You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ac...@apache.org on 2018/03/15 23:08:56 UTC
[2/3] qpid-proton git commit: NO-JIRA: [ruby] Move SASL container
tests to a separate file
NO-JIRA: [ruby] Move SASL container tests to a separate file
Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/246fa19a
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/246fa19a
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/246fa19a
Branch: refs/heads/master
Commit: 246fa19a1a26a1039d043b48389ed9b3ea80a736
Parents: 26138b7
Author: Alan Conway <ac...@redhat.com>
Authored: Thu Mar 15 17:56:31 2018 -0400
Committer: Alan Conway <ac...@redhat.com>
Committed: Thu Mar 15 19:08:27 2018 -0400
----------------------------------------------------------------------
proton-c/bindings/ruby/lib/core/listener.rb | 3 +
proton-c/bindings/ruby/tests/test_container.rb | 102 --------------
.../bindings/ruby/tests/test_container_sasl.rb | 133 +++++++++++++++++++
3 files changed, 136 insertions(+), 102 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/246fa19a/proton-c/bindings/ruby/lib/core/listener.rb
----------------------------------------------------------------------
diff --git a/proton-c/bindings/ruby/lib/core/listener.rb b/proton-c/bindings/ruby/lib/core/listener.rb
index e69e88a..f5ff9e5 100644
--- a/proton-c/bindings/ruby/lib/core/listener.rb
+++ b/proton-c/bindings/ruby/lib/core/listener.rb
@@ -72,6 +72,9 @@ module Qpid::Proton
# Get the {IO} server socket used by the listener
def to_io() @io; end
+ # Get the IP port used by the listener
+ def port() to_io.addr[1]; end
+
private # Called by {Container}
def initialize(io, handler, container)
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/246fa19a/proton-c/bindings/ruby/tests/test_container.rb
----------------------------------------------------------------------
diff --git a/proton-c/bindings/ruby/tests/test_container.rb b/proton-c/bindings/ruby/tests/test_container.rb
index 8df3755..5fece3b 100644
--- a/proton-c/bindings/ruby/tests/test_container.rb
+++ b/proton-c/bindings/ruby/tests/test_container.rb
@@ -215,105 +215,3 @@ class ContainerTest < MiniTest::Test
end
-class ContainerSASLTest < MiniTest::Test
- include Qpid::Proton
-
- # Handler for test client/server that sets up server and client SASL options
- class SASLHandler < TestHandler
-
- def initialize(url="amqp://", opts=nil)
- super()
- @url, @opts = url, opts
- end
-
- def on_container_start(container)
- @client = container.connect("#{@url}:#{container.port}", @opts)
- end
-
- attr_reader :auth_user
-
- def on_connection_open(connection)
- super
- if connection == @client
- connection.close
- else
- @auth_user = connection.user
- end
- end
- end
-
- # Generate SASL server configuration files and database, initialize proton SASL
- class SASLConfig
- include Qpid::Proton
- attr_reader :conf_dir, :conf_file, :conf_name, :database
-
- def initialize()
- if SASL.extended? # Configure cyrus SASL
- @conf_dir = File.expand_path('sasl_conf')
- @conf_name = "proton-server"
- @database = File.join(@conf_dir, "proton.sasldb")
- @conf_file = File.join(conf_dir,"#{@conf_name}.conf")
- Dir::mkdir(@conf_dir) unless File.directory?(@conf_dir)
- # Same user name in different realms
- make_user("user", "password", "proton") # proton realm
- make_user("user", "default_password") # Default realm
- File.open(@conf_file, 'w') do |f|
- f.write("
-sasldb_path: #{database}
-mech_list: EXTERNAL DIGEST-MD5 SCRAM-SHA-1 CRAM-MD5 PLAIN ANONYMOUS
- ")
- end
- # Tell proton library to use the new configuration
- SASL.config_path = conf_dir
- SASL.config_name = conf_name
- end
- end
-
- private
-
- SASLPASSWD = (ENV['SASLPASSWD'] or 'saslpasswd2')
-
- def make_user(user, password, realm=nil)
- realm_opt = (realm ? "-u #{realm}" : "")
- cmd = "echo '#{password}' | #{SASLPASSWD} -c -p -f #{database} #{realm_opt} #{user}"
- system(cmd) or raise RuntimeError.new("saslpasswd2 failed: #{makepw_cmd}")
- end
- DEFAULT = SASLConfig.new
- end
-
- def test_sasl_anonymous()
- s = SASLHandler.new("amqp://", {:sasl_allowed_mechs => "ANONYMOUS"})
- TestContainer.new(s, {:sasl_allowed_mechs => "ANONYMOUS"}, __method__).run
- assert_equal "anonymous", s.connections[0].user
- end
-
- def test_sasl_plain_url()
- skip unless SASL.extended?
- # Use default realm with URL, should authenticate with "default_password"
- opts = {:sasl_allowed_mechs => "PLAIN", :sasl_allow_insecure_mechs => true}
- s = SASLHandler.new("amqp://user:default_password@", opts)
- TestContainer.new(s, opts, __method__).run
- assert_equal(2, s.connections.size)
- assert_equal("user", s.auth_user)
- end
-
- def test_sasl_plain_options()
- skip unless SASL.extended?
- # Use default realm with connection options, should authenticate with "default_password"
- opts = {:sasl_allowed_mechs => "PLAIN",:sasl_allow_insecure_mechs => true,
- :user => 'user', :password => 'default_password' }
- s = SASLHandler.new("amqp://", opts)
- TestContainer.new(s, {:sasl_allowed_mechs => "PLAIN",:sasl_allow_insecure_mechs => true}, __method__).run
- assert_equal(2, s.connections.size)
- assert_equal("user", s.auth_user)
- end
-
- # Ensure we don't allow PLAIN if allow_insecure_mechs = true is not explicitly set
- def test_disallow_insecure()
- # Don't set allow_insecure_mechs, but try to use PLAIN
- s = SASLHandler.new("amqp://user:password@", {:sasl_allowed_mechs => "PLAIN", :sasl_allow_insecure_mechs => true})
- e = assert_raises(TestError) { TestContainer.new(s, {:sasl_allowed_mechs => "PLAIN"}, __method__).run }
- assert_match(/amqp:unauthorized-access.*Authentication failed/, e.to_s)
- end
-end
-
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/246fa19a/proton-c/bindings/ruby/tests/test_container_sasl.rb
----------------------------------------------------------------------
diff --git a/proton-c/bindings/ruby/tests/test_container_sasl.rb b/proton-c/bindings/ruby/tests/test_container_sasl.rb
new file mode 100644
index 0000000..8888c1b
--- /dev/null
+++ b/proton-c/bindings/ruby/tests/test_container_sasl.rb
@@ -0,0 +1,133 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+
+require 'test_tools'
+require 'minitest/unit'
+require 'socket'
+
+# Container that listens on a random port
+class TestContainer < Qpid::Proton::Container
+
+ def initialize(handler, listener_opts, id)
+ super handler, id
+ @listener = listen_io(TCPServer.open(0), ListenOnceHandler.new(listener_opts))
+ end
+ attr_reader :listener
+end
+
+class ContainerSASLTest < MiniTest::Test
+ include Qpid::Proton
+
+ # Handler for test client/server that sets up server and client SASL options
+ class SASLHandler < TestHandler
+
+ def initialize(url="amqp://", opts=nil)
+ super()
+ @url, @opts = url, opts
+ end
+
+ def on_container_start(container)
+ @client = container.connect("#{@url}:#{container.listener.port}", @opts)
+ end
+
+ attr_reader :auth_user
+
+ def on_connection_open(connection)
+ super
+ if connection == @client
+ connection.close
+ else
+ @auth_user = connection.user
+ end
+ end
+ end
+
+ # Generate SASL server configuration files and database, initialize proton SASL
+ class SASLConfig
+ include Qpid::Proton
+ attr_reader :conf_dir, :conf_file, :conf_name, :database
+
+ def initialize()
+ if SASL.extended? # Configure cyrus SASL
+ @conf_dir = File.expand_path('sasl_conf')
+ @conf_name = "proton-server"
+ @database = File.join(@conf_dir, "proton.sasldb")
+ @conf_file = File.join(conf_dir,"#{@conf_name}.conf")
+ Dir::mkdir(@conf_dir) unless File.directory?(@conf_dir)
+ # Same user name in different realms
+ make_user("user", "password", "proton") # proton realm
+ make_user("user", "default_password") # Default realm
+ File.open(@conf_file, 'w') do |f|
+ f.write("
+sasldb_path: #{database}
+mech_list: EXTERNAL DIGEST-MD5 SCRAM-SHA-1 CRAM-MD5 PLAIN ANONYMOUS
+ ")
+ end
+ # Tell proton library to use the new configuration
+ SASL.config_path = conf_dir
+ SASL.config_name = conf_name
+ end
+ end
+
+ private
+
+ SASLPASSWD = (ENV['SASLPASSWD'] or 'saslpasswd2')
+
+ def make_user(user, password, realm=nil)
+ realm_opt = (realm ? "-u #{realm}" : "")
+ cmd = "echo '#{password}' | #{SASLPASSWD} -c -p -f #{database} #{realm_opt} #{user}"
+ system(cmd) or raise RuntimeError.new("saslpasswd2 failed: #{makepw_cmd}")
+ end
+ DEFAULT = SASLConfig.new
+ end
+
+ def test_sasl_anonymous()
+ s = SASLHandler.new("amqp://", {:sasl_allowed_mechs => "ANONYMOUS"})
+ TestContainer.new(s, {:sasl_allowed_mechs => "ANONYMOUS"}, __method__).run
+ assert_equal "anonymous", s.connections[0].user
+ end
+
+ def test_sasl_plain_url()
+ skip unless SASL.extended?
+ # Use default realm with URL, should authenticate with "default_password"
+ opts = {:sasl_allowed_mechs => "PLAIN", :sasl_allow_insecure_mechs => true}
+ s = SASLHandler.new("amqp://user:default_password@", opts)
+ TestContainer.new(s, opts, __method__).run
+ assert_equal(2, s.connections.size)
+ assert_equal("user", s.auth_user)
+ end
+
+ def test_sasl_plain_options()
+ skip unless SASL.extended?
+ # Use default realm with connection options, should authenticate with "default_password"
+ opts = {:sasl_allowed_mechs => "PLAIN",:sasl_allow_insecure_mechs => true,
+ :user => 'user', :password => 'default_password' }
+ s = SASLHandler.new("amqp://", opts)
+ TestContainer.new(s, {:sasl_allowed_mechs => "PLAIN",:sasl_allow_insecure_mechs => true}, __method__).run
+ assert_equal(2, s.connections.size)
+ assert_equal("user", s.auth_user)
+ end
+
+ # Ensure we don't allow PLAIN if allow_insecure_mechs = true is not explicitly set
+ def test_disallow_insecure()
+ # Don't set allow_insecure_mechs, but try to use PLAIN
+ s = SASLHandler.new("amqp://user:password@", {:sasl_allowed_mechs => "PLAIN", :sasl_allow_insecure_mechs => true})
+ e = assert_raises(TestError) { TestContainer.new(s, {:sasl_allowed_mechs => "PLAIN"}, __method__).run }
+ assert_match(/amqp:unauthorized-access.*Authentication failed/, e.to_s)
+ end
+end
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org