[Spice-devel] [PATCH 3/3] Add support to handle username when connecting with SASL

Christophe Fergeau cfergeau at redhat.com
Thu Oct 2 00:56:43 PDT 2014 

On Wed, Oct 01, 2014 at 04:36:46PM +0200, Fabiano Fidêncio wrote:
> From: Dietmar Maurer <dietmar at proxmox.com>

I didn't dig the old patch, but I'd say it's different enough from the
initial one that you should commit it with your name, and credit Dietmar
in the commit log.

> 
> ---
>  gtk/spice-channel.c | 22 ++++++++++++++++++++--
>  1 file changed, 20 insertions(+), 2 deletions(-)
> 
> diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
> index a8b4e35..fe04707 100644
> --- a/gtk/spice-channel.c
> +++ b/gtk/spice-channel.c
> @@ -26,6 +26,8 @@
>  #include "spice-marshal.h"
>  #include "bio-gio.h"
>  
> +#include <glib/gi18n.h>

You need to add it to POTFILES.in too.

> +
>  #include <openssl/rsa.h>
>  #include <openssl/evp.h>
>  #include <openssl/x509.h>
> @@ -1265,12 +1267,26 @@ spice_channel_gather_sasl_credentials(SpiceChannel *channel,
>          switch (interact[ninteract].id) {
>          case SASL_CB_AUTHNAME:
>          case SASL_CB_USER:
> -            g_warn_if_reached();
> +            if (spice_session_get_username(c->session) == NULL) {
> +                g_set_error_literal(&c->error,
> +                                    SPICE_CHANNEL_ERROR,
> +                                    SPICE_CHANNEL_ERROR_AUTH_NEEDS_PASSWORD_AND_USERNAME,
> +                                    _("Authentication failed: password and username are required"));
> +                return FALSE;
> +            }
> +
> +            interact[ninteract].result =  spice_session_get_username(c->session);
> +            interact[ninteract].len = strlen(interact[ninteract].result);
>              break;
>  
>          case SASL_CB_PASS:
> -            if (spice_session_get_password(c->session) == NULL)
> +            if (spice_session_get_password(c->session) == NULL) {
> +                g_set_error_literal(&c->error,
> +                                    SPICE_CHANNEL_ERROR,
> +                                    SPICE_CHANNEL_ERROR_AUTH_NEEDS_PASSWORD,
> +                                    _("Authentication failed: password is required"));
>                  return FALSE;
> +            }

This probably did not happen during your testing, but it's possible that
while iterating over 'interact', we get first SASL_CB_PASS and then
SASL_CB_USER. In such a case, we'd be wrongly returning an
AUTH_NEEDS_PASSWORD error rather than AUTH_NEEDS_PASSWORD_AND_USERNAME.

Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20141002/4162a2ea/attachment.sig>

More information about the Spice-devel mailing list