X11VNC_EXTRA_HTTPS_PARAMS, X11VNC_HTTP_LISTEN_LOCALHOST, X11VNC_REOPEN_SLEEP_MAX,

-findauth/-auth guess FD_XDM=1 for root, work around xhost SI:localuser:root.
pull/1/head
runge 14 years ago
parent 6153bd6983
commit 8f5c9ef01e

@ -1,3 +1,11 @@
2009-12-06 Karl Runge <runge@karlrunge.com>
* x11vnc: findauth/-auth guess works with FD_XDM=1 for root
finding dm's xauthority. Work around for GDM's recent
'xhost SI:localuser:root' usage. X11VNC_REOPEN_SLEEP_MAX
for longer lived -reopen-ing. X11VNC_EXTRA_HTTPS_PARAMS for
additional URL parameters, X11VNC_HTTP_LISTEN_LOCALHOST=1 to
force libvncserver http to listen on localhost.
2009-12-04 Karl Runge <runge@karlrunge.com>
* classes/ssl: update binaries; new signing key; ss_vncviewer.
* x11vnc: add more wish possibilities for -gui. Declare crypt()

@ -2,7 +2,7 @@
Copyright (C) 2002-2009 Karl J. Runge <runge@karlrunge.com>
All rights reserved.
x11vnc README file Date: Fri Dec 4 20:44:56 EST 2009
x11vnc README file Date: Mon Dec 7 08:14:20 EST 2009
The following information is taken from these URLs:
@ -932,7 +932,12 @@ make
applies heuristics that try to determine the XAUTHORITY file. The
use of '[130]-auth guess' will use the XAUTHORITY that -findauth
reveals. This can be handy in with the lastest GDM where the
ability to store cookies in ~/.Xauthority has been removed.
ability to store cookies in ~/.Xauthority has been removed. If
x11vnc is running as root (e.g. inetd) and you add -env FD_XDM=1
to the above -findauth or -auth guess command lines, it will find
the correct XAUTHORITY for the given display (this works for
XDM/GDM/KDM if the login greeter panel is up or if someone has
already logged into an X session.)
* The FINDDISPLAY and FINDCREATEDISPLAY modes (i.e. "[131]-display
WAIT:cmd=...", [132]-find, [133]-create) now work correctly for
the user-supplied login program scheme "[134]-unixpw_cmd ...", as
@ -12894,7 +12899,7 @@ x11vnc: a VNC server for real X displays
Here are all of x11vnc command line options:
% x11vnc -opts (see below for -help long descriptions)
x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-04
x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-06
x11vnc options:
-display disp -auth file -N
@ -13021,7 +13026,7 @@ libvncserver-tight-extension options:
% x11vnc -help
x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-04
x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-06
(type "x11vnc -opts" to just list the options.)
@ -13089,6 +13094,12 @@ Options:
mechanism (described below) to try to guess the
XAUTHORITY filename and use it.
XDM/GDM/KDM: if you are running x11vnc as root and want
to find the XAUTHORITY before anyone has logged into an
X session yet, use: x11vnc -env FD_XDM=1 -auth guess ...
(This will also find the XAUTHORITY if a user is already
logged into the X session.)
-N If the X display is :N, try to set the VNC display to
also be :N This just sets the -rfbport option to 5900+N
The program will exit immediately if that port is not
@ -13110,7 +13121,10 @@ Options:
for display managers like GDM (KillInitClients option)
that kill x11vnc just after the user logs into the
X session. Note: the reopened state may be unstable.
Set X11VNC_REOPEN_DISPLAY=n to reopen n times.
Set X11VNC_REOPEN_DISPLAY=n to reopen n times and
set X11VNC_REOPEN_SLEEP_MAX to the number of seconds,
default 10, to keep trying to reopen the display (once
per second.)
Update: as of 0.9.9, x11vnc tries to automatically avoid
being killed by the display manager by delaying creating
@ -14018,17 +14032,23 @@ Options:
(i.e. all the X displays on the local machine that you
have access rights to).
-findauth [disp] Apply the -find/-finddpy heuristics to try to guess the
XAUTHORITY file for DISPLAY 'disp'. If 'disp' is not
supplied, then the value in the -display earlier in
-findauth [disp] Apply the -find/-finddpy heuristics to try to guess
the XAUTHORITY file for DISPLAY 'disp'. If 'disp'
is not supplied, then the value in the -display on
the cmdline is used; failing that $DISPLAY is used;
and failing that ":0" is used.
