filexfer warnings and messages.

pull/1/head
runge 17 years ago
parent 76d88e3111
commit 1d495291e4

@ -1,5 +1,5 @@
x11vnc README file Date: Sat May 5 10:47:52 EDT 2007
x11vnc README file Date: Sat May 5 14:09:28 EDT 2007
The following information is taken from these URLs:
@ -6827,6 +6827,12 @@ ateway and not a broadcaster?)
implemented, you cannot do Tightvnc file transfer in -unixpw mode.
UltraVNC file transfer does work, however.
IMPORTANT: please understand if -ultrafilexfer or -tightfilexfer is
specified and you run x11vnc as root for, say, inetd or display
manager (gdm, kdm, ...) access and you do not have it switch users via
the [778]-users option, then VNC Viewers that connect are able to do
filetransfer reads and writes as *root*.
The UltraVNC and TightVNC settings can be toggled on and off inside
the gui or by -R remote control. However for TightVNC the changed
setting only applies for NEW clients, current clients retain their
@ -6843,7 +6849,7 @@ ateway and not a broadcaster?)
these extensions you will need to supply this option to x11vnc:
-rfbversion 3.6
Or use [778]-ultrafilexfer which is an alias for the above option and
Or use [779]-ultrafilexfer which is an alias for the above option and
"-permitfiletransfer". UltraVNC evidently treats any other RFB version
number as non-UltraVNC.
@ -6855,21 +6861,21 @@ ateway and not a broadcaster?)
* 1/n Server Scaling
* rfbEncodingUltra compression encoding
To disable SingleWindow and ServerInput use [779]-noultraext (the
To disable SingleWindow and ServerInput use [780]-noultraext (the
others are managed by LibVNCServer). See this option too:
[780]-noserverdpms.
[781]-noserverdpms.
Q-112: Can x11vnc emulate UltraVNC's Single Click helpdesk mode? I.e.
something very simple for a naive user to initiate a reverse vnc
connection from their desktop to a helpdesk operator's VNC Viewer.
Yes, UltraVNC's [781]Single Click (SC) mode can be emulated reasonably
Yes, UltraVNC's [782]Single Click (SC) mode can be emulated reasonably
well on Unix.
We use the term "helpdesk" below, but it could be any sort of remote
assistance you want to set up, e.g. something for unix-using friends
or family to use. This includes [782]Mac OS X.
or family to use. This includes [783]Mac OS X.
Assume you create a helpdesk directory "hd" on your website:
http://www.mysite.com/hd
@ -6972,9 +6978,9 @@ fi
SSL Encrypted Helpdesk Connections: Currently x11vnc does not support
reverse connections in SSL [783]-ssl mode. This may change in a future
reverse connections in SSL [784]-ssl mode. This may change in a future
release, until then you would need to cook up something with
[784]STUNNEL.
[785]STUNNEL.
Update: as of Apr/2007 x11vnc supports reverse connections in SSL.
Recipe below will be updated (TBD), basically you just add "-ssl SAVE"
@ -7130,7 +7136,7 @@ rypto.a -lwrap
You will have to use an external network redirection for this.
Filesystem mounting is not part of the VNC protocol.
We show a simple [785]Samba example here.
We show a simple [786]Samba example here.
First you will need a tunnel to redirect the SMB requests from the
remote machine to the one you sitting at. We use an ssh tunnel:
@ -7167,7 +7173,7 @@ d,ip=127.0.0.1,port=1139
far-away> smbumount /home/fred/smb-haystack-pub
At some point we hope to fold some automation for SMB ssh redir setup
into the [786]Enhanced TightVNC Viewer (SSVNC) package we provide (as
into the [787]Enhanced TightVNC Viewer (SSVNC) package we provide (as
of Sep 2006 it is there for testing).
@ -7177,7 +7183,7 @@ d,ip=127.0.0.1,port=1139
You will have to use an external network redirection for this.
Printing is not part of the VNC protocol.
We show a simple Unix to Unix [787]CUPS example here. Non-CUPS port
We show a simple Unix to Unix [788]CUPS example here. Non-CUPS port
redirections (e.g. LPD) should also be possible, but may be a bit more
tricky. If you are viewing on Windows SMB and don't have a local cups
server it may be trickier still (see below).
@ -7249,7 +7255,7 @@ d,ip=127.0.0.1,port=1139
"localhost".
At some point we hope to fold some automation for CUPS ssh redir setup
into the [788]Enhanced TightVNC Viewer (SSVNC) package we provide (as
into the [789]Enhanced TightVNC Viewer (SSVNC) package we provide (as
of Sep 2006 it is there for testing).
@ -7350,7 +7356,7 @@ or:
the applications will fail to run because LD_PRELOAD will point to
libraries of the wrong wordsize.
* At some point we hope to fold some automation for esd or artsd ssh
redir setup into the [789]Enhanced TightVNC Viewer (SSVNC) package
redir setup into the [790]Enhanced TightVNC Viewer (SSVNC) package
we provide (as of Sep/2006 it is there for testing).
@ -7362,9 +7368,9 @@ or:
in Solaris, see Xserver(1) for how to turn it on via +kb), and so you
won't hear them if the extension is not present.
If you don't want to hear the beeps use the [790]-nobell option. If
If you don't want to hear the beeps use the [791]-nobell option. If
you want to hear the audio from the remote applications, consider
trying a [791]redirector such as esd.
trying a [792]redirector such as esd.
@ -8158,20 +8164,21 @@ References
775. http://www.unixuser.org/~euske/vnc2swf/
776. http://wolphination.com/linux/2006/06/30/how-to-record-videos-of-your-desktop/
777. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nofilexfer
778. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer
779. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noultraext
780. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms
781. http://www.uvnc.com/addons/singleclick.html
782. http://www.karlrunge.com/x11vnc/index.html#faq-macosx
783. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
784. http://stunnel.mirt.net/
785. http://www.samba.org/
786. http://www.karlrunge.com/x11vnc/ssvnc.html
787. http://www.cups.org/
788. http://www.karlrunge.com/x11vnc/ssvnc.html
778. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users
779. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer
780. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noultraext
781. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms
782. http://www.uvnc.com/addons/singleclick.html
783. http://www.karlrunge.com/x11vnc/index.html#faq-macosx
784. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
785. http://stunnel.mirt.net/
786. http://www.samba.org/
787. http://www.karlrunge.com/x11vnc/ssvnc.html
788. http://www.cups.org/
789. http://www.karlrunge.com/x11vnc/ssvnc.html
790. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell
791. http://www.karlrunge.com/x11vnc/index.html#faq-sound
790. http://www.karlrunge.com/x11vnc/ssvnc.html
791. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell
792. http://www.karlrunge.com/x11vnc/index.html#faq-sound
=======================================================================
http://www.karlrunge.com/x11vnc/chainingssh.html:
@ -11203,11 +11210,27 @@ Options:
per-client viewonly state the filetransfer permissions
will NOT change.
IMPORTANT: please understand if -tightfilexfer is
specified and you run x11vnc as root for, say, inetd
or display manager (gdm, kdm, ...) access and you do
not have it switch users via the -users option, then
VNC Viewers that connect are able to do filetransfer
reads and writes as *root*.
Also, tightfilexfer is disabled in -unixpw mode.
-ultrafilexfer Note: to enable UltraVNC filetransfer and to get it to
work you probably need to supply these libvncserver
options: "-rfbversion 3.6 -permitfiletransfer"
"-ultrafilexfer" is an alias for this combination.
IMPORTANT: please understand if -ultrafilexfer is
specified and you run x11vnc as root for, say, inetd
or display manager (gdm, kdm, ...) access and you do
not have it switch users via the -users option, then
VNC Viewers that connect are able to do filetransfer
reads and writes as *root*.
Note that sadly you cannot do both -tightfilexfer and
-ultrafilexfer at the same time because the latter
requires setting the version to 3.6 and tightvnc will
@ -12467,7 +12490,7 @@ Options:
character. E.g. "-users +bob" or "-users +nobody".
The latter (i.e. switching immediately to user
"nobody") is probably the only use of this option
"nobody") is the only obvious use of the -users option
that increases security.
Use the following notation to associate a group with

@ -676,6 +676,7 @@ void client_gone(rfbClientPtr client) {
screen->permitFileTransfer = unixpw_file_xfer_save;
if ((tightfilexfer = unixpw_tightvnc_xfer_save)) {
#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
rfbLog("rfbRegisterTightVNCFileTransferExtension: 3\n");
rfbRegisterTightVNCFileTransferExtension();
#endif
}
@ -2220,6 +2221,7 @@ enum rfbNewClientAction new_client(rfbClientPtr client) {
unixpw_tightvnc_xfer_save = tightfilexfer;
tightfilexfer = 0;
#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
rfbLog("rfbUnregisterTightVNCFileTransferExtension: 1\n");
rfbUnregisterTightVNCFileTransferExtension();
#endif

@ -360,11 +360,27 @@ void print_help(int mode) {
" per-client viewonly state the filetransfer permissions\n"
" will NOT change.\n"
"\n"
" IMPORTANT: please understand if -tightfilexfer is\n"
" specified and you run x11vnc as root for, say, inetd\n"
" or display manager (gdm, kdm, ...) access and you do\n"
" not have it switch users via the -users option, then\n"
" VNC Viewers that connect are able to do filetransfer\n"
" reads and writes as *root*.\n"
"\n"
" Also, tightfilexfer is disabled in -unixpw mode.\n"
"\n"
"-ultrafilexfer Note: to enable UltraVNC filetransfer and to get it to\n"
" work you probably need to supply these libvncserver\n"
" options: \"-rfbversion 3.6 -permitfiletransfer\"\n"
" \"-ultrafilexfer\" is an alias for this combination.\n"
"\n"
" IMPORTANT: please understand if -ultrafilexfer is\n"
" specified and you run x11vnc as root for, say, inetd\n"
" or display manager (gdm, kdm, ...) access and you do\n"
" not have it switch users via the -users option, then\n"
" VNC Viewers that connect are able to do filetransfer\n"
" reads and writes as *root*.\n"
"\n"
" Note that sadly you cannot do both -tightfilexfer and\n"
" -ultrafilexfer at the same time because the latter\n"
" requires setting the version to 3.6 and tightvnc will\n"
@ -1643,7 +1659,7 @@ void print_help(int mode) {
" character. E.g. \"-users +bob\" or \"-users +nobody\".\n"
"\n"
" The latter (i.e. switching immediately to user\n"
" \"nobody\") is probably the only use of this option\n"
" \"nobody\") is the only obvious use of the -users option\n"
" that increases security.\n"
"\n"
" Use the following notation to associate a group with\n"

@ -1274,6 +1274,7 @@ char *process_remote_cmd(char *cmd, int stringonly) {
if (! tightfilexfer) {
rfbLog("remote_cmd: enabling -tightfilexfer for *NEW* clients.\n");
tightfilexfer = 1;
rfbLog("rfbRegisterTightVNCFileTransferExtension: 4\n");
rfbRegisterTightVNCFileTransferExtension();
}
#else
@ -1289,6 +1290,7 @@ char *process_remote_cmd(char *cmd, int stringonly) {
if (tightfilexfer) {
rfbLog("remote_cmd: disabling -tightfilexfer for *NEW* clients.\n");
tightfilexfer = 0;
rfbLog("rfbUnregisterTightVNCFileTransferExtension: 2\n");
rfbUnregisterTightVNCFileTransferExtension();
}
#else

@ -1852,7 +1852,7 @@ if (db) fprintf(stderr, "iface: %s\n", iface);
certret_str = NULL;
}
if (0 && certret_str) {
fprintf(stderr, "certret_str[%d]:\n%s\n", sbuf.st_size, certret_str);
fprintf(stderr, "certret_str[%d]:\n%s\n", (int) sbuf.st_size, certret_str);
}
}

@ -1554,8 +1554,9 @@ void unixpw_accept(char *user) {
unixpw_in_progress = 0;
screen->permitFileTransfer = unixpw_file_xfer_save;
if ((tightfilexfer = unixpw_tightvnc_xfer_save)) {
/* this doesn't work the current client is never registered */
/* this doesn't work: the current client is never registered! */
#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
rfbLog("rfbRegisterTightVNCFileTransferExtension: 1\n");
rfbRegisterTightVNCFileTransferExtension();
#endif
}
@ -1602,6 +1603,7 @@ void unixpw_deny(void) {
screen->permitFileTransfer = unixpw_file_xfer_save;
if ((tightfilexfer = unixpw_tightvnc_xfer_save)) {
#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
rfbLog("rfbRegisterTightVNCFileTransferExtension: 2\n");
rfbRegisterTightVNCFileTransferExtension();
#endif
}

@ -422,6 +422,15 @@ viewonly cannot transfer files. However, if the remote
control mechanism is used to change the global or
per-client viewonly state the filetransfer permissions
will NOT change.
.IP
IMPORTANT: please understand if \fB-tightfilexfer\fR is
specified and you run x11vnc as root for, say, inetd
or display manager (gdm, kdm, ...) access and you do
not have it switch users via the \fB-users\fR option, then
VNC Viewers that connect are able to do filetransfer
reads and writes as *root*.
.IP
Also, tightfilexfer is disabled in \fB-unixpw\fR mode.
.PP
\fB-ultrafilexfer\fR
.IP
@ -430,6 +439,13 @@ work you probably need to supply these libvncserver
options: "\fB-rfbversion\fR \fI3.6 \fB-permitfiletransfer\fR"\fR
"\fB-ultrafilexfer\fR" is an alias for this combination.
.IP
IMPORTANT: please understand if \fB-ultrafilexfer\fR is
specified and you run x11vnc as root for, say, inetd
or display manager (gdm, kdm, ...) access and you do
not have it switch users via the \fB-users\fR option, then
VNC Viewers that connect are able to do filetransfer
reads and writes as *root*.
.IP
Note that sadly you cannot do both \fB-tightfilexfer\fR and
\fB-ultrafilexfer\fR at the same time because the latter
requires setting the version to 3.6 and tightvnc will
@ -1866,7 +1882,7 @@ can be reopened prefix the username with the "+"
character. E.g. "\fB-users\fR \fI+bob\fR" or "\fB-users\fR \fI+nobody\fR".
.IP
The latter (i.e. switching immediately to user
"nobody") is probably the only use of this option
"nobody") is the only obvious use of the \fB-users\fR option
that increases security.
.IP
Use the following notation to associate a group with

@ -3227,8 +3227,10 @@ int main(int argc, char* argv[]) {
#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
if (tightfilexfer) {
rfbLog("rfbRegisterTightVNCFileTransferExtension: 6\n");
rfbRegisterTightVNCFileTransferExtension();
} else {
rfbLog("rfbUnregisterTightVNCFileTransferExtension: 3\n");
rfbUnregisterTightVNCFileTransferExtension();
}
#endif

@ -1422,7 +1422,8 @@ int get_keyboard_led_state_hook(rfbScreenInfoPtr s) {
int get_file_transfer_permitted(rfbClientPtr cl) {
allowed_input_t input;
if (unixpw_in_progress) {
rfbLog("get_file_transfer_permitted: unixpw_in_progress, skipping.\n");
rfbLog("get_file_transfer_permitted: unixpw_in_progress, dropping client.\n");
rfbCloseClient(cl);
return FALSE;
}
if (0) fprintf(stderr, "get_file_transfer_permitted called\n");

Loading…
Cancel
Save