From 7f0c95b0e94c964a92c77c7c8c59035ffff35f34 Mon Sep 17 00:00:00 2001 From: Gordon Sim Date: Fri, 9 May 2008 18:09:43 +0000 Subject: QPID-648: Patch from Matt Farrellee - support for realms - updates to packaging to create a default db and the necessary conf files for plain and anon git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@654902 13f79535-47bb-0310-9956-ffa450edef68 --- cpp/src/qpid/broker/SaslAuthenticator.cpp | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'cpp/src/qpid/broker/SaslAuthenticator.cpp') diff --git a/cpp/src/qpid/broker/SaslAuthenticator.cpp b/cpp/src/qpid/broker/SaslAuthenticator.cpp index 56718502f1..d48b258ba2 100644 --- a/cpp/src/qpid/broker/SaslAuthenticator.cpp +++ b/cpp/src/qpid/broker/SaslAuthenticator.cpp @@ -109,8 +109,26 @@ CyrusAuthenticator::CyrusAuthenticator(Connection& c) : sasl_conn(0), connection void CyrusAuthenticator::init() { - int code = sasl_server_new(BROKER_SASL_NAME, - NULL, NULL, NULL, NULL, NULL, 0, + /* Next to the service name, which specifies the + * /etc/sasl2/.conf file to read, the realm is + * currently the most important argument below. When + * performing authentication the user that is authenticating + * will be looked up in a specific realm. If none is given + * then the realm defaults to the hostname, which can cause + * confusion when the daemon is run on different hosts that + * may be logically sharing a realm (aka a user domain). This + * is especially important for SASL PLAIN authentication, + * which cannot specify a realm for the user that is + * authenticating. + */ + const char *realm = connection.getBroker().getOptions().realm.c_str(); + int code = sasl_server_new(BROKER_SASL_NAME, /* Service name */ + NULL, /* Server FQDN, gethostname() */ + realm, /* Authentication realm */ + NULL, /* Local IP, needed for some mechanism */ + NULL, /* Remote IP, needed for some mechanism */ + NULL, /* Callbacks */ + 0, /* Connection flags */ &sasl_conn); if (SASL_OK != code) { -- cgit v1.2.1