[Tigervnc-devel] [ tigervnc-Bug Tracker-3434118 ] Regression: Xvnc requires auth even on reverse connections

Wed, 28 Nov 2012 03:51:18 -0800 

Bug Tracker item #3434118, was opened at 2011-11-06 08:31
Message generated for change (Comment added) made by dab18
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1126848&aid=3434118&group_id=254363

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: UN*X version
Group: trunk
Status: Open
Resolution: None
Priority: 9
Private: No
Submitted By: Mike Fisk (mfisk)
Assigned to: Adam Tkac (atkac)
Summary: Regression: Xvnc requires auth even on reverse connections

Initial Comment:
Reverse connections (trigerred with "vncconfig -connect") did not previously 
have the same client authentication requirements as connections accepted from 
Xvnc's listener, but now (DRC's pre-1.2 build binaries) it requires 
authentication from the client.    In the 1_0 branch, 
SSecurityFactoryStandard::getSecTypes() has a parameter to specify if we're 
looking up security types for reverse connections or not.  aktac's new 
Security::GetEnabledSecTypes in common/rfb/Security.cxx does not and apparently 
should.

----------------------------------------------------------------------

Comment By: Dmitry Bakshaev (dab18)
Date: 2012-11-28 03:51

Message:
ugly patch, but its work

--- tigervnc-1.1.0/common/rfb/SConnection.cxx.orig      2011-08-10
01:16:44.000000000 +0400
+++ tigervnc-1.1.0/common/rfb/SConnection.cxx   2012-11-27
17:57:29.000000000 +0400
@@ -55,6 +55,24 @@
   cp.setVersion(defaultMajorVersion, defaultMinorVersion);

   security = new SecurityServer();
+  // disable authentication for outgoing (reverse) connection
+  if (reverseConnection){
+    security->DisableSecType(secTypeVncAuth);
+    security->DisableSecType(secTypeTight);
+    security->DisableSecType(secTypeRA2);
+    security->DisableSecType(secTypeRA2ne);
+    security->DisableSecType(secTypeSSPI);
+    security->DisableSecType(secTypeSSPIne);
+    security->DisableSecType(secTypeVeNCrypt);
+    security->DisableSecType(secTypePlain);
+    security->DisableSecType(secTypeTLSVnc);
+    security->DisableSecType(secTypeTLSPlain);
+    security->DisableSecType(secTypeX509None);
+    security->DisableSecType(secTypeX509Vnc);
+    security->DisableSecType(secTypeX509Plain);
+    security->EnableSecType(secTypeNone);
+    security->EnableSecType(secTypeTLSNone);
+  }
 }


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1126848&aid=3434118&group_id=254363

------------------------------------------------------------------------------
Keep yourself connected to Go Parallel: 
INSIGHTS What's next for parallel hardware, programming and related areas?
Interviews and blogs by thought leaders keep you ahead of the curve.
http://goparallel.sourceforge.net
_______________________________________________
Tigervnc-devel mailing list
Tigervnc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-devel

Reply via email to