libtdevnc/x11vnc/ssltools.h

#ifndef _SSLTOOLS_H
#define _SSLTOOLS_H

/* quoted scripts, edit source not this file. */


char genCA[] = 
"#!/bin/sh\n"
"\n"
"DIR=$BASE_DIR\n"
"if [ \"x$DIR\" = \"x\" ]; then\n"
"	DIR=\"$HOME/dotkjr_vnc/certs\"\n"
"	rm -rf \"$DIR\"\n"
"fi\n"
"if echo \"$DIR\" | grep '^/' > /dev/null; then\n"
"        :\n"
"else\n"
"        DIR=\"`pwd`/$DIR\"\n"
"fi\n"
"\n"
"PATH=/usr/bin:/bin:/usr/sbin:$PATH; export PATH\n"
"if [ \"x$OPENSSL\" = \"x\" ]; then\n"
"	OPENSSL=\"openssl\"\n"
"fi\n"
"\n"
"type \"$OPENSSL\" > /dev/null	|| exit 1\n"
"\n"
"if [ -f \"$DIR/CA/cacert.pem\" ]; then\n"
"	echo \"Files will be overwritten in $DIR/CA\"\n"
"	printf \"Continue? [y]/n \"\n"
"	read x\n"
"	if [ \"x$x\" = \"xn\" ]; then\n"
"		exit 1;\n"
"	fi\n"
"fi\n"
"\n"
"#mkdir -p \"$DIR/HASH\"		|| exit 1\n"
"mkdir -p \"$DIR/clients\"		|| exit 1\n"
"#mkdir -p \"$DIR/clients/HASH\"	|| exit 1\n"
"mkdir -p \"$DIR/CA/certs\"	|| exit 1\n"
"mkdir -p \"$DIR/CA/crl\"		|| exit 1\n"
"mkdir -p \"$DIR/CA/newcerts\"	|| exit 1\n"
"mkdir -p \"$DIR/CA/private\"	|| exit 1\n"
"chmod go-rwx \"$DIR/CA/private\"	|| exit 1\n"
"mkdir -p \"$DIR/tmp\"		|| exit 1\n"
"chmod go-rwx \"$DIR/tmp\"		|| exit 1\n"
"touch \"$DIR/CA/index.txt\"	|| exit 1\n"
"if [ ! -f \"$DIR/CA/serial\" ]; then\n"
"	echo \"01\" > \"$DIR/CA/serial\"	|| exit 1\n"
"fi\n"
"\n"
"cnf='\n"
"HOME			= .\n"
"RANDFILE		= $ENV::HOME/.rnd\n"
"\n"
"####################################################################\n"
"[ ca ]\n"
"default_ca	= CA_default		# The default ca section\n"
"\n"
"####################################################################\n"
"[ CA_default ]\n"
"\n"
"dir		= ./CA			# Where everything is kept\n"
"certs		= $dir/certs		# Where the issued certs are kept\n"
"crl_dir		= $dir/crl		# Where the issued crl are kept\n"
"database	= $dir/index.txt	# database index file.\n"
"new_certs_dir	= $dir/newcerts		# default place for new certs.\n"
"certificate	= $dir/cacert.pem 	# The CA certificate\n"
"serial		= $dir/serial 		# The current serial number\n"
"crl		= $dir/crl.pem 		# The current CRL\n"
"private_key	= $dir/private/cakey.pem # The private key\n"
"RANDFILE	= $dir/private/.rand	# private random number file\n"
"\n"
"x509_extensions	= usr_cert		# The extentions to add to the cert\n"
"\n"
"name_opt 	= ca_default		# Subject Name options\n"
"cert_opt 	= ca_default		# Certificate field options\n"
"\n"
"default_days	= 365			# how long to certify for\n"
"default_crl_days= 30			# how long before next CRL\n"
"default_md	= md5			# which md to use.\n"
"preserve	= no			# keep passed DN ordering\n"
"\n"
"policy		= policy_match\n"
"\n"
"# For the CA policy\n"
"[ policy_match ]\n"
"countryName		= match\n"
"stateOrProvinceName	= match\n"
"organizationName	= match\n"
"organizationalUnitName	= optional\n"
"commonName		= supplied\n"
"emailAddress		= optional\n"
"\n"
"[ policy_anything ]\n"
"countryName		= optional\n"
"stateOrProvinceName	= optional\n"
"localityName		= optional\n"
"organizationName	= optional\n"
"organizationalUnitName	= optional\n"
"commonName		= supplied\n"
"emailAddress		= optional\n"
"\n"
"####################################################################\n"
"[ req ]\n"
"default_bits		= 2048\n"
"default_keyfile 	= privkey.pem\n"
"distinguished_name	= req_distinguished_name\n"
"attributes		= req_attributes\n"
"x509_extensions	= v3_ca	# The extentions to add to the self signed cert\n"
"\n"
"string_mask = nombstr\n"
"\n"
"# req_extensions = v3_req # The extensions to add to a certificate request\n"
"\n"
"[ req_distinguished_name ]\n"
"countryName			= Country Name (2 letter code)\n"
"countryName_default		= AU\n"
"countryName_min			= 2\n"
"countryName_max			= 2\n"
"\n"
"stateOrProvinceName		= State or Province Name (full name)\n"
"stateOrProvinceName_default	= mystate\n"
"\n"
"localityName			= Locality Name (eg, city)\n"
"\n"
"0.organizationName		= Organization Name (eg, company)\n"
"0.organizationName_default	= x11vnc server CA\n"
"\n"
"organizationalUnitName		= Organizational Unit Name (eg, section)\n"
"\n"
