[Spice-devel] [v2: PATCH 3/3] Add support to handle username when connecting with SASL
Fabiano Fidêncio
fidencio at redhat.com
Mon Oct 6 04:52:45 PDT 2014
Based on a patch from Dietmar Maurer <dietmar at proxmox.com>
http://lists.freedesktop.org/archives/spice-devel/2013-October/015138.html
---
Changes since v1:
- Change the commit author
- Add spice-channel.c to POTFILES.in
- Keeping looking for SASL_CB_USER|SASL_CB_AUTHNAME even after SASL_CB_PASS is found
---
gtk/spice-channel.c | 35 +++++++++++++++++++++++++++++++----
po/POTFILES.in | 1 +
2 files changed, 32 insertions(+), 4 deletions(-)
diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
index a8b4e35..3474c73 100644
--- a/gtk/spice-channel.c
+++ b/gtk/spice-channel.c
@@ -26,6 +26,8 @@
#include "spice-marshal.h"
#include "bio-gio.h"
+#include <glib/gi18n.h>
+
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
@@ -1253,6 +1255,7 @@ spice_channel_gather_sasl_credentials(SpiceChannel *channel,
{
SpiceChannelPrivate *c;
int ninteract;
+ gboolean ret = TRUE;
g_return_val_if_fail(channel != NULL, FALSE);
g_return_val_if_fail(channel->priv != NULL, FALSE);
@@ -1265,12 +1268,34 @@ spice_channel_gather_sasl_credentials(SpiceChannel *channel,
switch (interact[ninteract].id) {
case SASL_CB_AUTHNAME:
case SASL_CB_USER:
- g_warn_if_reached();
+ if (spice_session_get_username(c->session) == NULL) {
+ /* The error could be set previously if the SASL_CB_PASS case was
+ * reached. To prevent setting a GError on top of another GError,
+ * let's be safe cleaning it up. */
+ g_clear_error(&c->error);
+ g_set_error_literal(&c->error,
+ SPICE_CHANNEL_ERROR,
+ SPICE_CHANNEL_ERROR_AUTH_NEEDS_PASSWORD_AND_USERNAME,
+ _("Authentication failed: password and username are required"));
+ return FALSE;
+ }
+
+ interact[ninteract].result = spice_session_get_username(c->session);
+ interact[ninteract].len = strlen(interact[ninteract].result);
break;
case SASL_CB_PASS:
- if (spice_session_get_password(c->session) == NULL)
- return FALSE;
+ if (spice_session_get_password(c->session) == NULL) {
+ g_set_error_literal(&c->error,
+ SPICE_CHANNEL_ERROR,
+ SPICE_CHANNEL_ERROR_AUTH_NEEDS_PASSWORD,
+ _("Authentication failed: password is required"));
+ ret = FALSE;
+ /* Even if we reach this point, we have to continue looking for
+ * SASL_CB_AUTHNAME|SASL_CB_USER, otherwise we would return a
+ * wrong error to the user */
+ continue;
+ }
interact[ninteract].result = spice_session_get_password(c->session);
interact[ninteract].len = strlen(interact[ninteract].result);
@@ -1280,7 +1305,7 @@ spice_channel_gather_sasl_credentials(SpiceChannel *channel,
CHANNEL_DEBUG(channel, "Filled SASL interact");
- return TRUE;
+ return ret;
}
/*
@@ -1334,6 +1359,8 @@ static gboolean spice_channel_perform_auth_sasl(SpiceChannel *channel)
const void *val;
sasl_ssf_t ssf;
static const sasl_callback_t saslcb[] = {
+ { .id = SASL_CB_USER },
+ { .id = SASL_CB_AUTHNAME },
{ .id = SASL_CB_PASS },
{ .id = 0 },
};
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 8809121..3375ab5 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -2,6 +2,7 @@ data/spice-mime.xml.in
data/spicy.desktop.in.in
gtk/channel-usbredir.c
gtk/desktop-integration.c
+gtk/spice-channel.c
gtk/spice-cmdline.c
gtk/spice-option.c
gtk/spicy-screenshot.c
--
2.1.0
More information about the Spice-devel
mailing list