Uploaded image for project: 'Qpid Proton'
  1. Qpid Proton
  2. PROTON-735

SASL authentication failures appear as I/O failures

    XMLWordPrintableJSON

Details

    Description

      Using the current SASL api, an application has to poll the pn_sasl_t object's state (pn_sasl_state()) until a terminal state is reached (STATE_PASS/FAIL).
      Once the terminal state is reached, the outcome can be queried via pn_sasl_outcome.

      Unfortunately, when the sasl client receives an authentication failure outcome from the sasl server, the sasl layer returns PN_ERR from its input processing code. This causes the pn_transport_push() to return a generic error.

      From the application's point of view, this effectively results in the transport failing before the sasl terminal state has been reached. The application will interpret this event as a generic input failure on the transport - not the authentication failure it actually was.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. PROTON-574 proton-c: Messenger doesn't indicate when connection is aborted for a SASL negotation failure

          • Major - Major loss of function.
          • Closed

          Activity

            People

              astitcher Andrew Stitcher
              kgiusti Ken Giusti
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: