SSVNC sync: stunnel upgrade and patch, change wish order, -anondh -ciphers option

VeNCrypt and TLSVNC support (in pproxy and unix vncviewer). Help text tweaks
  -killstunnel, s_client fixes, No Encryption easier. Zeroconf/avahi support.
  tk font fixes. SSVNC_ULTRA_FTP_JAR finding SSVNC_PREDIGESTED_HANDSHAKE
  SSVNC_SKIP_RFB_PROTOCOL_VERSION, SSVNC_SET_SECURITY_TYPE, etc hacks.
pull/1/head
runge 16 years ago
parent 6fbba525a9
commit 41c7b74a88

@ -82,6 +82,10 @@ The enhanced TightVNC viewer features are:
- Sets up any additional SSH port redirections that you want.
- Zeroconf (aka Bonjour) is used on Unix and Mac OS X to find
VNC servers on your local network if the avahi-browse or dns-sd
program is available and in your PATH.
- Port Knocking for "closed port" SSH/SSL connections. In addition
to a simple fixed port sequence and one-time-pad implementation,
a hook is also provided to run any port knocking client before a
@ -108,6 +112,8 @@ The enhanced TightVNC viewer features are:
- rfbNewFBSize VNC support (screen resizing)
- Client-side Scaling of the Viewer.
- ZRLE VNC encoding support (RealVNC's encoding)
- Support for the ZYWRLE encoding, a wavelet based extension to
@ -268,8 +274,8 @@ Unix/MacOSX Install:
For the conventional source tarball it will compile and install, e.g.:
gzip -dc ssvnc-1.0.20.src.tar.gz | tar xvf -
cd ssvnc-1.0.20
gzip -dc ssvnc-1.0.21.src.tar.gz | tar xvf -
cd ssvnc-1.0.21
make config
make all
make PREFIX=/my/install/dir install
@ -428,9 +434,10 @@ On Mac OS X depending on what you do you need these programs installed:
Lesser used ones: netcat, smbclient, cups
Most Mac OS X and Unix OS come with the main components installed.
See the README.src for a more detailed description of dependencies.
If you need to Build:
--------------------
@ -467,7 +474,7 @@ Feel free to ask us if you need help running ./build.unix
Convential Build:
A more conventional source tarball is provided in ssvnc-x.y.z.src.tar.gz.
It uses a more or less familiar 'make config; make all; make install'
It uses a more or less familiar 'make config; make all; make PREFIX=path install'
method. It does not include stunnel, so that must be installed on the
system separately.

@ -30,7 +30,7 @@ fi
if [ "X$WISH" = "X" ]; then
WISH=wish
for try in wish wish8.3 wish8.4 wish8.5 wish8.6
for try in wish8.4 wish wish8.3 wish8.5 wish8.6
do
if type $try > /dev/null; then
WISH=$try
@ -114,8 +114,8 @@ elif [ ! -d "$dir/$name" -a $nearby = 0 ]; then
echo "Using externel \"vncviewer\" and \"stunnel\" found in PATH."
else
STUNNEL=stunnel
STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
export STUNNEL STUNNEL_EXTRA_OPTS
#STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
#export STUNNEL STUNNEL_EXTRA_OPTS
SSVNC_VIEWER_INTERNAL=1
export SSVNC_VIEWER_INTERNAL
fi

@ -201,8 +201,8 @@ elif [ ! -d "$dir/$name" -a $nearby = 0 ]; then
else
STUNNEL=stunnel
STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
export STUNNEL STUNNEL_EXTRA_OPTS
#STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
#export STUNNEL STUNNEL_EXTRA_OPTS
SSVNC_VIEWER_INTERNAL=1
export SSVNC_VIEWER_INTERNAL
fi

@ -162,6 +162,9 @@ ssh_args=""
showcert=""
reverse=""
ciphers=""
anondh="ALL:RC4+RSA:+SSLv2:@STRENGTH"
if [ "X$1" = "X-viewerflavor" ]; then
# special case, try to guess which viewer:
#
@ -196,6 +199,10 @@ if [ "X$SS_VNCVIEWER_NO_MAXCONN" != "X" ]; then
STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
elif echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then
STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
else
STUNNEL_ONCE=1; export STUNNEL_ONCE
STUNNEL_MAX_CLIENTS=1; export STUNNEL_MAX_CLIENTS
STUNNEL_NO_SYSLOG=1; export STUNNEL_NO_SYSLOG
fi
# grab our cmdline options:
@ -217,6 +224,10 @@ do
;;
"-sshargs") shift; ssh_args="$1"
;;
"-anondh") ciphers="ciphers=$anondh"
;;
"-ciphers") shift; ciphers="ciphers=$1"
;;
"-alpha") gotalpha=1
;;
"-showcert") showcert=1
@ -304,6 +315,47 @@ fi
orig="$1"
shift
dL="-L"
if uname -sr | egrep 'SunOS 5\.[5-8]' > /dev/null; then
dL="-h"
fi
# a portable, but not absolutely safe, tmp file creator
mytmp() {
tf=$1
if type mktemp > /dev/null 2>&1; then
# if we have mktemp(1), use it:
tf2="$tf.XXXXXX"
tf2=`mktemp "$tf2"`
if [ "X$tf2" != "X" -a -f "$tf2" ]; then
if [ "X$DEBUG_MKTEMP" != "X" ]; then
echo "mytmp-mktemp: $tf2" 1>&2
fi
echo "$tf2"
return
fi
fi
# fallback to multiple cmds:
rm -rf "$tf" || exit 1
if [ -d "$tf" ]; then
echo "tmp file $tf still exists as a directory."
exit 1
elif [ $dL "$tf" ]; then
echo "tmp file $tf still exists as a symlink."
exit 1
elif [ -f "$tf" ]; then
echo "tmp file $tf still exists."
exit 1
fi
touch "$tf" || exit 1
chmod 600 "$tf" || exit 1
rchk
if [ "X$DEBUG_MKTEMP" != "X" ]; then
echo "mytmp-touch: $tf" 1>&2
fi
echo "$tf"
}
# set up special case of ultravnc single click III mode:
if echo "$proxy" | egrep "^sslrepeater://" > /dev/null; then
pstr=`echo "$proxy" | sed -e 's,sslrepeater://,,'`
@ -315,6 +367,13 @@ if echo "$proxy" | egrep "^sslrepeater://" > /dev/null; then
echo "reset: SSVNC_REPEATER=$SSVNC_REPEATER orig=$orig proxy=''"
proxy=""
fi
if echo "$proxy" | egrep "vencrypt://" > /dev/null; then
vtmp="/tmp/ss_handshake${RANDOM}.$$.txt"
vtmp=`mytmp "$vtmp"`
SSVNC_PREDIGESTED_HANDSHAKE="$vtmp"
export SSVNC_PREDIGESTED_HANDSHAKE
#echo "SSVNC_PREDIGESTED_HANDSHAKE=$SSVNC_PREDIGESTED_HANDSHAKE"
fi
# check -ssh and -mycert/-verify conflict:
@ -561,47 +620,6 @@ rchk() {
}
rchk
dL="-L"
if uname -sr | egrep 'SunOS 5\.[5-8]' > /dev/null; then
dL="-h"
fi
# a portable, but not absolutely safe, tmp file creator
mytmp() {
tf=$1
if type mktemp > /dev/null 2>&1; then
# if we have mktemp(1), use it:
tf2="$tf.XXXXXX"
tf2=`mktemp "$tf2"`
if [ "X$tf2" != "X" -a -f "$tf2" ]; then
if [ "X$DEBUG_MKTEMP" != "X" ]; then
echo "mytmp-mktemp: $tf2" 1>&2
fi
echo "$tf2"
return
fi
fi
# fallback to multiple cmds:
rm -rf "$tf" || exit 1
if [ -d "$tf" ]; then
echo "tmp file $tf still exists as a directory."
exit 1
elif [ $dL "$tf" ]; then
echo "tmp file $tf still exists as a symlink."
exit 1
elif [ -f "$tf" ]; then
echo "tmp file $tf still exists."
exit 1
fi
touch "$tf" || exit 1
chmod 600 "$tf" || exit 1
rchk
if [ "X$DEBUG_MKTEMP" != "X" ]; then
echo "mytmp-touch: $tf" 1>&2
fi
echo "$tf"
}
# trick for the undocumented rsh://host:port method.
rsh_setup() {
if echo "$ssh_host" | grep '@' > /dev/null; then
@ -665,6 +683,32 @@ if ($ENV{PPROXY_SOCKS} ne "" && $ENV{PPROXY_PROXY} !~ m,^socks5?://,i) {
}
}
my $rfbSecTypeTlsVnc = 18;
my $rfbSecTypeVencrypt = 19;
my $rfbVencryptPlain = 256;
my $rfbVencryptTlsNone = 257;
my $rfbVencryptTlsVnc = 258;
my $rfbVencryptTlsPlain = 259;
my $rfbVencryptX509None = 260;
my $rfbVencryptX509Vnc = 261;
my $rfbVencryptX509Plain = 262;
my $handshake_file = "";
if (exists $ENV{SSVNC_PREDIGESTED_HANDSHAKE}) {
$handshake_file = $ENV{SSVNC_PREDIGESTED_HANDSHAKE};
}
sub append_handshake {
my $str = shift;
if ($handshake_file) {
if (open(HSF, ">>$handshake_file")) {
print HSF $str;
close HSF;
}
}
}
my ($first, $second, $third) = split(/,/, $ENV{PPROXY_PROXY}, 3);
my ($mode_1st, $mode_2nd, $mode_3rd) = ("", "", "");
@ -825,6 +869,18 @@ sub url_parse {
if ($hostport !~ /:\d+/) {
$hostport .= ":5900";
}
} elsif ($hostport =~ m,^vencrypt://(\S*)$,i) {
# vencrypt handshake.
$hostport = $1;
my $m = "connect";
if ($hostpost =~ /^(\S+)\+(\S+)$/) {
$hostport = $1;
$mode = $2;
}
$mode = "vencrypt:$m";
if ($hostport !~ /:\d+/) {
$hostport .= ":5900";
}
}
return ($hostport, $mode);
}
@ -832,6 +888,7 @@ sub url_parse {
sub setmode {
my $mode = shift;
$ENV{PPROXY_REPEATER} = "";
$ENV{PPROXY_VENCRYPT} = "";
if ($mode =~ /^socks/) {
if ($mode =~ /^socks5/) {
$ENV{PPROXY_SOCKS} = 5;
@ -841,6 +898,9 @@ sub setmode {
} elsif ($mode =~ /^repeater:(.*)/) {
$ENV{PPROXY_REPEATER} = $1;
$ENV{PPROXY_SOCKS} = "";
} elsif ($mode =~ /^vencrypt:(.*)/) {
$ENV{PPROXY_VENCRYPT} = $1;
$ENV{PPROXY_SOCKS} = "";
} else {
$ENV{PPROXY_SOCKS} = "";
}
@ -982,6 +1042,9 @@ sub connection {
sysread($sock, $c, 1);
print STDERR $c;
}
} elsif ($ENV{PPROXY_VENCRYPT} ne "") {
my $vencrypt = $ENV{PPROXY_VENCRYPT};
vencrypt_dialog($vencrypt);
} else {
# Web Proxy:
@ -1010,6 +1073,189 @@ sub connection {
}
}
sub vdie {
append_handshake("done\n");
close $sock;
exit(1);
}
sub tlsvnc_handshake {
my ($vmode, $db) = @_;
print STDERR "PPROXY: Doing TLSVNC Handshake\n";
my $psec = pack("C", $rfbSecTypeTlsVnc);
syswrite($sock, $psec, 1);
append_handshake("done\n");
}
sub vencrypt_handshake {
my ($vmode, $db) = @_;
print STDERR "PPROXY: Doing VeNCrypt Handshake\n";
my $psec = pack("C", $rfbSecTypeVencrypt);
syswrite($sock, $psec, 1);
my $vmajor;
my $vminor;
sysread($sock, $vmajor, 1);
sysread($sock, $vminor, 1);
vdie if $vmajor eq "" || $vminor eq "";
$vmajor = unpack("C", $vmajor);
$vminor = unpack("C", $vminor);
print STDERR "$vmajor.$vminor\n" if $db;
vdie if $vmajor ne 0;
vdie if $vminor < 2;
$vmajor = pack("C", 0);
$vminor = pack("C", 2);
append_handshake("subversion=0.2\n");
syswrite($sock, $vmajor, 1);
syswrite($sock, $vminor, 1);
my $result;
sysread($sock, $result, 1);
vdie if $result eq "";
$result = unpack("C", $result);
print STDERR "result=$result\n" if $db;
vdie if $result ne 0;
my $nsubtypes;
sysread($sock, $nsubtypes, 1);
vdie if $nsubtypes eq "";
$nsubtypes = unpack("C", $nsubtypes);
print STDERR "nsubtypes=$nsubtypes\n" if $db;
my %subtypes;
for (my $i = 0; $i < $nsubtypes; $i++) {
my $subtype = "";
sysread($sock, $subtype, 4);
vdie if length($subtype) != 4;
