Description: Fixes CVE-2012-4064,CVE-2012-4065
Author: Steve Jones <steve.jones@eucalyptus.com>

diff --git a/clc/modules/msgs/src/main/java/com/eucalyptus/context/Context.java b/clc/modules/msgs/src/main/java/com/eucalyptus/context/Context.java
index d0e4e9a..06d3dd0 100644
--- a/clc/modules/msgs/src/main/java/com/eucalyptus/context/Context.java
+++ b/clc/modules/msgs/src/main/java/com/eucalyptus/context/Context.java
@@ -115,31 +115,8 @@ public class Context {
     return UserFullName.getInstance( this.getUser( ) );
   }
   
-  public OwnerFullName getEffectiveUserFullName( ) {
-    String effectiveUserId = this.getRequest( ).getEffectiveUserId( );
-    if ( this.getRequest( ) != null && Principals.systemFullName( ).getUserName( ).equals( effectiveUserId ) ) {
-      return Principals.systemFullName( );
-      /** system **/
-    } else if ( this.getRequest( ) == null || effectiveUserId == null ) {
-      return Principals.nobodyFullName( );
-      /** unset **/
-    } else if ( !effectiveUserId.equals( this.getUserFullName( ).getUserName( ) ) ) {
-      try {
-        return UserFullName.getInstance( Accounts.lookupUserByName( effectiveUserId ) );
-      } catch ( RuntimeException ex ) {
-        LOG.error( ex );
-        return UserFullName.getInstance( this.getUser( ) );
-      } catch ( AuthException ex ) {
-        LOG.error( ex, ex );
-        return UserFullName.getInstance( this.getUser( ) );
-      }
-    } else {
-      return UserFullName.getInstance( this.getUser( ) );
-    }
-  }
-  
   public boolean hasAdministrativePrivileges( ) {
-    return Principals.systemFullName().equals( this.getEffectiveUserFullName( ) ) || this.getUser( ).isSystemAdmin( );
+    return this.getUser( ).isSystemAdmin( );
   }
   
   public User getUser( ) {
diff --git a/clc/modules/msgs/src/main/java/com/eucalyptus/ws/Handlers.java b/clc/modules/msgs/src/main/java/com/eucalyptus/ws/Handlers.java
index 2fbe7ad..d2a9f91 100644
--- a/clc/modules/msgs/src/main/java/com/eucalyptus/ws/Handlers.java
+++ b/clc/modules/msgs/src/main/java/com/eucalyptus/ws/Handlers.java
@@ -63,6 +63,8 @@
 
 package com.eucalyptus.ws;
 
+import static com.eucalyptus.component.ComponentId.ComponentMessage;
+import static com.eucalyptus.component.ComponentId.ComponentPart;
 import java.net.URI;
 import java.util.HashMap;
 import java.util.List;
@@ -71,6 +73,7 @@ import java.util.NoSuchElementException;
 import java.util.concurrent.ConcurrentMap;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
+import javax.annotation.Nullable;
 import org.apache.log4j.Logger;
 import org.jboss.netty.buffer.ChannelBuffer;
 import org.jboss.netty.buffer.ChannelBuffers;
@@ -123,6 +126,7 @@ import com.eucalyptus.http.MappingHttpMessage;
 import com.eucalyptus.http.MappingHttpRequest;
 import com.eucalyptus.http.MappingHttpResponse;
 import com.eucalyptus.records.Logs;
+import com.eucalyptus.system.Ats;
 import com.eucalyptus.util.Exceptions;
 import com.eucalyptus.ws.handlers.BindingHandler;
 import com.eucalyptus.ws.handlers.InternalWsSecHandler;
@@ -416,7 +420,43 @@ public class Handlers {
     };
     
   }
-  
+
+  @ChannelPipelineCoverage( "one" )
+  private static final class ComponentMessageCheckHandler implements ChannelUpstreamHandler {
+    @Nullable
+    private final Class<? extends ComponentId> componentIdClass;
+
+    private ComponentMessageCheckHandler( final Class<? extends ComponentId> componentIdClass ) {
+      this.componentIdClass = componentIdClass;
+    }
+
+    @Override
+    public void handleUpstream( final ChannelHandlerContext channelHandlerContext,
+                                final ChannelEvent channelEvent ) throws Exception {
+      if ( channelEvent instanceof MessageEvent && componentIdClass != null ) {
+        final BaseMessage message = BaseMessage.extractMessage( channelEvent );
+        final ComponentMessage componentMessage = message==null ? null :
+            Ats.inClassHierarchy( message ).get( ComponentMessage.class );
+        if ( message != null && (componentMessage == null || !componentIdClass.equals( componentMessage.value() ) ) ) {
+          LOG.warn( String.format("Message %s does not match pipeline component %s",
+              message.getClass(),
+              componentIdClass.getSimpleName() ) );
+
+          final MappingHttpMessage mappingHttpMessage = MappingHttpMessage.extractMessage( channelEvent );
+          final BaseMessage baseMessage = BaseMessage.extractMessage( channelEvent );
+          if ( baseMessage != null ) {
+            Contexts.clear( Contexts.lookup( baseMessage.getCorrelationId()) );
+          }
+          channelHandlerContext.getChannel( ).write( new MappingHttpResponse(
+              mappingHttpMessage==null ? HttpVersion.HTTP_1_1  : mappingHttpMessage.getProtocolVersion( ),
+              HttpResponseStatus.BAD_REQUEST ) );
+          return;
+        }
+      }
+      channelHandlerContext.sendUpstream( channelEvent );
+    }
+  }
+
   static void sendRedirect( final ChannelHandlerContext ctx, final ChannelEvent e, final Class<? extends ComponentId> compClass, final MappingHttpRequest request ) {
     e.getFuture( ).cancel( );
     String redirectUri = null;
@@ -478,7 +518,12 @@ public class Handlers {
     }
     
   }
-  
+
+  public static void addComponentHandlers( final Class<? extends ComponentId> componentIdClass,
+                                           final ChannelPipeline pipeline ) {
+    pipeline.addLast( "msg-component-check", new ComponentMessageCheckHandler( componentIdClass ) );
+  }
+
   public static void addSystemHandlers( final ChannelPipeline pipeline ) {
     pipeline.addLast( "service-state-check", internalServiceStateHandler( ) );
     pipeline.addLast( "service-specific-mangling", ServiceHackeryHandler.INSTANCE );
diff --git a/clc/modules/msgs/src/main/java/com/eucalyptus/ws/handlers/BindingHandler.java b/clc/modules/msgs/src/main/java/com/eucalyptus/ws/handlers/BindingHandler.java
index 40e70f7..2e9abc6 100644
--- a/clc/modules/msgs/src/main/java/com/eucalyptus/ws/handlers/BindingHandler.java
+++ b/clc/modules/msgs/src/main/java/com/eucalyptus/ws/handlers/BindingHandler.java
@@ -63,6 +63,7 @@
  */
 package com.eucalyptus.ws.handlers;
 
+import java.util.regex.Pattern;
 import org.apache.axiom.om.OMElement;
 import org.apache.axiom.om.OMNamespace;
 import org.apache.log4j.Logger;
@@ -89,19 +90,27 @@ public class BindingHandler extends MessageStackHandler {
   private Binding       binding;
   private String        namespace;
   private final Binding defaultBinding;
+  private final Pattern namespacePattern;
   
   public BindingHandler( ) {
     super( );
     this.defaultBinding = null;
-    this.namespace = null;
+    this.namespacePattern = null;
   }
   
   public BindingHandler( final Binding binding ) {
     this.binding = binding;
     this.defaultBinding = binding;
-    this.namespace = null;
+    this.namespacePattern = null;
   }
-  
+
+  public BindingHandler( final Binding binding,
+                         final Pattern namespacePattern ) {
+    this.binding = binding;
+    this.defaultBinding = binding;
+    this.namespacePattern = namespacePattern;
+  }
+
   @Override
   public void incomingMessage( final MessageEvent event ) throws Exception {
     if ( event.getMessage( ) instanceof MappingHttpMessage ) {
@@ -113,6 +122,9 @@ public class BindingHandler extends MessageStackHandler {
         OMElement elem = httpMessage.getOmMessage( );
         OMNamespace omNs = elem.getNamespace( );
         namespace = omNs.getNamespaceURI( );
+        if ( namespacePattern != null && !namespacePattern.matcher( namespace ).matches() ) {
+          throw new WebServicesException( "Invalid request" );
+        }
         this.binding = BindingManager.getBinding( BindingManager.sanitizeNamespace( namespace ) );
         msgType = this.binding.getElementClass( httpMessage.getOmMessage( ).getLocalName( ) );
       } catch ( BindingException ex ) {
diff --git a/clc/modules/msgs/src/main/java/com/eucalyptus/ws/server/NioServerHandler.java b/clc/modules/msgs/src/main/java/com/eucalyptus/ws/server/NioServerHandler.java
index 68cd786..bb6c422 100644
--- a/clc/modules/msgs/src/main/java/com/eucalyptus/ws/server/NioServerHandler.java
+++ b/clc/modules/msgs/src/main/java/com/eucalyptus/ws/server/NioServerHandler.java
@@ -63,6 +63,7 @@
  */
 package com.eucalyptus.ws.server;
 
+import static com.eucalyptus.component.ComponentId.ComponentPart;
 import java.util.concurrent.Callable;
 import java.util.concurrent.atomic.AtomicReference;
 import javax.security.auth.login.LoginException;
@@ -93,9 +94,9 @@ import com.eucalyptus.context.Contexts;
 import com.eucalyptus.http.MappingHttpMessage;
 import com.eucalyptus.http.MappingHttpRequest;
 import com.eucalyptus.records.Logs;
+import com.eucalyptus.system.Ats;
 import com.eucalyptus.util.Exceptions;
 import com.eucalyptus.ws.Handlers;
-import com.eucalyptus.ws.StackConfiguration;
 import com.eucalyptus.ws.WebServicesException;
 
