diff options
| author | Ted Ross <tross@apache.org> | 2012-07-26 14:38:53 +0000 |
|---|---|---|
| committer | Ted Ross <tross@apache.org> | 2012-07-26 14:38:53 +0000 |
| commit | 4dab66463b394fa8052ceb89ce185fd4e76ce632 (patch) | |
| tree | a9948eef3f9cfcffac5a980e2413b998e198a98c | |
| parent | 02dc201883cf730b11754aa7861e1d540624ef42 (diff) | |
| download | qpid-python-4dab66463b394fa8052ceb89ce185fd4e76ce632.tar.gz | |
QPID-3175 - Added SSL/x.509-auth capability to Python clients and Python tools
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1366020 13f79535-47bb-0310-9956-ffa450edef68
| -rwxr-xr-x | cpp/src/tests/ping_broker | 127 | ||||
| -rwxr-xr-x | cpp/src/tests/ssl_test | 5 | ||||
| -rw-r--r-- | extras/qmf/src/py/qmf/console.py | 6 | ||||
| -rw-r--r-- | python/qpid/connection.py | 5 | ||||
| -rw-r--r-- | python/qpid/delegates.py | 67 | ||||
| -rw-r--r-- | python/qpid/framer.py | 14 | ||||
| -rw-r--r-- | python/qpid/sasl.py | 3 | ||||
| -rw-r--r-- | python/qpid/util.py | 4 | ||||
| -rwxr-xr-x | tools/src/py/qpid-cluster | 27 | ||||
| -rwxr-xr-x | tools/src/py/qpid-config | 25 | ||||
| -rwxr-xr-x | tools/src/py/qpid-ha | 21 | ||||
| -rwxr-xr-x | tools/src/py/qpid-printevents | 25 | ||||
| -rwxr-xr-x | tools/src/py/qpid-queue-stats | 14 | ||||
| -rwxr-xr-x | tools/src/py/qpid-route | 31 | ||||
| -rwxr-xr-x | tools/src/py/qpid-stat | 29 | ||||
| -rwxr-xr-x | tools/src/py/qpid-tool | 9 | ||||
| -rw-r--r-- | tools/src/py/qpidtoollibs/broker.py | 5 |
17 files changed, 300 insertions, 117 deletions
diff --git a/cpp/src/tests/ping_broker b/cpp/src/tests/ping_broker new file mode 100755 index 0000000000..6c391027a3 --- /dev/null +++ b/cpp/src/tests/ping_broker @@ -0,0 +1,127 @@ +#!/usr/bin/env python + +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +import os +from optparse import OptionParser, OptionGroup +import sys +import locale +import socket +import re +from qpid.messaging import Connection + +home = os.environ.get("QPID_TOOLS_HOME", os.path.normpath("/usr/share/qpid-tools")) +sys.path.append(os.path.join(home, "python")) + +from qpidtoollibs import BrokerAgent +from qpidtoollibs import Display, Header, Sorter, YN, Commas, TimeLong + + +class Config: + def __init__(self): + self._host = "localhost" + self._connTimeout = 10 + +config = Config() +conn_options = {} + +def OptionsAndArguments(argv): + """ Set global variables for options, return arguments """ + + global config + global conn_options + + usage = "%prog [options]" + + parser = OptionParser(usage=usage) + + parser.add_option("-b", "--broker", action="store", type="string", default="localhost", metavar="<url>", + help="URL of the broker to query") + parser.add_option("-t", "--timeout", action="store", type="int", default=10, metavar="<secs>", + help="Maximum time to wait for broker connection (in seconds)") + parser.add_option("--sasl-mechanism", action="store", type="string", metavar="<mech>", + help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). SASL automatically picks the most secure available mechanism - use this option to override.") + parser.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)") + parser.add_option("--ssl-key", action="store", type="string", metavar="<key>", help="Client SSL private key (PEM Format)") + parser.add_option("--ha-admin", action="store_true", help="Allow connection to a HA backup broker.") + + opts, args = parser.parse_args(args=argv) + + config._host = opts.broker + config._connTimeout = opts.timeout + + if opts.sasl_mechanism: + conn_options['sasl_mechanisms'] = opts.sasl_mechanism + if opts.ssl_certificate: + conn_options['ssl_certfile'] = opts.ssl_certificate + if opts.ssl_key: + conn_options['ssl_key'] = opts.ssl_key + if opts.ha_admin: + conn_options['client_properties'] = {'qpid.ha-admin' : 1} + return args + +class BrokerManager: + def __init__(self): + self.brokerName = None + self.connection = None + self.broker = None + self.cluster = None + + def