summaryrefslogtreecommitdiff
path: root/cpp/src/qpid/acl/AclReader.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'cpp/src/qpid/acl/AclReader.cpp')
-rw-r--r--cpp/src/qpid/acl/AclReader.cpp222
1 files changed, 92 insertions, 130 deletions
diff --git a/cpp/src/qpid/acl/AclReader.cpp b/cpp/src/qpid/acl/AclReader.cpp
index 74358a20c1..80debf1bd1 100644
--- a/cpp/src/qpid/acl/AclReader.cpp
+++ b/cpp/src/qpid/acl/AclReader.cpp
@@ -49,7 +49,7 @@ namespace acl {
objStatus = ALL;
}
- bool AclReader::aclRule::addProperty(const Property p, const std::string v) {
+ bool AclReader::aclRule::addProperty(const SpecProperty p, const std::string v) {
return props.insert(propNvPair(p, v)).second;
}
@@ -85,146 +85,108 @@ namespace acl {
void AclReader::loadDecisionData(boost::shared_ptr<AclData> d) {
d->clear();
- QPID_LOG(debug, "ACL Load Rules");
- int cnt = rules.size();
+ QPID_LOG(debug, "ACL: Load Rules");
bool foundmode = false;
- for (rlCitr i = rules.end(); cnt; cnt--) {
+ rlCitr i = rules.end();
+ for (int cnt = rules.size(); cnt; cnt--) {
i--;
- QPID_LOG(debug, "ACL Processing " << std::setfill(' ') << std::setw(2)
+ QPID_LOG(debug, "ACL: Processing " << std::setfill(' ') << std::setw(2)
<< cnt << " " << (*i)->toString());
if (!foundmode && (*i)->actionAll && (*i)->names.size() == 1
&& (*((*i)->names.begin())).compare("*") == 0) {
d->decisionMode = (*i)->res;
- QPID_LOG(debug, "ACL FoundMode "
+ QPID_LOG(debug, "ACL: FoundMode "
<< AclHelper::getAclResultStr(d->decisionMode));
foundmode = true;
} else {
- AclData::rule rule((*i)->props);
- bool addrule = true;
-
- switch ((*i)->res) {
- case qpid::acl::ALLOWLOG:
- rule.log = true;
- if (d->decisionMode == qpid::acl::ALLOW ||
- d->decisionMode == qpid::acl::ALLOWLOG)
- rule.logOnly = true;
- break;
- case qpid::acl::ALLOW:
- if (d->decisionMode == qpid::acl::ALLOW ||
- d->decisionMode == qpid::acl::ALLOWLOG)
- addrule = false;
- break;
- case qpid::acl::DENYLOG:
- rule.log = true;
- if (d->decisionMode == qpid::acl::DENY ||
- d->decisionMode == qpid::acl::DENYLOG)
- rule.logOnly = true;
- break;
- case qpid::acl::DENY:
- if (d->decisionMode == qpid::acl::DENY ||
- d->decisionMode == qpid::acl::DENYLOG)
- addrule = false;
- break;
- default:
- throw Exception("Invalid ACL Result loading rules.");
- }
+ AclData::rule rule(cnt, (*i)->res, (*i)->props);
// Action -> Object -> map<user -> set<Rule> >
- if (addrule) {
- std::ostringstream actionstr;
- for (int acnt = ((*i)->actionAll ? 0 : (*i)->action);
- acnt < acl::ACTIONSIZE;
- (*i)->actionAll ? acnt++ : acnt = acl::ACTIONSIZE) {
-
- if (acnt == acl::ACT_PUBLISH)
- d->transferAcl = true; // we have transfer ACL
-
- actionstr << AclHelper::getActionStr((Action) acnt) << ",";
-
- //find the Action, create if not exist
- if (d->actionList[acnt] == NULL) {
- d->actionList[acnt] =
- new AclData::aclAction[qpid::acl::OBJECTSIZE];
- for (int j = 0; j < qpid::acl::OBJECTSIZE; j++)
- d->actionList[acnt][j] = NULL;
- }
-
- // optimize this loop to limit to valid options only!!
- for (int ocnt = ((*i)->objStatus != aclRule::VALUE ? 0
- : (*i)->object);
- ocnt < acl::OBJECTSIZE;
- (*i)->objStatus != aclRule::VALUE ? ocnt++ : ocnt = acl::OBJECTSIZE) {
-
- //find the Object, create if not exist
- if (d->actionList[acnt][ocnt] == NULL)
- d->actionList[acnt][ocnt] =
- new AclData::actionObject;
-
- // add users and Rule to object set
- bool allNames = false;
- // check to see if names.begin is '*'
- if ((*(*i)->names.begin()).compare("*") == 0)
- allNames = true;
-
- for (nsCitr itr = (allNames ? names.begin()
- : (*i)->names.begin());
- itr != (allNames ? names.end() : (*i)->names.end());
- itr++) {
-
- AclData::actObjItr itrRule =
- d->actionList[acnt][ocnt]->find(*itr);
-
- if (itrRule == d->actionList[acnt][ocnt]->end()) {
- AclData::ruleSet rSet;
- rSet.push_back(rule);
- d->actionList[acnt][ocnt]->insert
- (make_pair(std::string(*itr), rSet));
- } else {
- // TODO add code to check for dead rules
- // allow peter create queue name=tmp <-- dead rule!!
- // allow peter create queue
-
- itrRule->second.push_back(rule);
- }
- }
-
- }
+ std::ostringstream actionstr;
+ for (int acnt = ((*i)->actionAll ? 0 : (*i)->action);
+ acnt < acl::ACTIONSIZE;
+ (*i)->actionAll ? acnt++ : acnt = acl::ACTIONSIZE) {
+
+ if (acnt == acl::ACT_PUBLISH)
+ d->transferAcl = true; // we have transfer ACL
+
+ actionstr << AclHelper::getActionStr((Action) acnt) << ",";
+
+ //find the Action, create if not exist
+ if (d->actionList[acnt] == NULL) {
+ d->actionList[acnt] =
+ new AclData::aclAction[qpid::acl::OBJECTSIZE];
+ for (int j = 0; j < qpid::acl::OBJECTSIZE; j++)
+ d->actionList[acnt][j] = NULL;
}
- std::ostringstream objstr;
- for (int ocnt = ((*i)->objStatus != aclRule::VALUE ? 0 : (*i)->object);
+ // TODO: optimize this loop to limit to valid options only!!
+ for (int ocnt = ((*i)->objStatus != aclRule::VALUE ? 0
+ : (*i)->object);
ocnt < acl::OBJECTSIZE;
- (*i)->objStatus != aclRule::VALUE ? ocnt++ : ocnt = acl::OBJECTSIZE) {
- objstr << AclHelper::getObjectTypeStr((ObjectType) ocnt) << ",";
+ (*i)->objStatus != aclRule::VALUE ? ocnt++ : ocnt = acl::OBJECTSIZE) {
+
+ //find the Object, create if not exist
+ if (d->actionList[acnt][ocnt] == NULL)
+ d->actionList[acnt][ocnt] =
+ new AclData::actionObject;
+
+ // add users and Rule to object set
+ bool allNames = false;
+ // check to see if names.begin is '*'
+ if ((*(*i)->names.begin()).compare("*") == 0)
+ allNames = true;
+
+ for (nsCitr itr = (allNames ? names.begin() : (*i)->names.begin());
+ itr != (allNames ? names.end() : (*i)->names.end());
+ itr++) {
+ AclData::actObjItr itrRule =
+ d->actionList[acnt][ocnt]->find(*itr);
+
+ if (itrRule == d->actionList[acnt][ocnt]->end()) {
+ AclData::ruleSet rSet;
+ rSet.push_back(rule);
+ d->actionList[acnt][ocnt]->insert
+ (make_pair(std::string(*itr), rSet));
+ } else {
+ // TODO add code to check for dead rules
+ // allow peter create queue name=tmp <-- dead rule!!
