Bug 975430
| Summary: | SASL layer doesn't work for AMQP 1.0, broker initiated connections | ||
|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | Gordon Sim <gsim> |
| Component: | qpid-cpp | Assignee: | Gordon Sim <gsim> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | mick <mgoulish> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | Development | CC: | esammons, iboverma, jross, mgoulish, pematous |
| Target Milestone: | 3.0 | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | qpid-cpp-0.22-5.el6, qpid-cpp-0.22-5.el5 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-01-21 12:56:57 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 974061, 1010399 | ||
See https://svn.apache.org/repos/asf/qpid/trunk/qpid/cpp/src/tests/qpidt for qpidt utility. To reproduce:
I started the brokers this way:
------------------------------------------------------------
#! /bin/bash
QPIDD=qpidd
echo $QPIDD
rm -rf /tmp/mick
mkdir /tmp/mick
PORT=5801
$QPIDD \
-p ${PORT} \
--data-dir /tmp/mick/data_${PORT} \
--auth=yes \
--mgmt-enable=yes \
--log-enable info+ \
--log-to-file /tmp/mick/qpidd_${PORT}.log \
--log-source yes \
--sasl-config=/home/mick/trunk/qpid/cpp/build/src/tests/sasl_config \
-d
echo "started broker $PORT "
PORT=5802
$QPIDD \
-p ${PORT} \
--data-dir /tmp/mick/data_${PORT} \
--auth=yes \
--mgmt-enable=yes \
--log-enable info+ \
--log-to-file /tmp/mick/qpidd_${PORT}.log \
--log-source yes \
--sasl-config=/home/mick/trunk/qpid/cpp/build/src/tests/sasl_config \
-d
echo "started broker $PORT "
The sasl_config dir was created this way:
------------------------------------------------------------------
SASL_PW=/usr/sbin/saslpasswd2
test -x $SASL_PW || { echo Skipping SASL test, saslpasswd2 not found; exit 0; }
mkdir -p sasl_config
# Create configuration file.
cat > sasl_config/qpidd.conf <<EOF
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: $PWD/sasl_config/qpidd.sasldb
sql_select: dummy select
mech_list: ANONYMOUS PLAIN DIGEST-MD5 EXTERNAL CRAM-MD5
EOF
# Populate temporary sasl db.
SASLTEST_DB=./sasl_config/qpidd.sasldb
rm -f $SASLTEST_DB
echo guest | $SASL_PW -c -p -f $SASLTEST_DB -u QPID guest
echo zig | $SASL_PW -c -p -f $SASLTEST_DB -u QPID zig
echo zag | $SASL_PW -c -p -f $SASLTEST_DB -u QPID zag
And here are the repro commands
-----------------------------------------------
qpidt --broker localhost:5801 create domain BrokerB url=localhost:5802 sasl_mechanisms=PLAIN username=guest password=guest
qpid-receive -b localhost:5802 --address 'q; {create: always}' -f
qpid-send --broker localhost:5801 --connection-options {protocol:amqp1.0} --address q@BrokerB --send-eos 1
successful repro of bug-FIXED behavior using these packages
{
cyrus-sasl-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64
python-qpid-0.22-4.el6.noarch
python-qpid-qmf-0.22-9.el6.x86_64
python-saslwrapper-0.22-3.el6.x86_64
qpid-cpp-client-0.22-11.el6.x86_64
qpid-cpp-client-devel-0.22-11.el6.x86_64
qpid-cpp-client-devel-docs-0.22-11.el6.noarch
qpid-cpp-client-rdma-0.22-11.el6.x86_64
qpid-cpp-client-ssl-0.22-11.el6.x86_64
qpid-cpp-debuginfo-0.22-11.el6.x86_64
qpid-cpp-server-0.22-11.el6.x86_64
qpid-cpp-server-devel-0.22-11.el6.x86_64
qpid-cpp-server-ha-0.22-11.el6.x86_64
qpid-cpp-server-rdma-0.22-11.el6.x86_64
qpid-cpp-server-ssl-0.22-11.el6.x86_64
qpid-cpp-server-store-0.22-11.el6.x86_64
qpid-cpp-server-xml-0.22-11.el6.x86_64
qpid-cpp-tar-0.22-11.el6.noarch
qpid-java-client-0.22-5.el6.noarch
qpid-java-common-0.22-5.el6.noarch
qpid-java-example-0.22-5.el6.noarch
qpid-proton-c-0.4-2.2.el6.x86_64
qpid-proton-c-devel-0.4-2.2.el6.x86_64
qpid-proton-debuginfo-0.4-2.2.el6.x86_64
qpid-qmf-0.22-9.el6.x86_64
qpid-qmf-debuginfo-0.22-9.el6.x86_64
qpid-qmf-devel-0.22-9.el6.x86_64
qpid-snmpd-1.0.0-12.el6.x86_64
qpid-snmpd-debuginfo-1.0.0-12.el6.x86_64
qpid-tests-0.22-4.el6.noarch
qpid-tools-0.22-3.el6.noarch
saslwrapper-0.22-3.el6.x86_64
saslwrapper-devel-0.22-3.el6.x86_64
}
Since it's a skip-errata bug, I am content with only showing that the problem no longer exists in latest packages. ---> verified ! |
Description of problem: When requesting the broker to establish a link to some external process using AMQP 1.0, if a SASL layer is used the connection handshake does not complete. Version-Release number of selected component (if applicable): qpid 0.22 How reproducible: 100% Steps to Reproduce: 1. start 2 brokers, A and B, with 1.0 enabled 2. qpidt create domain BrokerB url=<brokerA> sasl_mechanisms=PLAIN username=blah password=blah 3. qpid-receive -b <brokerB> --address 'q; {create: always}' -f 4. qpid-send --connection-options {protocol:amqp1.0} --address q@BrokerB --send-eos 1 Actual results: qpid-receive in step3 never receives the message (if instead you use sasl_mechanisms=NONE in step 2 to disable SASL then it will - assuming broker b has auth=no) Expected results: receiver gets message and then exists Additional info: