[Spice-devel] [PATCH] Be more specific in the case of authentication error

Fabiano FidĂȘncio fidencio at redhat.com
Thu Nov 19 06:57:55 PST 2015 

On Thu, Nov 19, 2015 at 3:42 PM,  <mkasik at redhat.com> wrote:
> From: Marek Kasik <mkasik at redhat.com>
>
> This patch adds SPICE_CLIENT_ERROR_AUTH_NEEDS_USERNAME error
> for the case when authentication fails because of missing username.
> This can happen when GSSAPI method is used.
>
> https://bugs.freedesktop.org/show_bug.cgi?id=92994
> ---
>  src/spice-channel-priv.h |  3 ++-
>  src/spice-channel.c      | 31 +++++++++++++++++++++++++++----
>  src/spice-client.h       |  2 ++
>  3 files changed, 31 insertions(+), 5 deletions(-)
>
> diff --git a/src/spice-channel-priv.h b/src/spice-channel-priv.h
> index 4b2d1e6..d60ea73 100644
> --- a/src/spice-channel-priv.h
> +++ b/src/spice-channel-priv.h
> @@ -143,7 +143,8 @@ struct _SpiceChannelPrivate {
>      GSList                      *flushing;
>
>      gboolean                    disable_channel_msg;
> -    gboolean                    auth_needs_username_and_password;
> +    gboolean                    auth_needs_username;
> +    gboolean                    auth_needs_password;
>      GError                      *error;
>  };
>
> diff --git a/src/spice-channel.c b/src/spice-channel.c
> index 1c96ded..d8bba5c 100644
> --- a/src/spice-channel.c
> +++ b/src/spice-channel.c
> @@ -110,7 +110,8 @@ static void spice_channel_init(SpiceChannel *channel)
>      c->out_serial = 1;
>      c->in_serial = 1;
>      c->fd = -1;
> -    c->auth_needs_username_and_password = FALSE;
> +    c->auth_needs_username = FALSE;
> +    c->auth_needs_password = FALSE;
>      strcpy(c->name, "?");
>      c->caps = g_array_new(FALSE, TRUE, sizeof(guint32));
>      c->common_caps = g_array_new(FALSE, TRUE, sizeof(guint32));
> @@ -1019,11 +1020,21 @@ static void spice_channel_failed_authentication(SpiceChannel *channel,
>  {
>      SpiceChannelPrivate *c = channel->priv;
>
> -    if (c->auth_needs_username_and_password)
> +    if (c->auth_needs_username && c->auth_needs_password)
>          g_set_error_literal(&c->error,
>                              SPICE_CLIENT_ERROR,
>                              SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD_AND_USERNAME,
>                              _("Authentication failed: password and username are required"));
> +    else if (c->auth_needs_username)
> +        g_set_error_literal(&c->error,
> +                            SPICE_CLIENT_ERROR,
> +                            SPICE_CLIENT_ERROR_AUTH_NEEDS_USERNAME,
> +                            _("Authentication failed: username is required"));
> +    else if (c->auth_needs_password)
> +        g_set_error_literal(&c->error,
> +                            SPICE_CLIENT_ERROR,
> +                            SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD,
> +                            _("Authentication failed: password is required"));
>      else if (invalidPassword)
>          g_set_error_literal(&c->error,
>                              SPICE_CLIENT_ERROR,
> @@ -1287,7 +1298,18 @@ spice_channel_gather_sasl_credentials(SpiceChannel *channel,
>          switch (interact[ninteract].id) {
>          case SASL_CB_AUTHNAME:
>          case SASL_CB_USER:
> -            c->auth_needs_username_and_password = TRUE;
> +            c->auth_needs_username = TRUE;
> +            break;
> +        case SASL_CB_PASS:
> +            c->auth_needs_password = TRUE;
> +            break;
> +        }
> +    }
> +
> +    for (ninteract = 0 ; interact[ninteract].id != 0 ; ninteract++) {
> +        switch (interact[ninteract].id) {
> +        case SASL_CB_AUTHNAME:
> +        case SASL_CB_USER:
>              if (spice_session_get_username(c->session) == NULL)
>                  return FALSE;
>
> @@ -2626,7 +2648,8 @@ static void channel_reset(SpiceChannel *channel, gboolean migrating)
>
>      c->fd = -1;
>
> -    c->auth_needs_username_and_password = FALSE;
> +    c->auth_needs_username = FALSE;
> +    c->auth_needs_password = FALSE;
>
>      g_free(c->peer_msg);
>      c->peer_msg = NULL;
> diff --git a/src/spice-client.h b/src/spice-client.h
> index b794472..32b79ea 100644
> --- a/src/spice-client.h
> +++ b/src/spice-client.h
> @@ -67,6 +67,7 @@ G_BEGIN_DECLS
>   * @SPICE_CLIENT_ERROR_USB_DEVICE_REJECTED: device redirection rejected by host
>   * @SPICE_CLIENT_ERROR_USB_DEVICE_LOST: device disconnected (fatal IO error)
>   * @SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD: password is required
> + * @SPICE_CLIENT_ERROR_AUTH_NEEDS_USERNAME: username is required
>   * @SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD_AND_USERNAME: password and username are required
>   * @SPICE_CLIENT_ERROR_USB_SERVICE: USB service error
>   *
> @@ -78,6 +79,7 @@ typedef enum
>      SPICE_CLIENT_ERROR_USB_DEVICE_REJECTED,
>      SPICE_CLIENT_ERROR_USB_DEVICE_LOST,
>      SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD,
> +    SPICE_CLIENT_ERROR_AUTH_NEEDS_USERNAME,
>      SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD_AND_USERNAME,
>      SPICE_CLIENT_ERROR_USB_SERVICE,
>  } SpiceClientError;
> --
> 2.5.0
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel

Patch looks good, Marek.
Thanks for the contribution.

Best Regards,
--
Fabiano FidĂȘncio

More information about the Spice-devel mailing list