El 18/03/14 21:01, Kevin Wasserman escribió:
> 1) The behavior I expect is as follows: at startup, the identity
> selector picks
> the first identity in the id card list to assign as the
> 'default_id_card'.
> Thereafter, whenever the user clicks the 'send' button on an identity,
> that identity becomes the new default_id_card.
>
> 2) The only reason I know of for the existence of the default_id_card is
> to support gss_inquire_cred() on a credential that has never been used
> with gss_init_sec_context(). I don't know of a practical use for it.
>
Therefore it can be considered more as an internal function, isn't it?
Thanks for the response.
> Kevin Wasserman
> Painless Security
>
> On 3/18/2014 5:57 AM, Alejandro Perez Mendez wrote:
>> Hi all,
>>
>> looking around the moonshot-ui code I just realized the existence of
>> both, moonshot_get_id, and moonshot_get_default_id methods. As far as I
>> understand, the former follows the typical procedure to get an ID card
>> to be used with the selected RP (i.e. use one existing ID<->RP
>> association, or launch the UI to create one). However, the latter seems
>> to try to return the last used ID (stored in the "default_id_card"
>> variable).
>>
>> However, I've been playing with this function, and I have some doubts
>> about how it works. I hope anyone can help me understanding it:
>>
>> 1) The moonshot-ui seems to update the default_id_card variable after a
>> card is selected on the UI. However, this does not assure this variable
>> contains last used ID, as it is possible that a user makes use of a
>> different identity for which an association exists. In that case, the UI
>> is not shown, and the variable is not updated.
>>
>> Ej. User [log in to unmask] in the UI -> default_id_card =
>> [log in to unmask]
>> Then, the user accesses a server for which [log in to unmask] was
>> configured -> default_id_card [log in to unmask]
>> Therefore, subsequent calls to moonshot_get_default_id will return
>> [log in to unmask] instead [log in to unmask]
>>
>> Is this the expected behaviour or is it a bug?
>>
>> 2) What's the purpose of this method anyway? Is it used under any
>> circumstance from mech_eap? I've seen some code in util_cred.c, but it
>> is unclear to me what it is supposed to do. When one tries to access a
>> new server which has not previous association with you, the default ID
>> (previous ID) is not sent. Instead, the UI pops up.
>>
>> Regards,
>> Alejandro
|