Repository: qpid-dispatch
Updated Branches:
  refs/heads/master 3774f5d73 -> 27b2c91ea (forced update)


DISPATCH-527 - Removed address "displayname". This address cannot be
publicly accessed anymore


Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/27b2c91e
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/27b2c91e
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/27b2c91e

Branch: refs/heads/master
Commit: 27b2c91ea110a2828db49c5790ad0b275473d99f
Parents: d84356f
Author: Ganesh Murthy <gmur...@redhat.com>
Authored: Fri Oct 14 15:43:33 2016 -0400
Committer: Ganesh Murthy <gmur...@redhat.com>
Committed: Fri Oct 14 16:04:21 2016 -0400

----------------------------------------------------------------------
 .../display_name/display_name.py                | 61 ++---------------
 .../qpid_dispatch_internal/management/config.py |  2 +-
 src/server.c                                    | 42 +++++-------
 src/server_private.h                            |  1 -
 tests/system_tests_user_id.py                   | 72 +-------------------
 tests/system_tests_user_id_proxy.py             | 48 -------------
 6 files changed, 27 insertions(+), 199 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/27b2c91e/python/qpid_dispatch_internal/display_name/display_name.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/display_name/display_name.py 
b/python/qpid_dispatch_internal/display_name/display_name.py
index ea38508..ba92e76 100644
--- a/python/qpid_dispatch_internal/display_name/display_name.py
+++ b/python/qpid_dispatch_internal/display_name/display_name.py
@@ -42,25 +42,22 @@ class SSLProfile(object):
             for key in d.keys():
                 self.cache[key] = d[key]
 
+    def __repr__(self):
+        return "SSLProfile(%s)" % ", ".join("%s=%s" % (k, self.cache[k]) for k 
in self.cache.keys())
+
 class DisplayNameService(object):
 
-    def __init__(self, address):
+    def __init__(self):
         super(DisplayNameService, self).__init__()
         # profile_dict will be a mapping from ssl_profile_name to the 
SSLProfile object
         self.profile_dict = {}
         self.io_adapter = None
         self.log_adapter = LogAdapter("DISPLAYNAME")
-        if address:
-            self._activate(address)
 
     def log(self, level, text):
         info = traceback.extract_stack(limit=2)[0] # Caller frame info
         self.log_adapter.log(level, text, info[0], info[1])
 
-    def _activate(self, address):
-        self.log(LOG_INFO, "Activating DisplayNameService on %s" % address)
-        self.io_adapter = [IoAdapter(self.receive, address)]
-
     def add(self, profile_name, profile_file_location):
         ssl_profile = SSLProfile(profile_name, profile_file_location)
         self.profile_dict[profile_name] = ssl_profile
@@ -89,54 +86,8 @@ class DisplayNameService(object):
         if ssl_profile:
             profile_cache = self.profile_dict.get(profile_name).cache
             user_name = profile_cache.get(user_id)
-            body = {'user_name': user_name if user_name else user_id}
-        else:
-            body = {'user_name': user_id}
-        return body
-
-    def receive(self, message, unused_link_id, unused_cost):
-        """
-        This is the IOAdapter's callback function. Will be invoked when the 
IOAdapter receives a request.
-        Will only accept QUERY requests.
-        Matches the passed in profilename and userid to user name. If a 
matching user name is not found, returns the
-        passed in userid as the user name.
-        :param message:
-        :param unused_link_id:
-        :param unused_cost
-        """
-        body = {}
-
-        try:
-            opcode = message.body.get('opcode')
-            profile_name = message.body.get('profilename')
-            user_id = message.body.get('userid')
-            if opcode == 'QUERY' and profile_name and user_id:
-                body = self.query(profile_name, user_id)
-        except Exception:
-            self.log(LOG_ERROR, "Exception in raw message processing: 
body=%r\n%s" %
-                     (message.body, format_exc(LOG_STACK_LIMIT)))
-
-        # Make sure the incoming message has a reply_to, otherwise don't 
bother responding.
-        # This check will make sure that the core thread does not crash.
-        if message.reply_to:
-            response = Message(address=message.reply_to,
-                               body=body,
-                               properties={},
-                               correlation_id=message.correlation_id)
+            return user_name if user_name else user_id
         else:
-            # If there is no reply_to, we simple won't respond.
-            return
-
-        self.io_adapter[0].send(response)
+            return user_id
 
 
-def display_name_local_query(displaynameservice, profile_name, user_id):
-    """
-    Local query interface for reading cached name translations from C code
-    @param displaynameservice: DisplayNameService python instance
-    @param profile_name: connection's sslProfile name
-    @param user_id: Name formatted from SSL cert fields
-    @return: Name to be used as connection's authenticated user
-    """
-    body = displaynameservice.query(profile_name, user_id)
-    return body['user_name']

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/27b2c91e/python/qpid_dispatch_internal/management/config.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/management/config.py 
b/python/qpid_dispatch_internal/management/config.py
index 9df1dad..5cb8445 100644
--- a/python/qpid_dispatch_internal/management/config.py
+++ b/python/qpid_dispatch_internal/management/config.py
@@ -154,7 +154,7 @@ def configure_dispatch(dispatch, lib_handle, filename):
     agent.activate("$_management_internal")
 
     from qpid_dispatch_internal.display_name.display_name import 
DisplayNameService
-    displayname_service = DisplayNameService("$displayname")
+    displayname_service = DisplayNameService()
     qd.qd_dispatch_register_display_name_service(dispatch, displayname_service)
     policyDir = config.by_type('policy')[0]['policyDir']
     policyDefaultVhost = config.by_type('policy')[0]['defaultVhost']

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/27b2c91e/src/server.c
----------------------------------------------------------------------
diff --git a/src/server.c b/src/server.c
index a55b0c2..86ebc88 100644
--- a/src/server.c
+++ b/src/server.c
@@ -141,9 +141,14 @@ static qd_error_t 
connection_entity_update_host(qd_entity_t* entity, qd_connecti
  */
 qd_error_t qd_register_display_name_service(qd_dispatch_t *qd, void 
*displaynameservice)
 {
-    qd->server->py_displayname_obj    = displaynameservice;
-    qd->server->py_displayname_module = 
PyImport_ImportModule("qpid_dispatch_internal.display_name.display_name");
-    return qd->server->py_displayname_module ? QD_ERROR_NONE : 
qd_error(QD_ERROR_RUNTIME, "Fail importing DisplayNameService module");
+    if (displaynameservice) {
+        qd->server->py_displayname_obj = displaynameservice;
+        Py_XINCREF((PyObject *)qd->server->py_displayname_obj);
+        return QD_ERROR_NONE;
+    }
+    else {
+        return qd_error(QD_ERROR_VALUE, "displaynameservice is not set");
+    }
 }
 
 
@@ -157,7 +162,6 @@ static const char *qd_transport_get_user(qd_connection_t 
*conn, pn_transport_t *
             conn->connector ? conn->connector->config : conn->listener->config;
 
     if (config->ssl_uid_format) {
-
         // The ssl_uid_format length cannot be greater that 7
         assert(strlen(config->ssl_uid_format) < 8);
 
@@ -327,27 +331,17 @@ static const char *qd_transport_get_user(qd_connection_t 
*conn, pn_transport_t *
             if (config->ssl_display_name_file) {
                 // Translate extracted id into display name
                 qd_python_lock_state_t lock_state = qd_python_lock();
-                PyObject *module = 
(PyObject*)conn->server->py_displayname_module;
-                PyObject *query = PyObject_GetAttrString(module, 
"display_name_local_query");
-                if (query) {
-                    PyObject *result = PyObject_CallFunction(query, "(Oss)",
-                                                            (PyObject 
*)conn->server->py_displayname_obj,
-                                                            
config->ssl_profile, user_id);
-                    if (result) {
-                        const char *res_string = PyString_AsString(result);
-                        free(user_id);
-                        user_id = malloc(strlen(res_string) + 1);
-                        user_id[0] = '\0';
-                        strcat(user_id, res_string);
-                        Py_XDECREF(result);
-                    } else {
-                        qd_log(conn->server->log_source, QD_LOG_DEBUG, 
"Internal: failed to read displaynameservice query result");
-                    }
-                    Py_XDECREF(query);
+                PyObject *result = PyObject_CallMethod((PyObject 
*)conn->server->py_displayname_obj, "query", "(ss)", config->ssl_profile, 
user_id );
+                if (result) {
+                    const char *res_string = PyString_AsString(result);
+                    free(user_id);
+                    user_id = malloc(strlen(res_string) + 1);
+                    user_id[0] = '\0';
+                    strcat(user_id, res_string);
+                    Py_XDECREF(result);
                 } else {
-                    qd_log(conn->server->log_source, QD_LOG_DEBUG, "Internal: 
failed to locate query function");
+                    qd_log(conn->server->log_source, QD_LOG_DEBUG, "Internal: 
failed to read displaynameservice query result");
                 }
-                Py_XDECREF(module);
                 qd_python_unlock(lock_state);
             }
             qd_log(conn->server->log_source, QD_LOG_DEBUG, "User id is '%s' ", 
user_id);
@@ -1393,7 +1387,6 @@ qd_server_t *qd_server(qd_dispatch_t *qd, int 
thread_count, const char *containe
     qd_server->signal_handler_running = false;
     qd_server->heartbeat_timer        = 0;
     qd_server->next_connection_id     = 1;
-    qd_server->py_displayname_module  = 0;
     qd_server->py_displayname_obj     = 0;
 
