[Spice-devel] [v2: PATCH 3/3] Add support to handle username when connecting with SASL
Christophe Fergeau
cfergeau at redhat.com
Mon Oct 6 07:23:32 PDT 2014
ACK
On Mon, Oct 06, 2014 at 01:52:45PM +0200, Fabiano Fidêncio wrote:
> Based on a patch from Dietmar Maurer <dietmar at proxmox.com>
> http://lists.freedesktop.org/archives/spice-devel/2013-October/015138.html
>
> ---
> Changes since v1:
> - Change the commit author
> - Add spice-channel.c to POTFILES.in
> - Keeping looking for SASL_CB_USER|SASL_CB_AUTHNAME even after SASL_CB_PASS is found
> ---
> gtk/spice-channel.c | 35 +++++++++++++++++++++++++++++++----
> po/POTFILES.in | 1 +
> 2 files changed, 32 insertions(+), 4 deletions(-)
>
> diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
> index a8b4e35..3474c73 100644
> --- a/gtk/spice-channel.c
> +++ b/gtk/spice-channel.c
> @@ -26,6 +26,8 @@
> #include "spice-marshal.h"
> #include "bio-gio.h"
>
> +#include <glib/gi18n.h>
> +
> #include <openssl/rsa.h>
> #include <openssl/evp.h>
> #include <openssl/x509.h>
> @@ -1253,6 +1255,7 @@ spice_channel_gather_sasl_credentials(SpiceChannel *channel,
> {
> SpiceChannelPrivate *c;
> int ninteract;
> + gboolean ret = TRUE;
>
> g_return_val_if_fail(channel != NULL, FALSE);
> g_return_val_if_fail(channel->priv != NULL, FALSE);
> @@ -1265,12 +1268,34 @@ spice_channel_gather_sasl_credentials(SpiceChannel *channel,
> switch (interact[ninteract].id) {
> case SASL_CB_AUTHNAME:
> case SASL_CB_USER:
> - g_warn_if_reached();
> + if (spice_session_get_username(c->session) == NULL) {
> + /* The error could be set previously if the SASL_CB_PASS case was
> + * reached. To prevent setting a GError on top of another GError,
> + * let's be safe cleaning it up. */
> + g_clear_error(&c->error);
> + g_set_error_literal(&c->error,
> + SPICE_CHANNEL_ERROR,
> + SPICE_CHANNEL_ERROR_AUTH_NEEDS_PASSWORD_AND_USERNAME,
> + _("Authentication failed: password and username are required"));
> + return FALSE;
> + }
> +
> + interact[ninteract].result = spice_session_get_username(c->session);
> + interact[ninteract].len = strlen(interact[ninteract].result);
> break;
>
> case SASL_CB_PASS:
> - if (spice_session_get_password(c->session) == NULL)
> - return FALSE;
> + if (spice_session_get_password(c->session) == NULL) {
> + g_set_error_literal(&c->error,
> + SPICE_CHANNEL_ERROR,
> + SPICE_CHANNEL_ERROR_AUTH_NEEDS_PASSWORD,
> + _("Authentication failed: password is required"));
> + ret = FALSE;
> + /* Even if we reach this point, we have to continue looking for
> + * SASL_CB_AUTHNAME|SASL_CB_USER, otherwise we would return a
> + * wrong error to the user */
> + continue;
> + }
>
> interact[ninteract].result = spice_session_get_password(c->session);
> interact[ninteract].len = strlen(interact[ninteract].result);
> @@ -1280,7 +1305,7 @@ spice_channel_gather_sasl_credentials(SpiceChannel *channel,
>
> CHANNEL_DEBUG(channel, "Filled SASL interact");
>
> - return TRUE;
> + return ret;
> }
>
> /*
> @@ -1334,6 +1359,8 @@ static gboolean spice_channel_perform_auth_sasl(SpiceChannel *channel)
> const void *val;
> sasl_ssf_t ssf;
> static const sasl_callback_t saslcb[] = {
> + { .id = SASL_CB_USER },
> + { .id = SASL_CB_AUTHNAME },
> { .id = SASL_CB_PASS },
> { .id = 0 },
> };
> diff --git a/po/POTFILES.in b/po/POTFILES.in
> index 8809121..3375ab5 100644
> --- a/po/POTFILES.in
> +++ b/po/POTFILES.in
> @@ -2,6 +2,7 @@ data/spice-mime.xml.in
> data/spicy.desktop.in.in
> gtk/channel-usbredir.c
> gtk/desktop-integration.c
> +gtk/spice-channel.c
> gtk/spice-cmdline.c
> gtk/spice-option.c
> gtk/spicy-screenshot.c
> --
> 2.1.0
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20141006/29c5f5c9/attachment.sig>
More information about the Spice-devel
mailing list