Skip to content

Commit bb0656c

Browse files
mdevaevmdevaev
committed
vnc: additional auth check
1 parent 8d7f89e commit bb0656c

File tree

1 file changed

+15
-0
lines changed

1 file changed

+15
-0
lines changed

kvmd/apps/vnc/rfb/__init__.py

+15
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,11 @@
4646
from .stream import RfbClientStream
4747

4848

49+
# =====
50+
class _SecurityError(Exception):
51+
pass
52+
53+
4954
# =====
5055
class RfbClient(RfbClientStream): # pylint: disable=too-many-instance-attributes
5156
# https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst
@@ -94,6 +99,8 @@ def __init__( # pylint: disable=too-many-arguments
9499
self.__fb_cont_updates = False
95100
self.__fb_reset_h264 = False
96101

102+
self.__authorized = False
103+
97104
self.__lock = asyncio.Lock()
98105

99106
# =====
@@ -134,6 +141,8 @@ async def __wrapper(self, name: str, coro: Coroutine) -> None:
134141
async def __main_task_loop(self) -> None:
135142
await self.__handshake_version()
136143
await self.__handshake_security()
144+
if not self.__authorized:
145+
raise _SecurityError()
137146
await self.__handshake_init()
138147
await self.__main_loop()
139148

@@ -385,6 +394,7 @@ async def __handshake_security_send_result(self, allow: bool, allow_msg: str, de
385394
if allow:
386395
get_logger(0).info("%s [main]: %s", self._remote, allow_msg)
387396
await self._write_struct("access OK", "L", 0)
397+
self.__authorized = True
388398
else:
389399
await self._write_struct("access denial flag", "L", 1, drain=(self.__rfb_version < 8))
390400
if self.__rfb_version >= 8:
@@ -394,6 +404,9 @@ async def __handshake_security_send_result(self, allow: bool, allow_msg: str, de
394404
# =====
395405

396406
async def __handshake_init(self) -> None:
407+
if not self.__authorized:
408+
raise _SecurityError()
409+
397410
await self._read_number("initial shared flag", "B") # Shared flag, ignored
398411

399412
await self._write_struct("initial FB size", "HH", self._width, self._height, drain=False)
@@ -417,6 +430,8 @@ async def __handshake_init(self) -> None:
417430
# =====
418431

419432
async def __main_loop(self) -> None:
433+
if not self.__authorized:
434+
raise _SecurityError()
420435
handlers = {
421436
0: self.__handle_set_pixel_format,
422437
2: self.__handle_set_encodings,

0 commit comments

Comments
 (0)