744148 – Cluster authentication mechanism DIGEST-MD5 sometimes fails

Bug 744148 - Cluster authentication mechanism DIGEST-MD5 sometimes fails

Summary: Cluster authentication mechanism DIGEST-MD5 sometimes fails

Keywords:
Status:	NEW
Alias:	None
Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	qpid-cpp
Sub Component:
Version:	2.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	messaging-bugs
QA Contact:	MRG Quality Engineering
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-10-07 08:58 UTC by Zdenek Kraus
Modified:	2020-11-04 18:27 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:

Attachments	(Terms of Use)
reproducer (1.04 MB, application/x-tar) 2011-10-07 08:58 UTC, Zdenek Kraus	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Zdenek Kraus 2011-10-07 08:58:06 UTC

Created attachment 526847 [details]
reproducer

Description of problem:
Broker accepts
--cluster-mechanism=DIGEST-MD5. When brokers negotiating cluster, they starts
to communicating with MD5, but in 60% fail because of unsupported auth mechanism.


Version-Release number of selected component (if applicable):
qpid-cpp-server-*-0.10-9.el5
qpid-cpp-server-*-0.10-4.el6_1.1

How reproducible:
~60%

Steps to Reproduce:
1. set sasl mechanism for qpidd to DIGEST-MD5. Into /etc/sasl2/qpidd.conf append
mech_list: DIGEST-MD5
2. check if sasldb of qpidd has guest:guest credential. Ortherwise
saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb
3. Start main broker with --cluster-mechanism=DIGEST-MD5 --cluster-username=guest --cluster-password=guest
4. Start backup broker with --cluster-mechanism=DIGEST-MD5 --cluster-username=guest --cluster-password=guest
  
5. repeat launching brokers until they failed to authenticate

Actual results:
2011-10-06 14:00:07 notice cluster(192.168.6.2:2650 INIT) cluster-uuid =
0022b2b4-e72f-4d7a-8b56-e4c4b43edfb4
2011-10-06 14:00:07 notice cluster(192.168.6.2:2650 JOINER) joining cluster
auth-cluster-hostname
2011-10-06 14:00:07 notice Broker running
2011-10-06 14:00:07 info cluster(192.168.6.2:2650 JOINER) stall for update
offer from 192.168.6.2:2643 to 192.168.6.2:2650
2011-10-06 14:00:07 notice cluster(192.168.6.2:2650 UPDATEE) receiving update
from 192.168.6.2:2643
2011-10-06 14:00:07 info SASL: Mechanism list: DIGEST-MD5
2011-10-06 14:00:07 info 192.168.6.2:5673-192.168.6.2:38991 SASL:
Authentication succeeded for: guest@QPID
2011-10-06 14:00:07 info Queue "qpid.cluster-update": Policy created:
type=reject; maxCount=0; maxSize=104857600
2011-10-06 14:00:07 info Queue "qpid.cluster-update": Flow limit created:
flowStopCount=0, flowResumeCount=0, flowStopSize=83886080,
flowResumeSize=73400320
2011-10-06 14:00:07 warning Client closed connection with 501: Desired
mechanism(s) not valid: DIGEST-MD5 (supported: ANONYMOUS PLAIN)
(qpid/client/ConnectionHandler.cpp:250)
2011-10-06 14:00:07 critical cluster(192.168.6.2:2650 UPDATEE) catch-up
connection closed prematurely 127.0.0.1:5672-127.0.0.1:42495(192.168.6.2:2650-2
local,catchup)
2011-10-06 14:00:07 notice cluster(192.168.6.2:2650 LEFT) leaving cluster
auth-cluster-hostname
2011-10-06 14:00:07 notice Shut down


Expected results:
Brokers will authenticate correctly, every time.

Additional info:
Use attached script to reproduce error. Script will perform 16 rounds of authentication. You have manually check /var/lib/qpidd/qpidd.sasldb for credentials. Sasl mechanism for qpidd is set by script.

Note You need to log in before you can comment on or make changes to this bug.