x11vnc: in -unixpw, initial Escape means no echo username.

prepare_x11vnc_dist.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-VERSION="0.9.1"
+VERSION="0.9.2"
 
 cd "$(dirname "$0")"
 

x11vnc/ChangeLog

@@ -1,3 +1,7 @@
+2007-05-26  Karl Runge <runge@karlrunge.com>
+	* x11vnc: set to version 0.9.2, back to NCACHE -12 for testing.
+	  in -unixpw, initial Escape means no echo username (see ssvnc).
+
 2007-05-21  Karl Runge <runge@karlrunge.com>
 	* x11vnc: set things up (NCACHE = -1) to not have -ncache
 	  on by default; just give a blurb about it.

x11vnc/README

@@ -1,5 +1,5 @@
 
-x11vnc README file                         Date: Mon May 21 17:57:42 EDT 2007
+x11vnc README file                         Date: Sat May 26 19:09:57 EDT 2007
 
 The following information is taken from these URLs:
 
@@ -398,12 +398,12 @@ vncviewer -via $host localhost:0      # must be TightVNC vncviewer.
    SourceForge.net. I use libvncserver for all of the VNC aspects; I
    couldn't have done without it. The full source code may be found and
    downloaded (either file-release tarball or CVS tree) from the above
-   link. As of Apr 2007, the [70]x11vnc-0.9.tar.gz source package is
+   link. As of May 2007, the [70]x11vnc-0.9.1.tar.gz source package is
-   released (recommended download). The [71]x11vnc 0.9 release notes.
+   released (recommended download). The [71]x11vnc 0.9.1 release notes.
 
    The x11vnc package is the subset of the libvncserver package needed to
    build the x11vnc program. Also, you can get a copy of my latest,
-   bleeding edge [72]x11vnc-0.9.1.tar.gz tarball to build the most up to
+   bleeding edge [72]x11vnc-0.9.2.tar.gz tarball to build the most up to
    date one.
 
    Precompiled Binaries/Packages:  See the [73]FAQ below for information
@@ -436,13 +436,13 @@ vncviewer -via $host localhost:0      # must be TightVNC vncviewer.
     Building x11vnc:
 
    If your OS has libjpeg.so and libz.so in standard locations you can
-   build as follows (example given for the 0.9 release of x11vnc: replace
+   build as follows (example given for the 0.9.1 release of x11vnc:
-   with the version you downloaded):
+   replace with the version you downloaded):
 (un-tar the x11vnc+libvncserver tarball)
-# gzip -dc x11vnc-0.9.tar.gz | tar -xvf -
+# gzip -dc x11vnc-0.9.1.tar.gz | tar -xvf -
 
 (cd to the source directory)
-# cd x11vnc-0.9
+# cd x11vnc-0.9.1
 
 (run configure and then run make)
 # ./configure
@@ -658,14 +658,14 @@ make
    I don't have any formal beta-testers for the releases of x11vnc, so
    I'd appreciate any additional testing very much.
 
-   Thanks to those who suggested features and helped beta test x11vnc 0.9
+   Thanks to those who suggested features and helped beta test x11vnc
-   released in Apr 2007!
+   0.9.1 released in May 2007!
 
-   Please help test and debug the 0.9.1 version for release sometime in
+   Please help test and debug the 0.9.2 version for release sometime in
    Summer 2007.
 
-   The version 0.9.1 beta tarball is kept here:
+   The version 0.9.2 beta tarball is kept here:
-   [91]x11vnc-0.9.1.tar.gz
+   [91]x11vnc-0.9.2.tar.gz
 
    There are also some Linux, Solaris, Mac OS X, and other OS test
    binaries [92]here. Please kick the tires and report bugs, performance
@@ -680,7 +680,7 @@ make
    [97]Enhanced TightVNC Viewer (SSVNC) page.
 
 
-   Here are some features that will appear in the 0.9.1 release:
+   Here are some features that will appear in the 0.9.2 release:
      * [98]Viewer-side pixmap caching. This one will benefit from much
        testing. A large area of pixels (at least 2-3 times as big as the
        framebuffer itself; the bigger the better... default is 12X) is
@@ -692,6 +692,9 @@ make
        "-ncache 12". The unix Enhanced TightVNC Viewer [99]ssvnc has a
        nice [100]-ycrop option to help hide the pixel cache area from
        view.
+
+
+   Here are some features that appeared in the 0.9.1 release:
      * The [101]UltraVNC Java viewer has been enhanced to support SSL (as
        the TightVNC viewer had been previously). The UltraVNC Java
        supports ultravnc filetransfer, and so can be used as a VNC viewer
@@ -6675,7 +6678,7 @@ EndSection
 
    Building:  If you don't have the X11 build and runtime packages
    installed you will need to build it like this:
-   (cd to the x11vnc-0.9, etc, source directory)
+   (cd to the e.g. x11vnc-0.9, source directory)
    ./configure --without-x
    make
 
@@ -7551,9 +7554,9 @@ References
   67. http://www.karlrunge.com/x11vnc/index.html#faq-ssl-tunnel-int
   68. http://www.karlrunge.com/x11vnc/ssvnc.html
   69. http://sourceforge.net/projects/libvncserver/
-  70. http://sourceforge.net/project/showfiles.php?group_id=32584&package_id=119006&release_id=502277
+  70. http://sourceforge.net/project/showfiles.php?group_id=32584&package_id=119006&release_id=510888
-  71. http://sourceforge.net/project/shownotes.php?group_id=32584&release_id=502277
+  71. http://sourceforge.net/project/shownotes.php?release_id=510888&group_id=32584
-  72. http://www.karlrunge.com/x11vnc/x11vnc-0.9.1.tar.gz
+  72. http://www.karlrunge.com/x11vnc/x11vnc-0.9.2.tar.gz
   73. http://www.karlrunge.com/x11vnc/index.html#faq-binaries
   74. http://www.tightvnc.com/download.html
   75. http://www.realvnc.com/download-free.html
@@ -7572,7 +7575,7 @@ References
   88. http://www.karlrunge.com/x11vnc/index.html#faq-solaris251build
   89. http://www.karlrunge.com/x11vnc/index.html#faq-macosx
   90. http://www.karlrunge.com/x11vnc/index.html#faq-ssl-tunnel-int
-  91. http://www.karlrunge.com/x11vnc/x11vnc-0.9.1.tar.gz
+  91. http://www.karlrunge.com/x11vnc/x11vnc-0.9.2.tar.gz
   92. http://www.karlrunge.com/x11vnc/bins
   93. mailto:xvml-beta@karlrunge.com
   94. http://www.karlrunge.com/x11vnc/index.html#faq-ssl-tunnel-int
@@ -10031,6 +10034,8 @@ Enhanced TightVNC Viewer   (SSVNC:   SSL/SSH VNC viewer)
      * [5]Dynamic VNC Server Port determination and redirection (using
        ssh's builtin SOCKS proxy, -D) for servers like x11vnc that print
        out PORT= at startup.
+     * Unix Username and Password entry for use with "x11vnc -unixpw"
+       type login dialogs.
 
    [6]Unix TightVNC Viewer improvements (these only apply to the Unix VNC
    viewer):
@@ -10056,15 +10061,16 @@ Enhanced TightVNC Viewer   (SSVNC:   SSL/SSH VNC viewer)
        (-grab/-graball option).
      * Fix for Popup menu positioning for old window managers (-popupfix
        option).
+     * Option "-unixpw ..." for use with "x11vnc -unixpw" type login
+       dialogs.
      * Improvements to the Popup menu, all of these can now be changed
        dynamically via the menu: ViewOnly, Toggle Bell, CursorShape
        updates, X11 Cursor, Cursor Alphablending, Toggle Tight/ZRLE,
        Toggle JPEG, FullColor/16bpp/8bpp (256/64/8 colors), Greyscale for
        low color modes.
-     * Support for UltraVNC extensions: Single Window, Disable
+     * Support for UltraVNC extensions: 1/n Server side scaling, Text
-       Server-side Input, 1/n Server side scaling, Text Chat (shell
+       Chat, Single Window, Disable Server-side Input. Both UltraVNC and
-       terminal UI). Both UltraVNC and x11vnc servers support these
+       x11vnc servers support these extensions.
-       extensions.
 
    The list of software bundled in the archive files:
      * TightVNC Viewer  (windows, unix, macosx)
@@ -10305,13 +10311,43 @@ Enhanced TightVNC viewer (SSVNC) options:
         -noshm      Disable use of MIT shared memory extension (not recommended
 )
 
+        -termchat   Do the UltraVNC chat in the terminal vncviewer is in
+                    instead of in an independent window.
+
+        -unixpw str Useful for logging into x11vnc in -unixpw mode. "str" is a
+                    string that allows many ways to enter the Unix Username
+                    and Unix Password.  These characters: username, newline,
+                    password, newline are sent to the VNC server after any VNC
+                    authentication has taken place.  Under x11vnc they are
+                    used for the -unixpw login.  Other VNC servers could do
+                    something similar.
+
+                    You can also indicate "str" via the environment
+                    variable SSVNC_UNIXPW.
+
+                    Note that the Escape key is actually sent first to tell
+                    x11vnc to not echo the Unix Username back to the VNC
+                    viewer. Set SSVNC_UNIXPW_NOESC=1 to override this.
+
+                    If str is ".", then you are prompted at the command line
+                    for the username and password in the normal way.  If str is
+                    "-" the stdin is read via getpass(3) for username@password.
+                    Otherwise if str is a file, it is opened and the first line
+                    read is taken as the Unix username and the 2nd as the
+                    password. If str prefixed by "rm:" the file is removed
+                    after reading. Otherwise, if str has a "@" character,
+                    it is taken as username@password. Otherwise, the program
+                    exits with an error. Got all that?
+
+
    New Popup actions:
 
+        ViewOnly:                ~ -viewonly
+        Disable Bell:            ~ -nobell
         Cursor Shape:            ~ -nocursorshape
         X11 Cursor:              ~ -x11cursor
         Cursor Alphablend:       ~ -alpha
         Disable JPEG:            ~ -nojpeg
-        Prefer raw for localhost ~ -rawlocal
         Full Color                 as many colors as local screen allows.
         Grey scale (16 & 8-bpp)  ~ -grey, for low colors 16/8bpp modes only.
         16 bit color (BGR565)    ~ -16bpp / -bgr565
@@ -10320,14 +10356,15 @@ Enhanced TightVNC viewer (SSVNC) options:
          64 colors               ~ -bgr222 / -use64
           8 colors               ~ -bgr111 / -use8
 
+        UltraVNC Extensions:
         Disable Remote Input       Ultravnc ext. Try to prevent input and
                                    viewing of monitor at physical display.
         Single Window              Ultravnc ext. Grab and view a single window.
                                    (click on the window you want).
         Set 1/n Server Scale       Ultravnc ext. Scale desktop by 1/n.
                                    prompt is from the terminal.
-        Text Chat                  Ultravnc ext. Do Text Chat, currently
+        Text Chat                  Ultravnc ext. Do Text Chat.
-                                   input via the terminal (no window).
+
 
         Note: the Ultravnc extensions only apply to servers that support
               them.  x11vnc/libvncserver supports some of them.
@@ -10394,12 +10431,18 @@ es and source AND full archives in the zip dir. (~15MB)
 
    You can try for an older one by replacing, e.g. ".16" by ".11", etc.
 
-   Sorry for the inconvenience of lumping all the Unix binaries and
+   Here are the corresponding "development" bundles:
-   source together in one archive. To save space you can delete the src
+  [24]ssvnc_windows_only-1.0.17.zip
-   subdirectory if you like.
+  [25]ssvnc_no_windows-1.0.17.tar.gz
+  [26]ssvnc_unix_only-1.0.17.tar.gz
+  [27]ssvnc_unix_minimal-1.0.17.tar.gz
+
+  [28]ssvnc-1.0.17.tar.gz
+  [29]ssvnc-1.0.17.zip
+  [30]ssvnc_all-1.0.17.zip
 
    A self-extracting and running file for the "ssvnc_unix_minimal"
-   package is here: [24]ssvnc. Save it as filename "ssvnc", type "chmod
+   package is here: [31]ssvnc. Save it as filename "ssvnc", type "chmod
    755 ./ssvnc", and then launch the GUI via typing "./ssvnc". Note that
    this "ssvnc_unix_minimal" mode requires you install the "stunnel" and
    "vncviewer" programs externally (for example, install your distros'
@@ -10438,13 +10481,13 @@ es and source AND full archives in the zip dir. (~15MB)
    redistribute the above because of cryptographic software they contain
    or for other reasons. Please check out your situation and information
    at the following and related sites:
-        [25]http://www.stunnel.org
+        [32]http://www.stunnel.org
-        [26]http://stunnel.mirt.net
+        [33]http://stunnel.mirt.net
-        [27]http://www.openssl.org
+        [34]http://www.openssl.org
-        [28]http://www.chiark.greenend.org.uk/~sgtatham/putty/
+        [35]http://www.chiark.greenend.org.uk/~sgtatham/putty/
-        [29]http://www.tightvnc.com
+        [36]http://www.tightvnc.com
-        [30]http://www.realvnc.com
+        [37]http://www.realvnc.com
-        [31]http://sourceforge.net/projects/cotvnc/
+        [38]http://sourceforge.net/projects/cotvnc/
      _________________________________________________________________
 
    Here is the toplevel README from the bundle:
@@ -10915,14 +10958,21 @@ References
   21. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.16.tar.gz
   22. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.16.zip
   23. http://www.karlrunge.com/x11vnc/etv/ssvnc_all-1.0.16.zip
-  24. http://www.karlrunge.com/x11vnc/etv/ssvnc
+  24. http://www.karlrunge.com/x11vnc/etv/ssvnc_windows_only-1.0.17.zip
-  25. http://www.stunnel.org/
+  25. http://www.karlrunge.com/x11vnc/etv/ssvnc_no_windows-1.0.17.tar.gz
-  26. http://stunnel.mirt.net/
+  26. http://www.karlrunge.com/x11vnc/etv/ssvnc_unix_only-1.0.17.tar.gz
-  27. http://www.openssl.org/
+  27. http://www.karlrunge.com/x11vnc/etv/ssvnc_unix_minimal-1.0.17.tar.gz
-  28. http://www.chiark.greenend.org.uk/~sgtatham/putty/
+  28. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.17.tar.gz
-  29. http://www.tightvnc.com/
+  29. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.17.zip
-  30. http://www.realvnc.com/
+  30. http://www.karlrunge.com/x11vnc/etv/ssvnc_all-1.0.17.zip
-  31. http://sourceforge.net/projects/cotvnc/
+  31. http://www.karlrunge.com/x11vnc/etv/ssvnc
+  32. http://www.stunnel.org/
+  33. http://stunnel.mirt.net/
+  34. http://www.openssl.org/
+  35. http://www.chiark.greenend.org.uk/~sgtatham/putty/
+  36. http://www.tightvnc.com/
+  37. http://www.realvnc.com/
+  38. http://sourceforge.net/projects/cotvnc/
 	
 =======================================================================
 http://www.karlrunge.com/x11vnc/x11vnc_opts.html:
@@ -10935,7 +10985,7 @@ x11vnc: a VNC server for real X displays
    Here are all of x11vnc command line options:
 % x11vnc -opts      (see below for -help long descriptions)
 
-x11vnc: allow VNC connections to real X11 displays. 0.9.1 lastmod: 2007-05-21
+x11vnc: allow VNC connections to real X11 displays. 0.9.2 lastmod: 2007-05-26
 
 x11vnc options:
   -display disp            -auth file               -N                     
@@ -11049,7 +11099,7 @@ libvncserver-tight-extension options:
 
 % x11vnc -help
 
-x11vnc: allow VNC connections to real X11 displays. 0.9.1 lastmod: 2007-05-21
+x11vnc: allow VNC connections to real X11 displays. 0.9.2 lastmod: 2007-05-26
 
 (type "x11vnc -opts" to just list the options.)
 
@@ -11631,27 +11681,32 @@ Options:
                        send one before a 25 second timeout.  Existing clients
                        are view-only during this period.
 
+                       If the first character received is "Escape" then the
+                       unix username will not be displayed after "login:"
+                       as it is typed.  This could be of use for VNC viewers
+                       that automatically type the username and password.
+
                        Since the detailed behavior of su(1) can vary from
                        OS to OS and for local configurations, test the mode
-                       carefully on your systems before using it in production.
+                       carefully.  x11vnc will attempt to be conservative and
-                       Test different combinations of valid/invalid usernames
-                       and valid/invalid passwords to see if it behaves as
-                       expected.  x11vnc will attempt to be conservative and
                        reject a login if anything abnormal occurs.
 
-                       On FreeBSD and the other BSD's by default it is
+                       One case to note: FreeBSD and the other BSD's by
-                       impossible for the user running x11vnc to validate
+                       default it is impossible for the user running x11vnc to
-                       his *own* password via su(1) (evidently commenting out
+                       validate his *own* password via su(1) (commenting out
                        the pam_self.so entry in /etc/pam.d/su eliminates this
-                       problem).  So the x11vnc login will always *fail* for
+                       behavior).  So the x11vnc login will always *FAIL* for
                        this case (even when the correct password is supplied).
 
-                       A possible workaround for this would be to start
+                       A possible workaround for this on *BSD would be to
-                       x11vnc as root with the "-users +nobody" option to
+                       start x11vnc as root with the "-users +nobody" option
-                       immediately switch to user nobody.  Another source of
+                       to immediately switch to user nobody where the su'ing
-                       problems are PAM modules that prompt for extra info,
+                       will proceed normally.
-                       e.g. password aging modules.  These logins will fail
+
-                       as well even when the correct password is supplied.
+                       Another source of potential problems are PAM modules
+                       that prompt for extra info, e.g. password aging modules.
+                       These logins will fail as well even when the correct
+                       password is supplied.
 
                        **IMPORTANT**: to prevent the Unix password being sent
                        in *clear text* over the network, one of two schemes
@@ -12720,6 +12775,9 @@ t
                        commands, RFB_SSL_CLIENT_CERT will be set to the
                        client's x509 certificate string.
 
+                       The sslpeer= mode can aid finding X sessions via the
+                       FINDDISPLAY and FINDCREATEDISPLAY mechanisms.
+
                        To immediately switch to a user *before* connections
                        to the X display are made or any files opened use the
                        "=" character: "-users =bob".  That user needs to

x11vnc/help.c

@@ -603,27 +603,32 @@ void print_help(int mode) {
 "                       send one before a 25 second timeout.  Existing clients\n"
 "                       are view-only during this period.\n"
 "\n"
+"                       If the first character received is \"Escape\" then the\n"
+"                       unix username will not be displayed after \"login:\"\n"
+"                       as it is typed.  This could be of use for VNC viewers\n"
+"                       that automatically type the username and password.\n"
+"\n"
 "                       Since the detailed behavior of su(1) can vary from\n"
 "                       OS to OS and for local configurations, test the mode\n"
-"                       carefully on your systems before using it in production.\n"
+"                       carefully.  x11vnc will attempt to be conservative and\n"
-"                       Test different combinations of valid/invalid usernames\n"
-"                       and valid/invalid passwords to see if it behaves as\n"
-"                       expected.  x11vnc will attempt to be conservative and\n"
 "                       reject a login if anything abnormal occurs.\n"
 "\n"
-"                       On FreeBSD and the other BSD's by default it is\n"
+"                       One case to note: FreeBSD and the other BSD's by\n"
-"                       impossible for the user running x11vnc to validate\n"
+"                       default it is impossible for the user running x11vnc to\n"
-"                       his *own* password via su(1) (evidently commenting out\n"
+"                       validate his *own* password via su(1) (commenting out\n"
 "                       the pam_self.so entry in /etc/pam.d/su eliminates this\n"
-"                       problem).  So the x11vnc login will always *fail* for\n"
+"                       behavior).  So the x11vnc login will always *FAIL* for\n"
 "                       this case (even when the correct password is supplied).\n"
 "\n"
-"                       A possible workaround for this would be to start\n"
+"                       A possible workaround for this on *BSD would be to\n"
-"                       x11vnc as root with the \"-users +nobody\" option to\n"
+"                       start x11vnc as root with the \"-users +nobody\" option\n"
-"                       immediately switch to user nobody.  Another source of\n"
+"                       to immediately switch to user nobody where the su'ing\n"
-"                       problems are PAM modules that prompt for extra info,\n"
+"                       will proceed normally.\n"
-"                       e.g. password aging modules.  These logins will fail\n"
+"\n"
-"                       as well even when the correct password is supplied.\n"
+"                       Another source of potential problems are PAM modules\n"
+"                       that prompt for extra info, e.g. password aging modules.\n"
+"                       These logins will fail as well even when the correct\n"
+"                       password is supplied.\n"
 "\n"
 "                       **IMPORTANT**: to prevent the Unix password being sent\n"
 "                       in *clear text* over the network, one of two schemes\n"
@@ -676,10 +681,6 @@ void print_help(int mode) {
 "                       (default port 5500).  Please use a ssh or stunnel port\n"
 "                       redirection to the viewer machine to tunnel the reverse\n"
 "                       connection over an encrypted channel.\n"
-#if 0
-"                       Note that in -ssl\n"
-"                       mode reverse connection are disabled (see below). XXX\n"
-#endif
 "\n"
 "                       In -inetd mode the Method 1) will be enforced (not\n"
 "                       Method 2).  With -ssl in effect reverse connections\n"
@@ -1707,6 +1708,9 @@ void print_help(int mode) {
 "                       commands, RFB_SSL_CLIENT_CERT will be set to the\n"
 "                       client's x509 certificate string.\n"
 "\n"
+"                       The sslpeer= mode can aid finding X sessions via the\n"
+"                       FINDDISPLAY and FINDCREATEDISPLAY mechanisms.\n"
+"\n"
 "                       To immediately switch to a user *before* connections\n"
 "                       to the X display are made or any files opened use the\n"
 "                       \"=\" character: \"-users =bob\".  That user needs to\n"

x11vnc/options.c

@@ -206,8 +206,8 @@ int wireframe_local = 1;
 #ifdef NO_NCACHE
 #define NCACHE 0 
 #else
-#define xxNCACHE -12
+#define NCACHE -12
-#define NCACHE -1
+#define xxNCACHE -1
 #endif
 #endif
 

x11vnc/unixpw.c

@@ -1126,6 +1126,7 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
 	int x, y, i, rc, nmax = 100;
 	static char user_r[100], user[100], pass[100];
 	static int  u_cnt = 0, p_cnt = 0, first = 1;
+	static int echo = 1;
 	char keystr[100];
 	char *str;
 
@@ -1143,6 +1144,7 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
 		in_login = 1;
 		in_passwd = 0;
 		unixpw_denied = 0;
+		echo = 1;
 		if (init == 1) {
 			tries = 0;
 		}
@@ -1209,6 +1211,11 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
 	} else if (! down) {
 		return;
 	}
+	if (in_login && keysym == XK_Escape && u_cnt == 0) {
+		echo = 0;	
+		rfbLog("unixpw_keystroke: echo off.\n");
+		return;
+	}
 
 	if (in_login) {
 		if (keysym == XK_BackSpace || keysym == XK_Delete) {
@@ -1295,8 +1302,10 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
 
 				x = text_x();
 				y = text_y();
-				rfbDrawString(pscreen, &default8x16Font, x, y,
+				if (echo) {
-				    str, white_pixel());
+					rfbDrawString(pscreen, &default8x16Font, x, y,
+					    str, white_pixel());
+				}
 				mark_rect_as_modified(x, y-char_h, x+char_w,
 				    y, scaling);
 				char_col++;
@@ -1340,7 +1349,9 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
 
 if (db && db <= 2) fprintf(stderr, "u_cnt: %d %d/%d ks: 0x%x  '%s'\n", u_cnt, x, y, keysym, keystr);
 
-		rfbDrawString(pscreen, &default8x16Font, x, y, keystr, white_pixel());
+		if (echo ) {
+			rfbDrawString(pscreen, &default8x16Font, x, y, keystr, white_pixel());
+		}
 
 		mark_rect_as_modified(x, y-char_h, x+char_w, y, scaling);
 		char_col++;

x11vnc/x11vnc.1

@@ -2,7 +2,7 @@
 .TH X11VNC "1" "May 2007" "x11vnc " "User Commands"
 .SH NAME
 x11vnc - allow VNC connections to real X11 displays
-         version: 0.9.1, lastmod: 2007-05-21
+         version: 0.9.2, lastmod: 2007-05-26
 .SH SYNOPSIS
 .B x11vnc
 [OPTION]...
@@ -718,31 +718,36 @@ to supply the correct password in 3 tries or does not
 send one before a 25 second timeout.  Existing clients
 are view-only during this period.
 .IP
+If the first character received is "Escape" then the
+unix username will not be displayed after "login:"
+as it is typed.  This could be of use for VNC viewers
+that automatically type the username and password.
+.IP
 Since the detailed behavior of 
 .IR su (1)
 can vary from
 OS to OS and for local configurations, test the mode
-carefully on your systems before using it in production.
+carefully.  x11vnc will attempt to be conservative and
-Test different combinations of valid/invalid usernames
-and valid/invalid passwords to see if it behaves as
-expected.  x11vnc will attempt to be conservative and
 reject a login if anything abnormal occurs.
 .IP
-On FreeBSD and the other BSD's by default it is
+One case to note: FreeBSD and the other BSD's by
-impossible for the user running x11vnc to validate
+default it is impossible for the user running x11vnc to
-his *own* password via 
+validate his *own* password via 
 .IR su (1)
-(evidently commenting out
+(commenting out
 the pam_self.so entry in /etc/pam.d/su eliminates this
-problem).  So the x11vnc login will always *fail* for
+behavior).  So the x11vnc login will always *FAIL* for
 this case (even when the correct password is supplied).
 .IP
-A possible workaround for this would be to start
+A possible workaround for this on *BSD would be to
-x11vnc as root with the "\fB-users\fR \fI+nobody\fR" option to
+start x11vnc as root with the "\fB-users\fR \fI+nobody\fR" option
-immediately switch to user nobody.  Another source of
+to immediately switch to user nobody where the su'ing
-problems are PAM modules that prompt for extra info,
+will proceed normally.
-e.g. password aging modules.  These logins will fail
+.IP
-as well even when the correct password is supplied.
+Another source of potential problems are PAM modules
+that prompt for extra info, e.g. password aging modules.
+These logins will fail as well even when the correct
+password is supplied.
 .IP
 **IMPORTANT**: to prevent the Unix password being sent
 in *clear text* over the network, one of two schemes
@@ -1934,6 +1939,9 @@ env. vars. (see \fB-accept)\fR passed to external cmd=
 commands, RFB_SSL_CLIENT_CERT will be set to the
 client's x509 certificate string.
 .IP
+The sslpeer= mode can aid finding X sessions via the
+FINDDISPLAY and FINDCREATEDISPLAY mechanisms.
+.IP
 To immediately switch to a user *before* connections
 to the X display are made or any files opened use the
 "=" character: "\fB-users\fR \fI=bob\fR".  That user needs to

x11vnc/x11vnc_defs.c

@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
 int xdamage_base_event_type = 0;
 
 /*               date +'lastmod: %Y-%m-%d' */
-char lastmod[] = "0.9.1 lastmod: 2007-05-21";
+char lastmod[] = "0.9.2 lastmod: 2007-05-26";
 
 /* X display info */