"commonName			= Common Name (eg, YOUR name)\n"
"commonName_default		= %USER x11vnc server CA\n"
"commonName_max			= 64\n"
"\n"
"emailAddress			= Email Address\n"
"emailAddress_default		= x11vnc@CA.nowhere\n"
"emailAddress_max		= 64\n"
"\n"
"[ req_attributes ]\n"
"challengePassword		= A challenge password\n"
"challengePassword_min		= 4\n"
"challengePassword_max		= 20\n"
"\n"
"unstructuredName		= An optional company name\n"
"\n"
"[ usr_cert ]\n"
"\n"
"basicConstraints=CA:FALSE\n"
"\n"
"nsComment			= \"OpenSSL Generated Certificate\"\n"
"\n"
"subjectKeyIdentifier=hash\n"
"authorityKeyIdentifier=keyid,issuer:always\n"
"\n"
"[ v3_req ]\n"
"\n"
"basicConstraints = CA:FALSE\n"
"keyUsage = nonRepudiation, digitalSignature, keyEncipherment\n"
"\n"
"[ v3_ca ]\n"
"\n"
"subjectKeyIdentifier=hash\n"
"\n"
"authorityKeyIdentifier=keyid:always,issuer:always\n"
"\n"
"basicConstraints = CA:true\n"
"\n"
"[ crl_ext ]\n"
"\n"
"authorityKeyIdentifier=keyid:always,issuer:always\n"
"\n"
"'\n"
"selfcnf='\n"
"####################################################################\n"
"[ req ]\n"
"default_bits		= 2048\n"
"encrypt_key		= yes\n"
"distinguished_name	= req_distinguished_name\n"
"x509_extensions		= cert_type\n"
"\n"
"[ req_distinguished_name ]\n"
"countryName			= Country Name (2 letter code)\n"
"countryName_default		= AU\n"
"countryName_min			= 2\n"
"countryName_max			= 2\n"
"\n"
"stateOrProvinceName		= State or Province Name (full name)\n"
"stateOrProvinceName_default	= mystate\n"
"\n"
"localityName			= Locality Name (eg, city)\n"
"\n"
"0.organizationName		= Organization Name (eg, company)\n"
"0.organizationName_default	= x11vnc server self-signed\n"
"\n"
"organizationalUnitName		= Organizational Unit Name (eg, section)\n"
"\n"
"commonName			= Common Name (eg, YOUR name)\n"
"commonName_default		= x11vnc server self-signed %NAME\n"
"commonName_max			= 64\n"
"\n"
"emailAddress			= Email Address\n"
"emailAddress_default		= x11vnc@self-signed.nowhere\n"
"emailAddress_max		= 64\n"
"\n"
"[ cert_type ]\n"
"nsCertType = server\n"
"\n"
"'\n"
"echo \"$cnf\" | sed -e \"s/%USER/$USER/\" \\\n"
"	> \"$DIR/CA/ssl.cnf\" || exit 1\n"
"echo \"$cnf\" | sed -e \"s/%USER *//\" -e 's/server CA/server %NAME/g' -e 's/@CA/@server/' \\\n"
"	> \"$DIR/CA/ssl.cnf.server\" || exit 1\n"
"echo \"$cnf\" | sed -e \"s/%USER *//\" -e 's/server CA/client %NAME/g' -e 's/@CA/@client/' \\\n"
"	> \"$DIR/CA/ssl.cnf.client\" || exit 1\n"
"\n"
"echo \"$selfcnf\" > \"$DIR/CA/self.cnf.server\" || exit 1\n"
"echo \"$selfcnf\" | sed -e 's/ server/ client/g' \\\n"
"	> \"$DIR/CA/self.cnf.client\" || exit 1\n"
"\n"
"cd \"$DIR\"	|| exit 1\n"
"\n"
"echo \"\"\n"
"echo \"----------------------------------------------------------------------\"\n"
"echo \"Generating your x11vnc CA (certificate authority) key and certificate:\"\n"
"echo \"\"\n"
"echo \"Please supply a passphrase and any other information you care to.\"\n"
"echo \"----------------------------------------------------------------------\"\n"
"echo \"\"\n"
"\n"
"\"$OPENSSL\" req -config \"$DIR/CA/ssl.cnf\" -new -x509 \\\n"
"	-keyout \"$DIR/CA/private/cakey.pem\" \\\n"
"	-out \"$DIR/CA/cacert.pem\"\n"
"\n"
"chmod go-rwx \"$DIR/CA/private/cakey.pem\"\n"
"\n"
"if [ $? != 0 ]; then\n"
"	echo \"openssl failed.\"\n"
"	exit 1\n"
"fi\n"
"\n"
"echo \"\"\n"
"echo \"----------------------------------------------------------------------\"\n"
"echo \"Your public x11vnc CA cert is:\"\n"
"echo \"\"\n"
"echo \"        $DIR/CA/cacert.pem\"\n"
"echo \"\"\n"
"echo \"   It may be copied to other applications, e.g. Web browser, Java\"\n"
"echo \"   Applet keystore, or stunnel cfg, to use to verify signed server\"\n"
"echo \"   or client certs, etc.\"\n"
"echo \"\"\n"
"echo \"Your private x11vnc CA key is:\"\n"
"echo \"\"\n"
"echo \"        $DIR/CA/private/cakey.pem\"\n"
"echo \"\"\n"
"echo \"   It will be used to sign server or client certs, keep it secret.\"\n"
"echo \"----------------------------------------------------------------------\"\n"
"echo \"\"\n"
"printf \"Press Enter to print the cacert.pem certificate to the screen: \"\n"
"read x\n"
"echo \"\"\n"
"cat \"$DIR/CA/cacert.pem\"\n"
;

char genCert[] = 
"#!/bin/sh\n"
"\n"
"direrror() {\n"
"	echo \"\"\n"
"	echo \"You need first to run:\"\n"
"	echo \"\"\n"
"	if echo \"$DIR\" | grep '/\\.vnc/certs' > /dev/null; then\n"
"		echo \"	x11vnc -sslGenCA\"\n"
"	else\n"
"		echo \"	x11vnc -sslGenCA $DIR\"\n"
"	fi\n"
"	echo \"\"\n"
"	echo \"to create the CA cert file and other needed config files and directories.\"\n"
"	echo \"\"\n"
"	echo \"Then you can run: x11vnc -sslGenCert $type $name0\"\n"
"	echo \"\"\n"
"	if [ \"X$1\" != \"X\" ]; then\n"
"		echo \"(missing file/dir: $1)\"\n"
"		echo \"\"\n"
"	fi\n"
"	exit 1\n"
"}\n"
"\n"
"make_HASH() {\n"
"	crt=\"$1\"\n"
"	remove=\"$2\"\n"
"	if [ ! -f \"$crt\" ]; then\n"
"		return\n"
"	fi\n"
"	dirhash=`dirname \"$crt\"`/HASH\n"
"	bashash=`basename \"$crt\"`\n"
"	if [ ! -d \"$dirhash\" ]; then\n"
"		return\n"
"	fi\n"
"	hash=`\"$OPENSSL\" x509 -hash -noout -in \"$crt\" 2>/dev/null | head -1`\n"
"	if [ \"X$hash\" != \"X\" ]; then\n"
"		for i in 0 1 2 3 4 5 6 7 8 9\n"
"		do\n"
"			lnk=\"$dirhash/$hash.$i\"\n"
"			if [ \"X$remove\" = \"X1\" ]; then\n"
"				if [ -h \"$lnk\" ]; then\n"
"					if cmp \"$lnk\" \"$crt\" > /dev/null 2>&1; then\n"
"						ls -l \"$lnk\"\n"
"						rm -i \"$lnk\"\n"
"					fi\n"
"				fi\n"
"			else\n"
"				if [ -h \"$lnk\" ]; then\n"
"					if [ ! -f \"$lnk\" ]; then\n"
"						rm -f \"$lnk\" 1>/dev/null 2>&1\n"
"					else\n"
"						continue\n"
"					fi\n"
"				fi\n"
"				if [ \"x$HASH_verbose\" = \"x1\" ]; then\n"
"					echo \"creating: $lnk -> ../$bashash\"\n"
"				fi\n"
"				ln -s \"../$bashash\" \"$lnk\"\n"
"				break\n"
"			fi\n"
"		done\n"
"	fi\n"
"}\n"
"\n"
"create_key() {\n"
"	\n"
"	echo \"----------------------------------------------------------------------\"\n"
"	echo \"Creating new x11vnc certificate and key for name: $type $name0\"\n"
"	echo \"\"\n"
"\n"
"	cnf=\"$DIR/tmp/cnf.$$\"\n"
"	trap \"rm -f \\\"$cnf\\\"\" 0 1 2 15\n"
"\n"
"	rm -f \"$DIR/$dest.key\" \"$DIR/$dest.crt\" \"$DIR/$dest.req\"\n"
"\n"
"	if [ \"x$self\" = \"x1\" ]; then\n"
"		if [ ! -f \"$DIR/CA/self.cnf.$type\" ]; then\n"
"			direrror \"$DIR/CA/self.cnf.$type\"\n"
"		fi\n"
"		cat \"$DIR/CA/self.cnf.$type\" | sed -e \"s/%NAME/$name0/\" > \"$cnf\" || exit 1\n"
"		\"$OPENSSL\" req -config \"$cnf\" -nodes -new -newkey rsa:2048 -x509 $REQ_ARGS \\\n"
"			-keyout \"$DIR/$dest.key\" \\\n"
"			-out    \"$DIR/$dest.crt\"\n"
"	else\n"
"		if [ ! -f \"$DIR/CA/ssl.cnf.$type\" ]; then\n"
"			direrror \"$DIR/CA/ssl.cnf.$type\"\n"
"		fi\n"
"		cat \"$DIR/CA/ssl.cnf.$type\" | sed  -e \"s/%NAME/$name0/\" > \"$cnf\" || exit 1\n"
"		\"$OPENSSL\" req -config \"$cnf\" -nodes -new -newkey rsa:2048 $REQ_ARGS \\\n"
"			-keyout \"$DIR/$dest.key\" \\\n"
"			-out    \"$DIR/$dest.req\"\n"
"	fi\n"
"	rc=$?\n"
"	if [ -f \"$DIR/$dest.key\" ]; then\n"
"		chmod go-rwx \"$DIR/$dest.key\"\n"
"	fi\n"
"\n"
"\n"
"\n"
"	if [ $rc != 0 ]; then\n"
"		echo \"openssl 'req' command failed\"\n"
"		rm -f \"$DIR/$dest.key\" \"$DIR/$dest.crt\" \"$DIR/$dest.req\"\n"
"		exit 1\n"
"	fi\n"
"}\n"
"\n"
"enc_key() {\n"
"	\n"
"	echo \"\"\n"
"	echo \"----------------------------------------------------------------------\"\n"
"	echo \"Do you want to protect the generated private key with a passphrase?\"\n"
"	echo \"Doing so will significantly decrease the chances someone could steal\"\n"
"	if [ \"x$type\" = \"xserver\" ]; then\n"
"	echo \"the key and pretend to be your x11vnc server.  The downside is it is\"\n"
"	else\n"
"	echo \"the key and pretend to be your VNC client.  The downside is it is\"\n"
"	fi\n"
"	echo \"inconvenient because you will have to supply the passphrase every\"\n"
"	if [ \"x$type\" = \"xserver\" ]; then\n"
"	echo \"time you start x11vnc using this key.\"\n"
"	else\n"
"	echo \"time you start the VNC viewer SSL tunnel using this key.\"\n"
"	fi\n"
"	echo \"\"\n"
"	printf \"Protect key with a passphrase?  [y]/n \"\n"
"	read x\n"
"	estr=\" *unencrypted*\"\n"
"	if [ \"x$ENCRYPT_ONLY\" != \"x\" ]; then\n"
"		target=\"$ENCRYPT_ONLY\"\n"
"	else\n"
"		target=\"$DIR/$dest.key\"\n"
"		bdir=`dirname \"$DIR/$dest.key\"`\n"
"		if [ ! -d \"$bdir\" ]; then\n"
"			direrror \"$bdir\"\n"
"		fi\n"
"	fi\n"
"	if [ \"x$x\" != \"xn\" ]; then\n"
"		\"$OPENSSL\" rsa -in \"$target\" -des3 -out \"$target\"\n"
"		if [ $? != 0 ]; then\n"
"			echo \"openssl 'rsa' command failed\"\n"
"			rm -f \"$DIR/$dest.key\" \"$DIR/$dest.crt\" \"$DIR/$dest.req\"\n"
"			exit 1\n"
"		fi\n"
"		estr=\" encrypted\"\n"
"	fi\n"
"	echo \"\"\n"
"}\n"
"\n"
"sign_key() {\n"
"	cd \"$DIR\" || exit 1\n"
"\n"
"	if [ \"x$self\" = \"x1\" ]; then\n"
"		:\n"
"	else\n"
"		if echo \"$name0\" | grep '^req:' > /dev/null; then\n"
"			echo \"\"\n"
"			echo \"----------------------------------------------------------------------\"\n"
"			echo \"Your x11vnc $type certificate request is:\"\n"
"			echo \"\"\n"
"			echo \"        $DIR/$dest.req\"\n"
"			echo \"\"\n"
"			echo \"   It may be sent to an external CA for signing, afterward you can\"\n"
"			echo \"   save the cert they send you in:\"\n"
"			echo \"\"\n"
"			echo \"        $DIR/$dest.crt\"\n"
"			echo \"\"\n"
"			echo \"Your$estr private x11vnc $type key is:\"\n"
"			echo \"\"\n"
"			echo \"        $DIR/$dest.key\"\n"
"			echo \"\"\n"
"			echo \"   You should combine it and the received cert in the file:\"\n"
"			echo \"\"\n"
"			echo \"        $DIR/$dest.pem\"\n"
"			echo \"\"\n"
"			echo \"   It will be needed by applications to identify themselves.\"\n"
"			echo \"   This file should be kept secret.\"\n"
"			echo \"----------------------------------------------------------------------\"\n"
"			echo \"\"\n"
"			printf \"Press Enter to print the $dest.req cert request to the screen: \"\n"
"			read x\n"
"			echo \"\"\n"
"			cat \"$DIR/$dest.req\"\n"
"			exit 0\n"
"		fi\n"
"		echo \"\"\n"
"		echo \"\"\n"
"		echo \"----------------------------------------------------------------------\"\n"
"		echo \"Now signing the new key with CA private key.  You will need to supply\"\n"
"		echo \"the CA key passphrase and reply \\\"y\\\" to sign and commit the key.\"\n"
"		echo \"\"\n"
"		\"$OPENSSL\" ca -config \"$cnf\" -policy policy_anything -notext \\\n"
"			-in  \"$DIR/$dest.req\" \\\n"
"			-out \"$DIR/$dest.crt\"\n"
"		if [ $? != 0 ]; then\n"
"			echo \"\"\n"
"			echo \"openssl 'ca' command failed\"\n"
"			echo \"\"\n"
"			echo \"  You may have a duplicate DN entry for this name in:\"\n"
"			echo \"\"\n"
"			echo \"          $DIR/CA/index.txt\"\n"
"			echo \"\"\n"
"			echo \"  remove the duplicate in that file and try again.\"\n"
"			echo \"\"\n"
"			rm -f \"$DIR/$dest.key\" \"$DIR/$dest.crt\" \"$DIR/$dest.req\"\n"
"			exit 1\n"
"		fi\n"
"	fi\n"
"\n"
"	cat  \"$DIR/$dest.key\"  \"$DIR/$dest.crt\" \\\n"
"		> \"$DIR/$dest.pem\" || exit 1 \n"
"\n"
"	make_HASH \"$DIR/$dest.crt\" 0\n"
"\n"
"	rm -f \"$DIR/$dest.key\" \"$DIR/$dest.req\" || exit 1\n"
"	chmod go-rwx \"$DIR/$dest.pem\" || exit 1\n"
"\n"
"	if [ \"x$type\" = \"xserver\" -o \"x$type\" = \"xclient\" ]; then\n"
"		echo \"\"\n"
"		echo \"----------------------------------------------------------------------\"\n"
"		echo \"Your public x11vnc $type cert is:\"\n"
"		echo \"\"\n"
"		echo \"        $DIR/$dest.crt\"\n"
"		echo \"\"\n"
"		echo \"   It may be copied to other machines / applications to be used for\"\n"
"		echo \"   authentication.  However, since it is signed with the x11vnc CA\"\n"
"		echo \"   key, all the applications need is the x11vnc CA certificate.\"\n"
"		echo \"\"\n"
"		echo \"Your$estr private x11vnc $type key is:\"\n"
"		echo \"\"\n"
"		echo \"        $DIR/$dest.pem\"\n"
"		echo \"\"\n"
"		echo \"   It will be needed by applications to identify themselves.\"\n"
"		echo \"   This file should be kept secret.\"\n"
"		echo \"----------------------------------------------------------------------\"\n"
"		echo \"\"\n"
"	fi\n"
"\n"
"	printf \"Press Enter to print the $dest.crt certificate to the screen: \"\n"
"	read x\n"
"	echo \"\"\n"
"	cat \"$DIR/$dest.crt\"\n"
"}\n"
"\n"
"DIR=$BASE_DIR\n"
"if [ \"x$DIR\" = \"x\" ]; then\n"
"        DIR=\"$HOME/dotkjr_vnc/certs\"\n"
"fi\n"
