diff options
| author | Alan Conway <aconway@apache.org> | 2012-06-22 18:39:56 +0000 |
|---|---|---|
| committer | Alan Conway <aconway@apache.org> | 2012-06-22 18:39:56 +0000 |
| commit | 4952afa1c6ce3d6cf0e89125ba20279cccd04931 (patch) | |
| tree | 7d35af6c1afc73ebdf08bf7820df4612374d8ccf /cpp/src/qpid/broker/ConnectionHandler.cpp | |
| parent | ffb1fcab7b1bcd4b48bf2b0d16f68fd17d24a84e (diff) | |
| download | qpid-python-4952afa1c6ce3d6cf0e89125ba20279cccd04931.tar.gz | |
QPID-3849: Client connection breaks broker-to-broker cluster SASL authentication
Catch-up shadow connections were not being authenticated which caused two problems:
- new brokers failed to join the cluster if there was an authenticated session.
- possible security loophole that would allow an intruder to gain access to a catch-up broker.
All external connections are now fully authenticated, which solves both problems.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1352992 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'cpp/src/qpid/broker/ConnectionHandler.cpp')
| -rw-r--r-- | cpp/src/qpid/broker/ConnectionHandler.cpp | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/cpp/src/qpid/broker/ConnectionHandler.cpp b/cpp/src/qpid/broker/ConnectionHandler.cpp index 8db136a448..a22972ddd2 100644 --- a/cpp/src/qpid/broker/ConnectionHandler.cpp +++ b/cpp/src/qpid/broker/ConnectionHandler.cpp @@ -106,9 +106,10 @@ void ConnectionHandler::setSecureConnection(SecureConnection* secured) handler->secured = secured; } -ConnectionHandler::ConnectionHandler(Connection& connection, bool isClient, bool isShadow) : handler(new Handler(connection, isClient, isShadow)) {} +ConnectionHandler::ConnectionHandler(Connection& connection, bool isClient) : + handler(new Handler(connection, isClient)) {} -ConnectionHandler::Handler::Handler(Connection& c, bool isClient, bool isShadow) : +ConnectionHandler::Handler::Handler(Connection& c, bool isClient) : proxy(c.getOutput()), connection(c), serverMode(!isClient), secured(0), isOpen(false) @@ -119,14 +120,13 @@ ConnectionHandler::Handler::Handler(Connection& c, bool isClient, bool isShadow) properties.setString(QPID_FED_TAG, connection.getBroker().getFederationTag()); - authenticator = SaslAuthenticator::createAuthenticator(c, isShadow); + authenticator = SaslAuthenticator::createAuthenticator(c); authenticator->getMechanisms(mechanisms); Array locales(0x95); boost::shared_ptr<FieldValue> l(new Str16Value(en_US)); locales.add(l); proxy.start(properties, mechanisms, locales); - } maxFrameSize = (64 * 1024) - 1; |