Re: [gtk-vnc-devel] PATCH 2/2: API for gathering credentials

Daniel P. Berrange wrote:
On Mon, Jul 09, 2007 at 09:04:11AM -0500, Anthony Liguori wrote:
Daniel P. Berrange wrote:
--- a/examples/gvncviewer.c	Wed Jul 04 15:32:55 2007 -0400
+++ b/examples/gvncviewer.c	Thu Jul 05 13:48:15 2007 -0400
@@ -7,16 +7,83 @@
#include <netinet/tcp.h>
#include <arpa/inet.h>

+GtkWidget *window;
+void vnc_disconnect(GtkWidget *vnc)
+	printf("VNC widget disconnected\n");
+	gtk_main_quit();
+void vnc_initialized(GtkWidget *vnc)
+	printf("VNC widget initialized\n");
+	gtk_widget_show_all(GTK_WIDGET(window));
+void vnc_credential(GtkWidget *vnc, int cred)
+	GtkWidget *dialog, *label, *entry, *box, *vbox;
+	const char *data, *title;
+	int response;
+	printf("Got credential request for %d\n", cred);
+		printf("Unsupported credential type\n");
+		vnc_display_close(VNC_DISPLAY(vnc));
+		return;
+	}
It's a little awkward that for user/pass authentication two separate callbacks would be generated. This makes implementing a single dialog that asks for user/pass rather weird. You'd have to keep track of which creds were requested and once both were asked for, then pop up a dialog.

Well my though is that a client will not know ahead of time whether a
server will want a certificate, a password, a username + password or
some other sort of information. So any app wouldn't want to build a
UI containing both a username + password in one form, since it is not
neccesarily going to correspond to what they actually need to collect. Instead they'd have a generic form with a label/text entry & just prompt for each bit of auth data as it was requested in turn.

I don't think so. There are only so many iterations of credential pairing and ideally an application would integrate with the Gnome keyring in which case, the GUI wouldn't even need to prompt for creds.

I would be happy with the current API if only it passed all of the requested credentials at once instead of with different callbacks. That makes it significantly easier for a client to look at the set of credentials and make an intelligent decision about what to display to a user.

Even if you were building a GUI "drip style", how would the code work? Would it be:

vnc_cred() {
     gtk_box_pack_start(..., gtk_label_new("Password:")).

Such that the order of the items in the box depended on the order that vnc_cred gets invoked? Also, when would you know that it's time to gtk_widget_show() the box? Passing all the credentials at once solves both of these problems.


Anthony Liguori

This kind of 'drip feeding' of auth credential requests is the way both PAM & SASL like to operate. From the UI pov, cf GDM login screen for X which
prompts for each auth data piece in turn, rather than its old style XDM
which had a fixed 'username + password' form.

I think we should either pass a GSList here or have a higher level credential like VNC_DISPLAY_CREDENTIAL_USER_PASS.

I'm not convinced we need either, but I'd have a  preference for the former
keeping distinct credential types.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]