Hey, On Tue, Oct 22, 2013 at 11:07:56AM +0200, [email protected] wrote: > Current code works with DIGEST-MD5, but not with PLAIN. > > Signed-off-by: Dietmar Maurer <[email protected]> > > Index: new/gtk/spice-channel.c > =================================================================== > --- new.orig/gtk/spice-channel.c 2013-10-22 09:04:23.000000000 +0200 > +++ new/gtk/spice-channel.c 2013-10-22 09:40:10.000000000 +0200 > @@ -1508,7 +1511,7 @@ > > /* NB, distinction of NULL vs "" is *critical* in SASL */ > if (clientout) { > - len += clientoutlen + 1; > + len = clientoutlen + 1; > spice_channel_write(channel, &len, sizeof(guint32)); > spice_channel_write(channel, clientout, len); > } else {
Yeah, I had noticed this as well, but could not find a case where it would
prevent auth from working, ACK on this bit if this helps you.
> @@ -1550,6 +1553,9 @@
> * Even if the server has completed, the client must *always* do at
> least one step
> * in this loop to verify the server isn't lying about something. Mutual
> auth */
> for (;;) {
> + if (complete && err == SASL_OK)
> + break;
> +
This bit makes me much more uncomfortable, especially this is touching
security-sensitive code. Things are not working without it?
If you have a working sasl plain config for spice, I'd be interested in it
as I could not get that to work for testing :((
Christophe
pgpVph9GCzjA0.pgp
Description: PGP signature
_______________________________________________ Spice-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/spice-devel
