classes/ssl: Add configurable Ultra java applet Filexfer Drives

drop down (e.g. ftpDropDown=Home.Desktop.bin).  Document all
applet parameters in classes/ssl/README.
pull/1/head
runge 16 years ago
parent 8d55891ded
commit a774823bdf

@ -84,3 +84,192 @@ SignedUltraViewerSSL.jar
ultra.vnc
ultraproxy.vnc
ultravnc-102-JavaViewer-ssl-etc.patch
---------------------------------------------------------------
Applet Parameters:
Some additional applet parameters can be set via the URL, e.g.
http://host:5800/?param=value
http://host:5800/ultra.vnc?param=value
https://host:5900/ultra.vnc?param=value
etc. If running java from command line as show above, it comes
in as java ... VncViewer param value ...
There is a limitation with libvncserver that param and value can
only be alphanumeric, underscore, "+" (for space), or "."
We have added some applet parameters to the stock VNC java
viewers. Here are the applet parameters:
Both TightVNC and UltraVNC Java viewers:
HOST
string, default: none.
The Hostname to connect to.
PORT
number, default: 0
The VNC server port to connect to.
Open New Window
yes/no, default: no
Run applet in separate frame.
Show Controls
yes/no, default: yes
Show Controls button panel.
Show Offline Desktop
yes/no, default: no
Do we continue showing desktop on remote disconnect?
Defer screen updates
number, default: 20
Milliseconds delay
Defer cursor updates
number, default: 10
Milliseconds delay
Defer update requests
number, default: 50
Milliseconds delay
The following are added by x11vnc and/or ssvnc project
VNCSERVERPORT
number, default: 0
Like PORT, but if there is a firewall this is the Actual VNC
server port. PORT might be a redir port on the firewall.
DisableSSL
yes/no, default: no
Do unencrypted connection, no SSL.
httpsPort
number, default: none
When checking for proxy, use this at the url port number.
CONNECT
string, default: none
Sets to host:port for the CONNECT line to a Web proxy.
The Web proxy should connect us to it.
GET
yes/no, default: no
Set to do a special HTTP GET (/request.https.vnc.connection)
to the vnc server that will cause it to switch to VNC instead.
This is to speedup/make more robust, the single port HTTPS and VNC
mode of x11vnc (e.g. both services thru port 5900, etc)
urlPrefix
string, default: none
set to a string that will be prefixed to all URL's when contacting
the VNC server. Idea is a special proxy will use this to indicate
internal hostname, etc.
oneTimeKey
string, default: none
set a special hex "key" to correspond to an SSL X.509 cert.
See the 'onetimekey' helper script. Can also be PROMPT to
prompt the user to paste the hex key string in.
This is to try to work around the problem that the Java
applet cannot keep an SSL keystore on disk, etc.
E.g. if they log into an HTTPS website via password they
are authenticated and encrypted, then the website can
safely put oneTimeKey=... on the URL. The Vncviewer
authenticates the VNC server with this key.
forceProxy
yes/no, default: no
Assume there is a proxy.
ignoreProxy
yes/no, default: no
Don't check for a proxy, assume there is none.
trustAllVncCerts
yes/no, default: no
Automatically trust any cert received from the VNC server
(obviously this could be dangerous and lead to man in the
middle attack). Do not ask the user to verify any of these
certs from the VNC server.
trustUrlVncCert
yes/no, default: no
Automatically trust any cert that the web browsers has accepted.
E.g. the user said "Yes" or "Continue" to a web browser dialog
regarding a certificate. If we get the same cert from the VNC
server we trust it without prompting the user.
TightVNC Java viewer only:
Offer Relogin
yes/no, default: yes
"Offer Relogin" set to "No" disables "Login again"
SocketFactory
string, default: none
set Java Socket class factory.
UltraVNC Java viewer only:
PASSWORD
string, default: none
VNC session password in plain text.
ENCPASSWORD
string, default: none
VNC session password in encrypted in DES with KNOWN FIXED
key. It is a hex string. This is like the ~/.vnc/passwd format.
The following are added by x11vnc and/or ssvnc project
ftpDropDown
string, default: none
Sets the file transfer "drives" dropdown to the "." separated
list. Use "+" for space. The default is
My+Documents.Desktop.Home
for 3 entries in the dropdown in addition to the "drives"
(e.g. C:\) These items should be expanded properly by the VNC
Server. x11vnc will prepend $HOME to them, which is normally
what one wants. To include a "/" use "_2F_". Another example:
Home.Desktop.bin_2F_linux
ftpOnly
yes/no, default: no
The VNC viewer only shows the filetransfer panel, no desktop
is displayed.
graftFtp
yes/no, default: no
As ftpOnly, the VNC viewer only shows the filetransfer panel,
no desktop is displayed, however it is "grafted" onto an existing
SSVNC unix vncviewer. The special SSVNC vncviewer merges the two
channels.
dsmActive
yes/no, default: no
Special usage mode with the SSVNC unix vncviewer. The UltraVNC
DSM encryption is active. Foolishly, UltraVNC DSM encryption
*MODIFIES* the VNC protocol when active (it is not a pure tunnel).
This option indicates to modify the VNC protocol to make this work.
Usually only used with graftFtp and SSVNC unix vncviewer.
delayAuthPanel
yes/no, default: no
This is another special usage mode with the SSVNC unix vncviewer.
A login panel is delayed (not shown at startup.) Could be useful
for non SSVNC usage too.
ignoreMSLogonCheck
yes/no, default: no
Similar to delayAuthPanel, do not put up a popup asking for
Windows username, etc.

Binary file not shown.

Binary file not shown.

Binary file not shown.

@ -23,6 +23,7 @@
#
# -verify /path/to/cacert.pem
# -mycert /path/to/mycert.pem
# -crl /path/to/my_crl.pem (or directory)
# -proxy host:port
#
# -verify specifies a CA cert PEM file (or a self-signed one) for
@ -125,13 +126,31 @@ fi
PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH
# work out which stunnel t use (debian installs as stunnel4)
localhost="localhost"
if uname | grep Darwin >/dev/null; then
localhost="127.0.0.1"
fi
# work out which stunnel to use (debian installs as stunnel4)
if [ "X$STUNNEL" = "X" ]; then
type stunnel4 > /dev/null 2>&1
if [ $? = 0 ]; then
STUNNEL=stunnel4
else
STUNNEL=stunnel
check_stunnel=1
if [ "X$SSVNC_BASEDIRNAME" != "X" ]; then
if [ -x "$SSVNC_BASEDIRNAME/stunnel" ]; then
type stunnel > /dev/null 2>&1
if [ $? = 0 ]; then
# found ours
STUNNEL=stunnel
check_stunnel=0
fi
fi
fi
if [ "X$check_stunnel" = "X1" ]; then
type stunnel4 > /dev/null 2>&1
if [ $? = 0 ]; then
STUNNEL=stunnel4
else
STUNNEL=stunnel
fi
fi
fi
@ -164,6 +183,11 @@ reverse=""
ciphers=""
anondh="ALL:RC4+RSA:+SSLv2:@STRENGTH"
anondh_set=""
stunnel_debug="6"
if [ "X$SS_DEBUG" != "X" -o "X$SSVNC_VENCRYPT_DEBUG" != "X" -o "X$SSVNC_STUNNEL_DEBUG" != "X" ]; then
stunnel_debug="7"
fi
if [ "X$1" = "X-viewerflavor" ]; then
# special case, try to guess which viewer:
@ -193,16 +217,9 @@ if [ "X$1" = "X-viewerflavor" ]; then
fi
exit 0
fi
# maxconn is something we added to stunnel, this disables it:
if [ "X$SS_VNCVIEWER_NO_MAXCONN" != "X" ]; then
STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
elif echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then
STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
else
STUNNEL_ONCE=1; export STUNNEL_ONCE
STUNNEL_MAX_CLIENTS=1; export STUNNEL_MAX_CLIENTS
STUNNEL_NO_SYSLOG=1; export STUNNEL_NO_SYSLOG
if [ "X$1" = "X-viewerhelp" ]; then
$VNCVIEWERCMD -h 2>&1
exit 0
fi
# grab our cmdline options:
@ -213,6 +230,8 @@ do
;;
"-mycert") shift; mycert="$1"
;;
"-crl") shift; crl="$1"
;;
"-proxy") shift; proxy="$1"
;;
"-ssh") use_ssh=1
@ -225,6 +244,7 @@ do
"-sshargs") shift; ssh_args="$1"
;;
"-anondh") ciphers="ciphers=$anondh"
anondh_set=1
;;
"-ciphers") shift; ciphers="ciphers=$1"
;;
@ -246,6 +266,8 @@ do
;;
"-scale") shift; SSVNC_SCALE="$1"; export SSVNC_SCALE
;;
"-onelisten") SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
;;
"-escape") shift; VNCVIEWER_ESCAPE="$1"; export VNCVIEWER_ESCAPE
;;
"-ssvnc_encodings") shift; VNCVIEWER_ENCODINGS="$1"; export VNCVIEWER_ENCODINGS
@ -268,7 +290,28 @@ do
shift
done
# this is the -t ssh option (gives better keyboard responsd thru SSH tunnel)
# maxconn is something we added to stunnel, this disables it:
if [ "X$SS_VNCVIEWER_NO_MAXCONN" != "X" ]; then
STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
elif echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then
STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
elif [ "X$reverse" != "X" ]; then
STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
else
# new way (our patches). other than the above, we set these:
if [ "X$SKIP_STUNNEL_ONCE" = "X" ]; then
STUNNEL_ONCE=1; export STUNNEL_ONCE
fi
if [ "X$SKIP_STUNNEL_MAX_CLIENTS" = "X" ]; then
STUNNEL_MAX_CLIENTS=1; export STUNNEL_MAX_CLIENTS
fi
fi
# always set this one:
if [ "X$SKIP_STUNNEL_NO_SYSLOG" = "X" ]; then
STUNNEL_NO_SYSLOG=1; export STUNNEL_NO_SYSLOG
fi
# this is the -t ssh option (gives better keyboard response thru SSH tunnel)
targ="-t"
if [ "X$SS_VNCVIEWER_NO_T" != "X" ]; then
targ=""
@ -289,18 +332,18 @@ if [ "X$reverse" != "X" ]; then
# check proxy usage under reverse connection:
if [ "X$use_ssh" = "X" -a "X$use_sshssl" = "X" ]; then
echo ""
if echo "$proxy" | egrep "repeater://" > /dev/null; then
if echo "$proxy" | egrep -i "(repeater|vencrypt)://" > /dev/null; then
:
else
echo "*Warning*: SSL -listen and a Web proxy does not make sense."
sleep 3
sleep 2
fi
elif echo "$proxy" | grep "," > /dev/null; then
:
else
echo ""
echo "*Warning*: -listen and a single proxy/gateway does not make sense."
sleep 3
sleep 2
fi
SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
fi
@ -320,6 +363,14 @@ if uname -sr | egrep 'SunOS 5\.[5-8]' > /dev/null; then
dL="-h"
fi
rchk() {
# a kludge to set $RANDOM if we are not bash:
if [ "X$BASH_VERSION" = "X" ]; then
RANDOM=`date +%S``sh -c 'echo $$'``ps -elf 2>&1 | sum 2>&1 | awk '{print $1}'`
fi
}
rchk
# a portable, but not absolutely safe, tmp file creator
mytmp() {
tf=$1
@ -397,6 +448,7 @@ if echo "$orig" | grep '^vnc://' > /dev/null; then
orig=`echo "$orig" | sed -e 's,vnc://,,'`
verify=""
mycert=""
crl=""
use_ssh=""
use_sshssl=""
direct_connect=1
@ -417,6 +469,7 @@ fi
if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
verify=""
mycert=""
crl=""
use_ssh=""
use_sshssl=""
direct_connect=1
@ -459,7 +512,7 @@ fi
host=`echo "$orig" | awk -F: '{print $1}'`
disp=`echo "$orig" | awk -F: '{print $2}'`
if [ "X$host" = "X" ]; then
host=localhost
host=$localhost
fi
if [ "X$disp" = "X" ]; then
port="" # probably -listen mode.
@ -483,9 +536,9 @@ inuse=""
if uname | grep Linux > /dev/null; then
inuse=`netstat -ant | egrep 'LISTEN|WAIT|ESTABLISH|CLOSE' | awk '{print $4}' | sed 's/^.*://'`
elif uname | grep SunOS > /dev/null; then
inuse=`netstat -an -f inet -P tcp | grep LISTEN | awk '{print $1}' | sed 's/^.*\.//'`
elif uname | grep -i bsd > /dev/null; then
inuse=`netstat -ant -f inet | grep LISTEN | awk '{print $4}' | sed 's/^.*\.//'`
inuse=`netstat -an -f inet -P tcp | egrep 'LISTEN|WAIT|ESTABLISH|CLOSE' | awk '{print $1}' | sed 's/^.*\.//'`
elif uname | egrep -i 'bsd|darwin' > /dev/null; then
inuse=`netstat -ant -f inet | egrep 'LISTEN|WAIT|ESTABLISH|CLOSE' | awk '{print $4}' | sed 's/^.*\.//'`
# add others...
fi
@ -590,7 +643,14 @@ final() {
if [ "X$reverse" = "X" ]; then
# normal connections try 5930-5999:
use=`findfree 5930`
if [ "X$showcert" = "X" ]; then
use=`findfree 5930`
else
# move away from normal place for (possibly many) -showcert
pstart=`date +%S`
pstart=`expr 6130 + $pstart + $pstart`
use=`findfree $pstart`
fi
if [ $use -ge 5900 ]; then
N=`expr $use - 5900`
else
@ -612,14 +672,6 @@ if echo "$0" | grep vncip > /dev/null; then
VNCVIEWERCMD="$VNCIPCMD"
