| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1496545 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1496466 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
| |
- Clean up code for accounting for sent frames
- merged Connection and ConnectionState into Connection
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1494639 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
- was only used by removed cluster support
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1491584 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1491581 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
This issue evolved a bit between the original discussion and the final
commit. See https://reviews.apache.org/r/10658/ for the details.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1477112 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
allowing sub-second intervals.
Provides string conversion for sys::Duration, allowing intervals to be expressed like this:
10.5 - value in seconds, backward compatible.
10.5s - value in seconds
10.5ms - value in milliseconds
10.5us - value in microseconds
10.5ns - value in nanoseconds
Converted the folllowing broker options to Duration:
mgmtPubInterval, queueCleanInterval, linkMaintenanceInterval, linkHeartbeatInterval
Did not convert: maxNegotiateTime. This is expressed in milliseconds so it would not be
backward compatible to make it a Duration.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1469661 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
- Removed all unnecessary includes from qpid/broker/Connection.h
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1440778 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1425038 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1400177 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
Dillaman)
Rework ManagementAgent locks, get rid of shared buffers that were points of contention.
Minor log message improvements in ha code.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1398530 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
from Pavel Moravec
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1382830 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1361262 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
- Updated test framework to use credentials
- Updated BrokerReplicator to use HA identity to create configuration
- Updated documentation with a HA security section.
- Updated qpid-ha to take --sasl-mechanism
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1359412 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
| |
authentication
Catch-up shadow connections were not being authenticated which caused two problems:
- new brokers failed to join the cluster if there was an authenticated session.
- possible security loophole that would allow an intruder to gain access to a catch-up broker.
All external connections are now fully authenticated, which solves both problems.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1352992 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
| |
Applied patch from Andy Goldstein.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1347044 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1339403 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Introduce HA broker state machien
- Inform backup queues when ready.
- Incomplete implementation of backup ready check.
- does not count correctly after a failover, see countUnready.
- Existing replicator bridges updated out of sync with BrokerReplicator initialize.
- Does not handle multi-messages responses.
- Newly promoted HA primary waits for backups to be ready before accepting clients.
- Uniform log prefixes for HA messages.
- qpid-ha tests, call qpid-ha python code directly.
- Move excluder from Backup to HaBroker, it is also used in PROMOTING.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1338889 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
Tidied up header use of FieldValue.h
- Removed all unnecessary includes of FieldValue.h from other header
files especially Array.h. (This avoids the world recompiling when working
on FieldValue!)
- Corrected up header guards in Array.h
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1306595 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
| |
Merged from qpid-3603-7. This is basic support for the new HA approach.
For information & limitations see qpid/cpp/design_docs/new-ha-design.txt.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1245587 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1231221 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
node.
Changes missed from previous commit.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1182514 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1182212 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
Prevent infinite loop when unable to decode frame in SASL security layer.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1162060 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The initial fix for this bug was incomplete.
The original bug was triggered by a faulty client sending
session.attach before connection.open. The special case is when the
session.attach is on channel 0. This commit fixes the broker for all
cases where a faulty client sends frames before completly opening the
connection.
Older versions of the Java client are known to send this faulty sequence sporadically,
see https://issues.apache.org/jira/browse/QPID-3042.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1159329 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
- Removed a bunch of variables set but not further used.
- Rejigged some asserts which would now have unused vars
if compiler -DNDEBUG
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1133166 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
tag is present in the client/server properties"
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1132623 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
| |
provided by the transport layer when starting SASL.
This allows the SASL mechanism EXTERNAL to be satisfied with
SSL transport security.
The test, sasl_fed_ex, uses this SASL/SSL security on a
federated link between two brokers.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1050162 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It provides a way to tell SaslFactory that console
interaction is NOT ok. i.e. if the code is running
as part of a broker, or a demonized client of some
kind. Just tell it to never do interaction, and any
patch attempt to interact will be treated as an error.
This script demonstrates that all goes well if you supply enough info :
rm -rf /tmp/data_1 /tmp/data_2
mkdir /tmp/data_1 /tmp/data_2
# in window 1:
../qpidd -p 5672 --data-dir /tmp/data_1 --auth=yes --mgmt-enable=yes \
--log-enable info+ ./qpidd_1.log --log-source yes \
--sasl-config=/home/mick/trunk/qpid/cpp/src/tests/sasl_config
# in window 2:
../qpidd -p 10000 --data-dir /tmp/data_2 --auth=yes --mgmt-enable=yes \
--log-enable info+ ./qpidd_1.log --log-source yes \
--sasl-config=/home/mick/trunk/qpid/cpp/src/tests/sasl_config
# in window 3 ( from qpid dir )
./tools/src/py/qpid-route dynamic add zig/zig@localhost zig/zig@localhost:10000 qmf.default.direct
# and now view the created route
./tools/src/py/qpid-route route list localhost:5672
If you say auth=no, that works fine also.
