activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Timothy Bish (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (AMQ-5470) AMQP - delayed authentication from SASL connect leads to race on client end.
Date Wed, 04 Mar 2015 19:43:39 GMT

     [ https://issues.apache.org/jira/browse/AMQ-5470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Timothy Bish resolved AMQ-5470.
-------------------------------
    Resolution: Fixed

Fixed on master, when possible the AMQP stack will attempt to authenticate at the SASL level
and fail early instead of waiting until connection open.  

> AMQP - delayed authentication from SASL connect leads to race on client end.
> ----------------------------------------------------------------------------
>
>                 Key: AMQ-5470
>                 URL: https://issues.apache.org/jira/browse/AMQ-5470
>             Project: ActiveMQ
>          Issue Type: Sub-task
>          Components: AMQP
>    Affects Versions: 5.10.0
>            Reporter: Timothy Bish
>            Assignee: Timothy Bish
>             Fix For: 5.12.0
>
>         Attachments: AMQ-5470.patch
>
>
> We currently delay checking the credentials provided during the SASL negotiation and
also checking if anonymous client connects are legal until after opening the proton connection
and then we send an error condition indicating the failure and close the connection.  This
can lead to a race on the client end where it looks for a breif moment in time that the connection
succeeded.  During that time the client might attempt some further action and then fail in
an odd way as the connection is closed under it.  
> We should look into authenticating immediately and failing the SASL handshake if not
authorized.  We should also consider whether we want to support raw connections with a SASL
handshake as well since without at least a SASL ANONYMOUS handshake we can get back into this
issue unless we just forcibly close the socket on a client if we don't support anonymous connections.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message