1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
|
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# Run the acl tests. $srcdir is set by the Makefile.
source ./test_env.sh
DATA_DIR=`pwd`/data_dir
DATA_DIRI=`pwd`/data_diri
DATA_DIRU=`pwd`/data_diru
DATA_DIRQ=`pwd`/data_dirq
trap stop_brokers INT TERM QUIT
start_brokers() {
../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --data-dir $DATA_DIR --acl-file policy.acl --auth no --log-enable trace+:acl --log-to-file local.log > qpidd.port
LOCAL_PORT=`cat qpidd.port`
../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --data-dir $DATA_DIRI --acl-file policy.acl --auth no --connection-limit-per-ip 2 --log-to-file locali.log > qpiddi.port
LOCAL_PORTI=`cat qpiddi.port`
../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --data-dir $DATA_DIRU --acl-file policy.acl --auth no --connection-limit-per-user 2 --log-to-file localu.log > qpiddu.port
LOCAL_PORTU=`cat qpiddu.port`
../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --data-dir $DATA_DIRQ --acl-file policy.acl --auth no --max-queues-per-user 2 --log-to-file localq.log > qpiddq.port
LOCAL_PORTQ=`cat qpiddq.port`
}
start_noacl_noauth_brokers() {
../qpidd --daemon --port 0 --no-module-dir --data-dir $DATA_DIR --auth no --log-to-file local.log > qpidd.port
LOCAL_PORT=`cat qpidd.port`
../qpidd --daemon --port 0 --no-module-dir --data-dir $DATA_DIRI --auth no --log-to-file locali.log > qpiddi.port
LOCAL_PORTI=`cat qpiddi.port`
../qpidd --daemon --port 0 --no-module-dir --data-dir $DATA_DIRU --auth no --log-to-file localu.log > qpiddu.port
LOCAL_PORTU=`cat qpiddu.port`
../qpidd --daemon --port 0 --no-module-dir --data-dir $DATA_DIRQ --auth no --log-to-file localq.log > qpiddq.port
LOCAL_PORTQ=`cat qpiddq.port`
}
start_noacl_auth_brokers() {
sasl_config_file=$builddir/sasl_config
if [ ! -f $sasl_config_file ] ; then
echo Creating sasl database
. $srcdir/sasl_test_setup.sh
fi
../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --data-dir $DATA_DIR --auth yes --sasl-config=$sasl_config_file --log-to-file local.log > qpidd.port
LOCAL_PORT=`cat qpidd.port`
../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --data-dir $DATA_DIRI --auth yes --sasl-config=$sasl_config_file --log-to-file locali.log > qpiddi.port
LOCAL_PORTI=`cat qpiddi.port`
../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --data-dir $DATA_DIRU --auth yes --sasl-config=$sasl_config_file --log-to-file localu.log > qpiddu.port
LOCAL_PORTU=`cat qpiddu.port`
../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --data-dir $DATA_DIRQ --auth yes --sasl-config=$sasl_config_file --log-to-file localq.log > qpiddq.port
LOCAL_PORTQ=`cat qpiddq.port`
}
stop_brokers() {
$QPIDD_EXEC --no-module-dir -q --port $LOCAL_PORT
$QPIDD_EXEC --no-module-dir -q --port $LOCAL_PORTI
$QPIDD_EXEC --no-module-dir -q --port $LOCAL_PORTU
$QPIDD_EXEC --no-module-dir -q --port $LOCAL_PORTQ
}
delete_directories() {
rm -rf $DATA_DIR
rm -rf $DATA_DIRI
rm -rf $DATA_DIRU
rm -rf $DATA_DIRQ
}
delete_logfiles() {
rm -rf local.log
rm -rf locali.log
rm -rf localu.log
rm -rf localq.log
}
create_directories() {
mkdir -p $DATA_DIR
mkdir -p $DATA_DIRI
mkdir -p $DATA_DIRU
mkdir -p $DATA_DIRQ
}
populate_directories() {
cp $srcdir/policy.acl $DATA_DIR
cp $srcdir/policy.acl $DATA_DIRI
cp $srcdir/policy.acl $DATA_DIRU
cp $srcdir/policy.acl $DATA_DIRQ
}
test_loading_acl_from_absolute_path(){
POLICY_FILE=$srcdir/policy.acl
rm -f temp.log
PORT=`../qpidd --daemon --port 0 --interface 127.0.0.1 --no-module-dir --no-data-dir --auth no --acl-file $POLICY_FILE -t --log-to-file temp.log 2>/dev/null`
ACL_FILE=`grep "notice ACL: Read file" temp.log | sed 's/^.*Read file //'`
$QPIDD_EXEC --no-module-dir -q --port $PORT
if test "$ACL_FILE" != "\"$POLICY_FILE\""; then
echo "unable to load policy file from an absolute path";
return 1;
fi
rm temp.log
}
test_noacl_deny_create_link() {
delete_logfiles
start_noacl_noauth_brokers
echo "Running no-acl, no-auth tests using brokers on ports $LOCAL_PORT, $LOCAL_PORTI, $LOCAL_PORTU, and $LOCAL_PORTQ"
$QPID_CONFIG_EXEC -a localhost:$LOCAL_PORT add exchange topic fed.topic
$QPID_CONFIG_EXEC -a localhost:$LOCAL_PORTI add exchange topic fed.topic
$QPID_ROUTE_EXEC dynamic add localhost:$LOCAL_PORT localhost:$LOCAL_PORTI fed.topic 2>/dev/null
sleep 2
stop_brokers
grep -q "must specify ACL create link rules" local.log
if [ $? -eq 0 ]
then
echo "Test fail - Broker with auth=no should have allowed link creation";
return 1;
fi
delete_logfiles
start_noacl_auth_brokers
echo "Running no-acl, auth tests using brokers on ports $LOCAL_PORT, $LOCAL_PORTI, $LOCAL_PORTU, and $LOCAL_PORTQ"
$QPID_CONFIG_EXEC -a localhost:$LOCAL_PORT add exchange topic fed.topic
$QPID_CONFIG_EXEC -a localhost:$LOCAL_PORTI add exchange topic fed.topic
$QPID_ROUTE_EXEC dynamic add localhost:$LOCAL_PORT localhost:$LOCAL_PORTI fed.topic 2>/dev/null
sleep 2
stop_brokers
grep -q "must specify ACL create link rules" local.log
if [ $? -ne 0 ]
then
echo "Test fail - Broker with no ACL and --auth=yes file did not deny link creation";
return 1;
fi
}
if test -d ${PYTHON_DIR} ; then
# run acl.py test file
delete_directories
create_directories
populate_directories
delete_logfiles
start_brokers
echo "Running acl tests using brokers on ports $LOCAL_PORT, $LOCAL_PORTI, $LOCAL_PORTU, and $LOCAL_PORTQ"
$QPID_PYTHON_TEST -b localhost:$LOCAL_PORT -m acl -Dport-i=$LOCAL_PORTI -Dport-u=$LOCAL_PORTU -Dport-q=$LOCAL_PORTQ || EXITCODE=1
stop_brokers || EXITCODE=1
#
test_loading_acl_from_absolute_path || EXITCODE=1
#
test_noacl_deny_create_link || EXITCODE=1
delete_directories
exit $EXITCODE
fi
|
