You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ra...@apache.org on 2008/11/06 21:07:35 UTC
svn commit: r711957 - in /incubator/qpid/trunk/qpid/cpp/src:
qpid/acl/Acl.cpp qpid/acl/Acl.h qpid/acl/AclPlugin.cpp
qpid/broker/AclModule.h tests/run_acl_tests
Author: rajith
Date: Thu Nov 6 12:07:14 2008
New Revision: 711957
URL: http://svn.apache.org/viewvc?rev=711957&view=rev
Log:
Removed the --enforce-acl option. Instead if a policy file is specified acl will be enabled.
Also removed Route from the Object list and did a bit of code cleanup.
Modified:
incubator/qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp
incubator/qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h
incubator/qpid/trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp
incubator/qpid/trunk/qpid/cpp/src/qpid/broker/AclModule.h
incubator/qpid/trunk/qpid/cpp/src/tests/run_acl_tests
Modified: incubator/qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp
URL: http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp?rev=711957&r1=711956&r2=711957&view=diff
==============================================================================
--- incubator/qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp (original)
+++ incubator/qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp Thu Nov 6 12:07:14 2008
@@ -64,28 +64,26 @@
bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& name, std::map<Property, std::string>* params)
{
- if (!aclValues.enforce) return true;
boost::shared_ptr<AclData> dataLocal = data; //rcu copy
-
- // add real ACL check here...
+
+ // add real ACL check here...
AclResult aclreslt = dataLocal->lookup(id,action,objType,name,params);
-
-
- return result(aclreslt, id, action, objType, name);
+
+
+ return result(aclreslt, id, action, objType, name);
}
bool Acl::authorise(const std::string& id, const Action& action, const ObjectType& objType, const std::string& ExchangeName, const std::string& RoutingKey)
{
- if (!aclValues.enforce) return true;
boost::shared_ptr<AclData> dataLocal = data; //rcu copy
-
+
// only use dataLocal here...
- AclResult aclreslt = dataLocal->lookup(id,action,objType,ExchangeName,RoutingKey);
-
- return result(aclreslt, id, action, objType, ExchangeName);
+ AclResult aclreslt = dataLocal->lookup(id,action,objType,ExchangeName,RoutingKey);
+
+ return result(aclreslt, id, action, objType, ExchangeName);
}
-
+
bool Acl::result(const AclResult& aclreslt, const std::string& id, const Action& action, const ObjectType& objType, const std::string& name)
{
switch (aclreslt)
Modified: incubator/qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h
URL: http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h?rev=711957&r1=711956&r2=711957&view=diff
==============================================================================
--- incubator/qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h (original)
+++ incubator/qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h Thu Nov 6 12:07:14 2008
@@ -42,10 +42,7 @@
namespace acl {
struct AclValues {
- bool enforce;
- std::string aclFile;
-
- AclValues() {enforce = false; aclFile = "policy.acl"; }
+ std::string aclFile;
};
Modified: incubator/qpid/trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp
URL: http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp?rev=711957&r1=711956&r2=711957&view=diff
==============================================================================
--- incubator/qpid/trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp (original)
+++ incubator/qpid/trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp Thu Nov 6 12:07:14 2008
@@ -36,13 +36,11 @@
* New boost allows a shared_ptr but that's not compatible with old boost.
