Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

changing server_name to server_hostbased_name #209

Merged
merged 1 commit into from
Jun 5, 2020
Merged

changing server_name to server_hostbased_name #209

merged 1 commit into from
Jun 5, 2020

Conversation

rebeccc
Copy link
Contributor

@rebeccc rebeccc commented Jun 2, 2020

fixes issue #208

frozencemetery
frozencemetery suggested changes Jun 2, 2020
View reviewed changes
Copy link
Member

@frozencemetery frozencemetery left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix.

It seems like it might be better to make server_name have the right value (i.e., rename server_hostbased_name to server_name) and call the current HTTP/sross@ name something else instead. What do you think?

Bit of housekeeping: please make your commit messages conform to https://chris.beams.io/posts/git-commit/ . You may also wish to add this email to your github account so that it gets tracked as your commit.

@rebeccc
Copy link
Contributor Author

rebeccc commented Jun 3, 2020
edited
Loading

@frozencemetery Changing server_hostbased_name to server_name makes better sense to me, too.

I'm not really sure what to call HTTP/sross@ because I'm not exactly sure what it was trying to show in the tutorial in the first place. I can tell that the tutorial was trying to show the difference between a Name with and without the name_type = gssapi.NameType.hostbased_service, and that they can successfully be compared after canonicalizing them. Should HTTP/sross@ be changed to 'HTTP@' + FQDN?

Edit: Sorry, forgot to respond to the rest of your comment. I'll definitely make sure that the rest of my commits follow that guide, and I'll make sure git is configured next time before committing.

@frozencemetery
Copy link
Member

That's a good point. After rereading and thinking about this some more, I think Solly's intent was to show the difference between the NameTypes - the use of "sross" there is accidental leaking of their hostname. So this should work:

>>> import gssapi, socket
>>> FQDN = socket.getfqdn()
>>> 
>>> server_hostbased_name = gssapi.Name(f"HTTP@{FQDN}", name_type=gssapi.NameType.hostbased_service)
>>> server_hostbased_name
Name(b'HTTP@seton.mivehind.net', <OID 1.2.840.113554.1.2.1.4>)
>>> server_name = gssapi.Name(f"HTTP/{FQDN}@")
>>> server_name
Name(b'HTTP/seton.mivehind.net@', None)
>>> 
>>> server_name == server_hostbased_name
False
>>> server_canon_name = server_name.canonicalize(gssapi.MechType.kerberos)
>>> server_hostbased_canon_name = server_hostbased_name.canonicalize(gssapi.MechType.kerberos)
>>> server_canon_name == server_hostbased_canon_name
True
>>>

So that suggests a better approach, I think.

@rebeccc @frozencemetery
Update tutorial to make server_name equal FQDN
8cf258c 
The introduction shows the differences between NameTypes and
accidentally uses a hardcoded value for server_name, which is a variable
that is used to make calls later in the code.  By changing server_name
to a FQDN, this variable will work for anybody using the tutorial.

[rharwood@redhat.com: Shrunk scope of change.]
@frozencemetery frozencemetery merged commit 8cf258c into pythongssapi:master Jun 5, 2020
@frozencemetery frozencemetery mentioned this pull request Jun 5, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frozencemetery frozencemetery frozencemetery requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@rebeccc @frozencemetery