diff options
author | Pierre Ossman <ossman@cendio.se> | 2022-08-18 15:01:52 +0200 |
---|---|---|
committer | Pierre Ossman <ossman@cendio.se> | 2022-08-18 16:26:27 +0200 |
commit | 795494ade1bab6a14fd45e02dbaba52301df65f1 (patch) | |
tree | 18c83e04857cb64e88046ca573cee96c6a9e69c1 /core | |
parent | e1174e813b617062c77491c01130c38b45f15311 (diff) | |
download | novnc-795494ade1bab6a14fd45e02dbaba52301df65f1.tar.gz |
Prefer security types in the server's order
This is how TigerVNC has been behaving for years and has worked well
there, so let's follow them.
Diffstat (limited to 'core')
-rw-r--r-- | core/rfb.js | 42 |
1 files changed, 26 insertions, 16 deletions
diff --git a/core/rfb.js b/core/rfb.js index 2d7e77f..b10b502 100644 --- a/core/rfb.js +++ b/core/rfb.js @@ -1354,6 +1354,21 @@ export default class RFB extends EventTargetMixin { this._rfbInitState = 'Security'; } + _isSupportedSecurityType(type) { + const clientTypes = [ + securityTypeNone, + securityTypeVNCAuth, + securityTypeRA2ne, + securityTypeTight, + securityTypeVeNCrypt, + securityTypeXVP, + securityTypeARD, + securityTypePlain, + ]; + + return clientTypes.includes(type); + } + _negotiateSecurity() { if (this._rfbVersion >= 3.7) { // Server sends supported list, client decides @@ -1370,22 +1385,17 @@ export default class RFB extends EventTargetMixin { const types = this._sock.rQshiftBytes(numTypes); Log.Debug("Server security types: " + types); - // Look for each auth in preferred order - if (types.includes(securityTypeNone)) { - this._rfbAuthScheme = securityTypeNone; - } else if (types.includes(securityTypeXVP)) { - this._rfbAuthScheme = securityTypeXVP; - } else if (types.includes(securityTypeTight)) { - this._rfbAuthScheme = securityTypeTight; - } else if (types.includes(securityTypeRA2ne)) { - this._rfbAuthScheme = securityTypeRA2ne; - } else if (types.includes(securityTypeVNCAuth)) { - this._rfbAuthScheme = securityTypeVNCAuth; - } else if (types.includes(securityTypeARD)) { - this._rfbAuthScheme = securityTypeARD; - } else if (types.includes(securityTypeVeNCrypt)) { - this._rfbAuthScheme = securityTypeVeNCrypt; - } else { + // Look for a matching security type in the order that the + // server prefers + this._rfbAuthScheme = -1; + for (let type of types) { + if (this._isSupportedSecurityType(type)) { + this._rfbAuthScheme = type; + break; + } + } + + if (this._rfbAuthScheme === -1) { return this._fail("Unsupported security types (types: " + types + ")"); } |