QPID-648: Patch from Matt Farrellee

- support for realms - updates to packaging to create a default db and the necessary conf files for plain and anon git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@654902 13f79535-47bb-0310-9956-ffa450edef68
author: Gordon Sim <gsim@apache.org> 2008-05-09 18:09:43 +0000
committer: Gordon Sim <gsim@apache.org> 2008-05-09 18:09:43 +0000
commit: 7f0c95b0e94c964a92c77c7c8c59035ffff35f34 (patch)
tree: 3615fd0cb4f4b632dfb6bc7d12d8bb577072ac53 /cpp/src/qpid/broker/SaslAuthenticator.cpp
parent: 207bd72d3029f9cbf9a14606bd3b609a0af8fb67 (diff)
download: qpid-python-7f0c95b0e94c964a92c77c7c8c59035ffff35f34.tar.gz
1 files changed, 20 insertions, 2 deletions
diff --git a/cpp/src/qpid/broker/SaslAuthenticator.cpp b/cpp/src/qpid/broker/SaslAuthenticator.cpp
index 56718502f1..d48b258ba2 100644
--- a/cpp/src/qpid/broker/SaslAuthenticator.cpp
+++ b/cpp/src/qpid/broker/SaslAuthenticator.cpp
@@ -109,8 +109,26 @@ CyrusAuthenticator::CyrusAuthenticator(Connection& c) : sasl_conn(0), connection
 
 void CyrusAuthenticator::init()
 {
-    int code = sasl_server_new(BROKER_SASL_NAME,
-                               NULL, NULL, NULL, NULL, NULL, 0,
+        /* Next to the service name, which specifies the
+          * /etc/sasl2/<service name>.conf file to read, the realm is
+          * currently the most important argument below. When
+          * performing authentication the user that is authenticating
+          * will be looked up in a specific realm. If none is given
+          * then the realm defaults to the hostname, which can cause
+          * confusion when the daemon is run on different hosts that
+          * may be logically sharing a realm (aka a user domain). This
+          * is especially important for SASL PLAIN authentication,
+          * which cannot specify a realm for the user that is
+          * authenticating.
+          */
+    const char *realm = connection.getBroker().getOptions().realm.c_str();
+    int code = sasl_server_new(BROKER_SASL_NAME, /* Service name */
+                               NULL, /* Server FQDN, gethostname() */
+                               realm, /* Authentication realm */
+                               NULL, /* Local IP, needed for some mechanism */
+                               NULL, /* Remote IP, needed for some mechanism */
+                               NULL, /* Callbacks */
+                               0, /* Connection flags */
                                &sasl_conn);
     
     if (SASL_OK != code) {
author	Gordon Sim <gsim@apache.org>	2008-05-09 18:09:43 +0000
committer	Gordon Sim <gsim@apache.org>	2008-05-09 18:09:43 +0000
commit	7f0c95b0e94c964a92c77c7c8c59035ffff35f34 (patch)
tree	3615fd0cb4f4b632dfb6bc7d12d8bb577072ac53 /cpp/src/qpid/broker/SaslAuthenticator.cpp
parent	207bd72d3029f9cbf9a14606bd3b609a0af8fb67 (diff)
download	qpid-python-7f0c95b0e94c964a92c77c7c8c59035ffff35f34.tar.gz