1192924 – A broker configured with disabled authentication requires authentication from a client connected from Windows

Bug 1192924 - A broker configured with disabled authentication requires authentication from a client connected from Windows

Summary: A broker configured with disabled authentication requires authentication from...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	qpid-cpp
Sub Component:
Version:	Development
Hardware:	All
OS:	Windows
Priority:	medium
Severity:	high
Target Milestone:	3.2
Target Release:	---
Assignee:	Gordon Sim
QA Contact:	Petra Svobodová
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-02-16 08:54 UTC by Petra Svobodová
Modified:	2019-08-15 04:16 UTC (History)
CC List:	10 users (show)
Fixed In Version:	qpid-cpp-0.34-1
Doc Type:	Bug Fix
Doc Text:	In previous versions of the `qpid::messaging` client on `Windows` (c# or c++), if a username was not specified when using the default (+PLAIN+) authentication mechanism, the empty string was included as the identity causing authentication to fail. This would happen even if authentication was disabled on the broker. The broker has been modified to accept an empty string as the identity, but only when authentication is disabled. If authentication is enabled the empty string will still fail. As a result, a `qpid::messaging` client in `Windows` can connect to a broker without needing to specify any extra connection options with authentication disabled.
Clone Of:
Clones:	1193425 (view as bug list)
Environment:
Last Closed:	2015-10-08 13:10:11 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Apache JIRA	QPID-6511	None	None	None	Never
Red Hat Knowledge Base (Solution)	1459523	None	None	None	Never
Red Hat Product Errata	RHEA-2015:1879	normal	SHIPPED_LIVE	Red Hat Enterprise MRG Messaging 3.2 Release	2015-10-08 17:07:53 UTC

Description Petra Svobodová 2015-02-16 08:54:23 UTC

Description of problem:
The broker with disabled authentication does not require authentication from clients connected from the same machine or from other Linux machines, but requires authentication from clients connected from Windows machines. 

Broker configuration:
# cat /etc/qpidd.conf
log-enable=info+
log-to-file=/var/lib/qpidd/qpidd.log
truncate=yes
auth=no

Command line transcript from the Windows machine:
>spout.exe --broker <broker_hostname> amq.topic
2015-02-16 09:32:57 [Client] warning Broker closed connection: 320, connection-forced: Not authenticated!
connection-forced: Not authenticated!

Broker log:
...
[Broker] error Connection 10.34.75.209:5672-10.34.74.68:51519 closed by error: connection-forced: Not authenticated!(320)
...

Version-Release number of selected component (if applicable):
qpid-cpp-0.18-36 and qpid-cpp-win-3.2.5.9-1

How reproducible:
100%

Steps to Reproduce:
1. Install qpid packages and disable authentication in the qpidd.conf file (see upper, please)
2. Start the qpidd service
3. On a Windows machine unpack qpid-cpp-win package and compile examples.
4. Try to send a message: "spout.exe --broker <broker_hostname> amq.topic"

Actual results:
The broker rejects to create the connection and reports an error.

Expected results:
The broker should create the connection without errors and the message should be sent.

Comment 1 Petra Svobodová 2015-02-16 09:30:04 UTC

I am sorry, this issue is on qpid-cpp-0.18-38 packages.

Comment 3 Gordon Sim 2015-02-17 10:49:18 UTC

My guess is that this is a result of the windows client using PLAIN by default, but not supplying a username. If you add --connection-options '{sasl_mechanisms:ANONYMOUS}' or --connection-options '{username:foo}', does that avoid the error?

Comment 15 Jared MORGAN 2015-07-20 06:38:39 UTC

Hey Irina, could I please get some Release Note text for this one in preparation for 3.2 Release Notes (just while it is fresh in your mind). Customer Case attached so it needs one.

Comment 17 Petra Svobodová 2015-08-17 05:45:00 UTC

The broker configured to do not require client authentication behaves as expected; a connection is created without requirement to assign a username and a password.

Verified on qpid-cpp-0.34-1 and qpid-cpp-win-3.34.1.1-1 on Rhel6-i686, Rhel6-x86_64, Rhel7-x86_64 on the broker side with clients on Windows 7-x64, Windows 8-x64, Windows Server2008-x64, Windows Server2008 R2 and Windows Server2012 R2.

--> VERIFIED

Comment 19 Scott Mumford 2015-10-01 03:06:04 UTC

Thanks for the draft Gordon. Edited for flow and marking for inclusion in the 3.2 Release Notes.

Comment 21 errata-xmlrpc 2015-10-08 13:10:11 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2015-1879.html

Note You need to log in before you can comment on or make changes to this bug.