"if echo \"$DIR\" | grep '^/' > /dev/null; then\n"
"	:\n"
"else\n"
"	DIR=\"`pwd`/$DIR\"\n"
"fi\n"
"\n"
"if [ \"x$HASHON\" != \"x\" ]; then\n"
"	for dir in \"$DIR/HASH\" \"$DIR/clients/HASH\"\n"
"	do\n"
"		if [ -d \"$dir\" ]; then\n"
"			rm -rf \"$dir\"\n"
"		fi\n"
"	done\n"
"	dir=\"$DIR/HASH\"\n"
"	mkdir -p \"$dir\" || exit 1\n"
"	dir=\"$DIR/clients/HASH\"\n"
"	mkdir -p \"$dir\" || exit 1\n"
"	HASH_verbose=1\n"
"	for f in \"$DIR\"/*.crt \"$DIR\"/clients/*.crt\n"
"	do\n"
"		if [ -f \"$f\" ]; then\n"
"			make_HASH \"$f\" 0\n"
"		fi\n"
"	done\n"
"	exit\n"
"fi\n"
"if [ \"x$HASHOFF\" != \"x\" ]; then\n"
"	dir=\"$DIR/HASH\"\n"
"	for dir in \"$DIR/HASH\" \"$DIR/clients/HASH\"\n"
"	do\n"
"		if [ -d \"$dir\" ]; then\n"
"			for f in \"$dir\"/*\n"
"			do\n"
"				if [ -f \"$f\" ]; then\n"
"					echo \"deleting: $f\"\n"
"					rm -f \"$f\"\n"
"				fi\n"
"			done\n"
"			rm -rf \"$dir\"\n"
"		fi\n"
"	done\n"
"	exit\n"
"fi\n"
"\n"
"PATH=/usr/bin:/bin:/usr/sbin:$PATH; export PATH\n"
"if [ \"x$OPENSSL\" = \"x\" ]; then\n"
"        OPENSSL=\"openssl\"\n"
"fi\n"
"\n"
"type \"$OPENSSL\" > /dev/null	|| exit 1\n"
"\n"
"self=\"\"\n"
"if [ \"x$SELF\" != \"x\" ]; then\n"
"	self=1\n"
"elif [ \"x$1\" = \"x-self\" ]; then\n"
"	shift\n"
"	self=1\n"
"fi\n"
"\n"
"if [ \"x$TYPE\" != \"x\" ]; then\n"
"	type=\"$TYPE\"\n"
"else\n"
"	if [ \"X$1\" != \"X\" ]; then\n"
"		type=\"$1\"\n"
"		shift\n"
"	fi\n"
"fi\n"
"if [ \"x$NAME\" != \"x\" ]; then\n"
"	name=\"$NAME\"\n"
"else\n"
"	if [ \"X$1\" != \"X\" ]; then\n"
"		name=\"$1\"\n"
"		shift\n"
"	fi\n"
"fi\n"
"\n"
"if echo \"$name\" | grep '^self:' > /dev/null; then\n"
"	self=1\n"
"fi\n"
"\n"
"if [ \"x$type\" = \"xserver\" ]; then\n"
"	name0=\"$name\"\n"
"	if echo \"$name\" | grep '^-' > /dev/null; then\n"
"		:\n"
"	elif [ \"x$name\" != \"x\" ]; then\n"
"		name=\"-$name\";\n"
"	fi\n"
"	dest=\"server$name\"\n"
"elif [ \"x$type\" = \"xclient\" ]; then\n"
"	if [ \"x$name\" = \"x\" ]; then\n"
"		name=\"nobody\"\n"
"	fi\n"
"	name0=\"$name\"\n"
"	dest=\"clients/$name\"\n"
"else\n"
"	exit 1\n"
"fi\n"
"\n"
"#set -xv\n"
"\n"
"if [ \"x$INFO_ONLY\" != \"x\" ]; then\n"
"	echo \"\"\n"
"	echo \"VNC Certificate file:\"\n"
"	echo \"	$INFO_ONLY\"\n"
"	echo \"\"\n"
"	\"$OPENSSL\" x509 -text -in \"$INFO_ONLY\"\n"
"	exit \n"
"elif [ \"x$DELETE_ONLY\" != \"x\" ]; then\n"
"	echo \"\"\n"
"	echo \"VNC Certificate file:\"\n"
"	echo \"	$DELETE_ONLY\"\n"
"	echo \"\"\n"
"	\n"
"	base=`echo \"$DELETE_ONLY\" | sed -e 's/\\....$//'`\n"
"	for suff in crt pem key req\n"
"	do\n"
"		try=\"$base.$suff\"\n"
"		if [ -f \"$try\" ]; then\n"
"			make_HASH \"$try\" 1\n"
"			rm -i \"$try\"\n"
"		fi\n"
"	done\n"
"	if echo \"$base\" | grep 'CA/cacert$' > /dev/null; then\n"
"		base2=`echo \"$base\" | sed -e 's,cacert$,private/cakey,'`\n"
"	else\n"
"		echo \"\"\n"
"		exit\n"
"	fi\n"
"	echo \"\"\n"
"	for suff in crt pem key req\n"
"	do\n"
"		try=\"$base2.$suff\"\n"
"		if [ -f \"$try\" ]; then\n"
"			make_HASH \"$try\" 1\n"
"			rm -i \"$try\"\n"
"		fi\n"
"	done\n"
"	echo \"\"\n"
"	exit \n"
"elif [ \"x$ENCRYPT_ONLY\" != \"x\" ]; then\n"
"	if [ \"x$type\" = \"x\" ]; then\n"
"		type=\"server\"\n"
"	fi\n"
"	echo \"\"\n"
"	echo \"Key PEM file:\"\n"
"	echo \"	$ENCRYPT_ONLY\"\n"
"	enc_key\n"
"	exit\n"
"fi\n"
"\n"
"if [ ! -d \"$DIR/tmp\" ]; then\n"
"	direrror \"$DIR/tmp\"\n"
"fi\n"
"bdir=`dirname \"$DIR/$dest.key\"`\n"
"if [ ! -d \"$bdir\" ]; then\n"
"	direrror \"$bdir\"\n"
"fi\n"
"if [ ! -f \"$DIR/CA/cacert.pem\" ]; then\n"
"	direrror \"$DIR/CA/cacert.pem\"\n"
"fi\n"
"\n"
"create_key\n"
"enc_key\n"
"sign_key\n"
;

char find_display[] = 
"#!/bin/sh\n"
"#\n"
"# Script for use in -display WAIT:cmd=FINDDISPLAY -unixpw mode.\n"
"# Attempts to find 1) DISPLAY and 2) XAUTH data for the user and\n"
"# returns them to caller.\n"
"#\n"
"# The idea is this script is run via su - user -c ... and returns\n"
"# display + xauth info to caller (x11vnc running as root or nobody).\n"
"# x11vnc then uses the info to open the display.\n"
"#\n"
"\n"
"FIND_DISPLAY_OUTPUT=/tmp/fdo.txt\n"
"if [ \"X$FIND_DISPLAY_OUTPUT\" != \"X\" ]; then\n"
"	if [ \"X$FIND_DISPLAY_EXEC\" = \"X\" ]; then\n"
"		FIND_DISPLAY_EXEC=1\n"
"		export FIND_DISPLAY_EXEC\n"
"		if [ \"X$FIND_DISPLAY_OUTPUT\" != \"X\" ]; then\n"
"			/bin/sh $0 \"$@\" 2> $FIND_DISPLAY_OUTPUT\n"
"		else\n"
"			/bin/sh $0 \"$@\" 2> /dev/null\n"
"		fi\n"
"		exit $?\n"
"	fi\n"
"fi\n"
"\n"
"if [ \"X$FIND_DISPLAY_OUTPUT\" != \"X\" ]; then\n"
"	set -xv\n"
"fi\n"
"\n"
"#env; set -xv\n"
"PATH=$PATH:/bin:/usr/bin:/usr/X11R6/bin:/usr/bin/X11:/usr/openwin/bin:/usr/ucb\n"
"export PATH\n"
"\n"
"# -n means no xauth, -f prescribes file to use.\n"
"showxauth=1\n"
"if [ \"X$1\" = \"X-n\" ]; then\n"
"	showxauth=\"\"\n"
"	shift\n"
"fi\n"
"if [ \"X$1\" = \"X-f\" ]; then\n"
"	shift\n"
"	if [ ! -r $1 ]; then\n"
"		echo \"\"\n"
"		exit 1\n"
"	fi\n"
"	export XAUTHORITY=\"$1\"\n"
"	shift\n"
"fi\n"
"\n"
"user=\"$1\"			# cmd line arg takes precedence\n"
"if [ \"X$user\" = \"X\" ]; then\n"
"	user=$X11VNC_USER	# then X11VNC_USER\n"
"fi\n"
"if [ \"X$user\" = \"X\" ]; then\n"
"	user=$USER		# then USER\n"
"fi\n"
"if [ \"X$user\" = \"X\" ]; then\n"
"	user=$LOGNAME		# then LOGNAME\n"
"fi\n"
"if [ \"X$user\" = \"X\" ]; then\n"
"	user=`whoami 2>/dev/null`	# desperation whoami\n"
"fi\n"
"if [ \"X$user\" = \"X\" ]; then\n"
"	echo \"\"		# failure\n"
"	exit 1\n"
"fi\n"
"\n"
"# Now try to match X DISPLAY to user:\n"
"\n"
"# who(1) output column 2:\n"
"display=`who | grep \"^${user}[ 	][ 	]*:[0-9]\" | head -1 \\\n"
"    | awk '{print $2}'`\n"
"\n"
"if [ \"X$display\" = \"X\" ]; then\n"
"	# who(1) output, last column:\n"
"	display=`who | grep \"^${user}[ 	]\" | awk '{print $NF}' \\\n"
"	    | grep '(:[0-9]' | sed -e 's/[()]//g' | head -1`\n"
"	if [ \"X$display\" = \"X\" ]; then\n"
"		if [ \"X$X11VNC_FINDDISPLAY_SKIP_XAUTH\" != \"X\" ]; then\n"
"			echo \"\"		# failure\n"
"			exit 1\n"
"		fi\n"
"		# loop over xauth list items machine ^hostname/unix:N\n"
"		host=`hostname | sed -e 's/\\..*$//'`\n"
"		tries1=\"\"\n"
"		tries2=\"\"\n"
"		for d in `xauth list | awk '{print $1}' | grep /unix \\\n"
"		    | grep \"^${host}\" | sed -e 's/^.*://' | sort -n | uniq`\n"
"		do\n"
"			if [ -e \"/tmp/.X$d-lock\" -o -e \"/tmp/.X11-unix/X$d\" ]; then\n"
"				tries1=\"$tries1 $d\"\n"
"			else\n"
"				# these are often ssh X redirs so try them last or skip:\n"
"				#tries2=\"$tries2 $d\"\n"
"				:\n"
"			fi\n"
"		done\n"
"		\n"
"\n"
"		for d in $tries1 $tries2\n"
"		do\n"
"			xdpyinfo -display \":$d\" >/dev/null 2>&1\n"
"			if [ $? = 0 ]; then\n"
"				# try again with no authority:\n"
"				env XAUTHORITY=/dev/null xdpyinfo \\\n"
"				    -display \":$d\" >/dev/null 2>&1\n"
"				# 0 means got in for free... skip it.\n"
"				if [ $? != 0 ]; then\n"
"					# keep it\n"
"					display=\":$d\"\n"
"					break\n"
"				fi\n"
"			fi\n"
"		done\n"
"		if [ \"X$display\" = \"X\" ]; then\n"
"			echo \"\"		# failure\n"
"			exit 1\n"
"		fi\n"
"	fi\n"
"fi\n"
"\n"
"chvt=\"\"\n"
"if [ \"X`uname`\" = \"XLinux\" ]; then\n"
"	vt=`ps wwwwwaux | grep X | egrep -v 'startx|xinit' | grep \" $display \" | egrep ' vt([789]|[1-9][0-9][0-9]*) ' | grep -v grep | head -1`\n"
"	if [ \"X$vt\" != \"X\" ]; then\n"
"		vt=`echo \"$vt\" | sed -e 's/^.* vt\\([0-9][0-9]*\\) .*$/\\1/'`\n"
"		if echo \"$vt\" | grep '^[0-9][0-9]*$' > /dev/null; then\n"
"			chvt=\",VT=$vt\"\n"
"		fi\n"
"	else\n"
"		vt=`ps wwwwwaux | grep X | grep \" $display \" | egrep ' tty([789]|[1-9][0-9][0-9]*) ' | grep -v grep | head -1`\n"
"		if [ \"X$vt\" != \"X\" ]; then\n"
"			vt=`echo \"$vt\" | sed -e 's/^.* tty\\([0-9][0-9]*\\) .*$/\\1/'`\n"
"			if echo \"$vt\" | grep '^[0-9][0-9]*$' > /dev/null; then\n"
"				chvt=\",VT=$vt\"\n"
"			fi\n"
"		fi\n"
"	fi\n"
"fi\n"
"\n"
"echo \"DISPLAY=$display$chvt\"\n"
"if [ \"X$showxauth\" != \"X\" ]; then\n"
"	xauth extract - \"$display\" 2>/dev/null\n"
"fi\n"
"\n"
"\n"
"exit 0\n"
;

char create_display[] = 
"#!/bin/sh\n"
"\n"
"#CREATE_DISPLAY_OUTPUT=/tmp/cdo.txt\n"
"if [ \"X$CREATE_DISPLAY_EXEC\" = \"X\" ]; then\n"
"	CREATE_DISPLAY_EXEC=1\n"
"	export CREATE_DISPLAY_EXEC\n"
"	if [ \"X$CREATE_DISPLAY_OUTPUT\" != \"X\" ]; then\n"
"		/bin/sh $0 \"$@\" 2> $CREATE_DISPLAY_OUTPUT\n"
"	else\n"
"		/bin/sh $0 \"$@\" 2> /dev/null\n"
"	fi\n"
"	exit $?\n"
"fi\n"
"\n"
"if [ \"X$CREATE_DISPLAY_OUTPUT\" != \"X\" ]; then\n"
"	set -xv\n"
"fi\n"
"\n"
"findfree() {\n"
"	try=20\n"
"	n=\"\"\n"
"	while [ $try -lt 99 ]\n"
"	do\n"
"		if [ ! -e \"/tmp/.X${try}-lock\" ]; then\n"
"			n=$try\n"
"			break\n"
"		fi\n"
"		try=`expr $try + 1`\n"
"	done\n"
"	echo \"$n\"\n"
"}\n"
"\n"
"findsession() {\n"
"	if [ \"X$session\" != \"X\" ]; then\n"
"		echo \"$session\"\n"
"		return\n"
"	fi\n"
"	home=`csh -f -c \"echo ~$USER\"`\n"
"	if [ \"X$home\" = \"X\" -o ! -d \"$home\" ]; then\n"
"		if [ \"X$have_root\" != \"X\" -a \"X$USER\" != \"Xroot\" ]; then\n"
"			home=`su - $USER -c 'echo $HOME'`\n"
"		fi\n"
"	fi\n"
"	if [ \"X$home\" = \"X\" -o ! -d \"$home\" ]; then\n"
"		if [ -d \"/home/$USER\" ]; then\n"
"			home=\"/home/$USER\"\n"
"		else \n"
"			home=__noplace__\n"
"		fi\n"
"	fi\n"
"	if [ -f \"$home/.xsession\" ]; then\n"
"		echo \"$home/.xsession\"\n"
"		return\n"
"	elif [ -f \"$home/.xinitrc\" ]; then\n"
"		echo \"$home/.xinitrc\"\n"
"		return\n"
"	fi\n"
"	if [ -f \"$home/.dmrc\" ]; then\n"
"		if [ \"X$have_startkde\" != \"X\" ]; then\n"
"			if egrep -i 'Session=(default|kde)' \"$home/.dmrc\" > /dev/null; then\n"
"				echo \"$have_startkde\"\n"
"				return\n"
"			fi\n"
"		fi\n"
"		if [ \"X$have_gnome_session\" != \"X\" ]; then\n"
"			if egrep -i 'Session=gnome' \"$home/.dmrc\" > /dev/null; then\n"
"				echo \"$have_gnome_session\"\n"
"				return\n"
"			fi\n"
"		fi\n"
"		for wm in blackbox fvwm icewm wmw openbox twm windowmaker metacity\n"
"		do\n"
"			eval \"have=\\$have_$wm\"\n"
"			if [ \"X$have\" = \"X\" ]; then\n"
"				continue\n"
"			fi\n"
"			if grep -i \"Session=$wm\" \"$home/.dmrc\" > /dev/null; then\n"
"				echo \"$have\"\n"
"				return\n"
"			fi\n"
"			\n"
"		done\n"
"	fi\n"
"	if [ \"X$have_xterm\" != \"X\" ]; then\n"
"		echo $have_xterm\n"
"		return\n"
"	else\n"
"		echo \".xinitrc\"\n"
"	fi\n"
"}\n"
"\n"
"server() {\n"
"	authfile=`auth`\n"
"	sess=`findsession`\n"
"	DISPLAY=:$N\n"
"	export DISPLAY\n"
"	stmp=\"\"\n"
"	if [ \"X$have_root\" != \"X\" -a \"X$USER\" != \"Xroot\" ]; then\n"
"		sess=\"env DISPLAY=:$N $sess\"\n"
"	fi\n"
"	if echo \"$sess\" | grep '[ 	]' > /dev/null; then\n"
"		stmp=/tmp/.cd$$\n"
"		rm -f $stmp\n"
"		touch $stmp\n"
"		chmod 755 $stmp\n"
"		echo \"#!/bin/sh\" > $stmp\n"
"		echo \"$sess\"   >> $stmp\n"
"		echo \"sleep 1\"   >> $stmp\n"
"		echo \"rm -f $stmp\" >> $stmp\n"
"		sess=$stmp\n"
"	fi\n"
"	if [ \"X$have_root\" != \"X\" -a \"X$USER\" != \"Xroot\" ]; then\n"
"		ctmp=\"/tmp/.xa.$$\"\n"
"		touch $ctmp\n"
"		chmod 644 $ctmp\n"
"		$have_xauth -f $authfile nextract - :$N > $ctmp\n"
"		su - $USER -c \"$have_xauth nmerge - < $ctmp\" 1>&2\n"
"		$have_xauth -f $authfile nextract - `hostname`:$N > $ctmp\n"
"		su - $USER -c \"$have_xauth nmerge - < $ctmp\" 1>&2\n"
"		rm -f $ctmp\n"
"		XAUTHORITY=$authfile\n"
"		export XAUTHORITY\n"
"		sess=\"/bin/su - $USER -c $sess\"\n"
"	else\n"
"		$have_xauth -f $authfile nextract - :$N | $have_xauth nmerge -\n"
"		$have_xauth -f $authfile nextract - `hostname`:$N | $have_xauth nmerge -\n"
"	fi\n"
"	\n"
"	if [ \"X$have_startx\" != \"X\" ]; then\n"
"		echo \"$have_startx $sess -- $* -auth $authfile\" 1>&2\n"
"		$have_startx $sess -- $* -auth $authfile 1>&2 &\n"
"		pid=$!\n"
"	elif [ \"X$have_xinit\" != \"X\" ]; then\n"
"		echo \"$have_xinit $sess -- $* -auth $authfile\" 1>&2\n"
"		$have_xinit $sess -- $* -auth $authfile 1>&2 &\n"
"		pid=$!\n"
"	else\n"
"		echo \"$*\"\n"
"		nohup $* 1>&2 &\n"
"		pid=$!\n"
"		nohup $sess 1>&2 &\n"
"	fi\n"
"	sleep 4\n"
"	if kill -0 $pid; then\n"
"		result=1\n"
"	else\n"
"		result=0\n"
"	fi\n"
"	#(sleep 120; rm -f $authfile) &\n"
"}\n"
"\n"
"try_X() {\n"
"	if [ \"X$have_xinit\" != \"X\" ]; then\n"
"		save_have_startx=$have_startx\n"
"		have_startx=\"\"\n"
"		server :$N\n"
"		have_startx=$save_have_startx\n"
"	fi\n"
"}\n"
"\n"
"try_Xdummy() {\n"
"	if [ \"X$have_Xdummy\" = \"X\" ]; then\n"
"		return\n"
"	fi\n"
"	if [ \"X$have_root\" = \"X\" ]; then\n"
"		return\n"
"	fi\n"
"\n"
