You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by gs...@apache.org on 2018/10/18 21:36:36 UTC
[1/2] qpid-dispatch git commit: DISPATCH-1148: set version in open
frames sent to auth service
Repository: qpid-dispatch
Updated Branches:
refs/heads/master 40de39316 -> 7baa254aa
DISPATCH-1148: set version in open frames sent to auth service
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/b4385f9e
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/b4385f9e
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/b4385f9e
Branch: refs/heads/master
Commit: b4385f9e79ac981fdd2d1faf1d9b0588661da0b2
Parents: 40de393
Author: Gordon Sim <gs...@redhat.com>
Authored: Thu Oct 18 21:49:00 2018 +0100
Committer: Gordon Sim <gs...@redhat.com>
Committed: Thu Oct 18 21:58:18 2018 +0100
----------------------------------------------------------------------
src/remote_sasl.c | 9 +++++++++
1 file changed, 9 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b4385f9e/src/remote_sasl.c
----------------------------------------------------------------------
diff --git a/src/remote_sasl.c b/src/remote_sasl.c
index ae32936..edd76f1 100644
--- a/src/remote_sasl.c
+++ b/src/remote_sasl.c
@@ -201,6 +201,15 @@ static bool remote_sasl_init_server(pn_transport_t* transport)
pn_data_put_symbol(data, pn_bytes(13, "ADDRESS-AUTHZ"));
pn_data_exit(data);
+ data = pn_connection_properties(impl->downstream);
+ pn_data_put_map(data);
+ pn_data_enter(data);
+ pn_data_put_symbol(data, pn_bytes(strlen(QD_CONNECTION_PROPERTY_PRODUCT_KEY), QD_CONNECTION_PROPERTY_PRODUCT_KEY));
+ pn_data_put_string(data, pn_bytes(strlen(QD_CONNECTION_PROPERTY_PRODUCT_VALUE), QD_CONNECTION_PROPERTY_PRODUCT_VALUE));
+ pn_data_put_symbol(data, pn_bytes(strlen(QD_CONNECTION_PROPERTY_VERSION_KEY), QD_CONNECTION_PROPERTY_VERSION_KEY));
+ pn_data_put_string(data, pn_bytes(strlen(QPID_DISPATCH_VERSION), QPID_DISPATCH_VERSION));
+ pn_data_exit(data);
+
pn_proactor_connect(proactor, impl->downstream, impl->authentication_service_address);
return true;
} else {
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[2/2] qpid-dispatch git commit: DISPATCH-1149: allow authz plugin to
override conf file policy
Posted by gs...@apache.org.
DISPATCH-1149: allow authz plugin to override conf file policy
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/7baa254a
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/7baa254a
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/7baa254a
Branch: refs/heads/master
Commit: 7baa254aafb5699004d87587bd385f2df776bed3
Parents: b4385f9
Author: Gordon Sim <gs...@redhat.com>
Authored: Thu Oct 18 22:35:45 2018 +0100
Committer: Gordon Sim <gs...@redhat.com>
Committed: Thu Oct 18 22:35:45 2018 +0100
----------------------------------------------------------------------
src/policy.c | 16 ++++++++++----
tests/policy-authz/default.json | 29 +++++++++++++++++++++++++
tests/system_tests_authz_service_plugin.py | 3 +++
3 files changed, 44 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/7baa254a/src/policy.c
----------------------------------------------------------------------
diff --git a/src/policy.c b/src/policy.c
index 6556d3d..2b03b73 100644
--- a/src/policy.c
+++ b/src/policy.c
@@ -430,11 +430,19 @@ bool qd_policy_open_lookup_user(
settings->maxSessions = qd_entity_opt_long((qd_entity_t*)upolicy, "maxSessions", 0);
settings->maxSenders = qd_entity_opt_long((qd_entity_t*)upolicy, "maxSenders", 0);
settings->maxReceivers = qd_entity_opt_long((qd_entity_t*)upolicy, "maxReceivers", 0);
- settings->allowAnonymousSender = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowAnonymousSender", false);
- settings->allowDynamicSource = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowDynamicSource", false);
+ if (!settings->allowAnonymousSender) { //don't override if enabled by authz plugin
+ settings->allowAnonymousSender = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowAnonymousSender", false);
+ }
+ if (!settings->allowDynamicSource) { //don't override if enabled by authz plugin
+ settings->allowDynamicSource = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowDynamicSource", false);
+ }
settings->allowUserIdProxy = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowUserIdProxy", false);
- settings->sources = qd_entity_get_string((qd_entity_t*)upolicy, "sources");
- settings->targets = qd_entity_get_string((qd_entity_t*)upolicy, "targets");
+ if (settings->sources == 0) { //don't override if configured by authz plugin
+ settings->sources = qd_entity_get_string((qd_entity_t*)upolicy, "sources");
+ }
+ if (settings->targets == 0) { //don't override if configured by authz plugin
+ settings->targets = qd_entity_get_string((qd_entity_t*)upolicy, "targets");
+ }
settings->sourcePattern = qd_entity_get_string((qd_entity_t*)upolicy, "sourcePattern");
settings->targetPattern = qd_entity_get_string((qd_entity_t*)upolicy, "targetPattern");
settings->sourceParseTree = qd_policy_parse_tree(settings->sourcePattern);
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/7baa254a/tests/policy-authz/default.json
----------------------------------------------------------------------
diff --git a/tests/policy-authz/default.json b/tests/policy-authz/default.json
new file mode 100644
index 0000000..ca3ec61
--- /dev/null
+++ b/tests/policy-authz/default.json
@@ -0,0 +1,29 @@
+##
+## Licensed to the Apache Software Foundation (ASF) under one
+## or more contributor license agreements. See the NOTICE file
+## distributed with this work for additional information
+## regarding copyright ownership. The ASF licenses this file
+## to you under the Apache License, Version 2.0 (the
+## "License"); you may not use this file except in compliance
+## with the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing,
+## software distributed under the License is distributed on an
+## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+## KIND, either express or implied. See the License for the
+## specific language governing permissions and limitations
+## under the License
+##
+[
+ ["vhost", {
+ "hostname": "$default",
+ "allowUnknownUser": true,
+ "groups" : {
+ "$default": {
+ "remoteHosts": "*"
+ }
+ }
+ }]
+]
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/7baa254a/tests/system_tests_authz_service_plugin.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_authz_service_plugin.py b/tests/system_tests_authz_service_plugin.py
index fc5e2bf..392e1a8 100644
--- a/tests/system_tests_authz_service_plugin.py
+++ b/tests/system_tests_authz_service_plugin.py
@@ -73,9 +73,12 @@ mech_list: SCRAM-SHA-1 PLAIN
cls.auth_service_port = cls.tester.get_port()
cls.tester.popen(['/usr/bin/env', 'python', os.path.join(os.path.dirname(os.path.abspath(__file__)), 'authservice.py'), '-a', 'amqps://127.0.0.1:%d' % cls.auth_service_port, '-c', os.getcwd()], expect=Process.RUNNING)
+ policy_config_path = os.path.join(DIR, 'policy-authz')
+
cls.router_port = cls.tester.get_port()
cls.tester.qdrouterd('router', Qdrouterd.Config([
('sslProfile', {'name':'myssl'}),
+ ('policy', {'maxConnections': 2, 'policyDir': policy_config_path, 'enableVhostPolicy': 'true'}),
# authService attribute has been deprecated. We are using it here to make sure that we are
# still backward compatible.
('authServicePlugin', {'name':'myauth', 'sslProfile':'myssl', 'port': cls.auth_service_port, 'host': '127.0.0.1'}),
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org