[Qemu-devel] Re: [RFC 0/7]: Add VNC connect/disconnect events

["Daniel P. Berrange" <berrange@redhat.com>]

On Fri, Jan 08, 2010 at 07:47:09PM -0200, Luiz Capitulino wrote:
>  Hi there,
> 
>  This series contains two related changes. First a small cleanup is done in
> the current 'query-vnc' command, then two new QMP asynchronous events are
> introduced: VNC connect and disconnect.
> 
>  That's, everytime a VNC client connects or disconnects from QEMU, the
> QMP client will get full VNC client and VNC server info.
> 
>  There's one problem though and that's why this series is a RFC.
> 
>  The connection is a two step procedure if an authentication mechism is
> enabled. First the client establishes the connection then it authenticates.
> 
>  Currently, 'info vnc' and 'query-vnc' will show client information as soon
> as it establishes the connection even if the client didn't autheticate yet.
> 
>  This series changes that. Now, if an authentication mechanism is enabled,
> client information will only be available _after_ it has authenticated. Also,
> the connect/disconnect events are only emitted after the authentication step.
> 
>  There's a way to fix this and add the old behavior back, but we'll need
> one additional event (say CONNECT_AUTH) and the client will have to look
> at the server info to learn that a disconnection happened before
> authentication.

Hmm, I had not considered the timing problems when I discussed this with
you previously. I think it is important to separate the connect event
from the authentication event, because a mgmt application using QEMU
may want to see clients connecting even if they abort/delay before 
authenticating,

So perhaps we should declare that the lifecycle is

  -  CONNECT       (provide IP / port details)
  -  AUTHENTICATED (provide IP / port details + authenticated ID details
                    eg x509 dname, or SASL usernsmae)
  -  DISCONNECT    (provide IP / port details)


Obviously AUTHENTICATED may be optional if the client goes away
immedaitely before trying auth. The AUTHENTICATED event probably
also ought to allow for an indication of success vs failure so 
the app can see failed login attempts

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|