diff options
Diffstat (limited to 'cpp/src/qpid/acl/AclData.cpp')
| -rw-r--r-- | cpp/src/qpid/acl/AclData.cpp | 97 |
1 files changed, 30 insertions, 67 deletions
diff --git a/cpp/src/qpid/acl/AclData.cpp b/cpp/src/qpid/acl/AclData.cpp index 847b67cb58..68fc137612 100644 --- a/cpp/src/qpid/acl/AclData.cpp +++ b/cpp/src/qpid/acl/AclData.cpp @@ -254,10 +254,11 @@ namespace acl { case acl::SPECPROP_MAXFILECOUNTUPPERLIMIT: case acl::SPECPROP_MAXFILESIZEUPPERLIMIT: limitChecked &= - compareIntMax( + compareInt( rulePropMapItr->first, boost::lexical_cast<std::string>(rulePropMapItr->second), - boost::lexical_cast<std::string>(lookupParamItr->second)); + boost::lexical_cast<std::string>(lookupParamItr->second), + true); break; case acl::SPECPROP_MAXQUEUECOUNTLOWERLIMIT: @@ -265,10 +266,11 @@ namespace acl { case acl::SPECPROP_MAXFILECOUNTLOWERLIMIT: case acl::SPECPROP_MAXFILESIZELOWERLIMIT: limitChecked &= - compareIntMin( + compareInt( rulePropMapItr->first, boost::lexical_cast<std::string>(rulePropMapItr->second), - boost::lexical_cast<std::string>(lookupParamItr->second)); + boost::lexical_cast<std::string>(lookupParamItr->second), + false); break; default: @@ -635,95 +637,56 @@ namespace acl { // - // Limit check a MAX int limit + // Limit check an int limit // - bool AclData::compareIntMax(const qpid::acl::SpecProperty theProperty, - const std::string theAclValue, - const std::string theLookupValue) + bool AclData::compareInt(const qpid::acl::SpecProperty theProperty, + const std::string theAclValue, + const std::string theLookupValue, + bool theMaxFlag) { - uint64_t aclMax (0); - uint64_t paramMax (0); + uint64_t aclRuleValue (0); + uint64_t lookupValue (0); - try - { - aclMax = boost::lexical_cast<uint64_t>(theAclValue); - } - catch(const boost::bad_lexical_cast&) - { - assert (false); - return false; - } + QPID_LOG(debug, "ACL: " + << (theMaxFlag ? "Upper" : "Lower") << "-limit comparison for property " + << AclHelper::getPropertyStr(theProperty) + << ". Success if lookup(" << theLookupValue + << ") " + << (theMaxFlag ? "<=" : ">=") << " rule(" << theAclValue << ")"); try { - paramMax = boost::lexical_cast<uint64_t>(theLookupValue); + aclRuleValue = boost::lexical_cast<uint64_t>(theAclValue); } catch(const boost::bad_lexical_cast&) { - QPID_LOG(error,"ACL: Error evaluating rule. " - << "Illegal value given in lookup for property '" - << AclHelper::getPropertyStr(theProperty) - << "' : " << theLookupValue); - return false; - } - - QPID_LOG(debug, "ACL: Numeric greater-than comparison for property " - << AclHelper::getPropertyStr(theProperty) - << " (value given in lookup = " << theLookupValue - << ", value give in rule = " << theAclValue << " )"); - - if (( aclMax ) && ( paramMax == 0 || paramMax > aclMax)) - { - QPID_LOG(debug, "ACL: Max limit exceeded for property '" - << AclHelper::getPropertyStr(theProperty) << "'"); + assert (false); return false; } - return true; - } - - - // - // limit check a MIN int limit - // - bool AclData::compareIntMin(const qpid::acl::SpecProperty theProperty, - const std::string theAclValue, - const std::string theLookupValue) - { - uint64_t aclMin (0); - uint64_t paramMin (0); - - try - { - aclMin = boost::lexical_cast<uint64_t>(theAclValue); - } - catch(const boost::bad_lexical_cast&) + if (aclRuleValue == 0) { - assert (false); - return false; + QPID_LOG(debug, "ACL: Comparison is always true when ACL rule value is zero"); + return true; } try { - paramMin = boost::lexical_cast<uint64_t>(theLookupValue); + lookupValue = boost::lexical_cast<uint64_t>(theLookupValue); } catch(const boost::bad_lexical_cast&) { - QPID_LOG(error,"ACL: Error evaluating rule. " - << "Illegal value given in lookup for property '" + QPID_LOG(error,"ACL: Illegal value given in lookup for property '" << AclHelper::getPropertyStr(theProperty) << "' : " << theLookupValue); return false; } - QPID_LOG(debug, "ACL: Numeric less-than comparison for property " - << AclHelper::getPropertyStr(theProperty) - << " (value given in lookup = " << theLookupValue - << ", value give in rule = " << theAclValue << " )"); - - if (( aclMin ) && ( paramMin == 0 || paramMin < aclMin)) + bool result = + (theMaxFlag ? lookupValue > aclRuleValue : lookupValue < aclRuleValue); + if ( result ) { - QPID_LOG(debug, "ACL: Min limit exceeded for property '" + QPID_LOG(debug, "ACL: Limit exceeded for property '" << AclHelper::getPropertyStr(theProperty) << "'"); return false; } |