You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by tr...@apache.org on 2017/05/25 12:49:39 UTC
[2/2] qpid-dispatch git commit: Use proper error condition when the
link is denied
Use proper error condition when the link is denied
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/6e094945
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/6e094945
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/6e094945
Branch: refs/heads/master
Commit: 6e09494502b9abd3d56f32a782b28e366de8da03
Parents: 1918431
Author: Jakub Scholz <ja...@scholz.cz>
Authored: Thu May 25 08:22:55 2017 +0000
Committer: Jakub Scholz <ja...@scholz.cz>
Committed: Thu May 25 08:22:55 2017 +0000
----------------------------------------------------------------------
src/policy.c | 26 +++++++++++++-------------
src/policy_internal.h | 11 ++++++-----
2 files changed, 19 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/6e094945/src/policy.c
----------------------------------------------------------------------
diff --git a/src/policy.c b/src/policy.c
index 0e1f5a3..960a3a7 100644
--- a/src/policy.c
+++ b/src/policy.c
@@ -429,10 +429,10 @@ void qd_policy_apply_session_settings(pn_session_t *ssn, qd_connection_t *qd_con
//
//
-void _qd_policy_deny_amqp_link(pn_link_t *link, qd_connection_t *qd_conn)
+void _qd_policy_deny_amqp_link(pn_link_t *link, qd_connection_t *qd_conn, const char *condition)
{
pn_condition_t * cond = pn_link_condition(link);
- (void) pn_condition_set_name( cond, QD_AMQP_COND_RESOURCE_LIMIT_EXCEEDED);
+ (void) pn_condition_set_name( cond, condition);
(void) pn_condition_set_description(cond, LINK_DISALLOWED);
pn_link_close(link);
}
@@ -440,18 +440,18 @@ void _qd_policy_deny_amqp_link(pn_link_t *link, qd_connection_t *qd_conn)
//
//
-void _qd_policy_deny_amqp_sender_link(pn_link_t *pn_link, qd_connection_t *qd_conn)
+void _qd_policy_deny_amqp_sender_link(pn_link_t *pn_link, qd_connection_t *qd_conn, const char *condition)
{
- _qd_policy_deny_amqp_link(pn_link, qd_conn);
+ _qd_policy_deny_amqp_link(pn_link, qd_conn, condition);
qd_conn->policy_settings->denialCounts->senderDenied++;
}
//
//
-void _qd_policy_deny_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *qd_conn)
+void _qd_policy_deny_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *qd_conn, const char *condition)
{
- _qd_policy_deny_amqp_link(pn_link, qd_conn);
+ _qd_policy_deny_amqp_link(pn_link, qd_conn, condition);
qd_conn->policy_settings->denialCounts->receiverDenied++;
}
@@ -576,7 +576,7 @@ bool qd_policy_approve_amqp_sender_link(pn_link_t *pn_link, qd_connection_t *qd_
qd_log(qd_server_dispatch(qd_conn->server)->policy->log_source, QD_LOG_INFO,
"DENY AMQP Attach sender for user '%s', rhost '%s', vhost '%s' based on maxSenders limit",
qd_conn->user_id, hostip, vhost);
- _qd_policy_deny_amqp_sender_link(pn_link, qd_conn);
+ _qd_policy_deny_amqp_sender_link(pn_link, qd_conn, QD_AMQP_COND_RESOURCE_LIMIT_EXCEEDED);
return false;
} else {
// max sender limit not violated
@@ -596,7 +596,7 @@ bool qd_policy_approve_amqp_sender_link(pn_link_t *pn_link, qd_connection_t *qd_
(lookup ? "ALLOW" : "DENY"), target, qd_conn->user_id, hostip, vhost);
if (!lookup) {
- _qd_policy_deny_amqp_sender_link(pn_link, qd_conn);
+ _qd_policy_deny_amqp_sender_link(pn_link, qd_conn, QD_AMQP_COND_UNAUTHORIZED_ACCESS);
return false;
}
} else {
@@ -607,7 +607,7 @@ bool qd_policy_approve_amqp_sender_link(pn_link_t *pn_link, qd_connection_t *qd_
"%s AMQP Attach anonymous sender for user '%s', rhost '%s', vhost '%s'",
(lookup ? "ALLOW" : "DENY"), qd_conn->user_id, hostip, vhost);
if (!lookup) {
- _qd_policy_deny_amqp_sender_link(pn_link, qd_conn);
+ _qd_policy_deny_amqp_sender_link(pn_link, qd_conn, QD_AMQP_COND_UNAUTHORIZED_ACCESS);
