From 3f6e6e7dd760661b572256f778ff523c3db8ecba Mon Sep 17 00:00:00 2001
From: Michael Goulish <mgoulish@apache.org>
Date: Thu, 16 Dec 2010 21:10:38 +0000
Subject: In broker::ConectionHandler, use the security settings, if any,
 provided by the transport layer when starting SASL. This allows the SASL
 mechanism EXTERNAL to be satisfied with SSL transport security. The test,
 sasl_fed_ex, uses this SASL/SSL security on a federated link between two
 brokers.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1050162 13f79535-47bb-0310-9956-ffa450edef68
---
 cpp/src/qpid/broker/ConnectionHandler.cpp | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

(limited to 'cpp/src/qpid/broker/ConnectionHandler.cpp')

diff --git a/cpp/src/qpid/broker/ConnectionHandler.cpp b/cpp/src/qpid/broker/ConnectionHandler.cpp
index 9843c16326..3f97e5b9de 100644
--- a/cpp/src/qpid/broker/ConnectionHandler.cpp
+++ b/cpp/src/qpid/broker/ConnectionHandler.cpp
@@ -239,9 +239,9 @@ void ConnectionHandler::Handler::start(const FieldTable& serverProperties,
                                        const framing::Array& /*locales*/)
 {
     string requestedMechanism = connection.getAuthMechanism();
-    string response  = connection.getAuthCredentials();
 
     std::string username = connection.getUsername();
+
     std::string password = connection.getPassword();
     std::string host     = connection.getHost();
     std::string service("qpidd");
@@ -298,19 +298,17 @@ void ConnectionHandler::Handler::start(const FieldTable& serverProperties,
     ft.setInt(QPID_FED_LINK,1);
     ft.setString(QPID_FED_TAG, connection.getBroker().getFederationTag());
 
+    string response;
     if (sasl.get()) {
-        string response =
-            sasl->start ( requestedMechanism.empty()
-                              ? supportedMechanismsList
-                              : requestedMechanism,
-                          getSecuritySettings 
-                              ? getSecuritySettings()
-                              : 0
-                        );
+        const qpid::sys::SecuritySettings& ss = connection.getExternalSecuritySettings();
+        response = sasl->start ( requestedMechanism.empty()
+                                 ? supportedMechanismsList
+                                 : requestedMechanism,
+                                 & ss );
         proxy.startOk ( ft, sasl->getMechanism(), response, en_US );
     }
     else {
-        string response = ((char)0) + username + ((char)0) + password;
+        response = ((char)0) + username + ((char)0) + password;
         proxy.startOk ( ft, requestedMechanism, response, en_US );
     }
 
-- 
cgit v1.2.1