You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ac...@apache.org on 2010/05/27 22:02:19 UTC

svn commit: r948967 - in /qpid/trunk/qpid/cpp/src/qpid: broker/ConnectionHandler.cpp broker/ConnectionHandler.h cluster/Connection.cpp

Author: aconway
Date: Thu May 27 20:02:18 2010
New Revision: 948967

URL: http://svn.apache.org/viewvc?rev=948967&view=rev
Log:
Fix issues with cluster+security

- was using "none" not empty string for no ID.
- was multicasting secure id for update and shadow connections.

Modified:
    qpid/trunk/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp
    qpid/trunk/qpid/cpp/src/qpid/broker/ConnectionHandler.h
    qpid/trunk/qpid/cpp/src/qpid/cluster/Connection.cpp

Modified: qpid/trunk/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp?rev=948967&r1=948966&r2=948967&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp Thu May 27 20:02:18 2010
@@ -181,14 +181,6 @@ void ConnectionHandler::Handler::tuneOk(
     connection.setHeartbeatInterval(heartbeat);
 }
 
-void ConnectionHandler::Handler::callUserIdCallbacks ( ) {
-    string s;
-    if ( false == authenticator->getUsername(s) )
-        s = "none";
-    if ( userIdCallback )
-      userIdCallback ( s );
-}
-
 void ConnectionHandler::Handler::open(const string& /*virtualHost*/,
                                       const framing::Array& /*capabilities*/, bool /*insist*/)
 {
@@ -204,7 +196,14 @@ void ConnectionHandler::Handler::open(co
         if (sl.get()) secured->activateSecurityLayer(sl);
     }
 
-    callUserIdCallbacks ( );
+    if ( userIdCallback ) {
+        string s;
+        // Not checking the return value of getUsername, if there is
+        // no username then we want to call the userIdCallback anyway
+        // with an empty string.
+        authenticator->getUsername(s);
+        userIdCallback(s);
+    }
 }
 
 

Modified: qpid/trunk/qpid/cpp/src/qpid/broker/ConnectionHandler.h
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/broker/ConnectionHandler.h?rev=948967&r1=948966&r2=948967&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/broker/ConnectionHandler.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/broker/ConnectionHandler.h Thu May 27 20:02:18 2010
@@ -68,12 +68,7 @@ class ConnectionHandler : public framing
         void closeOk();
 
         UserIdCallback userIdCallback;
-        void setUserIdCallback ( UserIdCallback fn ) {
-                 userIdCallback = fn;
-             };
-
-
-        void callUserIdCallbacks ( );
+        void setUserIdCallback ( UserIdCallback fn ) { userIdCallback = fn; };
 
 
         void start(const qpid::framing::FieldTable& serverProperties,

Modified: qpid/trunk/qpid/cpp/src/qpid/cluster/Connection.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/cluster/Connection.cpp?rev=948967&r1=948966&r2=948967&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/cluster/Connection.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/cluster/Connection.cpp Thu May 27 20:02:18 2010
@@ -620,26 +620,26 @@ void Connection::managementAgents(const 
 }
 
 
-// Only the direct, non-shadow gets this call.
 void Connection::mcastUserId ( std::string & id ) {
-    cluster.getMulticast().mcastControl( ClusterConnectionSecureUserIdBody(ProtocolVersion(), string(id)), getId() );
-
-  {
-      sys::Mutex::ScopedLock l(connectionNegotiationMonitor);
-      inConnectionNegotiation = false;
-      mcastSentButNotReceived = false;
-      connectionNegotiationMonitor.notify();
-  }
+    // Only the directly connected broker will mcast the secure user id, and only
+    // for client connections (not update connections)
+    if (isLocalClient())
+        cluster.getMulticast().mcastControl(
+            ClusterConnectionSecureUserIdBody(ProtocolVersion(), string(id)), getId() );
+    {
+        // This call signals the end of the connection negotiation phase.
+        sys::Mutex::ScopedLock l(connectionNegotiationMonitor);
+        inConnectionNegotiation = false;
+        mcastSentButNotReceived = false;
+        connectionNegotiationMonitor.notify();
+    }
 }
 
 // All connections, shadow or not, get this call.
 void Connection::secureUserId(const std::string& id) {
-    if ( isShadow() ) {
-        // If the user ID is "none", it is not legitimate.  Take no action.
-        if ( strcmp ( id.c_str(), "none" ) ) {
-            connection->setUserId ( id );
-        }
-    }
+    // Only set the user ID on shadow connections, and only if id is not the empty string.
+    if ( isShadow() && !id.empty() )
+        connection->setUserId ( id );
 }
 
 



---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org