From 9bc70bfcd5fbced071fa304a5591ca8acb61c32f Mon Sep 17 00:00:00 2001 From: "Charles E. Rolke" Date: Wed, 2 May 2012 17:00:54 +0000 Subject: QPID-2616 Count and limit client connections. Bug fix: use Connection.getUserId() and not getUsername() to identify user and upgrade selftest to match. Add comment to Connection.h to suggest the particular pitfall. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1333110 13f79535-47bb-0310-9956-ffa450edef68 --- qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp | 10 ++++---- qpid/cpp/src/qpid/broker/Connection.h | 5 ++++ qpid/cpp/src/tests/acl.py | 32 ++++++++++++++++++-------- 3 files changed, 32 insertions(+), 15 deletions(-) diff --git a/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp b/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp index 5a70c569a7..5d4e3c1544 100644 --- a/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp +++ b/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp @@ -104,7 +104,7 @@ void ConnectionCounter::releaseLH( // void ConnectionCounter::connection(broker::Connection& connection) { QPID_LOG(trace, "ACL ConnectionCounter connection IP:" << connection.getMgmtId() - << ", user:" << connection.getUsername()); + << ", userId:" << connection.getUserId()); Mutex::ScopedLock locker(dataLock); @@ -117,11 +117,11 @@ void ConnectionCounter::connection(broker::Connection& connection) { // void ConnectionCounter::opened(broker::Connection& connection) { QPID_LOG(trace, "ACL ConnectionCounter Opened IP:" << connection.getMgmtId() - << ", user:" << connection.getUsername()); + << ", userId:" << connection.getUserId()); Mutex::ScopedLock locker(dataLock); - const std::string& userName( connection.getUsername()); + const std::string& userName( connection.getUserId()); const std::string& hostName(getClientHost(connection.getMgmtId())); // Bump state from CREATED to OPENED @@ -157,7 +157,7 @@ void ConnectionCounter::opened(broker::Connection& connection) { // void ConnectionCounter::closed(broker::Connection& connection) { QPID_LOG(trace, "ACL ConnectionCounter Closed IP:" << connection.getMgmtId() - << ", user:" << connection.getUsername()); + << ", userId:" << connection.getUserId()); Mutex::ScopedLock locker(dataLock); @@ -167,7 +167,7 @@ void ConnectionCounter::closed(broker::Connection& connection) { // Normal case: connection was created and opened. // Decrement in-use counts releaseLH(connectByNameMap, - connection.getUsername(), + connection.getUserId(), nameLimit); releaseLH(connectByHostMap, diff --git a/qpid/cpp/src/qpid/broker/Connection.h b/qpid/cpp/src/qpid/broker/Connection.h index 858ab6f7f4..1b8bd83139 100644 --- a/qpid/cpp/src/qpid/broker/Connection.h +++ b/qpid/cpp/src/qpid/broker/Connection.h @@ -113,15 +113,20 @@ class Connection : public sys::ConnectionInputHandler, void requestIOProcessing (boost::function0); void recordFromServer (const framing::AMQFrame& frame); void recordFromClient (const framing::AMQFrame& frame); + + // gets for configured federation links std::string getAuthMechanism(); std::string getAuthCredentials(); std::string getUsername(); std::string getPassword(); std::string getHost(); uint16_t getPort(); + void notifyConnectionForced(const std::string& text); void setUserId(const std::string& uid); void raiseConnectEvent(); + + // credentials for connected client const std::string& getUserId() const { return ConnectionState::getUserId(); } const std::string& getMgmtId() const { return mgmtId; } management::ManagementAgent* getAgent() const { return agent; } diff --git a/qpid/cpp/src/tests/acl.py b/qpid/cpp/src/tests/acl.py index 9b170c16f5..720b3b4216 100755 --- a/qpid/cpp/src/tests/acl.py +++ b/qpid/cpp/src/tests/acl.py @@ -1518,29 +1518,41 @@ class ACLTests(TestBase010): """ # By username should be able to connect twice per user try: - sessiona1 = self.get_session_by_port('anonymous','anonymous', self.port_u()) - sessiona2 = self.get_session_by_port('anonymous','anonymous', self.port_u()) + sessiona1 = self.get_session_by_port('alice','alice', self.port_u()) + sessiona2 = self.get_session_by_port('alice','alice', self.port_u()) except Exception, e: - self.fail("Could not create two connections per user: " + str(e)) + self.fail("Could not create two connections for user alice: " + str(e)) # Third session should fail try: - sessiona3 = self.get_session_by_port('anonymous','anonymous', self.port_u()) - self.fail("Should not be able to create third connection") + sessiona3 = self.get_session_by_port('alice','alice', self.port_u()) + self.fail("Should not be able to create third connection for user alice") + except Exception, e: + result = None + + try: + sessionb1 = self.get_session_by_port('bob','bob', self.port_u()) + sessionb2 = self.get_session_by_port('bob','bob', self.port_u()) + except Exception, e: + self.fail("Could not create two connections for user bob: " + str(e)) + + try: + sessionb3 = self.get_session_by_port('bob','bob', self.port_u()) + self.fail("Should not be able to create third connection for user bob") except Exception, e: result = None # By IP address should be able to connect twice per client address try: - sessionb1 = self.get_session_by_port('anonymous','anonymous', self.port_i()) - sessionb2 = self.get_session_by_port('anonymous','anonymous', self.port_i()) + sessionb1 = self.get_session_by_port('alice','alice', self.port_i()) + sessionb2 = self.get_session_by_port('bob','bob', self.port_i()) except Exception, e: - self.fail("Could not create two connections per user: " + str(e)) + self.fail("Could not create two connections for client address: " + str(e)) # Third session should fail try: - sessionb3 = self.get_session_by_port('anonymous','anonymous', self.port_i()) - self.fail("Should not be able to create third connection") + sessionb3 = self.get_session_by_port('charlie','charlie', self.port_i()) + self.fail("Should not be able to create third connection for client address") except Exception, e: result = None -- cgit v1.2.1