QPID-3288: "[C++] Broker sets federation link tag as empty string () when no tag is present in the client/server properties"

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1132623 13f79535-47bb-0310-9956-ffa450edef68
author: Kim van der Riet <kpvdr@apache.org> 2011-06-06 13:02:16 +0000
committer: Kim van der Riet <kpvdr@apache.org> 2011-06-06 13:02:16 +0000
commit: 859c79ab64324e60cbaa11ffdc37d29a74e2765e (patch)
tree: fdaa105ba74d890fbbb92bab46f8da4def55c13a /qpid/cpp/src
parent: 01093eebfe9baae53302b3aabb80ee1d1edf6448 (diff)
download: qpid-python-859c79ab64324e60cbaa11ffdc37d29a74e2765e.tar.gz
6 files changed, 19 insertions, 12 deletions
diff --git a/qpid/cpp/src/qpid/broker/Connection.cpp b/qpid/cpp/src/qpid/broker/Connection.cpp
index c07e63e68c..8362a9782c 100644
--- a/qpid/cpp/src/qpid/broker/Connection.cpp
+++ b/qpid/cpp/src/qpid/broker/Connection.cpp
@@ -288,11 +288,11 @@ void Connection::raiseConnectEvent() {
     }
 }
 
-void Connection::setFederationLink(bool b)
+void Connection::setUserProxyAuth(bool b)
 {
-    ConnectionState::setFederationLink(b);
+    ConnectionState::setUserProxyAuth(b);
     if (mgmtObject != 0)
-            mgmtObject->set_federationLink(b);
+        mgmtObject->set_userProxyAuth(b);
 }
 
 void Connection::close(connection::CloseCode code, const string& text)
diff --git a/qpid/cpp/src/qpid/broker/Connection.h b/qpid/cpp/src/qpid/broker/Connection.h
index 8f1aa701ef..3522d70b35 100644
--- a/qpid/cpp/src/qpid/broker/Connection.h
+++ b/qpid/cpp/src/qpid/broker/Connection.h
@@ -125,7 +125,7 @@ class Connection : public sys::ConnectionInputHandler,
     const std::string& getUserId() const { return ConnectionState::getUserId(); }
     const std::string& getMgmtId() const { return mgmtId; }
     management::ManagementAgent* getAgent() const { return agent; }
-    void setFederationLink(bool b);
+    void setUserProxyAuth(bool b);
     /** Connection does not delete the listener. 0 resets. */
     void setErrorListener(ErrorListener* l) { errorListener=l; }
     ErrorListener* getErrorListener() { return errorListener; }
diff --git a/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp b/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp
index 3f97e5b9de..915a64b025 100644
--- a/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp
+++ b/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp
@@ -137,7 +137,9 @@ void ConnectionHandler::Handler::startOk(const framing::FieldTable& clientProper
         throw;
     }
     connection.setFederationLink(clientProperties.get(QPID_FED_LINK));
-    connection.setFederationPeerTag(clientProperties.getAsString(QPID_FED_TAG));
+    if (clientProperties.isSet(QPID_FED_TAG)) {
+        connection.setFederationPeerTag(clientProperties.getAsString(QPID_FED_TAG));
+    }
     if (connection.isFederationLink()) {
     	if (acl && !acl->authorise(connection.getUserId(),acl::ACT_CREATE,acl::OBJ_LINK,"")){
             proxy.close(framing::connection::CLOSE_CODE_CONNECTION_FORCED,"ACL denied creating a federation link");
@@ -292,7 +294,9 @@ void ConnectionHandler::Handler::start(const FieldTable& serverProperties,
         }
     }
 
-    connection.setFederationPeerTag(serverProperties.getAsString(QPID_FED_TAG));
+    if (serverProperties.isSet(QPID_FED_TAG)) {
+        connection.setFederationPeerTag(serverProperties.getAsString(QPID_FED_TAG));
+    }
 
     FieldTable ft;
     ft.setInt(QPID_FED_LINK,1);
diff --git a/qpid/cpp/src/qpid/broker/ConnectionState.h b/qpid/cpp/src/qpid/broker/ConnectionState.h
index 9c31a931d8..fdd3c4ddc0 100644
--- a/qpid/cpp/src/qpid/broker/ConnectionState.h
+++ b/qpid/cpp/src/qpid/broker/ConnectionState.h
@@ -46,6 +46,7 @@ class ConnectionState : public ConnectionToken, public management::Manageable
         framemax(65535),
         heartbeat(0),
         heartbeatmax(120),
+        userProxyAuth(false), // Can proxy msgs with non-matching auth ids when true (used by federation links & clustering)
         federationLink(true),
         clientSupportsThrottling(false),
         clusterOrderOut(0)
@@ -67,8 +68,10 @@ class ConnectionState : public ConnectionToken, public management::Manageable
     void setUrl(const std::string& _url) { url = _url; }
     const std::string& getUrl() const { return url; }
 
