diff options
Diffstat (limited to 'cpp/src/qpid/broker')
-rw-r--r-- | cpp/src/qpid/broker/AclModule.h | 449 |
1 files changed, 224 insertions, 225 deletions
diff --git a/cpp/src/qpid/broker/AclModule.h b/cpp/src/qpid/broker/AclModule.h index 2f4f7eaacc..e32ff266b9 100644 --- a/cpp/src/qpid/broker/AclModule.h +++ b/cpp/src/qpid/broker/AclModule.h @@ -32,248 +32,247 @@ namespace qpid { namespace acl { -enum ObjectType {OBJ_QUEUE, OBJ_EXCHANGE, OBJ_BROKER, OBJ_LINK, - OBJ_METHOD, OBJECTSIZE}; // OBJECTSIZE must be last in list -enum Action {ACT_CONSUME, ACT_PUBLISH, ACT_CREATE, ACT_ACCESS, ACT_BIND, - ACT_UNBIND, ACT_DELETE, ACT_PURGE, ACT_UPDATE, - ACTIONSIZE}; // ACTIONSIZE must be last in list -enum Property {PROP_NAME, PROP_DURABLE, PROP_OWNER, PROP_ROUTINGKEY, - PROP_PASSIVE, PROP_AUTODELETE, PROP_EXCLUSIVE, PROP_TYPE, - PROP_ALTERNATE, PROP_QUEUENAME, PROP_SCHEMAPACKAGE, - PROP_SCHEMACLASS, PROP_POLICYTYPE, PROP_MAXQUEUESIZE, - PROP_MAXQUEUECOUNT}; -enum AclResult {ALLOW, ALLOWLOG, DENY, DENYLOG}; + enum ObjectType {OBJ_QUEUE, OBJ_EXCHANGE, OBJ_BROKER, OBJ_LINK, + OBJ_METHOD, OBJECTSIZE}; // OBJECTSIZE must be last in list + enum Action {ACT_CONSUME, ACT_PUBLISH, ACT_CREATE, ACT_ACCESS, ACT_BIND, + ACT_UNBIND, ACT_DELETE, ACT_PURGE, ACT_UPDATE, + ACTIONSIZE}; // ACTIONSIZE must be last in list + enum Property {PROP_NAME, PROP_DURABLE, PROP_OWNER, PROP_ROUTINGKEY, + PROP_PASSIVE, PROP_AUTODELETE, PROP_EXCLUSIVE, PROP_TYPE, + PROP_ALTERNATE, PROP_QUEUENAME, PROP_SCHEMAPACKAGE, + PROP_SCHEMACLASS, PROP_POLICYTYPE, PROP_MAXQUEUESIZE, + PROP_MAXQUEUECOUNT}; + enum AclResult {ALLOW, ALLOWLOG, DENY, DENYLOG}; } // namespace acl namespace broker { -class AclModule -{ + class AclModule + { -public: - - // effienty turn off ACL on message transfer. - virtual bool doTransferAcl()=0; - - virtual bool authorise(const std::string& id, const acl::Action& action, const acl::ObjectType& objType, const std::string& name, - std::map<acl::Property, std::string>* params=0)=0; - virtual bool authorise(const std::string& id, const acl::Action& action, const acl::ObjectType& objType, const std::string& ExchangeName, - const std::string& RoutingKey)=0; - // create specilied authorise methods for cases that need faster matching as needed. + public: - virtual ~AclModule() {}; -}; + // effienty turn off ACL on message transfer. + virtual bool doTransferAcl()=0; + virtual bool authorise(const std::string& id, const acl::Action& action, const acl::ObjectType& objType, const std::string& name, + std::map<acl::Property, std::string>* params=0)=0; + virtual bool authorise(const std::string& id, const acl::Action& action, const acl::ObjectType& objType, const std::string& ExchangeName, + const std::string& RoutingKey)=0; + // create specilied authorise methods for cases that need faster matching as needed. + + virtual ~AclModule() {}; + }; } // namespace broker namespace acl { -class AclHelper { - private: - AclHelper(){} - public: - static inline ObjectType getObjectType(const std::string& str) { - if (str.compare("queue") == 0) return OBJ_QUEUE; - if (str.compare("exchange") == 0) return OBJ_EXCHANGE; - if (str.compare("broker") == 0) return OBJ_BROKER; - if (str.compare("link") == 0) return OBJ_LINK; - if (str.compare("method") == 0) return OBJ_METHOD; - throw str; - } - static inline std::string getObjectTypeStr(const