Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
0.18, 0.20
Description
Description of problem:
ACL rule like:
acl allow all delete queue autodelete=true
should allow deletion of autodelete queues only. While any queue can be deleted. The same applies to any object's property other than queue's name (see Broker::deleteQueue method and how acl->authorise is called).
The same applies not only to queues but also to exchanges.
Version-Release number of selected component (if applicable):
any
How reproducible:
100%
Steps to Reproduce:
1. cat <acl-file>
- simply allow all except for deleting non-durable queue
acl allow-log all consume all
acl allow-log all publish all
acl allow-log all create all
acl allow-log all access all
acl allow-log all bind all
acl allow-log all unbind all
acl allow-log all purge all
acl allow-log all update all
acl allow-log all delete exchange
acl allow-log all delete queue durable=true
acl deny-log all all
2. Start broker with auth=yes and the ACL file
3. qpid-config -b admin/admin@localhost:5672 add queue TransientQueue
4. qpid-config -b admin/admin@localhost:5672 del queue TransientQueue
Actual results:
Steps 3 and 4 pass.
Expected results:
Deleting queue should fail, as the queue is not durable.
In fact, even creating the queue that way should raise an exception, as deleting auxiliary queue named like "4135cd9e-04b8-4cef-bcd0-5404444d7a04:0.0" (where the qpid-config gets response) should fail.
Additional info:
Same scenarios are applicable for all other queue properties and/or exchange properties. Just queue/exchange name is checked.
Patch proposed.