SetBroker(self, brokerUrl): + self.url = brokerUrl + self.connection = Connection.establish(self.url, **conn_options) + self.broker = BrokerAgent(self.connection) + + def Disconnect(self): + """ Release any allocated brokers. Ignore any failures as the tool is + shutting down. + """ + try: + connection.close() + except: + pass + + def Ping(self, args): + for sequence in range(10): + result = self.broker.echo(sequence, "ECHO BODY") + if result['sequence'] != sequence: + raise Exception("Invalid Sequence") + + +def main(argv=None): + + args = OptionsAndArguments(argv) + bm = BrokerManager() + + try: + bm.SetBroker(config._host) + bm.Ping(args) + bm.Disconnect() + return 0 + except KeyboardInterrupt: + print + except Exception,e: + print "Failed: %s - %s" % (e.__class__.__name__, e) + + bm.Disconnect() # try to deallocate brokers + return 1 + +if __name__ == "__main__": + sys.exit(main()) diff --git a/cpp/src/tests/ssl_test b/cpp/src/tests/ssl_test index 91ff8eec1e..19a316a483 100755 --- a/cpp/src/tests/ssl_test +++ b/cpp/src/tests/ssl_test @@ -148,6 +148,11 @@ URL=$TEST_HOSTNAME:$PORT MSG=`./qpid-receive -b $URL --connection-options '{transport:ssl,heartbeat:2}' -a "foo;{create:always}" --messages 1` test "$MSG" = "hello again" || { echo "receive failed '$MSG' != 'hello again'"; exit 1; } +## Test using the Python client +echo "Testing Non-Authenticating with Python Client..." +URL=amqps://$TEST_HOSTNAME:$PORT +if `$top_srcdir/src/tests/ping_broker -b $URL`; then echo " Passed"; else { echo " Failed"; exit 1; }; fi + #### Client Authentication tests start_authenticating_broker diff --git a/extras/qmf/src/py/qmf/console.py b/extras/qmf/src/py/qmf/console.py index bd1ddb2833..90cc17d32b 100644 --- a/extras/qmf/src/py/qmf/console.py +++ b/extras/qmf/src/py/qmf/console.py @@ -2422,8 +2422,12 @@ class Broker(Thread): sock.settimeout(5) oldTimeout = sock.gettimeout() sock.settimeout(self.connTimeout) + connSock = None if self.ssl: - connSock = ssl(sock) + if 'ssl_certfile' in self.connectArgs: + connSock = ssl(sock, certfile=self.connectArgs['ssl_certfile']) + else: + connSock = ssl(sock) else: connSock = sock self.conn = Connection(connSock, username=self.authUser, password=self.authPass, diff --git a/python/qpid/connection.py b/python/qpid/connection.py index 66e1cb49be..2453f38c34 100644 --- a/python/qpid/connection.py +++ b/python/qpid/connection.py @@ -166,8 +166,9 @@ class Connection(Framer): # If we have a security layer and it sends us no decoded data, # that's OK as long as its return code is happy. if self.security_layer_rx: - status, data = self.security_layer_rx.decode(data) - if not status: + try: + data = self.security_layer_rx.decode(data) + except: self.detach_all() break # When we do not use SSL transport, we get periodic diff --git a/python/qpid/delegates.py b/python/qpid/delegates.py index 685cf49f54..5e44a3a6dc 100644 --- a/python/qpid/delegates.py +++ b/python/qpid/delegates.py @@ -24,13 +24,7 @@ from exceptions import VersionError, Closed from logging import getLogger from ops import Control import sys - -_have_sasl = None -try: - import saslwrapper - _have_sasl = True -except: - pass +from qpid import sasl log = getLogger("qpid.io.ctl") @@ -172,20 +166,19 @@ class Client(Delegate): self.username = username self.password = password - if _have_sasl: - self.sasl = saslwrapper.Client() - if username and len(username) > 0: - self.sasl.setAttr("username", str(username)) - if password and len(password) > 0: - self.sasl.setAttr("password", str(password)) - self.sasl.setAttr("service", str(kwargs.get("service", "qpidd"))) - if "host" in kwargs: - self.sasl.setAttr("host", str(kwargs["host"])) - if "min_ssf" in kwargs: - self.sasl.setAttr("minssf", kwargs["min_ssf"]) - if "max_ssf" in kwargs: - self.sasl.setAttr("maxssf", kwargs["max_ssf"]) - self.sasl.init() + self.sasl = sasl.Client() + if username and len(username) > 0: + self.sasl.setAttr("username", str(username)) + if