This ticket was originally meant for all types of sessions, but the scope was changed to support sessions with a display attached. (typically shadow mode)
Generic access request now moved to #1799.
Stackable authentication modules moved to #1728
Still TODO: add UI prompt authentication via built-in GTK based prompt, "dialog"?
Implemented for shadow servers using the new "exec" auth module in r17780. With platform support for macos added in r17781 + r17825 + r17822, win32 in r17783, and RPM + DEB packaging in r17782.
Usage:
xpra shadow --bind-tcp=0.0.0.0:10000 --tcp-auth=exec
This will popup a dialog asking if the new connection should be allowed or not.
This new auth module has two configuration options:
timeout
: the delay in seconds before we terminate the command and fail, ie: tcp-auth=exec:timeout=60
command
, ie: tcp-auth=exec:command=/bin/true
. The command will be given the request message (ie: Connection request from ...) and the timeout as arguments. It should return 0 to allow the connection, any other value to reject it. By default, we use the "auth_dialog" tool that we ship. (just a simple yes-no dialog)
As per #1728, this can now be combined with other auth modules. (ie: password + request, or tcp-wrappers + request, etc)
This is only useful for "shadow" sessions since there will be an existing display connected where the user can accept the request.
Still TODO:
We could piggyback onto #1735
Mostly a FYI, see comment:4.
Noted and closing.
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1690