From bcb149706cdace4a333a811969e473451d9ab331 Mon Sep 17 00:00:00 2001
From: Michael Goulish <mgoulish@apache.org>
Date: Wed, 20 Oct 2010 08:03:36 +0000
Subject: SASLizing Interbroker Links
 -------------------------------------------------------------

1. Brokers already knew how to handle the server side of SASLized
   links, but not the client side.  So we promoted the client-side
   SASL code from the client library to the common library so that
   the broker could also use it.  This affected SaslFactory.{h,cpp}
   and Sasl.h
   TODO -- can the server-side and client-side code be unified here?

2. Some of the SASL verbs in broker/ConnectionHandler.cpp are
   expanded: start, secure, tune.

3. broker/SecureConnection is altered to get the client-broker and
   the server-broker to agree on when the security layer should be
   inserted.

4. the python tool qpid-route is modified so that, in the "route add"
   command, you can specify the security mechanism for SASL to use.
   TODO -- should we also pass in {min,max}SSF ?

5. Changes in broker/LinkRegistry to allow the information input by
   qpid-route to be passed up to where it is needed.

6. A bash script test run by "make check" that creates a SASLized
   federation link and sends some messages down it.
   TODO - write a python unit test instead of a bash script.  I
          think I uncovered a bug in the python code when I tried.

7. NOTE - testing for this feature does not work with versions of
   SASL earlier than 2.1.22, becuase I can't tell SASL to use a
   SASL database file in a nonstandard location.  The test is
   disabled for earlier versions.




git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1024541 13f79535-47bb-0310-9956-ffa450edef68
---
 tools/src/py/qpid-route | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

(limited to 'tools/src')

diff --git a/tools/src/py/qpid-route b/tools/src/py/qpid-route
index be6bdf958c..0b5069a277 100755
--- a/tools/src/py/qpid-route
+++ b/tools/src/py/qpid-route
@@ -30,7 +30,7 @@ def Usage(short=False):
     print "Usage:  qpid-route [OPTIONS] dynamic add <dest-broker> <src-broker> <exchange> [tag] [exclude-list]"
     print "        qpid-route [OPTIONS] dynamic del <dest-broker> <src-broker> <exchange>"
     print
-    print "        qpid-route [OPTIONS] route add   <dest-broker> <src-broker> <exchange> <routing-key> [tag] [exclude-list]"
+    print "        qpid-route [OPTIONS] route add   <dest-broker> <src-broker> <exchange> <routing-key> [tag] [exclude-list] [mechanism]"
     print "        qpid-route [OPTIONS] route del   <dest-broker> <src-broker> <exchange> <routing-key>"
     print "        qpid-route [OPTIONS] queue add   <dest-broker> <src-broker> <exchange> <queue>"
     print "        qpid-route [OPTIONS] queue del   <dest-broker> <src-broker> <exchange> <queue>"
@@ -98,7 +98,7 @@ class RouteManager:
                 return link
         return None
 
-    def addLink(self, remoteBroker):
+    def addLink(self, remoteBroker, mech="PLAIN"):
         self.remote = BrokerURL(remoteBroker)
         if self.local.match(self.remote.host, self.remote.port):
             raise Exception("Linking broker to itself is not permitted")
@@ -107,10 +107,6 @@ class RouteManager:
         broker = brokers[0]
         link = self.getLink()
         if link == None:
-            if not self.remote.authName or self.remote.authName == "anonymous":
-                mech = "ANONYMOUS"
-            else:
-                mech = "PLAIN"
             res = broker.connect(self.remote.host, self.remote.port, _durable,
                                  mech, self.remote.authName or "", self.remote.authPass or "",
                                  _transport)
@@ -231,11 +227,11 @@ class RouteManager:
             if b[0] != self.local.name():
                 self.qmf.delBroker(b[1])
 
-    def addRoute(self, remoteBroker, exchange, routingKey, tag, excludes, dynamic=False):
+    def addRoute(self, remoteBroker, exchange, routingKey, tag, excludes, mech="PLAIN", dynamic=False):
         if dynamic and _srclocal:
             raise Exception("--src-local is not permitted on dynamic routes")
 
-        self.addLink(remoteBroker)
+        self.addLink(remoteBroker, mech)
         link = self.getLink()
         if link == None:
             raise Exception("Link failed to create")
@@ -494,9 +490,10 @@ try:
 
             tag = ""
             excludes = ""
+            mech = "PLAIN"
             if nargs > 5: tag = cargs[5]     
             if nargs > 6: excludes = cargs[6]     
-            rm.addRoute(remoteBroker, cargs[4], "", tag, excludes, dynamic=True)
+            rm.addRoute(remoteBroker, cargs[4], "", tag, excludes, mech, dynamic=True)
         elif cmd == "del":
             if nargs != 5:
                 Usage()
@@ -505,14 +502,16 @@ try:
 
     elif group == "route":
         if cmd == "add":
-            if nargs < 6 or nargs > 8:
+            if nargs < 6 or nargs > 9:
                 Usage()
 
             tag = ""
             excludes = ""
+            mech = "PLAIN"
             if nargs > 6: tag = cargs[6]     
             if nargs > 7: excludes = cargs[7]
-            rm.addRoute(remoteBroker, cargs[4], cargs[5], tag, excludes, dynamic=False)
+            if nargs > 8: mech = cargs[8]
+            rm.addRoute(remoteBroker, cargs[4], cargs[5], tag, excludes, mech, dynamic=False)
         elif cmd == "del":
             if nargs != 6:
                 Usage()
-- 
cgit v1.2.1