[
https://issues.apache.org/jira/browse/DISPATCH-321?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ganesh Murthy updated DISPATCH-321:
-----------------------------------
Description:
Setup a listener with SASL PLAIN authentication on dispatch and use a client to
connect to the listener using the wrong PLAIN username/password.
Dispatch closes the connection without sending the SASL-OUTCOME frame.
Here is the trace from the client connecting to the router
{noformat}
Dispatch:
2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 writing protocol
header: 1-0
2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 read protocol
header: 1-0
2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 Received
SASL-MECHANISMS(PLAIN DIGEST-MD5 CRAM-MD5 )
2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 Sent
SASL-INIT(PLAIN, \x00admin@QPID\x00adminxxx, localhost)
qpid-receive: Connect failed to amqp:tcp:localhost:5672: Reconnect disabled
{noformat}
Here is the trace from the router side with PN_TRACE_FRM=1
{noformat}
[0x25bd9e0]: -> SASL
[0x25bd9e0]: <- SASL
[0x25bd9e0]:0 <- @sasl-mechanisms(64)
[sasl-server-mechanisms=@PN_SYMBOL[:"DIGEST-MD5", :PLAIN]]
[0x25bd9e0]:0 -> @sasl-init(65) [mechanism=:PLAIN,
initial-response=b"\[email protected]\x00password1"]
[0x25bd9e0]: <- EOS
[0x25bd9e0]: -> EOS
Closed 127.0.0.1:24976
{noformat}
The above clearly shows that the router is not sending a SASL-OUTCOME but
prematurely closes the connection.
was:
Setup a listener with SASL PLAIN authentication on dispatch and use a client to
connect to the listener using the wrong PLAIN username/password.
Dispatch closes the connection without sending the SASL-OUTCOME frame.
Here is the trace from the client connecting to the router
{noformat}
Dispatch:
2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 writing protocol
header: 1-0
2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 read protocol
header: 1-0
2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 Received
SASL-MECHANISMS(PLAIN DIGEST-MD5 CRAM-MD5 )
2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 Sent
SASL-INIT(PLAIN, \x00admin@QPID\x00adminxxx, localhost)
qpid-receive: Connect failed to amqp:tcp:localhost:5672: Reconnect disabled
{noformat}
> Dispatch does not send out SASL-OUTCOME frame on sasl failure
> -------------------------------------------------------------
>
> Key: DISPATCH-321
> URL: https://issues.apache.org/jira/browse/DISPATCH-321
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Container
> Affects Versions: 0.6.0
> Reporter: Ganesh Murthy
>
> Setup a listener with SASL PLAIN authentication on dispatch and use a client
> to connect to the listener using the wrong PLAIN username/password.
> Dispatch closes the connection without sending the SASL-OUTCOME frame.
> Here is the trace from the client connecting to the router
> {noformat}
> Dispatch:
> 2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 writing protocol
> header: 1-0
> 2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 read protocol
> header: 1-0
> 2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 Received
> SASL-MECHANISMS(PLAIN DIGEST-MD5 CRAM-MD5 )
> 2016-05-09 03:08:00 [Protocol] debug tcp:localhost:5672 Sent
> SASL-INIT(PLAIN, \x00admin@QPID\x00adminxxx, localhost)
> qpid-receive: Connect failed to amqp:tcp:localhost:5672: Reconnect disabled
> {noformat}
> Here is the trace from the router side with PN_TRACE_FRM=1
> {noformat}
> [0x25bd9e0]: -> SASL
> [0x25bd9e0]: <- SASL
> [0x25bd9e0]:0 <- @sasl-mechanisms(64)
> [sasl-server-mechanisms=@PN_SYMBOL[:"DIGEST-MD5", :PLAIN]]
> [0x25bd9e0]:0 -> @sasl-init(65) [mechanism=:PLAIN,
> initial-response=b"\[email protected]\x00password1"]
> [0x25bd9e0]: <- EOS
> [0x25bd9e0]: -> EOS
> Closed 127.0.0.1:24976
> {noformat}
> The above clearly shows that the router is not sending a SASL-OUTCOME but
> prematurely closes the connection.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
