1 files changed, 166 insertions, 0 deletions

diff --git a/qpid/cpp/src/tests/run_acl_tests b/qpid/cpp/src/tests/run_acl_tests
new file mode 100755
index 0000000000..4bb9e7aa5d
--- /dev/null
+++ b/qpid/cpp/src/tests/run_acl_tests
@@ -0,0 +1,166 @@
+#!/usr/bin/env bash
+
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+# 
+#   http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# Run the acl tests. $srcdir is set by the Makefile.
+source ./test_env.sh
+DATA_DIR=`pwd`/data_dir
+DATA_DIRI=`pwd`/data_diri
+DATA_DIRU=`pwd`/data_diru
+DATA_DIRQ=`pwd`/data_dirq
+
+trap stop_brokers INT TERM QUIT
+
+start_brokers() {
+    ../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --data-dir $DATA_DIR --acl-file policy.acl --auth no --log-enable trace+:acl  --log-to-file local.log > qpidd.port
+    LOCAL_PORT=`cat qpidd.port`
+    ../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --data-dir $DATA_DIRI --acl-file policy.acl --auth no --connection-limit-per-ip 2   --log-to-file locali.log > qpiddi.port
+    LOCAL_PORTI=`cat qpiddi.port`
+    ../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --data-dir $DATA_DIRU --acl-file policy.acl --auth no --connection-limit-per-user 2 --log-to-file localu.log > qpiddu.port
+    LOCAL_PORTU=`cat qpiddu.port`
+    ../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --data-dir $DATA_DIRQ --acl-file policy.acl --auth no --max-queues-per-user 2      --log-to-file localq.log > qpiddq.port
+    LOCAL_PORTQ=`cat qpiddq.port`
+}
+
+start_noacl_noauth_brokers() {
+    ../qpidd --daemon --port 0 --no-module-dir --data-dir $DATA_DIR --auth no --log-to-file local.log > qpidd.port
+    LOCAL_PORT=`cat qpidd.port`
+    ../qpidd --daemon --port 0 --no-module-dir --data-dir $DATA_DIRI --auth no --log-to-file locali.log > qpiddi.port
+    LOCAL_PORTI=`cat qpiddi.port`
+    ../qpidd --daemon --port 0 --no-module-dir --data-dir $DATA_DIRU --auth no --log-to-file localu.log > qpiddu.port
+    LOCAL_PORTU=`cat qpiddu.port`
+    ../qpidd --daemon --port 0 --no-module-dir --data-dir $DATA_DIRQ --auth no --log-to-file localq.log > qpiddq.port
+    LOCAL_PORTQ=`cat qpiddq.port`
+}
+
+start_noacl_auth_brokers() {
+    sasl_config_file=$builddir/sasl_config
+    if [ ! -f $sasl_config_file ] ; then
+	echo Creating sasl database
+	. $srcdir/sasl_test_setup.sh
+    fi
+    ../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --data-dir $DATA_DIR --auth yes --sasl-config=$sasl_config_file --log-to-file local.log > qpidd.port
+    LOCAL_PORT=`cat qpidd.port`
+    ../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --data-dir $DATA_DIRI --auth yes --sasl-config=$sasl_config_file --log-to-file locali.log > qpiddi.port
+    LOCAL_PORTI=`cat qpiddi.port`
+    ../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --data-dir $DATA_DIRU --auth yes --sasl-config=$sasl_config_file --log-to-file localu.log > qpiddu.port
+    LOCAL_PORTU=`cat qpiddu.port`
+    ../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --data-dir $DATA_DIRQ --auth yes --sasl-config=$sasl_config_file --log-to-file localq.log > qpiddq.port
+    LOCAL_PORTQ=`cat qpiddq.port`
+}
+
+stop_brokers() {
+        $QPIDD_EXEC --no-module-dir -q --port $LOCAL_PORT
+        $QPIDD_EXEC --no-module-dir -q --port $LOCAL_PORTI
+        $QPIDD_EXEC --no-module-dir -q --port $LOCAL_PORTU
+        $QPIDD_EXEC --no-module-dir -q --port $LOCAL_PORTQ
+}
+
+delete_directories() {
+    rm -rf $DATA_DIR
+    rm -rf $DATA_DIRI
+    rm -rf $DATA_DIRU
+    rm -rf $DATA_DIRQ
+}
+
+delete_logfiles() {
+    rm -rf local.log
+    rm -rf locali.log
+    rm -rf localu.log
+    rm -rf localq.log
+}
+
+create_directories() {
+    mkdir -p $DATA_DIR
+    mkdir -p $DATA_DIRI
+    mkdir -p $DATA_DIRU
+    mkdir -p $DATA_DIRQ
+}
+
+populate_directories() {
+    cp $srcdir/policy.acl $DATA_DIR
+    cp $srcdir/policy.acl $DATA_DIRI
+    cp $srcdir/policy.acl $DATA_DIRU
+    cp $srcdir/policy.acl $DATA_DIRQ
+}
+
+test_loading_acl_from_absolute_path(){
+    POLICY_FILE=$srcdir/policy.acl
+    rm -f temp.log
+    PORT=`../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --no-data-dir --auth no --acl-file $POLICY_FILE -t --log-to-file temp.log  2>/dev/null`
+    ACL_FILE=`grep "notice ACL: Read file" temp.log | sed 's/^.*Read file //'`
+   $QPIDD_EXEC --no-module-dir -q --port $PORT
+   if test "$ACL_FILE" != "\"$POLICY_FILE\""; then
+     echo "unable to load policy file from an absolute path";
+     return 1;
+   fi
+   rm temp.log
+}
+
+test_noacl_deny_create_link() {
+    delete_logfiles
+    start_noacl_noauth_brokers
+    echo "Running no-acl, no-auth tests using brokers on ports $LOCAL_PORT, $LOCAL_PORTI, $LOCAL_PORTU, and $LOCAL_PORTQ"
+    $QPID_CONFIG_EXEC -a localhost:$LOCAL_PORT  add exchange topic fed.topic
+    $QPID_CONFIG_EXEC -a localhost:$LOCAL_PORTI add exchange topic fed.topic
+    $QPID_ROUTE_EXEC dynamic add localhost:$LOCAL_PORT localhost:$LOCAL_PORTI fed.topic 2>/dev/null
+    sleep 2
+    stop_brokers
+    grep -q "must specify ACL create link rules" local.log
+    if [ $? -eq 0 ]
+    then
+	echo "Test fail - Broker with auth=no should have allowed link creation";
+	return 1;
+    fi
+
+    delete_logfiles
+    start_noacl_auth_brokers
+    echo "Running no-acl, auth tests using brokers on ports $LOCAL_PORT, $LOCAL_PORTI, $LOCAL_PORTU, and $LOCAL_PORTQ"
+    $QPID_CONFIG_EXEC -a localhost:$LOCAL_PORT  add exchange topic fed.topic
+    $QPID_CONFIG_EXEC -a localhost:$LOCAL_PORTI add exchange topic fed.topic
+    $QPID_ROUTE_EXEC dynamic add localhost:$LOCAL_PORT localhost:$LOCAL_PORTI fed.topic 2>/dev/null
+    sleep 2
+    stop_brokers
+    grep -q "must specify ACL create link rules" local.log
+    if [ $? -ne 0 ]
+    then
+	echo "Test fail - Broker with no ACL and --auth=yes file did not deny link creation";
+	return 1;
+    fi
+}
+
+if test -d ${PYTHON_DIR} ;  then
+    # run acl.py test file
+    delete_directories
+    create_directories
+    populate_directories
+    delete_logfiles
+    start_brokers
+    echo "Running acl tests using brokers on ports $LOCAL_PORT, $LOCAL_PORTI, $LOCAL_PORTU, and $LOCAL_PORTQ"
+    $QPID_PYTHON_TEST -b localhost:$LOCAL_PORT -m acl -Dport-i=$LOCAL_PORTI -Dport-u=$LOCAL_PORTU -Dport-q=$LOCAL_PORTQ || EXITCODE=1
+    stop_brokers || EXITCODE=1
+    #
+    test_loading_acl_from_absolute_path || EXITCODE=1
+    #
+    test_noacl_deny_create_link || EXITCODE=1
+    delete_directories
+    exit $EXITCODE
+fi
+