Fixed: authentication with bad credentials causes cluster broker to exit.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@948969 13f79535-47bb-0310-9956-ffa450edef68

4 files changed, 31 insertions, 4 deletions

diff --git a/cpp/src/qpid/cluster/Connection.cpp b/cpp/src/qpid/cluster/Connection.cpp
index 18d0e0e599..0772215b83 100644
--- a/cpp/src/qpid/cluster/Connection.cpp
+++ b/cpp/src/qpid/cluster/Connection.cpp
@@ -573,12 +573,22 @@ void Connection::queue(const std::string& encoded) {
 }
 
 void Connection::sessionError(uint16_t , const std::string& msg) {
-    cluster.flagError(*this, ERROR_TYPE_SESSION, msg);
+    // If we are negotiating the connection when it fails just close the connectoin.
+    // If it fails after that then we have to flag the error to the cluster.
+    if (inConnectionNegotiation)
+        cluster.getMulticast().mcastControl(ClusterConnectionDeliverCloseBody(), self);
+    else
+        cluster.flagError(*this, ERROR_TYPE_SESSION, msg);
     
 }
 
 void Connection::connectionError(const std::string& msg) {
-    cluster.flagError(*this, ERROR_TYPE_CONNECTION, msg);
+    // If we are negotiating the connection when it fails just close the connectoin.
+    // If it fails after that then we have to flag the error to the cluster.
+    if (inConnectionNegotiation)
+        cluster.getMulticast().mcastControl(ClusterConnectionDeliverCloseBody(), self);
+    else
+        cluster.flagError(*this, ERROR_TYPE_CONNECTION, msg);
 }
 
 void Connection::addQueueListener(const std::string& q, uint32_t listener) {
diff --git a/cpp/src/tests/Makefile.am b/cpp/src/tests/Makefile.am
index 061d7e88f6..5e5bfdec37 100644
--- a/cpp/src/tests/Makefile.am
+++ b/cpp/src/tests/Makefile.am
@@ -376,7 +376,7 @@ EXTRA_DIST+=						\
 check-long:
 	$(MAKE) check TESTS="$(LONG_TESTS)" VALGRIND=
 
-check: python_prep test_env.sh
+check: python_prep test_env.sh sasl_config
 
 PYTHON_SRC_DIR=$(abs_srcdir)/../../../python
 PYTHON_BLD_DIR=$(abs_builddir)/python
@@ -391,4 +391,8 @@ python_prep:
 		--install-scripts=$(PYTHON_BLD_DIR)/commands; \
 	else echo "WARNING: python client not built, missing $(PYTHON_SRC_DIR)"; fi
 
+sasl_config: sasl_test_setup.sh
+	sh $(srcdir)/sasl_test_setup.sh
+	touch sasl_config
+
 include testagent.mk
diff --git a/cpp/src/tests/cluster_tests.py b/cpp/src/tests/cluster_tests.py
index f36cde9ecc..02b3b29571 100755
--- a/cpp/src/tests/cluster_tests.py
+++ b/cpp/src/tests/cluster_tests.py
@@ -101,6 +101,18 @@ class ShortTests(BrokerTest):
         assert readfile("direct.dump") == readfile("updatee.dump")
         os.remove("direct.dump")
         os.remove("updatee.dump")
+
+    def test_sasl(self):
+        """Test SASL authentication and encryption in a cluster"""
+        sasl_config=os.path.join(self.rootdir, "sasl_config")
+        cluster = self.cluster(3, ["--auth", "yes", "--sasl-config", sasl_config])
+        # Try a bad user ID
+        try:
+            c = messaging.Connection.establish("nosuch/user@%s"%(cluster[0].host_port()))
+            self.fail("Expected exception")
+        except messaging.exceptions.ConnectionError: pass
+        for b in cluster: b.ready()     # Make sure all brokers still running.
+
         
 class LongTests(BrokerTest):
     """Tests that can run for a long time if -DDURATION=<minutes> is set"""
diff --git a/cpp/src/tests/sasl_test_setup.sh b/cpp/src/tests/sasl_test_setup.sh
index 68858b2c0a..69748beece 100755
--- a/cpp/src/tests/sasl_test_setup.sh
+++ b/cpp/src/tests/sasl_test_setup.sh
@@ -9,13 +9,14 @@ mkdir -p sasl_config
 cat > sasl_config/qpidd.conf <<EOF
 pwcheck_method: auxprop
 auxprop_plugin: sasldb
-sasldb_path: ./sasl_config/qpidd.sasldb
+sasldb_path: $PWD/sasl_config/qpidd.sasldb
 sql_select: dummy select
 EOF
 
 # Populate temporary sasl db.
 SASLTEST_DB=./sasl_config/qpidd.sasldb
 rm -f $SASLTEST_DB
+echo guest | $SASL_PW -c -p -f $SASLTEST_DB -u QPID guest
 echo zig | $SASL_PW -c -p -f $SASLTEST_DB -u QPID zig
 echo zag | $SASL_PW -c -p -f $SASLTEST_DB -u QPID zag