qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Stitcher (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PROTON-1473) [cpp] Cryptic error message when authentication fails
Date Thu, 25 Jan 2018 18:35:00 GMT

    [ https://issues.apache.org/jira/browse/PROTON-1473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16339604#comment-16339604

Andrew Stitcher commented on PROTON-1473:

The trouble is that authentication doesn't fail in the example you are bringing:

The client will automatically choose to use pure AMQP with no SASL authentication (or SSL
authentication) because it has no authentication credentials.

Then the server seeing that it is getting a connection with no SASL header drops the connection
as it is configured not to allow non authenticated connections.

I'm not actually sure whether the confusing error message itself comes from the client or
server end. [It sounds like it comes from the server end as the 'Insufficient data...' message
is from the protocol layer auto configure process which is not turned on in a client.]

I you forced SASL on the client but still didn't provide authentication credentials then you
would likely get a message about mismatching mechs, which also might not be somewhat cryptic.

To produce a more informative error message in this situation will take a bit of thinking
and design - I will look at the exact protocol flow and see if I can come up with something.


> [cpp] Cryptic error message when authentication fails
> -----------------------------------------------------
>                 Key: PROTON-1473
>                 URL: https://issues.apache.org/jira/browse/PROTON-1473
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: cpp-binding
>    Affects Versions: proton-c-0.17.0
>         Environment: Fedora 25
> Client: examples/cpp/helloworld
> Server: Dispatch router listener configured with authenticatePeer: yes and a suitable
common sasl mechanism
>            Reporter: Chuck Rolke
>            Assignee: Andrew Stitcher
>            Priority: Major
>              Labels: sasl
>             Fix For: proton-c-0.21.0
> If you specify the URL with no credentials:
> {noformat}
> cpp> ./helloworld
> amqp:connection:framing-error: AMQP header mismatch: Insufficient data to determine protocol
[''] (connection aborted)
> {noformat}
> This error message is true in a strict sense but does not give a user much of a clue
about what's wrong.
> The same setup with good URL credentials:
> {noformat}
> cpp> ./helloworld user:password@
> Hello World!
> {noformat}
> The same setup with bad URL credentials:
> {noformat}
> cpp> ./helloworld user:passwords@
> amqp:unauthorized-access: Authentication failed [mech=DIGEST-MD5]
> {noformat}
> This error message is good.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message