delta/python-packages/qpid-python.git/cpp/src/tests/Acl.cpp, branch QPID-6125-ProtocolRefactoring git.apache.org: qpid.git QPID-4123: C++ Broker ACL creates too many rules 2014-07-23T17:01:40+00:00 Charles E. Rolke chug@apache.org 2014-07-23T17:01:40+00:00 b3a2f8a19a2f6aa8684b81cb53f4525d1111f1be Recent changes have added new tables to define what are ACL lookups and their properties. This commit finishes that work by not propagating rules that will never match. Also, it completes the scaffolding for allowed and denied host lists to be fully integrated. This commit: * Adds startup logging of ACL validation tables with cross references to possible rule matches. * Hooks the ACL host allow/deny connection lists into self test. * Fixes self tests that get broken by proper rule table handling. * Introduces a 'create connection' decision mode similar to ACL rule decision mode. * Describes it all in doc book. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1612874 13f79535-47bb-0310-9956-ffa450edef68 
Recent changes have added new tables to define what
are ACL lookups and their properties. This commit
finishes that work by not propagating rules that
will never match. Also, it completes the scaffolding
for allowed and denied host lists to be fully 
integrated. This commit:

* Adds startup logging of ACL validation tables
  with cross references to possible rule matches.
* Hooks the ACL host allow/deny connection lists
  into self test.
* Fixes self tests that get broken by proper rule
  table handling.
* Introduces a 'create connection' decision mode
  similar to ACL rule decision mode.
* Describes it all in doc book.



git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1612874 13f79535-47bb-0310-9956-ffa450edef68
QPID-4947: C++ Broker ACL restricts hosts from which users may connect. 2014-07-15T22:54:51+00:00 Charles E. Rolke chug@apache.org 2014-07-15T22:54:51+00:00 7da35bee4c69c74281d47e37dfae08f817e5ac47 This commit adds: * Acl rule file "create connection host=hostname" support for allowing and denying connections. * AclHost class to represent a host specified in the rule file. * Global and user-specific lists of AclHost rules. Created by AclReader and consumed by AclConnectionCounter. * Address range checks and other giblets in SocketAddress: ** asString support to hide IPv6 decoration and service (port) details. ** binary comparison of network addresses. ** new firstAddress function to complement existing nextAddress. Socket addrinfo for AclHost objects is computed once only for lifetime of Acl file load. ** Posix and Windows implementations are identical. * New unit test for address comparisons. Testing a live broker is great but forcing connections to be from some arbitrary IPv4 or IPv6 address is hard. So there's a unit test for that. Further discussion about this feature is in https://reviews.apache.org/r/23322 git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1610874 13f79535-47bb-0310-9956-ffa450edef68 
This commit adds:
* Acl rule file "create connection host=hostname" support for allowing and denying connections.
* AclHost class to represent a host specified in the rule file.
* Global and user-specific lists of AclHost rules. Created by AclReader and consumed by AclConnectionCounter.
* Address range checks and other giblets in SocketAddress:
** asString support to hide IPv6 decoration and service (port) details.
** binary comparison of network addresses.
** new firstAddress function to complement existing nextAddress. Socket addrinfo for AclHost objects is computed once only for lifetime of Acl file load.
** Posix and Windows implementations are identical.
* New unit test for address comparisons. Testing a live broker is great but forcing connections to be from some arbitrary IPv4 or IPv6 address is hard. So there's a unit test for that.

Further discussion about this feature is in https://reviews.apache.org/r/23322

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1610874 13f79535-47bb-0310-9956-ffa450edef68
QPID-5890: Improve Acl enum verification 2014-07-12T10:04:33+00:00 Charles E. Rolke chug@apache.org 2014-07-12T10:04:33+00:00 3f7fa50da7d4ab73c1a7c0e5bbb589bec2b876e9 git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1609900 13f79535-47bb-0310-9956-ffa450edef68 
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1609900 13f79535-47bb-0310-9956-ffa450edef68
QPID-5890: Refactoring AclModule.h 2014-07-11T20:43:51+00:00 Charles E. Rolke chug@apache.org 2014-07-11T20:43:51+00:00 5f88759b54a69af0ad12a82e37ddab3c256a4083 * make single instances of strings associated with enums * make more compact search functions * make string definitions const * return 'const string&' instead of copies of temporaries * add self test as string defs sanity check * export AclHelper to satisfy tests (!!) git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1609828 13f79535-47bb-0310-9956-ffa450edef68 
* make single instances of strings associated with enums
* make more compact search functions
* make string definitions const
* return 'const string&' instead of copies of temporaries
* add self test as string defs sanity check
* export AclHelper to satisfy tests (!!)



git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1609828 13f79535-47bb-0310-9956-ffa450edef68