diff options
| author | Michael Goulish <mgoulish@apache.org> | 2011-12-16 13:40:58 +0000 |
|---|---|---|
| committer | Michael Goulish <mgoulish@apache.org> | 2011-12-16 13:40:58 +0000 |
| commit | 345dac43c4453608f3b53728dcd310ff4767a544 (patch) | |
| tree | cd99fd6848b25796ab40fdf005a7ed2aec75971c /qpid/cpp | |
| parent | aa9fedb25476899e0a34ec9e7e48d456ee62b97d (diff) | |
| download | qpid-python-345dac43c4453608f3b53728dcd310ff4767a544.tar.gz | |
QPID-3438
fix cluster causing cnx leak when bad credentials are given in login attempt.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1215127 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/cpp')
| -rw-r--r-- | qpid/cpp/src/qpid/broker/Connection.cpp | 3 | ||||
| -rw-r--r-- | qpid/cpp/src/qpid/broker/Connection.h | 8 | ||||
| -rw-r--r-- | qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp | 1 | ||||
| -rw-r--r-- | qpid/cpp/src/qpid/cluster/Cluster.cpp | 9 | ||||
| -rw-r--r-- | qpid/cpp/src/qpid/cluster/Cluster.h | 2 | ||||
| -rw-r--r-- | qpid/cpp/src/qpid/cluster/Connection.cpp | 7 |
6 files changed, 27 insertions, 3 deletions
diff --git a/qpid/cpp/src/qpid/broker/Connection.cpp b/qpid/cpp/src/qpid/broker/Connection.cpp index 8451f35cb0..9df49b3ff1 100644 --- a/qpid/cpp/src/qpid/broker/Connection.cpp +++ b/qpid/cpp/src/qpid/broker/Connection.cpp @@ -100,7 +100,8 @@ Connection::Connection(ConnectionOutputHandler* out_, errorListener(0), objectId(objectId_), shadow(shadow_), - outboundTracker(*this) + outboundTracker(*this), + securityFailed(false) { outboundTracker.wrap(out); if (isLink) diff --git a/qpid/cpp/src/qpid/broker/Connection.h b/qpid/cpp/src/qpid/broker/Connection.h index 3522d70b35..e4dea33494 100644 --- a/qpid/cpp/src/qpid/broker/Connection.h +++ b/qpid/cpp/src/qpid/broker/Connection.h @@ -205,9 +205,15 @@ class Connection : public sys::ConnectionInputHandler, }; OutboundFrameTracker outboundTracker; - void sent(const framing::AMQFrame& f); + + bool securityFailed; + public: + + bool securityFailure ( ) const { return securityFailed; } + void securityFailure ( bool failed ) { securityFailed = failed; } + qmf::org::apache::qpid::broker::Connection* getMgmtObject() { return mgmtObject; } }; diff --git a/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp b/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp index d7adbd68ab..54692a2781 100644 --- a/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp +++ b/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp @@ -450,6 +450,7 @@ void CyrusAuthenticator::processAuthenticationStep(int code, const char *challen client.secure(challenge_str); } else { + connection.securityFailure ( true ); std::string uid; //save error detail before trying to retrieve username as error in doing so will overwrite it std::string errordetail = sasl_errdetail(sasl_conn); diff --git a/qpid/cpp/src/qpid/cluster/Cluster.cpp b/qpid/cpp/src/qpid/cluster/Cluster.cpp index 40bfcd9285..3c1d23c842 100644 --- a/qpid/cpp/src/qpid/cluster/Cluster.cpp +++ b/qpid/cpp/src/qpid/cluster/Cluster.cpp @@ -383,12 +383,21 @@ void Cluster::erase(const ConnectionId& id) { erase(id,l); } +void Cluster::eraseLocal(const ConnectionId& id) { + Lock l(lock); + eraseLocal(id,l); +} + // Called by Connection::deliverClose() in deliverFrameQueue thread. void Cluster::erase(const ConnectionId& id, Lock&) { connections.erase(id); decoder.erase(id); } +void Cluster::eraseLocal(const ConnectionId& id, Lock&) { + localConnections.getErase(id); +} + std::vector<string> Cluster::getIds() const { Lock l(lock); return getIds(l); diff --git a/qpid/cpp/src/qpid/cluster/Cluster.h b/qpid/cpp/src/qpid/cluster/Cluster.h index f517c1b8d0..40f1445f23 100644 --- a/qpid/cpp/src/qpid/cluster/Cluster.h +++ b/qpid/cpp/src/qpid/cluster/Cluster.h @@ -101,6 +101,7 @@ class Cluster : private Cpg::Handler, public management::Manageable { void addLocalConnection(const ConnectionPtr&); void addShadowConnection(const ConnectionPtr&); void erase(const ConnectionId&); + void eraseLocal(const ConnectionId&); // URLs of current cluster members. std::vector<std::string> getIds() const; @@ -212,6 +213,7 @@ class Cluster : private Cpg::Handler, public management::Manageable { void memberUpdate(Lock&); void setClusterId(const framing::Uuid&, Lock&); void erase(const ConnectionId&, Lock&); + void eraseLocal(const ConnectionId&, Lock&); void requestUpdate(Lock& ); void initMapCompleted(Lock&); void becomeElder(Lock&); diff --git a/qpid/cpp/src/qpid/cluster/Connection.cpp b/qpid/cpp/src/qpid/cluster/Connection.cpp index 17fcf6deb5..88a2806877 100644 --- a/qpid/cpp/src/qpid/cluster/Connection.cpp +++ b/qpid/cpp/src/qpid/cluster/Connection.cpp @@ -738,8 +738,13 @@ void Connection::sessionError(uint16_t , const std::string& msg) { void Connection::connectionError(const std::string& msg) { // Ignore errors before isOpen(), we're not multicasting yet. - if (connection->isOpen()) + if (connection->isOpen()) { cluster.flagError(*this, ERROR_TYPE_CONNECTION, msg); + } + else + if ( connection->securityFailure() ) { + cluster.eraseLocal(self); + } } void Connection::addQueueListener(const std::string& q, uint32_t listener) { |