You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by gm...@apache.org on 2018/10/24 16:21:46 UTC
[2/6] qpid-dispatch git commit: DISPATCH-1149: allow authz plugin to
override conf file policy
DISPATCH-1149: allow authz plugin to override conf file policy
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/2b4d4c96
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/2b4d4c96
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/2b4d4c96
Branch: refs/heads/1.4.x
Commit: 2b4d4c962600c57c33a83166dbde6d6dd77f3464
Parents: a27ca38
Author: Gordon Sim <gs...@redhat.com>
Authored: Thu Oct 18 22:35:45 2018 +0100
Committer: Ganesh Murthy <gm...@redhat.com>
Committed: Fri Oct 19 09:32:54 2018 -0400
----------------------------------------------------------------------
src/policy.c | 16 ++++++++++----
tests/policy-authz/default.json | 29 +++++++++++++++++++++++++
tests/system_tests_authz_service_plugin.py | 3 +++
3 files changed, 44 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/2b4d4c96/src/policy.c
----------------------------------------------------------------------
diff --git a/src/policy.c b/src/policy.c
index 6556d3d..2b03b73 100644
--- a/src/policy.c
+++ b/src/policy.c
@@ -430,11 +430,19 @@ bool qd_policy_open_lookup_user(
settings->maxSessions = qd_entity_opt_long((qd_entity_t*)upolicy, "maxSessions", 0);
settings->maxSenders = qd_entity_opt_long((qd_entity_t*)upolicy, "maxSenders", 0);
settings->maxReceivers = qd_entity_opt_long((qd_entity_t*)upolicy, "maxReceivers", 0);
- settings->allowAnonymousSender = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowAnonymousSender", false);
- settings->allowDynamicSource = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowDynamicSource", false);
+ if (!settings->allowAnonymousSender) { //don't override if enabled by authz plugin
+ settings->allowAnonymousSender = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowAnonymousSender", false);
+ }
+ if (!settings->allowDynamicSource) { //don't override if enabled by authz plugin
+ settings->allowDynamicSource = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowDynamicSource", false);
+ }
settings->allowUserIdProxy = qd_entity_opt_bool((qd_entity_t*)upolicy, "allowUserIdProxy", false);
- settings->sources = qd_entity_get_string((qd_entity_t*)upolicy, "sources");
- settings->targets = qd_entity_get_string((qd_entity_t*)upolicy, "targets");
+ if (settings->sources == 0) { //don't override if configured by authz plugin
+ settings->sources = qd_entity_get_string((qd_entity_t*)upolicy, "sources");
+ }
+ if (settings->targets == 0) { //don't override if configured by authz plugin
+ settings->targets = qd_entity_get_string((qd_entity_t*)upolicy, "targets");
+ }
settings->sourcePattern = qd_entity_get_string((qd_entity_t*)upolicy, "sourcePattern");
settings->targetPattern = qd_entity_get_string((qd_entity_t*)upolicy, "targetPattern");
settings->sourceParseTree = qd_policy_parse_tree(settings->sourcePattern);
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/2b4d4c96/tests/policy-authz/default.json
----------------------------------------------------------------------
diff --git a/tests/policy-authz/default.json b/tests/policy-authz/default.json
new file mode 100644
index 0000000..ca3ec61
--- /dev/null
+++ b/tests/policy-authz/default.json
@@ -0,0 +1,29 @@
+##
+## Licensed to the Apache Software Foundation (ASF) under one
+## or more contributor license agreements. See the NOTICE file
+## distributed with this work for additional information
+## regarding copyright ownership. The ASF licenses this file
+## to you under the Apache License, Version 2.0 (the
+## "License"); you may not use this file except in compliance
+## with the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing,
+## software distributed under the License is distributed on an
+## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+## KIND, either express or implied. See the License for the
+## specific language governing permissions and limitations
+## under the License
+##
+[
+ ["vhost", {
+ "hostname": "$default",
+ "allowUnknownUser": true,
+ "groups" : {
+ "$default": {
+ "remoteHosts": "*"
+ }
+ }
+ }]
+]
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/2b4d4c96/tests/system_tests_authz_service_plugin.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_authz_service_plugin.py b/tests/system_tests_authz_service_plugin.py
index fc5e2bf..392e1a8 100644
--- a/tests/system_tests_authz_service_plugin.py
+++ b/tests/system_tests_authz_service_plugin.py
@@ -73,9 +73,12 @@ mech_list: SCRAM-SHA-1 PLAIN
cls.auth_service_port = cls.tester.get_port()
cls.tester.popen(['/usr/bin/env', 'python', os.path.join(os.path.dirname(os.path.abspath(__file__)), 'authservice.py'), '-a', 'amqps://127.0.0.1:%d' % cls.auth_service_port, '-c', os.getcwd()], expect=Process.RUNNING)
+ policy_config_path = os.path.join(DIR, 'policy-authz')
+
cls.router_port = cls.tester.get_port()
cls.tester.qdrouterd('router', Qdrouterd.Config([
('sslProfile', {'name':'myssl'}),
+ ('policy', {'maxConnections': 2, 'policyDir': policy_config_path, 'enableVhostPolicy': 'true'}),
# authService attribute has been deprecated. We are using it here to make sure that we are
# still backward compatible.
('authServicePlugin', {'name':'myauth', 'sslProfile':'myssl', 'port': cls.auth_service_port, 'host': '127.0.0.1'}),
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org