Fix bug in cluster with authentication: nodes exit with "unauthorized-access"

Adding a node to a cluster on which authentication is enabled and on
which there are existing connections authenticated with mechanisms
other than anonymous, may result in nodes exiting the cluster with
inconsistent authorisation errors.


git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@965979 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 11 insertions, 0 deletions

diff --git a/cpp/src/qpid/cluster/Connection.cpp b/cpp/src/qpid/cluster/Connection.cpp
index ee296d7f35..923d66ad34 100644
--- a/cpp/src/qpid/cluster/Connection.cpp
+++ b/cpp/src/qpid/cluster/Connection.cpp
@@ -304,10 +304,17 @@ size_t Connection::decode(const char* data, size_t size) {
     const char* ptr = data;
     const char* end = data + size;
     if (catchUp) {              // Handle catch-up locally.
+        bool wasOpen = connection->isOpen();
         Buffer buf(const_cast<char*>(ptr), size);
         ptr += size;
         while (localDecoder.decode(buf))
             received(localDecoder.getFrame());
+        if (!wasOpen && connection->isOpen()) {
+            // Connections marked as federation links are allowed to proxy
+            // messages with user-ID that doesn't match the connection's
+            // authenticated ID. This is important for updates.
+            connection->setFederationLink(isCatchUp());
+        }
     }
     else {                      // Multicast local connections.
         assert(isLocalClient());
@@ -384,6 +391,10 @@ void Connection::shadowPrepare(const std::string& mgmtId) {
     updateIn.nextShadowMgmtId = mgmtId;
 }
 
+void Connection::shadowSetUser(const std::string& userId) {
+    connection->setUserId(userId);
+}
+
 void Connection::consumerState(const string& name, bool blocked, bool notifyEnabled, const SequenceNumber& position)
 {
     broker::SemanticState::ConsumerImpl& c = semanticState().find(name);