<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 21 Feb 2017, at 16:28, Snir Sheriber <<a href="mailto:ssheribe@redhat.com" class="">ssheribe@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">Hi,</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">On 02/20/2017 07:00 PM, Christophe de Dinechin wrote:</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><blockquote type="cite" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class=""><blockquote type="cite" class="">On 19 Feb 2017, at 15:47, Snir Sheriber <<a href="mailto:ssheribe@redhat.com" class="">ssheribe@redhat.com</a>> wrote:<br class=""><br class="">Remove handling with failures in the SASL authentication<br class="">process to separate function<br class="">---<br class="">src/spice-channel.c | 44 +++++++++++++++++++++++++++-----------------<br class="">1 file changed, 27 insertions(+), 17 deletions(-)<br class=""><br class="">diff --git a/src/spice-channel.c b/src/spice-channel.c<br class="">index af67931..cbf1291 100644<br class="">--- a/src/spice-channel.c<br class="">+++ b/src/spice-channel.c<br class="">@@ -1113,28 +1113,38 @@ static int spice_channel_read(SpiceChannel *channel, void *data, size_t length)<br class=""> return length;<br class="">}<br class=""><br class="">+#if HAVE_SASL<br class="">/* coroutine context */<br class="">-static void spice_channel_failed_authentication(SpiceChannel *channel,<br class="">- gboolean invalidPassword)<br class="">+static void spice_channel_failed_sasl_authentication(SpiceChannel *channel)<br class="">{<br class=""> SpiceChannelPrivate *c = channel->priv;<br class="">+ gint err_code; /* Affects the authentication window activated fileds */<br class=""><br class=""> if (c->auth_needs_username && c->auth_needs_password)<br class="">- g_set_error_literal(&c->error,<br class="">- SPICE_CLIENT_ERROR,<br class="">- SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD_AND_USERNAME,<br class="">- _("Authentication failed: password and username are required"));<br class="">+ err_code = SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD_AND_USERNAME;<br class=""> else if (c->auth_needs_username)<br class="">- g_set_error_literal(&c->error,<br class="">- SPICE_CLIENT_ERROR,<br class="">- SPICE_CLIENT_ERROR_AUTH_NEEDS_USERNAME,<br class="">- _("Authentication failed: username is required"));<br class="">- else if (c->auth_needs_password)<br class="">- g_set_error_literal(&c->error,<br class="">- SPICE_CLIENT_ERROR,<br class="">- SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD,<br class="">- _("Authentication failed: password is required"));<br class="">- else if (invalidPassword)<br class="">+ err_code = SPICE_CLIENT_ERROR_AUTH_NEEDS_USERNAME;<br class="">+ else<br class="">+ err_code = SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD;<br class="">+<br class="">+ g_set_error_literal(&c->error,<br class="">+ SPICE_CLIENT_ERROR,<br class="">+ err_code,<br class="">+ _("SASL authentication failed"));<br class=""></blockquote>Per the recent discussion (Feb 14 with Christophe F), can’t we map common SASL errors to Spice messages? To me, it’s different if the problem is that I used a wrong password or if the server is down. The message as is seems quite terse.<br class=""><br class="">Errors that seem be reportable (although not all of them seem relevant to Spice):<br class=""><br class="">SASL_BADAUTH<span class="Apple-tab-span" style="white-space: pre;"> </span>Authentication failure.<br class="">SASL_NOAUTHZ<span class="Apple-tab-span" style="white-space: pre;"> </span>Authorization failure.<br class="">SASL_EXPIRED<span class="Apple-tab-span" style="white-space: pre;"> </span>The passphrase expired and must be reset.<br class="">SASL_DISABLED<span class="Apple-tab-span" style="white-space: pre;"> </span>Account disabled.<br class="">SASL_NOUSER<span class="Apple-tab-span" style="white-space: pre;"> </span>User not found.<br class="">SASL_BADVERS<span class="Apple-tab-span" style="white-space: pre;"> </span>Version mismatch with plug-in.<br class="">SASL_NOVERIFY<span class="Apple-tab-span" style="white-space: pre;"> </span>The user exists, but there is no verifier for the user.<br class="">SASL_WEAKPASS<span class="Apple-tab-span" style="white-space: pre;"> </span>The passphrase is too weak for security policy.<br class="">SASL_NOUSERPASS<span class="Apple-tab-span" style="white-space: pre;"> </span>User supplied passwords are not permitted.<br class=""><br class=""><br class="">Some that may need to be “translated” in Spicese if they ever get back to us:<br class=""><br class="">SASL_TOOWEAK<span class="Apple-tab-span" style="white-space: pre;"> </span>The mechanism is too weak for this user.<br class="">SASL_ENCRYPT<span class="Apple-tab-span" style="white-space: pre;"> </span>Encryption is needed to use this mechanism.<br class="">SASL_TRANS<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"> </span>One time use of a plaintext password will enable requested mechanism for user.<br class=""><br class="">Others should probably collected into a “default” in a switch statement, something like “Unexpected SASL error code <blah>”.<br class=""><br class=""></blockquote><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">As link result/error? I guess it would be the best , but first it requires to inform the client in some other way that it can stop waiting for the sasl server start\step result (currently it just freeing the link)</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">btw according to sasl docs the full error string should be sent</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""></div></blockquote><div><br class=""></div><div>Yes, but not translated. We can always add the SASL errors to the po files.</div><div><br class=""></div><div>Christophe</div><br class=""><blockquote type="cite" class=""><div class=""><blockquote type="cite" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class=""><blockquote type="cite" class="">+<br class="">+ c->event = SPICE_CHANNEL_ERROR_AUTH;<br class="">+<br class="">+ c->has_error = TRUE; /* force disconnect */<br class="">+}<br class="">+#endif<br class="">+<br class="">+/* coroutine context */<br class="">+static void spice_channel_failed_authentication(SpiceChannel *channel,<br class="">+ gboolean invalidPassword)<br class="">+{<br class="">+ SpiceChannelPrivate *c = channel->priv;<br class="">+<br class="">+ if (invalidPassword)<br class=""> g_set_error_literal(&c->error,<br class=""> SPICE_CLIENT_ERROR,<br class=""> SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD,<br class="">@@ -1808,7 +1818,7 @@ error:<br class=""> if (saslconn)<br class=""> sasl_dispose(&saslconn);<br class=""><br class="">- spice_channel_failed_authentication(channel, FALSE);<br class="">+ spice_channel_failed_sasl_authentication(channel);<br class=""> ret = FALSE;<br class=""><br class="">cleanup:<br class="">--<span class="Apple-converted-space"> </span><br class="">2.9.3<br class=""><br class="">_______________________________________________<br class="">Spice-devel mailing list<br class=""><a href="mailto:Spice-devel@lists.freedesktop.org" class="">Spice-devel@lists.freedesktop.org</a><br class="">https://lists.freedesktop.org/mailman/listinfo/spice-devel<br class=""></blockquote></blockquote><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">_______________________________________________</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">Spice-devel mailing list</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class=""><a href="mailto:Spice-devel@lists.freedesktop.org" class="">Spice-devel@lists.freedesktop.org</a></span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class=""><a href="https://lists.freedesktop.org/mailman/listinfo/spice-devel" class="">https://lists.freedesktop.org/mailman/listinfo/spice-devel</a></span></div></blockquote></div><br class=""></body></html>