TDE
/
libtdevnc
mirror of https://mirror.git.trinitydesktop.org/gitea/TDE/libtdevnc
0
0
Fork 0
Code Issues Releases Wiki Activity

SSVNC sync: stunnel upgrade and patch, change wish order, -anondh -ciphers option

Browse Source 
VeNCrypt and TLSVNC support (in pproxy and unix vncviewer). Help text tweaks
  -killstunnel, s_client fixes, No Encryption easier. Zeroconf/avahi support.
  tk font fixes. SSVNC_ULTRA_FTP_JAR finding SSVNC_PREDIGESTED_HANDSHAKE
  SSVNC_SKIP_RFB_PROTOCOL_VERSION, SSVNC_SET_SECURITY_TYPE, etc hacks.
pull/1/head
runge 16 years ago
parent 6fbba525a9
commit 41c7b74a88
10 changed files with 2359 additions and 872 deletions
Show Stats Download Patch File Download Diff File

15
x11vnc/misc/enhanced_tightvnc_viewer/README
Unescape View File

@ -82,6 +82,10 @@ The enhanced TightVNC viewer features are:
- Sets up any additional SSH port redirections that you want. - Sets up any additional SSH port redirections that you want.
- Zeroconf (aka Bonjour) is used on Unix and Mac OS X to find
VNC servers on your local network if the avahi-browse or dns-sd
program is available and in your PATH.
- Port Knocking for "closed port" SSH/SSL connections. In addition - Port Knocking for "closed port" SSH/SSL connections. In addition
to a simple fixed port sequence and one-time-pad implementation, to a simple fixed port sequence and one-time-pad implementation,
a hook is also provided to run any port knocking client before a a hook is also provided to run any port knocking client before a
@ -108,6 +112,8 @@ The enhanced TightVNC viewer features are:
- rfbNewFBSize VNC support (screen resizing) - rfbNewFBSize VNC support (screen resizing)
- Client-side Scaling of the Viewer.
- ZRLE VNC encoding support (RealVNC's encoding) - ZRLE VNC encoding support (RealVNC's encoding)
- Support for the ZYWRLE encoding, a wavelet based extension to - Support for the ZYWRLE encoding, a wavelet based extension to
@ -268,8 +274,8 @@ Unix/MacOSX Install:
For the conventional source tarball it will compile and install, e.g.: For the conventional source tarball it will compile and install, e.g.:
gzip -dc ssvnc-1.0.20.src.tar.gz | tar xvf - gzip -dc ssvnc-1.0.21.src.tar.gz | tar xvf -
cd ssvnc-1.0.20 cd ssvnc-1.0.21
make config make config
make all make all
make PREFIX=/my/install/dir install make PREFIX=/my/install/dir install
@ -428,9 +434,10 @@ On Mac OS X depending on what you do you need these programs installed:
Lesser used ones: netcat, smbclient, cups Lesser used ones: netcat, smbclient, cups
Most Mac OS X and Unix OS come with the main components installed. Most Mac OS X and Unix OS come with the main components installed.
See the README.src for a more detailed description of dependencies.
If you need to Build: If you need to Build:
-------------------- --------------------
@ -467,7 +474,7 @@ Feel free to ask us if you need help running ./build.unix
Convential Build: Convential Build:
A more conventional source tarball is provided in ssvnc-x.y.z.src.tar.gz. A more conventional source tarball is provided in ssvnc-x.y.z.src.tar.gz.
It uses a more or less familiar 'make config; make all; make install' It uses a more or less familiar 'make config; make all; make PREFIX=path install'
method. It does not include stunnel, so that must be installed on the method. It does not include stunnel, so that must be installed on the
system separately. system separately.

6
x11vnc/misc/enhanced_tightvnc_viewer/bin/ssvnc
Unescape View File

@ -30,7 +30,7 @@ fi
if [ "X$WISH" = "X" ]; then if [ "X$WISH" = "X" ]; then
WISH=wish WISH=wish
for try in wish wish8.3 wish8.4 wish8.5 wish8.6 for try in wish8.4 wish wish8.3 wish8.5 wish8.6
do do
if type $try > /dev/null; then if type $try > /dev/null; then
WISH=$try WISH=$try
@ -114,8 +114,8 @@ elif [ ! -d "$dir/$name" -a $nearby = 0 ]; then
echo "Using externel \"vncviewer\" and \"stunnel\" found in PATH." echo "Using externel \"vncviewer\" and \"stunnel\" found in PATH."
else else
STUNNEL=stunnel STUNNEL=stunnel
STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"} #STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
export STUNNEL STUNNEL_EXTRA_OPTS #export STUNNEL STUNNEL_EXTRA_OPTS
SSVNC_VIEWER_INTERNAL=1 SSVNC_VIEWER_INTERNAL=1
export SSVNC_VIEWER_INTERNAL export SSVNC_VIEWER_INTERNAL
fi fi

4
x11vnc/misc/enhanced_tightvnc_viewer/bin/ssvnc_cmd
Unescape View File

@ -201,8 +201,8 @@ elif [ ! -d "$dir/$name" -a $nearby = 0 ]; then
else else
STUNNEL=stunnel STUNNEL=stunnel
STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"} #STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
export STUNNEL STUNNEL_EXTRA_OPTS #export STUNNEL STUNNEL_EXTRA_OPTS
SSVNC_VIEWER_INTERNAL=1 SSVNC_VIEWER_INTERNAL=1
export SSVNC_VIEWER_INTERNAL export SSVNC_VIEWER_INTERNAL
fi fi

368
x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
Unescape View File

@ -162,6 +162,9 @@ ssh_args=""
showcert="" showcert=""
reverse="" reverse=""
ciphers=""
anondh="ALL:RC4+RSA:+SSLv2:@STRENGTH"
if [ "X$1" = "X-viewerflavor" ]; then if [ "X$1" = "X-viewerflavor" ]; then
# special case, try to guess which viewer: # special case, try to guess which viewer:
# #
@ -196,6 +199,10 @@ if [ "X$SS_VNCVIEWER_NO_MAXCONN" != "X" ]; then
STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'` STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
elif echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then elif echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then
STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'` STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
else
STUNNEL_ONCE=1; export STUNNEL_ONCE
STUNNEL_MAX_CLIENTS=1; export STUNNEL_MAX_CLIENTS
STUNNEL_NO_SYSLOG=1; export STUNNEL_NO_SYSLOG
fi fi
# grab our cmdline options: # grab our cmdline options:
@ -217,6 +224,10 @@ do
;; ;;
"-sshargs") shift; ssh_args="$1" "-sshargs") shift; ssh_args="$1"
;; ;;
"-anondh") ciphers="ciphers=$anondh"
;;
"-ciphers") shift; ciphers="ciphers=$1"
;;
"-alpha") gotalpha=1 "-alpha") gotalpha=1
;; ;;
"-showcert") showcert=1 "-showcert") showcert=1
@ -304,6 +315,47 @@ fi
orig="$1" orig="$1"
shift shift
dL="-L"
if uname -sr | egrep 'SunOS 5\.[5-8]' > /dev/null; then
dL="-h"
fi
# a portable, but not absolutely safe, tmp file creator
mytmp() {
tf=$1
if type mktemp > /dev/null 2>&1; then
# if we have mktemp(1), use it:
tf2="$tf.XXXXXX"
tf2=`mktemp "$tf2"`
if [ "X$tf2" != "X" -a -f "$tf2" ]; then
if [ "X$DEBUG_MKTEMP" != "X" ]; then
echo "mytmp-mktemp: $tf2" 1>&2
fi
echo "$tf2"
return
fi
fi
# fallback to multiple cmds:
rm -rf "$tf" || exit 1
if [ -d "$tf" ]; then
echo "tmp file $tf still exists as a directory."
exit 1
elif [ $dL "$tf" ]; then
echo "tmp file $tf still exists as a symlink."
exit 1
elif [ -f "$tf" ]; then
echo "tmp file $tf still exists."
exit 1
fi
touch "$tf" || exit 1
chmod 600 "$tf" || exit 1
rchk
if [ "X$DEBUG_MKTEMP" != "X" ]; then
echo "mytmp-touch: $tf" 1>&2
fi
echo "$tf"
}
# set up special case of ultravnc single click III mode: # set up special case of ultravnc single click III mode:
if echo "$proxy" | egrep "^sslrepeater://" > /dev/null; then if echo "$proxy" | egrep "^sslrepeater://" > /dev/null; then
pstr=`echo "$proxy" | sed -e 's,sslrepeater://,,'` pstr=`echo "$proxy" | sed -e 's,sslrepeater://,,'`
@ -315,6 +367,13 @@ if echo "$proxy" | egrep "^sslrepeater://" > /dev/null; then
echo "reset: SSVNC_REPEATER=$SSVNC_REPEATER orig=$orig proxy=''" echo "reset: SSVNC_REPEATER=$SSVNC_REPEATER orig=$orig proxy=''"
proxy="" proxy=""
fi fi
if echo "$proxy" | egrep "vencrypt://" > /dev/null; then
vtmp="/tmp/ss_handshake${RANDOM}.$$.txt"
vtmp=`mytmp "$vtmp"`
SSVNC_PREDIGESTED_HANDSHAKE="$vtmp"
export SSVNC_PREDIGESTED_HANDSHAKE
#echo "SSVNC_PREDIGESTED_HANDSHAKE=$SSVNC_PREDIGESTED_HANDSHAKE"
fi
# check -ssh and -mycert/-verify conflict: # check -ssh and -mycert/-verify conflict:
@ -561,47 +620,6 @@ rchk() {
} }
rchk rchk
dL="-L"
if uname -sr | egrep 'SunOS 5\.[5-8]' > /dev/null; then
dL="-h"
fi
# a portable, but not absolutely safe, tmp file creator
mytmp() {
tf=$1
if type mktemp > /dev/null 2>&1; then
# if we have mktemp(1), use it:
tf2="$tf.XXXXXX"
tf2=`mktemp "$tf2"`
if [ "X$tf2" != "X" -a -f "$tf2" ]; then
if [ "X$DEBUG_MKTEMP" != "X" ]; then
echo "mytmp-mktemp: $tf2" 1>&2
fi
echo "$tf2"
return
fi
fi
# fallback to multiple cmds:
rm -rf "$tf" || exit 1
if [ -d "$tf" ]; then
echo "tmp file $tf still exists as a directory."
exit 1
elif [ $dL "$tf" ]; then
echo "tmp file $tf still exists as a symlink."
exit 1
elif [ -f "$tf" ]; then
echo "tmp file $tf still exists."
exit 1
fi
touch "$tf" || exit 1
chmod 600 "$tf" || exit 1
rchk
if [ "X$DEBUG_MKTEMP" != "X" ]; then
echo "mytmp-touch: $tf" 1>&2
fi
echo "$tf"
}
# trick for the undocumented rsh://host:port method. # trick for the undocumented rsh://host:port method.
rsh_setup() { rsh_setup() {
if echo "$ssh_host" | grep '@' > /dev/null; then if echo "$ssh_host" | grep '@' > /dev/null; then
@ -665,6 +683,32 @@ if ($ENV{PPROXY_SOCKS} ne "" && $ENV{PPROXY_PROXY} !~ m,^socks5?://,i) {
} }
} }
my $rfbSecTypeTlsVnc = 18;
my $rfbSecTypeVencrypt = 19;
my $rfbVencryptPlain = 256;
my $rfbVencryptTlsNone = 257;
my $rfbVencryptTlsVnc = 258;
my $rfbVencryptTlsPlain = 259;
my $rfbVencryptX509None = 260;
my $rfbVencryptX509Vnc = 261;
my $rfbVencryptX509Plain = 262;
my $handshake_file = "";
if (exists $ENV{SSVNC_PREDIGESTED_HANDSHAKE}) {
$handshake_file = $ENV{SSVNC_PREDIGESTED_HANDSHAKE};
}
sub append_handshake {
my $str = shift;
if ($handshake_file) {
if (open(HSF, ">>$handshake_file")) {
print HSF $str;
close HSF;
}
}
}
my ($first, $second, $third) = split(/,/, $ENV{PPROXY_PROXY}, 3); my ($first, $second, $third) = split(/,/, $ENV{PPROXY_PROXY}, 3);
my ($mode_1st, $mode_2nd, $mode_3rd) = ("", "", ""); my ($mode_1st, $mode_2nd, $mode_3rd) = ("", "", "");
@ -825,6 +869,18 @@ sub url_parse {
if ($hostport !~ /:\d+/) { if ($hostport !~ /:\d+/) {
$hostport .= ":5900"; $hostport .= ":5900";
} }
} elsif ($hostport =~ m,^vencrypt://(\S*)$,i) {
# vencrypt handshake.
$hostport = $1;
my $m = "connect";
if ($hostpost =~ /^(\S+)\+(\S+)$/) {
$hostport = $1;
$mode = $2;
}
$mode = "vencrypt:$m";
if ($hostport !~ /:\d+/) {
$hostport .= ":5900";
}
} }
return ($hostport, $mode); return ($hostport, $mode);
} }
@ -832,6 +888,7 @@ sub url_parse {
sub setmode { sub setmode {
my $mode = shift; my $mode = shift;
$ENV{PPROXY_REPEATER} = ""; $ENV{PPROXY_REPEATER} = "";
$ENV{PPROXY_VENCRYPT} = "";
if ($mode =~ /^socks/) { if ($mode =~ /^socks/) {
if ($mode =~ /^socks5/) { if ($mode =~ /^socks5/) {
$ENV{PPROXY_SOCKS} = 5; $ENV{PPROXY_SOCKS} = 5;
@ -841,6 +898,9 @@ sub setmode {
} elsif ($mode =~ /^repeater:(.*)/) { } elsif ($mode =~ /^repeater:(.*)/) {
$ENV{PPROXY_REPEATER} = $1; $ENV{PPROXY_REPEATER} = $1;
$ENV{PPROXY_SOCKS} = ""; $ENV{PPROXY_SOCKS} = "";
} elsif ($mode =~ /^vencrypt:(.*)/) {
$ENV{PPROXY_VENCRYPT} = $1;
$ENV{PPROXY_SOCKS} = "";
} else { } else {
$ENV{PPROXY_SOCKS} = ""; $ENV{PPROXY_SOCKS} = "";
} }
@ -982,6 +1042,9 @@ sub connection {
sysread($sock, $c, 1); sysread($sock, $c, 1);
print STDERR $c; print STDERR $c;
} }
} elsif ($ENV{PPROXY_VENCRYPT} ne "") {
my $vencrypt = $ENV{PPROXY_VENCRYPT};
vencrypt_dialog($vencrypt);
} else { } else {
# Web Proxy: # Web Proxy:
@ -1010,6 +1073,189 @@ sub connection {
} }
} }
sub vdie {
append_handshake("done\n");
close $sock;
exit(1);
}
sub tlsvnc_handshake {
my ($vmode, $db) = @_;
print STDERR "PPROXY: Doing TLSVNC Handshake\n";
my $psec = pack("C", $rfbSecTypeTlsVnc);
syswrite($sock, $psec, 1);
append_handshake("done\n");
}
sub vencrypt_handshake {
my ($vmode, $db) = @_;
print STDERR "PPROXY: Doing VeNCrypt Handshake\n";
my $psec = pack("C", $rfbSecTypeVencrypt);
syswrite($sock, $psec, 1);
my $vmajor;
my $vminor;
sysread($sock, $vmajor, 1);
sysread($sock, $vminor, 1);
vdie if $vmajor eq "" || $vminor eq "";
$vmajor = unpack("C", $vmajor);
$vminor = unpack("C", $vminor);
print STDERR "$vmajor.$vminor\n" if $db;
vdie if $vmajor ne 0;
vdie if $vminor < 2;
$vmajor = pack("C", 0);
$vminor = pack("C", 2);
append_handshake("subversion=0.2\n");
syswrite($sock, $vmajor, 1);
syswrite($sock, $vminor, 1);
my $result;
sysread($sock, $result, 1);
vdie if $result eq "";
$result = unpack("C", $result);
print STDERR "result=$result\n" if $db;
vdie if $result ne 0;
my $nsubtypes;
sysread($sock, $nsubtypes, 1);
vdie if $nsubtypes eq "";
$nsubtypes = unpack("C", $nsubtypes);
print STDERR "nsubtypes=$nsubtypes\n" if $db;
my %subtypes;
for (my $i = 0; $i < $nsubtypes; $i++) {
my $subtype = "";
sysread($sock, $subtype, 4);
vdie if length($subtype) != 4;
# XXX fix 64bit.
$subtype = unpack("N", $subtype);
print STDERR "subtype: $subtype\n" if $db;
$subtypes{$subtype} = 1;
append_handshake("sst$i=$subtype\n");
}
my $subtype = 0;
if (exists $subtypes{$rfbVencryptX509None}) {
$subtype = $rfbVencryptX509None;
print STDERR "selected rfbVencryptX509None\n" if $db;
} elsif (exists $subtypes{$rfbVencryptX509Vnc}) {
$subtype = $rfbVencryptX509Vnc;
print STDERR "selected rfbVencryptX509Vnc\n" if $db;
} elsif (exists $subtypes{$rfbVencryptX509Plain}) {
$subtype = $rfbVencryptX509Plain;
print STDERR "selected rfbVencryptX509Plain\n" if $db;
} elsif (exists $subtypes{$rfbVencryptTlsNone}) {
$subtype = $rfbVencryptTlsNone;
print STDERR "selected rfbVencryptTlsNone\n" if $db;
} elsif (exists $subtypes{$rfbVencryptTlsVnc}) {
$subtype = $rfbVencryptTlsVnc;
print STDERR "selected rfbVencryptTlsVnc\n" if $db;
} elsif (exists $subtypes{$rfbVencryptTlsPlain}) {
$subtype = $rfbVencryptTlsPlain;
print STDERR "selected rfbVencryptTlsPlain\n" if $db;
}
append_handshake("subtype=$subtype\n");
my $pst = pack("N", $subtype);
syswrite($sock, $pst, 4);
vdie if $subtype == 0;
my $ok;
sysread($sock, $ok, 1);
$ok = unpack("C", $ok);
print STDERR "ok=$ok\n" if $db;
append_handshake("done\n");
vdie if $ok == 0;
}
sub vencrypt_dialog {
my $vmode = shift;
my $db = 0;
$db = 1 if exists $ENV{SS_DEBUG};
append_handshake("mode=$vmode\n");
my $server_rfb = "";
syswrite($sock, $rep, 250);
for (my $i = 0; $i < 12; $i++) {
my $c;
sysread($sock, $c, 1);
$server_rfb .= $c;
print STDERR $c;
}
print STDERR "server_rfb: $server_rfb\n" if $db;
append_handshake("server=$server_rfb");
my $minor = "";
if ($server_rfb =~ /^RFB 003\.(\d+)/) {
$minor = $1;
} else {
vdie;
}
my $viewer_rfb = "RFB 003.008\n";
if ($minor < 7) {
vdie;
} elsif ($minor == 7) {
$viewer_rfb = "RFB 003.007\n";
}
syswrite($sock, $viewer_rfb, 12);
append_handshake("viewer=$viewer_rfb");
my $nsec;
sysread($sock, $nsec, 1);
vdie if $nsec eq "";
$nsec = unpack("C", $nsec);
print STDERR "nsec: $nsec\n" if $db;
vdie if $nsec eq 0 || $nsec > 100;
my %sectypes = ();
for (my $i = 0; $i < $nsec; $i++) {
my $sec;
sysread($sock, $sec, 1);
vdie if $sec eq "";
$sec = unpack("C", $sec);
print STDERR "sec: $sec\n" if $db;
$sectypes{$sec} = 1;
}
if (exists $sectypes{$rfbSecTypeVencrypt}) {
