You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Ganesh Murthy (JIRA)" <ji...@apache.org> on 2016/05/09 13:58:12 UTC

[jira] [Updated] (DISPATCH-321) Dispatch does not send out SASL-OUTCOME frame on sasl failure

     [ https://issues.apache.org/jira/browse/DISPATCH-321?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ganesh Murthy updated DISPATCH-321:
-----------------------------------
    Description: 
Setup a listener with SASL PLAIN authentication on dispatch and use a client to connect to the listener using the wrong PLAIN username/password.

Dispatch closes the connection without sending the SASL-OUTCOME frame. 

Here is the trace from the client connecting to the router 

{noformat}
Dispatch:
2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 writing protocol
header: 1-0
2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 read protocol
header: 1-0
2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 Received
SASL-MECHANISMS(PLAIN DIGEST-MD5 CRAM-MD5 )
2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 Sent
SASL-INIT(PLAIN, \x00admin@QPID\x00adminxxx, localhost)
qpid-receive: Connect failed to amqp:tcp:localhost:5672: Reconnect disabled
{noformat}

Here is the trace from the router side with PN_TRACE_FRM=1
{noformat}
[0x25bd9e0]:  -> SASL
[0x25bd9e0]:  <- SASL
[0x25bd9e0]:0 <- @sasl-mechanisms(64) [sasl-server-mechanisms=@PN_SYMBOL[:"DIGEST-MD5", :PLAIN]]
[0x25bd9e0]:0 -> @sasl-init(65) [mechanism=:PLAIN, initial-response=b"\x00test@domain.com\x00password1"]
[0x25bd9e0]:  <- EOS
[0x25bd9e0]:  -> EOS
Closed 127.0.0.1:24976
{noformat}

The above clearly shows that the router is not sending a SASL-OUTCOME but prematurely closes the connection.

  was:
Setup a listener with SASL PLAIN authentication on dispatch and use a client to connect to the listener using the wrong PLAIN username/password.

Dispatch closes the connection without sending the SASL-OUTCOME frame. 

Here is the trace from the client connecting to the router 

{noformat}
Dispatch:
2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 writing protocol
header: 1-0
2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 read protocol
header: 1-0
2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 Received
SASL-MECHANISMS(PLAIN DIGEST-MD5 CRAM-MD5 )
2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 Sent
SASL-INIT(PLAIN, \x00admin@QPID\x00adminxxx, localhost)
qpid-receive: Connect failed to amqp:tcp:localhost:5672: Reconnect disabled
{noformat}


> Dispatch does not send out SASL-OUTCOME frame on sasl failure
> -------------------------------------------------------------
>
>                 Key: DISPATCH-321
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-321
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Container
>    Affects Versions: 0.6.0
>            Reporter: Ganesh Murthy
>
> Setup a listener with SASL PLAIN authentication on dispatch and use a client to connect to the listener using the wrong PLAIN username/password.
> Dispatch closes the connection without sending the SASL-OUTCOME frame. 
> Here is the trace from the client connecting to the router 
> {noformat}
> Dispatch:
> 2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 writing protocol
> header: 1-0
> 2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 read protocol
> header: 1-0
> 2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 Received
> SASL-MECHANISMS(PLAIN DIGEST-MD5 CRAM-MD5 )
> 2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 Sent
> SASL-INIT(PLAIN, \x00admin@QPID\x00adminxxx, localhost)
> qpid-receive: Connect failed to amqp:tcp:localhost:5672: Reconnect disabled
> {noformat}
> Here is the trace from the router side with PN_TRACE_FRM=1
> {noformat}
> [0x25bd9e0]:  -> SASL
> [0x25bd9e0]:  <- SASL
> [0x25bd9e0]:0 <- @sasl-mechanisms(64) [sasl-server-mechanisms=@PN_SYMBOL[:"DIGEST-MD5", :PLAIN]]
> [0x25bd9e0]:0 -> @sasl-init(65) [mechanism=:PLAIN, initial-response=b"\x00test@domain.com\x00password1"]
> [0x25bd9e0]:  <- EOS
> [0x25bd9e0]:  -> EOS
> Closed 127.0.0.1:24976
> {noformat}
> The above clearly shows that the router is not sending a SASL-OUTCOME but prematurely closes the connection.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org