Opened 15 years ago
Last modified 13 years ago
#92 accepted enhancement
fine grained access rights for clients: globals + per session options — at Version 3
Reported by: | Antoine Martin | Owned by: | Antoine Martin |
---|---|---|---|
Priority: | major | Milestone: | 1.0 |
Component: | Client | Keywords: | |
Cc: |
Description (last modified by )
At the moment, if a client can login then he can access everything.
We must change the way we store authorization keys from the current ssh style (one line per file in .winswitch/client/authorized_keys
- which should be in /server/ anyway) to a first class object: ClientPermissions
, saved as UUID.conf
OTOH at minimum, we should have:
- can_start_session
- can_start_desktop
- can_control_as_owner
- can_control_as_actor
- can_shadow_[local_display|vnc|nx]
- can_tunnel_[sound|print|file]
- can_grant_permissions
- can_see_others_permissions
On login, we look it up and pass the permissions back to the user as part of the add_user
command.
The ssh-add and local logins will grant all permissions automatically.
Some new session attributes (set on start and modifiable):
- locked (only owner/actor can release it)
etc.
Some new commands:
- set_session_attributes (and also overload start_session) to protect a session.
Change History (3)
comment:1 Changed 15 years ago by
Milestone: | 0.9.3 → 0.9.4 |
---|---|
Owner: | changed from Antoine Martin to Antoine Martin |
Status: | new → accepted |
comment:2 Changed 15 years ago by
Milestone: | 0.9.4 → 1.0 |
---|
comment:3 Changed 13 years ago by
Description: | modified (diff) |
---|
Note: See
TracTickets for help on using
tickets.