# XXX fix 64bit.
$subtype = unpack("N", $subtype);
print STDERR "subtype: $subtype\n" if $db;
$subtypes{$subtype} = 1;
append_handshake("sst$i=$subtype\n");
}
my $subtype = 0;
if (exists $subtypes{$rfbVencryptX509None}) {
$subtype = $rfbVencryptX509None;
print STDERR "selected rfbVencryptX509None\n" if $db;
} elsif (exists $subtypes{$rfbVencryptX509Vnc}) {
$subtype = $rfbVencryptX509Vnc;
print STDERR "selected rfbVencryptX509Vnc\n" if $db;
} elsif (exists $subtypes{$rfbVencryptX509Plain}) {
$subtype = $rfbVencryptX509Plain;
print STDERR "selected rfbVencryptX509Plain\n" if $db;
} elsif (exists $subtypes{$rfbVencryptTlsNone}) {
$subtype = $rfbVencryptTlsNone;
print STDERR "selected rfbVencryptTlsNone\n" if $db;
} elsif (exists $subtypes{$rfbVencryptTlsVnc}) {
$subtype = $rfbVencryptTlsVnc;
print STDERR "selected rfbVencryptTlsVnc\n" if $db;
} elsif (exists $subtypes{$rfbVencryptTlsPlain}) {
$subtype = $rfbVencryptTlsPlain;
print STDERR "selected rfbVencryptTlsPlain\n" if $db;
}
append_handshake("subtype=$subtype\n");
my $pst = pack("N", $subtype);
syswrite($sock, $pst, 4);
vdie if $subtype == 0;
my $ok;
sysread($sock, $ok, 1);
$ok = unpack("C", $ok);
print STDERR "ok=$ok\n" if $db;
append_handshake("done\n");
vdie if $ok == 0;
}
sub vencrypt_dialog {
my $vmode = shift;
my $db = 0;
$db = 1 if exists $ENV{SS_DEBUG};
append_handshake("mode=$vmode\n");
my $server_rfb = "";
syswrite($sock, $rep, 250);
for (my $i = 0; $i < 12; $i++) {
my $c;
sysread($sock, $c, 1);
$server_rfb .= $c;
print STDERR $c;
}
print STDERR "server_rfb: $server_rfb\n" if $db;
append_handshake("server=$server_rfb");
my $minor = "";
if ($server_rfb =~ /^RFB 003\.(\d+)/) {
$minor = $1;
} else {
vdie;
}
my $viewer_rfb = "RFB 003.008\n";
if ($minor < 7) {
vdie;
} elsif ($minor == 7) {
$viewer_rfb = "RFB 003.007\n";
}
syswrite($sock, $viewer_rfb, 12);
append_handshake("viewer=$viewer_rfb");
my $nsec;
sysread($sock, $nsec, 1);
vdie if $nsec eq "";
$nsec = unpack("C", $nsec);
print STDERR "nsec: $nsec\n" if $db;
vdie if $nsec eq 0 || $nsec > 100;
my %sectypes = ();
for (my $i = 0; $i < $nsec; $i++) {
my $sec;
sysread($sock, $sec, 1);
vdie if $sec eq "";
$sec = unpack("C", $sec);
print STDERR "sec: $sec\n" if $db;
$sectypes{$sec} = 1;
}
if (exists $sectypes{$rfbSecTypeVencrypt}) {
print STDERR "found rfbSecTypeVencrypt\n" if $db;
append_handshake("sectype=$rfbSecTypeVencrypt\n");
vencrypt_handshake($vmode, $db);
} elsif (exists $sectypes{$rfbSecTypeTlsVnc}) {
print STDERR "found rfbSecTypeTlsVnc\n" if $db;
append_handshake("sectype=$rfbSecTypeTlsVnc\n");
tlsvnc_handshake($vmode, $db);
} else {
print STDERR "No supported sec-type found\n" if $db;
vdie;
}
}
sub xfer {
my($in, $out) = @_;
$RIN = $WIN = $EIN = "";
@ -1104,8 +1350,8 @@ if [ "X$use_ssh" = "X1" ]; then
if echo "$proxy" | egrep '(http|https|socks|socks4|socks5)://' > /dev/null; then
# Handle Web or SOCKS proxy(ies) for the initial connect.
Kecho host=$host
Kecho port=$port
Kecho host=$host
Kecho port=$port
pproxy=""
sproxy1=""
sproxy_rest=""
@ -1126,9 +1372,10 @@ Kecho port=$port
done
pproxy=`echo "$pproxy" | sed -e 's/^,,*//' -e 's/,,*/,/g'`
sproxy_rest=`echo "$sproxy_rest" | sed -e 's/^,,*//' -e 's/,,*/,/g'`
Kecho pproxy=$pproxy
Kecho sproxy1=$sproxy1
Kecho sproxy_rest=$sproxy_rest
Kecho pproxy=$pproxy
Kecho sproxy1=$sproxy1
Kecho sproxy_rest=$sproxy_rest
sproxy1_host=""
sproxy1_port=""
@ -1164,9 +1411,9 @@ Kecho sproxy_rest=$sproxy_rest
fi
fi
Kecho sproxy1_host=$sproxy1_host
Kecho sproxy1_port=$sproxy1_port
Kecho sproxy1_user=$sproxy1_user
Kecho sproxy1_host=$sproxy1_host
Kecho sproxy1_port=$sproxy1_port
Kecho sproxy1_user=$sproxy1_user
ptmp="/tmp/ss_vncviewer_ssh${RANDOM}.$$.pl"
ptmp=`mytmp "$ptmp"`
@ -1204,7 +1451,7 @@ Kecho sproxy1_user=$sproxy1_user
if [ "X$sproxy_rest" != "X" ]; then
proxy="$proxy,$sproxy_rest"
fi
Kecho proxy=$proxy
Kecho proxy=$proxy
fi
if echo "$proxy" | grep "," > /dev/null; then
@ -1550,13 +1797,26 @@ if [ "X$showcert" = "X1" ]; then
if [ "X$proxy" != "X" ]; then
PPROXY_LISTEN=$use
export PPROXY_LISTEN
$ptmp 2>/dev/null &
if [ "X$SS_DEBUG" != "X" ]; then
$ptmp &
else
$ptmp 2>/dev/null &
fi
sleep 1
host="localhost"
port="$use"
fi
openssl s_client -connect $host:$port 2>&1 < /dev/null
exit $?
cipher_args=""
if [ "X$ciphers" != "X" ]; then
cipher_args=`echo "$ciphers" | sed -e 's/ciphers=/-cipher /'`
fi
#echo "openssl s_client $cipher_args -connect $host:$port"
openssl s_client $cipher_args -prexit -connect $host:$port 2>&1 < /dev/null
rc=$?
if [ "X$SSVNC_PREDIGESTED_HANDSHAKE" != "X" ]; then
rm -f $SSVNC_PREDIGESTED_HANDSHAKE
fi
exit $rc
fi
if [ "X$direct_connect" != "X" ]; then
@ -1783,6 +2043,7 @@ foreground = yes
pid =
client = yes
debug = 6
$ciphers
$STUNNEL_EXTRA_OPTS
$STUNNEL_EXTRA_OPTS_USER
$verify
@ -1818,6 +2079,7 @@ foreground = yes
pid =
client = no
debug = 6
$ciphers
$STUNNEL_EXTRA_OPTS
$STUNNEL_EXTRA_OPTS_USER
$verify

File diff suppressed because it is too large Load Diff

@ -8,7 +8,7 @@
.\" License as specified in the file LICENCE.TXT that comes with the
.\" TightVNC distribution.
