filexfer warnings and messages.

pull/1/head
runge 18 years ago
parent 76d88e3111
commit 1d495291e4

@ -1,5 +1,5 @@
x11vnc README file Date: Sat May 5 10:47:52 EDT 2007 x11vnc README file Date: Sat May 5 14:09:28 EDT 2007
The following information is taken from these URLs: The following information is taken from these URLs:
@ -6827,6 +6827,12 @@ ateway and not a broadcaster?)
implemented, you cannot do Tightvnc file transfer in -unixpw mode. implemented, you cannot do Tightvnc file transfer in -unixpw mode.
UltraVNC file transfer does work, however. UltraVNC file transfer does work, however.
IMPORTANT: please understand if -ultrafilexfer or -tightfilexfer is
specified and you run x11vnc as root for, say, inetd or display
manager (gdm, kdm, ...) access and you do not have it switch users via
the [778]-users option, then VNC Viewers that connect are able to do
filetransfer reads and writes as *root*.
The UltraVNC and TightVNC settings can be toggled on and off inside The UltraVNC and TightVNC settings can be toggled on and off inside
the gui or by -R remote control. However for TightVNC the changed the gui or by -R remote control. However for TightVNC the changed
setting only applies for NEW clients, current clients retain their setting only applies for NEW clients, current clients retain their
@ -6843,7 +6849,7 @@ ateway and not a broadcaster?)
these extensions you will need to supply this option to x11vnc: these extensions you will need to supply this option to x11vnc:
-rfbversion 3.6 -rfbversion 3.6
Or use [778]-ultrafilexfer which is an alias for the above option and Or use [779]-ultrafilexfer which is an alias for the above option and
"-permitfiletransfer". UltraVNC evidently treats any other RFB version "-permitfiletransfer". UltraVNC evidently treats any other RFB version
number as non-UltraVNC. number as non-UltraVNC.
@ -6855,21 +6861,21 @@ ateway and not a broadcaster?)
* 1/n Server Scaling * 1/n Server Scaling
* rfbEncodingUltra compression encoding * rfbEncodingUltra compression encoding
To disable SingleWindow and ServerInput use [779]-noultraext (the To disable SingleWindow and ServerInput use [780]-noultraext (the
others are managed by LibVNCServer). See this option too: others are managed by LibVNCServer). See this option too:
[780]-noserverdpms. [781]-noserverdpms.
Q-112: Can x11vnc emulate UltraVNC's Single Click helpdesk mode? I.e. Q-112: Can x11vnc emulate UltraVNC's Single Click helpdesk mode? I.e.
something very simple for a naive user to initiate a reverse vnc something very simple for a naive user to initiate a reverse vnc
connection from their desktop to a helpdesk operator's VNC Viewer. connection from their desktop to a helpdesk operator's VNC Viewer.
Yes, UltraVNC's [781]Single Click (SC) mode can be emulated reasonably Yes, UltraVNC's [782]Single Click (SC) mode can be emulated reasonably
well on Unix. well on Unix.
We use the term "helpdesk" below, but it could be any sort of remote We use the term "helpdesk" below, but it could be any sort of remote
assistance you want to set up, e.g. something for unix-using friends assistance you want to set up, e.g. something for unix-using friends
or family to use. This includes [782]Mac OS X. or family to use. This includes [783]Mac OS X.
Assume you create a helpdesk directory "hd" on your website: Assume you create a helpdesk directory "hd" on your website:
http://www.mysite.com/hd http://www.mysite.com/hd
@ -6972,9 +6978,9 @@ fi
SSL Encrypted Helpdesk Connections: Currently x11vnc does not support SSL Encrypted Helpdesk Connections: Currently x11vnc does not support
reverse connections in SSL [783]-ssl mode. This may change in a future reverse connections in SSL [784]-ssl mode. This may change in a future
release, until then you would need to cook up something with release, until then you would need to cook up something with
[784]STUNNEL. [785]STUNNEL.
Update: as of Apr/2007 x11vnc supports reverse connections in SSL. Update: as of Apr/2007 x11vnc supports reverse connections in SSL.
Recipe below will be updated (TBD), basically you just add "-ssl SAVE" Recipe below will be updated (TBD), basically you just add "-ssl SAVE"
@ -7130,7 +7136,7 @@ rypto.a -lwrap
You will have to use an external network redirection for this. You will have to use an external network redirection for this.
Filesystem mounting is not part of the VNC protocol. Filesystem mounting is not part of the VNC protocol.
We show a simple [785]Samba example here. We show a simple [786]Samba example here.
First you will need a tunnel to redirect the SMB requests from the First you will need a tunnel to redirect the SMB requests from the
remote machine to the one you sitting at. We use an ssh tunnel: remote machine to the one you sitting at. We use an ssh tunnel:
@ -7167,7 +7173,7 @@ d,ip=127.0.0.1,port=1139
far-away> smbumount /home/fred/smb-haystack-pub far-away> smbumount /home/fred/smb-haystack-pub
At some point we hope to fold some automation for SMB ssh redir setup At some point we hope to fold some automation for SMB ssh redir setup
into the [786]Enhanced TightVNC Viewer (SSVNC) package we provide (as into the [787]Enhanced TightVNC Viewer (SSVNC) package we provide (as
of Sep 2006 it is there for testing). of Sep 2006 it is there for testing).
@ -7177,7 +7183,7 @@ d,ip=127.0.0.1,port=1139
You will have to use an external network redirection for this. You will have to use an external network redirection for this.
Printing is not part of the VNC protocol. Printing is not part of the VNC protocol.
We show a simple Unix to Unix [787]CUPS example here. Non-CUPS port We show a simple Unix to Unix [788]CUPS example here. Non-CUPS port
redirections (e.g. LPD) should also be possible, but may be a bit more redirections (e.g. LPD) should also be possible, but may be a bit more
tricky. If you are viewing on Windows SMB and don't have a local cups tricky. If you are viewing on Windows SMB and don't have a local cups
server it may be trickier still (see below). server it may be trickier still (see below).
@ -7249,7 +7255,7 @@ d,ip=127.0.0.1,port=1139
"localhost". "localhost".
At some point we hope to fold some automation for CUPS ssh redir setup At some point we hope to fold some automation for CUPS ssh redir setup
into the [788]Enhanced TightVNC Viewer (SSVNC) package we provide (as into the [789]Enhanced TightVNC Viewer (SSVNC) package we provide (as
of Sep 2006 it is there for testing). of Sep 2006 it is there for testing).
@ -7350,7 +7356,7 @@ or:
the applications will fail to run because LD_PRELOAD will point to the applications will fail to run because LD_PRELOAD will point to
libraries of the wrong wordsize. libraries of the wrong wordsize.
* At some point we hope to fold some automation for esd or artsd ssh * At some point we hope to fold some automation for esd or artsd ssh
redir setup into the [789]Enhanced TightVNC Viewer (SSVNC) package redir setup into the [790]Enhanced TightVNC Viewer (SSVNC) package
we provide (as of Sep/2006 it is there for testing). we provide (as of Sep/2006 it is there for testing).
@ -7362,9 +7368,9 @@ or:
in Solaris, see Xserver(1) for how to turn it on via +kb), and so you in Solaris, see Xserver(1) for how to turn it on via +kb), and so you
won't hear them if the extension is not present. won't hear them if the extension is not present.
If you don't want to hear the beeps use the [790]-nobell option. If If you don't want to hear the beeps use the [791]-nobell option. If
you want to hear the audio from the remote applications, consider you want to hear the audio from the remote applications, consider
trying a [791]redirector such as esd. trying a [792]redirector such as esd.
@ -8158,20 +8164,21 @@ References
775. http://www.unixuser.org/~euske/vnc2swf/ 775. http://www.unixuser.org/~euske/vnc2swf/
776. http://wolphination.com/linux/2006/06/30/how-to-record-videos-of-your-desktop/ 776. http://wolphination.com/linux/2006/06/30/how-to-record-videos-of-your-desktop/
777. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nofilexfer 777. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nofilexfer
778. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer 778. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users
779. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noultraext 779. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer
780. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms 780. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noultraext
781. http://www.uvnc.com/addons/singleclick.html 781. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms
782. http://www.karlrunge.com/x11vnc/index.html#faq-macosx 782. http://www.uvnc.com/addons/singleclick.html
783. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl 783. http://www.karlrunge.com/x11vnc/index.html#faq-macosx
784. http://stunnel.mirt.net/ 784. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
785. http://www.samba.org/ 785. http://stunnel.mirt.net/
786. http://www.karlrunge.com/x11vnc/ssvnc.html 786. http://www.samba.org/
787. http://www.cups.org/ 787. http://www.karlrunge.com/x11vnc/ssvnc.html
788. http://www.karlrunge.com/x11vnc/ssvnc.html 788. http://www.cups.org/
789. http://www.karlrunge.com/x11vnc/ssvnc.html 789. http://www.karlrunge.com/x11vnc/ssvnc.html
790. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell 790. http://www.karlrunge.com/x11vnc/ssvnc.html
791. http://www.karlrunge.com/x11vnc/index.html#faq-sound 791. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell
792. http://www.karlrunge.com/x11vnc/index.html#faq-sound
======================================================================= =======================================================================
http://www.karlrunge.com/x11vnc/chainingssh.html: http://www.karlrunge.com/x11vnc/chainingssh.html:
@ -11203,11 +11210,27 @@ Options:
per-client viewonly state the filetransfer permissions per-client viewonly state the filetransfer permissions
will NOT change. will NOT change.
IMPORTANT: please understand if -tightfilexfer is
specified and you run x11vnc as root for, say, inetd
or display manager (gdm, kdm, ...) access and you do
not have it switch users via the -users option, then
VNC Viewers that connect are able to do filetransfer
reads and writes as *root*.
Also, tightfilexfer is disabled in -unixpw mode.
-ultrafilexfer Note: to enable UltraVNC filetransfer and to get it to -ultrafilexfer Note: to enable UltraVNC filetransfer and to get it to
work you probably need to supply these libvncserver work you probably need to supply these libvncserver
options: "-rfbversion 3.6 -permitfiletransfer" options: "-rfbversion 3.6 -permitfiletransfer"
"-ultrafilexfer" is an alias for this combination. "-ultrafilexfer" is an alias for this combination.
IMPORTANT: please understand if -ultrafilexfer is
specified and you run x11vnc as root for, say, inetd
or display manager (gdm, kdm, ...) access and you do
not have it switch users via the -users option, then
VNC Viewers that connect are able to do filetransfer
reads and writes as *root*.
Note that sadly you cannot do both -tightfilexfer and Note that sadly you cannot do both -tightfilexfer and
-ultrafilexfer at the same time because the latter -ultrafilexfer at the same time because the latter
requires setting the version to 3.6 and tightvnc will requires setting the version to 3.6 and tightvnc will
@ -12467,7 +12490,7 @@ Options:
character. E.g. "-users +bob" or "-users +nobody". character. E.g. "-users +bob" or "-users +nobody".
The latter (i.e. switching immediately to user The latter (i.e. switching immediately to user
"nobody") is probably the only use of this option "nobody") is the only obvious use of the -users option
that increases security. that increases security.
Use the following notation to associate a group with Use the following notation to associate a group with

