Repository: qpid-proton Updated Branches: refs/heads/master 4cddf1f44 -> 3dd3bd491
PROTON-1921: Add docs to each binding about how to enable gssapi and gss-spnego Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/3dd3bd49 Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/3dd3bd49 Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/3dd3bd49 Branch: refs/heads/master Commit: 3dd3bd4913af915d1632fed57c350d76a5cd0ba2 Parents: 4cddf1f Author: Justin Ross <[email protected]> Authored: Tue Aug 28 18:35:37 2018 -0700 Committer: Justin Ross <[email protected]> Committed: Tue Aug 28 18:35:37 2018 -0700 ---------------------------------------------------------------------- cpp/include/proton/connection_options.hpp | 12 +++++++++++- go/src/qpid.apache.org/electron/connection.go | 9 +++++++++ python/proton/_reactor.py | 21 ++++++++++++++------- ruby/lib/core/connection.rb | 4 ++-- 4 files changed, 36 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/3dd3bd49/cpp/include/proton/connection_options.hpp ---------------------------------------------------------------------- diff --git a/cpp/include/proton/connection_options.hpp b/cpp/include/proton/connection_options.hpp index 3a51446..6da610c 100644 --- a/cpp/include/proton/connection_options.hpp +++ b/cpp/include/proton/connection_options.hpp @@ -143,7 +143,17 @@ class connection_options { /// are disabled. PN_CPP_EXTERN connection_options& sasl_allow_insecure_mechs(bool); - /// Specify the allowed mechanisms for use on the connection. + /// Specify the SASL mechanisms allowed for this connection. + /// The value is a space-separated list of mechanism names. + /// + /// The mechanisms allowed by default are determined by your SASL + /// library and system configuration, with two exceptions: GSSAPI + /// and GSS-SPNEGO are disabled by default. To enable them, you + /// must explicitly add them using this option. + /// + /// Clients must set the allowed mechanisms before the the + /// outgoing connection is attempted. Servers must set them + /// before the listening connection is setup. PN_CPP_EXTERN connection_options& sasl_allowed_mechs(const std::string&); /// **Unsettled API** - Extension capabilities offered to the remote peer. http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/3dd3bd49/go/src/qpid.apache.org/electron/connection.go ---------------------------------------------------------------------- diff --git a/go/src/qpid.apache.org/electron/connection.go b/go/src/qpid.apache.org/electron/connection.go index 9c0ef31..295dd50 100644 --- a/go/src/qpid.apache.org/electron/connection.go +++ b/go/src/qpid.apache.org/electron/connection.go @@ -328,6 +328,15 @@ func SASLEnable() ConnectionOption { return func(c *connection) { sasl(c) } } // Can be used on the client or the server to restrict the SASL for a connection. // mechs is a space-separated list of mechanism names. // +// The mechanisms allowed by default are determined by your SASL +// library and system configuration, with two exceptions: GSSAPI +// and GSS-SPNEGO are disabled by default. To enable them, you +// must explicitly add them using this option. +// +// Clients must set the allowed mechanisms before the the +// outgoing connection is attempted. Servers must set them +// before the listening connection is setup. +// func SASLAllowedMechs(mechs string) ConnectionOption { return func(c *connection) { sasl(c).AllowedMechs(mechs) } } http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/3dd3bd49/python/proton/_reactor.py ---------------------------------------------------------------------- diff --git a/python/proton/_reactor.py b/python/proton/_reactor.py index 4548e59..5a826bf 100644 --- a/python/proton/_reactor.py +++ b/python/proton/_reactor.py @@ -781,15 +781,22 @@ class Container(Reactor): or its child links @param kwargs: 'sasl_enabled', which determines whether a sasl - layer is used for the connection; 'allowed_mechs', an optional - string containing a space-separated list of SASL mechanisms to - allow if sasl is enabled; 'allow_insecure_mechs', a flag - indicating whether insecure mechanisms, such as PLAIN over a - non-encrypted socket, are allowed; 'virtual_host', the + layer is used for the connection. 'allowed_mechs', an optional + string specifying the SASL mechanisms allowed for this + connection; the value is a space-separated list of mechanism + names; the mechanisms allowed by default are determined by + your SASL library and system configuration, with two + exceptions: GSSAPI and GSS-SPNEGO are disabled by default; to + enable them, you must explicitly add them using this option; + clients must set the allowed mechanisms before the the + outgoing connection is attempted; servers must set them before + the listening connection is setup. 'allow_insecure_mechs', a + flag indicating whether insecure mechanisms, such as PLAIN + over a non-encrypted socket, are allowed. 'virtual_host', the hostname to set in the Open performative used by peer to - determine the correct back-end service for the client. If + determine the correct back-end service for the client; if 'virtual_host' is not supplied the host field from the URL is - used instead; 'user', the user to authenticate; 'password', + used instead. 'user', the user to authenticate. 'password', the authentication secret. """ http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/3dd3bd49/ruby/lib/core/connection.rb ---------------------------------------------------------------------- diff --git a/ruby/lib/core/connection.rb b/ruby/lib/core/connection.rb index 3586790..9b8838b 100644 --- a/ruby/lib/core/connection.rb +++ b/ruby/lib/core/connection.rb @@ -113,8 +113,8 @@ module Qpid::Proton # @option opts [Integer] :max_frame_size Limit the size of AMQP frames # # @option opts [Boolean] :sasl_enabled (false) Enable or disable SASL. - # @option opts [Boolean] :sasl_allow_insecure_mechs (false) Allow mechanisms send secrets in clear text - # @option opts [String] :sasl_allowed_mechs SASL mechanisms allowed by this end of the connection + # @option opts [Boolean] :sasl_allow_insecure_mechs (false) Allow mechanisms that send secrets in cleartext + # @option opts [String] :sasl_allowed_mechs Specify the SASL mechanisms allowed for this connection. The value is a space-separated list of mechanism names. The mechanisms allowed by default are determined by your SASL library and system configuration, with two exceptions: GSSAPI and GSS-SPNEGO are disabled by default. To enable them, you must explicitly add them using this option. Clients must set the allowed mechanisms before the the outgoing connection is attempted. Servers must set them before the listening connection is setup. # # @option opts [SSLDomain] :ssl_domain SSL configuration domain. # --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
