diff options
Diffstat (limited to 'cpp/src/qmf/AgentSession.cpp')
| -rw-r--r-- | cpp/src/qmf/AgentSession.cpp | 42 |
1 files changed, 39 insertions, 3 deletions
diff --git a/cpp/src/qmf/AgentSession.cpp b/cpp/src/qmf/AgentSession.cpp index 24356519d7..fb18f27150 100644 --- a/cpp/src/qmf/AgentSession.cpp +++ b/cpp/src/qmf/AgentSession.cpp @@ -116,6 +116,8 @@ namespace qmf { uint32_t minSubInterval; uint32_t subLifetime; bool publicEvents; + bool listenOnDirect; + bool strictSecurity; uint64_t schemaUpdateTime; string directBase; string topicBase; @@ -179,6 +181,7 @@ AgentSessionImpl::AgentSessionImpl(Connection& c, const string& options) : bootSequence(1), interval(60), lastHeartbeat(0), lastVisit(0), forceHeartbeat(false), externalStorage(false), autoAllowQueries(true), autoAllowMethods(true), maxSubscriptions(64), minSubInterval(3000), subLifetime(300), publicEvents(true), + listenOnDirect(true), strictSecurity(false), schemaUpdateTime(uint64_t(qpid::sys::Duration(qpid::sys::EPOCH, qpid::sys::now()))) { // @@ -231,6 +234,14 @@ AgentSessionImpl::AgentSessionImpl(Connection& c, const string& options) : iter = optMap.find("public-events"); if (iter != optMap.end()) publicEvents = iter->second.asBool(); + + iter = optMap.find("listen-on-direct"); + if (iter != optMap.end()) + listenOnDirect = iter->second.asBool(); + + iter = optMap.find("strict-security"); + if (iter != optMap.end()) + strictSecurity = iter->second.asBool(); } } @@ -248,6 +259,8 @@ void AgentSessionImpl::open() throw QmfException("The session is already open"); const string addrArgs(";{create:never,node:{type:topic}}"); + const string routableAddr("direct-agent.route." + qpid::types::Uuid(true).str()); + attributes["_direct_subject"] = routableAddr; // Establish messaging addresses setAgentName(); @@ -256,13 +269,20 @@ void AgentSessionImpl::open() // Create AMQP session, receivers, and senders session = connection.createSession(); - Receiver directRx = session.createReceiver(directBase + "/" + agentName + addrArgs); + Receiver directRx; + Receiver routableDirectRx = session.createReceiver(topicBase + "/" + routableAddr + addrArgs); Receiver topicRx = session.createReceiver(topicBase + "/console.#" + addrArgs); - directRx.setCapacity(64); + if (listenOnDirect && !strictSecurity) { + directRx = session.createReceiver(directBase + "/" + agentName + addrArgs); + directRx.setCapacity(64); + } + + routableDirectRx.setCapacity(64); topicRx.setCapacity(64); - directSender = session.createSender(directBase + addrArgs); + if (!strictSecurity) + directSender = session.createSender(directBase + addrArgs); topicSender = session.createSender(topicBase + addrArgs); // Start the receiver thread @@ -794,6 +814,17 @@ void AgentSessionImpl::dispatch(Message msg) const Variant::Map& properties(msg.getProperties()); Variant::Map::const_iterator iter; + // + // If strict-security is enabled, make sure that reply-to address complies with the + // strict-security addressing pattern (i.e. start with 'qmf.<domain>.topic/direct-console.'). + // + if (strictSecurity && msg.getReplyTo()) { + if (msg.getReplyTo().getName() != topicBase || msg.getReplyTo().getSubject().find("direct-console.") != 0) { + QPID_LOG(warning, "Reply-to violates strict-security policy: " << msg.getReplyTo().str()); + return; + } + } + iter = properties.find(protocol::HEADER_KEY_APP_ID); if (iter != properties.end() && iter->second.asString() == protocol::HEADER_APP_ID_QMF) { // @@ -892,6 +923,11 @@ void AgentSessionImpl::send(Message msg, const Address& to) { Sender sender; + if (strictSecurity && to.getName() != topicBase) { + QPID_LOG(warning, "Address violates strict-security policy: " << to); + return; + } + if (to.getName() == directBase) { msg.setSubject(to.getSubject()); sender = directSender; |