qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gordon Sim (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (QPID-5203) Python client unexpected exception after ACL denial
Date Mon, 28 Oct 2013 09:31:32 GMT

     [ https://issues.apache.org/jira/browse/QPID-5203?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Gordon Sim updated QPID-5203:
-----------------------------

    Attachment: QPID-5203-suggested.patch

I think the fix made for this issue was not the best one. Rather than resetting the error,
I think it would be better to simply return from the session close if there is already an
error (since this will most likely have ended the session anyway).

This is the same approach already taken by the c++ client on 0-10.

As it stands the change previously made caused a test hang, though the test itself has now
been modified (http://svn.apache.org/r1535801) to fix that. With the patch I'm attaching now,
the tests (unmodified) passed  as did the original reproducer here.

> Python client unexpected exception after ACL denial
> ---------------------------------------------------
>
>                 Key: QPID-5203
>                 URL: https://issues.apache.org/jira/browse/QPID-5203
>             Project: Qpid
>          Issue Type: Bug
>          Components: Python Client
>    Affects Versions: 0.24
>            Reporter: Pavel Moravec
>            Assignee: Pavel Moravec
>            Priority: Minor
>             Fix For: 0.25
>
>         Attachments: bz974940.py, QPID-5203-suggested.patch
>
>
> Description of problem:
> After ACL denies a command from qpid Python client, an attempt to close either session
or connection raises unexpected exception (relevant to ACL, though). While at that time, session
is properly closed and connection is working fine.
> Version-Release number of selected component (if applicable):
> every
> How reproducible:
> 100%
> Steps to Reproduce:
> 1. Have ACL file:
> acl deny all consume all
> acl allow all all
> 2. Run attached script.
> Actual results:
> ----------------------------------------------------------------------------------------------------
> Create receiver failed with exception
> Traceback (most recent call last):
>   File "ACL_denial_session-hang.py", line 13, in <module>
>     recv = session.receiver('testQ; {create:always}')
>   File "<string>", line 6, in receiver
>   File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 616, in receiver
>     receiver._ewait(lambda: receiver.linked)
>   File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 973, in _ewait
>     result = self.session._ewait(lambda: self.error or predicate(), timeout)
>   File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 567, in _ewait
>     self.check_error()
>   File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 556, in check_error
>     raise self.error
> UnauthorizedAccess: unauthorized-access: ACL denied Queue subscribe request from guest@QPID
(qpid/broker/SessionAdapter.cpp:399)(403)
> ----------------------------------------------------------------------------------------------------
> Session close failed with exception
> Traceback (most recent call last):
>   File "ACL_denial_session-hang.py", line 19, in <module>
>     session.close()
>   File "<string>", line 6, in close
>   File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 739, in close
>     self.sync(timeout=timeout)
>   File "<string>", line 6, in sync
>   File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 731, in sync
>     if not self._ewait(lambda: not self.outgoing and not self.acked, timeout=timeout):
>   File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 567, in _ewait
>     self.check_error()
>   File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 556, in check_error
>     raise self.error
> UnauthorizedAccess: unauthorized-access: ACL denied Queue subscribe request from guest@QPID
(qpid/broker/SessionAdapter.cpp:399)(403)
> ----------------------------------------------------------------------------------------------------
> Connection close failed with exception
> Traceback (most recent call last):
>   File "ACL_denial_session-hang.py", line 25, in <module>
>     connection.close()
>   File "<string>", line 6, in close
>   File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 316, in close
>     ssn.close(timeout=timeout)
>   File "<string>", line 6, in close
>   File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 739, in close
>     self.sync(timeout=timeout)
>   File "<string>", line 6, in sync
>   File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 731, in sync
>     if not self._ewait(lambda: not self.outgoing and not self.acked, timeout=timeout):
>   File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 567, in _ewait
>     self.check_error()
>   File "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 556, in check_error
>     raise self.error
> UnauthorizedAccess: unauthorized-access: ACL denied Queue subscribe request from guest@QPID
(qpid/broker/SessionAdapter.cpp:399)(403)
> Expected results:
> Just the first exception is printed - when the "session.receiver" fails due to ACL.
> Additional info:
> Some hints for fixing it:
> - session object is properly closed. Just an attempt to close it again raises that exception.
When trying to close a closed session without an ACL deny, no exception is raised
> - connection object is properly working and closing it really closes the AMQP connection.
And the connection object can be normally used later on.
> - it seems to me like:
> a) exception raised and stored somewhere
> b) program catches it
> c) Python library should delete it from the stored place / variable but it does not do
so
> d) any action on affected session/connection first checks for the stored exception, finds
it so re-raises it
> Workaround:
> try:
>         # this should fail - ACL does not allow this
>         recv = session.receiver('testQ; {create:always}')
> except Exception as e1:
>         try:
>                 session.close()
>         except Exception as e2:
>                 "if e2 is ACL exception, then:"
>                         session = connection.session()
>                         ..
>                 "else close connection"



--
This message was sent by Atlassian JIRA
(v6.1#6144)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message