diff options
Diffstat (limited to 'qpid/cpp')
| -rw-r--r-- | qpid/cpp/src/qpid/acl/AclReader.cpp | 12 | ||||
| -rw-r--r-- | qpid/cpp/src/qpid/acl/AclReader.h | 5 | ||||
| -rwxr-xr-x | qpid/cpp/src/tests/acl.py | 46 |
3 files changed, 59 insertions, 4 deletions
diff --git a/qpid/cpp/src/qpid/acl/AclReader.cpp b/qpid/cpp/src/qpid/acl/AclReader.cpp index c407339390..8f5e4f5b57 100644 --- a/qpid/cpp/src/qpid/acl/AclReader.cpp +++ b/qpid/cpp/src/qpid/acl/AclReader.cpp @@ -312,6 +312,7 @@ bool AclReader::processGroupLine(tokList& toks, const bool cont) { errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Name \"" << toks[i] << "\" contains illegal characters."; return false; } + if (!isValidUserName(toks[i])) return false; addName(toks[i], citr->second); } } else { @@ -330,6 +331,7 @@ bool AclReader::processGroupLine(tokList& toks, const bool cont) { errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Name \"" << toks[i] << "\" contains illegal characters."; return false; } + if (!isValidUserName(toks[i])) return false; addName(toks[i], citr->second); } } @@ -508,4 +510,14 @@ AclReader::nvPair AclReader::splitNameValuePair(const std::string& nvpString) { return nvPair(nvpString.substr(0, pos), nvpString.substr(pos+1)); } +// Returns true if a username has the name@realm format +bool AclReader::isValidUserName(const std::string& name){ + size_t pos = name.find('@'); + if ( pos == std::string::npos || pos == name.length() -1){ + errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Username '" << name << "' must contain a realm"; + return false; + } + return true; +} + }} // namespace qpid::acl diff --git a/qpid/cpp/src/qpid/acl/AclReader.h b/qpid/cpp/src/qpid/acl/AclReader.h index d85dbeef6b..dccb450192 100644 --- a/qpid/cpp/src/qpid/acl/AclReader.h +++ b/qpid/cpp/src/qpid/acl/AclReader.h @@ -107,11 +107,12 @@ class AclReader { bool processAclLine(tokList& toks); void printRules() const; // debug aid - + bool isValidUserName(const std::string& name); + static bool checkName(const std::string& name); static nvPair splitNameValuePair(const std::string& nvpString); }; - + }} // namespace qpid::acl #endif // QPID_ACL_ACLREADER_H diff --git a/qpid/cpp/src/tests/acl.py b/qpid/cpp/src/tests/acl.py index 671b2fe247..0cae148769 100755 --- a/qpid/cpp/src/tests/acl.py +++ b/qpid/cpp/src/tests/acl.py @@ -132,7 +132,35 @@ class ACLTests(TestBase010): except qpid.session.SessionException, e: self.assertEqual(530,e.args[0].error_code) - + + def test_group_and_user_with_same_name(self): + """ + Test a group and user with same name + Ex. group admin admin + """ + aclf = ACLFile() + aclf.write('group bob@QPID bob@QPID\n') + aclf.write('acl deny bob@QPID bind exchange\n') + aclf.write('acl allow all all') + aclf.close() + + self.reload_acl() + + session = get_session('bob','bob') + try: + session.queue_declare(queue="allow_queue") + except qpid.session.SessionException, e: + if (530 == e.args[0].error_code): + self.fail("ACL should allow queue create request"); + self.fail("Error during queue create request"); + + try: + session.exchange_bind(exchange="amq.direct", queue="allow_queue", binding_key="routing_key") + self.fail("ACL should deny queue bind request"); + except qpid.session.SessionException, e: + self.assertEqual(530,e.args[0].error_code) + + #===================================== # ACL file format tests #===================================== @@ -180,7 +208,21 @@ class ACLTests(TestBase010): if (result.text.find("contains illegal characters",0,len(result.text)) == -1): self.fail(result) - + def test_user_without_realm(self): + """ + Test a user defined without a realm + Ex. group admin rajith + """ + aclf = ACLFile() + aclf.write('group admin bob\n') + aclf.write('acl deny admin bind exchange\n') + aclf.write('acl allow all all') + aclf.close() + + result = self.reload_acl() + if (result.text.find("Username 'bob' must contain a realm",0,len(result.text)) == -1): + self.fail(result) + #===================================== # ACL queue tests |