x11vnc: x11vnc.desktop file. -reopen, -dhparams, -sslCRL,

-setdefer options. -rfbport PROMPT VeNCrypt and TLSVNC SSL/TLS
  encryption support.  Tweaks to choose_delay() algorithm.
  -ssl ANON anonymouse Diffie-Hellman mode.  Fix bugs in certs
  management.  Additions to tray=setpass naive user mode.
pull/1/head
runge 16 years ago
parent 63b98dba79
commit 6fbba525a9

@ -1,3 +1,10 @@
2008-11-22 Karl Runge <runge@karlrunge.com>
* x11vnc: x11vnc.desktop file. -reopen, -dhparams, -sslCRL,
-setdefer options. -rfbport PROMPT VeNCrypt and TLSVNC SSL/TLS
encryption support. Tweaks to choose_delay() algorithm.
-ssl ANON anonymouse Diffie-Hellman mode. Fix bugs in certs
management. Additions to tray=setpass naive user mode.
2008-11-09 Karl Runge <runge@karlrunge.com>
* x11vnc: add zeroconf external helpers (avahi-publish and
dns-sd). Alias -zeroconf. Close pipeinput_fh on exit.

@ -13,8 +13,11 @@ endif
SUBDIRS = misc
DIST_SUBDIRS = misc
desktopdir = $(datadir)/applications
desktop_DATA = x11vnc.desktop
man_MANS=x11vnc.1
EXTRA_DIST=ChangeLog README tkx11vnc $(man_MANS)
EXTRA_DIST=ChangeLog README tkx11vnc $(man_MANS) $(desktop_DATA)
if CYGIPC
LD_CYGIPC=-lcygipc

File diff suppressed because it is too large Load Diff

@ -113,6 +113,7 @@ void avahi_initialise(void) {
void avahi_advertise(const char *name, const char *host, const uint16_t port) {
if (!try_avahi_helper(name, host, port)) {
rfbLog("avahi_advertise: no Avahi support at buildtime.\n");
avahi = 0;
}
}

@ -259,7 +259,51 @@ static int Xerror(Display *d, XErrorEvent *error) {
}
static int XIOerr(Display *d) {
static int reopen = 0, rmax = 1;
X_UNLOCK;
if (getenv("X11VNC_REOPEN_DISPLAY")) {
rmax = atoi(getenv("X11VNC_REOPEN_DISPLAY"));
}
#if !NO_X11
if (reopen < rmax && getenv("X11VNC_REOPEN_DISPLAY")) {
int db = getenv("X11VNC_REOPEN_DEBUG") ? 1 : 0;
Display *save_dpy = dpy;
char *dstr = DisplayString(save_dpy);
reopen++;
rfbLog("*** XIO error: Trying to reopen[%d/%d] display '%s'\n", reopen, rmax, dstr);
rfbLog("*** XIO error: Note the reopened state may be unstable.\n");
usleep (3000 * 1000);
dpy = XOpenDisplay_wr(dstr);
if (dpy) {
rfbLog("*** XIO error: Reopened display '%s' successfully.\n", dstr);
if (db) rfbLog("*** XIO error: '%s' 0x%x\n", dstr, dpy);
scr = DefaultScreen(dpy);
rootwin = RootWindow(dpy, scr);
if (db) rfbLog("*** XIO error: disable_grabserver\n");
disable_grabserver(dpy, 0);
if (db) rfbLog("*** XIO error: xrecord\n");
zerodisp_xrecord();
initialize_xrecord();
if (db) rfbLog("*** XIO error: xdamage\n");
create_xdamage_if_needed(1);
if (db) rfbLog("*** XIO error: do_new_fb\n");
if (using_shm) {
if (db) rfbLog("*** XIO error: clean_shm\n");
clean_shm(1);
}
do_new_fb(1);
if (db) rfbLog("*** XIO error: check_xevents\n");
check_xevents(1);
/* sadly, we can never return... */
if (db) rfbLog("*** XIO error: watch_loop\n");
watch_loop();
clean_up_exit(1);
}
}
#endif
interrupted(-1);
if (d) {} /* unused vars warning: */

@ -772,7 +772,8 @@ void client_gone(rfbClientPtr client) {
*/
if ((client->state == RFB_PROTOCOL_VERSION ||
client->state == RFB_SECURITY_TYPE ||
client->state == RFB_AUTHENTICATION) && accepted_client) {
client->state == RFB_AUTHENTICATION ||
client->state == RFB_INITIALISATION) && accepted_client) {
rfbLog("connect_once: invalid password or early "
"disconnect.\n");
rfbLog("connect_once: waiting for next connection.\n");
@ -3208,7 +3209,7 @@ void adjust_grabs(int grab, int quiet) {
}
void check_new_clients(void) {
static int last_count = 0;
static int last_count = -1;
rfbClientIteratorPtr iter;
rfbClientPtr cl;
int i, send_info = 0;
@ -3243,7 +3244,9 @@ void check_new_clients(void) {
}
}
if (client_count == last_count) {
if (last_count == -1) {
last_count = 0;
} else if (client_count == last_count) {
return;
}

@ -229,15 +229,17 @@ static void sigusr1 (int sig) {
if (0) sig = 0;
}
static char *extra_path = ":/usr/local/bin:/usr/bin/X11:/usr/sfw/bin"
":/usr/X11R6/bin:/usr/openwin/bin:/usr/dt/bin";
static char *wishes[] = {"wish8.4", "wish", "wish8.3", "wish8.5", "wish8.0", NULL};
static void run_gui(char *gui_xdisplay, int connect_to_x11vnc, int start_x11vnc,
int simple_gui, pid_t parent, char *gui_opts) {
char *x11vnc_xdisplay = NULL;
char extra_path[] = ":/usr/local/bin:/usr/bin/X11:/usr/sfw/bin"
":/usr/X11R6/bin:/usr/openwin/bin:/usr/dt/bin";
char cmd[100];
char *wish = NULL, *orig_path, *full_path, *tpath, *p;
char *old_xauth = NULL;
int try_max = 4, sleep = 300, totms;
int try_max = 4, sleep = 300, totms, rc = 0;
pid_t mypid = getpid();
FILE *pipe, *tmpf;
@ -255,7 +257,7 @@ if (0) fprintf(stderr, "run_gui: %s -- %d %d\n", gui_xdisplay, connect_to_x11vnc
x11vnc_xdisplay = strdup(use_dpy);
}
if (connect_to_x11vnc) {
int rc, i;
int i;
rfbLogEnable(1);
if (! client_connect_file) {
if (getenv("XAUTHORITY") != NULL) {
@ -383,17 +385,18 @@ if (0) fprintf(stderr, "run_gui: %s -- %d %d\n", gui_xdisplay, connect_to_x11vnc
while (p) {
char *try;
struct stat sbuf;
char *wishes[] = {"wish", "wish8.3", "wish8.4", "wish8.5",
"wish8.0"};
int nwishes = 3, i;
int i;
try = (char *) malloc(strlen(p) + 1 + strlen("wish8.4") + 1);
for (i=0; i<nwishes; i++) {
i = 0;
while (wishes[i] != NULL) {
sprintf(try, "%s/%s", p, wishes[i]);
if (stat(try, &sbuf) == 0) {
/* assume executable, should check mode */
wish = wishes[i];
break;
}
i++;
}
free(try);
if (wish) {
@ -442,6 +445,9 @@ if (0) fprintf(stderr, "run_gui: %s -- %d %d\n", gui_xdisplay, connect_to_x11vnc
while (p) {
if(strstr(p, "setp") == p) {
set_env("X11VNC_ICON_SETPASS", "1");
if (rc != 0) {
set_env("X11VNC_SETPASS_FAIL", "1");
}
} else if(strstr(p, "noadvanced") == p) {
set_env("X11VNC_ICON_NOADVANCED", "1");
} else if(strstr(p, "minimal") == p) {
@ -518,6 +524,7 @@ void do_gui(char *opts, int sleep) {
int start_x11vnc = 1;
int connect_to_x11vnc = 0;
int simple_gui = 0, none_gui = 0;
int portprompt = 0;
Display *test_dpy;
if (opts) {
@ -553,6 +560,10 @@ void do_gui(char *opts, int sleep) {
connect_to_x11vnc = 0;
} else if (!strcmp(p, "none")) {
none_gui = 1;
} else if (!strcmp(p, "portprompt")) {
start_x11vnc = 0;
connect_to_x11vnc = 0;
portprompt = 1;
} else if (!strcmp(p, "conn") || !strcmp(p, "connect")) {
start_x11vnc = 0;
connect_to_x11vnc = 1;
@ -603,6 +614,7 @@ void do_gui(char *opts, int sleep) {
connect_to_x11vnc = 1;
}
#ifdef MACOSX
goto startit;
#endif
@ -622,7 +634,7 @@ void do_gui(char *opts, int sleep) {
" to display on.\n");
exit(1);
}
if (!quiet) {
if (!quiet && !portprompt) {
fprintf(stderr, "starting gui, trying display: %s\n",
gui_xdisplay);
}
@ -658,6 +670,156 @@ void do_gui(char *opts, int sleep) {
#ifdef MACOSX
startit:
#endif
if (portprompt) {
char *cmd, *p, *p2, *p1, *p0 = getenv("PATH");
char tf1[] = "/tmp/x11vnc_port_prompt.2XXXXXX";
char tf2[] = "/tmp/x11vnc_port_prompt.1XXXXXX";
int fd, i, port;
char *dstr = "", *wish = NULL;
char line[128];
FILE *fp;
if (no_external_cmds || !cmd_ok("gui")) {
return;
}
if (gui_xdisplay) {
dstr = gui_xdisplay;
if (strchr(gui_xdisplay, '\'')) {
return;
}
}
if (!p0) {
p0 = "";
}
if (strchr(p0, '\'')) {
return;
}
fd = mkstemp(tf2);
if (fd < 0) {
return;
}
close(fd);
fd = mkstemp(tf1);
if (fd < 0) {
unlink(tf2);
return;
}
write(fd, gui_code, strlen(gui_code));
close(fd);
p1 = (char *) malloc(10 + strlen(p0) + strlen(extra_path));
sprintf(p1, "%s:%s", p0, extra_path);
p2 = strdup(p1);
p = strtok(p2, ":");
while (p) {
char *try;
struct stat sbuf;
int i;
try = (char *) malloc(strlen(p) + 1 + strlen("wish8.4") + 1);
i = 0;
while (wishes[i] != NULL) {
sprintf(try, "%s/%s", p, wishes[i]);
if (stat(try, &sbuf) == 0) {
/* assume executable, should check mode */
wish = wishes[i];
break;
}
i++;
}
free(try);
if (wish) {
break;
}
p = strtok(NULL, ":");
}
free(p2);
if (!wish) {
wish = "wish";
}
cmd = (char *) malloc(200 + strlen(dstr) + strlen(p1));
if (!strcmp(dstr, "")) {
sprintf(cmd, "env PATH='%s' %s %s -name x11vnc_port_prompt -portprompt > %s", p1, wish, tf1, tf2);
} else {
sprintf(cmd, "env PATH='%s' DISPLAY='%s' %s %s -name x11vnc_port_prompt -portprompt > %s", p1, dstr, wish, tf1, tf2);
}
if (getenv("X11VNC_DEBUG_PORTPROMPT")) {
fprintf(stderr, "cmd=%s\n", cmd);
}
if (use_openssl) {
set_env("X11VNC_SSL_ENABLED", "1");
}
if (allow_list && !strcmp(allow_list, "127.0.0.1")) {
set_env("X11VNC_LOCALHOST_ENABLED", "1");
}
if (got_ultrafilexfer) {
set_env("X11VNC_FILETRANSFER_ENABLED", "ultra");
} else if (tightfilexfer) {
set_env("X11VNC_FILETRANSFER_ENABLED", "tight");
}
system(cmd);
free(cmd);
free(p1);
fp = fopen(tf2, "r");
memset(line, 0, sizeof(line));
if (fp) {
fgets(line, 128, fp);
fclose(fp);
if (line[0] != '\0') {
int readport = atoi(line);
if (readport > 0) {
got_rfbport_val = readport;
}
}
}
if (strstr(line, "ssl0")) {
if (use_openssl) use_openssl = 0;
} else if (strstr(line, "ssl1")) {
if (!use_openssl) {
use_openssl = 1;
openssl_pem = strdup("SAVE_NOPROMPT");
set_env("X11VNC_GOT_SSL", "1");
}
}
if (strstr(line, "localhost0")) {
if (allow_list && !strcmp(allow_list, "127.0.0.1")) {
allow_list = NULL;
}
} else if (strstr(line, "localhost1")) {
allow_list = strdup("127.0.0.1");
}
if (strstr(line, "ft_ultra")) {
got_ultrafilexfer = 1;
tightfilexfer = 0;
} else if (strstr(line, "ft_tight")) {
got_ultrafilexfer = 0;
tightfilexfer = 1;
} else if (strstr(line, "ft_none")) {
got_ultrafilexfer = 0;
tightfilexfer = 0;
}
unlink(tf1);
unlink(tf2);
if (old_xauth) {
set_env("XAUTHORITY", old_xauth);
}
return;
}
if (start_x11vnc) {

@ -91,6 +91,18 @@ void print_help(int mode) {
" The default is to start probing at 5900. Use this to\n"
" stay away from other VNC servers near 5900.\n"
"\n"
"-rfbport str The VNC port to listen on (a libvncserver option), e.g.\n"
" 5900, 5901, etc. If specified as \"-rfbport PROMPT\"\n"
" then the x11vnc -gui is used to prompt the user to\n"
" enter the port number.\n"
"\n"
"-reopen If the X server connection is disconnected, try to\n"
" reopen the X display (up to one time.) This is of use\n"
" for display managers like GDM (KillInitClients option)\n"
" that kill x11vnc just after the user logs into the\n"
" X session. Note: the reopened state may be unstable.\n"
" Set X11VNC_REOPEN_DISPLAY=n to reopen n times.\n"
"\n"
"-reflect host:N Instead of connecting to and polling an X display,\n"
" connect to the remote VNC server host:N and be a\n"
" reflector/repeater for it. This is useful for trying\n"
@ -421,9 +433,7 @@ void print_help(int mode) {
" to the program location and in standard locations\n"
" (/usr/local/share/x11vnc/classes, etc). Under -ssl or\n"
" -stunnel the ssl classes subdirectory is sought.\n"
#ifndef NO_SSL_OR_UNIXPW
"-http_ssl As -http, but force lookup for ssl classes subdir.\n"
#endif
"\n"
"-avahi Use the Avahi/mDNS ZeroConf protocol to advertise\n"
" this VNC server to the local network. (Related terms:\n"
@ -737,7 +747,6 @@ void print_help(int mode) {
" and last line be \"__BEGIN_VIEWONLY__\" to have 2\n"
" full-access passwords)\n"
"\n"
#ifndef NO_SSL_OR_UNIXPW
"-unixpw [list] Use Unix username and password authentication. x11vnc\n"
" uses the su(1) program to verify the user's password.\n"
" [list] is an optional comma separated list of allowed\n"
@ -903,7 +912,6 @@ void print_help(int mode) {
" If a list of allowed users is needed use -unixpw [list]\n"
" in addition to this option.\n"
"\n"
#endif
"-find Find the user's display using FINDDISPLAY. This is an\n"
" alias for \"-display WAIT:cmd=FINDDISPLAY\".\n"
"\n"
@ -1018,7 +1026,6 @@ void print_help(int mode) {
" xauthority data for the display (e.g. \"xauth extract -\n"
" $DISPLAY\" output).\n"
"\n"
#ifndef NO_SSL_OR_UNIXPW
" In the case of -unixpw (but not -unixpw_nis), then the\n"
" above command is run as the user who just authenticated\n"
" via the login and password prompt.\n"
@ -1078,7 +1085,6 @@ void print_help(int mode) {
" process that will not switch, but it is only encoding\n"
" and decoding the encrypted stream at that point.\n"
"\n"
#endif
" As a special case, WAIT:cmd=FINDDISPLAY will run a\n"
" script that works on most Unixes to determine a user's\n"
" DISPLAY variable and xauthority data (see who(1)).\n"
@ -1224,61 +1230,152 @@ void print_help(int mode) {
" for finding the display and the user must already be\n"
" logged into the X console.\n"
"\n"
#ifndef NO_SSL_OR_UNIXPW
"-vencrypt mode The VeNCrypt extension to the VNC protocol allows\n"
" encrypted SSL/TLS connections. If the -ssl mode is\n"
" enabled, then VeNCrypt is enabled as well BY DEFAULT\n"
" (they both use the SSL/TLS tunnel, only the protocol\n"
" handshake is a little different.)\n"
"\n"
" To control when and how VeNCrypt is used, specify the\n"
" mode string. If mode is \"never\", then VeNCrypt is\n"
" not used. If mode is \"support\" (the default) then\n"
" VeNCrypt is supported. If mode is \"only\", then the\n"
" similar and older TLSVNC protocol is not simultaneously\n"
" supported. x11vnc's normal SSL mode (vncs://) will be\n"
" supported under -ssl unless you set mode to \"force\".\n"
"\n"
" If mode is prefixed with \"nodh:\", then Diffie Hellman\n"
" anonymous key exchange is disabled. If mode is prefixed\n"
" with \"nox509:\", then X509 key exchange is disabled.\n"
"\n"
" To disable all Anonymous Diffie-Hellman access\n"
" (susceptible to Man-In-The-Middle attack) you will need\n"
" to supply \"-vencrypt nodh:support -tlsvnc never\"\n"
"\n"
" If mode is prefixed with \"newdh:\", then new Diffie\n"
" Hellman parameters are generated for each connection\n"
" (this can be time consuming: 1-60 secs) rather than\n"
" using the fixed values in the program. Using fixed,\n"
" publicly known values is not known to be a security\n"
" problem. This setting applies to TLSVNC as well.\n"
"\n"
" Long example: -vencrypt newdh:nox509:support\n"
"\n"
" Also, if mode is prefixed with \"plain:\", then\n"
" if -unixpw mode is active the VeNCrypt \"*Plain\"\n"
" username+passwd method is enabled for Unix logins.\n"
" Otherwise in -unixpw mode the normal login panel is\n"
" provided.\n"
"\n"
" You *MUST* supply the -ssl option for VeNCrypt to be\n"
" active. This option only fine-tunes its operation.\n"
"\n"
"-tlsvnc mode The TLSVNC extension to the VNC protocol allows\n"
" encrypted SSL/TLS connections. If the -ssl mode is\n"
" enabled, then TLSVNC is enabled as well BY DEFAULT\n"
" (they both use the SSL/TLS tunnel, only the protocol\n"
" handshake is a little different.)\n"
"\n"
" To control when and how TLSVNC is used, specify the\n"
" mode string. If mode is \"never\", then TLSVNC is not\n"
" used. If mode is \"support\" (the default) then TLSVNC\n"
" is supported. If mode is \"only\", then the similar\n"
" VeNCrypt protocol is not simultaneously supported.\n"
" x11vnc's normal SSL mode (vncs://) will be supported\n"
" under -ssl unless you set mode to \"force\".\n"
"\n"
" If mode is prefixed with \"newdh:\", then new Diffie\n"
" Hellman parameters are generated for each connection\n"
" (this can be time consuming: 1-60 secs) rather than\n"
" using the fixed values in the program. Using fixed,\n"
" publicly known values is not known to be a security\n"
" problem. This setting applies to VeNCrypt as well.\n"
" See the description of \"plain:\" under -vencrypt.\n"
"\n"
" Long example: -tlsvnc newdh:plain:support\n"
"\n"
" You *MUST* supply the -ssl option for TLSVNC to be\n"
" active. This option only fine-tunes its operation.\n"
"\n"
"\n"
"-dhparams file For some operations a set of Diffie Hellman parameters\n"
" (prime and generator) is needed. If so, use the\n"
" parameters in \"file\". In particular, the VeNCrypt and\n"
" TLSVNC anonymous DH mode need them. By default a\n"
" fixed set is used. If you do not want to do that you\n"
" can specify \"newdh:\" to the -vencrypt and -tlsvnc\n"
" options to generate a new set each session. If that\n"
" is too slow for you, use -dhparams file to a set you\n"
" created manually via \"openssl dhparam -out file 1024\"\n"
"\n"
"-nossl Disable the -ssl option (see below). Since -ssl is off\n"
" by default -nossl would only be used on the commandline\n"
" to unset any *earlier* -ssl option (or -svc...)\n"
"\n"
"-ssl [pem] Use the openssl library (www.openssl.org) to provide a\n"
" built-in encrypted SSL tunnel between VNC viewers and\n"
" x11vnc. This requires libssl support to be compiled\n"
" built-in encrypted SSL/TLS tunnel between VNC viewers\n"
" and x11vnc. This requires libssl support to be compiled\n"
" into x11vnc at build time. If x11vnc is not built\n"
" with libssl support it will exit immediately when -ssl\n"
" is prescribed.\n"
"\n"
" The VNC Viewer-side needs support SSL as well.\n"
" See this URL and also the discussion below for ideas\n"
" on how to enable SSL support for the viewer:\n"
" The VNC Viewer-side needs to support SSL/TLS as well.\n"
" See this URL and also the discussion below for\n"
" ideas on how to enable SSL support for the viewer:\n"
" http://www.karlrunge.com/x11vnc/#faq-ssl-tunnel-viewers\n"
"\n"
" [pem] is optional, use \"-ssl /path/to/mycert.pem\"\n"
" to specify a PEM certificate file to use to identify\n"
" and provide a key for this server. See openssl(1) for\n"
" more info about PEMs and the -sslGenCert option below.\n"
"\n"
" The connecting VNC viewer SSL tunnel can optionally\n"
" authenticate this server if they have the public\n"
" key part of the certificate (or a common certificate\n"
" authority, CA, is a more sophisticated way to verify\n"
" this server's cert, see -sslGenCA below). This is\n"
" used to prevent man-in-the-middle attacks. Otherwise,\n"
" if the VNC viewer accepts this server's key without\n"
" verification, at least the traffic is protected\n"
" from passive sniffing on the network (but *NOT* from\n"
" man-in-the-middle attacks).\n"
" x11vnc provides an SSL enabled Java viewer applet in\n"
" the classes/ssl directory (-http or -httpdir options.)\n"
" The SSVNC viewer package supports SSL too.\n"
"\n"
" [pem] is optional, use \"-ssl /path/to/mycert.pem\" to\n"
" specify a PEM certificate file to use to identify and\n"
" provide a key for this server. See openssl(1) for more\n"
" info about PEMs and the -sslGenCert and \"-ssl SAVE\"\n"
" options below for how to create them.\n"
"\n"
" The connecting VNC viewer SSL tunnel can (optionally)\n"
" authenticate this server if they have the public key\n"
" part of the certificate (or a common certificate\n"
" authority, CA, is a more sophisticated way to\n"
" verify this server's cert, see -sslGenCA below).\n"
" This is used to prevent Man-In-The-Middle attacks.\n"
" Otherwise, if the VNC viewer accepts this server's\n"
" key WITHOUT verification, the traffic is protected\n"
" from passive sniffing on the network, but *NOT* from\n"
" Man-In-The-Middle attacks.\n"
"\n"
" If [pem] is not supplied and the openssl(1) utility\n"
" command exists in PATH, then a temporary, self-signed\n"
" certificate will be generated for this session (this\n"
" may take 5-30 seconds on slow machines). If openssl(1)\n"
" cannot be used to generate a temporary certificate\n"
" x11vnc exits immediately.\n"
" certificate will be generated for this session\n"
" (this may take 5-30 seconds on very slow machines).\n"
" If openssl(1) cannot be used to generate a temporary\n"
" certificate x11vnc exits immediately.\n"
"\n"
" If successful in using openssl(1) to generate a\n"
" temporary certificate, the public part of it will be\n"
" displayed to stderr (e.g. one could copy it to the\n"
" client-side to provide authentication of the server to\n"
" VNC viewers.) See following paragraphs for how to save\n"
" keys to reuse when x11vnc is restarted.\n"
"\n"
" Set the env. var. X11VNC_SHOW_TMP_PEM=1 to have x11vnc\n"
" print out the entire certificate, including the PRIVATE\n"
" KEY part, to stderr. One could reuse this cert if saved\n"
" in a [pem] file. Similarly, set X11VNC_KEEP_TMP_PEM=1\n"
" to not delete the temporary PEM file: the file name\n"
" will be printed to stderr (so one could move it to\n"
" a safe place for reuse). You will be prompted for a\n"
" passphrase for the private key.\n"
" VNC viewers.)\n"
"\n"
" NOTE: Unless you safely copy the public part of the\n"
" temporary Cert to the viewer for authenticate *every\n"
" time* (unlikely...), then only passive sniffing\n"
" attacks are prevented and you are still open to\n"
" Man-In-The-Middle attacks. See the following\n"
" paragraphs for how to save keys to reuse them when\n"
" x11vnc is restarted. With saved keys AND the VNC viewer\n"
" authenticating them by using the public certificate,\n"
" then Man-In-The-Middle attacks are prevented.\n"
"\n"
" If [pem] is \"ANON\" then the Diffie-Hellman anonymous\n"
" key exchange method is used. In this mode there\n"
" are *no* SSL certificates and so it is not possible\n"
" to authenticate either the VNC server or VNC client.\n"
" Thus only passive network sniffing attacks are avoided:\n"
" the \"ANON\" method is susceptible to Man-In-The-Middle\n"
" attacks. \"ANON\" is not recommended; instead use\n"
" a SSL PEM you created or the \"SAVE\" method in the\n"
" next paragraph.\n"
"\n"
" If [pem] is \"SAVE\" then the certificate will be saved\n"
" to the file ~/.vnc/certs/server.pem, or if that file\n"
@ -1294,19 +1391,17 @@ void print_help(int mode) {
" instead. E.g. \"SAVE-charlie\" will store to the file\n"
" ~/.vnc/certs/server-charlie.pem\n"
"\n"
" Examples: x11vnc -ssl SAVE -display :0 ...\n"
" x11vnc -ssl SAVE-other -display :0 ...\n"
"\n"
" See -ssldir below to use a directory besides the\n"
" default ~/.vnc/certs\n"
"\n"
" Example: x11vnc -ssl SAVE -display :0 ...\n"
"\n"
" Your VNC viewer will need to be able to connect\n"
" via SSL. See the discussion below under -stunnel and\n"
" http://www.karlrunge.com/x11vnc/#faq-ssl-tunnel-viewers\n"
" for how this might be achieved. E.g. on Unix it is\n"
" easy to write a shell script that starts up stunnel\n"
" and then vncviewer. Also in the x11vnc source a SSL\n"
" enabled Java VNC Viewer applet is provided in the\n"
" classes/ssl directory.\n"
" Misc Info: In temporary cert creation mode, set the\n"
" env. var. X11VNC_SHOW_TMP_PEM=1 to have x11vnc print out\n"
" the entire certificate, including the PRIVATE KEY part,\n"
" to stderr. There are better ways to get/save this info.\n"
" See \"SAVE\" above and \"-sslGenCert\" below.\n"
"\n"
"-ssltimeout n Set SSL read timeout to n seconds. In some situations\n"
" (i.e. an iconified viewer in Windows) the viewer stops\n"
@ -1454,6 +1549,35 @@ void print_help(int mode) {
" Control Panel. stunnel can also use these files (see\n"
" the ss_vncviewer example script in the FAQ.)\n"
"\n"
"-sslCRL path Set the Certificate Revocation Lists (CRL) to \"path\".\n"
"\n"
" If path is a file, the file contains one more more CRLs\n"
" in PEM format. If path is a directory, it contains\n"
" hash named files of CRLs in the usual OpenSSL manner.\n"
" See the OpenSSL and stunnel(8) documentation for\n"
" more info.\n"
"\n"
" This option only applies if -sslverify has been\n"
" supplied: it checks for revocation along the\n"
" certificate chain used to verify the VNC client.\n"
" The -sslCRL setting will be ignored when -sslverify is\n"
" not specified.\n"
"\n"
" Only rarely will one's x11vnc -ssl infrastructure be so\n"
" large that this option would be useful (since normally\n"
" maintaining the contents of the -sslverify file or\n"
" directory should be enough.) However, when using\n"
" x11vnc with a Certificate Authority (see -sslGenCA)\n"
" to authenticate Clients via SSL/TLS, the -sslCRL option\n"
" can be useful to revoke users' certs whose private SSL\n"
" keys were lost or stolen (e.g. laptop.) This way a new\n"
" CA cert+key does not need to be created and new signed\n"
" client keys generated and distributed to all users.\n"
"\n"
" To create a CRL file with revoked certificates the\n"
" commands 'openssl ca -revoke ...' and 'openssl ca\n"
" -gencrl ...' are useful. (Run them in ~/.vnc/certs)\n"
"\n"
"-sslGenCA [dir] Generate your own Certificate Authority private key,\n"
" certificate, and other files in directory [dir].\n"
"\n"
@ -1901,7 +2025,6 @@ void print_help(int mode) {
" mode when using an SSH tunnel as well as for router\n"
" port redirections.\n"
"\n"
#endif
"-ssh user@host:disp Create a remote listening port on machine \"host\"\n"
" via a SSH tunnel using the -R rport:localhost:lport\n"
" method. lport will be the local x11vnc listening port,\n"
@ -2301,9 +2424,13 @@ void print_help(int mode) {
" to handle all subsequent resizes (e.g. under -xrandr,\n"
" -remote id:windowid, rescaling, etc.)\n"
"\n"
"-o logfile Write stderr messages to file \"logfile\" instead of\n"
" to the terminal. Same as \"-logfile file\". To append\n"
"-o logfile Write stderr messages to file \"logfile\" instead of to\n"
" the terminal. Same as \"-logfile file\". To append\n"
" to the file use \"-oa file\" or \"-logappend file\".\n"
" If \"logfile\" contains the string \"%%VNCDISPLAY\"\n"
" it is expanded to the vnc display (the name may need\n"
" to be guessed at.) \"%%HOME\" works too.\n"
"\n"
"-flag file Write the \"PORT=NNNN\" (e.g. PORT=5900) string to\n"
" \"file\" in addition to stdout. This option could be\n"
" useful by wrapper script to detect when x11vnc is ready.\n"
@ -3229,6 +3356,9 @@ void print_help(int mode) {
" has been recent user input (pointer or keyboard).\n"
" Improves response, but increases the load whenever you\n"
" are moving the mouse or typing. Default: %.2f\n"
"-setdefer n When the -wait_ui mechanism cuts down the wait time ms,\n"
" set the defer time to the same ms value. n=1 to enable,\n"
" 0 to disable, and -1 to set defer to 0 (no delay).\n"
"-nowait_bog Do not detect if the screen polling is \"bogging down\"\n"
" and sleep more. Some activities with no user input can\n"
" slow things down a lot: consider a large terminal window\n"
@ -4028,6 +4158,8 @@ void print_help(int mode) {
" noavahi disable avahi service advertising.\n"
" mdns enable avahi service advertising.\n"
" nomdns disable avahi service advertising.\n"
" zeroconf enable avahi service advertising.\n"
" nozeroconf disable avahi service advertising.\n"
/* access, filename */
" connect:host do reverse connection to host, \"host\"\n"
" may be a comma separated list of hosts\n"
@ -4352,13 +4484,13 @@ void print_help(int mode) {
" viewonly noviewonly shared noshared forever noforever\n"
" once timeout tightfilexfer notightfilexfer ultrafilexfer\n"
" noultrafilexfer rfbversion deny lock nodeny unlock\n"
" avahi mdns noavahi nomdns connect proxy allowonce\n"
" allow localhost nolocalhost listen lookup nolookup\n"
" accept afteraccept gone shm noshm flipbyteorder\n"
" noflipbyteorder onetile noonetile solid_color solid\n"
" nosolid blackout xinerama noxinerama xtrap noxtrap\n"
" xrandr noxrandr xrandr_mode rotate padgeom quiet\n"
" q noquiet modtweak nomodtweak xkb noxkb capslock\n"
" avahi mdns zeroconf noavahi nomdns nozeroconf connect\n"
" proxy allowonce allow localhost nolocalhost listen\n"
" lookup nolookup accept afteraccept gone shm noshm\n"
" flipbyteorder noflipbyteorder onetile noonetile\n"
" solid_color solid nosolid blackout xinerama noxinerama\n"
" xtrap noxtrap xrandr noxrandr xrandr_mode rotate padgeom\n"
" quiet q noquiet modtweak nomodtweak xkb noxkb capslock\n"
" nocapslock skip_lockkeys noskip_lockkeys skip_keycodes\n"
" sloppy_keys nosloppy_keys skip_dups noskip_dups\n"
" add_keysyms noadd_keysyms clear_mods noclear_mods\n"
@ -4502,6 +4634,7 @@ void print_help(int mode) {
"-deny_all For use with -remote nodeny: start out denying all\n"
" incoming clients until \"-remote nodeny\" is used to\n"
" let them in.\n"
"\n"
"%s\n"
"\n"
"These options are passed to libvncserver:\n"

@ -31,9 +31,16 @@ int ssl_no_fail = 0;
char *openssl_pem = NULL;
char *ssl_certs_dir = NULL;
char *enc_str = NULL;
int vencrypt_mode = VENCRYPT_SUPPORT;
int vencrypt_kx = VENCRYPT_BOTH;
int vencrypt_enable_plain_login = 0;
int tlsvnc_mode = TLSVNC_SUPPORT;
int create_fresh_dhparams = 0;
char *dhparams_file = NULL;
int https_port_num = -1;
int https_port_redir = 0;
char *ssl_verify = NULL;
char *ssl_crl = NULL;
int ssl_initialized = 0;
int ssl_timeout_secs = -1;
char *ssh_str = NULL;
@ -110,6 +117,7 @@ int inetd = 0; /* spawned from inetd(8) */
#define TIGHTFILEXFER 0
#endif
int tightfilexfer = TIGHTFILEXFER;
int got_ultrafilexfer = 0;
int first_conn_timeout = 0; /* -timeout */
int ping_interval = 0; /* -ping */
int flash_cmap = 0; /* follow installed colormaps */
@ -361,6 +369,7 @@ double slow_fb = 0.0;
double xrefresh = 0.0;
int wait_bog = 1;
int defer_update = 20; /* deferUpdateTime ms to wait before sends. */
int set_defer = 1;
int got_defer = 0;
int got_deferupdate = 0;

@ -31,9 +31,16 @@ extern int ssl_no_fail;
extern char *openssl_pem;
extern char *ssl_certs_dir;
extern char *enc_str;
extern int vencrypt_mode;
extern int vencrypt_kx;
extern int vencrypt_enable_plain_login;
extern int tlsvnc_mode;
extern int create_fresh_dhparams;
extern char *dhparams_file;
extern int https_port_num;
extern int https_port_redir;
extern char *ssl_verify;
extern char *ssl_crl;
extern int ssl_initialized;
extern int ssl_timeout_secs;
extern char *ssh_str;
@ -85,6 +92,7 @@ extern char **passwd_list;
extern int begin_viewonly;
extern int inetd;
extern int tightfilexfer;
extern int got_ultrafilexfer;
extern int first_conn_timeout;
extern int ping_interval;
extern int flash_cmap;
@ -266,6 +274,7 @@ extern double slow_fb;
extern double xrefresh;
extern int wait_bog;
extern int defer_update;
extern int set_defer;
extern int got_defer;
extern int got_deferupdate;

@ -54,4 +54,18 @@
#define ROTATE_90Y 6
#define ROTATE_270 7
#define VENCRYPT_NONE 0
#define VENCRYPT_SUPPORT 1
#define VENCRYPT_SOLE 2
#define VENCRYPT_FORCE 3
#define VENCRYPT_BOTH 0
#define VENCRYPT_NODH 1
#define VENCRYPT_NOX509 2
#define TLSVNC_NONE 0
#define TLSVNC_SUPPORT 1
#define TLSVNC_SOLE 2
#define TLSVNC_FORCE 3
#endif /* _X11VNC_PARAMS_H */

@ -2843,7 +2843,7 @@ char *process_remote_cmd(char *cmd, int stringonly) {
use_xdamage = 1;
if (use_xdamage != orig) {
initialize_xdamage();
create_xdamage_if_needed();
create_xdamage_if_needed(0);
}
goto done;
}
@ -3927,6 +3927,7 @@ char *process_remote_cmd(char *cmd, int stringonly) {
d = atoi(p);
if (d < 0) d = 0;
rfbLog("remote_cmd: setting defer to %d ms.\n", d);
defer_update = d;
screen->deferUpdateTime = d;
got_defer = 1;
goto done;
@ -3947,10 +3948,22 @@ char *process_remote_cmd(char *cmd, int stringonly) {
d = atoi(p);
if (d < 0) d = 0;
rfbLog("remote_cmd: setting defer to %d ms.\n", d);
defer_update = d;
screen->deferUpdateTime = d;
got_defer = 1;
goto done;
}
if (strstr(p, "setdefer") == p) {
COLON_CHECK("setdefer:")
if (query) {
snprintf(buf, bufn, "ans=%s%s%d", p, co, set_defer);
goto qry;
}
p += strlen("setdefer:");
set_defer = atoi(p);
rfbLog("remote_cmd: setting set_defer to %d\n", set_defer);
goto done;
}
if (strstr(p, "wait_ui") == p) {
double w;
COLON_CHECK("wait_ui:")
@ -5177,7 +5190,6 @@ char *process_remote_cmd(char *cmd, int stringonly) {
snprintf(buf, bufn, "aro=%s:%s", p, NONUL(passwdfile));
goto qry;
}
#ifndef NO_SSL_OR_UNIXPW
if (!strcmp(p, "unixpw")) {
snprintf(buf, bufn, "aro=%s:%d", p, unixpw);
goto qry;
@ -5218,7 +5230,6 @@ char *process_remote_cmd(char *cmd, int stringonly) {
snprintf(buf, bufn, "aro=%s:%d", p, https_port_redir);
goto qry;
}
#endif
if (!strcmp(p, "usepw")) {
snprintf(buf, bufn, "aro=%s:%d", p, usepw);
goto qry;

@ -341,12 +341,17 @@ static int shm_create(XShmSegmentInfo *shm, XImage **ximg_ptr, int w, int h,
void shm_delete(XShmSegmentInfo *shm) {
#if LIBVNCSERVER_HAVE_XSHM
if (getenv("X11VNC_SHM_DEBUG")) fprintf(stderr, "shm_delete: 0x%x\n", shm);
if (shm != NULL && shm->shmaddr != (char *) -1) {
shmdt(shm->shmaddr);
}
if (shm != NULL && shm->shmid != -1) {
shmctl(shm->shmid, IPC_RMID, 0);
}
if (shm != NULL) {
shm->shmaddr = (char *) -1;
shm->shmid = -1;
}
#else
if (!shm) {}
#endif
@ -2664,6 +2669,27 @@ void nap_sleep(int ms, int split) {
}
}
static char *get_load(void) {
static char tmp[64];
static int count = 0;
if (count++ % 5 == 0) {
struct stat sb;
memset(tmp, 0, sizeof(tmp));
if (stat("/proc/loadavg", &sb) == 0) {
int d = open("/proc/loadavg", O_RDONLY);
if (d >= 0) {
read(d, tmp, 60);
close(d);
}
}
if (tmp[0] == '\0') {
strcat(tmp, "unknown");
}
}
return tmp;
}
/*
* see if we should take a nap of some sort between polls
*/
@ -2687,14 +2713,14 @@ static void nap_check(int tile_cnt) {
if (dt_fbu > screen_blank) {
/* sleep longer for no fb requests */
if (debug_tiles > 1) {
fprintf(stderr, "screen blank sleep1: %d ms / 16\n", 2 * ms);
fprintf(stderr, "screen blank sleep1: %d ms / 16, load: %s\n", 2 * ms, get_load());
}
nap_sleep(2 * ms, 16);
return;
}
if (dt_ev > screen_blank) {
if (debug_tiles > 1) {
fprintf(stderr, "screen blank sleep2: %d ms / 8\n", ms);
fprintf(stderr, "screen blank sleep2: %d ms / 8, load: %s\n", ms, get_load());
}
nap_sleep(ms, 8);
return;
@ -2709,7 +2735,7 @@ static void nap_check(int tile_cnt) {
nap_ok = 0;
} else {
if (debug_tiles > 1) {
fprintf(stderr, "nap_check sleep: %d ms / 1\n", ms);
fprintf(stderr, "nap_check sleep: %d ms / 1, load: %s\n", ms, get_load());
}
nap_sleep(ms, 1);
}
@ -3198,7 +3224,8 @@ int scan_for_updates(int count_only) {
static int bad = 0;
if (xd_misses > (5 * xd_samples) / 100) {
rfbLog("XDAMAGE is not working well... misses: %d/%d\n", xd_misses, xd_samples);
rfbLog("Maybe a OpenGL app like Beryl is the problem? Use -noxdamage\n");
rfbLog("Maybe an OpenGL app like Beryl or Compiz is the problem?\n");
rfbLog("Use x11vnc -noxdamage or disable the Beryl/Compiz app.\n");
rfbLog("To disable this check and warning specify -xdamage twice.\n");
if (++bad >= 10) {
rfbLog("XDAMAGE appears broken (OpenGL app?), turning it off.\n");

@ -3072,6 +3072,8 @@ void initialize_screen(int *argc, char **argv, XImage *fb) {
}
if (! got_deferupdate) {
screen->deferUpdateTime = defer_update;
} else {
defer_update = screen->deferUpdateTime;
}
rfbInitServer(screen);
@ -3429,9 +3431,15 @@ static int choose_delay(double dt) {
int bogdown = 1, bcnt = 0;
int ndt = 8, nave = 3;
double fac = 1.0;
int db = 0;
static int db = 0, did_set_defer = 0;
static double dts[8];
static int link = LR_UNSET, latency = -1, netrate = -1;
static double last_link = 0.0;
if (screen && did_set_defer) {
/* reset defer in case we changed it */
screen->deferUpdateTime = defer_update;
}
if (waitms == 0) {
return waitms;
}
@ -3443,11 +3451,22 @@ static int choose_delay(double dt) {
for(i=0; i<ndt; i++) {
dts[i] = 0.0;
}
if (getenv("DEBUG_DELAY")) {
db = atoi(getenv("DEBUG_DELAY"));
}
if (getenv("SET_DEFER")) {
set_defer = atoi(getenv("SET_DEFER"));
}
first = 0;
}
now = dnow();
if (now > last_link + 30.0 || link == LR_UNSET) {
link = link_rate(&latency, &netrate);
last_link = now;
}
/*
* first check for bogdown, e.g. lots of activity, scrolling text
* from command output, etc.
@ -3514,6 +3533,7 @@ if (0 && dt > 0.0) fprintf(stderr, "dt: %.5f %.4f\n", dt, dnowx());
db = (db || debug_tiles);
if (db) fprintf(stderr, "bogg[%d] %.3f %.3f %.3f %.3f\n",
msec, dts[ndt-4], dts[ndt-3], dts[ndt-2], dts[ndt-1]);
return msec;
}
@ -3526,6 +3546,8 @@ if (0 && dt > 0.0) fprintf(stderr, "dt: %.5f %.4f\n", dt, dnowx());
dy0 = nabs(y1 - y0);
dx1 = nabs(x2 - x1);
dy1 = nabs(y2 - y1);
/* bigger displacement for most recent dt: */
if (dx1 > dy1) {
dm = dx1;
} else {
@ -3533,21 +3555,53 @@ if (0 && dt > 0.0) fprintf(stderr, "dt: %.5f %.4f\n", dt, dnowx());
}
if ((dx0 || dy0) && (dx1 || dy1)) {
/* if mouse moved the previous two times: */
if (t2 < t0 + cut1 || t2 < t1 + cut2 || dm > 20) {
fac = wait_ui * 1.25;
/*
* if within 0.15s(0) or 0.075s(1) or mouse
* moved > 20pixels, set and bump up the cut
* down factor.
*/
fac = wait_ui * 1.5;
} else if ((dx1 || dy1) && dm > 40) {
fac = wait_ui;
} else {
/* still 1.0? */
if (db > 1) fprintf(stderr, "wait_ui: still 1.0\n");
}
} else if ((dx1 || dy1) && dm > 40) {
/* if mouse moved > 40 last time: */
fac = wait_ui;
}
if (fac == 1 && t2 < last_keyboard_time + cut3) {
if (fac == 1.0 && t2 < last_keyboard_time + cut3) {
/* if typed in last 0.25s set wait_ui */
fac = wait_ui;
}
msec = (int) ((double) waitms / fac);
if (fac != 1.0) {
if (link == LR_LAN || latency <= 3) {
fac *= 1.5;
}
}
msec = (int) (((double) waitms) / fac);
if (msec == 0) {
msec = 1;
}
if (set_defer && fac != 1.0 && screen) {
/* this is wait_ui mode, set defer to match wait: */
if (set_defer >= 1) {
screen->deferUpdateTime = msec;
} else if (set_defer <= -1) {
screen->deferUpdateTime = 0;
}
if (nabs(set_defer) == 2) {
urgent_update = 1;
}
did_set_defer = 1;
}
x0 = x1;
y0 = y1;
t0 = t1;
@ -3556,6 +3610,8 @@ if (0 && dt > 0.0) fprintf(stderr, "dt: %.5f %.4f\n", dt, dnowx());
y1 = y2;
t1 = t2;
if (db > 1) fprintf(stderr, "wait: %2d defer[%02d]: %2d\n", msec, defer_update, screen->deferUpdateTime);
return msec;
}
@ -3563,7 +3619,7 @@ if (0 && dt > 0.0) fprintf(stderr, "dt: %.5f %.4f\n", dt, dnowx());
* main x11vnc loop: polls, checks for events, iterate libvncserver, etc.
*/
void watch_loop(void) {
int cnt = 0, tile_diffs = 0, skip_pe = 0;
int cnt = 0, tile_diffs = 0, skip_pe = 0, wait;
double tm, dtr, dt = 0.0;
time_t start = time(NULL);
@ -3812,26 +3868,27 @@ void watch_loop(void) {
last_dt = dt;
}
if ((debug_tiles || debug_scroll > 1 || debug_wireframe > 1)
&& (tile_diffs > 4 || debug_tiles > 1)) {
double rate = (tile_x * tile_y * bpp/8 * tile_diffs) / dt;
fprintf(stderr, "============================= TILES: %d dt: %.4f"
" t: %.4f %.2f MB/s nap_ok: %d\n", tile_diffs, dt,
tm - x11vnc_start, rate/1000000.0, nap_ok);
}
if ((debug_tiles || debug_scroll > 1 || debug_wireframe > 1)
&& (tile_diffs > 4 || debug_tiles > 1)) {
double rate = (tile_x * tile_y * bpp/8 * tile_diffs) / dt;
fprintf(stderr, "============================= TILES: %d dt: %.4f"
" t: %.4f %.2f MB/s nap_ok: %d\n", tile_diffs, dt,
tm - x11vnc_start, rate/1000000.0, nap_ok);
}
}
/* sleep a bit to lessen load */
if (! urgent_update) {
int wait = choose_delay(dt);
if (wait > 2*waitms) {
/* bog case, break it up */
nap_sleep(wait, 10);
} else {
usleep(wait * 1000);
}
wait = choose_delay(dt);
if (urgent_update) {
;
} else if (wait > 2*waitms) {
/* bog case, break it up */
nap_sleep(wait, 10);
} else {
usleep(wait * 1000);
}
cnt++;
}
}

@ -15,10 +15,6 @@
#endif
#endif
#ifdef NO_SSL_OR_UNIXPW
#undef SSLCMDS
#endif
void check_stunnel(void);
int start_stunnel(int stunnel_port, int x11vnc_port);
@ -64,6 +60,7 @@ int start_stunnel(int stunnel_port, int x11vnc_port) {
char *path, *p, *exe;
char *stunnel_path = NULL;
struct stat verify_buf;
struct stat crl_buf;
int status;
if (stunnel_pid) {
@ -146,6 +143,12 @@ int start_stunnel(int stunnel_port, int x11vnc_port) {
clean_up_exit(1);
}
}
if (ssl_crl) {
if (stat(ssl_crl, &crl_buf) != 0) {
rfbLog("stunnel: %s does not exist.\n", ssl_crl);
clean_up_exit(1);
}
}
stunnel_pid = fork();
@ -180,6 +183,11 @@ int start_stunnel(int stunnel_port, int x11vnc_port) {
a = "-A";
}
}
if (ssl_crl) {
rfbLog("stunnel: stunnel3 does not support CRL. %s\n", ssl_crl);
clean_up_exit(1);
}
if (stunnel_pem && ssl_verify) {
/* XXX double check -v 2 */
@ -210,6 +218,13 @@ int start_stunnel(int stunnel_port, int x11vnc_port) {
if (stunnel_pem) {
fprintf(in, "cert = %s\n", stunnel_pem);
}
if (ssl_crl) {
if(S_ISDIR(crl_buf.st_mode)) {
fprintf(in, "CRLpath = %s\n", ssl_crl);
} else {
fprintf(in, "CRLfile = %s\n", ssl_crl);
}
}
if (ssl_verify) {
if(S_ISDIR(verify_buf.st_mode)) {
fprintf(in, "CApath = %s\n", ssl_verify);

File diff suppressed because it is too large Load Diff

@ -15,6 +15,8 @@ extern int https_sock;
extern pid_t openssl_last_helper_pid;
extern char *openssl_last_ip;
extern char *certret_str;
extern char *dhret_str;
extern char *new_dh_params;
extern void raw_xfer(int csock, int s_in, int s_out);

@ -228,7 +228,14 @@ char genCA[] =
"echo \"----------------------------------------------------------------------\"\n"
"echo \"\"\n"
"\n"
"\"$OPENSSL\" req -config \"$DIR/CA/ssl.cnf\" -new -x509 \\\n"
"req_args=$REQ_ARGS\n"
"if echo \"$req_args\" | grep 'days' > /dev/null; then\n"
" :\n"
"else\n"
" req_args=\"$req_args -days 730\"\n"
"fi\n"
"\n"
"\"$OPENSSL\" req -config \"$DIR/CA/ssl.cnf\" -new -x509 -days 730 $req_args \\\n"
" -keyout \"$DIR/CA/private/cakey.pem\" \\\n"
" -out \"$DIR/CA/cacert.pem\"\n"
"\n"
@ -394,8 +401,12 @@ char genCert[] =
" echo \"time you start the VNC viewer SSL tunnel using this key.\"\n"
" fi\n"
" echo \"\"\n"
" printf \"Protect key with a passphrase? [y]/n \"\n"
" read x\n"
" if [ \"X$GENCERT_NOPROMPT\" = \"X\" ]; then\n"
" printf \"Protect key with a passphrase? [y]/n \"\n"
" read x\n"
" else\n"
" x=n\n"
" fi\n"
" estr=\" *unencrypted*\"\n"
" if [ \"x$ENCRYPT_ONLY\" != \"x\" ]; then\n"
" target=\"$ENCRYPT_ONLY\"\n"
@ -448,8 +459,10 @@ char genCert[] =
" echo \" This file should be kept secret.\"\n"
" echo \"----------------------------------------------------------------------\"\n"
" echo \"\"\n"
" printf \"Press Enter to print the $dest.req cert request to the screen: \"\n"
" read x\n"
" if [ \"X$GENCERT_NOPROMPT\" = \"X\" ]; then\n"
" printf \"Press Enter to print the $dest.req cert request to the screen: \"\n"
" read x\n"
" fi\n"
" echo \"\"\n"
" cat \"$DIR/$dest.req\"\n"
" exit 0\n"
@ -507,8 +520,10 @@ char genCert[] =
" echo \"\"\n"
" fi\n"
"\n"
" printf \"Press Enter to print the $dest.crt certificate to the screen: \"\n"
" read x\n"
" if [ \"X$GENCERT_NOPROMPT\" = \"X\" ]; then\n"
" printf \"Press Enter to print the $dest.crt certificate to the screen: \"\n"
" read x\n"
" fi\n"
" echo \"\"\n"
" cat \"$DIR/$dest.crt\"\n"
"}\n"

@ -123,7 +123,7 @@ Clients
afteraccept:
gone:
vncconnect
avahi
zeroconf
-- D
tightfilexfer
ultrafilexfer
@ -708,6 +708,8 @@ of actions:
Stop x11vnc - Directs the x11vnc server to disconnect all vncviewers
and then exit. The tray/icon GUI then exits as well.
Logfile - Show the logfile if x11vnc is being run with one.
Custom - If you have a \$HOME/.x11vnc.gui file each uncommented
line in it becomes an additional menu item for this
menu. The remote control command is run directly
@ -755,42 +757,78 @@ The Properties dialog allows you to set some basic parameters of a
running x11vnc server. After modifying them press \"OK\" or \"Apply\"
to apply the changes, or press \"Cancel\" to skip applying them.
- \"Accept Connections\" toggles whether VNC viewers are allowed
to connect or not. It corresponds to the \"-R unlock\" and \"-R lock\"
remote-control commands.
- \"Ask for Confirmation\" toggles whether a popup menu will be presented
at the X display when a new VNC viewer attempts to connect. The person
sitting at the X display can choose to accept or reject the connection
or accept the connection in View-Only mode. It corresponds to the
\"-R accept:popup\" and \"-R accept:\" remote-control commands.
Accept Connections:
Toggles whether VNC viewers are allowed to connect or not. It corresponds
to the \"-R unlock\" and \"-R lock\" remote-control commands.
Ask for Confirmation:
Toggles whether a popup menu will be presented at the X display when
a new VNC viewer attempts to connect. The person sitting at the X
display can choose to accept or reject the connection or accept the
connection in ViewOnly mode. It corresponds to the \"-R accept:popup\"
and \"-R accept:\" remote-control commands.
- \"All Clients ViewOnly\" toggles whether the entire VNC desktop is
view only. All clients will only be able to watch when this is set
(regardless of how they logged in). It corresponds to the
\"-R viewonly\" and \"-R noviewonly\" remote-control commands.
All Clients ViewOnly:
Toggles whether the entire VNC desktop is view only. All clients
will only be able to watch when this is set (regardless of how they
logged in). It corresponds to the \"-R viewonly\" and \"-R noviewonly\"
remote-control commands.
- \"Shared\" toggles whether multiple simultaneous connections are
allowed or not. It corresponds to the \"-R shared\" and \"-R noshared\"
Shared:
Toggles whether multiple simultaneous viewer connections are allowed
or not. It corresponds to the \"-R shared\" and \"-R noshared\"
remote-control commands.
- \"Password\" lets you set the session password viewers may use to gain full
access to the display. This will only work if x11vnc was started with
the -gui icon or -gui tray mode.
Advertise Service (Zeroconf):
Toggles whether this VNC server should advertize itself via Zeroconf
(also called Bonjour, mDNS, and avahi). Then VNC viewers can then find
this service on the local network. It corresponds to the \"-R zeroconf\"
and \"-R nozeroconf\" remote-control commands.
Serve Java Viewer Applet:
Toggles whether this VNC server should serve up a Java VNC Viewer
applet via HTTP on http://hostname:5800/ (or port 5800+n for VNC
port 5900+n). A java enabled Web Browser can then connect to the
desktopby VNC. If SSL is active then the HTTPS URL https://hostname:5900/
(etc.) will work as well. This requires the x11vnc java viewer jar file
(shared/x11vnc/classes) to be installed. It corresponds to the
\"-R http\" and \"-R nohttp\" remote commands.
Solid Background Color:
To improve VNC performance, if this option is set, then x11vnc will try
to make the desktop background a solid color (which compresses extremely
well compared to photo images, etc.) It corresponds to the \"-R solid\"
and \"-R nosolid\" remote commands.
Password:
Lets you set the session password viewers may use to gain full access
to the display. This will only work if x11vnc was started with the
-gui icon or -gui tray mode.
- \"ViewOnly Password\" lets you set the session password viewers may
use to gain view only access to the display. This will only work if
x11vnc was started with the -gui icon or -gui tray mode.
ViewOnly Password:
Lets you set the session password viewers may use to gain view only
access to the display. This will only work if x11vnc was started with
the -gui icon or -gui tray mode.
NOTE: These \"session\" passwords only last for the current x11vnc
session (they are not remembered, see the -storepasswd, -passwdfile,
and -rfbauth x11vnc options for using stored passwords).
NOTE: These \"session\" passwords only last for the current x11vnc
session (they are not remembered, see the -storepasswd, -passwdfile,
and -rfbauth x11vnc options for using stored passwords).
If you set \"Password\" to the empty string that makes the \"View-Only
Password\" empty as well and removes the need for any password to log in.
If you set \"Password\" to the empty string that makes the \"ViewOnly
Password\" empty as well and removes the need for any password to log in.
If you set \"ViewOnly Password\" to the empty string that just removes
the ViewOnly log in aspect: \"Password\" is still required to log in.
If you set \"ViewOnly Password\" to the empty string that just removes
the ViewOnly log in aspect: \"Password\" is still required to log in.
- The \"Help\" button shows this help text.
@ -798,7 +836,8 @@ the ViewOnly log in aspect: \"Password\" is still required to log in.
tkx11vnc GUI. All dynamic settings can be modified in the full GUI.
--------------------------------------------------------------------
==========================================================================
Don't Lock Yourself Out:
If you are sitting at the physical X display you cannot get into too
@ -1648,6 +1687,9 @@ proc parse_help {} {
if {[regexp {^These options} $line]} {
continue;
}
# tweak aliases:
regsub {^-zeroconf} $line "-zero_conf" line
regsub {^-avahi } $line "-zeroconf" line
if {! $sawopts} {
continue;
@ -2912,6 +2954,8 @@ proc all_query_vars {} {
}
set cache_all_query_vars $qry
#puts $qry
return $qry
}
@ -2919,6 +2963,7 @@ proc query_all {{quiet 0}} {
global query_ans_list query_aro_list all_settings
global last_query_all_time
dtime 1
set qry [all_query_vars]
set qargs [list "-Q" $qry]
@ -2936,6 +2981,7 @@ proc query_all {{quiet 0}} {
}
}
set last_query_all_time [clock seconds]
dtime 2
return $all
}
@ -4023,9 +4069,11 @@ proc props_widgets {state} {
}
proc props_apply {} {
global props_accept props_confirm props_viewonly props_shared
global props_accept props_confirm props_viewonly props_shared
global props_zeroconf props_javaview props_solid
global props_passwd props_viewpasswd
global prop0_accept prop0_confirm prop0_viewonly prop0_shared
global prop0_zeroconf prop0_javaview prop0_solid
global prop0_passwd prop0_viewpasswd
global menu_var
global client_sock
@ -4040,15 +4088,7 @@ proc props_apply {} {
}
set did 0
if {$props_accept != $prop0_accept} {
if {$did > 0} {after $aft}; incr did
if {$props_accept} {
push_new_value "unlock" "unlock" 1 0
} else {
push_new_value "lock" "lock" 1 0
}
set prop0_accept $props_accept
}
set fail 0
if {$props_confirm != $prop0_confirm} {
if {$did > 0} {after $aft}; incr did
@ -4062,6 +4102,7 @@ proc props_apply {} {
} elseif {$menu_var(accept) == ""} {
set props_confirm 0
}
if {$props_confirm == $prop0_confirm} {incr fail}
set prop0_confirm $props_confirm
}
@ -4077,6 +4118,7 @@ proc props_apply {} {
} else {
set props_viewonly 0
}
if {$props_viewonly == $prop0_viewonly} {incr fail}
set prop0_viewonly $props_viewonly
}
@ -4092,9 +4134,58 @@ proc props_apply {} {
} else {
set props_shared 0
}
if {$props_shared == $prop0_shared} {incr fail}
set prop0_shared $props_shared
}
if {$props_zeroconf != $prop0_zeroconf} {
if {$did > 0} {after $aft}; incr did
if {$props_zeroconf} {
push_new_value "zeroconf" "zeroconf" 1 1
} else {
push_new_value "zeroconf" "nozeroconf" 1 1
}
if {$menu_var(zeroconf)} {
set props_zeroconf 1
} else {
set props_zeroconf 0
}
if {$props_zeroconf == $prop0_zeroconf} {incr fail}
set prop0_zeroconf $props_zeroconf
}
if {$props_javaview != $prop0_javaview} {
if {$did > 0} {after $aft}; incr did
if {$props_javaview} {
push_new_value "http" "http" 1 1
} else {
push_new_value "http" "nohttp" 1 1
}
if {$menu_var(http)} {
set props_javaview 1
} else {
set props_javaview 0
}
if {$props_javaview == $prop0_javaview} {incr fail}
set prop0_javaview $props_javaview
}
if {$props_solid != $prop0_solid} {
if {$did > 0} {after $aft}; incr did
if {$props_solid} {
push_new_value "solid" "solid" 1 1
} else {
push_new_value "solid" "nosolid" 1 1
}
if {$menu_var(solid)} {
set props_solid 1
} else {
set props_solid 0
}
if {$props_solid == $prop0_solid} {incr fail}
set prop0_solid $props_solid
}
set fpw 0
if {$props_passwd != $prop0_passwd} {
set fpw 1
@ -4159,16 +4250,34 @@ proc props_apply {} {
if {$case == "fpw"} {
if {$did > 0} {after $aft}; incr did
push_new_value "passwd" "passwd" "$props_passwd" 1
if {$props_passwd == $prop0_passwd} {incr fail}
set prop0_passwd $props_passwd
}
if {$case == "vpw"} {
if {$did > 0} {after $aft}; incr did
push_new_value "viewpasswd" "viewpasswd" "$props_viewpasswd" 1
if {$props_viewpasswd == $prop0_viewpasswd} {incr fail}
set prop0_viewpasswd $props_viewpasswd
}
}
if {$props_accept != $prop0_accept} {
if {$did > 0} {after $aft}; incr did
if {$props_accept} {
push_new_value "unlock" "unlock" 1 0
} else {
push_new_value "lock" "lock" 1 0
}
if {$props_accept == $prop0_accept} {incr fail}
set prop0_accept $props_accept
}
props_widgets normal
if {$fail > 0} {
return 0
} else {
return 1
}
}
proc props_advanced {} {
@ -4192,20 +4301,29 @@ proc props_advanced {} {
}
}
proc do_props {{msg ""}} {
proc do_props {} {
global props_accept props_confirm props_viewonly props_shared
global props_zeroconf props_javaview props_solid
global props_passwd props_viewpasswd
global prop0_accept prop0_confirm prop0_viewonly prop0_shared
global prop0_zeroconf prop0_javaview prop0_solid
global prop0_passwd prop0_viewpasswd
global menu_var unset_str
global have_labelframes ffont bfont
global props_buttons icon_noadvanced
global icon_mode icon_mode_at_startup
global screen_height screen_width
global do_props_msg
set msg ""
if {[info exists do_props_msg]} {
set msg $do_props_msg
}
check_update_vars
set pady 1m
set pady 0.5m
set pady 0.3m
if {$screen_height <= 360} {
set pady 0m
}
@ -4262,6 +4380,48 @@ proc do_props {{msg ""}} {
}
set prop0_shared $props_shared
if [info exists menu_var(zeroconf)] {
if {$menu_var(zeroconf) == $unset_str || $menu_var(zeroconf) == ""} {
set props_zeroconf 0
} elseif ($menu_var(zeroconf)) {
set props_zeroconf 1
} else {
set props_zeroconf 0
}
} else {
set menu_var(zeroconf) 0
set props_zeroconf 0
}
set prop0_zeroconf $props_zeroconf
if [info exists menu_var(http)] {
if {$menu_var(http) == $unset_str || $menu_var(http) == ""} {
set props_javaview 0
} elseif ($menu_var(http)) {
set props_javaview 1
} else {
set props_javaview 0
}
} else {
set menu_var(http) 0
set props_javaview 0
}
set prop0_javaview $props_javaview
if [info exists menu_var(solid)] {
if {$menu_var(solid) == $unset_str || $menu_var(solid) == ""} {
set props_solid 0
} elseif ($menu_var(solid)) {
set props_solid 1
} else {
set props_solid 0
}
} else {
set menu_var(solid) 0
set props_solid 0
}
set prop0_solid $props_solid
if ![info exists props_passwd] {
set props_passwd ""
}
@ -4283,7 +4443,7 @@ proc do_props {{msg ""}} {
wm title $w "x11vnc Properties"
set b1 "$w.buttons1"
frame $b1
button $b1.ok -text OK -command "props_apply; destroy $w" -font $bfont
button $b1.ok -text OK -command "if {\[props_apply\]} {destroy $w}" -font $bfont
button $b1.cancel -text Cancel -command "destroy $w" -font $bfont
button $b1.apply -text Apply -command "props_apply" -font $bfont
@ -4295,17 +4455,29 @@ proc do_props {{msg ""}} {
set b2 "$w.buttons2"
frame $b2
button $b2.advanced -text "Advanced ..." \
button $b2.advanced -text " Advanced ... " \
-command "destroy $w; props_advanced" -font $bfont
if {! $icon_noadvanced} {
lappend props_buttons $b2.advanced
pack $b2.advanced -side left -expand 0
}
button $b2.help -text "Help" -command "menu_help Properties" -font $bfont
button $b2.help -text " Help " -command "menu_help Properties" -font $bfont
lappend props_buttons $b2.help
pack $b2.help -side left -expand 0
set pw "$w.passwd"
if {$have_labelframes} {
labelframe $pw -text "Password" -font $bfont
} else {
frame $pw
set l $pw.l
label $l -text "Password:" -justify left -anchor w -font $bfont
pack $pw.l -fill x -expand 1 -padx 1m -pady 0m -side top
}
entry $pw.e -show "*" -textvariable props_passwd -font $bfont
pack $pw.e -fill x -expand 1 -padx 1m -pady $pady -side top
set vp "$w.viewpw"
if {$have_labelframes} {
labelframe $vp -text "ViewOnly Password" -font $bfont
@ -4321,18 +4493,6 @@ proc do_props {{msg ""}} {
lappend props_buttons $vp.e
set pw "$w.passwd"
if {$have_labelframes} {
labelframe $pw -text "Password" -font $bfont
} else {
frame $pw
set l $pw.l
label $l -text "Password:" -justify left -anchor w -font $bfont
pack $pw.l -fill x -expand 1 -padx 1m -pady 0m -side top
}
entry $pw.e -show "*" -textvariable props_passwd -font $bfont
pack $pw.e -fill x -expand 1 -padx 1m -pady $pady -side top
if {! $icon_mode_at_startup} {
$vp.e configure -state disabled
catch {$vp.l configure -state disabled}
@ -4346,6 +4506,24 @@ proc do_props {{msg ""}} {
lappend props_buttons $pw.e
set sb "$w.solid"
frame $sb
checkbutton $sb.button -text "Solid Background Color" \
-variable props_solid -anchor w -font $bfont
pack $sb.button -fill x -expand 1 -padx 1m -pady $pady
set jv "$w.javaview"
frame $jv
checkbutton $jv.button -text "Serve Java Viewer Applet" \
-variable props_javaview -anchor w -font $bfont
pack $jv.button -fill x -expand 1 -padx 1m -pady $pady
set zc "$w.zeroconf"
frame $zc
checkbutton $zc.button -text "Advertise Service (Zeroconf)" \
-variable props_zeroconf -anchor w -font $bfont
pack $zc.button -fill x -expand 1 -padx 1m -pady $pady
set sh "$w.shared"
frame $sh
checkbutton $sh.button -text "Shared" \
@ -4375,11 +4553,21 @@ proc do_props {{msg ""}} {
pack $b2 -side bottom -fill x -pady $pady -padx $px
pack $vp -side bottom -fill x -pady $pady -padx $px
pack $pw -side bottom -fill x -pady $pady -padx $px
pack $sb -side bottom -fill x -pady 0m -padx $px
pack $jv -side bottom -fill x -pady 0m -padx $px
pack $zc -side bottom -fill x -pady 0m -padx $px
pack $sh -side bottom -fill x -pady 0m -padx $px
pack $vo -side bottom -fill x -pady 0m -padx $px
pack $cf -side bottom -fill x -pady 0m -padx $px
pack $ac -side bottom -fill x -pady 0m -padx $px
global show_props_instructions
if {![info exists show_props_instructions]} {
set show_props_instructions 1
}
wm withdraw $w
if {$msg != ""} {
set tw [textwidth $msg]
set th [textheight $msg]
@ -4387,18 +4575,46 @@ proc do_props {{msg ""}} {
set ms "$w.msg"
text $ms -font $ffont -relief ridge -width $tw -height $th
$ms insert 1.0 $msg
pack $ms -side bottom -fill x -pady $pady -padx $px
set si "$w.instructions"
frame $si
checkbutton $si.button -text "Show Instructions" \
-variable show_props_instructions -anchor w -font $bfont \
-command "toggle_instructions $ms $pady $px"
pack $si.button -fill x -expand 1 -padx 1m -pady $pady
pack $si -side bottom -fill x -pady 0m -padx $px
if {$show_props_instructions} {
pack $ms -side bottom -fill x -pady $pady -padx $px
}
update
}
lappend props_buttons $ac.button $cf.button $vo.button $sh.button
lappend props_buttons $ac.button $cf.button $vo.button $sh.button $zc.button $jv.button $sb.button
update
wm resizable $w 1 0
center_win $w
update
wm minsize $w [winfo width $w] [winfo height $w]
#wm minsize $w [winfo width $w] [winfo height $w]
tkwait window $w
set show_props_instructions 0
}
proc toggle_instructions {ms pady px} {
global show_props_instructions
if {$show_props_instructions} {
pack $ms -side bottom -fill x -pady $pady -padx $px
} else {
pack forget $ms
}
catch {pack .props}
update
}
proc do_new_client {} {
@ -4547,8 +4763,11 @@ proc set_client_balloon {str} {
proc read_client_info {channel} {
global x11vnc_client_file client_str client_info_read
global read_client_info_lock
global read_clients
set db 0
set read_clients 0
if {![info exists read_client_info_lock]} {
set read_client_info_lock 0
}
@ -4580,6 +4799,7 @@ proc read_client_info {channel} {
;
} elseif [regexp {^clients:} $str] {
regsub {^clients:} $str "" str
set read_clients 1
if {$str == "none"} {
set str ""
}
@ -4592,11 +4812,30 @@ proc read_client_info {channel} {
}
}
proc check_set_vnc_display {} {
global read_clients check_set_vnc_display_done
if {[info exists check_set_vnc_display_done]} {
return
}
if {[info exists read_clients]} {
if {$read_clients} {
after 250
query_all
global client_str
set_client_balloon $client_str
set check_set_vnc_display_done 1
}
}
}
proc read_client_tail {} {
global client_tail
if {$client_tail != ""} {
read_client_info $client_tail
check_set_vnc_display
}
}
@ -4605,6 +4844,7 @@ proc read_client_sock {} {
if {$client_sock != ""} {
read_client_info $client_sock
check_set_vnc_display
}
}
@ -5023,6 +5263,7 @@ proc make_icon {} {
menu $menu -tearoff 0 -postcommand "popup_post $menu"
$menu add command -font $mfont -label "Properties" -command do_props
$menu add command -font $mfont -label "Help" -command "menu_help Tray"
$menu add command -font $mfont -label "Logfile" -command show_logfile
$menu add separator
$menu add command -font $mfont -label "New Client" -command do_new_client
@ -5138,6 +5379,7 @@ proc setup_client_channel {} {
textwin "Warning" "Warning" $m
update
}
dtime C
}
proc clean_client_tail {} {
@ -6179,6 +6421,125 @@ proc get_view_variable {} {
return $menu_var(WindowView)
}
proc dono {a b c} {
exit 1;
}
proc do_port_prompt {} {
global bfont ffont
global port_reply port_set
set guess 5900
for {set i 0} {$i < 50} {incr i} {
set fh ""
set try [expr $guess + $i]
catch {set fh [socket -server dono $try]}
if {$fh != ""} {
catch {close $fh}
set guess $try
break;
}
}
set hn ""
catch {set hn [exec uname -n]}
if {$hn == ""} {
set hn "hostname"
}
set text " Set the x11vnc Listening Port:
VNC Display :0 corresponds to TCP port 5900
VNC Display :1 corresponds to TCP port 5901
etc.
In the Entry below, indicate a Port for x11vnc to listen on.
Note that to connect to x11vnc, a VNC Viewer will need to
know your selection, for example:
vncviewer $hn:0
vncviewer $hn:1
etc.
You may also set some additional parameters:
- Enable SSL encryption.
(requires an SSL enabled vncviewer, such as SSVNC)
- Listen only on localhost. (e.g. for an SSH tunnel)
- Enable UltraVNC or TightVNC File transfer.
"
set port_set $guess
set port_reply ""
toplevel .pp
wm title .pp "Select x11vnc port"
wm protocol . WM_DELETE_WINDOW "destroy .; exit"
wm protocol .pp WM_DELETE_WINDOW "destroy .pp; exit"
label .pp.m -text "$text" -justify left -font $ffont
frame .pp.f -bd 1 -relief ridge -pady 2
label .pp.f.l -text "Port: "
entry .pp.f.e -width 8 -textvariable port_set
global enable_ssl; set enable_ssl 0
if [info exists env(X11VNC_SSL_ENABLED)] {
set enable_ssl 1
}
checkbutton .pp.f.ssl -relief raised -pady 3 -padx 3 -text "Enable SSL" -variable enable_ssl
global localhost; set localhost 0
if [info exists env(X11VNC_LOCALHOST_ENABLED)] {
set localhost 1
}
checkbutton .pp.f.loc -relief raised -pady 3 -padx 3 -text "Listen on localhost" -variable localhost
pack .pp.f.l .pp.f.e -side left
pack .pp.f.loc .pp.f.ssl -side right
frame .pp.t -bd 1 -relief ridge -pady 2
global file_transfer; set file_transfer "none"
if [info exists env(X11VNC_FILETRANSFER_ENABLED)] {
set file_transfer $env(X11VNC_FILETRANSFER_ENABLED)
}
label .pp.t.l -text "File Transfer: "
radiobutton .pp.t.none -text "None" -variable file_transfer -value "none"
radiobutton .pp.t.ultra -text "UltraVNC" -variable file_transfer -value "ultra"
radiobutton .pp.t.tight -text "TightVNC" -variable file_transfer -value "tight"
pack .pp.t.l .pp.t.none .pp.t.ultra .pp.t.tight -side left
frame .pp.o -bd 1 -relief ridge
button .pp.o.ok -text "OK" -command "set port_reply 1; destroy .pp"
button .pp.o.cancel -text "Cancel" -command "set port_reply 0; destroy .pp"
pack .pp.o.ok .pp.o.cancel -side left -fill x -expand 1
pack .pp.m -side top -fill x -expand 1
pack .pp.f .pp.t .pp.o -side top -fill x
focus .pp.f.e
.pp.f.e icursor end
wm withdraw .pp
update
center_win .pp
wm minsize .pp [winfo width .pp] [winfo height .pp]
bind .pp.f.e <KeyPress-Return> "set port_reply 1; destroy .pp"
vwait port_reply
if {$port_reply} {
regsub -all {^:} $port_set "" port_set
regsub -all {[ \t]} $port_set "" port_set
if {[regexp {^[0-9][0-9]*$} $port_set]} {
if {$port_set < 0} {
set port_set [expr 0 - $port_set]
} elseif {$port_set < 200} {
set port_set [expr $port_set + 5900]
}
puts "$port_set:ssl${enable_ssl}:localhost$localhost:ft_$file_transfer"
}
}
}
proc change_view_state {} {
global menu_var gui_current_state
@ -6376,20 +6737,47 @@ set ffont "fixed"
set ls ""
catch {set ls [font metrics $bfont -linespace]}
if {$ls != ""} {
if {$ls > 14} {
if {$ls != "" && $ls > 14} {
# some recent setups have BIG rendering for the above fonts.
# on recent (8/08) debian these are really ragged:
set bfont "-adobe-helvetica-bold-r-*-*-*-90-*-*-*-*-*-*"
set sfont "-adobe-helvetica-bold-r-*-*-*-75-*-*-*-*-*-*"
set snfont "-adobe-helvetica-medium-r-*-*-*-75-*-*-*-*-*-*"
# these are bigger but look better... but for how long?
set bfont "-adobe-helvetica-bold-r-*-*-*-100-*-*-*-*-*-*"
set sfont "-adobe-helvetica-bold-r-*-*-*-80-*-*-*-*-*-*"
set snfont "-adobe-helvetica-medium-r-*-*-*-80-*-*-*-*-*-*"
}
set ls ""
catch {set ls [font metrics $bfont -linespace]}
if {$ls != "" && $ls < 14} {
# these are bigger but look better... but for how long?
set bfont "-adobe-helvetica-bold-r-*-*-*-100-*-*-*-*-*-*"
set sfont "-adobe-helvetica-bold-r-*-*-*-80-*-*-*-*-*-*"
set snfont "-adobe-helvetica-medium-r-*-*-*-80-*-*-*-*-*-*"
# maybe consider... {-font font Font {Helvetica -12 bold} {Helvetica -12 bold}}
# or stick with system font like ssvnc.
}
}
# need to check if "fixed" font under XFT on tk8.5 is actually fixed width!!
set ls ""
catch {set ls [font metrics $ffont -linespace]}
set fs ""
catch {set fs [font metrics $ffont -fixed]}
set redo 0
if {$fs != "" && $fs != "1"} {
set redo 1
}
if {$ls != "" && $ls > 14} {
set redo 1
}
if {$redo} {
foreach fn [font names] {
if {$fn == "TkFixedFont"} {
set ffont $fn
break
}
}
}
set help_indent 24;
set reply_xdisplay ""
set all_settings "None so far."
@ -6467,6 +6855,10 @@ if {"$argv" == "-spit"} {
puts ";"
exit 0
}
if {"$argv" == "-portprompt"} {
do_port_prompt
exit 0
}
set_view_variable "full"
@ -6665,15 +7057,65 @@ get_default_vars
dtime D
proc check_setpasswd {} {
global icon_setpasswd
global env icon_setpasswd
global do_props_msg
set do_props_msg ""
if {$icon_setpasswd} {
set m "You must specify a Session Password\n"
set m "${m}before VNC clients can connect.\n"
set m "${m}Enter one in the Password field\n"
set m "${m}and Press \"OK\". The password(s) is\n"
set m "${m}only for this x11vnc session.\n"
do_props $m
#push_new_value "unlock" "unlock" 1 0
set m "\n"
set m " Note the x11vnc icon in the system tray \n"
set m "${m} This panel is its 'Properties' dialog.\n"
set m "${m}\n"
set m "${m} To specify a Session Password and to\n"
set m "${m} allow VNC clients to connect, follow\n"
set m "${m} these steps:\n"
set m "${m}\n"
set m "${m} Enter a passwd in the Password field\n"
set m "${m} (it can be left blank.) You can also\n"
set m "${m} supply a ViewOnly passwd if desired.\n"
set m "${m}\n"
set m "${m} Set 'Accept Connections' and then Press \n"
set m "${m} 'Apply' to allow incoming connections.\n"
set m "${m}\n"
set m "${m} The passwords are only for this x11vnc\n"
set m "${m} session and are not saved. Run x11vnc\n"
set m "${m} manually for more control.\n"
set m "${m}\n"
set m "${m} See 'Help' for details on each option.\n"
global x11vnc_cmdline
set dossl 0
if {[info exists x11vnc_cmdline]} {
if [regexp -- {-ssl} $x11vnc_cmdline] {
set dossl 1
}
}
if {$dossl || [info exists env(X11VNC_GOT_SSL)]} {
set m "${m}\n"
set m "${m} SSL encryption mode active. You can\n"
set m "${m} find your Public Cert in the Logfile\n"
set m "${m} and also the ~/.vnc/certs directory.\n"
}
if {[info exists env(X11VNC_SETPASS_FAIL)]} {
set pp 5900
if {[info exists env(X11VNC_GOT_RFBPORT_VAL)]} {
if {$env(X11VNC_GOT_RFBPORT_VAL) > 0} {
set pp $env(X11VNC_GOT_RFBPORT_VAL)
}
}
set m " The x11vnc program failed to start! \n"
set m "${m}\n"
set m "${m} Maybe there is another VNC server\n"
set m "${m} already listening on port $pp?\n"
set m "${m}\n"
set m "${m} You will need to start over after\n"
set m "${m} you make sure x11vnc can start.\n"
}
set do_props_msg $m
do_props
}
}

@ -134,7 +134,7 @@ char gui_code[] = "";
" afteraccept:\n"
" gone:\n"
" vncconnect\n"
" avahi\n"
" zeroconf\n"
" -- D\n"
" tightfilexfer\n"
" ultrafilexfer\n"
@ -719,6 +719,8 @@ char gui_code[] = "";
" Stop x11vnc - Directs the x11vnc server to disconnect all vncviewers\n"
" and then exit. The tray/icon GUI then exits as well.\n"
"\n"
" Logfile - Show the logfile if x11vnc is being run with one.\n"
"\n"
" Custom - If you have a \\$HOME/.x11vnc.gui file each uncommented\n"
" line in it becomes an additional menu item for this\n"
" menu. The remote control command is run directly\n"
@ -766,42 +768,78 @@ char gui_code[] = "";
"running x11vnc server. After modifying them press \\\"OK\\\" or \\\"Apply\\\"\n"
"to apply the changes, or press \\\"Cancel\\\" to skip applying them.\n"
"\n"
" - \\\"Accept Connections\\\" toggles whether VNC viewers are allowed\n"
" to connect or not. It corresponds to the \\\"-R unlock\\\" and \\\"-R lock\\\"\n"
" remote-control commands.\n"
" \n"
" - \\\"Ask for Confirmation\\\" toggles whether a popup menu will be presented\n"
" at the X display when a new VNC viewer attempts to connect. The person\n"
" sitting at the X display can choose to accept or reject the connection\n"
" or accept the connection in View-Only mode. It corresponds to the \n"
" \\\"-R accept:popup\\\" and \\\"-R accept:\\\" remote-control commands.\n"
" Accept Connections:\n"
"\n"
" Toggles whether VNC viewers are allowed to connect or not. It corresponds\n"
" to the \\\"-R unlock\\\" and \\\"-R lock\\\" remote-control commands.\n"
"\n"
" Ask for Confirmation:\n"
"\n"
" Toggles whether a popup menu will be presented at the X display when\n"
" a new VNC viewer attempts to connect. The person sitting at the X\n"
" display can choose to accept or reject the connection or accept the\n"
" connection in ViewOnly mode. It corresponds to the \\\"-R accept:popup\\\"\n"
" and \\\"-R accept:\\\" remote-control commands.\n"
" \n"
" - \\\"All Clients ViewOnly\\\" toggles whether the entire VNC desktop is\n"
" view only. All clients will only be able to watch when this is set\n"
" (regardless of how they logged in). It corresponds to the\n"
" \\\"-R viewonly\\\" and \\\"-R noviewonly\\\" remote-control commands.\n"
" All Clients ViewOnly:\n"
"\n"
" Toggles whether the entire VNC desktop is view only. All clients\n"
" will only be able to watch when this is set (regardless of how they\n"
" logged in). It corresponds to the \\\"-R viewonly\\\" and \\\"-R noviewonly\\\"\n"
" remote-control commands.\n"
" \n"
" - \\\"Shared\\\" toggles whether multiple simultaneous connections are\n"
" allowed or not. It corresponds to the \\\"-R shared\\\" and \\\"-R noshared\\\"\n"
" Shared:\n"
"\n"
" Toggles whether multiple simultaneous viewer connections are allowed\n"
" or not. It corresponds to the \\\"-R shared\\\" and \\\"-R noshared\\\"\n"
" remote-control commands.\n"
"\n"
" - \\\"Password\\\" lets you set the session password viewers may use to gain full\n"
" access to the display. This will only work if x11vnc was started with \n"
" the -gui icon or -gui tray mode.\n"
" Advertise Service (Zeroconf):\n"
"\n"
" Toggles whether this VNC server should advertize itself via Zeroconf\n"
" (also called Bonjour, mDNS, and avahi). Then VNC viewers can then find\n"
" this service on the local network. It corresponds to the \\\"-R zeroconf\\\"\n"
" and \\\"-R nozeroconf\\\" remote-control commands.\n"
"\n"
" Serve Java Viewer Applet:\n"
"\n"
" Toggles whether this VNC server should serve up a Java VNC Viewer\n"
" applet via HTTP on http://hostname:5800/ (or port 5800+n for VNC\n"
" port 5900+n). A java enabled Web Browser can then connect to the\n"
" desktopby VNC. If SSL is active then the HTTPS URL https://hostname:5900/\n"
" (etc.) will work as well. This requires the x11vnc java viewer jar file\n"
" (shared/x11vnc/classes) to be installed. It corresponds to the\n"
" \\\"-R http\\\" and \\\"-R nohttp\\\" remote commands.\n"
"\n"
" Solid Background Color:\n"
"\n"
" To improve VNC performance, if this option is set, then x11vnc will try\n"
" to make the desktop background a solid color (which compresses extremely\n"
" well compared to photo images, etc.) It corresponds to the \\\"-R solid\\\"\n"
" and \\\"-R nosolid\\\" remote commands.\n"
"\n"
" Password:\n"
"\n"
" Lets you set the session password viewers may use to gain full access\n"
" to the display. This will only work if x11vnc was started with the\n"
" -gui icon or -gui tray mode.\n"
" \n"
" - \\\"ViewOnly Password\\\" lets you set the session password viewers may\n"
" use to gain view only access to the display. This will only work if\n"
" x11vnc was started with the -gui icon or -gui tray mode.\n"
" ViewOnly Password:\n"
"\n"
" Lets you set the session password viewers may use to gain view only\n"
" access to the display. This will only work if x11vnc was started with\n"
" the -gui icon or -gui tray mode.\n"
"\n"
"\n"
"NOTE: These \\\"session\\\" passwords only last for the current x11vnc\n"
"session (they are not remembered, see the -storepasswd, -passwdfile,\n"
"and -rfbauth x11vnc options for using stored passwords).\n"
" NOTE: These \\\"session\\\" passwords only last for the current x11vnc\n"
" session (they are not remembered, see the -storepasswd, -passwdfile,\n"
" and -rfbauth x11vnc options for using stored passwords).\n"
"\n"
"If you set \\\"Password\\\" to the empty string that makes the \\\"View-Only\n"
"Password\\\" empty as well and removes the need for any password to log in.\n"
" If you set \\\"Password\\\" to the empty string that makes the \\\"ViewOnly\n"
" Password\\\" empty as well and removes the need for any password to log in.\n"
"\n"
"If you set \\\"ViewOnly Password\\\" to the empty string that just removes\n"
"the ViewOnly log in aspect: \\\"Password\\\" is still required to log in.\n"
" If you set \\\"ViewOnly Password\\\" to the empty string that just removes\n"
" the ViewOnly log in aspect: \\\"Password\\\" is still required to log in.\n"
"\n"
" - The \\\"Help\\\" button shows this help text.\n"
" \n"
@ -809,7 +847,8 @@ char gui_code[] = "";
" tkx11vnc GUI. All dynamic settings can be modified in the full GUI.\n"
"\n"
"\n"
"--------------------------------------------------------------------\n"
"==========================================================================\n"
"\n"
"Don't Lock Yourself Out:\n"
"\n"
" If you are sitting at the physical X display you cannot get into too\n"
@ -1659,6 +1698,9 @@ char gui_code[] = "";
" if {[regexp {^These options} $line]} {\n"
" continue;\n"
" }\n"
" # tweak aliases:\n"
" regsub {^-zeroconf} $line \"-zero_conf\" line\n"
" regsub {^-avahi } $line \"-zeroconf\" line\n"
"\n"
" if {! $sawopts} {\n"
" continue;\n"
@ -2923,6 +2965,8 @@ char gui_code[] = "";
" }\n"
" set cache_all_query_vars $qry\n"
"\n"
"#puts $qry\n"
"\n"
" return $qry\n"
"}\n"
"\n"
@ -2930,6 +2974,7 @@ char gui_code[] = "";
" global query_ans_list query_aro_list all_settings\n"
" global last_query_all_time\n"
"\n"
" dtime 1\n"
" set qry [all_query_vars]\n"
"\n"
" set qargs [list \"-Q\" $qry]\n"
@ -2947,6 +2992,7 @@ char gui_code[] = "";
" }\n"
" }\n"
" set last_query_all_time [clock seconds]\n"
" dtime 2\n"
" return $all\n"
"}\n"
"\n"
@ -4034,9 +4080,11 @@ char gui_code[] = "";
"}\n"
"\n"
"proc props_apply {} {\n"
" global props_accept props_confirm props_viewonly props_shared\n"
" global props_accept props_confirm props_viewonly props_shared \n"
" global props_zeroconf props_javaview props_solid\n"
" global props_passwd props_viewpasswd\n"
" global prop0_accept prop0_confirm prop0_viewonly prop0_shared\n"
" global prop0_zeroconf prop0_javaview prop0_solid\n"
" global prop0_passwd prop0_viewpasswd\n"
" global menu_var\n"
" global client_sock\n"
@ -4051,15 +4099,7 @@ char gui_code[] = "";
" }\n"
" set did 0\n"
"\n"
" if {$props_accept != $prop0_accept} {\n"
" if {$did > 0} {after $aft}; incr did\n"
" if {$props_accept} {\n"
" push_new_value \"unlock\" \"unlock\" 1 0\n"
" } else {\n"
" push_new_value \"lock\" \"lock\" 1 0\n"
" }\n"
" set prop0_accept $props_accept\n"
" }\n"
" set fail 0\n"
"\n"
" if {$props_confirm != $prop0_confirm} {\n"
" if {$did > 0} {after $aft}; incr did\n"
@ -4073,6 +4113,7 @@ char gui_code[] = "";
" } elseif {$menu_var(accept) == \"\"} {\n"
" set props_confirm 0\n"
" }\n"
" if {$props_confirm == $prop0_confirm} {incr fail}\n"
" set prop0_confirm $props_confirm\n"
" }\n"
"\n"
@ -4088,6 +4129,7 @@ char gui_code[] = "";
" } else {\n"
" set props_viewonly 0\n"
" }\n"
" if {$props_viewonly == $prop0_viewonly} {incr fail}\n"
" set prop0_viewonly $props_viewonly\n"
" }\n"
"\n"
@ -4103,9 +4145,58 @@ char gui_code[] = "";
" } else {\n"
" set props_shared 0\n"
" }\n"
" if {$props_shared == $prop0_shared} {incr fail}\n"
" set prop0_shared $props_shared\n"
" }\n"
"\n"
" if {$props_zeroconf != $prop0_zeroconf} {\n"
" if {$did > 0} {after $aft}; incr did\n"
" if {$props_zeroconf} {\n"
" push_new_value \"zeroconf\" \"zeroconf\" 1 1\n"
" } else {\n"
" push_new_value \"zeroconf\" \"nozeroconf\" 1 1\n"
" }\n"
" if {$menu_var(zeroconf)} {\n"
" set props_zeroconf 1\n"
" } else {\n"
" set props_zeroconf 0\n"
" }\n"
" if {$props_zeroconf == $prop0_zeroconf} {incr fail}\n"
" set prop0_zeroconf $props_zeroconf\n"
" }\n"
"\n"
" if {$props_javaview != $prop0_javaview} {\n"
" if {$did > 0} {after $aft}; incr did\n"
" if {$props_javaview} {\n"
" push_new_value \"http\" \"http\" 1 1\n"
" } else {\n"
" push_new_value \"http\" \"nohttp\" 1 1\n"
" }\n"
" if {$menu_var(http)} {\n"
" set props_javaview 1\n"
" } else {\n"
" set props_javaview 0\n"
" }\n"
" if {$props_javaview == $prop0_javaview} {incr fail}\n"
" set prop0_javaview $props_javaview\n"
" }\n"
"\n"
" if {$props_solid != $prop0_solid} {\n"
" if {$did > 0} {after $aft}; incr did\n"
" if {$props_solid} {\n"
" push_new_value \"solid\" \"solid\" 1 1\n"
" } else {\n"
" push_new_value \"solid\" \"nosolid\" 1 1\n"
" }\n"
" if {$menu_var(solid)} {\n"
" set props_solid 1\n"
" } else {\n"
" set props_solid 0\n"
" }\n"
" if {$props_solid == $prop0_solid} {incr fail}\n"
" set prop0_solid $props_solid\n"
" }\n"
"\n"
" set fpw 0\n"
" if {$props_passwd != $prop0_passwd} {\n"
" set fpw 1\n"
@ -4170,16 +4261,34 @@ char gui_code[] = "";
" if {$case == \"fpw\"} {\n"
" if {$did > 0} {after $aft}; incr did\n"
" push_new_value \"passwd\" \"passwd\" \"$props_passwd\" 1\n"
" if {$props_passwd == $prop0_passwd} {incr fail}\n"
" set prop0_passwd $props_passwd\n"
" }\n"
" if {$case == \"vpw\"} {\n"
" if {$did > 0} {after $aft}; incr did\n"
" push_new_value \"viewpasswd\" \"viewpasswd\" \"$props_viewpasswd\" 1\n"
" if {$props_viewpasswd == $prop0_viewpasswd} {incr fail}\n"
" set prop0_viewpasswd $props_viewpasswd\n"
" }\n"
" }\n"
"\n"
" if {$props_accept != $prop0_accept} {\n"
" if {$did > 0} {after $aft}; incr did\n"
" if {$props_accept} {\n"
" push_new_value \"unlock\" \"unlock\" 1 0\n"
" } else {\n"
" push_new_value \"lock\" \"lock\" 1 0\n"
" }\n"
" if {$props_accept == $prop0_accept} {incr fail}\n"
" set prop0_accept $props_accept\n"
" }\n"
"\n"
" props_widgets normal\n"
" if {$fail > 0} {\n"
" return 0\n"
" } else {\n"
" return 1\n"
" }\n"
"}\n"
"\n"
"proc props_advanced {} {\n"
@ -4203,20 +4312,29 @@ char gui_code[] = "";
" }\n"
"}\n"
"\n"
"proc do_props {{msg \"\"}} {\n"
"proc do_props {} {\n"
" global props_accept props_confirm props_viewonly props_shared\n"
" global props_zeroconf props_javaview props_solid\n"
" global props_passwd props_viewpasswd\n"
" global prop0_accept prop0_confirm prop0_viewonly prop0_shared\n"
" global prop0_zeroconf prop0_javaview prop0_solid\n"
" global prop0_passwd prop0_viewpasswd\n"
" global menu_var unset_str\n"
" global have_labelframes ffont bfont\n"
" global props_buttons icon_noadvanced\n"
" global icon_mode icon_mode_at_startup\n"
" global screen_height screen_width\n"
" global do_props_msg\n"
"\n"
" set msg \"\"\n"
" if {[info exists do_props_msg]} {\n"
" set msg $do_props_msg\n"
" }\n"
"\n"
" check_update_vars\n"
"\n"
" set pady 1m\n"
" set pady 0.5m\n"
" set pady 0.3m\n"
" if {$screen_height <= 360} {\n"
" set pady 0m\n"
" }\n"
@ -4273,6 +4391,48 @@ char gui_code[] = "";
" }\n"
" set prop0_shared $props_shared\n"
"\n"
" if [info exists menu_var(zeroconf)] {\n"
" if {$menu_var(zeroconf) == $unset_str || $menu_var(zeroconf) == \"\"} {\n"
" set props_zeroconf 0\n"
" } elseif ($menu_var(zeroconf)) {\n"
" set props_zeroconf 1\n"
" } else {\n"
" set props_zeroconf 0\n"
" }\n"
" } else {\n"
" set menu_var(zeroconf) 0\n"
" set props_zeroconf 0\n"
" }\n"
" set prop0_zeroconf $props_zeroconf\n"
"\n"
" if [info exists menu_var(http)] {\n"
" if {$menu_var(http) == $unset_str || $menu_var(http) == \"\"} {\n"
" set props_javaview 0\n"
" } elseif ($menu_var(http)) {\n"
" set props_javaview 1\n"
" } else {\n"
" set props_javaview 0\n"
" }\n"
" } else {\n"
" set menu_var(http) 0\n"
" set props_javaview 0\n"
" }\n"
" set prop0_javaview $props_javaview\n"
"\n"
" if [info exists menu_var(solid)] {\n"
" if {$menu_var(solid) == $unset_str || $menu_var(solid) == \"\"} {\n"
" set props_solid 0\n"
" } elseif ($menu_var(solid)) {\n"
" set props_solid 1\n"
" } else {\n"
" set props_solid 0\n"
" }\n"
" } else {\n"
" set menu_var(solid) 0\n"
" set props_solid 0\n"
" }\n"
" set prop0_solid $props_solid\n"
"\n"
" if ![info exists props_passwd] {\n"
" set props_passwd \"\"\n"
" }\n"
@ -4294,7 +4454,7 @@ char gui_code[] = "";
" wm title $w \"x11vnc Properties\"\n"
" set b1 \"$w.buttons1\"\n"
" frame $b1\n"
" button $b1.ok -text OK -command \"props_apply; destroy $w\" -font $bfont\n"
" button $b1.ok -text OK -command \"if {\\[props_apply\\]} {destroy $w}\" -font $bfont\n"
" button $b1.cancel -text Cancel -command \"destroy $w\" -font $bfont\n"
" button $b1.apply -text Apply -command \"props_apply\" -font $bfont\n"
"\n"
@ -4306,17 +4466,29 @@ char gui_code[] = "";
" set b2 \"$w.buttons2\"\n"
" frame $b2\n"
"\n"
" button $b2.advanced -text \"Advanced ...\" \\\n"
" button $b2.advanced -text \" Advanced ... \" \\\n"
" -command \"destroy $w; props_advanced\" -font $bfont\n"
" if {! $icon_noadvanced} {\n"
" lappend props_buttons $b2.advanced\n"
" pack $b2.advanced -side left -expand 0\n"
" }\n"
"\n"
" button $b2.help -text \"Help\" -command \"menu_help Properties\" -font $bfont\n"
" button $b2.help -text \" Help \" -command \"menu_help Properties\" -font $bfont\n"
" lappend props_buttons $b2.help\n"
" pack $b2.help -side left -expand 0\n"
"\n"
" set pw \"$w.passwd\"\n"
" if {$have_labelframes} {\n"
" labelframe $pw -text \"Password\" -font $bfont\n"
" } else {\n"
" frame $pw\n"
" set l $pw.l\n"
" label $l -text \"Password:\" -justify left -anchor w -font $bfont\n"
" pack $pw.l -fill x -expand 1 -padx 1m -pady 0m -side top\n"
" }\n"
" entry $pw.e -show \"*\" -textvariable props_passwd -font $bfont\n"
" pack $pw.e -fill x -expand 1 -padx 1m -pady $pady -side top\n"
"\n"
" set vp \"$w.viewpw\"\n"
" if {$have_labelframes} {\n"
" labelframe $vp -text \"ViewOnly Password\" -font $bfont\n"
@ -4332,18 +4504,6 @@ char gui_code[] = "";
"\n"
" lappend props_buttons $vp.e\n"
"\n"
" set pw \"$w.passwd\"\n"
" if {$have_labelframes} {\n"
" labelframe $pw -text \"Password\" -font $bfont\n"
" } else {\n"
" frame $pw\n"
" set l $pw.l\n"
" label $l -text \"Password:\" -justify left -anchor w -font $bfont\n"
" pack $pw.l -fill x -expand 1 -padx 1m -pady 0m -side top\n"
" }\n"
" entry $pw.e -show \"*\" -textvariable props_passwd -font $bfont\n"
" pack $pw.e -fill x -expand 1 -padx 1m -pady $pady -side top\n"
"\n"
" if {! $icon_mode_at_startup} {\n"
" $vp.e configure -state disabled\n"
" catch {$vp.l configure -state disabled}\n"
@ -4357,6 +4517,24 @@ char gui_code[] = "";
"\n"
" lappend props_buttons $pw.e\n"
"\n"
" set sb \"$w.solid\"\n"
" frame $sb\n"
" checkbutton $sb.button -text \"Solid Background Color\" \\\n"
" -variable props_solid -anchor w -font $bfont\n"
" pack $sb.button -fill x -expand 1 -padx 1m -pady $pady\n"
"\n"
" set jv \"$w.javaview\"\n"
" frame $jv\n"
" checkbutton $jv.button -text \"Serve Java Viewer Applet\" \\\n"
" -variable props_javaview -anchor w -font $bfont\n"
" pack $jv.button -fill x -expand 1 -padx 1m -pady $pady\n"
"\n"
" set zc \"$w.zeroconf\"\n"
" frame $zc\n"
" checkbutton $zc.button -text \"Advertise Service (Zeroconf)\" \\\n"
" -variable props_zeroconf -anchor w -font $bfont\n"
" pack $zc.button -fill x -expand 1 -padx 1m -pady $pady\n"
"\n"
" set sh \"$w.shared\"\n"
" frame $sh\n"
" checkbutton $sh.button -text \"Shared\" \\\n"
@ -4386,11 +4564,21 @@ char gui_code[] = "";
" pack $b2 -side bottom -fill x -pady $pady -padx $px\n"
" pack $vp -side bottom -fill x -pady $pady -padx $px\n"
" pack $pw -side bottom -fill x -pady $pady -padx $px\n"
" pack $sb -side bottom -fill x -pady 0m -padx $px\n"
" pack $jv -side bottom -fill x -pady 0m -padx $px\n"
" pack $zc -side bottom -fill x -pady 0m -padx $px\n"
" pack $sh -side bottom -fill x -pady 0m -padx $px\n"
" pack $vo -side bottom -fill x -pady 0m -padx $px\n"
" pack $cf -side bottom -fill x -pady 0m -padx $px\n"
" pack $ac -side bottom -fill x -pady 0m -padx $px\n"
"\n"
" global show_props_instructions\n"
" if {![info exists show_props_instructions]} {\n"
" set show_props_instructions 1\n"
" }\n"
"\n"
" wm withdraw $w\n"
"\n"
" if {$msg != \"\"} {\n"
" set tw [textwidth $msg]\n"
" set th [textheight $msg]\n"
@ -4398,18 +4586,46 @@ char gui_code[] = "";
" set ms \"$w.msg\"\n"
" text $ms -font $ffont -relief ridge -width $tw -height $th\n"
" $ms insert 1.0 $msg\n"
" pack $ms -side bottom -fill x -pady $pady -padx $px\n"
"\n"
" set si \"$w.instructions\"\n"
" frame $si\n"
" checkbutton $si.button -text \"Show Instructions\" \\\n"
" -variable show_props_instructions -anchor w -font $bfont \\\n"
" -command \"toggle_instructions $ms $pady $px\"\n"
"\n"
" pack $si.button -fill x -expand 1 -padx 1m -pady $pady\n"
" pack $si -side bottom -fill x -pady 0m -padx $px\n"
"\n"
" if {$show_props_instructions} {\n"
" pack $ms -side bottom -fill x -pady $pady -padx $px\n"
" }\n"
"\n"
" update\n"
" }\n"
"\n"
" lappend props_buttons $ac.button $cf.button $vo.button $sh.button\n"
" lappend props_buttons $ac.button $cf.button $vo.button $sh.button $zc.button $jv.button $sb.button\n"
"\n"
" \n"
" update\n"
" wm resizable $w 1 0\n"
" center_win $w\n"
" update\n"
" wm minsize $w [winfo width $w] [winfo height $w]\n"
"\n"
" #wm minsize $w [winfo width $w] [winfo height $w]\n"
"\n"
" tkwait window $w\n"
" set show_props_instructions 0\n"
"}\n"
"\n"
"proc toggle_instructions {ms pady px} {\n"
" global show_props_instructions\n"
" if {$show_props_instructions} {\n"
" pack $ms -side bottom -fill x -pady $pady -padx $px\n"
" } else {\n"
" pack forget $ms\n"
" }\n"
" catch {pack .props}\n"
" update\n"
"}\n"
"\n"
"proc do_new_client {} {\n"
@ -4558,8 +4774,11 @@ char gui_code[] = "";
"proc read_client_info {channel} {\n"
" global x11vnc_client_file client_str client_info_read\n"
" global read_client_info_lock\n"
" global read_clients\n"
" set db 0\n"
"\n"
" set read_clients 0\n"
"\n"
" if {![info exists read_client_info_lock]} {\n"
" set read_client_info_lock 0\n"
" }\n"
@ -4591,6 +4810,7 @@ char gui_code[] = "";
" ;\n"
" } elseif [regexp {^clients:} $str] {\n"
" regsub {^clients:} $str \"\" str\n"
" set read_clients 1\n"
" if {$str == \"none\"} {\n"
" set str \"\"\n"
" }\n"
@ -4603,11 +4823,30 @@ char gui_code[] = "";
" }\n"
"}\n"
"\n"
"proc check_set_vnc_display {} {\n"
" \n"
" global read_clients check_set_vnc_display_done\n"
"\n"
" if {[info exists check_set_vnc_display_done]} {\n"
" return\n"
" }\n"
" if {[info exists read_clients]} {\n"
" if {$read_clients} {\n"
" after 250\n"
" query_all\n"
" global client_str\n"
" set_client_balloon $client_str\n"
" set check_set_vnc_display_done 1\n"
" }\n"
" }\n"
"}\n"
"\n"
"proc read_client_tail {} {\n"
" global client_tail\n"
"\n"
" if {$client_tail != \"\"} {\n"
" read_client_info $client_tail\n"
" check_set_vnc_display\n"
" }\n"
"}\n"
"\n"
@ -4616,6 +4855,7 @@ char gui_code[] = "";
"\n"
" if {$client_sock != \"\"} {\n"
" read_client_info $client_sock\n"
" check_set_vnc_display\n"
" }\n"
"}\n"
"\n"
@ -5034,6 +5274,7 @@ char gui_code[] = "";
" menu $menu -tearoff 0 -postcommand \"popup_post $menu\"\n"
" $menu add command -font $mfont -label \"Properties\" -command do_props\n"
" $menu add command -font $mfont -label \"Help\" -command \"menu_help Tray\"\n"
" $menu add command -font $mfont -label \"Logfile\" -command show_logfile\n"
" $menu add separator\n"
" $menu add command -font $mfont -label \"New Client\" -command do_new_client\n"
"\n"
@ -5149,6 +5390,7 @@ char gui_code[] = "";
" textwin \"Warning\" \"Warning\" $m\n"
" update\n"
" }\n"
" dtime C\n"
"}\n"
"\n"
"proc clean_client_tail {} {\n"
@ -6190,6 +6432,125 @@ char gui_code[] = "";
" return $menu_var(WindowView)\n"
"}\n"
"\n"
"proc dono {a b c} {\n"
" exit 1;\n"
"}\n"
"\n"
"proc do_port_prompt {} {\n"
" global bfont ffont\n"
" global port_reply port_set\n"
"\n"
" set guess 5900\n"
" for {set i 0} {$i < 50} {incr i} {\n"
" set fh \"\"\n"
" set try [expr $guess + $i]\n"
" catch {set fh [socket -server dono $try]}\n"
" if {$fh != \"\"} {\n"
" catch {close $fh}\n"
" set guess $try\n"
" break;\n"
" }\n"
" }\n"
" set hn \"\"\n"
" catch {set hn [exec uname -n]}\n"
" if {$hn == \"\"} {\n"
" set hn \"hostname\"\n"
" }\n"
"\n"
" set text \" Set the x11vnc Listening Port:\n"
"\n"
" VNC Display :0 corresponds to TCP port 5900\n"
" VNC Display :1 corresponds to TCP port 5901\n"
" etc.\n"
"\n"
" In the Entry below, indicate a Port for x11vnc to listen on. \n"
"\n"
" Note that to connect to x11vnc, a VNC Viewer will need to\n"
" know your selection, for example:\n"
"\n"
" vncviewer $hn:0\n"
" vncviewer $hn:1\n"
" etc.\n"
" \n"
" You may also set some additional parameters:\n"
"\n"
" - Enable SSL encryption.\n"
" (requires an SSL enabled vncviewer, such as SSVNC) \n"
" - Listen only on localhost. (e.g. for an SSH tunnel)\n"
" - Enable UltraVNC or TightVNC File transfer.\n"
"\"\n"
" set port_set $guess\n"
" set port_reply \"\"\n"
"\n"
" toplevel .pp\n"
" wm title .pp \"Select x11vnc port\"\n"
"\n"
" wm protocol . WM_DELETE_WINDOW \"destroy .; exit\"\n"
" wm protocol .pp WM_DELETE_WINDOW \"destroy .pp; exit\"\n"
"\n"
" label .pp.m -text \"$text\" -justify left -font $ffont\n"
"\n"
" frame .pp.f -bd 1 -relief ridge -pady 2\n"
" label .pp.f.l -text \"Port: \"\n"
" entry .pp.f.e -width 8 -textvariable port_set\n"
" global enable_ssl; set enable_ssl 0\n"
" if [info exists env(X11VNC_SSL_ENABLED)] {\n"
" set enable_ssl 1\n"
" }\n"
" checkbutton .pp.f.ssl -relief raised -pady 3 -padx 3 -text \"Enable SSL\" -variable enable_ssl\n"
" global localhost; set localhost 0\n"
" if [info exists env(X11VNC_LOCALHOST_ENABLED)] {\n"
" set localhost 1\n"
" }\n"
" checkbutton .pp.f.loc -relief raised -pady 3 -padx 3 -text \"Listen on localhost\" -variable localhost\n"
" pack .pp.f.l .pp.f.e -side left\n"
" pack .pp.f.loc .pp.f.ssl -side right\n"
"\n"
" frame .pp.t -bd 1 -relief ridge -pady 2\n"
" global file_transfer; set file_transfer \"none\"\n"
" if [info exists env(X11VNC_FILETRANSFER_ENABLED)] {\n"
" set file_transfer $env(X11VNC_FILETRANSFER_ENABLED)\n"
" }\n"
" label .pp.t.l -text \"File Transfer: \"\n"
" radiobutton .pp.t.none -text \"None\" -variable file_transfer -value \"none\"\n"
" radiobutton .pp.t.ultra -text \"UltraVNC\" -variable file_transfer -value \"ultra\"\n"
" radiobutton .pp.t.tight -text \"TightVNC\" -variable file_transfer -value \"tight\"\n"
" pack .pp.t.l .pp.t.none .pp.t.ultra .pp.t.tight -side left\n"
"\n"
" frame .pp.o -bd 1 -relief ridge\n"
" button .pp.o.ok -text \"OK\" -command \"set port_reply 1; destroy .pp\"\n"
" button .pp.o.cancel -text \"Cancel\" -command \"set port_reply 0; destroy .pp\"\n"
" pack .pp.o.ok .pp.o.cancel -side left -fill x -expand 1\n"
" pack .pp.m -side top -fill x -expand 1 \n"
" pack .pp.f .pp.t .pp.o -side top -fill x\n"
"\n"
" focus .pp.f.e\n"
" .pp.f.e icursor end\n"
"\n"
" wm withdraw .pp\n"
" update\n"
" center_win .pp\n"
"\n"
" wm minsize .pp [winfo width .pp] [winfo height .pp]\n"
"\n"
" bind .pp.f.e <KeyPress-Return> \"set port_reply 1; destroy .pp\"\n"
"\n"
" vwait port_reply\n"
"\n"
" if {$port_reply} {\n"
" regsub -all {^:} $port_set \"\" port_set\n"
" regsub -all {[ \\t]} $port_set \"\" port_set\n"
" if {[regexp {^[0-9][0-9]*$} $port_set]} {\n"
" if {$port_set < 0} {\n"
" set port_set [expr 0 - $port_set]\n"
" } elseif {$port_set < 200} {\n"
" set port_set [expr $port_set + 5900]\n"
" } \n"
" puts \"$port_set:ssl${enable_ssl}:localhost$localhost:ft_$file_transfer\"\n"
" }\n"
" }\n"
"}\n"
"\n"
"proc change_view_state {} {\n"
" global menu_var gui_current_state\n"
"\n"
@ -6387,20 +6748,47 @@ char gui_code[] = "";
"\n"
"set ls \"\"\n"
"catch {set ls [font metrics $bfont -linespace]}\n"
"if {$ls != \"\"} {\n"
" if {$ls > 14} {\n"
"if {$ls != \"\" && $ls > 14} {\n"
" # some recent setups have BIG rendering for the above fonts.\n"
" # on recent (8/08) debian these are really ragged:\n"
" set bfont \"-adobe-helvetica-bold-r-*-*-*-90-*-*-*-*-*-*\"\n"
" set sfont \"-adobe-helvetica-bold-r-*-*-*-75-*-*-*-*-*-*\"\n"
" set snfont \"-adobe-helvetica-medium-r-*-*-*-75-*-*-*-*-*-*\"\n"
"\n"
" # these are bigger but look better... but for how long?\n"
" set bfont \"-adobe-helvetica-bold-r-*-*-*-100-*-*-*-*-*-*\"\n"
" set sfont \"-adobe-helvetica-bold-r-*-*-*-80-*-*-*-*-*-*\"\n"
" set snfont \"-adobe-helvetica-medium-r-*-*-*-80-*-*-*-*-*-*\"\n"
" }\n"
" set ls \"\"\n"
" catch {set ls [font metrics $bfont -linespace]}\n"
" if {$ls != \"\" && $ls < 14} {\n"
" # these are bigger but look better... but for how long?\n"
" set bfont \"-adobe-helvetica-bold-r-*-*-*-100-*-*-*-*-*-*\"\n"
" set sfont \"-adobe-helvetica-bold-r-*-*-*-80-*-*-*-*-*-*\"\n"
" set snfont \"-adobe-helvetica-medium-r-*-*-*-80-*-*-*-*-*-*\"\n"
"\n"
" # maybe consider... {-font font Font {Helvetica -12 bold} {Helvetica -12 bold}}\n"
" # or stick with system font like ssvnc.\n"
" }\n"
"}\n"
"\n"
"# need to check if \"fixed\" font under XFT on tk8.5 is actually fixed width!!\n"
"set ls \"\"\n"
"catch {set ls [font metrics $ffont -linespace]}\n"
"set fs \"\"\n"
"catch {set fs [font metrics $ffont -fixed]}\n"
"set redo 0\n"
"if {$fs != \"\" && $fs != \"1\"} {\n"
" set redo 1\n"
"}\n"
"if {$ls != \"\" && $ls > 14} {\n"
" set redo 1\n"
"}\n"
"if {$redo} {\n"
" foreach fn [font names] {\n"
" if {$fn == \"TkFixedFont\"} {\n"
" set ffont $fn\n"
" break\n"
" }\n"
" }\n"
"}\n"
"\n"
"set help_indent 24;\n"
"set reply_xdisplay \"\"\n"
"set all_settings \"None so far.\"\n"
@ -6478,6 +6866,10 @@ char gui_code[] = "";
" puts \";\"\n"
" exit 0\n"
"}\n"
"if {\"$argv\" == \"-portprompt\"} {\n"
" do_port_prompt\n"
" exit 0\n"
"}\n"
"\n"
"\n"
"set_view_variable \"full\"\n"
@ -6676,15 +7068,65 @@ char gui_code[] = "";
"dtime D\n"
"\n"
"proc check_setpasswd {} {\n"
" global icon_setpasswd\n"
" global env icon_setpasswd\n"
" global do_props_msg\n"
" set do_props_msg \"\"\n"
" if {$icon_setpasswd} {\n"
" set m \"You must specify a Session Password\\n\" \n"
" set m \"${m}before VNC clients can connect.\\n\" \n"
" set m \"${m}Enter one in the Password field\\n\" \n"
" set m \"${m}and Press \\\"OK\\\". The password(s) is\\n\" \n"
" set m \"${m}only for this x11vnc session.\\n\" \n"
" do_props $m\n"
" #push_new_value \"unlock\" \"unlock\" 1 0\n"
" set m \"\\n\"\n"
" set m \" Note the x11vnc icon in the system tray \\n\" \n"
" set m \"${m} This panel is its 'Properties' dialog.\\n\" \n"
" set m \"${m}\\n\" \n"
" set m \"${m} To specify a Session Password and to\\n\" \n"
" set m \"${m} allow VNC clients to connect, follow\\n\" \n"
" set m \"${m} these steps:\\n\" \n"
" set m \"${m}\\n\" \n"
" set m \"${m} Enter a passwd in the Password field\\n\" \n"
" set m \"${m} (it can be left blank.) You can also\\n\" \n"
" set m \"${m} supply a ViewOnly passwd if desired.\\n\" \n"
" set m \"${m}\\n\" \n"
" set m \"${m} Set 'Accept Connections' and then Press \\n\" \n"
" set m \"${m} 'Apply' to allow incoming connections.\\n\" \n"
" set m \"${m}\\n\" \n"
" set m \"${m} The passwords are only for this x11vnc\\n\" \n"
" set m \"${m} session and are not saved. Run x11vnc\\n\" \n"
" set m \"${m} manually for more control.\\n\" \n"
" set m \"${m}\\n\" \n"
" set m \"${m} See 'Help' for details on each option.\\n\" \n"
"\n"
" global x11vnc_cmdline\n"
"\n"
" set dossl 0\n"
" if {[info exists x11vnc_cmdline]} {\n"
" if [regexp -- {-ssl} $x11vnc_cmdline] {\n"
" set dossl 1\n"
" }\n"
" }\n"
" if {$dossl || [info exists env(X11VNC_GOT_SSL)]} {\n"
" set m \"${m}\\n\" \n"
" set m \"${m} SSL encryption mode active. You can\\n\" \n"
" set m \"${m} find your Public Cert in the Logfile\\n\" \n"
" set m \"${m} and also the ~/.vnc/certs directory.\\n\" \n"
" }\n"
"\n"
" if {[info exists env(X11VNC_SETPASS_FAIL)]} {\n"
" set pp 5900\n"
" if {[info exists env(X11VNC_GOT_RFBPORT_VAL)]} {\n"
" if {$env(X11VNC_GOT_RFBPORT_VAL) > 0} {\n"
" set pp $env(X11VNC_GOT_RFBPORT_VAL)\n"
" }\n"
" }\n"
" \n"
" set m \" The x11vnc program failed to start! \\n\"\n"
" set m \"${m}\\n\" \n"
" set m \"${m} Maybe there is another VNC server\\n\"\n"
" set m \"${m} already listening on port $pp?\\n\"\n"
" set m \"${m}\\n\" \n"
" set m \"${m} You will need to start over after\\n\"\n"
" set m \"${m} you make sure x11vnc can start.\\n\"\n"
" }\n"
" \n"
" set do_props_msg $m\n"
" do_props\n"
" }\n"
"}\n"
"\n"

@ -56,11 +56,6 @@ extern char *crypt(const char*, const char *);
#define IS_BSD
#endif
#ifdef NO_SSL_OR_UNIXPW
#undef UNIXPW_SU
#undef UNIXPW_CRYPT
#endif
int white_pixel(void);
void unixpw_screen(int init);
void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init);
@ -70,12 +65,11 @@ void unixpw_msg(char *msg, int delay);
int su_verify(char *user, char *pass, char *cmd, char *rbuf, int *rbuf_size, int nodisp);
int crypt_verify(char *user, char *pass);
int cmd_verify(char *user, char *pass);
void unixpw_verify_screen(char *user, char *pass);
static int text_x(void);
static int text_y(void);
static void set_db(void);
static void unixpw_verify(char *user, char *pass);
int unixpw_in_progress = 0;
int unixpw_denied = 0;
@ -1008,38 +1002,8 @@ int su_verify(char *user, char *pass, char *cmd, char *rbuf, int *rbuf_size, int
#endif /* UNIXPW_SU */
}
static void unixpw_verify(char *user, char *pass) {
int x, y;
char li[] = "Login incorrect";
char log[] = "login: ";
char *colon = NULL;
ClientData *cd = NULL;
int ok;
if (db) fprintf(stderr, "unixpw_verify: '%s' '%s'\n", user, db > 1 ? pass : "********");
rfbLog("unixpw_verify: '%s'\n", user ? user : "(null)");
if (user) {
colon = strchr(user, ':');
}
if (colon) {
*colon = '\0';
rfbLog("unixpw_verify: colon: '%s'\n", user);
}
if (unixpw_client) {
cd = (ClientData *) unixpw_client->clientData;
if (cd) {
char *str = (char *)malloc(strlen("UNIX:") +
strlen(user) + 1);
sprintf(str, "UNIX:%s", user);
if (cd->username) {
free(cd->username);
}
cd->username = str;
}
}
ok = 0;
int unixpw_verify(char *user, char *pass) {
int ok = 0;
if (unixpw_cmd) {
if (cmd_verify(user, pass)) {
rfbLog("unixpw_verify: cmd_verify login for '%s'"
@ -1074,6 +1038,42 @@ if (db) fprintf(stderr, "unixpw_verify: '%s' '%s'\n", user, db > 1 ? pass : "***
ok = 0;
}
}
return ok;
}
void unixpw_verify_screen(char *user, char *pass) {
int x, y;
char li[] = "Login incorrect";
char log[] = "login: ";
char *colon = NULL;
ClientData *cd = NULL;
int ok;
if (db) fprintf(stderr, "unixpw_verify: '%s' '%s'\n", user, db > 1 ? pass : "********");
rfbLog("unixpw_verify: '%s'\n", user ? user : "(null)");
if (user) {
colon = strchr(user, ':');
}
if (colon) {
*colon = '\0';
rfbLog("unixpw_verify: colon: '%s'\n", user);
}
if (unixpw_client) {
cd = (ClientData *) unixpw_client->clientData;
if (cd) {
char *str = (char *)malloc(strlen("UNIX:") +
strlen(user) + 1);
sprintf(str, "UNIX:%s", user);
if (cd->username) {
free(cd->username);
}
cd->username = str;
}
}
ok = unixpw_verify(user, pass);
if (ok) {
unixpw_accept(user);
@ -1385,7 +1385,7 @@ if (db && db <= 2) fprintf(stderr, "u_cnt: %d %d/%d ks: 0x%x '%s'\n", u_cnt, x,
in_passwd = 0;
pass[p_cnt++] = '\n';
unixpw_verify(user, pass);
unixpw_verify_screen(user, pass);
for (i=0; i<nmax; i++) {
user[i] = '\0';
pass[i] = '\0';

@ -12,6 +12,8 @@ extern void unixpw_msg(char *msg, int delay);
extern int su_verify(char *user, char *pass, char *cmd, char *rbuf, int *rbuf_size, int nodisp);
extern int crypt_verify(char *user, char *pass);
extern int cmd_verify(char *user, char *pass);
extern int unixpw_verify(char *user, char *pass);
extern void unixpw_verify_screen(char *user, char *pass);
extern int unixpw_in_progress;
extern int unixpw_denied;

@ -26,7 +26,7 @@
/*
* user input handling heuristics
*/
int defer_update_nofb = 6; /* defer a shorter time under -nofb */
int defer_update_nofb = 4; /* defer a shorter time under -nofb */
int last_scroll_type = SCR_NONE;
@ -10026,7 +10026,7 @@ if (ncdb) fprintf(stderr, "----%02d: UnmapNotify 0x%lx %3d\n", ik, win, id
#if 0
/*
// if (cache_list[idx].map_state == IsViewable || desktop_change || macosx_console)
if (cache_list[idx].map_state == IsViewable || desktop_change || macosx_console)
*/
#endif
if (1) {

@ -2,7 +2,7 @@
.TH X11VNC "1" "November 2008" "x11vnc " "User Commands"
.SH NAME
x11vnc - allow VNC connections to real X11 displays
version: 0.9.6, lastmod: 2008-11-04
version: 0.9.6, lastmod: 2008-11-22
.SH SYNOPSIS
.B x11vnc
[OPTION]...
@ -90,6 +90,22 @@ Automatically probe for a free VNC port starting at n.
The default is to start probing at 5900. Use this to
stay away from other VNC servers near 5900.
.PP
\fB-rfbport\fR \fIstr\fR
.IP
The VNC port to listen on (a libvncserver option), e.g.
5900, 5901, etc. If specified as "\fB-rfbport\fR \fIPROMPT\fR"
then the x11vnc \fB-gui\fR is used to prompt the user to
enter the port number.
.PP
\fB-reopen\fR
.IP
If the X server connection is disconnected, try to
reopen the X display (up to one time.) This is of use
for display managers like GDM (KillInitClients option)
that kill x11vnc just after the user logs into the
X session. Note: the reopened state may be unstable.
Set X11VNC_REOPEN_DISPLAY=n to reopen n times.
.PP
\fB-reflect\fR \fIhost:N\fR
.IP
Instead of connecting to and polling an X display,
@ -1408,6 +1424,89 @@ module for the h/w display however it will work only
for finding the display and the user must already be
logged into the X console.
.PP
\fB-vencrypt\fR \fImode\fR
.IP
The VeNCrypt extension to the VNC protocol allows
encrypted SSL/TLS connections. If the \fB-ssl\fR mode is
enabled, then VeNCrypt is enabled as well BY DEFAULT
(they both use the SSL/TLS tunnel, only the protocol
handshake is a little different.)
.IP
To control when and how VeNCrypt is used, specify the
mode string. If mode is "never", then VeNCrypt is
not used. If mode is "support" (the default) then
VeNCrypt is supported. If mode is "only", then the
similar and older TLSVNC protocol is not simultaneously
supported. x11vnc's normal SSL mode (vncs://) will be
supported under \fB-ssl\fR unless you set mode to "force".
.IP
If mode is prefixed with "nodh:", then Diffie Hellman
anonymous key exchange is disabled. If mode is prefixed
with "nox509:", then X509 key exchange is disabled.
.IP
To disable all Anonymous Diffie-Hellman access
(susceptible to Man-In-The-Middle attack) you will need
to supply "\fB-vencrypt\fR \fInodh:support \fB-tlsvnc\fR never\fR"
.IP
If mode is prefixed with "newdh:", then new Diffie
Hellman parameters are generated for each connection
(this can be time consuming: 1-60 secs) rather than
using the fixed values in the program. Using fixed,
publicly known values is not known to be a security
problem. This setting applies to TLSVNC as well.
.IP
Long example: \fB-vencrypt\fR newdh:nox509:support
.IP
Also, if mode is prefixed with "plain:", then
if \fB-unixpw\fR mode is active the VeNCrypt "*Plain"
username+passwd method is enabled for Unix logins.
Otherwise in \fB-unixpw\fR mode the normal login panel is
provided.
.IP
You *MUST* supply the \fB-ssl\fR option for VeNCrypt to be
active. This option only fine-tunes its operation.
.PP
\fB-tlsvnc\fR \fImode\fR
.IP
The TLSVNC extension to the VNC protocol allows
encrypted SSL/TLS connections. If the \fB-ssl\fR mode is
enabled, then TLSVNC is enabled as well BY DEFAULT
(they both use the SSL/TLS tunnel, only the protocol
handshake is a little different.)
.IP
To control when and how TLSVNC is used, specify the
mode string. If mode is "never", then TLSVNC is not
used. If mode is "support" (the default) then TLSVNC
is supported. If mode is "only", then the similar
VeNCrypt protocol is not simultaneously supported.
x11vnc's normal SSL mode (vncs://) will be supported
under \fB-ssl\fR unless you set mode to "force".
.IP
If mode is prefixed with "newdh:", then new Diffie
Hellman parameters are generated for each connection
(this can be time consuming: 1-60 secs) rather than
using the fixed values in the program. Using fixed,
publicly known values is not known to be a security
problem. This setting applies to VeNCrypt as well.
See the description of "plain:" under \fB-vencrypt.\fR
.IP
Long example: \fB-tlsvnc\fR newdh:plain:support
.IP
You *MUST* supply the \fB-ssl\fR option for TLSVNC to be
active. This option only fine-tunes its operation.
.PP
\fB-dhparams\fR \fIfile\fR
.IP
For some operations a set of Diffie Hellman parameters
(prime and generator) is needed. If so, use the
parameters in \fIfile\fR. In particular, the VeNCrypt and
TLSVNC anonymous DH mode need them. By default a
fixed set is used. If you do not want to do that you
can specify "newdh:" to the \fB-vencrypt\fR and \fB-tlsvnc\fR
options to generate a new set each session. If that
is too slow for you, use \fB-dhparams\fR file to a set you
created manually via "openssl dhparam \fB-out\fR file 1024"
.PP
\fB-nossl\fR
.IP
Disable the \fB-ssl\fR option (see below). Since \fB-ssl\fR is off
@ -1417,44 +1516,49 @@ to unset any *earlier* \fB-ssl\fR option (or \fB-svc...)\fR
\fB-ssl\fR \fI[pem]\fR
.IP
Use the openssl library (www.openssl.org) to provide a
built-in encrypted SSL tunnel between VNC viewers and
x11vnc. This requires libssl support to be compiled
built-in encrypted SSL/TLS tunnel between VNC viewers
and x11vnc. This requires libssl support to be compiled
into x11vnc at build time. If x11vnc is not built
with libssl support it will exit immediately when \fB-ssl\fR
is prescribed.
.IP
The VNC Viewer-side needs support SSL as well.
See this URL and also the discussion below for ideas
on how to enable SSL support for the viewer:
The VNC Viewer-side needs to support SSL/TLS as well.
See this URL and also the discussion below for
ideas on how to enable SSL support for the viewer:
http://www.karlrunge.com/x11vnc/#faq-ssl-tunnel-viewers
x11vnc provides an SSL enabled Java viewer applet in
the classes/ssl directory (-http or \fB-httpdir\fR options.)
The SSVNC viewer package supports SSL too.
.IP
[pem] is optional, use "\fB-ssl\fR \fI/path/to/mycert.pem\fR"
to specify a PEM certificate file to use to identify
and provide a key for this server. See
[pem] is optional, use "\fB-ssl\fR \fI/path/to/mycert.pem\fR" to
specify a PEM certificate file to use to identify and
provide a key for this server. See
.IR openssl (1)
for
more info about PEMs and the \fB-sslGenCert\fR option below.
.IP
The connecting VNC viewer SSL tunnel can optionally
authenticate this server if they have the public
key part of the certificate (or a common certificate
authority, CA, is a more sophisticated way to verify
this server's cert, see \fB-sslGenCA\fR below). This is
used to prevent man-in-the-middle attacks. Otherwise,
if the VNC viewer accepts this server's key without
verification, at least the traffic is protected
from passive sniffing on the network (but *NOT* from
man-in-the-middle attacks).
for more
info about PEMs and the \fB-sslGenCert\fR and "\fB-ssl\fR \fISAVE\fR"
options below for how to create them.
.IP
The connecting VNC viewer SSL tunnel can (optionally)
authenticate this server if they have the public key
part of the certificate (or a common certificate
authority, CA, is a more sophisticated way to
verify this server's cert, see \fB-sslGenCA\fR below).
This is used to prevent Man-In-The-Middle attacks.
Otherwise, if the VNC viewer accepts this server's
key WITHOUT verification, the traffic is protected
from passive sniffing on the network, but *NOT* from
Man-In-The-Middle attacks.
.IP
If [pem] is not supplied and the
.IR openssl (1)
utility
command exists in PATH, then a temporary, self-signed
certificate will be generated for this session (this
may take 5-30 seconds on slow machines). If
certificate will be generated for this session
(this may take 5-30 seconds on very slow machines).
If
.IR openssl (1)
cannot be used to generate a temporary certificate
x11vnc exits immediately.
cannot be used to generate a temporary
certificate x11vnc exits immediately.
.IP
If successful in using
.IR openssl (1)
@ -1462,17 +1566,27 @@ to generate a
temporary certificate, the public part of it will be
displayed to stderr (e.g. one could copy it to the
client-side to provide authentication of the server to
VNC viewers.) See following paragraphs for how to save
keys to reuse when x11vnc is restarted.
.IP
Set the env. var. X11VNC_SHOW_TMP_PEM=1 to have x11vnc
print out the entire certificate, including the PRIVATE
KEY part, to stderr. One could reuse this cert if saved
in a [pem] file. Similarly, set X11VNC_KEEP_TMP_PEM=1
to not delete the temporary PEM file: the file name
will be printed to stderr (so one could move it to
a safe place for reuse). You will be prompted for a
passphrase for the private key.
VNC viewers.)
.IP
NOTE: Unless you safely copy the public part of the
temporary Cert to the viewer for authenticate *every
time* (unlikely...), then only passive sniffing
attacks are prevented and you are still open to
Man-In-The-Middle attacks. See the following
paragraphs for how to save keys to reuse them when
x11vnc is restarted. With saved keys AND the VNC viewer
authenticating them by using the public certificate,
then Man-In-The-Middle attacks are prevented.
.IP
If [pem] is "ANON" then the Diffie-Hellman anonymous
key exchange method is used. In this mode there
are *no* SSL certificates and so it is not possible
to authenticate either the VNC server or VNC client.
Thus only passive network sniffing attacks are avoided:
the "ANON" method is susceptible to Man-In-The-Middle
attacks. "ANON" is not recommended; instead use
a SSL PEM you created or the "SAVE" method in the
next paragraph.
.IP
If [pem] is "SAVE" then the certificate will be saved
to the file ~/.vnc/certs/server.pem, or if that file
@ -1488,19 +1602,17 @@ to refer to the file ~/.vnc/certs/server-<string>.pem
instead. E.g. "SAVE-charlie" will store to the file
~/.vnc/certs/server-charlie.pem
.IP
Examples: x11vnc \fB-ssl\fR SAVE \fB-display\fR :0 ...
x11vnc \fB-ssl\fR SAVE-other \fB-display\fR :0 ...
.IP
See \fB-ssldir\fR below to use a directory besides the
default ~/.vnc/certs
.IP
Example: x11vnc \fB-ssl\fR SAVE \fB-display\fR :0 ...
.IP
Your VNC viewer will need to be able to connect
via SSL. See the discussion below under \fB-stunnel\fR and
http://www.karlrunge.com/x11vnc/#faq-ssl-tunnel-viewers
for how this might be achieved. E.g. on Unix it is
easy to write a shell script that starts up stunnel
and then vncviewer. Also in the x11vnc source a SSL
enabled Java VNC Viewer applet is provided in the
classes/ssl directory.
Misc Info: In temporary cert creation mode, set the
env. var. X11VNC_SHOW_TMP_PEM=1 to have x11vnc print out
the entire certificate, including the PRIVATE KEY part,
to stderr. There are better ways to get/save this info.
See "SAVE" above and "\fB-sslGenCert\fR" below.
.PP
\fB-ssltimeout\fR \fIn\fR
.IP
@ -1656,6 +1768,39 @@ Certificates" actions as does the Java applet plugin
Control Panel. stunnel can also use these files (see
the ss_vncviewer example script in the FAQ.)
.PP
\fB-sslCRL\fR \fIpath\fR
.IP
Set the Certificate Revocation Lists (CRL) to \fIpath\fR.
.IP
If path is a file, the file contains one more more CRLs
in PEM format. If path is a directory, it contains
hash named files of CRLs in the usual OpenSSL manner.
See the OpenSSL and
.IR stunnel (8)
documentation for
more info.
.IP
This option only applies if \fB-sslverify\fR has been
supplied: it checks for revocation along the
certificate chain used to verify the VNC client.
The \fB-sslCRL\fR setting will be ignored when \fB-sslverify\fR is
not specified.
.IP
Only rarely will one's x11vnc \fB-ssl\fR infrastructure be so
large that this option would be useful (since normally
maintaining the contents of the \fB-sslverify\fR file or
directory should be enough.) However, when using
x11vnc with a Certificate Authority (see \fB-sslGenCA)\fR
to authenticate Clients via SSL/TLS, the \fB-sslCRL\fR option
can be useful to revoke users' certs whose private SSL
keys were lost or stolen (e.g. laptop.) This way a new
CA cert+key does not need to be created and new signed
client keys generated and distributed to all users.
.IP
To create a CRL file with revoked certificates the
commands 'openssl ca \fB-revoke\fR ...' and 'openssl ca
\fB-gencrl\fR ...' are useful. (Run them in ~/.vnc/certs)
.PP
\fB-sslGenCA\fR \fI[dir]\fR
.IP
Generate your own Certificate Authority private key,
@ -2606,9 +2751,12 @@ to handle all subsequent resizes (e.g. under \fB-xrandr,\fR
.PP
\fB-o\fR \fIlogfile\fR
.IP
Write stderr messages to file \fIlogfile\fR instead of
to the terminal. Same as "\fB-logfile\fR \fIfile\fR". To append
Write stderr messages to file \fIlogfile\fR instead of to
the terminal. Same as "\fB-logfile\fR \fIfile\fR". To append
to the file use "\fB-oa\fR \fIfile\fR" or "\fB-logappend\fR \fIfile\fR".
If \fIlogfile\fR contains the string "%VNCDISPLAY"
it is expanded to the vnc display (the name may need
to be guessed at.) "%HOME" works too.
.PP
\fB-flag\fR \fIfile\fR
.IP
@ -3745,6 +3893,12 @@ has been recent user input (pointer or keyboard).
Improves response, but increases the load whenever you
are moving the mouse or typing. Default: 2.00
.PP
\fB-setdefer\fR \fIn\fR
.IP
When the \fB-wait_ui\fR mechanism cuts down the wait time ms,
set the defer time to the same ms value. n=1 to enable,
0 to disable, and -1 to set defer to 0 (no delay).
.PP
\fB-nowait_bog\fR
.IP
Do not detect if the screen polling is "bogging down"
@ -4715,6 +4869,10 @@ mdns enable avahi service advertising.
.IP
nomdns disable avahi service advertising.
.IP
zeroconf enable avahi service advertising.
.IP
nozeroconf disable avahi service advertising.
.IP
connect:host do reverse connection to host, "host"
may be a comma separated list of hosts
or host:ports. See \fB-connect.\fR Passwords
@ -5287,13 +5445,13 @@ nooverlay_yescursor overlay_nocursor 8to24 no8to24
viewonly noviewonly shared noshared forever noforever
once timeout tightfilexfer notightfilexfer ultrafilexfer
noultrafilexfer rfbversion deny lock nodeny unlock
avahi mdns noavahi nomdns connect proxy allowonce
allow localhost nolocalhost listen lookup nolookup
accept afteraccept gone shm noshm flipbyteorder
noflipbyteorder onetile noonetile solid_color solid
nosolid blackout xinerama noxinerama xtrap noxtrap
xrandr noxrandr xrandr_mode rotate padgeom quiet
q noquiet modtweak nomodtweak xkb noxkb capslock
avahi mdns zeroconf noavahi nomdns nozeroconf connect
proxy allowonce allow localhost nolocalhost listen
lookup nolookup accept afteraccept gone shm noshm
flipbyteorder noflipbyteorder onetile noonetile
solid_color solid nosolid blackout xinerama noxinerama
xtrap noxtrap xrandr noxrandr xrandr_mode rotate padgeom
quiet q noquiet modtweak nomodtweak xkb noxkb capslock
nocapslock skip_lockkeys noskip_lockkeys skip_keycodes
sloppy_keys nosloppy_keys skip_dups noskip_dups
add_keysyms noadd_keysyms clear_mods noclear_mods

@ -1803,6 +1803,8 @@ int main(int argc, char* argv[]) {
int http_oneport_msg = 0;
XImage *fb0 = NULL;
int ncache_msg = 0;
char *got_rfbport_str = NULL;
int got_rfbport_pos = -1;
/* used to pass args we do not know about to rfbGetScreen(): */
int argc_vnc_max = 1024;
@ -1928,6 +1930,18 @@ int main(int argc, char* argv[]) {
}
continue;
}
if (!strcmp(arg, "-reopen")) {
char *str = getenv("X11VNC_REOPEN_DISPLAY");
if (str) {
int rmax = atoi(str);
if (rmax > 0) {
set_env("X11VNC_REOPEN_DISPLAY", str);
}
} else {
set_env("X11VNC_REOPEN_DISPLAY", "1");
}
continue;
}
if (!strcmp(arg, "-find")) {
use_dpy = strdup("WAIT:cmd=FINDDISPLAY");
continue;
@ -2303,7 +2317,6 @@ int main(int argc, char* argv[]) {
got_localhost = 1;
continue;
}
#ifndef NO_SSL_OR_UNIXPW
if (!strcmp(arg, "-unixpw_cmd")
|| !strcmp(arg, "-unixpw_cmd_unsafe")) {
CHECK_ARGC
@ -2340,6 +2353,65 @@ int main(int argc, char* argv[]) {
}
continue;
}
if (!strcmp(arg, "-vencrypt")) {
char *s;
CHECK_ARGC
s = strdup(argv[++i]);
if (strstr(s, "never")) {
vencrypt_mode = VENCRYPT_NONE;
} else if (strstr(s, "support")) {
vencrypt_mode = VENCRYPT_SUPPORT;
} else if (strstr(s, "only")) {
vencrypt_mode = VENCRYPT_SOLE;
} else if (strstr(s, "force")) {
vencrypt_mode = VENCRYPT_FORCE;
} else {
fprintf(stderr, "invalid %s arg: %s\n", arg, s);
exit(1);
}
if (strstr(s, "nodh")) {
vencrypt_kx = VENCRYPT_NODH;
} else if (strstr(s, "nox509")) {
vencrypt_kx = VENCRYPT_NOX509;
}
if (strstr(s, "newdh")) {
create_fresh_dhparams = 1;
}
if (strstr(s, "noplain")) {
vencrypt_enable_plain_login = 0;
} else if (strstr(s, "plain")) {
vencrypt_enable_plain_login = 1;
}
free(s);
continue;
}
if (!strcmp(arg, "-tlsvnc")) {
char *s;
CHECK_ARGC
s = strdup(argv[++i]);
if (strstr(s, "never")) {
tlsvnc_mode = TLSVNC_NONE;
} else if (strstr(s, "support")) {
tlsvnc_mode = TLSVNC_SUPPORT;
} else if (strstr(s, "only")) {
tlsvnc_mode = TLSVNC_SOLE;
} else if (strstr(s, "force")) {
tlsvnc_mode = TLSVNC_FORCE;
} else {
fprintf(stderr, "invalid %s arg: %s\n", arg, s);
exit(1);
}
if (strstr(s, "newdh")) {
create_fresh_dhparams = 1;
}
free(s);
continue;
}
if (!strcmp(arg, "-dhparams")) {
CHECK_ARGC
dhparams_file = strdup(argv[++i]);
continue;
}
if (!strcmp(arg, "-nossl")) {
use_openssl = 0;
openssl_pem = NULL;
@ -2388,6 +2460,11 @@ int main(int argc, char* argv[]) {
ssl_verify = strdup(argv[++i]);
continue;
}
if (!strcmp(arg, "-sslCRL")) {
CHECK_ARGC
ssl_crl = strdup(argv[++i]);
continue;
}
if (!strcmp(arg, "-sslGenCA")) {
char *cdir = NULL;
if (i < argc-1) {
@ -2493,7 +2570,6 @@ int main(int argc, char* argv[]) {
}
continue;
}
#endif
if (!strcmp(arg, "-nopw")) {
nopw = 1;
continue;
@ -3133,6 +3209,11 @@ int main(int argc, char* argv[]) {
got_defer = 1;
continue;
}
if (!strcmp(arg, "-setdefer")) {
CHECK_ARGC
set_defer = atoi(argv[++i]);
continue;
}
if (!strcmp(arg, "-wait")) {
CHECK_ARGC
waitms = atoi(argv[++i]);
@ -3517,6 +3598,8 @@ int main(int argc, char* argv[]) {
}
if (!strcmp(arg, "-rfbport") && i < argc-1) {
got_rfbport = 1;
got_rfbport_str = strdup(argv[i+1]);
got_rfbport_pos = argc_vnc+1;
got_rfbport_val = atoi(argv[i+1]);
}
if (!strcmp(arg, "-alwaysshared ")) {
@ -3530,11 +3613,7 @@ int main(int argc, char* argv[]) {
}
/* otherwise copy it for libvncserver use below. */
if (!strcmp(arg, "-ultrafilexfer")) {
if (argc_vnc + 2 < argc_vnc_max) {
argv_vnc[argc_vnc++] = strdup("-rfbversion");
argv_vnc[argc_vnc++] = strdup("3.6");
argv_vnc[argc_vnc++] = strdup("-permitfiletransfer");
}
got_ultrafilexfer = 1;
} else if (argc_vnc < argc_vnc_max) {
argv_vnc[argc_vnc++] = strdup(arg);
} else {
@ -3545,6 +3624,9 @@ int main(int argc, char* argv[]) {
}
}
/* set OS struct UT */
uname(&UT);
orig_use_xdamage = use_xdamage;
if (!auto_port && getenv("AUTO_PORT")) {
@ -3602,6 +3684,40 @@ int main(int argc, char* argv[]) {
}
}
#endif
if (got_rfbport_str != NULL && !strcasecmp(got_rfbport_str, "prompt")) {
char *opts, tport[32];
if (gui_str) {
opts = (char *) malloc(strlen(gui_str) + 32);
sprintf(opts, "%s,portprompt", gui_str);
} else {
opts = strdup("portprompt");
}
got_rfbport_val = -1;
do_gui(opts, 0);
if (got_rfbport_val == -1) {
rfbLog("Port prompt indicated cancel.\n");
clean_up_exit(1);
}
rfbLog("Port prompt selected: %d\n", got_rfbport_val);
sprintf(tport, "%d", got_rfbport_val);
argv_vnc[got_rfbport_pos] = strdup(tport);
free(opts);
}
{
char num[32];
sprintf(num, "%d", got_rfbport_val);
set_env("X11VNC_GOT_RFBPORT_VAL", num);
}
if (got_ultrafilexfer && argc_vnc + 2 < argc_vnc_max) {
argv_vnc[argc_vnc++] = strdup("-rfbversion");
argv_vnc[argc_vnc++] = strdup("3.6");
argv_vnc[argc_vnc++] = strdup("-permitfiletransfer");
}
if (launch_gui) {
int sleep = 0;
if (SHOW_NO_PASSWORD_WARNING && !nopw) {
@ -3611,6 +3727,84 @@ int main(int argc, char* argv[]) {
}
if (logfile) {
int n;
char *pstr = "%VNCDISPLAY";
if (strstr(logfile, pstr)) {
char *h = this_host();
char *s, *q, *new;
int n, p = got_rfbport_val;
/* we don't really know the port yet... so guess */
if (p < 0) {
p = auto_port;
}
if (p <= 0) {
p = 5900;
}
s = (char *) malloc(strlen(h) + 32);
sprintf(s, "%s:%d", h, p);
n = 1;
q = logfile;
while (1) {
char *t = strstr(q, pstr);
if (!t) break;
n++;
q = t+1;
}
new = (char *) malloc(strlen(logfile) + n * strlen(pstr));
new[0] = '\0';
q = logfile;
while (1) {
char *t = strstr(q, pstr);
if (!t) {
strcat(new, q);
break;
}
strncat(new, q, t - q);
strcat(new, s);
q = t + strlen(pstr);
}
logfile = new;
if (!quiet) {
rfbLog("Expanded logfile to '%s'\n", new);
}
free(s);
}
pstr = "%HOME";
if (strstr(logfile, pstr)) {
char *h = get_home_dir();
char *s, *q, *new;
s = (char *) malloc(strlen(h) + 32);
sprintf(s, "%s", h);
n = 1;
q = logfile;
while (1) {
char *t = strstr(q, pstr);
if (!t) break;
n++;
q = t+1;
}
new = (char *) malloc(strlen(logfile) + n * strlen(pstr));
new[0] = '\0';
q = logfile;
while (1) {
char *t = strstr(q, pstr);
if (!t) {
strcat(new, q);
break;
}
strncat(new, q, t - q);
strcat(new, s);
q = t + strlen(pstr);
}
logfile = new;
if (!quiet) {
rfbLog("Expanded logfile to '%s'\n", new);
}
free(s);
}
if (logfile_append) {
n = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0666);
} else {
@ -4110,9 +4304,6 @@ int main(int argc, char* argv[]) {
allow_list = strdup("127.0.0.1");
}
/* set OS struct UT */
uname(&UT);
initialize_crash_handler();
if (! quiet) {
@ -4294,6 +4485,13 @@ if (0) fprintf(stderr, "XA: %s\n", getenv("XAUTHORITY"));
scr = DefaultScreen(dpy);
rootwin = RootWindow(dpy, scr);
#if !NO_X11
if (dpy) {
Window w = XCreateSimpleWindow(dpy, rootwin, 0, 0, 1, 1, 0, 0, 0);
if (! quiet) rfbLog("rootwin: 0x%lx reswin: 0x%lx dpy: 0x%x\n", rootwin, w, dpy);
}
#endif
if (ncache_beta_tester) {
int h = DisplayHeight(dpy, scr);
int w = DisplayWidth(dpy, scr);
@ -4863,8 +5061,8 @@ if (0) fprintf(stderr, "XA: %s\n", getenv("XAUTHORITY"));
}
}
if (! got_deferupdate && ! got_defer) {
if (defer_update > 15) {
defer_update = 15;
if (defer_update > 10) {
defer_update = 10;
if (screen) {
screen->deferUpdateTime = defer_update;
}

@ -0,0 +1,10 @@
[Desktop Entry]
Name=X11VNC Server
Comment=Share this desktop by VNC
Exec=x11vnc -gui tray=setpass -rfbport PROMPT -bg -o %%HOME/.x11vnc.log.%%VNCDISPLAY
Icon=computer
Terminal=false
Type=Application
StartupNotify=false
#StartupWMClass=x11vnc_port_prompt
Categories=Network;RemoteAccess;

@ -158,7 +158,6 @@
#endif
/* these are for delaying features: */
#define xxNO_SSL_OR_UNIXPW
#define xxNO_NCACHE
/*

@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */
char lastmod[] = "0.9.6 lastmod: 2008-11-04";
char lastmod[] = "0.9.6 lastmod: 2008-11-22";
/* X display info */

@ -35,7 +35,7 @@ int collect_non_X_xdamage(int x_in, int y_in, int w_in, int h_in, int call);
int collect_xdamage(int scancnt, int call);
int xdamage_hint_skip(int y);
void initialize_xdamage(void);
void create_xdamage_if_needed(void);
void create_xdamage_if_needed(int force);
void destroy_xdamage_if_needed(void);
void check_xdamage_state(void);
@ -684,12 +684,12 @@ void initialize_xdamage(void) {
}
}
void create_xdamage_if_needed(void) {
void create_xdamage_if_needed(int force) {
RAWFB_RET_VOID
#if LIBVNCSERVER_HAVE_LIBXDAMAGE
if (! xdamage) {
if (! xdamage || force) {
X_LOCK;
xdamage = XDamageCreate(dpy, window, XDamageReportRawRectangles);
XDamageSubtract(dpy, xdamage, None, None);
@ -731,7 +731,7 @@ void check_xdamage_state(void) {
* one if no clients are connected.
*/
if (client_count && use_xdamage) {
create_xdamage_if_needed();
create_xdamage_if_needed(0);
if (xdamage_scheduled_mark > 0.0 && dnow() >
xdamage_scheduled_mark) {
if (xdamage_scheduled_mark_region) {

@ -23,7 +23,7 @@ extern int collect_non_X_xdamage(int x_in, int y_in, int w_in, int h_in, int cal
extern int collect_xdamage(int scancnt, int call);
extern int xdamage_hint_skip(int y);
extern void initialize_xdamage(void);
extern void create_xdamage_if_needed(void);
extern void create_xdamage_if_needed(int force);
extern void destroy_xdamage_if_needed(void);
extern void check_xdamage_state(void);

@ -134,6 +134,7 @@ static void initialize_xevents(int reset) {
selwin = XCreateSimpleWindow(dpy, rootwin, 0, 0, 1, 1, 0, 0, 0);
X_UNLOCK;
did_xcreate_simple_window = 1;
if (0) rfbLog("selwin: 0x%lx\n", selwin);
}
if ((xrandr || xrandr_maybe) && !did_xrandr) {

@ -32,11 +32,13 @@ Display *rdpy_data = NULL; /* Data connection for RECORD */
Display *rdpy_ctrl = NULL; /* Control connection for RECORD */
Display *gdpy_ctrl = NULL;
Display *gdpy_data = NULL;
int xserver_grabbed = 0;
int trap_record_xerror(Display *, XErrorEvent *);
void initialize_xrecord(void);
void zerodisp_xrecord(void);
void shutdown_xrecord(void);
int xrecord_skip_keysym(rfbKeySym keysym);
int xrecord_skip_button(int new, int old);
@ -57,7 +59,6 @@ static XRecordContext rc_grab;
static XRecordClientSpec rcs_grab;
#endif
static XErrorEvent *trapped_record_xerror_event;
static Display *gdpy_data = NULL;
static void xrecord_grabserver(int start);
static int xrecord_vi_scroll_keysym(rfbKeySym keysym);
@ -144,6 +145,13 @@ static void xrecord_grabserver(int start) {
}
}
void zerodisp_xrecord(void) {
rdpy_data = NULL;
rdpy_ctrl = NULL;
gdpy_data = NULL;
gdpy_ctrl = NULL;
}
void initialize_xrecord(void) {
use_xrecord = 0;
if (! xrecord_present) {

@ -25,6 +25,7 @@ extern Display *gdpy_ctrl;
extern int xserver_grabbed;
extern void initialize_xrecord(void);
extern void zerodisp_xrecord(void);
extern void shutdown_xrecord(void);
extern int xrecord_skip_keysym(rfbKeySym keysym);
extern int xrecord_skip_button(int new, int old);

@ -189,6 +189,7 @@ Status XShmAttach_wr(Display *disp, XShmSegmentInfo *shminfo) {
Status XShmDetach_wr(Display *disp, XShmSegmentInfo *shminfo) {
#if LIBVNCSERVER_HAVE_XSHM
if (getenv("X11VNC_SHM_DEBUG")) fprintf(stderr, "XShmDetach_wr: 0x%x disp: 0x%x\n", shminfo, disp);
return XShmDetach(disp, shminfo);
#else
if (!disp || !shminfo) {}

Loading…
Cancel
Save