Re: [gtk-vnc-devel] auth patch

From: Anthony Liguori <anthony codemonkey ws>
To: "Daniel P. Berrange" <berrange redhat com>
Cc: gtk-vnc-devel List <gtk-vnc-devel lists sourceforge net>
Subject: Re: [gtk-vnc-devel] auth patch
Date: Fri, 22 Jun 2007 09:53:27 -0500

Daniel P. Berrange wrote:

On Wed, Jun 20, 2007 at 11:52:48PM -0300, Jonh Wendell wrote:

Hi folks.

Here is the initial draft for the authentication on gtk-vnc.
Well, i'd like to comment it here, but it's too late and i need to
sleep :)


I'm not sure I like the way the auth stuff is handled here. You are
requiring that the application choose the desired auth scheme prior
to calling gvnc_go(). How can the app choose a suitable auth scheme
if we haven't asked the server what auth schemes it supports yet ?

Hrm, I misread the original patch. I agree that a signal needs to beemitted when the server presents the auth type.


Thinking about it now though, there may be something else to consider.

IIRC, for RFB 3.8, the server presents a set of potential auth types,and then the user chooses the one he wants to use and sends it back tothe server. I think any interface we have has to allow:


1) Notify user that the server requires auth

2) A mechanism for the user to enumerate the auth types supported by theserver

3) A mechanism for the user to choose the auth type

4) A mechanism for the user to provide the required credentials for theauth type.

You could probably combined steps 3 & 4 by making setting thecredentials implicitly choose the auth type.


Regards,

Anthony Liguori

The kind of thing I think may work better is that 'gvnc_new' runs
the protocol upto the point where server has sent back its list of
supported auth types. It then emits a signal 'auth-choice' passing
the list of auth types as parameters. The application can listen
for this signal decide what auth todo, and then call 'gvnc_auth'
to continue the protocol. If it was a traditional auth type, after
finishing auth it would emit a signal 'auth-result' either failed

or success. Alternatively if the app choose VeNCrypt as the authtype, we'd have to emit a second signal 'subauth-choice' again

passing a list of support auth types given by the server. The app
chooses the sub-auth type, and then runs gvnc_subauth() finally
emitting an 'auth-result' signal too.  Once the app has a successful
auth-result, signal received it can call into  gvnc_run() to do
the main event loop.


  1.  gvnc_new()
        - Emits auth-choice signal with list of schemes
  2.  gvnc_auth(scheme)
        a. Emits auth-result  with boolean / message
        b. Emits subauth-choice with list of schemes
  3.  If doing subauth  gvnc_subauth(scheme)
        Emits auth-result with boolean / message
  4.  Upon a auth-result, gvnc_run()

Regards,

Dan.

Follow-Ups:
- Re: [gtk-vnc-devel] auth patch
  - From: Daniel P. Berrange

References:
- [gtk-vnc-devel] auth patch
  - From: Jonh Wendell
- Re: [gtk-vnc-devel] auth patch
  - From: Daniel P. Berrange

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]