[Spice-commits] gtk/spice-channel.c

Christophe Fergau teuf at kemper.freedesktop.org
Tue Mar 25 07:55:55 PDT 2014

 gtk/spice-channel.c |    3 +++
 1 file changed, 3 insertions(+)

New commits:
commit 8f5bd25249e73390ddde9eced6bf32cf2bc05a24
Author: Christophe Fergeau <cfergeau at redhat.com>
Date:   Thu Mar 13 17:15:04 2014 +0100

    Advertise SASL cap from client
    A client setting this capability indicates to the server that it's able
    to handle SASL authentication, and it also indicates that if SASL is
    to be used for authentication, then it won't expect a valid 'pub_key' field
    in SpiceLinkReply.
    The reason for making guarantees about not looking at the pub_key field is
    that its presence and size is hardcoded in the protocol, but in some
    hardened setups (using fips mode), generating a RSA 1024 bit key as
    expected is forbidden and fails. With this new capability, the server
    knows the client will be able to handle SASL if needed, and can skip
    the generation of the key altogether. This means that on the setups
    described above, SASL authentication has to be used.

diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
index 46c51b0..6f3f689 100644
--- a/gtk/spice-channel.c
+++ b/gtk/spice-channel.c
@@ -114,6 +114,9 @@ static void spice_channel_init(SpiceChannel *channel)
     c->remote_common_caps = g_array_new(FALSE, TRUE, sizeof(guint32));
     spice_channel_set_common_capability(channel, SPICE_COMMON_CAP_PROTOCOL_AUTH_SELECTION);
     spice_channel_set_common_capability(channel, SPICE_COMMON_CAP_MINI_HEADER);
+    spice_channel_set_common_capability(channel, SPICE_COMMON_CAP_AUTH_SASL);

More information about the Spice-commits mailing list