qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chuck Rolke (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-4947) C++ Broker could use ACL to restrict hosts from which a user may connect
Date Mon, 23 Jun 2014 19:14:25 GMT

    [ https://issues.apache.org/jira/browse/QPID-4947?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14041154#comment-14041154
] 

Chuck Rolke commented on QPID-4947:
-----------------------------------

h1. Address specification
{noformat}
  <address-spec> ::= <address> ["-"<address>]
  <address>      ::= <addr>["/"<int>"]         (int >0, <128)
  <addr>         ::= <hostname> | <domainname> |
                     <literal IPv4> |
                  "["<literal IPv6>"]"
{noformat}
Users may construct a broad range of host addresses and ranges.

h1. ACL command
{noformat}
  acl allow|deny create connection address=<address-spec>|* [user=<user-spec>]
{noformat}
h1. Two different limit checks.
The two forms of the command are used at two different places in the connection creation process.

h2. No user name
The command without a user name spec are used at the socket level to stop the socket accept.
This is a highly efficient way to block a node or set of nodes from any connection attempt.

This is a new point at which connections will be blocked and mechanisms to implement it must
be added.

The use case for this check is a simple and efficient black list or white list of allowed
client host addresses.

h2. With user name
The command with a user name spec is used much later in the connection process: the socket
is accepted and the AMQP protocol runs far enough to  determine the authenticated user name.

ACL is already called from the connection process to count connections and possibly to block
connections if a user has too many open. This test will be a new limit to block a user at
the same place that counted connections are rejected.

The use case for this check is to limit the hosts from which a user is allowed to connect.
For example

h3. Example with specified user name
Company example.com administers a broker. Some customers from CompanyA and others from CompanyB
have user accounts on the system. The broker ACL may be configured with the following limits:
{noformat}
  acl allow create connection address=corp.example.com user=admin*
  acl allow create connection address=10.0.0.0/8       user=admin*
  acl allow create connection address=192.168.0.0/16   user=admin*
  acl allow create connection address=[fc00::]/7       user=admin*
  acl deny  create connection address=*                user=admin*
  
  acl allow create connection address=companya.com user=companyA*
  acl deny  create connection address=*            user=companyA*
  
  acl allow create connection address=companyb.com user=companyB*
  acl deny  create connection address=*            user=companyB*
{noformat}
Now admin users may log in ony from systems on the corporate network or local subnet; companyA
users must create connections from companya.com; and companyB users must log in from companyb.com.

> C++ Broker could use ACL to restrict hosts from which a user may connect
> ------------------------------------------------------------------------
>
>                 Key: QPID-4947
>                 URL: https://issues.apache.org/jira/browse/QPID-4947
>             Project: Qpid
>          Issue Type: Improvement
>          Components: C++ Broker
>    Affects Versions: 0.20
>            Reporter: Chuck Rolke
>
> Currently users can connect to the broker from anywhere. This feature would add administrative
restrictions to allow or deny connections from individual hosts or subnets.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message