[
https://issues.apache.org/jira/browse/QPID-5203?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pavel Moravec updated QPID-5203:
--------------------------------
Attachment: bz974940.py
reproducer
> Python client unexpected exception after ACL denial
> ---------------------------------------------------
>
> Key: QPID-5203
> URL: https://issues.apache.org/jira/browse/QPID-5203
> Project: Qpid
> Issue Type: Bug
> Components: Python Client
> Affects Versions: 0.24
> Reporter: Pavel Moravec
> Assignee: Pavel Moravec
> Priority: Minor
> Attachments: bz974940.py
>
>
> Description of problem:
> After ACL denies a command from qpid Python client, an attempt to close
> either session or connection raises unexpected exception (relevant to ACL,
> though). While at that time, session is properly closed and connection is
> working fine.
> Version-Release number of selected component (if applicable):
> every
> How reproducible:
> 100%
> Steps to Reproduce:
> 1. Have ACL file:
> acl deny all consume all
> acl allow all all
> 2. Run attached script.
> Actual results:
> ----------------------------------------------------------------------------------------------------
> Create receiver failed with exception
> Traceback (most recent call last):
> File "ACL_denial_session-hang.py", line 13, in <module>
> recv = session.receiver('testQ; {create:always}')
> File "<string>", line 6, in receiver
> File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line
> 616, in receiver
> receiver._ewait(lambda: receiver.linked)
> File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line
> 973, in _ewait
> result = self.session._ewait(lambda: self.error or predicate(), timeout)
> File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line
> 567, in _ewait
> self.check_error()
> File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line
> 556, in check_error
> raise self.error
> UnauthorizedAccess: unauthorized-access: ACL denied Queue subscribe request
> from guest@QPID (qpid/broker/SessionAdapter.cpp:399)(403)
> ----------------------------------------------------------------------------------------------------
> Session close failed with exception
> Traceback (most recent call last):
> File "ACL_denial_session-hang.py", line 19, in <module>
> session.close()
> File "<string>", line 6, in close
> File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line
> 739, in close
> self.sync(timeout=timeout)
> File "<string>", line 6, in sync
> File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line
> 731, in sync
> if not self._ewait(lambda: not self.outgoing and not self.acked,
> timeout=timeout):
> File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line
> 567, in _ewait
> self.check_error()
> File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line
> 556, in check_error
> raise self.error
> UnauthorizedAccess: unauthorized-access: ACL denied Queue subscribe request
> from guest@QPID (qpid/broker/SessionAdapter.cpp:399)(403)
> ----------------------------------------------------------------------------------------------------
> Connection close failed with exception
> Traceback (most recent call last):
> File "ACL_denial_session-hang.py", line 25, in <module>
> connection.close()
> File "<string>", line 6, in close
> File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line
> 316, in close
> ssn.close(timeout=timeout)
> File "<string>", line 6, in close
> File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line
> 739, in close
> self.sync(timeout=timeout)
> File "<string>", line 6, in sync
> File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line
> 731, in sync
> if not self._ewait(lambda: not self.outgoing and not self.acked,
> timeout=timeout):
> File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line
> 567, in _ewait
> self.check_error()
> File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line
> 556, in check_error
> raise self.error
> UnauthorizedAccess: unauthorized-access: ACL denied Queue subscribe request
> from guest@QPID (qpid/broker/SessionAdapter.cpp:399)(403)
> Expected results:
> Just the first exception is printed - when the "session.receiver" fails due
> to ACL.
> Additional info:
> Some hints for fixing it:
> - session object is properly closed. Just an attempt to close it again raises
> that exception. When trying to close a closed session without an ACL deny, no
> exception is raised
> - connection object is properly working and closing it really closes the AMQP
> connection. And the connection object can be normally used later on.
> - it seems to me like:
> a) exception raised and stored somewhere
> b) program catches it
> c) Python library should delete it from the stored place / variable but it
> does not do so
> d) any action on affected session/connection first checks for the stored
> exception, finds it so re-raises it
> Workaround:
> try:
> # this should fail - ACL does not allow this
> recv = session.receiver('testQ; {create:always}')
> except Exception as e1:
> try:
> session.close()
> except Exception as e2:
> "if e2 is ACL exception, then:"
> session = connection.session()
> ..
> "else close connection"
--
This message was sent by Atlassian JIRA
(v6.1#6144)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
