This is a fix for QPID-2174

I couldn't find any straight forward way to grab the proper ID from the SASL client. Therefore I had to use the java GSSAPI classes to create a security context to grab the ID. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@898505 13f79535-47bb-0310-9956-ffa450edef68
author: Rajith Muditha Attapattu <rajith@apache.org> 2010-01-12 20:53:51 +0000
committer: Rajith Muditha Attapattu <rajith@apache.org> 2010-01-12 20:53:51 +0000
commit: dd02cfaa3720b1b6b5cc967ffed565d10c3a6da0 (patch)
tree: 2b7c64e8f7710a2cdfedcbaab2baeb845b2f82f7
parent: f171c8a00f2d3f11e2e2015bd4abe32ba91d704f (diff)
download: qpid-python-dd02cfaa3720b1b6b5cc967ffed565d10c3a6da0.tar.gz
4 files changed, 70 insertions, 7 deletions
diff --git a/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnection.java b/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnection.java
index 0b9be5951f..edbcef687a 100644
--- a/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnection.java
+++ b/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnection.java
@@ -1210,6 +1210,11 @@ public class AMQConnection extends Closeable implements Connection, QueueConnect
         return _username;
     }
 
+    public void setUsername(String id)
+    {
+        _username = id;
+    }
+    
     public String getPassword()
     {
         return _password;
@@ -1589,11 +1594,6 @@ public class AMQConnection extends Closeable implements Connection, QueueConnect
         return _syncPublish;
     }
 
-    public void setIdleTimeout(long l)
-    {
-        _delegate.setIdleTimeout(l);
-    }
-
     public int getNextChannelID()
     {
         return _sessions.getNextChannelId();
diff --git a/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_0_10.java b/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_0_10.java
index 9b5277257c..57a52ff0e2 100644
--- a/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_0_10.java
+++ b/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_0_10.java
@@ -173,6 +173,7 @@ public class AMQConnectionDelegate_0_10 implements AMQConnectionDelegate, Connec
             _qpidConnection.connect(brokerDetail.getHost(), brokerDetail.getPort(), _conn.getVirtualHost(),
                                     _conn.getUsername(), _conn.getPassword(), brokerDetail.useSSL(),saslMechs);
             _conn._connected = true;
+            _conn.setUsername(_qpidConnection.getUserID());
             _conn._failoverPolicy.attainedConnection();
         }
         catch(ProtocolVersionException pe)
diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java
index 934d8f2949..2f15ba1f15 100644
--- a/qpid/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java
+++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java
@@ -34,6 +34,11 @@ import javax.security.sasl.SaslException;
 
 import org.apache.qpid.security.UsernamePasswordCallbackHandler;
 import org.apache.qpid.transport.util.Logger;
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
+import org.ietf.jgss.Oid;
 
 
 /**
@@ -45,6 +50,15 @@ public class ClientDelegate extends ConnectionDelegate
 {
     private static final Logger log = Logger.get(ClientDelegate.class);
 
+    private static final String KRB5_OID_STR = "1.2.840.113554.1.2.2";
+    protected static Oid KRB5_OID;
+    
+    static {
+        try {
+            KRB5_OID = new Oid(KRB5_OID_STR);
+        } catch (GSSException ignore) {}
+    }
+    
     private String vhost;
     private String username;
     private String password;
@@ -144,6 +158,11 @@ public class ClientDelegate extends ConnectionDelegate
 
     @Override public void connectionOpenOk(Connection conn, ConnectionOpenOk ok)
     {
+        SaslClient sc = conn.getSaslClient();
+        if (sc.getMechanismName().equals("GSSAPI") && getUserID() != null)
+        {
+            conn.setUserID(getUserID());
+        }
         conn.setState(OPEN);
     }
 
@@ -203,4 +222,36 @@ public class ClientDelegate extends ConnectionDelegate
         }
 
     }
+    
+    private String getUserID()
+    {
+        log.debug("Obtaining userID from kerberos");
+        String service = protocol + "@" + serverName;
+        GSSManager manager = GSSManager.getInstance();
+        
+        try 
+        {
+            GSSName acceptorName = manager.createName(service,
+                GSSName.NT_HOSTBASED_SERVICE, KRB5_OID);
+        
+            GSSContext secCtx = manager.createContext(acceptorName,
+                                                      KRB5_OID,
+                                                      null,
+                                                      GSSContext.INDEFINITE_LIFETIME);
+            
+            secCtx.initSecContext(new byte[0], 0, 1);            
+            
+            if (secCtx.getSrcName() != null)
+            {
+                return secCtx.getSrcName().toString();
+            }            
+            
+        } 
+        catch (GSSException e) 
+        {
+            log.warn("Unable to retrieve userID from Kerberos due to error",e);
+        }
+        
+        return null;
+    }
 }
diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/Connection.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/Connection.java
index 773746af79..7d0010f34d 100644
--- a/qpid/java/common/src/main/java/org/apache/qpid/transport/Connection.java
+++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/Connection.java
@@ -85,7 +85,8 @@ public class Connection extends ConnectionInvoker
     private SaslClient saslClient;
     private long idleTimeout = 0;
     private String _authorizationID;
-
+    private String userID;
+    
     // want to make this final
     private int _connectionId;
 
@@ -173,7 +174,7 @@ public class Connection extends ConnectionInvoker
         synchronized (lock)
         {
             state = OPENING;
-
+            userID = username;
             delegate = new ClientDelegate(vhost, username, password,saslMechs);
 
             IoTransport.connect(host, port, ConnectionBinding.get(this), ssl);
@@ -544,6 +545,16 @@ public class Connection extends ConnectionInvoker
     {
         return _authorizationID;
     }
+    
+    public String getUserID()
+    {
+        return userID;
+    }
+    
+    public void setUserID(String id)
+    {
+        userID = id;
+    }
 
     public String toString()
     {
author	Rajith Muditha Attapattu <rajith@apache.org>	2010-01-12 20:53:51 +0000
committer	Rajith Muditha Attapattu <rajith@apache.org>	2010-01-12 20:53:51 +0000
commit	dd02cfaa3720b1b6b5cc967ffed565d10c3a6da0 (patch)
tree	2b7c64e8f7710a2cdfedcbaab2baeb845b2f82f7
parent	f171c8a00f2d3f11e2e2015bd4abe32ba91d704f (diff)
download	qpid-python-dd02cfaa3720b1b6b5cc967ffed565d10c3a6da0.tar.gz