You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by gm...@apache.org on 2017/04/04 20:37:35 UTC
qpid-dispatch git commit: DISPATCH-736 - Fix code that detects if
IPV6 is enabled
Repository: qpid-dispatch
Updated Branches:
refs/heads/master 41efe0710 -> 8e1d5cf98
DISPATCH-736 - Fix code that detects if IPV6 is enabled
(cherry picked from commit 5e000b5f1f527f55323485e5082e6240d61b9cba)
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/8e1d5cf9
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/8e1d5cf9
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/8e1d5cf9
Branch: refs/heads/master
Commit: 8e1d5cf987379cce40cf9da15d173a6761482bef
Parents: 41efe07
Author: Ganesh Murthy <gm...@redhat.com>
Authored: Mon Apr 3 11:51:12 2017 -0400
Committer: Ganesh Murthy <gm...@redhat.com>
Committed: Tue Apr 4 16:31:50 2017 -0400
----------------------------------------------------------------------
.../policy/policy_local.py | 12 ++-
.../policy/policy_util.py | 24 ++++--
tests/policy-1/policy-boardwalk.json | 2 +-
tests/policy-1/policy-boardwalk.json.in | 88 ++++++++++++++++++++
tests/policy-1/policy-safari.json.in | 87 +++++++++++++++++++
tests/router_policy_test.py | 4 +-
tests/system_test.py | 14 ----
tests/system_tests_policy.py | 16 ++++
tests/system_tests_protocol_family.py | 3 +-
9 files changed, 220 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/8e1d5cf9/python/qpid_dispatch_internal/policy/policy_local.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/policy/policy_local.py b/python/qpid_dispatch_internal/policy/policy_local.py
index 8da5402..4f176e0 100644
--- a/python/qpid_dispatch_internal/policy/policy_local.py
+++ b/python/qpid_dispatch_internal/policy/policy_local.py
@@ -23,7 +23,7 @@
import json
import pdb
-from policy_util import PolicyError, HostStruct, HostAddr, PolicyAppConnectionMgr
+from policy_util import PolicyError, HostStruct, HostAddr, PolicyAppConnectionMgr, is_ipv6_enabled
"""
Entity implementing the business logic of user connection/access policy.
@@ -702,8 +702,14 @@ class PolicyLocal(object):
ruleset_str += '"users": { "users": "u1, u2", "remoteHosts": "*", "maxFrameSize": 222222, "maxMessageSize": 222222, "maxSessionWindow": 222222, "maxSessions": 2, "maxSenders": 22, "maxReceivers": 22, "allowDynamicSource": false, "allowAnonymousSender": false, "sources": "public, private", "targets": "public" },'
ruleset_str += '"paidsubscribers": { "users": "p1, p2", "remoteHosts": "*", "maxFrameSize": 333333, "maxMessageSize": 333333, "maxSessionWindow": 333333, "maxSessions": 3, "maxSenders": 33, "maxReceivers": 33, "allowDynamicSource": true, "allowAnonymousSender": false, "sources": "public, private", "targets": "public, private" },'
ruleset_str += '"test": { "users": "zeke, ynot", "remoteHosts": "10.48.0.0-10.48.255.255, 192.168.100.0-192.168.100.255", "maxFrameSize": 444444, "maxMessageSize": 444444, "maxSessionWindow": 444444, "maxSessions": 4, "maxSenders": 44, "maxReceivers": 44, "allowDynamicSource": true, "allowAnonymousSender": true, "sources": "private", "targets": "private" },'
- ruleset_str += '"admin": { "users": "alice, bob", "remoteHosts": "10.48.0.0-10.48.255.255, 192.168.100.0-192.168.100.255, 10.18.0.0-10.18.255.255, 127.0.0.1, ::1", "maxFrameSize": 555555, "maxMessageSize": 555555, "maxSessionWindow": 555555, "maxSessions": 5, "maxSenders": 55, "maxReceivers": 55, "allowDynamicSource": true, "allowAnonymousSender": true, "sources": "public, private, management", "targets": "public, private, management" },'
