[vlc-devel] [RFC PATCH 1/8] add vlc_keystore API

Rémi Denis-Courmont remi at remlab.net
Mon Jan 4 18:36:05 CET 2016

Le 2015-12-31 21:39, Jean-Baptiste Kempf a écrit :
> On 31 Dec, Rémi Denis-Courmont wrote :
>> >+vlc_keystore_store(vlc_keystore *p_keystore,
>> >+                   const char * const ppsz_values[KEY_MAX],
>> >+                   const uint8_t *p_secret, ssize_t i_secret_len,
>> >+                   const char *psz_label)
>> >+{
>> >+    assert(p_keystore && ppsz_values && p_secret && i_secret_len);
>> >+
>> >+    if (!ppsz_values[KEY_PROTOCOL] || !ppsz_values[KEY_SERVER]
>> >+     || !ppsz_values[KEY_PATH] || !ppsz_values[KEY_USER])
>> So how does this work if the username is not known?
>> Also AFAIK, FTP and SSH credentials don't depend on the path.
> But SMB ones do, no?

I am not intimate with SMB/CIFS, but I believe they operate as follows:
- The validity of SMB credentials depend on the "share", i.e. the first 
level directory.
- *But* typically one user has only one set of credentials for the 
whole domain. In other words, the credentials do not depend on anything 
as far as the user application is concerned.

Then again, IIRC, you can set up guest shares with shared password.

> What about webdav? It's realm based?

WebDAV is just a set of HTTP requests. As far as I know, it uses HTTP 
authentication. If so, then yes.

HTTP itself is rather tricky, as you have a list of pairs of mechanisms 
and realms for each resource (at least in theory). Also the rules for 
reusing credentials are not transitive:

For instance, http://www.example.com/foo/ credentials can be reused for 
http://www.example.com/foo/bar/ but *not* the other way.

The current factored HTTP auth code seems not quite right, and the 
Digest support is definitely not up-to-date. Then again, I have never 
seen HTTP Digest in real use.

Rémi Denis-Courmont

More information about the vlc-devel mailing list