On Tue, Oct 22, 2013 at 11:07:56AM +0200, dietmar@xxxxxxxxxxx wrote:
> Current code works with DIGEST-MD5, but not with PLAIN.
After spending quite some time on this, this seems right, we need to handle
sasl_client_start() returning SASL_OK and not step in this case. However,
as this is under-documented in cyrus-sasl documentation, I'll ask on
their mailing list first if this makes sense (and hopefully get cyrus-sasl
documentation improved).
Christophe
>
> Signed-off-by: Dietmar Maurer <dietmar@xxxxxxxxxxx>
>
> Index: new/gtk/spice-channel.c
> ===================================================================
> --- new.orig/gtk/spice-channel.c 2013-10-22 09:04:23.000000000 +0200
> +++ new/gtk/spice-channel.c 2013-10-22 09:40:10.000000000 +0200
> @@ -1508,7 +1511,7 @@
>
> /* NB, distinction of NULL vs "" is *critical* in SASL */
> if (clientout) {
> - len += clientoutlen + 1;
> + len = clientoutlen + 1;
> spice_channel_write(channel, &len, sizeof(guint32));
> spice_channel_write(channel, clientout, len);
> } else {
> @@ -1550,6 +1553,9 @@
> * Even if the server has completed, the client must *always* do at least one step
> * in this loop to verify the server isn't lying about something. Mutual auth */
> for (;;) {
> + if (complete && err == SASL_OK)
> + break;
> +
> restep:
> err = sasl_client_step(saslconn,
> serverin,
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel@xxxxxxxxxxxxxxxxxxxxx
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
Attachment:
pgp7s7gRRS9dV.pgp
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel