Typedefs | |
typedef struct pn_sasl_t | pn_sasl_t |
Enumerations | |
enum | pn_sasl_outcome_t { PN_SASL_NONE = -1, PN_SASL_OK = 0, PN_SASL_AUTH = 1, PN_SASL_SYS = 2, PN_SASL_PERM = 3, PN_SASL_TEMP = 4 } |
The result of the SASL negotiation. More... | |
Functions | |
PN_EXTERN pn_sasl_t * | pn_sasl (pn_transport_t *transport) |
Construct an Authentication and Security Layer object. | |
PN_EXTERN bool | pn_sasl_extended (void) |
Do we support extended SASL negotiation. | |
PN_EXTERN void | pn_sasl_done (pn_sasl_t *sasl, pn_sasl_outcome_t outcome) |
Set the outcome of SASL negotiation. | |
PN_EXTERN pn_sasl_outcome_t | pn_sasl_outcome (pn_sasl_t *sasl) |
Retrieve the outcome of SASL negotiation. | |
PN_EXTERN const char * | pn_sasl_get_user (pn_sasl_t *sasl) |
Retrieve the authenticated user. | |
PN_EXTERN const char * | pn_sasl_get_mech (pn_sasl_t *sasl) |
Return the selected SASL mechanism. | |
PN_EXTERN void | pn_sasl_allowed_mechs (pn_sasl_t *sasl, const char *mechs) |
SASL mechanisms that are to be considered for authentication. | |
PN_EXTERN void | pn_sasl_set_allow_insecure_mechs (pn_sasl_t *sasl, bool insecure) |
Boolean to allow use of clear text authentication mechanisms. | |
PN_EXTERN bool | pn_sasl_get_allow_insecure_mechs (pn_sasl_t *sasl) |
Return the current value for allow_insecure_mechs. | |
PN_EXTERN void | pn_sasl_config_name (pn_sasl_t *sasl, const char *name) |
Set the sasl configuration name. | |
PN_EXTERN void | pn_sasl_config_path (pn_sasl_t *sasl, const char *path) |
Set the sasl configuration path. |
enum pn_sasl_outcome_t |
PN_EXTERN pn_sasl_t* pn_sasl | ( | pn_transport_t * | transport | ) |
Construct an Authentication and Security Layer object.
This will return the SASL layer object for the supplied transport object. If there is currently no SASL layer one will be created.
On the client side of an AMQP connection this will have the effect of ensuring that the AMQP SASL layer is used for that connection.
PN_EXTERN void pn_sasl_allowed_mechs | ( | pn_sasl_t * | sasl, | |
const char * | mechs | |||
) |
SASL mechanisms that are to be considered for authentication.
This can be used on either the client or the server to restrict the SASL mechanisms that may be used to the mechanisms on the list.
[in] | sasl | the SASL layer |
[in] | mechs | space separated list of mechanisms that are allowed for authentication |
PN_EXTERN void pn_sasl_config_name | ( | pn_sasl_t * | sasl, | |
const char * | name | |||
) |
Set the sasl configuration name.
This is used to construct the SASL configuration filename. In the current implementation it ".conf" is added to the name and the file is looked for in the configuration directory.
If not set it will default to "proton-server" for a sasl server and "proton-client" for a client.
[in] | sasl | the SASL layer |
[in] | name | the configuration name |
PN_EXTERN void pn_sasl_config_path | ( | pn_sasl_t * | sasl, | |
const char * | path | |||
) |
Set the sasl configuration path.
This is used to tell SASL where to look for the configuration file. In the current implementation it can be a colon separated list of directories.
The environment variable PN_SASL_CONFIG_PATH can also be used to set this path, but if both methods are used then this pn_sasl_config_path() will take precedence.
If not set the underlying implementation default will be used. for a client.
[in] | sasl | the SASL layer |
[in] | path | the configuration path |
PN_EXTERN void pn_sasl_done | ( | pn_sasl_t * | sasl, | |
pn_sasl_outcome_t | outcome | |||
) |
Set the outcome of SASL negotiation.
Used by the server to set the result of the negotiation process.
PN_EXTERN bool pn_sasl_extended | ( | void | ) |
Do we support extended SASL negotiation.
Do we support extended SASL negotiation? All implementations of Proton support ANONYMOUS and EXTERNAL on both client and server sides and PLAIN on the client side.
Extended SASL implememtations use an external library (Cyrus SASL) to support other mechanisms beyond these basic ones.
PN_EXTERN bool pn_sasl_get_allow_insecure_mechs | ( | pn_sasl_t * | sasl | ) |
Return the current value for allow_insecure_mechs.
[in] | sasl | the SASL layer |
PN_EXTERN const char* pn_sasl_get_mech | ( | pn_sasl_t * | sasl | ) |
Return the selected SASL mechanism.
The returned value is only reliable after the PN_TRANSPORT_AUTHENTICATED event has been received.
[in] | sasl | the SASL layer |
PN_EXTERN const char* pn_sasl_get_user | ( | pn_sasl_t * | sasl | ) |
Retrieve the authenticated user.
This is usually used at the the server end to find the name of the authenticated user. On the client it will merely return whatever user was passed in to the pn_transport_set_user_password() API.
If pn_sasl_outcome() returns a value other than PN_SASL_OK, then there will be no user to return. The returned value is only reliable after the PN_TRANSPORT_AUTHENTICATED event has been received.
[in] | sasl | the sasl layer |
PN_EXTERN pn_sasl_outcome_t pn_sasl_outcome | ( | pn_sasl_t * | sasl | ) |
Retrieve the outcome of SASL negotiation.
PN_EXTERN void pn_sasl_set_allow_insecure_mechs | ( | pn_sasl_t * | sasl, | |
bool | insecure | |||
) |
Boolean to allow use of clear text authentication mechanisms.
By default the SASL layer is configured not to allow mechanisms that disclose the clear text of the password over an unencrypted AMQP connection. This specifically will disallow the use of the PLAIN mechanism without using SSL encryption.
This default is to avoid disclosing password information accidentally over an insecure network.
If you actually wish to use a clear text password unencrypted then you can use this API to set allow_insecure_mechs to true.
[in] | sasl | the SASL layer |
[in] | insecure | set this to true to allow unencrypted PLAIN authentication. |