NetworManager and openconnect: using cookies
Murilo Opsfelder
muriloo at linux.vnet.ibm.com
Thu Dec 2 14:53:32 EST 2010
On 12/02/2010 04:16 PM, David Woodhouse wrote:
> On Thu, 2010-12-02 at 17:53 +0000, David Woodhouse wrote:
>>
>> Hrm, why not using the *same* 'keyname' string as we're using for the
>> TEXT and SELECT cases? There was a reason we included the form->auth_id
>> in that key.
>
> Patch below should do that. But I notice two problems now I look closer.
>
Thanks David. I appreciated your attention.
> Firstly, it's not optional. I think it needs to be; we don't want to
> *unconditionally* save the password. Not only for security reasons, but
> also because it might be a one-time password.
>
By optional, you mean a "save password" checkbox in the GUI or a
compile-time flag (e.g.: --with-gnome-keyring)?
> Secondly, it's saving the password even if the authentication fails.
> You'll note that 'remember_gconf_key' doesn't actually set it
> immediately; it just *stores* it, and the entry later gets set when the
> cookie_obtained() function walks through the ui_data->success_keys list.
>
If I understood it correctly, in remember_keyring_key() I should only
store form_id, name and value in auth_ui_data and actually save them in
gnome-keyring inside cookie_obtained() function. Is that correct?
> (Third problem was that your patch lacked a Signed-off-by)
>
Thanks for making me aware of this. I'll add it in the next patch.
--
Murilo
More information about the openconnect-devel
mailing list