.\"
.TH ssvnc 1 "September 2008" "" "SSVNC"
.TH ssvnc 1 "November 2008" "" "SSVNC"
.SH NAME
ssvnc \- a GUI wrapper for SSL and SSH VNC connections.
.SH SYNOPSIS
@ -21,7 +21,7 @@ ssvnc \- a GUI wrapper for SSL and SSH VNC connections.
.RI [\| saved-profile-name \|]
.br
.B ssvnc
.RI [\| options \|][\| host-or-profile \]
.RI [\| options \|]\ [\| host-or-profile \]
.br
.B ssvnc
.IR \--help
@ -49,7 +49,8 @@ E.g. "fred@far-away.east:0".
As an easter egg, we note it is also possible to disable the use of SSL/SSH
encryption tunnels by using a vnc:// or Vnc:// prefix before
host:display.
host:display. Shift+Ctrl-E is a short-cut to add/remove it.
See also the \fB-noenc\fR option below.
Normally you do not specify any command line options. You simply
run \fBssvnc\fR and use the GUI that starts up.
@ -59,7 +60,7 @@ on the command line to connect to immediately (the GUI is started
and the connection is initiated). For example, "\fBssvnc far-away.east:0\fR"
Instead of a host:display, you can specify the name of a saved profile to
automatically load that profile and then connect to its server.
For example "\fBssvnc far\fR", if you name the profile "far".
For example "\fBssvnc far\fR", if you named the profile "far".
You can use the \fB-profiles\fR option to list the profiles you have saved.
The related commands \fBsshvnc\fR and \fBtsvnc\fR start up the GUI in
@ -108,6 +109,18 @@ Same as SSVNC_NO_VERIFY_ALL_BUTTON=1.
\fB\-bigger\fR
Make the Profile Selection Dialog window bigger.
Same as SSVNC_BIGGER_DIALOG=1.
.TP
\fB\-noenc\fR
Start off in a mode where a 'No Encryption' check button is present.
You can toggle the mode with Ctrl-E.
Same as SSVNC_DISABLE_ENCRYPTION_BUTTON=1. Or noenc=1 in ~/.ssvncrc.
Selecting no encryption is the same as the vnc:// and Vnc:// prefixes
described below.
.TP
\fB\-killstunnel\fR
On Windows, automatically terminate the STUNNEL process when the viewer
exits instead of prompting you (same as killstunnel=1 in ssvnc_rc or
toggle in Options menu)
.SH URL NOTATION
Here are all of our URL-like prefixes that you can put in front of
host:display (or host:port):
@ -116,7 +129,7 @@ For SSL: vncs:// vncssl:// and vnc+ssl://
For SSH: vncssh:// and vnc+ssh://
For No Encryption Tunnel: vnc:// and Vnc://
For No Encryption: vnc:// and Vnc://
Examples:
@ -128,6 +141,10 @@ To quickly make a direct connection: \fBssvnc Vnc://snoopy.com:0\fR
The above will also work in the "VNC Host:Display" entry box in the GUI.
Press the "Connect" button after entering them.
The difference between vnc:// and Vnc:// is that the latter one will not
prompt you whether you really want to make an unencrypted connection
or not.
.SH FILES
Your SSVNC vnc profiles are stored in the \fB$HOME/.vnc/profiles\fR
directory. They end in suffix \fB.vnc\fR

@ -1,7 +1,7 @@
#!/bin/sh
rm -rf ./src/tmp/* || exit 1
vers=1.0.21
vers=1.0.22
cd .. || exit 1
@ -12,7 +12,7 @@ dest=./t.unix_only
rm -rf $dest
mkdir -p $dest || exit 1
tar cvf - ssvnc/{README,COPYING} ssvnc/bin ssvnc/Unix | (cd $dest; tar xvf -)
tar cvf - ssvnc/{README,COPYING,ssvnc.desktop} ssvnc/bin ssvnc/Unix | (cd $dest; tar xvf -)
rm -f $dest/ssvnc/bin/.linkin
tar=ssvnc_unix_only-${vers}.tar.gz
@ -25,8 +25,7 @@ dest=./t.unix_minimal
rm -rf $dest
mkdir -p $dest || exit 1
#tar cvf - ssvnc/{README,COPYING} ssvnc/bin/{ss*,util/ss*} ssvnc/Unix | (cd $dest; tar xvf -)
tar cvf - ssvnc/{README,COPYING} ssvnc/bin/{ss*,util/ss*} | (cd $dest; tar xvf -)
tar cvf - ssvnc/{README,COPYING,ssvnc.desktop} ssvnc/bin/{ss*,util/ss*} | (cd $dest; tar xvf -)
tar=ssvnc_unix_minimal-${vers}.tar.gz
(cd $dest; tar czvf ../$tar ssvnc)
@ -46,7 +45,7 @@ data__() {'
scr=./ssvnc.sh
echo "$top" > $scr
(cd ssvnc; tar cvf - README COPYING bin/{ss*,util/ss*}) >> $scr
(cd ssvnc; tar cvf - README COPYING ssvnc.desktop bin/{ss*,util/ss*}) >> $scr
chmod 755 $scr
ls -l $scr

@ -1,124 +1,56 @@
diff -Naur stunnel.orig/src/client.c stunnel/src/client.c
--- stunnel.orig/src/client.c 2005-10-24 14:00:56.000000000 -0400
+++ stunnel/src/client.c 2006-07-31 21:51:37.000000000 -0400
@@ -126,6 +126,10 @@
--- stunnel.orig/src/client.c 2008-03-27 04:35:27.000000000 -0400
+++ stunnel/src/client.c 2008-11-19 21:40:00.000000000 -0500
@@ -191,6 +191,7 @@
enter_critical_section(CRIT_CLIENTS); /* for multi-cpu machines */
s_log(LOG_DEBUG, "%s finished (%d left)", c->opt->servname,
--num_clients);
+ if (getenv("STUNNEL_ONCE")) {fprintf(stderr, "stunnel: exiting.\n"); exit(0);}
leave_critical_section(CRIT_CLIENTS);
+ if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
+ s_log(LOG_NOTICE, "client() finished: exceeded maxconn");
+ exit(0);
+ }
#endif
free(c);
#ifdef DEBUG_STACK_SIZE
}
diff -Naur stunnel.orig/src/network.c stunnel/src/network.c
--- stunnel.orig/src/network.c 2005-10-30 16:35:42.000000000 -0500
+++ stunnel/src/network.c 2006-07-31 21:53:49.000000000 -0400
@@ -329,6 +329,10 @@
--- stunnel.orig/src/network.c 2008-03-27 05:28:16.000000000 -0400
+++ stunnel/src/network.c 2008-11-19 21:39:41.000000000 -0500
@@ -346,6 +346,7 @@
/* no logging is possible in a signal handler */
#ifdef USE_FORK
num_clients--; /* one client less */
+ if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
+ s_log(LOG_NOTICE, "sigchld_handler() finished: exceeded maxconn");
+ exit(0);
+ }
--num_clients; /* one client less */
+ if (getenv("STUNNEL_ONCE")) exit(0);
#endif /* USE_FORK */
}
#else /* __sgi */
@@ -375,6 +379,10 @@
@@ -432,9 +433,11 @@
#ifdef HAVE_WAIT_FOR_PID
while((pid=wait_for_pid(-1, &status, WNOHANG))>0) {
--num_clients; /* one client less */
+ if (getenv("STUNNEL_ONCE")) exit(0);
#else
if((pid=wait(&status))>0) {
num_clients--; /* one client less */
--num_clients; /* one client less */
+ if (getenv("STUNNEL_ONCE")) exit(0);
#endif
+ if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
+ s_log(LOG_NOTICE, "client_status() finished: exceeded maxconn");
+ exit(0);
+ }
#ifdef WIFSIGNALED
if(WIFSIGNALED(status)) {
s_log(LOG_DEBUG, "Process %d terminated on signal %d (%d left)",
diff -Naur stunnel.orig/src/options.c stunnel/src/options.c
--- stunnel.orig/src/options.c 2005-10-20 03:12:07.000000000 -0400
+++ stunnel/src/options.c 2006-07-31 22:49:57.000000000 -0400
@@ -665,6 +665,24 @@
--- stunnel.orig/src/options.c 2008-06-21 17:18:23.000000000 -0400
+++ stunnel/src/options.c 2008-11-19 21:15:01.000000000 -0500
@@ -465,6 +465,7 @@
switch(cmd) {
case CMD_INIT:
options.option.syslog=1;
+ if (getenv("STUNNEL_NO_SYSLOG")) options.option.syslog=0;
break;
}
+ /* maxconn */
+ switch(cmd) {
+ case CMD_INIT:
+ options.maxconn=0;
+ break;
+ case CMD_EXEC:
+ if(strcasecmp(opt, "maxconn"))
+ break;
+ options.maxconn=atoi(arg);
+ return NULL; /* OK */
+ case CMD_DEFAULT:
+ log_raw("%-15s = 0", "maxconn");
+ break;
+ case CMD_HELP:
+ log_raw("%-15s = maximum number of accepted connections", "maxconn");
+ break;
+ }
+
if(cmd==CMD_EXEC)
return option_not_found;
return NULL; /* OK */
diff -Naur stunnel.orig/src/prototypes.h stunnel/src/prototypes.h
--- stunnel.orig/src/prototypes.h 2005-10-27 05:41:28.000000000 -0400
+++ stunnel/src/prototypes.h 2006-07-31 22:49:36.000000000 -0400
@@ -44,6 +44,7 @@
/**************************************** Prototypes for stunnel.c */
extern int num_clients;
+extern int num_conn;
void main_initialize(char *, char *);
void main_execute(void);
@@ -113,6 +114,7 @@
long session_timeout;
int verify_level;
int verify_use_only_my;
+ int maxconn;
long ssl_options;
/* some global data for stunnel.c */
case CMD_EXEC:
if(strcasecmp(opt, "syslog"))
diff -Naur stunnel.orig/src/stunnel.c stunnel/src/stunnel.c
--- stunnel.orig/src/stunnel.c 2005-11-02 15:18:42.000000000 -0500
+++ stunnel/src/stunnel.c 2006-07-31 21:40:04.000000000 -0400
@@ -53,6 +53,7 @@
#endif
int num_clients=0; /* Current number of clients */
+int num_conn=0; /* Total number of connections */
/* Functions */
@@ -138,6 +139,7 @@
--- stunnel.orig/src/stunnel.c 2008-06-21 17:32:45.000000000 -0400
+++ stunnel/src/stunnel.c 2008-11-19 21:14:28.000000000 -0500
@@ -301,6 +301,7 @@
}
#endif
#endif
+ if (getenv("STUNNEL_MAX_CLIENTS")) max_clients = atoi(getenv("STUNNEL_MAX_CLIENTS"));
}
num_clients=0;
+ num_conn=0;
/* bind local ports */
for(opt=local_options.next; opt; opt=opt->next) {
@@ -222,6 +224,18 @@
return; /* error */
}
}
+ num_conn++;
+fprintf(stderr, "num_conn: %d\n", num_conn);
+ if (options.maxconn > 0 && num_conn > options.maxconn) {
+ s_log(LOG_WARNING, "Connection rejected: exceeded maxconn (%d>%d)",
+ num_conn, options.maxconn);
+ closesocket(s);
+ if (num_clients == 0) {
+ s_log(LOG_WARNING, "Finished via maxconn.");
+ exit(0);
+ }
+ return;
+ }
s_ntop(from_address, &addr);
s_log(LOG_DEBUG, "%s accepted FD=%d from %s",
opt->servname, s, from_address);
#if !defined (USE_WIN32) && !defined (__vms) && !defined(USE_OS2)

@ -0,0 +1,11 @@
[Desktop Entry]
# Copy this file to "/usr/shared/applications/ssvnc.desktop" then SSVNC will
# appear in desktop menus (once they are updated; e.g. update-menus command).
Name=SSL/SSH VNC Viewer
Comment=SSVNC - access remote VNC desktops
Exec=ssvnc -noenc
Icon=computer
Terminal=false
Type=Application
StartupWMClass=Ssvnc.tcl
Categories=Network;RemoteAccess;
Loading…
Cancel
Save