Skip to content
Blame History Permalink
  • Mark McLoughlin's avatar
    Change the way we use TLS with the RFB protocol after discussions with the · aa594e34
    Mark McLoughlin authored 
    2004-02-06  Mark McLoughlin  <mark@skynet.ie>

	Change the way we use TLS with the RFB protocol after discussions
	with the RFB maintainers:

	  + Only use a single extra security type (rfbTLS == 18) which has
	    been registered with the RFB maintainers rather than the original
	    rfbTlsWithNoAuth(3) and rfbTlsWithVncAuth(4).
	  + Negotiation the authentication type (rfbNoAuth or rfbVncAuth) once
	    the TLS handshake has completed. The authentication type negotiation
	    is exactly the same format as the security type negotiation.

	Server changes:

	* server/vino-server.c: (vino_server_update_security_types):
	Update for security/authentication types split.

	* server/libvncserver/auth.c:
	(rfbAuthListAuthTypes): impl. listing the authentication types.
	(rfbAuthProcessSecurityTypeMessage): don't start authenticating
	when the TLS handshake has completed. Instead, just list the
	security types and wait for a response.
	(rfbAuthProcessTLSHandshake): ditto.
	(rfbAuthProcessAuthTypeMessage): begin authenticating with whatever
	authentication type the client returns.

	* server/libvncserver/main.c:
	(rfbAddAuthType), (rfbClearAuthTypes): API for maintaining the
	authentication types list.

	* server/libvncserver/rfb/rfb.h: add the RFB_AUTH_TYPE client
	processing state and add the authTypes list to the server
	structure.

	* server/libvncserver/rfb/rfbproto.h: update with details of
	new TLS security type protocol.

	Client changes:

	* client/java/rfb/CConnection.java:
	(CConnection.addAuthType): function for building up a list
	of supported authentication types.
	(CConnection.processSecurityMsg): handle new return values
	from CSecurity::processMsg().
	(CConnection.processAuthTypesMsg): impl. negotiating authentication
	type.

	* client/java/rfb/CSecurity.java: (CSecurity): define return values
	for processMsg() rather than using silly magic numbers.

	* client/java/rfb/CSecurityNone.java: (CSecurityNone.processMsg): upd.

	* client/java/rfb/CSecurityTls.java:
	(CSecurityTls.CSecurityTls.processMsg): re-work so as to not chain
	up to the authentication implementation.

	* client/java/rfb/CSecurityVncAuth.java:
	(CSecurityVncAuth.processMsg): return proper return codes.

	* client/java/rfb/SecTypes.java: remove the TlsWithNone(3) and
	TlsWithVncAuth(4) and add the TLS(18) security type which has
	been registered with the protocol maintainers.

	* client/java/vncviewer/CConn.java: update for security types
	change.

2004-02-06  Mark McLoughlin  <mark@skynet.ie>

	* client/java/vncviewer/AboutDialog.java:
	(AboutDialog.AboutDialog): fix bug #133529 - compile failure
	because the about dialog text wasn't defined.
    aa594e34