- ruleset_str += '"superuser": { "users": "ellen", "remoteHosts": "72.135.2.9, 127.0.0.1, ::1", "maxFrameSize": 666666, "maxMessageSize": 666666, "maxSessionWindow": 666666, "maxSessions": 6, "maxSenders": 66, "maxReceivers": 66, "allowDynamicSource": false, "allowAnonymousSender": false, "sources": "public, private, management, root", "targets": "public, private, management, root" },'
+
+ if is_ipv6_enabled():
+ ruleset_str += '"admin": { "users": "alice, bob", "remoteHosts": "10.48.0.0-10.48.255.255, 192.168.100.0-192.168.100.255, 10.18.0.0-10.18.255.255, 127.0.0.1, ::1", "maxFrameSize": 555555, "maxMessageSize": 555555, "maxSessionWindow": 555555, "maxSessions": 5, "maxSenders": 55, "maxReceivers": 55, "allowDynamicSource": true, "allowAnonymousSender": true, "sources": "public, private, management", "targets": "public, private, management" },'
+ ruleset_str += '"superuser": { "users": "ellen", "remoteHosts": "72.135.2.9, 127.0.0.1, ::1", "maxFrameSize": 666666, "maxMessageSize": 666666, "maxSessionWindow": 666666, "maxSessions": 6, "maxSenders": 66, "maxReceivers": 66, "allowDynamicSource": false, "allowAnonymousSender": false, "sources": "public, private, management, root", "targets": "public, private, management, root" },'
+ else:
+ ruleset_str += '"admin": { "users": "alice, bob", "remoteHosts": "10.48.0.0-10.48.255.255, 192.168.100.0-192.168.100.255, 10.18.0.0-10.18.255.255, 127.0.0.1", "maxFrameSize": 555555, "maxMessageSize": 555555, "maxSessionWindow": 555555, "maxSessions": 5, "maxSenders": 55, "maxReceivers": 55, "allowDynamicSource": true, "allowAnonymousSender": true, "sources": "public, private, management", "targets": "public, private, management" },'
+ ruleset_str += '"superuser": { "users": "ellen", "remoteHosts": "72.135.2.9, 127.0.0.1", "maxFrameSize": 666666, "maxMessageSize": 666666, "maxSessionWindow": 666666, "maxSessions": 6, "maxSenders": 66, "maxReceivers": 66, "allowDynamicSource": false, "allowAnonymousSender": false, "sources": "public, private, management, root", "targets": "public, private, management, root" },'
+
ruleset_str += '"$default": { "remoteHosts": "*", "maxFrameSize": 222222, "maxMessageSize": 222222, "maxSessionWindow": 222222, "maxSessions": 2, "maxSenders": 22, "maxReceivers": 22, "allowDynamicSource": false, "allowAnonymousSender": false, "sources": "public, private", "targets": "public" }'
ruleset_str += '}}]'
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/8e1d5cf9/python/qpid_dispatch_internal/policy/policy_util.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/policy/policy_util.py b/python/qpid_dispatch_internal/policy/policy_util.py
index a955808..eaf8993 100644
--- a/python/qpid_dispatch_internal/policy/policy_util.py
+++ b/python/qpid_dispatch_internal/policy/policy_util.py
@@ -17,11 +17,9 @@
# under the License
#
-import sys, os
import socket
import binascii
-
#
#
class PolicyError(Exception):
@@ -30,8 +28,19 @@ class PolicyError(Exception):
def __str__(self):
return repr(self.value)
-#
-#
+def is_ipv6_enabled():
+ """
+ Returns true if IPV6 is enabled, false otherwise
+ """
+ ipv6_enabled = True
+ try:
+ sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
+ sock.bind(('::1', 0))
+ except Exception as e:
+ ipv6_enabled = False
+
+ return ipv6_enabled
+
class HostStruct(object):
"""
HostStruct represents a single, binary socket address from getaddrinfo
@@ -42,10 +51,11 @@ class HostStruct(object):
"""
families = [socket.AF_INET]
famnames = ["IPv4"]
- if socket.has_ipv6:
+ if is_ipv6_enabled():
families.append(socket.AF_INET6)
famnames.append("IPv6")
+
def __init__(self, hostname):
"""
Given a host name text string, return the socket info for it.
