Uploaded image for project: 'Qpid Proton'
  1. Qpid Proton
  2. PROTON-1589

[cpp] How can I handle invalid SASL PLAIN credentials error when reconnect is on?

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • proton-c-0.18.0
    • proton-c-0.22.0
    • cpp-binding

    Description

      Apply the following patch to the simple_send.cpp example

      diff --git a/examples/cpp/simple_send.cpp b/examples/cpp/simple_send.cpp
index a4c2272d..053da34f 100644
--- a/examples/cpp/simple_send.cpp
+++ b/examples/cpp/simple_send.cpp
@@ -27,6 +27,7 @@
 #include <proton/message.hpp>
 #include <proton/message_id.hpp>
 #include <proton/messaging_handler.hpp>
+#include <proton/reconnect_options.hpp>
 #include <proton/tracker.hpp>
 #include <proton/types.hpp>
 
@@ -53,6 +54,12 @@ class simple_send : public proton::messaging_handler {
         proton::connection_options co;
         if (!user.empty()) co.user(user);
         if (!password.empty()) co.password(password);
+        co.sasl_enabled(true);
+        co.sasl_allow_insecure_mechs(true);
+        std::string sasl_mechanisms("PLAIN");
+        co.sasl_allowed_mechs(sasl_mechanisms);
+        proton::reconnect_options ro;
+        co.reconnect(ro);
         sender = c.open_sender(url, co);
     }

      Now attempt to connect to AMQP broker, for example ActiveMQ Artemis instance, which was created with --require-login. The client gets stuck if you use invalid credentials.

      PN_TRACE_FRM=1 examples/cpp/simple_send -a amqp://127.0.0.1:5672 -u nosuch -p user
[0xed9980]:  -> SASL
[0xed9980]:  <- SASL
[0xed9980]:0 <- @sasl-mechanisms(64) [sasl-server-mechanisms=@PN_SYMBOL[:PLAIN, :ANONYMOUS]]
[0xed9980]:0 -> @sasl-init(65) [mechanism=:PLAIN, initial-response=b"\x00nosuch\x00user"]
[0xed9980]:0 <- @sasl-outcome(68) [code=1]
[0xed9980]:  -> EOS
[0xee7290]:  -> SASL
[0xee7290]:  <- SASL
[0xee7290]:0 <- @sasl-mechanisms(64) [sasl-server-mechanisms=@PN_SYMBOL[:PLAIN, :ANONYMOUS]]
[0xee7290]:0 -> @sasl-init(65) [mechanism=:PLAIN, initial-response=b"\x00nosuch\x00user"]
[0xee7290]:0 <- @sasl-outcome(68) [code=1]
[0xee7290]:  -> EOS
[0xeee6b0]:  -> SASL
[0xeee6b0]:  <- SASL
[0xeee6b0]:0 <- @sasl-mechanisms(64) [sasl-server-mechanisms=@PN_SYMBOL[:PLAIN, :ANONYMOUS]]
[0xeee6b0]:0 -> @sasl-init(65) [mechanism=:PLAIN, initial-response=b"\x00nosuch\x00user"]
[0xeee6b0]:0 <- @sasl-outcome(68) [code=1]
[0xeee6b0]:  -> EOS

      As you can see, the client keeps reconnecting. The previous behavior, if I recall correctly, was to execute error handler in this case. To be exact, it would run on_transport_error handler.

      I think that it is reasonable for the client to stop reconnecting and run this handler if the reason for failed connection are wrong credentials. This condition is unlikely to resolve itself on multiple retries.

      Attachments

        Activity

          People

            astitcher Andrew Stitcher
            jdanek Jiri Daněk
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: