diff options
| author | Michael Goulish <mgoulish@apache.org> | 2010-11-30 18:39:48 +0000 |
|---|---|---|
| committer | Michael Goulish <mgoulish@apache.org> | 2010-11-30 18:39:48 +0000 |
| commit | c81ac8cc24b35c0d9465b839936d5403d982b5c1 (patch) | |
| tree | 339de607ecf5546f2ad9d945d8bf48464ef34e21 /cpp/src/qpid/SaslFactory.cpp | |
| parent | ff04bf79f43b19094d757f78c036ff07ea50e0ce (diff) | |
| download | qpid-python-c81ac8cc24b35c0d9465b839936d5403d982b5c1.tar.gz | |
This patch was posted in JIRA QPID-2949.
It provides a way to tell SaslFactory that console
interaction is NOT ok. i.e. if the code is running
as part of a broker, or a demonized client of some
kind. Just tell it to never do interaction, and any
patch attempt to interact will be treated as an error.
This script demonstrates that all goes well if you supply enough info :
rm -rf /tmp/data_1 /tmp/data_2
mkdir /tmp/data_1 /tmp/data_2
# in window 1:
../qpidd -p 5672 --data-dir /tmp/data_1 --auth=yes --mgmt-enable=yes \
--log-enable info+ ./qpidd_1.log --log-source yes \
--sasl-config=/home/mick/trunk/qpid/cpp/src/tests/sasl_config
# in window 2:
../qpidd -p 10000 --data-dir /tmp/data_2 --auth=yes --mgmt-enable=yes \
--log-enable info+ ./qpidd_1.log --log-source yes \
--sasl-config=/home/mick/trunk/qpid/cpp/src/tests/sasl_config
# in window 3 ( from qpid dir )
./tools/src/py/qpid-route dynamic add zig/zig@localhost zig/zig@localhost:10000 qmf.default.direct
# and now view the created route
./tools/src/py/qpid-route route list localhost:5672
If you say auth=no, that works fine also.
HOWEVER PLEASE NOTE --
if you say auth=yes, but then do not supply enough into to avoid the need for interaction,
the attempted interaction will result in the connection being closed. Then the originating broker
will re-try the connection, and you will get a two-broker infinite loop until you fix it.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1040689 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'cpp/src/qpid/SaslFactory.cpp')
| -rw-r--r-- | cpp/src/qpid/SaslFactory.cpp | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/cpp/src/qpid/SaslFactory.cpp b/cpp/src/qpid/SaslFactory.cpp index 28c27f7529..664961e5d8 100644 --- a/cpp/src/qpid/SaslFactory.cpp +++ b/cpp/src/qpid/SaslFactory.cpp @@ -110,7 +110,7 @@ struct CyrusSaslSettings class CyrusSasl : public Sasl { public: - CyrusSasl(const std::string & username, const std::string & password, const std::string & serviceName, const std::string & hostName, int minSsf, int maxSsf); + CyrusSasl(const std::string & username, const std::string & password, const std::string & serviceName, const std::string & hostName, int minSsf, int maxSsf, bool allowInteraction); ~CyrusSasl(); std::string start(const std::string& mechanisms, const SecuritySettings* externalSettings); std::string step(const std::string& challenge); @@ -125,6 +125,10 @@ class CyrusSasl : public Sasl std::string mechanism; char login[MAX_LOGIN_LENGTH]; + /* In some contexts, like running in the broker or as a daemon, console + * interaction is impossible. In those cases, we will treat the attempt + * to interact as an error. */ + bool allowInteraction; void interact(sasl_interact_t* client_interact); }; @@ -159,14 +163,14 @@ SaslFactory& SaslFactory::getInstance() return *instance; } -std::auto_ptr<Sasl> SaslFactory::create(const std::string & username, const std::string & password, const std::string & serviceName, const std::string & hostName, int minSsf, int maxSsf) +std::auto_ptr<Sasl> SaslFactory::create(const std::string & username, const std::string & password, const std::string & serviceName, const std::string & hostName, int minSsf, int maxSsf, bool allowInteraction) { - std::auto_ptr<Sasl> sasl(new CyrusSasl(username, password, serviceName, hostName, minSsf, maxSsf)); + std::auto_ptr<Sasl> sasl(new CyrusSasl(username, password, serviceName, hostName, minSsf, maxSsf, allowInteraction)); return sasl; } -CyrusSasl::CyrusSasl(const std::string & username, const std::string & password, const std::string & serviceName, const std::string & hostName, int minSsf, int maxSsf) - : conn(0), settings(username, password, serviceName, hostName, minSsf, maxSsf) +CyrusSasl::CyrusSasl(const std::string & username, const std::string & password, const std::string & serviceName, const std::string & hostName, int minSsf, int maxSsf, bool allowInteraction) + : conn(0), settings(username, password, serviceName, hostName, minSsf, maxSsf), allowInteraction(allowInteraction) { size_t i = 0; @@ -330,6 +334,15 @@ std::string CyrusSasl::getUserId() void CyrusSasl::interact(sasl_interact_t* client_interact) { + /* + In some context console interaction cannot be allowed, such + as when this code run as part of a broker, or as a some other + daemon. In those cases we will treat the attempt to + */ + if ( ! allowInteraction ) { + throw InternalErrorException("interaction disallowed"); + } + if (client_interact->id == SASL_CB_PASS) { char* password = getpass(client_interact->prompt); input = std::string(password); |