Repository: qpid-dispatch Updated Branches: refs/heads/crolke-DISPATCH-188-1 cd4b30222 -> 95e970220
Execute a policy lookup in python called from C. Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/95e97022 Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/95e97022 Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/95e97022 Branch: refs/heads/crolke-DISPATCH-188-1 Commit: 95e97022012f188d5280281d9328d7858657d0bd Parents: cd4b302 Author: Chuck Rolke <[email protected]> Authored: Mon Feb 8 11:42:59 2016 -0500 Committer: Chuck Rolke <[email protected]> Committed: Mon Feb 8 11:42:59 2016 -0500 ---------------------------------------------------------------------- python/qpid_dispatch_internal/dispatch.py | 1 + .../qpid_dispatch_internal/management/agent.py | 1 + .../policy/policy_manager.py | 18 ++++++++++- src/dispatch.c | 13 ++++++-- src/dispatch_private.h | 6 ++++ src/policy.c | 32 ++++++++++++++++++-- src/policy_private.h | 2 ++ 7 files changed, 66 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/95e97022/python/qpid_dispatch_internal/dispatch.py ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch_internal/dispatch.py b/python/qpid_dispatch_internal/dispatch.py index f294e0f..33cd746 100644 --- a/python/qpid_dispatch_internal/dispatch.py +++ b/python/qpid_dispatch_internal/dispatch.py @@ -65,6 +65,7 @@ class QdDll(ctypes.PyDLL): self._prototype(self.qd_dispatch_configure_waypoint, None, [self.qd_dispatch_p, py_object]) self._prototype(self.qd_dispatch_configure_lrp, None, [self.qd_dispatch_p, py_object]) self._prototype(self.qd_dispatch_configure_policy, None, [self.qd_dispatch_p, py_object]) + self._prototype(self.qd_dispatch_register_policy_manager, None, [self.qd_dispatch_p, py_object]) self._prototype(self.qd_dispatch_set_agent, None, [self.qd_dispatch_p, py_object]) self._prototype(self.qd_router_setup_late, None, [self.qd_dispatch_p]) http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/95e97022/python/qpid_dispatch_internal/management/agent.py ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch_internal/management/agent.py b/python/qpid_dispatch_internal/management/agent.py index b342098..4791e52 100644 --- a/python/qpid_dispatch_internal/management/agent.py +++ b/python/qpid_dispatch_internal/management/agent.py @@ -281,6 +281,7 @@ class PolicyEntity(EntityAdapter): def create(self): self._qd.qd_dispatch_configure_policy(self._dispatch, self) + self._qd.qd_dispatch_register_policy_manager(self._dispatch, self._policy) def _identifier(self): return self.attributes.get('module') http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/95e97022/python/qpid_dispatch_internal/policy/policy_manager.py ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch_internal/policy/policy_manager.py b/python/qpid_dispatch_internal/policy/policy_manager.py index afb3c50..5d19cd2 100644 --- a/python/qpid_dispatch_internal/policy/policy_manager.py +++ b/python/qpid_dispatch_internal/policy/policy_manager.py @@ -107,4 +107,20 @@ class PolicyManager(object): # Note: the upolicy output is a non-nested dict with settings of interest # TODO: figure out decent defaults for upolicy settings that are undefined """ - return self._policy_local.lookup_settings(appname, name, upolicy) \ No newline at end of file + return self._policy_local.lookup_settings(appname, name, upolicy) + +# +# +# +def policy_lookup_user(mgr, user, host, app, conn_name): + """ + Look up a user in the policy database + Called by C code + @param mgr: + @param user: + @param host: + @param app: + @param conn_name: + @return: + """ + return mgr.lookup_user(user, host, app, conn_name) http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/95e97022/src/dispatch.c ---------------------------------------------------------------------- diff --git a/src/dispatch.c b/src/dispatch.c index 765918a..b45008d 100644 --- a/src/dispatch.c +++ b/src/dispatch.c @@ -71,6 +71,7 @@ qd_dispatch_t *qd_dispatch(const char *python_pkgdir) qd_message_initialize(); if (qd_error_code()) { qd_dispatch_free(qd); return 0; } qd->log_source = qd_log_source("DISPATCH"); + qd->dl_handle = 0; return qd; } @@ -80,15 +81,15 @@ STATIC_ASSERT(sizeof(long) >= sizeof(void*), pointer_is_bigger_than_long); qd_error_t qd_dispatch_load_config(qd_dispatch_t *qd, const char *config_path) { - void *handle = dlopen(QPID_DISPATCH_LIB, RTLD_LAZY | RTLD_NOLOAD); - if (!handle) + qd->dl_handle = dlopen(QPID_DISPATCH_LIB, RTLD_LAZY | RTLD_NOLOAD); + if (!qd->dl_handle) return qd_error(QD_ERROR_RUNTIME, "Cannot locate library %s", QPID_DISPATCH_LIB); qd_python_lock_state_t lock_state = qd_python_lock(); PyObject *module = PyImport_ImportModule("qpid_dispatch_internal.management.config"); PyObject *configure_dispatch = module ? PyObject_GetAttrString(module, "configure_dispatch") : NULL; Py_XDECREF(module); - PyObject *result = configure_dispatch ? PyObject_CallFunction(configure_dispatch, "(lls)", (long)qd, handle, config_path) : NULL; + PyObject *result = configure_dispatch ? PyObject_CallFunction(configure_dispatch, "(lls)", (long)qd, qd->dl_handle, config_path) : NULL; Py_XDECREF(configure_dispatch); if (!result) qd_error_py(); Py_XDECREF(result); @@ -151,6 +152,12 @@ qd_error_t qd_dispatch_configure_policy(qd_dispatch_t *qd, qd_entity_t *entity) } +qd_error_t qd_dispatch_register_policy_manager(qd_dispatch_t *qd, qd_entity_t *entity) +{ + return qd_register_policy_manager(qd->policy, entity); +} + + qd_error_t qd_dispatch_prepare(qd_dispatch_t *qd) { qd->server = qd_server(qd, qd->thread_count, qd->container_name, qd->sasl_config_path, qd->sasl_config_name); http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/95e97022/src/dispatch_private.h ---------------------------------------------------------------------- diff --git a/src/dispatch_private.h b/src/dispatch_private.h index 45f293c..373805f 100644 --- a/src/dispatch_private.h +++ b/src/dispatch_private.h @@ -51,6 +51,7 @@ struct qd_dispatch_t { void *agent; qd_connection_manager_t *connection_manager; qd_policy_t *policy; + void *dl_handle; int thread_count; char *container_name; @@ -109,6 +110,11 @@ qd_error_t qd_dispatch_configure_lrp(qd_dispatch_t *qd, qd_entity_t *entity); qd_error_t qd_dispatch_configure_policy(qd_dispatch_t *qd, qd_entity_t *entity); /** + * Configure security policy manager, must be called after qd_dispatch_prepare + */ +qd_error_t qd_dispatch_register_policy_manager(qd_dispatch_t *qd, qd_entity_t *entity); + +/** * \brief Configure the logging module from the * parsed configuration file. This must be called after the * call to qd_dispatch_prepare completes. http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/95e97022/src/policy.c ---------------------------------------------------------------------- diff --git a/src/policy.c b/src/policy.c index 3661636..d3c37fb 100644 --- a/src/policy.c +++ b/src/policy.c @@ -17,6 +17,8 @@ * under the License. */ +#include <Python.h> +#include <qpid/dispatch/python_embedded.h> #include "policy_private.h" #include <stdio.h> #include <string.h> @@ -39,7 +41,6 @@ #include <qpid/dispatch/log.h> - // // TODO: when policy dev is more complete lower the log level // @@ -72,6 +73,7 @@ static char* CONNECTION_DISALLOWED = "connection disallowed by local pol struct qd_policy_t { qd_dispatch_t *qd; qd_log_source_t *log_source; + void *py_policy_manager; // configured settings int max_connection_limit; char *policyDb; @@ -128,6 +130,14 @@ error: // // +qd_error_t qd_register_policy_manager(qd_policy_t *policy, void *policy_manager) +{ + policy->py_policy_manager = policy_manager; + return QD_ERROR_NONE; +} + +// +// qd_error_t qd_entity_refresh_policy(qd_entity_t* entity, void *impl) { // Return global stats if (!qd_entity_set_long(entity, "connectionsProcessed", n_processed) && @@ -199,11 +209,27 @@ bool qd_policy_open_lookup_user( const char *app, const char *conn_name) { - // Log the name + // Log the names qd_log(policy->log_source, POLICY_LOG_LEVEL, - "Policy AMQP Open lookup user: %s, hostip: %s, app: %s, connection: %s", + "Policy AMQP Open lookup_user: %s, hostip: %s, app: %s, connection: %s", username, hostip, app, conn_name); + qd_python_lock_state_t lock_state = qd_python_lock(); + PyObject *module = PyImport_ImportModule("qpid_dispatch_internal.policy.policy_manager"); + PyObject *lookup_user = module ? PyObject_GetAttrString(module, "policy_lookup_user") : NULL; + Py_XDECREF(module); + PyObject *result = lookup_user ? PyObject_CallFunction(lookup_user, "(Ossss)", (PyObject *)policy->py_policy_manager, username, hostip, app, conn_name) : NULL; + Py_XDECREF(lookup_user); + if (!result) qd_error_py(); + const char *res_string = PyString_AsString(result); + + qd_log(policy->log_source, + POLICY_LOG_LEVEL, + "Policy AMQP Open lookup_user result: '%s'", res_string); + Py_XDECREF(result); + + qd_python_unlock(lock_state); + return true; } http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/95e97022/src/policy_private.h ---------------------------------------------------------------------- diff --git a/src/policy_private.h b/src/policy_private.h index f6a4937..82ac692 100644 --- a/src/policy_private.h +++ b/src/policy_private.h @@ -34,6 +34,8 @@ typedef struct qd_policy_t qd_policy_t; qd_error_t qd_entity_configure_policy(qd_policy_t *policy, qd_entity_t *entity); +qd_error_t qd_register_policy_manager(qd_policy_t *policy, void *policy_manager); + /** Allow or deny an incoming connection based on connection count(s). * A server listener has just accepted a socket. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
