Loading...

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: A-MQ 7.0.0.ER8
Affects Version/s: None
Component/s: None
Labels:
- server-side

Affects:

Compatibility/Configuration, User Experience
Target Release:

A-MQ 7.0.0.GA

SFDC Cases Counter:
SFDC Cases Links:

Description

AMQP Python client is unable to pass authentication information to the broker with enabled JAAS file configuration. With GuestModule present as well, client can sneak in as anonymous/guest user and send message successfully.

$ /var/dtests/node_data/clients/aac5_sender.py  --broker-url "admin:admin@<broker>:5672/test_direct_transient_map_message" --log-msgs dict --count 1 --msg-content-map-item "string=String" --msg-content-map-item "int~1" --msg-content-map-item "float~1.0" --msg-content-map-item "empty_string=" --msg-content-map-item "negative_float~-1.3" --msg-content-map-item "string_int=1" --msg-content-map-item "string_negative_int=-1" --msg-content-map-item "negative_int~-1" --msg-content-map-item "string_float=1.0" --msg-content-map-item "string_retype_operator=~1"

[0x21129d0]:  -> SASL
[0x21129d0]:  <- SASL
[0x21129d0]:0 <- @sasl-mechanisms(64) [sasl-server-mechanisms=@PN_SYMBOL[:ANONYMOUS, :PLAIN]]
[0x21129d0]:0 -> @sasl-init(65) [mechanism=:ANONYMOUS, initial-response=b"anonymous@dhcp-75-219.lab.eng.brq.redhat.com"]
[0x21129d0]:0 <- @sasl-outcome(68) [code=0]
[0x21129d0]:  <- AMQP
[0x21129d0]:  -> AMQP
[0x21129d0]:0 -> @open(16) [container-id="e7e8654a-03e9-42ff-8efa-64d247f42192", hostname="<broker>:5672", channel-max=32767]
[0x21129d0]:0 -> @begin(17) [next-outgoing-id=0, incoming-window=2147483647, outgoing-window=2147483647]
[0x21129d0]:0 -> @attach(18) [name="e7e8654a-03e9-42ff-8efa-64d247f42192-test_direct_transient_map_message", handle=0, role=false, snd-settle-mode=2, rcv-settle-mode=0, source=@source(40) [durable=0, timeout=0, dynamic=false], target=@target(41) [address="test_direct_transient_map_message", durable=0, timeout=0, dynamic=false], initial-delivery-count=0]
[0x21129d0]:0 <- @open(16) [container-id="", hostname="", max-frame-size=4294967295, channel-max=65535, idle-time-out=30000]
[0x21129d0]:65535 <- @attach(18) [name="e7e8654a-03e9-42ff-8efa-64d247f42192-test_direct_transient_map_message", handle=0, role=true, snd-settle-mode=2, rcv-settle-mode=0, source=@source(40) []]
[0x21129d0]:0 -> @close(24) [error=@error(29) [condition=:"amqp:not-allowed", description="no such channel: 65535"]]
[0x21129d0]:  <- EOS
ERROR:root:amqp:not-allowed: no such channel: 65535
[0x212df20]:  -> SASL
[0x21129d0]:  -> EOS
[0x212df20]:  <- SASL
[0x212df20]:0 <- @sasl-mechanisms(64) [sasl-server-mechanisms=@PN_SYMBOL[:ANONYMOUS, :PLAIN]]
[0x212df20]:0 -> @sasl-init(65) [mechanism=:ANONYMOUS, initial-response=b"anonymous@dhcp-75-219.lab.eng.brq.redhat.com"]
[0x212df20]:0 <- @sasl-outcome(68) [code=0]
[0x212df20]:  <- AMQP
[0x212df20]:  -> AMQP
[0x212df20]:0 -> @open(16) [container-id="e7e8654a-03e9-42ff-8efa-64d247f42192", hostname="<broker>:5672", channel-max=32767]
[0x212df20]:0 -> @begin(17) [next-outgoing-id=0, incoming-window=2147483647, outgoing-window=2147483647]
[0x212df20]:0 -> @attach(18) [name="e7e8654a-03e9-42ff-8efa-64d247f42192-test_direct_transient_map_message", handle=0, role=false, snd-settle-mode=2, rcv-settle-mode=0, source=@source(40) [durable=0, timeout=0, dynamic=false], target=@target(41) [address="test_direct_transient_map_message", durable=0, timeout=0, dynamic=false], initial-delivery-count=0]
[0x212df20]:0 <- @open(16) [container-id="", hostname="", max-frame-size=4294967295, channel-max=65535, idle-time-out=30000]
[0x212df20]:65535 <- @attach(18) [name="e7e8654a-03e9-42ff-8efa-64d247f42192-test_direct_transient_map_message", handle=0, role=true, snd-settle-mode=2, rcv-settle-mode=0, source=@source(40) []]
[0x212df20]:0 -> @close(24) [error=@error(29) [condition=:"amqp:not-allowed", description="no such channel: 65535"]]
[0x212df20]:  <- EOS
ERROR:root:amqp:not-allowed: no such channel: 65535
[0x212e560]:  -> SASL
[0x212df20]:  -> EOS
[0x212e560]:  <- SASL
[0x212e560]:0 <- @sasl-mechanisms(64) [sasl-server-mechanisms=@PN_SYMBOL[:ANONYMOUS, :PLAIN]]
[0x212e560]:0 -> @sasl-init(65) [mechanism=:ANONYMOUS, initial-response=b"anonymous@dhcp-75-219.lab.eng.brq.redhat.com"]
[0x212e560]:0 <- @sasl-outcome(68) [code=0]
..... cycling

artemis.log

10:58:39.923 DEBUG [org.apache.activemq.artemis.core.server] Couldn't find any bindings for address=activemq.notifications on message=ServerMessage[messageID=12414,durable=true,userID=null,priority=0, bodySize=512, timestamp=0,expiration=0, durable=true, address=activemq.notifications,properties=TypedProperties[_AMQ_NotifType=SECURITY_AUTHENTICATION_VIOLATION,_AMQ_NotifTimestamp=1461920319923]]@718839608
10:58:39.923 DEBUG [org.apache.activemq.artemis.core.server] Message ServerMessage[messageID=12414,durable=true,userID=null,priority=0, bodySize=512, timestamp=0,expiration=0, durable=true, address=activemq.notifications,properties=TypedProperties[_AMQ_NotifType=SECURITY_AUTHENTICATION_VIOLATION,_AMQ_NotifTimestamp=1461920319923]]@718839608 is not going anywhere as it didn't have a binding on address:activemq.notifications
10:58:39.927 FINE  [proton.trace] IN: CH[0] : Close{error=Error{condition=amqp:not-allowed, description='no such channel: 65535', info=null}}
10:58:39.928 DEBUG [org.apache.activemq.artemis.core.server] RemotingServiceImpl::removing connection ID 379169560
10:58:39.931 FINE  [org.apache.qpid.proton.engine.impl.SaslImpl] SASL negotiation done: SaslImpl [_outcome=PN_SASL_OK, state=PN_SASL_PASS, done=true, role=SERVER]
10:58:39.933 FINE  [proton.trace] IN: CH[0] : Open{ containerId='e7e8654a-03e9-42ff-8efa-64d247f42192', hostname='<broker>:5672', maxFrameSize=4294967295, channelMax=32767, idleTimeOut=null, outgoingLocales=null, incomingLocales=null, offeredCapabilities=null, desiredCapabilities=null, properties=null}
10:58:39.933 FINE  [proton.trace] IN: CH[0] : Begin{remoteChannel=null, nextOutgoingId=0, incomingWindow=2147483647, outgoingWindow=2147483647, handleMax=4294967295, offeredCapabilities=null, desiredCapabilities=null, properties=null}
10:58:39.933 FINE  [proton.trace] IN: CH[0] : Attach{name='e7e8654a-03e9-42ff-8efa-64d247f42192-test_direct_transient_map_message', handle=0, role=SENDER, sndSettleMode=MIXED, rcvSettleMode=FIRST, source=Source{address='null', durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null, filter=null, defaultOutcome=null, outcomes=null, capabilities=null}, target=Target{address='test_direct_transient_map_message', durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false, dynamicNodeProperties=null, capabilities=null}, unsettled=null, incompleteUnsettled=false, initialDeliveryCount=0, maxMessageSize=null, offeredCapabilities=null, desiredCapabilities=null, properties=null}
10:58:39.934 DEBUG [org.apache.activemq.artemis.core.server] Couldn't validate user: javax.security.auth.login.FailedLoginException: user name is null
        at org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule.login(PropertiesLoginModule.java:86) [artemis-server-1.2.0.amq-700004-redhat-1.jar:1.2.0.amq-700004-redhat-1]
        at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source) [:1.8.0_91]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_91]
        at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_91]
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) [rt.jar:1.8.0_91]
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) [rt.jar:1.8.0_91]
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) [rt.jar:1.8.0_91]
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) [rt.jar:1.8.0_91]
        at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_91]
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.8.0_91]
        at javax.security.auth.login.LoginContext.login(LoginContext.java:587) [rt.jar:1.8.0_91]
        at org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager.getAuthenticatedSubject(ActiveMQJAASSecurityManager.java:134) [artemis-server-1.2.0.amq-700004-redhat-1.jar:1.2.0.amq-700004-redhat-1]
        at org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager.validateUser(ActiveMQJAASSecurityManager.java:71) [artemis-server-1.2.0.amq-700004-redhat-1.jar:1.2.0.amq-700004-redhat-1]
        at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:130) [artemis-server-1.2.0.amq-700004-redhat-1.jar:1.2.0.amq-700004-redhat-1]
        at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1100) [artemis-server-1.2.0.amq-700004-redhat-1.jar:1.2.0.amq-700004-redhat-1]
        at org.apache.activemq.artemis.core.protocol.proton.plug.ProtonSessionIntegrationCallback.init(ProtonSessionIntegrationCallback.java:117) [artemis-amqp-protocol-1.2.0.amq-700004-redhat-1.jar:]
        at org.proton.plug.context.AbstractProtonSessionContext.initialise(AbstractProtonSessionContext.java:69) [artemis-proton-plug-1.2.0.amq-700004-redhat-1.jar:]
        at org.proton.plug.context.AbstractConnectionContext$LocalListener.onRemoteOpen(AbstractConnectionContext.java:228) [artemis-proton-plug-1.2.0.amq-700004-redhat-1.jar:]
        at org.proton.plug.handler.Events.dispatch(Events.java:58) [artemis-proton-plug-1.2.0.amq-700004-redhat-1.jar:]
        at org.proton.plug.handler.impl.ProtonHandlerImpl.dispatch(ProtonHandlerImpl.java:362) [artemis-proton-plug-1.2.0.amq-700004-redhat-1.jar:]
        at org.proton.plug.handler.impl.ProtonHandlerImpl.access$000(ProtonHandlerImpl.java:49) [artemis-proton-plug-1.2.0.amq-700004-redhat-1.jar:]
        at org.proton.plug.handler.impl.ProtonHandlerImpl$1.run(ProtonHandlerImpl.java:63) [artemis-proton-plug-1.2.0.amq-700004-redhat-1.jar:]
        at org.apache.activemq.artemis.utils.OrderedExecutorFactory$OrderedExecutor$ExecutorTask.run(OrderedExecutorFactory.java:100) [artemis-core-client-1.2.0.amq-700004-redhat-1.jar:1.2.0.amq-700004-redhat-1]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_91]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_91]
        at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_91]

