diff options
| author | Christophe Fergeau <cfergeau@redhat.com> | 2014-03-13 17:15:04 +0100 |
|---|---|---|
| committer | Christophe Fergeau <cfergeau@redhat.com> | 2014-03-25 15:55:41 +0100 |
| commit | 8f5bd25249e73390ddde9eced6bf32cf2bc05a24 (patch) | |
| tree | 9a58ee938756c46689a3e9540b0349f3ae54d609 | |
| parent | 57571216a71603ce7baa9bcc4c37f7d86dd80132 (diff) | |
| download | spice-gtk-8f5bd25249e73390ddde9eced6bf32cf2bc05a24.tar.gz spice-gtk-8f5bd25249e73390ddde9eced6bf32cf2bc05a24.tar.xz spice-gtk-8f5bd25249e73390ddde9eced6bf32cf2bc05a24.zip | |
Advertise SASL cap from client
A client setting this capability indicates to the server that it's able
to handle SASL authentication, and it also indicates that if SASL is
to be used for authentication, then it won't expect a valid 'pub_key' field
in SpiceLinkReply.
The reason for making guarantees about not looking at the pub_key field is
that its presence and size is hardcoded in the protocol, but in some
hardened setups (using fips mode), generating a RSA 1024 bit key as
expected is forbidden and fails. With this new capability, the server
knows the client will be able to handle SASL if needed, and can skip
the generation of the key altogether. This means that on the setups
described above, SASL authentication has to be used.
| -rw-r--r-- | gtk/spice-channel.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c index 46c51b0..6f3f689 100644 --- a/gtk/spice-channel.c +++ b/gtk/spice-channel.c @@ -114,6 +114,9 @@ static void spice_channel_init(SpiceChannel *channel) c->remote_common_caps = g_array_new(FALSE, TRUE, sizeof(guint32)); spice_channel_set_common_capability(channel, SPICE_COMMON_CAP_PROTOCOL_AUTH_SELECTION); spice_channel_set_common_capability(channel, SPICE_COMMON_CAP_MINI_HEADER); +#if HAVE_SASL + spice_channel_set_common_capability(channel, SPICE_COMMON_CAP_AUTH_SASL); +#endif g_queue_init(&c->xmit_queue); STATIC_MUTEX_INIT(c->xmit_queue_lock); } |