From b85d467ea91c2c602cfee2d8a1161c8389707705 Mon Sep 17 00:00:00 2001 From: "Charles E. Rolke" Date: Wed, 10 Apr 2013 19:56:21 +0000 Subject: QPID-4735: ACL file size/count upper limit checks incorrect Merge IntMin and IntMax functions into a single function to contain duplicated code. Improve log messages so that reading a log file is less painful. Turn on ACL debug logging for main broker in ACL self test. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1466652 13f79535-47bb-0310-9956-ffa450edef68 --- cpp/src/qpid/acl/AclData.cpp | 97 ++++++++++++++------------------------------ cpp/src/qpid/acl/AclData.h | 10 ++--- 2 files changed, 34 insertions(+), 73 deletions(-) (limited to 'cpp/src/qpid') diff --git a/cpp/src/qpid/acl/AclData.cpp b/cpp/src/qpid/acl/AclData.cpp index 847b67cb58..68fc137612 100644 --- a/cpp/src/qpid/acl/AclData.cpp +++ b/cpp/src/qpid/acl/AclData.cpp @@ -254,10 +254,11 @@ namespace acl { case acl::SPECPROP_MAXFILECOUNTUPPERLIMIT: case acl::SPECPROP_MAXFILESIZEUPPERLIMIT: limitChecked &= - compareIntMax( + compareInt( rulePropMapItr->first, boost::lexical_cast(rulePropMapItr->second), - boost::lexical_cast(lookupParamItr->second)); + boost::lexical_cast(lookupParamItr->second), + true); break; case acl::SPECPROP_MAXQUEUECOUNTLOWERLIMIT: @@ -265,10 +266,11 @@ namespace acl { case acl::SPECPROP_MAXFILECOUNTLOWERLIMIT: case acl::SPECPROP_MAXFILESIZELOWERLIMIT: limitChecked &= - compareIntMin( + compareInt( rulePropMapItr->first, boost::lexical_cast(rulePropMapItr->second), - boost::lexical_cast(lookupParamItr->second)); + boost::lexical_cast(lookupParamItr->second), + false); break; default: @@ -635,95 +637,56 @@ namespace acl { // - // Limit check a MAX int limit + // Limit check an int limit // - bool AclData::compareIntMax(const qpid::acl::SpecProperty theProperty, - const std::string theAclValue, - const std::string theLookupValue) + bool AclData::compareInt(const qpid::acl::SpecProperty theProperty, + const std::string theAclValue, + const std::string theLookupValue, + bool theMaxFlag) { - uint64_t aclMax (0); - uint64_t paramMax (0); + uint64_t aclRuleValue (0); + uint64_t lookupValue (0); - try - { - aclMax = boost::lexical_cast(theAclValue); - } - catch(const boost::bad_lexical_cast&) - { - assert (false); - return false; - } + QPID_LOG(debug, "ACL: " + << (theMaxFlag ? "Upper" : "Lower") << "-limit comparison for property " + << AclHelper::getPropertyStr(theProperty) + << ". Success if lookup(" << theLookupValue + << ") " + << (theMaxFlag ? "<=" : ">=") << " rule(" << theAclValue << ")"); try { - paramMax = boost::lexical_cast(theLookupValue); + aclRuleValue = boost::lexical_cast(theAclValue); } catch(const boost::bad_lexical_cast&) { - QPID_LOG(error,"ACL: Error evaluating rule. " - << "Illegal value given in lookup for property '" - << AclHelper::getPropertyStr(theProperty) - << "' : " << theLookupValue); - return false; - } - - QPID_LOG(debug, "ACL: Numeric greater-than comparison for property " - << AclHelper::getPropertyStr(theProperty) - << " (value given in lookup = " << theLookupValue - << ", value give in rule = " << theAclValue << " )"); - - if (( aclMax ) && ( paramMax == 0 || paramMax > aclMax)) - { - QPID_LOG(debug, "ACL: Max limit exceeded for property '" - << AclHelper::getPropertyStr(theProperty) << "'"); + assert (false); return false; } - return true; - } - - - // - // limit check a MIN int limit - // - bool AclData::compareIntMin(const qpid::acl::SpecProperty theProperty, - const std::string theAclValue, - const std::string theLookupValue) - { - uint64_t aclMin (0); - uint64_t paramMin (0); - - try - { - aclMin = boost::lexical_cast(theAclValue); - } - catch(const boost::bad_lexical_cast&) + if (aclRuleValue == 0) { - assert (false); - return false; + QPID_LOG(debug, "ACL: Comparison is always true when ACL rule value is zero"); + return true; } try { - paramMin = boost::lexical_cast(theLookupValue); + lookupValue = boost::lexical_cast(theLookupValue); } catch(const boost::bad_lexical_cast&) { - QPID_LOG(error,"ACL: Error evaluating rule. " - << "Illegal value given in lookup for property '" + QPID_LOG(error,"ACL: Illegal value given in lookup for property '" << AclHelper::getPropertyStr(theProperty) << "' : " << theLookupValue); return false; } - QPID_LOG(debug, "ACL: Numeric less-than comparison for property " - << AclHelper::getPropertyStr(theProperty) - << " (value given in lookup = " << theLookupValue - << ", value give in rule = " << theAclValue << " )"); - - if (( aclMin ) && ( paramMin == 0 || paramMin < aclMin)) + bool result = + (theMaxFlag ? lookupValue > aclRuleValue : lookupValue < aclRuleValue); + if ( result ) { - QPID_LOG(debug, "ACL: Min limit exceeded for property '" + QPID_LOG(debug, "ACL: Limit exceeded for property '" << AclHelper::getPropertyStr(theProperty) << "'"); return false; } diff --git a/cpp/src/qpid/acl/AclData.h b/cpp/src/qpid/acl/AclData.h index cd41e6d315..afc9ce7c2a 100644 --- a/cpp/src/qpid/acl/AclData.h +++ b/cpp/src/qpid/acl/AclData.h @@ -204,13 +204,11 @@ public: virtual ~AclData(); private: - bool compareIntMax(const qpid::acl::SpecProperty theProperty, - const std::string theAclValue, - const std::string theLookupValue); - bool compareIntMin(const qpid::acl::SpecProperty theProperty, - const std::string theAclValue, - const std::string theLookupValue); + bool compareInt(const qpid::acl::SpecProperty theProperty, + const std::string theAclValue, + const std::string theLookupValue, + bool theMaxFlag); // Per-user connection quota bool connQuotaRulesExist; -- cgit v1.2.1