[jira] [Commented] (DISPATCH-8) Message:user-id must be authenticated on ingress
[ https://issues.apache.org/jira/browse/DISPATCH-8?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15536005#comment-15536005 ] ASF subversion and git services commented on DISPATCH-8: Commit 7db71b8176de3ca1a698fcfea46785bc8b01bdfa in qpid-dispatch's branch refs/heads/master from [~chug] [ https://git-wip-us.apache.org/repos/asf?p=qpid-dispatch.git;h=7db71b8 ] DISPATCH-8: Fix iterator leak from previous commit > Message:user-id must be authenticated on ingress > > > Key: DISPATCH-8 > URL: https://issues.apache.org/jira/browse/DISPATCH-8 > Project: Qpid Dispatch > Issue Type: Bug >Affects Versions: 0.1 >Reporter: Ted Ross >Assignee: Chuck Rolke >Priority: Critical > Fix For: 0.7.0 > > > When a message is received on an ingress link (i.e. from an originating > endpoint) and the message has a user-id field in its properties, that user-id > must be authenticated. > At first, this means that the user-id must be the same as that which was used > to authenticate the connection. > There may be other means of authenticating user-ids in the future, but > Dispatch must not simply pass them on unchecked. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (DISPATCH-8) Message:user-id must be authenticated on ingress
[ https://issues.apache.org/jira/browse/DISPATCH-8?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15504736#comment-15504736 ] ASF subversion and git services commented on DISPATCH-8: Commit 6be6e461040808ec9aed75b3213a2f03496a510b in qpid-dispatch's branch refs/heads/master from [~chug] [ https://git-wip-us.apache.org/repos/asf?p=qpid-dispatch.git;h=6be6e46 ] DISPATCH-8: Authenticate message user-id on ingress Add proxy check enable setting per vhost user group. Verify proxy is allowed for incoming messages. Add self tests to demonstrate proxy check rejecting messages or not. > Message:user-id must be authenticated on ingress > > > Key: DISPATCH-8 > URL: https://issues.apache.org/jira/browse/DISPATCH-8 > Project: Qpid Dispatch > Issue Type: Bug >Affects Versions: 0.1 >Reporter: Ted Ross >Assignee: Chuck Rolke >Priority: Critical > Fix For: 0.7.0 > > > When a message is received on an ingress link (i.e. from an originating > endpoint) and the message has a user-id field in its properties, that user-id > must be authenticated. > At first, this means that the user-id must be the same as that which was used > to authenticate the connection. > There may be other means of authenticating user-ids in the future, but > Dispatch must not simply pass them on unchecked. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (DISPATCH-8) Message:user-id must be authenticated on ingress
[ https://issues.apache.org/jira/browse/DISPATCH-8?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15491428#comment-15491428 ] Chuck Rolke commented on DISPATCH-8: To enable this feature then a new field is added to the *vhost* policy object. There's a choice between: # one setting for all vhosts. The setting is a peer of 'policy.enableVhostPolicy'. # one setting for each vhost. The setting is a peer of "vhost.allowUnknownUser". # one setting for each vhost user group. The setting is a peer of 'vhostUserGroupSettings.allowAnonymousSender. Messages from an 'admin' group could go unchecked but those from 'user' group could be checked. I favor Option 2 one setting for each vhost. Option 1 is too coarse and Option 3 would be confusing if some users were checked and others were not. > Message:user-id must be authenticated on ingress > > > Key: DISPATCH-8 > URL: https://issues.apache.org/jira/browse/DISPATCH-8 > Project: Qpid Dispatch > Issue Type: Bug >Affects Versions: 0.1 >Reporter: Ted Ross >Assignee: Chuck Rolke >Priority: Critical > Fix For: 0.7.0 > > > When a message is received on an ingress link (i.e. from an originating > endpoint) and the message has a user-id field in its properties, that user-id > must be authenticated. > At first, this means that the user-id must be the same as that which was used > to authenticate the connection. > There may be other means of authenticating user-ids in the future, but > Dispatch must not simply pass them on unchecked. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (DISPATCH-8) Message:user-id must be authenticated on ingress
[ https://issues.apache.org/jira/browse/DISPATCH-8?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15491244#comment-15491244 ] Ted Ross commented on DISPATCH-8: - The user_id is in the Properties, which is part of the bare message (the immutable part of the message). Injection is not an option. I would modify the conditions as follows: First, we need to add a policy flag called something like "allow user_id proxy" that controls this process. If the flag is True, no checks are performed on the user_id. If the flag is False (default), then: IF (message.properties.user_id is present and not blank) AND (message.properties.user_id is not equal to the connection's authenticated identity OR the connection is not authenticated) THEN Reject the delivery with an appropriate error message. This algorithm ensures that all messages that cross the network that have user_ids have authenticated user_ids or user_ids supplied by specifically trusted proxies. > Message:user-id must be authenticated on ingress > > > Key: DISPATCH-8 > URL: https://issues.apache.org/jira/browse/DISPATCH-8 > Project: Qpid Dispatch > Issue Type: Bug >Affects Versions: 0.1 >Reporter: Ted Ross >Assignee: Chuck Rolke >Priority: Critical > Fix For: 0.7.0 > > > When a message is received on an ingress link (i.e. from an originating > endpoint) and the message has a user-id field in its properties, that user-id > must be authenticated. > At first, this means that the user-id must be the same as that which was used > to authenticate the connection. > There may be other means of authenticating user-ids in the future, but > Dispatch must not simply pass them on unchecked. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (DISPATCH-8) Message:user-id must be authenticated on ingress
[ https://issues.apache.org/jira/browse/DISPATCH-8?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15491211#comment-15491211 ] Chuck Rolke commented on DISPATCH-8: Using qpid-cpp/qpidd as a model, messages could be rejected when: # The message arrives over an authenticated user connection. # The message.properties.user_id is present and not blank # The message.properties.user_id is not equal to the authenticated user name The message will be discarded and a Disposition of Rejected returned to sender. A few considerations: * Are the conditions stated above sufficient? * Do we ever want to inject a user_id value when it arrives blank? > Message:user-id must be authenticated on ingress > > > Key: DISPATCH-8 > URL: https://issues.apache.org/jira/browse/DISPATCH-8 > Project: Qpid Dispatch > Issue Type: Bug >Affects Versions: 0.1 >Reporter: Ted Ross >Assignee: Chuck Rolke >Priority: Critical > Fix For: 0.7.0 > > > When a message is received on an ingress link (i.e. from an originating > endpoint) and the message has a user-id field in its properties, that user-id > must be authenticated. > At first, this means that the user-id must be the same as that which was used > to authenticate the connection. > There may be other means of authenticating user-ids in the future, but > Dispatch must not simply pass them on unchecked. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
