Ernest Allen created QPID-6326:
----------------------------------

             Summary: [ACL] Python client demands unnecessary permission / 
performs unnecessary actions
                 Key: QPID-6326
                 URL: https://issues.apache.org/jira/browse/QPID-6326
             Project: Qpid
          Issue Type: Bug
          Components: Python Client
    Affects Versions: 0.31
            Reporter: Ernest Allen
            Assignee: Ernest Allen


Description of problem:
Python clients accesses both exchange and queue objects, even when the object 
types is specified. Thus demanding unnecessary ACL rules to be allowed.



Version-Release number of selected component (if applicable):
python-qpid-0.22-15

How reproducible:
100%

Steps to Reproduce:
Scenario A (access)
1. create acl:
acl allow-log all access exchange
acl deny-log all all
2. send message to an amq.fanout
/usr/share/doc/python-qpid-0.22/examples/api/spout -c 1 -b 
UserA/UserA@localhost:5672 "amq.fanout;{node:{type:topic}}"
3. check qpidd log

Scenario B (create)
1. create acl:
acl allow-log access all
acl allow-log create queue
acl deny-log all all
2. create a queue using spout
/usr/share/doc/python-qpid-0.22/examples/api/spout -c 1 -b 
UserA/UserA@localhost:5672 "q;{create:always, node:{type:queue}}"
3. check qpidd log


Scenario A
Actual results:
2014-07-28 10:45:07 [Security] info ACL Allow id:UserA@QPID action:access 
ObjectType:exchange Name:amq.fanout
2014-07-28 10:45:07 [Security] info ACL Deny id:UserA@QPID action:access 
ObjectType:queue Name:amq.fanout

Expected results:
2014-07-28 10:45:07 [Security] info ACL Allow id:UserA@QPID action:access 
ObjectType:exchange Name:amq.fanout
2014-07-28 10:45:07 [Security] info ACL Deny id:UserA@QPID action:publish 
ObjectType:exchange Name:amq.fanout


Scenario B
Actual results:
2014-07-28 10:57:31 [Security] info ACL Allow id:UserA@QPID action:access 
ObjectType:exchange Name:q
2014-07-28 10:57:31 [Security] info ACL Allow id:UserA@QPID action:access 
ObjectType:queue Name:q
2014-07-28 10:57:31 [Security] info ACL Allow id:UserA@QPID action:create 
ObjectType:queue Name:q

Expected results:
2014-07-28 10:57:31 [Security] info ACL Allow id:UserA@QPID action:create 
ObjectType:queue Name:q


Additional info:
[A] it behaves the same for node/type:queue, querying the exchanges then queue.
[B] when creating, client should request only 'create' action, same as C++



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to