Repository: qpid-dispatch Updated Branches: refs/heads/master 9dede38ce -> 52979637c
DISPATCH-303 - Block all remote access to the "console" entity. Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/52979637 Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/52979637 Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/52979637 Branch: refs/heads/master Commit: 52979637c8f9a4c6b07d704364bdba629b5a83f9 Parents: 9dede38 Author: Ted Ross <[email protected]> Authored: Mon May 2 17:53:53 2016 -0400 Committer: Ted Ross <[email protected]> Committed: Mon May 2 17:53:53 2016 -0400 ---------------------------------------------------------------------- include/qpid/dispatch/amqp.h | 1 + include/qpid/dispatch/router_core.h | 3 ++- src/amqp.c | 1 + src/router_core/agent.c | 17 +++++++++++++++++ src/router_core/management_agent.c | 5 ++++- 5 files changed, 25 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/52979637/include/qpid/dispatch/amqp.h ---------------------------------------------------------------------- diff --git a/include/qpid/dispatch/amqp.h b/include/qpid/dispatch/amqp.h index 99daf50..774a431 100644 --- a/include/qpid/dispatch/amqp.h +++ b/include/qpid/dispatch/amqp.h @@ -129,6 +129,7 @@ typedef struct qd_amqp_error_t { int status; const char* description; } qd_amqp_ extern const qd_amqp_error_t QD_AMQP_OK; extern const qd_amqp_error_t QD_AMQP_CREATED; extern const qd_amqp_error_t QD_AMQP_NO_CONTENT; +extern const qd_amqp_error_t QD_AMQP_FORBIDDEN; extern const qd_amqp_error_t QD_AMQP_BAD_REQUEST; extern const qd_amqp_error_t QD_AMQP_NOT_FOUND; extern const qd_amqp_error_t QD_AMQP_NOT_IMPLEMENTED; http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/52979637/include/qpid/dispatch/router_core.h ---------------------------------------------------------------------- diff --git a/include/qpid/dispatch/router_core.h b/include/qpid/dispatch/router_core.h index 6784b67..4d9b7c6 100644 --- a/include/qpid/dispatch/router_core.h +++ b/include/qpid/dispatch/router_core.h @@ -570,7 +570,8 @@ typedef enum { QD_ROUTER_LINK, QD_ROUTER_ADDRESS, QD_ROUTER_EXCHANGE, - QD_ROUTER_BINDING + QD_ROUTER_BINDING, + QD_ROUTER_FORBIDDEN } qd_router_entity_type_t; typedef struct qdr_query_t qdr_query_t; http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/52979637/src/amqp.c ---------------------------------------------------------------------- diff --git a/src/amqp.c b/src/amqp.c index d3b02f2..4602fe3 100644 --- a/src/amqp.c +++ b/src/amqp.c @@ -40,5 +40,6 @@ const qd_amqp_error_t QD_AMQP_OK = { 200, "OK" }; const qd_amqp_error_t QD_AMQP_CREATED = { 201, "Created" }; const qd_amqp_error_t QD_AMQP_NO_CONTENT = { 204, "No Content" }; // This is the response code if the delete of a manageable entity was successful. const qd_amqp_error_t QD_AMQP_BAD_REQUEST = { 400, "Bad Request" }; +const qd_amqp_error_t QD_AMQP_FORBIDDEN = { 403, "Forbidden" }; const qd_amqp_error_t QD_AMQP_NOT_FOUND = { 404, "Not Found" }; const qd_amqp_error_t QD_AMQP_NOT_IMPLEMENTED = { 501, "Not Implemented"}; http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/52979637/src/router_core/agent.c ---------------------------------------------------------------------- diff --git a/src/router_core/agent.c b/src/router_core/agent.c index 0573243..401d4ae 100644 --- a/src/router_core/agent.c +++ b/src/router_core/agent.c @@ -188,6 +188,7 @@ qdr_query_t *qdr_manage_query(qdr_core_t *core, case QD_ROUTER_CONNECTION: break; case QD_ROUTER_LINK: qdr_agent_set_columns(query, attribute_names, qdr_link_columns, QDR_LINK_COLUMN_COUNT); break; case QD_ROUTER_ADDRESS: qdr_agent_set_columns(query, attribute_names, qdr_address_columns, QDR_ADDRESS_COLUMN_COUNT); break; + case QD_ROUTER_FORBIDDEN: break; case QD_ROUTER_EXCHANGE: break; case QD_ROUTER_BINDING: break; } @@ -205,6 +206,7 @@ void qdr_query_add_attribute_names(qdr_query_t *query) case QD_ROUTER_CONNECTION: break; case QD_ROUTER_LINK: qdr_agent_emit_columns(query, qdr_link_columns, QDR_LINK_COLUMN_COUNT); break; case QD_ROUTER_ADDRESS: qdr_agent_emit_columns(query, qdr_address_columns, QDR_ADDRESS_COLUMN_COUNT); break; + case QD_ROUTER_FORBIDDEN: qd_compose_empty_list(query->body); break; case QD_ROUTER_EXCHANGE: break; case QD_ROUTER_BINDING: break; } @@ -317,6 +319,15 @@ void qdr_agent_setup_CT(qdr_core_t *core) } +static void qdr_agent_forbidden(qdr_core_t *core, qdr_query_t *query, bool op_query) +{ + query->status = QD_AMQP_FORBIDDEN; + if (query->body && !op_query) + qd_compose_insert_null(query->body); + qdr_agent_enqueue_response_CT(core, query); +} + + static