JAkub Scholz created QPID-5299:
----------------------------------
Summary: ACL rules should be checked before checking node's
existence and returning amqp:not-found error
Key: QPID-5299
URL: https://issues.apache.org/jira/browse/QPID-5299
Project: Qpid
Issue Type: Bug
Components: C++ Broker
Affects Versions: 0.25
Environment: Apache Qpid C++ broker, CentOS
Reporter: JAkub Scholz
When a client is connecting with AMQP 1.0 to the C++ broker and the node from
which it wants to consume messages doesn't exist, the broker throws an
amqp:not-found error even when ACL rules deny the user to access or publish
from the given node (queue).
This problem might to some extent exist also with AMQP 0.10. But the Qpid AMQP
0.10 clients always query the existence of a queue/exchange before connecting
to it and the QueueQuery / QueueDeclare calls are ACL protected, so the Qpid
based AMQP 0.10 client always receives the ACL error before the not-found
error. But I guess if you skip the QueueQuery / QueueDeclare and go directly to
MessageSubscribe the same problem as with AMQP 1.0 might exist in AMQP 0.10 as
well.
For a security reasons, I would assume that the ACL check for access or publish
rules should be done before revealing that the queue doesn't exist. The broker
should not reveal any details about its configuration if the ACL rights don't
allow it.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
