Re: NetworManager and openconnect: using cookies

On 12/02/2010 04:16 PM, David Woodhouse wrote:
On Thu, 2010-12-02 at 17:53 +0000, David Woodhouse wrote:

Hrm, why not using the *same* 'keyname' string as we're using for the
TEXT and SELECT cases? There was a reason we included the form->auth_id
in that key.

Patch below should do that. But I notice two problems now I look closer.

Thanks David. I appreciated your attention.

Firstly, it's not optional. I think it needs to be; we don't want to
*unconditionally* save the password. Not only for security reasons, but
also because it might be a one-time password.

By optional, you mean a "save password" checkbox in the GUI or a compile-time flag (e.g.: --with-gnome-keyring)?

Secondly, it's saving the password even if the authentication fails.
You'll note that 'remember_gconf_key' doesn't actually set it
immediately; it just *stores* it, and the entry later gets set when the
cookie_obtained() function walks through the ui_data->success_keys list.

If I understood it correctly, in remember_keyring_key() I should only store form_id, name and value in auth_ui_data and actually save them in gnome-keyring inside cookie_obtained() function. Is that correct?

(Third problem was that your patch lacked a Signed-off-by)

Thanks for making me aware of this. I'll add it in the next patch.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]