Bug 446938 - Security
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp (Show other bugs)
All Linux
urgent Severity high
: 1.1
: ---
Assigned To: Carl Trieloff
Kim van der Riet
Depends On:
Blocks: 471304
  Show dependency treegraph
Reported: 2008-05-16 14:00 EDT by Carl Trieloff
Modified: 2009-02-04 10:34 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-02-04 10:34:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Carl Trieloff 2008-05-16 14:00:53 EDT
Description of problem:

Security features must exist so that multiple message flows can use the same
broker. There should be multiple users/groups, and the access to and use of
queues should be controlled by an access control list (ACL). The current beta
has few security features. It lack SSL, multiple users and ACL.

(Notes: Carl)

This applies to brokers and clients.

Initial file support for RBAC and ACL will be enough, however at we should also
support IPA to store ACL etc t some point.
Comment 1 Frantisek Reznicek 2008-10-31 12:15:48 EDT
No test info. Putting NEEDINFO flag.
Comment 2 Carl Trieloff 2008-11-04 14:24:35 EST
This issue is covered by other BZ's.

To test and close the ACL side, create two users, setup one with allow all all and the other with no permissions. try useing the command line tools for both these user, one should work, the other deny.

I have just done this test and cleared this aspect of this bug.

Comment 3 Rajith Attapattu 2008-11-06 15:10:29 EST
As of rev 711957 all changes discussed for MRG 1.1 release is completed.
The ACL module now has an automated test suite that goes through number of scenarios. More test cases could be added.

SSL for both JMS and c++ client/Brokers have also been added and tested.
Gordon has checked in an automated test suite.
I will be adding a test profile for the java side.
Comment 5 Frantisek Reznicek 2008-11-18 11:02:49 EST
RHTS test qpid_compilation_unit_tests performs all unit tests including acl, ssh and others. Test proves features are added.
Comment 7 errata-xmlrpc 2009-02-04 10:34:57 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.