You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@qpid.apache.org by gs...@apache.org on 2018/10/18 21:36:36 UTC

[1/2] qpid-dispatch git commit: DISPATCH-1148: set version in open frames sent to auth service

Repository: qpid-dispatch
Updated Branches:
  refs/heads/master 40de39316 -> 7baa254aa


DISPATCH-1148: set version in open frames sent to auth service


Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/b4385f9e
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/b4385f9e
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/b4385f9e

Branch: refs/heads/master
Commit: b4385f9e79ac981fdd2d1faf1d9b0588661da0b2
Parents: 40de393
Author: Gordon Sim <gs...@redhat.com>
Authored: Thu Oct 18 21:49:00 2018 +0100
Committer: Gordon Sim <gs...@redhat.com>
Committed: Thu Oct 18 21:58:18 2018 +0100

----------------------------------------------------------------------
 src/remote_sasl.c | 9 +++++++++
 1 file changed, 9 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b4385f9e/src/remote_sasl.c
----------------------------------------------------------------------
diff --git a/src/remote_sasl.c b/src/remote_sasl.c
index ae32936..edd76f1 100644
--- a/src/remote_sasl.c
+++ b/src/remote_sasl.c
@@ -201,6 +201,15 @@ static bool remote_sasl_init_server(pn_transport_t* transport)
         pn_data_put_symbol(data, pn_bytes(13, "ADDRESS-AUTHZ"));
         pn_data_exit(data);
 
+        data = pn_connection_properties(impl->downstream);
+        pn_data_put_map(data);
+        pn_data_enter(data);
+        pn_data_put_symbol(data, pn_bytes(strlen(QD_CONNECTION_PROPERTY_PRODUCT_KEY), QD_CONNECTION_PROPERTY_PRODUCT_KEY));
+        pn_data_put_string(data, pn_bytes(strlen(QD_CONNECTION_PROPERTY_PRODUCT_VALUE), QD_CONNECTION_PROPERTY_PRODUCT_VALUE));
+        pn_data_put_symbol(data, pn_bytes(strlen(QD_CONNECTION_PROPERTY_VERSION_KEY), QD_CONNECTION_PROPERTY_VERSION_KEY));
+        pn_data_put_string(data, pn_bytes(strlen(QPID_DISPATCH_VERSION), QPID_DISPATCH_VERSION));
+        pn_data_exit(data);
+
         pn_proactor_connect(proactor, impl->downstream, impl->authentication_service_address);
         return true;
     } else {


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org

[2/2] qpid-dispatch git commit: DISPATCH-1149: allow authz plugin to override conf file policy

Posted by gs...@apache.org.

DISPATCH-1149: allow authz plugin to override conf file policy


Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/7baa254a
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/7baa254a
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/7baa254a

Branch: refs/heads/master
Commit: 7baa254aafb5699004d87587bd385f2df776bed3
Parents: b4385f9
Author: Gordon Sim <gs...@redhat.com>
Authored: Thu Oct 18 22:35:45 2018 +0100
Committer: Gordon Sim <gs...@redhat.com>
Committed: Thu Oct 18 22:35:45 2018 +0100

----------------------------------------------------------------------
 src/policy.c                               | 16 ++++++++++----
 tests/policy-authz/default.json            | 29 +++++++++++++++++++++++++
 tests/system_tests_authz_service_plugin.py |  3 +++
 3 files changed, 44 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/7baa254a/src/policy.c
----------------------------------------------------------------------
diff --git a/src/policy.c b/src/policy.c
index 6556d3d..2b03b73 100644
--- a/src/policy.c
+++ b/src/policy.c
@@ -430,11 +430,19 @@ bool qd_policy_open_lookup_user(
                     settings->maxSessions          = qd_entity_opt_long((qd_entity_t*)upolicy, "maxSessions", 0);
                     settings->maxSenders           = qd_entity_opt_long((qd_entity_t*)upolicy, "maxSenders", 0);
                     settings->maxReceivers         = qd_entity_opt_long((qd_entity_t*)upolicy, "maxReceivers", 0);
-                    settings->allowAnonymousSender = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowAnonymousSender", false);
-                    settings->allowDynamicSource   = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowDynamicSource", false);
+                    if (!settings->allowAnonymousSender) { //don't override if enabled by authz plugin
+                        settings->allowAnonymousSender = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowAnonymousSender", false);
+                    }
+                    if (!settings->allowDynamicSource) { //don't override if enabled by authz plugin
+                        settings->allowDynamicSource   = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowDynamicSource", false);
+                    }
                     settings->allowUserIdProxy     = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowUserIdProxy", false);
-                    settings->sources              = qd_entity_get_string((qd_entity_t*)upolicy, "sources");
-                    settings->targets              = qd_entity_get_string((qd_entity_t*)upolicy, "targets");
+                    if (settings->sources == 0) { //don't override if configured by authz plugin
+                        settings->sources              = qd_entity_get_string((qd_entity_t*)upolicy, "sources");
+                    }
+                    if (settings->targets == 0) { //don't override if configured by authz plugin
+                        settings->targets              = qd_entity_get_string((qd_entity_t*)upolicy, "targets");
+                    }
                     settings->sourcePattern        = qd_entity_get_string((qd_entity_t*)upolicy, "sourcePattern");
                     settings->targetPattern        = qd_entity_get_string((qd_entity_t*)upolicy, "targetPattern");
                     settings->sourceParseTree      = qd_policy_parse_tree(settings->sourcePattern);

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/7baa254a/tests/policy-authz/default.json
----------------------------------------------------------------------
diff --git a/tests/policy-authz/default.json b/tests/policy-authz/default.json
new file mode 100644
index 0000000..ca3ec61
--- /dev/null
+++ b/tests/policy-authz/default.json
@@ -0,0 +1,29 @@
+##
+## Licensed to the Apache Software Foundation (ASF) under one
+## or more contributor license agreements.  See the NOTICE file
+## distributed with this work for additional information
+## regarding copyright ownership.  The ASF licenses this file
+## to you under the Apache License, Version 2.0 (the
+## "License"); you may not use this file except in compliance
+## with the License.  You may obtain a copy of the License at
+##
+##   http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing,
+## software distributed under the License is distributed on an
+## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+## KIND, either express or implied.  See the License for the
+## specific language governing permissions and limitations
+## under the License
+##
+[
+    ["vhost", {
+        "hostname": "$default",
+        "allowUnknownUser": true,
+        "groups" : {
+            "$default": {
+                "remoteHosts": "*"
+            }
+        }
+    }]
+]

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/7baa254a/tests/system_tests_authz_service_plugin.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_authz_service_plugin.py b/tests/system_tests_authz_service_plugin.py
index fc5e2bf..392e1a8 100644
--- a/tests/system_tests_authz_service_plugin.py
+++ b/tests/system_tests_authz_service_plugin.py
@@ -73,9 +73,12 @@ mech_list: SCRAM-SHA-1 PLAIN
         cls.auth_service_port = cls.tester.get_port()
         cls.tester.popen(['/usr/bin/env', 'python', os.path.join(os.path.dirname(os.path.abspath(__file__)), 'authservice.py'), '-a', 'amqps://127.0.0.1:%d' % cls.auth_service_port, '-c', os.getcwd()], expect=Process.RUNNING)
 
+        policy_config_path = os.path.join(DIR, 'policy-authz')
+
         cls.router_port = cls.tester.get_port()
         cls.tester.qdrouterd('router', Qdrouterd.Config([
                      ('sslProfile', {'name':'myssl'}),
+                     ('policy', {'maxConnections': 2, 'policyDir': policy_config_path, 'enableVhostPolicy': 'true'}),
                      # authService attribute has been deprecated. We are using it here to make sure that we are
                      # still backward compatible.
                      ('authServicePlugin', {'name':'myauth', 'sslProfile':'myssl', 'port': cls.auth_service_port, 'host': '127.0.0.1'}),


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org