| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/branches/asyncstore@1451244 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/branches/asyncstore@1368910 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/branches/asyncstore@1334037 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
| |
Merged from qpid-3603-7. This is basic support for the new HA approach.
For information & limitations see qpid/cpp/design_docs/new-ha-design.txt.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1245587 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1231221 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
node.
Changes missed from previous commit.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1182514 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1182212 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
Prevent infinite loop when unable to decode frame in SASL security layer.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1162060 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The initial fix for this bug was incomplete.
The original bug was triggered by a faulty client sending
session.attach before connection.open. The special case is when the
session.attach is on channel 0. This commit fixes the broker for all
cases where a faulty client sends frames before completly opening the
connection.
Older versions of the Java client are known to send this faulty sequence sporadically,
see https://issues.apache.org/jira/browse/QPID-3042.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1159329 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
- Removed a bunch of variables set but not further used.
- Rejigged some asserts which would now have unused vars
if compiler -DNDEBUG
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1133166 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
tag is present in the client/server properties"
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1132623 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
| |
provided by the transport layer when starting SASL.
This allows the SASL mechanism EXTERNAL to be satisfied with
SSL transport security.
The test, sasl_fed_ex, uses this SASL/SSL security on a
federated link between two brokers.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1050162 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It provides a way to tell SaslFactory that console
interaction is NOT ok. i.e. if the code is running
as part of a broker, or a demonized client of some
kind. Just tell it to never do interaction, and any
patch attempt to interact will be treated as an error.
This script demonstrates that all goes well if you supply enough info :
rm -rf /tmp/data_1 /tmp/data_2
mkdir /tmp/data_1 /tmp/data_2
# in window 1:
../qpidd -p 5672 --data-dir /tmp/data_1 --auth=yes --mgmt-enable=yes \
--log-enable info+ ./qpidd_1.log --log-source yes \
--sasl-config=/home/mick/trunk/qpid/cpp/src/tests/sasl_config
# in window 2:
../qpidd -p 10000 --data-dir /tmp/data_2 --auth=yes --mgmt-enable=yes \
--log-enable info+ ./qpidd_1.log --log-source yes \
--sasl-config=/home/mick/trunk/qpid/cpp/src/tests/sasl_config
# in window 3 ( from qpid dir )
./tools/src/py/qpid-route dynamic add zig/zig@localhost zig/zig@localhost:10000 qmf.default.direct
# and now view the created route
./tools/src/py/qpid-route route list localhost:5672
If you say auth=no, that works fine also.
HOWEVER PLEASE NOTE --
if you say auth=yes, but then do not supply enough into to avoid the need for interaction,
the attempted interaction will result in the connection being closed. Then the originating broker
will re-try the connection, and you will get a two-broker infinite loop until you fix it.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1040689 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-------------------------------------------------------------
1. Brokers already knew how to handle the server side of SASLized
links, but not the client side. So we promoted the client-side
SASL code from the client library to the common library so that
the broker could also use it. This affected SaslFactory.{h,cpp}
and Sasl.h
TODO -- can the server-side and client-side code be unified here?
2. Some of the SASL verbs in broker/ConnectionHandler.cpp are
expanded: start, secure, tune.
3. broker/SecureConnection is altered to get the client-broker and
the server-broker to agree on when the security layer should be
inserted.
4. the python tool qpid-route is modified so that, in the "route add"
command, you can specify the security mechanism for SASL to use.
TODO -- should we also pass in {min,max}SSF ?
5. Changes in broker/LinkRegistry to allow the information input by
qpid-route to be passed up to where it is needed.
6. A bash script test run by "make check" that creates a SASLized
federation link and sends some messages down it.
TODO - write a python unit test instead of a bash script. I
think I uncovered a bug in the python code when I tried.
7. NOTE - testing for this feature does not work with versions of
SASL earlier than 2.1.22, becuase I can't tell SASL to use a
SASL database file in a nonstandard location. The test is
disabled for earlier versions.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1024541 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The connection negotiation phase up to the "open" or "open-ok" frame
establishes whether/what encryption to use for the rest of the
connection.
With this patch a cluster broker completes the initial negotiation
with its local clients and only then begins multicasting to other
brokers. The local broker decrypts if necessary and multicasts in the
clear.
This replaces a problematic locking scheme that was formerly in place
which caused deadlocks.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@952692 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
encryption.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@950608 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
- was using "none" not empty string for no ID.
- was multicasting secure id for update and shadow connections.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@948967 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-----------------------------------
* initial observation of a problem was a 2% failure rate in perftests
of 20,000 messages against a cluster with security enabled.
