diff options
Diffstat (limited to 'qpid/python')
| -rw-r--r-- | qpid/python/qpid/saslmech/amqplain.py | 5 | ||||
| -rw-r--r-- | qpid/python/qpid/saslmech/anonymous.py | 6 | ||||
| -rw-r--r-- | qpid/python/qpid/saslmech/cram_md5.py | 5 | ||||
| -rw-r--r-- | qpid/python/qpid/saslmech/cram_md5_hex.py | 3 | ||||
| -rw-r--r-- | qpid/python/qpid/saslmech/external.py | 6 | ||||
| -rw-r--r-- | qpid/python/qpid/saslmech/finder.py | 7 | ||||
| -rw-r--r-- | qpid/python/qpid/saslmech/plain.py | 5 | ||||
| -rw-r--r-- | qpid/python/qpid/saslmech/sasl.py | 5 | ||||
| -rw-r--r-- | qpid/python/qpid/saslmech/scram.py | 3 | ||||
| -rw-r--r-- | qpid/python/qpid/tests/saslmech/finder.py | 9 | ||||
| -rw-r--r-- | qpid/python/qpid/tests/saslmech/my_sasl2.py | 5 |
11 files changed, 35 insertions, 24 deletions
diff --git a/qpid/python/qpid/saslmech/amqplain.py b/qpid/python/qpid/saslmech/amqplain.py index d31997eefd..731f6b6628 100644 --- a/qpid/python/qpid/saslmech/amqplain.py +++ b/qpid/python/qpid/saslmech/amqplain.py @@ -17,14 +17,11 @@ # under the License. # -from sasl import Sasl, SaslException +from sasl import Sasl class AMQPLAIN(Sasl): def initialResponse(self): - if (self.user is None or self.password is None): - raise SaslException("User and password must be specified") - return {"LOGIN": self.user, "PASSWORD": self.password} def priority(self): diff --git a/qpid/python/qpid/saslmech/anonymous.py b/qpid/python/qpid/saslmech/anonymous.py index ea3e51dfba..8f3fa1434e 100644 --- a/qpid/python/qpid/saslmech/anonymous.py +++ b/qpid/python/qpid/saslmech/anonymous.py @@ -19,5 +19,9 @@ from sasl import Sasl -class ANONYMOUS(Sasl): pass +class ANONYMOUS(Sasl): + + def prerequistesOk(self): + return True + diff --git a/qpid/python/qpid/saslmech/cram_md5.py b/qpid/python/qpid/saslmech/cram_md5.py index c2eb8078a0..a351f43838 100644 --- a/qpid/python/qpid/saslmech/cram_md5.py +++ b/qpid/python/qpid/saslmech/cram_md5.py @@ -17,14 +17,11 @@ # under the License. # -from sasl import Sasl, SaslException +from sasl import Sasl from hmac import HMAC class CRAM_MD5(Sasl): def response(self, challenge): - if (self.user is None or self.password is None): - raise SaslException("User and password must be specified") - digest = HMAC( self.password, challenge).hexdigest() return "%s %s" % (self.user, digest) diff --git a/qpid/python/qpid/saslmech/cram_md5_hex.py b/qpid/python/qpid/saslmech/cram_md5_hex.py index 39342060da..03463db083 100644 --- a/qpid/python/qpid/saslmech/cram_md5_hex.py +++ b/qpid/python/qpid/saslmech/cram_md5_hex.py @@ -24,9 +24,6 @@ from hashlib import md5 class CRAM_MD5_HEX(Sasl): def response(self, challenge): - if (self.user is None or self.password is None): - raise SaslException("User and password must be specified") - m = md5() m.update(self.password) digest = HMAC( m.hexdigest(), challenge).hexdigest() diff --git a/qpid/python/qpid/saslmech/external.py b/qpid/python/qpid/saslmech/external.py index 7b701f539d..00c6aba491 100644 --- a/qpid/python/qpid/saslmech/external.py +++ b/qpid/python/qpid/saslmech/external.py @@ -20,4 +20,8 @@ from sasl import Sasl -class EXTERNAL(Sasl): pass
\ No newline at end of file +class EXTERNAL(Sasl): + """Sasl mechanism used when SSL with client-auth is in use""" + + def prerequistesOk(self): + return True diff --git a/qpid/python/qpid/saslmech/finder.py b/qpid/python/qpid/saslmech/finder.py index 15a8721f81..eab0250942 100644 --- a/qpid/python/qpid/saslmech/finder.py +++ b/qpid/python/qpid/saslmech/finder.py @@ -37,9 +37,12 @@ def get_sasl_mechanism(mechanismNames, username, password, namespace="qpid.saslm clazz = _get_class(canonicalName) log.debug("Found SASL implementation") instance = clazz(username, password, mechanismName, sasl_options) - instances.append(instance) + if (instance.prerequistesOk()): + instances.append(instance) + else: + log.debug("SASL mechanism %s unavailable as the prerequistes for this mechanism have not been met", mechanismName) except (ImportError, AttributeError), e: - # Unknown mechanism - this is normal if the server supports m + # Unknown mechanism - this is normal if the server supports mechanism that the client does not log.debug("Could not load implementation for %s", canonicalName) pass diff --git a/qpid/python/qpid/saslmech/plain.py b/qpid/python/qpid/saslmech/plain.py index aa883e5460..8e6fb74f33 100644 --- a/qpid/python/qpid/saslmech/plain.py +++ b/qpid/python/qpid/saslmech/plain.py @@ -17,14 +17,11 @@ # under the License. # -from sasl import Sasl, SaslException +from sasl import Sasl class PLAIN(Sasl): def initialResponse(self): - if (self.user is None or self.password is None): - raise SaslException("User and password must be specified") - return "\x00" + self.user + "\x00" + self.password def priority(self): diff --git a/qpid/python/qpid/saslmech/sasl.py b/qpid/python/qpid/saslmech/sasl.py index f6b7f04fb0..63ba36f8ad 100644 --- a/qpid/python/qpid/saslmech/sasl.py +++ b/qpid/python/qpid/saslmech/sasl.py @@ -27,6 +27,9 @@ class Sasl: self.name = name self.sasl_options = sasl_options + def prerequistesOk(self): + return self.user is not None and self.password is not None + def initialResponse(self): return @@ -38,4 +41,4 @@ class Sasl: return 1 def mechanismName(self): - return self.name
\ No newline at end of file + return self.name diff --git a/qpid/python/qpid/saslmech/scram.py b/qpid/python/qpid/saslmech/scram.py index d12f8c8fa5..11a2d2fbe4 100644 --- a/qpid/python/qpid/saslmech/scram.py +++ b/qpid/python/qpid/saslmech/scram.py @@ -32,9 +32,6 @@ class SCRAM_base(Sasl): self.server_signature = None def initialResponse(self): - if (self.user is None or self.password is None): - raise SaslException("User and password must be specified") - name = self.user.replace("=","=3D").replace(",","=2C") self.client_first_message = "n=" + name + ",r=" + self.client_nonce return "n,," + self.client_first_message diff --git a/qpid/python/qpid/tests/saslmech/finder.py b/qpid/python/qpid/tests/saslmech/finder.py index d9092654bc..3ad5e727ba 100644 --- a/qpid/python/qpid/tests/saslmech/finder.py +++ b/qpid/python/qpid/tests/saslmech/finder.py @@ -51,6 +51,15 @@ class SaslFinderTests (TestCase): self.assertTrue(isinstance(mech, MY_SASL), "Mechanism %s is of unexpected type" % mech) + def test_sasl_mechanism_fallback_without_credentials(self): + + # MY-SASL requires username/password, MY-SASL2 does not + supportedMechs = ["MY-SASL", "MY-SASL2"] + + mech = get_sasl_mechanism(supportedMechs, None, None, namespace="qpid.tests.saslmech") + + self.assertTrue(isinstance(mech, MY_SASL2), "Mechanism %s is of unexpected type" % mech) + def test_sasl_mechansim_options(self): supportedMechs = ["MY-SASL"] diff --git a/qpid/python/qpid/tests/saslmech/my_sasl2.py b/qpid/python/qpid/tests/saslmech/my_sasl2.py index f481a615e7..c03dcbf2ca 100644 --- a/qpid/python/qpid/tests/saslmech/my_sasl2.py +++ b/qpid/python/qpid/tests/saslmech/my_sasl2.py @@ -22,4 +22,7 @@ from qpid.saslmech.sasl import Sasl class MY_SASL2(Sasl): def priority(self): - return 0
\ No newline at end of file + return 0 + + def prerequistesOk(self): + return True |