If nothing is printed out, that means no XAUTHORITY was
found for 'disp'. If "XAUTHORITY=" is printed out,
that means use the default (i.e. do not set XAUTHORITY).
If "XAUTHORITY=/path/to/file" is printed out, then
use that file.
found for 'disp'; i.e. failure. If "XAUTHORITY="
is printed out, that means use the default (i.e. do
not set XAUTHORITY). If "XAUTHORITY=/path/to/file"
is printed out, then use that file.
XDM/GDM/KDM: if you are running x11vnc as root and want
to find the XAUTHORITY before anyone has logged into an
X session yet, use: x11vnc -env FD_XDM=1 -findauth ...
(This will also find the XAUTHORITY if a user is already
logged into the X session.)
-create First try to find the user's display using FINDDISPLAY,
if that doesn't succeed create an X session via the
@ -14270,6 +14290,12 @@ Options:
for how to disable this for dtgreet on Solaris and
possibly for other greeters.
In -find/cmd=FINDDISPLAY mode, if you set FD_XDM=1,
e.g. 'x11vnc -env FD_XDM=1 -find ...' and x11vnc is
running as root (e.g. inetd) then it will try to find
the XAUTHORITY file of a running XDM/GDM/KDM login
greeter (i.e. no user has logged into an X session yet.)
As another special case, WAIT:cmd=HTTPONCE will allow
x11vnc to service one http request and then exit.
This is usually done in -inetd mode to run on, say,
@ -15269,7 +15295,21 @@ Options:
to include the PORT= in the browser URL, simply supply
"-httpsredir" to x11vnc.
This options does not work in -stunnel mode.
This option does not work in -stunnel mode.
More tricks: set the env var X11VNC_EXTRA_HTTPS_PARAMS
to be extra URL parameters to use. This way you do
not need to specify extra PARAMS in the index.vnc file.
E.g. x11vnc -env X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' ...
If you do not want to expose the non-SSL HTTP port to
the network (i.e. you just want the single VNC/HTTPS
port, e.g. 5900, open for connections) then specify the
option -env X11VNC_HTTP_LISTEN_LOCALHOST=1 This way
the connection to the libvncserver httpd server will
only be available on localhost (note that in -ssl mode,
HTTPS requests are redirected from SSL to the non-SSL
libvncserver HTTP server.)
-http_oneport For UN-encrypted connections mode (i.e. no -ssl,
-stunnel, or -enc options), allow the Java VNC Viewer
@ -15301,6 +15341,10 @@ Options:
mode when using an SSH tunnel as well as for router
port redirections.
Note that the -env X11VNC_HTTP_LISTEN_LOCALHOST=1
option described above under -httpsredir applies for
the libvncserver httpd server in all cases (ssl or not.)
-ssh user@host:disp Create a remote listening port on machine "host"
via a SSH tunnel using the -R rport:localhost:lport
method. lport will be the local x11vnc listening port,
@ -16135,6 +16179,12 @@ t
-buttonmap currently does not work on MacOSX console
or in -rawfb mode.
Workaround: use -buttonmap IJ...-LM...=n to limit the
number of mouse buttons to n, e.g. 123-123=3. This will
prevent x11vnc from crashing if the X server reports
there are 5 buttons (4/5 scroll wheel), but there are
only really 3.
