openstack/oslo.messaging
Code Issues Proposed changes

Disable ACL if authentication cannot be performed.

Browse Source 
If the version of qpidd does not support setting the SASL service name
as required by AMQP 1.0, then authentication is not possible.

Change-Id: I74f2bb094fc0dbae0525ba535a60fe80661e89f2
Closes-Bug: #1496573
This commit is contained in:
Kenneth Giusti 2015-09-16 16:33:58 -04:00
parent bff2c802cf
commit 8cbf3c170d
1 changed files with 12 additions and 1 deletions

13
setup-test-env-qpid.sh

@ -44,7 +44,6 @@ fi
cat > ${DATADIR}/qpidd.conf <<EOF cat > ${DATADIR}/qpidd.conf <<EOF
port=65123 port=65123
acl-file=${DATADIR}/qpidd.acl
sasl-config=${DATADIR}/sasl2 sasl-config=${DATADIR}/sasl2
${LIBACL} ${LIBACL}
mgmt-enable=yes mgmt-enable=yes
@ -63,6 +62,7 @@ EOF
else else
cat >> ${DATADIR}/qpidd.conf <<EOF cat >> ${DATADIR}/qpidd.conf <<EOF
auth=yes auth=yes
acl-file=${DATADIR}/qpidd.acl
EOF EOF
fi fi
@ -92,8 +92,19 @@ cat > ${DATADIR}/sasl2/qpidd.conf <<EOF
pwcheck_method: auxprop pwcheck_method: auxprop
auxprop_plugin: sasldb auxprop_plugin: sasldb
sasldb_path: ${DATADIR}/qpidd.sasldb sasldb_path: ${DATADIR}/qpidd.sasldb
EOF
# TODO(kgiusti): we can remove "ANONYMOUS" once proton 0.10.1+ is released:
# https://issues.apache.org/jira/browse/PROTON-974
if [ $PROTOCOL == "1" ]; then
cat >> ${DATADIR}/sasl2/qpidd.conf <<EOF
mech_list: PLAIN ANONYMOUS
EOF
else
cat >> ${DATADIR}/sasl2/qpidd.conf <<EOF
mech_list: PLAIN mech_list: PLAIN
EOF EOF
fi
echo secretqpid | saslpasswd2 -c -p -f ${DATADIR}/qpidd.sasldb -u QPID stackqpid echo secretqpid | saslpasswd2 -c -p -f ${DATADIR}/qpidd.sasldb -u QPID stackqpid