Re: [PATCH 3/3] Add support to handle username when connecting with SASL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Oct 01, 2014 at 04:36:46PM +0200, Fabiano Fidêncio wrote:
> From: Dietmar Maurer <dietmar@xxxxxxxxxxx>

I didn't dig the old patch, but I'd say it's different enough from the
initial one that you should commit it with your name, and credit Dietmar
in the commit log.

> 
> ---
>  gtk/spice-channel.c | 22 ++++++++++++++++++++--
>  1 file changed, 20 insertions(+), 2 deletions(-)
> 
> diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
> index a8b4e35..fe04707 100644
> --- a/gtk/spice-channel.c
> +++ b/gtk/spice-channel.c
> @@ -26,6 +26,8 @@
>  #include "spice-marshal.h"
>  #include "bio-gio.h"
>  
> +#include <glib/gi18n.h>

You need to add it to POTFILES.in too.

> +
>  #include <openssl/rsa.h>
>  #include <openssl/evp.h>
>  #include <openssl/x509.h>
> @@ -1265,12 +1267,26 @@ spice_channel_gather_sasl_credentials(SpiceChannel *channel,
>          switch (interact[ninteract].id) {
>          case SASL_CB_AUTHNAME:
>          case SASL_CB_USER:
> -            g_warn_if_reached();
> +            if (spice_session_get_username(c->session) == NULL) {
> +                g_set_error_literal(&c->error,
> +                                    SPICE_CHANNEL_ERROR,
> +                                    SPICE_CHANNEL_ERROR_AUTH_NEEDS_PASSWORD_AND_USERNAME,
> +                                    _("Authentication failed: password and username are required"));
> +                return FALSE;
> +            }
> +
> +            interact[ninteract].result =  spice_session_get_username(c->session);
> +            interact[ninteract].len = strlen(interact[ninteract].result);
>              break;
>  
>          case SASL_CB_PASS:
> -            if (spice_session_get_password(c->session) == NULL)
> +            if (spice_session_get_password(c->session) == NULL) {
> +                g_set_error_literal(&c->error,
> +                                    SPICE_CHANNEL_ERROR,
> +                                    SPICE_CHANNEL_ERROR_AUTH_NEEDS_PASSWORD,
> +                                    _("Authentication failed: password is required"));
>                  return FALSE;
> +            }

This probably did not happen during your testing, but it's possible that
while iterating over 'interact', we get first SASL_CB_PASS and then
SASL_CB_USER. In such a case, we'd be wrongly returning an
AUTH_NEEDS_PASSWORD error rather than AUTH_NEEDS_PASSWORD_AND_USERNAME.

Christophe

Attachment: pgpgiCybgy3Qx.pgp
Description: PGP signature

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]