You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by tr...@apache.org on 2016/05/02 23:54:32 UTC
qpid-dispatch git commit: DISPATCH-303 - Block all remote access to
the "console" entity.
Repository: qpid-dispatch
Updated Branches:
refs/heads/master 9dede38ce -> 52979637c
DISPATCH-303 - Block all remote access to the "console" entity.
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/52979637
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/52979637
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/52979637
Branch: refs/heads/master
Commit: 52979637c8f9a4c6b07d704364bdba629b5a83f9
Parents: 9dede38
Author: Ted Ross <tr...@redhat.com>
Authored: Mon May 2 17:53:53 2016 -0400
Committer: Ted Ross <tr...@redhat.com>
Committed: Mon May 2 17:53:53 2016 -0400
----------------------------------------------------------------------
include/qpid/dispatch/amqp.h | 1 +
include/qpid/dispatch/router_core.h | 3 ++-
src/amqp.c | 1 +
src/router_core/agent.c | 17 +++++++++++++++++
src/router_core/management_agent.c | 5 ++++-
5 files changed, 25 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/52979637/include/qpid/dispatch/amqp.h
----------------------------------------------------------------------
diff --git a/include/qpid/dispatch/amqp.h b/include/qpid/dispatch/amqp.h
index 99daf50..774a431 100644
--- a/include/qpid/dispatch/amqp.h
+++ b/include/qpid/dispatch/amqp.h
@@ -129,6 +129,7 @@ typedef struct qd_amqp_error_t { int status; const char* description; } qd_amqp_
extern const qd_amqp_error_t QD_AMQP_OK;
extern const qd_amqp_error_t QD_AMQP_CREATED;
extern const qd_amqp_error_t QD_AMQP_NO_CONTENT;
+extern const qd_amqp_error_t QD_AMQP_FORBIDDEN;
extern const qd_amqp_error_t QD_AMQP_BAD_REQUEST;
extern const qd_amqp_error_t QD_AMQP_NOT_FOUND;
extern const qd_amqp_error_t QD_AMQP_NOT_IMPLEMENTED;
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/52979637/include/qpid/dispatch/router_core.h
----------------------------------------------------------------------
diff --git a/include/qpid/dispatch/router_core.h b/include/qpid/dispatch/router_core.h
index 6784b67..4d9b7c6 100644
--- a/include/qpid/dispatch/router_core.h
+++ b/include/qpid/dispatch/router_core.h
@@ -570,7 +570,8 @@ typedef enum {
QD_ROUTER_LINK,
QD_ROUTER_ADDRESS,
QD_ROUTER_EXCHANGE,
- QD_ROUTER_BINDING
+ QD_ROUTER_BINDING,
+ QD_ROUTER_FORBIDDEN
} qd_router_entity_type_t;
typedef struct qdr_query_t qdr_query_t;
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/52979637/src/amqp.c
----------------------------------------------------------------------
diff --git a/src/amqp.c b/src/amqp.c
index d3b02f2..4602fe3 100644
--- a/src/amqp.c
+++ b/src/amqp.c
@@ -40,5 +40,6 @@ const qd_amqp_error_t QD_AMQP_OK = { 200, "OK" };
const qd_amqp_error_t QD_AMQP_CREATED = { 201, "Created" };
const qd_amqp_error_t QD_AMQP_NO_CONTENT = { 204, "No Content" }; // This is the response code if the delete of a manageable entity was successful.
const qd_amqp_error_t QD_AMQP_BAD_REQUEST = { 400, "Bad Request" };
+const qd_amqp_error_t QD_AMQP_FORBIDDEN = { 403, "Forbidden" };
const qd_amqp_error_t QD_AMQP_NOT_FOUND = { 404, "Not Found" };
const qd_amqp_error_t QD_AMQP_NOT_IMPLEMENTED = { 501, "Not Implemented"};
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/52979637/src/router_core/agent.c
----------------------------------------------------------------------
diff --git a/src/router_core/agent.c b/src/router_core/agent.c
index 0573243..401d4ae 100644
--- a/src/router_core/agent.c
+++ b/src/router_core/agent.c
@@ -188,6 +188,7 @@ qdr_query_t *qdr_manage_query(qdr_core_t *core,
case QD_ROUTER_CONNECTION: break;
case QD_ROUTER_LINK: qdr_agent_set_columns(query, attribute_names, qdr_link_columns, QDR_LINK_COLUMN_COUNT); break;
case QD_ROUTER_ADDRESS: qdr_agent_set_columns(query, attribute_names, qdr_address_columns, QDR_ADDRESS_COLUMN_COUNT); break;
+ case QD_ROUTER_FORBIDDEN: break;
case QD_ROUTER_EXCHANGE: break;
case QD_ROUTER_BINDING: break;
}
@@ -205,6 +206,7 @@ void qdr_query_add_attribute_names(qdr_query_t *query)
case QD_ROUTER_CONNECTION: break;
case QD_ROUTER_LINK: qdr_agent_emit_columns(query, qdr_link_columns, QDR_LINK_COLUMN_COUNT); break;
case QD_ROUTER_ADDRESS: qdr_agent_emit_columns(query, qdr_address_columns, QDR_ADDRESS_COLUMN_COUNT); break;
+ case QD_ROUTER_FORBIDDEN: qd_compose_empty_list(query->body); break;
case QD_ROUTER_EXCHANGE: break;
case QD_ROUTER_BINDING: break;
}
@@ -317,6 +319,15 @@ void qdr_agent_setup_CT(qdr_core_t *core)
}
+static void qdr_agent_forbidden(qdr_core_t *core, qdr_query_t *query, bool op_query)
+{
+ query->status = QD_AMQP_FORBIDDEN;
