TDE
/
libtdevnc
mirror of https://mirror.git.trinitydesktop.org/gitea/TDE/libtdevnc
0
0
Fork 0
Code Issues Releases Wiki Activity

x11vnc: kill gui_pid on exit in -connect/-connect_or_exit mode.

Browse Source 
-grablocal n experiment (not compiled by default).  -macuskbd
   option for macosx for orig uskdb code. keycode=N remote contol
   cmd.  Find dpy look at non-NFS cookies in /tmp.  Fix gui tray
   insertion on recent gnome dt. Fix connect_file bug. Sync SSVNC
pull/1/head
runge 15 years ago
parent dbfa4ad1f7
commit d5cba7a574
48 changed files with 6842 additions and 3157 deletions
Show Stats Download Patch File Download Diff File

BIN
classes/ssl/SignedUltraViewerSSL.jar
View File

Binary file not shown.

BIN
classes/ssl/SignedVncViewer.jar
View File

Binary file not shown.

BIN
classes/ssl/UltraViewerSSL.jar
View File

Binary file not shown.

BIN
classes/ssl/VncViewer.jar
View File

Binary file not shown.

472
classes/ssl/ss_vncviewer
Unescape View File

@ -39,7 +39,7 @@
# and then a 2nd CONNECT to the destination VNC server.)
#
# Use socks://host:port, socks4://host:port, or socks5://host,port
# to force usage of a SOCKS proxy.
# to force usage of a SOCKS proxy. Also repeater://host:port.
#
# -showcert Only fetch the certificate using the 'openssl s_client'
# command (openssl(1) must in installed).
@ -259,8 +259,12 @@ if [ "X$reverse" != "X" ]; then
# check proxy usage under reverse connection:
if [ "X$use_ssh" = "X" -a "X$use_sshssl" = "X" ]; then
echo ""
echo "*Warning*: SSL -listen and a Web proxy does not make sense."
sleep 3
if echo "$proxy" | egrep "repeater://" > /dev/null; then
:
else
echo "*Warning*: SSL -listen and a Web proxy does not make sense."
sleep 3
fi
elif echo "$proxy" | grep "," > /dev/null; then
:
else
@ -443,6 +447,9 @@ findfree() {
# removes files, etc.
final() {
echo ""
if [ "X$tmp_cfg" != "X" ]; then
rm -f $tmp_cfg
fi
if [ "X$SS_VNCVIEWER_RM" != "X" ]; then
rm -f $SS_VNCVIEWER_RM 2>/dev/null
fi
@ -502,6 +509,11 @@ rchk() {
}
rchk
dL="-L"
if uname -sr | egrep 'SunOS 5\.[5-8]' > /dev/null; then
dL="-h"
fi
# a portable, but not absolutely safe, tmp file creator
mytmp() {
tf=$1
@ -509,7 +521,7 @@ mytmp() {
if [ -d "$tf" ]; then
echo "tmp file $tf still exists as a directory."
exit 1
elif [ -L "$tf" ]; then
elif [ $dL "$tf" ]; then
echo "tmp file $tf still exists as a symlink."
exit 1
elif [ -f "$tf" ]; then
@ -564,50 +576,43 @@ pcode() {
use IO::Socket::INET;
my ($first, $second, $third) = split(/,/, $ENV{PPROXY_PROXY}, 3);
if (exists $ENV{PPROXY_SLEEP}) {
print STDERR "PPROXY_PID: $$\n";
sleep $ENV{PPROXY_SLEEP};
}
if ($first =~ m,^socks4?://(\S*)$,i) {
$ENV{PPROXY_SOCKS} = 1;
$first = $1;
} elsif ($first =~ m,^socks5://(\S*)$,i) {
$ENV{PPROXY_SOCKS} = 5;
$first = $1;
} elsif ($first =~ m,^https?://(\S*)$,i) {
$ENV{PPROXY_SOCKS} = "";
$first = $1;
foreach my $var (qw(PPROXY_PROXY PPROXY_SOCKS PPROXY_DEST PPROXY_LISTEN
PPROXY_REVERSE PPROXY_REPEATER PPROXY_REMOVE PPROXY_KILLPID PPROXY_SLEEP)) {
if (0 || $ENV{SS_DEBUG}) {
print STDERR "$var: $ENV{$var}\n";
}
}
if ($ENV{PPROXY_SOCKS} ne "" && $ENV{PPROXY_PROXY} !~ m,^socks5?://,i) {
if ($ENV{PPROXY_SOCKS} eq "5") {
$ENV{PPROXY_PROXY} = "socks5://$ENV{PPROXY_PROXY}";
} else {
$ENV{PPROXY_PROXY} = "socks://$ENV{PPROXY_PROXY}";
}
}
my ($first, $second, $third) = split(/,/, $ENV{PPROXY_PROXY}, 3);
my ($mode_1st, $mode_2nd, $mode_3rd) = ("", "", "");
($first, $mode_1st) = url_parse($first);
my ($proxy_host, $proxy_port) = split(/:/, $first);
my $connect = $ENV{PPROXY_DEST};
my $mode_2nd = "";
if ($second ne "") {
if ($second =~ m,^socks4?://(\S*)$,i) {
$mode_2nd = "socks4";
$second = $1;
} elsif ($second =~ m,^socks5://(\S*)$,i) {
$mode_2nd = "socks5";
$second = $1;
} elsif ($second =~ m,^https?://(\S*)$,i) {
$mode_2nd = "http";
$second = $1;
}
($second, $mode_2nd) = url_parse($second);
}
my $mode_3rd = "";
if ($third ne "") {
if ($third =~ m,^socks4?://(\S*)$,i) {
$mode_3rd = "socks4";
$third = $1;
} elsif ($third =~ m,^socks5://(\S*)$,i) {
$mode_3rd = "socks5";
$third = $1;
} elsif ($third =~ m,^https?://(\S*)$,i) {
$mode_3rd = "http";
$third = $1;
}
($third, $mode_3rd) = url_parse($third);
}
print STDERR "\n";
print STDERR "PPROXY v0.2: a tool for Web proxies and SOCKS connections.\n";
print STDERR "proxy_host: $proxy_host\n";
@ -615,10 +620,29 @@ print STDERR "proxy_port: $proxy_port\n";
print STDERR "proxy_connect: $connect\n";
print STDERR "pproxy_params: $ENV{PPROXY_PROXY}\n";
print STDERR "pproxy_listen: $ENV{PPROXY_LISTEN}\n";
print STDERR "pproxy_reverse: $ENV{PPROXY_REVERSE}\n";
print STDERR "\n";
if (1) {
print STDERR "pproxy 1st: $first\t- $mode_1st\n";
print STDERR "pproxy 2nd: $second\t- $mode_2nd\n";
print STDERR "pproxy 3rd: $third\t- $mode_3rd\n";
print STDERR "\n";
}
my $listen_handle = "";
if ($ENV{PPROXY_LISTEN} != "") {
if ($ENV{PPROXY_REVERSE} ne "") {
my ($rhost, $rport) = split(/:/, $ENV{PPROXY_REVERSE});
$rport = 5900 unless $rport;
$listen_handle = IO::Socket::INET->new(
PeerAddr => $rhost,
PeerPort => $rport,
Proto => "tcp"
);
if (! $listen_handle) {
die "pproxy: $! -- PPROXY_REVERSE\n";
}
print STDERR "PPROXY_REVERSE: connected to $rhost $rport\n";
} elsif ($ENV{PPROXY_LISTEN} ne "") {
my $listen_sock = IO::Socket::INET->new(
Listen => 2,
LocalAddr => "localhost",
@ -626,7 +650,7 @@ if ($ENV{PPROXY_LISTEN} != "") {
Proto => "tcp"
);
if (! $listen_sock) {
die "pproxy: $!\n";
die "pproxy: $! -- PPROXY_LISTEN\n";
}
my $ip;
($listen_handle, $ip) = $listen_sock->accept();
@ -647,6 +671,112 @@ if (! $sock) {
die "pproxy: $err\n";
}
unlink($0) if $ENV{PPROXY_REMOVE};
$cur_proxy = $first;
setmode($mode_1st);
if ($second ne "") {
connection($second, 1);
setmode($mode_2nd);
$cur_proxy = $second;
if ($third ne "") {
connection($third, 2);
setmode($mode_3rd);
$cur_proxy = $third;
connection($connect, 3);
} else {
connection($connect, 2);
}
} else {
connection($connect, 1);
}
$parent = $$;
$child = fork;
if (! defined $child) {
kill "TERM", $ENV{PPROXY_KILLPID} if $ENV{PPROXY_KILLPID};
exit 1;
}
if ($child) {
print STDERR "pproxy parent\[$$] STDIN -> socket\n";
if ($listen_handle) {
xfer($listen_handle, $sock);
} else {
xfer(STDIN, $sock);
}
select(undef, undef, undef, 0.25);
if (kill 0, $child) {
select(undef, undef, undef, 1.5);
#print STDERR "pproxy\[$$]: kill TERM $child\n";
kill "TERM", $child;
}
} else {
print STDERR "pproxy child \[$$] socket -> STDOUT\n";
if ($listen_handle) {
xfer($sock, $listen_handle);
} else {
xfer($sock, STDOUT);
}
select(undef, undef, undef, 0.25);
if (kill 0, $parent) {
select(undef, undef, undef, 1.5);
#print STDERR "pproxy\[$$]: kill TERM $parent\n";
kill "TERM", $parent;
}
}
if ($ENV{PPROXY_KILLPID} ne "") {
if ($ENV{PPROXY_KILLPID} =~ /^(\+|-)/) {
$ENV{PPROXY_KILLPID} = $$ + $ENV{PPROXY_KILLPID};
}
print STDERR "kill TERM, $ENV{PPROXY_KILLPID}\n";
kill "TERM", $ENV{PPROXY_KILLPID};
}
exit;
sub url_parse {
my $hostport = shift;
my $mode = "http";
if ($hostport =~ m,^socks4?://(\S*)$,i) {
$mode = "socks4";
$hostport = $1;
} elsif ($hostport =~ m,^socks5://(\S*)$,i) {
$mode = "socks5";
$hostport = $1;
} elsif ($hostport =~ m,^https?://(\S*)$,i) {
$mode = "http";
$hostport = $1;
} elsif ($hostport =~ m,^repeater://(\S*)\+(\S*)$,i) {
# ultravnc repeater proxy.
$hostport = $1;
$mode = "repeater:$2";
if ($hostport !~ /:\d+/) {
$hostport .= ":5900";
}
}
return ($hostport, $mode);
}
sub setmode {
my $mode = shift;
$ENV{PPROXY_REPEATER} = "";
if ($mode =~ /^socks/) {
if ($mode =~ /^socks5/) {
$ENV{PPROXY_SOCKS} = 5;
} else {
$ENV{PPROXY_SOCKS} = 1;
}
} elsif ($mode =~ /^repeater:(.*)/) {
$ENV{PPROXY_REPEATER} = $1;
$ENV{PPROXY_SOCKS} = "";
} else {
$ENV{PPROXY_SOCKS} = "";
}
}
sub connection {
my ($CONNECT, $w) = @_;
@ -771,6 +901,18 @@ sub connection {
close $sock;
exit(1);
}
} elsif ($ENV{PPROXY_REPEATER} ne "") {
my $rep = $ENV{PPROXY_REPEATER};
print STDERR "repeater: $rep\n";
$rep .= pack("x") x 250;
syswrite($sock, $rep, 250);
my $ok = 1;
for (my $i = 0; $i < 12; $i++) {
my $c;
sysread($sock, $c, 1);
print STDERR $c;
}
} else {
# Web Proxy:
@ -799,76 +941,6 @@ sub connection {
}
}
unlink($0) if $ENV{PPROXY_REMOVE};
$cur_proxy = $first;
if ($second ne "") {
connection($second, 1);
setmode($mode_2nd);
$cur_proxy = $second;
if ($third ne "") {
connection($third, 2);
setmode($mode_3rd);
$cur_proxy = $third;
connection($connect, 3);
} else {
connection($connect, 2);
}
} else {
connection($connect, 1);
}
$parent = $$;
$child = fork;
if (! defined $child) {
exit 1;
}
if ($child) {
print STDERR "pproxy parent\[$$] STDIN -> socket\n";
if ($listen_handle) {
xfer($listen_handle, $sock);
} else {
xfer(STDIN, $sock);
}
select(undef, undef, undef, 0.25);
if (kill 0, $child) {
select(undef, undef, undef, 1.5);
#print STDERR "pproxy\[$$]: kill TERM $child\n";
kill "TERM", $child;
}
} else {
print STDERR "pproxy child \[$$] socket -> STDOUT\n";
if ($listen_handle) {
xfer($sock, $listen_handle);
} else {
xfer($sock, STDOUT);
}
select(undef, undef, undef, 0.25);
if (kill 0, $parent) {
select(undef, undef, undef, 1.5);
#print STDERR "pproxy\[$$]: kill TERM $parent\n";
kill "TERM", $parent;
}
}
exit;
sub setmode {
my $mode = shift;
if ($mode =~ /^socks/) {
if ($mode =~ /^socks5/) {
$ENV{PPROXY_SOCKS} = 5;
} else {
$ENV{PPROXY_SOCKS} = 1;
}
} else {
$ENV{PPROXY_SOCKS} = "";
}
}
sub xfer {
my($in, $out) = @_;
$RIN = $WIN = $EIN = "";
@ -943,6 +1015,24 @@ if [ "X$use_ssh" = "X1" ]; then
# let user override ssh via $SSH
ssh=${SSH:-"ssh -x"}
if [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" ]; then
SSVNC_LIM_ACCEPT_PRELOAD="$SSVNC_BASEDIR/$SSVNC_UNAME/$SSVNC_LIM_ACCEPT_PRELOAD"
fi
if [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" ]; then
echo ""
echo "SSVNC_LIM_ACCEPT_PRELOAD=$SSVNC_LIM_ACCEPT_PRELOAD"
fi
if [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" -a -f "$SSVNC_LIM_ACCEPT_PRELOAD" ]; then
plvar=LD_PRELOAD
if uname | grep Darwin >/dev/null; then
plvar="DYLD_FORCE_FLAT_NAMESPACE=1 DYLD_INSERT_LIBRARIES"
fi
ssh="env $plvar=$SSVNC_LIM_ACCEPT_PRELOAD $ssh"
else
SSVNC_LIM_ACCEPT_PRELOAD=""
fi
if echo "$proxy" | egrep '(http|https|socks|socks4|socks5)://' > /dev/null; then
# Handle Web or SOCKS proxy(ies) for the initial connect.
Kecho host=$host
@ -1182,6 +1272,7 @@ Kecho proxy=$proxy
fi
if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
echo "sleep $SSVNC_EXTRA_SLEEP"
sleep $SSVNC_EXTRA_SLEEP
fi
@ -1258,10 +1349,11 @@ Kecho proxy=$proxy
c=0
pssh=""
mssh=`echo "$ssh" | sed -e 's/^env.*ssh/ssh/'`
while [ $c -lt 30 ]
do
p=`expr $pmark + $c`
if ps -p "$p" 2>&1 | grep "$ssh" > /dev/null; then
if ps -p "$p" 2>&1 | grep "$mssh" > /dev/null; then
pssh=$p
break
fi
@ -1269,6 +1361,8 @@ Kecho proxy=$proxy
done
if [ "X$getport" != "X" ]; then
:
elif [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" ] ; then
sleep 2
elif [ "X$ssh_cmd" = "Xsleep $ssh_sleep" ] ; then
#echo T sleep 1
