You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ra...@apache.org on 2009/01/07 21:24:42 UTC
svn commit: r732466 - in /qpid/trunk/qpid/cpp/src: qpid/acl/AclReader.cpp
qpid/acl/AclReader.h tests/acl.py
Author: rajith
Date: Wed Jan 7 12:24:42 2009
New Revision: 732466
URL: http://svn.apache.org/viewvc?rev=732466&view=rev
Log:
This is related to QPID-1558.
The test case test_group_and_user_with_same_name covers the error condition in QPID-1545
Modified:
qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.cpp
qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.h
qpid/trunk/qpid/cpp/src/tests/acl.py
Modified: qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.cpp?rev=732466&r1=732465&r2=732466&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.cpp Wed Jan 7 12:24:42 2009
@@ -312,6 +312,7 @@
errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Name \"" << toks[i] << "\" contains illegal characters.";
return false;
}
+ if (!isValidUserName(toks[i])) return false;
addName(toks[i], citr->second);
}
} else {
@@ -330,6 +331,7 @@
errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Name \"" << toks[i] << "\" contains illegal characters.";
return false;
}
+ if (!isValidUserName(toks[i])) return false;
addName(toks[i], citr->second);
}
}
@@ -508,4 +510,14 @@
return nvPair(nvpString.substr(0, pos), nvpString.substr(pos+1));
}
+// Returns true if a username has the name@realm format
+bool AclReader::isValidUserName(const std::string& name){
+ size_t pos = name.find('@');
+ if ( pos == std::string::npos || pos == name.length() -1){
+ errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Username '" << name << "' must contain a realm";
+ return false;
+ }
+ return true;
+}
+
}} // namespace qpid::acl
Modified: qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.h
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.h?rev=732466&r1=732465&r2=732466&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/AclReader.h Wed Jan 7 12:24:42 2009
@@ -107,11 +107,12 @@
bool processAclLine(tokList& toks);
void printRules() const; // debug aid
-
+ bool isValidUserName(const std::string& name);
+
static bool checkName(const std::string& name);
static nvPair splitNameValuePair(const std::string& nvpString);
};
-
+
}} // namespace qpid::acl
#endif // QPID_ACL_ACLREADER_H
Modified: qpid/trunk/qpid/cpp/src/tests/acl.py
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/tests/acl.py?rev=732466&r1=732465&r2=732466&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/tests/acl.py (original)
+++ qpid/trunk/qpid/cpp/src/tests/acl.py Wed Jan 7 12:24:42 2009
@@ -132,7 +132,35 @@
except qpid.session.SessionException, e:
self.assertEqual(530,e.args[0].error_code)
-
+
+ def test_group_and_user_with_same_name(self):
+ """
+ Test a group and user with same name
+ Ex. group admin admin
+ """
+ aclf = ACLFile()
+ aclf.write('group bob@QPID bob@QPID\n')
+ aclf.write('acl deny bob@QPID bind exchange\n')
+ aclf.write('acl allow all all')
+ aclf.close()
+
+ self.reload_acl()
+
+ session = get_session('bob','bob')
+ try:
+ session.queue_declare(queue="allow_queue")
+ except qpid.session.SessionException, e:
+ if (530 == e.args[0].error_code):
+ self.fail("ACL should allow queue create request");
+ self.fail("Error during queue create request");
+
+ try:
+ session.exchange_bind(exchange="amq.direct", queue="allow_queue", binding_key="routing_key")
+ self.fail("ACL should deny queue bind request");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+
+
#=====================================
# ACL file format tests
#=====================================
@@ -180,7 +208,21 @@
if (result.text.find("contains illegal characters",0,len(result.text)) == -1):
self.fail(result)
-
+ def test_user_without_realm(self):
+ """
+ Test a user defined without a realm
+ Ex. group admin rajith
+ """
+ aclf = ACLFile()
+ aclf.write('group admin bob\n')
+ aclf.write('acl deny admin bind exchange\n')
+ aclf.write('acl allow all all')
+ aclf.close()
+
+ result = self.reload_acl()
+ if (result.text.find("Username 'bob' must contain a realm",0,len(result.text)) == -1):
+ self.fail(result)
+
#=====================================
# ACL queue tests