Re: [gtk-vnc-devel] PATCH 2/2: API for gathering credentials
- From: Anthony Liguori <anthony codemonkey ws>
- To: "Daniel P. Berrange" <berrange redhat com>
- Cc: gtk-vnc-devel lists sourceforge net
- Subject: Re: [gtk-vnc-devel] PATCH 2/2: API for gathering credentials
- Date: Wed, 11 Jul 2007 08:17:11 -0500
Daniel P. Berrange wrote:
On Mon, Jul 09, 2007 at 09:04:11AM -0500, Anthony Liguori wrote:
Daniel P. Berrange wrote:
--- a/examples/gvncviewer.c Wed Jul 04 15:32:55 2007 -0400
+++ b/examples/gvncviewer.c Thu Jul 05 13:48:15 2007 -0400
@@ -7,16 +7,83 @@
#include <netinet/tcp.h>
#include <arpa/inet.h>
+GtkWidget *window;
+
+void vnc_disconnect(GtkWidget *vnc)
+{
+ printf("VNC widget disconnected\n");
+ gtk_main_quit();
+}
+
+void vnc_initialized(GtkWidget *vnc)
+{
+ printf("VNC widget initialized\n");
+ gtk_widget_show_all(GTK_WIDGET(window));
+}
+
+void vnc_credential(GtkWidget *vnc, int cred)
+{
+ GtkWidget *dialog, *label, *entry, *box, *vbox;
+ const char *data, *title;
+ int response;
+
+ printf("Got credential request for %d\n", cred);
+ if (cred != VNC_DISPLAY_CREDENTIAL_PASSWORD &&
+ cred != VNC_DISPLAY_CREDENTIAL_USERNAME) {
+ printf("Unsupported credential type\n");
+ vnc_display_close(VNC_DISPLAY(vnc));
+ return;
+ }
It's a little awkward that for user/pass authentication two separate
callbacks would be generated. This makes implementing a single dialog
that asks for user/pass rather weird. You'd have to keep track of which
creds were requested and once both were asked for, then pop up a dialog.
Well my though is that a client will not know ahead of time whether a
server will want a certificate, a password, a username + password or
some other sort of information. So any app wouldn't want to build a
UI containing both a username + password in one form, since it is not
neccesarily going to correspond to what they actually need to collect.
Instead they'd have a generic form with a label/text entry & just prompt
for each bit of auth data as it was requested in turn.
I don't think so. There are only so many iterations of credential
pairing and ideally an application would integrate with the Gnome
keyring in which case, the GUI wouldn't even need to prompt for creds.
I would be happy with the current API if only it passed all of the
requested credentials at once instead of with different callbacks. That
makes it significantly easier for a client to look at the set of
credentials and make an intelligent decision about what to display to a
user.
Even if you were building a GUI "drip style", how would the code work?
Would it be:
vnc_cred() {
if (cred == VNC_DISPLAY_CREDENTIAL_PASSWORD) {
gtk_box_pack_start(..., gtk_label_new("Password:")).
}
}
Such that the order of the items in the box depended on the order that
vnc_cred gets invoked? Also, when would you know that it's time to
gtk_widget_show() the box? Passing all the credentials at once solves
both of these problems.
Regards,
Anthony Liguori
This kind of 'drip feeding' of auth credential requests is the way both PAM
& SASL like to operate. From the UI pov, cf GDM login screen for X which
prompts for each auth data piece in turn, rather than its old style XDM
which had a fixed 'username + password' form.
I think we should either pass a GSList here or have a higher level
credential like VNC_DISPLAY_CREDENTIAL_USER_PASS.
I'm not convinced we need either, but I'd have a preference for the former
keeping distinct credential types.
Dan.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