     qd_log(qd_server->log_source, QD_LOG_INFO, "Container Name: %s", 
qd_server->container_name);
@@ -1412,6 +1405,7 @@ void qd_server_free(qd_server_t *qd_server)
     sys_mutex_free(qd_server->lock);
     sys_cond_free(qd_server->cond);
     free(qd_server->threads);
+    Py_XDECREF((PyObject *)qd_server->py_displayname_obj);
     free(qd_server);
 }
 

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/27b2c91e/src/server_private.h
----------------------------------------------------------------------
diff --git a/src/server_private.h b/src/server_private.h
index caa3471..642f89d 100644
--- a/src/server_private.h
+++ b/src/server_private.h
@@ -180,7 +180,6 @@ struct qd_server_t {
     qd_connection_list_t      connections;
     qd_timer_t               *heartbeat_timer;
     uint64_t                 next_connection_id;
-    void                     *py_displayname_module;
     void                     *py_displayname_obj;
 };
 

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/27b2c91e/tests/system_tests_user_id.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_user_id.py b/tests/system_tests_user_id.py
index 7f40b4d..a62e148 100644
--- a/tests/system_tests_user_id.py
+++ b/tests/system_tests_user_id.py
@@ -111,8 +111,8 @@ class QdSSLUseridTest(TestCase):
                              'keyFile': cls.ssl_file('server-private-key.pem'),
                              'password': 'server-password'}),
 
-            # one component of uidFormat is invalid (x), the unrecognized 
component will be ignored,
-            # this will be treated like 'uidFormat': '1'
+            # one component of uidFormat is invalid (x), this will result in 
an error in the fingerprint calculation.
+            # The user_id will fall back to proton's pn_transport_get_user
             ('sslProfile', {'name': 'server-ssl10',
                              'certDb': cls.ssl_file('ca-certificate.pem'),
                              'certFile': 
cls.ssl_file('server-certificate.pem'),
@@ -309,74 +309,6 @@ class QdSSLUseridTest(TestCase):
         user_id = node.query(type='org.apache.qpid.dispatch.connection', 
attribute_names=['user']).results[13][0]
         self.assertEqual("user13", user_id)
 
-        M1 = self.messenger()
-        M1.route("amqp:/*", self.address(14)+"/$1")
-
-        subscription = M1.subscribe("amqp:/#")
-
-        reply_to = subscription.address
-        addr = 'amqp:/_local/$displayname'
-
-        tm = Message()
-        rm = Message()
-        tm.address = addr
-        tm.reply_to = reply_to
-        tm.body = {'profilename': 'server-ssl10', 'opcode': 'QUERY', 'userid': 
'94745961c5646ee0129536b3acef1eea0d8d2f26f8c353455233027bcd47'}
-        M1.put(tm)
-
-        M1.send()
-        M1.recv(1)
-        M1.get(rm)
-        self.assertEqual('elaine', rm.body['user_name'])
-
-        tm = Message()
-        rm = Message()
-        tm.address = addr
-        tm.reply_to = reply_to
-        tm.body =  {'profilename': 'server-ssl-unknown', 'opcode': 'QUERY', 
'userid': '94745961c5646ee0129536b3acef1eea0d8d2f26f8c3ed08ece4f8f3027bcd48'}
-        M1.put(tm)
-        M1.send()
-        M1.recv(1)
-        M1.get(rm)
-        
self.assertEqual('94745961c5646ee0129536b3acef1eea0d8d2f26f8c3ed08ece4f8f3027bcd48',
 rm.body['user_name'])
-
-        # The profile name, userid pair have a matching user name
-        tm = Message()
-        rm = Message()
-        tm.address = addr
-        tm.reply_to = reply_to
-        tm.body = {'profilename': 'server-ssl12', 'opcode': 'QUERY', 'userid': 
'94745961c5646ee0129536b3acef1eea0d8d2f26f8c3ed08ece4f8f3027bcd48'}
-        M1.put(tm)
-        M1.send()
-        M1.recv(1)
-        M1.get(rm)
-        self.assertEqual('johndoe', rm.body['user_name'])
-
-        tm = Message()
-        rm = Message()
-        tm.address = addr
-        tm.reply_to = reply_to
-        tm.body =  {'profilename': 'server-ssl10', 'opcode': 'QUERY', 
'userid': '12345'}
-        M1.put(tm)
-        M1.send()
-        M1.recv(1)
-        M1.get(rm)
-        self.assertEqual('12345', rm.body['user_name'])
-
-        tm = Message()
-        rm = Message()
-        tm.address = addr
-        tm.reply_to = reply_to
-        tm.user_id = "bad-user-id" # policy is disabled; user proxy is allowed
-        tm.body = {'profilename': 'server-ssl10', 'opcode': 'QUERY', 'userid': 
'12345'}
-        M1.put(tm)
-        M1.send()
-        M1.recv(1)
-        M1.get(rm)
-        self.assertEqual('12345', rm.body['user_name'])
-
-        M1.stop()
-
         node.close()
 
 if __name__ == '__main__':

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/27b2c91e/tests/system_tests_user_id_proxy.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_user_id_proxy.py 
b/tests/system_tests_user_id_proxy.py
index 3f0e0ed..409aaf1 100644
--- a/tests/system_tests_user_id_proxy.py
+++ b/tests/system_tests_user_id_proxy.py
@@ -263,54 +263,6 @@ class QdSSLUseridProxy(QdSSLUseridTest):
         self.assertTrue (result == Delivery.REJECTED,
                         "Router accepted a message with user_id that did not 
match connection user_id")
 
-    def test_message_user_id_proxy_blank_name_allowed(self):
-        # Send a message with a blank user_id that should be allowed
-        M1 = self.messenger()
-        M1.route("amqp:/*", self.address(14) + "/$1")
-
-        subscription = M1.subscribe("amqp:/#")
-
-        reply_to = subscription.address
-        addr = 'amqp:/_local/$displayname'
-
-        tm = Message()
-        rm = Message()
-        tm.address = addr
-        tm.reply_to = reply_to
-        tm.body = {'profilename': 'server-ssl10', 'opcode': 'QUERY',
-                   'userid': 
'94745961c5646ee0129536b3acef1eea0d8d2f26f8c353455233027bcd47'}
-        M1.put(tm)
-
-        M1.send()
-        M1.recv(1)
-        M1.get(rm)
-        self.assertEqual('elaine', rm.body['user_name'])
-
-    def test_message_user_id_proxy_correct_name_allowed(self):
-        # Send a message with a good user_id that should be allowed
-        M2 = self.messenger()
-        M2.route("amqp:/*", self.address(14) + "/$1")
-
-        subscription = M2.subscribe("amqp:/#")
-
-        reply_to = subscription.address
-        addr = 'amqp:/_local/$displayname'
-
-        tm = Message()
-        rm = Message()
-        tm.address = addr
-        tm.reply_to = reply_to
-        tm.user_id = "anonymous"
-        tm.body = {'profilename': 'server-ssl10', 'opcode': 'QUERY',
-                   'userid': 
'94745961c5646ee0129536b3acef1eea0d8d2f26f8c353455233027bcd47'}
-        M2.put(tm)
-
-        M2.send()
-        M2.recv(1)
-        M2.get(rm)
-        self.assertEqual('elaine', rm.body['user_name'])
-
-
     def test_message_user_id_proxy_zzz_credit_handled(self):
         # Test for DISPATCH-519. Make sure the REJECTED messages result
         # in the client receiving credit.


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org
For additional commands, e-mail: commits-h...@qpid.apache.org

Reply via email to