From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NUoIU-0006Lx-M6
	for qemu-devel@nongnu.org; Tue, 12 Jan 2010 16:29:06 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1NUoIQ-0006KM-U1
	for qemu-devel@nongnu.org; Tue, 12 Jan 2010 16:29:06 -0500
Received: from [199.232.76.173] (port=33469 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NUoIQ-0006KH-IR
	for qemu-devel@nongnu.org; Tue, 12 Jan 2010 16:29:02 -0500
Received: from mx1.redhat.com ([209.132.183.28]:45792)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <lcapitulino@redhat.com>) id 1NUoIQ-0003WV-1g
	for qemu-devel@nongnu.org; Tue, 12 Jan 2010 16:29:02 -0500
Date: Tue, 12 Jan 2010 19:28:54 -0200
From: Luiz Capitulino <lcapitulino@redhat.com>
Message-ID: <20100112192854.546aa02a@doriath>
In-Reply-To: <20100111135519.GA19479@redhat.com>
References: <1262987236-2943-1-git-send-email-lcapitulino@redhat.com>
	<20100111135519.GA19479@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] Re: [RFC 0/7]: Add VNC connect/disconnect events
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: aliguori@us.ibm.com, qemu-devel@nongnu.org

On Mon, 11 Jan 2010 13:55:19 +0000
"Daniel P. Berrange" <berrange@redhat.com> wrote:

> So perhaps we should declare that the lifecycle is
> 
>   -  CONNECT       (provide IP / port details)
>   -  AUTHENTICATED (provide IP / port details + authenticated ID details
>                     eg x509 dname, or SASL usernsmae)
>   -  DISCONNECT    (provide IP / port details)
> 
> 
> Obviously AUTHENTICATED may be optional if the client goes away
> immedaitely before trying auth. The AUTHENTICATED event probably
> also ought to allow for an indication of success vs failure so 
> the app can see failed login attempts

 I'm having an issue with the reporting of failure.

 Turns out we can have a few error conditions on login and they are
auth mechanism dependent. Also, as I'm not familiar with the code,
it's not always easy to get the ID information on failures.

 So, what is simple to do is to have an event called VNC_AUTHENTICATION,
it will have a 'authenticated' key which can be true or false. If it's true
authentication has been successful and ID information is available,
otherwise authentication has failed and only IP/port info is available.

 Of course that CONNECT and DISCONNECT events are also provided.