Bug 728196

Summary: Provide more descriptive error text when SASL config. file is malformed
Product: Red Hat Enterprise MRG Reporter: Pavel Moravec <pmoravec>
Component: qpid-cppAssignee: Pavel Moravec <pmoravec>
Status: CLOSED ERRATA QA Contact: Michal Toth <mtoth>
Severity: low Docs Contact:
Priority: low    
Version: 2.0CC: esammons, jross, mtoth, pmoravec
Target Milestone: 3.1Keywords: Improvement
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: qpid-cpp-0.30-2 Doc Type: Enhancement
Doc Text:
Improvements to the error message displayed when the /etc/sasl2/qpidd.conf contains invalid configuration are implemented in qpidd. When /etc/sasl2/qpidd.conf is unparsable, qpidd halts with a generic error. Based on the error text, it was impossible to identify the root cause of the issue (the misconfigured config file). If the qpidd.conf file contains an error, a "[Broker] critical Unexpected error" that better describes the issue is now thrown.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-04-14 13:46:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pavel Moravec 2011-08-04 11:02:11 UTC 
Description of problem:
When /etc/sasl2/qpidd.conf is un-parsable, then qpidd halts with very generic error. Based on the error text, it is impossible to identify the source of the problem (the config file).

Version-Release number of selected component (if applicable):
any

How reproducible:
100%

Steps to Reproduce:
1. Add to /etc/sasl2/qpidd.conf line:
mech_list:

(alternatively, have there line "mech_list plain" i.e. without colon)
2. Set trace logging level (/etc/qpidd.conf:  log-enable=trace+ )
3. Start qpidd process
4. Check logs
  
Actual results:
qpidd halts with logs:

2011-08-04 12:48:29 debug Management object (V1) added: org.apache.qpid.broker:exchange:
2011-08-04 12:48:29 info Most recent persistence id found: 0x0
2011-08-04 12:48:29 debug Management object (V1) added: org.apache.qpid.broker:exchange:amq.direct
2011-08-04 12:48:29 debug Management object (V1) added: org.apache.qpid.broker:exchange:amq.topic
2011-08-04 12:48:29 debug Management object (V1) added: org.apache.qpid.broker:exchange:amq.fanout
2011-08-04 12:48:29 debug Management object (V1) added: org.apache.qpid.broker:exchange:amq.match
2011-08-04 12:48:29 debug Management object (V1) added: org.apache.qpid.broker:exchange:qpid.management
2011-08-04 12:48:29 debug Management object (V1) added: org.apache.qpid.broker:exchange:qmf.default.topic
2011-08-04 12:48:29 debug Management object (V1) added: org.apache.qpid.broker:exchange:qmf.default.direct
2011-08-04 12:48:29 debug Exception constructed: generic failure
2011-08-04 12:48:29 trace Management object marked deleted: org.apache.qpid.broker:exchange:amq.topic
2011-08-04 12:48:29 trace Management object marked deleted: org.apache.qpid.broker:exchange:amq.match
2011-08-04 12:48:29 trace Management object marked deleted: org.apache.qpid.broker:exchange:amq.fanout
2011-08-04 12:48:29 trace Management object marked deleted: org.apache.qpid.broker:exchange:
2011-08-04 12:48:29 debug Journal "TplStore": Destroyed
2011-08-04 12:48:29 trace Management object marked deleted: org.apache.qpid.broker:exchange:amq.direct
2011-08-04 12:48:29 trace Management object marked deleted: org.apache.qpid.broker:exchange:qpid.management
2011-08-04 12:48:29 trace Management object marked deleted: org.apache.qpid.broker:exchange:qmf.default.topic
2011-08-04 12:48:29 trace Management object marked deleted: org.apache.qpid.broker:exchange:qmf.default.direct
2011-08-04 12:48:29 critical Unexpected error: generic failure

I.e. the only relevant to the fail are lines are with text "Unexpected error: generic failure".

Expected results:
Have a log entry similar to having a typo in /etc/qpidd.conf, where qpidd generates:
2011-08-04 12:39:53 debug Exception constructed: Error in configuration file /etc/qpidd.conf: no value given in 'auth='

(any log pointing to the sasl config file will be sufficient, as particular parsing of the file is (supposedly) performed by SASL library and not by qpid)

Additional info:
See JIRA case 3389 (https://issues.apache.org/jira/browse/QPID-3389)
Comment 1 Pavel Moravec 2014-06-15 12:06:39 UTC 
Fixed by r1596565.
Comment 4 Michal Toth 2014-10-21 11:24:00 UTC 
No message in trace+ level has been outputted by qpid broker considering broken /etc/sasl2/qpidd.conf.
Content of qpidd.conf was:
"
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /var/lib/qpidd/qpidd.sasldb
mech_list: #ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN
blabol
"

Qpid started as 
$ /usr/sbin/qpidd --log-enable=trace+ --log-to-file=/var/lib/qpidd/qpidd.log  --sasl-config=/etc/sasl2/qpidd.conf


Trace output
$ grep -i "sasl" /var/lib/qpidd/qpidd.log 
2014-10-21 13:19:54 [Security] info SASL: config path set to /etc/sasl2/qpidd.conf
2014-10-21 13:19:54 [Broker] info SASL enabled
2014-10-21 13:20:07 [Security] info SASL: Mechanism list: CRAM-MD5 PLAIN LOGIN ANONYMOUS DIGEST-MD5
2014-10-21 13:20:07 [Security] info SASL: Starting authentication with mechanism: ANONYMOUS
2014-10-21 13:20:07 [Security] info qpid.[::1]:5672-[::1]:38518 SASL: Authentication succeeded for: anonymous@QPID
2014-10-21 13:20:10 [Security] info SASL: Mechanism list: CRAM-MD5 PLAIN LOGIN ANONYMOUS DIGEST-MD5
2014-10-21 13:20:10 [Security] info SASL: Starting authentication with mechanism: ANONYMOUS
2014-10-21 13:20:10 [Security] info qpid.[::1]:5672-[::1]:38519 SASL: Authentication succeeded for: anonymous@QPID


Tested on
qpid-cpp-server-0.30-2.el6
qpid-tests-0.30-1.el6
Comment 5 Michal Toth 2014-10-21 11:55:24 UTC 
I have just noticed, that starting it as a service, I get the expected error message.

$ service qpidd start
Starting Qpid AMQP daemon: Daemon startup failed: SASL: failed to parse SASL configuration file, error: generic failure (/builddir/build/BUILD/qpid-cpp-0.30/src/qpid/broker/SaslAuthenticator.cpp:141)
                                                           [FAILED]
Comment 6 Pavel Moravec 2014-10-22 10:42:45 UTC 
(In reply to Michal Toth from comment #4)
> Qpid started as 
> $ /usr/sbin/qpidd --log-enable=trace+ --log-to-file=/var/lib/qpidd/qpidd.log
> --sasl-config=/etc/sasl2/qpidd.conf
> 
> 
> Trace output
> $ grep -i "sasl" /var/lib/qpidd/qpidd.log 
> (no relevant error)

This is sort of "adjacent" bug. --sasl-config sets _path_ to SASL qpidd.conf file. I.e. it should be /etc/sasl2/ only.

Running that:

/usr/sbin/qpidd --log-enable=trace+ --log-to-file=/var/lib/qpidd/qpidd.log --sasl-config=/etc/sasl2/

fails with expected:

2014-10-22 06:33:09 [Broker] critical Unexpected error: SASL: failed to parse SASL configuration file, error: generic failure (/builddir/build/BUILD/qpid-cpp-0.30/src/qpid/broker/SaslAuthenticator.cpp:141)

I raised bz1155540 for the "adjacent" bug. Re-setting to ON_QA to confirm/rerun tests (with proper --sasl-config).
Comment 7 Michal Toth 2014-10-22 11:43:55 UTC 
Verified using corrected sasl-config path to directory.
Error is thrown and qpid exits.

Thank you Pavle.
Comment 9 Pavel Moravec 2015-01-16 07:54:42 UTC 
Hi Jared,
I would propose one change:

Feature: Improvements to the error message displayed when the /etc/sasl2/qpidd.conf contains invalid configuration are implemented in qpidd

Cheers,
Pavel
Comment 11 errata-xmlrpc 2015-04-14 13:46:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2015-0805.html