HOWEVER PLEASE NOTE --
if you say auth=yes, but then do not supply enough into to avoid the need for interaction,
the attempted interaction will result in the connection being closed. Then the originating broker
will re-try the connection, and you will get a two-broker infinite loop until you fix it.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1040689 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-------------------------------------------------------------
1. Brokers already knew how to handle the server side of SASLized
links, but not the client side. So we promoted the client-side
SASL code from the client library to the common library so that
the broker could also use it. This affected SaslFactory.{h,cpp}
and Sasl.h
TODO -- can the server-side and client-side code be unified here?
2. Some of the SASL verbs in broker/ConnectionHandler.cpp are
expanded: start, secure, tune.
3. broker/SecureConnection is altered to get the client-broker and
the server-broker to agree on when the security layer should be
inserted.
4. the python tool qpid-route is modified so that, in the "route add"
command, you can specify the security mechanism for SASL to use.
TODO -- should we also pass in {min,max}SSF ?
5. Changes in broker/LinkRegistry to allow the information input by
qpid-route to be passed up to where it is needed.
6. A bash script test run by "make check" that creates a SASLized
federation link and sends some messages down it.
TODO - write a python unit test instead of a bash script. I
think I uncovered a bug in the python code when I tried.
7. NOTE - testing for this feature does not work with versions of
SASL earlier than 2.1.22, becuase I can't tell SASL to use a
SASL database file in a nonstandard location. The test is
disabled for earlier versions.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1024541 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The connection negotiation phase up to the "open" or "open-ok" frame
establishes whether/what encryption to use for the rest of the
connection.
With this patch a cluster broker completes the initial negotiation
with its local clients and only then begins multicasting to other
brokers. The local broker decrypts if necessary and multicasts in the
clear.
This replaces a problematic locking scheme that was formerly in place
which caused deadlocks.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@952692 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
encryption.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@950608 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
- was using "none" not empty string for no ID.
- was multicasting secure id for update and shadow connections.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@948967 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-----------------------------------
* initial observation of a problem was a 2% failure rate in perftests
of 20,000 messages against a cluster with security enabled.
Problem was occasional receit of encrypted frames before the
security codec had been enabled. This is fixed with locking in
cluster code (no new locks in broker code) and a callback that is
fired by broker::ConnectionHandler::Handler to tell the cluster
code when the opening handshake has finished.
This was never a problem in the non-clustered broker before because
everything happened in a single thread.
* the brokers that "shadow" the connection must not have null
authenticators rather than real ones, so that they go through all
the motions but don't do anythig. Only the directly-connected
broker can perform the security handshake.
* once the directly-connected broker receives the real user ID
from its callback, it mcasts that ID to all other brokers.
Otherwise the shadowing brokers will al think that the user ID
is "anonymous".
Check this by doing a substantial perftest, and using
qpid-stat -c localhost:PORT
to confirm that the brokers all have the same userID for the
same connection.
* the user ID, negotiated during the Sasl security startup, is
communicated from the directly connected broker to all other
cluster brokers.
* If security is *not* being used, then this code should *not* tell
the brokers anything about the userID -- or it will step on the value
that is being set by other code pathways.
* test program at cpp/src/tests/cluster_authentication_soak is not yet
fully automated -- run it with something like
"sudo ./cluster_authentication_soak 500"
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@944158 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@793909 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
inter-broker link must echo heratbeats (as these are set to the maximum allowed value for such links).
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@792237 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
- Changes to the cluster code were previously missed
- It's neater and more correct to reset the traffic
timeout for all connection traffic, not just traffic
in a session
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@782696 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
broker generated heartbeat)
- Broker now disconnects client if it receives no traffic in
2 heartbeat intervals (which is now the same as the client behvaiour)
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@782651 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
- Handle partial failures (e.g. due to disk error): failing brokers shut down, others continue.
- Enable persistence in cluster tests.
- Correct message status in DeliveryRecord updates.
- Remove qpid.update queue when update complete - avoid it becoming persistent
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@764204 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
outgoing links.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@752897 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
management.
Supported in C++, Python, and Ruby clients.
Still needs to be added to the Java clients.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@747389 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
producer throttling in the Connection.OpenOK message.
Broker only tries to apply flow control to client if it
has received the property in the Connection.OpenOK message.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@740135 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
known-hosts
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@736354 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
- Server sends possible heartbeat range and client replies with desired
heartbeat as part of the tune-tuneOk exchange
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@734220 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
* SASL security layer support for c++ client and broker
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@732082 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@725488 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@713838 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@711989 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@709283 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@705337 13f79535-47bb-0310-9956-ffa450edef68
|
