diff options
| author | Michael Goulish <mgoulish@apache.org> | 2010-05-24 18:25:46 +0000 |
|---|---|---|
| committer | Michael Goulish <mgoulish@apache.org> | 2010-05-24 18:25:46 +0000 |
| commit | 666d6136f32b8cce2af18e59d1a2cc832f98eb21 (patch) | |
| tree | 5c90c470477a31d077a77da790fcfa7818be8530 /cpp/src/qpid/broker/SaslAuthenticator.cpp | |
| parent | ac46aeaaf5a0ab1cd8b2c6c94c0b8da60fad28ed (diff) | |
| download | qpid-python-666d6136f32b8cce2af18e59d1a2cc832f98eb21.tar.gz | |
Jira QPID-2617 -- make sasl-based tests config files relocatable
Before this change, sasl-based testing cannot be fully automated
because the sasl db must be located in the standard installation
location of /etc/sasl2.
* Created a new directory "sasl_config" under cpp/src/tests
* added a new makefile fragment "sasl.mk" to cpp/src/Makefile.am
conditionally included basedon HAVE_SASL, which is defined by
configure.
( NOTE: should be in cpp/src/tests/Makefile.am, but getting an
"saslpasswd2: generic failure" when I try that. )
* The sasl.mk fragment uses saslpasswd2 to create a sasl db in
cpp/src/tests/sasl_config that defines two users with eponymous
passwords.
* In test cluster_authentication_soak.cpp, make the cluster name
random.
* make SaslAuthenticator code accept and use a config path
* give cluster_authentication_soak self-test capability.
the test is meant to detect two problems:
- broker failure
- perftest hang
so give it flags that will force either of those conditions.
This allows me to (anually) ensure that the test really does
detect those conditions when they occur.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@947748 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'cpp/src/qpid/broker/SaslAuthenticator.cpp')
| -rw-r--r-- | cpp/src/qpid/broker/SaslAuthenticator.cpp | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/cpp/src/qpid/broker/SaslAuthenticator.cpp b/cpp/src/qpid/broker/SaslAuthenticator.cpp index c55f3edb38..b54eb19971 100644 --- a/cpp/src/qpid/broker/SaslAuthenticator.cpp +++ b/cpp/src/qpid/broker/SaslAuthenticator.cpp @@ -93,9 +93,20 @@ bool SaslAuthenticator::available(void) { } // Initialize the SASL mechanism; throw if it fails. -void SaslAuthenticator::init(const std::string& saslName) +void SaslAuthenticator::init(const std::string& saslName, std::string const & saslConfigPath ) { - int code = sasl_server_init(NULL, saslName.c_str()); + int code; + // If we are not given a specific sasl path, do + // nothing and allow the default to be used. + if ( ! saslConfigPath.empty() ) { + if(SASL_OK != (code=sasl_set_path(SASL_PATH_TYPE_CONFIG, const_cast<char *>(saslConfigPath.c_str())))) { + QPID_LOG(error, "SASL: sasl_set_path: [" << code << "] " ); + return; + } + QPID_LOG(info, "SASL: config path set to " << saslConfigPath ); + } + + code = sasl_server_init(NULL, saslName.c_str()); if (code != SASL_OK) { // TODO: Figure out who owns the char* returned by // sasl_errstring, though it probably does not matter much @@ -224,18 +235,20 @@ void CyrusAuthenticator::init() * which cannot specify a realm for the user that is * authenticating. */ + int code; + const char *realm = connection.getBroker().getOptions().realm.c_str(); - int code = sasl_server_new(BROKER_SASL_NAME, /* Service name */ - NULL, /* Server FQDN, gethostname() */ - realm, /* Authentication realm */ - NULL, /* Local IP, needed for some mechanism */ - NULL, /* Remote IP, needed for some mechanism */ - NULL, /* Callbacks */ - 0, /* Connection flags */ - &sasl_conn); + code = sasl_server_new(BROKER_SASL_NAME, /* Service name */ + NULL, /* Server FQDN, gethostname() */ + realm, /* Authentication realm */ + NULL, /* Local IP, needed for some mechanism */ + NULL, /* Remote IP, needed for some mechanism */ + NULL, /* Callbacks */ + 0, /* Connection flags */ + &sasl_conn); if (SASL_OK != code) { - QPID_LOG(info, "SASL: Connection creation failed: [" << code << "] " << sasl_errdetail(sasl_conn)); + QPID_LOG(error, "SASL: Connection creation failed: [" << code << "] " << sasl_errdetail(sasl_conn)); // TODO: Change this to an exception signaling // server error, when one is available |