Prefer security types in the server's order

This is how TigerVNC has been behaving for years and has worked well
there, so let's follow them.
This commit is contained in:
Pierre Ossman 2022-08-18 15:01:52 +02:00
parent e1174e813b
commit 795494ade1
2 changed files with 29 additions and 27 deletions

View File

@ -1354,6 +1354,21 @@ export default class RFB extends EventTargetMixin {
this._rfbInitState = 'Security';
}
_isSupportedSecurityType(type) {
const clientTypes = [
securityTypeNone,
securityTypeVNCAuth,
securityTypeRA2ne,
securityTypeTight,
securityTypeVeNCrypt,
securityTypeXVP,
securityTypeARD,
securityTypePlain,
];
return clientTypes.includes(type);
}
_negotiateSecurity() {
if (this._rfbVersion >= 3.7) {
// Server sends supported list, client decides
@ -1370,22 +1385,17 @@ export default class RFB extends EventTargetMixin {
const types = this._sock.rQshiftBytes(numTypes);
Log.Debug("Server security types: " + types);
// Look for each auth in preferred order
if (types.includes(securityTypeNone)) {
this._rfbAuthScheme = securityTypeNone;
} else if (types.includes(securityTypeXVP)) {
this._rfbAuthScheme = securityTypeXVP;
} else if (types.includes(securityTypeTight)) {
this._rfbAuthScheme = securityTypeTight;
} else if (types.includes(securityTypeRA2ne)) {
this._rfbAuthScheme = securityTypeRA2ne;
} else if (types.includes(securityTypeVNCAuth)) {
this._rfbAuthScheme = securityTypeVNCAuth;
} else if (types.includes(securityTypeARD)) {
this._rfbAuthScheme = securityTypeARD;
} else if (types.includes(securityTypeVeNCrypt)) {
this._rfbAuthScheme = securityTypeVeNCrypt;
} else {
// Look for a matching security type in the order that the
// server prefers
this._rfbAuthScheme = -1;
for (let type of types) {
if (this._isSupportedSecurityType(type)) {
this._rfbAuthScheme = type;
break;
}
}
if (this._rfbAuthScheme === -1) {
return this._fail("Unsupported security types (types: " + types + ")");
}

View File

@ -1135,18 +1135,10 @@ describe('Remote Frame Buffer Protocol Client', function () {
client._sock._websocket._getSentData();
});
it('should prefer no authentication is possible', function () {
const authSchemes = [2, 1, 3];
it('should respect server preference order', function () {
const authSchemes = [ 6, 79, 30, 188, 16, 6, 1 ];
client._sock._websocket._receiveData(new Uint8Array(authSchemes));
expect(client._rfbAuthScheme).to.equal(1);
expect(client._sock).to.have.sent(new Uint8Array([1]));
});
it('should choose for the most prefered scheme possible', function () {
const authSchemes = [2, 22, 16];
client._sock._websocket._receiveData(new Uint8Array(authSchemes));
expect(client._rfbAuthScheme).to.equal(22);
expect(client._sock).to.have.sent(new Uint8Array([22]));
expect(client._sock).to.have.sent(new Uint8Array([30]));
});
it('should fail if there are no supported schemes', function () {