[vlc-devel] [RFC PATCH 1/8] add vlc_keystore API
remi at remlab.net
Mon Jan 4 18:36:05 CET 2016
Le 2015-12-31 21:39, Jean-Baptiste Kempf a écrit :
> On 31 Dec, Rémi Denis-Courmont wrote :
>> >+vlc_keystore_store(vlc_keystore *p_keystore,
>> >+ const char * const ppsz_values[KEY_MAX],
>> >+ const uint8_t *p_secret, ssize_t i_secret_len,
>> >+ const char *psz_label)
>> >+ assert(p_keystore && ppsz_values && p_secret && i_secret_len);
>> >+ if (!ppsz_values[KEY_PROTOCOL] || !ppsz_values[KEY_SERVER]
>> >+ || !ppsz_values[KEY_PATH] || !ppsz_values[KEY_USER])
>> So how does this work if the username is not known?
>> Also AFAIK, FTP and SSH credentials don't depend on the path.
> But SMB ones do, no?
I am not intimate with SMB/CIFS, but I believe they operate as follows:
- The validity of SMB credentials depend on the "share", i.e. the first
- *But* typically one user has only one set of credentials for the
whole domain. In other words, the credentials do not depend on anything
as far as the user application is concerned.
Then again, IIRC, you can set up guest shares with shared password.
> What about webdav? It's realm based?
WebDAV is just a set of HTTP requests. As far as I know, it uses HTTP
authentication. If so, then yes.
HTTP itself is rather tricky, as you have a list of pairs of mechanisms
and realms for each resource (at least in theory). Also the rules for
reusing credentials are not transitive:
For instance, http://www.example.com/foo/ credentials can be reused for
http://www.example.com/foo/bar/ but *not* the other way.
The current factored HTTP auth code seems not quite right, and the
Digest support is definitely not up-to-date. Then again, I have never
seen HTTP Digest in real use.
More information about the vlc-devel