@ -676,6 +676,7 @@ void client_gone(rfbClientPtr client) {
screen->permitFileTransfer = unixpw_file_xfer_save; screen->permitFileTransfer = unixpw_file_xfer_save;
if ((tightfilexfer = unixpw_tightvnc_xfer_save)) { if ((tightfilexfer = unixpw_tightvnc_xfer_save)) {
#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER #ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
rfbLog("rfbRegisterTightVNCFileTransferExtension: 3\n");
rfbRegisterTightVNCFileTransferExtension(); rfbRegisterTightVNCFileTransferExtension();
#endif #endif
} }
@ -2220,6 +2221,7 @@ enum rfbNewClientAction new_client(rfbClientPtr client) {
unixpw_tightvnc_xfer_save = tightfilexfer; unixpw_tightvnc_xfer_save = tightfilexfer;
tightfilexfer = 0; tightfilexfer = 0;
#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER #ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
rfbLog("rfbUnregisterTightVNCFileTransferExtension: 1\n");
rfbUnregisterTightVNCFileTransferExtension(); rfbUnregisterTightVNCFileTransferExtension();
#endif #endif

@ -360,11 +360,27 @@ void print_help(int mode) {
" per-client viewonly state the filetransfer permissions\n" " per-client viewonly state the filetransfer permissions\n"
" will NOT change.\n" " will NOT change.\n"
"\n" "\n"
" IMPORTANT: please understand if -tightfilexfer is\n"
" specified and you run x11vnc as root for, say, inetd\n"
" or display manager (gdm, kdm, ...) access and you do\n"
" not have it switch users via the -users option, then\n"
" VNC Viewers that connect are able to do filetransfer\n"
" reads and writes as *root*.\n"
"\n"
" Also, tightfilexfer is disabled in -unixpw mode.\n"
"\n"
"-ultrafilexfer Note: to enable UltraVNC filetransfer and to get it to\n" "-ultrafilexfer Note: to enable UltraVNC filetransfer and to get it to\n"
" work you probably need to supply these libvncserver\n" " work you probably need to supply these libvncserver\n"
" options: \"-rfbversion 3.6 -permitfiletransfer\"\n" " options: \"-rfbversion 3.6 -permitfiletransfer\"\n"
" \"-ultrafilexfer\" is an alias for this combination.\n" " \"-ultrafilexfer\" is an alias for this combination.\n"
"\n" "\n"
" IMPORTANT: please understand if -ultrafilexfer is\n"
" specified and you run x11vnc as root for, say, inetd\n"
" or display manager (gdm, kdm, ...) access and you do\n"
" not have it switch users via the -users option, then\n"
" VNC Viewers that connect are able to do filetransfer\n"
" reads and writes as *root*.\n"
"\n"
" Note that sadly you cannot do both -tightfilexfer and\n" " Note that sadly you cannot do both -tightfilexfer and\n"
" -ultrafilexfer at the same time because the latter\n" " -ultrafilexfer at the same time because the latter\n"
" requires setting the version to 3.6 and tightvnc will\n" " requires setting the version to 3.6 and tightvnc will\n"
@ -1643,7 +1659,7 @@ void print_help(int mode) {
" character. E.g. \"-users +bob\" or \"-users +nobody\".\n" " character. E.g. \"-users +bob\" or \"-users +nobody\".\n"
"\n" "\n"
" The latter (i.e. switching immediately to user\n" " The latter (i.e. switching immediately to user\n"
" \"nobody\") is probably the only use of this option\n" " \"nobody\") is the only obvious use of the -users option\n"
" that increases security.\n" " that increases security.\n"
"\n" "\n"
" Use the following notation to associate a group with\n" " Use the following notation to associate a group with\n"

@ -1274,6 +1274,7 @@ char *process_remote_cmd(char *cmd, int stringonly) {
if (! tightfilexfer) { if (! tightfilexfer) {
rfbLog("remote_cmd: enabling -tightfilexfer for *NEW* clients.\n"); rfbLog("remote_cmd: enabling -tightfilexfer for *NEW* clients.\n");
tightfilexfer = 1; tightfilexfer = 1;
rfbLog("rfbRegisterTightVNCFileTransferExtension: 4\n");
rfbRegisterTightVNCFileTransferExtension(); rfbRegisterTightVNCFileTransferExtension();
} }
#else #else
@ -1289,6 +1290,7 @@ char *process_remote_cmd(char *cmd, int stringonly) {
if (tightfilexfer) { if (tightfilexfer) {
rfbLog("remote_cmd: disabling -tightfilexfer for *NEW* clients.\n"); rfbLog("remote_cmd: disabling -tightfilexfer for *NEW* clients.\n");
tightfilexfer = 0; tightfilexfer = 0;
rfbLog("rfbUnregisterTightVNCFileTransferExtension: 2\n");
rfbUnregisterTightVNCFileTransferExtension(); rfbUnregisterTightVNCFileTransferExtension();
} }
#else #else

@ -1852,7 +1852,7 @@ if (db) fprintf(stderr, "iface: %s\n", iface);
certret_str = NULL; certret_str = NULL;
} }
if (0 && certret_str) { if (0 && certret_str) {
fprintf(stderr, "certret_str[%d]:\n%s\n", sbuf.st_size, certret_str); fprintf(stderr, "certret_str[%d]:\n%s\n", (int) sbuf.st_size, certret_str);
} }
} }

@ -1554,8 +1554,9 @@ void unixpw_accept(char *user) {
unixpw_in_progress = 0; unixpw_in_progress = 0;
screen->permitFileTransfer = unixpw_file_xfer_save; screen->permitFileTransfer = unixpw_file_xfer_save;
if ((tightfilexfer = unixpw_tightvnc_xfer_save)) { if ((tightfilexfer = unixpw_tightvnc_xfer_save)) {
/* this doesn't work the current client is never registered */ /* this doesn't work: the current client is never registered! */
#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER #ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
rfbLog("rfbRegisterTightVNCFileTransferExtension: 1\n");
rfbRegisterTightVNCFileTransferExtension(); rfbRegisterTightVNCFileTransferExtension();
#endif #endif
} }
@ -1602,6 +1603,7 @@ void unixpw_deny(void) {
screen->permitFileTransfer = unixpw_file_xfer_save; screen->permitFileTransfer = unixpw_file_xfer_save;
if ((tightfilexfer = unixpw_tightvnc_xfer_save)) { if ((tightfilexfer = unixpw_tightvnc_xfer_save)) {
#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER #ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
rfbLog("rfbRegisterTightVNCFileTransferExtension: 2\n");
rfbRegisterTightVNCFileTransferExtension(); rfbRegisterTightVNCFileTransferExtension();
#endif #endif
} }