@@ -70,7 +80,6 @@ class HostStruct(object):
if not saddr == sockaddr[0] or not sfamily == family:
raise PolicyError("HostStruct: '%s' resolves to multiple IP addresses" %
hostname)
-
if not foundFirst:
raise PolicyError("HostStruct: '%s' did not resolve to one of the supported address family" %
hostname)
@@ -116,9 +125,6 @@ class HostAddr(object):
Raises a PolicyError on validation error in constructor.
"""
- def has_ipv6(self):
- return socket.has_ipv6
-
def __init__(self, hostspec, separator=","):
"""
Parse host spec into binary structures to use for comparisons.
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/8e1d5cf9/tests/policy-1/policy-boardwalk.json
----------------------------------------------------------------------
diff --git a/tests/policy-1/policy-boardwalk.json b/tests/policy-1/policy-boardwalk.json
index 0961402..7759e86 100644
--- a/tests/policy-1/policy-boardwalk.json
+++ b/tests/policy-1/policy-boardwalk.json
@@ -57,7 +57,7 @@
},
"superuser": {
"users": "ellen",
- "remoteHosts": "127.0.0.1, ::1, 72.135.2.9",
+ "remoteHosts": "127.0.0.1, 72.135.2.9, ::1",
"maxFrameSize": 666666,
"maxMessageSize": 666666,
"maxSessionWindow": 666666,
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/8e1d5cf9/tests/policy-1/policy-boardwalk.json.in
----------------------------------------------------------------------
diff --git a/tests/policy-1/policy-boardwalk.json.in b/tests/policy-1/policy-boardwalk.json.in
new file mode 100644
index 0000000..3c9a57d
--- /dev/null
+++ b/tests/policy-1/policy-boardwalk.json.in
@@ -0,0 +1,88 @@
+##
+## Licensed to the Apache Software Foundation (ASF) under one
+## or more contributor license agreements. See the NOTICE file
+## distributed with this work for additional information
+## regarding copyright ownership. The ASF licenses this file
+## to you under the Apache License, Version 2.0 (the
+## "License"); you may not use this file except in compliance
+## with the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing,
+## software distributed under the License is distributed on an
+## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+## KIND, either express or implied. See the License for the
+## specific language governing permissions and limitations
+## under the License
+##
+
+[
+ # The boardwalk policy ruleset
+ ["vhost",
+ {
+ "id": "boardwalk",
+ "maxConnections": 10,
+ "maxConnectionsPerUser": 2,
+ "maxConnectionsPerHost": 5,
+ "allowUnknownUser": true,
+ "groups": {
+ "anonymous": {
+ "users": "anonymous",
+ "remoteHosts": "10.18.0.0-10.18.255.255, 10.48.0.0-10.48.255.255, 192.168.0.0-192.168.255.255",
+ "maxFrameSize": 111111,
+ "maxMessageSize": 111111,
+ "maxSessionWindow": 111111,
+ "maxSessions": 1,
+ "maxSenders": 11,
+ "maxReceivers": 11,
+ "allowDynamicSource": false,
+ "allowAnonymousSender": false,
+ "sources": "public",
+ "targets": ""
+ },
+ "users": {
+ "users": "u1, u2, u3",
+ "remoteHosts": "*",
+ "maxFrameSize": 222222,
+ "maxMessageSize": 222222,
+ "maxSessionWindow": 222222,
+ "maxSessions": 2,
+ "maxSenders": 22,
+ "maxReceivers": 22,
+ "allowDynamicSource": false,
+ "allowAnonymousSender": false,
+ "sources": "public, private",
+ "targets": "public"
+ },
+ "superuser": {
+ "users": "ellen",
+ "remoteHosts": "127.0.0.1, 72.135.2.9{IPV6_LOOPBACK}",
+ "maxFrameSize": 666666,
+ "maxMessageSize": 666666,
+ "maxSessionWindow": 666666,
+ "maxSessions": 6,
+ "maxSenders": 66,
+ "maxReceivers": 66,
+ "allowDynamicSource": false,
+ "allowAnonymousSender": false,
+ "sources": "public, private, management, root",
+ "targets": "public, private, management, root"
+ },
+ "$default": {
+ "remoteHosts": "*",
+ "maxFrameSize": 222222,
+ "maxMessageSize": 222222,
+ "maxSessionWindow": 222222,
+ "maxSessions": 2,
+ "maxSenders": 22,
+ "maxReceivers": 22,
+ "allowDynamicSource": false,
+ "allowAnonymousSender": false,
+ "sources": "public, private",
+ "targets": "public"
+ }
+ }
+ }
+ ]
+]
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/8e1d5cf9/tests/policy-1/policy-safari.json.in
----------------------------------------------------------------------
diff --git a/tests/policy-1/policy-safari.json.in b/tests/policy-1/policy-safari.json.in
new file mode 100644
index 0000000..4a93fae
--- /dev/null
+++ b/tests/policy-1/policy-safari.json.in
@@ -0,0 +1,87 @@
+##
+## Licensed to the Apache Software Foundation (ASF) under one
+## or more contributor license agreements. See the NOTICE file
+## distributed with this work for additional information
+## regarding copyright ownership. The ASF licenses this file
+## to you under the Apache License, Version 2.0 (the
+## "License"); you may not use this file except in compliance
+## with the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing,
+## software distributed under the License is distributed on an
+## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+## KIND, either express or implied. See the License for the
+## specific language governing permissions and limitations
+## under the License
+##
+[
+ # The safari policy ruleset
+ ["vhost",
+ {
+ "id": "safari",
+ "maxConnections": 10,
+ "maxConnectionsPerUser": 2,
+ "maxConnectionsPerHost": 5,
+ "allowUnknownUser": true,
+ "groups": {
+ "anonymous": {
+ "users": "anonymous",
+ "remoteHosts": "*",
+ "maxFrameSize": 111111,
+ "maxMessageSize": 111111,
+ "maxSessionWindow": 111111,
+ "maxSessions": 1,
+ "maxSenders": 11,
+ "maxReceivers": 11,
+ "allowDynamicSource": false,
+ "allowAnonymousSender": false,
+ "sources": "public",
+ "targets": ""
+ },
+ "clients": {
+ "users": "moja, mbili",
+ "remoteHosts": "72.135.2.9",
+ "maxFrameSize": 222222,
+ "maxMessageSize": 222222,
+ "maxSessionWindow": 222222,
+ "maxSessions": 2,
+ "maxSenders": 22,
+ "maxReceivers": 22,
+ "allowDynamicSource": false,
+ "allowAnonymousSender": false,
+ "sources": "public, private",
+ "targets": "public"
+ },
+ "guides": {
+ "users": "kata, hapa",
+ "remoteHosts": "72.135.2.9, 10.48.0.0-10.48.255.255, 192.168.0.0-192.168.255.255, 127.0.0.1{IPV6_LOOPBACK}",
+ "maxFrameSize": 666666,
+ "maxMessageSize": 666666,
+ "maxSessionWindow": 666666,
+ "maxSessions": 6,
+ "maxSenders": 66,
+ "maxReceivers": 66,
+ "allowDynamicSource": false,
+ "allowAnonymousSender": false,
+ "sources": "public, private, management, root",
+ "targets": "public, private, management, root"
+ },
+ "$default": {
+ "remoteHosts": "*",
+ "maxFrameSize": 222222,
+ "maxMessageSize": 222222,
+ "maxSessionWindow": 222222,
+ "maxSessions": 2,
+ "maxSenders": 22,
+ "maxReceivers": 22,
+ "allowDynamicSource": false,
+ "allowAnonymousSender": false,
+ "sources": "public, private",
+ "targets": "public"
+ }
+ }
+ }
+ ]
+]
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/8e1d5cf9/tests/router_policy_test.py
----------------------------------------------------------------------
diff --git a/tests/router_policy_test.py b/tests/router_policy_test.py
index 5b787a7..326f71e 100644
--- a/tests/router_policy_test.py
+++ b/tests/router_policy_test.py
@@ -19,12 +19,12 @@
import unittest