fi
rchk() {
# a kludge to set $RANDOM if we are not bash:
if [ "X$BASH_VERSION" = "X" ]; then
RANDOM=`date +%S``sh -c 'echo $$'``ps -elf 2>&1 | sum 2>&1 | awk '{print $1}'`
fi
}
rchk
# trick for the undocumented rsh://host:port method.
rsh_setup() {
if echo "$ssh_host" | grep '@' > /dev/null; then
@ -670,7 +722,7 @@ if (exists $ENV{PPROXY_SLEEP}) {
foreach my $var (qw(PPROXY_PROXY PPROXY_SOCKS PPROXY_DEST PPROXY_LISTEN
PPROXY_REVERSE PPROXY_REPEATER PPROXY_REMOVE PPROXY_KILLPID PPROXY_SLEEP)) {
if (0 || $ENV{SS_DEBUG}) {
if (0 || $ENV{SS_DEBUG} || $ENV{SSVNC_VENCRYPT_DEBUG}) {
print STDERR "$var: $ENV{$var}\n";
}
}
@ -683,7 +735,7 @@ if ($ENV{PPROXY_SOCKS} ne "" && $ENV{PPROXY_PROXY} !~ m,^socks5?://,i) {
}
}
my $rfbSecTypeTlsVnc = 18;
my $rfbSecTypeAnonTls = 18;
my $rfbSecTypeVencrypt = 19;
my $rfbVencryptPlain = 256;
@ -755,13 +807,24 @@ if ($ENV{PPROXY_REVERSE} ne "") {
die "pproxy: $! -- PPROXY_REVERSE\n";
}
print STDERR "PPROXY_REVERSE: connected to $rhost $rport\n";
} elsif ($ENV{PPROXY_LISTEN} ne "") {
my $listen_sock = IO::Socket::INET->new(
Listen => 2,
LocalAddr => "localhost",
LocalPort => $ENV{PPROXY_LISTEN},
Proto => "tcp"
);
my $listen_sock = "";
if ($ENV{PPROXY_LISTEN} =~ /^INADDR_ANY:(.*)/) {
my $p = $1;
$listen_sock = IO::Socket::INET->new(
Listen => 2,
LocalPort => $p,
Proto => "tcp"
);
} else {
$listen_sock = IO::Socket::INET->new(
Listen => 2,
LocalAddr => "127.0.0.1",
LocalPort => $ENV{PPROXY_LISTEN},
Proto => "tcp"
);
}
if (! $listen_sock) {
die "pproxy: $! -- PPROXY_LISTEN\n";
}
@ -770,6 +833,7 @@ if ($ENV{PPROXY_REVERSE} ne "") {
if (! $listen_handle) {
die "pproxy: $!\n";
}
close $listen_sock;
}
my $sock = IO::Socket::INET->new(
@ -786,6 +850,13 @@ if (! $sock) {
unlink($0) if $ENV{PPROXY_REMOVE};
if ($ENV{PPROXY_PROXY} =~ /^vencrypt:/ && $ENV{PPROXY_LISTEN} =~ /^INADDR_ANY:/) {
print STDERR "PPROXY: vencrypt+reverse: swapping listen socket with connect socket.\n";
my $tmp_swap = $sock;
$sock = $listen_handle;
$listen_handle = $tmp_swap;
}
$cur_proxy = $first;
setmode($mode_1st);
@ -810,7 +881,14 @@ if ($second ne "") {
$parent = $$;
$child = fork;
if (! defined $child) {
kill "TERM", $ENV{PPROXY_KILLPID} if $ENV{PPROXY_KILLPID};
if ($ENV{PPROXY_KILLPID}) {
foreach my $p (split(/,/, $ENV{PPROXY_KILLPID})) {
if ($p =~ /^(\+|-)/) {
$p = $parent + $p;
}
kill "TERM", $p;
}
}
exit 1;
}
@ -824,7 +902,7 @@ if ($child) {
select(undef, undef, undef, 0.25);
if (kill 0, $child) {
select(undef, undef, undef, 1.5);
#print STDERR "pproxy\[$$]: kill TERM $child\n";
print STDERR "pproxy\[$$]: kill TERM $child\n";
kill "TERM", $child;
}
} else {
@ -837,16 +915,20 @@ if ($child) {
select(undef, undef, undef, 0.25);
if (kill 0, $parent) {
select(undef, undef, undef, 1.5);
#print STDERR "pproxy\[$$]: kill TERM $parent\n";
print STDERR "pproxy\[$$]: kill TERM $parent\n";
kill "TERM", $parent;
}
}
if ($ENV{PPROXY_KILLPID} ne "") {
if ($ENV{PPROXY_KILLPID} =~ /^(\+|-)/) {
$ENV{PPROXY_KILLPID} = $$ + $ENV{PPROXY_KILLPID};
if ($ENV{PPROXY_KILLPID}) {
foreach my $p (split(/,/, $ENV{PPROXY_KILLPID})) {
if ($p =~ /^(\+|-)/) {
$p = $parent + $p;
}
print STDERR "kill TERM, $p (PPROXY_KILLPID)\n";
kill "TERM", $p;
}
}
print STDERR "kill TERM, $ENV{PPROXY_KILLPID}\n";
kill "TERM", $ENV{PPROXY_KILLPID};
}
exit;
@ -1079,12 +1161,12 @@ sub vdie {
exit(1);
}
sub tlsvnc_handshake {
sub anontls_handshake {
my ($vmode, $db) = @_;
print STDERR "PPROXY: Doing TLSVNC Handshake\n";
print STDERR "PPROXY: Doing ANONTLS Handshake\n";
my $psec = pack("C", $rfbSecTypeTlsVnc);
my $psec = pack("C", $rfbSecTypeAnonTls);
syswrite($sock, $psec, 1);
append_handshake("done\n");
@ -1097,6 +1179,13 @@ sub vencrypt_handshake {
print STDERR "PPROXY: Doing VeNCrypt Handshake\n";
my $psec = pack("C", $rfbSecTypeVencrypt);
if (exists $ENV{SSVNC_TEST_SEC_TYPE}) {
my $fake = $ENV{SSVNC_TEST_SEC_TYPE};
print STDERR "PPROXY: sending sec-type: $fake\n";
$psec = pack("C", $fake);
}
syswrite($sock, $psec, 1);
my $vmajor;
@ -1108,10 +1197,14 @@ sub vencrypt_handshake {
$vmajor = unpack("C", $vmajor);
$vminor = unpack("C", $vminor);
print STDERR "$vmajor.$vminor\n" if $db;
print STDERR "server vencrypt version $vmajor.$vminor\n" if $db;
vdie if $vmajor ne 0;
vdie if $vminor < 2;
if (exists $ENV{SSVNC_TEST_SEC_TYPE}) {
print STDERR "PPROXY: continuing on in test mode.\n";
} else {
vdie if $vmajor ne 0;
vdie if $vminor < 2;
}
$vmajor = pack("C", 0);
$vminor = pack("C", 2);
@ -1122,6 +1215,7 @@ sub vencrypt_handshake {
my $result;
sysread($sock, $result, 1);
print STDERR "result empty\n" if $db && $result eq "";
vdie if $result eq "";
$result = unpack("C", $result);
@ -1170,12 +1264,23 @@ sub vencrypt_handshake {
$subtype = $rfbVencryptTlsPlain;
print STDERR "selected rfbVencryptTlsPlain\n" if $db;
}
if (exists $ENV{SSVNC_TEST_SEC_SUBTYPE}) {
my $fake = $ENV{SSVNC_TEST_SEC_SUBTYPE};
print STDERR "PPROXY: sending sec-subtype: $fake\n";
$subtype = $fake;
}
append_handshake("subtype=$subtype\n");
my $pst = pack("N", $subtype);
syswrite($sock, $pst, 4);
vdie if $subtype == 0;
if (exists $ENV{SSVNC_TEST_SEC_SUBTYPE}) {
print STDERR "PPROXY: continuing on in test mode.\n";
} else {
vdie if $subtype == 0;
}
my $ok;
sysread($sock, $ok, 1);
@ -1192,11 +1297,12 @@ sub vencrypt_dialog {
my $db = 0;
$db = 1 if exists $ENV{SS_DEBUG};
$db = 1 if exists $ENV{SSVNC_VENCRYPT_DEBUG};
append_handshake("mode=$vmode\n");
my $server_rfb = "";
syswrite($sock, $rep, 250);
#syswrite($sock, $rep, 250);
for (my $i = 0; $i < 12; $i++) {
my $c;
sysread($sock, $c, 1);
@ -1246,10 +1352,10 @@ sub vencrypt_dialog {
print STDERR "found rfbSecTypeVencrypt\n" if $db;
append_handshake("sectype=$rfbSecTypeVencrypt\n");
vencrypt_handshake($vmode, $db);
} elsif (exists $sectypes{$rfbSecTypeTlsVnc}) {
print STDERR "found rfbSecTypeTlsVnc\n" if $db;
append_handshake("sectype=$rfbSecTypeTlsVnc\n");
tlsvnc_handshake($vmode, $db);
} elsif (exists $sectypes{$rfbSecTypeAnonTls}) {
print STDERR "found rfbSecTypeAnonTls\n" if $db;
append_handshake("sectype=$rfbSecTypeAnonTls\n");
anontls_handshake($vmode, $db);
} else {
print STDERR "No supported sec-type found\n" if $db;
vdie;
@ -1296,9 +1402,12 @@ sub xfer {
close($out);
}
'
# '
# xpg_echo will expand \n \r, etc.
# try to unset and then test for it.
shopt -u xpg_echo >/dev/null 2>&1
if type shopt > /dev/null 2>&1; then
shopt -u xpg_echo >/dev/null 2>&1
fi
v='print STDOUT "abc\n";'
echo "$v" > $tf
chmod 700 $tf
@ -1314,6 +1423,67 @@ sub xfer {
perl -e 'use IO::Socket::INET; select(undef, undef, undef, 0.01)' >/dev/null 2>&1
