[
https://issues.apache.org/jira/browse/QPID-1545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12658761#action_12658761
]
Rajith Attapattu commented on QPID-1545:
----------------------------------------
After investigating I found that the acl module has a bug when processing the
following line in the acl file.
"group admin admin "
Groups are allowed to contain other groups, and the users of those groups are
added to the parent group.
Sp the code first checks if a given name in the list is actually a group
(instead of a user).
In this case the username given matches the group name we just created and is
mistakenly identified as group. Therefore the code tries to add all the users
of the "admin" group (which is empty) instead of adding the user "admin" which
results in an empty list for the admin group.
I have fixed the issue by adding a simple check to prevent the above situation
by checking if the user name given is the same as the current group name.
However the ACL file given here is also not correct as the username does not
have a realm. This will not enfore any ACL as all the given in the ACL file
does not have a realm. The correct entry should "group admin ad...@qpid".
This means that if a user name is given without a realm, the ACL module should
either,
a) Default to the realm specified for the broker. (Default value is 'QPID')
b) Print a warning that the given usernames does not contain a realm.
> ACL failure
> -----------
>
> Key: QPID-1545
> URL: https://issues.apache.org/jira/browse/QPID-1545
> Project: Qpid
> Issue Type: Bug
> Components: C++ Broker
> Affects Versions: M4
> Reporter: Arnaud Simon
> Attachments: acldump.txt, core.qpidd.4273.zip
>
>
> The c++ broker is segfaulting when the ACL file contains the entry "acl all
> all"
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
