Re: [gtk-vnc-devel] auth patch
- From: Anthony Liguori <anthony codemonkey ws>
- To: "Daniel P. Berrange" <berrange redhat com>
- Cc: gtk-vnc-devel List <gtk-vnc-devel lists sourceforge net>
- Subject: Re: [gtk-vnc-devel] auth patch
- Date: Fri, 22 Jun 2007 09:53:27 -0500
Daniel P. Berrange wrote:
On Wed, Jun 20, 2007 at 11:52:48PM -0300, Jonh Wendell wrote:
Hi folks.
Here is the initial draft for the authentication on gtk-vnc.
Well, i'd like to comment it here, but it's too late and i need to
sleep :)
I'm not sure I like the way the auth stuff is handled here. You are
requiring that the application choose the desired auth scheme prior
to calling gvnc_go(). How can the app choose a suitable auth scheme
if we haven't asked the server what auth schemes it supports yet ?
Hrm, I misread the original patch. I agree that a signal needs to be
emitted when the server presents the auth type.
Thinking about it now though, there may be something else to consider.
IIRC, for RFB 3.8, the server presents a set of potential auth types,
and then the user chooses the one he wants to use and sends it back to
the server. I think any interface we have has to allow:
1) Notify user that the server requires auth
2) A mechanism for the user to enumerate the auth types supported by the
server
3) A mechanism for the user to choose the auth type
4) A mechanism for the user to provide the required credentials for the
auth type.
You could probably combined steps 3 & 4 by making setting the
credentials implicitly choose the auth type.
Regards,
Anthony Liguori
The kind of thing I think may work better is that 'gvnc_new' runs
the protocol upto the point where server has sent back its list of
supported auth types. It then emits a signal 'auth-choice' passing
the list of auth types as parameters. The application can listen
for this signal decide what auth todo, and then call 'gvnc_auth'
to continue the protocol. If it was a traditional auth type, after
finishing auth it would emit a signal 'auth-result' either failed
or success. Alternatively if the app choose VeNCrypt as the auth
type, we'd have to emit a second signal 'subauth-choice' again
passing a list of support auth types given by the server. The app
chooses the sub-auth type, and then runs gvnc_subauth() finally
emitting an 'auth-result' signal too. Once the app has a successful
auth-result, signal received it can call into gvnc_run() to do
the main event loop.
1. gvnc_new()
- Emits auth-choice signal with list of schemes
2. gvnc_auth(scheme)
a. Emits auth-result with boolean / message
b. Emits subauth-choice with list of schemes
3. If doing subauth gvnc_subauth(scheme)
Emits auth-result with boolean / message
4. Upon a auth-result, gvnc_run()
Regards,
Dan.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]