*/
struct AclOptions : public Options {
- AclValues& values;
+ AclValues& values;
AclOptions(AclValues& v) : Options("ACL Options"), values(v) {
addOptions()
- ("enforce-acl", optValue(values.enforce), "Enforce ACL")
- ("acl-file", optValue(values.aclFile, "FILE"), "The policy file to load from, loaded from data dir")
- ;
+ ("acl-file", optValue(values.aclFile, "FILE"), "The policy file to load from, loaded from data dir");
}
};
@@ -51,20 +49,22 @@
AclValues values;
AclOptions options;
boost::intrusive_ptr<Acl> acl;
-
+
AclPlugin() : options(values) {}
Options* getOptions() { return &options; }
void init(broker::Broker& b) {
- if (!values.enforce){
- QPID_LOG(info, "ACL Disabled, no ACL checking being done.");
- return;
- }
- if (acl) throw Exception("ACL plugin cannot be initialized twice in one process.");
+ if (values.aclFile.empty()){
+ QPID_LOG(info, "Policy file not specified. ACL Disabled, no ACL checking being done!");
+ return;
+ }
+
+ if (acl) throw Exception("ACL plugin cannot be initialized twice in one process.");
std::ostringstream oss;
oss << b.getDataDir().getPath() << "/" << values.aclFile;
values.aclFile = oss.str();
+
acl = new Acl(values, b);
b.setAcl(acl.get());
b.addFinalizer(boost::bind(&AclPlugin::shutdown, this));
Modified: incubator/qpid/trunk/qpid/cpp/src/qpid/broker/AclModule.h
URL: http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/cpp/src/qpid/broker/AclModule.h?rev=711957&r1=711956&r2=711957&view=diff
==============================================================================
--- incubator/qpid/trunk/qpid/cpp/src/qpid/broker/AclModule.h (original)
+++ incubator/qpid/trunk/qpid/cpp/src/qpid/broker/AclModule.h Thu Nov 6 12:07:14 2008
@@ -33,7 +33,7 @@
namespace acl {
-enum ObjectType {OBJ_QUEUE, OBJ_EXCHANGE, OBJ_BROKER, OBJ_LINK, OBJ_ROUTE,
+enum ObjectType {OBJ_QUEUE, OBJ_EXCHANGE, OBJ_BROKER, OBJ_LINK,
OBJ_METHOD, OBJECTSIZE}; // OBJECTSIZE must be last in list
enum Action {ACT_CONSUME, ACT_PUBLISH, ACT_CREATE, ACT_ACCESS, ACT_BIND,
ACT_UNBIND, ACT_DELETE, ACT_PURGE, ACT_UPDATE,
@@ -79,7 +79,6 @@
if (str.compare("exchange") == 0) return OBJ_EXCHANGE;
if (str.compare("broker") == 0) return OBJ_BROKER;
if (str.compare("link") == 0) return OBJ_LINK;
- if (str.compare("route") == 0) return OBJ_ROUTE;
if (str.compare("method") == 0) return OBJ_METHOD;
throw str;
}
@@ -89,7 +88,6 @@
case OBJ_EXCHANGE: return "exchange";
case OBJ_BROKER: return "broker";
case OBJ_LINK: return "link";
- case OBJ_ROUTE: return "route";
case OBJ_METHOD: return "method";
default: assert(false); // should never get here
}
@@ -237,16 +235,8 @@
actionMapPtr a2(new actionMap);
a2->insert(actionPair(ACT_CREATE, p0));
-
- map->insert(objectPair(OBJ_LINK, a2));
-
- // == Route ==
- actionMapPtr a3(new actionMap);
- a3->insert(actionPair(ACT_CREATE, p0));
- a3->insert(actionPair(ACT_DELETE, p0));
-
- map->insert(objectPair(OBJ_ROUTE, a3));
+ map->insert(objectPair(OBJ_LINK, a2));
// == Method ==
Modified: incubator/qpid/trunk/qpid/cpp/src/tests/run_acl_tests
URL: http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/cpp/src/tests/run_acl_tests?rev=711957&r1=711956&r2=711957&view=diff
==============================================================================
--- incubator/qpid/trunk/qpid/cpp/src/tests/run_acl_tests (original)
+++ incubator/qpid/trunk/qpid/cpp/src/tests/run_acl_tests Thu Nov 6 12:07:14 2008
@@ -7,7 +7,7 @@
trap stop_brokers INT TERM QUIT
start_brokers() {
- ../qpidd --daemon --port 0 --no-module-dir --data-dir $DATA_DIR --load-module ../.libs/acl.so --enforce-acl --auth no > qpidd.port
+ ../qpidd --daemon --port 0 --no-module-dir --data-dir $DATA_DIR --load-module ../.libs/acl.so --acl-file policy.acl --auth no > qpidd.port
LOCAL_PORT=`cat qpidd.port`
}