print STDERR "found rfbSecTypeVencrypt\n" if $db;
append_handshake("sectype=$rfbSecTypeVencrypt\n");
vencrypt_handshake($vmode, $db);
} elsif (exists $sectypes{$rfbSecTypeTlsVnc}) {
print STDERR "found rfbSecTypeTlsVnc\n" if $db;
append_handshake("sectype=$rfbSecTypeTlsVnc\n");
tlsvnc_handshake($vmode, $db);
} else {
print STDERR "No supported sec-type found\n" if $db;
vdie;
}
}
sub xfer { sub xfer {
my($in, $out) = @_; my($in, $out) = @_;
$RIN = $WIN = $EIN = ""; $RIN = $WIN = $EIN = "";
@ -1104,8 +1350,8 @@ if [ "X$use_ssh" = "X1" ]; then
if echo "$proxy" | egrep '(http|https|socks|socks4|socks5)://' > /dev/null; then if echo "$proxy" | egrep '(http|https|socks|socks4|socks5)://' > /dev/null; then
# Handle Web or SOCKS proxy(ies) for the initial connect. # Handle Web or SOCKS proxy(ies) for the initial connect.
Kecho host=$host Kecho host=$host
Kecho port=$port Kecho port=$port
pproxy="" pproxy=""
sproxy1="" sproxy1=""
sproxy_rest="" sproxy_rest=""
@ -1126,9 +1372,10 @@ Kecho port=$port
done done
pproxy=`echo "$pproxy" | sed -e 's/^,,*//' -e 's/,,*/,/g'` pproxy=`echo "$pproxy" | sed -e 's/^,,*//' -e 's/,,*/,/g'`
sproxy_rest=`echo "$sproxy_rest" | sed -e 's/^,,*//' -e 's/,,*/,/g'` sproxy_rest=`echo "$sproxy_rest" | sed -e 's/^,,*//' -e 's/,,*/,/g'`
Kecho pproxy=$pproxy
Kecho sproxy1=$sproxy1 Kecho pproxy=$pproxy
Kecho sproxy_rest=$sproxy_rest Kecho sproxy1=$sproxy1
Kecho sproxy_rest=$sproxy_rest
sproxy1_host="" sproxy1_host=""
sproxy1_port="" sproxy1_port=""
@ -1164,9 +1411,9 @@ Kecho sproxy_rest=$sproxy_rest
fi fi
fi fi
Kecho sproxy1_host=$sproxy1_host Kecho sproxy1_host=$sproxy1_host
Kecho sproxy1_port=$sproxy1_port Kecho sproxy1_port=$sproxy1_port
Kecho sproxy1_user=$sproxy1_user Kecho sproxy1_user=$sproxy1_user
ptmp="/tmp/ss_vncviewer_ssh${RANDOM}.$$.pl" ptmp="/tmp/ss_vncviewer_ssh${RANDOM}.$$.pl"
ptmp=`mytmp "$ptmp"` ptmp=`mytmp "$ptmp"`
@ -1204,7 +1451,7 @@ Kecho sproxy1_user=$sproxy1_user
if [ "X$sproxy_rest" != "X" ]; then if [ "X$sproxy_rest" != "X" ]; then
proxy="$proxy,$sproxy_rest" proxy="$proxy,$sproxy_rest"
fi fi
Kecho proxy=$proxy Kecho proxy=$proxy
fi fi
if echo "$proxy" | grep "," > /dev/null; then if echo "$proxy" | grep "," > /dev/null; then
@ -1550,13 +1797,26 @@ if [ "X$showcert" = "X1" ]; then
if [ "X$proxy" != "X" ]; then if [ "X$proxy" != "X" ]; then
PPROXY_LISTEN=$use PPROXY_LISTEN=$use
export PPROXY_LISTEN export PPROXY_LISTEN
$ptmp 2>/dev/null & if [ "X$SS_DEBUG" != "X" ]; then
$ptmp &
else
$ptmp 2>/dev/null &
fi
sleep 1 sleep 1
host="localhost" host="localhost"
port="$use" port="$use"
fi fi
openssl s_client -connect $host:$port 2>&1 < /dev/null cipher_args=""
exit $? if [ "X$ciphers" != "X" ]; then
cipher_args=`echo "$ciphers" | sed -e 's/ciphers=/-cipher /'`
fi
#echo "openssl s_client $cipher_args -connect $host:$port"
openssl s_client $cipher_args -prexit -connect $host:$port 2>&1 < /dev/null
rc=$?
if [ "X$SSVNC_PREDIGESTED_HANDSHAKE" != "X" ]; then
rm -f $SSVNC_PREDIGESTED_HANDSHAKE
fi
exit $rc
fi fi
if [ "X$direct_connect" != "X" ]; then if [ "X$direct_connect" != "X" ]; then
@ -1783,6 +2043,7 @@ foreground = yes
pid = pid =
client = yes client = yes
debug = 6 debug = 6
$ciphers
$STUNNEL_EXTRA_OPTS $STUNNEL_EXTRA_OPTS
$STUNNEL_EXTRA_OPTS_USER $STUNNEL_EXTRA_OPTS_USER
$verify $verify
@ -1818,6 +2079,7 @@ foreground = yes
pid = pid =
client = no client = no
debug = 6 debug = 6
$ciphers
$STUNNEL_EXTRA_OPTS $STUNNEL_EXTRA_OPTS
$STUNNEL_EXTRA_OPTS_USER $STUNNEL_EXTRA_OPTS_USER
$verify $verify

1810
x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl
View File

File diff suppressed because it is too large Load Diff

27
x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvnc.1
Unescape View File

@ -8,7 +8,7 @@
.\" License as specified in the file LICENCE.TXT that comes with the .\" License as specified in the file LICENCE.TXT that comes with the
.\" TightVNC distribution. .\" TightVNC distribution.
.\" .\"
.TH ssvnc 1 "September 2008" "" "SSVNC" .TH ssvnc 1 "November 2008" "" "SSVNC"
.SH NAME .SH NAME
ssvnc \- a GUI wrapper for SSL and SSH VNC connections. ssvnc \- a GUI wrapper for SSL and SSH VNC connections.
.SH SYNOPSIS .SH SYNOPSIS
@ -21,7 +21,7 @@ ssvnc \- a GUI wrapper for SSL and SSH VNC connections.
.RI [\| saved-profile-name \|] .RI [\| saved-profile-name \|]
.br .br
.B ssvnc .B ssvnc
.RI [\| options \|][\| host-or-profile \] .RI [\| options \|]\ [\| host-or-profile \]
.br .br
.B ssvnc .B ssvnc
.IR \--help .IR \--help
@ -49,7 +49,8 @@ E.g. "fred@far-away.east:0".
As an easter egg, we note it is also possible to disable the use of SSL/SSH As an easter egg, we note it is also possible to disable the use of SSL/SSH
encryption tunnels by using a vnc:// or Vnc:// prefix before encryption tunnels by using a vnc:// or Vnc:// prefix before
host:display. host:display. Shift+Ctrl-E is a short-cut to add/remove it.
See also the \fB-noenc\fR option below.
Normally you do not specify any command line options. You simply Normally you do not specify any command line options. You simply
run \fBssvnc\fR and use the GUI that starts up. run \fBssvnc\fR and use the GUI that starts up.
@ -59,7 +60,7 @@ on the command line to connect to immediately (the GUI is started
and the connection is initiated). For example, "\fBssvnc far-away.east:0\fR" and the connection is initiated). For example, "\fBssvnc far-away.east:0\fR"
Instead of a host:display, you can specify the name of a saved profile to Instead of a host:display, you can specify the name of a saved profile to
automatically load that profile and then connect to its server. automatically load that profile and then connect to its server.
For example "\fBssvnc far\fR", if you name the profile "far". For example "\fBssvnc far\fR", if you named the profile "far".
You can use the \fB-profiles\fR option to list the profiles you have saved. You can use the \fB-profiles\fR option to list the profiles you have saved.
The related commands \fBsshvnc\fR and \fBtsvnc\fR start up the GUI in The related commands \fBsshvnc\fR and \fBtsvnc\fR start up the GUI in
@ -108,6 +109,18 @@ Same as SSVNC_NO_VERIFY_ALL_BUTTON=1.
\fB\-bigger\fR \fB\-bigger\fR
Make the Profile Selection Dialog window bigger. Make the Profile Selection Dialog window bigger.
Same as SSVNC_BIGGER_DIALOG=1. Same as SSVNC_BIGGER_DIALOG=1.
.TP
\fB\-noenc\fR
Start off in a mode where a 'No Encryption' check button is present.
You can toggle the mode with Ctrl-E.
Same as SSVNC_DISABLE_ENCRYPTION_BUTTON=1. Or noenc=1 in ~/.ssvncrc.
Selecting no encryption is the same as the vnc:// and Vnc:// prefixes
described below.
.TP
\fB\-killstunnel\fR
On Windows, automatically terminate the STUNNEL process when the viewer
exits instead of prompting you (same as killstunnel=1 in ssvnc_rc or
toggle in Options menu)
.SH URL NOTATION .SH URL NOTATION
Here are all of our URL-like prefixes that you can put in front of Here are all of our URL-like prefixes that you can put in front of
host:display (or host:port): host:display (or host:port):
@ -116,7 +129,7 @@ For SSL: vncs:// vncssl:// and vnc+ssl://
For SSH: vncssh:// and vnc+ssh:// For SSH: vncssh:// and vnc+ssh://
For No Encryption Tunnel: vnc:// and Vnc:// For No Encryption: vnc:// and Vnc://
Examples: Examples:
@ -128,6 +141,10 @@ To quickly make a direct connection: \fBssvnc Vnc://snoopy.com:0\fR
The above will also work in the "VNC Host:Display" entry box in the GUI. The above will also work in the "VNC Host:Display" entry box in the GUI.
Press the "Connect" button after entering them. Press the "Connect" button after entering them.
The difference between vnc:// and Vnc:// is that the latter one will not
prompt you whether you really want to make an unencrypted connection
or not.
.SH FILES .SH FILES
Your SSVNC vnc profiles are stored in the \fB$HOME/.vnc/profiles\fR Your SSVNC vnc profiles are stored in the \fB$HOME/.vnc/profiles\fR
directory. They end in suffix \fB.vnc\fR directory. They end in suffix \fB.vnc\fR

9
x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle
Unescape View File

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
rm -rf ./src/tmp/* || exit 1 rm -rf ./src/tmp/* || exit 1
vers=1.0.21 vers=1.0.22
cd .. || exit 1 cd .. || exit 1
@ -12,7 +12,7 @@ dest=./t.unix_only
rm -rf $dest rm -rf $dest
mkdir -p $dest || exit 1 mkdir -p $dest || exit 1
tar cvf - ssvnc/{README,COPYING} ssvnc/bin ssvnc/Unix | (cd $dest; tar xvf -) tar cvf - ssvnc/{README,COPYING,ssvnc.desktop} ssvnc/bin ssvnc/Unix | (cd $dest; tar xvf -)
rm -f $dest/ssvnc/bin/.linkin rm -f $dest/ssvnc/bin/.linkin
tar=ssvnc_unix_only-${vers}.tar.gz tar=ssvnc_unix_only-${vers}.tar.gz
@ -25,8 +25,7 @@ dest=./t.unix_minimal
rm -rf $dest rm -rf $dest
mkdir -p $dest || exit 1 mkdir -p $dest || exit 1
#tar cvf - ssvnc/{README,COPYING} ssvnc/bin/{ss*,util/ss*} ssvnc/Unix | (cd $dest; tar xvf -) tar cvf - ssvnc/{README,COPYING,ssvnc.desktop} ssvnc/bin/{ss*,util/ss*} | (cd $dest; tar xvf -)
tar cvf - ssvnc/{README,COPYING} ssvnc/bin/{ss*,util/ss*} | (cd $dest; tar xvf -)
tar=ssvnc_unix_minimal-${vers}.tar.gz tar=ssvnc_unix_minimal-${vers}.tar.gz
(cd $dest; tar czvf ../$tar ssvnc) (cd $dest; tar czvf ../$tar ssvnc)
@ -46,7 +45,7 @@ data__() {'
scr=./ssvnc.sh scr=./ssvnc.sh
echo "$top" > $scr echo "$top" > $scr
(cd ssvnc; tar cvf - README COPYING bin/{ss*,util/ss*}) >> $scr (cd ssvnc; tar cvf - README COPYING ssvnc.desktop bin/{ss*,util/ss*}) >> $scr
chmod 755 $scr chmod 755 $scr
ls -l $scr ls -l $scr

140
x11vnc/misc/enhanced_tightvnc_viewer/src/patches/stunnel-maxconn.patch
Unescape View File

@ -1,124 +1,56 @@
diff -Naur stunnel.orig/src/client.c stunnel/src/client.c diff -Naur stunnel.orig/src/client.c stunnel/src/client.c
--- stunnel.orig/src/client.c 2005-10-24 14:00:56.000000000 -0400 --- stunnel.orig/src/client.c 2008-03-27 04:35:27.000000000 -0400
+++ stunnel/src/client.c 2006-07-31 21:51:37.000000000 -0400 +++ stunnel/src/client.c 2008-11-19 21:40:00.000000000 -0500
@@ -126,6 +126,10 @@ @@ -191,6 +191,7 @@
enter_critical_section(CRIT_CLIENTS); /* for multi-cpu machines */
s_log(LOG_DEBUG, "%s finished (%d left)", c->opt->servname, s_log(LOG_DEBUG, "%s finished (%d left)", c->opt->servname,
--num_clients); --num_clients);
+ if (getenv("STUNNEL_ONCE")) {fprintf(stderr, "stunnel: exiting.\n"); exit(0);}
leave_critical_section(CRIT_CLIENTS); leave_critical_section(CRIT_CLIENTS);
+ if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
+ s_log(LOG_NOTICE, "client() finished: exceeded maxconn");
+ exit(0);
+ }
#endif #endif
free(c); }
#ifdef DEBUG_STACK_SIZE
diff -Naur stunnel.orig/src/network.c stunnel/src/network.c diff -Naur stunnel.orig/src/network.c stunnel/src/network.c
--- stunnel.orig/src/network.c 2005-10-30 16:35:42.000000000 -0500 --- stunnel.orig/src/network.c 2008-03-27 05:28:16.000000000 -0400
+++ stunnel/src/network.c 2006-07-31 21:53:49.000000000 -0400 +++ stunnel/src/network.c 2008-11-19 21:39:41.000000000 -0500
@@ -329,6 +329,10 @@ @@ -346,6 +346,7 @@
/* no logging is possible in a signal handler */ /* no logging is possible in a signal handler */
#ifdef USE_FORK #ifdef USE_FORK
num_clients--; /* one client less */ --num_clients; /* one client less */
+ if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) { + if (getenv("STUNNEL_ONCE")) exit(0);
+ s_log(LOG_NOTICE, "sigchld_handler() finished: exceeded maxconn");
+ exit(0);
+ }
#endif /* USE_FORK */ #endif /* USE_FORK */
} }
#else /* __sgi */ #else /* __sgi */
@@ -375,6 +379,10 @@ @@ -432,9 +433,11 @@
#ifdef HAVE_WAIT_FOR_PID
while((pid=wait_for_pid(-1, &status, WNOHANG))>0) {
--num_clients; /* one client less */
+ if (getenv("STUNNEL_ONCE")) exit(0);
#else
if((pid=wait(&status))>0) { if((pid=wait(&status))>0) {
num_clients--; /* one client less */ --num_clients; /* one client less */
+ if (getenv("STUNNEL_ONCE")) exit(0);
#endif #endif
+ if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
+ s_log(LOG_NOTICE, "client_status() finished: exceeded maxconn");
+ exit(0);
+ }
#ifdef WIFSIGNALED #ifdef WIFSIGNALED
if(WIFSIGNALED(status)) { if(WIFSIGNALED(status)) {
s_log(LOG_DEBUG, "Process %d terminated on signal %d (%d left)",
diff -Naur stunnel.orig/src/options.c stunnel/src/options.c diff -Naur stunnel.orig/src/options.c stunnel/src/options.c
--- stunnel.orig/src/options.c 2005-10-20 03:12:07.000000000 -0400 --- stunnel.orig/src/options.c 2008-06-21 17:18:23.000000000 -0400
+++ stunnel/src/options.c 2006-07-31 22:49:57.000000000 -0400 +++ stunnel/src/options.c 2008-11-19 21:15:01.000000000 -0500
@@ -665,6 +665,24 @@ @@ -465,6 +465,7 @@
switch(cmd) {
case CMD_INIT:
options.option.syslog=1;
+ if (getenv("STUNNEL_NO_SYSLOG")) options.option.syslog=0;
break; break;
} case CMD_EXEC:
if(strcasecmp(opt, "syslog"))
+ /* maxconn */
+ switch(cmd) {
+ case CMD_INIT:
+ options.maxconn=0;
+ break;
+ case CMD_EXEC:
+ if(strcasecmp(opt, "maxconn"))
+ break;
+ options.maxconn=atoi(arg);
+ return NULL; /* OK */
+ case CMD_DEFAULT:
+ log_raw("%-15s = 0", "maxconn");
+ break;
+ case CMD_HELP:
+ log_raw("%-15s = maximum number of accepted connections", "maxconn");
+ break;
+ }
+
if(cmd==CMD_EXEC)
return option_not_found;
return NULL; /* OK */
diff -Naur stunnel.orig/src/prototypes.h stunnel/src/prototypes.h
--- stunnel.orig/src/prototypes.h 2005-10-27 05:41:28.000000000 -0400
+++ stunnel/src/prototypes.h 2006-07-31 22:49:36.000000000 -0400
@@ -44,6 +44,7 @@
/**************************************** Prototypes for stunnel.c */
extern int num_clients;
+extern int num_conn;
void main_initialize(char *, char *);
void main_execute(void);
@@ -113,6 +114,7 @@
long session_timeout;
int verify_level;
int verify_use_only_my;
+ int maxconn;
long ssl_options;
/* some global data for stunnel.c */
diff -Naur stunnel.orig/src/stunnel.c stunnel/src/stunnel.c diff -Naur stunnel.orig/src/stunnel.c stunnel/src/stunnel.c
--- stunnel.orig/src/stunnel.c 2005-11-02 15:18:42.000000000 -0500 --- stunnel.orig/src/stunnel.c 2008-06-21 17:32:45.000000000 -0400
+++ stunnel/src/stunnel.c 2006-07-31 21:40:04.000000000 -0400 +++ stunnel/src/stunnel.c 2008-11-19 21:14:28.000000000 -0500
@@ -53,6 +53,7 @@ @@ -301,6 +301,7 @@
#endif
int num_clients=0; /* Current number of clients */
+int num_conn=0; /* Total number of connections */
/* Functions */
@@ -138,6 +139,7 @@
} }
#endif
#endif
+ if (getenv("STUNNEL_MAX_CLIENTS")) max_clients = atoi(getenv("STUNNEL_MAX_CLIENTS"));
}
num_clients=0; #if !defined (USE_WIN32) && !defined (__vms) && !defined(USE_OS2)
+ num_conn=0;
/* bind local ports */
for(opt=local_options.next; opt; opt=opt->next) {
@@ -222,6 +224,18 @@
return; /* error */
}
}
+ num_conn++;
+fprintf(stderr, "num_conn: %d\n", num_conn);
+ if (options.maxconn > 0 && num_conn > options.maxconn) {
+ s_log(LOG_WARNING, "Connection rejected: exceeded maxconn (%d>%d)",
+ num_conn, options.maxconn);
+ closesocket(s);
+ if (num_clients == 0) {
+ s_log(LOG_WARNING, "Finished via maxconn.");
+ exit(0);
+ }
+ return;
+ }
s_ntop(from_address, &addr);
s_log(LOG_DEBUG, "%s accepted FD=%d from %s",
opt->servname, s, from_address);

841
x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-full.patch
View File

File diff suppressed because it is too large Load Diff

11
x11vnc/misc/enhanced_tightvnc_viewer/ssvnc.desktop
Unescape View File

@ -0,0 +1,11 @@
[Desktop Entry]
# Copy this file to "/usr/shared/applications/ssvnc.desktop" then SSVNC will
# appear in desktop menus (once they are updated; e.g. update-menus command).
Name=SSL/SSH VNC Viewer
Comment=SSVNC - access remote VNC desktops
Exec=ssvnc -noenc
Icon=computer
Terminal=false
Type=Application
StartupWMClass=Ssvnc.tcl
Categories=Network;RemoteAccess;
Write Preview
Loading…
Cancel
Save