You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Tim Platten (JIRA)" <qp...@incubator.apache.org> on 2009/09/17 11:26:57 UTC
[jira] Created: (QPID-2107) Bug in ACL processing of
exchangeBound()
Bug in ACL processing of exchangeBound()
----------------------------------------
Key: QPID-2107
URL: https://issues.apache.org/jira/browse/QPID-2107
Project: Qpid
Issue Type: Bug
Components: C++ Broker
Affects Versions: 0.5
Reporter: Tim Platten
There is a bug in ACL exchangeBound() processing which incorrectly checks the "create exchange" action instead of "access exchange".
ACL:
acl allow tester@QPID access exchange name=foo
Code:
result = session->exchangeBound("foo");
Broker:
2009-sep-08 09:12:17 info ACL Deny id:tester@QPID action:create ObjectType:exchange Name:eurex.baclo
2009-sep-08 09:12:17 error Execution exception: not-allowed: ACL denied exhange bound request from tester@QPID (qpid/broker/SessionAdapter.cpp:234)
I believe this is due to a bug in SessionAdapter::ExchangeHandlerImpl::bound
if (!acl->authorise(getConnection().getUserId(),acl::ACT_CREATE,acl::OBJ_EXCHANGE,exchangeName,¶ms) )
should read :
if (!acl->authorise(getConnection().getUserId(),acl::ACT_ACCESS,acl::OBJ_EXCHANGE,exchangeName,¶ms) )
Additionally, there is a typo where "exchange" is incorrectly spelt "exhange" in most ACL messages.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] Closed: (QPID-2107) Bug in ACL processing of exchangeBound()
Posted by "Rajith Attapattu (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-2107?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rajith Attapattu closed QPID-2107.
----------------------------------
Resolution: Duplicate
Fix Version/s: 0.6
Assignee: Rajith Attapattu
The same issue is reported in QPID-2098
Therefore closing this as a duplicate.
> Bug in ACL processing of exchangeBound()
> ----------------------------------------
>
> Key: QPID-2107
> URL: https://issues.apache.org/jira/browse/QPID-2107
> Project: Qpid
> Issue Type: Bug
> Components: C++ Broker
> Affects Versions: 0.5
> Reporter: Tim Platten
> Assignee: Rajith Attapattu
> Fix For: 0.6
>
>
> There is a bug in ACL exchangeBound() processing which incorrectly checks the "create exchange" action instead of "access exchange".
> ACL:
> acl allow tester@QPID access exchange name=foo
> Code:
> result = session->exchangeBound("foo");
> Broker:
> 2009-sep-08 09:12:17 info ACL Deny id:tester@QPID action:create ObjectType:exchange Name:eurex.baclo
> 2009-sep-08 09:12:17 error Execution exception: not-allowed: ACL denied exhange bound request from tester@QPID (qpid/broker/SessionAdapter.cpp:234)
> I believe this is due to a bug in SessionAdapter::ExchangeHandlerImpl::bound
> if (!acl->authorise(getConnection().getUserId(),acl::ACT_CREATE,acl::OBJ_EXCHANGE,exchangeName,¶ms) )
> should read :
> if (!acl->authorise(getConnection().getUserId(),acl::ACT_ACCESS,acl::OBJ_EXCHANGE,exchangeName,¶ms) )
> Additionally, there is a typo where "exchange" is incorrectly spelt "exhange" in most ACL messages.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org