You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ra...@apache.org on 2009/01/07 21:24:42 UTC

svn commit: r732466 - in /qpid/trunk/qpid/cpp/src: qpid/acl/AclReader.cpp qpid/acl/AclReader.h tests/acl.py

Author: rajith
Date: Wed Jan  7 12:24:42 2009
New Revision: 732466

URL: http://svn.apache.org/viewvc?rev=732466&view=rev
Log:
This is related to QPID-1558.
The test case test_group_and_user_with_same_name covers the error condition in QPID-1545

Modified:
    qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.cpp
    qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.h
    qpid/trunk/qpid/cpp/src/tests/acl.py

Modified: qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.cpp?rev=732466&r1=732465&r2=732466&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.cpp Wed Jan  7 12:24:42 2009
@@ -312,6 +312,7 @@
                 errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Name \"" << toks[i] << "\" contains illegal characters.";
                 return false;
             }
+            if (!isValidUserName(toks[i])) return false;
             addName(toks[i], citr->second);
         }
     } else {
@@ -330,6 +331,7 @@
                 errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Name \"" << toks[i] << "\" contains illegal characters.";
                 return false;
             }
+            if (!isValidUserName(toks[i])) return false;
             addName(toks[i], citr->second);
         }
     }
@@ -508,4 +510,14 @@
     return nvPair(nvpString.substr(0, pos), nvpString.substr(pos+1));
 }
 
+// Returns true if a username has the name@realm format
+bool AclReader::isValidUserName(const std::string& name){
+	size_t pos = name.find('@');
+	if ( pos == std::string::npos || pos == name.length() -1){
+		errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Username '" << name << "' must contain a realm";
+		return false;
+	}
+	return true;
+}
+
 }} // namespace qpid::acl

Modified: qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.h
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.h?rev=732466&r1=732465&r2=732466&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.h Wed Jan  7 12:24:42 2009
@@ -107,11 +107,12 @@
 
     bool processAclLine(tokList& toks);
     void printRules() const; // debug aid
-    
+    bool isValidUserName(const std::string& name);
+
     static bool checkName(const std::string& name);
     static nvPair splitNameValuePair(const std::string& nvpString);
 };
-    
+
 }} // namespace qpid::acl
 
 #endif // QPID_ACL_ACLREADER_H

Modified: qpid/trunk/qpid/cpp/src/tests/acl.py
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/tests/acl.py?rev=732466&r1=732465&r2=732466&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/tests/acl.py (original)
+++ qpid/trunk/qpid/cpp/src/tests/acl.py Wed Jan  7 12:24:42 2009
@@ -132,7 +132,35 @@
         except qpid.session.SessionException, e:
             self.assertEqual(530,e.args[0].error_code)                
         
-        
+
+    def test_group_and_user_with_same_name(self):
+        """
+        Test a group and user with same name
+        Ex. group admin admin 
+        """
+        aclf = ACLFile()
+        aclf.write('group bob@QPID bob@QPID\n')
+        aclf.write('acl deny bob@QPID bind exchange\n')
+        aclf.write('acl allow all all')
+        aclf.close()
+
+        self.reload_acl()
+
+        session = get_session('bob','bob')
+        try:
+            session.queue_declare(queue="allow_queue")
+        except qpid.session.SessionException, e:
+            if (530 == e.args[0].error_code):
+                self.fail("ACL should allow queue create request");
+            self.fail("Error during queue create request");
+
+        try:
+            session.exchange_bind(exchange="amq.direct", queue="allow_queue", binding_key="routing_key")
+            self.fail("ACL should deny queue bind request");
+        except qpid.session.SessionException, e:
+            self.assertEqual(530,e.args[0].error_code)
+       
+ 
    #=====================================
    # ACL file format tests
    #=====================================     
@@ -180,7 +208,21 @@
         if (result.text.find("contains illegal characters",0,len(result.text)) == -1):
             self.fail(result)
 
-            
+    def test_user_without_realm(self):
+        """
+        Test a user defined without a realm
+        Ex. group admin rajith
+        """
+        aclf = ACLFile()
+        aclf.write('group admin bob\n')
+        aclf.write('acl deny admin bind exchange\n')
+        aclf.write('acl allow all all')
+        aclf.close()
+         
+        result = self.reload_acl()
+        if (result.text.find("Username 'bob' must contain a realm",0,len(result.text)) == -1):
+            self.fail(result)
+
         
    #=====================================
    # ACL queue tests