10:58:39.937 DEBUG [org.apache.activemq.artemis.core.server] Couldn't find any bindings for address=activemq.notifications on message=ServerMessage[messageID=12415,durable=true,userID=null,priority=0, bodySize=512, timestamp=0,expiration=0, durable=true, address=activemq.notifications,properties=TypedProperties[_AMQ_NotifType=SECURITY_AUTHENTICATION_VIOLATION,_AMQ_NotifTimestamp=1461920319937]]@892805418
10:58:39.937 DEBUG [org.apache.activemq.artemis.core.server] Message ServerMessage[messageID=12415,durable=true,userID=null,priority=0, bodySize=512, timestamp=0,expiration=0, durable=true, address=activemq.notifications,properties=TypedProperties[_AMQ_NotifType=SECURITY_AUTHENTICATION_VIOLATION,_AMQ_NotifTimestamp=1461920319937]]@892805418 is not going anywhere as it didn't have a binding on address:activemq.notifications
10:58:39.942 FINE  [proton.trace] IN: CH[0] : Close{error=Error{condition=amqp:not-allowed, description='no such channel: 65535', info=null}}

Attachments

Issue Links

is related to

ENTMQBR-38 [AMQP] Anonymous connection produces bad AMQP protocol stream

Closed

AMQP Python client is unable to authenticate with AMQ 7 broker

Details

Description

Attachments

Issue Links

Activity

People

Dates