Prefer security types in the server's order
This is how TigerVNC has been behaving for years and has worked well there, so let's follow them.
This commit is contained in:
Pierre Ossman
parent
e1174e813b
commit
795494ade1
42
core/rfb.js
42
core/rfb.js
|
|
@ -1354,6 +1354,21 @@ export default class RFB extends EventTargetMixin {
|
||||||
this._rfbInitState = 'Security';
|
this._rfbInitState = 'Security';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
_isSupportedSecurityType(type) {
|
||||||
|
const clientTypes = [
|
||||||
|
securityTypeNone,
|
||||||
|
securityTypeVNCAuth,
|
||||||
|
securityTypeRA2ne,
|
||||||
|
securityTypeTight,
|
||||||
|
securityTypeVeNCrypt,
|
||||||
|
securityTypeXVP,
|
||||||
|
securityTypeARD,
|
||||||
|
securityTypePlain,
|
||||||
|
];
|
||||||
|
|
||||||
|
return clientTypes.includes(type);
|
||||||
|
}
|
||||||
|
|
||||||
_negotiateSecurity() {
|
_negotiateSecurity() {
|
||||||
if (this._rfbVersion >= 3.7) {
|
if (this._rfbVersion >= 3.7) {
|
||||||
// Server sends supported list, client decides
|
// Server sends supported list, client decides
|
||||||
|
|
@ -1370,22 +1385,17 @@ export default class RFB extends EventTargetMixin {
|
||||||
const types = this._sock.rQshiftBytes(numTypes);
|
const types = this._sock.rQshiftBytes(numTypes);
|
||||||
Log.Debug("Server security types: " + types);
|
Log.Debug("Server security types: " + types);
|
||||||
|
|
||||||
// Look for each auth in preferred order
|
// Look for a matching security type in the order that the
|
||||||
if (types.includes(securityTypeNone)) {
|
// server prefers
|
||||||
this._rfbAuthScheme = securityTypeNone;
|
this._rfbAuthScheme = -1;
|
||||||
} else if (types.includes(securityTypeXVP)) {
|
for (let type of types) {
|
||||||
this._rfbAuthScheme = securityTypeXVP;
|
if (this._isSupportedSecurityType(type)) {
|
||||||
} else if (types.includes(securityTypeTight)) {
|
this._rfbAuthScheme = type;
|
||||||
this._rfbAuthScheme = securityTypeTight;
|
break;
|
||||||
} else if (types.includes(securityTypeRA2ne)) {
|
}
|
||||||
this._rfbAuthScheme = securityTypeRA2ne;
|
}
|
||||||
} else if (types.includes(securityTypeVNCAuth)) {
|
|
||||||
this._rfbAuthScheme = securityTypeVNCAuth;
|
if (this._rfbAuthScheme === -1) {
|
||||||
} else if (types.includes(securityTypeARD)) {
|
|
||||||
this._rfbAuthScheme = securityTypeARD;
|
|
||||||
} else if (types.includes(securityTypeVeNCrypt)) {
|
|
||||||
this._rfbAuthScheme = securityTypeVeNCrypt;
|
|
||||||
} else {
|
|
||||||
return this._fail("Unsupported security types (types: " + types + ")");
|
return this._fail("Unsupported security types (types: " + types + ")");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1135,18 +1135,10 @@ describe('Remote Frame Buffer Protocol Client', function () {
|
||||||
client._sock._websocket._getSentData();
|
client._sock._websocket._getSentData();
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should prefer no authentication is possible', function () {
|
it('should respect server preference order', function () {
|
||||||
const authSchemes = [2, 1, 3];
|
const authSchemes = [ 6, 79, 30, 188, 16, 6, 1 ];
|
||||||
client._sock._websocket._receiveData(new Uint8Array(authSchemes));
|
client._sock._websocket._receiveData(new Uint8Array(authSchemes));
|
||||||
expect(client._rfbAuthScheme).to.equal(1);
|
expect(client._sock).to.have.sent(new Uint8Array([30]));
|
||||||
expect(client._sock).to.have.sent(new Uint8Array([1]));
|
|
||||||
});
|
|
||||||
|
|
||||||
it('should choose for the most prefered scheme possible', function () {
|
|
||||||
const authSchemes = [2, 22, 16];
|
|
||||||
client._sock._websocket._receiveData(new Uint8Array(authSchemes));
|
|
||||||
expect(client._rfbAuthScheme).to.equal(22);
|
|
||||||
expect(client._sock).to.have.sent(new Uint8Array([22]));
|
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should fail if there are no supported schemes', function () {
|
it('should fail if there are no supported schemes', function () {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue