[gtk-vnc] sasl: Fix auth when using the PLAIN method

From: Daniel P. Berrange <dberrange src gnome org>
To: commits-list gnome org
Cc:
Subject: [gtk-vnc] sasl: Fix auth when using the PLAIN method
Date: Thu, 23 Jan 2014 11:57:20 +0000 (UTC)

commit 9dd4da1609e5619f46b3c1627fc59a68735c4360
Author: Christophe Fergeau <cfergeau redhat com>
Date:   Thu Nov 21 16:07:28 2013 +0100

    sasl: Fix auth when using the PLAIN method
    
    sasl_client_start() can return SASL_OK, in which case calling
    sasl_client_step() returns an error. If sasl_client_start() returned
    SASL_OK and the remote told us auth is complete, we can break out of the
    stepping loop early.
    The upstream documentation is not very explicit about what to do when
    sasl_client_start() returns SASL_OK but this was clarified by
    http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=10104
    
    This is based on the libvirt patch
    
      commit 0955025b9cdb734293adfae09be1fdae231d7a73
      Author: Christophe Fergeau <cfergeau redhat com>
      Date:   Thu Nov 21 18:40:52 2013 +0100
    
        sasl: Fix authentication when using PLAIN mechanism
    
    https://bugzilla.gnome.org/show_bug.cgi?id=712820

 src/vncconnection.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)
---
diff --git a/src/vncconnection.c b/src/vncconnection.c
index 3f6f1bd..9ef01ce 100644
--- a/src/vncconnection.c
+++ b/src/vncconnection.c
@@ -3938,6 +3938,11 @@ static gboolean vnc_connection_perform_auth_sasl(VncConnection *conn)
     VNC_DEBUG("Client start result complete: %d. Data %d bytes %p '%s'",
               complete, serverinlen, serverin, serverin);
 
+    /* Previous server call showed completion & sasl_client_start() told us
+     * we are locally complete too */
+    if (complete && err == SASL_OK)
+        goto done;
+
     /* Loop-the-loop...
      * Even if the server has completed, the client must *always* do at least one step
      * in this loop to verify the server isn't lying about something. Mutual auth */
@@ -4024,6 +4029,7 @@ static gboolean vnc_connection_perform_auth_sasl(VncConnection *conn)
         }
     }
 
+ done:
     /* Check for suitable SSF if non-TLS */
     if (!priv->tls_session) {
         err = sasl_getprop(saslconn, SASL_SSF, &val);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]