Bug 1039550

Summary: Broker maximum allowed connections option only works when acl enabled
Product: Red Hat Enterprise MRG Reporter: Petr Matousek <pematous>
Component: qpid-cppAssignee: Chuck Rolke <crolke>
Status: CLOSED ERRATA QA Contact: Leonid Zhaldybin <lzhaldyb>
Severity: medium Docs Contact:
Priority: medium    
Version: DevelopmentCC: astitcher, esammons, freznice, iboverma, jross, lzhaldyb, zkraus
Target Milestone: 3.0Keywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qpid-cpp-0.22-36 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-24 15:09:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Petr Matousek 2013-12-09 12:20:34 UTC 
Description of problem:

Acl module must be loaded for proper 'maximum allowed connections' functionality.

This issue also occurred and was fixed for 2.x release, please see Bug 683711, comment 43. 

The option was properly working on last stable release, marking as regression.

Version-Release number of selected component (if applicable):
qpid-cpp-*-0.22-29

How reproducible:
100%

Steps to Reproduce:
1. start the broker with '--max-connections' option set, do not load acls
2. create more connections than allowed
3. all the connections were created, no error occurred

Actual results:
Broker '--max-connections' options only works with acl module enabled 

Expected results:
An exception shall occur when creating more connections than allowed by '--max-connections' broker option even if acl module is not loaded

Additional info:

acls enabled:

# qpidd --max-connections 5
2013-12-09 07:08:05 [Security] error Client max total connection count limit of 5 exceeded by 'qpid.[::1]:5672-[::1]:60242', user: 'anonymous'. Connection refused
#  ./qc2_connector -c 6
2013-12-09 07:08:05 [Client] warning Broker closed connection: 320, connection-forced: User connection denied by configured limit
connection-forced: User connection denied by configured limit
5 1 6

acls disabled:
# qpidd --max-connections 5
<no error>
#  ./qc2_connector -c 6
6 0 6
Comment 2 Justin Ross 2013-12-10 20:17:55 UTC 
"""
Actual results:
Broker '--max-connections' options only works with acl module enabled 

Expected results:
An exception shall occur when creating more connections than allowed by '--max-connections' broker option even if acl module is not loaded
"""

Qpid trunk has addressed this by removing the acl module and moving its functionality directly into the broker.  We may be able to make that change for 0.22-mrg.
Comment 3 Justin Ross 2013-12-10 20:36:27 UTC 
Andrew helped me find the upstream change that addresses this.

git sha 7e5ceaf484253d00e17cb8579e802f12c1d06236
https://issues.apache.org/jira/browse/QPID-4938
https://svn.apache.org/viewvc?view=revision&revision=r1494697
Comment 13 Leonid Zhaldybin 2014-03-21 16:56:00 UTC 
python-qpid-0.22-12.el6.noarch
python-qpid-qmf-0.22-28.el6.x86_64
qpid-cpp-client-0.22-36.el6.x86_64
qpid-cpp-client-devel-0.22-36.el6.x86_64
qpid-cpp-client-devel-docs-0.22-36.el6.noarch
qpid-cpp-client-rdma-0.22-36.el6.x86_64
qpid-cpp-server-0.22-36.el6.x86_64
qpid-cpp-server-devel-0.22-36.el6.x86_64
qpid-cpp-server-ha-0.22-36.el6.x86_64
qpid-cpp-server-linearstore-0.22-36.el6.x86_64
qpid-cpp-server-rdma-0.22-36.el6.x86_64
qpid-cpp-server-xml-0.22-36.el6.x86_64
qpid-cpp-tar-0.22-23.el6.noarch
qpid-java-client-0.22-6.el6.noarch
qpid-java-common-0.22-6.el6.noarch
qpid-java-example-0.22-6.el6.noarch
qpid-jca-0.22-2.el6.noarch
qpid-jca-xarecovery-0.22-2.el6.noarch
qpid-jca-zip-0.22-2.el6.noarch
qpid-proton-c-0.6-1.el6.x86_64
qpid-qmf-0.22-28.el6.x86_64
qpid-qmf-devel-0.22-28.el6.x86_64
qpid-tests-0.22-14.el6.noarch
qpid-tools-0.22-9.el6.noarch
ruby-qpid-qmf-0.22-28.el6.x86_64
Comment 14 Justin Ross 2014-04-01 10:26:51 UTC 
*** Bug 1072449 has been marked as a duplicate of this bug. ***
Comment 15 errata-xmlrpc 2014-09-24 15:09:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-1296.html