cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chandan Purushothama (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CLOUDSTACK-2555) NTier: Protocol '0' is not supported as per "Allow ACL Rules on all Level 4 Protocols" FS
Date Fri, 17 May 2013 08:17:17 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-2555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Chandan Purushothama updated CLOUDSTACK-2555:
---------------------------------------------

    Description: 
FS Referred: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Allow+ACL+on+all+level+4+protocols

No check is being made to prevent protocol number "0"

==========
Observations:
==========

2013-05-17 00:56:37,925 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null) ===START=== 
10.216.50.223 -- GET  command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544
2013-05-17 00:56:37,927 DEBUG [cloud.server.StatsCollector] (StatsCollector-1:null) VmStatsCollector
is running...
2013-05-17 00:56:37,934 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-14:null) Access
to Acct[3-atoms] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_fcb6b9a3
2013-05-17 00:56:37,936 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-14:null) Access
to [VPC [1-Atoms-VPC-1] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_fcb6b9a3
2013-05-17 00:56:37,960 DEBUG [cloud.async.AsyncJobManagerImpl] (catalina-exec-14:null) submit
async job-17, details: AsyncJobVO {id:17, userId: 3, accountId: 3, sessionKey: null, instanceType:
None, instanceId: 7, cmd: org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd,
cmdOriginator: null, cmdInfo: {"sessionkey":"FdsUPSO6Hn50i9jBn9rk91+Tcyk\u003d","protocol":"0","ctxUserId":"3","httpmethod":"GET","startport":"22","endport":"80","response":"json","id":"7","aclid":"62132cc2-bdf0-4248-8b81-7188f38d50e3","action":"Allow","cidrlist":"10.223.110.232/32","_":"1368776784544","ctxAccountId":"3","ctxStartEventId":"65"},
cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, processStatus: 0, resultCode:
0, result: null, initMsid: 7508777239729, completeMsid: null, lastUpdated: null, lastPolled:
null, created: null}
2013-05-17 00:56:37,962 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null) ===END===  10.216.50.223
-- GET  command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544


  was:
FS Referred: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Allow+ACL+on+all+level+4+protocols

==========
Observations:
==========

2013-05-17 00:56:37,925 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null) ===START=== 
10.216.50.223 -- GET  command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544
2013-05-17 00:56:37,927 DEBUG [cloud.server.StatsCollector] (StatsCollector-1:null) VmStatsCollector
is running...
2013-05-17 00:56:37,934 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-14:null) Access
to Acct[3-atoms] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_fcb6b9a3
2013-05-17 00:56:37,936 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-14:null) Access
to [VPC [1-Atoms-VPC-1] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_fcb6b9a3
2013-05-17 00:56:37,960 DEBUG [cloud.async.AsyncJobManagerImpl] (catalina-exec-14:null) submit
async job-17, details: AsyncJobVO {id:17, userId: 3, accountId: 3, sessionKey: null, instanceType:
None, instanceId: 7, cmd: org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd,
cmdOriginator: null, cmdInfo: {"sessionkey":"FdsUPSO6Hn50i9jBn9rk91+Tcyk\u003d","protocol":"0","ctxUserId":"3","httpmethod":"GET","startport":"22","endport":"80","response":"json","id":"7","aclid":"62132cc2-bdf0-4248-8b81-7188f38d50e3","action":"Allow","cidrlist":"10.223.110.232/32","_":"1368776784544","ctxAccountId":"3","ctxStartEventId":"65"},
cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, processStatus: 0, resultCode:
0, result: null, initMsid: 7508777239729, completeMsid: null, lastUpdated: null, lastPolled:
null, created: null}
2013-05-17 00:56:37,962 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null) ===END===  10.216.50.223
-- GET  command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544


    
> NTier: Protocol '0' is not supported as per "Allow ACL Rules on all Level 4 Protocols"
FS
> -----------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-2555
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2555
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.2.0
>            Reporter: Chandan Purushothama
>             Fix For: 4.2.0
>
>
> FS Referred: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Allow+ACL+on+all+level+4+protocols
> No check is being made to prevent protocol number "0"
> ==========
> Observations:
> ==========
> 2013-05-17 00:56:37,925 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null) ===START===
 10.216.50.223 -- GET  command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544
> 2013-05-17 00:56:37,927 DEBUG [cloud.server.StatsCollector] (StatsCollector-1:null) VmStatsCollector
is running...
> 2013-05-17 00:56:37,934 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-14:null)
Access to Acct[3-atoms] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_fcb6b9a3
> 2013-05-17 00:56:37,936 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-14:null)
Access to [VPC [1-Atoms-VPC-1] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_fcb6b9a3
> 2013-05-17 00:56:37,960 DEBUG [cloud.async.AsyncJobManagerImpl] (catalina-exec-14:null)
submit async job-17, details: AsyncJobVO {id:17, userId: 3, accountId: 3, sessionKey: null,
instanceType: None, instanceId: 7, cmd: org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd,
cmdOriginator: null, cmdInfo: {"sessionkey":"FdsUPSO6Hn50i9jBn9rk91+Tcyk\u003d","protocol":"0","ctxUserId":"3","httpmethod":"GET","startport":"22","endport":"80","response":"json","id":"7","aclid":"62132cc2-bdf0-4248-8b81-7188f38d50e3","action":"Allow","cidrlist":"10.223.110.232/32","_":"1368776784544","ctxAccountId":"3","ctxStartEventId":"65"},
cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, processStatus: 0, resultCode:
0, result: null, initMsid: 7508777239729, completeMsid: null, lastUpdated: null, lastPolled:
null, created: null}
> 2013-05-17 00:56:37,962 DEBUG [cloud.api.ApiServlet] (catalina-exec-14:null) ===END===
 10.216.50.223 -- GET  command=createNetworkACL&protocol=0&aclid=62132cc2-bdf0-4248-8b81-7188f38d50e3&action=Allow&cidrlist=10.223.110.232/32&startport=22&endport=80&response=json&sessionkey=FdsUPSO6Hn50i9jBn9rk91%2BTcyk%3D&_=1368776784544

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message