You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by gm...@apache.org on 2016/10/14 19:43:50 UTC
qpid-dispatch git commit: DISPATCH-527 - Removed address
Repository: qpid-dispatch
Updated Branches:
refs/heads/master d84356fe3 -> 3774f5d73
DISPATCH-527 - Removed address
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/3774f5d7
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/3774f5d7
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/3774f5d7
Branch: refs/heads/master
Commit: 3774f5d73c865f03ba5ff44a3465d49370aa48ed
Parents: d84356f
Author: Ganesh Murthy <gm...@redhat.com>
Authored: Fri Oct 14 15:43:33 2016 -0400
Committer: Ganesh Murthy <gm...@redhat.com>
Committed: Fri Oct 14 15:43:33 2016 -0400
----------------------------------------------------------------------
.../display_name/display_name.py | 61 ++---------------
.../qpid_dispatch_internal/management/config.py | 2 +-
src/server.c | 42 +++++-------
src/server_private.h | 1 -
tests/system_tests_user_id.py | 72 +-------------------
tests/system_tests_user_id_proxy.py | 48 -------------
6 files changed, 27 insertions(+), 199 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/3774f5d7/python/qpid_dispatch_internal/display_name/display_name.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/display_name/display_name.py b/python/qpid_dispatch_internal/display_name/display_name.py
index ea38508..ba92e76 100644
--- a/python/qpid_dispatch_internal/display_name/display_name.py
+++ b/python/qpid_dispatch_internal/display_name/display_name.py
@@ -42,25 +42,22 @@ class SSLProfile(object):
for key in d.keys():
self.cache[key] = d[key]
+ def __repr__(self):
+ return "SSLProfile(%s)" % ", ".join("%s=%s" % (k, self.cache[k]) for k in self.cache.keys())
+
class DisplayNameService(object):
- def __init__(self, address):
+ def __init__(self):
super(DisplayNameService, self).__init__()
# profile_dict will be a mapping from ssl_profile_name to the SSLProfile object
self.profile_dict = {}
self.io_adapter = None
self.log_adapter = LogAdapter("DISPLAYNAME")
- if address:
- self._activate(address)
def log(self, level, text):
info = traceback.extract_stack(limit=2)[0] # Caller frame info
self.log_adapter.log(level, text, info[0], info[1])
- def _activate(self, address):
- self.log(LOG_INFO, "Activating DisplayNameService on %s" % address)
- self.io_adapter = [IoAdapter(self.receive, address)]
-
def add(self, profile_name, profile_file_location):
ssl_profile = SSLProfile(profile_name, profile_file_location)
self.profile_dict[profile_name] = ssl_profile
@@ -89,54 +86,8 @@ class DisplayNameService(object):
if ssl_profile:
profile_cache = self.profile_dict.get(profile_name).cache
user_name = profile_cache.get(user_id)
- body = {'user_name': user_name if user_name else user_id}
- else:
- body = {'user_name': user_id}
- return body
-
- def receive(self, message, unused_link_id, unused_cost):
- """
- This is the IOAdapter's callback function. Will be invoked when the IOAdapter receives a request.
- Will only accept QUERY requests.
- Matches the passed in profilename and userid to user name. If a matching user name is not found, returns the
- passed in userid as the user name.
- :param message:
- :param unused_link_id:
- :param unused_cost
- """
- body = {}
-
- try:
- opcode = message.body.get('opcode')
- profile_name = message.body.get('profilename')
- user_id = message.body.get('userid')
- if opcode == 'QUERY' and profile_name and user_id:
- body = self.query(profile_name, user_id)
- except Exception:
- self.log(LOG_ERROR, "Exception in raw message processing: body=%r\n%s" %
- (message.body, format_exc(LOG_STACK_LIMIT)))
-
- # Make sure the incoming message has a reply_to, otherwise don't bother responding.
- # This check will make sure that the core thread does not crash.
- if message.reply_to:
- response = Message(address=message.reply_to,
- body=body,
- properties={},
- correlation_id=message.correlation_id)
+ return user_name if user_name else user_id
else:
- # If there is no reply_to, we simple won't respond.
- return
-
- self.io_adapter[0].send(response)
+ return user_id
-def display_name_local_query(displaynameservice, profile_name, user_id):
- """
- Local query interface for reading cached name translations from C code
- @param displaynameservice: DisplayNameService python instance
- @param profile_name: connection's sslProfile name
- @param user_id: Name formatted from SSL cert fields
- @return: Name to be used as connection's authenticated user
- """
- body = displaynameservice.query(profile_name, user_id)
- return body['user_name']
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/3774f5d7/python/qpid_dispatch_internal/management/config.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/management/config.py b/python/qpid_dispatch_internal/management/config.py
index 9df1dad..5cb8445 100644
--- a/python/qpid_dispatch_internal/management/config.py
+++ b/python/qpid_dispatch_internal/management/config.py
@@ -154,7 +154,7 @@ def configure_dispatch(dispatch, lib_handle, filename):
agent.activate("$_management_internal")
from qpid_dispatch_internal.display_name.display_name import DisplayNameService
- displayname_service = DisplayNameService("$displayname")
+ displayname_service = DisplayNameService()
qd.qd_dispatch_register_display_name_service(dispatch, displayname_service)
policyDir = config.by_type('policy')[0]['policyDir']
policyDefaultVhost = config.by_type('policy')[0]['defaultVhost']
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/3774f5d7/src/server.c
----------------------------------------------------------------------
diff --git a/src/server.c b/src/server.c
index a55b0c2..86ebc88 100644
--- a/src/server.c
+++ b/src/server.c
@@ -141,9 +141,14 @@ static qd_error_t connection_entity_update_host(qd_entity_t* entity, qd_connecti
*/
qd_error_t qd_register_display_name_service(qd_dispatch_t *qd, void *displaynameservice)
{
- qd->server->py_displayname_obj = displaynameservice;
- qd->server->py_displayname_module = PyImport_ImportModule("qpid_dispatch_internal.display_name.display_name");
- return qd->server->py_displayname_module ? QD_ERROR_NONE : qd_error(QD_ERROR_RUNTIME, "Fail importing DisplayNameService module");
+ if (displaynameservice) {
+ qd->server->py_displayname_obj = displaynameservice;
+ Py_XINCREF((PyObject *)qd->server->py_displayname_obj);
+ return QD_ERROR_NONE;
+ }
+ else {
+ return qd_error(QD_ERROR_VALUE, "displaynameservice is not set");
+ }
}
@@ -157,7 +162,6 @@ static const char *qd_transport_get_user(qd_connection_t *conn, pn_transport_t *
conn->connector ? conn->connector->config : conn->listener->config;
if (config->ssl_uid_format) {
-
// The ssl_uid_format length cannot be greater that 7
assert(strlen(config->ssl_uid_format) < 8);
@@ -327,27 +331,17 @@ static const char *qd_transport_get_user(qd_connection_t *conn, pn_transport_t *
if (config->ssl_display_name_file) {
// Translate extracted id into display name
qd_python_lock_state_t lock_state = qd_python_lock();
- PyObject *module = (PyObject*)conn->server->py_displayname_module;
- PyObject *query = PyObject_GetAttrString(module, "display_name_local_query");
- if (query) {
- PyObject *result = PyObject_CallFunction(query, "(Oss)",
- (PyObject *)conn->server->py_displayname_obj,
- config->ssl_profile, user_id);
- if (result) {
- const char *res_string = PyString_AsString(result);
- free(user_id);
- user_id = malloc(strlen(res_string) + 1);
- user_id[0] = '\0';
- strcat(user_id, res_string);
- Py_XDECREF(result);
