qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From c...@apache.org
Subject svn commit: r1574208 - in /qpid/trunk/qpid/cpp/src/qpid/acl: Acl.cpp Acl.h AclPlugin.cpp
Date Tue, 04 Mar 2014 21:18:16 GMT
Author: chug
Date: Tue Mar  4 21:18:15 2014
New Revision: 1574208

URL: http://svn.apache.org/r1574208
Log:
QPID-5599: C++ Broker silently ignores --max-connections option when no ACL file is loaded.

Always create an ACL object. If no ACL file is specified then create 
a permissive, empty ACL rule set.


Modified:
    qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp
    qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h
    qpid/trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp

Modified: qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp?rev=1574208&r1=1574207&r2=1574208&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp Tue Mar  4 21:18:15 2014
@@ -77,10 +77,16 @@ Acl::Acl (AclValues& av, Broker& b): acl
         mgmtObject->set_maxConnectionsPerUser(aclValues.aclMaxConnectPerUser);
         mgmtObject->set_maxQueuesPerUser(aclValues.aclMaxQueuesPerUser);
     }
-    std::string errorString;
-    if (!readAclFile(errorString)){
-        if (mgmtObject!=0) mgmtObject->set_enforcingAcl(0);
-        throw Exception("Could not read ACL file " + errorString);
+
+    if (!aclValues.aclFile.empty()) {
+        std::string errorString;
+        if (!readAclFile(errorString)){
+            if (mgmtObject!=0) mgmtObject->set_enforcingAcl(0);
+            throw Exception("Could not read ACL file " + errorString);
+        }
+    } else {
+        loadEmptyAclRuleset();
+        QPID_LOG(debug, "ACL loaded empty rule set");
     }
     broker->getConnectionObservers().add(connectionCounter);
     QPID_LOG(info, "ACL Plugin loaded");
@@ -280,6 +286,29 @@ bool Acl::readAclFile(std::string& aclFi
     return true;
 }
 
+//
+// loadEmptyAclRuleset()
+//
+// No ACL file is specified but ACL should run.
+// Create a ruleset as if only "ACL ALLOW ALL ALL" was in a file
+//
+void Acl::loadEmptyAclRuleset() {
+    boost::shared_ptr<AclData> d(new AclData);
+    d->decisionMode = ALLOW;
+    d->aclSource = "";
+    {
+        Mutex::ScopedLock locker(dataLock);
+        data = d;
+    }
+    if (mgmtObject!=0){
+        mgmtObject->set_transferAcl(transferAcl?1:0);
+        mgmtObject->set_policyFile("");
+        sys::AbsTime now = sys::AbsTime::now();
+        int64_t ns = sys::Duration(sys::EPOCH, now);
+        mgmtObject->set_lastAclLoad(ns);
+        agent->raiseEvent(_qmf::EventFileLoaded(""));
+    }
+}
 
 //
 // management lookup function performs general query on acl engine

Modified: qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h?rev=1574208&r1=1574207&r2=1574208&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h Tue Mar  4 21:18:15 2014
@@ -115,6 +115,7 @@ private:
         const std::string& name);
     bool readAclFile(std::string& errorText);
     bool readAclFile(std::string& aclFile, std::string& errorText);
+    void loadEmptyAclRuleset();
     Manageable::status_t lookup       (management::Args& args, std::string& text);
     Manageable::status_t lookupPublish(management::Args& args, std::string& text);
     virtual qpid::management::ManagementObject::shared_ptr GetManagementObject(void) const;

Modified: qpid/trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp?rev=1574208&r1=1574207&r2=1574208&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp Tue Mar  4 21:18:15 2014
@@ -62,17 +62,16 @@ struct AclPlugin : public Plugin {
     Options* getOptions() { return &options; }
 
     void init(broker::Broker& b) {
-        if (values.aclFile.empty()){
-            QPID_LOG(info, "Policy file not specified. ACL Disabled, no ACL checking being
done!");
-        	return;
-        }
-
     	if (acl) throw Exception("ACL plugin cannot be initialized twice in one process.");
 
-        sys::Path aclFile(values.aclFile);
-        sys::Path dataDir(b.getDataDir().getPath());
-        if (!aclFile.isAbsolute() && !dataDir.empty())
+        if (values.aclFile.empty()){
+            QPID_LOG(info, "ACL Policy file not specified.");
+        } else {
+	  sys::Path aclFile(values.aclFile);
+	  sys::Path dataDir(b.getDataDir().getPath());
+	  if (!aclFile.isAbsolute() && !dataDir.empty())
             values.aclFile =  (dataDir + aclFile).str();
+	}
 
         acl = new Acl(values, b);
         b.setAcl(acl.get());



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message