[Spice-devel] [spice-gtk v2] sasl: fix SASL GSSAPI by allowing NULL username
Pavel Grunt
pgrunt at redhat.com
Tue Jun 7 08:12:13 UTC 2016
Hi,
On Mon, 2016-06-06 at 18:04 +0200, Fabiano Fidêncio wrote:
> From: Alexander Bokovoy <abokovoy at redhat.com>
>
> SASL GSSAPI module will try to negotiate authentication based on the
> credentials in the default credentials cache. It does not matter if
> SPICE knows username or not as SASL negotiation will pass through the
> discovered name from the GSSAPI module.
>
> Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>
> Acked-by: Fabiano Fidêncio <fidencio at redhat.com>
> ---
> Sending the patch to the ML for the record.
> I already ACKed the patch and anyone objects I'll push it Tomorrow.
> ---
> src/spice-channel.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/src/spice-channel.c b/src/spice-channel.c
> index c6e548d..0eb0e61 100644
> --- a/src/spice-channel.c
> +++ b/src/spice-channel.c
> @@ -1387,11 +1387,10 @@ spice_channel_gather_sasl_credentials(SpiceChannel
> *channel,
> switch (interact[ninteract].id) {
> case SASL_CB_AUTHNAME:
> case SASL_CB_USER:
> - if (spice_session_get_username(c->session) == NULL)
> - return FALSE;
so few lines above 'c->auth_needs_username = TRUE' is set, but it is ok to
ignore the missing username ? It is really confusing for me.
How does it affect info about auth failure provided by
spice_channel_failed_authentication() ?
Thanks for reply,
Pavel
> -
> - interact[ninteract].result = spice_session_get_username(c-
> >session);
> - interact[ninteract].len = strlen(interact[ninteract].result);
> + if (spice_session_get_username(c->session) != NULL) {
> + interact[ninteract].result = spice_session_get_username(c-
> >session);
> + interact[ninteract].len = strlen(interact[ninteract].result);
> + }
> break;
>
> case SASL_CB_PASS:
More information about the Spice-devel
mailing list