sleep 1
@ -1281,12 +1375,12 @@ Kecho proxy=$proxy
sleep 5
fi
echo ""
#reset
stty sane
if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
#echo T sleep $SSVNC_EXTRA_SLEEP
echo "sleep $SSVNC_EXTRA_SLEEP"
sleep $SSVNC_EXTRA_SLEEP
fi
#reset
stty sane
#echo "pssh=\"$pssh\""
if [ "X$use_sshssl" = "X" -a "X$getport" = "X" ]; then
echo "Running viewer:"
@ -1351,12 +1445,15 @@ if [ "X$proxy" != "X" ]; then
PPROXY_REMOVE=1; export PPROXY_REMOVE
pcode "$ptmp"
if [ "X$showcert" != "X1" -a "X$direct_connect" = "X" ]; then
if uname | grep Darwin >/dev/null; then
if uname | egrep 'Darwin|SunOS' >/dev/null; then
# on mac we need to listen on socket instead of stdio:
nd=`findfree 6700`
PPROXY_LISTEN=$nd
export PPROXY_LISTEN
$ptmp 2>/dev/null &
if [ "X$reverse" = "X" ]; then
#$ptmp 2>/dev/null &
$ptmp &
fi
#sleep 3
sleep 2
host="localhost"
@ -1423,7 +1520,7 @@ if [ "X$direct_connect" != "X" ]; then
disp="$N"
fi
if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
#echo T sleep $SSVNC_EXTRA_SLEEP
echo "T sleep $SSVNC_EXTRA_SLEEP"
sleep $SSVNC_EXTRA_SLEEP
fi
if [ "X$reverse" = "X" ]; then
@ -1450,32 +1547,14 @@ if [ "X$direct_connect" != "X" ]; then
exit $?
fi
tmp=/tmp/ss_vncviewer${RANDOM}.$$
mytmp "$tmp"
if [ "X$reverse" = "X" ]; then
cat > "$tmp" <<END
foreground = yes
pid =
client = yes
debug = 6
$STUNNEL_EXTRA_OPTS
$verify
$cert
[vnc_stunnel]
accept = localhost:$use
$connect
END
else
tmp_cfg=/tmp/ss_vncviewer${RANDOM}.$$
mytmp "$tmp_cfg"
p2=`expr 5500 + $N`
connect="connect = localhost:$p2"
if [ "X$cert" = "X" ]; then
tcert="/tmp/tcert${RANDOM}.$$"
cat > $tcert <<END
# make_tcert is no longer invoked via the ssvnc gui (Listen mode).
# make_tcert is for testing only now via -mycert BUILTIN
make_tcert() {
tcert="/tmp/tcert${RANDOM}.$$"
cat > $tcert <<END
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvkfXxb0wcxgrjV2ziFikjII+ze8iKcTBt47L0GM/c21efelN
+zZpJUUXLu4zz8Ryq8Q+sQgfNy7uTOpN9bUUaOk1TnD7gaDQnQWiNHmqbW2kL+DS
@ -1527,77 +1606,132 @@ wAH966SAOvd2s6yOHMvyDRIL7WHxfESB6rDHsdIW/yny1fBePjv473KrxyXtbz7I
dMw1yW09l+eEo4A7GzwOdw==
-----END CERTIFICATE-----
END
chmod 600 $tcert
cert="cert = $tcert"
chmod 600 $tcert
echo "$tcert"
}
stunnel_exec=""
if echo $STUNNEL_EXTRA_SVC_OPTS | grep '#stunnel-exec' > /dev/null; then
stunnel_exec="#"
fi
if [ "X$reverse" = "X" ]; then
if echo "$proxy" | grep repeater:// > /dev/null; then
if [ "X$cert" = "XBUILTIN" ]; then
ttcert=`make_tcert`
cert="cert = $ttcert"
fi
# Note for listen mode, an empty cert will cause stunnel to fail.
# The ssvnc gui will have already taken care of this.
fi
cat > "$tmp_cfg" <<END
foreground = yes
pid =
client = yes
debug = 6
$STUNNEL_EXTRA_OPTS
$STUNNEL_EXTRA_OPTS_USER
$verify
$cert
${stunnel_exec}[vnc_stunnel]
${stunnel_exec}accept = localhost:$use
$connect
$STUNNEL_EXTRA_SVC_OPTS
$STUNNEL_EXTRA_SVC_OPTS_USER
END
else
stunnel_exec="" # doesn't work for listening.
p2=`expr 5500 + $N`
connect="connect = localhost:$p2"
if [ "X$cert" = "XBUILTIN" ]; then
ttcert=`make_tcert`
cert="cert = $ttcert"
fi
# Note for listen mode, an empty cert will cause stunnel to fail.
# The ssvnc gui will have already taken care of this.
STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
hloc=""
if [ "X$use_ssh" = "X1" ]; then
hloc="localhost:"
fi
cat > "$tmp" <<END
cat > "$tmp_cfg" <<END
foreground = yes
pid =
client = no
debug = 6
$STUNNEL_EXTRA_OPTS
$STUNNEL_EXTRA_OPTS_USER
$verify
$cert
[vnc_stunnel]
accept = $hloc$port
$connect
$STUNNEL_EXTRA_SVC_OPTS
$STUNNEL_EXTRA_SVC_OPTS_USER
END
fi
echo ""
echo "Using this stunnel configuration:"
echo ""
cat "$tmp" | uniq
cat "$tmp_cfg" | uniq
echo ""
sleep 1
echo ""
echo "Running stunnel:"
echo "$STUNNEL $tmp"
st=`echo "$STUNNEL" | awk '{print $1}'`
$st -help > /dev/null 2>&1
$STUNNEL "$tmp" < /dev/tty > /dev/tty &
stunnel_pid=$!
echo ""
# pause here to let the user supply a possible passphrase for the
# mycert key:
if [ "X$mycert" != "X" ]; then
sleep 1
if [ "X$stunnel_exec" = "X" ]; then
echo ""
echo "(pausing for possible certificate passphrase dialog)"
echo "Running stunnel:"
echo "$STUNNEL $tmp_cfg"
st=`echo "$STUNNEL" | awk '{print $1}'`
$st -help > /dev/null 2>&1
$STUNNEL "$tmp_cfg" < /dev/tty > /dev/tty &
stunnel_pid=$!
echo ""
sleep 4
# pause here to let the user supply a possible passphrase for the
# mycert key:
if [ "X$mycert" != "X" ]; then
sleep 1
echo ""
echo "(pausing for possible certificate passphrase dialog)"
echo ""
sleep 4
fi
#echo T sleep 1
sleep 1
rm -f "$tmp_cfg"
fi
#echo T sleep 1
sleep 1
rm -f "$tmp"
echo ""
if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
echo "sleep $SSVNC_EXTRA_SLEEP"
sleep $SSVNC_EXTRA_SLEEP
fi
echo "Running viewer:"
if [ "X$reverse" = "X" ]; then
echo "$VNCVIEWERCMD" "$@" localhost:$N
vnc_hp=localhost:$N
if [ "X$stunnel_exec" != "X" ]; then
vnc_hp="exec=$STUNNEL $tmp_cfg"
fi
echo "$VNCVIEWERCMD" "$@" "$vnc_hp"
trap "final" 0 2 15
echo ""
$VNCVIEWERCMD "$@" localhost:$N
$VNCVIEWERCMD "$@" "$vnc_hp"
if [ $? != 0 ]; then
echo "vncviewer command failed: $?"
if [ "X$secondtry" = "X1" ]; then
sleep 2
$VNCVIEWERCMD "$@" localhost:$N
$VNCVIEWERCMD "$@" "$vnc_hp"
fi
fi
else
@ -1607,6 +1741,12 @@ else
echo "$VNCVIEWERCMD" "$@" -listen $N
trap "final" 0 2 15
echo ""
if [ "X$proxy" != "X" ]; then
PPROXY_REVERSE="localhost:$port"; export PPROXY_REVERSE
PPROXY_SLEEP=1; export PPROXY_SLEEP;
PPROXY_KILLPID=+1; export PPROXY_KILLPID;
$ptmp &
fi
$VNCVIEWERCMD "$@" -listen $N
fi

940
classes/ssl/ultravnc-102-JavaViewer-ssl-etc.patch
View File

File diff suppressed because it is too large Load Diff

2
x11vnc/8to24.c
Unescape View File

@ -1359,6 +1359,8 @@ static int get_cmap(int j, Colormap cmap) {
X_LOCK;
ncells = CellsOfScreen(ScreenOfDisplay(dpy, scr));
X_UNLOCK;
} else {
ncells = NCOLOR;
}
if (db24 > 1) fprintf(stderr, "get_cmap: %d 0x%x\n", j, (unsigned int) cmap);

7
x11vnc/ChangeLog
Unescape View File

@ -1,3 +1,10 @@
2008-09-06 Karl Runge <runge@karlrunge.com>
* x11vnc: kill gui_pid on exit in -connect/-connect_or_exit mode.
-grablocal n experiment (not compiled by default). -macuskbd
option for macosx for orig uskdb code. keycode=N remote contol
cmd. Find dpy look at non-NFS cookies in /tmp. Fix gui tray
insertion on recent gnome dt. Fix connect_file bug. Sync SSVNC
2008-06-07 Karl Runge <runge@karlrunge.com>
* x11vnc: -clip xineramaN option, -DIGNORE_GETSPNAM for HP-UX.
Print info on SSH_CONNECTION override.

2912
x11vnc/README
View File

File diff suppressed because it is too large Load Diff

17
x11vnc/connections.c
Unescape View File

@ -755,6 +755,10 @@ void client_gone(rfbClientPtr client) {
if (inetd && client == inetd_client) {
rfbLog("inetd viewer exited.\n");
if (gui_pid > 0) {
rfbLog("killing gui_pid %d\n", gui_pid);
kill(gui_pid, SIGTERM);
}
clean_up_exit(0);
}
if (connect_once) {
@ -779,6 +783,10 @@ void client_gone(rfbClientPtr client) {
}
rfbLog("viewer exited.\n");
if ((client_connect || connect_or_exit) && gui_pid > 0) {
rfbLog("killing gui_pid %d\n", gui_pid);
kill(gui_pid, SIGTERM);
}
clean_up_exit(0);
}
#ifdef MACOSX
@ -2423,6 +2431,10 @@ void reverse_connect(char *str) {
if (connect_or_exit) {
rfbLogEnable(1);
rfbLog("exiting under -connect_or_exit\n");
if (gui_pid > 0) {
rfbLog("killing gui_pid %d\n", gui_pid);
kill(gui_pid, SIGTERM);
}
clean_up_exit(0);
}
return;
@ -2458,6 +2470,10 @@ void reverse_connect(char *str) {
if (client_count <= nclients0) {
rfbLogEnable(1);
rfbLog("exiting under -connect_or_exit\n");
if (gui_pid > 0) {
rfbLog("killing gui_pid %d\n", gui_pid);
kill(gui_pid, SIGTERM);
}
clean_up_exit(0);
}
}
@ -2737,6 +2753,7 @@ void check_gui_inputs(void) {
static int turn_off_truecolor = 0;
static void turn_off_truecolor_ad(rfbClientPtr client) {
if (client) {}
if (turn_off_truecolor) {
rfbLog("turning off truecolor advertising.\n");
screen->serverFormat.trueColour = FALSE;

12
x11vnc/gui.c
Unescape View File

@ -25,6 +25,7 @@ Window tray_request = None;
Window tray_window = None;
int tray_unembed = 0;
pid_t run_gui_pid = 0;
pid_t gui_pid = 0;
char *get_gui_code(void);
@ -50,6 +51,10 @@ static Window tweak_tk_window_id(Window win) {
char *name = NULL;
Window parent, new;
if (getenv("NO_TWEAK_TK_WINDOW_ID")) {
return win;
}
/* hack for tk, does not report outermost window */
new = win;
parent = parent_window(win, &name);
@ -684,8 +689,10 @@ void do_gui(char *opts, int sleep) {
fprintf(icon_mode_fh, "none\n");
fflush(icon_mode_fh);
if (! got_connect_once) {
/* want -forever for tray */
connect_once = 0;
if (!client_connect && !connect_or_exit) {
/* want -forever for tray? */
connect_once = 0;
}
}
}
}
@ -707,6 +714,7 @@ void do_gui(char *opts, int sleep) {
}
if (connect_to_x11vnc) {
run_gui_pid = p;
gui_pid = p;
}
#else
fprintf(stderr, "system does not support fork: start "

