgmtObject->set_enforcingAcl(0);
}
QPID_LOG(info, "ACL Plugin loaded");
@@ -109,23 +110,25 @@ Acl::Acl (AclValues& av, broker::Broker& b): aclValues(av), broker(&b), transfer
name, framing::FieldTable()));
return false;
}
- return false;
+ return false;
}
-
- bool Acl::readAclFile()
+
+ bool Acl::readAclFile(std::string& errorText)
{
// only set transferAcl = true if a rule implies the use of ACL on transfer, else keep false for permormance reasons.
- return readAclFile(aclValues.aclFile);
+ return readAclFile(aclValues.aclFile, errorText);
}
- bool Acl::readAclFile(std::string& aclFile) {
+ bool Acl::readAclFile(std::string& aclFile, std::string& errorText) {
boost::shared_ptr<AclData> d(new AclData);
AclReader ar;
if (ar.read(aclFile, d)){
- agent->raiseEvent(_qmf::EventFileLoadFailed("", "See log for file load reason failure"));
+ agent->raiseEvent(_qmf::EventFileLoadFailed("", ar.getError()));
+ errorText = ar.getError();
+ QPID_LOG(error,ar.getError());
return false;
}
-
+
data = d;
transferAcl = data->transferAcl; // any transfer ACL
if (mgmtObject!=0){
@@ -145,8 +148,8 @@ Acl::Acl (AclValues& av, broker::Broker& b): aclValues(av), broker(&b), transfer
{
return (ManagementObject*) mgmtObject;
}
-
- Manageable::status_t Acl::ManagementMethod (uint32_t methodId, Args& /*args*/, string&)
+
+ Manageable::status_t Acl::ManagementMethod (uint32_t methodId, Args& /*args*/, string& text)
{
Manageable::status_t status = Manageable::STATUS_UNKNOWN_METHOD;
QPID_LOG (debug, "Queue::ManagementMethod [id=" << methodId << "]");
@@ -154,10 +157,10 @@ Acl::Acl (AclValues& av, broker::Broker& b): aclValues(av), broker(&b), transfer
switch (methodId)
{
case _qmf::Acl::METHOD_RELOADACLFILE :
- readAclFile();
- status = Manageable::STATUS_OK;
+ readAclFile(text);
+ status = Manageable::STATUS_USER;
break;
}
return status;
-}
+}
diff --git a/qpid/cpp/src/qpid/acl/Acl.h b/qpid/cpp/src/qpid/acl/Acl.h
index 8a3825f683..72a44a5450 100644
--- a/qpid/cpp/src/qpid/acl/Acl.h
+++ b/qpid/cpp/src/qpid/acl/Acl.h
@@ -74,15 +74,15 @@ public:
virtual ~Acl();
private:
bool result(const AclResult& aclreslt, const std::string& id, const Action& action, const ObjectType& objType, const std::string& name);
- bool readAclFile();
- bool readAclFile(std::string& aclFile);
+ bool readAclFile(std::string& errorText);
+ bool readAclFile(std::string& aclFile, std::string& errorText);
virtual qpid::management::ManagementObject* GetManagementObject(void) const;
virtual management::Manageable::status_t ManagementMethod (uint32_t methodId, management::Args& args, std::string& text);
-
+
};
-
+
}} // namespace qpid::acl
#endif // QPID_ACL_ACL_H
diff --git a/qpid/cpp/src/qpid/acl/AclReader.cpp b/qpid/cpp/src/qpid/acl/AclReader.cpp
index c27f1a24bf..b0b95dc9fc 100644
--- a/qpid/cpp/src/qpid/acl/AclReader.cpp
+++ b/qpid/cpp/src/qpid/acl/AclReader.cpp
@@ -212,13 +212,17 @@ AclReader::AclReader() : lineNumber(0), contFlag(false), validationMap(new AclHe
AclReader::~AclReader() {}
+std::string AclReader::getError() {
+ return errorStream.str();
+}
+
int AclReader::read(const std::string& fn, boost::shared_ptr<AclData> d) {
fileName = fn;
lineNumber = 0;
char buff[1024];
std::ifstream ifs(fn.c_str(), std::ios_base::in);
if (!ifs.good()) {
- QPID_LOG(error, "Unable to open ACL file \"" << fn << "\": eof=" << (ifs.eof()?"T":"F") << "; fail=" << (ifs.fail()?"T":"F") << "; bad=" << (ifs.bad()?"T":"F"));
+ errorStream << "Unable to open ACL file \"" << fn << "\": eof=" << (ifs.eof()?"T":"F") << "; fail=" << (ifs.fail()?"T":"F") << "; bad=" << (ifs.bad()?"T":"F");
return -1;
}
try {
@@ -231,7 +235,7 @@ int AclReader::read(const std::string& fn, boost::shared_ptr<AclData> d) {
}
if (!ifs.eof())
{
- QPID_LOG(error, "Unable to read ACL file \"" << fn << "\": eof=" << (ifs.eof()?"T":"F") << "; fail=" << (ifs.fail()?"T":"F") << "; bad=" << (ifs.bad()?"T":"F"));
+ errorStream << "Unable to read ACL file \"" << fn << "\": eof=" << (ifs.eof()?"T":"F") << "; fail=" << (ifs.fail()?"T":"F") << "; bad=" << (ifs.bad()?"T":"F");
ifs.close();
return -2;
}
@@ -239,18 +243,18 @@ int AclReader::read(const std::string& fn, boost::shared_ptr<AclData> d) {
if (err) return -3;
QPID_LOG(notice, "Read ACL file \"" << fn << "\"");
} catch (const std::exception& e) {
- QPID_LOG(error, "Unable to read ACL file \"" << fn << "\": " << e.what());
+ errorStream << "Unable to read ACL file \"" << fn << "\": " << e.what();
ifs.close();
return -4;
} catch (...) {
- QPID_LOG(error, "Unable to read ACL file \"" << fn << "\": Unknown exception");
+ errorStream << "Unable to read ACL file \"" << fn << "\": Unknown exception";
ifs.close();
return -5;
}
printNames();
printRules();
loadDecisionData(d);
-
+
return 0;
}
@@ -277,7 +281,7 @@ bool AclReader::processLine(char* line) {
if (ws) {
ret = true;
} else {
- QPID_LOG(error, ACL_FORMAT_ERR_LOG_PREFIX << "Non-continuation line must start with \"group\" or \"acl\".");
+ errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Non-continuation line must start with \"group\" or \"acl\".";
ret = false;
}
}
@@ -305,25 +309,25 @@ bool AclReader::processGroupLine(tokList& toks, const bool cont) {
gmCitr citr = groups.find(groupName);
for (unsigned i = 0; i < toksSize; i++) {
if (!checkName(toks[i])) {
- QPID_LOG(error, ACL_FORMAT_ERR_LOG_PREFIX << "Name \"" << toks[i] << "\" contains illegal characters.");
+ errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Name \"" << toks[i] << "\" contains illegal characters.";
return false;
}
addName(toks[i], citr->second);
}
} else {
if (toksSize < (cont ? 2 : 3)) {
- QPID_LOG(error, ACL_FORMAT_ERR_LOG_PREFIX << "Insufficient tokens for group definition.");
+ errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Insufficient tokens for group definition.";
return false;
}
if (!checkName(toks[1])) {
- QPID_LOG(error, ACL_FORMAT_ERR_LOG_PREFIX << "Group name \"" << toks[1] << "\" contains illegal characters.");
+ errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Group name \"" << toks[1] << "\" contains illegal characters.";
return false;
}
gmCitr citr = addGroup(toks[1]);
if (citr == groups.end()) return false;
for (unsigned i = 2; i < toksSize; i++) {
if (!checkName(toks[i])) {
- QPID_LOG(error, ACL_FORMAT_ERR_LOG_PREFIX << "Name \"" << toks[i] << "\" contains illegal characters.");
+ errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Name \"" << toks[i] << "\" contains illegal characters.";
return false;
}
addName(toks[i], citr->second);
@@ -336,7 +340,7 @@ bool AclReader::processGroupLine(tokList& toks, const bool cont) {
AclReader::gmCitr AclReader::addGroup(const std::string& newGroupName) {
gmCitr citr = groups.find(newGroupName);
if (citr != groups.end()) {
- QPID_LOG(error, ACL_FORMAT_ERR_LOG_PREFIX << "Duplicate group name \"" << newGroupName << "\".");
+ errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Duplicate group name \"" << newGroupName << "\".";
return groups.end();
}
groupPair p(newGroupName, nameSetPtr(new nameSet));
@@ -389,7 +393,7 @@ void AclReader::printNames() const {
bool AclReader::processAclLine(tokList& toks) {
const unsigned toksSize = toks.size();
if (toksSize < 4) {
- QPID_LOG(error, ACL_FORMAT_ERR_LOG_PREFIX << "Insufficient tokens for acl definition.");
+ errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Insufficient tokens for acl definition.";
return false;
}
@@ -397,7 +401,7 @@ bool AclReader::processAclLine(tokList& toks) {
try {
res = AclHelper::getAclResult(toks[1]);
} catch (...) {
- QPID_LOG(error, ACL_FORMAT_ERR_LOG_PREFIX << "Unknown ACL permission \"" << toks[1] << "\".");
+ errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Unknown ACL permission \"" << toks[1] << "\".";
return false;
}
@@ -407,7 +411,7 @@ bool AclReader::processAclLine(tokList& toks) {
if (actionAllFlag) {
if (userAllFlag && toksSize > 4) {
- QPID_LOG(error, ACL_FORMAT_ERR_LOG_PREFIX << "Tokens found after action \"all\".");
+ errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Tokens found after action \"all\".";
return false;
}
action = CONSUME; // dummy; compiler must initialize action for this code path
@@ -415,7 +419,7 @@ bool AclReader::processAclLine(tokList& toks) {
try {
action = AclHelper::getAction(toks[3]);
} catch (...) {
- QPID_LOG(error, ACL_FORMAT_ERR_LOG_PREFIX << "Unknown action \"" << toks[3] << "\".");
+ errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Unknown action \"" << toks[3] << "\".";
return false;
}
}
@@ -435,7 +439,7 @@ bool AclReader::processAclLine(tokList& toks) {
try {
rule->setObjectType(AclHelper::getObjectType(toks[4]));
} catch (...) {
- QPID_LOG(error, ACL_FORMAT_ERR_LOG_PREFIX << "Unknown object \"" << toks[4] << "\".");
+ errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Unknown object \"" << toks[4] << "\".";
return false;
}
}
@@ -445,14 +449,14 @@ bool AclReader::processAclLine(tokList& toks) {
for (unsigned i=5; i<toksSize; i++) {
nvPair propNvp = splitNameValuePair(toks[i]);
if (propNvp.second.size() == 0) {
- QPID_LOG(error, ACL_FORMAT_ERR_LOG_PREFIX << "Badly formed property name-value pair \"" << propNvp.first << "\". (Must be name=value)");
+ errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Badly formed property name-value pair \"" << propNvp.first << "\". (Must be name=value)";
return false;
}
Property prop;
try {
prop = AclHelper::getProperty(propNvp.first);
} catch (...) {
- QPID_LOG(error, ACL_FORMAT_ERR_LOG_PREFIX << "Unknown property \"" << propNvp.first << "\".");
+ errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Unknown property \"" << propNvp.first << "\".";
return false;
}
rule->addProperty(prop, propNvp.second);
@@ -467,11 +471,11 @@ bool AclReader::processAclLine(tokList& toks) {
// If rule validates, add to rule list
if (!rule->validate(validationMap)) {
- QPID_LOG(error, ACL_FORMAT_ERR_LOG_PREFIX << "Invalid object/action/property combination.");
+ errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Invalid object/action/property combination.";
return false;
}
rules.push_back(rule);
-
+
return true;
}
diff --git a/qpid/cpp/src/qpid/acl/AclReader.h b/qpid/cpp/src/qpid/acl/AclReader.h
index c6e7770311..d85dbeef6b 100644
--- a/qpid/cpp/src/qpid/acl/AclReader.h
+++ b/qpid/cpp/src/qpid/acl/AclReader.h
@@ -25,7 +25,7 @@
#include <set>
#include <string>
#include <vector>
-
+#include <sstream>
#include "qpid/acl/AclData.h"
#include "qpid/broker/AclModule.h"
@@ -86,11 +86,13 @@ class AclReader {
groupMap groups;
ruleList rules;
AclHelper::objectMapPtr validationMap;
+ std::ostringstream errorStream;
public:
AclReader();
virtual ~AclReader();
int read(const std::string& fn, boost::shared_ptr<AclData> d);
+ std::string getError();
private:
bool processLine(char* line);
View Lorry Controller Status