[Spice-devel] [v3: PATCH 2/3] Add "username" property to SpiceSession
From: Dietmar Maurer --- Changes since v2: - Parse the username from the URI instead of adding an additional parameter --- gtk/spice-session-priv.h | 2 ++ gtk/spice-session.c | 63 +--- 2 files changed, 61 insertions(+), 4 deletions(-) diff --git a/gtk/spice-session-priv.h b/gtk/spice-session-priv.h index 4b2c151..da43866 100644 --- a/gtk/spice-session-priv.h +++ b/gtk/spice-session-priv.h @@ -45,6 +45,7 @@ struct _SpiceSessionPrivate { char *host; char *port; char *tls_port; +char *username; char *password; char *ca_file; char *ciphers; @@ -146,6 +147,7 @@ void spice_session_set_migration_state(SpiceSession *session, SpiceSessionMigrat void spice_session_set_port(SpiceSession *session, int port, gboolean tls); void spice_session_get_pubkey(SpiceSession *session, guint8 **pubkey, guint *size); guint spice_session_get_verify(SpiceSession *session); +const gchar* spice_session_get_username(SpiceSession *session); const gchar* spice_session_get_password(SpiceSession *session); const gchar* spice_session_get_host(SpiceSession *session); const gchar* spice_session_get_cert_subject(SpiceSession *session); diff --git a/gtk/spice-session.c b/gtk/spice-session.c index 49afc97..17c18f9 100644 --- a/gtk/spice-session.c +++ b/gtk/spice-session.c @@ -111,7 +111,8 @@ enum { PROP_CA, PROP_PROXY, PROP_SECURE_CHANNELS, -PROP_SHARED_DIR +PROP_SHARED_DIR, +PROP_USERNAME }; /* signals */ @@ -217,6 +218,7 @@ spice_session_finalize(GObject *gobject) g_free(s->host); g_free(s->port); g_free(s->tls_port); +g_free(s->username); g_free(s->password); g_free(s->ca_file); g_free(s->ciphers); @@ -262,11 +264,12 @@ static int spice_uri_create(SpiceSession *session, char *dest, int len) static int spice_parse_uri(SpiceSession *session, const char *original_uri) { SpiceSessionPrivate *s = session->priv; -gchar *host = NULL, *port = NULL, *tls_port = NULL, *uri = NULL, *password = NULL; +gchar *host = NULL, *port = NULL, *tls_port = NULL, *uri = NULL, *username = NULL, *password = NULL; gchar *path = NULL; gchar *unescaped_path = NULL; gchar *authority = NULL; gchar *query = NULL; +gchar *tmp = NULL; g_return_val_if_fail(original_uri != NULL, -1); @@ -281,6 +284,22 @@ static int spice_parse_uri(SpiceSession *session, const char *original_uri) goto fail; } authority = uri + strlen(URI_SCHEME_SPICE); + +tmp = strchr(authority, '@'); +if (tmp) { +gchar *buffer = g_strndup(authority, tmp - authority); +if (strstr(buffer, "%40") == NULL) { +username = buffer; +buffer = NULL; +} else { +username = g_uri_unescape_string(buffer, NULL); +g_free(buffer); +} + +authority = ++tmp; +tmp = NULL; +} + path = strchr(authority, '/'); if (path) { path[0] = '\0'; @@ -303,7 +322,7 @@ static int spice_parse_uri(SpiceSession *session, const char *original_uri) /* Now process the individual parts */ if (authority[0] == '[') { -gchar *tmp = strchr(authority, ']'); +tmp = strchr(authority, ']'); if (!tmp) { g_warning("Missing closing ']' in authority for URI '%s'", uri); goto fail; @@ -314,7 +333,7 @@ static int spice_parse_uri(SpiceSession *session, const char *original_uri) if (tmp[0] == ':') port = g_strdup(tmp + 1); } else { -gchar *tmp = strchr(authority, ':'); +tmp = strchr(authority, ':'); if (tmp) { *tmp = '\0'; tmp++; @@ -375,10 +394,12 @@ static int spice_parse_uri(SpiceSession *session, const char *original_uri) g_free(s->host); g_free(s->port); g_free(s->tls_port); +g_free(s->username); g_free(s->password); s->host = host; s->port = port; s->tls_port = tls_port; +s->username = username; s->password = password; return 0; @@ -388,6 +409,7 @@ fail: g_free(host); g_free(port); g_free(tls_port); +g_free(username); g_free(password); return -1; } @@ -412,6 +434,9 @@ static void spice_session_get_property(GObject*gobject, case PROP_TLS_PORT: g_value_set_string(value, s->tls_port); break; +case PROP_USERNAME: +g_value_set_string(value, s->username); + break; case PROP_PASSWORD: g_value_set_string(value, s->password); break; @@ -522,6 +547,10 @@ static void spice_session_set_property(GObject *gobject, g_free(s->tls_port); s->tls_port = g_value_dup_string(value); break; +case PROP_USERNAME: +g_free(s->username); +s->username = g_value_dup_string(value); +break; case
[Spice-devel] [v3: PATCH 3/3] Add support to handle username when connecting with SASL
Based on a patch from Dietmar Maurer http://lists.freedesktop.org/archives/spice-devel/2013-October/015138.html --- Changes since v2: Adapt the patch according to the changes made in the previous one --- gtk/spice-channel-priv.h | 1 + gtk/spice-channel.c | 45 - po/POTFILES.in | 1 + 3 files changed, 42 insertions(+), 5 deletions(-) diff --git a/gtk/spice-channel-priv.h b/gtk/spice-channel-priv.h index 03eed38..6067abc 100644 --- a/gtk/spice-channel-priv.h +++ b/gtk/spice-channel-priv.h @@ -136,6 +136,7 @@ struct _SpiceChannelPrivate { GSList *flushing; gbooleandisable_channel_msg; +gbooleanauth_needs_username_and_password; GError *error; }; diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c index a8b4e35..0086679 100644 --- a/gtk/spice-channel.c +++ b/gtk/spice-channel.c @@ -26,6 +26,8 @@ #include "spice-marshal.h" #include "bio-gio.h" +#include + #include #include #include @@ -118,6 +120,7 @@ static void spice_channel_init(SpiceChannel *channel) c->out_serial = 1; c->in_serial = 1; c->fd = -1; +c->auth_needs_username_and_password = FALSE; strcpy(c->name, "?"); c->caps = g_array_new(FALSE, TRUE, sizeof(guint32)); c->common_caps = g_array_new(FALSE, TRUE, sizeof(guint32)); @@ -1253,6 +1256,7 @@ spice_channel_gather_sasl_credentials(SpiceChannel *channel, { SpiceChannelPrivate *c; int ninteract; +gboolean ret = TRUE; g_return_val_if_fail(channel != NULL, FALSE); g_return_val_if_fail(channel->priv != NULL, FALSE); @@ -1265,12 +1269,22 @@ spice_channel_gather_sasl_credentials(SpiceChannel *channel, switch (interact[ninteract].id) { case SASL_CB_AUTHNAME: case SASL_CB_USER: -g_warn_if_reached(); +c->auth_needs_username_and_password = TRUE; +if (spice_session_get_username(c->session) == NULL) +return FALSE; + +interact[ninteract].result = spice_session_get_username(c->session); +interact[ninteract].len = strlen(interact[ninteract].result); break; case SASL_CB_PASS: -if (spice_session_get_password(c->session) == NULL) -return FALSE; +if (spice_session_get_password(c->session) == NULL) { +/* Even if we reach this point, we have to continue looking for + * SASL_CB_AUTHNAME|SASL_CB_USER, otherwise we would return a + * wrong error to the applications */ +ret = FALSE; +continue; +} interact[ninteract].result = spice_session_get_password(c->session); interact[ninteract].len = strlen(interact[ninteract].result); @@ -1280,7 +1294,7 @@ spice_channel_gather_sasl_credentials(SpiceChannel *channel, CHANNEL_DEBUG(channel, "Filled SASL interact"); -return TRUE; +return ret; } /* @@ -1319,6 +1333,22 @@ spice_channel_gather_sasl_credentials(SpiceChannel *channel, #define SASL_MAX_MECHNAME_LEN 100 #define SASL_MAX_DATA_LEN (1024 * 1024) +static void spice_channel_set_detailed_authentication_error(SpiceChannel *channel) +{ +SpiceChannelPrivate *c = channel->priv; + +if (c->auth_needs_username_and_password) +g_set_error_literal(&c->error, +SPICE_CHANNEL_ERROR, + SPICE_CHANNEL_ERROR_AUTH_NEEDS_PASSWORD_AND_USERNAME, +_("Authentication failed: password and username are required")); +else +g_set_error_literal(&c->error, +SPICE_CHANNEL_ERROR, +SPICE_CHANNEL_ERROR_AUTH_NEEDS_PASSWORD, +_("Authentication failed: password is required")); +} + /* Perform the SASL authentication process */ static gboolean spice_channel_perform_auth_sasl(SpiceChannel *channel) @@ -1334,6 +1364,8 @@ static gboolean spice_channel_perform_auth_sasl(SpiceChannel *channel) const void *val; sasl_ssf_t ssf; static const sasl_callback_t saslcb[] = { +{ .id = SASL_CB_USER }, +{ .id = SASL_CB_AUTHNAME }, { .id = SASL_CB_PASS }, { .id = 0 }, }; @@ -1635,8 +1667,10 @@ restart: complete: CHANNEL_DEBUG(channel, "%s", "SASL authentication complete"); spice_channel_read(channel, &len, sizeof(len)); -if (len != SPICE_LINK_ERR_OK) +if (len != SPICE_LINK_ERR_OK) { +spice_channel_set_detailed_authentication_error(channel); g_coroutine_signal_emit(channel, signals[SPICE_CHANNEL_EVENT], 0, SPICE_CHANNEL_ERROR_AUTH); +} ret = len == SPICE_LINK_ERR_OK; /* This must come *after* check-auth-result, because the former * is defined to be sent unencrypted, and setting saslconn turns @@ -1647,6 +1681,7 @@ complete: error
Re: [Spice-devel] [PATCH] m4: Update manywarnings from gnulib
On Thu, Oct 02, 2014 at 06:17:53PM +0200, Fabiano FidĂȘncio wrote: > From: Cole Robinson > > Fixes these noisy errors on Fedora 21: > > gcc: warning: switch '-Wmudflap' is no longer supported Thanks, I've applied this Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ___ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel