[Spice-devel] [PATCH] protocol: RFC: add common channel caps for AUTH mechanism selection

Marc-André Lureau mlureau at redhat.com
Sun Feb 13 07:10:46 PST 2011 

----- Original Message -----
> In general I like, I do have a few remarks though.
> 
> I would like to state in the spec, and see in this example, that
> SPICE_CHANNEL_CAP_AUTH_SPICE must always be supported, and thus set
> in the capabilities field. This way we ensure that their will always
> be
> one auth method both sides support.
> 

How would you enforce usage of SASL then? In fact, the way I implemented it, if you select SASL (from qemu command line), Spice AUTH is then disabled.

> > C: SpiceLinkAuthMechanism CAP_AUTH_SASL
> >
> > Init:
> > S: u32 mechlist-length
> >      u8-array mechlist-string
> >
> > Start:
> > C: u32 mechname-length
> >      u8-array mechname-string
> >      u32 clientout-length
> >      u8-array clientout-string
> > S: u32 serverin-length
> >      u8-array serverin-string
> >      u8 continue
> >
> > Step: (while continue)
> > C: u32 clientout-length
> >      u8-array clientout-string
> > S: u32 serverin-length
> >      u8-array serverin-string
> >      u8 continue
> >
> > See also VNC SASL protocol description, which uses the same
> > protocol:
> >
> > http://sourceforge.net/mailarchive/forum.php?thread_name=20100719125155.GA14166%40evileye.atkac.brq.redhat.com&forum_name=tigervnc-rfbproto
> > ---
> >   spice/protocol.h | 10 ++++++++++
> >   1 files changed, 10 insertions(+), 0 deletions(-)
> >
> > diff --git a/spice/protocol.h b/spice/protocol.h
> > index d6a2041..77458db 100644
> > --- a/spice/protocol.h
> > +++ b/spice/protocol.h
> > @@ -51,6 +51,12 @@ typedef struct SPICE_ATTR_PACKED SpiceLinkHeader
> > {
> >       uint32_t size;
> >   } SpiceLinkHeader;
> >
> > +enum {
> > + SPICE_CHANNEL_CAP_PROTOCOL_AUTH_SELECTION,
> > + SPICE_CHANNEL_CAP_AUTH_SPICE,
> > + SPICE_CHANNEL_CAP_AUTH_SASL,
> > +};
> > +
> 
> So I guess there have been no common channel caps defined so far? (too
> lazy too check on a sunday) also maybe we should put COMMON in the
> names (I know they are long enough as is) ?


Agreed. No, we didn't have common caps so far.

-- 
Marc-André Lureau

More information about the Spice-devel mailing list