You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ch...@apache.org on 2012/08/10 19:19:51 UTC
svn commit: r1371772 - in /qpid/trunk/qpid/cpp/src/qpid: acl/Acl.cpp
acl/Acl.h acl/AclConnectionCounter.cpp acl/AclConnectionCounter.h
broker/AclModule.h broker/Connection.cpp
Author: chug
Date: Fri Aug 10 17:19:51 2012
New Revision: 1371772
URL: http://svn.apache.org/viewvc?rev=1371772&view=rev
Log:
QPID-4142 C++ Broker connection counting gets usernames confused
when various auth mechanism are used. The issue is that the connection's
userId is changed as the auth progresses. Also, the shadowed connections
change differently from the non-shadowed connections.
Modified:
qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp
qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h
qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp
qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h
qpid/trunk/qpid/cpp/src/qpid/broker/AclModule.h
qpid/trunk/qpid/cpp/src/qpid/broker/Connection.cpp
Modified: qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp?rev=1371772&r1=1371771&r2=1371772&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp Fri Aug 10 17:19:51 2012
@@ -129,6 +129,13 @@ bool Acl::approveConnection(const qpid::
return connectionCounter->approveConnection(conn);
}
+
+void Acl::setUserId(const qpid::broker::Connection& connection, const std::string& username)
+{
+ connectionCounter->setUserId(connection, username);
+}
+
+
bool Acl::result(
const AclResult& aclreslt,
const std::string& id,
Modified: qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h?rev=1371772&r1=1371771&r2=1371772&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h Fri Aug 10 17:19:51 2012
@@ -94,6 +94,8 @@ public:
virtual bool approveConnection(const broker::Connection& connection);
+ virtual void setUserId(const broker::Connection& connection, const std::string& username);
+
virtual ~Acl();
private:
bool result(
Modified: qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp?rev=1371772&r1=1371771&r2=1371772&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp Fri Aug 10 17:19:51 2012
@@ -296,6 +296,47 @@ bool ConnectionCounter::approveConnectio
}
}
+
+//
+// setUserId
+// On cluster shadow connections, track a new user id for this connection.
+//
+void ConnectionCounter::setUserId(const broker::Connection& connection,
+ const std::string& username)
+{
+ Mutex::ScopedLock locker(dataLock);
+
+ connectCountsMap_t::iterator eRef = connectProgressMap.find(connection.getMgmtId());
+ if (eRef != connectProgressMap.end()) {
+ if ((*eRef).second == C_OPENED){
+ // Connection has been opened so that current user has been counted
+ if (connection.isShadow()) {
+ // This is a shadow connection and therefore receives userId changes
+ QPID_LOG(debug, "Changing User ID for cluster connection: "
+ << connection.getMgmtId() << ", old user:'" << connection.getUserId()
+ << "', new user:'" << username << "'");
+
+ // Decrement user in-use count for old userId
+ releaseLH(connectByNameMap,
+ connection.getUserId(),
+ nameLimit);
+ // Increment user in-use count for new userId
+ (void) countConnectionLH(connectByNameMap, username, nameLimit, false);
+ } else {
+ QPID_LOG(warning, "Changing User ID for non-cluster connections is not supported: "
+ << connection.getMgmtId() << ", old user " << connection.getUserId()
+ << ", new user " << username);
+ }
+ } else {
+ // connection exists but has not been opened.
+ // setUserId is called in normal course. The user gets counted when connection is opened.
+ }
+ } else {
+ // Connection does not exist.
+ }
+}
+
+
//
// getClientIp - given a connection's mgmtId return the client host part.
//
Modified: qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h?rev=1371772&r1=1371771&r2=1371772&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h Fri Aug 10 17:19:51 2012
@@ -94,6 +94,7 @@ public:
// Connection counting
bool approveConnection(const broker::Connection& conn);
+ void setUserId(const broker::Connection& connection, const std::string& username);
};
}} // namespace qpid::ha
Modified: qpid/trunk/qpid/cpp/src/qpid/broker/AclModule.h
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/broker/AclModule.h?rev=1371772&r1=1371771&r2=1371772&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/broker/AclModule.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/broker/AclModule.h Fri Aug 10 17:19:51 2012
@@ -145,6 +145,10 @@ namespace broker {
*/
virtual bool approveConnection (const Connection& connection)=0;
+ /** Change connection's counted userId
+ */
+ virtual void setUserId(const Connection& connection, const std::string& username)=0;
+
virtual ~AclModule() {};
};
} // namespace broker
Modified: qpid/trunk/qpid/cpp/src/qpid/broker/Connection.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/broker/Connection.cpp?rev=1371772&r1=1371771&r2=1371772&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/broker/Connection.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/broker/Connection.cpp Fri Aug 10 17:19:51 2012
@@ -25,6 +25,7 @@
#include "qpid/broker/Bridge.h"
#include "qpid/broker/Broker.h"
#include "qpid/broker/Queue.h"
+#include "qpid/broker/AclModule.h"
#include "qpid/sys/SecuritySettings.h"
#include "qpid/sys/ClusterSafe.h"
@@ -278,6 +279,13 @@ void Connection::notifyConnectionForced(
void Connection::setUserId(const string& userId)
{
+ // Account for changing userId
+ AclModule* acl = broker.getAcl();
+ if (acl)
+ {
+ acl->setUserId(*this, userId);
+ }
+
ConnectionState::setUserId(userId);
// In a cluster, the cluster code will raise the connect event
// when the connection is replicated to the cluster.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org