RE: EXTERNAL: Re: Username/password authentication example from C++ docs doesn't work?

[peter.j.rich...@lmco.com]

Hi Timothy,

I added PN_TRACE_FRM=true (not PN_TRACE_FROM) to the C# client and see this 
output:

-> SASL:[1488863629:0] AMQP,3,1,0,0
<- SASL:[1488863629:0] AMQP,3,1,0,0
<- SASL:[1488863629:0] SaslMechanisms{mechanisms=PLAIN,ANONYMOUS}
-> SASL:[1488863629:0] SaslInit{mechanismPLAIN, 
initialResponse="%00admin%00admin", hostname=localhost}
<- SASL:[1488863629:0] Ok

It looks like the C# client successfully uses PLAIN?

I then added PN_TRACE_FRM=true to the C++ client, and now I see this output:

[0x1edc0b0]: SASL:FRAME:  -> SASL
[0x1edc0b0]: SASL:FRAME:  <- SASL
[0x1edc0b0]: AMQP:FRAME:0 <- @sasl-mechanisms(64) 
[sasl-server-mechanisms=@<symbol>[:PLAIN, :ANONYMOUS]]
[0x1edc0b0]:   IO:FRAME:  -> EOS
amqp:unauthorized-access: SASL(-4): no mechanism available: No worthy mechs 
found (Authentication failed [mech=none])

It looks like "PLAIN" is in the "sasl-server-mechanisms", but then it still 
says "no mechanism available". Does that mean the C++ client still doesn't have 
PLAIN enabled?

Peter

-----Original Message-----
From: Timothy Bish <tabish...@gmail.com> 
Sent: Monday, May 5, 2025 6:08 PM
To: users@qpid.apache.org
Subject: EXTERNAL: Re: EXTERNAL: Re: Username/password authentication example 
from C++ docs doesn't work?

When running the Qpid proton-dotnet client you can define the 
PN_TRACE_FROM=true environment variable to have the AMQP frames printed to the 
console, my guess would be PLAIN is being used since you set a password and the 
broker offers that by default.