}
# make_tcert is no longer invoked via the ssvnc gui (Listen mode).
# make_tcert is for testing only now via -mycert BUILTIN
make_tcert() {
tcert="/tmp/ss_vnc_viewer_tcert${RANDOM}.$$"
tcert=`mytmp "$tcert"`
cat > $tcert <<END
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvkfXxb0wcxgrjV2ziFikjII+ze8iKcTBt47L0GM/c21efelN
+zZpJUUXLu4zz8Ryq8Q+sQgfNy7uTOpN9bUUaOk1TnD7gaDQnQWiNHmqbW2kL+DS
OKngJVPo9dETAS8hf7+D1e1DBZxjTc1a4RQqWJixwpYj99ixWzu8VC2m/xXsjvOs
jp4+DLBB490nbkwvstmhmiWm1CmI5O5xOkgioVNQqHvQMdVKOSz9PpbjvZiRX1Uo
qoMrk+2NOqwP90TB35yPASXb9zXKpO7DLhkube+yYGf+yk46aD707L07Eb7cosFP
S84vNZ9gX7rQ0UOwm5rYA/oZTBskgaqhtIzkLwIDAQABAoIBAD4ot/sXt5kRn0Ca
CIkU9AQWlC+v28grR2EQW9JiaZrqcoDNUzUqbCTJsi4ZkIFh2lf0TsqELbZYNW6Y
6AjJM7al4E0UqYSKJTv2WCuuRxdiRs2BMwthqyBmjeanev7bB6V0ybt7u3Y8xU/o
MrTuYnr4vrEjXPKdLirwk7AoDbKsRXHSIiHEIBOq1+dUQ32t36ukdnnza4wKDLZc
PKHiCdCk/wOGhuDlxD6RspqUAlRnJ8/aEhrgWxadFXw1hRhRsf/v1shtB0T3DmTe
Jchjwyiw9mryb9JZAcKxW+fUc4EVvj6VdQGqYInQJY5Yxm5JAlVQUJicuuJEvn6A
rj5osQECgYEA552CaHpUiFlB4HGkjaH00kL+f0+gRF4PANCPk6X3UPDVYzKnzmuu
yDvIdEETGFWBwoztUrOOKqVvPEQ+kBa2+DWWYaERZLtg2cI5byfDJxQ3ldzilS3J
1S3WgCojqcsG/hlxoQJ1dZFanUy/QhUZ0B+wlC+Zp1Q8AyuGQvhHp68CgYEA0lBI
eqq2GGCdJuNHMPFbi8Q0BnX55LW5C1hWjhuYiEkb3hOaIJuJrqvayBlhcQa2cGqp
uP34e9UCfoeLgmoCQ0b4KpL2NGov/mL4i8bMgog4hcoYuIi3qxN18vVR14VKEh4U
RLk0igAYPU+IK2QByaQlBo9OSaKkcfm7U1/pK4ECgYAxr6VpGk0GDvfF2Tsusv6d
GIgV8ZP09qSLTTJvvxvF/lQYeqZq7sjI5aJD5i3de4JhpO/IXQJzfZfWOuGc8XKA
3qYK/Y2IqXXGYRcHFGWV/Y1LFd55mCADHlk0l1WdOBOg8P5iRu/Br9PbiLpCx9oI
vrOXpnp03eod1/luZmqguwKBgQCWFRSj9Q7ddpSvG6HCG3ro0qsNsUMTI1tZ7UBX
SPogx4tLf1GN03D9ZUZLZVFUByZKMtPLX/Hi7K9K/A9ikaPrvsl6GEX6QYzeTGJx
3Pw0amFrmDzr8ySewNR6/PXahxPEuhJcuI31rPufRRI3ZLah3rFNbRbBFX+klkJH
zTnoAQKBgDbUK/aQFGduSy7WUT7LlM3UlGxJ2sA90TQh4JRQwzur0ACN5GdYZkqM
YBts4sBJVwwJoxD9OpbvKu3uKCt41BSj0/KyoBzjT44S2io2tj1syujtlVUsyyBy
/ca0A7WBB8lD1D7QMIhYUm2O9kYtSCLlUTHt5leqGaRG38DqlX36
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDzDCCArQCCQDSzxzxqhyqLzANBgkqhkiG9w0BAQQFADCBpzELMAkGA1UEBhMC
VVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxDzANBgNVBAcTBkJvc3RvbjETMBEG
A1UEChMKTXkgQ29tcGFueTEcMBoGA1UECxMTUHJvZHVjdCBEZXZlbG9wbWVudDEZ
MBcGA1UEAxMQd3d3Lm5vd2hlcmUubm9uZTEhMB8GCSqGSIb3DQEJARYSYWRtaW5A
bm93aGVyZS5ub25lMB4XDTA3MDMyMzE4MDc0NVoXDTI2MDUyMjE4MDc0NVowgacx
CzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQ8wDQYDVQQHEwZC
b3N0b24xEzARBgNVBAoTCk15IENvbXBhbnkxHDAaBgNVBAsTE1Byb2R1Y3QgRGV2
ZWxvcG1lbnQxGTAXBgNVBAMTEHd3dy5ub3doZXJlLm5vbmUxITAfBgkqhkiG9w0B
CQEWEmFkbWluQG5vd2hlcmUubm9uZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAL5H18W9MHMYK41ds4hYpIyCPs3vIinEwbeOy9BjP3NtXn3pTfs2aSVF
Fy7uM8/EcqvEPrEIHzcu7kzqTfW1FGjpNU5w+4Gg0J0FojR5qm1tpC/g0jip4CVT
6PXREwEvIX+/g9XtQwWcY03NWuEUKliYscKWI/fYsVs7vFQtpv8V7I7zrI6ePgyw
QePdJ25ML7LZoZolptQpiOTucTpIIqFTUKh70DHVSjks/T6W472YkV9VKKqDK5Pt
jTqsD/dEwd+cjwEl2/c1yqTuwy4ZLm3vsmBn/spOOmg+9Oy9OxG+3KLBT0vOLzWf
YF+60NFDsJua2AP6GUwbJIGqobSM5C8CAwEAATANBgkqhkiG9w0BAQQFAAOCAQEA
vGomHEp6TVU83X2EBUgnbOhzKJ9u3fOI/Uf5L7p//Vxqow7OR1cguzh/YEzmXOIL
ilMVnzX9nj/bvcLAuqEP7MR1A8f4+E807p/L/Sf49BiCcwQq5I966sGKYXjkve+T
2GTBNwMSq+5kLSf6QY8VZI+qnrAudEQMeJByQhTZZ0dH8Njeq8EGl9KUio+VWaiW
CQK6xJuAvAHqa06OjLmwu1fYD4GLGSrOIiRVkSXV8qLIUmzxdJaIRznkFWsrCEKR
wAH966SAOvd2s6yOHMvyDRIL7WHxfESB6rDHsdIW/yny1fBePjv473KrxyXtbz7I
dMw1yW09l+eEo4A7GzwOdw==
-----END CERTIFICATE-----
END
chmod 600 $tcert
echo "$tcert"
}
Kecho() {
if [ "X$USER" = "Xrunge" ]; then
echo "dbg: $*"
@ -1326,7 +1496,7 @@ if [ "X$use_ssh" = "X1" ]; then
#
ssh_port="22"
ssh_host="$host"
vnc_host="localhost"
vnc_host="$localhost"
# let user override ssh via $SSH
ssh=${SSH:-"ssh -x"}
@ -1444,9 +1614,9 @@ if [ "X$use_ssh" = "X1" ]; then
u=`echo "$host" | sed -e 's/@.*$/@/'`
fi
proxy="${u}localhost:$nd"
proxy="${u}$localhost:$nd"
else
proxy="${sproxy1_user}localhost:$nd"
proxy="${sproxy1_user}$localhost:$nd"
fi
if [ "X$sproxy_rest" != "X" ]; then
proxy="$proxy,$sproxy_rest"
@ -1487,7 +1657,7 @@ if [ "X$use_ssh" = "X1" ]; then
ssh_args="$ssh_args -o NoHostAuthenticationForLocalhost=yes"
sleep 1
stty sane
proxy="${ssh_user2}localhost:$proxport"
proxy="${ssh_user2}$localhost:$proxport"
fi
if [ "X$proxy" != "X" ]; then
@ -1515,14 +1685,14 @@ if [ "X$use_ssh" = "X1" ]; then
getport=""
teeport=""
if echo "$ssh_cmd" | egrep "^(PORT=|P=)" > /dev/null; then
if echo "$ssh_cmd" | egrep "(PORT=|P=) " > /dev/null; then
getport=1
if echo "$ssh_cmd" | egrep "^P=" > /dev/null; then
if echo "$ssh_cmd" | egrep "P= " > /dev/null; then
teeport=1
fi
PORT=""
ssh_cmd=`echo "$ssh_cmd" | sed -e 's/^PORT=[ ]*//' -e 's/^P=//'`
ssh_cmd=`echo "$ssh_cmd" | sed -e 's/PORT=[ ]*//' -e 's/P=//'`
SSVNC_NO_ENC_WARN=1
if [ "X$use_sshssl" = "X" ]; then
direct_connect=1
@ -1561,7 +1731,7 @@ if [ "X$use_ssh" = "X1" ]; then
tport=`mytmp "$tport"`
if [ "X$rsh" != "X1" ]; then
if echo "$ssh_cmd" | grep -w sudo > /dev/null; then
if echo "$ssh_cmd" | grep "sudo " > /dev/null; then
echo ""
echo "Initial ssh with 'sudo id' to prime sudo so hopefully the next one"
echo "will require no password..."
@ -1634,9 +1804,9 @@ if [ "X$use_ssh" = "X1" ]; then
PPROXY_SOCKS=5
fi
export PPROXY_SOCKS
host="localhost"
host="$localhost"
port="$PORT"
proxy="localhost:$use"
proxy="$localhost:$use"
else
if [ "X$rsh" != "X1" ]; then
@ -1665,13 +1835,19 @@ if [ "X$use_ssh" = "X1" ]; then
c=0
pssh=""
mssh=`echo "$ssh" | sed -e 's/^env.*ssh/ssh/'`
while [ $c -lt 30 ]
while [ $c -lt 40 ]
do
p=`expr $pmark + $c`
if ps -p "$p" 2>&1 | grep "$mssh" > /dev/null; then
pssh=$p
break
pout=`ps -p "$p" 2>/dev/null | grep -v '^[ ]*PID' | sed -e 's/-L.*$//' -e 's/-x .*$//'`
if echo "$pout" | grep "ssh" > /dev/null; then
if echo "$pout" | egrep -i 'ssh.*(-add|-agent|-ask|-keygen|-argv0|vnc)' >/dev/null; then
:
elif echo "$pout" | egrep -i 'scp|sshd' >/dev/null; then
:
else
pssh=$p
break
fi
fi
c=`expr $c + 1`
done
@ -1697,20 +1873,20 @@ if [ "X$use_ssh" = "X1" ]; then
echo "sleep $SSVNC_EXTRA_SLEEP"
sleep $SSVNC_EXTRA_SLEEP
fi
#echo "pssh=\"$pssh\""
echo "ssh_pid='$pssh'"; echo
if [ "X$use_sshssl" = "X" -a "X$getport" = "X" ]; then
echo "Running viewer:"
trap "final" 0 2 15
if [ "X$reverse" = "X" ]; then
echo "$VNCVIEWERCMD" "$@" localhost:$N
echo "$VNCVIEWERCMD" "$@" $localhost:$N
echo ""
$VNCVIEWERCMD "$@" localhost:$N
$VNCVIEWERCMD "$@" $localhost:$N
if [ $? != 0 ]; then
echo "vncviewer command failed: $?"
if [ "X$secondtry" = "X1" ]; then
sleep 2
$VNCVIEWERCMD "$@" localhost:$N
$VNCVIEWERCMD "$@" $localhost:$N
fi
fi
else
@ -1734,7 +1910,7 @@ if [ "X$use_ssh" = "X1" ]; then
use2=`findfree 5960`
host0=$host
port0=$port
host=localhost
host=$localhost
port=$use
use=$use2
N=`expr $use - 5900`
@ -1760,6 +1936,13 @@ fi
if [ "X$mycert" != "X" ]; then
cert="cert = $mycert"
fi
if [ "X$crl" != "X" ]; then
if [ -d $crl ]; then
crl="CRLpath = $crl"
else
crl="CRLfile = $crl"
fi
fi
ptmp=""
if [ "X$proxy" != "X" ]; then
@ -1769,19 +1952,24 @@ if [ "X$proxy" != "X" ]; then
pcode "$ptmp"
if [ "X$showcert" != "X1" -a "X$direct_connect" = "X" ]; then
if uname | egrep 'Darwin|SunOS' >/dev/null; then
# on mac we need to listen on socket instead of stdio:
nd=`findfree 6700`
PPROXY_LISTEN=$nd
export PPROXY_LISTEN
if [ "X$reverse" = "X" ]; then
#$ptmp 2>/dev/null &
$ptmp &
vout=`echo "$proxy" | grep -i vencrypt`
if [ "X$vout" != "X" -a "X$reverse" = "X1" ]; then
# need to exec for reverse vencrypt
connect="exec = $ptmp"
else
# on mac and solaris we need to listen on socket instead of stdio:
nd=`findfree 6700`
PPROXY_LISTEN=$nd
export PPROXY_LISTEN
if [ "X$reverse" = "X" ]; then
#$ptmp 2>/dev/null &
$ptmp &
fi
sleep 2
host="$localhost"
port="$nd"
connect="connect = $localhost:$nd"
fi
#sleep 3
sleep 2
host="localhost"
port="$nd"
connect="connect = localhost:$nd"
else
# otherwise on unix we can exec it:
connect="exec = $ptmp"
@ -1803,7 +1991,7 @@ if [ "X$showcert" = "X1" ]; then
$ptmp 2>/dev/null &
fi
sleep 1
host="localhost"
host="$localhost"
port="$use"
fi
cipher_args=""
@ -1811,8 +1999,63 @@ if [ "X$showcert" = "X1" ]; then
cipher_args=`echo "$ciphers" | sed -e 's/ciphers=/-cipher /'`
fi
#echo "openssl s_client $cipher_args -connect $host:$port"
openssl s_client $cipher_args -prexit -connect $host:$port 2>&1 < /dev/null
rc=$?
if [ "X$reverse" = "X" ]; then
openssl s_client $cipher_args -prexit -connect $host:$port 2>&1 < /dev/null
rc=$?
else
tcert=""
if [ "X$mycert" = "X" ]; then
tcert=`make_tcert`
cert_args="-cert $tcert -CAfile $tcert"
else
cert_args="-cert $mycert -CAfile $mycert"
fi
tmp_out=/tmp/showcert_out${RANDOM}.$$
tmp_out=`mytmp "$tmp_out"`
tmp_err=/tmp/showcert_err${RANDOM}.$$
tmp_err=`mytmp "$tmp_err"`
#echo "openssl s_server $cipher_args $cert_args -accept $port -verify 2 > $tmp_out 2> $tmp_err" 1>&2
perl -e "
\$p = open(O, \"|openssl s_server $cipher_args $cert_args -accept $port -verify 2 1>$tmp_out 2> $tmp_err\");
exit 1 unless \$p;
while (1) {
sleep 1;
if (!open(F, \"<$tmp_out\")) {
kill \$p;
exit 1;
}
while (<F>) {
if (/RFB 00/) {
fsleep(0.25);
print O \"RFB 000.000\\n\";
fsleep(1.00);
kill \$p;
fsleep(0.25);
exit 0;
}
}
close F;
}
sub fsleep {
select(undef, undef, undef, shift);
}
";
echo ""
cat $tmp_out
echo ""
echo "----2----"
cat $tmp_err
if grep BEGIN.CERTIFICATE $tmp_out >/dev/null; then
rc=0
else
rc=1
fi
rm -f $tmp_out $tmp_err
fi
if [ "X$SSVNC_PREDIGESTED_HANDSHAKE" != "X" ]; then
rm -f $SSVNC_PREDIGESTED_HANDSHAKE
fi
@ -1860,7 +2103,7 @@ if [ "X$direct_connect" != "X" ]; then
PPROXY_LISTEN=$use
export PPROXY_LISTEN
else
PPROXY_REVERSE="localhost:$use"
PPROXY_REVERSE="$localhost:$use"
export PPROXY_REVERSE
pps=3
if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
@ -1877,7 +2120,7 @@ if [ "X$direct_connect" != "X" ]; then
#echo T sleep 1
sleep 1
fi
host="localhost"
host="$localhost"
disp="$N"
port=`expr $disp + 5900`
fi
@ -1894,7 +2137,7 @@ if [ "X$direct_connect" != "X" ]; then
pf=`findfree 5970`
cmd="$SSVNC_ULTRA_DSM -$pf $host:$port"
pf=`expr $pf - 5900`
hostdisp="localhost:$pf"
hostdisp="$localhost:$pf"
ustr=`echo "$cmd" | sed -e 's/pw=[^ ]*/pw=******/g'`
echo "Running:"
echo
@ -1930,7 +2173,7 @@ if [ "X$direct_connect" != "X" ]; then
VNCVIEWER_LISTEN_LOCALHOST=1
export VNCVIEWER_LISTEN_LOCALHOST
dport=`expr 5500 + $disp`
cmd="$SSVNC_ULTRA_DSM $dport localhost:$use"
cmd="$SSVNC_ULTRA_DSM $dport $localhost:$use"
ustr=`echo "$cmd" | sed -e 's/pw=[^ ]*/pw=******/g'`
echo "Running:"
echo
@ -1961,69 +2204,10 @@ fi
tmp_cfg=/tmp/ss_vncviewer${RANDOM}.$$
tmp_cfg=`mytmp "$tmp_cfg"`
# make_tcert is no longer invoked via the ssvnc gui (Listen mode).
# make_tcert is for testing only now via -mycert BUILTIN
make_tcert() {
tcert="/tmp/ss_vnc_viewer_tcert${RANDOM}.$$"
tcert=`mytmp "$tcert"`
cat > $tcert <<END
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvkfXxb0wcxgrjV2ziFikjII+ze8iKcTBt47L0GM/c21efelN
+zZpJUUXLu4zz8Ryq8Q+sQgfNy7uTOpN9bUUaOk1TnD7gaDQnQWiNHmqbW2kL+DS
OKngJVPo9dETAS8hf7+D1e1DBZxjTc1a4RQqWJixwpYj99ixWzu8VC2m/xXsjvOs
jp4+DLBB490nbkwvstmhmiWm1CmI5O5xOkgioVNQqHvQMdVKOSz9PpbjvZiRX1Uo
qoMrk+2NOqwP90TB35yPASXb9zXKpO7DLhkube+yYGf+yk46aD707L07Eb7cosFP
S84vNZ9gX7rQ0UOwm5rYA/oZTBskgaqhtIzkLwIDAQABAoIBAD4ot/sXt5kRn0Ca
CIkU9AQWlC+v28grR2EQW9JiaZrqcoDNUzUqbCTJsi4ZkIFh2lf0TsqELbZYNW6Y
6AjJM7al4E0UqYSKJTv2WCuuRxdiRs2BMwthqyBmjeanev7bB6V0ybt7u3Y8xU/o
MrTuYnr4vrEjXPKdLirwk7AoDbKsRXHSIiHEIBOq1+dUQ32t36ukdnnza4wKDLZc
PKHiCdCk/wOGhuDlxD6RspqUAlRnJ8/aEhrgWxadFXw1hRhRsf/v1shtB0T3DmTe
Jchjwyiw9mryb9JZAcKxW+fUc4EVvj6VdQGqYInQJY5Yxm5JAlVQUJicuuJEvn6A
rj5osQECgYEA552CaHpUiFlB4HGkjaH00kL+f0+gRF4PANCPk6X3UPDVYzKnzmuu
yDvIdEETGFWBwoztUrOOKqVvPEQ+kBa2+DWWYaERZLtg2cI5byfDJxQ3ldzilS3J
1S3WgCojqcsG/hlxoQJ1dZFanUy/QhUZ0B+wlC+Zp1Q8AyuGQvhHp68CgYEA0lBI
eqq2GGCdJuNHMPFbi8Q0BnX55LW5C1hWjhuYiEkb3hOaIJuJrqvayBlhcQa2cGqp
uP34e9UCfoeLgmoCQ0b4KpL2NGov/mL4i8bMgog4hcoYuIi3qxN18vVR14VKEh4U
RLk0igAYPU+IK2QByaQlBo9OSaKkcfm7U1/pK4ECgYAxr6VpGk0GDvfF2Tsusv6d
GIgV8ZP09qSLTTJvvxvF/lQYeqZq7sjI5aJD5i3de4JhpO/IXQJzfZfWOuGc8XKA
3qYK/Y2IqXXGYRcHFGWV/Y1LFd55mCADHlk0l1WdOBOg8P5iRu/Br9PbiLpCx9oI
vrOXpnp03eod1/luZmqguwKBgQCWFRSj9Q7ddpSvG6HCG3ro0qsNsUMTI1tZ7UBX
SPogx4tLf1GN03D9ZUZLZVFUByZKMtPLX/Hi7K9K/A9ikaPrvsl6GEX6QYzeTGJx
3Pw0amFrmDzr8ySewNR6/PXahxPEuhJcuI31rPufRRI3ZLah3rFNbRbBFX+klkJH
zTnoAQKBgDbUK/aQFGduSy7WUT7LlM3UlGxJ2sA90TQh4JRQwzur0ACN5GdYZkqM
YBts4sBJVwwJoxD9OpbvKu3uKCt41BSj0/KyoBzjT44S2io2tj1syujtlVUsyyBy
/ca0A7WBB8lD1D7QMIhYUm2O9kYtSCLlUTHt5leqGaRG38DqlX36
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDzDCCArQCCQDSzxzxqhyqLzANBgkqhkiG9w0BAQQFADCBpzELMAkGA1UEBhMC
VVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxDzANBgNVBAcTBkJvc3RvbjETMBEG
A1UEChMKTXkgQ29tcGFueTEcMBoGA1UECxMTUHJvZHVjdCBEZXZlbG9wbWVudDEZ
MBcGA1UEAxMQd3d3Lm5vd2hlcmUubm9uZTEhMB8GCSqGSIb3DQEJARYSYWRtaW5A
bm93aGVyZS5ub25lMB4XDTA3MDMyMzE4MDc0NVoXDTI2MDUyMjE4MDc0NVowgacx
CzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQ8wDQYDVQQHEwZC
b3N0b24xEzARBgNVBAoTCk15IENvbXBhbnkxHDAaBgNVBAsTE1Byb2R1Y3QgRGV2
ZWxvcG1lbnQxGTAXBgNVBAMTEHd3dy5ub3doZXJlLm5vbmUxITAfBgkqhkiG9w0B
CQEWEmFkbWluQG5vd2hlcmUubm9uZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAL5H18W9MHMYK41ds4hYpIyCPs3vIinEwbeOy9BjP3NtXn3pTfs2aSVF
Fy7uM8/EcqvEPrEIHzcu7kzqTfW1FGjpNU5w+4Gg0J0FojR5qm1tpC/g0jip4CVT
6PXREwEvIX+/g9XtQwWcY03NWuEUKliYscKWI/fYsVs7vFQtpv8V7I7zrI6ePgyw
QePdJ25ML7LZoZolptQpiOTucTpIIqFTUKh70DHVSjks/T6W472YkV9VKKqDK5Pt
jTqsD/dEwd+cjwEl2/c1yqTuwy4ZLm3vsmBn/spOOmg+9Oy9OxG+3KLBT0vOLzWf
YF+60NFDsJua2AP6GUwbJIGqobSM5C8CAwEAATANBgkqhkiG9w0BAQQFAAOCAQEA
vGomHEp6TVU83X2EBUgnbOhzKJ9u3fOI/Uf5L7p//Vxqow7OR1cguzh/YEzmXOIL
ilMVnzX9nj/bvcLAuqEP7MR1A8f4+E807p/L/Sf49BiCcwQq5I966sGKYXjkve+T
2GTBNwMSq+5kLSf6QY8VZI+qnrAudEQMeJByQhTZZ0dH8Njeq8EGl9KUio+VWaiW
CQK6xJuAvAHqa06OjLmwu1fYD4GLGSrOIiRVkSXV8qLIUmzxdJaIRznkFWsrCEKR
wAH966SAOvd2s6yOHMvyDRIL7WHxfESB6rDHsdIW/yny1fBePjv473KrxyXtbz7I
dMw1yW09l+eEo4A7GzwOdw==
-----END CERTIFICATE-----
END
chmod 600 $tcert
echo "$tcert"
}
stunnel_exec=""
if echo $STUNNEL_EXTRA_SVC_OPTS | grep '#stunnel-exec' > /dev/null; then
if [ "X$SSVNC_USE_OURS" != "X1" ]; then
:
elif echo $STUNNEL_EXTRA_SVC_OPTS | grep '#stunnel-exec' > /dev/null; then
stunnel_exec="#"
fi
@ -2042,25 +2226,29 @@ if [ "X$reverse" = "X" ]; then
foreground = yes
pid =
client = yes
debug = 6
debug = $stunnel_debug
$ciphers
$STUNNEL_EXTRA_OPTS
$STUNNEL_EXTRA_OPTS_USER
$verify
$cert
$crl
$verify
${stunnel_exec}[vnc_stunnel]
${stunnel_exec}accept = localhost:$use
${stunnel_exec}accept = $localhost:$use
$connect
$STUNNEL_EXTRA_SVC_OPTS
$STUNNEL_EXTRA_SVC_OPTS_USER
END
else
# REVERSE case:
stunnel_exec="" # doesn't work for listening.
