summaryrefslogtreecommitdiff
path: root/cpp/src/qpid/broker
diff options
context:
space:
mode:
Diffstat (limited to 'cpp/src/qpid/broker')
-rw-r--r--cpp/src/qpid/broker/Connection.cpp6
-rw-r--r--cpp/src/qpid/broker/Connection.h11
-rw-r--r--cpp/src/qpid/broker/ConnectionFactory.cpp10
-rw-r--r--cpp/src/qpid/broker/ConnectionFactory.h5
-rw-r--r--cpp/src/qpid/broker/SaslAuthenticator.cpp22
-rw-r--r--cpp/src/qpid/broker/SecureConnectionFactory.cpp10
-rw-r--r--cpp/src/qpid/broker/SecureConnectionFactory.h5
7 files changed, 46 insertions, 23 deletions
diff --git a/cpp/src/qpid/broker/Connection.cpp b/cpp/src/qpid/broker/Connection.cpp
index 532666ad76..ca018ce4f8 100644
--- a/cpp/src/qpid/broker/Connection.cpp
+++ b/cpp/src/qpid/broker/Connection.cpp
@@ -23,6 +23,7 @@
#include "qpid/broker/SessionState.h"
#include "qpid/broker/Bridge.h"
#include "qpid/broker/Broker.h"
+#include "qpid/sys/SecuritySettings.h"
#include "qpid/log/Statement.h"
#include "qpid/ptr_map.h"
@@ -72,9 +73,10 @@ struct ConnectionTimeoutTask : public sys::TimerTask {
}
};
-Connection::Connection(ConnectionOutputHandler* out_, Broker& broker_, const std::string& mgmtId_, unsigned int ssf, bool isLink_, uint64_t objectId, bool shadow_) :
+Connection::Connection(ConnectionOutputHandler* out_, Broker& broker_, const std::string& mgmtId_,
+ const qpid::sys::SecuritySettings& external, bool isLink_, uint64_t objectId, bool shadow_) :
ConnectionState(out_, broker_),
- ssf(ssf),
+ securitySettings(external),
adapter(*this, isLink_),
isLink(isLink_),
mgmtClosing(false),
diff --git a/cpp/src/qpid/broker/Connection.h b/cpp/src/qpid/broker/Connection.h
index d49d9f4d75..30a763411f 100644
--- a/cpp/src/qpid/broker/Connection.h
+++ b/cpp/src/qpid/broker/Connection.h
@@ -45,6 +45,7 @@
#include "qpid/sys/AggregateOutput.h"
#include "qpid/sys/ConnectionInputHandler.h"
#include "qpid/sys/ConnectionOutputHandler.h"
+#include "qpid/sys/SecuritySettings.h"
#include "qpid/sys/Socket.h"
#include "qpid/sys/TimeoutHandler.h"
#include "qpid/sys/Mutex.h"
@@ -78,7 +79,8 @@ class Connection : public sys::ConnectionInputHandler,
virtual void connectionError(const std::string&) = 0;
};
- Connection(sys::ConnectionOutputHandler* out, Broker& broker, const std::string& mgmtId, unsigned int ssf,
+ Connection(sys::ConnectionOutputHandler* out, Broker& broker, const std::string& mgmtId,
+ const qpid::sys::SecuritySettings&,
bool isLink = false, uint64_t objectId = 0, bool shadow=false);
~Connection ();
@@ -136,14 +138,17 @@ class Connection : public sys::ConnectionInputHandler,
// Used by cluster to update connection status
sys::AggregateOutput& getOutputTasks() { return outputTasks; }
- unsigned int getSSF() { return ssf; }
+ const qpid::sys::SecuritySettings& getExternalSecuritySettings() const
+ {
+ return securitySettings;
+ }
private:
typedef boost::ptr_map<framing::ChannelId, SessionHandler> ChannelMap;
typedef std::vector<Queue::shared_ptr>::iterator queue_iterator;
ChannelMap channels;
- unsigned int ssf;
+ qpid::sys::SecuritySettings securitySettings;
ConnectionHandler adapter;
const bool isLink;
bool mgmtClosing;
diff --git a/cpp/src/qpid/broker/ConnectionFactory.cpp b/cpp/src/qpid/broker/ConnectionFactory.cpp
index ffb0b34b95..9e0020812b 100644
--- a/cpp/src/qpid/broker/ConnectionFactory.cpp
+++ b/cpp/src/qpid/broker/ConnectionFactory.cpp
@@ -22,12 +22,14 @@
#include "qpid/framing/ProtocolVersion.h"
#include "qpid/amqp_0_10/Connection.h"
#include "qpid/broker/Connection.h"
+#include "qpid/sys/SecuritySettings.h"
#include "qpid/log/Statement.h"
namespace qpid {