On Mon, May 5, 2025 at 5:21 PM peter.j.rich...@lmco.com 
<peter.j.rich...@lmco.com> wrote:
>
> Hi Ted,
>
> > Try setting the sasl_allowed_mechs in your connection options. Try using 
> > "PLAIN".
>
> I added this line to on_container_start:
>
> co.sasl_allowed_mechs("PLAIN");
>
> And now I get a different error:
>
> amqp:unauthorized-access: SASL(-4): no mechanism available: No worthy 
> mechs found (Authentication failed [mech=none])
>
> Any idea why it's ignoring the PLAIN mechanism? I also tried adding these:
>
> co.sasl_enabled(true);
> co.sasl_allow_insecure_mechs(true);
>
> But this made no difference (same error).
>
> > Whatever you use must match what is supported on the broker-side.
>
> I believe the broker supports PLAIN, since the C# client library 
> authenticated fine.
>
> Peter
>
> -----Original Message-----
> From: Ted Ross <tr...@redhat.com.INVALID>
> Sent: Monday, May 5, 2025 4:48 PM
> To: users@qpid.apache.org
> Subject: EXTERNAL: Re: Username/password authentication example from C++ docs 
> doesn't work?
>
> Try setting the sasl_allowed_mechs in your connection options.  I believe it 
> is defaulting to ANONYMOUS, which does not use the user/password values.  Try 
> using "PLAIN".  Whatever you use must match what is supported on the 
> broker-side.
>
> -Ted
>
> On Mon, May 5, 2025 at 3:37 PM peter.j.rich...@lmco.com < 
> peter.j.rich...@lmco.com> wrote:
>
> > Hi, I'm using version 0.37.0 of the C++ library
> > (qpid-proton-cpp-0.37.0) and can't figure out how to authenticate 
> > with a username/password. My test
> > setup:
> >
> > For the broker, I run ActiveMQ Classic using this command: podman 
> > run -it --rm --net=host --env ACTIVEMQ_CONNECTION_USER=admin --env 
> > ACTIVEMQ_CONNECTION_PASSWORD=admin docker.io/apache/activemq-classic
> >
> > For the C++ client, I run the code from the "simple_send.cpp" 
> > example at 
> > https://qpid.apache.org/releases/qpid-proton-0.37.0/proton/cpp/api/s
> > im ple_send_8cpp-example.html, which I simplified to hardcode the 
> > username/password to admin/admin:
> >
> > #include <proton/connection.hpp>
> > #include <proton/connection_options.hpp> #include 
> > <proton/container.hpp> #include <proton/message.hpp> #include 
> > <proton/message_id.hpp> #include <proton/messaging_handler.hpp> 
> > #include <proton/reconnect_options.hpp> #include 
> > <proton/tracker.hpp> #include <proton/types.hpp>
> >
> > #include <iostream>
> > #include <map>
> >
> >
> > class simple_send : public proton::messaging_handler {
> >   private:
> >     std::string url;
> >     std::string user;
> >     std::string password;
> >     bool reconnect;
> >     proton::sender sender;
> >     int sent;
> >     int confirmed;
> >     int total;
> >
> >   public:
> >     simple_send(const std::string &s, const std::string &u, const 
> > std::string &p, bool r, int c) :
> >         url(s), user(u), password(p), reconnect(r), sent(0), 
> > confirmed(0),
> > total(c) {}
> >
> >     void on_container_start(proton::container &c) override {
> >         proton::connection_options co;
> >         if (!user.empty()) co.user(user);
> >         if (!password.empty()) co.password(password);
> >         if (reconnect) co.reconnect(proton::reconnect_options());
> >         sender = c.open_sender(url, co);
> >     }
> >
> >     void on_connection_open(proton::connection& c) override {
> >         if (c.reconnected()) {
> >             sent = confirmed;   // Re-send unconfirmed messages after a
> > reconnect
> >         }
> >     }
> >
> >     void on_sendable(proton::sender &s) override {
> >         while (s.credit() && sent < total) {
> >             proton::message msg;
> >             std::map<std::string, int> m;
> >             m["sequence"] = sent + 1;
> >
> >             msg.id(sent + 1);
> >             msg.body(m);
> >
> >             s.send(msg);
> >             sent++;
> >         }
> >     }
> >
> >     void on_tracker_accept(proton::tracker &t) override {
> >         confirmed++;
> >
> >         if (confirmed == total) {
> >             std::cout << "all messages confirmed" << std::endl;
> >             t.connection().close();
> >         }
> >     }
> >
> >     void on_transport_close(proton::transport &) override {
> >         sent = confirmed;
> >     }
> > };
> >
> > int main(int argc, char **argv) {
> >     std::string address = "127.0.0.1:5672/examples";
> >     std::string user = "admin";
> >     std::string password = "admin";
> >     bool reconnect = false;
> >     int message_count = 100;
> >
> >     try {
> >         simple_send send(address, user, password, reconnect, 
> > message_count);
> >         proton::container(send).run();
> >
> >         return 0;
> >     } catch (const std::exception& e) {
> >         std::cerr << e.what() << std::endl;
> >     }
> >
> >     return 1;
> > }
> >
> > When run, the C++ client crashes with this error:
> >
> > amqp:unauthorized-access: Authentication failed [mech=ANONYMOUS]
> >
> > The error message suggests (?) that the username/password I specify 
> > are not being used, since it says "mech=ANONYMOUS". Can anyone see 
> > an obvious mistake in my C++ code? Am I not setting the username/password 
> > correctly?
> > Is this a known bug in version 0.37.0?
> >
> > In contrast, I can successfully authenticate to the broker using the 
> > C# library example at 
> > https://docs.redhat.com/en/documentation/red_hat_build_of_apache_qpid_proton_dotnet/1.0/html-single/using_qpid_proton_dotnet/index.
> > In the C# example, if I specify the username/password as admin/admin 
> > then message posting succeeds, and when I specify a wrong password 
> > it fails with an authentication error.
> >
> >



--
--
Tim Bish

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional 
commands, e-mail: users-h...@qpid.apache.org