Bug 808105 - ACL syntax does not allow specifying '' exchange
Summary: ACL syntax does not allow specifying '' exchange
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp
Version: 2.1
Hardware: All
OS: Linux
medium
low
Target Milestone: 3.0
: ---
Assignee: Chuck Rolke
QA Contact: Zdenek Kraus
URL:
Whiteboard:
: 707678 (view as bug list)
Depends On: 802656
Blocks: 785156 961006
TreeView+ depends on / blocked
 
Reported: 2012-03-29 15:23 UTC by Pavel Moravec
Modified: 2018-11-29 21:18 UTC (History)
5 users (show)

Fixed In Version: qpid-cpp-0.22-4.el6, qpid-cpp-0.22-4.el5
Doc Type: Enhancement
Doc Text:
ACL PUBLISH EXCHANGE rules now have a simplified way to refer to the nameless default exchange. In situations where the default exchange requires ACL rules, it is now possible to name the unnamed exchange by specifying the keyword `amq.default` in the ACL rule syntax.
Clone Of:
: 961006 (view as bug list)
Environment:
Last Closed: 2014-09-24 15:04:11 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Apache JIRA QPID-4727 0 None None None Never
Red Hat Product Errata RHEA-2014:1296 0 normal SHIPPED_LIVE Red Hat Enterprise MRG Messaging 3.0 Release 2014-09-24 19:00:06 UTC

Description Pavel Moravec 2012-03-29 15:23:40 UTC 
Description of problem:
There is no way how to specify '' exchange in an ACL rule. These lines have been tried:
1) acl allow all publish exchange name=""
then ACL checks exchange of name '""' (string with 2 characters ")
2) acl allow all publish exchange name=''
then ACL checks exchange of name '''' (string with 2 characters ')
3) acl allow all publish exchange name=
then ACL syntax check rejects it as it requires a non-empty value

Workaround in specifying:
acl allow all publish exchange name=*
acl deny all publish exchange name=[a-zA-Z-0-9]*

is not applicable as each check would have to pass up to 62 rules.


Version-Release number of selected component (if applicable):
any (seen in 0.12)


How reproducible:
100% (missing configuration ability)


Steps to Reproduce:
n.a.

  
Actual results:
n.a.


Expected results:
n.a.


Additional info:
Can't 802656 (RFE: Support regular expressions in ACL) elegantly resolve this?
Comment 1 Justin Ross 2013-02-26 21:28:33 UTC 
*** Bug 707678 has been marked as a duplicate of this bug. ***
Comment 2 Chuck Rolke 2013-04-08 18:49:47 UTC 
Committed upstream trunk at r1465719

The patch adds an ACL keyword "amq.default" that stands in for the unnamed exchange during PUBLISH EXCHANGE lookups. The rule:

 acl allow mrPavel publish exchange name=amq.default routingkey=secretqueue

allows mrPavel to publish to secretqueue.
Comment 4 Zdenek Kraus 2013-07-18 08:45:38 UTC 
Fix is OK.

Issue was tested on RHEL5 and RHEL6, i686 and x86_64 with packages:
python-qpid-0.22-4
python-qpid-qmf-0.22-6
qpid-cpp-client-ssl-0.22-7
qpid-cpp-server-store-0.22-7
qpid-proton-c-0.4-2.2
qpid-cpp-client-0.22-7
qpid-cpp-client-rdma-0.22-7
qpid-cpp-server-ssl-0.22-7
qpid-cpp-server-ha-0.22-7
qpid-tools-0.22-3
qpid-cpp-server-0.22-7
qpid-qmf-0.22-6
qpid-cpp-server-devel-0.22-7
qpid-cpp-debuginfo-0.22-7
qpid-cpp-client-devel-0.22-7
qpid-cpp-server-xml-0.22-7
qpid-cpp-server-rdma-0.22-7
qpid-cpp-client-devel-docs-0.22-7

->VERIFIED
Comment 6 errata-xmlrpc 2014-09-24 15:04:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-1296.html
Note You need to log in before you can comment on or make changes to this bug.