@ -422,6 +422,15 @@ viewonly cannot transfer files. However, if the remote
control mechanism is used to change the global or control mechanism is used to change the global or
per-client viewonly state the filetransfer permissions per-client viewonly state the filetransfer permissions
will NOT change. will NOT change.
.IP
IMPORTANT: please understand if \fB-tightfilexfer\fR is
specified and you run x11vnc as root for, say, inetd
or display manager (gdm, kdm, ...) access and you do
not have it switch users via the \fB-users\fR option, then
VNC Viewers that connect are able to do filetransfer
reads and writes as *root*.
.IP
Also, tightfilexfer is disabled in \fB-unixpw\fR mode.
.PP .PP
\fB-ultrafilexfer\fR \fB-ultrafilexfer\fR
.IP .IP
@ -430,6 +439,13 @@ work you probably need to supply these libvncserver
options: "\fB-rfbversion\fR \fI3.6 \fB-permitfiletransfer\fR"\fR options: "\fB-rfbversion\fR \fI3.6 \fB-permitfiletransfer\fR"\fR
"\fB-ultrafilexfer\fR" is an alias for this combination. "\fB-ultrafilexfer\fR" is an alias for this combination.
.IP .IP
IMPORTANT: please understand if \fB-ultrafilexfer\fR is
specified and you run x11vnc as root for, say, inetd
or display manager (gdm, kdm, ...) access and you do
not have it switch users via the \fB-users\fR option, then
VNC Viewers that connect are able to do filetransfer
reads and writes as *root*.
.IP
Note that sadly you cannot do both \fB-tightfilexfer\fR and Note that sadly you cannot do both \fB-tightfilexfer\fR and
\fB-ultrafilexfer\fR at the same time because the latter \fB-ultrafilexfer\fR at the same time because the latter
requires setting the version to 3.6 and tightvnc will requires setting the version to 3.6 and tightvnc will
@ -1866,7 +1882,7 @@ can be reopened prefix the username with the "+"
character. E.g. "\fB-users\fR \fI+bob\fR" or "\fB-users\fR \fI+nobody\fR". character. E.g. "\fB-users\fR \fI+bob\fR" or "\fB-users\fR \fI+nobody\fR".
.IP .IP
The latter (i.e. switching immediately to user The latter (i.e. switching immediately to user
"nobody") is probably the only use of this option "nobody") is the only obvious use of the \fB-users\fR option
that increases security. that increases security.
.IP .IP
Use the following notation to associate a group with Use the following notation to associate a group with

@ -3227,8 +3227,10 @@ int main(int argc, char* argv[]) {
#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER #ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
if (tightfilexfer) { if (tightfilexfer) {
rfbLog("rfbRegisterTightVNCFileTransferExtension: 6\n");
rfbRegisterTightVNCFileTransferExtension(); rfbRegisterTightVNCFileTransferExtension();
} else { } else {
rfbLog("rfbUnregisterTightVNCFileTransferExtension: 3\n");
rfbUnregisterTightVNCFileTransferExtension(); rfbUnregisterTightVNCFileTransferExtension();
} }
#endif #endif

@ -1422,7 +1422,8 @@ int get_keyboard_led_state_hook(rfbScreenInfoPtr s) {
int get_file_transfer_permitted(rfbClientPtr cl) { int get_file_transfer_permitted(rfbClientPtr cl) {
allowed_input_t input; allowed_input_t input;
if (unixpw_in_progress) { if (unixpw_in_progress) {
rfbLog("get_file_transfer_permitted: unixpw_in_progress, skipping.\n"); rfbLog("get_file_transfer_permitted: unixpw_in_progress, dropping client.\n");
rfbCloseClient(cl);
return FALSE; return FALSE;
} }
if (0) fprintf(stderr, "get_file_transfer_permitted called\n"); if (0) fprintf(stderr, "get_file_transfer_permitted called\n");

Loading…
Cancel
Save