Pavel Moravec created QPID-5565: ----------------------------------- Summary: [C++ broker] ACL queue create rules to take zero as unlimited value Key: QPID-5565 URL: https://issues.apache.org/jira/browse/QPID-5565 Project: Qpid Issue Type: Bug Components: C++ Broker Reporter: Pavel Moravec Assignee: Pavel Moravec Priority: Minor
When declaring queue with e.g. qpid.max_size=0, the zero is interpreted as "no limit in queue depth". While ACLs deal with zero as "queue depth is zero". Therefore: 1) ACL rule like: acl allow all create queue queuemaxsizelowerlimit=10 is not matched 2) ACL rule like: acl allow all create queue queuemaxsizeupperlimit=1000 is matched. While both is wrong. The same applies to any numerically-compared properties of ACL queue create rule, specifically to: acl::PROP_MAXPAGES acl::PROP_MAXPAGEFACTOR acl::PROP_MAXQUEUECOUNT acl::PROP_MAXQUEUESIZE acl::PROP_MAXFILECOUNT acl::PROP_MAXFILESIZE There are two approaches how to fix it: 1) in Broker.cpp, before calling ACL to authorize queue creation, replace zero value by 9223372036854775807 (as hardcoded maximum for ACL numerical value; see src/tests/Variant.cpp and/or src/tests/acl.py for more) 2) Within ACL, deal zero value as unlimited The first approach would allow future parameters having 0 as real zero value. But Broker class would mimic/workaround some ACL work. The second approach would resolve the problem in better place, but it would enforce that zero is interpreted as infinity everytime (can't it break something? or on the other side, can't it unify handling connection-limit-per-ip or max-queues-per-user options?) -- This message was sent by Atlassian JIRA (v6.1.5#6160) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org