diff options
Diffstat (limited to 'cpp/src/qpid/acl/Acl.cpp')
-rw-r--r-- | cpp/src/qpid/acl/Acl.cpp | 220 |
1 files changed, 110 insertions, 110 deletions
diff --git a/cpp/src/qpid/acl/Acl.cpp b/cpp/src/qpid/acl/Acl.cpp index 4b3dda7962..12bf13018c 100644 --- a/cpp/src/qpid/acl/Acl.cpp +++ b/cpp/src/qpid/acl/Acl.cpp @@ -49,7 +49,7 @@ namespace _qmf = qmf::org::apache::qpid::acl; Acl::Acl (AclValues& av, Broker& b): aclValues(av), broker(&b), transferAcl(false), mgmtObject(0) { - + agent = broker->getManagementAgent(); if (agent != 0){ @@ -63,129 +63,129 @@ Acl::Acl (AclValues& av, Broker& b): aclValues(av), broker(&b), transferAcl(fals if (mgmtObject!=0) mgmtObject->set_enforcingAcl(0); } QPID_LOG(info, "ACL Plugin loaded"); - if (mgmtObject!=0) mgmtObject->set_enforcingAcl(1); + if (mgmtObject!=0) mgmtObject->set_enforcingAcl(1); } - bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& name, std::map<Property, std::string>* params) - { - boost::shared_ptr<AclData> dataLocal; - { +bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& name, std::map<Property, std::string>* params) +{ + boost::shared_ptr<AclData> dataLocal; + { Mutex::ScopedLock locker(dataLock); dataLocal = data; //rcu copy - } + } - // add real ACL check here... - AclResult aclreslt = dataLocal->lookup(id,action,objType,name,params); + // add real ACL check here... + AclResult aclreslt = dataLocal->lookup(id,action,objType,name,params); - return result(aclreslt, id, action, objType, name); - } + return result(aclreslt, id, action, objType, name); +} - bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& ExchangeName, const std::string& RoutingKey) - { - boost::shared_ptr<AclData> dataLocal; - { +bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& ExchangeName, const std::string& RoutingKey) +{ + boost::shared_ptr<AclData> dataLocal; + { Mutex::ScopedLock locker(dataLock); dataLocal = data; //rcu copy - } - - // only use dataLocal here... - AclResult aclreslt = dataLocal->lookup(id,action,objType,ExchangeName,RoutingKey); - - return result(aclreslt, id, action, objType, ExchangeName); - } - - - bool Acl::result(const AclResult& aclreslt, const std::string& id, const Action& action, const ObjectType& objType, const std::string& name) - { - switch (aclreslt) - { - case ALLOWLOG: - QPID_LOG(info, "ACL Allow id:" << id <<" action:" << AclHelper::getActionStr(action) << - " ObjectType:" << AclHelper::getObjectTypeStr(objType) << " Name:" << name ); - agent->raiseEvent(_qmf::EventAllow(id, AclHelper::getActionStr(action), - AclHelper::getObjectTypeStr(objType), - name, types::Variant::Map())); - case ALLOW: - return true; - case DENY: - if (mgmtObject!=0) mgmtObject->inc_aclDenyCount(); - return false; - case DENYLOG: - if (mgmtObject!=0) mgmtObject->inc_aclDenyCount(); - default: - QPID_LOG(info, "ACL Deny id:" << id << " action:" << AclHelper::getActionStr(action) << " ObjectType:" << AclHelper::getObjectTypeStr(objType) << " Name:" << name); - agent->raiseEvent(_qmf::EventDeny(id, AclHelper::getActionStr(action), - AclHelper::getObjectTypeStr(objType), - name, types::Variant::Map())); - return false; - } - return false; - } - - bool Acl::readAclFile(std::string& errorText) - { - // only set transferAcl = true if a rule implies the use of ACL on transfer, else keep false for performance reasons. - return readAclFile(aclValues.aclFile, errorText); - } - - bool Acl::readAclFile(std::string& aclFile, std::string& errorText) { - boost::shared_ptr<AclData> d(new AclData); - AclReader ar; - if (ar.read(aclFile, d)){ - agent->raiseEvent(_qmf::EventFileLoadFailed("", ar.getError())); - errorText = ar.getError(); - QPID_LOG(error,ar.getError()); - return false; - } - - AclValidator validator; - validator.validate(d); - - { + } + + // only use dataLocal here... + AclResult aclreslt = dataLocal->lookup(id,action,objType,ExchangeName,RoutingKey); + + return result(aclreslt, id, action, objType, ExchangeName); +} + + +bool Acl::result(const AclResult& aclreslt, const std::string& id, const Action& action, const ObjectType& objType, const std::string& name) +{ + switch (aclreslt) + { + case ALLOWLOG: + QPID_LOG(info, "ACL Allow id:" << id <<" action:" << AclHelper::getActionStr(action) << + " ObjectType:" << AclHelper::getObjectTypeStr(objType) << " Name:" << name ); + agent->raiseEvent(_qmf::EventAllow(id, AclHelper::getActionStr(action), + AclHelper::getObjectTypeStr(objType), + name, types::Variant::Map())); + case ALLOW: + return true; + case DENY: + if (mgmtObject!=0) mgmtObject->inc_aclDenyCount(); + return false; + case DENYLOG: + if (mgmtObject!=0) mgmtObject->inc_aclDenyCount(); + default: + QPID_LOG(info, "ACL Deny id:" << id << " action:" << AclHelper::getActionStr(action) << " ObjectType:" << AclHelper::getObjectTypeStr(objType) << " Name:" << name); + agent->raiseEvent(_qmf::EventDeny(id, AclHelper::getActionStr(action), + AclHelper::getObjectTypeStr(objType), + name, types::Variant::Map())); + return false; + } + return false; +} + +bool Acl::readAclFile(std::string& errorText) +{ + // only set transferAcl = true if a rule implies the use of ACL on transfer, else keep false for performance reasons. + return readAclFile(aclValues.aclFile, errorText); +} + +bool Acl::readAclFile(std::string& aclFile, std::string& errorText) { + boost::shared_ptr<AclData> d(new AclData); + AclReader ar; + if (ar.read(aclFile, d)){ + agent->raiseEvent(_qmf::EventFileLoadFailed("", ar.getError())); + errorText = ar.getError(); + QPID_LOG(error,ar.getError()); + return false; + } + + AclValidator validator; + validator.validate(d); + + { Mutex::ScopedLock locker(dataLock); data = d; - } - transferAcl = data->transferAcl; // any transfer ACL + } + transferAcl = data->transferAcl; // any transfer ACL - if (data->transferAcl){ + if (data->transferAcl){ QPID_LOG(debug,"Transfer ACL is Enabled!"); - } - - data->aclSource = aclFile; - if (mgmtObject!=0){ - mgmtObject->set_transferAcl(transferAcl?1:0); - mgmtObject->set_policyFile(aclFile); - sys::AbsTime now = sys::AbsTime::now(); - int64_t ns = sys::Duration(sys::EPOCH, now); - mgmtObject->set_lastAclLoad(ns); - agent->raiseEvent(_qmf::EventFileLoaded("")); - } - return true; - } - - Acl::~Acl(){} - - ManagementObject* Acl::GetManagementObject(void) const - { - return (ManagementObject*) mgmtObject; - } - - Manageable::status_t Acl::ManagementMethod (uint32_t methodId, Args& /*args*/, string& text) - { - Manageable::status_t status = Manageable::STATUS_UNKNOWN_METHOD; - QPID_LOG (debug, "Queue::ManagementMethod [id=" << methodId << "]"); - - switch (methodId) - { - case _qmf::Acl::METHOD_RELOADACLFILE : - readAclFile(text); - if (text.empty()) - status = Manageable::STATUS_OK; - else - status = Manageable::STATUS_USER; - break; - } + } + + data->aclSource = aclFile; + if (mgmtObject!=0){ + mgmtObject->set_transferAcl(transferAcl?1:0); + mgmtObject->set_policyFile(aclFile); + sys::AbsTime now = sys::AbsTime::now(); + int64_t ns = sys::Duration(sys::EPOCH, now); + mgmtObject->set_lastAclLoad(ns); + agent->raiseEvent(_qmf::EventFileLoaded("")); + } + return true; +} + +Acl::~Acl(){} + +ManagementObject* Acl::GetManagementObject(void) const +{ + return (ManagementObject*) mgmtObject; +} + +Manageable::status_t Acl::ManagementMethod (uint32_t methodId, Args& /*args*/, string& text) +{ + Manageable::status_t status = Manageable::STATUS_UNKNOWN_METHOD; + QPID_LOG (debug, "Queue::ManagementMethod [id=" << methodId << "]"); + + switch (methodId) + { + case _qmf::Acl::METHOD_RELOADACLFILE : + readAclFile(text); + if (text.empty()) + status = Manageable::STATUS_OK; + else + status = Manageable::STATUS_USER; + break; + } return status; } |