qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From acon...@apache.org
Subject svn commit: r965979 - in /qpid/trunk/qpid/cpp: src/qpid/cluster/Cluster.cpp src/qpid/cluster/Connection.cpp src/qpid/cluster/Connection.h src/qpid/cluster/UpdateClient.cpp src/tests/cluster_tests.py xml/cluster.xml
Date Tue, 20 Jul 2010 19:56:42 GMT
Author: aconway
Date: Tue Jul 20 19:56:42 2010
New Revision: 965979

URL: http://svn.apache.org/viewvc?rev=965979&view=rev
Log:
Fix bug in cluster with authentication: nodes exit with "unauthorized-access"

Adding a node to a cluster on which authentication is enabled and on
which there are existing connections authenticated with mechanisms
other than anonymous, may result in nodes exiting the cluster with
inconsistent authorisation errors.

Modified:
    qpid/trunk/qpid/cpp/src/qpid/cluster/Cluster.cpp
    qpid/trunk/qpid/cpp/src/qpid/cluster/Connection.cpp
    qpid/trunk/qpid/cpp/src/qpid/cluster/Connection.h
    qpid/trunk/qpid/cpp/src/qpid/cluster/UpdateClient.cpp
    qpid/trunk/qpid/cpp/src/tests/cluster_tests.py
    qpid/trunk/qpid/cpp/xml/cluster.xml

Modified: qpid/trunk/qpid/cpp/src/qpid/cluster/Cluster.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/cluster/Cluster.cpp?rev=965979&r1=965978&r2=965979&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/cluster/Cluster.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/cluster/Cluster.cpp Tue Jul 20 19:56:42 2010
@@ -197,7 +197,7 @@ namespace _qmf = ::qmf::org::apache::qpi
  * Currently use SVN revision to avoid clashes with versions from
  * different branches.
  */
-const uint32_t Cluster::CLUSTER_VERSION = 956001;
+const uint32_t Cluster::CLUSTER_VERSION = 964709;
 
 struct ClusterDispatcher : public framing::AMQP_AllOperations::ClusterHandler {
     qpid::cluster::Cluster& cluster;

Modified: qpid/trunk/qpid/cpp/src/qpid/cluster/Connection.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/cluster/Connection.cpp?rev=965979&r1=965978&r2=965979&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/cluster/Connection.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/cluster/Connection.cpp Tue Jul 20 19:56:42 2010
@@ -304,10 +304,17 @@ size_t Connection::decode(const char* da
     const char* ptr = data;
     const char* end = data + size;
     if (catchUp) {              // Handle catch-up locally.
+        bool wasOpen = connection->isOpen();
         Buffer buf(const_cast<char*>(ptr), size);
         ptr += size;
         while (localDecoder.decode(buf))
             received(localDecoder.getFrame());
+        if (!wasOpen && connection->isOpen()) {
+            // Connections marked as federation links are allowed to proxy
+            // messages with user-ID that doesn't match the connection's
+            // authenticated ID. This is important for updates.
+            connection->setFederationLink(isCatchUp());
+        }
     }
     else {                      // Multicast local connections.
         assert(isLocalClient());
@@ -384,6 +391,10 @@ void Connection::shadowPrepare(const std
     updateIn.nextShadowMgmtId = mgmtId;
 }
 
+void Connection::shadowSetUser(const std::string& userId) {
+    connection->setUserId(userId);
+}
+
 void Connection::consumerState(const string& name, bool blocked, bool notifyEnabled,
const SequenceNumber& position)
 {
     broker::SemanticState::ConsumerImpl& c = semanticState().find(name);

Modified: qpid/trunk/qpid/cpp/src/qpid/cluster/Connection.h
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/cluster/Connection.h?rev=965979&r1=965978&r2=965979&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/cluster/Connection.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/cluster/Connection.h Tue Jul 20 19:56:42 2010
@@ -114,6 +114,8 @@ class Connection :
     // State update methods.
     void shadowPrepare(const std::string&);
 
+    void shadowSetUser(const std::string&);
+
     void sessionState(const framing::SequenceNumber& replayStart,
                       const framing::SequenceNumber& sendCommandPoint,
                       const framing::SequenceSet& sentIncomplete,

Modified: qpid/trunk/qpid/cpp/src/qpid/cluster/UpdateClient.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/cluster/UpdateClient.cpp?rev=965979&r1=965978&r2=965979&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/cluster/UpdateClient.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/cluster/UpdateClient.cpp Tue Jul 20 19:56:42 2010
@@ -365,6 +365,8 @@ void UpdateClient::updateConnection(cons
 
     connectionSettings.maxFrameSize = bc.getFrameMax();
     shadowConnection.open(updateeUrl, connectionSettings);
+    ClusterConnectionProxy(shadowConnection).shadowSetUser(bc.getUserId());
+
     bc.eachSessionHandler(boost::bind(&UpdateClient::updateSession, this, _1));
     // Safe to use decoder here because we are stalled for update.
     std::pair<const char*, size_t> fragment = decoder.get(updateConnection->getId()).getFragment();

Modified: qpid/trunk/qpid/cpp/src/tests/cluster_tests.py
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/tests/cluster_tests.py?rev=965979&r1=965978&r2=965979&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/tests/cluster_tests.py (original)
+++ qpid/trunk/qpid/cpp/src/tests/cluster_tests.py Tue Jul 20 19:56:42 2010
@@ -157,6 +157,19 @@ acl allow all all
             self.fail("Expected exception")
         except messaging.exceptions.NotFound: pass
 
+    def test_user_id_update(self):
+        """Ensure that user-id of an open session is updated to new cluster members"""
+        sasl_config=os.path.join(self.rootdir, "sasl_config")
+        cluster = self.cluster(1, args=["--auth", "yes", "--sasl-config", sasl_config,])
+        c = cluster[0].connect(username="zig", password="zig")
+        s = c.session().sender("q;{create:always}")
+        s.send(Message("x", user_id="zig")) # Message sent before start new broker
+        cluster.start()
+        s.send(Message("y", user_id="zig")) # Messsage sent after start of new broker
+        # Verify brokers are healthy and messages are on the queue.
+        self.assertEqual("x", cluster[0].get_message("q").content)
+        self.assertEqual("y", cluster[1].get_message("q").content)
+
     def test_link_events(self):
         """Regression test for https://bugzilla.redhat.com/show_bug.cgi?id=611543"""
         args = ["--mgmt-pub-interval", 1] # Publish management information every second.

Modified: qpid/trunk/qpid/cpp/xml/cluster.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/xml/cluster.xml?rev=965979&r1=965978&r2=965979&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/xml/cluster.xml (original)
+++ qpid/trunk/qpid/cpp/xml/cluster.xml Tue Jul 20 19:56:42 2010
@@ -159,11 +159,16 @@
 	 - send shadow-ready to mark end of shadow update.
 	 - send membership when entire update is complete.
     -->
+    <!-- Send the user-id for an update connection. -->
+    <control name="shadow-set-user" code="0x0E">
+      <field name="user-id" type="str16"/>
+    </control>
+
     <!-- Prepare to send a shadow connection with the given ID. -->
     <control name="shadow-prepare" code="0x0F">
       <field name="management-id" type="str16"/>
     </control>
-    
+
     <!-- Consumer state that cannot be set by standard AMQP controls. -->
     <control name="consumer-state" code="0x10">
       <field name="name" type="str8"/>



---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org


Mime
View raw message