Re: [patch 2/2] virt-viewer: use username and password for spice sessions with SASL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 28, 2013 at 3:31 PM, Christophe Fergeau <cfergeau@xxxxxxxxxx> wrote:
> Hey,
>
> remote-viewer patches should be sent to
> http://www.redhat.com/mailman/listinfo/virt-tools-list (feel free to cc:
> that list as well for this patch series).
>
> On Thu, Oct 24, 2013 at 08:04:33AM +0200, dietmar@xxxxxxxxxxx wrote:
>> Also set username if set inside configuration file.
>>
>> Signed-off-by: Dietmar Maurer <dietmar@xxxxxxxxxxx>
>>
>> Index: new/src/virt-viewer-session-spice.c
>> ===================================================================
>> --- new.orig/src/virt-viewer-session-spice.c  2013-10-24 06:17:52.000000000 +0200
>> +++ new/src/virt-viewer-session-spice.c       2013-10-24 07:44:42.000000000 +0200
>> @@ -342,6 +342,11 @@
>>          g_object_set(G_OBJECT(session), "password", val, NULL);
>>          g_free(val);
>>      }
>> +    if (virt_viewer_file_is_set(file, "username")) {
>> +        gchar *val = virt_viewer_file_get_username(file);
>> +        g_object_set(G_OBJECT(session), "username", val, NULL);
>> +        g_free(val);
>> +    }
>>
>>      if (virt_viewer_file_is_set(file, "tls-ciphers")) {
>>          gchar *val = virt_viewer_file_get_tls_ciphers(file);
>> @@ -462,12 +467,13 @@
>>  }
>>
>>  static void
>> -virt_viewer_session_spice_main_channel_event(SpiceChannel *channel G_GNUC_UNUSED,
>> +virt_viewer_session_spice_main_channel_event(SpiceChannel *channel,
>>                                               SpiceChannelEvent event,
>>                                               VirtViewerSession *session)
>>  {
>>      VirtViewerSessionSpice *self = VIRT_VIEWER_SESSION_SPICE(session);
>>      gchar *password = NULL;
>> +    gchar *username = NULL;
>>
>>      g_return_if_fail(self != NULL);
>>
>> @@ -488,15 +494,22 @@
>>          break;
>>      case SPICE_CHANNEL_ERROR_AUTH:
>>          DEBUG_LOG("main channel: auth failure (wrong password?)");
>> +
>> +        gboolean auth_sasl = spice_channel_test_common_capability(channel, SPICE_COMMON_CAP_AUTH_SASL);
>> +
>
> Older spice versions will not need/not be able to cope with a username
> here. Also, it does not look right to me to have this here, maybe the SASL
> method we are using did not request a username. I'd add a
> spice_channel_auth_needs_username() method or something like that (I assume
> we cannot pass some additional data when reporting a
> SPICE_CHANNEL_ERROR_AUTH error?), and add some fallback returning FALSE
> when this method is not available.

I suggested adding an SPICE_CHANNEL_ERROR_AUTH_USER_AND_PASS error.

>
>>          int ret = virt_viewer_auth_collect_credentials(self->priv->main_window,
>>                                                         "SPICE",
>>                                                         NULL,
>> -                                                       NULL, &password);
>> +                                                       auth_sasl ? &username : NULL,
>> +                                                       &password);
>>          if (ret < 0) {
>>              g_signal_emit_by_name(session, "session-cancelled");
>>          } else {
>>              gboolean openfd;
>>
>> +            if (auth_sasl) {
>> +                g_object_set(self->priv->session, "username", username, NULL);
>> +            }
>
> Will not work either with an older spice-gtk version, though this will only
> give a runtime error warning.
>
> Christophe
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel@xxxxxxxxxxxxxxxxxxxxx
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
>



-- 
Marc-André Lureau
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]