This is an automated email from the ASF dual-hosted git repository.
tross pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-dispatch.git
The following commit(s) were added to refs/heads/master by this push:
new 78f799a DISPATCH-1227 - Added a policy setting to allow or forbid use
of connection-scoped/dynamic link routes.
78f799a is described below
commit 78f799af4ecd4940de181809f35a1abd8fc593ef
Author: Ted Ross <tr...@redhat.com>
AuthorDate: Tue Dec 18 12:52:04 2018 -0500
DISPATCH-1227 - Added a policy setting to allow or forbid use of
connection-scoped/dynamic link routes.
---
docs/books/user-guide/configuration-security.adoc | 9 +++++
include/qpid/dispatch/router_core.h | 2 ++
python/qpid_dispatch/management/qdrouter.json | 7 ++++
.../qpid_dispatch_internal/policy/policy_local.py | 38 ++++++++++++----------
src/policy.c | 5 +--
src/policy.h | 1 +
src/router_core/agent_conn_link_route.c | 12 +++++--
src/router_core/connections.c | 2 ++
src/router_core/router_core_private.h | 1 +
src/router_node.c | 1 +
10 files changed, 56 insertions(+), 22 deletions(-)
diff --git a/docs/books/user-guide/configuration-security.adoc
b/docs/books/user-guide/configuration-security.adoc
index a21c5d6..f8795d6 100644
--- a/docs/books/user-guide/configuration-security.adoc
+++ b/docs/books/user-guide/configuration-security.adoc
@@ -616,6 +616,15 @@ A list of authenticated users for this user group. Use
commas to separate multip
`remoteHosts`::
A list of remote hosts from which the users may connect. A host can be a
hostname, IP address, or IP address range. Use commas to separate multiple
hosts. To allow access from all remote hosts, specify a wildcard `*`. To deny
access from all remote hosts, leave this attribute blank.
+`allowDynamicSource`::
+If true, connections from users in this group are permitted to attach
receivers to dynamic sources. This permits creation of listners to temporary
addresses or termporary queues. If false, use of dynamic sources is forbidden.
+
+`allowWaypointLinks`::
+If true, connections from users in this group are permitted to attach links
using waypoint capabilities. This allows endpoints to act as waypoints (i.e.
brokers) without the need for configuring auto-links. If false, use of
waypoint capabilities is forbidden.
+
+`allowDynamicLinkRoutes`::
+If true, connections from users in this group may dynamically create
connection-scoped link route destinations. This allows endpoints to act as
link route destinations (i.e. brokers) without the need for configuring
link-routes. If false, creation of dynamic link route destintations is
forbidden.
+
`sources` | `sourcePattern`::
A list of AMQP source addresses from which users in this group may receive
messages.
+
diff --git a/include/qpid/dispatch/router_core.h
b/include/qpid/dispatch/router_core.h
index a86428a..11275d3 100644
--- a/include/qpid/dispatch/router_core.h
+++ b/include/qpid/dispatch/router_core.h
@@ -173,6 +173,7 @@ typedef void (*qdr_connection_bind_context_t)
(qdr_connection_t *context, void*
* correlate the connection with waypoints and link-route destinations
that use the connection.
* @param strip_annotations_in True if configured to remove annotations on
inbound messages.
* @param strip_annotations_out True if configured to remove annotations on
outbound messages.
+ * @param policy_allow_dynamic_link_routes True if this connection is allowed
by policy to create link route destinations.
* @param link_capacity The capacity, in deliveries, for links in this
connection.
* @param vhost If non-null, this is the vhost of the connection to be used
for multi-tenancy.
* @return Pointer to a connection object that can be used to refer to this
connection over its lifetime.
@@ -186,6 +187,7 @@ qdr_connection_t *qdr_connection_opened(qdr_core_t
*core,
const char
*remote_container_id,
bool
strip_annotations_in,
bool
strip_annotations_out,
+ bool
policy_allow_dynamic_link_routes,
int link_capacity,
const char *vhost,
qdr_connection_info_t *connection_info,
diff --git a/python/qpid_dispatch/management/qdrouter.json
b/python/qpid_dispatch/management/qdrouter.json
index 180a0e0..861d620 100644
--- a/python/qpid_dispatch/management/qdrouter.json
+++ b/python/qpid_dispatch/management/qdrouter.json
@@ -1875,6 +1875,13 @@
"required": false,
"create": true
},
+ "allowDynamicLinkRoutes": {
+ "type": "boolean",
+ "description": "Whether this connection is allowed to
dynamically create connection-scoped link route destinations.",
+ "default": true,
+ "required": false,
+ "create": true
+ },
"sources": {
"type": "string",
"description": "A list of source addresses from which
users in this group may receive messages. To specify multiple addresses,
separate the addresses with either a comma or a space. If you do not specify
any addresses, users in this group are not allowed to receive messages from any
addresses. You can use the substitution token '${user}' to specify an address
that contains a user's authenticated user name. You can use an asterisk ('*')
wildcard to match one or more ch [...]
diff --git a/python/qpid_dispatch_internal/policy/policy_local.py
b/python/qpid_dispatch_internal/policy/policy_local.py
index 2f3cfb4..b62e8d4 100644
--- a/python/qpid_dispatch_internal/policy/policy_local.py
+++ b/python/qpid_dispatch_internal/policy/policy_local.py
@@ -59,22 +59,23 @@ class PolicyKeys(object):
KW_GROUPS = "groups"
# Policy settings key words
- KW_USERS = "users"
- KW_REMOTE_HOSTS = "remoteHosts"
- KW_MAX_FRAME_SIZE = "maxFrameSize"
- KW_MAX_MESSAGE_SIZE = "maxMessageSize"
- KW_MAX_SESSION_WINDOW = "maxSessionWindow"
- KW_MAX_SESSIONS = "maxSessions"
- KW_MAX_SENDERS = "maxSenders"
- KW_MAX_RECEIVERS = "maxReceivers"
- KW_ALLOW_DYNAMIC_SRC = "allowDynamicSource"
- KW_ALLOW_ANONYMOUS_SENDER = "allowAnonymousSender"
- KW_ALLOW_USERID_PROXY = "allowUserIdProxy"
- KW_ALLOW_WAYPOINT_LINKS = "allowWaypointLinks"
- KW_SOURCES = "sources"
- KW_TARGETS = "targets"
- KW_SOURCE_PATTERN = "sourcePattern"
- KW_TARGET_PATTERN = "targetPattern"
+ KW_USERS = "users"
+ KW_REMOTE_HOSTS = "remoteHosts"
+ KW_MAX_FRAME_SIZE = "maxFrameSize"
+ KW_MAX_MESSAGE_SIZE = "maxMessageSize"
+ KW_MAX_SESSION_WINDOW = "maxSessionWindow"
+ KW_MAX_SESSIONS = "maxSessions"
+ KW_MAX_SENDERS = "maxSenders"
+ KW_MAX_RECEIVERS = "maxReceivers"
+ KW_ALLOW_DYNAMIC_SRC = "allowDynamicSource"
+ KW_ALLOW_ANONYMOUS_SENDER = "allowAnonymousSender"
+ KW_ALLOW_USERID_PROXY = "allowUserIdProxy"
+ KW_ALLOW_WAYPOINT_LINKS = "allowWaypointLinks"
+ KW_ALLOW_DYNAMIC_LINK_ROUTES = "allowDynamicLinkRoutes"
+ KW_SOURCES = "sources"
+ KW_TARGETS = "targets"
+ KW_SOURCE_PATTERN = "sourcePattern"
+ KW_TARGET_PATTERN = "targetPattern"
# Policy stats key words
KW_CONNECTIONS_APPROVED = "connectionsApproved"
@@ -145,6 +146,7 @@ class PolicyCompiler(object):
PolicyKeys.KW_ALLOW_ANONYMOUS_SENDER,
PolicyKeys.KW_ALLOW_USERID_PROXY,
PolicyKeys.KW_ALLOW_WAYPOINT_LINKS,
+ PolicyKeys.KW_ALLOW_DYNAMIC_LINK_ROUTES,
PolicyKeys.KW_SOURCES,
PolicyKeys.KW_TARGETS,
PolicyKeys.KW_SOURCE_PATTERN,
@@ -246,6 +248,7 @@ class PolicyCompiler(object):
policy_out[PolicyKeys.KW_ALLOW_ANONYMOUS_SENDER] = False
policy_out[PolicyKeys.KW_ALLOW_USERID_PROXY] = False
policy_out[PolicyKeys.KW_ALLOW_WAYPOINT_LINKS] = True
+ policy_out[PolicyKeys.KW_ALLOW_DYNAMIC_LINK_ROUTES] = True
policy_out[PolicyKeys.KW_SOURCES] = ''
policy_out[PolicyKeys.KW_TARGETS] = ''
policy_out[PolicyKeys.KW_SOURCE_PATTERN] = ''
@@ -282,7 +285,8 @@ class PolicyCompiler(object):
elif key in [PolicyKeys.KW_ALLOW_ANONYMOUS_SENDER,
PolicyKeys.KW_ALLOW_DYNAMIC_SRC,
PolicyKeys.KW_ALLOW_USERID_PROXY,
- PolicyKeys.KW_ALLOW_WAYPOINT_LINKS
+ PolicyKeys.KW_ALLOW_WAYPOINT_LINKS,
+ PolicyKeys.KW_ALLOW_DYNAMIC_LINK_ROUTES
]:
if isinstance(val, (PY_STRING_TYPE, PY_TEXT_TYPE)) and
val.lower() in ['true', 'false']:
val = True if val == 'true' else False
diff --git a/src/policy.c b/src/policy.c
index 910a93b..d9ecddc 100644
--- a/src/policy.c
+++ b/src/policy.c
@@ -436,8 +436,9 @@ bool qd_policy_open_lookup_user(
if (!settings->allowDynamicSource) { //don't override if
enabled by authz plugin
settings->allowDynamicSource =
qd_entity_opt_bool((qd_entity_t*)upolicy, "allowDynamicSource", false);
}
- settings->allowUserIdProxy =
qd_entity_opt_bool((qd_entity_t*)upolicy, "allowUserIdProxy", false);
- settings->allowWaypointLinks =
qd_entity_opt_bool((qd_entity_t*)upolicy, "allowWaypointLinks", true);
+ settings->allowUserIdProxy =
qd_entity_opt_bool((qd_entity_t*)upolicy, "allowUserIdProxy", false);
+ settings->allowWaypointLinks =
qd_entity_opt_bool((qd_entity_t*)upolicy, "allowWaypointLinks", true);
+ settings->allowDynamicLinkRoutes =
qd_entity_opt_bool((qd_entity_t*)upolicy, "allowDynamicLinkRoutes", true);
if (settings->sources == 0) { //don't override if
configured by authz plugin
settings->sources =
qd_entity_get_string((qd_entity_t*)upolicy, "sources");
}
diff --git a/src/policy.h b/src/policy.h
index 5f7af74..0b9fc0d 100644
--- a/src/policy.h
+++ b/src/policy.h
@@ -52,6 +52,7 @@ struct qd_policy__settings_s {
bool allowAnonymousSender;
bool allowUserIdProxy;
bool allowWaypointLinks;
+ bool allowDynamicLinkRoutes;
char *sources;
char *targets;
char *sourcePattern;
diff --git a/src/router_core/agent_conn_link_route.c
b/src/router_core/agent_conn_link_route.c
index c093780..a671bf3 100644
--- a/src/router_core/agent_conn_link_route.c
+++ b/src/router_core/agent_conn_link_route.c
@@ -158,9 +158,9 @@ static qdr_link_route_t
*_find_link_route_CT(qdr_connection_t *conn,
void qdra_conn_link_route_create_CT(qdr_core_t *core,
- qd_iterator_t *name,
- qdr_query_t *query,
- qd_parsed_field_t *in_body)
+ qd_iterator_t *name,
+ qdr_query_t *query,
+ qd_parsed_field_t *in_body)
{
char *pattern = NULL;
@@ -179,6 +179,12 @@ void qdra_conn_link_route_create_CT(qdr_core_t
*core,
goto exit;
}
+ // fail if forbidden by policy
+ if (!conn->policy_allow_dynamic_link_routes) {
+ query->status = QD_AMQP_FORBIDDEN;
+ goto exit;
+ }
+
if (!qd_parse_is_map(in_body)) {
query->status.description = "Body of request must be a map";
goto exit;
diff --git a/src/router_core/connections.c b/src/router_core/connections.c
index d6ced98..a1717a8 100644
--- a/src/router_core/connections.c
+++ b/src/router_core/connections.c
@@ -70,6 +70,7 @@ qdr_connection_t *qdr_connection_opened(qdr_core_t
*core,
const char
*remote_container_id,
bool
strip_annotations_in,
bool
strip_annotations_out,
+ bool
policy_allow_dynamic_link_routes,
int link_capacity,
const char *vhost,
qdr_connection_info_t *connection_info,
@@ -89,6 +90,7 @@ qdr_connection_t *qdr_connection_opened(qdr_core_t
*core,
conn->inter_router_cost = cost;
conn->strip_annotations_in = strip_annotations_in;
conn->strip_annotations_out = strip_annotations_out;
+ conn->policy_allow_dynamic_link_routes = policy_allow_dynamic_link_routes;
conn->link_capacity = link_capacity;
conn->mask_bit = -1;
DEQ_INIT(conn->links);
diff --git a/src/router_core/router_core_private.h
b/src/router_core/router_core_private.h
index a2ebc8e..7d6f2a3 100644
--- a/src/router_core/router_core_private.h
+++ b/src/router_core/router_core_private.h
@@ -614,6 +614,7 @@ struct qdr_connection_t {
qdr_conn_identifier_t *conn_id;
bool strip_annotations_in;
bool strip_annotations_out;
+ bool policy_allow_dynamic_link_routes;
int link_capacity;
int mask_bit;
qdr_connection_work_list_t work_list;
diff --git a/src/router_node.c b/src/router_node.c
index 7ab9d0a..8c44264 100644
--- a/src/router_node.c
+++ b/src/router_node.c
@@ -1152,6 +1152,7 @@ static void AMQP_opened_handler(qd_router_t *router,
qd_connection_t *conn, bool
pn_connection_remote_container(pn_conn),
conn->strip_annotations_in,
conn->strip_annotations_out,
+ conn->policy_settings ?
conn->policy_settings->allowDynamicLinkRoutes : true,
link_capacity,
vhost,
connection_info,
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org
For additional commands, e-mail: commits-h...@qpid.apache.org
