[GitHub] [qpid-dispatch] kgiusti commented on a change in pull request #676: DISPATCH-1518: Added ability to turn on protocol frame trace logging …

Tue, 11 Feb 2020 06:46:09 -0800 

kgiusti commented on a change in pull request #676: DISPATCH-1518: Added 
ability to turn on protocol frame trace logging …
URL: https://github.com/apache/qpid-dispatch/pull/676#discussion_r377676138
 
 

 ##########
 File path: src/router_core/agent_connection.c
 ##########
 @@ -563,47 +568,103 @@ void qdra_connection_update_CT(qdr_core_t      *core,
         // Find the connection that the user connected on. This connection 
must have the correct policy rights which
         // will allow the user on this connection to terminate some other 
connection.
         qdr_connection_t *user_conn = _find_conn_CT(core, query->in_conn);
+        qd_parsed_field_t *trace_field   = qd_parse_value_by_key(in_body, 
qdr_connection_columns[QDR_CONNECTION_ENABLE_PROTOCOL_TRACE]);
+        bool enable_protocol_trace = !!trace_field ? 
qd_parse_as_bool(trace_field) : false;
+
+        qdr_connection_t *conn = 0;
+
+        bool admin_status_bad_or_forbidden = false;
+
+        if (admin_state) {
+
+            if (!user_conn) {
+                // This is bad. The user connection (that was requesting that 
some
+                // other connection be dropped) is gone
+                query->status.description = "Parent connection no longer 
exists";
+                qdra_connection_set_bad_request(query);
+                admin_status_bad_or_forbidden = true;
+            }
+            else {
+                if (!user_conn->policy_allow_admin_status_update) {
+                    //
+                    // Policy on the connection that is requesting that some 
other connection be deleted does not allow
+                    // for the other connection to be deleted.Set the status 
to QD_AMQP_FORBIDDEN and just quit.
+                    //
+                    query->status = QD_AMQP_FORBIDDEN;
+                    query->status.description = "You are not allowed to 
perform this operation.";
+                    qd_compose_start_map(query->body);
+                    qd_compose_end_map(query->body);
+                    admin_status_bad_or_forbidden = true;
+                 }
+                else if (admin_state) { //admin state and trace are the only 
fields that can be updated via the update management request for type 
connection.
 
 Review comment:
   Isn't this always true since if (admin_state) is checked above on line 578?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to