Bug 975430
Summary: | SASL layer doesn't work for AMQP 1.0, broker initiated connections | ||
---|---|---|---|
Product: | Red Hat Enterprise MRG | Reporter: | Gordon Sim <gsim> |
Component: | qpid-cpp | Assignee: | Gordon Sim <gsim> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | mick <mgoulish> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | Development | CC: | esammons, iboverma, jross, mgoulish, pematous |
Target Milestone: | 3.0 | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | qpid-cpp-0.22-5.el6, qpid-cpp-0.22-5.el5 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-01-21 12:56:57 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 974061, 1010399 |
Description
Gordon Sim
2013-06-18 13:03:30 UTC
See https://svn.apache.org/repos/asf/qpid/trunk/qpid/cpp/src/tests/qpidt for qpidt utility. To reproduce: I started the brokers this way: ------------------------------------------------------------ #! /bin/bash QPIDD=qpidd echo $QPIDD rm -rf /tmp/mick mkdir /tmp/mick PORT=5801 $QPIDD \ -p ${PORT} \ --data-dir /tmp/mick/data_${PORT} \ --auth=yes \ --mgmt-enable=yes \ --log-enable info+ \ --log-to-file /tmp/mick/qpidd_${PORT}.log \ --log-source yes \ --sasl-config=/home/mick/trunk/qpid/cpp/build/src/tests/sasl_config \ -d echo "started broker $PORT " PORT=5802 $QPIDD \ -p ${PORT} \ --data-dir /tmp/mick/data_${PORT} \ --auth=yes \ --mgmt-enable=yes \ --log-enable info+ \ --log-to-file /tmp/mick/qpidd_${PORT}.log \ --log-source yes \ --sasl-config=/home/mick/trunk/qpid/cpp/build/src/tests/sasl_config \ -d echo "started broker $PORT " The sasl_config dir was created this way: ------------------------------------------------------------------ SASL_PW=/usr/sbin/saslpasswd2 test -x $SASL_PW || { echo Skipping SASL test, saslpasswd2 not found; exit 0; } mkdir -p sasl_config # Create configuration file. cat > sasl_config/qpidd.conf <<EOF pwcheck_method: auxprop auxprop_plugin: sasldb sasldb_path: $PWD/sasl_config/qpidd.sasldb sql_select: dummy select mech_list: ANONYMOUS PLAIN DIGEST-MD5 EXTERNAL CRAM-MD5 EOF # Populate temporary sasl db. SASLTEST_DB=./sasl_config/qpidd.sasldb rm -f $SASLTEST_DB echo guest | $SASL_PW -c -p -f $SASLTEST_DB -u QPID guest echo zig | $SASL_PW -c -p -f $SASLTEST_DB -u QPID zig echo zag | $SASL_PW -c -p -f $SASLTEST_DB -u QPID zag And here are the repro commands ----------------------------------------------- qpidt --broker localhost:5801 create domain BrokerB url=localhost:5802 sasl_mechanisms=PLAIN username=guest password=guest qpid-receive -b localhost:5802 --address 'q; {create: always}' -f qpid-send --broker localhost:5801 --connection-options {protocol:amqp1.0} --address q@BrokerB --send-eos 1 successful repro of bug-FIXED behavior using these packages { cyrus-sasl-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64 python-qpid-0.22-4.el6.noarch python-qpid-qmf-0.22-9.el6.x86_64 python-saslwrapper-0.22-3.el6.x86_64 qpid-cpp-client-0.22-11.el6.x86_64 qpid-cpp-client-devel-0.22-11.el6.x86_64 qpid-cpp-client-devel-docs-0.22-11.el6.noarch qpid-cpp-client-rdma-0.22-11.el6.x86_64 qpid-cpp-client-ssl-0.22-11.el6.x86_64 qpid-cpp-debuginfo-0.22-11.el6.x86_64 qpid-cpp-server-0.22-11.el6.x86_64 qpid-cpp-server-devel-0.22-11.el6.x86_64 qpid-cpp-server-ha-0.22-11.el6.x86_64 qpid-cpp-server-rdma-0.22-11.el6.x86_64 qpid-cpp-server-ssl-0.22-11.el6.x86_64 qpid-cpp-server-store-0.22-11.el6.x86_64 qpid-cpp-server-xml-0.22-11.el6.x86_64 qpid-cpp-tar-0.22-11.el6.noarch qpid-java-client-0.22-5.el6.noarch qpid-java-common-0.22-5.el6.noarch qpid-java-example-0.22-5.el6.noarch qpid-proton-c-0.4-2.2.el6.x86_64 qpid-proton-c-devel-0.4-2.2.el6.x86_64 qpid-proton-debuginfo-0.4-2.2.el6.x86_64 qpid-qmf-0.22-9.el6.x86_64 qpid-qmf-debuginfo-0.22-9.el6.x86_64 qpid-qmf-devel-0.22-9.el6.x86_64 qpid-snmpd-1.0.0-12.el6.x86_64 qpid-snmpd-debuginfo-1.0.0-12.el6.x86_64 qpid-tests-0.22-4.el6.noarch qpid-tools-0.22-3.el6.noarch saslwrapper-0.22-3.el6.x86_64 saslwrapper-devel-0.22-3.el6.x86_64 } Since it's a skip-errata bug, I am content with only showing that the problem no longer exists in latest packages. ---> verified ! |