-    void setFederationLink(bool b) {  federationLink = b; }
-    bool isFederationLink() const { return federationLink; }
+    void setUserProxyAuth(const bool b) { userProxyAuth = b; }
+    bool isUserProxyAuth() const { return userProxyAuth || federationPeerTag.size() > 0; } // links can proxy msgs with non-matching auth ids
+    void setFederationLink(bool b) { federationLink = b; } // deprecated - use setFederationPeerTag() instead
+    bool isFederationLink() const { return federationPeerTag.size() > 0; }
     void setFederationPeerTag(const std::string& tag) { federationPeerTag = std::string(tag); }
     const std::string& getFederationPeerTag() const { return federationPeerTag; }
     std::vector<Url>& getKnownHosts() { return knownHosts; }
@@ -105,6 +108,7 @@ class ConnectionState : public ConnectionToken, public management::Manageable
     uint16_t heartbeatmax;
     std::string userId;
     std::string url;
+    bool userProxyAuth;
     bool federationLink;
     std::string federationPeerTag;
     std::vector<Url> knownHosts;
diff --git a/qpid/cpp/src/qpid/broker/SemanticState.cpp b/qpid/cpp/src/qpid/broker/SemanticState.cpp
index ce86253f4a..73a0a5cf7b 100644
--- a/qpid/cpp/src/qpid/broker/SemanticState.cpp
+++ b/qpid/cpp/src/qpid/broker/SemanticState.cpp
@@ -70,7 +70,7 @@ SemanticState::SemanticState(DeliveryAdapter& da, SessionContext& ss)
       deliveryAdapter(da),
       tagGenerator("sgen"),
       dtxSelected(false),
-      authMsg(getSession().getBroker().getOptions().auth && !getSession().getConnection().isFederationLink()),
+      authMsg(getSession().getBroker().getOptions().auth && !getSession().getConnection().isUserProxyAuth()),
       userID(getSession().getConnection().getUserId()),
       userName(getSession().getConnection().getUserId().substr(0,getSession().getConnection().getUserId().find('@'))),
       isDefaultRealm(userID.find('@') != std::string::npos && getSession().getBroker().getOptions().realm == userID.substr(userID.find('@')+1,userID.size())),
@@ -469,7 +469,6 @@ void SemanticState::route(intrusive_ptr<Message> msg, Deliverable& strategy) {
     /* verify the userid if specified: */
     std::string id =
     	msg->hasProperties<MessageProperties>() ? msg->getProperties<MessageProperties>()->getUserId() : nullstring;
-
     if (authMsg &&  !id.empty() && !(id == userID || (isDefaultRealm && id == userName)))
     {
         QPID_LOG(debug, "authorised user id : " << userID << " but user id in message declared as " << id);
diff --git a/qpid/cpp/src/qpid/cluster/Connection.cpp b/qpid/cpp/src/qpid/cluster/Connection.cpp
index b9895290e9..ab42122813 100644
--- a/qpid/cpp/src/qpid/cluster/Connection.cpp
+++ b/qpid/cpp/src/qpid/cluster/Connection.cpp
@@ -322,10 +322,10 @@ size_t Connection::decode(const char* data, size_t size) {
         while (localDecoder.decode(buf))
             received(localDecoder.getFrame());
         if (!wasOpen && connection->isOpen()) {
-            // Connections marked as federation links are allowed to proxy
+            // Connections marked with setUserProxyAuth are allowed to proxy
             // messages with user-ID that doesn't match the connection's
             // authenticated ID. This is important for updates.
-            connection->setFederationLink(isCatchUp());
+            connection->setUserProxyAuth(isCatchUp());
         }
     }
     else {                      // Multicast local connections.
author	Kim van der Riet <kpvdr@apache.org>	2011-06-06 13:02:16 +0000
committer	Kim van der Riet <kpvdr@apache.org>	2011-06-06 13:02:16 +0000
commit	859c79ab64324e60cbaa11ffdc37d29a74e2765e (patch)
tree	fdaa105ba74d890fbbb92bab46f8da4def55c13a /qpid/cpp/src
parent	01093eebfe9baae53302b3aabb80ee1d1edf6448 (diff)
download	qpid-python-859c79ab64324e60cbaa11ffdc37d29a74e2765e.tar.gz