Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-5203

Python client unexpected exception after ACL denial

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 0.24
    • 0.25
    • Python Client
    • None

    Description

      Description of problem:
      After ACL denies a command from qpid Python client, an attempt to close either session or connection raises unexpected exception (relevant to ACL, though). While at that time, session is properly closed and connection is working fine.

      Version-Release number of selected component (if applicable):
      every

      How reproducible:
      100%

      Steps to Reproduce:
      1. Have ACL file:
      acl deny all consume all
      acl allow all all

      2. Run attached script.

      Actual results:
      ----------------------------------------------------------------------------------------------------
      Create receiver failed with exception
      Traceback (most recent call last):
      File "ACL_denial_session-hang.py", line 13, in <module>
      recv = session.receiver('testQ;

      {create:always}

      ')
      File "<string>", line 6, in receiver
      File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 616, in receiver
      receiver._ewait(lambda: receiver.linked)
      File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 973, in _ewait
      result = self.session._ewait(lambda: self.error or predicate(), timeout)
      File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 567, in _ewait
      self.check_error()
      File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 556, in check_error
      raise self.error
      UnauthorizedAccess: unauthorized-access: ACL denied Queue subscribe request from guest@QPID (qpid/broker/SessionAdapter.cpp:399)(403)
      ----------------------------------------------------------------------------------------------------
      Session close failed with exception
      Traceback (most recent call last):
      File "ACL_denial_session-hang.py", line 19, in <module>
      session.close()
      File "<string>", line 6, in close
      File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 739, in close
      self.sync(timeout=timeout)
      File "<string>", line 6, in sync
      File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 731, in sync
      if not self._ewait(lambda: not self.outgoing and not self.acked, timeout=timeout):
      File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 567, in _ewait
      self.check_error()
      File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 556, in check_error
      raise self.error
      UnauthorizedAccess: unauthorized-access: ACL denied Queue subscribe request from guest@QPID (qpid/broker/SessionAdapter.cpp:399)(403)
      ----------------------------------------------------------------------------------------------------
      Connection close failed with exception
      Traceback (most recent call last):
      File "ACL_denial_session-hang.py", line 25, in <module>
      connection.close()
      File "<string>", line 6, in close
      File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 316, in close
      ssn.close(timeout=timeout)
      File "<string>", line 6, in close
      File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 739, in close
      self.sync(timeout=timeout)
      File "<string>", line 6, in sync
      File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 731, in sync
      if not self._ewait(lambda: not self.outgoing and not self.acked, timeout=timeout):
      File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 567, in _ewait
      self.check_error()
      File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 556, in check_error
      raise self.error
      UnauthorizedAccess: unauthorized-access: ACL denied Queue subscribe request from guest@QPID (qpid/broker/SessionAdapter.cpp:399)(403)

      Expected results:
      Just the first exception is printed - when the "session.receiver" fails due to ACL.

      Additional info:
      Some hints for fixing it:

      • session object is properly closed. Just an attempt to close it again raises that exception. When trying to close a closed session without an ACL deny, no exception is raised
      • connection object is properly working and closing it really closes the AMQP connection. And the connection object can be normally used later on.
      • it seems to me like:
        a) exception raised and stored somewhere
        b) program catches it
        c) Python library should delete it from the stored place / variable but it does not do so
        d) any action on affected session/connection first checks for the stored exception, finds it so re-raises it

      Workaround:
      try:

      1. this should fail - ACL does not allow this
        recv = session.receiver('testQ; {create:always}

        ')
        except Exception as e1:
        try:
        session.close()
        except Exception as e2:
        "if e2 is ACL exception, then:"
        session = connection.session()
        ..
        "else close connection"

      Attachments

        1. bz974940.py
          1 kB
          Pavel Moravec
        2. QPID-5203-suggested.patch
          1 kB
          Gordon Sim

        Activity

          People

            pmoravec Pavel Moravec
            pmoravec Pavel Moravec
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: