summaryrefslogtreecommitdiff
path: root/cpp/src/qpid/acl/Acl.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'cpp/src/qpid/acl/Acl.cpp')
-rw-r--r--cpp/src/qpid/acl/Acl.cpp220
1 files changed, 110 insertions, 110 deletions
diff --git a/cpp/src/qpid/acl/Acl.cpp b/cpp/src/qpid/acl/Acl.cpp
index 4b3dda7962..12bf13018c 100644
--- a/cpp/src/qpid/acl/Acl.cpp
+++ b/cpp/src/qpid/acl/Acl.cpp
@@ -49,7 +49,7 @@ namespace _qmf = qmf::org::apache::qpid::acl;
Acl::Acl (AclValues& av, Broker& b): aclValues(av), broker(&b), transferAcl(false), mgmtObject(0)
{
-
+
agent = broker->getManagementAgent();
if (agent != 0){
@@ -63,129 +63,129 @@ Acl::Acl (AclValues& av, Broker& b): aclValues(av), broker(&b), transferAcl(fals
if (mgmtObject!=0) mgmtObject->set_enforcingAcl(0);
}
QPID_LOG(info, "ACL Plugin loaded");
- if (mgmtObject!=0) mgmtObject->set_enforcingAcl(1);
+ if (mgmtObject!=0) mgmtObject->set_enforcingAcl(1);
}
- bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& name, std::map<Property, std::string>* params)
- {
- boost::shared_ptr<AclData> dataLocal;
- {
+bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& name, std::map<Property, std::string>* params)
+{
+ boost::shared_ptr<AclData> dataLocal;
+ {
Mutex::ScopedLock locker(dataLock);
dataLocal = data; //rcu copy
- }
+ }
- // add real ACL check here...
- AclResult aclreslt = dataLocal->lookup(id,action,objType,name,params);
+ // add real ACL check here...
+ AclResult aclreslt = dataLocal->lookup(id,action,objType,name,params);
- return result(aclreslt, id, action, objType, name);
- }
+ return result(aclreslt, id, action, objType, name);
+}
- bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& ExchangeName, const std::string& RoutingKey)
- {
- boost::shared_ptr<AclData> dataLocal;
- {
+bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& ExchangeName, const std::string& RoutingKey)
+{
+ boost::shared_ptr<AclData> dataLocal;
+ {
Mutex::ScopedLock locker(dataLock);
dataLocal = data; //rcu copy
- }
-
- // only use dataLocal here...
- AclResult aclreslt = dataLocal->lookup(id,action,objType,ExchangeName,RoutingKey);
-
- return result(aclreslt, id, action, objType, ExchangeName);
- }
-
-
- bool Acl::result(const AclResult& aclreslt, const std::string& id, const Action& action, const ObjectType& objType, const std::string& name)
- {
- switch (aclreslt)
- {
- case ALLOWLOG:
- QPID_LOG(info, "ACL Allow id:" << id <<" action:" << AclHelper::getActionStr(action) <<
- " ObjectType:" << AclHelper::getObjectTypeStr(objType) << " Name:" << name );
- agent->raiseEvent(_qmf::EventAllow(id, AclHelper::getActionStr(action),
- AclHelper::getObjectTypeStr(objType),
- name, types::Variant::Map()));
- case ALLOW:
- return true;
- case DENY:
- if (mgmtObject!=0) mgmtObject->inc_aclDenyCount();
- return false;
- case DENYLOG:
- if (mgmtObject!=0) mgmtObject->inc_aclDenyCount();
- default:
- QPID_LOG(info, "ACL Deny id:" << id << " action:" << AclHelper::getActionStr(action) << " ObjectType:" << AclHelper::getObjectTypeStr(objType) << " Name:" << name);
- agent->raiseEvent(_qmf::EventDeny(id, AclHelper::getActionStr(action),
- AclHelper::getObjectTypeStr(objType),
- name, types::Variant::Map()));
- return false;
- }
- return false;
- }
-
- bool Acl::readAclFile(std::string& errorText)
- {
- // only set transferAcl = true if a rule implies the use of ACL on transfer, else keep false for performance reasons.
- return readAclFile(aclValues.aclFile, errorText);
- }
-
- bool Acl::readAclFile(std::string& aclFile, std::string& errorText) {
- boost::shared_ptr<AclData> d(new AclData);
- AclReader ar;
- if (ar.read(aclFile, d)){
- agent->raiseEvent(_qmf::EventFileLoadFailed("", ar.getError()));
- errorText = ar.getError();
- QPID_LOG(error,ar.getError());
- return false;
- }
-
- AclValidator validator;
- validator.validate(d);
-
- {
+ }
+
+ // only use dataLocal here...