password and len(password) > 0: + self.sasl.setAttr("password", str(password)) + self.sasl.setAttr("service", str(kwargs.get("service", "qpidd"))) + if "host" in kwargs: + self.sasl.setAttr("host", str(kwargs["host"])) + if "min_ssf" in kwargs: + self.sasl.setAttr("minssf", kwargs["min_ssf"]) + if "max_ssf" in kwargs: + self.sasl.setAttr("maxssf", kwargs["max_ssf"]) + self.sasl.init() def start(self): # XXX @@ -204,39 +197,29 @@ class Client(Delegate): mech_list += str(mech) + " " mech = None initial = None - if _have_sasl: - status, mech, initial = self.sasl.start(mech_list) - if status == False: - raise Closed("SASL error: %s" % self.sasl.getError()) - else: - if self.username and self.password and ("PLAIN" in mech_list): - mech = "PLAIN" - initial = "\0%s\0%s" % (self.username, self.password) - else: - mech = "ANONYMOUS" - if not mech in mech_list: - raise Closed("No acceptable SASL authentication mechanism available") + try: + mech, initial = self.sasl.start(mech_list) + except Exception, e: + raise Closed(str(e)) ch.connection_start_ok(client_properties=self.client_properties, mechanism=mech, response=initial) def connection_secure(self, ch, secure): resp = None - if _have_sasl: - status, resp = self.sasl.step(secure.challenge) - if status == False: - raise Closed("SASL error: %s" % self.sasl.getError()) + try: + resp = self.sasl.step(secure.challenge) + except Exception, e: + raise Closed(str(e)) ch.connection_secure_ok(response=resp) def connection_tune(self, ch, tune): ch.connection_tune_ok(heartbeat=self.heartbeat) ch.connection_open() - if _have_sasl: - self.connection.user_id = self.sasl.getUserId() - self.connection.security_layer_tx = self.sasl + self.connection.user_id = self.sasl.auth_username() + self.connection.security_layer_tx = self.sasl def connection_open_ok(self, ch, open_ok): - if _have_sasl: - self.connection.security_layer_rx = self.sasl + self.connection.security_layer_rx = self.sasl self.connection.opened = True notify(self.connection.condition) diff --git a/python/qpid/framer.py b/python/qpid/framer.py index 47f57cf649..8e4ef014f1 100644 --- a/python/qpid/framer.py +++ b/python/qpid/framer.py @@ -51,9 +51,10 @@ class Framer(Packer): self.sock_lock.acquire() try: if self.security_layer_tx: - status, cipher_buf = self.security_layer_tx.encode(self.tx_buf) - if status == False: - raise Closed(self.security_layer_tx.getError()) + try: + cipher_buf = self.security_layer_tx.encode(self.tx_buf) + except SASLError, e: + raise Closed(str(e)) self._write(cipher_buf) else: self._write(self.tx_buf) @@ -91,9 +92,10 @@ class Framer(Packer): try: s = self.sock.recv(n) # NOTE: instead of "n", arg should be "self.maxbufsize" if self.security_layer_rx: - status, s = self.security_layer_rx.decode(s) - if status == False: - raise Closed(self.security_layer_tx.getError()) + try: + s = self.security_layer_rx.decode(s) + except SASLError, e: + raise Closed(str(e)) except socket.timeout: if self.aborted(): raise Closed() diff --git a/python/qpid/sasl.py b/python/qpid/sasl.py index 677a5e4e22..25de6dec45 100644 --- a/python/qpid/sasl.py +++ b/python/qpid/sasl.py @@ -29,6 +29,9 @@ class WrapperClient: def setAttr(self, name, value): status = self._cli.setAttr(str(name), str(value)) + if status and name == 'username': + status = self._cli.setAttr('externaluser', str(value)) + if not status: raise SASLError(self._cli.getError()) diff --git a/python/qpid/util.py b/python/qpid/util.py index 89677289e2..7541595453 100644 --- a/python/qpid/util.py +++ b/python/qpid/util.py @@ -25,9 +25,9 @@ except ImportError: from socket import ssl as wrap_socket class ssl: - def __init__(self, sock): + def __init__(self, sock, keyfile=None, certfile=None, trustfile=None): self.sock = sock - self.ssl = wrap_socket(sock) + self.ssl = wrap_socket(sock, keyfile=keyfile, certfile=certfile, ca_certs=trustfile) def recv(self, n): return self.ssl.read(n) diff --git a/tools/src/py/qpid-cluster b/tools/src/py/qpid-cluster index d4f9391dcf..7d800b52fb 100755 --- a/tools/src/py/qpid-cluster +++ b/tools/src/py/qpid-cluster @@ -64,17 +64,19 @@ class IpAddr: return bestAddr class BrokerManager: - def __init__(self, config): - self.config = config - self.brokerName = None - self.qmf = None - self.broker = None - self.brokers = [] + def __init__(self, config, conn_options): + self.config = config + self.cert = None + self.conn_options = conn_options + self.brokerName = None + self.qmf = None + self.broker = None + self.brokers = [] def SetBroker(self, brokerUrl): self.url = brokerUrl self.qmf = Session() - self.broker = self.qmf.addBroker(brokerUrl, self.config._connTimeout) + self.broker = self.qmf.addBroker(brokerUrl, self.config._connTimeout, **self.conn_options) agents = self.qmf.getAgents() for a in agents: if a.getAgentBank() == '0': @@ -240,6 +242,8 @@ def main(argv=None): description="Example: $ qpid-cluster -C broker-host:10000") parser.add_option("-t", "--timeout", action="store", type="int", default=10, metavar="SECS", help="Maximum time to wait for broker connection (in seconds)") + parser.add_option("--sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). SASL automatically picks the most secure available mechanism - use this option to override.") + parser.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)") parser.add_option("-C", "--all-connections", action="store_true", default=False, help="View client connections to all cluster members") parser.add_option("-c", "--connections", metavar="ID", help="View client connections to specified member") parser.add_option("-d", "--del-connection", metavar="HOST:PORT", help="Disconnect a client connection") @@ -280,7 +284,13 @@ def main(argv=None): config._force = opts.force config._numeric = opts.numeric - bm = BrokerManager(config) + conn_options = {} + if opts.sasl_mechanism: + conn_options['mechanisms'] = opts.sasl_mechanism + if opts.ssl_certificate: + conn_options['ssl_certfile'] = opts.ssl_certificate + + bm = BrokerManager(config, conn_options) try: bm.SetBroker(config._host) @@ -303,7 +313,6 @@ def main(argv=None): bm.Disconnect() except Exception, e: - raise print str(e) return 1 diff --git a/tools/src/py/qpid-config b/tools/src/py/qpid-config index 1308df765d..df43b7ea4e 100755 --- a/tools/src/py/qpid-config +++ b/tools/src/py/qpid-config @@ -88,7 +88,6 @@ class Config: self._altern_ex = None self._durable = False self._replicate = None - self._ha_admin = False self._clusterDurable = False self._if_empty = True self._if_unused = True @@ -102,7 +101,6 @@ class Config: self._ive = False self._eventGeneration = None self._file = None - self._sasl_mechanism = None self._flowStopCount = None self._flowResumeCount = None self._flowStopSize = None @@ -114,6 +112,7 @@ class Config: self._returnCode = 0 config = Config() +conn_options = {} FILECOUNT = "qpid.file_count" FILESIZE = "qpid.file_size" @@ -177,6 +176,9 @@ def OptionsAndArguments(argv): group1.add_option("-r", "--recursive", action="store_true", help="Show bindings in queue or exchange list") group1.add_option("-b", "--broker", action="store", type="string", default="localhost:5672", metavar="<address>", help="Address of qpidd broker with syntax: [username/password@] hostname | ip-address [:<port>]") group1.add_option("--sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). SASL automatically picks the most secure available mechanism - use this option to override.") + group1.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)") + group1.add_option("--ssl-key", action="store", type="string", metavar="<key>", help="Client SSL private key (PEM Format)") + group1.add_option("--ha-admin", action="store_true", help="Allow connection to a HA backup broker.") parser.add_option_group(group1) group_ls = OptionGroup(parser, "Options for Listing Exchanges and Queues") @@ -187,7 +189,6 @@ def OptionsAndArguments(argv): group2.add_option("--alternate-exchange", action="store", type="string", metavar="<aexname>", help="Name of the alternate-exchange for the new queue or exchange. Exchanges route messages to the alternate exchange if they are unable to route them elsewhere. Queues route messages to the alternate exchange if they are rejected by a subscriber or orphaned by queue deletion.") group2.add_option("--durable", action="store_true", help="The new queue or exchange is durable.") group2.add_option("--replicate", action="store", metavar="<level>", help="Enable automatic replication in a HA cluster. <level> is 'none', 'configuration' or 'all').") - group2.add_option("--ha-admin", action="store_true", help="Allow connection to a HA backup broker.") parser.add_option_group(group2) group3 = OptionGroup(parser, "Options for Adding Queues") @@ -306,6 +307,16 @@ def OptionsAndArguments(argv): config._extra_arguments = opts.extra_arguments if opts.start_replica: config._start_replica = opts.start_replica + + if opts.sasl_mechanism: + conn_options['sasl_mechanisms'] = opts.sasl_mechanism + if opts.ssl_certificate: + conn_options['ssl_certfile'] = opts.ssl_certificate + if opts.ssl_key: + conn_options['ssl_key'] = opts.ssl_key + if opts.ha_admin: + conn_options['client_properties'] = {'qpid.ha-admin' : 1} + return args @@ -355,11 +366,9 @@ class BrokerManager: self.conn = None self.broker = None - def SetBroker(self, brokerUrl, mechanism): + def SetBroker(self, brokerUrl): self.url = brokerUrl - client_properties={} - if config._ha_admin: client_properties["qpid.ha-admin"] = 1 - self.conn = Connection.establish(self.url, sasl_mechanisms=mechanism, client_properties=client_properties) + self.conn = Connection.establish(self.url, **conn_options) self.broker = BrokerAgent(self.conn) def Disconnect(self): @@ -690,7 +699,7 @@ def main(argv=None): bm = BrokerManager() try: - bm.SetBroker(config._host, config._sasl_mechanism) + bm.SetBroker(config._host) if len(args) == 0: bm.Overview() else: diff --git a/tools/src/py/qpid-ha b/tools/src/py/qpid-ha index 6ddde93967..5b701a1fb4 100755 --- a/tools/src/py/qpid-ha +++ b/tools/src/py/qpid-ha @@ -19,8 +19,7 @@ # under the License. # -import qmf.console, optparse, sys, time, os -from qpid.management import managementChannel, managementClient +import optparse, sys, time, os from qpid.messaging import Connection from qpid.messaging import Message as QpidMessage from qpidtoollibs.broker import BrokerAgent @@ -47,6 +46,8 @@ class Command: self.help = help self.op=optparse.OptionParser(usage) self.op.add_option("--sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). SASL automatically picks the most secure available mechanism - use this option to override.") + self.op.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)") + self.op.add_option("--ssl-key", action="store", type="string", metavar="<key>", help="Client SSL private key (PEM Format)") self.op.add_option("-b", "--broker", action="store", type="string", default="localhost:5672", metavar="<address>", help="Address of qpidd broker with syntax: [username/password@] hostname | ip-address [:<port>]") def execute(self, args): @@ -54,13 +55,19 @@ class Command: if len(args) != len(self.arg_names)+1: self.op.print_help() raise Exception("Wrong number of arguments") - connection = Connection.establish( - opts.broker, - sasl_mechanisms=opts.sasl_mechanism, - client_properties={"qpid.ha-admin":1}) + conn_options = {} + if opts.sasl_mechanism: + conn_options['sasl_mechanisms'] = opts.sasl_mechanism + if opts.ssl_certificate: + conn_options['ssl_certfile'] = opts.ssl_certificate + if opts.ssl_key: + conn_options['ssl_key'] = opts.ssl_key + conn_options['client_properties'] = {'qpid.ha-admin' : 1} + + connection = Connection.establish(opts.broker, **conn_options) qmf_broker = BrokerAgent(connection) ha_broker = qmf_broker.getHaBroker() - if not ha_broker: raise Exception("HA module is not loaded on broker at %s"%broker) + if not ha_broker: raise Exception("HA