From cc04bc3a1cdcb4100b612e589a21d850b809d4ce Mon Sep 17 00:00:00 2001
From: Michael Goulish <mgoulish@apache.org>
Date: Thu, 11 Aug 2011 12:49:39 +0000
Subject:     two new management properties for connections: the sasl
 mechanism, and the ssf (security strength factor).    also a change to
 logging level of one message, so that when we see the list of mechanisms, we
 will always also see which one was chosen.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1156604 13f79535-47bb-0310-9956-ffa450edef68
---
 qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp | 9 ++++++++-
 qpid/specs/management-schema.xml               | 2 ++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp b/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp
index 07d5045852..12a13ccfe6 100644
--- a/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp
+++ b/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp
@@ -381,13 +381,17 @@ void CyrusAuthenticator::start(const string& mechanism, const string& response)
     const char *challenge;
     unsigned int challenge_len;
     
-    QPID_LOG(debug, "SASL: Starting authentication with mechanism: " << mechanism);
+    // This should be at same debug level as mech list in getMechanisms().
+    QPID_LOG(info, "SASL: Starting authentication with mechanism: " << mechanism);
     int code = sasl_server_start(sasl_conn,
                                  mechanism.c_str(),
                                  response.size() ? response.c_str() : 0, response.length(),
                                  &challenge, &challenge_len);
     
     processAuthenticationStep(code, challenge, challenge_len);
+    qmf::org::apache::qpid::broker::Connection* cnxMgmt = connection.getMgmtObject();
+    if ( cnxMgmt ) 
+        cnxMgmt->set_saslMechanism(mechanism);
 }
         
 void CyrusAuthenticator::step(const string& response)
@@ -461,6 +465,9 @@ std::auto_ptr<SecurityLayer> CyrusAuthenticator::getSecurityLayer(uint16_t maxFr
     if (ssf) {
         securityLayer = std::auto_ptr<SecurityLayer>(new CyrusSecurityLayer(sasl_conn, maxFrameSize));
     }
+    qmf::org::apache::qpid::broker::Connection* cnxMgmt = connection.getMgmtObject();
+    if ( cnxMgmt ) 
+        cnxMgmt->set_saslSsf(ssf);
     return securityLayer;
 }
 
diff --git a/qpid/specs/management-schema.xml b/qpid/specs/management-schema.xml
index 9f54b0cd31..d43ee1b69c 100644
--- a/qpid/specs/management-schema.xml
+++ b/qpid/specs/management-schema.xml
@@ -262,6 +262,8 @@
     <property name="remotePid"          type="uint32" access="RO" optional="y" desc="Process ID of remote client"/>
     <property name="remoteParentPid"    type="uint32" access="RO" optional="y" desc="Parent Process ID of remote client"/>
     <property name="shadow"             type="bool"   access="RO" desc="True for shadow connections"/>
+    <property name="saslMechanism"      type="sstr"   access="RO" desc="SASL mechanism"/>
+    <property name="saslSsf"            type="uint16"   access="RO" desc="SASL security strength factor"/>
     <statistic name="closing"          type="bool" desc="This client is closing by management request"/>
     <statistic name="framesFromClient" type="count64"/>
     <statistic name="framesToClient"   type="count64"/>
-- 
cgit v1.2.1