ObjectType o) { - switch (o) { - case OBJ_QUEUE: return "queue"; - case OBJ_EXCHANGE: return "exchange"; - case OBJ_BROKER: return "broker"; - case OBJ_LINK: return "link"; - case OBJ_METHOD: return "method"; - default: assert(false); // should never get here + class AclHelper { + private: + AclHelper(){} + public: + static inline ObjectType getObjectType(const std::string& str) { + if (str.compare("queue") == 0) return OBJ_QUEUE; + if (str.compare("exchange") == 0) return OBJ_EXCHANGE; + if (str.compare("broker") == 0) return OBJ_BROKER; + if (str.compare("link") == 0) return OBJ_LINK; + if (str.compare("method") == 0) return OBJ_METHOD; + throw str; + } + static inline std::string getObjectTypeStr(const ObjectType o) { + switch (o) { + case OBJ_QUEUE: return "queue"; + case OBJ_EXCHANGE: return "exchange"; + case OBJ_BROKER: return "broker"; + case OBJ_LINK: return "link"; + case OBJ_METHOD: return "method"; + default: assert(false); // should never get here + } + return ""; + } + static inline Action getAction(const std::string& str) { + if (str.compare("consume") == 0) return ACT_CONSUME; + if (str.compare("publish") == 0) return ACT_PUBLISH; + if (str.compare("create") == 0) return ACT_CREATE; + if (str.compare("access") == 0) return ACT_ACCESS; + if (str.compare("bind") == 0) return ACT_BIND; + if (str.compare("unbind") == 0) return ACT_UNBIND; + if (str.compare("delete") == 0) return ACT_DELETE; + if (str.compare("purge") == 0) return ACT_PURGE; + if (str.compare("update") == 0) return ACT_UPDATE; + throw str; + } + static inline std::string getActionStr(const Action a) { + switch (a) { + case ACT_CONSUME: return "consume"; + case ACT_PUBLISH: return "publish"; + case ACT_CREATE: return "create"; + case ACT_ACCESS: return "access"; + case ACT_BIND: return "bind"; + case ACT_UNBIND: return "unbind"; + case ACT_DELETE: return "delete"; + case ACT_PURGE: return "purge"; + case ACT_UPDATE: return "update"; + default: assert(false); // should never get here + } + return ""; + } + static inline Property getProperty(const std::string& str) { + if (str.compare("name") == 0) return PROP_NAME; + if (str.compare("durable") == 0) return PROP_DURABLE; + if (str.compare("owner") == 0) return PROP_OWNER; + if (str.compare("routingkey") == 0) return PROP_ROUTINGKEY; + if (str.compare("passive") == 0) return PROP_PASSIVE; + if (str.compare("autodelete") == 0) return PROP_AUTODELETE; + if (str.compare("exclusive") == 0) return PROP_EXCLUSIVE; + if (str.compare("type") == 0) return PROP_TYPE; + if (str.compare("alternate") == 0) return PROP_ALTERNATE; + if (str.compare("queuename") == 0) return PROP_QUEUENAME; + if (str.compare("schemapackage") == 0) return PROP_SCHEMAPACKAGE; + if (str.compare("schemaclass") == 0) return PROP_SCHEMACLASS; + if (str.compare("policytype") == 0) return PROP_POLICYTYPE; + if (str.compare("maxqueuesize") == 0) return PROP_MAXQUEUESIZE; + if (str.compare("maxqueuecount") == 0) return PROP_MAXQUEUECOUNT; + throw str; } - return ""; - } - static inline Action getAction(const std::string& str) { - if (str.compare("consume") == 0) return ACT_CONSUME; - if (str.compare("publish") == 0) return ACT_PUBLISH; - if (str.compare("create") == 0) return ACT_CREATE; - if (str.compare("access") == 0) return ACT_ACCESS; - if (str.compare("bind") == 0) return ACT_BIND; - if (str.compare("unbind") == 0) return ACT_UNBIND; - if (str.compare("delete") == 0) return ACT_DELETE; - if (str.compare("purge") == 0) return ACT_PURGE; - if (str.compare("update") == 0) return ACT_UPDATE; - throw str; - } - static inline std::string getActionStr(const Action a) { - switch (a) { - case ACT_CONSUME: return "consume"; - case ACT_PUBLISH: return "publish"; - case ACT_CREATE: return "create"; - case ACT_ACCESS: return "access"; - case ACT_BIND: return "bind"; - case ACT_UNBIND: return "unbind"; - case ACT_DELETE: return "delete"; - case ACT_PURGE: return "purge"; - case ACT_UPDATE: return "update"; - default: assert(false); // should never get here + static inline std::string getPropertyStr(const Property p) { + switch (p) { + case PROP_NAME: return "name"; + case PROP_DURABLE: return "durable"; + case PROP_OWNER: return "owner"; + case PROP_ROUTINGKEY: return "routingkey"; + case PROP_PASSIVE: return "passive"; + case PROP_AUTODELETE: return "autodelete"; + case PROP_EXCLUSIVE: return "exclusive"; + case PROP_TYPE: return "type"; + case PROP_ALTERNATE: return "alternate"; + case PROP_QUEUENAME: return "queuename"; + case PROP_SCHEMAPACKAGE: return "schemapackage"; + case PROP_SCHEMACLASS: return "schemaclass"; + case PROP_POLICYTYPE: return "policytype"; + case PROP_MAXQUEUESIZE: return "maxqueuesize"; + case PROP_MAXQUEUECOUNT: return "maxqueuecount"; + default: assert(false); // should never get here + } + return ""; } - return ""; - } - static inline Property getProperty(const std::string& str) { - if (str.compare("name") == 0) return PROP_NAME; - if (str.compare("durable") == 0) return PROP_DURABLE; - if (str.compare("owner") == 0) return PROP_OWNER; - if (str.compare("routingkey") == 0) return PROP_ROUTINGKEY; - if (str.compare("passive") == 0) return PROP_PASSIVE; - if (str.compare("autodelete") == 0) return PROP_AUTODELETE; - if (str.compare("exclusive") == 0) return PROP_EXCLUSIVE; - if (str.compare("type") == 0) return PROP_TYPE; - if (str.compare("alternate") == 0) return PROP_ALTERNATE; - if (str.compare("queuename") == 0) return PROP_QUEUENAME; - if (str.compare("schemapackage") == 0) return PROP_SCHEMAPACKAGE; - if (str.compare("schemaclass") == 0) return PROP_SCHEMACLASS; - if (str.compare("policytype") == 0) return PROP_POLICYTYPE; - if (str.compare("maxqueuesize") == 0) return PROP_MAXQUEUESIZE; - if (str.compare("maxqueuecount") == 0) return PROP_MAXQUEUECOUNT; - throw str; - } - static inline std::string getPropertyStr(const Property p) { - switch (p) { - case PROP_NAME: return "name"; - case PROP_DURABLE: return "durable"; - case PROP_OWNER: return "owner"; - case PROP_ROUTINGKEY: return "routingkey"; - case PROP_PASSIVE: return "passive"; - case PROP_AUTODELETE: return "autodelete"; - case PROP_EXCLUSIVE: return "exclusive"; - case PROP_TYPE: return "type"; - case PROP_ALTERNATE: return "alternate"; - case PROP_QUEUENAME: return "queuename"; - case PROP_SCHEMAPACKAGE: return "schemapackage"; - case PROP_SCHEMACLASS: return "schemaclass"; - case PROP_POLICYTYPE: return "policytype"; - case PROP_MAXQUEUESIZE: return "maxqueuesize"; - case PROP_MAXQUEUECOUNT: return "maxqueuecount"; - default: assert(false); // should never get here + static inline AclResult getAclResult(const std::string& str) { + if (str.compare("allow") == 0) return ALLOW; + if (str.compare("allow-log") == 0) return ALLOWLOG; + if (str.compare("deny") == 0) return DENY; + if (str.compare("deny-log") == 0) return DENYLOG; + throw str; } - return ""; - } - static inline AclResult getAclResult(const std::string& str) { - if (str.compare("allow") == 0) return ALLOW; - if (str.compare("allow-log") == 0) return ALLOWLOG; - if (str.compare("deny") == 0) return DENY; - if (str.compare("deny-log") == 0) return DENYLOG; - throw str; - } - static inline std::string getAclResultStr(const AclResult r) { - switch (r) { - case ALLOW: return "allow"; - case ALLOWLOG: return "allow-log"; - case DENY: return "deny"; - case DENYLOG: return "deny-log"; - default: assert(false); // should never get here + static inline std::string getAclResultStr(const AclResult r) { + switch (r) { + case ALLOW: return "allow"; + case ALLOWLOG: return "allow-log"; + case DENY: return "deny"; + case DENYLOG: return "deny-log"; + default: assert(false); // should never get here + } + return ""; + } + + typedef std::set<Property> propSet; + typedef boost::shared_ptr<propSet> propSetPtr; + typedef std::pair<Action, propSetPtr> actionPair; + typedef std::map<Action, propSetPtr> actionMap; + typedef boost::shared_ptr<actionMap> actionMapPtr; + typedef std::pair<ObjectType, actionMapPtr> objectPair; + typedef std::map<ObjectType, actionMapPtr> objectMap; + typedef objectMap::const_iterator omCitr; + typedef boost::shared_ptr<objectMap> objectMapPtr; + typedef std::map<Property, std::string> propMap; + typedef propMap::const_iterator propMapItr; + + // This map contains the legal combinations of object/action/properties found in an ACL file + static void loadValidationMap(objectMapPtr& map) { + if (!map.get()) return; + map->clear(); + propSetPtr p0; // empty ptr, used for no properties + + // == Exchanges == + + propSetPtr p1(new propSet); + p1->insert(PROP_TYPE); + p1->insert(PROP_ALTERNATE); + p1->insert(PROP_PASSIVE); + p1->insert(PROP_DURABLE); + + propSetPtr p2(new propSet); + p2->insert(PROP_ROUTINGKEY); + + propSetPtr p3(new propSet); + p3->insert(PROP_QUEUENAME); + p3->insert(PROP_ROUTINGKEY); + + actionMapPtr a0(new actionMap); + a0->insert(actionPair(ACT_CREATE, p1)); + a0->insert(actionPair(ACT_DELETE, p0)); + a0->insert(actionPair(ACT_ACCESS, p0)); + a0->insert(actionPair(ACT_BIND, p2)); + a0->insert(actionPair(ACT_UNBIND, p2)); + a0->insert(actionPair(ACT_ACCESS, p3)); + a0->insert(actionPair(ACT_PUBLISH, p0)); + + map->insert(objectPair(OBJ_EXCHANGE, a0)); + + // == Queues == + + propSetPtr p4(new propSet); + p4->insert(PROP_ALTERNATE); + p4->insert(PROP_PASSIVE); + p4->insert(PROP_DURABLE); + p4->insert(PROP_EXCLUSIVE); + p4->insert(PROP_AUTODELETE); + p4->insert(PROP_POLICYTYPE); + p4->insert(PROP_MAXQUEUESIZE); + p4->insert(PROP_MAXQUEUECOUNT); + + actionMapPtr a1(new actionMap); + a1->insert(actionPair(ACT_ACCESS, p0)); + a1->insert(actionPair(ACT_CREATE, p4)); + a1->insert(actionPair(ACT_PURGE, p0)); + a1->insert(actionPair(ACT_DELETE, p0)); + a1->insert(actionPair(ACT_CONSUME, p0)); + + map->insert(objectPair(OBJ_QUEUE, a1)); + + // == Links == + + actionMapPtr a2(new actionMap); + a2->insert(actionPair(ACT_CREATE, p0)); + + map->insert(objectPair(OBJ_LINK, a2)); + + // == Method == + + propSetPtr p5(new propSet); + p5->insert(PROP_SCHEMAPACKAGE); + p5->insert(PROP_SCHEMACLASS); + + actionMapPtr