+ if (query->body && !op_query)
+ qd_compose_insert_null(query->body);
+ qdr_agent_enqueue_response_CT(core, query);
+}
+
+
static void qdr_manage_read_CT(qdr_core_t *core, qdr_action_t *action, bool discard)
{
qd_field_iterator_t *identity = action->args.agent.identity;
@@ -330,6 +341,7 @@ static void qdr_manage_read_CT(qdr_core_t *core, qdr_action_t *action, bool disc
case QD_ROUTER_CONNECTION: break;
case QD_ROUTER_LINK: break;
case QD_ROUTER_ADDRESS: qdra_address_get_CT(core, name, identity, query, qdr_address_columns); break;
+ case QD_ROUTER_FORBIDDEN: qdr_agent_forbidden(core, query, false); break;
case QD_ROUTER_EXCHANGE: break;
case QD_ROUTER_BINDING: break;
}
@@ -349,6 +361,7 @@ static void qdr_manage_create_CT(qdr_core_t *core, qdr_action_t *action, bool di
case QD_ROUTER_CONNECTION: break;
case QD_ROUTER_LINK: break;
case QD_ROUTER_ADDRESS: break;
+ case QD_ROUTER_FORBIDDEN: qdr_agent_forbidden(core, query, false); break;
case QD_ROUTER_EXCHANGE: break;
case QD_ROUTER_BINDING: break;
@@ -371,6 +384,7 @@ static void qdr_manage_delete_CT(qdr_core_t *core, qdr_action_t *action, bool di
case QD_ROUTER_CONNECTION: break;
case QD_ROUTER_LINK: break;
case QD_ROUTER_ADDRESS: break;
+ case QD_ROUTER_FORBIDDEN: qdr_agent_forbidden(core, query, false); break;
case QD_ROUTER_EXCHANGE: break;
case QD_ROUTER_BINDING: break;
}
@@ -390,6 +404,7 @@ static void qdr_manage_update_CT(qdr_core_t *core, qdr_action_t *action, bool di
case QD_ROUTER_CONNECTION: break;
case QD_ROUTER_LINK: qdra_link_update_CT(core, name, identity, query, in_body); break;
case QD_ROUTER_ADDRESS: break;
+ case QD_ROUTER_FORBIDDEN: qdr_agent_forbidden(core, query, false); break;
case QD_ROUTER_EXCHANGE: break;
case QD_ROUTER_BINDING: break;
}
@@ -413,6 +428,7 @@ static void qdrh_query_get_first_CT(qdr_core_t *core, qdr_action_t *action, bool
case QD_ROUTER_CONNECTION: break;
case QD_ROUTER_LINK: qdra_link_get_first_CT(core, query, offset); break;
case QD_ROUTER_ADDRESS: qdra_address_get_first_CT(core, query, offset); break;
+ case QD_ROUTER_FORBIDDEN: qdr_agent_forbidden(core, query, true); break;
case QD_ROUTER_EXCHANGE: break;
case QD_ROUTER_BINDING: break;
}
@@ -432,6 +448,7 @@ static void qdrh_query_get_next_CT(qdr_core_t *core, qdr_action_t *action, bool
case QD_ROUTER_CONNECTION: break;
case QD_ROUTER_LINK: qdra_link_get_next_CT(core, query); break;
case QD_ROUTER_ADDRESS: qdra_address_get_next_CT(core, query); break;
+ case QD_ROUTER_FORBIDDEN: break;
case QD_ROUTER_EXCHANGE: break;
case QD_ROUTER_BINDING: break;
}
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/52979637/src/router_core/management_agent.c
----------------------------------------------------------------------
diff --git a/src/router_core/management_agent.c b/src/router_core/management_agent.c
index 0eef56a..419ab91 100644
--- a/src/router_core/management_agent.c
+++ b/src/router_core/management_agent.c
@@ -45,6 +45,7 @@ const unsigned char *link_route_entity_type = (unsigned char*) "org.apache.q
const unsigned char *auto_link_entity_type = (unsigned char*) "org.apache.qpid.dispatch.router.config.autoLink";
const unsigned char *address_entity_type = (unsigned char*) "org.apache.qpid.dispatch.router.address";
const unsigned char *link_entity_type = (unsigned char*) "org.apache.qpid.dispatch.router.link";
+const unsigned char *console_entity_type = (unsigned char*) "org.apache.qpid.dispatch.console";
const char * const status_description = "statusDescription";
const char * const correlation_id = "correlation-id";
@@ -241,7 +242,7 @@ static void qd_core_agent_query_handler(qdr_core_t *core,
ctx->query = qdr_manage_query(core, ctx, entity_type, attribute_names_parsed_field, field);
//Add the attribute names
- qdr_query_add_attribute_names(ctx->query); //this adds adds a list of attribute names like ["attribute1", "attribute2", "attribute3", "attribute4",]
+ qdr_query_add_attribute_names(ctx->query); //this adds a list of attribute names like ["attribute1", "attribute2", "attribute3", "attribute4",]
qd_compose_insert_string(field, results); //add a "results" key
qd_compose_start_list(field); //start the list for results
@@ -397,6 +398,8 @@ static bool qd_can_handle_request(qd_parsed_field_t *properties_fld,
*entity_type = QD_ROUTER_CONFIG_LINK_ROUTE;
else if (qd_field_iterator_equal(qd_parse_raw(parsed_field), auto_link_entity_type))
*entity_type = QD_ROUTER_CONFIG_AUTO_LINK;
+ else if (qd_field_iterator_equal(qd_parse_raw(parsed_field), console_entity_type))
+ *entity_type = QD_ROUTER_FORBIDDEN;
else
return false;
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org