-nodragging Do not update the display during mouse dragging events
(mouse button held down). Greatly improves response on
slow setups, but you lose all visual feedback for drags,

@ -325,13 +325,23 @@ static int XIOerr(Display *d) {
#if !NO_X11
if (reopen < rmax && getenv("X11VNC_REOPEN_DISPLAY")) {
int db = getenv("X11VNC_REOPEN_DEBUG") ? 1 : 0;
int sleepmax = 10, i;
Display *save_dpy = dpy;
char *dstr = DisplayString(save_dpy);
char *dstr = strdup(DisplayString(save_dpy));
reopen++;
if (getenv("X11VNC_REOPEN_SLEEP_MAX")) {
sleepmax = atoi(getenv("X11VNC_REOPEN_SLEEP_MAX"));
}
rfbLog("*** XIO error: Trying to reopen[%d/%d] display '%s'\n", reopen, rmax, dstr);
rfbLog("*** XIO error: Note the reopened state may be unstable.\n");
usleep (3000 * 1000);
dpy = XOpenDisplay_wr(dstr);
for (i=0; i < sleepmax; i++) {
usleep (1000 * 1000);
dpy = XOpenDisplay_wr(dstr);
rfbLog("dpy[%d/%d]: %p\n", i+1, sleepmax, dpy);
if (dpy) {
break;
}
}
last_open_xdisplay = time(NULL);
if (dpy) {
rfbLog("*** XIO error: Reopened display '%s' successfully.\n", dstr);
@ -353,6 +363,7 @@ static int XIOerr(Display *d) {
do_new_fb(1);
if (db) rfbLog("*** XIO error: check_xevents\n");
check_xevents(1);
/* sadly, we can never return... */
if (db) rfbLog("*** XIO error: watch_loop\n");
watch_loop();

@ -118,6 +118,12 @@ void print_help(int mode) {
" mechanism (described below) to try to guess the\n"
" XAUTHORITY filename and use it.\n"
"\n"
" XDM/GDM/KDM: if you are running x11vnc as root and want\n"
" to find the XAUTHORITY before anyone has logged into an\n"
" X session yet, use: x11vnc -env FD_XDM=1 -auth guess ...\n"
" (This will also find the XAUTHORITY if a user is already\n"
" logged into the X session.)\n"
"\n"
"-N If the X display is :N, try to set the VNC display to\n"
" also be :N This just sets the -rfbport option to 5900+N\n"
" The program will exit immediately if that port is not\n"
@ -139,7 +145,10 @@ void print_help(int mode) {
" for display managers like GDM (KillInitClients option)\n"
" that kill x11vnc just after the user logs into the\n"
" X session. Note: the reopened state may be unstable.\n"
" Set X11VNC_REOPEN_DISPLAY=n to reopen n times.\n"
" Set X11VNC_REOPEN_DISPLAY=n to reopen n times and\n"
" set X11VNC_REOPEN_SLEEP_MAX to the number of seconds,\n"
" default 10, to keep trying to reopen the display (once\n"
" per second.)\n"
"\n"
" Update: as of 0.9.9, x11vnc tries to automatically avoid\n"
" being killed by the display manager by delaying creating\n"
@ -1064,17 +1073,23 @@ void print_help(int mode) {
" (i.e. all the X displays on the local machine that you\n"
" have access rights to).\n"
"\n"
"-findauth [disp] Apply the -find/-finddpy heuristics to try to guess the\n"
" XAUTHORITY file for DISPLAY 'disp'. If 'disp' is not\n"
" supplied, then the value in the -display earlier in\n"
"-findauth [disp] Apply the -find/-finddpy heuristics to try to guess\n"
" the XAUTHORITY file for DISPLAY 'disp'. If 'disp'\n"
" is not supplied, then the value in the -display on\n"
" the cmdline is used; failing that $DISPLAY is used;\n"
" and failing that \":0\" is used.\n"
"\n"
" If nothing is printed out, that means no XAUTHORITY was\n"
" found for 'disp'. If \"XAUTHORITY=\" is printed out,\n"
" that means use the default (i.e. do not set XAUTHORITY).\n"
" If \"XAUTHORITY=/path/to/file\" is printed out, then\n"
" use that file.\n"
" found for 'disp'; i.e. failure. If \"XAUTHORITY=\"\n"
" is printed out, that means use the default (i.e. do\n"
" not set XAUTHORITY). If \"XAUTHORITY=/path/to/file\"\n"
" is printed out, then use that file.\n"
"\n"
" XDM/GDM/KDM: if you are running x11vnc as root and want\n"
" to find the XAUTHORITY before anyone has logged into an\n"
" X session yet, use: x11vnc -env FD_XDM=1 -findauth ...\n"
" (This will also find the XAUTHORITY if a user is already\n"
" logged into the X session.)\n"
"\n"
"-create First try to find the user's display using FINDDISPLAY,\n"
" if that doesn't succeed create an X session via the\n"
@ -1316,6 +1331,12 @@ void print_help(int mode) {
" for how to disable this for dtgreet on Solaris and\n"
" possibly for other greeters.\n"
"\n"
" In -find/cmd=FINDDISPLAY mode, if you set FD_XDM=1,\n"
" e.g. 'x11vnc -env FD_XDM=1 -find ...' and x11vnc is\n"
" running as root (e.g. inetd) then it will try to find\n"
" the XAUTHORITY file of a running XDM/GDM/KDM login\n"
" greeter (i.e. no user has logged into an X session yet.)\n"
"\n"
" As another special case, WAIT:cmd=HTTPONCE will allow\n"
" x11vnc to service one http request and then exit.\n"
" This is usually done in -inetd mode to run on, say,\n"
@ -2315,7 +2336,21 @@ void print_help(int mode) {
" to include the PORT= in the browser URL, simply supply\n"
" \"-httpsredir\" to x11vnc.\n"
"\n"
" This options does not work in -stunnel mode.\n"
" This option does not work in -stunnel mode.\n"
"\n"
" More tricks: set the env var X11VNC_EXTRA_HTTPS_PARAMS\n"
" to be extra URL parameters to use. This way you do\n"
" not need to specify extra PARAMS in the index.vnc file.\n"
" E.g. x11vnc -env X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' ...\n"
"\n"
" If you do not want to expose the non-SSL HTTP port to\n"
" the network (i.e. you just want the single VNC/HTTPS\n"
" port, e.g. 5900, open for connections) then specify the\n"
" option -env X11VNC_HTTP_LISTEN_LOCALHOST=1 This way\n"
" the connection to the libvncserver httpd server will\n"
" only be available on localhost (note that in -ssl mode,\n"
" HTTPS requests are redirected from SSL to the non-SSL\n"
" libvncserver HTTP server.)\n"
"\n"
"-http_oneport For UN-encrypted connections mode (i.e. no -ssl,\n"
" -stunnel, or -enc options), allow the Java VNC Viewer\n"
@ -2347,6 +2382,10 @@ void print_help(int mode) {
" mode when using an SSH tunnel as well as for router\n"
" port redirections.\n"
"\n"
" Note that the -env X11VNC_HTTP_LISTEN_LOCALHOST=1\n"
" option described above under -httpsredir applies for\n"
" the libvncserver httpd server in all cases (ssl or not.)\n"
"\n"
"-ssh user@host:disp Create a remote listening port on machine \"host\"\n"
" via a SSH tunnel using the -R rport:localhost:lport\n"
" method. lport will be the local x11vnc listening port,\n"
@ -3179,6 +3218,12 @@ void print_help(int mode) {
" -buttonmap currently does not work on MacOSX console\n"
" or in -rawfb mode.\n"
"\n"
" Workaround: use -buttonmap IJ...-LM...=n to limit the\n"
" number of mouse buttons to n, e.g. 123-123=3. This will\n"
" prevent x11vnc from crashing if the X server reports\n"
" there are 5 buttons (4/5 scroll wheel), but there are\n"
" only really 3.\n"
"\n"
"-nodragging Do not update the display during mouse dragging events\n"
" (mouse button held down). Greatly improves response on\n"
" slow setups, but you lose all visual feedback for drags,\n"

@ -469,6 +469,20 @@ int check_httpdir(void) {
}
}
static void rfb_http_init_sockets(void) {
in_addr_t iface;
if (!screen) {
return;
}
iface = screen->listenInterface;
if (getenv("X11VNC_HTTP_LISTEN_LOCALHOST")) {
rfbLog("http_connections: HTTP listen on localhost only. (not HTTPS)\n");
screen->listenInterface = htonl(INADDR_LOOPBACK);
}
rfbHttpInitSockets(screen);
screen->listenInterface = iface;
}
void http_connections(int on) {
if (!screen) {
return;
@ -492,7 +506,7 @@ void http_connections(int on) {
screen->httpInitDone = FALSE;
if (check_httpdir()) {
screen->httpDir = http_dir;
rfbHttpInitSockets(screen);
rfb_http_init_sockets();
if (screen->httpPort != 0 && screen->httpListenSock < 0) {
rfbLog("http_connections: failed to listen on http port: %d\n", screen->httpPort);
clean_up_exit(1);
@ -526,7 +540,7 @@ static void reset_httpport(int old, int new) {
}
rfbLog("reset_httpport: setting httpport %d -> %d.\n",
old == -1 ? hp : old, hp);
rfbHttpInitSockets(screen);
rfb_http_init_sockets();
if (screen->httpPort != 0 && screen->httpListenSock < 0) {
rfbLog("reset_httpport: failed to listen on http port: %d\n", screen->httpPort);
}

@ -3681,20 +3681,27 @@ static void announce_http(int lport, int ssl, char *iface, char *extra) {
char *host = this_host();
char *jvu;
int http = 0;
if (enc_str && !strcmp(enc_str, "none") && !use_stunnel) {
jvu = "Java viewer URL: http";
http = 1;
} else if (ssl == 1) {
jvu = "Java SSL viewer URL: https";
} else if (ssl == 2) {
jvu = "Java SSL viewer URL: http";
http = 1;
} else {
jvu = "Java viewer URL: http";
http = 1;
}
if (iface != NULL && *iface != '\0' && strcmp(iface, "any")) {
host = iface;
}
if (http && getenv("X11VNC_HTTP_LISTEN_LOCALHOST")) {
host = "localhost";
}
if (host != NULL) {
if (! inetd) {
fprintf(stderr, "%s://%s:%d/%s\n", jvu, host, lport, extra);
@ -3763,7 +3770,8 @@ void do_mention_java_urls(void) {
rfbLog("Where you replace \"host:port\" with that printed below, or\n");
rfbLog("whatever is needed to reach the host e.g. Internet IP number\n");
rfbLog("\n");
rfbLog("Append ?GET=1 to a URL for faster loading.\n");
rfbLog("Append ?GET=1 to a URL for faster loading or supply:\n");
rfbLog("-env X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' to cmdline.\n");
}
}
rfbLog("\n");

@ -3626,8 +3626,26 @@ void accept_openssl(int mode, int presock) {
* the rest of the SSL session to it:
*/
if (n > 0) {
if (db) fprintf(stderr, "sending http buffer httpsock: %d\n'%s'\n", httpsock, buf);
write(httpsock, buf, n);
char *s = getenv("X11VNC_EXTRA_HTTPS_PARAMS");
int did_extra = 0;
if (db) fprintf(stderr, "sending http buffer httpsock: %d n=%d\n'%s'\n", httpsock, n, buf);
if (s != NULL) {
char *q = strstr(buf, " HTTP/");
if (q) {
int m;
*q = '\0';
m = strlen(buf);
write(httpsock, buf, m);
write(httpsock, s, strlen(s));
*q = ' ';
write(httpsock, q, n-m);
did_extra = 1;
}
}
if (!did_extra) {
write(httpsock, buf, n);
}
}
ssl_xfer(httpsock, s_in, s_out, is_http);
rfbLog("SSL: ssl_helper[%d]: exit case 6 (https ssl_xfer done)\n", getpid());

@ -1017,6 +1017,14 @@ char find_display[] =
" fi\n"
"}\n"
"\n"
"am_root=\"\"\n"
"if id | sed -e 's/ gid.*$//' | grep -w root > /dev/null; then\n"
" am_root=1\n"
"fi\n"
"am_gdm=\"\"\n"
"if id | sed -e 's/ gid.*$//' | grep -w gdm > /dev/null; then\n"
" am_gdm=1\n"
"fi\n"
"\n"
"# this mode is to try to grab a display manager (gdm, kdm, xdm...) display\n"
"# when we are run as root (e.g. no one is logged in yet). We look at the\n"
@ -1037,42 +1045,72 @@ char find_display[] =
" #\n"
" env XAUTHORITY=\"$xa\" xdpyinfo -display \"$da\" >/dev/null 2>&1\n"
" if [ $? = 0 ]; then\n"
" env XAUTHORITY=/dev/null xdpyinfo -display \"$da\" >/dev/null 2>&1\n"
" if [ $? != 0 ]; then\n"
" y=`prdpy $da`\n"
" echo \"DISPLAY=$y\"\n"
" if [ \"X$showxauth\" != \"X\" ]; then\n"
" # copy the cookie:\n"
" cook=`xauth -f \"$xa\" list | head -n 1 | awk '{print $NF}'`\n"
" xtf=$HOME/.xat.$$\n"
" xtf=`mytmp \"$xtf\"`\n"
" if [ ! -f $xtf ]; then\n"
" xtf=/tmp/.xat.$$\n"
" xtf=`mytmp \"$xtf\"`\n"
" si_root=\"\"\n"
" si_gdm=\"\"\n"
" # recent gdm seems to use SI:localuser: for xauth.\n"
" if env DISPLAY=\"$da\" xhost 2>/dev/null | grep -i '^SI:localuser:root$' > /dev/null; then\n"
" si_root=1\n"
" fi\n"
" if env DISPLAY=\"$da\" xhost 2>/dev/null | grep -i '^SI:localuser:gdm$' > /dev/null; then\n"
" si_gdm=1\n"
" fi\n"
" env XAUTHORITY=/dev/null xdpyinfo -display \"$da\" >/dev/null 2>&1\n"
" rc=$?\n"
" if [ \"X$rc\" = \"X0\" ]; then\n"
" # assume it is ok for server interpreted case.\n"
" if [ \"X$am_root\" = \"X1\" -a \"X$si_root\" = \"X1\" ]; then\n"
" rc=5\n"
" elif [ \"X$am_gdm\" = \"X1\" -a \"X$si_gdm\" = \"X1\" ]; then\n"
" rc=6\n"
" fi\n"
" if [ ! -f $xtf ]; then\n"
" xtf=/tmp/.xatb.$$\n"
" rm -f $xtf\n"
" if [ -f $xtf ]; then\n"
" exit 1\n"
" fi\n"
" if [ $rc != 0 ]; then\n"
" y=`prdpy $da`\n"
" if [ \"X$FIND_DISPLAY_NO_SHOW_DISPLAY\" = \"X\" ]; then\n"
" echo \"DISPLAY=$y\"\n"
" fi\n"
" if [ \"X$FIND_DISPLAY_XAUTHORITY_PATH\" != \"X\" ]; then\n"
" # caller wants XAUTHORITY printed out too.\n"
" if [ \"X$xa\" != \"X\" -a -f \"$xa\" ]; then\n"
" echo \"XAUTHORITY=$xa\"\n"
" else\n"
" echo \"XAUTHORITY=$XAUTHORITY\"\n"
" fi\n"
" fi\n"
" if [ \"X$showxauth\" != \"X\" ]; then\n"
" # copy the cookie:\n"
" cook=`xauth -f \"$xa\" list | head -n 1 | awk '{print $NF}'`\n"
" xtf=$HOME/.xat.$$\n"
" xtf=`mytmp \"$xtf\"`\n"
" if [ ! -f $xtf ]; then\n"
" xtf=/tmp/.xat.$$\n"
" xtf=`mytmp \"$xtf\"`\n"
" fi\n"
" touch $xtf 2>/dev/null\n"
" chmod 600 $xtf 2>/dev/null\n"
" if [ ! -f $xtf ]; then\n"
" exit 1\n"
" xtf=/tmp/.xatb.$$\n"
" rm -f $xtf\n"
" if [ -f $xtf ]; then\n"
" exit 1\n"
" fi\n"
" touch $xtf 2>/dev/null\n"
" chmod 600 $xtf 2>/dev/null\n"
" if [ ! -f $xtf ]; then\n"
" exit 1\n"
" fi\n"
" fi\n"
" xauth -f $xtf add \"$da\" . $cook\n"
" xauth -f $xtf extract - \"$da\" 2>/dev/null\n"
" rm -f $xtf\n"
" fi\n"
" xauth -f $xtf add \"$da\" . $cook\n"
" xauth -f $xtf extract - \"$da\" 2>/dev/null\n"
" rm -f $xtf\n"
" # DONE\n"
" exit 0\n"
" fi\n"
" # DONE\n"
" exit 0\n"
" fi\n"
" fi\n"
" fi\n"
" done\n"
" echo \"\" # failure\n"
" if [ \"X$FIND_DISPLAY_XAUTHORITY_PATH\" = \"X\" ]; then\n"
" echo \"\" # failure\n"
" fi\n"
" if [ \"X$showxauth\" != \"X\" ]; then\n"
" echo \"\"\n"
" fi\n"
@ -1106,7 +1144,7 @@ char find_display[] =
" for xa in /tmp/.gdm* /tmp/.Xauth* /var/run/gdm/auth-for-*/database /var/run/gdm/auth-cookie-*-for-*\n"
" do\n"
" # try to be somewhat careful about the real owner of the file:\n"
" if id | sed -e 's/ gid.*$//' | grep -w root > /dev/null; then\n"
" if [ \"X$am_root\" = \"X1\" ]; then\n"
" break\n"
" fi\n"
" if [ -f $xa -a -r $xa ]; then\n"

@ -2,7 +2,7 @@
.TH X11VNC "1" "December 2009" "x11vnc " "User Commands"
.SH NAME
x11vnc - allow VNC connections to real X11 displays
version: 0.9.9, lastmod: 2009-12-04
version: 0.9.9, lastmod: 2009-12-06
.SH SYNOPSIS
.B x11vnc
[OPTION]...
@ -80,6 +80,12 @@ man pages for more info.
Use '-auth guess' to have x11vnc use its \fB-findauth\fR
mechanism (described below) to try to guess the
XAUTHORITY filename and use it.
.IP
XDM/GDM/KDM: if you are running x11vnc as root and want
to find the XAUTHORITY before anyone has logged into an
X session yet, use: x11vnc \fB-env\fR FD_XDM=1 \fB-auth\fR guess ...
(This will also find the XAUTHORITY if a user is already
logged into the X session.)
.PP
\fB-N\fR
.IP
@ -110,7 +116,10 @@ reopen the X display (up to one time.) This is of use
for display managers like GDM (KillInitClients option)
that kill x11vnc just after the user logs into the
X session. Note: the reopened state may be unstable.
Set X11VNC_REOPEN_DISPLAY=n to reopen n times.
Set X11VNC_REOPEN_DISPLAY=n to reopen n times and
set X11VNC_REOPEN_SLEEP_MAX to the number of seconds,
default 10, to keep trying to reopen the display (once
per second.)
.IP
Update: as of 0.9.9, x11vnc tries to automatically avoid
being killed by the display manager by delaying creating
@ -1184,17 +1193,23 @@ have access rights to).
.PP
\fB-findauth\fR \fI[disp]\fR
.IP
Apply the \fB-find/-finddpy\fR heuristics to try to guess the
XAUTHORITY file for DISPLAY 'disp'. If 'disp' is not
supplied, then the value in the \fB-display\fR earlier in
Apply the \fB-find/-finddpy\fR heuristics to try to guess
the XAUTHORITY file for DISPLAY 'disp'. If 'disp'
is not supplied, then the value in the \fB-display\fR on
the cmdline is used; failing that $DISPLAY is used;
and failing that ":0" is used.
.IP
If nothing is printed out, that means no XAUTHORITY was
found for 'disp'. If "XAUTHORITY=" is printed out,
that means use the default (i.e. do not set XAUTHORITY).
If "XAUTHORITY=/path/to/file" is printed out, then
use that file.
found for 'disp'; i.e. failure. If "XAUTHORITY="
is printed out, that means use the default (i.e. do
not set XAUTHORITY). If "XAUTHORITY=/path/to/file"
is printed out, then use that file.
.IP
XDM/GDM/KDM: if you are running x11vnc as root and want
to find the XAUTHORITY before anyone has logged into an
X session yet, use: x11vnc \fB-env\fR FD_XDM=1 \fB-findauth\fR ...
(This will also find the XAUTHORITY if a user is already
logged into the X session.)
.PP
\fB-create\fR
.IP
@ -1471,6 +1486,12 @@ www.karlrunge.com/x11vnc/faq.html#faq-display-manager
for how to disable this for dtgreet on Solaris and
possibly for other greeters.
.IP
In \fB-find/cmd=FINDDISPLAY\fR mode, if you set FD_XDM=1,
e.g. 'x11vnc \fB-env\fR FD_XDM=1 \fB-find\fR ...' and x11vnc is
running as root (e.g. inetd) then it will try to find
the XAUTHORITY file of a running XDM/GDM/KDM login
greeter (i.e. no user has logged into an X session yet.)
.IP
As another special case, WAIT:cmd=HTTPONCE will allow
x11vnc to service one http request and then exit.
This is usually done in \fB-inetd\fR mode to run on, say,
@ -2540,7 +2561,21 @@ https://mygateway.com:8000/?PORT=8000. To avoid having
to include the PORT= in the browser URL, simply supply
"\fB-httpsredir\fR" to x11vnc.
.IP
This options does not work in \fB-stunnel\fR mode.
This option does not work in \fB-stunnel\fR mode.
.IP
More tricks: set the env var X11VNC_EXTRA_HTTPS_PARAMS
to be extra URL parameters to use. This way you do
not need to specify extra PARAMS in the index.vnc file.
E.g. x11vnc \fB-env\fR X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' ...
.IP
If you do not want to expose the non-SSL HTTP port to
the network (i.e. you just want the single VNC/HTTPS
port, e.g. 5900, open for connections) then specify the
option \fB-env\fR X11VNC_HTTP_LISTEN_LOCALHOST=1 This way
the connection to the libvncserver httpd server will
only be available on localhost (note that in \fB-ssl\fR mode,
HTTPS requests are redirected from SSL to the non-SSL
libvncserver HTTP server.)
.PP
\fB-http_oneport\fR
.IP
@ -2573,6 +2608,10 @@ it means only one port needs to be redirected.
The \fB-httpsredir\fR option may also be useful for this
mode when using an SSH tunnel as well as for router
port redirections.
.IP
Note that the \fB-env\fR X11VNC_HTTP_LISTEN_LOCALHOST=1
option described above under \fB-httpsredir\fR applies for
the libvncserver httpd server in all cases (ssl or not.)
.PP
\fB-ssh\fR \fIuser@host:disp\fR
.IP
@ -3605,6 +3644,12 @@ To include button events use "Button1", ... etc.
.IP
\fB-buttonmap\fR currently does not work on MacOSX console
or in \fB-rawfb\fR mode.
.IP
Workaround: use \fB-buttonmap\fR IJ...-LM...=n to limit the
number of mouse buttons to n, e.g. 123-123=3. This will
prevent x11vnc from crashing if the X server reports
there are 5 buttons (4/5 scroll wheel), but there are
only really 3.
.PP
\fB-nodragging\fR
.IP

@ -2013,6 +2013,7 @@ int main(int argc, char* argv[]) {
int got_tls = 0;
int got_inetd = 0;
int got_noxrandr = 0;
int got_findauth = 0;
/* used to pass args we do not know about to rfbGetScreen(): */
int argc_vnc_max = 1024;
@ -2180,24 +2181,14 @@ int main(int argc, char* argv[]) {
continue;
}
if (!strcmp(arg, "-findauth")) {
int ic = 0;
if (use_dpy != NULL) {
set_env("DISPLAY", use_dpy);
}
use_dpy = strdup("WAIT:cmd=FINDDISPLAY-run");
got_findauth = 1;
if (argc > i+1) {
set_env("X11VNC_SKIP_DISPLAY", argv[i+1]);
} else if (getenv("DISPLAY")) {
set_env("X11VNC_SKIP_DISPLAY", getenv("DISPLAY"));
} else {
set_env("X11VNC_SKIP_DISPLAY", ":0");
char *s = argv[i+1];
if (s[0] != '-') {
set_env("FINDAUTH_DISPLAY", argv[i+1]);
i++;
}
}
set_env("X11VNC_SKIP_DISPLAY_NEGATE", "1");
set_env("FIND_DISPLAY_XAUTHORITY_PATH", "1");
set_env("FIND_DISPLAY_NO_SHOW_XAUTH", "1");
set_env("FIND_DISPLAY_NO_SHOW_DISPLAY", "1");
wait_for_client(&ic, NULL, 0);
exit(0);
continue;
}
if (!strcmp(arg, "-create")) {
@ -4030,6 +4021,33 @@ int main(int argc, char* argv[]) {
set_env("PATH", "/bin:/usr/bin");
}
/* handle -findauth case now that cmdline has been read */
if (got_findauth) {
char *s;
int ic = 0;
if (use_dpy != NULL) {
set_env("DISPLAY", use_dpy);
}
use_dpy = strdup("WAIT:cmd=FINDDISPLAY-run");
s = getenv("FINDAUTH_DISPLAY");
if (s && strcmp("", s)) {
set_env("DISPLAY", s);
}
s = getenv("DISPLAY");
if (s && strcmp("", s)) {
set_env("X11VNC_SKIP_DISPLAY", s);
} else {
set_env("X11VNC_SKIP_DISPLAY", ":0");
}
set_env("X11VNC_SKIP_DISPLAY_NEGATE", "1");
set_env("FIND_DISPLAY_XAUTHORITY_PATH", "1");
set_env("FIND_DISPLAY_NO_SHOW_XAUTH", "1");
set_env("FIND_DISPLAY_NO_SHOW_DISPLAY", "1");
wait_for_client(&ic, NULL, 0);
exit(0);
}
/* set OS struct UT */
uname(&UT);

@ -47,7 +47,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */
char lastmod[] = "0.9.9 lastmod: 2009-12-04";
char lastmod[] = "0.9.9 lastmod: 2009-12-06";
/* X display info */

Loading…
Cancel
Save