qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From raj...@apache.org
Subject svn commit: r892123 - in /qpid/trunk/qpid/cpp/src/qpid/broker: SemanticState.cpp SemanticState.h
Date Fri, 18 Dec 2009 03:52:58 GMT
Author: rajith
Date: Fri Dec 18 03:52:58 2009
New Revision: 892123

URL: http://svn.apache.org/viewvc?rev=892123&view=rev
Log:
This is a fix for QPID-2290 and the proper fix for QPID-2175
If the client doesn't add a domain to the userID supplied in the message, the broker will
add the default realm before performing the userID check.

Modified:
    qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.cpp
    qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.h

Modified: qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.cpp?rev=892123&r1=892122&r2=892123&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.cpp Fri Dec 18 03:52:58 2009
@@ -70,7 +70,8 @@
       tagGenerator("sgen"),
       dtxSelected(false),
       authMsg(getSession().getBroker().getOptions().auth && !getSession().getConnection().isFederationLink()),
-      userID(getSession().getConnection().getUserId())
+      userID(getSession().getConnection().getUserId()),
+      defaultRealm(getSession().getBroker().getOptions().realm)
 {
     acl = getSession().getBroker().getAcl();
 }
@@ -429,7 +430,7 @@
     std::string id =
     	msg->hasProperties<MessageProperties>() ? msg->getProperties<MessageProperties>()->getUserId()
: nullstring;
 
-    if (authMsg &&  !id.empty() && id != userID )
+    if (authMsg &&  !id.empty() && id != userID && id.append("@").append(defaultRealm)
!= userID)
     {
         QPID_LOG(debug, "authorised user id : " << userID << " but user id in
message declared as " << id);
         throw UnauthorizedAccessException(QPID_MSG("authorised user id : " << userID
<< " but user id in message declared as " << id));
@@ -438,7 +439,7 @@
     if (acl && acl->doTransferAcl())
     {
         if (!acl->authorise(getSession().getConnection().getUserId(),acl::ACT_PUBLISH,acl::OBJ_EXCHANGE,exchangeName,
msg->getRoutingKey() ))
-            throw NotAllowedException(QPID_MSG(getSession().getConnection().getUserId() <<
" cannot publish to " <<
+            throw NotAllowedException(QPID_MSG(userID << " cannot publish to " <<
                                                exchangeName << " with routing-key "
<< msg->getRoutingKey()));
     }
 

Modified: qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.h
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.h?rev=892123&r1=892122&r2=892123&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/broker/SemanticState.h Fri Dec 18 03:52:58 2009
@@ -156,6 +156,7 @@
     AclModule* acl;
     const bool authMsg;
     const string userID;
+    const string defaultRealm;
 
     void route(boost::intrusive_ptr<Message> msg, Deliverable& strategy);
     void checkDtxTimeout();



---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org


Mime
View raw message