-from qpid_dispatch_internal.policy.policy_util import HostAddr
+from qpid_dispatch_internal.policy.policy_util import HostAddr, is_ipv6_enabled
from qpid_dispatch_internal.policy.policy_util import HostStruct
from qpid_dispatch_internal.policy.policy_util import PolicyError
from qpid_dispatch_internal.policy.policy_util import PolicyAppConnectionMgr
from qpid_dispatch_internal.policy.policy_local import PolicyLocal
-from system_test import TestCase, main_module, is_ipv6_enabled
+from system_test import TestCase, main_module
class PolicyHostAddrTest(TestCase):
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/8e1d5cf9/tests/system_test.py
----------------------------------------------------------------------
diff --git a/tests/system_test.py b/tests/system_test.py
index 7cee50a..ad55812 100755
--- a/tests/system_test.py
+++ b/tests/system_test.py
@@ -143,20 +143,6 @@ def get_local_host_socket(protocol_family='IPv4'):
return s, host
-def is_ipv6_enabled():
- """
- Returns true if IPV6 is enabled, false otherwise
- """
- sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
- ipv6_enabled = True
- try:
- sock.bind(('::1', 0))
- except Exception as e:
- if "socket.error" in str(type(e)):
- ipv6_enabled = False
-
- return ipv6_enabled
-
def port_available(port, protocol_family='IPv4'):
"""Return true if connecting to host:port gives 'connection refused'."""
s, host = get_local_host_socket(protocol_family)
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/8e1d5cf9/tests/system_tests_policy.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_policy.py b/tests/system_tests_policy.py
index e67beff..f90a496 100644
--- a/tests/system_tests_policy.py
+++ b/tests/system_tests_policy.py
@@ -23,6 +23,7 @@ from system_test import TestCase, Qdrouterd, main_module, Process, TIMEOUT, DIR
from subprocess import PIPE, STDOUT
from proton import ConnectionException
from proton.utils import BlockingConnection, LinkDetached
+from qpid_dispatch_internal.policy.policy_util import is_ipv6_enabled
class AbsoluteConnectionCountLimit(TestCase):
"""
@@ -78,7 +79,22 @@ class LoadPolicyFromFolder(TestCase):
def setUpClass(cls):
"""Start the router"""
super(LoadPolicyFromFolder, cls).setUpClass()
+
+ ipv6_enabled = is_ipv6_enabled()
+
policy_config_path = os.path.join(DIR, 'policy-1')
+ replacements = {'{IPV6_LOOPBACK}':', ::1'}
+ for f in os.listdir(policy_config_path):
+ if f.endswith(".json.in"):
+ with open(policy_config_path + "/" + f) as infile, open(policy_config_path+"/"+f[:-3], 'w') as outfile:
+ for line in infile:
+ for src, target in replacements.iteritems():
+ if ipv6_enabled:
+ line = line.replace(src, target)
+ else:
+ line = line.replace(src, '')
+ outfile.write(line)
+
config = Qdrouterd.Config([
('router', {'mode': 'standalone', 'id': 'QDR.Policy'}),
('listener', {'port': cls.tester.get_port()}),
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/8e1d5cf9/tests/system_tests_protocol_family.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_protocol_family.py b/tests/system_tests_protocol_family.py
index 9c0e9fe..f5990fd 100644
--- a/tests/system_tests_protocol_family.py
+++ b/tests/system_tests_protocol_family.py
@@ -20,7 +20,8 @@
import unittest
from time import sleep
from proton import Message
-from system_test import TestCase, Qdrouterd, main_module, is_ipv6_enabled
+from system_test import TestCase, Qdrouterd, main_module
+from qpid_dispatch_internal.policy.policy_util import is_ipv6_enabled
try:
from proton import MODIFIED
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org