[jira] [Comment Edited] (QPID-7696) [Java Broker] Deletion of a temporary queue can crash the broker with certain ACLs

Alex Rudyy (JIRA) Mon, 13 Mar 2017 10:17:40 -0700

    [ 
https://issues.apache.org/jira/browse/QPID-7696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15907883#comment-15907883
 ]


Alex Rudyy edited comment on QPID-7696 at 3/13/17 5:16 PM:
-----------------------------------------------------------

The absence of ACL UNBIND permission causes queue deletion to fail with 
AccessControlException. The deleted flag of queue is set into true and deleted 
future is set to  AccessControlException. When connection is closed an attempt 
is made to delete the queue from connection post close task using system 
principal, but because both deleted flag and deleted future are set already, 
the previous deleted future is returned with AccessControlException, and the 
exception is re-thrown from connection post close task. Because exception is 
not handled, it crushes the broker


was (Author: alex.rufous):
The absence of ACL UNBIND permission causes queue deletion to fail with 
AccessControlException. The deleted flag of queue is set into true and deleted 
future is set to  AccessControlException. When connection is closed an attempt 
is made to delete the queue from connection post close task using system 
principal, but because both deleted flag and deleted future are set already, 
the previous deleted future is returned with AccessControlException, and the 
exception is re-thrown from connection post close task. Because exception is 
not handled, it crashes the broker

> [Java Broker] Deletion of a temporary queue can crash the broker with certain 
> ACLs
> ----------------------------------------------------------------------------------
>
>                 Key: QPID-7696
>                 URL: https://issues.apache.org/jira/browse/QPID-7696
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: qpid-java-6.1.1
>            Reporter: Lorenz Quack
>             Fix For: qpid-java-6.1.2
>
>
> ACL:
> {noformat}
> ACL ALLOW-LOG testUser CREATE QUEUE temporary="true"
> ACL ALLOW-LOG testUser DELETE QUEUE temporary="true"
> ACL ALLOW-LOG testUser ACCESS ALL
> ACL ALLOW-LOG admin ALL ALL
> ACL DENY-LOG ALL ALL
> {noformat}
> client code:
> {code}
>     /* create connection */
>     Session session = connection.createSession(true, 
> Session.SESSION_TRANSACTED);
>     TemporaryQueue temporaryQueue = session.createTemporaryQueue();
>     temporaryQueue.delete();
>    /* cleanup */
> {code}
> This crashes the broker v6.1.1
> {noformat}
> ########################################################################
> #
> # Unhandled Exception java.security.AccessControlException: Permission DELETE 
> is denied for : Binding 'TempQueuec64ba00d-9b7c-44f2-9217-80c954234ce4' on 
> Queue 'TempQueuec64ba00d-9b7c-44f2-9217-80c954234ce4' Exchange 'amq.direct' 
> in Thread IO-/127.0.0.1:53477
> #
> # Exiting
> #
> ########################################################################
> java.security.AccessControlException: Permission DELETE is denied for : 
> Binding 'TempQueuec64ba00d-9b7c-44f2-9217-80c954234ce4' on Queue 
> 'TempQueuec64ba00d-9b7c-44f2-9217-80c954234ce4' Exchange 'amq.direct'
>       at 
> org.apache.qpid.server.model.AbstractConfiguredObject.authorise(AbstractConfiguredObject.java:2959)
>       at 
> org.apache.qpid.server.model.AbstractConfiguredObject.authorise(AbstractConfiguredObject.java:2891)
>       at 
> org.apache.qpid.server.model.AbstractConfiguredObject.authoriseSetAttributes(AbstractConfiguredObject.java:2970)
>       at 
> org.apache.qpid.server.model.AbstractConfiguredObject$15.execute(AbstractConfiguredObject.java:1659)
>       at 
> org.apache.qpid.server.model.AbstractConfiguredObject$15.execute(AbstractConfiguredObject.java:1629)
>       at 
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:632)
>       at 
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:625)
>       at 
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:240)
>       at 
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper$1.run(TaskExecutorImpl.java:312)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at javax.security.auth.Subject.doAs(Subject.java:360)
>       at 
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper.call(TaskExecutorImpl.java:305)
>       at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>       at java.lang.Thread.run(Thread.java:745)
> Process finished with exit code 1
> {noformat}
> I have not tested with other versions of the broker, yet.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Comment Edited] (QPID-7696) [Java Broker] Deletion of a temporary queue can crash the broker with certain ACLs

Reply via email to