[
https://issues.apache.org/jira/browse/CLOUDSTACK-2555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chandan Purushothama updated CLOUDSTACK-2555:
---------------------------------------------
Description:
FS Referred:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Allow+ACL+on+all+level+4+protocols
No check is being made to prevent protocol number "0"
==========
Observations:
==========
2013-05-17 00:56:37,925 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null)
===START=== 10.216.50.223 -- GET
command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544
2013-05-17 00:56:37,927 DEBUG [cloud.server.StatsCollector]
(StatsCollector-1:null) VmStatsCollector is running...
2013-05-17 00:56:37,934 DEBUG [cloud.user.AccountManagerImpl]
(catalina-exec-14:null) Access to Acct[3-atoms] granted to Acct[3-atoms] by
DomainChecker_EnhancerByCloudStack_fcb6b9a3
2013-05-17 00:56:37,936 DEBUG [cloud.user.AccountManagerImpl]
(catalina-exec-14:null) Access to [VPC [1-Atoms-VPC-1] granted to Acct[3-atoms]
by DomainChecker_EnhancerByCloudStack_fcb6b9a3
2013-05-17 00:56:37,960 DEBUG [cloud.async.AsyncJobManagerImpl]
(catalina-exec-14:null) submit async job-17, details: AsyncJobVO {id:17,
userId: 3, accountId: 3, sessionKey: null, instanceType: None, instanceId: 7,
cmd: org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd,
cmdOriginator: null, cmdInfo:
{"sessionkey":"FdsUPSO6Hn50i9jBn9rk91+Tcyk\u003d","protocol":"0","ctxUserId":"3","httpmethod":"GET","startport":"22","endport":"80","response":"json","id":"7","aclid":"62132cc2-bdf0-4248-8b81-7188f38d50e3","action":"Allow","cidrlist":"10.223.110.232/32","_":"1368776784544","ctxAccountId":"3","ctxStartEventId":"65"},
cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0,
processStatus: 0, resultCode: 0, result: null, initMsid: 7508777239729,
completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
2013-05-17 00:56:37,962 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null)
===END=== 10.216.50.223 -- GET
command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544
was:
FS Referred:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Allow+ACL+on+all+level+4+protocols
==========
Observations:
==========
2013-05-17 00:56:37,925 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null)
===START=== 10.216.50.223 -- GET
command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544
2013-05-17 00:56:37,927 DEBUG [cloud.server.StatsCollector]
(StatsCollector-1:null) VmStatsCollector is running...
2013-05-17 00:56:37,934 DEBUG [cloud.user.AccountManagerImpl]
(catalina-exec-14:null) Access to Acct[3-atoms] granted to Acct[3-atoms] by
DomainChecker_EnhancerByCloudStack_fcb6b9a3
2013-05-17 00:56:37,936 DEBUG [cloud.user.AccountManagerImpl]
(catalina-exec-14:null) Access to [VPC [1-Atoms-VPC-1] granted to Acct[3-atoms]
by DomainChecker_EnhancerByCloudStack_fcb6b9a3
2013-05-17 00:56:37,960 DEBUG [cloud.async.AsyncJobManagerImpl]
(catalina-exec-14:null) submit async job-17, details: AsyncJobVO {id:17,
userId: 3, accountId: 3, sessionKey: null, instanceType: None, instanceId: 7,
cmd: org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd,
cmdOriginator: null, cmdInfo:
{"sessionkey":"FdsUPSO6Hn50i9jBn9rk91+Tcyk\u003d","protocol":"0","ctxUserId":"3","httpmethod":"GET","startport":"22","endport":"80","response":"json","id":"7","aclid":"62132cc2-bdf0-4248-8b81-7188f38d50e3","action":"Allow","cidrlist":"10.223.110.232/32","_":"1368776784544","ctxAccountId":"3","ctxStartEventId":"65"},
cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0,
processStatus: 0, resultCode: 0, result: null, initMsid: 7508777239729,
completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
2013-05-17 00:56:37,962 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null)
===END=== 10.216.50.223 -- GET
command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544
> NTier: Protocol '0' is not supported as per "Allow ACL Rules on all Level 4
> Protocols" FS
> -----------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-2555
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2555
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server
> Affects Versions: 4.2.0
> Reporter: Chandan Purushothama
> Fix For: 4.2.0
>
>
> FS Referred:
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Allow+ACL+on+all+level+4+protocols
> No check is being made to prevent protocol number "0"
> ==========
> Observations:
> ==========
> 2013-05-17 00:56:37,925 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null)
> ===START=== 10.216.50.223 -- GET
> command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544
> 2013-05-17 00:56:37,927 DEBUG [cloud.server.StatsCollector]
> (StatsCollector-1:null) VmStatsCollector is running...
> 2013-05-17 00:56:37,934 DEBUG [cloud.user.AccountManagerImpl]
> (catalina-exec-14:null) Access to Acct[3-atoms] granted to Acct[3-atoms] by
> DomainChecker_EnhancerByCloudStack_fcb6b9a3
> 2013-05-17 00:56:37,936 DEBUG [cloud.user.AccountManagerImpl]
> (catalina-exec-14:null) Access to [VPC [1-Atoms-VPC-1] granted to
> Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_fcb6b9a3
> 2013-05-17 00:56:37,960 DEBUG [cloud.async.AsyncJobManagerImpl]
> (catalina-exec-14:null) submit async job-17, details: AsyncJobVO {id:17,
> userId: 3, accountId: 3, sessionKey: null, instanceType: None, instanceId: 7,
> cmd: org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd,
> cmdOriginator: null, cmdInfo:
> {"sessionkey":"FdsUPSO6Hn50i9jBn9rk91+Tcyk\u003d","protocol":"0","ctxUserId":"3","httpmethod":"GET","startport":"22","endport":"80","response":"json","id":"7","aclid":"62132cc2-bdf0-4248-8b81-7188f38d50e3","action":"Allow","cidrlist":"10.223.110.232/32","_":"1368776784544","ctxAccountId":"3","ctxStartEventId":"65"},
> cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0,
> processStatus: 0, resultCode: 0, result: null, initMsid: 7508777239729,
> completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
> 2013-05-17 00:56:37,962 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null)
> ===END=== 10.216.50.223 -- GET
> command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
