Prefer security types in the server's order

This is how TigerVNC has been behaving for years and has worked well there, so let's follow them.
2022-08-18 15:01:52 +02:00 · 2022-08-18 15:01:52 +02:00 · 795494ade1
parent e1174e813b
commit 795494ade1
2 changed files with 29 additions and 27 deletions
--- a/core/rfb.js
+++ b/core/rfb.js
@ -1354,6 +1354,21 @@ export default class RFB extends EventTargetMixin {
        this._rfbInitState = 'Security';
    }

+    _isSupportedSecurityType(type) {
+        const clientTypes = [
+            securityTypeNone,
+            securityTypeVNCAuth,
+            securityTypeRA2ne,
+            securityTypeTight,
+            securityTypeVeNCrypt,
+            securityTypeXVP,
+            securityTypeARD,
+            securityTypePlain,
+        ];
+
+        return clientTypes.includes(type);
+    }
+
    _negotiateSecurity() {
        if (this._rfbVersion >= 3.7) {
            // Server sends supported list, client decides
@ -1370,22 +1385,17 @@ export default class RFB extends EventTargetMixin {
            const types = this._sock.rQshiftBytes(numTypes);
            Log.Debug("Server security types: " + types);

-            // Look for each auth in preferred order
-            if (types.includes(securityTypeNone)) {
-                this._rfbAuthScheme = securityTypeNone;
-            } else if (types.includes(securityTypeXVP)) {
-                this._rfbAuthScheme = securityTypeXVP;
-            } else if (types.includes(securityTypeTight)) {
-                this._rfbAuthScheme = securityTypeTight;
-            } else if (types.includes(securityTypeRA2ne)) {
-                this._rfbAuthScheme = securityTypeRA2ne;
-            } else if (types.includes(securityTypeVNCAuth)) {
-                this._rfbAuthScheme = securityTypeVNCAuth;
-            } else if (types.includes(securityTypeARD)) {
-                this._rfbAuthScheme = securityTypeARD;
-            } else if (types.includes(securityTypeVeNCrypt)) {
-                this._rfbAuthScheme = securityTypeVeNCrypt;
-            } else {
+            // Look for a matching security type in the order that the
+            // server prefers
+            this._rfbAuthScheme = -1;
+            for (let type of types) {
+                if (this._isSupportedSecurityType(type)) {
+                    this._rfbAuthScheme = type;
+                    break;
+                }
+            }
+
+            if (this._rfbAuthScheme === -1) {
                return this._fail("Unsupported security types (types: " + types + ")");
            }

--- a/tests/test.rfb.js
+++ b/tests/test.rfb.js
@ -1135,18 +1135,10 @@ describe('Remote Frame Buffer Protocol Client', function () {
                client._sock._websocket._getSentData();
            });

-            it('should prefer no authentication is possible', function () {
-                const authSchemes = [2, 1, 3];
+            it('should respect server preference order', function () {
+                const authSchemes = [ 6, 79, 30, 188, 16, 6, 1 ];
                client._sock._websocket._receiveData(new Uint8Array(authSchemes));
-                expect(client._rfbAuthScheme).to.equal(1);
-                expect(client._sock).to.have.sent(new Uint8Array([1]));
-            });
-
-            it('should choose for the most prefered scheme possible', function () {
-                const authSchemes = [2, 22, 16];
-                client._sock._websocket._receiveData(new Uint8Array(authSchemes));
-                expect(client._rfbAuthScheme).to.equal(22);
-                expect(client._sock).to.have.sent(new Uint8Array([22]));
+                expect(client._sock).to.have.sent(new Uint8Array([30]));
            });

            it('should fail if there are no supported schemes', function () {