p2=`expr 5500 + $N`
connect="connect = localhost:$p2"
connect="connect = $localhost:$p2"
if [ "X$cert" = "XBUILTIN" ]; then
ttcert=`make_tcert`
cert="cert = $ttcert"
@ -2068,22 +2256,33 @@ else
# Note for listen mode, an empty cert will cause stunnel to fail.
# The ssvnc gui will have already taken care of this.
STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
hloc=""
if [ "X$use_ssh" = "X1" ]; then
hloc="localhost:"
hloc="$localhost:"
fi
if echo "$proxy" | grep -i '^vencrypt:' > /dev/null; then
hloc="$localhost:"
pv=`findfree 5570`
proxy="vencrypt:$pv:$port"
port=$pv
if [ "X$anondh_set" = "X1" ]; then
# not needed for ANONDH in this mode
#ciphers="ciphers = ADH:@STRENGTH"
:
fi
fi
cat > "$tmp_cfg" <<END
foreground = yes
pid =
client = no
debug = 6
debug = $stunnel_debug
$ciphers
$STUNNEL_EXTRA_OPTS
$STUNNEL_EXTRA_OPTS_USER
$verify
$cert
$crl
$verify
[vnc_stunnel]
accept = $hloc$port
@ -2092,6 +2291,7 @@ $STUNNEL_EXTRA_SVC_OPTS
$STUNNEL_EXTRA_SVC_OPTS_USER
END
fi
echo ""
@ -2114,11 +2314,21 @@ if [ "X$stunnel_exec" = "X" ]; then
# pause here to let the user supply a possible passphrase for the
# mycert key:
if [ "X$mycert" != "X" ]; then
sleep 1
echo ""
echo "(** pausing for possible certificate passphrase dialog **)"
echo ""
sleep 4
nsl=10
dsl=0
if [ ! -f $mycert ]; then
dsl=0
elif grep -i 'Proc-Type.*ENCRYPTED' "$mycert" > /dev/null 2>/dev/null; then
dsl=1
fi
if [ "X$dsl" = "X1" ]; then
echo ""
echo "(** pausing $nsl secs for possible certificate passphrase dialog **)"
echo ""
sleep $nsl
echo "(** done pausing for passphrase **)"
echo ""
fi
fi
#echo T sleep 1
sleep 1
@ -2133,7 +2343,7 @@ if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
fi
echo "Running viewer:"
if [ "X$reverse" = "X" ]; then
vnc_hp=localhost:$N
vnc_hp=$localhost:$N
if [ "X$stunnel_exec" != "X" ]; then
vnc_hp="exec=$STUNNEL $tmp_cfg"
fi
@ -2163,8 +2373,18 @@ else
trap "final" 0 2 15
echo ""
if [ "X$proxy" != "X" ]; then
PPROXY_REVERSE="localhost:$port"; export PPROXY_REVERSE
PPROXY_SLEEP=1; export PPROXY_SLEEP;
if echo "$proxy" | grep -i '^vencrypt:' > /dev/null; then
pstunnel=`echo "$proxy" | awk -F: '{print $2}'`
plisten=`echo "$proxy" | awk -F: '{print $3}'`
PPROXY_LISTEN="INADDR_ANY:$plisten"; export PPROXY_LISTEN
PPROXY_PROXY="vencrypt://$localhost:$pstunnel"; export PPROXY_PROXY
PPROXY_DEST="$localhost:$pstunnel"; export PPROXY_DEST
STUNNEL_ONCE=1; export STUNNEL_ONCE
STUNNEL_MAX_CLIENTS=1; export STUNNEL_MAX_CLIENTS
else
PPROXY_REVERSE="$localhost:$port"; export PPROXY_REVERSE
PPROXY_SLEEP=1; export PPROXY_SLEEP;
fi
PPROXY_KILLPID=+1; export PPROXY_KILLPID;
$ptmp &
fi

@ -121,7 +121,7 @@ diff -Naur JavaViewer.orig/ButtonPanel.java JavaViewer/ButtonPanel.java
}
diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
--- JavaViewer.orig/FTPFrame.java 2005-03-15 23:53:14.000000000 -0500
+++ JavaViewer/FTPFrame.java 2008-10-04 18:09:36.000000000 -0400
+++ JavaViewer/FTPFrame.java 2009-01-11 12:10:06.000000000 -0500
@@ -24,8 +24,17 @@
import java.io.*;
import java.util.ArrayList;
@ -244,7 +244,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
// Loop through the string to create a String[]
for (int i = 0; i < size; i = i + 3) {
@@ -150,26 +231,52 @@
@@ -150,26 +231,62 @@
driveType = str.substring(i + 2, i + 3);
if (driveType.compareTo("f") == 0)
drive[i / 3] += "\\ Floppy";
@ -265,11 +265,21 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
remoteDrivesComboBox.addItem(drive[i / 3]);
+System.out.println("ComboBox: Add " + idx + " '" + drive[i/3] + "'");
+ idx++;
}
+ }
+
+ // runge
+ remoteDrivesComboBox.addItem(" [My Documents]");
+ remoteDrivesComboBox.addItem(" [Desktop]");
+ if (viewer.ftpDropDown != null) {
+ String[] dd = viewer.ftpDropDown.split("\\.");
+ for (int i=0; i < dd.length; i++) {
+ if (!dd[i].equals("")) {
+ remoteDrivesComboBox.addItem(" [" + dd[i] + "]");
+ }
+ }
+ } else {
+ remoteDrivesComboBox.addItem(" [My Documents]");
+ remoteDrivesComboBox.addItem(" [Desktop]");
+ remoteDrivesComboBox.addItem(" [Home]");
}
+
//sf@ - Select Drive C:as default if possible
boolean bFound = false;
@ -303,7 +313,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
updateDriveList = false;
return drive;
}
@@ -185,6 +292,8 @@
@@ -185,6 +302,8 @@
stopButton.setVisible(true);
stopButton.setEnabled(true);
receiveButton.setEnabled(false);
@ -312,7 +322,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
remoteTopButton.setEnabled(false);
sendButton.setEnabled(false);
remoteFileTable.setEnabled(false);
@@ -207,6 +316,8 @@
@@ -207,6 +326,8 @@
stopButton.setVisible(false);
stopButton.setEnabled(false);
receiveButton.setEnabled(true);
@ -321,7 +331,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
remoteTopButton.setEnabled(true);
sendButton.setEnabled(true);
remoteFileTable.setEnabled(true);
@@ -221,10 +332,11 @@
@@ -221,10 +342,11 @@
/*
* Print Directory prints out all the contents of a directory
*/
@ -334,7 +344,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
remoteFileTable.setListData(remoteList);
}
@@ -235,10 +347,12 @@
@@ -235,10 +357,12 @@
* @return void
*/
private void initialize() {
@ -348,7 +358,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
/**
* This method initializes jContentPane. This is the main content pane
*
@@ -253,6 +367,33 @@
@@ -253,6 +377,33 @@
jContentPane.add(getRemotePanel(), java.awt.BorderLayout.EAST);
jContentPane.add(getLocalPanel(), java.awt.BorderLayout.WEST);
jContentPane.add(getButtonPanel(), java.awt.BorderLayout.CENTER);
@ -382,7 +392,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return jContentPane;
}
@@ -270,6 +411,7 @@
@@ -270,6 +421,7 @@
topPanelLocal.add(getLocalMachineLabel(), java.awt.BorderLayout.CENTER);
topPanelLocal.add(getLocalTopButton(), java.awt.BorderLayout.EAST);
topPanelLocal.setBackground(java.awt.Color.lightGray);
@ -390,7 +400,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return topPanelLocal;
}
@@ -288,6 +430,7 @@
@@ -288,6 +440,7 @@
topPanelRemote.add(getRemoteMachineLabel(), java.awt.BorderLayout.CENTER);
topPanelRemote.add(getRemoteTopButton(), java.awt.BorderLayout.EAST);
