From 7a769f0e9ff0c52e45098653c9f67487ab2fc6c5 Mon Sep 17 00:00:00 2001 From: Alan Conway Date: Wed, 12 Oct 2011 18:31:07 +0000 Subject: QPID-3544: ACL denials while replicating exclusive queues to a newly joined node. Changes missed from previous commit. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1182514 13f79535-47bb-0310-9956-ffa450edef68 --- cpp/src/qpid/broker/ConnectionHandler.cpp | 7 +++---- cpp/src/qpid/broker/ConnectionHandler.h | 1 - cpp/src/qpid/broker/SemanticState.cpp | 5 ++--- cpp/src/qpid/broker/SemanticState.h | 1 - 4 files changed, 5 insertions(+), 9 deletions(-) diff --git a/cpp/src/qpid/broker/ConnectionHandler.cpp b/cpp/src/qpid/broker/ConnectionHandler.cpp index 82b72d3f52..7cd91ae539 100644 --- a/cpp/src/qpid/broker/ConnectionHandler.cpp +++ b/cpp/src/qpid/broker/ConnectionHandler.cpp @@ -108,13 +108,10 @@ ConnectionHandler::ConnectionHandler(Connection& connection, bool isClient, bool ConnectionHandler::Handler::Handler(Connection& c, bool isClient, bool isShadow) : proxy(c.getOutput()), - connection(c), serverMode(!isClient), acl(0), secured(0), + connection(c), serverMode(!isClient), secured(0), isOpen(false) { if (serverMode) { - - acl = connection.getBroker().getAcl(); - FieldTable properties; Array mechanisms(0x95); @@ -168,6 +165,8 @@ void ConnectionHandler::Handler::startOk(const ConnectionStartOkBody& body) connection.setFederationPeerTag(clientProperties.getAsString(QPID_FED_TAG)); } if (connection.isFederationLink()) { + AclModule* acl = connection.getBroker().getAcl(); + FieldTable properties; if (acl && !acl->authorise(connection.getUserId(),acl::ACT_CREATE,acl::OBJ_LINK,"")){ proxy.close(framing::connection::CLOSE_CODE_CONNECTION_FORCED,"ACL denied creating a federation link"); return; diff --git a/cpp/src/qpid/broker/ConnectionHandler.h b/cpp/src/qpid/broker/ConnectionHandler.h index f3e7d7d21d..05c5f00c57 100644 --- a/cpp/src/qpid/broker/ConnectionHandler.h +++ b/cpp/src/qpid/broker/ConnectionHandler.h @@ -59,7 +59,6 @@ class ConnectionHandler : public framing::FrameHandler Connection& connection; bool serverMode; std::auto_ptr authenticator; - AclModule* acl; SecureConnection* secured; bool isOpen; diff --git a/cpp/src/qpid/broker/SemanticState.cpp b/cpp/src/qpid/broker/SemanticState.cpp index 380ec656cb..fbcb21eab9 100644 --- a/cpp/src/qpid/broker/SemanticState.cpp +++ b/cpp/src/qpid/broker/SemanticState.cpp @@ -75,9 +75,7 @@ SemanticState::SemanticState(DeliveryAdapter& da, SessionContext& ss) userName(getSession().getConnection().getUserId().substr(0,getSession().getConnection().getUserId().find('@'))), isDefaultRealm(userID.find('@') != std::string::npos && getSession().getBroker().getOptions().realm == userID.substr(userID.find('@')+1,userID.size())), closeComplete(false) -{ - acl = getSession().getBroker().getAcl(); -} +{} SemanticState::~SemanticState() { closed(); @@ -488,6 +486,7 @@ void SemanticState::route(intrusive_ptr msg, Deliverable& strategy) { throw UnauthorizedAccessException(QPID_MSG("authorised user id : " << userID << " but user id in message declared as " << id)); } + AclModule* acl = getSession().getBroker().getAcl(); if (acl && acl->doTransferAcl()) { if (!acl->authorise(getSession().getConnection().getUserId(),acl::ACT_PUBLISH,acl::OBJ_EXCHANGE,exchangeName, msg->getRoutingKey() )) diff --git a/cpp/src/qpid/broker/SemanticState.h b/cpp/src/qpid/broker/SemanticState.h index 12ccc75f11..6d88dd56d9 100644 --- a/cpp/src/qpid/broker/SemanticState.h +++ b/cpp/src/qpid/broker/SemanticState.h @@ -165,7 +165,6 @@ class SemanticState : private boost::noncopyable { DtxBufferMap suspendedXids; framing::SequenceSet accumulatedAck; boost::shared_ptr cacheExchange; - AclModule* acl; const bool authMsg; const std::string userID; const std::string userName; -- cgit v1.2.1