[ https://issues.apache.org/jira/browse/CLOUDSTACK-2555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chandan Purushothama updated CLOUDSTACK-2555: --------------------------------------------- Description: FS Referred: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Allow+ACL+on+all+level+4+protocols No check is being made to prevent protocol number "0" ========== Observations: ========== 2013-05-17 00:56:37,925 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null) ===START=== 10.216.50.223 -- GET command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544 2013-05-17 00:56:37,927 DEBUG [cloud.server.StatsCollector] (StatsCollector-1:null) VmStatsCollector is running... 2013-05-17 00:56:37,934 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-14:null) Access to Acct[3-atoms] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_fcb6b9a3 2013-05-17 00:56:37,936 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-14:null) Access to [VPC [1-Atoms-VPC-1] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_fcb6b9a3 2013-05-17 00:56:37,960 DEBUG [cloud.async.AsyncJobManagerImpl] (catalina-exec-14:null) submit async job-17, details: AsyncJobVO {id:17, userId: 3, accountId: 3, sessionKey: null, instanceType: None, instanceId: 7, cmd: org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd, cmdOriginator: null, cmdInfo: {"sessionkey":"FdsUPSO6Hn50i9jBn9rk91+Tcyk\u003d","protocol":"0","ctxUserId":"3","httpmethod":"GET","startport":"22","endport":"80","response":"json","id":"7","aclid":"62132cc2-bdf0-4248-8b81-7188f38d50e3","action":"Allow","cidrlist":"10.223.110.232/32","_":"1368776784544","ctxAccountId":"3","ctxStartEventId":"65"}, cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, processStatus: 0, resultCode: 0, result: null, initMsid: 7508777239729, completeMsid: null, lastUpdated: null, lastPolled: null, created: null} 2013-05-17 00:56:37,962 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null) ===END=== 10.216.50.223 -- GET command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544 was: FS Referred: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Allow+ACL+on+all+level+4+protocols ========== Observations: ========== 2013-05-17 00:56:37,925 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null) ===START=== 10.216.50.223 -- GET command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544 2013-05-17 00:56:37,927 DEBUG [cloud.server.StatsCollector] (StatsCollector-1:null) VmStatsCollector is running... 2013-05-17 00:56:37,934 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-14:null) Access to Acct[3-atoms] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_fcb6b9a3 2013-05-17 00:56:37,936 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-14:null) Access to [VPC [1-Atoms-VPC-1] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_fcb6b9a3 2013-05-17 00:56:37,960 DEBUG [cloud.async.AsyncJobManagerImpl] (catalina-exec-14:null) submit async job-17, details: AsyncJobVO {id:17, userId: 3, accountId: 3, sessionKey: null, instanceType: None, instanceId: 7, cmd: org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd, cmdOriginator: null, cmdInfo: {"sessionkey":"FdsUPSO6Hn50i9jBn9rk91+Tcyk\u003d","protocol":"0","ctxUserId":"3","httpmethod":"GET","startport":"22","endport":"80","response":"json","id":"7","aclid":"62132cc2-bdf0-4248-8b81-7188f38d50e3","action":"Allow","cidrlist":"10.223.110.232/32","_":"1368776784544","ctxAccountId":"3","ctxStartEventId":"65"}, cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, processStatus: 0, resultCode: 0, result: null, initMsid: 7508777239729, completeMsid: null, lastUpdated: null, lastPolled: null, created: null} 2013-05-17 00:56:37,962 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null) ===END=== 10.216.50.223 -- GET command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544 > NTier: Protocol '0' is not supported as per "Allow ACL Rules on all Level 4 > Protocols" FS > ----------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-2555 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2555 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server > Affects Versions: 4.2.0 > Reporter: Chandan Purushothama > Fix For: 4.2.0 > > > FS Referred: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Allow+ACL+on+all+level+4+protocols > No check is being made to prevent protocol number "0" > ========== > Observations: > ========== > 2013-05-17 00:56:37,925 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null) > ===START=== 10.216.50.223 -- GET > command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544 > 2013-05-17 00:56:37,927 DEBUG [cloud.server.StatsCollector] > (StatsCollector-1:null) VmStatsCollector is running... > 2013-05-17 00:56:37,934 DEBUG [cloud.user.AccountManagerImpl] > (catalina-exec-14:null) Access to Acct[3-atoms] granted to Acct[3-atoms] by > DomainChecker_EnhancerByCloudStack_fcb6b9a3 > 2013-05-17 00:56:37,936 DEBUG [cloud.user.AccountManagerImpl] > (catalina-exec-14:null) Access to [VPC [1-Atoms-VPC-1] granted to > Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_fcb6b9a3 > 2013-05-17 00:56:37,960 DEBUG [cloud.async.AsyncJobManagerImpl] > (catalina-exec-14:null) submit async job-17, details: AsyncJobVO {id:17, > userId: 3, accountId: 3, sessionKey: null, instanceType: None, instanceId: 7, > cmd: org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd, > cmdOriginator: null, cmdInfo: > {"sessionkey":"FdsUPSO6Hn50i9jBn9rk91+Tcyk\u003d","protocol":"0","ctxUserId":"3","httpmethod":"GET","startport":"22","endport":"80","response":"json","id":"7","aclid":"62132cc2-bdf0-4248-8b81-7188f38d50e3","action":"Allow","cidrlist":"10.223.110.232/32","_":"1368776784544","ctxAccountId":"3","ctxStartEventId":"65"}, > cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, > processStatus: 0, resultCode: 0, result: null, initMsid: 7508777239729, > completeMsid: null, lastUpdated: null, lastPolled: null, created: null} > 2013-05-17 00:56:37,962 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null) > ===END=== 10.216.50.223 -- GET > command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira