SASLizing Interbroker Links

------------------------------------------------------------- 1. Brokers already knew how to handle the server side of SASLized links, but not the client side. So we promoted the client-side SASL code from the client library to the common library so that the broker could also use it. This affected SaslFactory.{h,cpp} and Sasl.h TODO -- can the server-side and client-side code be unified here? 2. Some of the SASL verbs in broker/ConnectionHandler.cpp are expanded: start, secure, tune. 3. broker/SecureConnection is altered to get the client-broker and the server-broker to agree on when the security layer should be inserted. 4. the python tool qpid-route is modified so that, in the "route add" command, you can specify the security mechanism for SASL to use. TODO -- should we also pass in {min,max}SSF ? 5. Changes in broker/LinkRegistry to allow the information input by qpid-route to be passed up to where it is needed. 6. A bash script test run by "make check" that creates a SASLized federation link and sends some messages down it. TODO - write a python unit test instead of a bash script. I think I uncovered a bug in the python code when I tried. 7. NOTE - testing for this feature does not work with versions of SASL earlier than 2.1.22, becuase I can't tell SASL to use a SASL database file in a nonstandard location. The test is disabled for earlier versions. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1024541 13f79535-47bb-0310-9956-ffa450edef68
author: Michael Goulish <mgoulish@apache.org> 2010-10-20 08:03:36 +0000
committer: Michael Goulish <mgoulish@apache.org> 2010-10-20 08:03:36 +0000
commit: bcb149706cdace4a333a811969e473451d9ab331 (patch)
tree: 6ad1e5797a8696968b91bdcf511eeac4bf4cb54f /tools/src
parent: 346e5a55b9152ab603bf8b15bd7718beb9d6ff76 (diff)
download: qpid-python-bcb149706cdace4a333a811969e473451d9ab331.tar.gz
1 files changed, 10 insertions, 11 deletions
diff --git a/tools/src/py/qpid-route b/tools/src/py/qpid-route
index be6bdf958c..0b5069a277 100755
--- a/tools/src/py/qpid-route
+++ b/tools/src/py/qpid-route
@@ -30,7 +30,7 @@ def Usage(short=False):
     print "Usage:  qpid-route [OPTIONS] dynamic add <dest-broker> <src-broker> <exchange> [tag] [exclude-list]"
     print "        qpid-route [OPTIONS] dynamic del <dest-broker> <src-broker> <exchange>"
     print
-    print "        qpid-route [OPTIONS] route add   <dest-broker> <src-broker> <exchange> <routing-key> [tag] [exclude-list]"
+    print "        qpid-route [OPTIONS] route add   <dest-broker> <src-broker> <exchange> <routing-key> [tag] [exclude-list] [mechanism]"
     print "        qpid-route [OPTIONS] route del   <dest-broker> <src-broker> <exchange> <routing-key>"
     print "        qpid-route [OPTIONS] queue add   <dest-broker> <src-broker> <exchange> <queue>"
     print "        qpid-route [OPTIONS] queue del   <dest-broker> <src-broker> <exchange> <queue>"
@@ -98,7 +98,7 @@ class RouteManager:
                 return link
         return None
 
-    def addLink(self, remoteBroker):
+    def addLink(self, remoteBroker, mech="PLAIN"):
         self.remote = BrokerURL(remoteBroker)
         if self.local.match(self.remote.host, self.remote.port):
             raise Exception("Linking broker to itself is not permitted")
@@ -107,10 +107,6 @@ class RouteManager:
         broker = brokers[0]
         link = self.getLink()
         if link == None:
-            if not self.remote.authName or self.remote.authName == "anonymous":
-                mech = "ANONYMOUS"
-            else:
-                mech = "PLAIN"
             res = broker.connect(self.remote.host, self.remote.port, _durable,
                                  mech, self.remote.authName or "", self.remote.authPass or "",
                                  _transport)
@@ -231,11 +227,11 @@ class RouteManager:
             if b[0] != self.local.name():
                 self.qmf.delBroker(b[1])
 
-    def addRoute(self, remoteBroker, exchange, routingKey, tag, excludes, dynamic=False):
+    def addRoute(self, remoteBroker, exchange, routingKey, tag, excludes, mech="PLAIN", dynamic=False):
         if dynamic and _srclocal:
             raise Exception("--src-local is not permitted on dynamic routes")
 
-        self.addLink(remoteBroker)
+        self.addLink(remoteBroker, mech)
         link = self.getLink()
         if link == None:
             raise Exception("Link failed to create")
@@ -494,9 +490,10 @@ try:
 
             tag = ""
             excludes = ""
+            mech = "PLAIN"
             if nargs > 5: tag = cargs[5]     
             if nargs > 6: excludes = cargs[6]     
-            rm.addRoute(remoteBroker, cargs[4], "", tag, excludes, dynamic=True)
+            rm.addRoute(remoteBroker, cargs[4], "", tag, excludes, mech, dynamic=True)
         elif cmd == "del":
             if nargs != 5:
                 Usage()
@@ -505,14 +502,16 @@ try:
 
     elif group == "route":
         if cmd == "add":
-            if nargs < 6 or nargs > 8:
+            if nargs < 6 or nargs > 9:
                 Usage()
 
             tag = ""
             excludes = ""
+            mech = "PLAIN"
             if nargs > 6: tag = cargs[6]     
             if nargs > 7: excludes = cargs[7]
-            rm.addRoute(remoteBroker, cargs[4], cargs[5], tag, excludes, dynamic=False)
+            if nargs > 8: mech = cargs[8]
+            rm.addRoute(remoteBroker, cargs[4], cargs[5], tag, excludes, mech, dynamic=False)
         elif cmd == "del":
             if nargs != 6:
                 Usage()
author	Michael Goulish <mgoulish@apache.org>	2010-10-20 08:03:36 +0000
committer	Michael Goulish <mgoulish@apache.org>	2010-10-20 08:03:36 +0000
commit	bcb149706cdace4a333a811969e473451d9ab331 (patch)
tree	6ad1e5797a8696968b91bdcf511eeac4bf4cb54f /tools/src
parent	346e5a55b9152ab603bf8b15bd7718beb9d6ff76 (diff)
download	qpid-python-bcb149706cdace4a333a811969e473451d9ab331.tar.gz