+ AclResult aclreslt = dataLocal->lookup(id,action,objType,ExchangeName,RoutingKey);
+
+ return result(aclreslt, id, action, objType, ExchangeName);
+}
+
+
+bool Acl::result(const AclResult& aclreslt, const std::string& id, const Action& action, const ObjectType& objType, const std::string& name)
+{
+ switch (aclreslt)
+ {
+ case ALLOWLOG:
+ QPID_LOG(info, "ACL Allow id:" << id <<" action:" << AclHelper::getActionStr(action) <<
+ " ObjectType:" << AclHelper::getObjectTypeStr(objType) << " Name:" << name );
+ agent->raiseEvent(_qmf::EventAllow(id, AclHelper::getActionStr(action),
+ AclHelper::getObjectTypeStr(objType),
+ name, types::Variant::Map()));
+ case ALLOW:
+ return true;
+ case DENY:
+ if (mgmtObject!=0) mgmtObject->inc_aclDenyCount();
+ return false;
+ case DENYLOG:
+ if (mgmtObject!=0) mgmtObject->inc_aclDenyCount();
+ default:
+ QPID_LOG(info, "ACL Deny id:" << id << " action:" << AclHelper::getActionStr(action) << " ObjectType:" << AclHelper::getObjectTypeStr(objType) << " Name:" << name);
+ agent->raiseEvent(_qmf::EventDeny(id, AclHelper::getActionStr(action),
+ AclHelper::getObjectTypeStr(objType),
+ name, types::Variant::Map()));
+ return false;
+ }
+ return false;
+}
+
+bool Acl::readAclFile(std::string& errorText)
+{
+ // only set transferAcl = true if a rule implies the use of ACL on transfer, else keep false for performance reasons.
+ return readAclFile(aclValues.aclFile, errorText);
+}
+
+bool Acl::readAclFile(std::string& aclFile, std::string& errorText) {
+ boost::shared_ptr<AclData> d(new AclData);
+ AclReader ar;
+ if (ar.read(aclFile, d)){
+ agent->raiseEvent(_qmf::EventFileLoadFailed("", ar.getError()));
+ errorText = ar.getError();
+ QPID_LOG(error,ar.getError());
+ return false;
+ }
+
+ AclValidator validator;
+ validator.validate(d);
+
+ {
Mutex::ScopedLock locker(dataLock);
data = d;
- }
- transferAcl = data->transferAcl; // any transfer ACL
+ }
+ transferAcl = data->transferAcl; // any transfer ACL
- if (data->transferAcl){
+ if (data->transferAcl){
QPID_LOG(debug,"Transfer ACL is Enabled!");
- }
-
- data->aclSource = aclFile;
- if (mgmtObject!=0){
- mgmtObject->set_transferAcl(transferAcl?1:0);
- mgmtObject->set_policyFile(aclFile);
- sys::AbsTime now = sys::AbsTime::now();
- int64_t ns = sys::Duration(sys::EPOCH, now);
- mgmtObject->set_lastAclLoad(ns);
- agent->raiseEvent(_qmf::EventFileLoaded(""));
- }
- return true;
- }
-
- Acl::~Acl(){}
-
- ManagementObject* Acl::GetManagementObject(void) const
- {
- return (ManagementObject*) mgmtObject;
- }
-
- Manageable::status_t Acl::ManagementMethod (uint32_t methodId, Args& /*args*/, string& text)
- {
- Manageable::status_t status = Manageable::STATUS_UNKNOWN_METHOD;
- QPID_LOG (debug, "Queue::ManagementMethod [id=" << methodId << "]");
-
- switch (methodId)
- {
- case _qmf::Acl::METHOD_RELOADACLFILE :
- readAclFile(text);
- if (text.empty())
- status = Manageable::STATUS_OK;
- else
- status = Manageable::STATUS_USER;
- break;
- }
+ }
+
+ data->aclSource = aclFile;
+ if (mgmtObject!=0){
+ mgmtObject->set_transferAcl(transferAcl?1:0);
+ mgmtObject->set_policyFile(aclFile);
+ sys::AbsTime now = sys::AbsTime::now();
+ int64_t ns = sys::Duration(sys::EPOCH, now);
+ mgmtObject->set_lastAclLoad(ns);
+ agent->raiseEvent(_qmf::EventFileLoaded(""));
+ }
+ return true;
+}
+
+Acl::~Acl(){}
+
+ManagementObject* Acl::GetManagementObject(void) const
+{
+ return (ManagementObject*) mgmtObject;
+}
+
+Manageable::status_t Acl::ManagementMethod (uint32_t methodId, Args& /*args*/, string& text)
+{
+ Manageable::status_t status = Manageable::STATUS_UNKNOWN_METHOD;
+ QPID_LOG (debug, "Queue::ManagementMethod [id=" << methodId << "]");
+
+ switch (methodId)
+ {
+ case _qmf::Acl::METHOD_RELOADACLFILE :
+ readAclFile(text);
+ if (text.empty())
+ status = Manageable::STATUS_OK;
+ else
+ status = Manageable::STATUS_USER;
+ break;
+ }
return status;
}
View Lorry Controller Status