Bug 1029418

Summary: [AMQP 1.0] check ACL before resolving node
Product: Red Hat Enterprise MRG Reporter: Gordon Sim <gsim>
Component: qpid-cppAssignee: Gordon Sim <gsim>
Status: CLOSED CURRENTRELEASE QA Contact: Zdenek Kraus <zkraus>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 3.0CC: esammons, iboverma, jross, pmoravec, zkraus
Target Milestone: 3.0   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qpid-cpp-0.22-26 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-21 12:55:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1010399    

Description Gordon Sim 2013-11-12 11:20:42 UTC 
Description of problem:

A user attempting to access a non-existent node will get a not-found error even if they don't have permission to access such a node. They should not be given any information on whether or not the node exists unless they first have permission.

Version-Release number of selected component (if applicable):

Early Access

How reproducible:

100%

Steps to Reproduce:
1. create policy that denies a given user all rights
2. using that user, try to send to or receive from any node name

Actual results:

Get not-found error where node doesn't exist.

Expected results:

Should get unauthorized access error whether or not node exists.

Additional info:
Comment 1 Gordon Sim 2013-11-12 11:21:48 UTC 
Fixed upstream: https://svn.apache.org/r1540041
Comment 2 Zdenek Kraus 2014-03-25 06:29:17 UTC 
Tested on RHEL 6.5 i686, x86_64, with following packages:

perl-qpid-0.22-11.el6
python-qpid-0.22-12.el6
python-qpid-qmf-0.22-28.el6
qpid-cpp-client-0.22-36.el6
qpid-cpp-client-devel-0.22-36.el6
qpid-cpp-client-devel-docs-0.22-36.el6
qpid-cpp-debuginfo-0.22-36.el6
qpid-cpp-server-0.22-36.el6
qpid-cpp-server-devel-0.22-36.el6
qpid-cpp-server-ha-0.22-36.el6
qpid-cpp-server-linearstore-0.22-36.el6
qpid-cpp-server-xml-0.22-36.el6
qpid-java-client-0.22-6.el6
qpid-java-common-0.22-6.el6
qpid-java-example-0.22-6.el6
qpid-jca-0.22-2.el6
qpid-jca-xarecovery-0.22-2.el6
qpid-proton-c-0.6-1.el6
qpid-proton-c-devel-0.6-1.el6
qpid-proton-debuginfo-0.6-1.el6
qpid-qmf-0.22-28.el6
qpid-qmf-debuginfo-0.22-28.el6
qpid-snmpd-1.0.0-16.el6
qpid-snmpd-debuginfo-1.0.0-16.el6
qpid-tools-0.22-9.el6
ruby-qpid-qmf-0.22-28.el6


-> VERIFIED