txAMQP

AMQClient.authenticate does not work with spec 0-9-1

Bug #949874 reported by Aurélien Bompard
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
txAMQP
Fix Released
Undecided
Unassigned

Bug Description

When I use the 0-9-1 version of the spec, the txamqp.protocol:AMQClient.authenticate method does not work, the rabbitmq server rejects authentication with the following log message :

=ERROR REPORT==== 8-Mar-2012::12:56:33 ===
exception on TCP connection <0.8871.0> from 127.0.0.1:59871
{channel0_error,starting,
    {error,function_clause,'connection.start_ok',
        [{rabbit_binary_parser,parse_field_value,
             [<<99,111,110,110,101,99,116,111,114,45,110,97,103,105,111,115,
                0,99,111,110,110,101,99,116,111,114,45,110,97,103,105,111,115>>]},
         {rabbit_binary_parser,parse_table,1},
         {rabbit_auth_mechanism_amqplain,handle_response,2},
         {rabbit_reader,auth_phase,2},
         {rabbit_reader,handle_method0,3},
         {rabbit_reader,handle_input,3},
         {rabbit_reader,recvloop,2},
         {rabbit_reader,start_connection,7}]}}

If I directly use the start method with the LOGIN / PASSWORD dictionnary as in version 0.8, it connects fine.
Since the point of the authenticate() method is to wrap the start() method depending on the spec version, am I doing something wrong or is it a bug ?

Revision history for this message
Matteo Brancaleoni (mbrancaleoni) wrote :

just add 'PLAIN' auth mech to the authenticate() method call:

client.authenticate(username, password, mechanism='PLAIN')

Revision history for this message
Vsevolod Novikov (nnseva) wrote :

IMHO there is a misunderstanding in the txAMQP code concerned to the authentication algorithm.

As I can see in the spec 0-8, there is a definition of the AMQP-specific SASL PLAIN authentication there:

<field name="response" type="longstr">
security response data
<doc>
A block of opaque data passed to the security mechanism. The contents of this data are defined by the SASL security mechanism. For the PLAIN security mechanism this is defined as a field table holding two fields, LOGIN and PASSWORD.
</doc>
<assert check="notnull"/>
</field>

The next version of the spec avoids this explanation:

<field name="response" domain="longstr" label="security response data">
<doc>
A block of opaque data passed to the security mechanism. The contents of this data are defined by the SASL security mechanism.
</doc>
<assert check="notnull"/>
</field>

The modern RabbitMQ server supports old-style (0-8) PLAIN mechanism in all specs supported, renaming it to AMQPLAIN.

So, for compatibility reason, IMHO the mechanism parameter should be checked against 'PLAIN' and 'AMQPLAIN' values, instead of protocol version comparison in the client library, as made in the applied patch.

I should note also, that the modern version of the RabbitMQ broker supports specs till 0-9-1, so the initial spec for RabbitMQ has been fixed to 0-9 also (the 0-9-1 causes problems looking like problems of the txAMQP itself)

All changes, including 2 new test cases for authentication (FIXIT: check against other brokers), are in the applied patch.

TODO: test cases for different specs supported by the broker required IMHO.

Revision history for this message
Esteve Fernandez (esteve) wrote :

I had a look at your patch Vsevolod, and it looks good to me. I just pushed it to trunk. I don't think we should worry much about the other brokers, OpenAMQ is dead and Qpid uses 0-10 by default. Most (if not all) txamqp users use it with RabbitMQ.

Thanks!

Esteve Fernandez (esteve)
Changed in txamqp:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.