"	#save_have_startx=$have_startx\n"
"	#have_startx=\"\"\n"
"	server $have_Xdummy :$N -geom $geom -depth $depth\n"
"	#have_startx=$save_have_startx\n"
"}\n"
"\n"
"try_Xvfb() {\n"
"	if [ \"X$have_Xvfb\" = \"X\" ]; then\n"
"		return\n"
"	fi\n"
"\n"
"	#save_have_startx=$have_startx\n"
"	#have_startx=\"\"\n"
"	server $have_Xvfb :$N -screen 0 ${geom}x${depth}\n"
"	#have_startx=$save_have_startx\n"
"\n"
"	if [ \"X$result\" = \"X1\" -a \"X$have_xmodmap\" != \"X\" ]; then\n"
"	    (\n"
"		sleep 1; $have_xmodmap -display :$N -e \"keycode any = Shift_R\" \n"
"		sleep 1; $have_xmodmap -display :$N -e \"add Shift = Shift_L Shift_R\" \n"
"		sleep 1; $have_xmodmap -display :$N -e \"keycode any = Control_R\" \n"
"		sleep 1; $have_xmodmap -display :$N -e \"add Control = Control_L Control_R\" \n"
"		sleep 1; $have_xmodmap -display :$N -e \"keycode any = Alt_L\" \n"
"		sleep 1; $have_xmodmap -display :$N -e \"keycode any = Alt_R\" \n"
"		sleep 1; $have_xmodmap -display :$N -e \"keycode any = Meta_L\" \n"
"		sleep 1; $have_xmodmap -display :$N -e \"clear Mod1\" \n"
"		sleep 1; $have_xmodmap -display :$N -e \"add Mod1 = Alt_L Alt_R Meta_L\" \n"
"	    ) 1>&2 &\n"
"	fi\n"
"}\n"
"\n"
"cookie() {\n"
"	cookie=\"\"\n"
"	if [ \"X$have_mcookie\" != \"X\" ]; then\n"
"		cookie=`mcookie`\n"
"	elif [ \"X$have_md5sum\" != \"X\" ]; then\n"
"		if [ -e /dev/urandom ]; then\n"
"			cookie=`dd if=/dev/urandom count=32 2>/dev/null | md5sum | awk '{print $1}'`\n"
"		elif [ -e /dev/random ]; then\n"
"			cookie=`dd if=/dev/random count=32 2>/dev/null | md5sum | awk '{print $1}'`\n"
"		fi\n"
"		if [ \"X$cookie\" = \"X\" ]; then\n"
"			cookie=`(echo $RANDOM; date; uptime; ps -ealf 2>&1) | md5sum | awk '{print $1}'`\n"
"		fi\n"
"	elif [ \"X$have_xauth\" != \"X\" ]; then\n"
"		cookie=`$have_xauth list | awk '{print $NF}' | tail -1`\n"
"	fi\n"
"	if [ \"X$cookie\" = \"X\" ]; then\n"
"		# oh well..\n"
"		cookie=$cookie`printf \"%08x\" \"$RANDOM$$\"`\n"
"		cookie=$cookie`printf \"%08x\" \"$RANDOM$$\"`\n"
"		cookie=$cookie`printf \"%08x\" \"$RANDOM$$\"`\n"
"		cookie=$cookie`printf \"%08x\" \"$RANDOM$$\"`\n"
"	fi\n"
"	echo \"$cookie\"\n"
"}\n"
"\n"
"auth() {\n"
"	if [ \"X$have_xauth\" = \"X\" ]; then\n"
"		exit 1\n"
"	fi\n"
"	tmp=\"/tmp/.xauth$$$RANDOM\"\n"
"	rm -f $tmp\n"
"	touch $tmp\n"
"	chmod 600 $tmp\n"
"	if [ ! -f $tmp ]; then\n"
"		exit 1\n"
"	fi\n"
"	cook=`cookie`\n"
"	$have_xauth -f $tmp add :$N . $cook  1>&2\n"
"	$have_xauth -f $tmp add `hostname`:$N . $cook  1>&2\n"
"	echo \"$tmp\"\n"
"}\n"
"\n"
"\n"
"depth=${depth:-16}\n"
"geom=${geom:-1280x1024}\n"
"\n"
"N=`findfree`\n"
"\n"
"if [ \"X$N\" = \"X\" ]; then\n"
"	exit 1\n"
"fi\n"
"echo \"trying N=$N ...\" 1>&2\n"
"\n"
"if [ \"X$USER\" = \"X\" ]; then\n"
"	USER=$LOGNAME\n"
"fi\n"
"if [ \"X$USER\" = \"X\" ]; then\n"
"	USER=`whoami`\n"
"fi\n"
"\n"
"PATH=$PATH:/usr/X11R6/bin:/usr/bin/X11:/usr/openwin/bin:/usr/dt/bin:/opt/kde3/bin:/opt/gnome/bin:/usr/bin:/bin\n"
"\n"
"have_root=\"\"\n"
"id0=`id`\n"
"if id | grep -w root > /dev/null; then\n"
"	have_root=\"1\"\n"
"fi\n"
"\n"
"for prog in startx xinit xdm gdm kdm xterm Xdummy Xvfb xauth mcookie md5sum xmodmap startkde gnome-session blackbox fvwm mwm openbox twm windowmaker metacity\n"
"do\n"
"	p2=`echo \"$prog\" | sed -e 's/-/_/g'`\n"
"	eval \"have_$p2=''\"\n"
"	if type $prog > /dev/null 2>&1; then\n"
"		eval \"have_$p2=`which $prog`\"\n"
"	fi\n"
"done\n"
"\n"
"if [ \"X$CREATE_DISPLAY_OUTPUT\" != \"X\" ]; then\n"
"	set | grep ^have_ 1>&2\n"
"fi\n"
"\n"
"TRY=\"$1\"\n"
"if [ \"X$TRY\" = \"X\" ]; then\n"
"	TRY=Xdummy,Xvfb\n"
"fi\n"
"\n"
"for curr_try in `echo \"$TRY\" | tr ',' ' '`\n"
"do\n"
"	result=0\n"
"	if echo \"$curr_try\" | grep -iw \"Xdummy\" > /dev/null; then\n"
"		try_Xdummy\n"
"	elif echo \"$curr_try\" | grep -iw \"Xvfb\" > /dev/null; then\n"
"		try_Xvfb\n"
"	elif echo \"$curr_try\" | grep -iw \"X\" > /dev/null; then\n"
"		try_X\n"
"	fi\n"
"	if [ \"X$result\" = \"X1\" ]; then\n"
"		echo \"DISPLAY=:$N\"\n"
"		$have_xauth -f $authfile extract - :$N\n"
"		exit 0\n"
"	fi\n"
"done\n"
"\n"
"exit 1\n"
;

#endif /* _SSLTOOLS_H */