From 0af66bbe3d82b53e224b63b8756f5b11192a36ca Mon Sep 17 00:00:00 2001 From: Alan Conway Date: Tue, 20 Jul 2010 19:56:42 +0000 Subject: Fix bug in cluster with authentication: nodes exit with "unauthorized-access" Adding a node to a cluster on which authentication is enabled and on which there are existing connections authenticated with mechanisms other than anonymous, may result in nodes exiting the cluster with inconsistent authorisation errors. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@965979 13f79535-47bb-0310-9956-ffa450edef68 --- cpp/src/qpid/cluster/Connection.cpp | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'cpp/src/qpid/cluster/Connection.cpp') diff --git a/cpp/src/qpid/cluster/Connection.cpp b/cpp/src/qpid/cluster/Connection.cpp index ee296d7f35..923d66ad34 100644 --- a/cpp/src/qpid/cluster/Connection.cpp +++ b/cpp/src/qpid/cluster/Connection.cpp @@ -304,10 +304,17 @@ size_t Connection::decode(const char* data, size_t size) { const char* ptr = data; const char* end = data + size; if (catchUp) { // Handle catch-up locally. + bool wasOpen = connection->isOpen(); Buffer buf(const_cast(ptr), size); ptr += size; while (localDecoder.decode(buf)) received(localDecoder.getFrame()); + if (!wasOpen && connection->isOpen()) { + // Connections marked as federation links are allowed to proxy + // messages with user-ID that doesn't match the connection's + // authenticated ID. This is important for updates. + connection->setFederationLink(isCatchUp()); + } } else { // Multicast local connections. assert(isLocalClient()); @@ -384,6 +391,10 @@ void Connection::shadowPrepare(const std::string& mgmtId) { updateIn.nextShadowMgmtId = mgmtId; } +void Connection::shadowSetUser(const std::string& userId) { + connection->setUserId(userId); +} + void Connection::consumerState(const string& name, bool blocked, bool notifyEnabled, const SequenceNumber& position) { broker::SemanticState::ConsumerImpl& c = semanticState().find(name); -- cgit v1.2.1