namespace broker {
using framing::ProtocolVersion;
+using qpid::sys::SecuritySettings;
typedef std::auto_ptr<amqp_0_10::Connection> ConnectionPtr;
typedef std::auto_ptr<sys::ConnectionInputHandler> InputPtr;
@@ -37,7 +39,7 @@ ConnectionFactory::~ConnectionFactory() {}
sys::ConnectionCodec*
ConnectionFactory::create(ProtocolVersion v, sys::OutputControl& out, const std::string& id,
- unsigned int ) {
+ const SecuritySettings& external) {
if (broker.getConnectionCounter().allowConnection())
{
QPID_LOG(error, "Client max connection count limit exceeded: " << broker.getOptions().maxConnections << " connection refused");
@@ -45,7 +47,7 @@ ConnectionFactory::create(ProtocolVersion v, sys::OutputControl& out, const std:
}
if (v == ProtocolVersion(0, 10)) {
ConnectionPtr c(new amqp_0_10::Connection(out, id, false));
- c->setInputHandler(InputPtr(new broker::Connection(c.get(), broker, id, false)));
+ c->setInputHandler(InputPtr(new broker::Connection(c.get(), broker, id, external, false)));
return c.release();
}
return 0;
@@ -53,10 +55,10 @@ ConnectionFactory::create(ProtocolVersion v, sys::OutputControl& out, const std:
sys::ConnectionCodec*
ConnectionFactory::create(sys::OutputControl& out, const std::string& id,
- unsigned int) {
+ const SecuritySettings& external) {
// used to create connections from one broker to another
ConnectionPtr c(new amqp_0_10::Connection(out, id, true));
- c->setInputHandler(InputPtr(new broker::Connection(c.get(), broker, id, true)));
+ c->setInputHandler(InputPtr(new broker::Connection(c.get(), broker, id, external, true)));
return c.release();
}
diff --git a/cpp/src/qpid/broker/ConnectionFactory.h b/cpp/src/qpid/broker/ConnectionFactory.h
index d812292ad1..7c1a9a08e1 100644
--- a/cpp/src/qpid/broker/ConnectionFactory.h
+++ b/cpp/src/qpid/broker/ConnectionFactory.h
@@ -36,11 +36,10 @@ class ConnectionFactory : public sys::ConnectionCodec::Factory
sys::ConnectionCodec*
create(framing::ProtocolVersion, sys::OutputControl&, const std::string& id,
- unsigned int conn_ssf);
+ const qpid::sys::SecuritySettings&);
sys::ConnectionCodec*
- create(sys::OutputControl&, const std::string& id,
- unsigned int conn_ssf);
+ create(sys::OutputControl&, const std::string& id, const qpid::sys::SecuritySettings&);
private:
Broker& broker;
diff --git a/cpp/src/qpid/broker/SaslAuthenticator.cpp b/cpp/src/qpid/broker/SaslAuthenticator.cpp
index 5611e3ec06..0f72f9643d 100644
--- a/cpp/src/qpid/broker/SaslAuthenticator.cpp
+++ b/cpp/src/qpid/broker/SaslAuthenticator.cpp
@@ -26,6 +26,7 @@
#include "qpid/broker/Connection.h"
#include "qpid/log/Statement.h"
#include "qpid/framing/reply_exceptions.h"
+#include "qpid/sys/SecuritySettings.h"
#include <boost/format.hpp>
#if HAVE_SASL
@@ -36,6 +37,7 @@ using qpid::sys::cyrus::CyrusSecurityLayer;
using namespace qpid::framing;
using qpid::sys::SecurityLayer;
+using qpid::sys::SecuritySettings;
using boost::format;
using boost::str;
@@ -152,7 +154,8 @@ void NullAuthenticator::start(const string& mechanism, const string& response)
#if HAVE_SASL
// encryption required - check to see if we are running over an
// encrypted SSL connection.
- sasl_ssf_t external_ssf = (sasl_ssf_t) connection.getSSF();
+ SecuritySettings external = connection.getExternalSecuritySettings();
+ sasl_ssf_t external_ssf = (sasl_ssf_t) external.ssf;
if (external_ssf < 1) // < 1 == unencrypted
#endif
{
@@ -244,7 +247,9 @@ void CyrusAuthenticator::init()
// If the transport provides encryption, notify the SASL library of
// the key length and set the ssf range to prevent double encryption.
