[
https://issues.apache.org/jira/browse/QPID-4775?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13646657#comment-13646657
]
Chuck Rolke commented on QPID-4775:
-----------------------------------
I think this patch makes sense. In a queue/exchange creation the broker
receives attribute information over the wire and presents that to ACL for
approval. In the delete case only the object names are sent over the wire and
not the attributes. This patch simply picks a few attributes from the actual
queue and uses them to further qualify the ACL authorization.
I will commit this patch soon with the exception of the size qualifiers.
> ACL delete action should not ignore object's properties other than name
> -----------------------------------------------------------------------
>
> Key: QPID-4775
> URL: https://issues.apache.org/jira/browse/QPID-4775
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: 0.18, 0.20
> Reporter: Pavel Moravec
> Priority: Minor
> Labels: patch, security
> Attachments: bz955674.patch
>
>
> Description of problem:
> ACL rule like:
> acl allow all delete queue autodelete=true
> should allow deletion of autodelete queues _only_. While any queue can be
> deleted. The same applies to any object's property other than queue's name
> (see Broker::deleteQueue method and how acl->authorise is called).
> The same applies not only to queues but also to exchanges.
> Version-Release number of selected component (if applicable):
> any
> How reproducible:
> 100%
> Steps to Reproduce:
> 1. cat <acl-file>
> # simply allow all except for deleting non-durable queue
> acl allow-log all consume all
> acl allow-log all publish all
> acl allow-log all create all
> acl allow-log all access all
> acl allow-log all bind all
> acl allow-log all unbind all
> acl allow-log all purge all
> acl allow-log all update all
> acl allow-log all delete exchange
> acl allow-log all delete queue durable=true
> acl deny-log all all
> 2. Start broker with auth=yes and the ACL file
> 3. qpid-config -b admin/admin@localhost:5672 add queue TransientQueue
> 4. qpid-config -b admin/admin@localhost:5672 del queue TransientQueue
> Actual results:
> Steps 3 and 4 pass.
> Expected results:
> Deleting queue should fail, as the queue is not durable.
> In fact, even _creating_ the queue that way should raise an exception, as
> deleting auxiliary queue named like
> "4135cd9e-04b8-4cef-bcd0-5404444d7a04:0.0" (where the qpid-config gets
> response) should fail.
> Additional info:
> Same scenarios are applicable for all other queue properties and/or exchange
> properties. Just queue/exchange name is checked.
> Patch proposed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
