[
https://issues.apache.org/jira/browse/QPID-2063?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rajith Attapattu resolved QPID-2063.
------------------------------------
Resolution: Fixed
Applied patch from Tim at rev 813850 (trunk) and I also added test cases at the
same rev.
> ACL does not check queuename (or routingkey) on bind
> ----------------------------------------------------
>
> Key: QPID-2063
> URL: https://issues.apache.org/jira/browse/QPID-2063
> Project: Qpid
> Issue Type: Bug
> Components: C++ Broker
> Affects Versions: 0.5
> Reporter: Tim Platten
> Assignee: Rajith Attapattu
>
> ACL allows binding to a queue to which access should be denied. e.g.
> ACL:
> acl deny tes...@qpid all queue name=baz
> acl allow tes...@qpid bind exchange name=foo queuename=bar routingkey=foo.bar
> The following command succeed and it shouldn't
> qpid-config -a baclo/ba...@localhost bind foo baz foo.bar
> I believe this is because SessionAdapter::ExchangeHandlerImpl::bind is not
> checking either queueName or routingKey. I.e.
> AclModule* acl = getBroker().getAcl();
> if (acl) {
> if
> (!acl->authorise(getConnection().getUserId(),acl::ACT_BIND,acl::OBJ_EXCHANGE,exchangeName,routingKey)
> )
> should read:
> AclModule* acl = getBroker().getAcl();
> if (acl) {
> std::map<acl::Property, std::string> params;
> params.insert(make_pair(acl::PROP_QUEUENAME, queueName));
> params.insert(make_pair(acl::PROP_ROUTINGKEY, routingKey));
> if
> (!acl->authorise(getConnection().getUserId(),acl::ACT_BIND,acl::OBJ_EXCHANGE,exchangeName,¶ms)
> )
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
