From f5e41be93bec9b5556a65292516db07ff845f7d4 Mon Sep 17 00:00:00 2001 From: Gordon Sim Date: Fri, 5 Mar 2010 16:51:22 +0000 Subject: QPID-2412: Support for EXTERNAL mechanism on client-authenticated SSL connections. On SSL connection where the clients certificate is authenticated (requires the --ssl-require-client-authentication option at present), the clients identity will be taken from that certificate (it will be the CN with any DCs present appended as the domain, e.g. CN=bob,DC=acme,DC=com would result in an identity of bob@acme.com). This will enable the EXTERNAL mechanism when cyrus sasl is in use. The client can still negotiate their desired mechanism. There is a new option on the ssl module (--ssl-sasl-no-dict) that allows the options on ssl connections to be restricted to those that are not vulnerable to dictionary attacks (EXTERNAL being the primary example). git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@919487 13f79535-47bb-0310-9956-ffa450edef68 --- cpp/src/qpid/client/windows/SaslFactory.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'cpp/src/qpid/client/windows/SaslFactory.cpp') diff --git a/cpp/src/qpid/client/windows/SaslFactory.cpp b/cpp/src/qpid/client/windows/SaslFactory.cpp index 87df187ab2..40c112f534 100644 --- a/cpp/src/qpid/client/windows/SaslFactory.cpp +++ b/cpp/src/qpid/client/windows/SaslFactory.cpp @@ -25,6 +25,7 @@ #include "qpid/Exception.h" #include "qpid/framing/reply_exceptions.h" #include "qpid/sys/SecurityLayer.h" +#include "qpid/sys/SecuritySettings.h" #include "qpid/log/Statement.h" #include "boost/tokenizer.hpp" @@ -33,6 +34,7 @@ namespace qpid { namespace client { using qpid::sys::SecurityLayer; +using qpid::sys::SecuritySettings; using qpid::framing::InternalErrorException; class WindowsSasl : public Sasl @@ -40,7 +42,7 @@ class WindowsSasl : public Sasl public: WindowsSasl(const ConnectionSettings&); ~WindowsSasl(); - std::string start(const std::string& mechanisms, unsigned int ssf); + std::string start(const std::string& mechanisms, const SecuritySettings* externalSettings); std::string step(const std::string& challenge); std::string getMechanism(); std::string getUserId(); @@ -91,7 +93,7 @@ WindowsSasl::~WindowsSasl() } std::string WindowsSasl::start(const std::string& mechanisms, - unsigned int /*ssf*/) + const SecuritySettings* /*externalSettings*/) { QPID_LOG(debug, "WindowsSasl::start(" << mechanisms << ")"); -- cgit v1.2.1