diff options
-rw-r--r-- | core/rfb.js | 42 | ||||
-rw-r--r-- | tests/test.rfb.js | 14 |
2 files changed, 29 insertions, 27 deletions
diff --git a/core/rfb.js b/core/rfb.js index 2d7e77f..b10b502 100644 --- a/core/rfb.js +++ b/core/rfb.js @@ -1354,6 +1354,21 @@ export default class RFB extends EventTargetMixin { this._rfbInitState = 'Security'; } + _isSupportedSecurityType(type) { + const clientTypes = [ + securityTypeNone, + securityTypeVNCAuth, + securityTypeRA2ne, + securityTypeTight, + securityTypeVeNCrypt, + securityTypeXVP, + securityTypeARD, + securityTypePlain, + ]; + + return clientTypes.includes(type); + } + _negotiateSecurity() { if (this._rfbVersion >= 3.7) { // Server sends supported list, client decides @@ -1370,22 +1385,17 @@ export default class RFB extends EventTargetMixin { const types = this._sock.rQshiftBytes(numTypes); Log.Debug("Server security types: " + types); - // Look for each auth in preferred order - if (types.includes(securityTypeNone)) { - this._rfbAuthScheme = securityTypeNone; - } else if (types.includes(securityTypeXVP)) { - this._rfbAuthScheme = securityTypeXVP; - } else if (types.includes(securityTypeTight)) { - this._rfbAuthScheme = securityTypeTight; - } else if (types.includes(securityTypeRA2ne)) { - this._rfbAuthScheme = securityTypeRA2ne; - } else if (types.includes(securityTypeVNCAuth)) { - this._rfbAuthScheme = securityTypeVNCAuth; - } else if (types.includes(securityTypeARD)) { - this._rfbAuthScheme = securityTypeARD; - } else if (types.includes(securityTypeVeNCrypt)) { - this._rfbAuthScheme = securityTypeVeNCrypt; - } else { + // Look for a matching security type in the order that the + // server prefers + this._rfbAuthScheme = -1; + for (let type of types) { + if (this._isSupportedSecurityType(type)) { + this._rfbAuthScheme = type; + break; + } + } + + if (this._rfbAuthScheme === -1) { return this._fail("Unsupported security types (types: " + types + ")"); } diff --git a/tests/test.rfb.js b/tests/test.rfb.js index e7d6040..0e46ff4 100644 --- a/tests/test.rfb.js +++ b/tests/test.rfb.js @@ -1135,18 +1135,10 @@ describe('Remote Frame Buffer Protocol Client', function () { client._sock._websocket._getSentData(); }); - it('should prefer no authentication is possible', function () { - const authSchemes = [2, 1, 3]; + it('should respect server preference order', function () { + const authSchemes = [ 6, 79, 30, 188, 16, 6, 1 ]; client._sock._websocket._receiveData(new Uint8Array(authSchemes)); - expect(client._rfbAuthScheme).to.equal(1); - expect(client._sock).to.have.sent(new Uint8Array([1])); - }); - - it('should choose for the most prefered scheme possible', function () { - const authSchemes = [2, 22, 16]; - client._sock._websocket._receiveData(new Uint8Array(authSchemes)); - expect(client._rfbAuthScheme).to.equal(22); - expect(client._sock).to.have.sent(new Uint8Array([22])); + expect(client._sock).to.have.sent(new Uint8Array([30])); }); it('should fail if there are no supported schemes', function () { |