Re: [PATCH] Be more specific in the case of authentication error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Thu, Nov 19, 2015 at 03:57:55PM +0100, Fabiano Fidêncio wrote:
> On Thu, Nov 19, 2015 at 3:42 PM,  <mkasik@xxxxxxxxxx> wrote:
> > From: Marek Kasik <mkasik@xxxxxxxxxx>
> >
> > This patch adds SPICE_CLIENT_ERROR_AUTH_NEEDS_USERNAME error
> > for the case when authentication fails because of missing username.
> > This can happen when GSSAPI method is used.
> >
> > https://bugs.freedesktop.org/show_bug.cgi?id=92994
> > ---
> >  src/spice-channel-priv.h |  3 ++-
> >  src/spice-channel.c      | 31 +++++++++++++++++++++++++++----
> >  src/spice-client.h       |  2 ++
> >  3 files changed, 31 insertions(+), 5 deletions(-)
> >
> > diff --git a/src/spice-channel-priv.h b/src/spice-channel-priv.h
> > index 4b2d1e6..d60ea73 100644
> > --- a/src/spice-channel-priv.h
> > +++ b/src/spice-channel-priv.h
> > @@ -143,7 +143,8 @@ struct _SpiceChannelPrivate {
> >      GSList                      *flushing;
> >
> >      gboolean                    disable_channel_msg;
> > -    gboolean                    auth_needs_username_and_password;
> > +    gboolean                    auth_needs_username;
> > +    gboolean                    auth_needs_password;
> >      GError                      *error;
> >  };
> >
> > diff --git a/src/spice-channel.c b/src/spice-channel.c
> > index 1c96ded..d8bba5c 100644
> > --- a/src/spice-channel.c
> > +++ b/src/spice-channel.c
> > @@ -110,7 +110,8 @@ static void spice_channel_init(SpiceChannel *channel)
> >      c->out_serial = 1;
> >      c->in_serial = 1;
> >      c->fd = -1;
> > -    c->auth_needs_username_and_password = FALSE;
> > +    c->auth_needs_username = FALSE;
> > +    c->auth_needs_password = FALSE;
> >      strcpy(c->name, "?");
> >      c->caps = g_array_new(FALSE, TRUE, sizeof(guint32));
> >      c->common_caps = g_array_new(FALSE, TRUE, sizeof(guint32));
> > @@ -1019,11 +1020,21 @@ static void spice_channel_failed_authentication(SpiceChannel *channel,
> >  {
> >      SpiceChannelPrivate *c = channel->priv;
> >
> > -    if (c->auth_needs_username_and_password)
> > +    if (c->auth_needs_username && c->auth_needs_password)
> >          g_set_error_literal(&c->error,
> >                              SPICE_CLIENT_ERROR,
> >                              SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD_AND_USERNAME,
> >                              _("Authentication failed: password and username are required"));
> > +    else if (c->auth_needs_username)
> > +        g_set_error_literal(&c->error,
> > +                            SPICE_CLIENT_ERROR,
> > +                            SPICE_CLIENT_ERROR_AUTH_NEEDS_USERNAME,
> > +                            _("Authentication failed: username is required"));
> > +    else if (c->auth_needs_password)
> > +        g_set_error_literal(&c->error,
> > +                            SPICE_CLIENT_ERROR,
> > +                            SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD,
> > +                            _("Authentication failed: password is required"));
> >      else if (invalidPassword)
> >          g_set_error_literal(&c->error,
> >                              SPICE_CLIENT_ERROR,
> > @@ -1287,7 +1298,18 @@ spice_channel_gather_sasl_credentials(SpiceChannel *channel,
> >          switch (interact[ninteract].id) {
> >          case SASL_CB_AUTHNAME:
> >          case SASL_CB_USER:
> > -            c->auth_needs_username_and_password = TRUE;
> > +            c->auth_needs_username = TRUE;
> > +            break;
> > +        case SASL_CB_PASS:
> > +            c->auth_needs_password = TRUE;
> > +            break;
> > +        }
> > +    }
> > +
> > +    for (ninteract = 0 ; interact[ninteract].id != 0 ; ninteract++) {
> > +        switch (interact[ninteract].id) {
> > +        case SASL_CB_AUTHNAME:
> > +        case SASL_CB_USER:
> >              if (spice_session_get_username(c->session) == NULL)
> >                  return FALSE;
> >
> > @@ -2626,7 +2648,8 @@ static void channel_reset(SpiceChannel *channel, gboolean migrating)
> >
> >      c->fd = -1;
> >
> > -    c->auth_needs_username_and_password = FALSE;
> > +    c->auth_needs_username = FALSE;
> > +    c->auth_needs_password = FALSE;
> >
> >      g_free(c->peer_msg);
> >      c->peer_msg = NULL;
> > diff --git a/src/spice-client.h b/src/spice-client.h
> > index b794472..32b79ea 100644
> > --- a/src/spice-client.h
> > +++ b/src/spice-client.h
> > @@ -67,6 +67,7 @@ G_BEGIN_DECLS
> >   * @SPICE_CLIENT_ERROR_USB_DEVICE_REJECTED: device redirection rejected by host
> >   * @SPICE_CLIENT_ERROR_USB_DEVICE_LOST: device disconnected (fatal IO error)
> >   * @SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD: password is required
> > + * @SPICE_CLIENT_ERROR_AUTH_NEEDS_USERNAME: username is required
> >   * @SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD_AND_USERNAME: password and username are required
> >   * @SPICE_CLIENT_ERROR_USB_SERVICE: USB service error
> >   *
> > @@ -78,6 +79,7 @@ typedef enum
> >      SPICE_CLIENT_ERROR_USB_DEVICE_REJECTED,
> >      SPICE_CLIENT_ERROR_USB_DEVICE_LOST,
> >      SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD,
> > +    SPICE_CLIENT_ERROR_AUTH_NEEDS_USERNAME,
> >      SPICE_CLIENT_ERROR_AUTH_NEEDS_PASSWORD_AND_USERNAME,
> >      SPICE_CLIENT_ERROR_USB_SERVICE,
> >  } SpiceClientError;
> > --
> > 2.5.0
> >
> > _______________________________________________
> > Spice-devel mailing list
> > Spice-devel@xxxxxxxxxxxxxxxxxxxxx
> > http://lists.freedesktop.org/mailman/listinfo/spice-devel
>
> Patch looks good, Marek.
> Thanks for the contribution.
>
> Best Regards,
> --
> Fabiano Fidêncio

Ack as well.
Merged: http://cgit.freedesktop.org/spice/spice-gtk/commit/?id=fd6cecaaa28705063a67f

Cheers,
  toso
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]