Re: [spice-gtk] Advertise SASL cap from client

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




----- Original Message -----
> A client setting this capability indicates to the server that it's able
> to handle SASL authentication, and it also indicates that if SASL is
> to be used for authentication, then it won't expect a valid 'pub_key' field
> in SpiceLinkReply.

sounds good to me.
ack

> The reason for making guarantees about not looking at the pub_key field is
> that its presence and size is hardcoded in the protocol, but in some
> hardened setups (using fips mode), generating a RSA 1024 bit key as
> expected is forbidden and fails. With this new capability, the server
> knows the client will be able to handle SASL if needed, and can skip
> the generation of the key altogether. This means that on the setups
> described above, SASL authentication has to be used.

> ---
>  gtk/spice-channel.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
> index 83c7006..1498162 100644
> --- a/gtk/spice-channel.c
> +++ b/gtk/spice-channel.c
> @@ -114,6 +114,9 @@ static void spice_channel_init(SpiceChannel *channel)
>      c->remote_common_caps = g_array_new(FALSE, TRUE, sizeof(guint32));
>      spice_channel_set_common_capability(channel,
>      SPICE_COMMON_CAP_PROTOCOL_AUTH_SELECTION);
>      spice_channel_set_common_capability(channel,
>      SPICE_COMMON_CAP_MINI_HEADER);
> +#if HAVE_SASL
> +    spice_channel_set_common_capability(channel,
> SPICE_COMMON_CAP_AUTH_SASL);
> +#endif
>      g_queue_init(&c->xmit_queue);
>      STATIC_MUTEX_INIT(c->xmit_queue_lock);
>  }
> --
> 1.8.5.3
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel@xxxxxxxxxxxxxxxxxxxxx
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
> 
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]