[Spice-devel] [patch 2/2] virt-viewer: use username and password for spice sessions with SASL
Marc-André Lureau
marcandre.lureau at gmail.com
Mon Oct 28 20:43:15 CET 2013
On Mon, Oct 28, 2013 at 3:31 PM, Christophe Fergeau <cfergeau at redhat.com> wrote:
> Hey,
>
> remote-viewer patches should be sent to
> http://www.redhat.com/mailman/listinfo/virt-tools-list (feel free to cc:
> that list as well for this patch series).
>
> On Thu, Oct 24, 2013 at 08:04:33AM +0200, dietmar at proxmox.com wrote:
>> Also set username if set inside configuration file.
>>
>> Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
>>
>> Index: new/src/virt-viewer-session-spice.c
>> ===================================================================
>> --- new.orig/src/virt-viewer-session-spice.c 2013-10-24 06:17:52.000000000 +0200
>> +++ new/src/virt-viewer-session-spice.c 2013-10-24 07:44:42.000000000 +0200
>> @@ -342,6 +342,11 @@
>> g_object_set(G_OBJECT(session), "password", val, NULL);
>> g_free(val);
>> }
>> + if (virt_viewer_file_is_set(file, "username")) {
>> + gchar *val = virt_viewer_file_get_username(file);
>> + g_object_set(G_OBJECT(session), "username", val, NULL);
>> + g_free(val);
>> + }
>>
>> if (virt_viewer_file_is_set(file, "tls-ciphers")) {
>> gchar *val = virt_viewer_file_get_tls_ciphers(file);
>> @@ -462,12 +467,13 @@
>> }
>>
>> static void
>> -virt_viewer_session_spice_main_channel_event(SpiceChannel *channel G_GNUC_UNUSED,
>> +virt_viewer_session_spice_main_channel_event(SpiceChannel *channel,
>> SpiceChannelEvent event,
>> VirtViewerSession *session)
>> {
>> VirtViewerSessionSpice *self = VIRT_VIEWER_SESSION_SPICE(session);
>> gchar *password = NULL;
>> + gchar *username = NULL;
>>
>> g_return_if_fail(self != NULL);
>>
>> @@ -488,15 +494,22 @@
>> break;
>> case SPICE_CHANNEL_ERROR_AUTH:
>> DEBUG_LOG("main channel: auth failure (wrong password?)");
>> +
>> + gboolean auth_sasl = spice_channel_test_common_capability(channel, SPICE_COMMON_CAP_AUTH_SASL);
>> +
>
> Older spice versions will not need/not be able to cope with a username
> here. Also, it does not look right to me to have this here, maybe the SASL
> method we are using did not request a username. I'd add a
> spice_channel_auth_needs_username() method or something like that (I assume
> we cannot pass some additional data when reporting a
> SPICE_CHANNEL_ERROR_AUTH error?), and add some fallback returning FALSE
> when this method is not available.
I suggested adding an SPICE_CHANNEL_ERROR_AUTH_USER_AND_PASS error.
>
>> int ret = virt_viewer_auth_collect_credentials(self->priv->main_window,
>> "SPICE",
>> NULL,
>> - NULL, &password);
>> + auth_sasl ? &username : NULL,
>> + &password);
>> if (ret < 0) {
>> g_signal_emit_by_name(session, "session-cancelled");
>> } else {
>> gboolean openfd;
>>
>> + if (auth_sasl) {
>> + g_object_set(self->priv->session, "username", username, NULL);
>> + }
>
> Will not work either with an older spice-gtk version, though this will only
> give a runtime error warning.
>
> Christophe
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
>
--
Marc-André Lureau
More information about the Spice-devel
mailing list