a4(new actionMap); + a4->insert(actionPair(ACT_ACCESS, p5)); + + map->insert(objectPair(OBJ_METHOD, a4)); + } + + static std::string propertyMapToString(const std::map<Property, std::string>* params) { + std::ostringstream ss; + ss << "{"; + if (params) + { + for (propMapItr pMItr = params->begin(); pMItr != params->end(); pMItr++) { + ss << " " << getPropertyStr((Property) pMItr-> first) << "=" << pMItr->second; + } + } + ss << " }"; + return ss.str(); } - return ""; - } - - typedef std::set<Property> propSet; - typedef boost::shared_ptr<propSet> propSetPtr; - typedef std::pair<Action, propSetPtr> actionPair; - typedef std::map<Action, propSetPtr> actionMap; - typedef boost::shared_ptr<actionMap> actionMapPtr; - typedef std::pair<ObjectType, actionMapPtr> objectPair; - typedef std::map<ObjectType, actionMapPtr> objectMap; - typedef objectMap::const_iterator omCitr; - typedef boost::shared_ptr<objectMap> objectMapPtr; - typedef std::map<Property, std::string> propMap; - typedef propMap::const_iterator propMapItr; - - // This map contains the legal combinations of object/action/properties found in an ACL file - static void loadValidationMap(objectMapPtr& map) { - if (!map.get()) return; - map->clear(); - propSetPtr p0; // empty ptr, used for no properties - - // == Exchanges == - - propSetPtr p1(new propSet); - p1->insert(PROP_TYPE); - p1->insert(PROP_ALTERNATE); - p1->insert(PROP_PASSIVE); - p1->insert(PROP_DURABLE); - - propSetPtr p2(new propSet); - p2->insert(PROP_ROUTINGKEY); - - propSetPtr p3(new propSet); - p3->insert(PROP_QUEUENAME); - p3->insert(PROP_ROUTINGKEY); - - actionMapPtr a0(new actionMap); - a0->insert(actionPair(ACT_CREATE, p1)); - a0->insert(actionPair(ACT_DELETE, p0)); - a0->insert(actionPair(ACT_ACCESS, p0)); - a0->insert(actionPair(ACT_BIND, p2)); - a0->insert(actionPair(ACT_UNBIND, p2)); - a0->insert(actionPair(ACT_ACCESS, p3)); - a0->insert(actionPair(ACT_PUBLISH, p0)); - - map->insert(objectPair(OBJ_EXCHANGE, a0)); - - // == Queues == - - propSetPtr p4(new propSet); - p4->insert(PROP_ALTERNATE); - p4->insert(PROP_PASSIVE); - p4->insert(PROP_DURABLE); - p4->insert(PROP_EXCLUSIVE); - p4->insert(PROP_AUTODELETE); - p4->insert(PROP_POLICYTYPE); - p4->insert(PROP_MAXQUEUESIZE); - p4->insert(PROP_MAXQUEUECOUNT); - - actionMapPtr a1(new actionMap); - a1->insert(actionPair(ACT_ACCESS, p0)); - a1->insert(actionPair(ACT_CREATE, p4)); - a1->insert(actionPair(ACT_PURGE, p0)); - a1->insert(actionPair(ACT_DELETE, p0)); - a1->insert(actionPair(ACT_CONSUME, p0)); - - map->insert(objectPair(OBJ_QUEUE, a1)); - - // == Links == - - actionMapPtr a2(new actionMap); - a2->insert(actionPair(ACT_CREATE, p0)); - - map->insert(objectPair(OBJ_LINK, a2)); - - // == Method == - - propSetPtr p5(new propSet); - p5->insert(PROP_SCHEMAPACKAGE); - p5->insert(PROP_SCHEMACLASS); - - actionMapPtr a4(new actionMap); - a4->insert(actionPair(ACT_ACCESS, p5)); - - map->insert(objectPair(OBJ_METHOD, a4)); - } - - static std::string propertyMapToString(const std::map<Property, std::string>* params) { - std::ostringstream ss; - ss << "{"; - if (params) - { - for (propMapItr pMItr = params->begin(); pMItr != params->end(); pMItr++) { - ss << " " << getPropertyStr((Property) pMItr-> first) << "=" << pMItr->second; - } - } - ss << " }"; - return ss.str(); - } -}; + }; }} // namespace qpid::acl |