[Spice-devel] [spice-gtk] Advertise SASL cap from client
Marc-André Lureau
mlureau at redhat.com
Thu Mar 20 05:57:56 PDT 2014
----- Original Message -----
> A client setting this capability indicates to the server that it's able
> to handle SASL authentication, and it also indicates that if SASL is
> to be used for authentication, then it won't expect a valid 'pub_key' field
> in SpiceLinkReply.
sounds good to me.
ack
> The reason for making guarantees about not looking at the pub_key field is
> that its presence and size is hardcoded in the protocol, but in some
> hardened setups (using fips mode), generating a RSA 1024 bit key as
> expected is forbidden and fails. With this new capability, the server
> knows the client will be able to handle SASL if needed, and can skip
> the generation of the key altogether. This means that on the setups
> described above, SASL authentication has to be used.
> ---
> gtk/spice-channel.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
> index 83c7006..1498162 100644
> --- a/gtk/spice-channel.c
> +++ b/gtk/spice-channel.c
> @@ -114,6 +114,9 @@ static void spice_channel_init(SpiceChannel *channel)
> c->remote_common_caps = g_array_new(FALSE, TRUE, sizeof(guint32));
> spice_channel_set_common_capability(channel,
> SPICE_COMMON_CAP_PROTOCOL_AUTH_SELECTION);
> spice_channel_set_common_capability(channel,
> SPICE_COMMON_CAP_MINI_HEADER);
> +#if HAVE_SASL
> + spice_channel_set_common_capability(channel,
> SPICE_COMMON_CAP_AUTH_SASL);
> +#endif
> g_queue_init(&c->xmit_queue);
> STATIC_MUTEX_INIT(c->xmit_queue_lock);
> }
> --
> 1.8.5.3
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
>
More information about the Spice-devel
mailing list