Repository: qpid-dispatch Updated Branches: refs/heads/master d84356fe3 -> 3774f5d73
DISPATCH-527 - Removed address Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/3774f5d7 Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/3774f5d7 Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/3774f5d7 Branch: refs/heads/master Commit: 3774f5d73c865f03ba5ff44a3465d49370aa48ed Parents: d84356f Author: Ganesh Murthy <gmur...@redhat.com> Authored: Fri Oct 14 15:43:33 2016 -0400 Committer: Ganesh Murthy <gmur...@redhat.com> Committed: Fri Oct 14 15:43:33 2016 -0400 ---------------------------------------------------------------------- .../display_name/display_name.py | 61 ++--------------- .../qpid_dispatch_internal/management/config.py | 2 +- src/server.c | 42 +++++------- src/server_private.h | 1 - tests/system_tests_user_id.py | 72 +------------------- tests/system_tests_user_id_proxy.py | 48 ------------- 6 files changed, 27 insertions(+), 199 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/3774f5d7/python/qpid_dispatch_internal/display_name/display_name.py ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch_internal/display_name/display_name.py b/python/qpid_dispatch_internal/display_name/display_name.py index ea38508..ba92e76 100644 --- a/python/qpid_dispatch_internal/display_name/display_name.py +++ b/python/qpid_dispatch_internal/display_name/display_name.py @@ -42,25 +42,22 @@ class SSLProfile(object): for key in d.keys(): self.cache[key] = d[key] + def __repr__(self): + return "SSLProfile(%s)" % ", ".join("%s=%s" % (k, self.cache[k]) for k in self.cache.keys()) + class DisplayNameService(object): - def __init__(self, address): + def __init__(self): super(DisplayNameService, self).__init__() # profile_dict will be a mapping from ssl_profile_name to the SSLProfile object self.profile_dict = {} self.io_adapter = None self.log_adapter = LogAdapter("DISPLAYNAME") - if address: - self._activate(address) def log(self, level, text): info = traceback.extract_stack(limit=2)[0] # Caller frame info self.log_adapter.log(level, text, info[0], info[1]) - def _activate(self, address): - self.log(LOG_INFO, "Activating DisplayNameService on %s" % address) - self.io_adapter = [IoAdapter(self.receive, address)] - def add(self, profile_name, profile_file_location): ssl_profile = SSLProfile(profile_name, profile_file_location) self.profile_dict[profile_name] = ssl_profile @@ -89,54 +86,8 @@ class DisplayNameService(object): if ssl_profile: profile_cache = self.profile_dict.get(profile_name).cache user_name = profile_cache.get(user_id) - body = {'user_name': user_name if user_name else user_id} - else: - body = {'user_name': user_id} - return body - - def receive(self, message, unused_link_id, unused_cost): - """ - This is the IOAdapter's callback function. Will be invoked when the IOAdapter receives a request. - Will only accept QUERY requests. - Matches the passed in profilename and userid to user name. If a matching user name is not found, returns the - passed in userid as the user name. - :param message: - :param unused_link_id: - :param unused_cost - """ - body = {} - - try: - opcode = message.body.get('opcode') - profile_name = message.body.get('profilename') - user_id = message.body.get('userid') - if opcode == 'QUERY' and profile_name and user_id: - body = self.query(profile_name, user_id) - except Exception: - self.log(LOG_ERROR, "Exception in raw message processing: body=%r\n%s" % - (message.body, format_exc(LOG_STACK_LIMIT))) - - # Make sure the incoming message has a reply_to, otherwise don't bother responding. - # This check will make sure that the core thread does not crash. - if message.reply_to: - response = Message(address=message.reply_to, - body=body, - properties={}, - correlation_id=message.correlation_id) + return user_name if user_name else user_id else: - # If there is no reply_to, we simple won't respond. - return - - self.io_adapter[0].send(response) + return user_id -def display_name_local_query(displaynameservice, profile_name, user_id): - """ - Local query interface for reading cached name translations from C code - @param displaynameservice: DisplayNameService python instance - @param profile_name: connection's sslProfile name - @param user_id: Name formatted from SSL cert fields - @return: Name to be used as connection's authenticated user - """ - body = displaynameservice.query(profile_name, user_id) - return body['user_name'] http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/3774f5d7/python/qpid_dispatch_internal/management/config.py ---------------------------------------------------------------------- diff --git a/python/qpid_dispatch_internal/management/config.py b/python/qpid_dispatch_internal/management/config.py index 9df1dad..5cb8445 100644 --- a/python/qpid_dispatch_internal/management/config.py +++ b/python/qpid_dispatch_internal/management/config.py @@ -154,7 +154,7 @@ def configure_dispatch(dispatch, lib_handle, filename): agent.activate("$_management_internal") from qpid_dispatch_internal.display_name.display_name import DisplayNameService - displayname_service = DisplayNameService("$displayname") + displayname_service = DisplayNameService() qd.qd_dispatch_register_display_name_service(dispatch, displayname_service) policyDir = config.by_type('policy')[0]['policyDir'] policyDefaultVhost = config.by_type('policy')[0]['defaultVhost'] http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/3774f5d7/src/server.c ---------------------------------------------------------------------- diff --git a/src/server.c b/src/server.c index a55b0c2..86ebc88 100644 --- a/src/server.c +++ b/src/server.c @@ -141,9 +141,14 @@ static qd_error_t connection_entity_update_host(qd_entity_t* entity, qd_connecti */ qd_error_t qd_register_display_name_service(qd_dispatch_t *qd, void *displaynameservice) { - qd->server->py_displayname_obj = displaynameservice; - qd->server->py_displayname_module = PyImport_ImportModule("qpid_dispatch_internal.display_name.display_name"); - return qd->server->py_displayname_module ? QD_ERROR_NONE : qd_error(QD_ERROR_RUNTIME, "Fail importing DisplayNameService module"); + if (displaynameservice) { + qd->server->py_displayname_obj = displaynameservice; + Py_XINCREF((PyObject *)qd->server->py_displayname_obj); + return QD_ERROR_NONE; + } + else { + return qd_error(QD_ERROR_VALUE, "displaynameservice is not set"); + } } @@ -157,7 +162,6 @@ static const char *qd_transport_get_user(qd_connection_t *conn, pn_transport_t * conn->connector ? conn->connector->config : conn->listener->config; if (config->ssl_uid_format) { - // The ssl_uid_format length cannot be greater that 7 assert(strlen(config->ssl_uid_format) < 8); @@ -327,27 +331,17 @@ static const char *qd_transport_get_user(qd_connection_t *conn, pn_transport_t * if (config->ssl_display_name_file) { // Translate extracted id into display name qd_python_lock_state_t lock_state = qd_python_lock(); - PyObject *module = (PyObject*)conn->server->py_displayname_module; - PyObject *query = PyObject_GetAttrString(module, "display_name_local_query"); - if (query) { - PyObject *result = PyObject_CallFunction(query, "(Oss)", - (PyObject *)conn->server->py_displayname_obj, - config->ssl_profile, user_id); - if (result) { - const char *res_string = PyString_AsString(result); - free(user_id); - user_id = malloc(strlen(res_string) + 1); - user_id[0] = '\0'; - strcat(user_id, res_string); - Py_XDECREF(result); - } else { - qd_log(conn->server->log_source, QD_LOG_DEBUG, "Internal: failed to read displaynameservice query result"); - } - Py_XDECREF(query); + PyObject *result = PyObject_CallMethod((PyObject *)conn->server->py_displayname_obj, "query", "(ss)", config->ssl_profile, user_id ); + if (result) { + const char *res_string = PyString_AsString(result); + free(user_id); + user_id = malloc(strlen(res_string) + 1); + user_id[0] = '\0'; + strcat(user_id, res_string); + Py_XDECREF(result); } else { - qd_log(conn->server->log_source, QD_LOG_DEBUG, "Internal: failed to locate query function"); + qd_log(conn->server->log_source, QD_LOG_DEBUG, "Internal: failed to read displaynameservice query result"); } - Py_XDECREF(module); qd_python_unlock(lock_state); } qd_log(conn->server->log_source, QD_LOG_DEBUG, "User id is '%s' ", user_id); @@ -1393,7 +1387,6 @@ qd_server_t *qd_server(qd_dispatch_t *qd, int thread_count, const char *containe qd_server->signal_handler_running = false; qd_server->heartbeat_timer = 0; qd_server->next_connection_id = 1; - qd_server->py_displayname_module = 0; qd_server->py_displayname_obj = 0; qd_log(qd_server->log_source, QD_LOG_INFO, "Container Name: %s", qd_server->container_name); @@ -1412,6 +1405,7 @@ void qd_server_free(qd_server_t *qd_server) sys_mutex_free(qd_server->lock); sys_cond_free(qd_server->cond); free(qd_server->threads); + Py_XDECREF((PyObject *)qd_server->py_displayname_obj); free(qd_server); } http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/3774f5d7/src/server_private.h ---------------------------------------------------------------------- diff --git a/src/server_private.h b/src/server_private.h index caa3471..642f89d 100644 --- a/src/server_private.h +++ b/src/server_private.h @@ -180,7 +180,6 @@ struct qd_server_t { qd_connection_list_t connections; qd_timer_t *heartbeat_timer; uint64_t next_connection_id; - void *py_displayname_module; void *py_displayname_obj; }; http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/3774f5d7/tests/system_tests_user_id.py ---------------------------------------------------------------------- diff --git a/tests/system_tests_user_id.py b/tests/system_tests_user_id.py index 7f40b4d..a62e148 100644 --- a/tests/system_tests_user_id.py +++ b/tests/system_tests_user_id.py @@ -111,8 +111,8 @@ class QdSSLUseridTest(TestCase): 'keyFile': cls.ssl_file('server-private-key.pem'), 'password': 'server-password'}), - # one component of uidFormat is invalid (x), the unrecognized component will be ignored, - # this will be treated like 'uidFormat': '1' + # one component of uidFormat is invalid (x), this will result in an error in the fingerprint calculation. + # The user_id will fall back to proton's pn_transport_get_user ('sslProfile', {'name': 'server-ssl10', 'certDb': cls.ssl_file('ca-certificate.pem'), 'certFile': cls.ssl_file('server-certificate.pem'), @@ -309,74 +309,6 @@ class QdSSLUseridTest(TestCase): user_id = node.query(type='org.apache.qpid.dispatch.connection', attribute_names=['user']).results[13][0] self.assertEqual("user13", user_id) - M1 = self.messenger() - M1.route("amqp:/*", self.address(14)+"/$1") - - subscription = M1.subscribe("amqp:/#") - - reply_to = subscription.address - addr = 'amqp:/_local/$displayname' - - tm = Message() - rm = Message() - tm.address = addr - tm.reply_to = reply_to - tm.body = {'profilename': 'server-ssl10', 'opcode': 'QUERY', 'userid': '94745961c5646ee0129536b3acef1eea0d8d2f26f8c353455233027bcd47'} - M1.put(tm) - - M1.send() - M1.recv(1) - M1.get(rm) - self.assertEqual('elaine', rm.body['user_name']) - - tm = Message() - rm = Message() - tm.address = addr - tm.reply_to = reply_to - tm.body = {'profilename': 'server-ssl-unknown', 'opcode': 'QUERY', 'userid': '94745961c5646ee0129536b3acef1eea0d8d2f26f8c3ed08ece4f8f3027bcd48'} - M1.put(tm) - M1.send() - M1.recv(1) - M1.get(rm) - self.assertEqual('94745961c5646ee0129536b3acef1eea0d8d2f26f8c3ed08ece4f8f3027bcd48', rm.body['user_name']) - - # The profile name, userid pair have a matching user name - tm = Message() - rm = Message() - tm.address = addr - tm.reply_to = reply_to - tm.body = {'profilename': 'server-ssl12', 'opcode': 'QUERY', 'userid': '94745961c5646ee0129536b3acef1eea0d8d2f26f8c3ed08ece4f8f3027bcd48'} - M1.put(tm) - M1.send() - M1.recv(1) - M1.get(rm) - self.assertEqual('johndoe', rm.body['user_name']) - - tm = Message() - rm = Message() - tm.address = addr - tm.reply_to = reply_to - tm.body = {'profilename': 'server-ssl10', 'opcode': 'QUERY', 'userid': '12345'} - M1.put(tm) - M1.send() - M1.recv(1) - M1.get(rm) - self.assertEqual('12345', rm.body['user_name']) - - tm = Message() - rm = Message() - tm.address = addr - tm.reply_to = reply_to - tm.user_id = "bad-user-id" # policy is disabled; user proxy is allowed - tm.body = {'profilename': 'server-ssl10', 'opcode': 'QUERY', 'userid': '12345'} - M1.put(tm) - M1.send() - M1.recv(1) - M1.get(rm) - self.assertEqual('12345', rm.body['user_name']) - - M1.stop() - node.close() if __name__ == '__main__': http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/3774f5d7/tests/system_tests_user_id_proxy.py ---------------------------------------------------------------------- diff --git a/tests/system_tests_user_id_proxy.py b/tests/system_tests_user_id_proxy.py index 3f0e0ed..409aaf1 100644 --- a/tests/system_tests_user_id_proxy.py +++ b/tests/system_tests_user_id_proxy.py @@ -263,54 +263,6 @@ class QdSSLUseridProxy(QdSSLUseridTest): self.assertTrue (result == Delivery.REJECTED, "Router accepted a message with user_id that did not match connection user_id") - def test_message_user_id_proxy_blank_name_allowed(self): - # Send a message with a blank user_id that should be allowed - M1 = self.messenger() - M1.route("amqp:/*", self.address(14) + "/$1") - - subscription = M1.subscribe("amqp:/#") - - reply_to = subscription.address - addr = 'amqp:/_local/$displayname' - - tm = Message() - rm = Message() - tm.address = addr - tm.reply_to = reply_to - tm.body = {'profilename': 'server-ssl10', 'opcode': 'QUERY', - 'userid': '94745961c5646ee0129536b3acef1eea0d8d2f26f8c353455233027bcd47'} - M1.put(tm) - - M1.send() - M1.recv(1) - M1.get(rm) - self.assertEqual('elaine', rm.body['user_name']) - - def test_message_user_id_proxy_correct_name_allowed(self): - # Send a message with a good user_id that should be allowed - M2 = self.messenger() - M2.route("amqp:/*", self.address(14) + "/$1") - - subscription = M2.subscribe("amqp:/#") - - reply_to = subscription.address - addr = 'amqp:/_local/$displayname' - - tm = Message() - rm = Message() - tm.address = addr - tm.reply_to = reply_to - tm.user_id = "anonymous" - tm.body = {'profilename': 'server-ssl10', 'opcode': 'QUERY', - 'userid': '94745961c5646ee0129536b3acef1eea0d8d2f26f8c353455233027bcd47'} - M2.put(tm) - - M2.send() - M2.recv(1) - M2.get(rm) - self.assertEqual('elaine', rm.body['user_name']) - - def test_message_user_id_proxy_zzz_credit_handled(self): # Test for DISPATCH-519. Make sure the REJECTED messages result # in the client receiving credit. --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org