- } else {
- qd_log(conn->server->log_source, QD_LOG_DEBUG, "Internal: failed to read displaynameservice query result");
- }
- Py_XDECREF(query);
+ PyObject *result = PyObject_CallMethod((PyObject *)conn->server->py_displayname_obj, "query", "(ss)", config->ssl_profile, user_id );
+ if (result) {
+ const char *res_string = PyString_AsString(result);
+ free(user_id);
+ user_id = malloc(strlen(res_string) + 1);
+ user_id[0] = '\0';
+ strcat(user_id, res_string);
+ Py_XDECREF(result);
} else {
- qd_log(conn->server->log_source, QD_LOG_DEBUG, "Internal: failed to locate query function");
+ qd_log(conn->server->log_source, QD_LOG_DEBUG, "Internal: failed to read displaynameservice query result");
}
- Py_XDECREF(module);
qd_python_unlock(lock_state);
}
qd_log(conn->server->log_source, QD_LOG_DEBUG, "User id is '%s' ", user_id);
@@ -1393,7 +1387,6 @@ qd_server_t *qd_server(qd_dispatch_t *qd, int thread_count, const char *containe
qd_server->signal_handler_running = false;
qd_server->heartbeat_timer = 0;
qd_server->next_connection_id = 1;
- qd_server->py_displayname_module = 0;
qd_server->py_displayname_obj = 0;
qd_log(qd_server->log_source, QD_LOG_INFO, "Container Name: %s", qd_server->container_name);
@@ -1412,6 +1405,7 @@ void qd_server_free(qd_server_t *qd_server)
sys_mutex_free(qd_server->lock);
sys_cond_free(qd_server->cond);
free(qd_server->threads);
+ Py_XDECREF((PyObject *)qd_server->py_displayname_obj);
free(qd_server);
}
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/3774f5d7/src/server_private.h
----------------------------------------------------------------------
diff --git a/src/server_private.h b/src/server_private.h
index caa3471..642f89d 100644
--- a/src/server_private.h
+++ b/src/server_private.h
@@ -180,7 +180,6 @@ struct qd_server_t {
qd_connection_list_t connections;
qd_timer_t *heartbeat_timer;
uint64_t next_connection_id;
- void *py_displayname_module;
void *py_displayname_obj;
};
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/3774f5d7/tests/system_tests_user_id.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_user_id.py b/tests/system_tests_user_id.py
index 7f40b4d..a62e148 100644
--- a/tests/system_tests_user_id.py
+++ b/tests/system_tests_user_id.py
@@ -111,8 +111,8 @@ class QdSSLUseridTest(TestCase):
'keyFile': cls.ssl_file('server-private-key.pem'),
'password': 'server-password'}),
- # one component of uidFormat is invalid (x), the unrecognized component will be ignored,
- # this will be treated like 'uidFormat': '1'
+ # one component of uidFormat is invalid (x), this will result in an error in the fingerprint calculation.
+ # The user_id will fall back to proton's pn_transport_get_user
('sslProfile', {'name': 'server-ssl10',
'certDb': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
@@ -309,74 +309,6 @@ class QdSSLUseridTest(TestCase):
user_id = node.query(type='org.apache.qpid.dispatch.connection', attribute_names=['user']).results[13][0]
self.assertEqual("user13", user_id)
- M1 = self.messenger()
- M1.route("amqp:/*", self.address(14)+"/$1")
-
- subscription = M1.subscribe("amqp:/#")
-
- reply_to = subscription.address
- addr = 'amqp:/_local/$displayname'
-
- tm = Message()
- rm = Message()
- tm.address = addr
- tm.reply_to = reply_to
- tm.body = {'profilename': 'server-ssl10', 'opcode': 'QUERY', 'userid': '94745961c5646ee0129536b3acef1eea0d8d2f26f8c353455233027bcd47'}
- M1.put(tm)
-
- M1.send()
- M1.recv(1)
- M1.get(rm)
- self.assertEqual('elaine', rm.body['user_name'])
-
- tm = Message()
- rm = Message()
- tm.address = addr
- tm.reply_to = reply_to
- tm.body = {'profilename': 'server-ssl-unknown', 'opcode': 'QUERY', 'userid': '94745961c5646ee0129536b3acef1eea0d8d2f26f8c3ed08ece4f8f3027bcd48'}
- M1.put(tm)
- M1.send()
- M1.recv(1)
- M1.get(rm)
- self.assertEqual('94745961c5646ee0129536b3acef1eea0d8d2f26f8c3ed08ece4f8f3027bcd48', rm.body['user_name'])
-
- # The profile name, userid pair have a matching user name
- tm = Message()
- rm = Message()
- tm.address = addr
- tm.reply_to = reply_to
- tm.body = {'profilename': 'server-ssl12', 'opcode': 'QUERY', 'userid': '94745961c5646ee0129536b3acef1eea0d8d2f26f8c3ed08ece4f8f3027bcd48'}
- M1.put(tm)
- M1.send()
- M1.recv(1)
- M1.get(rm)
- self.assertEqual('johndoe', rm.body['user_name'])
-
- tm = Message()
- rm = Message()
- tm.address = addr
- tm.reply_to = reply_to
- tm.body = {'profilename': 'server-ssl10', 'opcode': 'QUERY', 'userid': '12345'}
- M1.put(tm)
- M1.send()
- M1.recv(1)
- M1.get(rm)
- self.assertEqual('12345', rm.body['user_name'])
-
- tm = Message()
- rm = Message()
- tm.address = addr
- tm.reply_to = reply_to
- tm.user_id = "bad-user-id" # policy is disabled; user proxy is allowed
- tm.body = {'profilename': 'server-ssl10', 'opcode': 'QUERY', 'userid': '12345'}
- M1.put(tm)
- M1.send()
- M1.recv(1)
- M1.get(rm)
- self.assertEqual('12345', rm.body['user_name'])
-
- M1.stop()
-
node.close()
if __name__ == '__main__':
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/3774f5d7/tests/system_tests_user_id_proxy.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_user_id_proxy.py b/tests/system_tests_user_id_proxy.py
index 3f0e0ed..409aaf1 100644
--- a/tests/system_tests_user_id_proxy.py
+++ b/tests/system_tests_user_id_proxy.py
@@ -263,54 +263,6 @@ class QdSSLUseridProxy(QdSSLUseridTest):
self.assertTrue (result == Delivery.REJECTED,
"Router accepted a message with user_id that did not match connection user_id")
- def test_message_user_id_proxy_blank_name_allowed(self):
- # Send a message with a blank user_id that should be allowed
- M1 = self.messenger()
- M1.route("amqp:/*", self.address(14) + "/$1")
-
- subscription = M1.subscribe("amqp:/#")
-
- reply_to = subscription.address
- addr = 'amqp:/_local/$displayname'
-
- tm = Message()
- rm = Message()
- tm.address = addr
- tm.reply_to = reply_to
- tm.body = {'profilename': 'server-ssl10', 'opcode': 'QUERY',
- 'userid': '94745961c5646ee0129536b3acef1eea0d8d2f26f8c353455233027bcd47'}
- M1.put(tm)
-
- M1.send()
- M1.recv(1)
- M1.get(rm)
- self.assertEqual('elaine', rm.body['user_name'])
-
- def test_message_user_id_proxy_correct_name_allowed(self):
- # Send a message with a good user_id that should be allowed
- M2 = self.messenger()
- M2.route("amqp:/*", self.address(14) + "/$1")
-
- subscription = M2.subscribe("amqp:/#")
-
- reply_to = subscription.address
- addr = 'amqp:/_local/$displayname'
-
- tm = Message()
- rm = Message()
- tm.address = addr
- tm.reply_to = reply_to
- tm.user_id = "anonymous"
- tm.body = {'profilename': 'server-ssl10', 'opcode': 'QUERY',
- 'userid': '94745961c5646ee0129536b3acef1eea0d8d2f26f8c353455233027bcd47'}
- M2.put(tm)
-
- M2.send()
- M2.recv(1)
- M2.get(rm)
- self.assertEqual('elaine', rm.body['user_name'])
-
-
def test_message_user_id_proxy_zzz_credit_handled(self):
# Test for DISPATCH-519. Make sure the REJECTED messages result
# in the client receiving credit.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org