Problem was occasional receit of encrypted frames before the
security codec had been enabled. This is fixed with locking in
cluster code (no new locks in broker code) and a callback that is
fired by broker::ConnectionHandler::Handler to tell the cluster
code when the opening handshake has finished.
This was never a problem in the non-clustered broker before because
everything happened in a single thread.
* the brokers that "shadow" the connection must not have null
authenticators rather than real ones, so that they go through all
the motions but don't do anythig. Only the directly-connected
broker can perform the security handshake.
* once the directly-connected broker receives the real user ID
from its callback, it mcasts that ID to all other brokers.
Otherwise the shadowing brokers will al think that the user ID
is "anonymous".
Check this by doing a substantial perftest, and using
qpid-stat -c localhost:PORT
to confirm that the brokers all have the same userID for the
same connection.
* the user ID, negotiated during the Sasl security startup, is
communicated from the directly connected broker to all other
cluster brokers.
* If security is *not* being used, then this code should *not* tell
the brokers anything about the userID -- or it will step on the value
that is being set by other code pathways.
* test program at cpp/src/tests/cluster_authentication_soak is not yet
fully automated -- run it with something like
"sudo ./cluster_authentication_soak 500"
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@944158 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@793909 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
inter-broker link must echo heratbeats (as these are set to the maximum allowed value for such links).
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@792237 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
- Changes to the cluster code were previously missed
- It's neater and more correct to reset the traffic
timeout for all connection traffic, not just traffic
in a session
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@782696 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
broker generated heartbeat)
- Broker now disconnects client if it receives no traffic in
2 heartbeat intervals (which is now the same as the client behvaiour)
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@782651 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
- Handle partial failures (e.g. due to disk error): failing brokers shut down, others continue.
- Enable persistence in cluster tests.
- Correct message status in DeliveryRecord updates.
- Remove qpid.update queue when update complete - avoid it becoming persistent
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@764204 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
outgoing links.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@752897 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
management.
Supported in C++, Python, and Ruby clients.
Still needs to be added to the Java clients.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@747389 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
producer throttling in the Connection.OpenOK message.
Broker only tries to apply flow control to client if it
has received the property in the Connection.OpenOK message.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@740135 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
known-hosts
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@736354 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
- Server sends possible heartbeat range and client replies with desired
heartbeat as part of the tune-tuneOk exchange
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@734220 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
* SASL security layer support for c++ client and broker
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@732082 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@725488 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@713838 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@711989 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@709283 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@705337 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@703319 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
This commit adds ACL checks for creation and deletion of federation links.
The AclModule.h was modified to have a defaut value for params in the authorize method.
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@700525 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
If a user_id is supplied in message properties it will be checked against the id used for authentication.
This check is disabled for federation links.
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@699047 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
| |
Modified enum scheme to avoid name clashes: namespace amqp_class { EnumName { ENUM_NAME_X=1, ENUM_NAME_X=2 ...}};
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@693465 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@658886 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Durability for federation links (broker-to-broker connections)
2) Improved handling of federation links:
a) Links can be created even if the remote broker is not reachable
b) If links are lost, re-establishment will occur using an exponential back-off algorithm
3) Durability of exchanges is now viewable through management
4) ManagementAgent API has been moved to an interface class to reduce coupling between the broker and manageable plug-ins.
5) General configuration storage capability has been added to the store/recover interface. This is used for federation links.
6) Management object-ids for durable objects are now themselves durable.
(Note: some refactoring needed around ProtocolAccess needed to try and reduce dependencies)
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@655563 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@651423 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@650635 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
* apply authentication to final 0-10 codepath
* consolidate conditional compilation of sasl-related code
* improved handling of connection close during connection establishment in client
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@650439 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
* connection handler converted to using invoker & proxy and updated to final method defs
* SessionCore & ExecutionHandler replace by SessionImpl
* simplified handling of completion & results, removed handling of responses
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@649915 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@649059 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@643482 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@643472 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
| |
connection.start.mechanisms, connection.start.locales and connection.open.capabilities
Updated connection handler in line with above changes
Added Str16Value to FieldValues
Allow Array instances of different types to be created
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@643067 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
- ConnectionCodec interface replaces ConnectionInputHandle, moves encoding/decoding out of AsyncIOAcceptor.
- ConnectionCodec::Factory replaces ConnectionInputHandlerFactory
- Acceptor creates version-specific ConnectionCodec based on protocol header.
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@638590 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@633122 13f79535-47bb-0310-9956-ffa450edef68
|
