QPID-6116: [Python Client 0-8..0-9] Allow fallback to anon/external sasl if no credentials are provided

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1628687 13f79535-47bb-0310-9956-ffa450edef68
author: Keith Wall <kwall@apache.org> 2014-10-01 12:19:43 +0000
committer: Keith Wall <kwall@apache.org> 2014-10-01 12:19:43 +0000
commit: 2bc451aeddbf3b91e61f935406d642f56b2ab930 (patch)
tree: df8b168ee91f280e80f26f77aec22bb52c97f291 /qpid/python
parent: 0da097bf2a32489bb770544ab56ed0a18852cb21 (diff)
download: qpid-python-2bc451aeddbf3b91e61f935406d642f56b2ab930.tar.gz
11 files changed, 35 insertions, 24 deletions
diff --git a/qpid/python/qpid/saslmech/amqplain.py b/qpid/python/qpid/saslmech/amqplain.py
index d31997eefd..731f6b6628 100644
--- a/qpid/python/qpid/saslmech/amqplain.py
+++ b/qpid/python/qpid/saslmech/amqplain.py
@@ -17,14 +17,11 @@
 # under the License.
 #
 
-from sasl import Sasl, SaslException
+from sasl import Sasl
 
 class AMQPLAIN(Sasl):
 
   def initialResponse(self):
-    if (self.user is None or self.password is None):
-      raise SaslException("User and password must be specified")
-
     return {"LOGIN": self.user, "PASSWORD": self.password}
 
   def priority(self):
diff --git a/qpid/python/qpid/saslmech/anonymous.py b/qpid/python/qpid/saslmech/anonymous.py
index ea3e51dfba..8f3fa1434e 100644
--- a/qpid/python/qpid/saslmech/anonymous.py
+++ b/qpid/python/qpid/saslmech/anonymous.py
@@ -19,5 +19,9 @@
 
 from sasl import Sasl
 
-class ANONYMOUS(Sasl): pass
+class ANONYMOUS(Sasl):
+
+  def prerequistesOk(self):
+    return True
+
 
diff --git a/qpid/python/qpid/saslmech/cram_md5.py b/qpid/python/qpid/saslmech/cram_md5.py
index c2eb8078a0..a351f43838 100644
--- a/qpid/python/qpid/saslmech/cram_md5.py
+++ b/qpid/python/qpid/saslmech/cram_md5.py
@@ -17,14 +17,11 @@
 # under the License.
 #
 
-from sasl import Sasl, SaslException
+from sasl import Sasl
 from hmac import HMAC
 
 class CRAM_MD5(Sasl):
 
   def response(self, challenge):
-    if (self.user is None or self.password is None):
-      raise SaslException("User and password must be specified")
-
     digest = HMAC( self.password, challenge).hexdigest()
     return "%s %s" % (self.user, digest)
diff --git a/qpid/python/qpid/saslmech/cram_md5_hex.py b/qpid/python/qpid/saslmech/cram_md5_hex.py
index 39342060da..03463db083 100644
--- a/qpid/python/qpid/saslmech/cram_md5_hex.py
+++ b/qpid/python/qpid/saslmech/cram_md5_hex.py
@@ -24,9 +24,6 @@ from hashlib import md5
 class CRAM_MD5_HEX(Sasl):
 
   def response(self, challenge):
-    if (self.user is None or self.password is None):
-      raise SaslException("User and password must be specified")
-
     m = md5()
     m.update(self.password)
     digest = HMAC( m.hexdigest(), challenge).hexdigest()
diff --git a/qpid/python/qpid/saslmech/external.py b/qpid/python/qpid/saslmech/external.py
index 7b701f539d..00c6aba491 100644
--- a/qpid/python/qpid/saslmech/external.py
+++ b/qpid/python/qpid/saslmech/external.py
@@ -20,4 +20,8 @@
 from sasl import Sasl
 
 
-class EXTERNAL(Sasl): pass
-\ No newline at end of file
+class EXTERNAL(Sasl):
+  """Sasl mechanism used when SSL with client-auth is in use"""
+
+  def prerequistesOk(self):
+    return True
diff --git a/qpid/python/qpid/saslmech/finder.py b/qpid/python/qpid/saslmech/finder.py
index 15a8721f81..eab0250942 100644
--- a/qpid/python/qpid/saslmech/finder.py
+++ b/qpid/python/qpid/saslmech/finder.py
@@ -37,9 +37,12 @@ def get_sasl_mechanism(mechanismNames, username, password, namespace="qpid.saslm
       clazz = _get_class(canonicalName)
       log.debug("Found SASL implementation")
       instance = clazz(username, password, mechanismName, sasl_options)
-      instances.append(instance)
+      if (instance.prerequistesOk()):
+        instances.append(instance)
+      else:
+        log.debug("SASL mechanism %s unavailable as the prerequistes for this mechanism have not been met", mechanismName)
     except (ImportError, AttributeError), e:
-      # Unknown mechanism - this is normal if the server supports m
+      # Unknown mechanism - this is normal if the server supports mechanism that the client does not
       log.debug("Could not load implementation for %s", canonicalName)
       pass
 
diff --git a/qpid/python/qpid/saslmech/plain.py b/qpid/python/qpid/saslmech/plain.py
index aa883e5460..8e6fb74f33 100644
--- a/qpid/python/qpid/saslmech/plain.py
+++ b/qpid/python/qpid/saslmech/plain.py
@@ -17,14 +17,11 @@
 # under the License.
 #
 
-from sasl import Sasl, SaslException
+from sasl import Sasl
 
 class PLAIN(Sasl):
 
   def initialResponse(self):
-    if (self.user is None or self.password is None):
-      raise SaslException("User and password must be specified")
-
     return "\x00" + self.user + "\x00" + self.password
 
   def priority(self):
diff --git a/qpid/python/qpid/saslmech/sasl.py b/qpid/python/qpid/saslmech/sasl.py
index f6b7f04fb0..63ba36f8ad 100644
--- a/qpid/python/qpid/saslmech/sasl.py
+++ b/qpid/python/qpid/saslmech/sasl.py
@@ -27,6 +27,9 @@ class Sasl:
     self.name = name
     self.sasl_options = sasl_options
 
+  def prerequistesOk(self):
+    return self.user is not None and self.password is not None
+
   def initialResponse(self):
     return
 
@@ -38,4 +41,4 @@ class Sasl:
     return 1
 
   def mechanismName(self):
-    return self.name
-\ No newline at end of file
+    return self.name
diff --git a/qpid/python/qpid/saslmech/scram.py b/qpid/python/qpid/saslmech/scram.py
index d12f8c8fa5..11a2d2fbe4 100644
--- a/qpid/python/qpid/saslmech/scram.py
+++ b/qpid/python/qpid/saslmech/scram.py
@@ -32,9 +32,6 @@ class SCRAM_base(Sasl):
     self.server_signature = None
 
   def initialResponse(self):
-    if (self.user is None or self.password is None):
-      raise SaslException("User and password must be specified")
-
     name = self.user.replace("=","=3D").replace(",","=2C")
     self.client_first_message = "n=" + name + ",r=" + self.client_nonce
     return "n,," + self.client_first_message
diff --git a/qpid/python/qpid/tests/saslmech/finder.py b/qpid/python/qpid/tests/saslmech/finder.py
index d9092654bc..3ad5e727ba 100644
--- a/qpid/python/qpid/tests/saslmech/finder.py
+++ b/qpid/python/qpid/tests/saslmech/finder.py
@@ -51,6 +51,15 @@ class SaslFinderTests (TestCase):
 
     self.assertTrue(isinstance(mech, MY_SASL), "Mechanism %s is of unexpected type" % mech)
 
+  def test_sasl_mechanism_fallback_without_credentials(self):
+
+    # MY-SASL requires username/password, MY-SASL2 does not
+    supportedMechs = ["MY-SASL", "MY-SASL2"]
+
+    mech = get_sasl_mechanism(supportedMechs, None, None, namespace="qpid.tests.saslmech")
+
+    self.assertTrue(isinstance(mech, MY_SASL2), "Mechanism %s is of unexpected type" % mech)
+
   def test_sasl_mechansim_options(self):
 
     supportedMechs = ["MY-SASL"]
diff --git a/qpid/python/qpid/tests/saslmech/my_sasl2.py b/qpid/python/qpid/tests/saslmech/my_sasl2.py
index f481a615e7..c03dcbf2ca 100644
--- a/qpid/python/qpid/tests/saslmech/my_sasl2.py
+++ b/qpid/python/qpid/tests/saslmech/my_sasl2.py
@@ -22,4 +22,7 @@ from qpid.saslmech.sasl import Sasl
 class MY_SASL2(Sasl):
 
   def priority(self):
-    return 0
-\ No newline at end of file
+    return 0
+
+  def prerequistesOk(self):
+    return True
author	Keith Wall <kwall@apache.org>	2014-10-01 12:19:43 +0000
committer	Keith Wall <kwall@apache.org>	2014-10-01 12:19:43 +0000
commit	2bc451aeddbf3b91e61f935406d642f56b2ab930 (patch)
tree	df8b168ee91f280e80f26f77aec22bb52c97f291 /qpid/python
parent	0da097bf2a32489bb770544ab56ed0a18852cb21 (diff)
download	qpid-python-2bc451aeddbf3b91e61f935406d642f56b2ab930.tar.gz