| Summary: | A Python client authenticates by default using "ANONYMOUS" mechanism | ||
|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | Petra Svobodová <psvobodo> |
| Component: | python-qpid | Assignee: | messaging-bugs <messaging-bugs> |
| Status: | NEW --- | QA Contact: | MRG Quality Engineering <mrgqe-bugs> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 1.3 | CC: | iboverma, jross |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Do you have the python-saslwrapper installed? Yes, it is: [root@dhcp-37-203 messaging]# rpm -qa | egrep '(qpid|sasl|qmf)' | sort cyrus-sasl-2.1.22-5.el5_4.3 cyrus-sasl-devel-2.1.22-5.el5_4.3 cyrus-sasl-devel-2.1.22-5.el5_4.3 cyrus-sasl-lib-2.1.22-5.el5_4.3 cyrus-sasl-lib-2.1.22-5.el5_4.3 cyrus-sasl-plain-2.1.22-5.el5_4.3 cyrus-sasl-plain-2.1.22-5.el5_4.3 python-qmf-0.7.946106-14.el5 python-qpid-0.7.946106-15.el5 python-saslwrapper-0.1.934605-2.el5 qmf-0.7.946106-28.el5 qmf-devel-0.7.946106-28.el5 qpid-cpp-client-0.7.946106-28.el5 qpid-cpp-client-devel-0.7.946106-28.el5 qpid-cpp-client-devel-docs-0.7.946106-28.el5 qpid-cpp-client-ssl-0.7.946106-28.el5 qpid-cpp-server-0.7.946106-28.el5 qpid-cpp-server-cluster-0.7.946106-28.el5 qpid-cpp-server-devel-0.7.946106-28.el5 qpid-cpp-server-ssl-0.7.946106-28.el5 qpid-cpp-server-store-0.7.946106-28.el5 qpid-cpp-server-xml-0.7.946106-28.el5 qpid-java-client-0.7.946106-15.el5 qpid-java-common-0.7.946106-15.el5 qpid-java-example-0.7.946106-15.el5 qpid-tools-0.7.946106-12.el5 ruby-saslwrapper-0.1.934605-2.el5 saslwrapper-0.1.934605-2.el5 saslwrapper-devel-0.1.934605-2.el5 |
Description of problem: Messaging broker permits access the python client without authentication (in fact client uses "ANONYMOUS" mechanism); this behavior is different from C++, C# and Java clients. In both examples below we're trying to use high level API clients without specification of user / password. The difference we see is following: - C++/C# client uses authentication mechanism with userid of logged user (root) - Python client by default selects ANONYMOUS mechanism I believe that clients should behave the same way (either both using logged user or ANONYMOUS mechanism) See below terminal transcript... Version-Release number of selected component (if applicable): [root@dhcp-37-203 ~]# rpm -qa | grep qpid | sort python-qpid-0.7.946106-15.el5 qpid-cpp-client-0.7.946106-28.el5 qpid-cpp-client-devel-0.7.946106-28.el5 qpid-cpp-client-devel-docs-0.7.946106-28.el5 qpid-cpp-client-ssl-0.7.946106-28.el5 qpid-cpp-server-0.7.946106-28.el5 qpid-cpp-server-cluster-0.7.946106-28.el5 qpid-cpp-server-devel-0.7.946106-28.el5 qpid-cpp-server-ssl-0.7.946106-28.el5 qpid-cpp-server-store-0.7.946106-28.el5 qpid-cpp-server-xml-0.7.946106-28.el5 qpid-java-client-0.7.946106-15.el5 qpid-java-common-0.7.946106-15.el5 qpid-java-example-0.7.946106-15.el5 qpid-tools-0.7.946106-12.el5 How reproducible: always Steps to Reproduce: see below (Addition info section) Actual results: Default authentication behaves differently in C++/C# vs. Python. Expected results: Default authentication should behave the same way. Additional info: See below terminal transcript... [root@dhcp-37-203 ~]# cat /etc/qpidd.conf #log-enable=info+ log-enable=debug+ log-to-file=/tmp/qpidd.log truncate=yes auth=yes [root@dhcp-37-203 ~]# [root@dhcp-37-203 messaging]# ./spout "AA; {create:sender}" Please enter your password Failed to connect (reconnect disabled) 2011-02-09 10:12:10 warning Broker closed connection: 320, connection-forced: Authentication failed 2011-02-09 10:12:06 debug RECV [127.0.0.1:5672-127.0.0.1:50271] INIT(0-10) 2011-02-09 10:12:06 debug External ssf=0 and auth= 2011-02-09 10:12:06 debug min_ssf: 0, max_ssf: 256, external_ssf: 0 2011-02-09 10:12:06 info SASL: Mechanism list: LOGIN PLAIN ANONYMOUS 2011-02-09 10:12:06 debug Management object (V1) added: org.apache.qpid.broker:connection:127.0.0.1:5672-127.0.0.1:50271 2011-02-09 10:12:06 debug SASL: Starting authentication with mechanism: LOGIN 2011-02-09 10:12:06 debug SASL: sending challenge to client 2011-02-09 10:12:07 debug Management agent periodic processing: management snapshot: 2 packages, 12 objects (0 deleted), 1 new objects (0 deleted), 0 pending deletes 2011-02-09 10:12:07 debug SEND V1 Multicast ContentInd to=console.obj.1.0.org.apache.qpid.broker.broker props=0 stats=1 len=102 2011-02-09 10:12:07 debug SEND V1 Multicast ContentInd to=console.obj.1.0.org.apache.qpid.broker.connection props=1 stats=1 len=297 2011-02-09 10:12:07 debug SEND V1 Multicast ContentInd to=console.obj.1.0.org.apache.qpid.broker.exchange props=0 stats=1 len=168 2011-02-09 10:12:07 debug SEND HeartbeatInd to=console.heartbeat.1.0 2011-02-09 10:12:10 debug SASL: sending challenge to client 2011-02-09 10:12:10 info SASL: Authentication failed for root@QPID:SASL(-13): user not found: checkpass failed 2011-02-09 10:12:10 debug Exception constructed: Authentication failed [root@dhcp-37-203 api]# ./spout "AAA; {create:sender}" Message(properties={'spout-id': 'ccb10c16-d3c1-cb44-aef9-5e43d5db7bcc:0'}) 2011-02-09 10:13:26 debug RECV [127.0.0.1:5672-127.0.0.1:50272] INIT(0-10) 2011-02-09 10:13:26 debug External ssf=0 and auth= 2011-02-09 10:13:26 debug min_ssf: 0, max_ssf: 256, external_ssf: 0 2011-02-09 10:13:26 info SASL: Mechanism list: LOGIN PLAIN ANONYMOUS 2011-02-09 10:13:26 debug Management object (V1) added: org.apache.qpid.broker:connection:127.0.0.1:5672-127.0.0.1:50272 2011-02-09 10:13:26 debug SASL: Starting authentication with mechanism: ANONYMOUS 2011-02-09 10:13:26 info 127.0.0.1:5672-127.0.0.1:50272 SASL: Authentication succeeded for: anonymous@QPID