From 8f47bd296c9e757fe3b6aa6b148effc4c94abaaf Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Thu, 7 Jun 2018 15:03:34 +0200
Subject: [PATCH] Work around Siemens touch panel authentication bug

Siemens' touch panels support Tight authentication as well as NOTUNNEL,
but they fail to advertise the latter. Work around this issue by detecting
a Siemens device (through their custom tunnel types) and assume NOTUNNEL
support even if not advertised.
---
 core/rfb.js       | 10 ++++++++++
 tests/test.rfb.js |  5 +++++
 2 files changed, 15 insertions(+)

diff --git a/core/rfb.js b/core/rfb.js
index 2f4e815..3150082 100644
--- a/core/rfb.js
+++ b/core/rfb.js
@@ -1008,6 +1008,16 @@ RFB.prototype = {
 
         Log.Debug("Server Tight tunnel types: " + serverSupportedTunnelTypes);
 
+        // Siemens touch panels have a VNC server that supports NOTUNNEL,
+        // but forgets to advertise it. Try to detect such servers by
+        // looking for their custom tunnel type.
+        if (serverSupportedTunnelTypes[1] &&
+            (serverSupportedTunnelTypes[1].vendor === "SICR") &&
+            (serverSupportedTunnelTypes[1].signature === "SCHANNEL")) {
+            Log.Debug("Detected Siemens server. Assuming NOTUNNEL support.");
+            serverSupportedTunnelTypes[0] = { vendor: 'TGHT', signature: 'NOTUNNEL' };
+        }
+
         // choose the notunnel type
         if (serverSupportedTunnelTypes[0]) {
             if (serverSupportedTunnelTypes[0].vendor != clientSupportedTunnelTypes[0].vendor ||
diff --git a/tests/test.rfb.js b/tests/test.rfb.js
index 21cfc35..0ebad9c 100644
--- a/tests/test.rfb.js
+++ b/tests/test.rfb.js
@@ -1272,6 +1272,11 @@ describe('Remote Frame Buffer Protocol Client', function() {
                     expect(client._sock).to.have.sent(new Uint8Array([0, 0, 0, 0]));
                 });
 
+                it('should choose the notunnel tunnel type for Siemens devices', function () {
+                    send_num_str_pairs([[1, 'SICR', 'SCHANNEL'], [2, 'SICR', 'SCHANLPW']], client);
+                    expect(client._sock).to.have.sent(new Uint8Array([0, 0, 0, 0]));
+                });
+
                 it('should continue to sub-auth negotiation after tunnel negotiation', function () {
                     send_num_str_pairs([[0, 'TGHT', 'NOTUNNEL']], client);
                     client._sock._websocket._get_sent_data();  // skip the tunnel choice here
-- 
2.39.2