Escalated to Bugzilla from IssueTracker
Event posted on 09-09-2009 09:54am EDT by rrajaram Description of problem: There is a bug in ACL when processing the exchangeBound method: ACL: acl allow tester@QPID access exchange name=foo Code: session->exchangeBound("foo"); Broker: 2009-sep-08 09:12:17 info ACL Deny id:tester@QPID action:create ObjectType:exchange Name:foo 2009-sep-08 09:12:17 error Execution exception: not-allowed: ACL denied exhange bound request from tester@QPID (qpid/broker/SessionAdapter.cpp:234) Mind the "action:create" in the broker log file record. I believe this is due to a bug in SessionAdapter::ExchangeHandlerImpl::bound if (!acl->authorise(getConnection().getUserId(),acl::ACT_CREATE,acl::OBJ_EXCHANGE,exchangeName,¶ms) ) should read if (!acl->authorise(getConnection().getUserId(),acl::ACT_ACCESS,acl::OBJ_EXCHANGE,exchangeName,¶ms) ) Mind the "acl::ACT_CREATE" in the original authorise call. Additionally, there is a typo where "exchange" is incorrectly spelt "exhange" in most ACL message How reproducible: Always Steps to Reproduce: Create a ACL for the exchangeBound Method Actual results: Exchange bound method should not fail Expected results: Instead of create, it has to use ACT_ACCESS. Exchange bound method should succeed Additional info: Escalating this case as per Mike Cressman This event sent from IssueTracker by mcressma [SEG - MRG] issue 340322
This is fixed in rev 813850 (trunk) and test cases are checked in rev 814077 (trunk)
Added the commit diff from git http://git.et.redhat.com/git/qpid.git/?p=qpid.git;a=commitdiff;h=ed3dde04721ac26f6f88757ac86522d03e28afbb
The issue has been fixed on RHEL 4.8 / 5.4 i386 / x86_64 on packages: # rpm -qa | grep qpid | sort -u python-qpid-0.5.752581-3.el5 qpidc-0.5.752581-28.el5 qpidc-debuginfo-0.5.752581-28.el5 qpidc-devel-0.5.752581-28.el5 qpidc-perftest-0.5.752581-28.el5 qpidc-rdma-0.5.752581-28.el5 qpidc-ssl-0.5.752581-28.el5 qpidd-0.5.752581-28.el5 qpidd-acl-0.5.752581-28.el5 qpidd-cluster-0.5.752581-28.el5 qpidd-devel-0.5.752581-28.el5 qpid-dotnet-0.4.738274-2.el5 qpidd-rdma-0.5.752581-28.el5 qpidd-ssl-0.5.752581-28.el5 qpidd-xml-0.5.752581-28.el5 qpid-java-client-0.5.751061-9.el5 qpid-java-common-0.5.751061-9.el5 rh-tests-distribution-MRG-Messaging-qpid_common-1.5-15 -> VERIFIED
Release note added. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Corrected problem using ACL when processing the exchangeBound method, the method now works as expected (522495)
Release note updated. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1 +1,8 @@ -Corrected problem using ACL when processing the exchangeBound method, the method now works as expected (522495)+Messaging bug fix + +C: Creating an Access Control List (ACL) for the exchangeBound method +C: The exchangeBound method fails +F: The method has been changed so that it uses ACT_ACCESS instead of the create command +R: The exchangeBound method no longer fails + +Creating an Access Control List (ACL) for the exchangeBound method, was resulting in the method failing. It has now been changed so that it uses ACT_ACCESS instead of the create command, and the method no longer fails.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1633.html