1
x11vnc/gui.h
Unescape View File

@ -12,6 +12,7 @@ extern Window tray_request;
extern Window tray_window;
extern int tray_unembed;
extern pid_t run_gui_pid;
extern pid_t gui_pid;
extern char *get_gui_code(void);
extern int tray_embed(Window iconwin, int remove);

70
x11vnc/help.c
Unescape View File

@ -484,7 +484,7 @@ void print_help(int mode) {
" to plumb reverse connections.\n"
"\n"
"-connect_or_exit str As with -connect, except if none of the reverse\n"
" connections succeed, then x11vnc shutdowns immediately.\n"
" connections succeed, then x11vnc shuts down immediately\n"
"\n"
" By the way, if you do not want x11vnc to listen on\n"
" ANY interface use -rfbport 0 which is handy for the\n"
@ -628,6 +628,16 @@ void print_help(int mode) {
" use the -R remote control to turn the other back on,\n"
" e.g. -R nograbptr.\n"
"\n"
#ifdef ENABLE_GRABLOCAL
"-grablocal n If it appears that a user sitting at the physical\n"
" display has injected a keystroke or mouse event ignore\n"
" any VNC client inputs for the next n seconds. The idea\n"
" is that during a demonstration, etc, the local user\n"
" will not be interrupted by viewers accidentally moving\n"
" the mouse, etc. The detection of local user input is\n"
" approximate and so at times gives unexpected results.\n"
"\n"
#endif
"-viewpasswd string Supply a 2nd password for view-only logins. The -passwd\n"
" (full-access) password must also be supplied.\n"
"\n"
@ -3631,25 +3641,27 @@ void print_help(int mode) {
" You can also set the env. var X11VNC_UINPUT_DEBUG=1 or\n"
" higher to get debugging output for UINPUT mode.\n"
"\n"
"-macnodim For the native Mac OS X server, disable dimming. \n"
"-macnosleep For the native Mac OS X server, disable display sleep.\n"
"-macnosaver For the native Mac OS X server, disable screensaver.\n"
"-macnowait For the native Mac OS X server, do not wait for the\n"
"-macnodim For the native MacOSX server, disable dimming. \n"
"-macnosleep For the native MacOSX server, disable display sleep.\n"
"-macnosaver For the native MacOSX server, disable screensaver.\n"
"-macnowait For the native MacOSX server, do not wait for the\n"
" user to switch back to his display.\n"
"-macwheel n For the native Mac OS X server, set the mouse wheel\n"
"-macwheel n For the native MacOSX server, set the mouse wheel\n"
" speed to n (default 5).\n"
"-macnoswap For the native Mac OS X server, do not swap mouse\n"
"-macnoswap For the native MacOSX server, do not swap mouse\n"
" buttons 2 and 3.\n"
"-macnoresize For the native Mac OS X server, do not resize or reset\n"
"-macnoresize For the native MacOSX server, do not resize or reset\n"
" the framebuffer even if it is detected that the screen\n"
" resolution or depth has changed.\n"
"-maciconanim n For the native Mac OS X server, set n to the number\n"
"-maciconanim n For the native MacOSX server, set n to the number\n"
" of milliseconds that the window iconify/deiconify\n"
" animation takes. In -ncache mode this value will be\n"
" used to skip the animation if possible. (default 400)\n"
"-macmenu For the native Mac OS X server, in -ncache client-side\n"
"-macmenu For the native MacOSX server, in -ncache client-side\n"
" caching mode, try to cache pull down menus (not perfect\n"
" because they have animated fades, etc.)\n"
"-macuskbd For the native MacOSX server, use the original\n"
" keystroke insertion code based on a US keyboard.\n"
"\n"
"-gui [gui-opts] Start up a simple tcl/tk gui based on the the remote\n"
" control options -remote/-query described below.\n"
@ -3707,6 +3719,14 @@ void print_help(int mode) {
" fully functional, the gui mode should be \"start\"\n"
" (the default).\n"
"\n"
" Note that tray or icon mode will imply the -forever\n"
" x11vnc option (if the x11vnc server is started along\n"
" with the gui) unless -connect or -connect_or_exit has\n"
" been specified. So x11vnc (and the tray/icon gui)\n"
" will wait for more connections after the first client\n"
" disconnects. If you want only one viewer connection\n"
" include the -once option.\n"
"\n"
" For \"icon\" the gui just a small standalone window.\n"
" For \"tray\" it will attempt to embed itself in the\n"
" \"system tray\" if possible. If \"=setpass\" is appended then\n"
@ -4397,12 +4417,13 @@ void xopen_display_fail_message(char *disp) {
fprintf(stderr, "\n");
fprintf(stderr, "Some tips and guidelines:\n");
fprintf(stderr, "\n");
fprintf(stderr, " * An X server (the one you wish to view) must"
fprintf(stderr, "** An X server (the one you wish to view) must"
" be running before x11vnc is\n");
fprintf(stderr, " started: x11vnc does not start the X server. (however, see the\n");
fprintf(stderr, " recent -create option if that is what you really want).\n");
fprintf(stderr, " started: x11vnc does not start the X server. "
"(however, see the -create\n");
fprintf(stderr, " option if that is what you really want).\n");
fprintf(stderr, "\n");
fprintf(stderr, " * You must use -display <disp>, -OR- set and"
fprintf(stderr, "** You must use -display <disp>, -OR- set and"
" export your $DISPLAY\n");
fprintf(stderr, " environment variable to refer to the display of"
" the desired X server.\n");
@ -4414,7 +4435,7 @@ void xopen_display_fail_message(char *disp) {
" or a guru if you are having\n");
fprintf(stderr, " difficulty determining what your X DISPLAY is.\n");
fprintf(stderr, "\n");
fprintf(stderr, " * Next, you need to have sufficient permissions"
fprintf(stderr, "** Next, you need to have sufficient permissions"
" (Xauthority) \n");
fprintf(stderr, " to connect to the X DISPLAY. Here are some"
" Tips:\n");
@ -4438,7 +4459,7 @@ void xopen_display_fail_message(char *disp) {
" -display :0\n");
fprintf(stderr, " you must have read permission for the auth file.\n");
fprintf(stderr, "\n");
fprintf(stderr, " - If NO ONE is logged into an X session yet, but"
fprintf(stderr, "** If NO ONE is logged into an X session yet, but"
" there is a greeter login\n");
fprintf(stderr, " program like \"gdm\", \"kdm\", \"xdm\", or"
" \"dtlogin\" running, you will need\n");
@ -4447,18 +4468,21 @@ void xopen_display_fail_message(char *disp) {
fprintf(stderr, " Some examples for various display managers:\n");
fprintf(stderr, "\n");
fprintf(stderr, " gdm: -auth /var/gdm/:0.Xauth\n");
fprintf(stderr, " -auth /var/lib/gdm/:0.Xauth\n");
fprintf(stderr, " kdm: -auth /var/lib/kdm/A:0-crWk72\n");
fprintf(stderr, " -auth /var/run/xauth/A:0-crWk72\n");
fprintf(stderr, " xdm: -auth /var/lib/xdm/authdir/authfiles/A:0-XQvaJk\n");
fprintf(stderr, " dtlogin: -auth /var/dt/A:0-UgaaXa\n");
fprintf(stderr, "\n");
fprintf(stderr, " Sometimes the command \"ps wwwwaux | grep auth\""
" can reveal the file location.\n");
fprintf(stderr, "\n");
fprintf(stderr, " Only root will have read permission for the"
" file, and so x11vnc must be run\n");
fprintf(stderr, " as root. The random characters in the filenames"
" will of course change,\n");
fprintf(stderr, " and the directory the cookie file resides in may"
" also be system dependent.\n");
fprintf(stderr, " Sometimes the command \"ps wwwaux | grep auth\""
" can reveal the file location.\n");
fprintf(stderr, " as root (or copy it). The random characters in the filenames"
" will of course\n");
fprintf(stderr, " change and the directory the cookie file resides in"
" is system dependent.\n");
fprintf(stderr, "\n");
fprintf(stderr, "See also: http://www.karlrunge.com/x11vnc/#faq\n");
}
@ -4474,7 +4498,7 @@ void nopassword_warning_msg(int gotloc) {
"#@ YOU ARE RUNNING X11VNC WITHOUT A PASSWORD!! @#\n"
"#@ @#\n"
"#@ This means anyone with network access to this computer @#\n"
"#@ will be able to view and control your desktop. @#\n"
"#@ may be able to view and control your desktop. @#\n"
"#@ @#\n"
"#@ >>> If you did not mean to do this Press CTRL-C now!! <<< @#\n"
"#@ @#\n"

2
x11vnc/keyboard.c
Unescape View File

@ -3149,6 +3149,7 @@ void keyboard(rfbBool down, rfbKeySym keysym, rfbClientPtr client) {
last_rfb_down = down;
last_rfb_keysym = keysym;
last_rfb_keytime = tnow;
last_rfb_key_injected = dnow();
got_user_input++;
got_keyboard_input++;
@ -3176,6 +3177,7 @@ void keyboard(rfbBool down, rfbKeySym keysym, rfbClientPtr client) {
last_rfb_down = down;
last_rfb_keysym = keysym;
last_rfb_keytime = tnow;
last_rfb_key_injected = dnow();
got_user_input++;
got_keyboard_input++;

11
x11vnc/macosxCG.c
Unescape View File

@ -31,6 +31,7 @@ int macosxCG_get_cursor_pos(int *x, int *y);
int macosxCG_get_cursor(void);
void macosxCG_init_key_table(void);
void macosxCG_key_inject(int down, unsigned int keysym);
void macosxCG_keycode_inject(int down, int keycode);
CGDirectDisplayID displayID = 0;
@ -595,6 +596,14 @@ void macosxCG_init_key_table(void) {
}
extern void init_key_table(void);
extern int macosx_us_kbd;
void macosxCG_keycode_inject(int down, int keycode) {
CGKeyCode keyCode = (CGKeyCode) keycode;
CGCharCode keyChar = 0;
CGPostKeyboardEvent(keyChar, keyCode, down);
}
void macosxCG_key_inject(int down, unsigned int keysym) {
CGKeyCode keyCode = keyTable[(unsigned short)keysym];
@ -606,7 +615,7 @@ void macosxCG_key_inject(int down, unsigned int keysym) {
init_key_table();
if (keysym < 0xFF) {
if (keysym < 0xFF && macosx_us_kbd) {
keyChar = (CGCharCode) keysym;
}
if (keyCode == 0xFFFF) {

1
x11vnc/macosxCG.h
Unescape View File

@ -20,6 +20,7 @@ extern int macosxCG_get_cursor_pos(int *x, int *y);
extern int macosxCG_get_cursor(void);
extern void macosxCG_init_key_table(void);
extern void macosxCG_key_inject(int down, unsigned int keysym);
extern void macosxCG_keycode_inject(int down, int keycode);
extern void macosxCG_refresh_callback_off(void);
extern void macosxCG_refresh_callback_on(void);

138
x11vnc/misc/enhanced_tightvnc_viewer/README
Unescape View File

@ -29,7 +29,7 @@ survey http://rechten.uvt.nl/koops/cryptolaw/index.htm for useful
information.
All work done by Karl J. Runge in this project is
Copyright (c) 2006-2007 Karl J. Runge and is licensed under the GPL as
Copyright (c) 2006-2008 Karl J. Runge and is licensed under the GPL as
described in the file COPYING in this directory.
All the files and information in this project are provided "AS IS"
@ -66,23 +66,30 @@ The enhanced TightVNC viewer features are:
- Create or Import SSL Certificates and Private Keys.
- Reverse (viewer listening) VNC connections via SSL and SSH.
- Support for Web Proxies, SOCKS Proxies, and the UltraVNC
repeater proxy (e.g. repeater://host:port+ID:1234). Multiple
proxies may be chained together (3 max).
- Support for SSH Gateway connections and non-standard SSH ports.
- You can also use your own VNC Viewer, e.g. UltraVNC or RealVNC,
with the front-end GUI or scripts if you like.
- Automatic Service tunnelling via SSH for CUPS and SMB Printing,
ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem mounting.
- Sets up any additional SSH port redirections that you want.
- Port Knocking for "closed port" SSH/SSL connections. In addition
to a simple fixed port sequence and one-time-pad implementation,
a hook is also provided to run any port knocking client before a
connecting.
- You can also use your own VNC Viewer, e.g. UltraVNC or RealVNC,
with the front-end GUI or scripts if you like.
- Sets up any additional SSH port redirections that you want.
- Support for native MacOS X usage with bundled Chicken of the
VNC viewer.
- Reverse (viewer listening) VNC connections via SSL and SSH.
VNC viewer (the Unix X11 viewer is also provided for MacOS X,
and is better IMHO).
- Dynamic VNC Server Port determination and redirection (using
ssh's builtin SOCKS proxy, -D) for servers like x11vnc that
@ -116,6 +123,16 @@ The enhanced TightVNC viewer features are:
(java must be in $PATH). Note that x11vnc supports UltraVNC
file transfer.
- Connection support for the UltraVNC repeater proxy (-repeater
option).
- Support for UltraVNC Single Click operation. (both unencrypted:
SC I, and SSL encrypted: SC III)
- Instead of hostname:display one can also supply "exec=command args..."
to connect the viewer to the stdio of an external command
(e.g. stunnel or socat) rather than using a TCP/IP socket.
- Extremely low color modes: 64 and 8 colors in 8bpp
(-use64/-bgr222, -use8/-bgr111)
@ -391,7 +408,7 @@ If you need to Build:
If your OS/arch is not included or the provided binary has the wrong
library dependencies, etc. the script "build.unix" may be able to
successfully build on for you and deposit the binaries down in ./bin/...
using the included source code.
using the included source code. It is a hack but usually works.
You MUST run the build.unix script from this directory (that this toplevel
README is in, i.e "ssvnc") and like this:
@ -401,9 +418,30 @@ README is in, i.e "ssvnc") and like this:
To use custom locations for libraries see the LDFLAGS_OS and CPPFLAGS_OS
description at the top of the build.unix script.
You can set these env. vars to customize the build:
SSVNC_BUILD_NO_STATIC=1 do not try to statically link libs
SSVNC_BUILD_FORCE_OVERWRITE=1 do not prompt about existing binaries
SSVNC_BUILD_SKIP_VIEWER=1 do not build vncviewer
SSVNC_BUILD_SKIP_STUNNEL=1 do not build stunnel
SSVNC_BUILD_ULTRAFTP=1 only build the file xfer helper jar
here is an example to build only the vncviewer and with normal library
linking (and in a more or less automated way):
env SSVNC_BUILD_NO_STATIC=1 SSVNC_BUILD_FORCE_OVERWRITE=1 SSVNC_BUILD_SKIP_STUNNEL=1 ./build.unix
Feel free to ask us if you need help running ./build.unix
Convential Build:
A more conventional source tarball is provided in ssvnc-x.y.z.src.tar.gz.
It uses a more or less familiar 'make config; make all; make install'
method. It does not include stunnel, so that must be installed on the
system separately.
The programs:
------------
@ -519,6 +557,86 @@ as long as you install external vncviewer and stunnel packages:
ssvnc_unix_minimal-1.x.y.tar.gz
Untrusted Local Users:
---------------------
*IMPORTANT WARNING*: If you run SSVNC on a workstation or computer
that other users can log into and you DO NOT TRUST these users
(it is a shame but sometimes one has to work in an environment like
this), then please note the following warning.
By 'do not trust' we mean they might try to gain access to remote
machines you connect to via SSVNC. Note that an untrusted local
user can often obtain root access in a short amount of time; if a
user has acheived that, then all bets are off for ANYTHING that you
do on the workstation. It is best to get rid of Untrusted Local
Users as soon as possible.
Both the SSL and SSH tunnels set up by SSVNC listen on certain ports
on the 'localhost' address and redirect TCP connections to the remote
machine; usually the VNC server running there (but it could also be
another service, e.g. CUPS printing). These are the stunnel(8) SSL
redirection and the ssh(1) '-L' port redirection. Because 'localhost'
is used only users or programs on the same workstation that is
running SSVNC can connect to these ports, however this includes any
local users (not just the user running SSVNC.)
If the untrusted local user tries to connect to these ports, he may
succeed in varying degrees to gain access to the remote machine.
We now list some safeguards one can put in place to try to make this
more difficult to acheive.
It probably pays to have the VNC server require a password, even
though there has already been SSL or SSH authentication (via
certificates or passwords). In general if the VNC Server requires
SSL authentication of the viewer that helps, unless the untrusted
local user has gained access to your SSVNC certificate keys.
If the VNC server is configured to only allow one viewer connection
at a time, then the window of opportunity that the untrusted local
user can use is greatly reduced: he might only have a second or two
between the tunnel being set up and the SSVNC vncviewer connecting
to it (i.e. if the VNC server only allows a single connection, the
untrusted local user cannot connect once your session is established).
Similarly, when you disconnect the tunnel is torn down quickly and
there is little or no window of opportunity to connect (e.g. x11vnc
in its default mode exits after the first client disconnects).
Also for SSL tunnelling with stunnel(8) on Unix using one of the SSVNC
prebuilt 'bundles', a patched stunnel is provided that denies all
connections after the first one, and exits when the first one closes.
This is not true if the system installed stunnel(8) is used and is
not true when using SSVNC on Windows.
The following are two experimental features that are added to SSVNC
to improve the situation for the SSL/stunnel case. Set them via
Options -> Advanced -> "STUNNEL Local Port Protections".
1) For SSL tunnelling with stunnel(8) on Unix there is a setting
'Use stunnel EXEC mode' (experimental) that will try to exec(2)
stunnel instead of using a listening socket. This will require
using the specially modified vncviewer unix viewer provided
by SSVNC. If this mode proves stable it will become the default.
2) For SSL tunnelling with stunnel(8) on Unix there is a setting
'Use stunnel IDENT check' (experimental) to limit socket
connections to be from you (this assumes the untrusted local
user has not become root on your workstation and has modified
your local IDENT check service; if he has you have much bigger
problems to worry about...)
There is also one simple LD_PRELOAD trick for SSH to limit the number
of accepted port redirection connections. This makes the window of
time the untrusted local user can connect to the tunnel much smaller.
Enable it via Options -> Advanced -> "SSH Local Port Protections".
You will need to have the lim_accept.so file in your SSVNC package.
The main message is to 'Watch your Back' when you connect via the
SSVNC tunnels and there are users you don't trust on your workstation.
The same applies to ANY use of SSH '-L' port redirections or outgoing
stunnel SSL redirection services.
Help and Info:
-------------

1
x11vnc/misc/enhanced_tightvnc_viewer/Windows/sshvnc.bat
Unescape View File

@ -0,0 +1 @@
start ssvnc.exe -ssh %1 %2 %3 %4 %5 %6 %7 %8 %9

1
x11vnc/misc/enhanced_tightvnc_viewer/Windows/tsvnc.bat
Unescape View File

@ -0,0 +1 @@
start ssvnc.exe -ts %1 %2 %3 %4 %5 %6 %7 %8 %9

7
x11vnc/misc/enhanced_tightvnc_viewer/bin/sshvnc
Unescape View File

@ -0,0 +1,7 @@
#!/bin/sh
#
# wrapper for SSH_ONLY mode
#
PATH=`dirname "$0"`:$PATH; export PATH
SSVNC_SSH_ONLY=1; export SSVNC_SSH_ONLY
exec ssvnc -ssh "$@"

6
x11vnc/misc/enhanced_tightvnc_viewer/bin/ssvnc
Unescape View File

@ -79,7 +79,11 @@ nearby=0
if [ -x "$dir/vncviewer" -a -x "$dir/stunnel" ]; then
nearby=1
fi
if [ ! -d "$dir/$name" -a $nearby = 0 ]; then
if [ "X$name" = "X." ]; then
:
#type vncviewer
#type stunnel
elif [ ! -d "$dir/$name" -a $nearby = 0 ]; then
echo
echo "Cannot find platform dir for your OS `uname -sm`:"
echo

