blob: 7d5ca7f6704c76eba3df48eb52a988d7615fc940 [file] [log] [blame]
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
module Qpid::Proton
# The SASL layer is responsible for establishing an authenticated and/or
# encrypted tunnel over which AMQP frames are passed between peers.
#
# The peer acting as the SASL client must provide authentication
# credentials.
#
# The peer acting as the SASL server must provide authentication against the
# received credentials.
#
# @note Do not instantiate directly, use {Transport#sasl} to create a SASL object.
class SASL
include Util::Deprecation
# Negotation has not completed.
NONE = Cproton::PN_SASL_NONE
# Authentication succeeded.
OK = Cproton::PN_SASL_OK
# Authentication failed due to bad credentials.
AUTH = Cproton::PN_SASL_AUTH
private
extend Util::SWIGClassHelper
PROTON_METHOD_PREFIX = "pn_sasl"
public
# @private
# @note Do not instantiate directly, use {Transport#sasl} to create a SASL object.
def initialize(transport)
@impl = Cproton.pn_sasl(transport.impl)
end
# @!attribute allow_insecure_mechs
# @return [Bool] true if clear text authentication is allowed on insecure connections.
proton_set_get :allow_insecure_mechs
# @!attribute user [r]
# @return [String] the authenticated user name
proton_get :user
# Set the mechanisms allowed for SASL negotation
# @param mechanisms [String] space-delimited list of allowed mechanisms
def allowed_mechs=(mechanisms)
Cproton.pn_sasl_allowed_mechs(@impl, mechanisms)
end
# @deprecated use {#allowed_mechs=}
deprecated_alias :mechanisms, :allowed_mechs=
# True if extended SASL negotiation is supported
#
# All implementations of Proton support ANONYMOUS and EXTERNAL on both
# client and server sides and PLAIN on the client side.
#
# Extended SASL implememtations use an external library (Cyrus SASL)
# to support other mechanisms.
#
# @return [Bool] true if extended SASL negotiation is supported
def self.extended?()
Cproton.pn_sasl_extended()
end
class << self
include Util::Deprecation
# Set the sasl configuration path
#
# This is used to tell SASL where to look for the configuration file.
# In the current implementation it can be a colon separated list of directories.
#
# The environment variable PN_SASL_CONFIG_PATH can also be used to set this path,
# but if both methods are used then this pn_sasl_config_path() will take precedence.
#
# If not set the underlying implementation default will be used.
#
# @param path the configuration path
#
def config_path=(path)
Cproton.pn_sasl_config_path(nil, path)
path
end
# Set the configuration file name, without extension
#
# The name with an a ".conf" extension will be searched for in the
# configuration path. If not set, it defaults to "proton-server" or
# "proton-client" for a server (incoming) or client (outgoing) connection
# respectively.
#
# @param name the configuration file name without extension
#
def config_name=(name)
Cproton.pn_sasl_config_name(nil, name)
end
# @deprecated use {config_path=}
deprecated_alias :config_path, :config_path=
# @deprecated use {config_name=}
deprecated_alias :config_name, :config_name=
end
end
end