qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wesley Holevinski (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (QPID-5833) Message's userId check in C++ broker prevents sending messages between different users
Date Thu, 19 Jun 2014 17:56:24 GMT

     [ https://issues.apache.org/jira/browse/QPID-5833?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Wesley Holevinski updated QPID-5833:
------------------------------------

    Attachment: qpid_5833_steps.tgz

> Message's userId check in C++ broker prevents sending messages between different users
> --------------------------------------------------------------------------------------
>
>                 Key: QPID-5833
>                 URL: https://issues.apache.org/jira/browse/QPID-5833
>             Project: Qpid
>          Issue Type: Bug
>    Affects Versions: 0.28
>            Reporter: Wesley Holevinski
>         Attachments: qpid_5833_steps.tgz
>
>
> The lines in question are :
> {noformat}
> df36b35e qpid/cpp/src/qpid/broker/SemanticState.cpp (Gordon Sim               2012-08-10
12:04:27 +0000 490)     std::string id = msg.getUserId();
> ae0f6726 qpid/cpp/src/qpid/broker/SemanticState.cpp (Alan Conway              2011-12-06
15:56:40 +0000 491)     if (authMsg &&  !id.empty() && !session.getConnection().isAuthenticatedUser(id))
> 63f48b2f qpid/cpp/src/qpid/broker/SemanticState.cpp (Rajith Muditha Attapattu 2008-09-25
18:40:32 +0000 492)     {
> d7c67754 qpid/cpp/src/qpid/broker/SemanticState.cpp (Gordon Sim               2008-10-10
16:54:54 +0000 493)         QPID_LOG(debug, "authorised user id : " << userID <<
" but user id in message declared as " << id);
> d7c67754 qpid/cpp/src/qpid/broker/SemanticState.cpp (Gordon Sim               2008-10-10
16:54:54 +0000 494)         throw UnauthorizedAccessException(QPID_MSG("authorised user id
: " << userID << " but user id in messag
> 63f48b2f qpid/cpp/src/qpid/broker/SemanticState.cpp (Rajith Muditha Attapattu 2008-09-25
18:40:32 +0000 495)     }
> {noformat}
> ---
> Up until this point, we haven't been using a JMS client; we've found that the JMS client
will insert the userId into the message:
> {noformat}
> d4d85f06 (Rajith Muditha Attapattu 2008-09-25 18:35:11 +0000 117)         // On the receiving
side, this will be read in to the JMSXUserID as well.
> dd2ed172 (Rajith Muditha Attapattu 2008-10-01 19:27:19 +0000 118)         messageProps.setUserId(userIDBytes);
> d4d85f06 (Rajith Muditha Attapattu 2008-09-25 18:35:11 +0000 119)                 
> 21c61b77 (Rafael H. Schloming      2008-07-09 13:26:54 +0000 120)         if (messageId
!= null)
> 21c61b77 (Rafael H. Schloming      2008-07-09 13:26:54 +0000 121)         {
> 21c61b77 (Rafael H. Schloming      2008-07-09 13:26:54 +0000 122)             messageProps.setMessageId(messageId);
> 21c61b77 (Rafael H. Schloming      2008-07-09 13:26:54 +0000 123)         }
> {noformat}
> ---
> Our scenario:
> 1. Send message to a broker using the JMS client; authenticate as user: 'tester'
> 2. Consume message from destination queue as user 'mgmt'
> {noformat}
> Result: "unauthorized-access: authorised user id : mgmt@QPID but user id in message declared
as tester (/builddir/build/BUILD/qpid-0.28-rc2/cpp/src/qpid/broker/SemanticState.cpp:497"
> {noformat}
> ---
> I'll work on providing a full end to end simple example for this.
> ---
> Per Gordon in the mailing list:
> That error occurs in the broker when a message is sent by a client. SO I
> suspect what may be happening is that your c++ client is receiving the
> message from JMS, then sending the same message back (including the
> userid of the JMS client that originally sent it).
> If I'm right, all you need to do is clear the message in the c++ client,
> before resending it (using Message::setUserId()).
> ---



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message