1. Qpid
  2. QPID-4775

ACL delete action should not ignore object's properties other than name


    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 0.18, 0.20
    • Fix Version/s: 0.23
    • Component/s: C++ Broker
    • Labels:


      Description of problem:
      ACL rule like:

      acl allow all delete queue autodelete=true

      should allow deletion of autodelete queues only. While any queue can be deleted. The same applies to any object's property other than queue's name (see Broker::deleteQueue method and how acl->authorise is called).

      The same applies not only to queues but also to exchanges.

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:
      1. cat <acl-file>

      1. simply allow all except for deleting non-durable queue
        acl allow-log all consume all
        acl allow-log all publish all
        acl allow-log all create all
        acl allow-log all access all
        acl allow-log all bind all
        acl allow-log all unbind all
        acl allow-log all purge all
        acl allow-log all update all
        acl allow-log all delete exchange
        acl allow-log all delete queue durable=true
        acl deny-log all all

      2. Start broker with auth=yes and the ACL file
      3. qpid-config -b admin/admin@localhost:5672 add queue TransientQueue
      4. qpid-config -b admin/admin@localhost:5672 del queue TransientQueue

      Actual results:
      Steps 3 and 4 pass.

      Expected results:
      Deleting queue should fail, as the queue is not durable.

      In fact, even creating the queue that way should raise an exception, as deleting auxiliary queue named like "4135cd9e-04b8-4cef-bcd0-5404444d7a04:0.0" (where the qpid-config gets response) should fail.

      Additional info:
      Same scenarios are applicable for all other queue properties and/or exchange properties. Just queue/exchange name is checked.

      Patch proposed.

      1. bz955674.patch
        4 kB
        Pavel Moravec


        No work has yet been logged on this issue.


          • Assignee:
            Pavel Moravec
          • Votes:
            0 Vote for this issue
            3 Start watching this issue


            • Created: