From 7fffc5d3b41565d7ff43cf582c00cee1bdf76474 Mon Sep 17 00:00:00 2001 From: runge Date: Sat, 26 May 2007 23:22:48 +0000 Subject: [PATCH] x11vnc: in -unixpw, initial Escape means no echo username. --- prepare_x11vnc_dist.sh | 2 +- x11vnc/ChangeLog | 4 + x11vnc/README | 180 +++++++++++++++++++++++++++-------------- x11vnc/help.c | 40 ++++----- x11vnc/options.c | 4 +- x11vnc/unixpw.c | 17 +++- x11vnc/x11vnc.1 | 40 +++++---- x11vnc/x11vnc_defs.c | 2 +- 8 files changed, 187 insertions(+), 102 deletions(-) diff --git a/prepare_x11vnc_dist.sh b/prepare_x11vnc_dist.sh index 45f600a..3c83215 100644 --- a/prepare_x11vnc_dist.sh +++ b/prepare_x11vnc_dist.sh @@ -1,6 +1,6 @@ #!/bin/bash -VERSION="0.9.1" +VERSION="0.9.2" cd "$(dirname "$0")" diff --git a/x11vnc/ChangeLog b/x11vnc/ChangeLog index c44e212..f542281 100644 --- a/x11vnc/ChangeLog +++ b/x11vnc/ChangeLog @@ -1,3 +1,7 @@ +2007-05-26 Karl Runge + * x11vnc: set to version 0.9.2, back to NCACHE -12 for testing. + in -unixpw, initial Escape means no echo username (see ssvnc). + 2007-05-21 Karl Runge * x11vnc: set things up (NCACHE = -1) to not have -ncache on by default; just give a blurb about it. diff --git a/x11vnc/README b/x11vnc/README index d31abaf..e0e2645 100644 --- a/x11vnc/README +++ b/x11vnc/README @@ -1,5 +1,5 @@ -x11vnc README file Date: Mon May 21 17:57:42 EDT 2007 +x11vnc README file Date: Sat May 26 19:09:57 EDT 2007 The following information is taken from these URLs: @@ -398,12 +398,12 @@ vncviewer -via $host localhost:0 # must be TightVNC vncviewer. SourceForge.net. I use libvncserver for all of the VNC aspects; I couldn't have done without it. The full source code may be found and downloaded (either file-release tarball or CVS tree) from the above - link. As of Apr 2007, the [70]x11vnc-0.9.tar.gz source package is - released (recommended download). The [71]x11vnc 0.9 release notes. + link. As of May 2007, the [70]x11vnc-0.9.1.tar.gz source package is + released (recommended download). The [71]x11vnc 0.9.1 release notes. The x11vnc package is the subset of the libvncserver package needed to build the x11vnc program. Also, you can get a copy of my latest, - bleeding edge [72]x11vnc-0.9.1.tar.gz tarball to build the most up to + bleeding edge [72]x11vnc-0.9.2.tar.gz tarball to build the most up to date one. Precompiled Binaries/Packages: See the [73]FAQ below for information @@ -436,13 +436,13 @@ vncviewer -via $host localhost:0 # must be TightVNC vncviewer. Building x11vnc: If your OS has libjpeg.so and libz.so in standard locations you can - build as follows (example given for the 0.9 release of x11vnc: replace - with the version you downloaded): + build as follows (example given for the 0.9.1 release of x11vnc: + replace with the version you downloaded): (un-tar the x11vnc+libvncserver tarball) -# gzip -dc x11vnc-0.9.tar.gz | tar -xvf - +# gzip -dc x11vnc-0.9.1.tar.gz | tar -xvf - (cd to the source directory) -# cd x11vnc-0.9 +# cd x11vnc-0.9.1 (run configure and then run make) # ./configure @@ -658,14 +658,14 @@ make I don't have any formal beta-testers for the releases of x11vnc, so I'd appreciate any additional testing very much. - Thanks to those who suggested features and helped beta test x11vnc 0.9 - released in Apr 2007! + Thanks to those who suggested features and helped beta test x11vnc + 0.9.1 released in May 2007! - Please help test and debug the 0.9.1 version for release sometime in + Please help test and debug the 0.9.2 version for release sometime in Summer 2007. - The version 0.9.1 beta tarball is kept here: - [91]x11vnc-0.9.1.tar.gz + The version 0.9.2 beta tarball is kept here: + [91]x11vnc-0.9.2.tar.gz There are also some Linux, Solaris, Mac OS X, and other OS test binaries [92]here. Please kick the tires and report bugs, performance @@ -680,7 +680,7 @@ make [97]Enhanced TightVNC Viewer (SSVNC) page. - Here are some features that will appear in the 0.9.1 release: + Here are some features that will appear in the 0.9.2 release: * [98]Viewer-side pixmap caching. This one will benefit from much testing. A large area of pixels (at least 2-3 times as big as the framebuffer itself; the bigger the better... default is 12X) is @@ -692,6 +692,9 @@ make "-ncache 12". The unix Enhanced TightVNC Viewer [99]ssvnc has a nice [100]-ycrop option to help hide the pixel cache area from view. + + + Here are some features that appeared in the 0.9.1 release: * The [101]UltraVNC Java viewer has been enhanced to support SSL (as the TightVNC viewer had been previously). The UltraVNC Java supports ultravnc filetransfer, and so can be used as a VNC viewer @@ -6675,7 +6678,7 @@ EndSection Building: If you don't have the X11 build and runtime packages installed you will need to build it like this: - (cd to the x11vnc-0.9, etc, source directory) + (cd to the e.g. x11vnc-0.9, source directory) ./configure --without-x make @@ -7551,9 +7554,9 @@ References 67. http://www.karlrunge.com/x11vnc/index.html#faq-ssl-tunnel-int 68. http://www.karlrunge.com/x11vnc/ssvnc.html 69. http://sourceforge.net/projects/libvncserver/ - 70. http://sourceforge.net/project/showfiles.php?group_id=32584&package_id=119006&release_id=502277 - 71. http://sourceforge.net/project/shownotes.php?group_id=32584&release_id=502277 - 72. http://www.karlrunge.com/x11vnc/x11vnc-0.9.1.tar.gz + 70. http://sourceforge.net/project/showfiles.php?group_id=32584&package_id=119006&release_id=510888 + 71. http://sourceforge.net/project/shownotes.php?release_id=510888&group_id=32584 + 72. http://www.karlrunge.com/x11vnc/x11vnc-0.9.2.tar.gz 73. http://www.karlrunge.com/x11vnc/index.html#faq-binaries 74. http://www.tightvnc.com/download.html 75. http://www.realvnc.com/download-free.html @@ -7572,7 +7575,7 @@ References 88. http://www.karlrunge.com/x11vnc/index.html#faq-solaris251build 89. http://www.karlrunge.com/x11vnc/index.html#faq-macosx 90. http://www.karlrunge.com/x11vnc/index.html#faq-ssl-tunnel-int - 91. http://www.karlrunge.com/x11vnc/x11vnc-0.9.1.tar.gz + 91. http://www.karlrunge.com/x11vnc/x11vnc-0.9.2.tar.gz 92. http://www.karlrunge.com/x11vnc/bins 93. mailto:xvml-beta@karlrunge.com 94. http://www.karlrunge.com/x11vnc/index.html#faq-ssl-tunnel-int @@ -10031,6 +10034,8 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) * [5]Dynamic VNC Server Port determination and redirection (using ssh's builtin SOCKS proxy, -D) for servers like x11vnc that print out PORT= at startup. + * Unix Username and Password entry for use with "x11vnc -unixpw" + type login dialogs. [6]Unix TightVNC Viewer improvements (these only apply to the Unix VNC viewer): @@ -10056,15 +10061,16 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) (-grab/-graball option). * Fix for Popup menu positioning for old window managers (-popupfix option). + * Option "-unixpw ..." for use with "x11vnc -unixpw" type login + dialogs. * Improvements to the Popup menu, all of these can now be changed dynamically via the menu: ViewOnly, Toggle Bell, CursorShape updates, X11 Cursor, Cursor Alphablending, Toggle Tight/ZRLE, Toggle JPEG, FullColor/16bpp/8bpp (256/64/8 colors), Greyscale for low color modes. - * Support for UltraVNC extensions: Single Window, Disable - Server-side Input, 1/n Server side scaling, Text Chat (shell - terminal UI). Both UltraVNC and x11vnc servers support these - extensions. + * Support for UltraVNC extensions: 1/n Server side scaling, Text + Chat, Single Window, Disable Server-side Input. Both UltraVNC and + x11vnc servers support these extensions. The list of software bundled in the archive files: * TightVNC Viewer (windows, unix, macosx) @@ -10305,13 +10311,43 @@ Enhanced TightVNC viewer (SSVNC) options: -noshm Disable use of MIT shared memory extension (not recommended ) + -termchat Do the UltraVNC chat in the terminal vncviewer is in + instead of in an independent window. + + -unixpw str Useful for logging into x11vnc in -unixpw mode. "str" is a + string that allows many ways to enter the Unix Username + and Unix Password. These characters: username, newline, + password, newline are sent to the VNC server after any VNC + authentication has taken place. Under x11vnc they are + used for the -unixpw login. Other VNC servers could do + something similar. + + You can also indicate "str" via the environment + variable SSVNC_UNIXPW. + + Note that the Escape key is actually sent first to tell + x11vnc to not echo the Unix Username back to the VNC + viewer. Set SSVNC_UNIXPW_NOESC=1 to override this. + + If str is ".", then you are prompted at the command line + for the username and password in the normal way. If str is + "-" the stdin is read via getpass(3) for username@password. + Otherwise if str is a file, it is opened and the first line + read is taken as the Unix username and the 2nd as the + password. If str prefixed by "rm:" the file is removed + after reading. Otherwise, if str has a "@" character, + it is taken as username@password. Otherwise, the program + exits with an error. Got all that? + + New Popup actions: + ViewOnly: ~ -viewonly + Disable Bell: ~ -nobell Cursor Shape: ~ -nocursorshape X11 Cursor: ~ -x11cursor Cursor Alphablend: ~ -alpha Disable JPEG: ~ -nojpeg - Prefer raw for localhost ~ -rawlocal Full Color as many colors as local screen allows. Grey scale (16 & 8-bpp) ~ -grey, for low colors 16/8bpp modes only. 16 bit color (BGR565) ~ -16bpp / -bgr565 @@ -10320,14 +10356,15 @@ Enhanced TightVNC viewer (SSVNC) options: 64 colors ~ -bgr222 / -use64 8 colors ~ -bgr111 / -use8 + UltraVNC Extensions: Disable Remote Input Ultravnc ext. Try to prevent input and viewing of monitor at physical display. Single Window Ultravnc ext. Grab and view a single window. (click on the window you want). Set 1/n Server Scale Ultravnc ext. Scale desktop by 1/n. prompt is from the terminal. - Text Chat Ultravnc ext. Do Text Chat, currently - input via the terminal (no window). + Text Chat Ultravnc ext. Do Text Chat. + Note: the Ultravnc extensions only apply to servers that support them. x11vnc/libvncserver supports some of them. @@ -10394,12 +10431,18 @@ es and source AND full archives in the zip dir. (~15MB) You can try for an older one by replacing, e.g. ".16" by ".11", etc. - Sorry for the inconvenience of lumping all the Unix binaries and - source together in one archive. To save space you can delete the src - subdirectory if you like. + Here are the corresponding "development" bundles: + [24]ssvnc_windows_only-1.0.17.zip + [25]ssvnc_no_windows-1.0.17.tar.gz + [26]ssvnc_unix_only-1.0.17.tar.gz + [27]ssvnc_unix_minimal-1.0.17.tar.gz + + [28]ssvnc-1.0.17.tar.gz + [29]ssvnc-1.0.17.zip + [30]ssvnc_all-1.0.17.zip A self-extracting and running file for the "ssvnc_unix_minimal" - package is here: [24]ssvnc. Save it as filename "ssvnc", type "chmod + package is here: [31]ssvnc. Save it as filename "ssvnc", type "chmod 755 ./ssvnc", and then launch the GUI via typing "./ssvnc". Note that this "ssvnc_unix_minimal" mode requires you install the "stunnel" and "vncviewer" programs externally (for example, install your distros' @@ -10438,13 +10481,13 @@ es and source AND full archives in the zip dir. (~15MB) redistribute the above because of cryptographic software they contain or for other reasons. Please check out your situation and information at the following and related sites: - [25]http://www.stunnel.org - [26]http://stunnel.mirt.net - [27]http://www.openssl.org - [28]http://www.chiark.greenend.org.uk/~sgtatham/putty/ - [29]http://www.tightvnc.com - [30]http://www.realvnc.com - [31]http://sourceforge.net/projects/cotvnc/ + [32]http://www.stunnel.org + [33]http://stunnel.mirt.net + [34]http://www.openssl.org + [35]http://www.chiark.greenend.org.uk/~sgtatham/putty/ + [36]http://www.tightvnc.com + [37]http://www.realvnc.com + [38]http://sourceforge.net/projects/cotvnc/ _________________________________________________________________ Here is the toplevel README from the bundle: @@ -10915,14 +10958,21 @@ References 21. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.16.tar.gz 22. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.16.zip 23. http://www.karlrunge.com/x11vnc/etv/ssvnc_all-1.0.16.zip - 24. http://www.karlrunge.com/x11vnc/etv/ssvnc - 25. http://www.stunnel.org/ - 26. http://stunnel.mirt.net/ - 27. http://www.openssl.org/ - 28. http://www.chiark.greenend.org.uk/~sgtatham/putty/ - 29. http://www.tightvnc.com/ - 30. http://www.realvnc.com/ - 31. http://sourceforge.net/projects/cotvnc/ + 24. http://www.karlrunge.com/x11vnc/etv/ssvnc_windows_only-1.0.17.zip + 25. http://www.karlrunge.com/x11vnc/etv/ssvnc_no_windows-1.0.17.tar.gz + 26. http://www.karlrunge.com/x11vnc/etv/ssvnc_unix_only-1.0.17.tar.gz + 27. http://www.karlrunge.com/x11vnc/etv/ssvnc_unix_minimal-1.0.17.tar.gz + 28. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.17.tar.gz + 29. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.17.zip + 30. http://www.karlrunge.com/x11vnc/etv/ssvnc_all-1.0.17.zip + 31. http://www.karlrunge.com/x11vnc/etv/ssvnc + 32. http://www.stunnel.org/ + 33. http://stunnel.mirt.net/ + 34. http://www.openssl.org/ + 35. http://www.chiark.greenend.org.uk/~sgtatham/putty/ + 36. http://www.tightvnc.com/ + 37. http://www.realvnc.com/ + 38. http://sourceforge.net/projects/cotvnc/ ======================================================================= http://www.karlrunge.com/x11vnc/x11vnc_opts.html: @@ -10935,7 +10985,7 @@ x11vnc: a VNC server for real X displays Here are all of x11vnc command line options: % x11vnc -opts (see below for -help long descriptions) -x11vnc: allow VNC connections to real X11 displays. 0.9.1 lastmod: 2007-05-21 +x11vnc: allow VNC connections to real X11 displays. 0.9.2 lastmod: 2007-05-26 x11vnc options: -display disp -auth file -N @@ -11049,7 +11099,7 @@ libvncserver-tight-extension options: % x11vnc -help -x11vnc: allow VNC connections to real X11 displays. 0.9.1 lastmod: 2007-05-21 +x11vnc: allow VNC connections to real X11 displays. 0.9.2 lastmod: 2007-05-26 (type "x11vnc -opts" to just list the options.) @@ -11631,27 +11681,32 @@ Options: send one before a 25 second timeout. Existing clients are view-only during this period. + If the first character received is "Escape" then the + unix username will not be displayed after "login:" + as it is typed. This could be of use for VNC viewers + that automatically type the username and password. + Since the detailed behavior of su(1) can vary from OS to OS and for local configurations, test the mode - carefully on your systems before using it in production. - Test different combinations of valid/invalid usernames - and valid/invalid passwords to see if it behaves as - expected. x11vnc will attempt to be conservative and + carefully. x11vnc will attempt to be conservative and reject a login if anything abnormal occurs. - On FreeBSD and the other BSD's by default it is - impossible for the user running x11vnc to validate - his *own* password via su(1) (evidently commenting out + One case to note: FreeBSD and the other BSD's by + default it is impossible for the user running x11vnc to + validate his *own* password via su(1) (commenting out the pam_self.so entry in /etc/pam.d/su eliminates this - problem). So the x11vnc login will always *fail* for + behavior). So the x11vnc login will always *FAIL* for this case (even when the correct password is supplied). - A possible workaround for this would be to start - x11vnc as root with the "-users +nobody" option to - immediately switch to user nobody. Another source of - problems are PAM modules that prompt for extra info, - e.g. password aging modules. These logins will fail - as well even when the correct password is supplied. + A possible workaround for this on *BSD would be to + start x11vnc as root with the "-users +nobody" option + to immediately switch to user nobody where the su'ing + will proceed normally. + + Another source of potential problems are PAM modules + that prompt for extra info, e.g. password aging modules. + These logins will fail as well even when the correct + password is supplied. **IMPORTANT**: to prevent the Unix password being sent in *clear text* over the network, one of two schemes @@ -12720,6 +12775,9 @@ t commands, RFB_SSL_CLIENT_CERT will be set to the client's x509 certificate string. + The sslpeer= mode can aid finding X sessions via the + FINDDISPLAY and FINDCREATEDISPLAY mechanisms. + To immediately switch to a user *before* connections to the X display are made or any files opened use the "=" character: "-users =bob". That user needs to diff --git a/x11vnc/help.c b/x11vnc/help.c index da8ac5c..3aa8147 100644 --- a/x11vnc/help.c +++ b/x11vnc/help.c @@ -603,27 +603,32 @@ void print_help(int mode) { " send one before a 25 second timeout. Existing clients\n" " are view-only during this period.\n" "\n" +" If the first character received is \"Escape\" then the\n" +" unix username will not be displayed after \"login:\"\n" +" as it is typed. This could be of use for VNC viewers\n" +" that automatically type the username and password.\n" +"\n" " Since the detailed behavior of su(1) can vary from\n" " OS to OS and for local configurations, test the mode\n" -" carefully on your systems before using it in production.\n" -" Test different combinations of valid/invalid usernames\n" -" and valid/invalid passwords to see if it behaves as\n" -" expected. x11vnc will attempt to be conservative and\n" +" carefully. x11vnc will attempt to be conservative and\n" " reject a login if anything abnormal occurs.\n" "\n" -" On FreeBSD and the other BSD's by default it is\n" -" impossible for the user running x11vnc to validate\n" -" his *own* password via su(1) (evidently commenting out\n" +" One case to note: FreeBSD and the other BSD's by\n" +" default it is impossible for the user running x11vnc to\n" +" validate his *own* password via su(1) (commenting out\n" " the pam_self.so entry in /etc/pam.d/su eliminates this\n" -" problem). So the x11vnc login will always *fail* for\n" +" behavior). So the x11vnc login will always *FAIL* for\n" " this case (even when the correct password is supplied).\n" "\n" -" A possible workaround for this would be to start\n" -" x11vnc as root with the \"-users +nobody\" option to\n" -" immediately switch to user nobody. Another source of\n" -" problems are PAM modules that prompt for extra info,\n" -" e.g. password aging modules. These logins will fail\n" -" as well even when the correct password is supplied.\n" +" A possible workaround for this on *BSD would be to\n" +" start x11vnc as root with the \"-users +nobody\" option\n" +" to immediately switch to user nobody where the su'ing\n" +" will proceed normally.\n" +"\n" +" Another source of potential problems are PAM modules\n" +" that prompt for extra info, e.g. password aging modules.\n" +" These logins will fail as well even when the correct\n" +" password is supplied.\n" "\n" " **IMPORTANT**: to prevent the Unix password being sent\n" " in *clear text* over the network, one of two schemes\n" @@ -676,10 +681,6 @@ void print_help(int mode) { " (default port 5500). Please use a ssh or stunnel port\n" " redirection to the viewer machine to tunnel the reverse\n" " connection over an encrypted channel.\n" -#if 0 -" Note that in -ssl\n" -" mode reverse connection are disabled (see below). XXX\n" -#endif "\n" " In -inetd mode the Method 1) will be enforced (not\n" " Method 2). With -ssl in effect reverse connections\n" @@ -1707,6 +1708,9 @@ void print_help(int mode) { " commands, RFB_SSL_CLIENT_CERT will be set to the\n" " client's x509 certificate string.\n" "\n" +" The sslpeer= mode can aid finding X sessions via the\n" +" FINDDISPLAY and FINDCREATEDISPLAY mechanisms.\n" +"\n" " To immediately switch to a user *before* connections\n" " to the X display are made or any files opened use the\n" " \"=\" character: \"-users =bob\". That user needs to\n" diff --git a/x11vnc/options.c b/x11vnc/options.c index 5d052b6..0a3ec9c 100644 --- a/x11vnc/options.c +++ b/x11vnc/options.c @@ -206,8 +206,8 @@ int wireframe_local = 1; #ifdef NO_NCACHE #define NCACHE 0 #else -#define xxNCACHE -12 -#define NCACHE -1 +#define NCACHE -12 +#define xxNCACHE -1 #endif #endif diff --git a/x11vnc/unixpw.c b/x11vnc/unixpw.c index c4a08b9..9390b43 100644 --- a/x11vnc/unixpw.c +++ b/x11vnc/unixpw.c @@ -1126,6 +1126,7 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) { int x, y, i, rc, nmax = 100; static char user_r[100], user[100], pass[100]; static int u_cnt = 0, p_cnt = 0, first = 1; + static int echo = 1; char keystr[100]; char *str; @@ -1143,6 +1144,7 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) { in_login = 1; in_passwd = 0; unixpw_denied = 0; + echo = 1; if (init == 1) { tries = 0; } @@ -1209,6 +1211,11 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) { } else if (! down) { return; } + if (in_login && keysym == XK_Escape && u_cnt == 0) { + echo = 0; + rfbLog("unixpw_keystroke: echo off.\n"); + return; + } if (in_login) { if (keysym == XK_BackSpace || keysym == XK_Delete) { @@ -1295,8 +1302,10 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) { x = text_x(); y = text_y(); - rfbDrawString(pscreen, &default8x16Font, x, y, - str, white_pixel()); + if (echo) { + rfbDrawString(pscreen, &default8x16Font, x, y, + str, white_pixel()); + } mark_rect_as_modified(x, y-char_h, x+char_w, y, scaling); char_col++; @@ -1340,7 +1349,9 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) { if (db && db <= 2) fprintf(stderr, "u_cnt: %d %d/%d ks: 0x%x '%s'\n", u_cnt, x, y, keysym, keystr); - rfbDrawString(pscreen, &default8x16Font, x, y, keystr, white_pixel()); + if (echo ) { + rfbDrawString(pscreen, &default8x16Font, x, y, keystr, white_pixel()); + } mark_rect_as_modified(x, y-char_h, x+char_w, y, scaling); char_col++; diff --git a/x11vnc/x11vnc.1 b/x11vnc/x11vnc.1 index ab5336a..83d0b82 100644 --- a/x11vnc/x11vnc.1 +++ b/x11vnc/x11vnc.1 @@ -2,7 +2,7 @@ .TH X11VNC "1" "May 2007" "x11vnc " "User Commands" .SH NAME x11vnc - allow VNC connections to real X11 displays - version: 0.9.1, lastmod: 2007-05-21 + version: 0.9.2, lastmod: 2007-05-26 .SH SYNOPSIS .B x11vnc [OPTION]... @@ -718,31 +718,36 @@ to supply the correct password in 3 tries or does not send one before a 25 second timeout. Existing clients are view-only during this period. .IP +If the first character received is "Escape" then the +unix username will not be displayed after "login:" +as it is typed. This could be of use for VNC viewers +that automatically type the username and password. +.IP Since the detailed behavior of .IR su (1) can vary from OS to OS and for local configurations, test the mode -carefully on your systems before using it in production. -Test different combinations of valid/invalid usernames -and valid/invalid passwords to see if it behaves as -expected. x11vnc will attempt to be conservative and +carefully. x11vnc will attempt to be conservative and reject a login if anything abnormal occurs. .IP -On FreeBSD and the other BSD's by default it is -impossible for the user running x11vnc to validate -his *own* password via +One case to note: FreeBSD and the other BSD's by +default it is impossible for the user running x11vnc to +validate his *own* password via .IR su (1) -(evidently commenting out +(commenting out the pam_self.so entry in /etc/pam.d/su eliminates this -problem). So the x11vnc login will always *fail* for +behavior). So the x11vnc login will always *FAIL* for this case (even when the correct password is supplied). .IP -A possible workaround for this would be to start -x11vnc as root with the "\fB-users\fR \fI+nobody\fR" option to -immediately switch to user nobody. Another source of -problems are PAM modules that prompt for extra info, -e.g. password aging modules. These logins will fail -as well even when the correct password is supplied. +A possible workaround for this on *BSD would be to +start x11vnc as root with the "\fB-users\fR \fI+nobody\fR" option +to immediately switch to user nobody where the su'ing +will proceed normally. +.IP +Another source of potential problems are PAM modules +that prompt for extra info, e.g. password aging modules. +These logins will fail as well even when the correct +password is supplied. .IP **IMPORTANT**: to prevent the Unix password being sent in *clear text* over the network, one of two schemes @@ -1934,6 +1939,9 @@ env. vars. (see \fB-accept)\fR passed to external cmd= commands, RFB_SSL_CLIENT_CERT will be set to the client's x509 certificate string. .IP +The sslpeer= mode can aid finding X sessions via the +FINDDISPLAY and FINDCREATEDISPLAY mechanisms. +.IP To immediately switch to a user *before* connections to the X display are made or any files opened use the "=" character: "\fB-users\fR \fI=bob\fR". That user needs to diff --git a/x11vnc/x11vnc_defs.c b/x11vnc/x11vnc_defs.c index 6e6bf1f..6fc1b49 100644 --- a/x11vnc/x11vnc_defs.c +++ b/x11vnc/x11vnc_defs.c @@ -15,7 +15,7 @@ int xtrap_base_event_type = 0; int xdamage_base_event_type = 0; /* date +'lastmod: %Y-%m-%d' */ -char lastmod[] = "0.9.1 lastmod: 2007-05-21"; +char lastmod[] = "0.9.2 lastmod: 2007-05-26"; /* X display info */