return false;
}
}
@@ -627,7 +627,7 @@ bool qd_policy_approve_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *q
qd_log(qd_server_dispatch(qd_conn->server)->policy->log_source, QD_LOG_INFO,
"DENY AMQP Attach receiver for user '%s', rhost '%s', vhost '%s' based on maxReceivers limit",
qd_conn->user_id, hostip, vhost);
- _qd_policy_deny_amqp_receiver_link(pn_link, qd_conn);
+ _qd_policy_deny_amqp_receiver_link(pn_link, qd_conn, QD_AMQP_COND_RESOURCE_LIMIT_EXCEEDED);
return false;
} else {
// max receiver limit not violated
@@ -644,7 +644,7 @@ bool qd_policy_approve_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *q
(lookup ? "ALLOW" : "DENY"), qd_conn->user_id, hostip, vhost);
// Dynamic source policy rendered the decision
if (!lookup) {
- _qd_policy_deny_amqp_receiver_link(pn_link, qd_conn);
+ _qd_policy_deny_amqp_receiver_link(pn_link, qd_conn, QD_AMQP_COND_UNAUTHORIZED_ACCESS);
}
return lookup;
}
@@ -658,7 +658,7 @@ bool qd_policy_approve_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *q
(lookup ? "ALLOW" : "DENY"), source, qd_conn->user_id, hostip, vhost);
if (!lookup) {
- _qd_policy_deny_amqp_receiver_link(pn_link, qd_conn);
+ _qd_policy_deny_amqp_receiver_link(pn_link, qd_conn, QD_AMQP_COND_UNAUTHORIZED_ACCESS);
return false;
}
} else {
@@ -666,7 +666,7 @@ bool qd_policy_approve_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *q
qd_log(qd_server_dispatch(qd_conn->server)->policy->log_source, QD_LOG_TRACE,
"DENY AMQP Attach receiver link '' for user '%s', rhost '%s', vhost '%s'",
qd_conn->user_id, hostip, vhost);
- _qd_policy_deny_amqp_receiver_link(pn_link, qd_conn);
+ _qd_policy_deny_amqp_receiver_link(pn_link, qd_conn, QD_AMQP_COND_UNAUTHORIZED_ACCESS);
return false;
}
// Approved
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/6e094945/src/policy_internal.h
----------------------------------------------------------------------
diff --git a/src/policy_internal.h b/src/policy_internal.h
index 47572f7..374d4ea 100644
--- a/src/policy_internal.h
+++ b/src/policy_internal.h
@@ -46,26 +46,27 @@ void qd_policy_deny_amqp_session(pn_session_t *ssn, qd_connection_t *qd_conn);
* The link is closed and the denial is logged but not counted.
* @param[in] link proton link being closed
* @param[in] qd_conn the qd conection
+ * @param[in] condition the AMQP error with which to close the link
*/
-void _qd_policy_deny_amqp_link(pn_link_t *link, qd_connection_t *qd_conn);
+void _qd_policy_deny_amqp_link(pn_link_t *link, qd_connection_t *qd_conn, const char *condition);
/** Internal function to deny a sender amqp link
* The link is closed and the denial is logged but not counted.
* @param[in] link proton link to close
* @param[in] qd_conn the qd conection
- * @param[in] s_or_r 'sender' or 'receiver' for logging
+ * @param[in] condition the AMQP error with which to close the link
*/
-void _qd_policy_deny_amqp_sender_link(pn_link_t *pn_link, qd_connection_t *qd_conn);
+void _qd_policy_deny_amqp_sender_link(pn_link_t *pn_link, qd_connection_t *qd_conn, const char *condition);
/** Internal function to deny a receiver amqp link
* The link is closed and the denial is logged but not counted.
* @param[in] link proton link to close
* @param[in] qd_conn the qd conection
- * @param[in] s_or_r 'sender' or 'receiver' for logging
+ * @param[in] condition the AMQP error with which to close the link
*/
-void _qd_policy_deny_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *qd_conn);
+void _qd_policy_deny_amqp_receiver_link(pn_link_t *pn_link, qd_connection_t *qd_conn, const char *condition);
/** Perform user name substitution into proposed link name.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org