diff options
author | Pierre Ossman <ossman@cendio.se> | 2022-08-18 14:33:48 +0200 |
---|---|---|
committer | Pierre Ossman <ossman@cendio.se> | 2022-08-18 16:25:59 +0200 |
commit | 5671072dfe109193bbd2570d95882480c7aea011 (patch) | |
tree | d262eb2abe0f78d1343e9ebaab821ecb11518309 /core/rfb.js | |
parent | 084030fe68b137e20043d112e7876e0094b4d761 (diff) | |
download | novnc-5671072dfe109193bbd2570d95882480c7aea011.tar.gz |
Expect security result for RFB 3.7
The cut off was wrong here. 3.7 will send a security result, but not a
security reason. It also fixes the issue that < 3.7 (e.g. 3.3) supports
VNC authentication as well.
Diffstat (limited to 'core/rfb.js')
-rw-r--r-- | core/rfb.js | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/core/rfb.js b/core/rfb.js index 8fd5b79..f524411 100644 --- a/core/rfb.js +++ b/core/rfb.js @@ -1835,11 +1835,7 @@ export default class RFB extends EventTargetMixin { _negotiateAuthentication() { switch (this._rfbAuthScheme) { case 1: // no auth - if (this._rfbVersion >= 3.8) { - this._rfbInitState = 'SecurityResult'; - return true; - } - this._rfbInitState = 'ClientInitialisation'; + this._rfbInitState = 'SecurityResult'; return true; case 22: // XVP auth @@ -1870,6 +1866,13 @@ export default class RFB extends EventTargetMixin { } _handleSecurityResult() { + // There is no security choice, and hence no security result + // until RFB 3.7 + if (this._rfbVersion < 3.7) { + this._rfbInitState = 'ClientInitialisation'; + return true; + } + if (this._sock.rQwait('VNC auth response ', 4)) { return false; } const status = this._sock.rQshift32(); |