[Vortex] present user profiles only after securing connection

Francis Brosnan Blazquez francis at aspl.es
Fri Mar 24 12:14:13 CET 2006


El jue, 23-03-2006 a las 17:45 -0500, Philip Kovacs escribió:
> hi,
> 

Good day Phil,

> i'm new to beep and vortex, so i am doing a lot of reading and trying
> to get started.

Nice.

> 
> what is the vortex technique for presenting (my) profiles only after
> a 
> tls/sasl profile is enabled?  in other words, i want the listener to
> greet
> with tls/sasl only, and not display my profiles.  after the peers
> secure
> the connection, then i would like to display my profiles.
> 
> greet with tls/sasl only -> secure -> re-greet -> select my profile

I see.

> 
> Rose describes this as possible in his book BEEP.

Yes you are right. Currently, there are no elegant way to notify the
Vortex engine to follow a profile "path", that is, first this profile,
and based on previous success, then these ones, etc. 

However, there are easy solutions to your problem. Here is one:

Configure a start handler for your profile that, before accepting the
channel to be created, check that the connection where the channel is
being requested, is already TLS-fixated. 

gboolean my_profile_start (gint channel_num, 
                           VortexConnection *connection, 
                           gpointer user_data)
{
	if (! vortex_connection_is_tlsficated (connection)) {
               /* don't accept channel creation, just return
                * FALSE */
               return FALSE;
        }
	/* it seems the connection is TLS ficated */
        return TRUE;
}

The same applies to using SASL profiles, which at this moment, only
provides authentication support. In this case, the authentication must
be also checked at the start handler, for your profile.

The problem, however, remains because your BEEP peer will still
advertise all profiles, including SASL and TLS ones. We knwon this is
not admisible, because many people things that exchange profiles should
not be showed until a TLS negociation takes place. 

This is why we have planned a profile path engine that will enable
hiding details about exchange profiles exported [1]. 

Cheers.

[1] http://dolphin.aspl.es/cgi-bin/bugzilla/show_bug.cgi?id=289

> 
> phil
> 
-- 
Francis Brosnan Blazquez <francis at aspl.es>
Advanced Software Production Line, S.L.




More information about the Vortex mailing list