You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by gm...@apache.org on 2018/06/13 18:40:13 UTC
qpid-dispatch git commit: DISPATCH-976 - Fixed issue with policy
validation of allowed addresses
Repository: qpid-dispatch
Updated Branches:
refs/heads/master 0682ec695 -> e6864f63e
DISPATCH-976 - Fixed issue with policy validation of allowed addresses
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/e6864f63
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/e6864f63
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/e6864f63
Branch: refs/heads/master
Commit: e6864f63e7086b1fee0063ff22803cae1fc14a35
Parents: 0682ec6
Author: Fernando Giorgetti <fg...@redhat.com>
Authored: Tue Jun 12 22:57:17 2018 -0300
Committer: Ganesh Murthy <gm...@redhat.com>
Committed: Wed Jun 13 14:29:59 2018 -0400
----------------------------------------------------------------------
src/policy.c | 15 +++------------
1 file changed, 3 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/e6864f63/src/policy.c
----------------------------------------------------------------------
diff --git a/src/policy.c b/src/policy.c
index 33bd709..ec76267 100644
--- a/src/policy.c
+++ b/src/policy.c
@@ -729,12 +729,6 @@ bool _qd_policy_approve_link_name_tree(const char *username, const char *allowed
return false;
}
- // Regardless of how many rule clauses are specified only three match
- // patterns must be checked: no user subst, prefix subst, and suffix subst.
- bool need_check_nosubst = true;
- bool need_check_prefix = true;
- bool need_check_suffix = true;
-
size_t username_len = strlen(username);
size_t usersubst_len = strlen(user_subst_key);
@@ -797,14 +791,12 @@ bool _qd_policy_approve_link_name_tree(const char *username, const char *allowed
// From the rule clause construct what the rule is allowing
// given the user name associated with this request.
- if (*pChar == *user_subst_i_absent && need_check_nosubst) {
- need_check_nosubst = false;
+ if (*pChar == *user_subst_i_absent) {
// Substitution spec is absent. The search string is the literal
// S1 in the rule.
snprintf(pName, sName, "%s", proposed);
}
- else if (*pChar == *user_subst_i_prefix && need_check_prefix) {
- need_check_prefix = false;
+ else if (*pChar == *user_subst_i_prefix) {
// Substitution spec is prefix.
if (strncmp(proposed, username, username_len) != 0)
continue; // Denied. Proposed does not have username prefix.
@@ -823,8 +815,7 @@ bool _qd_policy_approve_link_name_tree(const char *username, const char *allowed
else if (*pChar == *user_subst_i_embed) {
assert(false); // not supported
}
- else if (*pChar == *user_subst_i_suffix && need_check_suffix) {
- need_check_suffix = false;
+ else if (*pChar == *user_subst_i_suffix) {
// Check that link name has username suffix
if (username_len > proposed_len) {
continue; // denied. proposed name is too short to hold username
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org