Match query matches bidirectionnaly

[acogoluegnes]

See https://groups.google.com/d/msg/rabbitmq-users/IWkEmwLXtJg/6iUypLyeDAAJ

This can authorize unexpected actions, e.g. with

{resource_access_query, {match, {string, "${name}"}, {string, "^${username}-"}}}

For user Alice, this lets create Alice-test queue (expected), but also Ali (not expected).

Configuration to reproduce:

[
	{rabbit, [{auth_backends, [rabbit_auth_backend_ldap]}]},
	{rabbitmq_auth_backend_ldap, [
          {servers, ["localhost"]},
          {user_dn_pattern,    "cn=${username},ou=People,dc=rabbitmq,dc=com"},
          {other_bind,         anon},
          {use_ssl,            false},
          {group_lookup_base,  "ou=groups,dc=rabbitmq,dc=com"},
          {use_ssl,            false},
          {port,               389},
          {log,                true},
	  {idle_timeout,	infinity}, 
          {vhost_access_query, {constant, true}},
          {tag_queries, [{monitor,       {constant, true}},
                                 {administrator, {constant, false}},
                                 {management,    {constant, false}}]},
          {resource_access_query, {match, {string, "${name}"}, {string, "^${username}-"}}}
   ]}
].

From the plugin directory:

example/setup.sh

Feed the LDAP directory with rabbit_ldap_seed:seed/1 and run the broker:

make run-broker RABBITMQ_CONFIG_FILE=ldap

Java program to reproduce:

ConnectionFactory connectionFactory = new ConnectionFactory();
connectionFactory.setUsername("Alice");
connectionFactory.setPassword("password");
Connection connection = connectionFactory.newConnection();
Channel channel = connection.createChannel();
// passes
channel.queueDeclare("Alice-test", false, true, true, null);
// passes, but shouldn't
channel.queueDeclare("Ali", false, true, true, null);
connection.close();

[acogoluegnes]

Introduced in bf7b174, to fix #16.