Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-38

[AMQP] Anonymous connection produces bad AMQP protocol stream

XMLWordPrintable

    • Broker - September Sprint

      If the client connects with no credentials then it skips the SASL negotiation phase. The A-MQ7 broker responds with an illegal protocol stream. From the client side:

      D:\Users\crolke\brew-lite-kits\1.1.8.0\amqpnetlite\bin\Debug>simple_send.exe amqp://10.10.58.108:5672 my-queue 1
[10:43.029] SEND AMQP 0 1.0.0
[10:43.045] SEND (ch=0) open(container-id:c0659f56-161a-43db-8df2-cf3d364fc8b8,host-name:10.10.58.108,max-frame-size:262144,channel-max:256)
[10:43.045] SEND (ch=0) begin(next-outgoing-id:4294967293,incoming-window:2048,outgoing-window:2048,handle-max:4294967295)
[10:43.123] SEND (ch=0) attach(name:sender,handle:0,role:False,source:source(),target:target(address:my-queue),initial-delivery-count:0)
[10:43.295] RECV AMQP 0 1 0 0
[10:43.295] RECV (ch=0) open(container-id:,host-name:,max-frame-size:4294967295,channel-max:65535,idle-time-out:30000)
[10:43.357] RECV (ch=65535) attach(name:sender,handle:0,role:True,snd-settle-mode:2,rcv-settle-mode:0,source:source())
[10:43.498] SEND (ch=0) close(error:error(condition:amqp:not-found,description:The session channel '65535' cannot be found.))
[10:43.560] RECV (ch=0) close()

      The frame in question is at 10:43.357. The Open-Begin-Attach sequence is violated and the Attach has a bogus session channel number.

      The broker console log shows:

      10:08:38,584 INFO  [org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager] Couldn't validate user: user name is null
org.proton.plug.exceptions.ActiveMQAMQPInternalErrorException: AMQ119031: Unable to validate user
	at org.proton.plug.context.AbstractProtonSessionContext.initialise(AbstractProtonSessionContext.java:72)
	at org.proton.plug.context.AbstractConnectionContext$LocalListener.onRemoteOpen(AbstractConnectionContext.java:238)
	at org.proton.plug.handler.Events.dispatch(Events.java:58)
	at org.proton.plug.handler.impl.ProtonHandlerImpl.dispatch(ProtonHandlerImpl.java:362)
	at org.proton.plug.handler.impl.ProtonHandlerImpl.access$000(ProtonHandlerImpl.java:49)
	at org.proton.plug.handler.impl.ProtonHandlerImpl$1.run(ProtonHandlerImpl.java:63)
	at org.apache.activemq.artemis.utils.OrderedExecutorFactory$OrderedExecutor$ExecutorTask.run(OrderedExecutorFactory.java:103)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ119031: Unable to validate user]
	at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:140)
	at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createSession(ActiveMQServerImpl.java:1139)
	at org.apache.activemq.artemis.core.protocol.proton.plug.ProtonSessionIntegrationCallback.init(ProtonSessionIntegrationCallback.java:141)
	at org.proton.plug.context.AbstractProtonSessionContext.initialise(AbstractProtonSessionContext.java:69)
	... 9 more

        1. bootstrap.xml
          1 kB
        2. broker.xml
          4 kB
        3. ENTMQ1756.pcapng
          150 kB
        4. login.config
          1 kB

            rh-ee-ataylor Andy Taylor
            crolke@redhat.com Chuck Rolke (Inactive)
            Petra Svobodova Petra Svobodova (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: