Re: [gtk-vnc-devel] PATCH: Support Vino's TLS auth scheme

[Jonh Wendell <jwendell gnome org>]

Em Qui, 2007-09-06 às 20:51 +0100, Daniel P. Berrange escreveu:
> VINO (the GNOME VNC server for remote desktop) implements a TLS authentication
> scheme of its own (registered auth #18). The way this works is that the client
> request auth 18, and the client+server immediately do a TLS handshake using
> anonymous TLS credentials. The protocol then repeats the auth negotiation
> again this time choosing either None, or VNC  as the auth type.
> 
> This gives data encryption between client & server good enough to prevent 
> casual snooping, but it is still susceptible to a man-in-the-middle attack
> since it is fixed to use anonymous credentials & no x509 certificates. Given
> that we already support anonymous credentials for some of the VeNCrypt auth
> sub-types it was trivial to add support for VINO's TLS mode.
> 
> So the attached patch implements Vino's TLS...
> 
> Regards,
> Dan.

Hi, Dan.

The patch works if i choose no password in vino (auth type "none").
If i put a password in vino (auth type 2), it doesn't work:

wendell wendell-laptop:~/gnome/gtk-vnc/examples$ ./gvncviewer localhost
Started background coroutine
Resolving host localhost 5900
Trying socket 4
Connected to server
Protocol initialization
Negotiated protocol 3 7
Possible auth 18
Possible auth 2
Requested auth type 18
Waiting for auth type
Choose auth 18
Do TLS handshake
Handshake was blocking
Handshake done
Completed TLS setup
Possible sub-auth 2
Requested auth subtype 2
Waiting for auth subtype
Choose auth 2
Do Challenge
Auth failed
Doing final VNC cleanup
Disconnected from server

Cheers,
-- 
Jonh Wendell
jonh wendell gmail com (MSN / Google Talk)

Linux User #114432
https://launchpad.net/~wendell