From 4870a01b7976362d3836ba0d56291f01b7f2e6af Mon Sep 17 00:00:00 2001
From: Ted Ross <tross@apache.org>
Date: Tue, 9 Nov 2010 21:15:03 +0000
Subject: QPID-2934 Feature to pass the authenticated userId to QMF agent
 method handlers for authorization

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1033232 13f79535-47bb-0310-9956-ffa450edef68
---
 cpp/managementgen/qmfgen/schema.py         | 26 ++++++++++++++++++--------
 cpp/managementgen/qmfgen/templates/Class.h |  6 ++++--
 2 files changed, 22 insertions(+), 10 deletions(-)

(limited to 'cpp/managementgen')

diff --git a/cpp/managementgen/qmfgen/schema.py b/cpp/managementgen/qmfgen/schema.py
index f01d5ee9b2..fdbc7c7be8 100755
--- a/cpp/managementgen/qmfgen/schema.py
+++ b/cpp/managementgen/qmfgen/schema.py
@@ -1228,12 +1228,12 @@ class SchemaClass:
           inArgCount = inArgCount + 1
 
     if methodCount == 0:
-      stream.write ("string&, const string&, string& outStr")
+      stream.write ("string&, const string&, string& outStr, const string&")
     else:
       if inArgCount == 0:
-        stream.write ("string& methodName, const string&, string& outStr")
+        stream.write ("string& methodName, const string&, string& outStr, const string& userId")
       else:
-        stream.write ("string& methodName, const string& inStr, string& outStr")
+        stream.write ("string& methodName, const string& inStr, string& outStr, const string& userId")
 
 
   def genDoMapMethodArgs (self, stream, variables):
@@ -1248,16 +1248,16 @@ class SchemaClass:
     if methodCount == 0:
       stream.write ("string&," +
                     " const ::qpid::types::Variant::Map&," +
-                    " ::qpid::types::Variant::Map& outMap")
+                    " ::qpid::types::Variant::Map& outMap, const string&")
     else:
       if inArgCount == 0:
         stream.write ("string& methodName," +
                       " const ::qpid::types::Variant::Map&," +
-                      " ::qpid::types::Variant::Map& outMap")
+                      " ::qpid::types::Variant::Map& outMap, const string& userId")
       else:
         stream.write ("string& methodName," +
                       " const ::qpid::types::Variant::Map& inMap," +
-                      " ::qpid::types::Variant::Map& outMap")
+                      " ::qpid::types::Variant::Map& outMap, const string& userId")
 
   def genHiLoStatResets (self, stream, variables):
     for inst in self.statistics:
@@ -1367,8 +1367,13 @@ class SchemaClass:
                                                    arg.dir.lower () + "_" +\
                                                    arg.name, "inBuf") + ";\n")
 
-      stream.write ("        status = coreObject->ManagementMethod (METHOD_" +\
+      stream.write ("        bool allow = coreObject->AuthorizeMethod(METHOD_" +\
+                    method.getName().upper() + ", ioArgs, userId);\n")
+      stream.write ("        if (allow)\n")
+      stream.write ("            status = coreObject->ManagementMethod (METHOD_" +\
                     method.getName().upper() + ", ioArgs, text);\n")
+      stream.write ("        else\n")
+      stream.write ("            status = Manageable::STATUS_FORBIDDEN;\n")
       stream.write ("        outBuf.putLong        (status);\n")
       stream.write ("        outBuf.putMediumString(::qpid::management::Manageable::StatusText (status, text));\n")
       for arg in method.args:
@@ -1402,8 +1407,13 @@ class SchemaClass:
                                  arg.name,
                                  "inMap")
 
-      stream.write ("        status = coreObject->ManagementMethod (METHOD_" +\
+      stream.write ("        bool allow = coreObject->AuthorizeMethod(METHOD_" +\
+                    method.getName().upper() + ", ioArgs, userId);\n")
+      stream.write ("        if (allow)\n")
+      stream.write ("            status = coreObject->ManagementMethod (METHOD_" +\
                     method.getName().upper() + ", ioArgs, text);\n")
+      stream.write ("        else\n")
+      stream.write ("            status = Manageable::STATUS_FORBIDDEN;\n")
       stream.write ("        outMap[\"_status_code\"] = (uint32_t) status;\n")
       stream.write ("        outMap[\"_status_text\"] = ::qpid::management::Manageable::StatusText(status, text);\n")
       for arg in method.args:
diff --git a/cpp/managementgen/qmfgen/templates/Class.h b/cpp/managementgen/qmfgen/templates/Class.h
index cdb31c4c9e..4bcd423a26 100644
--- a/cpp/managementgen/qmfgen/templates/Class.h
+++ b/cpp/managementgen/qmfgen/templates/Class.h
@@ -79,7 +79,8 @@ class /*MGEN:Class.NameCap*/ : public ::qpid::management::ManagementObject
     void mapDecodeValues(const ::qpid::types::Variant::Map& map);
     void doMethod(std::string&           methodName,
                   const ::qpid::types::Variant::Map& inMap,
-                  ::qpid::types::Variant::Map& outMap);
+                  ::qpid::types::Variant::Map& outMap,
+                  const std::string& userId);
     std::string getKey() const;
 /*MGEN:IF(Root.GenQMFv1)*/
     uint32_t writePropertiesSize() const;
@@ -88,7 +89,8 @@ class /*MGEN:Class.NameCap*/ : public ::qpid::management::ManagementObject
     void writeStatistics(std::string& buf, bool skipHeaders = false);
     void doMethod(std::string& methodName,
                   const std::string& inBuf,
-                  std::string& outBuf);
+                  std::string& outBuf,
+                  const std::string& userId);
 /*MGEN:ENDIF*/
 
     writeSchemaCall_t getWriteSchemaCall() { return writeSchema; }
-- 
cgit v1.2.1