diff options
| author | Alan Conway <aconway@apache.org> | 2012-06-22 18:39:56 +0000 |
|---|---|---|
| committer | Alan Conway <aconway@apache.org> | 2012-06-22 18:39:56 +0000 |
| commit | 4952afa1c6ce3d6cf0e89125ba20279cccd04931 (patch) | |
| tree | 7d35af6c1afc73ebdf08bf7820df4612374d8ccf /cpp/src/tests | |
| parent | ffb1fcab7b1bcd4b48bf2b0d16f68fd17d24a84e (diff) | |
| download | qpid-python-4952afa1c6ce3d6cf0e89125ba20279cccd04931.tar.gz | |
QPID-3849: Client connection breaks broker-to-broker cluster SASL authentication
Catch-up shadow connections were not being authenticated which caused two problems:
- new brokers failed to join the cluster if there was an authenticated session.
- possible security loophole that would allow an intruder to gain access to a catch-up broker.
All external connections are now fully authenticated, which solves both problems.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1352992 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'cpp/src/tests')
| -rwxr-xr-x | cpp/src/tests/cluster_tests.py | 12 | ||||
| -rwxr-xr-x | cpp/src/tests/sasl_test_setup.sh | 2 |
2 files changed, 13 insertions, 1 deletions
diff --git a/cpp/src/tests/cluster_tests.py b/cpp/src/tests/cluster_tests.py index 09eebc5ec9..3c96b252df 100755 --- a/cpp/src/tests/cluster_tests.py +++ b/cpp/src/tests/cluster_tests.py @@ -227,6 +227,18 @@ acl deny all all self.assertEqual("x", cluster[0].get_message("q").content) self.assertEqual("y", cluster[1].get_message("q").content) + def test_other_mech(self): + """Test using a mechanism other than PLAIN/ANONYMOUS for cluster update authentication. + Regression test for https://issues.apache.org/jira/browse/QPID-3849""" + sasl_config=os.path.join(self.rootdir, "sasl_config") + cluster = self.cluster(2, args=["--auth", "yes", "--sasl-config", sasl_config, + "--cluster-username=zig", + "--cluster-password=zig", + "--cluster-mechanism=DIGEST-MD5"]) + cluster[0].connect() + cluster.start() # Before the fix this broker falied to join the cluster. + cluster[2].connect() + def test_link_events(self): """Regression test for https://bugzilla.redhat.com/show_bug.cgi?id=611543""" args = ["--mgmt-pub-interval", 1] # Publish management information every second. diff --git a/cpp/src/tests/sasl_test_setup.sh b/cpp/src/tests/sasl_test_setup.sh index 3e69c0f02b..3947986517 100755 --- a/cpp/src/tests/sasl_test_setup.sh +++ b/cpp/src/tests/sasl_test_setup.sh @@ -30,7 +30,7 @@ pwcheck_method: auxprop auxprop_plugin: sasldb sasldb_path: $PWD/sasl_config/qpidd.sasldb sql_select: dummy select -mech_list: ANONYMOUS PLAIN DIGEST-MD5 EXTERNAL +mech_list: ANONYMOUS PLAIN DIGEST-MD5 EXTERNAL CRAM-MD5 EOF # Populate temporary sasl db. |