module is not loaded on broker at %s" % opts.broker) try: self.do_execute(qmf_broker, ha_broker, opts, args) finally: connection.close() diff --git a/tools/src/py/qpid-printevents b/tools/src/py/qpid-printevents index 7c3e2b6c23..0d0f1a0782 100755 --- a/tools/src/py/qpid-printevents +++ b/tools/src/py/qpid-printevents @@ -57,11 +57,10 @@ class EventReceiver(Thread): This class does not use the "reconnect" option because it needs to report as events when the connection is established and when it's lost. """ - def __init__(self, printer, url, mechanism, options): + def __init__(self, printer, url, options): Thread.__init__(self) self.printer = printer self.url = url - self.mechanism = mechanism self.options = options self.running = True self.helper = EventHelper() @@ -73,7 +72,7 @@ class EventReceiver(Thread): isOpen = False while self.running: try: - conn = Connection.establish(self.url, sasl_mechanisms=self.mechanism, client_properties=self.options) + conn = Connection.establish(self.url, **options) isOpen = True self.printer.pr(strftime("%c", gmtime(time())) + " NOTIC qpid-printevents:brokerConnected broker=%s" % self.url) @@ -133,23 +132,37 @@ def main(argv=None): p = optparse.OptionParser(usage=_usage, description=_description, formatter=JHelpFormatter()) p.add_option("--heartbeats", action="store_true", default=False, help="Use heartbeats.") p.add_option("--sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). SASL automatically picks the most secure available mechanism - use this option to override.") + p.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)") + p.add_option("--ssl-key", action="store", type="string", metavar="<key>", help="Client SSL private key (PEM Format)") + p.add_option("--ha-admin", action="store_true", help="Allow connection to a HA backup broker.") options, arguments = p.parse_args(args=argv) if len(arguments) == 0: arguments.append("localhost") brokers = [] - mechanism = options.sasl_mechanism - props = {'qpid.ha-admin' : 1} + conn_options = {} + props = {} printer = Printer() + if options.sasl_mechanism: + conn_options['sasl_mechanisms'] = options.sasl_mechanism + if options.ssl_certificate: + conn_options['ssl_certfile'] = options.ssl_certificate + if options.ssl_key: + conn_options['ssl_key'] = options.ssl_key + if options.ha_admin: + props['qpid.ha-admin'] = 1 if options.heartbeats: props['heartbeat'] = 5 + if len(props) > 0: + conn_options['client_properties'] = props + try: try: for host in arguments: - er = EventReceiver(printer, host, mechanism, props) + er = EventReceiver(printer, host, conn_options) brokers.append(er) er.start() diff --git a/tools/src/py/qpid-queue-stats b/tools/src/py/qpid-queue-stats index 562ccce32d..f68609aed8 100755 --- a/tools/src/py/qpid-queue-stats +++ b/tools/src/py/qpid-queue-stats @@ -32,13 +32,13 @@ from qpid.connection import Connection, ConnectionFailed from time import sleep class BrokerManager(Console): - def __init__(self, host, mechanism): + def __init__(self, host, conn_options): self.url = host self.objects = {} self.filter = None self.session = Session(self, rcvEvents=False, rcvHeartbeats=False, userBindings=True, manageConnections=True) - self.broker = self.session.addBroker(self.url, None, mechanism) + self.broker = self.session.addBroker(self.url, **conn_options) self.firstError = True def setFilter(self,filter): @@ -126,17 +126,23 @@ def main(argv=None): p.add_option('--broker-address','-a', default='localhost' , help='broker-addr is in the form: [username/password@] hostname | ip-address [:<port>] \n ex: localhost, 10.1.1.7:10000, broker-host:10000, guest/guest@localhost') p.add_option('--filter','-f' ,default=None ,help='a list of comma separated queue names (regex are accepted) to show') p.add_option("--sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). SASL automatically picks the most secure available mechanism - use this option to override.") - + p.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)") options, arguments = p.parse_args(args=argv) + conn_options = {} + if options.sasl_mechanism: + conn_options['mechanisms'] = options.sasl_mechanism + if options.ssl_certificate: + conn_options['ssl_certfile'] = options.ssl_certificate + host = options.broker_address filter = [] if options.filter != None: for s in options.filter.split(","): filter.append(re.compile(s)) - bm = BrokerManager(host, options.sasl_mechanism) + bm = BrokerManager(host, conn_options) bm.setFilter(filter) bm.Display() diff --git a/tools/src/py/qpid-route b/tools/src/py/qpid-route index 0316c24322..00c7c59189 100755 --- a/tools/src/py/qpid-route +++ b/tools/src/py/qpid-route @@ -53,16 +53,15 @@ def Usage(): class Config: def __init__(self): - self._verbose = False - self._quiet = False - self._durable = False - self._dellink = False - self._srclocal = False - self._transport = "tcp" - self._ack = 0 - self._connTimeout = 10 - self._client_sasl_mechanism = None - self._ha_admin = False + self._verbose = False + self._quiet = False + self._durable = False + self._dellink = False + self._srclocal = False + self._transport = "tcp" + self._ack = 0 + self._connTimeout = 10 + self._conn_options = {} config = Config() @@ -97,6 +96,7 @@ def OptionsAndArguments(argv): parser.add_option("-t", "--transport", action="store", type="string", default="tcp", metavar="<transport>", help="Transport to use for links, defaults to tcp") parser.add_option("--client-sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). Used when the client connects to the destination broker (not for authentication between the source and destination brokers - that is specified using the [mechanisms] argument to 'add route'). SASL automatically picks the most secure available mechanism - use this option to override.") + parser.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)") parser.add_option("--ha-admin", action="store_true", help="Allow connection to a HA backup broker.") opts, encArgs = parser.parse_args(args=argv) @@ -130,13 +130,16 @@ def OptionsAndArguments(argv): config._transport = opts.transport if opts.ha_admin: - config._ha_admin = True + config._conn_options['client_properties'] = {'qpid.ha-admin' : 1} if opts.ack: config._ack = opts.ack if opts.client_sasl_mechanism: - config._client_sasl_mechanism = opts.client_sasl_mechanism + config._conn_options['mechanisms'] = opts.client_sasl_mechanism + + if opts.ssl_certificate: + config._conn_options['ssl_certfile'] = opts.ssl_certificate return args @@ -147,9 +150,7 @@ class RouteManager: self.local = BrokerURL(localBroker) self.remote = None self.qmf = Session() - client_properties = {} - if config._ha_admin: client_properties["qpid.ha-admin"] = 1 - self.broker = self.qmf.addBroker(localBroker, config._connTimeout, config._client_sasl_mechanism, client_properties=client_properties) + self.broker = self.qmf.addBroker(localBroker, config._connTimeout, **config._conn_options) self.broker._waitForStable() self.agent = self.broker.getBrokerAgent() diff --git a/tools/src/py/qpid-stat b/tools/src/py/qpid-stat index cd2633756e..458ae36182 100755 --- a/tools/src/py/qpid-stat +++ b/tools/src/py/qpid-stat @@ -42,15 +42,15 @@ class Config: self._limit = 50 self._increasing = False self._sortcol = None - self._sasl_mechanism = None - self._ha_admin = False config = Config() +conn_options = {} def OptionsAndArguments(argv): """ Set global variables for options, return arguments """ global config + global conn_options usage = \ """%prog -g [options] @@ -70,6 +70,8 @@ def OptionsAndArguments(argv): help="Maximum time to wait for broker connection (in seconds)") group1.add_option("--sasl-mechanism", action="store", type="string", metavar="<mech>", help="SASL mechanism for authentication (e.g. EXTERNAL, ANONYMOUS, PLAIN, CRAM-MD, DIGEST-MD5, GSSAPI). SASL automatically picks the most secure available mechanism - use this option to override.") + group1.add_option("--ssl-certificate", action="store", type="string", metavar="<cert>", help="Client SSL certificate (PEM Format)") + group1.add_option("--ssl-key", action="store", type="string", metavar="<key>", help="Client SSL private key (PEM Format)") group1.add_option("--ha-admin", action="store_true", help="Allow connection to a HA backup broker.") parser.add_option_group(group1) @@ -100,8 +102,15 @@ def OptionsAndArguments(argv): config._connTimeout = opts.timeout config._increasing = opts.increasing config._limit = opts.limit - config._sasl_mechanism = opts.sasl_mechanism - config._ha_admin = opts.ha_admin + + if opts.sasl_mechanism: + conn_options['sasl_mechanisms'] = opts.sasl_mechanism + if opts.ssl_certificate: + conn_options['ssl_certfile'] = opts.ssl_certificate + if opts.ssl_key: + conn_options['ssl_key'] = opts.ssl_key + if opts.ha_admin: + conn_options['client_properties'] = {'qpid.ha-admin' : 1} return args @@ -137,11 +146,9 @@ class BrokerManager: self.broker = None self.cluster = None - def SetBroker(self, brokerUrl, mechanism): + def SetBroker(self, brokerUrl): self.url = brokerUrl - client_properties={} - if config._ha_admin: client_properties["qpid.ha-admin"] = 1 - self.connection = Connection.establish(self.url, sasl_mechanisms=mechanism, client_properties=client_properties) + self.connection = Connection.establish(self.url, **conn_options) self.broker = BrokerAgent(self.connection) def Disconnect(self): @@ -246,9 +253,10 @@ class BrokerManager: def displayConn(self): disp = Display(prefix=" ") heads = [] - heads.append(Header('client-addr')) + heads.append(Header('connection')) heads.append(Header('cproc')) heads.append(Header('cpid')) + heads.append(Header('mech')) heads.append(Header('auth')) heads.append(Header('connected', Header.DURATION)) heads.append(Header('idle', Header.DURATION)) @@ -262,6 +270,7 @@ class BrokerManager: row.append(conn.address) row.append(conn.remoteProcessName) row.append(conn.remotePid) + row.append(conn.saslMechanism) row.append(conn.authIdentity) row.append(broker.getUpdateTime() - conn.getCreateTime()) row.append(broker.getUpdateTime() - conn.getUpdateTime()) @@ -537,7 +546,7 @@ def main(argv=None): bm = BrokerManager() try: - bm.SetBroker(config._host, config._sasl_mechanism) + bm.SetBroker(config._host) bm.display(args) bm.Disconnect() return 0 diff --git a/tools/src/py/qpid-tool b/tools/src/py/qpid-tool index b31d93594c..4afa18dbb1 100755 --- a/tools/src/py/qpid-tool +++ b/tools/src/py/qpid-tool @@ -173,11 +173,11 @@ class Mcli(Cmd): class QmfData(Console): """ """ - def __init__(self, disp, url): + def __init__(self, disp, url, cert): self.disp = disp self.url = url self.session = Session(self, manageConnections=True) - self.broker = self.session.addBroker(self.url) + self.broker = self.session.addBroker(self.url, ssl_certfile=cert) self.lock = Lock() self.connected = None self.closing = None @@ -724,10 +724,13 @@ if _host[0] == '-': sys.exit(1) disp = Display() +cert = None +if len(cargs) > 1: + cert = cargs[1] # Attempt to make a connection to the target broker try: - data = QmfData(disp, _host) + data = QmfData(disp, _host, cert) except Exception, e: if str(e).find("Exchange not found") != -1: print "Management not enabled on broker: Use '-m yes' option on broker startup." diff --git a/tools/src/py/qpidtoollibs/broker.py b/tools/src/py/qpidtoollibs/broker.py index d34c2e6ced..ea31aeabb0 100644 --- a/tools/src/py/qpidtoollibs/broker.py +++ b/tools/src/py/qpidtoollibs/broker.py @@ -194,9 +194,10 @@ class BrokerAgent(object): def getMemory(self): return self._getSingleObject(Memory) - def echo(self, sequence, body): + def echo(self, sequence = 1, body = "Body"): """Request a response to test the path to the management broker""" - pass + args = {'sequence' : sequence, 'body' : body} + return self._method('echo', args) def connect(self, host, port, durable, authMechanism, username, password, transport): """Establish a connection to another broker""" |