Correctly handle cancelled authentication

We should not be throwing up error messages, or asking to reconnect, if
the user has actively cancelled the authentication attempt.

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 8d8b58fdaae045d2df6d9aebb68f2c9242bff078..f9775215c06b64880ea6cb29fca10159221cd416 100644 (file)
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -444,7 +444,7 @@ void CSecurityTLS::checkSession()
       if (!msg->showMsgBox(UserMsgBox::M_YESNO,
                            "Unknown certificate issuer",
                            text.c_str()))
-        throw AuthFailureException("Unknown certificate issuer");
+        throw AuthCancelledException();
 
       status &= ~(GNUTLS_CERT_INVALID |
                   GNUTLS_CERT_SIGNER_NOT_FOUND |
@@ -465,7 +465,7 @@ void CSecurityTLS::checkSession()
       if (!msg->showMsgBox(UserMsgBox::M_YESNO,
                            "Certificate is not yet valid",
                            text.c_str()))
-        throw AuthFailureException("Certificate is not yet valid");
+        throw AuthCancelledException();
 
       status &= ~GNUTLS_CERT_NOT_ACTIVATED;
     }
@@ -484,7 +484,7 @@ void CSecurityTLS::checkSession()
       if (!msg->showMsgBox(UserMsgBox::M_YESNO,
                            "Expired certificate",
                            text.c_str()))
-        throw AuthFailureException("Expired certificate");
+        throw AuthCancelledException();
 
       status &= ~GNUTLS_CERT_EXPIRED;
     }
@@ -503,7 +503,7 @@ void CSecurityTLS::checkSession()
       if (!msg->showMsgBox(UserMsgBox::M_YESNO,
                            "Insecure certificate algorithm",
                            text.c_str()))
-        throw AuthFailureException("Insecure certificate algorithm");
+        throw AuthCancelledException();
 
       status &= ~GNUTLS_CERT_INSECURE_ALGORITHM;
     }
@@ -528,7 +528,7 @@ void CSecurityTLS::checkSession()
       if (!msg->showMsgBox(UserMsgBox::M_YESNO,
                            "Certificate hostname mismatch",
                            text.c_str()))
-        throw AuthFailureException("Certificate hostname mismatch");
+        throw AuthCancelledException();
     }
   } else if (err == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) {
     std::string text;
@@ -554,7 +554,7 @@ void CSecurityTLS::checkSession()
       if (!msg->showMsgBox(UserMsgBox::M_YESNO,
                            "Unexpected server certificate",
                            text.c_str()))
-        throw AuthFailureException("Unexpected server certificate");
+        throw AuthCancelledException();
 
       status &= ~(GNUTLS_CERT_INVALID |
                   GNUTLS_CERT_SIGNER_NOT_FOUND |
@@ -577,7 +577,7 @@ void CSecurityTLS::checkSession()
       if (!msg->showMsgBox(UserMsgBox::M_YESNO,
                            "Unexpected server certificate",
                            text.c_str()))
-        throw AuthFailureException("Unexpected server certificate");
+        throw AuthCancelledException();
 
       status &= ~GNUTLS_CERT_NOT_ACTIVATED;
     }
@@ -598,7 +598,7 @@ void CSecurityTLS::checkSession()
       if (!msg->showMsgBox(UserMsgBox::M_YESNO,
                            "Unexpected server certificate",
                            text.c_str()))
-        throw AuthFailureException("Unexpected server certificate");
+        throw AuthCancelledException();
 
       status &= ~GNUTLS_CERT_EXPIRED;
     }
@@ -619,7 +619,7 @@ void CSecurityTLS::checkSession()
       if (!msg->showMsgBox(UserMsgBox::M_YESNO,
                            "Unexpected server certificate",
                            text.c_str()))
-        throw AuthFailureException("Unexpected server certificate");
+        throw AuthCancelledException();
 
       status &= ~GNUTLS_CERT_INSECURE_ALGORITHM;
     }
@@ -646,7 +646,7 @@ void CSecurityTLS::checkSession()
       if (!msg->showMsgBox(UserMsgBox::M_YESNO,
                            "Unexpected server certificate",
                            text.c_str()))
-        throw AuthFailureException("Unexpected server certificate");
+        throw AuthCancelledException();
     }
   }
 

diff --git a/vncviewer/CConn.cxx b/vncviewer/CConn.cxx
index 31f5b74dd8a6b4fc32db2d7a4281bdd73e88b8ae..1f1a590ebe7b0f6a6193f547c2e20a4082b1363a 100644 (file)
--- a/vncviewer/CConn.cxx
+++ b/vncviewer/CConn.cxx
@@ -29,6 +29,7 @@
 
 #include <rfb/CMsgWriter.h>
 #include <rfb/CSecurity.h>
+#include <rfb/Exception.h>
 #include <rfb/Hostname.h>
 #include <rfb/LogWriter.h>
 #include <rfb/Security.h>
@@ -270,6 +271,9 @@ void CConn::socketEvent(FL_SOCKET fd, void *data)
     } else {
       disconnect();
     }
+  } catch (rfb::AuthCancelledException& e) {
+    vlog.info("%s", e.str());
+    disconnect();
   } catch (rdr::Exception& e) {
     vlog.error("%s", e.str());
     abort_connection_with_unexpected_error(e);

diff --git a/vncviewer/UserDialog.cxx b/vncviewer/UserDialog.cxx
index 958b9d66d24aec6464384aa522e5f8c05c59ef24..2ddc5ecc853df998f15e0a55314e128333c30fb3 100644 (file)
--- a/vncviewer/UserDialog.cxx
+++ b/vncviewer/UserDialog.cxx
@@ -204,7 +204,7 @@ void UserDialog::getUserPasswd(bool secure_, std::string* user,
   delete win;
 
   if (ret_val != 0)
-    throw rfb::Exception(_("Authentication cancelled"));
+    throw rfb::AuthCancelledException();
 }
 
 bool UserDialog::showMsgBox(int flags, const char* title, const char* text)