Author: chug
Date: Fri Aug 10 17:19:51 2012
New Revision: 1371772
URL: http://svn.apache.org/viewvc?rev=1371772&view=rev
Log:
QPID-4142 C++ Broker connection counting gets usernames confused
when various auth mechanism are used. The issue is that the connection's
userId is changed as the auth progresses. Also, the shadowed connections
change differently from the non-shadowed connections.
Modified:
qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp
qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h
qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp
qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h
qpid/trunk/qpid/cpp/src/qpid/broker/AclModule.h
qpid/trunk/qpid/cpp/src/qpid/broker/Connection.cpp
Modified: qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp?rev=1371772&r1=1371771&r2=1371772&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/Acl.cpp Fri Aug 10 17:19:51 2012
@@ -129,6 +129,13 @@ bool Acl::approveConnection(const qpid::
return connectionCounter->approveConnection(conn);
}
+
+void Acl::setUserId(const qpid::broker::Connection& connection, const
std::string& username)
+{
+ connectionCounter->setUserId(connection, username);
+}
+
+
bool Acl::result(
const AclResult& aclreslt,
const std::string& id,
Modified: qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h?rev=1371772&r1=1371771&r2=1371772&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/Acl.h Fri Aug 10 17:19:51 2012
@@ -94,6 +94,8 @@ public:
virtual bool approveConnection(const broker::Connection& connection);
+ virtual void setUserId(const broker::Connection& connection, const
std::string& username);
+
virtual ~Acl();
private:
bool result(
Modified: qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp?rev=1371772&r1=1371771&r2=1371772&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp Fri Aug 10
17:19:51 2012
@@ -296,6 +296,47 @@ bool ConnectionCounter::approveConnectio
}
}
+
+//
+// setUserId
+// On cluster shadow connections, track a new user id for this connection.
+//
+void ConnectionCounter::setUserId(const broker::Connection& connection,
+ const std::string& username)
+{
+ Mutex::ScopedLock locker(dataLock);
+
+ connectCountsMap_t::iterator eRef =
connectProgressMap.find(connection.getMgmtId());
+ if (eRef != connectProgressMap.end()) {
+ if ((*eRef).second == C_OPENED){
+ // Connection has been opened so that current user has been counted
+ if (connection.isShadow()) {
+ // This is a shadow connection and therefore receives userId
changes
+ QPID_LOG(debug, "Changing User ID for cluster connection: "
+ << connection.getMgmtId() << ", old user:'" <<
connection.getUserId()
+ << "', new user:'" << username << "'");
+
+ // Decrement user in-use count for old userId
+ releaseLH(connectByNameMap,
+ connection.getUserId(),
+ nameLimit);
+ // Increment user in-use count for new userId
+ (void) countConnectionLH(connectByNameMap, username,
nameLimit, false);
+ } else {
+ QPID_LOG(warning, "Changing User ID for non-cluster
connections is not supported: "
+ << connection.getMgmtId() << ", old user " <<
connection.getUserId()
+ << ", new user " << username);
+ }
+ } else {
+ // connection exists but has not been opened.
+ // setUserId is called in normal course. The user gets counted
when connection is opened.
+ }
+ } else {
+ // Connection does not exist.
+ }
+}
+
+
//
// getClientIp - given a connection's mgmtId return the client host part.
//
Modified: qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h?rev=1371772&r1=1371771&r2=1371772&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h Fri Aug 10 17:19:51
2012
@@ -94,6 +94,7 @@ public:
// Connection counting
bool approveConnection(const broker::Connection& conn);
+ void setUserId(const broker::Connection& connection, const std::string&
username);
};
}} // namespace qpid::ha
Modified: qpid/trunk/qpid/cpp/src/qpid/broker/AclModule.h
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/broker/AclModule.h?rev=1371772&r1=1371771&r2=1371772&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/broker/AclModule.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/broker/AclModule.h Fri Aug 10 17:19:51 2012
@@ -145,6 +145,10 @@ namespace broker {
*/
virtual bool approveConnection (const Connection& connection)=0;
+ /** Change connection's counted userId
+ */
+ virtual void setUserId(const Connection& connection, const
std::string& username)=0;
+
virtual ~AclModule() {};
};
} // namespace broker
Modified: qpid/trunk/qpid/cpp/src/qpid/broker/Connection.cpp
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/broker/Connection.cpp?rev=1371772&r1=1371771&r2=1371772&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/broker/Connection.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/broker/Connection.cpp Fri Aug 10 17:19:51 2012
@@ -25,6 +25,7 @@
#include "qpid/broker/Bridge.h"
#include "qpid/broker/Broker.h"
#include "qpid/broker/Queue.h"
+#include "qpid/broker/AclModule.h"
#include "qpid/sys/SecuritySettings.h"
#include "qpid/sys/ClusterSafe.h"
@@ -278,6 +279,13 @@ void Connection::notifyConnectionForced(
void Connection::setUserId(const string& userId)
{
+ // Account for changing userId
+ AclModule* acl = broker.getAcl();
+ if (acl)
+ {
+ acl->setUserId(*this, userId);
+ }
+
ConnectionState::setUserId(userId);
// In a cluster, the cluster code will raise the connect event
// when the connection is replicated to the cluster.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
