diff options
| author | Pierre Ossman <ossman@cendio.se> | 2018-06-07 15:03:34 +0200 |
|---|---|---|
| committer | Pierre Ossman <ossman@cendio.se> | 2018-06-07 15:03:34 +0200 |
| commit | 8f47bd296c9e757fe3b6aa6b148effc4c94abaaf (patch) | |
| tree | 8c7471ee9caabbad7d608ad6dec09e483c8a5026 | |
| parent | e6bad200e470ea675a00980b83008d63197e1858 (diff) | |
| download | novnc-8f47bd296c9e757fe3b6aa6b148effc4c94abaaf.tar.gz | |
Work around Siemens touch panel authentication bug
Siemens' touch panels support Tight authentication as well as NOTUNNEL,
but they fail to advertise the latter. Work around this issue by detecting
a Siemens device (through their custom tunnel types) and assume NOTUNNEL
support even if not advertised.
| -rw-r--r-- | core/rfb.js | 10 | ||||
| -rw-r--r-- | tests/test.rfb.js | 5 |
2 files changed, 15 insertions, 0 deletions
diff --git a/core/rfb.js b/core/rfb.js index 2f4e815..3150082 100644 --- a/core/rfb.js +++ b/core/rfb.js @@ -1008,6 +1008,16 @@ RFB.prototype = { Log.Debug("Server Tight tunnel types: " + serverSupportedTunnelTypes); + // Siemens touch panels have a VNC server that supports NOTUNNEL, + // but forgets to advertise it. Try to detect such servers by + // looking for their custom tunnel type. + if (serverSupportedTunnelTypes[1] && + (serverSupportedTunnelTypes[1].vendor === "SICR") && + (serverSupportedTunnelTypes[1].signature === "SCHANNEL")) { + Log.Debug("Detected Siemens server. Assuming NOTUNNEL support."); + serverSupportedTunnelTypes[0] = { vendor: 'TGHT', signature: 'NOTUNNEL' }; + } + // choose the notunnel type if (serverSupportedTunnelTypes[0]) { if (serverSupportedTunnelTypes[0].vendor != clientSupportedTunnelTypes[0].vendor || diff --git a/tests/test.rfb.js b/tests/test.rfb.js index 21cfc35..0ebad9c 100644 --- a/tests/test.rfb.js +++ b/tests/test.rfb.js @@ -1272,6 +1272,11 @@ describe('Remote Frame Buffer Protocol Client', function() { expect(client._sock).to.have.sent(new Uint8Array([0, 0, 0, 0])); }); + it('should choose the notunnel tunnel type for Siemens devices', function () { + send_num_str_pairs([[1, 'SICR', 'SCHANNEL'], [2, 'SICR', 'SCHANLPW']], client); + expect(client._sock).to.have.sent(new Uint8Array([0, 0, 0, 0])); + }); + it('should continue to sub-auth negotiation after tunnel negotiation', function () { send_num_str_pairs([[0, 'TGHT', 'NOTUNNEL']], client); client._sock._websocket._get_sent_data(); // skip the tunnel choice here |