Modify the null authenticator to handle PLAIN correctly, making acls easier to test.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@747505 13f79535-47bb-0310-9956-ffa450edef68
author: Gordon Sim <gsim@apache.org> 2009-02-24 19:01:28 +0000
committer: Gordon Sim <gsim@apache.org> 2009-02-24 19:01:28 +0000
commit: ebd2cd1461b25ddcfd058fe2bf24917b9e8c4cd4 (patch)
tree: 7d2ba87fef41d108a3bb065ca12d3f3de54344c1 /qpid/cpp/src
parent: e43cde0cb4340153391acd5d4f3cb9130ca7b474 (diff)
download: qpid-python-ebd2cd1461b25ddcfd058fe2bf24917b9e8c4cd4.tar.gz
1 files changed, 19 insertions, 9 deletions
diff --git a/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp b/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp
index 736b051945..edc66444ec 100644
--- a/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp
+++ b/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp
@@ -141,21 +141,31 @@ NullAuthenticator::~NullAuthenticator() {}
 void NullAuthenticator::getMechanisms(Array& mechanisms)
 {
     mechanisms.add(boost::shared_ptr<FieldValue>(new Str16Value("ANONYMOUS")));
+    mechanisms.add(boost::shared_ptr<FieldValue>(new Str16Value("PLAIN")));//useful for testing
 }
 
 void NullAuthenticator::start(const string& mechanism, const string& response)
 {
     if (mechanism == "PLAIN") { // Old behavior
-        if (response.size() > 0 && response[0] == (char) 0) {
-            string temp = response.substr(1);
-            string::size_type i = temp.find((char)0);
-            string uid = temp.substr(0, i);
-            string pwd = temp.substr(i + 1);
-            i = uid.find_last_of(realm);
-            if (i == string::npos || i != (uid.size() - 1)) {
-                uid = str(format("%1%@%2%") % uid % realm);
+        if (response.size() > 0) {
+            string uid;
+            string::size_type i = response.find((char)0);
+            if (i == 0 && response.size() > 1) {
+                //no authorization id; use authentication id
+                i = response.find((char)0, 1);
+                if (i != string::npos) uid = response.substr(1, i-1);
+            } else if (i != string::npos) {
+                //authorization id is first null delimited field
+                uid = response.substr(0, i);
+            }//else not a valid SASL PLAIN response, throw error?            
+            if (!uid.empty()) {
+                //append realm if it has not already been added
+                i = uid.find(realm);
+                if (i == string::npos || realm.size() + i < uid.size()) {
+                    uid = str(format("%1%@%2%") % uid % realm);
+                }
+                connection.setUserId(uid);
             }
-            connection.setUserId(uid);
         }
     } else {
         connection.setUserId("anonymous");
author	Gordon Sim <gsim@apache.org>	2009-02-24 19:01:28 +0000
committer	Gordon Sim <gsim@apache.org>	2009-02-24 19:01:28 +0000
commit	ebd2cd1461b25ddcfd058fe2bf24917b9e8c4cd4 (patch)
tree	7d2ba87fef41d108a3bb065ca12d3f3de54344c1 /qpid/cpp/src
parent	e43cde0cb4340153391acd5d4f3cb9130ca7b474 (diff)
download	qpid-python-ebd2cd1461b25ddcfd058fe2bf24917b9e8c4cd4.tar.gz