- sasl_ssf_t external_ssf = (sasl_ssf_t) connection.getSSF();
+ SecuritySettings external = connection.getExternalSecuritySettings();
+ QPID_LOG(debug, "External ssf=" << external.ssf << " and auth=" << external.authid);
+ sasl_ssf_t external_ssf = (sasl_ssf_t) external.ssf;
if (external_ssf) {
int result = sasl_setprop(sasl_conn, SASL_SSF_EXTERNAL, &external_ssf);
if (result != SASL_OK) {
@@ -258,16 +263,25 @@ void CyrusAuthenticator::init()
", max_ssf: " << secprops.max_ssf <<
", external_ssf: " << external_ssf );
+ if (!external.authid.empty()) {
+ const char* external_authid = external.authid.c_str();
+ int result = sasl_setprop(sasl_conn, SASL_AUTH_EXTERNAL, external_authid);
+ if (result != SASL_OK) {
+ throw framing::InternalErrorException(QPID_MSG("SASL error: unable to set external auth: " << result));
+ }
+
+ QPID_LOG(debug, "external auth detected and set to " << external_authid);
+ }
+
secprops.maxbufsize = 65535;
secprops.property_names = 0;
secprops.property_values = 0;
secprops.security_flags = 0; /* or SASL_SEC_NOANONYMOUS etc as appropriate */
-
+ if (external.nodict) secprops.security_flags |= SASL_SEC_NODICTIONARY;
int result = sasl_setprop(sasl_conn, SASL_SEC_PROPS, &secprops);
if (result != SASL_OK) {
throw framing::InternalErrorException(QPID_MSG("SASL error: " << result));
}
-
}
CyrusAuthenticator::~CyrusAuthenticator()
diff --git a/cpp/src/qpid/broker/SecureConnectionFactory.cpp b/cpp/src/qpid/broker/SecureConnectionFactory.cpp
index 5a31dbceeb..754b443c22 100644
--- a/cpp/src/qpid/broker/SecureConnectionFactory.cpp
+++ b/cpp/src/qpid/broker/SecureConnectionFactory.cpp
@@ -23,12 +23,14 @@
#include "qpid/amqp_0_10/Connection.h"
#include "qpid/broker/Connection.h"
#include "qpid/broker/SecureConnection.h"
+#include "qpid/sys/SecuritySettings.h"
#include "qpid/log/Statement.h"
namespace qpid {
namespace broker {
using framing::ProtocolVersion;
+using qpid::sys::SecuritySettings;
typedef std::auto_ptr<amqp_0_10::Connection> CodecPtr;
typedef std::auto_ptr<SecureConnection> SecureConnectionPtr;
typedef std::auto_ptr<Connection> ConnectionPtr;
@@ -38,7 +40,7 @@ SecureConnectionFactory::SecureConnectionFactory(Broker& b) : broker(b) {}
sys::ConnectionCodec*
SecureConnectionFactory::create(ProtocolVersion v, sys::OutputControl& out, const std::string& id,
- unsigned int conn_ssf ) {
+ const SecuritySettings& external) {
if (broker.getConnectionCounter().allowConnection())
{
QPID_LOG(error, "Client max connection count limit exceeded: " << broker.getOptions().maxConnections << " connection refused");
@@ -47,7 +49,7 @@ SecureConnectionFactory::create(ProtocolVersion v, sys::OutputControl& out, cons
if (v == ProtocolVersion(0, 10)) {
SecureConnectionPtr sc(new SecureConnection());
CodecPtr c(new amqp_0_10::Connection(out, id, false));
- ConnectionPtr i(new broker::Connection(c.get(), broker, id, conn_ssf, false));
+ ConnectionPtr i(new broker::Connection(c.get(), broker, id, external, false));
i->setSecureConnection(sc.get());
c->setInputHandler(InputPtr(i.release()));
sc->setCodec(std::auto_ptr<sys::ConnectionCodec>(c));
@@ -58,11 +60,11 @@ SecureConnectionFactory::create(ProtocolVersion v, sys::OutputControl& out, cons
sys::ConnectionCodec*
SecureConnectionFactory::create(sys::OutputControl& out, const std::string& id,
- unsigned int conn_ssf) {
+ const SecuritySettings& external) {
// used to create connections from one broker to another
SecureConnectionPtr sc(new SecureConnection());
CodecPtr c(new amqp_0_10::Connection(out, id, true));
- ConnectionPtr i(new broker::Connection(c.get(), broker, id, conn_ssf, true ));
+ ConnectionPtr i(new broker::Connection(c.get(), broker, id, external, true ));
i->setSecureConnection(sc.get());
c->setInputHandler(InputPtr(i.release()));
sc->setCodec(std::auto_ptr<sys::ConnectionCodec>(c));
diff --git a/cpp/src/qpid/broker/SecureConnectionFactory.h b/cpp/src/qpid/broker/SecureConnectionFactory.h
index b1af6d4a0f..8a04dfcb15 100644
--- a/cpp/src/qpid/broker/SecureConnectionFactory.h
+++ b/cpp/src/qpid/broker/SecureConnectionFactory.h
@@ -34,11 +34,10 @@ class SecureConnectionFactory : public sys::ConnectionCodec::Factory
sys::ConnectionCodec*
create(framing::ProtocolVersion, sys::OutputControl&, const std::string& id,
- unsigned int conn_ssf);
+ const qpid::sys::SecuritySettings&);
sys::ConnectionCodec*
- create(sys::OutputControl&, const std::string& id,
- unsigned int conn_ssf);
+ create(sys::OutputControl&, const std::string& id, const qpid::sys::SecuritySettings&);
private:
Broker& broker;
View Lorry Controller Status