svn commit: r1182451 - in /qpid/trunk/qpid/cpp/src: qpid/acl/AclPlugin.cpp qpid/cluster/Cluster.cpp qpid/cluster/Cluster.h tests/cluster_tests.py

Wed, 12 Oct 2011 08:54:33 -0700 

Author: aconway
Date: Wed Oct 12 15:54:07 2011
New Revision: 1182451

URL: http://svn.apache.org/viewvc?rev=1182451&view=rev
Log:
QPID-3544: ACL denials while replicating exclusive queues to a newly joined 
node.

Disabled ACL during cluster update process.

Modified:
    qpid/trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp
    qpid/trunk/qpid/cpp/src/qpid/cluster/Cluster.cpp
    qpid/trunk/qpid/cpp/src/qpid/cluster/Cluster.h
    qpid/trunk/qpid/cpp/src/tests/cluster_tests.py

Modified: qpid/trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp?rev=1182451&r1=1182450&r2=1182451&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp Wed Oct 12 15:54:07 2011
@@ -69,7 +69,7 @@ struct AclPlugin : public Plugin {
        }
 
         acl = new Acl(values, b);
-               b.setAcl(acl.get());
+        b.setAcl(acl.get());
         b.addFinalizer(boost::bind(&AclPlugin::shutdown, this));
     }
 

Modified: qpid/trunk/qpid/cpp/src/qpid/cluster/Cluster.cpp
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/cluster/Cluster.cpp?rev=1182451&r1=1182450&r2=1182451&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/cluster/Cluster.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/cluster/Cluster.cpp Wed Oct 12 15:54:07 2011
@@ -278,7 +278,8 @@ Cluster::Cluster(const ClusterSettings& 
     lastBroker(false),
     updateRetracted(false),
     updateClosed(false),
-    error(*this)
+    error(*this),
+    acl(0)
 {
     broker.setInCluster(true);
 
@@ -856,6 +857,8 @@ void Cluster::updateOffer(const MemberId
     else if (updatee == self && url) {
         assert(state == JOINER);
         state = UPDATEE;
+        acl = broker.getAcl();
+        broker.setAcl(0);       // Disable ACL during update
         QPID_LOG(notice, *this << " receiving update from " << updater);
         checkUpdateIn(l);
     }
@@ -956,6 +959,7 @@ void Cluster::checkUpdateIn(Lock& l) {
         // NB: don't updateMgmtMembership() here as we are not in the deliver
         // thread. It will be updated on delivery of the "ready" we just mcast.
         broker.setClusterUpdatee(false);
+        broker.setAcl(acl);     // Restore ACL
         discarding = false;     // OK to set, we're stalled for update.
         QPID_LOG(notice, *this << " update complete, starting catch-up.");
         QPID_LOG(debug, debugSnapshot()); // OK to call because we're stalled.

Modified: qpid/trunk/qpid/cpp/src/qpid/cluster/Cluster.h
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/cluster/Cluster.h?rev=1182451&r1=1182450&r2=1182451&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/cluster/Cluster.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/cluster/Cluster.h Wed Oct 12 15:54:07 2011
@@ -56,6 +56,7 @@ namespace qpid {
 
 namespace broker {
 class Message;
+class AclModule;
 }
 
 namespace framing {
@@ -312,6 +313,7 @@ class Cluster : private Cpg::Handler, pu
     sys::Timer clockTimer;
     sys::AbsTime clusterTime;
     sys::Duration clusterTimeOffset;
+    broker::AclModule* acl;
 
   friend std::ostream& operator<<(std::ostream&, const Cluster&);
   friend struct ClusterDispatcher;

Modified: qpid/trunk/qpid/cpp/src/tests/cluster_tests.py
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/tests/cluster_tests.py?rev=1182451&r1=1182450&r2=1182451&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/tests/cluster_tests.py (original)
+++ qpid/trunk/qpid/cpp/src/tests/cluster_tests.py Wed Oct 12 15:54:07 2011
@@ -115,19 +115,22 @@ class ShortTests(BrokerTest):
         acl=os.path.join(os.getcwd(), "policy.acl")
         aclf=file(acl,"w")
         aclf.write("""
-acl deny zag@QPID create queue
-acl allow all all
+acl allow zig@QPID all all
+acl deny all all
 """)
         aclf.close()
-        cluster = self.cluster(2, args=["--auth", "yes",
+        cluster = self.cluster(1, args=["--auth", "yes",
                                         "--sasl-config", sasl_config,
                                         "--load-module", os.getenv("ACL_LIB"),
                                         "--acl-file", acl])
 
         # Valid user/password, ensure queue is created.
         c = cluster[0].connect(username="zig", password="zig")
-        c.session().sender("ziggy;{create:always}")
+        
c.session().sender("ziggy;{create:always,node:{x-declare:{exclusive:true}}}")
         c.close()
+        cluster.start()                 # Start second node.
+
+        # Check queue is created on second node.
         c = cluster[1].connect(username="zig", password="zig")
         c.session().receiver("ziggy;{assert:always}")
         c.close()
@@ -156,7 +159,7 @@ acl allow all all
             self.fail("Expected exception")
         except messaging.exceptions.UnauthorizedAccess: pass
         # make sure the queue was not created at the other node.
-        c = cluster[0].connect(username="zag", password="zag")
+        c = cluster[1].connect(username="zig", password="zig")
         try:
             s = c.session()
             s.sender("zaggy;{assert:always}")



---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[email protected]

Reply via email to