Bug 522502

Event posted on 09-09-2009 09:43am EDT by rrajaram

Description of problem:

There seems to be a problem processing wildcards in ACL. e.g.

ACL:
acl allow tester@QPID unbind exchange name=foo queuename=bar routingkey=foo.*

Command:
qpid-config -a tester/tester@localhost unbind foo bar foo.bar

Broker:
2009-aug-21 11:47:42 info ACL Deny id:tester@QPID action:unbind ObjectType:exchange Name:foo
2009-aug-21 11:47:42 error Execution exception: not-allowed: ACL denied exchange unbind request from tester@QPID (qpid/broker/SessionAdapter.cpp:203)

I believe this is due to a bug in AclData::lookup
   }else if (!matchProp(paramItr->second, pMItr->second)){
should read
   }else if (!matchProp(pMItr->second, paramItr->second)){

NOTE:
This problem has already been reported at Apache under issue Id QPID-2062

How reproducible:

Always

Steps to Reproduce:

Create a wild card acl and then try to bind

Actual results:

ACL wild card is not honored

Expected results:

ACL wild card should be honored

Additional info:

https://issues.apache.org/jira/browse/QPID-2062
This event sent from IssueTracker by mcressma  [SEG - MRG]
 issue 340308

Applied patch from Tim at rev 813850 (trunk) and I also added test cases at the same rev.

Added the commit diff from git
http://git.et.redhat.com/git/qpid.git/?p=qpid.git;a=commitdiff;h=ed3dde04721ac26f6f88757ac86522d03e28afbb

The issue has been fixed on RHEL 4.8 / 5.4 i386 / x86_64 on packages:

# rpm -qa | grep qpid | sort -u
python-qpid-0.5.752581-4.el5
qpidc-0.5.752581-29.el5
qpidc-devel-0.5.752581-29.el5
qpidc-rdma-0.5.752581-29.el5
qpidc-ssl-0.5.752581-29.el5
qpidd-0.5.752581-29.el5
qpidd-acl-0.5.752581-29.el5
qpidd-devel-0.5.752581-29.el5
qpid-dotnet-0.4.738274-2.el5
qpidd-rdma-0.5.752581-29.el5
qpidd-ssl-0.5.752581-29.el5
qpidd-xml-0.5.752581-29.el5
rh-tests-distribution-MRG-Messaging-qpid_common-1.5-15

-> VERIFIED

Release note added. If any revisions are required, please set the 
"requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

New Contents:
Corrected problem processing wildcards in ACL (522502)

Release note updated. If any revisions are required, please set the 
"requires_release_notes"  flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

Diffed Contents:
@@ -1 +1,8 @@
-Corrected problem processing wildcards in ACL (522502)+Messaging bug fix.
+
+C: Creating an access control list (ACL) that contains a wildcard
+C: The wildcard is not honoured.
+F:
+R:
+
+NEED FURTHER INFO FOR RELNOTE.

I don't think we need to add any release notes as the JIRA itself is very descriptive. Hence I am removing the release note flag.

Deleted Release Notes Contents.

Old Contents:
Messaging bug fix.

C: Creating an access control list (ACL) that contains a wildcard
C: The wildcard is not honoured.
F:
R:

NEED FURTHER INFO FOR RELNOTE.

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1633.html