topPanelRemote.setBackground(java.awt.Color.lightGray);
@ -398,7 +408,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return topPanelRemote;
}
@@ -301,6 +444,7 @@
@@ -301,6 +454,7 @@
if (topPanelCenter == null) {
topPanelCenter = new javax.swing.JPanel();
topPanelCenter.add(getDummyButton(), null);
@ -406,7 +416,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return topPanelCenter;
}
@@ -328,6 +472,7 @@
@@ -328,6 +482,7 @@
topPanel.add(getRemoteTopButton(), null);
topPanel.setBackground(java.awt.Color.lightGray);
*/
@ -414,7 +424,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return topPanel;
}
@@ -348,6 +493,7 @@
@@ -348,6 +503,7 @@
statusPanel.add(getJProgressBar(), null);
statusPanel.add(getConnectionStatus(), null);
statusPanel.setBackground(java.awt.Color.lightGray);
@ -422,7 +432,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return statusPanel;
@@ -368,6 +514,7 @@
@@ -368,6 +524,7 @@
remotePanel.add(getRemoteScrollPane(), null);
remotePanel.add(getRemoteStatus(), null);
remotePanel.setBackground(java.awt.Color.lightGray);
@ -430,7 +440,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return remotePanel;
}
@@ -390,6 +537,7 @@
@@ -390,6 +547,7 @@
localPanel.setComponentOrientation(
java.awt.ComponentOrientation.UNKNOWN);
localPanel.setName("localPanel");
@ -438,7 +448,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return localPanel;
}
@@ -405,12 +553,15 @@
@@ -405,12 +563,15 @@
buttonPanel = new javax.swing.JPanel();
buttonPanel.setLayout(null);
buttonPanel.add(getReceiveButton(), null);
@ -454,7 +464,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return buttonPanel;
}
@@ -422,10 +573,11 @@
@@ -422,10 +583,11 @@
private javax.swing.JButton getSendButton() {
if (sendButton == null) {
sendButton = new javax.swing.JButton();
@ -467,7 +477,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return sendButton;
@@ -438,7 +590,7 @@
@@ -438,7 +600,7 @@
private javax.swing.JButton getReceiveButton() {
if (receiveButton == null) {
receiveButton = new javax.swing.JButton();
@ -476,7 +486,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
receiveButton.setText("<< Receive");
receiveButton.setName("receiveButton");
receiveButton.addActionListener(this);
@@ -453,7 +605,7 @@
@@ -453,7 +615,7 @@
private javax.swing.JButton getDeleteButton() {
if (deleteButton == null) {
deleteButton = new javax.swing.JButton();
@ -485,7 +495,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
deleteButton.setText("Delete File");
deleteButton.setName("deleteButton");
deleteButton.addActionListener(this);
@@ -468,7 +620,7 @@
@@ -468,7 +630,7 @@
private javax.swing.JButton getNewFolderButton() {
if (newFolderButton == null) {
newFolderButton = new javax.swing.JButton();
@ -494,7 +504,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
newFolderButton.setText("New Folder");
newFolderButton.setName("newFolderButton");
newFolderButton.addActionListener(this);
@@ -476,6 +628,39 @@
@@ -476,6 +638,39 @@
return newFolderButton;
}
@ -534,7 +544,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
/**
* This method initializes stopButton
*
@@ -486,7 +671,7 @@
@@ -486,7 +681,7 @@
if (stopButton == null)
{
stopButton = new javax.swing.JButton();
@ -543,7 +553,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
stopButton.setText("Stop");
stopButton.setName("stopButton");
stopButton.addActionListener(this);
@@ -503,8 +688,12 @@
@@ -503,8 +698,12 @@
private javax.swing.JButton getCloseButton() {
if (closeButton == null) {
closeButton = new javax.swing.JButton();
@ -558,7 +568,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
closeButton.setName("closeButton");
closeButton.addActionListener(this);
}
@@ -551,6 +740,7 @@
@@ -551,6 +750,7 @@
//Select the second entry (e.g. C:\)
// localDrivesComboBox.setSelectedIndex(1);
localDrivesComboBox.addActionListener(this);
@ -566,7 +576,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
updateDriveList = false;
return localDrivesComboBox;
@@ -567,6 +757,7 @@
@@ -567,6 +767,7 @@
remoteDrivesComboBox.setFont(
new java.awt.Font("Dialog", java.awt.Font.PLAIN, 10));
remoteDrivesComboBox.addActionListener(this);
@ -574,7 +584,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return remoteDrivesComboBox;
@@ -587,6 +778,7 @@
@@ -587,6 +788,7 @@
localMachineLabel.setFont(
new java.awt.Font("Dialog", java.awt.Font.BOLD, 11));
localMachineLabel.setEditable(false);
@ -582,7 +592,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return localMachineLabel;
}
@@ -622,6 +814,7 @@
@@ -622,6 +824,7 @@
localTopButton.setFont(
new java.awt.Font("Dialog", java.awt.Font.BOLD, 10));
localTopButton.addActionListener(this);
@ -590,7 +600,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return localTopButton;
}
@@ -638,6 +831,7 @@
@@ -638,6 +841,7 @@
remoteTopButton.setFont(
new java.awt.Font("Dialog", java.awt.Font.BOLD, 10));
remoteTopButton.addActionListener(this);
@ -598,7 +608,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return remoteTopButton;
}
@@ -650,9 +844,24 @@
@@ -650,9 +854,24 @@
private javax.swing.JList getLocalFileTable() {
if (localFileTable == null) {
localList = new Vector(0);
@ -623,7 +633,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return localFileTable;
}
@@ -669,6 +878,7 @@
@@ -669,6 +888,7 @@
localScrollPane.setFont(
new java.awt.Font("Dialog", java.awt.Font.PLAIN, 10));
localScrollPane.setName("localFileList");
@ -631,7 +641,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return localScrollPane;
}
@@ -680,10 +890,25 @@
@@ -680,10 +900,25 @@
private javax.swing.JList getRemoteFileTable() {
if (remoteFileTable == null) {
remoteList = new Vector(0);
@ -657,7 +667,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return remoteFileTable;
@@ -698,6 +923,7 @@
@@ -698,6 +933,7 @@
remoteScrollPane = new javax.swing.JScrollPane();
remoteScrollPane.setViewportView(getRemoteFileTable());
remoteScrollPane.setPreferredSize(new java.awt.Dimension(325, 418));
@ -665,7 +675,7 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
}
return remoteScrollPane;
}
@@ -716,6 +9