void qdr_manage_read_CT(qdr_core_t *core, qdr_action_t *action, bool discard) { qd_field_iterator_t *identity = action->args.agent.identity; @@ -330,6 +341,7 @@ static void qdr_manage_read_CT(qdr_core_t *core, qdr_action_t *action, bool disc case QD_ROUTER_CONNECTION: break; case QD_ROUTER_LINK: break; case QD_ROUTER_ADDRESS: qdra_address_get_CT(core, name, identity, query, qdr_address_columns); break; + case QD_ROUTER_FORBIDDEN: qdr_agent_forbidden(core, query, false); break; case QD_ROUTER_EXCHANGE: break; case QD_ROUTER_BINDING: break; } @@ -349,6 +361,7 @@ static void qdr_manage_create_CT(qdr_core_t *core, qdr_action_t *action, bool di case QD_ROUTER_CONNECTION: break; case QD_ROUTER_LINK: break; case QD_ROUTER_ADDRESS: break; + case QD_ROUTER_FORBIDDEN: qdr_agent_forbidden(core, query, false); break; case QD_ROUTER_EXCHANGE: break; case QD_ROUTER_BINDING: break; @@ -371,6 +384,7 @@ static void qdr_manage_delete_CT(qdr_core_t *core, qdr_action_t *action, bool di case QD_ROUTER_CONNECTION: break; case QD_ROUTER_LINK: break; case QD_ROUTER_ADDRESS: break; + case QD_ROUTER_FORBIDDEN: qdr_agent_forbidden(core, query, false); break; case QD_ROUTER_EXCHANGE: break; case QD_ROUTER_BINDING: break; } @@ -390,6 +404,7 @@ static void qdr_manage_update_CT(qdr_core_t *core, qdr_action_t *action, bool di case QD_ROUTER_CONNECTION: break; case QD_ROUTER_LINK: qdra_link_update_CT(core, name, identity, query, in_body); break; case QD_ROUTER_ADDRESS: break; + case QD_ROUTER_FORBIDDEN: qdr_agent_forbidden(core, query, false); break; case QD_ROUTER_EXCHANGE: break; case QD_ROUTER_BINDING: break; } @@ -413,6 +428,7 @@ static void qdrh_query_get_first_CT(qdr_core_t *core, qdr_action_t *action, bool case QD_ROUTER_CONNECTION: break; case QD_ROUTER_LINK: qdra_link_get_first_CT(core, query, offset); break; case QD_ROUTER_ADDRESS: qdra_address_get_first_CT(core, query, offset); break; + case QD_ROUTER_FORBIDDEN: qdr_agent_forbidden(core, query, true); break; case QD_ROUTER_EXCHANGE: break; case QD_ROUTER_BINDING: break; } @@ -432,6 +448,7 @@ static void qdrh_query_get_next_CT(qdr_core_t *core, qdr_action_t *action, bool case QD_ROUTER_CONNECTION: break; case QD_ROUTER_LINK: qdra_link_get_next_CT(core, query); break; case QD_ROUTER_ADDRESS: qdra_address_get_next_CT(core, query); break; + case QD_ROUTER_FORBIDDEN: break; case QD_ROUTER_EXCHANGE: break; case QD_ROUTER_BINDING: break; } http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/52979637/src/router_core/management_agent.c ---------------------------------------------------------------------- diff --git a/src/router_core/management_agent.c b/src/router_core/management_agent.c index 0eef56a..419ab91 100644 --- a/src/router_core/management_agent.c +++ b/src/router_core/management_agent.c @@ -45,6 +45,7 @@ const unsigned char *link_route_entity_type = (unsigned char*) "org.apache.q const unsigned char *auto_link_entity_type = (unsigned char*) "org.apache.qpid.dispatch.router.config.autoLink"; const unsigned char *address_entity_type = (unsigned char*) "org.apache.qpid.dispatch.router.address"; const unsigned char *link_entity_type = (unsigned char*) "org.apache.qpid.dispatch.router.link"; +const unsigned char *console_entity_type = (unsigned char*) "org.apache.qpid.dispatch.console"; const char * const status_description = "statusDescription"; const char * const correlation_id = "correlation-id"; @@ -241,7 +242,7 @@ static void qd_core_agent_query_handler(qdr_core_t *core, ctx->query = qdr_manage_query(core, ctx, entity_type, attribute_names_parsed_field, field); //Add the attribute names - qdr_query_add_attribute_names(ctx->query); //this adds adds a list of attribute names like ["attribute1", "attribute2", "attribute3", "attribute4",] + qdr_query_add_attribute_names(ctx->query); //this adds a list of attribute names like ["attribute1", "attribute2", "attribute3", "attribute4",] qd_compose_insert_string(field, results); //add a "results" key qd_compose_start_list(field); //start the list for results @@ -397,6 +398,8 @@ static bool qd_can_handle_request(qd_parsed_field_t *properties_fld, *entity_type = QD_ROUTER_CONFIG_LINK_ROUTE; else if (qd_field_iterator_equal(qd_parse_raw(parsed_field), auto_link_entity_type)) *entity_type = QD_ROUTER_CONFIG_AUTO_LINK; + else if (qd_field_iterator_equal(qd_parse_raw(parsed_field), console_entity_type)) + *entity_type = QD_ROUTER_FORBIDDEN; else return false; --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