34
x11vnc/misc/enhanced_tightvnc_viewer/bin/ssvnc_cmd
Unescape View File

@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com>
# Copyright (c) 2006-2008 by Karl J. Runge <runge@karlrunge.com>
#
# ssvnc_cmd:
#
@ -23,9 +23,15 @@
#
# Usage:
#
# ssvnc_cmd [ss_vncviewer-args] hostname:N [tightvncviewer-args]
# ssvnc_cmd [ss_vncviewer-args] hostname:N [vncviewer-args]
#
# "hostname:N" is the host and VNC display to connect to, e.g. snoopy:0
# if, instead, this script is named "tightvncviewer" it calls the
# vncviewer directly and must be invoked as:
#
# tightvncviewer [vncviewer-args] hostname:N
#
# In both cases, "hostname:N" is the host and VNC display to connect to,
# e.g. snoopy:0
#
# See the script util/ss_vncviewer for details about its arguments:
#
@ -35,6 +41,8 @@
# -alpha
# -grab
#
# N.B. if this script is named "tightvncviewer" the vncviewer is called
# directly, and there won't be any SSL or SSH encryption tunnels.
#
# If the *very first* argument is "-cotvnc" then it is assumed you are on
# Darwin and want to run the Chicken of the VNC viewer via our wrapper.
@ -75,9 +83,12 @@
# Option names may be abbreviated, e.g. -bgr instead of -bgr233.
# See the manual page for more information.
#
# Note: the enhanced tightvnc viewer (SSVNC) has many more options, run
# this script as "ssvnc_cmd Vnc://a:0 -help" or "tightvncviewer -help"
# to seem them.
if [ "X$1" = "X-h" -o "X$1" = "X-help" -o "X$1" = "X--help" ]; then
head -76 "$0" | grep -v bin/sh
if [ "X$1" = "X-h" -o "X$1" = "X-helpxxx" -o "X$1" = "X--help" ]; then
tail -n +2 "$0" | sed -e '/^$/ q' -e 's/^#//'
exit
fi
@ -145,12 +156,20 @@ do
done
dir=`dirname "$f"`
PATH="$dir:$PATH"
SSVNC_BASEDIR="$dir"
export SSVNC_BASEDIR
SSVNC_UNAME="$name"
export SSVNC_UNAME
nearby=0
if [ -x "$dir/vncviewer" -a -x "$dir/stunnel" ]; then
nearby=1
fi
if [ ! -d "$dir/$name" -a $nearby = 0 ]; then
if [ "X$name" = "X." ]; then
:
#type vncviewer
#type stunnel
elif [ ! -d "$dir/$name" -a $nearby = 0 ]; then
echo
echo "Cannot find platform dir for your OS `uname -sm`:"
echo
@ -223,6 +242,9 @@ fi
#
#
if [ $use_ours = 1 ]; then
# avoid system vncviewer app-defaults
#XFILESEARCHPATH="/tmp/path/nowhere"; export XFILESEARCHPATH
if [ "X$base" = "Xtightvncviewer" ]; then
$VNCVIEWERCMD -encodings 'copyrect tight zrle zlib hextile' "$@"
else

7
x11vnc/misc/enhanced_tightvnc_viewer/bin/tsvnc
Unescape View File

@ -0,0 +1,7 @@
#!/bin/sh
#
# wrapper for TS_ONLY mode
#
PATH=`dirname "$0"`:$PATH; export PATH
SSVNC_TS_ONLY=1; export SSVNC_TS_ONLY
exec ssvnc -ts "$@"

110
x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
Unescape View File

@ -447,6 +447,9 @@ findfree() {
# removes files, etc.
final() {
echo ""
if [ "X$tmp_cfg" != "X" ]; then
rm -f $tmp_cfg
fi
if [ "X$SS_VNCVIEWER_RM" != "X" ]; then
rm -f $SS_VNCVIEWER_RM 2>/dev/null
fi
@ -1012,6 +1015,24 @@ if [ "X$use_ssh" = "X1" ]; then
# let user override ssh via $SSH
ssh=${SSH:-"ssh -x"}
if [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" ]; then
SSVNC_LIM_ACCEPT_PRELOAD="$SSVNC_BASEDIR/$SSVNC_UNAME/$SSVNC_LIM_ACCEPT_PRELOAD"
fi
if [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" ]; then
echo ""
echo "SSVNC_LIM_ACCEPT_PRELOAD=$SSVNC_LIM_ACCEPT_PRELOAD"
fi
if [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" -a -f "$SSVNC_LIM_ACCEPT_PRELOAD" ]; then
plvar=LD_PRELOAD
if uname | grep Darwin >/dev/null; then
plvar="DYLD_FORCE_FLAT_NAMESPACE=1 DYLD_INSERT_LIBRARIES"
fi
ssh="env $plvar=$SSVNC_LIM_ACCEPT_PRELOAD $ssh"
else
SSVNC_LIM_ACCEPT_PRELOAD=""
fi
if echo "$proxy" | egrep '(http|https|socks|socks4|socks5)://' > /dev/null; then
# Handle Web or SOCKS proxy(ies) for the initial connect.
Kecho host=$host
@ -1328,10 +1349,11 @@ Kecho proxy=$proxy
c=0
pssh=""
mssh=`echo "$ssh" | sed -e 's/^env.*ssh/ssh/'`
while [ $c -lt 30 ]
do
p=`expr $pmark + $c`
if ps -p "$p" 2>&1 | grep "$ssh" > /dev/null; then
if ps -p "$p" 2>&1 | grep "$mssh" > /dev/null; then
pssh=$p
break
fi
@ -1339,6 +1361,8 @@ Kecho proxy=$proxy
done
if [ "X$getport" != "X" ]; then
:
elif [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" ] ; then
sleep 2
elif [ "X$ssh_cmd" = "Xsleep $ssh_sleep" ] ; then
#echo T sleep 1
sleep 1
@ -1523,9 +1547,11 @@ if [ "X$direct_connect" != "X" ]; then
exit $?
fi
tmp=/tmp/ss_vncviewer${RANDOM}.$$
mytmp "$tmp"
tmp_cfg=/tmp/ss_vncviewer${RANDOM}.$$
mytmp "$tmp_cfg"
# make_tcert is no longer invoked via the ssvnc gui (Listen mode).
# make_tcert is for testing only now via -mycert BUILTIN
make_tcert() {
tcert="/tmp/tcert${RANDOM}.$$"
cat > $tcert <<END
@ -1584,37 +1610,50 @@ END
echo "$tcert"
}
stunnel_exec=""
if echo $STUNNEL_EXTRA_SVC_OPTS | grep '#stunnel-exec' > /dev/null; then
stunnel_exec="#"
fi
if [ "X$reverse" = "X" ]; then
if echo "$proxy" | grep repeater:// > /dev/null; then
if [ "X$cert" = "X" ]; then
if [ "X$cert" = "XBUILTIN" ]; then
ttcert=`make_tcert`
cert="cert = $ttcert"
fi
# Note for listen mode, an empty cert will cause stunnel to fail.
# The ssvnc gui will have already taken care of this.
fi
cat > "$tmp" <<END
cat > "$tmp_cfg" <<END
foreground = yes
pid =
client = yes
debug = 6
$STUNNEL_EXTRA_OPTS
$STUNNEL_EXTRA_OPTS_USER
$verify
$cert
[vnc_stunnel]
accept = loc