Jira QPID-2617 -- make sasl-based tests config files relocatable

Before this change, sasl-based testing cannot be fully automated because the sasl db must be located in the standard installation location of /etc/sasl2. * Created a new directory "sasl_config" under cpp/src/tests * added a new makefile fragment "sasl.mk" to cpp/src/Makefile.am conditionally included basedon HAVE_SASL, which is defined by configure. ( NOTE: should be in cpp/src/tests/Makefile.am, but getting an "saslpasswd2: generic failure" when I try that. ) * The sasl.mk fragment uses saslpasswd2 to create a sasl db in cpp/src/tests/sasl_config that defines two users with eponymous passwords. * In test cluster_authentication_soak.cpp, make the cluster name random. * make SaslAuthenticator code accept and use a config path * give cluster_authentication_soak self-test capability. the test is meant to detect two problems: - broker failure - perftest hang so give it flags that will force either of those conditions. This allows me to (anually) ensure that the test really does detect those conditions when they occur. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@947748 13f79535-47bb-0310-9956-ffa450edef68
author: Michael Goulish <mgoulish@apache.org> 2010-05-24 18:25:46 +0000
committer: Michael Goulish <mgoulish@apache.org> 2010-05-24 18:25:46 +0000
commit: 666d6136f32b8cce2af18e59d1a2cc832f98eb21 (patch)
tree: 5c90c470477a31d077a77da790fcfa7818be8530 /cpp/src/qpid
parent: ac46aeaaf5a0ab1cd8b2c6c94c0b8da60fad28ed (diff)
download: qpid-python-666d6136f32b8cce2af18e59d1a2cc832f98eb21.tar.gz
4 files changed, 28 insertions, 13 deletions
diff --git a/cpp/src/qpid/broker/Broker.cpp b/cpp/src/qpid/broker/Broker.cpp
index 09157c1e62..c887fa9c32 100644
--- a/cpp/src/qpid/broker/Broker.cpp
+++ b/cpp/src/qpid/broker/Broker.cpp
@@ -124,6 +124,7 @@ Broker::Options::Options(const std::string& name) :
         ("tcp-nodelay", optValue(tcpNoDelay), "Set TCP_NODELAY on TCP connections")
         ("require-encryption", optValue(requireEncrypted), "Only accept connections that are encrypted")
         ("known-hosts-url", optValue(knownHosts, "URL or 'none'"), "URL to send as 'known-hosts' to clients ('none' implies empty list)")
+        ("sasl-config", optValue(saslConfigPath, "FILE"), "gets sasl config from nonstandard location")
         ("max-session-rate", optValue(maxSessionRate, "MESSAGES/S"), "Sets the maximum message rate per session (0=unlimited)")
         ("async-queue-events", optValue(asyncQueueEvents, "yes|no"), "Set Queue Events async, used for services like replication");
 }
@@ -263,7 +264,7 @@ Broker::Broker(const Broker::Options& conf) :
      * SASL setup, can fail and terminate startup
      */
     if (conf.auth) {
-        SaslAuthenticator::init(qpid::saslName);
+        SaslAuthenticator::init(qpid::saslName, conf.saslConfigPath);
         QPID_LOG(info, "SASL enabled");
     } else {
         QPID_LOG(notice, "SASL disabled: No Authentication Performed");
diff --git a/cpp/src/qpid/broker/Broker.h b/cpp/src/qpid/broker/Broker.h
index f55f94bc8e..10408867dc 100644
--- a/cpp/src/qpid/broker/Broker.h
+++ b/cpp/src/qpid/broker/Broker.h
@@ -110,6 +110,7 @@ public:
         bool tcpNoDelay;
         bool requireEncrypted;
         std::string knownHosts;
+        std::string saslConfigPath;
         uint32_t maxSessionRate;
         bool asyncQueueEvents;
         bool qmf2Support;
diff --git a/cpp/src/qpid/broker/SaslAuthenticator.cpp b/cpp/src/qpid/broker/SaslAuthenticator.cpp
index c55f3edb38..b54eb19971 100644
--- a/cpp/src/qpid/broker/SaslAuthenticator.cpp
+++ b/cpp/src/qpid/broker/SaslAuthenticator.cpp
@@ -93,9 +93,20 @@ bool SaslAuthenticator::available(void) {
 }
 
 // Initialize the SASL mechanism; throw if it fails.
-void SaslAuthenticator::init(const std::string& saslName)
+void SaslAuthenticator::init(const std::string& saslName, std::string const & saslConfigPath )
 {
-    int code = sasl_server_init(NULL, saslName.c_str());
+    int code;
+    //  If we are not given a specific sasl path, do 
+    //  nothing and allow the default to be used.
+    if ( ! saslConfigPath.empty() ) {
+        if(SASL_OK != (code=sasl_set_path(SASL_PATH_TYPE_CONFIG, const_cast<char *>(saslConfigPath.c_str())))) {
+          QPID_LOG(error, "SASL: sasl_set_path: [" << code << "] " );
+          return;
+        }
+        QPID_LOG(info, "SASL: config path set to " << saslConfigPath );
+    }
+
+    code = sasl_server_init(NULL, saslName.c_str());
     if (code != SASL_OK) {
         // TODO: Figure out who owns the char* returned by
         // sasl_errstring, though it probably does not matter much
@@ -224,18 +235,20 @@ void CyrusAuthenticator::init()
           * which cannot specify a realm for the user that is
           * authenticating.
           */
+    int code;
+
     const char *realm = connection.getBroker().getOptions().realm.c_str();
-    int code = sasl_server_new(BROKER_SASL_NAME, /* Service name */
-                               NULL, /* Server FQDN, gethostname() */
-                               realm, /* Authentication realm */
-                               NULL, /* Local IP, needed for some mechanism */
-                               NULL, /* Remote IP, needed for some mechanism */
-                               NULL, /* Callbacks */
-                               0, /* Connection flags */
-                               &sasl_conn);
+    code = sasl_server_new(BROKER_SASL_NAME, /* Service name */
+                           NULL, /* Server FQDN, gethostname() */
+                           realm, /* Authentication realm */
+                           NULL, /* Local IP, needed for some mechanism */
+                           NULL, /* Remote IP, needed for some mechanism */
+                           NULL, /* Callbacks */
+                           0, /* Connection flags */
+                           &sasl_conn);
     
     if (SASL_OK != code) {
-        QPID_LOG(info, "SASL: Connection creation failed: [" << code << "] " << sasl_errdetail(sasl_conn));
+        QPID_LOG(error, "SASL: Connection creation failed: [" << code << "] " << sasl_errdetail(sasl_conn));
         
         // TODO: Change this to an exception signaling
         // server error, when one is available
diff --git a/cpp/src/qpid/broker/SaslAuthenticator.h b/cpp/src/qpid/broker/SaslAuthenticator.h
index f4ad24b3bd..b4b946f7ce 100644
--- a/cpp/src/qpid/broker/SaslAuthenticator.h
+++ b/cpp/src/qpid/broker/SaslAuthenticator.h
@@ -58,7 +58,7 @@ public:
     static bool available(void);
 
     // Initialize the SASL mechanism; throw if it fails.
-    static void init(const std::string& saslName);
+    static void init(const std::string& saslName, std::string const & saslConfigPath );
     static void fini(void);
 
     static std::auto_ptr<SaslAuthenticator> createAuthenticator(Connection& connection, bool isShadow);
author	Michael Goulish <mgoulish@apache.org>	2010-05-24 18:25:46 +0000
committer	Michael Goulish <mgoulish@apache.org>	2010-05-24 18:25:46 +0000
commit	666d6136f32b8cce2af18e59d1a2cc832f98eb21 (patch)
tree	5c90c470477a31d077a77da790fcfa7818be8530 /cpp/src/qpid
parent	ac46aeaaf5a0ab1cd8b2c6c94c0b8da60fad28ed (diff)
download	qpid-python-666d6136f32b8cce2af18e59d1a2cc832f98eb21.tar.gz