xpra icon
Bug tracker and wiki

Opened 3 weeks ago

Closed 9 days ago

#1731 closed defect (fixed)

inconsistent authentication handling

Reported by: Antoine Martin Owned by: J. Max Mena
Priority: blocker Milestone: 2.3
Component: server Version: 2.2.x
Keywords: Cc:

Description

Because TCP sockets can be upgraded to websockets, SSL or both (Secure websockets) - for details see #1504 and wiki/Authentication - the authentication module for the connection is not always the one expected: wrapping with websockets uses the new socket type (ws-auth), but ssl would not! (and a wss upgrade from tcp would use ssl!)

Same problem applies to websockets upgraded to ssl (bind-ws with ssl=on), or ssl sockets upgraded to secure-websockets (bind-ssl with html=on).

Change History (3)

comment:1 Changed 3 weeks ago by Antoine Martin

Status: newassigned

Minimal? fix in r17798: keep track of the original socket type, use those authentication modules.

Backport still needed. (oh joy)

In the meantime, the easy workaround is to always make sure to set ssl-auth, ws-auth and wss-auth if you are setting tcp-auth.

Last edited 3 weeks ago by Antoine Martin (previous) (diff)

comment:2 Changed 9 days ago by Antoine Martin

Owner: changed from Antoine Martin to J. Max Mena
Status: assignednew

Backport in r17972.

@mamylyn: FYI, that's a bigger than usual backport.

comment:3 Changed 9 days ago by J. Max Mena

Resolution: fixed
Status: newclosed

Noted and closing.

Note: See TracTickets for help on using tickets.