+ // allow peter create queue
+
+ itrRule->second.push_back(rule);
+ }
+ }
}
+ }
- bool allNames = ((*(*i)->names.begin()).compare("*") == 0);
- std::ostringstream userstr;
- for (nsCitr itr = (allNames ? names.begin() : (*i)->names.begin());
- itr != (allNames ? names.end() : (*i)->names.end());
- itr++) {
- userstr << *itr << ",";
- }
+ std::ostringstream objstr;
+ for (int ocnt = ((*i)->objStatus != aclRule::VALUE ? 0 : (*i)->object);
+ ocnt < acl::OBJECTSIZE;
+ (*i)->objStatus != aclRule::VALUE ? ocnt++ : ocnt = acl::OBJECTSIZE) {
+ objstr << AclHelper::getObjectTypeStr((ObjectType) ocnt) << ",";
+ }
- QPID_LOG(debug, "ACL: Adding actions {" <<
- actionstr.str().substr(0,actionstr.str().length()-1)
- << "} to objects {" <<
- objstr.str().substr(0,objstr.str().length()-1)
- << "} with props " <<
- AclHelper::propertyMapToString(&rule.props)
- << " for users {" <<
- userstr.str().substr(0,userstr.str().length()-1)
- << "}" );
- } else {
- QPID_LOG(debug, "ACL Skipping based on Mode:"
- << AclHelper::getAclResultStr(d->decisionMode));
+ bool allNames = ((*(*i)->names.begin()).compare("*") == 0);
+ std::ostringstream userstr;
+ for (nsCitr itr = (allNames ? names.begin() : (*i)->names.begin());
+ itr != (allNames ? names.end() : (*i)->names.end());
+ itr++) {
+ userstr << *itr << ",";
}
- }
+ QPID_LOG(debug, "ACL: Adding actions {" <<
+ actionstr.str().substr(0,actionstr.str().length()-1)
+ << "} to objects {" <<
+ objstr.str().substr(0,objstr.str().length()-1)
+ << "} with props " <<
+ AclHelper::propertyMapToString(&rule.props)
+ << " for users {" <<
+ userstr.str().substr(0,userstr.str().length()-1)
+ << "}" );
+ }
}
-
}
@@ -277,7 +239,7 @@ namespace acl {
}
ifs.close();
if (err) return -3;
- QPID_LOG(notice, "Read ACL file \"" << fn << "\"");
+ QPID_LOG(notice, "ACL: Read file \"" << fn << "\"");
} catch (const std::exception& e) {
errorStream << "Unable to read ACL file \"" << fn << "\": " << e.what();
ifs.close();
@@ -410,8 +372,8 @@ namespace acl {
// Debug aid
void AclReader::printNames() const {
- QPID_LOG(debug, "Group list: " << groups.size() << " groups found:" );
- std::string tmp;
+ QPID_LOG(debug, "ACL: Group list: " << groups.size() << " groups found:" );
+ std::string tmp("ACL: ");
for (gmCitr i=groups.begin(); i!= groups.end(); i++) {
tmp += " \"";
tmp += i->first;
@@ -421,10 +383,10 @@ namespace acl {
tmp += *j;
}
QPID_LOG(debug, tmp);
- tmp.clear();
+ tmp = "ACL: ";
}
- QPID_LOG(debug, "Name list: " << names.size() << " names found:" );
- tmp.clear();
+ QPID_LOG(debug, "ACL: name list: " << names.size() << " names found:" );
+ tmp = "ACL: ";
for (nsCitr k=names.begin(); k!=names.end(); k++) {
tmp += " ";
tmp += *k;
@@ -501,9 +463,9 @@ namespace acl {
<< propNvp.first << "\". (Must be name=value)";
return false;
}
- Property prop;
+ SpecProperty prop;
try {
- prop = AclHelper::getProperty(propNvp.first);
+ prop = AclHelper::getSpecProperty(propNvp.first);
} catch (...) {
errorStream << ACL_FORMAT_ERR_LOG_PREFIX << "Line : " << lineNumber
<< ", Unknown property \"" << propNvp.first << "\".";
@@ -532,10 +494,10 @@ namespace acl {
// Debug aid
void AclReader::printRules() const {
- QPID_LOG(debug, "Rule list: " << rules.size() << " ACL rules found:");
- int cnt = 0;
+ QPID_LOG(debug, "ACL: Rule list: " << rules.size() << " ACL rules found:");
+ int cnt = 1;
for (rlCitr i=rules.begin(); i<rules.end(); i++,cnt++) {
- QPID_LOG(debug, " " << std::setfill(' ') << std::setw(2) << cnt << " " << (*i)->toString());
+ QPID_LOG(debug, "ACL: " << std::setfill(' ') << std::setw(2) << cnt << " " << (*i)->toString());
}
}
View Lorry Controller Status