Reading the SASL docs I think we also need to allow SASL realm to be set on a per-connection basis, in CONNECTION_BOUND - and expose that in all bindings. This is because the realm may be set by the server based on incoming vhost. CONNECTION_BOUND is the only point where we a) have the incoming vhost and b) authentication is not yet done, so it seems the right place. I think it's a simple setter on the SASL object, any other ideas?
On Fri, 2017-08-11 at 18:55 +0000, Gordon Sim wrote: > > On Aug. 11, 2017, 5:46 p.m., Andrew Stitcher wrote: > > > This looks fine. > > > > > > Can you just confirm that adding this extra field to the frame is still > > > amqp 1.0 protocol compliant (I dont have time to check that today). > > From spec: > > <type name="sasl-init" class="composite" source="list" provides="sasl-frame"> > <descriptor name="amqp:sasl-init:list" code="0x00000000:0x00000041"/> > <field name="mechanism" type="symbol" mandatory="true"/> > <field name="initial-response" type="binary"/> > <field name="hostname" type="string"/> > </type> > > "This field can be used by AMQP proxies to determine the correct back-end > service to connect the > client to, and to determine the domain to validate the client’s credentials > against." > > > - Gordon > > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/61596/#review182725 > ----------------------------------------------------------- > > > On Aug. 11, 2017, 5:24 p.m., Gordon Sim wrote: > > > > ----------------------------------------------------------- > > This is an automatically generated e-mail. To reply, visit: > > https://reviews.apache.org/r/61596/ > > ----------------------------------------------------------- > > > > (Updated Aug. 11, 2017, 5:24 p.m.) > > > > > > Review request for qpid and Andrew Stitcher. > > > > > > Bugs: PROTON-1535 > > https://issues.apache.org/jira/browse/PROTON-1535 > > > > > > Repository: qpid-proton-git > > > > > > Description > > ------- > > > > allow hostname to be set for sasl-init > > > > > > Diffs > > ----- > > > > proton-c/include/proton/sasl-plugin.h cbc6684 > > proton-c/src/sasl/sasl-internal.h fc141b4 > > proton-c/src/sasl/sasl.c a39e602 > > > > > > Diff: https://reviews.apache.org/r/61596/diff/1/ > > > > > > Testing > > ------- > > > > > > Thanks, > > > > Gordon Sim > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
