Bug 883866
| Summary: | [RFE]: Access control for QMF functionality should be improved | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | Pavel Moravec <pmoravec> | ||||||
| Component: | qpid-cpp | Assignee: | Pavel Moravec <pmoravec> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Zdenek Kraus <zkraus> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 2.2 | CC: | crolke, esammons, iboverma, jbuchta, jross, pmoravec, rbinkhor, rrajasek, sauchter, zkraus | ||||||
| Target Milestone: | 3.1 | Keywords: | Documentation, FutureFeature, Patch, Triaged | ||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | qpid-cpp-0.30-2 | Doc Type: | Enhancement | ||||||
| Doc Text: |
Some QMF methods bypassed ACL authorization, allowing content in any queue to be manipulated by any user that was authorized to invoke QMF methods. Missing ACL actions together with their parameters have been added that permit or deny users the ability to purge, move, redirect and reroute messages from a queue.
|
Story Points: | --- | ||||||
| Clone Of: | Environment: |
[Release Notes]
|
|||||||
| Last Closed: | 2015-04-14 13:46:22 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 785156 | ||||||||
| Attachments: |
|
||||||||
Created attachment 899491 [details]
patch proposal (inital draft)
Initial version of patch for the same.
What misses there:
- on ACL denial, provide better text than "Forbidden" (raise framing::UnauthorizedAccessException).
- add some automated tests
example acl file:
acl deny all purge queue name=q
acl deny all move queue name=q queuename=w
acl deny all redirect queue name=q queuename=w
acl deny all reroute queue name=q exchangename=amq.fanout
acl deny all delete queue name=q
acl allow all all
Chuck, would you be ok with this proposal, including naming? Thanks.
The code looks good to me; the names are ok. The only thing it needs is a few tests added to qpid/cpp/src/tests/acl.py. Created attachment 902128 [details] Patch proposal Patch proposal, including automated tests enhancement. Automated tests depend on QPID-5797 / commit https://svn.apache.org/r1599221 (trivial change in qpid-tools). Fix in broker does _not_ depend on QPID-5797. /me to post a patch for relevant 1101533 as well and send both to upstream for a review. Upstream review request: https://reviews.apache.org/r/22606/ Committed as r1603364. The QMF methods mentioned by Comment 8 was tested on RHEL6 i686 and x86_64 with following packages: qpid-java-client-0.30-3 qpid-cpp-client-devel-docs-0.30-4 qpid-cpp-client-devel-0.30-4 qpid-tools-0.30-3 qpid-cpp-server-linearstore-0.30-4 qpid-jca-0.22-2 qpid-jca-xarecovery-0.22-2 python-qpid-0.30-2 qpid-java-example-0.30-3 qpid-cpp-server-xml-0.30-4 qpid-proton-c-0.7-4 qpid-java-common-0.30-3 qpid-cpp-client-0.30-4 python-qpid-qmf-0.30-2 qpid-cpp-server-devel-0.30-4 qpid-cpp-debuginfo-0.30-4 qpid-qmf-0.30-2 qpid-cpp-server-0.30-4 ACL rules for above mentioned QMF methods works as expected, except following issues: Bug 1173534 Bug 1173543 ->VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2015-0805.html |
qpid already has some support for QMF methods&queries authorization. Many (or maybe all?) QMF methods call: qpid/management/Manageable.cpp: bool Manageable::AuthorizeMethod(uint32_t, Args&, const std::string&) { return true; } I suppose this is required: - ensure the method is called by invoking any QMF method/query - call ACL stuff from the AuthorizeMethod - enhance ACLs according to QMF methods and its arguments