[ https://issues.apache.org/jira/browse/QPID-5565?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pavel Moravec closed QPID-5565. ------------------------------- > [C++ broker] ACL queue create rules to take zero as unlimited value > ------------------------------------------------------------------- > > Key: QPID-5565 > URL: https://issues.apache.org/jira/browse/QPID-5565 > Project: Qpid > Issue Type: Bug > Components: C++ Broker > Reporter: Pavel Moravec > Assignee: Pavel Moravec > Priority: Minor > Fix For: 0.27 > > > When declaring queue with e.g. qpid.max_size=0, the zero is interpreted as > "no limit in queue depth". While ACLs deal with zero as "queue depth is > zero". Therefore: > 1) ACL rule like: > acl allow all create queue queuemaxsizelowerlimit=10 > is not matched > 2) ACL rule like: > acl allow all create queue queuemaxsizeupperlimit=1000 > is matched. > While both is wrong. > The same applies to any numerically-compared properties of ACL queue create > rule, specifically to: > acl::PROP_MAXPAGES > acl::PROP_MAXPAGEFACTOR > acl::PROP_MAXQUEUECOUNT > acl::PROP_MAXQUEUESIZE > acl::PROP_MAXFILECOUNT > acl::PROP_MAXFILESIZE > There are two approaches how to fix it: > 1) in Broker.cpp, before calling ACL to authorize queue creation, replace > zero value by 9223372036854775807 (as hardcoded maximum for ACL numerical > value; see src/tests/Variant.cpp and/or src/tests/acl.py for more) > 2) Within ACL, deal zero value as unlimited > The first approach would allow future parameters having 0 as real zero value. > But Broker class would mimic/workaround some ACL work. > The second approach would resolve the problem in better place, but it would > enforce that zero is interpreted as infinity everytime (can't it break > something? or on the other side, can't it unify handling > connection-limit-per-ip or max-queues-per-user options?) -- This message was sent by Atlassian JIRA (v6.1.5#6160) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org