Bug 460664 - Broker should authenticate the user-id of any published messages
Broker should authenticate the user-id of any published messages
Status: CLOSED ERRATA
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp (Show other bugs)
1.0
All Linux
high Severity medium
: 1.1
: ---
Assigned To: Gordon Sim
Kim van der Riet
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-29 11:03 EDT by Gordon Sim
Modified: 2009-02-04 10:36 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-02-04 10:36:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Gordon Sim 2008-08-29 11:03:30 EDT
In order that receivers of the message can trust that the publisher was as declared.
Comment 1 Gordon Sim 2008-09-30 10:48:50 EDT
Test strategy:

1. start broker with authentication turned on and configured
2. connect as particular authorised user via any client
3. create a message where the userid porperty in the standard message-properties set has a value other than the user as which the connection was authenticated (e.g. in the python client something like: ssn.message_transfer(message=Message(ssn.delivery_properties(userid="invalid")))
4. verify that an exception is thrown and the message is not routed to any queues
Comment 2 Rajith Attapattu 2008-10-28 09:58:25 EDT
The above feature is checked in to the c++ broker at rev 699047 on Qpid trunk.
Comment 4 David Sommerseth 2008-12-17 05:16:01 EST
Wrote a test simple program for RHTS:   /cvs/dist/tests/distribution/MRG_Messaging/qpid_auth_user_msgs_bz460664

Result from test program:

Queue declared: authtest_xtestx
Trying to send: Test message to guest
     * Message sent *

Trying to send: Message to unknown user
     ERROR:  Could not send messages
     ** Caught expected exception: exception(error_code=403, command_id=serial(2), class_code=0, command_code=0, field_index=0, description=u'unauthorized-access: authorised user id : guest but user id in message declared as UnknownTestUser (qpid/broker/SemanticState.cpp:373)', error_info={})

Retrieving messages from queue 'authtest_xtestx'
     Recived: Test message to guest
     Queue is empty
1 message received

TEST PASSED
Comment 6 errata-xmlrpc 2009-02-04 10:36:15 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0035.html

Note You need to log in before you can comment on or make changes to this bug.