diff options
author | Gordon Sim <gsim@apache.org> | 2015-05-06 21:11:45 +0000 |
---|---|---|
committer | Gordon Sim <gsim@apache.org> | 2015-05-06 21:11:45 +0000 |
commit | 4726f5f14b732ed2b920e0c642cf74e08816f0cc (patch) | |
tree | c429876dd7103513d6c8b717ccfb3ed17a37124b | |
parent | 81085b0aeae2c0a99142020b0000ed7ebc1d94a2 (diff) | |
download | qpid-python-4726f5f14b732ed2b920e0c642cf74e08816f0cc.tar.gz |
QPID-6532: make sasl service name configurable
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1678094 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | qpid/cpp/src/qpid/SaslFactory.cpp | 13 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/SaslFactory.h | 2 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/broker/Broker.cpp | 8 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/broker/Broker.h | 1 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/broker/BrokerOptions.h | 1 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp | 3 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/broker/amqp/ProtocolPlugin.cpp | 2 | ||||
-rw-r--r-- | qpid/cpp/src/qpid/client/windows/SaslFactory.cpp | 2 |
8 files changed, 22 insertions, 10 deletions
diff --git a/qpid/cpp/src/qpid/SaslFactory.cpp b/qpid/cpp/src/qpid/SaslFactory.cpp index 7dbe90c314..f38c592ad5 100644 --- a/qpid/cpp/src/qpid/SaslFactory.cpp +++ b/qpid/cpp/src/qpid/SaslFactory.cpp @@ -53,7 +53,7 @@ std::auto_ptr<Sasl> SaslFactory::create( const std::string &, const std::string return client; } -std::auto_ptr<SaslServer> SaslFactory::createServer(const std::string& realm, bool /*encryptionRequired*/, const qpid::sys::SecuritySettings&) +std::auto_ptr<SaslServer> SaslFactory::createServer(const std::string& realm, const std::string& /*service*/, bool /*encryptionRequired*/, const qpid::sys::SecuritySettings&) { std::auto_ptr<SaslServer> server(new NullSaslServer(realm)); return server; @@ -152,7 +152,7 @@ std::auto_ptr<SaslFactory> SaslFactory::instance; class CyrusSaslServer : public SaslServer { public: - CyrusSaslServer(const std::string& realm, bool encryptionRequired, const qpid::sys::SecuritySettings& external); + CyrusSaslServer(const std::string& realm, const std::string& service, bool encryptionRequired, const qpid::sys::SecuritySettings& external); ~CyrusSaslServer(); Status start(const std::string& mechanism, const std::string* response, std::string& challenge); Status step(const std::string* response, std::string& challenge); @@ -161,6 +161,7 @@ class CyrusSaslServer : public SaslServer std::auto_ptr<qpid::sys::SecurityLayer> getSecurityLayer(size_t); private: std::string realm; + std::string service; std::string userid; sasl_conn_t *sasl_conn; }; @@ -194,9 +195,9 @@ std::auto_ptr<Sasl> SaslFactory::create(const std::string & username, const std: return sasl; } -std::auto_ptr<SaslServer> SaslFactory::createServer(const std::string& realm, bool encryptionRequired, const qpid::sys::SecuritySettings& external) +std::auto_ptr<SaslServer> SaslFactory::createServer(const std::string& realm, const std::string& service, bool encryptionRequired, const qpid::sys::SecuritySettings& external) { - std::auto_ptr<SaslServer> server(new CyrusSaslServer(realm, encryptionRequired, external)); + std::auto_ptr<SaslServer> server(new CyrusSaslServer(realm, service, encryptionRequired, external)); return server; } @@ -419,9 +420,9 @@ std::auto_ptr<SecurityLayer> CyrusSasl::getSecurityLayer(uint16_t maxFrameSize) return securityLayer; } -CyrusSaslServer::CyrusSaslServer(const std::string& r, bool encryptionRequired, const qpid::sys::SecuritySettings& external) : realm(r), sasl_conn(0) +CyrusSaslServer::CyrusSaslServer(const std::string& r, const std::string& s, bool encryptionRequired, const qpid::sys::SecuritySettings& external) : realm(r), service(s), sasl_conn(0) { - int code = sasl_server_new(BROKER_SASL_NAME, /* Service name */ + int code = sasl_server_new(service.c_str(), /* Service name */ NULL, /* Server FQDN, gethostname() */ realm.c_str(), /* Authentication realm */ NULL, /* Local IP, needed for some mechanism */ diff --git a/qpid/cpp/src/qpid/SaslFactory.h b/qpid/cpp/src/qpid/SaslFactory.h index 5d99bd2e51..39a9d74fd0 100644 --- a/qpid/cpp/src/qpid/SaslFactory.h +++ b/qpid/cpp/src/qpid/SaslFactory.h @@ -36,7 +36,7 @@ class SaslFactory { public: QPID_COMMON_EXTERN std::auto_ptr<Sasl> create(const std::string & userName, const std::string & password, const std::string & serviceName, const std::string & hostName, int minSsf, int maxSsf, bool allowInteraction=true ); - QPID_COMMON_EXTERN std::auto_ptr<SaslServer> createServer(const std::string& realm, bool encryptionRequired, const qpid::sys::SecuritySettings&); + QPID_COMMON_EXTERN std::auto_ptr<SaslServer> createServer(const std::string& realm, const std::string& service, bool encryptionRequired, const qpid::sys::SecuritySettings&); QPID_COMMON_EXTERN static SaslFactory& getInstance(); QPID_COMMON_EXTERN ~SaslFactory(); private: diff --git a/qpid/cpp/src/qpid/broker/Broker.cpp b/qpid/cpp/src/qpid/broker/Broker.cpp index 3912dac708..622681ab2a 100644 --- a/qpid/cpp/src/qpid/broker/Broker.cpp +++ b/qpid/cpp/src/qpid/broker/Broker.cpp @@ -83,6 +83,7 @@ #include "qpid/StringUtils.h" #include "qpid/Url.h" #include "qpid/Version.h" +#include "config.h" #include <boost/bind.hpp> #include <boost/format.hpp> @@ -132,6 +133,7 @@ BrokerOptions::BrokerOptions(const std::string& name) : queueCleanInterval(60*sys::TIME_SEC*10),//10 minutes auth(SaslAuthenticator::available()), realm("QPID"), + saslServiceName(BROKER_SASL_NAME), replayFlushLimit(0), replayHardLimit(0), queueLimit(100*1048576/*100M default limit*/), @@ -180,6 +182,7 @@ BrokerOptions::BrokerOptions(const std::string& name) : "Interval between attempts to purge any expired messages from queues") ("auth", optValue(auth, "yes|no"), "Enable authentication, if disabled all incoming connections will be trusted") ("realm", optValue(realm, "REALM"), "Use the given realm when performing authentication") + ("sasl-service-name", optValue(saslServiceName, "NAME"), "The service name to specify for SASL") ("default-queue-limit", optValue(queueLimit, "BYTES"), "Default maximum size for queues (in bytes)") ("tcp-nodelay", optValue(tcpNoDelay), "Set TCP_NODELAY on TCP connections") ("require-encryption", optValue(requireEncrypted), "Only accept connections that are encrypted") @@ -427,6 +430,11 @@ std::string Broker::getRealm() const return config.realm; } +std::string Broker::getSaslServiceName() const +{ + return config.saslServiceName; +} + bool Broker::getTcpNoDelay() const { return config.tcpNoDelay; diff --git a/qpid/cpp/src/qpid/broker/Broker.h b/qpid/cpp/src/qpid/broker/Broker.h index 7cd0eda875..af1144eeb0 100644 --- a/qpid/cpp/src/qpid/broker/Broker.h +++ b/qpid/cpp/src/qpid/broker/Broker.h @@ -329,6 +329,7 @@ class Broker : public sys::Runnable, public Plugin::Target, QPID_BROKER_EXTERN bool isAuthenticating() const; QPID_BROKER_EXTERN bool requireEncrypted() const; QPID_BROKER_EXTERN std::string getRealm() const; + QPID_BROKER_EXTERN std::string getSaslServiceName() const; QPID_BROKER_EXTERN bool getTcpNoDelay() const; QPID_BROKER_EXTERN uint16_t getPortOption() const; QPID_BROKER_EXTERN const std::vector<std::string>& getListenInterfaces() const; diff --git a/qpid/cpp/src/qpid/broker/BrokerOptions.h b/qpid/cpp/src/qpid/broker/BrokerOptions.h index 9284be6a0a..7207c17f91 100644 --- a/qpid/cpp/src/qpid/broker/BrokerOptions.h +++ b/qpid/cpp/src/qpid/broker/BrokerOptions.h @@ -57,6 +57,7 @@ struct BrokerOptions : public qpid::Options sys::Duration queueCleanInterval; bool auth; std::string realm; + std::string saslServiceName; size_t replayFlushLimit; size_t replayHardLimit; uint queueLimit; diff --git a/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp b/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp index cfbd7aaa66..d5ada6f3a5 100644 --- a/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp +++ b/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp @@ -310,7 +310,8 @@ void CyrusAuthenticator::init() int code; std::string realm = connection.getBroker().getRealm(); - code = sasl_server_new(BROKER_SASL_NAME, /* Service name */ + std::string service = connection.getBroker().getSaslServiceName(); + code = sasl_server_new(service.c_str(), /* Service name */ NULL, /* Server FQDN, gethostname() */ realm.c_str(), /* Authentication realm */ NULL, /* Local IP, needed for some mechanism */ diff --git a/qpid/cpp/src/qpid/broker/amqp/ProtocolPlugin.cpp b/qpid/cpp/src/qpid/broker/amqp/ProtocolPlugin.cpp index 621f25f04b..abc26876b5 100644 --- a/qpid/cpp/src/qpid/broker/amqp/ProtocolPlugin.cpp +++ b/qpid/cpp/src/qpid/broker/amqp/ProtocolPlugin.cpp @@ -119,7 +119,7 @@ qpid::sys::ConnectionCodec* ProtocolImpl::create(const qpid::framing::ProtocolVe if (getBroker().isAuthenticating()) { QPID_LOG(info, "Using AMQP 1.0 (with SASL layer)"); return new qpid::broker::amqp::Sasl(out, id, *this, - qpid::SaslFactory::getInstance().createServer(getBroker().getRealm(),getBroker().requireEncrypted(), external)); + qpid::SaslFactory::getInstance().createServer(getBroker().getRealm(),getBroker().getSaslServiceName(),getBroker().requireEncrypted(), external)); } else { std::auto_ptr<SaslServer> authenticator(new qpid::NullSaslServer(getBroker().getRealm())); QPID_LOG(info, "Using AMQP 1.0 (with dummy SASL layer)"); diff --git a/qpid/cpp/src/qpid/client/windows/SaslFactory.cpp b/qpid/cpp/src/qpid/client/windows/SaslFactory.cpp index ecaad4a730..0f02c572ce 100644 --- a/qpid/cpp/src/qpid/client/windows/SaslFactory.cpp +++ b/qpid/cpp/src/qpid/client/windows/SaslFactory.cpp @@ -109,7 +109,7 @@ std::auto_ptr<Sasl> SaslFactory::create( const std::string & username, const std return sasl; } -std::auto_ptr<SaslServer> SaslFactory::createServer( const std::string& realm, bool /*encryptionRequired*/, const qpid::sys::SecuritySettings& ) +std::auto_ptr<SaslServer> SaslFactory::createServer( const std::string& realm, const std::string& /*service*/, bool /*encryptionRequired*/, const qpid::sys::SecuritySettings& ) { std::auto_ptr<SaslServer> server(new NullSaslServer(realm)); return server; |