Bug 710429 - qpid-cluster, qpid-tool and qmf-tool do not allow SASL mechanism to be chosen
qpid-cluster, qpid-tool and qmf-tool do not allow SASL mechanism to be chosen
Status: CLOSED ERRATA
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-tools (Show other bugs)
2.0
Unspecified Unspecified
medium Severity medium
: 3.0
: ---
Assigned To: Ernie
mick
: Improvement, Patch
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-06-03 07:28 EDT by Gordon Sim
Modified: 2014-09-24 11:03 EDT (History)
5 users (show)

See Also:
Fixed In Version: qpid-tools-0.22-3.el6, qpid-tools-0.22-3.el5
Doc Type: Enhancement
Doc Text:
The qpid-tool did not allow the SASL mechanism to be chosen on the command line. It was not possible to override the default logic of choosing the most secure method available. The enhancement adds the --sasl-mechanism and --ssl-certificate command line options. The SASL mechanism and certificate file can now be specified on the command line to override the default.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-09-24 11:03:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Adds --sasl-mechanism to qpid-tool and changes qpid-config usage text (5.57 KB, patch)
2013-02-01 13:14 EST, Ernie
no flags Details | Diff
Adds --sasl-mechanism --ssl-certificate and --ssl-key to qpid-tool and changes qpid-config usage text (4.84 KB, patch)
2013-02-11 10:58 EST, Ernie
no flags Details | Diff
Adds --broker and --sasl-mechanism to qpid-tool (2.65 KB, patch)
2013-04-22 12:00 EDT, Ernie
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Apache JIRA QPID-4771 None None None Never

  None (edit)
Description Gordon Sim 2011-06-03 07:28:42 EDT
Special case of bug 604149. Additionally qpid-cluster should make it clear how username and password can be specified in the URL.
Comment 2 Ernie 2013-02-01 13:14:33 EST
Created attachment 691644 [details]
Adds --sasl-mechanism to qpid-tool and changes qpid-config usage text

For qpid-tool, added --sasl-mechanism and --ssl-certificate options. the cert can still be passed at the end of the command line. 

For qpid-config, changed the usage text to show passing a username/password with the broker address.
Comment 3 Ernie 2013-02-01 13:20:08 EST
Correction: qpid-cluster was changed to show the username/password.
Comment 4 Ernie 2013-02-11 10:58:41 EST
Created attachment 696160 [details]
Adds --sasl-mechanism --ssl-certificate and --ssl-key to qpid-tool and changes qpid-config usage text

Added --ssl-key to patch to match fix from bug 895535
Comment 5 Justin Ross 2013-04-18 10:20:18 EDT
The patch unfortunately no longer applies against current trunk (there was some cert work in the meantime), and I can't easily tell how to resolve it.  Ernie, please generate a new patch.
Comment 6 Ernie 2013-04-22 12:00:58 EDT
Created attachment 738574 [details]
Adds --broker and --sasl-mechanism to qpid-tool

Refactored patch to work with current trunk
Comment 7 Justin Ross 2013-04-23 15:56:09 EDT
-> POST

http://svn.apache.org/viewvc?view=revision&revision=1471120
Comment 9 mick 2013-07-31 15:49:39 EDT
The title of this BZ is out-of-date.

While the developer was working on it, his work collided with another developer's work, which added the --sasl-mechanism ability to qpid-cluster and qmf-tool.

His final patch for this bug *only* affects qpid-tool .
Comment 10 mick 2013-08-01 13:30:47 EDT
Bug observed on latest-stable packages on RHEL 6.4   (see below for package lists )

Fix observed on RHEL 6.4  x { x86_64 , i686 }



  packages
  {
    latest-stable
    {
      cyrus-sasl-2.1.23-13.el6_3.1.x86_64
      cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64
      cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64
      cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64
      cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64
      cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64
      python-qpid-0.18-4.el6.noarch
      python-qpid-qmf-0.18-15.el6.x86_64
      python-saslwrapper-0.18-1.el6_3.x86_64
      qpid-cpp-client-0.18-14.el6.x86_64
      qpid-cpp-client-devel-0.18-14.el6.x86_64
      qpid-cpp-client-devel-docs-0.18-14.el6.noarch
      qpid-cpp-client-rdma-0.18-14.el6.x86_64
      qpid-cpp-client-ssl-0.18-14.el6.x86_64
      qpid-cpp-debuginfo-0.14-22.el6_3.x86_64
      qpid-cpp-server-0.18-14.el6.x86_64
      qpid-cpp-server-cluster-0.18-14.el6.x86_64
      qpid-cpp-server-devel-0.18-14.el6.x86_64
      qpid-cpp-server-rdma-0.18-14.el6.x86_64
      qpid-cpp-server-ssl-0.18-14.el6.x86_64
      qpid-cpp-server-store-0.18-14.el6.x86_64
      qpid-cpp-server-xml-0.18-14.el6.x86_64
      qpid-java-client-0.18-7.el6.noarch
      qpid-java-common-0.18-7.el6.noarch
      qpid-java-example-0.18-7.el6.noarch
      qpid-jca-0.18-8.el6.noarch
      qpid-jca-xarecovery-0.18-8.el6.noarch
      qpid-proton-c-0.4-2.2.el6.x86_64
      qpid-proton-c-devel-0.4-2.2.el6.x86_64
      qpid-qmf-0.18-15.el6.x86_64
      qpid-qmf-debuginfo-0.14-14.el6_3.x86_64
      qpid-qmf-devel-0.18-15.el6.x86_64
      qpid-tests-0.18-2.el6.noarch
      qpid-tools-0.18-8.el6.noarch
      saslwrapper-0.18-1.el6_3.x86_64
      saslwrapper-devel-0.18-1.el6_3.x86_64
    }


    latest-and-greatest
    {
      32-bit
      {
        cyrus-sasl-2.1.23-13.el6_3.1.i686
        cyrus-sasl-devel-2.1.23-13.el6_3.1.i686
        cyrus-sasl-gssapi-2.1.23-13.el6_3.1.i686
        cyrus-sasl-lib-2.1.23-13.el6_3.1.i686
        cyrus-sasl-md5-2.1.23-13.el6_3.1.i686
        cyrus-sasl-plain-2.1.23-13.el6_3.1.i686
        python-qpid-0.22-4.el6.noarch
        python-qpid-qmf-0.22-7.el6.i686
        python-saslwrapper-0.22-3.el6.i686
        qpid-cpp-client-0.22-8.el6.i686
        qpid-cpp-client-devel-0.22-8.el6.i686
        qpid-cpp-client-devel-docs-0.22-8.el6.noarch
        qpid-cpp-client-rdma-0.22-8.el6.i686
        qpid-cpp-client-ssl-0.22-8.el6.i686
        qpid-cpp-debuginfo-0.22-8.el6.i686
        qpid-cpp-server-0.22-8.el6.i686
        qpid-cpp-server-devel-0.22-8.el6.i686
        qpid-cpp-server-ha-0.22-8.el6.i686
        qpid-cpp-server-rdma-0.22-8.el6.i686
        qpid-cpp-server-ssl-0.22-8.el6.i686
        qpid-cpp-server-store-0.22-8.el6.i686
        qpid-cpp-server-xml-0.22-8.el6.i686
        qpid-cpp-tar-0.22-8.el6.noarch
        qpid-java-client-0.22-5.el6.noarch
        qpid-java-common-0.22-5.el6.noarch
        qpid-java-example-0.22-5.el6.noarch
        qpid-proton-c-0.4-2.2.el6.i686
        qpid-proton-c-devel-0.4-2.2.el6.i686
        qpid-proton-debuginfo-0.4-2.2.el6.i686
        qpid-qmf-0.22-7.el6.i686
        qpid-qmf-debuginfo-0.22-7.el6.i686
        qpid-qmf-devel-0.22-7.el6.i686
        qpid-snmpd-1.0.0-12.el6.i686
        qpid-snmpd-debuginfo-1.0.0-12.el6.i686
        qpid-tests-0.22-4.el6.noarch
        qpid-tools-0.22-3.el6.noarch
        rh-qpid-cpp-tests-0.22-8.el6.i686
        saslwrapper-0.22-3.el6.i686
      }


      64-bit
      {
        cyrus-sasl-2.1.23-13.el6_3.1.x86_64
        cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64
        cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64
        cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64
        cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64
        cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64
        python-qpid-0.22-4.el6.noarch
        python-qpid-qmf-0.22-7.el6.x86_64
        python-saslwrapper-0.22-3.el6.x86_64
        qpid-cpp-client-0.22-8.el6.x86_64
        qpid-cpp-client-devel-0.22-8.el6.x86_64
        qpid-cpp-client-devel-docs-0.22-8.el6.noarch
        qpid-cpp-client-rdma-0.22-8.el6.x86_64
        qpid-cpp-client-ssl-0.22-8.el6.x86_64
        qpid-cpp-debuginfo-0.22-8.el6.x86_64
        qpid-cpp-server-0.22-8.el6.x86_64
        qpid-cpp-server-devel-0.22-8.el6.x86_64
        qpid-cpp-server-ha-0.22-8.el6.x86_64
        qpid-cpp-server-rdma-0.22-8.el6.x86_64
        qpid-cpp-server-ssl-0.22-8.el6.x86_64
        qpid-cpp-server-store-0.22-8.el6.x86_64
        qpid-cpp-server-xml-0.22-8.el6.x86_64
        qpid-cpp-tar-0.22-8.el6.noarch
        qpid-java-client-0.22-5.el6.noarch
        qpid-java-common-0.22-5.el6.noarch
        qpid-java-example-0.22-5.el6.noarch
        qpid-proton-c-0.4-2.2.el6.x86_64
        qpid-proton-c-devel-0.4-2.2.el6.x86_64
        qpid-proton-debuginfo-0.4-2.2.el6.x86_64
        qpid-qmf-0.22-7.el6.x86_64
        qpid-qmf-debuginfo-0.22-7.el6.x86_64
        qpid-qmf-devel-0.22-7.el6.x86_64
        qpid-snmpd-1.0.0-12.el6.x86_64
        qpid-snmpd-debuginfo-1.0.0-12.el6.x86_64
        qpid-tests-0.22-4.el6.noarch
        qpid-tools-0.22-3.el6.noarch
        rh-qpid-cpp-tests-0.22-8.el6.x86_64
        saslwrapper-0.22-3.el6.x86_64
        saslwrapper-devel-0.22-3.el6.x86_64
      }
    }
  }
Comment 11 Jared MORGAN 2014-09-16 20:49:22 EDT
(In reply to Ernie from comment #4)
> Created attachment 696160 [details]
> Adds --sasl-mechanism --ssl-certificate and --ssl-key to qpid-tool and
> changes qpid-config usage text
> 
> Added --ssl-key to patch to match fix from bug 895535

Hmm, there doesn't seem to be specific mention in the MICG about the new parameters for qpid-tool.

There is a section describing how to use qpid-tool, but not specifically how or when to use SASL

http://docbuilder.usersys.redhat.com/18173/#Using_qpid_tool

There is a section dealing with configuring SASL itself, but I don't think this is the place to talk about qpid-tool commands.

http://docbuilder.usersys.redhat.com/18173/#sect-Simple_Authentication_and_Security_Layer_-_SASL

Are we relying on customers looking at the --help for the tool to learn about the features?

If we should document these parameters specifically, I can do this after the 3.0 GA.
Comment 12 Ernie 2014-09-17 08:15:21 EDT
(In reply to Jared MORGAN from comment #11)
> (In reply to Ernie from comment #4)
> > Created attachment 696160 [details]
> > Adds --sasl-mechanism --ssl-certificate and --ssl-key to qpid-tool and
> > changes qpid-config usage text
> > 
> > Added --ssl-key to patch to match fix from bug 895535
> 
> Hmm, there doesn't seem to be specific mention in the MICG about the new
> parameters for qpid-tool.
> 
> There is a section describing how to use qpid-tool, but not specifically how
> or when to use SASL
> 
> http://docbuilder.usersys.redhat.com/18173/#Using_qpid_tool
> 
> There is a section dealing with configuring SASL itself, but I don't think
> this is the place to talk about qpid-tool commands.
> 
> http://docbuilder.usersys.redhat.com/18173/#sect-
> Simple_Authentication_and_Security_Layer_-_SASL
> 
> Are we relying on customers looking at the --help for the tool to learn
> about the features?
> 
> If we should document these parameters specifically, I can do this after the
> 3.0 GA.

The new parameters for qpid-tool should be documented in the #Using_qpid_tool section.
Comment 14 errata-xmlrpc 2014-09-24 11:03:03 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-1296.html

Note You need to log in before you can comment on or make changes to this bug.