[Spice-devel] [patch 2/2] virt-viewer: use username and password for spice sessions with SASL

Christophe Fergeau cfergeau at redhat.com
Mon Oct 28 15:31:00 CET 2013 

Hey,

remote-viewer patches should be sent to
http://www.redhat.com/mailman/listinfo/virt-tools-list (feel free to cc:
that list as well for this patch series).

On Thu, Oct 24, 2013 at 08:04:33AM +0200, dietmar at proxmox.com wrote:
> Also set username if set inside configuration file.
> 
> Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
> 
> Index: new/src/virt-viewer-session-spice.c
> ===================================================================
> --- new.orig/src/virt-viewer-session-spice.c	2013-10-24 06:17:52.000000000 +0200
> +++ new/src/virt-viewer-session-spice.c	2013-10-24 07:44:42.000000000 +0200
> @@ -342,6 +342,11 @@
>          g_object_set(G_OBJECT(session), "password", val, NULL);
>          g_free(val);
>      }
> +    if (virt_viewer_file_is_set(file, "username")) {
> +        gchar *val = virt_viewer_file_get_username(file);
> +        g_object_set(G_OBJECT(session), "username", val, NULL);
> +        g_free(val);
> +    }
>  
>      if (virt_viewer_file_is_set(file, "tls-ciphers")) {
>          gchar *val = virt_viewer_file_get_tls_ciphers(file);
> @@ -462,12 +467,13 @@
>  }
>  
>  static void
> -virt_viewer_session_spice_main_channel_event(SpiceChannel *channel G_GNUC_UNUSED,
> +virt_viewer_session_spice_main_channel_event(SpiceChannel *channel,
>                                               SpiceChannelEvent event,
>                                               VirtViewerSession *session)
>  {
>      VirtViewerSessionSpice *self = VIRT_VIEWER_SESSION_SPICE(session);
>      gchar *password = NULL;
> +    gchar *username = NULL;
>  
>      g_return_if_fail(self != NULL);
>  
> @@ -488,15 +494,22 @@
>          break;
>      case SPICE_CHANNEL_ERROR_AUTH:
>          DEBUG_LOG("main channel: auth failure (wrong password?)");
> +
> +        gboolean auth_sasl = spice_channel_test_common_capability(channel, SPICE_COMMON_CAP_AUTH_SASL);
> +

Older spice versions will not need/not be able to cope with a username
here. Also, it does not look right to me to have this here, maybe the SASL
method we are using did not request a username. I'd add a
spice_channel_auth_needs_username() method or something like that (I assume
we cannot pass some additional data when reporting a
SPICE_CHANNEL_ERROR_AUTH error?), and add some fallback returning FALSE
when this method is not available.

>          int ret = virt_viewer_auth_collect_credentials(self->priv->main_window,
>                                                         "SPICE",
>                                                         NULL,
> -                                                       NULL, &password);
> +                                                       auth_sasl ? &username : NULL,
> +                                                       &password);
>          if (ret < 0) {
>              g_signal_emit_by_name(session, "session-cancelled");
>          } else {
>              gboolean openfd;
>  
> +            if (auth_sasl) {
> +                g_object_set(self->priv->session, "username", username, NULL);
> +            }

Will not work either with an older spice-gtk version, though this will only
give a runtime error warning.

Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20131028/9c23f868/attachment.pgp>

More information about the Spice-devel mailing list