Bug 460664 - Broker should authenticate the user-id of any published messages
Broker should authenticate the user-id of any published messages
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp (Show other bugs)
All Linux
high Severity medium
: 1.1
: ---
Assigned To: Gordon Sim
Kim van der Riet
Depends On:
  Show dependency treegraph
Reported: 2008-08-29 11:03 EDT by Gordon Sim
Modified: 2009-02-04 10:36 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-02-04 10:36:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Gordon Sim 2008-08-29 11:03:30 EDT
In order that receivers of the message can trust that the publisher was as declared.
Comment 1 Gordon Sim 2008-09-30 10:48:50 EDT
Test strategy:

1. start broker with authentication turned on and configured
2. connect as particular authorised user via any client
3. create a message where the userid porperty in the standard message-properties set has a value other than the user as which the connection was authenticated (e.g. in the python client something like: ssn.message_transfer(message=Message(ssn.delivery_properties(userid="invalid")))
4. verify that an exception is thrown and the message is not routed to any queues
Comment 2 Rajith Attapattu 2008-10-28 09:58:25 EDT
The above feature is checked in to the c++ broker at rev 699047 on Qpid trunk.
Comment 4 David Sommerseth 2008-12-17 05:16:01 EST
Wrote a test simple program for RHTS:   /cvs/dist/tests/distribution/MRG_Messaging/qpid_auth_user_msgs_bz460664

Result from test program:

Queue declared: authtest_xtestx
Trying to send: Test message to guest
     * Message sent *

Trying to send: Message to unknown user
     ERROR:  Could not send messages
     ** Caught expected exception: exception(error_code=403, command_id=serial(2), class_code=0, command_code=0, field_index=0, description=u'unauthorized-access: authorised user id : guest but user id in message declared as UnknownTestUser (qpid/broker/SemanticState.cpp:373)', error_info={})

Retrieving messages from queue 'authtest_xtestx'
     Recived: Test message to guest
     Queue is empty
1 message received

Comment 6 errata-xmlrpc 2009-02-04 10:36:15 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.