qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gordon Sim (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PROTON-1542) hostname should be set on sasl-init
Date Mon, 16 Oct 2017 10:33:00 GMT

    [ https://issues.apache.org/jira/browse/PROTON-1542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16205680#comment-16205680
] 

Gordon Sim commented on PROTON-1542:
------------------------------------

The fix for PROTON-1535 allows a sasl plugin to set the hostname, which was my immediate need
at the time, and it does not alter default behaviour or public API in anyway. I understood
us to have agreed that we should create a new issue for any more general changes, and rename
PROTON-1535 to make it clear it was just an enhancement to the new sasl plugin API. 

As to the choice of the field name, I saw there was a remote_fqdn there already and assumed
that was the value for hostname specified by the peer. In general, the 'remote' qualification
in proton names is always something received from the peer. As what I was adding was the ability
to set the local value, i.e. the value that will be sent to the peer, I used the same basic
name with prefix 'local'. The name of the field is an internal detail, I would not have chosen
'fqdn' had it not been there already. More important is the API to it, which in the plugin
API is pnx_sasl_set_local_hostname which I think is clear. Arguably the 'local' could be dropped.

Looking at the actual use in existing code of the remote_fqdn, I see it is set from transport.c,
which suggests it is not intended as the hostname sent by the peer, and as you say it seems
that value is never actually decoded. I had again assumed that pnx_sasl_get_remote_fqdn()
was the accessor to what the peer set as the hostname.

> hostname should be set on sasl-init
> -----------------------------------
>
>                 Key: PROTON-1542
>                 URL: https://issues.apache.org/jira/browse/PROTON-1542
>             Project: Qpid Proton
>          Issue Type: Improvement
>          Components: proton-c
>            Reporter: Gordon Sim
>            Assignee: Andrew Stitcher
>             Fix For: proton-c-0.19.0
>
>
> For a multi-tenant service/server, where each tenant has its own user base, the hostname
in the sasl-init frame provides a convenient way of determining the correct tenant to authenticate
for.
> At present this is not set for any proton-c based client. It is similar to the SNI information
included in the TLS layer initiation (if such a layer is in use).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message