[jira] [Comment Edited] (PROTON-1542) hostname should be set on sasl-init

Wed, 11 Oct 2017 07:47:24 -0700 

    [ 
https://issues.apache.org/jira/browse/PROTON-1542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16200295#comment-16200295
 ] 

Andrew Stitcher edited comment on PROTON-1542 at 10/11/17 2:46 PM:
-------------------------------------------------------------------

[~gsim] Looking at this yet more - it seems that the PROTON-1535 change already 
sets the the hostname in the sasl-init frame.

This is a frame sent by the client - why is a vhost like field called 
"local_fqdn"? isn't it setting the remote_fqdn? And if so why not just use 
remote_fqdn - this is set from the connection hostname - which is the vhost, 
Just like the SNI name.

Where this implementation seems to fall down is giving any access at athe 
server end to the sent hostname - the server side of SASL doesn't even parse it 
out of the received sasl-init frame. so it can't give the value to a plugin. 
But it doesn't seem that this is your concern - why?

[Edited after I looked again at the code]


was (Author: astitcher):
[~gsim] Looking at this some more - it seems this is a simple omission in the 
proton-c implementation - the remote hostname is not sent in the SASL-INIT 
frame. How is this related to public api?

As far as I can tell this value should always be the vhost.

> hostname should be set on sasl-init
> -----------------------------------
>
>                 Key: PROTON-1542
>                 URL: https://issues.apache.org/jira/browse/PROTON-1542
>             Project: Qpid Proton
>          Issue Type: Improvement
>          Components: proton-c
>            Reporter: Gordon Sim
>            Assignee: Andrew Stitcher
>             Fix For: proton-c-0.18.0
>
>
> For a multi-tenant service/server, where each tenant has its own user base, 
> the hostname in the sasl-init frame provides a convenient way of determining 
> the correct tenant to authenticate for.
> At present this is not set for any proton-c based client. It is similar to 
> the SNI information included in the TLS layer initiation (if such a layer is 
> in use).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to