qpid-proton git commit: PROTON-1884: [c] example broker does not configure SASL correctly

[ac...@apache.org]

Repository: qpid-proton
Updated Branches:
  refs/heads/master 252451f0a -> adefd01f3


PROTON-1884: [c] example broker does not configure SASL correctly

To configure server-side SASL the application must call
pn_transport_set_server() before pn_sasl(). The pn_proactor_accept2() function
calls set_server automatically but it is too late for SASL config.

Fixed example broker and clarified the API docs.


Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/adefd01f
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/adefd01f
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/adefd01f

Branch: refs/heads/master
Commit: adefd01f394b33be056dc822c60439ef5d775c6c
Parents: 252451f
Author: Alan Conway <ac...@redhat.com>
Authored: Wed Jul 11 13:32:20 2018 -0400
Committer: Alan Conway <ac...@redhat.com>
Committed: Wed Jul 11 13:32:20 2018 -0400

----------------------------------------------------------------------
 c/examples/broker.c         | 2 +-
 c/include/proton/listener.h | 5 +++++
 c/include/proton/sasl.h     | 3 +++
 3 files changed, 9 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/adefd01f/c/examples/broker.c
----------------------------------------------------------------------
diff --git a/c/examples/broker.c b/c/examples/broker.c
index d2591df..69dc536 100644
--- a/c/examples/broker.c
+++ b/c/examples/broker.c
@@ -298,7 +298,7 @@ static void handle(broker_t* b, pn_event_t* e) {
    case PN_LISTENER_ACCEPT: {
     /* Configure a transport to allow SSL and SASL connections. See ssl_domain setup in main() */
      pn_transport_t *t = pn_transport();
-     pn_transport_require_auth(t, false);
+     pn_transport_set_server(t); /* Must call before pn_sasl() */
      pn_sasl_allowed_mechs(pn_sasl(t), "ANONYMOUS");
      if (b->ssl_domain) {
        pn_ssl_init(pn_ssl(t), b->ssl_domain, NULL);

http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/adefd01f/c/include/proton/listener.h
----------------------------------------------------------------------
diff --git a/c/include/proton/listener.h b/c/include/proton/listener.h
index 72f62c3..bcac451 100644
--- a/c/include/proton/listener.h
+++ b/c/include/proton/listener.h
@@ -63,6 +63,11 @@ PNP_EXTERN void pn_listener_free(pn_listener_t *l);
  *
  * Errors are returned as @ref PN_TRANSPORT_CLOSED events by pn_proactor_wait().
  *
+ * @note If you provide a transport, pn_listener_accept2() will call
+ * pn_transport_set_server() to mark it as a server. However if you use
+ * pn_sasl() you *must* call call pn_transport_set_server() yourself *before*
+ * calling pn_sasl() to set up a server SASL configuration.
+ *
  * @param[in] listener the listener
  * @param[in] connection If NULL a new connection is created.
  * Memory management is the same as for pn_proactor_connect2()

http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/adefd01f/c/include/proton/sasl.h
----------------------------------------------------------------------
diff --git a/c/include/proton/sasl.h b/c/include/proton/sasl.h
index 3cd00d9..a058ded 100644
--- a/c/include/proton/sasl.h
+++ b/c/include/proton/sasl.h
@@ -69,6 +69,9 @@ typedef enum {
  * On the client side of an AMQP connection this will have the effect
  * of ensuring that the AMQP SASL layer is used for that connection.
  *
+ * @note For incoming connections you must call pn_transport_set_server()
+ * before pn_sasl() in order to set up a server SASL configuration.
+ *
  * @return an object representing the SASL layer.
  */
 PN_EXTERN pn_sasl_t *pn_sasl(pn_transport_t *transport);


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org