 @ChannelPipelineCoverage( "one" )
@@ -146,9 +147,13 @@ public class NioServerHandler extends SimpleChannelUpstreamHandler {//TODO:GRZE:
       if ( Logs.isExtrrreeeme( ) && request instanceof MappingHttpMessage ) {
         Logs.extreme( ).trace( ( ( MappingHttpMessage ) request ).logMessage( ) );
       }
-      FilteredPipeline filteredPipeline = Pipelines.find( request );
+      final FilteredPipeline filteredPipeline = Pipelines.find( request );
       if ( this.pipeline.compareAndSet( null, filteredPipeline ) ) {
         this.pipeline.get( ).unroll( ctx.getPipeline( ) );
+        final Ats ats = Ats.inClassHierarchy( filteredPipeline );
+        Handlers.addComponentHandlers(
+            ats.has(ComponentPart.class) ? ats.get(ComponentPart.class).value() : null,
+            ctx.getPipeline() );
         Handlers.addSystemHandlers( ctx.getPipeline( ) );
       }
     } catch ( DuplicatePipelineException e1 ) {
diff --git a/clc/modules/wsstack/src/main/java/com/eucalyptus/ws/server/EucalyptusSoapPipeline.java b/clc/modules/wsstack/src/main/java/com/eucalyptus/ws/server/EucalyptusSoapPipeline.java
index c3dd2e4..bb23612 100644
--- a/clc/modules/wsstack/src/main/java/com/eucalyptus/ws/server/EucalyptusSoapPipeline.java
+++ b/clc/modules/wsstack/src/main/java/com/eucalyptus/ws/server/EucalyptusSoapPipeline.java
@@ -63,6 +63,7 @@
  */
 package com.eucalyptus.ws.server;
 
+import java.util.regex.Pattern;
 import org.jboss.netty.channel.ChannelPipeline;
 import org.jboss.netty.handler.codec.http.HttpRequest;
 import com.eucalyptus.binding.BindingManager;
@@ -90,7 +91,11 @@ public class EucalyptusSoapPipeline extends FilteredPipeline {
   @Override
   public ChannelPipeline addHandlers( ChannelPipeline pipeline ) {
     auth.unrollStage( pipeline );
-    pipeline.addLast( "binding", new BindingHandler( BindingManager.getBinding( DEFAULT_EC2_SOAP_NAMESPACE ) ) );
+    pipeline.addLast( "binding",
+        new BindingHandler(
+            BindingManager.getBinding( DEFAULT_EC2_SOAP_NAMESPACE ),
+            Pattern.compile( "http://ec2.amazonaws.com/doc/\\d\\d\\d\\d-\\d\\d-\\d\\d/" ) )
+    );
     return pipeline;
   }
 }
diff --git a/clc/modules/wsstack/src/main/java/com/eucalyptus/ws/server/WalrusSoapPipeline.java b/clc/modules/wsstack/src/main/java/com/eucalyptus/ws/server/WalrusSoapPipeline.java
index b5efee4..4495594 100644
--- a/clc/modules/wsstack/src/main/java/com/eucalyptus/ws/server/WalrusSoapPipeline.java
+++ b/clc/modules/wsstack/src/main/java/com/eucalyptus/ws/server/WalrusSoapPipeline.java
@@ -64,8 +64,10 @@
 
 package com.eucalyptus.ws.server;
 
+import java.util.regex.Pattern;
 import org.jboss.netty.channel.ChannelPipeline;
 import org.jboss.netty.handler.codec.http.HttpRequest;
+import com.eucalyptus.binding.BindingManager;
 import com.eucalyptus.component.ComponentId.ComponentPart;
 import com.eucalyptus.component.id.Walrus;
 import com.eucalyptus.ws.handlers.BindingHandler;
@@ -74,6 +76,8 @@ import com.eucalyptus.ws.stages.WalrusSoapUserAuthenticationStage;
 
 @ComponentPart( Walrus.class )
 public class WalrusSoapPipeline extends FilteredPipeline {
+  private static final String DEFAULT_S3_SOAP_NAMESPACE = "http://s3.amazonaws.com/doc/2006-03-01/"; //TODO: @Configurable
+
   private final UnrollableStage auth = new WalrusSoapUserAuthenticationStage( );
 
   @Override
@@ -89,7 +93,10 @@ public class WalrusSoapPipeline extends FilteredPipeline {
   @Override
   public ChannelPipeline addHandlers( ChannelPipeline pipeline ) {
     auth.unrollStage( pipeline );
-    pipeline.addLast( "binding", new BindingHandler( ) );
+    pipeline.addLast( "binding",
+        new BindingHandler(
+            BindingManager.getBinding(DEFAULT_S3_SOAP_NAMESPACE),
+            Pattern.compile("http://s3.amazonaws.com/doc/\\d\\d\\d\\d-\\d\\d-\\d\\d/") ) );
     return pipeline;
   }
 
