[Spice-devel] [patch 1/1] fix SASL for mechanism using WANT_CLIENT_FIRST
Christophe Fergeau
cfergeau at redhat.com
Fri Oct 25 10:43:13 CEST 2013
On Tue, Oct 22, 2013 at 11:07:56AM +0200, dietmar at proxmox.com wrote:
> Current code works with DIGEST-MD5, but not with PLAIN.
After spending quite some time on this, this seems right, we need to handle
sasl_client_start() returning SASL_OK and not step in this case. However,
as this is under-documented in cyrus-sasl documentation, I'll ask on
their mailing list first if this makes sense (and hopefully get cyrus-sasl
documentation improved).
Christophe
>
> Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
>
> Index: new/gtk/spice-channel.c
> ===================================================================
> --- new.orig/gtk/spice-channel.c 2013-10-22 09:04:23.000000000 +0200
> +++ new/gtk/spice-channel.c 2013-10-22 09:40:10.000000000 +0200
> @@ -1508,7 +1511,7 @@
>
> /* NB, distinction of NULL vs "" is *critical* in SASL */
> if (clientout) {
> - len += clientoutlen + 1;
> + len = clientoutlen + 1;
> spice_channel_write(channel, &len, sizeof(guint32));
> spice_channel_write(channel, clientout, len);
> } else {
> @@ -1550,6 +1553,9 @@
> * Even if the server has completed, the client must *always* do at least one step
> * in this loop to verify the server isn't lying about something. Mutual auth */
> for (;;) {
> + if (complete && err == SASL_OK)
> + break;
> +
> restep:
> err = sasl_client_step(saslconn,
> serverin,
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20131025/fb54083b/attachment.pgp>
More information about the Spice-devel
mailing list