| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The connection negotiation phase up to the "open" or "open-ok" frame
establishes whether/what encryption to use for the rest of the
connection.
With this patch a cluster broker completes the initial negotiation
with its local clients and only then begins multicasting to other
brokers. The local broker decrypts if necessary and multicasts in the
clear.
This replaces a problematic locking scheme that was formerly in place
which caused deadlocks.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@952692 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
- was using "none" not empty string for no ID.
- was multicasting secure id for update and shadow connections.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@948967 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-----------------------------------
* initial observation of a problem was a 2% failure rate in perftests
of 20,000 messages against a cluster with security enabled.
Problem was occasional receit of encrypted frames before the
security codec had been enabled. This is fixed with locking in
cluster code (no new locks in broker code) and a callback that is
fired by broker::ConnectionHandler::Handler to tell the cluster
code when the opening handshake has finished.
This was never a problem in the non-clustered broker before because
everything happened in a single thread.
* the brokers that "shadow" the connection must not have null
authenticators rather than real ones, so that they go through all
the motions but don't do anythig. Only the directly-connected
broker can perform the security handshake.
* once the directly-connected broker receives the real user ID
from its callback, it mcasts that ID to all other brokers.
Otherwise the shadowing brokers will al think that the user ID
is "anonymous".
Check this by doing a substantial perftest, and using
qpid-stat -c localhost:PORT
to confirm that the brokers all have the same userID for the
same connection.
* the user ID, negotiated during the Sasl security startup, is
communicated from the directly connected broker to all other
cluster brokers.
* If security is *not* being used, then this code should *not* tell
the brokers anything about the userID -- or it will step on the value
that is being set by other code pathways.
* test program at cpp/src/tests/cluster_authentication_soak is not yet
fully automated -- run it with something like
"sudo ./cluster_authentication_soak 500"
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@944158 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@793909 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
| |
outgoing links.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@752897 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
- Server sends possible heartbeat range and client replies with desired
heartbeat as part of the tune-tuneOk exchange
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@734220 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
* SASL security layer support for c++ client and broker
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@732082 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@711989 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
| |
This commit adds ACL checks for creation and deletion of federation links.
The AclModule.h was modified to have a defaut value for params in the authorize method.
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@700525 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@651423 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@650635 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
| |
* apply authentication to final 0-10 codepath
* consolidate conditional compilation of sasl-related code
* improved handling of connection close during connection establishment in client
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@650439 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@649059 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@643472 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
|
|
|
| |
connection.start.mechanisms, connection.start.locales and connection.open.capabilities
Updated connection handler in line with above changes
Added Str16Value to FieldValues
Allow Array instances of different types to be created
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@643067 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
- ConnectionCodec interface replaces ConnectionInputHandle, moves encoding/decoding out of AsyncIOAcceptor.
- ConnectionCodec::Factory replaces ConnectionInputHandlerFactory
- Acceptor creates version-specific ConnectionCodec based on protocol header.
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@638590 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
|
|
|
|
|
| |
The extra.xml fragment adds class defs for connection in session that are in line with latest spec but use old schema.
The preview codepath (99-0) remains unaltered.
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@633108 13f79535-47bb-0310-9956-ffa450edef68
|
| |
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@617590 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
Removed all channel class related code from broker as a result.
Did the same for some python tests I missed earlier.
Renamed ChannelAdapter to ChannelHandler.
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@578167 13f79535-47bb-0310-9956-ffa450edef68
|
