[Spice-devel] [PATCH 9/9] Handle unencrypted tickets from clients

[Christophe Fergeau]

This commit adds the needed caps to let clients know the server can handle
unencrypted tickets, and it adds support for receiving such tickets from
clients.
---
 server/reds.c | 42 +++++++++++++++++++++++++-----------------
 1 file changed, 25 insertions(+), 17 deletions(-)

diff --git a/server/reds.c b/server/reds.c
index 88272d9..e4e9ec9 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -1324,6 +1324,7 @@ static void reds_channel_init_auth_caps(RedLinkInfo *link, RedChannel *channel)
         red_channel_set_common_cap(channel, SPICE_COMMON_CAP_AUTH_SPICE);
     }
     red_channel_set_common_cap(channel, SPICE_COMMON_CAP_PROTOCOL_AUTH_SELECTION);
+    red_channel_set_common_cap(channel, SPICE_COMMON_CAP_PROTOCOL_PLAIN_TEXT_TICKET);
 }
 
 
@@ -1860,24 +1861,31 @@ static char *reds_get_ticket(RedLinkInfo *link)
     char *password;
     int password_size;
 
-    if (RSA_size(link->tiTicketing.rsa) < SPICE_MAX_PASSWORD_LENGTH) {
-        spice_warning("RSA modulus size is smaller than SPICE_MAX_PASSWORD_LENGTH (%d < %d), "
-                      "SPICE ticket sent from client may be truncated",
-                      RSA_size(link->tiTicketing.rsa), SPICE_MAX_PASSWORD_LENGTH);
-    }
-
-    password = g_malloc0(RSA_size(link->tiTicketing.rsa) + 1);
-    password_size = RSA_private_decrypt(link->tiTicketing.size,
-                                        link->tiTicketing.ticket.encrypted_data,
-                                        (unsigned char *)password,
-                                        link->tiTicketing.rsa,
-                                        RSA_PKCS1_OAEP_PADDING);
-    if (password_size == -1) {
-        spice_warning("failed to decrypt RSA encrypted password: %s",
-                      ERR_error_string(ERR_get_error(), NULL));
-        return NULL;
+    if (link->tiTicketing.encryption_type == SPICE_TICKET_ENCRYPTION_RSA) {
+        if (RSA_size(link->tiTicketing.rsa) < SPICE_MAX_PASSWORD_LENGTH) {
+            spice_warning("RSA modulus size is smaller than SPICE_MAX_PASSWORD_LENGTH (%d < %d), "
+                          "SPICE ticket sent from client may be truncated",
+                          RSA_size(link->tiTicketing.rsa), SPICE_MAX_PASSWORD_LENGTH);
+        }
+
+        password = g_malloc0(RSA_size(link->tiTicketing.rsa) + 1);
+        password_size = RSA_private_decrypt(link->tiTicketing.size,
+                                            link->tiTicketing.ticket.encrypted_data,
+                                            (unsigned char *)password,
+                                            link->tiTicketing.rsa,
+                                            RSA_PKCS1_OAEP_PADDING);
+        if (password_size == -1) {
+            spice_warning("failed to decrypt RSA encrypted password: %s",
+                          ERR_error_string(ERR_get_error(), NULL));
+            return NULL;
+        }
+        password[password_size] = '\0';
+    } else if (link->tiTicketing.encryption_type == SPICE_TICKET_ENCRYPTION_NONE) {
+        password = g_strndup((char *)link->tiTicketing.ticket.encrypted_data,
+                             link->tiTicketing.size);
+    } else {
+        g_warn_if_reached();
     }
-    password[password_size] = '\0';
 
     return password;
 }
-- 
1.8.5.3