[Spice-devel] [PATCH 1/2] authentication: Handle failed SASL authentication separately

[Snir Sheriber]

Remove handling with failures in the SASL authentication
process to separate function and display the error message
as reported by the SASL client (could also display SASL
server error message if error number was sent to the client)
---
 src/spice-channel.c | 42 +++++++++++++++++++++++++++++-------------
 1 file changed, 29 insertions(+), 13 deletions(-)

diff --git a/src/spice-channel.c b/src/spice-channel.c
index 6556db3..37e36d9 100644
--- a/src/spice-channel.c
+++ b/src/spice-channel.c
@@ -1113,28 +1113,44 @@ static int spice_channel_read(SpiceChannel *channel, void *data, size_t length)
     return length;
 }
 
+#if HAVE_SASL
 /* coroutine context */
-static void spice_channel_failed_authentication(SpiceChannel *channel,
-                                                gboolean invalidPassword)
+static void spice_channel_failed_sasl_authentication(SpiceChannel *channel, int err)
 {
     SpiceChannelPrivate *c = channel->priv;
+    gint err_code; /* Affects the authentication window fileds */
 
     if (c->auth_needs_username && c->auth_needs_password)
-        g_set_error_literal(&c->error,
-                            SPICE_CLIENT_ERROR,
-                            SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD_AND_USERNAME,
-                            _("Authentication failed: password and username are required"));
+        err_code = SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD_AND_USERNAME;
     else if (c->auth_needs_username)
+        err_code = SPICE_CLIENT_ERROR_AUTH_NEEDS_USERNAME;
+    else
+        err_code = SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD;
+
+    if (err < 0)
         g_set_error_literal(&c->error,
                             SPICE_CLIENT_ERROR,
-                            SPICE_CLIENT_ERROR_AUTH_NEEDS_USERNAME,
-                            _("Authentication failed: username is required"));
-    else if (c->auth_needs_password)
+                            err_code,
+                            sasl_errstring(err, NULL, NULL));
+    else
         g_set_error_literal(&c->error,
                             SPICE_CLIENT_ERROR,
-                            SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD,
-                            _("Authentication failed: password is required"));
-    else if (invalidPassword)
+                            err_code,
+                            _("Authentication failed"));
+
+    c->event = SPICE_CHANNEL_ERROR_AUTH;
+
+    c->has_error = TRUE; /* force disconnect */
+}
+#endif
+
+/* coroutine context */
+static void spice_channel_failed_authentication(SpiceChannel *channel,
+                                                gboolean invalidPassword)
+{
+    SpiceChannelPrivate *c = channel->priv;
+
+    if (invalidPassword)
         g_set_error_literal(&c->error,
                             SPICE_CLIENT_ERROR,
                             SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD,
@@ -1808,7 +1824,7 @@ error:
     if (saslconn)
         sasl_dispose(&saslconn);
 
-    spice_channel_failed_authentication(channel, FALSE);
+    spice_channel_failed_sasl_authentication(channel, err);
     ret = FALSE;
 
 cleanup:
-- 
2.9.3