Red Hat Bugzilla – Bug 975430
SASL layer doesn't work for AMQP 1.0, broker initiated connections
Last modified: 2015-01-21 07:56:57 EST
Description of problem: When requesting the broker to establish a link to some external process using AMQP 1.0, if a SASL layer is used the connection handshake does not complete. Version-Release number of selected component (if applicable): qpid 0.22 How reproducible: 100% Steps to Reproduce: 1. start 2 brokers, A and B, with 1.0 enabled 2. qpidt create domain BrokerB url=<brokerA> sasl_mechanisms=PLAIN username=blah password=blah 3. qpid-receive -b <brokerB> --address 'q; {create: always}' -f 4. qpid-send --connection-options {protocol:amqp1.0} --address q@BrokerB --send-eos 1 Actual results: qpid-receive in step3 never receives the message (if instead you use sasl_mechanisms=NONE in step 2 to disable SASL then it will - assuming broker b has auth=no) Expected results: receiver gets message and then exists Additional info:
See https://svn.apache.org/repos/asf/qpid/trunk/qpid/cpp/src/tests/qpidt for qpidt utility.
To reproduce: I started the brokers this way: ------------------------------------------------------------ #! /bin/bash QPIDD=qpidd echo $QPIDD rm -rf /tmp/mick mkdir /tmp/mick PORT=5801 $QPIDD \ -p ${PORT} \ --data-dir /tmp/mick/data_${PORT} \ --auth=yes \ --mgmt-enable=yes \ --log-enable info+ \ --log-to-file /tmp/mick/qpidd_${PORT}.log \ --log-source yes \ --sasl-config=/home/mick/trunk/qpid/cpp/build/src/tests/sasl_config \ -d echo "started broker $PORT " PORT=5802 $QPIDD \ -p ${PORT} \ --data-dir /tmp/mick/data_${PORT} \ --auth=yes \ --mgmt-enable=yes \ --log-enable info+ \ --log-to-file /tmp/mick/qpidd_${PORT}.log \ --log-source yes \ --sasl-config=/home/mick/trunk/qpid/cpp/build/src/tests/sasl_config \ -d echo "started broker $PORT " The sasl_config dir was created this way: ------------------------------------------------------------------ SASL_PW=/usr/sbin/saslpasswd2 test -x $SASL_PW || { echo Skipping SASL test, saslpasswd2 not found; exit 0; } mkdir -p sasl_config # Create configuration file. cat > sasl_config/qpidd.conf <<EOF pwcheck_method: auxprop auxprop_plugin: sasldb sasldb_path: $PWD/sasl_config/qpidd.sasldb sql_select: dummy select mech_list: ANONYMOUS PLAIN DIGEST-MD5 EXTERNAL CRAM-MD5 EOF # Populate temporary sasl db. SASLTEST_DB=./sasl_config/qpidd.sasldb rm -f $SASLTEST_DB echo guest | $SASL_PW -c -p -f $SASLTEST_DB -u QPID guest echo zig | $SASL_PW -c -p -f $SASLTEST_DB -u QPID zig echo zag | $SASL_PW -c -p -f $SASLTEST_DB -u QPID zag And here are the repro commands ----------------------------------------------- qpidt --broker localhost:5801 create domain BrokerB url=localhost:5802 sasl_mechanisms=PLAIN username=guest password=guest qpid-receive -b localhost:5802 --address 'q; {create: always}' -f qpid-send --broker localhost:5801 --connection-options {protocol:amqp1.0} --address q@BrokerB --send-eos 1 successful repro of bug-FIXED behavior using these packages { cyrus-sasl-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64 cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64 python-qpid-0.22-4.el6.noarch python-qpid-qmf-0.22-9.el6.x86_64 python-saslwrapper-0.22-3.el6.x86_64 qpid-cpp-client-0.22-11.el6.x86_64 qpid-cpp-client-devel-0.22-11.el6.x86_64 qpid-cpp-client-devel-docs-0.22-11.el6.noarch qpid-cpp-client-rdma-0.22-11.el6.x86_64 qpid-cpp-client-ssl-0.22-11.el6.x86_64 qpid-cpp-debuginfo-0.22-11.el6.x86_64 qpid-cpp-server-0.22-11.el6.x86_64 qpid-cpp-server-devel-0.22-11.el6.x86_64 qpid-cpp-server-ha-0.22-11.el6.x86_64 qpid-cpp-server-rdma-0.22-11.el6.x86_64 qpid-cpp-server-ssl-0.22-11.el6.x86_64 qpid-cpp-server-store-0.22-11.el6.x86_64 qpid-cpp-server-xml-0.22-11.el6.x86_64 qpid-cpp-tar-0.22-11.el6.noarch qpid-java-client-0.22-5.el6.noarch qpid-java-common-0.22-5.el6.noarch qpid-java-example-0.22-5.el6.noarch qpid-proton-c-0.4-2.2.el6.x86_64 qpid-proton-c-devel-0.4-2.2.el6.x86_64 qpid-proton-debuginfo-0.4-2.2.el6.x86_64 qpid-qmf-0.22-9.el6.x86_64 qpid-qmf-debuginfo-0.22-9.el6.x86_64 qpid-qmf-devel-0.22-9.el6.x86_64 qpid-snmpd-1.0.0-12.el6.x86_64 qpid-snmpd-debuginfo-1.0.0-12.el6.x86_64 qpid-tests-0.22-4.el6.noarch qpid-tools-0.22-3.el6.noarch saslwrapper-0.22-3.el6.x86_64 saslwrapper-devel-0.22-3.el6.x86_64 }
Since it's a skip-errata bug, I am content with only showing that the problem no longer exists in latest packages. ---> verified !