diff options
author | Ken Giusti <kgiusti@apache.org> | 2015-10-12 20:09:37 +0000 |
---|---|---|
committer | Ken Giusti <kgiusti@apache.org> | 2015-10-12 20:09:37 +0000 |
commit | 32785bd338dd1b2883a061b93e4ccf7eed6f0f5a (patch) | |
tree | 8d98587075b2f7a066078872f4bc8bacf666ee69 | |
parent | a8fc7e4dcaa8ecdda8c3b009e2e0766cb4189a7d (diff) | |
download | qpid-python-32785bd338dd1b2883a061b93e4ccf7eed6f0f5a.tar.gz |
QPID-6783: dynamically determine SASL service name based on protocol
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1708221 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | qpid/cpp/src/qpid/broker/Broker.cpp | 1 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp | 5 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/broker/amqp/Domain.cpp | 6 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/broker/amqp/ProtocolPlugin.cpp | 5 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/messaging/ConnectionOptions.cpp | 4 |
5 files changed, 15 insertions, 6 deletions
diff --git a/qpid/cpp/src/qpid/broker/Broker.cpp b/qpid/cpp/src/qpid/broker/Broker.cpp index 09b437e140..055eba4f13 100644 --- a/qpid/cpp/src/qpid/broker/Broker.cpp +++ b/qpid/cpp/src/qpid/broker/Broker.cpp @@ -133,7 +133,6 @@ BrokerOptions::BrokerOptions(const std::string& name) : queueCleanInterval(60*sys::TIME_SEC*10),//10 minutes auth(SaslAuthenticator::available()), realm("QPID"), - saslServiceName(BROKER_SASL_NAME), replayFlushLimit(0), replayHardLimit(0), queueLimit(100*1048576/*100M default limit*/), diff --git a/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp b/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp index d5ada6f3a5..b17507850f 100644 --- a/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp +++ b/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp @@ -295,8 +295,7 @@ CyrusAuthenticator::CyrusAuthenticator(amqp_0_10::Connection& c, bool _encrypt) void CyrusAuthenticator::init() { - /* Next to the service name, which specifies the - * /etc/sasl2/<service name>.conf file to read, the realm is + /* The realm is * currently the most important argument below. When * performing authentication the user that is authenticating * will be looked up in a specific realm. If none is given @@ -311,7 +310,7 @@ void CyrusAuthenticator::init() std::string realm = connection.getBroker().getRealm(); std::string service = connection.getBroker().getSaslServiceName(); - code = sasl_server_new(service.c_str(), /* Service name */ + code = sasl_server_new(service.empty() ? BROKER_SASL_NAME : service.c_str(), /* Service name */ NULL, /* Server FQDN, gethostname() */ realm.c_str(), /* Authentication realm */ NULL, /* Local IP, needed for some mechanism */ diff --git a/qpid/cpp/src/qpid/broker/amqp/Domain.cpp b/qpid/cpp/src/qpid/broker/amqp/Domain.cpp index c2d4782fc4..b2cd9ae21d 100644 --- a/qpid/cpp/src/qpid/broker/amqp/Domain.cpp +++ b/qpid/cpp/src/qpid/broker/amqp/Domain.cpp @@ -51,6 +51,8 @@ const std::string SASL_SERVICE("sasl_service"); const std::string MIN_SSF("min_ssf"); const std::string MAX_SSF("max_ssf"); const std::string DURABLE("durable"); +const std::string AMQP_SASL_SERVICENAME("amqp"); + class Wrapper : public qpid::sys::ConnectionCodec { public: @@ -219,7 +221,9 @@ void InterconnectFactory::failed(int, std::string text) } Domain::Domain(const std::string& n, const qpid::types::Variant::Map& properties, Broker& b) - : PersistableObject(n, "domain", properties), name(n), durable(get(DURABLE, properties)), broker(b), mechanisms("ANONYMOUS"), service(qpid::saslName), minSsf(0), maxSsf(0), agent(b.getManagementAgent()) + : PersistableObject(n, "domain", properties), name(n), durable(get(DURABLE, properties)), + broker(b), mechanisms("ANONYMOUS"), service(AMQP_SASL_SERVICENAME), minSsf(0), maxSsf(0), + agent(b.getManagementAgent()) { if (!get(url, URL, properties)) { QPID_LOG(error, "No URL specified for domain " << name << "!"); diff --git a/qpid/cpp/src/qpid/broker/amqp/ProtocolPlugin.cpp b/qpid/cpp/src/qpid/broker/amqp/ProtocolPlugin.cpp index abc26876b5..62861ab270 100644 --- a/qpid/cpp/src/qpid/broker/amqp/ProtocolPlugin.cpp +++ b/qpid/cpp/src/qpid/broker/amqp/ProtocolPlugin.cpp @@ -46,6 +46,8 @@ namespace qpid { namespace broker { namespace amqp { +const std::string AMQP_SASL_SERVICENAME("amqp"); + struct Options : public qpid::Options { std::string domain; std::vector<std::string> queuePatterns; @@ -118,8 +120,9 @@ qpid::sys::ConnectionCodec* ProtocolImpl::create(const qpid::framing::ProtocolVe if (v.getProtocol() == qpid::framing::ProtocolVersion::SASL) { if (getBroker().isAuthenticating()) { QPID_LOG(info, "Using AMQP 1.0 (with SASL layer)"); + std::string serviceName = getBroker().getSaslServiceName().empty() ? AMQP_SASL_SERVICENAME : getBroker().getSaslServiceName(); return new qpid::broker::amqp::Sasl(out, id, *this, - qpid::SaslFactory::getInstance().createServer(getBroker().getRealm(),getBroker().getSaslServiceName(),getBroker().requireEncrypted(), external)); + qpid::SaslFactory::getInstance().createServer(getBroker().getRealm(),serviceName,getBroker().requireEncrypted(), external)); } else { std::auto_ptr<SaslServer> authenticator(new qpid::NullSaslServer(getBroker().getRealm())); QPID_LOG(info, "Using AMQP 1.0 (with dummy SASL layer)"); diff --git a/qpid/cpp/src/qpid/messaging/ConnectionOptions.cpp b/qpid/cpp/src/qpid/messaging/ConnectionOptions.cpp index 10c131c22f..d956e9a1b1 100644 --- a/qpid/cpp/src/qpid/messaging/ConnectionOptions.cpp +++ b/qpid/cpp/src/qpid/messaging/ConnectionOptions.cpp @@ -54,6 +54,10 @@ ConnectionOptions::ConnectionOptions(const std::map<std::string, qpid::types::Va : replaceUrls(false), reconnect(false), timeout(FOREVER), limit(-1), minReconnectInterval(0.001), maxReconnectInterval(2), retries(0), reconnectOnLimitExceeded(true), nestAnnotations(false), setToOnSend(false) { + // By default we want the sasl service name to be "amqp" for 1.0 + // this will be overridden by a parsed "sasl-service" option + service = "amqp"; + for (qpid::types::Variant::Map::const_iterator i = options.begin(); i != options.end(); ++i) { set(i->first, i->second); } |