summaryrefslogtreecommitdiff
path: root/cpp/src/qpid/client
diff options
context:
space:
mode:
authorGordon Sim <gsim@apache.org>2009-11-09 15:30:18 +0000
committerGordon Sim <gsim@apache.org>2009-11-09 15:30:18 +0000
commit58efa10f3ed794dac024a1995e871a1368faeddc (patch)
tree7a96ce8642acfdc19546512fadfc8783fbc252d3 /cpp/src/qpid/client
parentbb32d235be89547bb7e8621ce56c66e4dabdd43a (diff)
downloadqpid-python-58efa10f3ed794dac024a1995e871a1368faeddc.tar.gz
QPID-1899: Applied patch from Ken Giusti to tie in SASL enctryption to the handling of the --require-encrypted option
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@834108 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'cpp/src/qpid/client')
-rw-r--r--cpp/src/qpid/client/ConnectionHandler.cpp3
-rw-r--r--cpp/src/qpid/client/ConnectionHandler.h4
-rw-r--r--cpp/src/qpid/client/ConnectionImpl.cpp1
-rw-r--r--cpp/src/qpid/client/Connector.cpp1
-rw-r--r--cpp/src/qpid/client/Connector.h2
-rw-r--r--cpp/src/qpid/client/RdmaConnector.cpp1
-rw-r--r--cpp/src/qpid/client/Sasl.h2
-rw-r--r--cpp/src/qpid/client/SaslFactory.cpp17
-rw-r--r--cpp/src/qpid/client/SslConnector.cpp1
9 files changed, 26 insertions, 6 deletions
diff --git a/cpp/src/qpid/client/ConnectionHandler.cpp b/cpp/src/qpid/client/ConnectionHandler.cpp
index bb348675c6..8f1cc7b03f 100644
--- a/cpp/src/qpid/client/ConnectionHandler.cpp
+++ b/cpp/src/qpid/client/ConnectionHandler.cpp
@@ -212,7 +212,8 @@ void ConnectionHandler::start(const FieldTable& /*serverProps*/, const Array& me
}
if (sasl.get()) {
- string response = sasl->start(mechanism.empty() ? mechlist : mechanism);
+ string response = sasl->start(mechanism.empty() ? mechlist : mechanism,
+ getSSF ? getSSF() : 0);
proxy.startOk(properties, sasl->getMechanism(), response, locale);
} else {
//TODO: verify that desired mechanism and locale are supported
diff --git a/cpp/src/qpid/client/ConnectionHandler.h b/cpp/src/qpid/client/ConnectionHandler.h
index e9cc5194ae..ed1e385dcf 100644
--- a/cpp/src/qpid/client/ConnectionHandler.h
+++ b/cpp/src/qpid/client/ConnectionHandler.h
@@ -94,7 +94,8 @@ class ConnectionHandler : private StateManager,
public:
using InputHandler::handle;
typedef boost::function<void()> CloseListener;
- typedef boost::function<void(uint16_t, const std::string&)> ErrorListener;
+ typedef boost::function<void(uint16_t, const std::string&)> ErrorListener;
+ typedef boost::function<unsigned int()> GetConnSSF;
ConnectionHandler(const ConnectionSettings&, framing::ProtocolVersion&);
@@ -122,6 +123,7 @@ public:
static framing::connection::CloseCode convert(uint16_t replyCode);
const std::string& getUserId() const { return operUserId; }
+ GetConnSSF getSSF; /** query the connection for its security strength factor */
};
}}
diff --git a/cpp/src/qpid/client/ConnectionImpl.cpp b/cpp/src/qpid/client/ConnectionImpl.cpp
index 4f35639c71..cede7f7310 100644
--- a/cpp/src/qpid/client/ConnectionImpl.cpp
+++ b/cpp/src/qpid/client/ConnectionImpl.cpp
@@ -79,6 +79,7 @@ ConnectionImpl::ConnectionImpl(framing::ProtocolVersion v, const ConnectionSetti
CLOSE_CODE_NORMAL, std::string());
//only set error handler once open
handler.onError = boost::bind(&ConnectionImpl::closed, this, _1, _2);
+ handler.getSSF = boost::bind(&Connector::getSSF, boost::ref(connector));
}
const uint16_t ConnectionImpl::NEXT_CHANNEL = std::numeric_limits<uint16_t>::max();
diff --git a/cpp/src/qpid/client/Connector.cpp b/cpp/src/qpid/client/Connector.cpp
index fbb571d40a..ad60c9d7e1 100644
--- a/cpp/src/qpid/client/Connector.cpp
+++ b/cpp/src/qpid/client/Connector.cpp
@@ -148,6 +148,7 @@ public:
TCPConnector(framing::ProtocolVersion pVersion,
const ConnectionSettings&,
ConnectionImpl*);
+ unsigned int getSSF() { return 0; }
};
// Static constructor which registers connector here
diff --git a/cpp/src/qpid/client/Connector.h b/cpp/src/qpid/client/Connector.h
index 78ddaa33cd..3a49ae9012 100644
--- a/cpp/src/qpid/client/Connector.h
+++ b/cpp/src/qpid/client/Connector.h
@@ -74,6 +74,8 @@ class Connector : public framing::OutputHandler
virtual void activateSecurityLayer(std::auto_ptr<qpid::sys::SecurityLayer>);
+ virtual unsigned int getSSF() = 0;
+
};
}}
diff --git a/cpp/src/qpid/client/RdmaConnector.cpp b/cpp/src/qpid/client/RdmaConnector.cpp
index 0692c3d85c..77169db3a6 100644
--- a/cpp/src/qpid/client/RdmaConnector.cpp
+++ b/cpp/src/qpid/client/RdmaConnector.cpp
@@ -122,6 +122,7 @@ public:
RdmaConnector(framing::ProtocolVersion pVersion,
const ConnectionSettings&,
ConnectionImpl*);
+ unsigned int getSSF() { return 0; }
};
// Static constructor which registers connector here
diff --git a/cpp/src/qpid/client/Sasl.h b/cpp/src/qpid/client/Sasl.h
index d773609655..fcc8c1f1c6 100644
--- a/cpp/src/qpid/client/Sasl.h
+++ b/cpp/src/qpid/client/Sasl.h
@@ -42,7 +42,7 @@ struct ConnectionSettings;
class Sasl
{
public:
- virtual std::string start(const std::string& mechanisms) = 0;
+ virtual std::string start(const std::string& mechanisms, unsigned int ssf) = 0;
virtual std::string step(const std::string& challenge) = 0;
virtual std::string getMechanism() = 0;
virtual std::string getUserId() = 0;
diff --git a/cpp/src/qpid/client/SaslFactory.cpp b/cpp/src/qpid/client/SaslFactory.cpp
index b699160066..5012b75c94 100644
--- a/cpp/src/qpid/client/SaslFactory.cpp
+++ b/cpp/src/qpid/client/SaslFactory.cpp
@@ -80,7 +80,7 @@ class CyrusSasl : public Sasl
public:
CyrusSasl(const ConnectionSettings&);
~CyrusSasl();
- std::string start(const std::string& mechanisms);
+ std::string start(const std::string& mechanisms, unsigned int ssf);
std::string step(const std::string& challenge);
std::string getMechanism();
std::string getUserId();
@@ -176,7 +176,7 @@ namespace {
const std::string SSL("ssl");
}
-std::string CyrusSasl::start(const std::string& mechanisms)
+std::string CyrusSasl::start(const std::string& mechanisms, unsigned int ssf)
{
QPID_LOG(debug, "CyrusSasl::start(" << mechanisms << ")");
int result = sasl_client_new(settings.service.c_str(),
@@ -189,7 +189,18 @@ std::string CyrusSasl::start(const std::string& mechanisms)
if (result != SASL_OK) throw InternalErrorException(QPID_MSG("Sasl error: " << sasl_errdetail(conn)));
sasl_security_properties_t secprops;
-
+
+ if (ssf) {
+ sasl_ssf_t external_ssf = (sasl_ssf_t) ssf;
+ if (external_ssf) {
+ int result = sasl_setprop(conn, SASL_SSF_EXTERNAL, &external_ssf);
+ if (result != SASL_OK) {
+ throw framing::InternalErrorException(QPID_MSG("SASL error: unable to set external SSF: " << result));
+ }
+ QPID_LOG(debug, "external SSF detected and set to " << ssf);
+ }
+ }
+
secprops.min_ssf = settings.minSsf;
secprops.max_ssf = settings.maxSsf;
secprops.maxbufsize = 65535;
diff --git a/cpp/src/qpid/client/SslConnector.cpp b/cpp/src/qpid/client/SslConnector.cpp
index 80c53770a0..5cdaaa4615 100644
--- a/cpp/src/qpid/client/SslConnector.cpp
+++ b/cpp/src/qpid/client/SslConnector.cpp
@@ -135,6 +135,7 @@ public:
SslConnector(framing::ProtocolVersion pVersion,
const ConnectionSettings&,
ConnectionImpl*);
+ unsigned int getSSF() { return socket.getKeyLen(); }
};
// Static constructor which registers connector here
View Lorry Controller Status