From 4952afa1c6ce3d6cf0e89125ba20279cccd04931 Mon Sep 17 00:00:00 2001 From: Alan Conway Date: Fri, 22 Jun 2012 18:39:56 +0000 Subject: QPID-3849: Client connection breaks broker-to-broker cluster SASL authentication Catch-up shadow connections were not being authenticated which caused two problems: - new brokers failed to join the cluster if there was an authenticated session. - possible security loophole that would allow an intruder to gain access to a catch-up broker. All external connections are now fully authenticated, which solves both problems. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1352992 13f79535-47bb-0310-9956-ffa450edef68 --- cpp/src/qpid/broker/ConnectionHandler.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'cpp/src/qpid/broker/ConnectionHandler.cpp') diff --git a/cpp/src/qpid/broker/ConnectionHandler.cpp b/cpp/src/qpid/broker/ConnectionHandler.cpp index 8db136a448..a22972ddd2 100644 --- a/cpp/src/qpid/broker/ConnectionHandler.cpp +++ b/cpp/src/qpid/broker/ConnectionHandler.cpp @@ -106,9 +106,10 @@ void ConnectionHandler::setSecureConnection(SecureConnection* secured) handler->secured = secured; } -ConnectionHandler::ConnectionHandler(Connection& connection, bool isClient, bool isShadow) : handler(new Handler(connection, isClient, isShadow)) {} +ConnectionHandler::ConnectionHandler(Connection& connection, bool isClient) : + handler(new Handler(connection, isClient)) {} -ConnectionHandler::Handler::Handler(Connection& c, bool isClient, bool isShadow) : +ConnectionHandler::Handler::Handler(Connection& c, bool isClient) : proxy(c.getOutput()), connection(c), serverMode(!isClient), secured(0), isOpen(false) @@ -119,14 +120,13 @@ ConnectionHandler::Handler::Handler(Connection& c, bool isClient, bool isShadow) properties.setString(QPID_FED_TAG, connection.getBroker().getFederationTag()); - authenticator = SaslAuthenticator::createAuthenticator(c, isShadow); + authenticator = SaslAuthenticator::createAuthenticator(c); authenticator->getMechanisms(mechanisms); Array locales(0x95); boost::shared_ptr l(new Str16Value(en_US)); locales.add(l); proxy.start(properties, mechanisms, locales); - } maxFrameSize = (64 * 1024) - 1; -- cgit v1.2.1