Re: [Tigervnc-devel] [PATCH] Implement Plain in the client

Tue, 07 Sep 2010 02:43:58 -0700 

On Fri, Sep 03, 2010 at 08:00:38AM +0200, Martin Koegler wrote:
> On Thu, Sep 02, 2010 at 08:48:47PM -0600, DRC wrote:
> > On 9/2/10 9:50 AM, Adam Tkac wrote:
> > > This type is, by default, disabled on the server. It must be enabled
> > > via commandline parameter (-SecurityTypes). Client has it disabled as
> > > well but if user specify he wants to use it (and server has Plain type
> > > enabled) then it is used. If it is client's first sectype then it is
> > > preferred over more "strong" mechanisms (TLS, for example).
> > 
> > IMHO, the correct behavior should be that if the server enables this 
> > security type before other security types, then the client should use it 
> > unless the user specifically passes the -SecurityTypes parameter to the 
> > client to disable the type.  IOW, I think the Plain type should be 
> > enabled by default on the client but not given priority.  I agree that 
> > it should not be enabled on the server without an explicit override.
> 
> The client side honors the Security Type order of the server - code
> for using the client side order was removed with "Remove unused
> CConnection::setClientSecTypeOrder function" on Jul 20 2010.

If I read rfb/CConnection.cxx:CConnection::processSecurityTypesMsg()
well, client side doesn't honor server's order. Client side preference
order is specified via -SecurityTypes parameter.

$ cat CConnection.cxx
...
void CConnection::processSecurityTypesMsg()
...
    for (int i = 0; i < nServerSecTypes; i++) {
      rdr::U8 serverSecType = is->readU8();
      vlog.debug("Server offers security type %s(%d)",
                 secTypeName(serverSecType),serverSecType);

      // We keep trying types, to find the one that matches and
      // which appears first in the client's list of supported types.
      for (j = secTypes.begin(), secTypePos = 0; j != secTypes.end(); j++, 
secTypePos++) {
        if (*j == serverSecType && secTypePos < secTypePosMin) {
          secType = *j;
          secTypePosMin = secTypePos;
          break;
        }
      }
    }
...

Regards, Adam

-- 
Adam Tkac, Red Hat, Inc.

------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Tigervnc-devel mailing list
Tigervnc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-devel

Reply via email to