Hey,
On Tue, Oct 22, 2013 at 11:07:56AM +0200, dietmar@xxxxxxxxxxx wrote:
> Current code works with DIGEST-MD5, but not with PLAIN.
>
> Signed-off-by: Dietmar Maurer <dietmar@xxxxxxxxxxx>
>
> Index: new/gtk/spice-channel.c
> ===================================================================
> --- new.orig/gtk/spice-channel.c 2013-10-22 09:04:23.000000000 +0200
> +++ new/gtk/spice-channel.c 2013-10-22 09:40:10.000000000 +0200
> @@ -1508,7 +1511,7 @@
>
> /* NB, distinction of NULL vs "" is *critical* in SASL */
> if (clientout) {
> - len += clientoutlen + 1;
> + len = clientoutlen + 1;
> spice_channel_write(channel, &len, sizeof(guint32));
> spice_channel_write(channel, clientout, len);
> } else {
Yeah, I had noticed this as well, but could not find a case where it would
prevent auth from working, ACK on this bit if this helps you.
> @@ -1550,6 +1553,9 @@
> * Even if the server has completed, the client must *always* do at least one step
> * in this loop to verify the server isn't lying about something. Mutual auth */
> for (;;) {
> + if (complete && err == SASL_OK)
> + break;
> +
This bit makes me much more uncomfortable, especially this is touching
security-sensitive code. Things are not working without it?
If you have a working sasl plain config for spice, I'd be interested in it
as I could not get that to work for testing :((
Christophe
Attachment:
pgpHJ0UrPMnDd.pgp
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel