ss_vncviewer 62 KB
Newer Older
runge's avatar
runge committed
1 2
#!/bin/sh
#
runge's avatar
runge committed
3 4
# ss_vncviewer:  wrapper for vncviewer to use an stunnel SSL tunnel
#                or an SSH tunnel.
runge's avatar
runge committed
5
#
6
# Copyright (c) 2006-2008 by Karl J. Runge <runge@karlrunge.com>
runge's avatar
runge committed
7 8 9 10 11 12 13 14 15 16
#
# You must have stunnel(8) installed on the system and in your PATH
# (however, see the -ssh option below, in which case you will need ssh(1)
# installed)  Note: stunnel is usually installed in an "sbin" subdirectory.
#
# You should have "x11vnc -ssl ..." or "x11vnc -stunnel ..." 
# already running as the VNC server on the remote machine.
# (or use stunnel on the server side for any other VNC server)
#
#
runge's avatar
runge committed
17
# Usage: ss_vncviewer [cert-args] host:display <vncviewer-args>
runge's avatar
runge committed
18
#
runge's avatar
runge committed
19 20
# e.g.:  ss_vncviewer snoopy:0
#        ss_vncviewer snoopy:0 -encodings "copyrect tight zrle hextile"
runge's avatar
runge committed
21 22 23 24 25
#
# [cert-args] can be:
#
#	-verify /path/to/cacert.pem		
#	-mycert /path/to/mycert.pem		
26
#	-crl    /path/to/my_crl.pem  (or directory)
runge's avatar
runge committed
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
#	-proxy  host:port
#
# -verify specifies a CA cert PEM file (or a self-signed one) for
#         authenticating the VNC server.
#
# -mycert specifies this client's cert+key PEM file for the VNC server to
#	  authenticate this client. 
#
# -proxy  try host:port as a Web proxy to use the CONNECT method
#         to reach the VNC server (e.g. your firewall requires a proxy).
#
#         For the "double proxy" case use -proxy host1:port1,host2:port2
#         (the first CONNECT is done through host1:port1 to host2:port2
#         and then a 2nd CONNECT to the destination VNC server.)
#
42
#         Use socks://host:port, socks4://host:port, or socks5://host,port
43 44
#         to force usage of a SOCKS proxy.  Also repeater://host:port and
#         sslrepeater://host:port.
45
#
runge's avatar
runge committed
46 47 48
# -showcert  Only fetch the certificate using the 'openssl s_client'
#            command (openssl(1) must in installed).
#
49 50
#    See http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-ca for details on
#    SSL certificates with VNC.
runge's avatar
runge committed
51 52 53
#
# A few other args (not related to SSL and certs):
#
54 55
# -2nd    Run the vncviewer a 2nd time if the first connections fails.
#
runge's avatar
runge committed
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81
# -ssh    Use ssh instead of stunnel SSL.  ssh(1) must be installed and you
#         must be able to log into the remote machine via ssh.
#
#         In this case "host:display" may be of the form "user@host:display"
#         where "user@host" is used for the ssh login (see ssh(1) manpage).
#
#         If -proxy is supplied it can be of the forms: "gwhost" "gwhost:port"
#         "user@gwhost" or "user@gwhost:port".  "gwhost" is an incoming ssh 
#         gateway machine (the VNC server is not running there), an ssh -L
#         redir is used to "host" in "host:display" from "gwhost". Any "user@"
#         part must be in the -proxy string (not in "host:display").
#
#         Under -proxy use "gwhost:port" if connecting to any ssh port
#         other than the default (22).  (even for the non-gateway case,
#         -proxy must be used to specify a non-standard ssh port)
#
#         A "double ssh" can be specified via a -proxy string with the two
#         hosts separated by a comma:
#
#             [user1@]host1[:port1],[user2@]host2[:port2]
#
#         in which case a ssh to host1 and thru it via a -L redir a 2nd
#         ssh is established to host2.  
#
#         Examples:
#
runge's avatar
runge committed
82 83
#         ss_vncviewer -ssh bob@bobs-home.net:0
#         ss_vncviewer -ssh -sshcmd 'x11vnc -localhost' bob@bobs-home.net:0
runge's avatar
runge committed
84
#
runge's avatar
runge committed
85 86
#         ss_vncviewer -ssh -proxy fred@mygate.com:2022 mymachine:0
#         ss_vncviewer -ssh -proxy bob@bobs-home.net:2222 localhost:0
runge's avatar
runge committed
87
#
runge's avatar
runge committed
88
#         ss_vncviewer -ssh -proxy fred@gw-host,fred@peecee localhost:0
runge's avatar
runge committed
89 90 91 92 93 94 95 96 97 98 99 100 101
#
# -sshcmd cmd   Run "cmd" via ssh instead of the default "sleep 15"
#               e.g. -sshcmd 'x11vnc -display :0 -localhost -rfbport 5900'
#
# -sshargs "args"  pass "args" to the ssh process, e.g. -L/-R port redirs.
#
# -sshssl Tunnel the SSL connection thru a SSH connection.  The tunnel as
#         under -ssh is set up and the SSL connection goes thru it.  Use
#         this if you want to have and end-to-end SSL connection but must
#         go thru a SSH gateway host (e.g. not the vnc server).  Or use
#         this if you need to tunnel additional services via -R and -L 
#         (see -sshargs above).
#
runge's avatar
runge committed
102
#         ss_vncviewer -sshssl -proxy fred@mygate.com mymachine:0
runge's avatar
runge committed
103
#
104
# -listen (or -reverse) set up a reverse connection.
runge's avatar
runge committed
105 106 107 108 109 110 111 112 113 114 115 116 117
#
# -alpha  turn on cursor alphablending hack if you are using the
#         enhanced tightvnc vncviewer.
#
# -grab   turn on XGrabServer hack if you are using the enhanced tightvnc
#         vncviewer (e.g. for fullscreen mode in some windowmanagers like
#         fvwm that do not otherwise work in fullscreen mode)
#
#
# set VNCVIEWERCMD to whatever vncviewer command you want to use.
#
VNCIPCMD=${VNCVIEWERCMD:-vncip}
VNCVIEWERCMD=${VNCVIEWERCMD:-vncviewer}
118 119 120 121 122 123 124 125 126
if [ "X$SSVNC_TURBOVNC" != "X" ]; then
	if echo "$VNCVIEWERCMD" | grep '\.turbovnc' > /dev/null; then
		:
	else
		if type "$VNCVIEWERCMD.turbovnc" > /dev/null 2>/dev/null; then
			VNCVIEWERCMD="$VNCVIEWERCMD.turbovnc"
		fi
	fi
fi
runge's avatar
runge committed
127 128 129 130
#
# Same for STUNNEL, e.g. set it to /path/to/stunnel or stunnel4, etc.
#

131
# turn on verbose debugging output
runge's avatar
runge committed
132 133 134
if [ "X$SS_DEBUG" != "X" ]; then
	set -xv 
fi
135

runge's avatar
runge committed
136 137
PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH

138 139 140 141 142 143
localhost="localhost"
if uname | grep Darwin >/dev/null; then
	localhost="127.0.0.1"
fi

# work out which stunnel to use (debian installs as stunnel4)
144
stunnel_set_here=""
runge's avatar
runge committed
145
if [ "X$STUNNEL" = "X" ]; then
146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163
	check_stunnel=1
	if [ "X$SSVNC_BASEDIRNAME" != "X" ]; then
		if [ -x "$SSVNC_BASEDIRNAME/stunnel" ]; then
			type stunnel > /dev/null 2>&1
			if [ $? = 0 ]; then
				# found ours
				STUNNEL=stunnel
				check_stunnel=0
			fi
		fi
	fi
	if [ "X$check_stunnel" = "X1" ]; then
		type stunnel4 > /dev/null 2>&1
		if [ $? = 0 ]; then
			STUNNEL=stunnel4
		else
			STUNNEL=stunnel
		fi
runge's avatar
runge committed
164
	fi
165
	stunnel_set_here=1
runge's avatar
runge committed
166 167 168
fi

help() {
169
	tail -n +2 "$0" | sed -e '/^$/ q'
runge's avatar
runge committed
170 171
}

172
secondtry=""
runge's avatar
runge committed
173 174 175 176 177
gotalpha=""
use_ssh=""
use_sshssl=""
direct_connect=""
ssh_sleep=15
178 179

# sleep longer in -listen mode:
180 181 182
if echo "$*" | grep '.*-listen' > /dev/null; then
	ssh_sleep=1800
fi
183 184


185
ssh_cmd=""
186
# env override of ssh_cmd:
runge's avatar
runge committed
187 188
if [ "X$SS_VNCVIEWER_SSH_CMD" != "X" ]; then
	ssh_cmd="$SS_VNCVIEWER_SSH_CMD"
runge's avatar
runge committed
189
fi
190

runge's avatar
runge committed
191
ssh_args=""
runge's avatar
runge committed
192
showcert=""
193
reverse=""
runge's avatar
runge committed
194

195 196
ciphers=""
anondh="ALL:RC4+RSA:+SSLv2:@STRENGTH"
197 198 199 200 201
anondh_set=""
stunnel_debug="6"
if [ "X$SS_DEBUG" != "X" -o "X$SSVNC_VENCRYPT_DEBUG" != "X" -o "X$SSVNC_STUNNEL_DEBUG" != "X" ]; then
	stunnel_debug="7"
fi
202

runge's avatar
runge committed
203
if [ "X$1" = "X-viewerflavor" ]; then
204 205
	# special case, try to guess which viewer:
	#
runge's avatar
runge committed
206 207 208 209
	if echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then
		echo "unknown"
		exit 0
	fi
runge's avatar
runge committed
210 211 212 213
	if echo "$VNCVIEWERCMD" | grep -i chicken.of > /dev/null; then
		echo "cotvnc"
		exit 0
	fi
runge's avatar
runge committed
214 215 216 217
	if echo "$VNCVIEWERCMD" | grep -i ultra > /dev/null; then
		echo "ultravnc"
		exit 0
	fi
218
	# OK, run it for help output...
219
	str=`$VNCVIEWERCMD -h 2>&1 | head -n 5`
runge's avatar
runge committed
220 221 222 223 224 225 226 227 228 229 230
	if echo "$str" | grep -i 'TightVNC.viewer' > /dev/null; then
		echo "tightvnc"
	elif echo "$str" | grep -i 'RealVNC.Ltd' > /dev/null; then
		echo "realvnc4"
	elif echo "$str" | grep -i 'VNC viewer version 3' > /dev/null; then
		echo "realvnc3"
	else
		echo "unknown"
	fi
	exit 0
fi
231 232 233
if [ "X$1" = "X-viewerhelp" ]; then
	$VNCVIEWERCMD -h 2>&1
	exit 0
runge's avatar
runge committed
234 235
fi

runge's avatar
runge committed
236 237 238 239 240 241 242 243
# grab our cmdline options:
while [ "X$1" != "X" ]
do
    case $1 in 
	"-verify")	shift; verify="$1"
                ;;
	"-mycert")	shift; mycert="$1"
                ;;
244 245
	"-crl")		shift; crl="$1"
                ;;
runge's avatar
runge committed
246 247 248 249 250 251 252 253 254 255 256
	"-proxy")	shift; proxy="$1"
                ;;
	"-ssh")		use_ssh=1
                ;;
	"-sshssl")	use_ssh=1
			use_sshssl=1
                ;;
	"-sshcmd")	shift; ssh_cmd="$1"
                ;;
	"-sshargs")	shift; ssh_args="$1"
                ;;
257
	"-anondh")	ciphers="ciphers=$anondh"
258
			anondh_set=1
259 260 261
                ;;
	"-ciphers")	shift; ciphers="ciphers=$1"
                ;;
runge's avatar
runge committed
262 263
	"-alpha")	gotalpha=1
                ;;
runge's avatar
runge committed
264 265
	"-showcert")	showcert=1
                ;;
266 267 268 269
	"-listen")	reverse=1
                ;;
	"-reverse")	reverse=1
                ;;
270 271
	"-2nd")		secondtry=1
                ;;
runge's avatar
runge committed
272 273
	"-grab")	VNCVIEWER_GRAB_SERVER=1; export VNCVIEWER_GRAB_SERVER
                ;;
274 275 276 277 278 279
	"-x11cursor")	VNCVIEWER_X11CURSOR=1; export VNCVIEWER_X11CURSOR
                ;;
	"-rawlocal")	VNCVIEWER_RAWLOCAL=1; export VNCVIEWER_RAWLOCAL
                ;;
	"-scale")	shift; SSVNC_SCALE="$1"; export SSVNC_SCALE
                ;;
280 281
	"-onelisten")	SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
                ;;
282 283 284 285 286 287
	"-sendclipboard")	VNCVIEWER_SEND_CLIPBOARD=1; export VNCVIEWER_SEND_CLIPBOARD
                ;;
	"-sendalways")	VNCVIEWER_SEND_ALWAYS=1; export VNCVIEWER_SEND_ALWAYS
                ;;
	"-recvtext")	shift; VNCVIEWER_RECV_TEXT="$1"; export VNCVIEWER_RECV_TEXT
                ;;
runge's avatar
runge committed
288 289
	"-escape")	shift; VNCVIEWER_ESCAPE="$1"; export VNCVIEWER_ESCAPE
                ;;
290 291
	"-ssvnc_encodings")	shift; VNCVIEWER_ENCODINGS="$1"; export VNCVIEWER_ENCODINGS
                ;;
292 293
	"-ssvnc_extra_opts")	shift; VNCVIEWERCMD_EXTRA_OPTS="$1"; export VNCVIEWERCMD_EXTRA_OPTS
                ;;
294 295 296 297 298 299 300 301
	"-rfbversion")	shift; VNCVIEWER_RFBVERSION="$1"; export VNCVIEWER_RFBVERSION
                ;;
	"-nobell")	VNCVIEWER_NOBELL=1; export VNCVIEWER_NOBELL
                ;;
	"-popupfix")	VNCVIEWER_POPUP_FIX=1; export VNCVIEWER_POPUP_FIX
                ;;
	"-realvnc4")	VNCVIEWER_IS_REALVNC4=1; export VNCVIEWER_IS_REALVNC4
                ;;
runge's avatar
runge committed
302 303 304 305 306 307 308 309 310 311
	"-h"*)	help; exit 0
                ;;
	"--h"*)	help; exit 0
                ;;
	*)	break
                ;;
    esac
    shift
done

312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333
# maxconn is something we added to stunnel, this disables it:
if [ "X$SS_VNCVIEWER_NO_MAXCONN" != "X" ]; then
	STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
elif echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then
	STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
elif [ "X$reverse" != "X" ]; then
	STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
else
	# new way (our patches).  other than the above, we set these:
	if [ "X$SKIP_STUNNEL_ONCE" = "X" ]; then
		STUNNEL_ONCE=1; export STUNNEL_ONCE
	fi
	if [ "X$SKIP_STUNNEL_MAX_CLIENTS" = "X" ]; then
		STUNNEL_MAX_CLIENTS=1; export STUNNEL_MAX_CLIENTS
	fi
fi
# always set this one:
if [ "X$SKIP_STUNNEL_NO_SYSLOG" = "X" ]; then
	STUNNEL_NO_SYSLOG=1; export STUNNEL_NO_SYSLOG
fi

# this is the -t ssh option (gives better keyboard response thru SSH tunnel)
334 335 336 337 338
targ="-t"
if [ "X$SS_VNCVIEWER_NO_T" != "X" ]; then
	targ=""
fi

339
# set the alpha blending env. hack: 
runge's avatar
runge committed
340 341 342 343
if [ "X$gotalpha" = "X1" ]; then
	VNCVIEWER_ALPHABLEND=1
	export VNCVIEWER_ALPHABLEND
else
runge's avatar
runge committed
344 345 346
	NO_ALPHABLEND=1
	export NO_ALPHABLEND
fi
347

348 349 350
if [ "X$reverse" != "X" ]; then
	ssh_sleep=1800
	if [ "X$proxy" != "X" ]; then
351
		# check proxy usage under reverse connection:
352 353
		if [ "X$use_ssh" = "X" -a "X$use_sshssl" = "X" ]; then
			echo ""
354
			if echo "$proxy" | egrep -i "(repeater|vencrypt)://" > /dev/null; then
355 356 357
				:
			else
				echo "*Warning*: SSL -listen and a Web proxy does not make sense."
358
				sleep 2
359
			fi
360 361 362 363 364
		elif echo "$proxy" | grep "," > /dev/null; then
			:
		else
			echo ""
			echo "*Warning*: -listen and a single proxy/gateway does not make sense."
365
			sleep 2
366
		fi
367
		SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
368 369 370
	fi
fi
if [ "X$ssh_cmd" = "X" ]; then
371
	# if no remote ssh cmd, sleep a bit:
372 373
	ssh_cmd="sleep $ssh_sleep"
fi
runge's avatar
runge committed
374

375 376
# this should be a host:display:
#
runge's avatar
runge committed
377 378 379
orig="$1"
shift

380 381 382 383 384
dL="-L"
if uname -sr | egrep 'SunOS 5\.[5-8]' > /dev/null; then
	dL="-h"
fi

385 386 387 388 389 390 391 392
rchk() {
	# a kludge to set $RANDOM if we are not bash:
	if [ "X$BASH_VERSION" = "X" ]; then
		RANDOM=`date +%S``sh -c 'echo $$'``ps -elf 2>&1 | sum 2>&1 | awk '{print $1}'`
	fi
}
rchk

393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428
# a portable, but not absolutely safe, tmp file creator
mytmp() {
	tf=$1
	if type mktemp > /dev/null 2>&1; then
		# if we have mktemp(1), use it:
		tf2="$tf.XXXXXX"
		tf2=`mktemp "$tf2"`
		if [ "X$tf2" != "X" -a -f "$tf2" ]; then
			if [ "X$DEBUG_MKTEMP" != "X" ]; then
				echo "mytmp-mktemp: $tf2" 1>&2
			fi
			echo "$tf2"
			return
		fi
	fi
	# fallback to multiple cmds:
	rm -rf "$tf" || exit 1
	if [ -d "$tf" ]; then
		echo "tmp file $tf still exists as a directory."
		exit 1
	elif [ $dL "$tf" ]; then
		echo "tmp file $tf still exists as a symlink."
		exit 1
	elif [ -f "$tf" ]; then
		echo "tmp file $tf still exists."
		exit 1
	fi
	touch "$tf" || exit 1
	chmod 600 "$tf" || exit 1
	rchk
	if [ "X$DEBUG_MKTEMP" != "X" ]; then
		echo "mytmp-touch: $tf" 1>&2
	fi
	echo "$tf"
}

429 430 431 432 433 434 435 436 437 438 439
# set up special case of ultravnc single click III mode:
if echo "$proxy" | egrep "^sslrepeater://" > /dev/null; then
	pstr=`echo "$proxy" | sed -e 's,sslrepeater://,,'`
	pstr1=`echo "$pstr" | sed -e 's/+.*$//'`
	pstr2=`echo "$pstr" | sed -e 's/^[^+]*+//'`
	SSVNC_REPEATER="SCIII=$pstr2"; export SSVNC_REPEATER
	orig=$pstr1
	echo
	echo "reset: SSVNC_REPEATER=$SSVNC_REPEATER orig=$orig proxy=''"
	proxy=""
fi
440 441 442 443 444 445 446
if echo "$proxy" | egrep "vencrypt://" > /dev/null; then
	vtmp="/tmp/ss_handshake${RANDOM}.$$.txt"
	vtmp=`mytmp "$vtmp"`
	SSVNC_PREDIGESTED_HANDSHAKE="$vtmp"
	export SSVNC_PREDIGESTED_HANDSHAKE
	#echo "SSVNC_PREDIGESTED_HANDSHAKE=$SSVNC_PREDIGESTED_HANDSHAKE"
fi
447 448


449
# check -ssh and -mycert/-verify conflict:
runge's avatar
runge committed
450 451 452 453 454 455 456
if [ "X$use_ssh" = "X1" -a "X$use_sshssl" = "X" ]; then
	if [ "X$mycert" != "X" -o "X$verify" != "X" ]; then
		echo "-mycert and -verify cannot be used in -ssh mode" 
		exit 1
	fi
fi

457 458
# direct mode Vnc:// means show no warnings.
# direct mode vnc:// will show warnings.
459 460 461 462 463 464
if echo "$orig" | grep '^V[Nn][Cc]://' > /dev/null; then
	SSVNC_NO_ENC_WARN=1
	export SSVNC_NO_ENC_WARN
	orig=`echo "$orig" | sed -e 's/^...:/vnc:/'`
fi

465
# interprest the pseudo URL proto:// strings:
runge's avatar
runge committed
466 467 468 469
if echo "$orig" | grep '^vnc://' > /dev/null; then
	orig=`echo "$orig" | sed -e 's,vnc://,,'`
	verify=""
	mycert=""
470
	crl=""
runge's avatar
runge committed
471 472 473
	use_ssh=""
	use_sshssl=""
	direct_connect=1
474 475
elif echo "$orig" | grep '^vncs://' > /dev/null; then
	orig=`echo "$orig" | sed -e 's,vncs://,,'`
runge's avatar
runge committed
476 477
elif echo "$orig" | grep '^vncssl://' > /dev/null; then
	orig=`echo "$orig" | sed -e 's,vncssl://,,'`
478 479
elif echo "$orig" | grep '^vnc+ssl://' > /dev/null; then
	orig=`echo "$orig" | sed -e 's,vnc.ssl://,,'`
runge's avatar
runge committed
480 481 482
elif echo "$orig" | grep '^vncssh://' > /dev/null; then
	orig=`echo "$orig" | sed -e 's,vncssh://,,'`
	use_ssh=1
483 484 485
elif echo "$orig" | grep '^vnc+ssh://' > /dev/null; then
	orig=`echo "$orig" | sed -e 's,vnc.ssh://,,'`
	use_ssh=1
runge's avatar
runge committed
486
fi
487

488 489 490
if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
        verify=""
        mycert=""
491
        crl=""
492 493 494
        use_ssh=""
        use_sshssl=""
        direct_connect=1
495 496 497
	if echo "$SSVNC_ULTRA_DSM" | grep 'noultra:' > /dev/null; then
		SSVNC_NO_ULTRA_DSM=1; export SSVNC_NO_ULTRA_DSM
	fi
498 499
fi

500
# (possibly) tell the vncviewer to only listen on lo: 
runge's avatar
runge committed
501 502 503
if [ "X$reverse" != "X" -a "X$direct_connect" = "X" ]; then
	VNCVIEWER_LISTEN_LOCALHOST=1
	export VNCVIEWER_LISTEN_LOCALHOST
runge's avatar
runge committed
504 505
fi

506
# rsh mode is an internal/secret thing only I use.
507 508 509 510 511 512 513 514 515 516 517
rsh=""
if echo "$orig" | grep '^rsh://' > /dev/null; then
	use_ssh=1
	rsh=1
	orig=`echo "$orig" | sed -e 's,rsh://,,'`
elif echo "$orig" | grep '^rsh:' > /dev/null; then
	use_ssh=1
	rsh=1
	orig=`echo "$orig" | sed -e 's,rsh:,,'`
fi

runge's avatar
runge committed
518 519 520 521
# play around with host:display port:
if echo "$orig" | grep ':' > /dev/null; then
	:
else
522
	# add or assume :0 if no ':'
523 524
	if [ "X$reverse" = "X" ]; then
		orig="$orig:0"
runge's avatar
runge committed
525 526
	elif [ "X$orig" = "X" ]; then
		orig=":0"
527
	fi
runge's avatar
runge committed
528 529
fi

530
# extract host and disp number:
runge's avatar
runge committed
531 532 533
host=`echo "$orig" | awk -F: '{print $1}'`
disp=`echo "$orig" | awk -F: '{print $2}'`
if [ "X$host" = "X" ]; then
534
	host=$localhost
runge's avatar
runge committed
535
fi
536 537 538
if [ "X$disp" = "X" ]; then
	port=""	# probably -listen mode.
elif [ $disp -lt 0 ]; then
539
	# negative means use |n| without question:
540 541
	port=`expr 0 - $disp`
elif [ $disp -lt 200 ]; then
542
	# less than 200 means 5900+n
543 544 545 546 547
	if [ "X$reverse" = "X" ]; then
		port=`expr $disp + 5900`
	else
		port=`expr $disp + 5500`
	fi
runge's avatar
runge committed
548
else
549
	# otherwise use the number directly, e.g. 443, 2345
runge's avatar
runge committed
550 551 552 553 554 555 556 557
	port=$disp
fi

# try to find an open listening port via netstat(1):
inuse=""
if uname | grep Linux > /dev/null; then
	inuse=`netstat -ant | egrep 'LISTEN|WAIT|ESTABLISH|CLOSE' | awk '{print $4}' | sed 's/^.*://'`
elif uname | grep SunOS > /dev/null; then
558 559 560
	inuse=`netstat -an -f inet -P tcp | egrep 'LISTEN|WAIT|ESTABLISH|CLOSE' | awk '{print $1}' | sed 's/^.*\.//'`
elif uname | egrep -i 'bsd|darwin' > /dev/null; then
	inuse=`netstat -ant -f inet | egrep 'LISTEN|WAIT|ESTABLISH|CLOSE' | awk '{print $4}' | sed 's/^.*\.//'`
runge's avatar
runge committed
561 562 563
# add others...
fi

564
# this is a crude attempt for unique ports tags, etc.
runge's avatar
runge committed
565 566
date_sec=`date +%S`

567 568
# these are special cases of no vnc, e.g. sleep or xmessage.
# these are for using ssvnc as a general port redirector.
runge's avatar
runge committed
569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584
if echo "$VNCVIEWERCMD" | grep '^sleep[ 	][ 	]*[0-9][0-9]*' > /dev/null; then
	if [ "X$SS_VNCVIEWER_LISTEN_PORT" = "X" ]; then
		p=`echo "$VNCVIEWERCMD" | awk '{print $3}'`
		if [ "X$p" != "X" ]; then
			SS_VNCVIEWER_LISTEN_PORT=$p
		fi
	fi
	p2=`echo "$VNCVIEWERCMD" | awk '{print $2}'`
	VNCVIEWERCMD="eval sleep $p2; echo Local "
elif echo "$VNCVIEWERCMD" | grep '^xmessage[ 	][ 	]*[0-9][0-9]*' > /dev/null; then
	if [ "X$SS_VNCVIEWER_LISTEN_PORT" = "X" ]; then
		p=`echo "$VNCVIEWERCMD" | awk '{print $2}'`
		SS_VNCVIEWER_LISTEN_PORT=$p
	fi
fi

585
# utility to find a free port to listen on.
runge's avatar
runge committed
586 587 588 589 590
findfree() {
	try0=$1
	try=$try0
	use0=""

runge's avatar
runge committed
591 592 593 594
	if [ "X$SS_VNCVIEWER_LISTEN_PORT" != "X" ]; then
		echo "$SS_VNCVIEWER_LISTEN_PORT"
		return	
	fi
595 596 597 598 599
	if [ $try -ge 6000 ]; then
		fmax=`expr $try + 1000`
	else
		fmax=6000
	fi
runge's avatar
runge committed
600

601
	while [ $try -lt $fmax ]
runge's avatar
runge committed
602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620
	do
		if [ "X$inuse" = "X" ]; then
			break
		fi
		if echo "$inuse" | grep -w $try > /dev/null; then
			:
		else
			use0=$try
			break
		fi
		try=`expr $try + 1`
	done
	if [ "X$use0" = "X" ]; then
		use0=`expr $date_sec + $try0`
	fi

	echo $use0
}

621 622
# utility for exiting; kills some helper processes,
# removes files, etc.
623 624
final() {
	echo ""
625 626 627
	if [ "X$tmp_cfg" != "X" ]; then
		rm -f $tmp_cfg
	fi
628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649
	if [ "X$SS_VNCVIEWER_RM" != "X" ]; then
		rm -f $SS_VNCVIEWER_RM 2>/dev/null
	fi
	if [ "X$tcert" != "X" ]; then
		rm -f $tcert
	fi
	if [ "X$pssh" != "X" ]; then
		echo "Terminating background ssh process"
		echo kill -TERM "$pssh"
		kill -TERM "$pssh" 2>/dev/null
		sleep 1
		kill -KILL "$pssh" 2>/dev/null
		pssh=""
	fi
	if [ "X$stunnel_pid" != "X" ]; then
		echo "Terminating background stunnel process"
		echo kill -TERM "$stunnel_pid"
		kill -TERM "$stunnel_pid" 2>/dev/null
		sleep 1
		kill -KILL "$stunnel_pid" 2>/dev/null
		stunnel_pid=""
	fi
650 651 652 653 654 655 656 657
	if [ "X$dsm_pid" != "X" ]; then
		echo "Terminating background ultravnc_dsm_helper process"
		echo kill -TERM "$dsm_pid"
		kill -TERM "$dsm_pid" 2>/dev/null
		sleep 1
		kill -KILL "$dsm_pid" 2>/dev/null
		stunnel_pid=""
	fi
658 659 660
	if [ "X$tail_pid" != "X" ]; then
		kill -TERM $tail_pid
	fi
661
}
runge's avatar
runge committed
662

663
if [ "X$reverse" = "X" ]; then
664
	# normal connections try 5930-5999:
665 666 667 668 669 670 671 672
	if [ "X$showcert" = "X" ]; then
		use=`findfree 5930`
	else
		# move away from normal place for (possibly many) -showcert
		pstart=`date +%S`
		pstart=`expr 6130 + $pstart + $pstart`
		use=`findfree $pstart`
	fi
673 674 675 676 677
	if [ $use -ge 5900 ]; then
		N=`expr $use - 5900`
	else
		N=$use
	fi
runge's avatar
runge committed
678
else
679
	# reverse connections:
680 681 682 683 684 685 686
	p2=`expr $port + 30`
	use=`findfree $p2`
	if [ $use -ge 5500 ]; then
		N=`expr $use - 5500`
	else
		N=$use
	fi
runge's avatar
runge committed
687 688
fi

689
# this is for my special use of ss_vncip -> vncip viewer.
runge's avatar
runge committed
690 691 692 693
if echo "$0" | grep vncip > /dev/null; then
	VNCVIEWERCMD="$VNCIPCMD"
fi

694 695 696 697 698 699
if echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then
	:
elif [ "X$VNCVIEWERCMD_EXTRA_OPTS" != "X" ]; then
	VNCVIEWERCMD="$VNCVIEWERCMD $VNCVIEWERCMD_EXTRA_OPTS"
fi

700
# trick for the undocumented rsh://host:port method.
701 702 703 704 705 706 707 708 709 710 711
rsh_setup() {
	if echo "$ssh_host" | grep '@' > /dev/null; then
		ul=`echo "$ssh_host" | awk -F@ '{print $1}'`
		ul="-l $ul"
		ssh_host=`echo "$ssh_host" | awk -F@ '{print $2}'`
	else
		ul=""
	fi
	ssh_cmd=`echo "$ssh_cmd" | sed -e 's/ -localhost/ /g'`
}

712
# trick for the undocumented rsh://host:port method.
713 714 715 716 717 718 719 720 721 722 723 724 725
rsh_viewer() {
	trap "final" 0 2 15
	if [ "X$PORT" = "X" ]; then
		exit 1
	elif [ $PORT -ge 5900 ]; then
		vdpy=`expr $PORT - 5900`
	else
		vdpy=":$PORT"
	fi
	stty sane
	echo "$VNCVIEWERCMD" "$@" $ssh_host:$vdpy
	echo ""
	$VNCVIEWERCMD "$@" $ssh_host:$vdpy
726 727 728 729 730 731
	if [ $? != 0 ]; then
		sleep 2
		$VNCVIEWERCMD "$@" $ssh_host:$vdpy
	fi
}

732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748
check_perl() {
	if type "$1" > /dev/null 2>&1; then
		:
	elif [ ! -x "$1" ]; then
		echo ""
		echo "*******************************************************"
		echo "** Problem finding the Perl command '$1': **"
		echo ""
		type "perl"
		echo ""
		echo "** Perhaps you need to install the Perl package. **"
		echo "*******************************************************"
		echo ""
		sleep 5
	fi
}

749 750 751 752 753
# this is the PPROXY tool.  used only here for now... 
pcode() {
	tf=$1
	PPROXY_PROXY=$proxy; export PPROXY_PROXY
	PPROXY_DEST="$host:$port"; export PPROXY_DEST
754 755
	check_perl /usr/bin/perl

756 757 758 759 760 761
	cod='#!/usr/bin/perl

# A hack to glue stunnel to a Web proxy or SOCKS for client connections.

use IO::Socket::INET;

762 763 764 765
if (exists $ENV{PPROXY_SLEEP}) {
	print STDERR "PPROXY_PID: $$\n";
	sleep $ENV{PPROXY_SLEEP};
}
766

767 768
foreach my $var (qw(PPROXY_PROXY PPROXY_SOCKS PPROXY_DEST PPROXY_LISTEN
    PPROXY_REVERSE PPROXY_REPEATER PPROXY_REMOVE PPROXY_KILLPID PPROXY_SLEEP)) {
769
	if (0 || $ENV{SS_DEBUG} || $ENV{SSVNC_VENCRYPT_DEBUG}) {
770 771 772 773 774 775 776 777 778 779
		print STDERR "$var: $ENV{$var}\n";
	}
} 

if ($ENV{PPROXY_SOCKS} ne "" && $ENV{PPROXY_PROXY} !~ m,^socks5?://,i) {
	if ($ENV{PPROXY_SOCKS} eq "5") {
		$ENV{PPROXY_PROXY} = "socks5://$ENV{PPROXY_PROXY}";
	} else {
		$ENV{PPROXY_PROXY} = "socks://$ENV{PPROXY_PROXY}";
	}
780 781
}

782
my $rfbSecTypeAnonTls  = 18;
783 784 785 786 787 788 789 790 791 792 793 794 795 796 797
my $rfbSecTypeVencrypt = 19;

my $rfbVencryptPlain        = 256;
my $rfbVencryptTlsNone      = 257;
my $rfbVencryptTlsVnc       = 258;
my $rfbVencryptTlsPlain     = 259;
my $rfbVencryptX509None     = 260;
my $rfbVencryptX509Vnc      = 261;
my $rfbVencryptX509Plain    = 262;

my $handshake_file = "";
if (exists $ENV{SSVNC_PREDIGESTED_HANDSHAKE})  {
	$handshake_file = $ENV{SSVNC_PREDIGESTED_HANDSHAKE};
}

798 799 800 801 802 803 804 805 806 807 808 809 810
my $have_gettimeofday = 0;
eval "use Time::HiRes";
if ($@ eq "") {
	$have_gettimeofday = 1;
}
sub gettime {
	my $t = "0.0";
	if ($have_gettimeofday) {
		$t = Time::HiRes::gettimeofday();
	}
	return $t;
}

811 812 813 814 815 816 817 818 819 820
sub append_handshake {
	my $str = shift;
	if ($handshake_file) {
		if (open(HSF, ">>$handshake_file")) {
			print HSF $str;
			close HSF;
		}
	}
}

821 822 823 824 825
my ($first, $second, $third) = split(/,/, $ENV{PPROXY_PROXY}, 3);
my ($mode_1st, $mode_2nd, $mode_3rd) = ("", "", "");

($first, $mode_1st) = url_parse($first);

826 827 828 829
my ($proxy_host, $proxy_port) = split(/:/, $first);
my $connect = $ENV{PPROXY_DEST};

if ($second ne "") {
830
	($second, $mode_2nd) = url_parse($second);
831 832 833
}

if ($third ne "") {
834
	($third, $mode_3rd) = url_parse($third);
835 836
}

837

838 839 840 841 842 843 844
print STDERR "\n";
print STDERR "PPROXY v0.2: a tool for Web proxies and SOCKS connections.\n";
print STDERR "proxy_host:       $proxy_host\n";
print STDERR "proxy_port:       $proxy_port\n";
print STDERR "proxy_connect:    $connect\n";
print STDERR "pproxy_params:    $ENV{PPROXY_PROXY}\n";
print STDERR "pproxy_listen:    $ENV{PPROXY_LISTEN}\n";
845
print STDERR "pproxy_reverse:   $ENV{PPROXY_REVERSE}\n";
846
print STDERR "\n";
847 848 849 850 851 852
if (1) {
	print STDERR "pproxy 1st: $first\t- $mode_1st\n";
	print STDERR "pproxy 2nd: $second\t- $mode_2nd\n";
	print STDERR "pproxy 3rd: $third\t- $mode_3rd\n";
	print STDERR "\n";
}
853 854

my $listen_handle = "";
855 856 857 858 859 860 861 862 863 864 865 866
if ($ENV{PPROXY_REVERSE} ne "") {
	my ($rhost, $rport) = split(/:/, $ENV{PPROXY_REVERSE});
	$rport = 5900 unless $rport;
	$listen_handle = IO::Socket::INET->new(
		PeerAddr => $rhost,
		PeerPort => $rport,
		Proto => "tcp"
	);
	if (! $listen_handle) {
		die "pproxy: $! -- PPROXY_REVERSE\n";
	}
	print STDERR "PPROXY_REVERSE: connected to $rhost $rport\n";
867

868
} elsif ($ENV{PPROXY_LISTEN} ne "") {
869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884
	my $listen_sock = "";
	if ($ENV{PPROXY_LISTEN} =~ /^INADDR_ANY:(.*)/) {
		my $p = $1;
		$listen_sock = IO::Socket::INET->new(
			Listen    => 2,
			LocalPort => $p,
			Proto     => "tcp"
		);
	} else {
		$listen_sock = IO::Socket::INET->new(
			Listen    => 2,
			LocalAddr => "127.0.0.1",
			LocalPort => $ENV{PPROXY_LISTEN},
			Proto     => "tcp"
		);
	}
885
	if (! $listen_sock) {
886
		die "pproxy: $! -- PPROXY_LISTEN\n";
887 888 889 890 891 892
	}
	my $ip;
	($listen_handle, $ip) = $listen_sock->accept();
	if (! $listen_handle) {
		die "pproxy: $!\n";
	}
893
	close $listen_sock;
894 895 896 897 898 899 900 901 902 903 904 905 906 907
}

my $sock = IO::Socket::INET->new(
	PeerAddr => $proxy_host,
	PeerPort => $proxy_port,
	Proto => "tcp"
);

if (! $sock) {
	my $err = $!;
	unlink($0) if $ENV{PPROXY_REMOVE};
	die "pproxy: $err\n";
}

908 909
unlink($0) if $ENV{PPROXY_REMOVE};

910 911 912 913 914 915 916
if ($ENV{PPROXY_PROXY} =~ /^vencrypt:/ && $ENV{PPROXY_LISTEN} =~ /^INADDR_ANY:/) {
	print STDERR "PPROXY: vencrypt+reverse: swapping listen socket with connect socket.\n";
	my $tmp_swap = $sock;
	$sock = $listen_handle;
	$listen_handle = $tmp_swap;
}

917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940
$cur_proxy = $first;
setmode($mode_1st);

if ($second ne "") {
	connection($second, 1);

	setmode($mode_2nd);
	$cur_proxy = $second;

	if ($third ne "") {
		connection($third, 2);
		setmode($mode_3rd);
		$cur_proxy = $third;
		connection($connect, 3);
	} else {
		connection($connect, 2);
	}
} else {
	connection($connect, 1);
}

$parent = $$;
$child = fork;
if (! defined $child) {
941 942 943 944 945 946 947 948
	if ($ENV{PPROXY_KILLPID}) {
		foreach my $p (split(/,/, $ENV{PPROXY_KILLPID})) {
			if ($p =~ /^(\+|-)/) {
				$p = $parent + $p;
			}
			kill "TERM", $p;
		}
	}
949 950 951 952 953 954 955 956 957 958 959 960 961
	exit 1;
}

if ($child) {
	print STDERR "pproxy parent\[$$]  STDIN -> socket\n";
	if ($listen_handle) {
		xfer($listen_handle, $sock);
	} else {
		xfer(STDIN, $sock);
	}
	select(undef, undef, undef, 0.25);
	if (kill 0, $child) {
		select(undef, undef, undef, 1.5);
962
		print STDERR "pproxy\[$$]: kill TERM $child\n";
963 964 965 966 967 968 969 970 971 972 973 974
		kill "TERM", $child;
	}
} else {
	print STDERR "pproxy child \[$$]  socket -> STDOUT\n";
	if ($listen_handle) {
		xfer($sock, $listen_handle);
	} else {
		xfer($sock, STDOUT);
	}
	select(undef, undef, undef, 0.25);
	if (kill 0, $parent) {
		select(undef, undef, undef, 1.5);
975
		print STDERR "pproxy\[$$]: kill TERM $parent\n";
976 977 978 979
		kill "TERM", $parent;
	}
}
if ($ENV{PPROXY_KILLPID} ne "") {
980 981 982 983 984 985 986 987
	if ($ENV{PPROXY_KILLPID}) {
		foreach my $p (split(/,/, $ENV{PPROXY_KILLPID})) {
			if ($p =~ /^(\+|-)/) {
				$p = $parent + $p;
			}
			print STDERR "kill TERM, $p (PPROXY_KILLPID)\n";
			kill "TERM", $p;
		}
988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010
	}
}
exit;

sub url_parse {
	my $hostport = shift;
	my $mode = "http";
	if ($hostport =~ m,^socks4?://(\S*)$,i) {
		$mode = "socks4";
		$hostport = $1;
	} elsif ($hostport =~ m,^socks5://(\S*)$,i) {
		$mode = "socks5";
		$hostport = $1;
	} elsif ($hostport =~ m,^https?://(\S*)$,i) {
		$mode = "http";
		$hostport = $1;
	} elsif ($hostport =~ m,^repeater://(\S*)\+(\S*)$,i) {
		# ultravnc repeater proxy.
		$hostport = $1;
		$mode = "repeater:$2";
		if ($hostport !~ /:\d+/) {
			$hostport .= ":5900";
		}
1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022
	} elsif ($hostport =~ m,^vencrypt://(\S*)$,i) {
		# vencrypt handshake.
		$hostport = $1;
		my $m = "connect";
		if ($hostpost =~ /^(\S+)\+(\S+)$/) {
			$hostport = $1;
			$mode = $2;
		}
		$mode = "vencrypt:$m";
		if ($hostport !~ /:\d+/) {
			$hostport .= ":5900";
		}
1023 1024 1025 1026 1027 1028 1029
	}
	return ($hostport, $mode);
}

sub setmode {
	my $mode = shift;
	$ENV{PPROXY_REPEATER} = "";
1030
	$ENV{PPROXY_VENCRYPT} = "";
1031 1032 1033 1034 1035 1036 1037 1038 1039
	if ($mode =~ /^socks/) {
		if ($mode =~ /^socks5/) {
			$ENV{PPROXY_SOCKS} = 5;
		} else {
			$ENV{PPROXY_SOCKS} = 1;
		}
	} elsif ($mode =~ /^repeater:(.*)/) {
		$ENV{PPROXY_REPEATER} = $1;
		$ENV{PPROXY_SOCKS} = "";
1040 1041 1042
	} elsif ($mode =~ /^vencrypt:(.*)/) {
		$ENV{PPROXY_VENCRYPT} = $1;
		$ENV{PPROXY_SOCKS} = "";
1043 1044 1045 1046 1047
	} else {
		$ENV{PPROXY_SOCKS} = "";
	}
}

1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171
sub connection {
	my ($CONNECT, $w) = @_;

	my $con = "";
	my $msg = "";

	if ($ENV{PPROXY_SOCKS} eq "5") {
		# SOCKS5
		my ($h, $p) = split(/:/, $CONNECT);
		$con .= pack("C", 0x05);
		$con .= pack("C", 0x01);
		$con .= pack("C", 0x00);

		$msg = "SOCKS5 via $cur_proxy to $h:$p\n\n";
		print STDERR "proxy_request$w: $msg";

		syswrite($sock, $con, length($con));

		my ($n1, $n2, $n3, $n4, $n5, $n6);
		my ($r1, $r2, $r3, $r4, $r5, $r6);
		my ($s1, $s2, $s3, $s4, $s5, $s6);

		$n1 = sysread($sock, $r1, 1);
		$n2 = sysread($sock, $r2, 1);

		$s1 = unpack("C", $r1);
		$s2 = unpack("C", $r2);
		if ($s1 != 0x05 || $s2 != 0x00) {
			print STDERR "SOCKS5 fail s1=$s1 s2=$s2 n1=$n1 n2=$n2\n";
			close $sock;
			exit(1);
		}

		$con = "";
		$con .= pack("C", 0x05);
		$con .= pack("C", 0x01);
		$con .= pack("C", 0x00);
		$con .= pack("C", 0x03);
		$con .= pack("C", length($h));
		$con .= $h;
		$con .= pack("C", $p >> 8);
		$con .= pack("C", $p & 0xff);

		syswrite($sock, $con, length($con));

		$n1 = sysread($sock, $r1, 1);
		$n2 = sysread($sock, $r2, 1);
		$n3 = sysread($sock, $r3, 1);
		$n4 = sysread($sock, $r4, 1);
		$s1 = unpack("C", $r1);
		$s2 = unpack("C", $r2);
		$s3 = unpack("C", $r3);
		$s4 = unpack("C", $r4);

		if ($s4 == 0x1) {
			sysread($sock, $r5, 4 + 2);
		} elsif ($s4 == 0x3) {
			sysread($sock, $r5, 1);
			$s5 = unpack("C", $r5);
			sysread($sock, $r6, $s5 + 2);
		} elsif ($s4 == 0x4) {
			sysread($sock, $r5, 16 + 2);
		}

		if ($s1 != 0x5 || $s2 != 0x0 || $s3 != 0x0) {
			print STDERR "SOCKS5 failed: s1=$s1 s2=$s2 s3=$s3 s4=$s4 n1=$n1 n2=$n2 n3=$n3 n4=$n4\n";
			close $sock;
			exit(1);
		}

	} elsif ($ENV{PPROXY_SOCKS} ne "") {
		# SOCKS4 SOCKS4a
		my ($h, $p) = split(/:/, $CONNECT);
		$con .= pack("C", 0x04);
		$con .= pack("C", 0x01);
		$con .= pack("n", $p);

		my $SOCKS_4a = 0;
		if ($h eq "localhost" || $h eq "127.0.0.1") {
			$con .= pack("C", 127);
			$con .= pack("C", 0);
			$con .= pack("C", 0);
			$con .= pack("C", 1);
		} elsif ($h =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) {
			$con .= pack("C", $1);
			$con .= pack("C", $2);
			$con .= pack("C", $3);
			$con .= pack("C", $4);
		} else {
			$con .= pack("C", 0);
			$con .= pack("C", 0);
			$con .= pack("C", 0);
			$con .= pack("C", 3);
			$SOCKS_4a = 1;
		}

		$con .= "nobody";
		$con .= pack("C", 0);

		$msg = "SOCKS4 via $cur_proxy to $h:$p\n\n";
		if ($SOCKS_4a) {
			$con .= $h;
			$con .= pack("C", 0);
			$msg =~ s/SOCKS4/SOCKS4a/;
		}
		print STDERR "proxy_request$w: $msg";
		syswrite($sock, $con, length($con));

		my $ok = 1;
		for (my $i = 0; $i < 8; $i++) {
			my $c;
			sysread($sock, $c, 1);
			my $s = unpack("C", $c);
			if ($i == 0) {
				$ok = 0 if $s != 0x0;
			} elsif ($i == 1) {
				$ok = 0 if $s != 0x5a;
			}
		}
		if (! $ok) {
			print STDERR "SOCKS4 failed.\n";
			close $sock;
			exit(1);
		}
1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183
	} elsif ($ENV{PPROXY_REPEATER} ne "") {
		my $rep = $ENV{PPROXY_REPEATER};
		print STDERR "repeater: $rep\n";
		$rep .= pack("x") x 250;
		syswrite($sock, $rep, 250);

		my $ok = 1;
		for (my $i = 0; $i < 12; $i++) {
			my $c;
			sysread($sock, $c, 1);
			print STDERR $c;
		}
1184 1185 1186
	} elsif ($ENV{PPROXY_VENCRYPT} ne "") {
		my $vencrypt = $ENV{PPROXY_VENCRYPT};
		vencrypt_dialog($vencrypt);
1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214

	} else {
		# Web Proxy:
		$con = "CONNECT $CONNECT HTTP/1.1\r\n";
		$con   .= "Host: $CONNECT\r\n";
		$con   .= "Connection: close\r\n\r\n";
		$msg = $con;

		print STDERR "proxy_request$w: via $cur_proxy:\n$msg";
		syswrite($sock, $con, length($con));

		my $rep = "";
		my $n = 0;
		while ($rep !~ /\r\n\r\n/ && $n < 30000) {
			my $c;
			sysread($sock, $c, 1);
			print STDERR $c;
			$rep .= $c;
			$n++;
		}
		if ($rep !~ m,HTTP/.* 200,) {
			print STDERR "HTTP CONNECT failed.\n";
			close $sock;
			exit(1);
		}
	}
}

1215 1216 1217 1218 1219 1220
sub vdie {
	append_handshake("done\n");
	close $sock;
	exit(1);
}

1221
sub anontls_handshake {
1222 1223
	my ($vmode, $db) = @_;

1224
	print STDERR "PPROXY: Doing ANONTLS Handshake\n";
1225

1226
	my $psec = pack("C", $rfbSecTypeAnonTls);
1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238
	syswrite($sock, $psec, 1);

	append_handshake("done\n");
}

sub vencrypt_handshake {
	
	my ($vmode, $db) = @_;

	print STDERR "PPROXY: Doing VeNCrypt Handshake\n";

	my $psec = pack("C", $rfbSecTypeVencrypt);
1239 1240 1241 1242 1243 1244 1245

	if (exists $ENV{SSVNC_TEST_SEC_TYPE}) {
		my $fake = $ENV{SSVNC_TEST_SEC_TYPE};
		print STDERR "PPROXY: sending sec-type: $fake\n";
		$psec = pack("C", $fake);
	}

1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256
	syswrite($sock, $psec, 1);

	my $vmajor;
	my $vminor;
	sysread($sock, $vmajor, 1);
	sysread($sock, $vminor, 1);

	vdie if $vmajor eq "" || $vminor eq "";

	$vmajor = unpack("C", $vmajor);
	$vminor = unpack("C", $vminor);
1257
	print STDERR "server vencrypt version $vmajor.$vminor\n" if $db;
1258

1259 1260 1261 1262 1263 1264
	if (exists $ENV{SSVNC_TEST_SEC_TYPE}) {
		print STDERR "PPROXY: continuing on in test mode.\n";
	} else {
		vdie if $vmajor ne 0;
		vdie if $vminor < 2;
	}
1265 1266 1267 1268 1269 1270 1271 1272 1273 1274

	$vmajor = pack("C", 0);
	$vminor = pack("C", 2);
	append_handshake("subversion=0.2\n");

	syswrite($sock, $vmajor, 1);
	syswrite($sock, $vminor, 1);

	my $result;
	sysread($sock, $result, 1);
1275
	print STDERR "result empty\n" if $db && $result eq "";
1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323

	vdie if $result eq "";
	$result = unpack("C", $result);
	print STDERR "result=$result\n" if $db;

	vdie if $result ne 0;

	my $nsubtypes;
	sysread($sock, $nsubtypes, 1);

	vdie if $nsubtypes eq "";
	$nsubtypes = unpack("C", $nsubtypes);
	print STDERR "nsubtypes=$nsubtypes\n" if $db;

	my %subtypes;

	for (my $i = 0; $i < $nsubtypes; $i++) {
		my $subtype = ""; 
		sysread($sock, $subtype, 4);
		vdie if length($subtype) != 4;

		# XXX fix 64bit.
		$subtype = unpack("N", $subtype);
		print STDERR "subtype: $subtype\n" if $db;
		$subtypes{$subtype} = 1;
		append_handshake("sst$i=$subtype\n");
	}

	my $subtype = 0;
	if (exists $subtypes{$rfbVencryptX509None})  {
		$subtype = $rfbVencryptX509None;
		print STDERR "selected rfbVencryptX509None\n" if $db;
	} elsif (exists $subtypes{$rfbVencryptX509Vnc})  {
		$subtype = $rfbVencryptX509Vnc;
		print STDERR "selected rfbVencryptX509Vnc\n" if $db;
	} elsif (exists $subtypes{$rfbVencryptX509Plain})  {
		$subtype = $rfbVencryptX509Plain;
		print STDERR "selected rfbVencryptX509Plain\n" if $db;
	} elsif (exists $subtypes{$rfbVencryptTlsNone})  {
		$subtype = $rfbVencryptTlsNone;
		print STDERR "selected rfbVencryptTlsNone\n" if $db;
	} elsif (exists $subtypes{$rfbVencryptTlsVnc})  {
		$subtype = $rfbVencryptTlsVnc;
		print STDERR "selected rfbVencryptTlsVnc\n" if $db;
	} elsif (exists $subtypes{$rfbVencryptTlsPlain})  {
		$subtype = $rfbVencryptTlsPlain;
		print STDERR "selected rfbVencryptTlsPlain\n" if $db;
	}
1324 1325 1326 1327 1328 1329 1330

	if (exists $ENV{SSVNC_TEST_SEC_SUBTYPE}) {
		my $fake = $ENV{SSVNC_TEST_SEC_SUBTYPE};
		print STDERR "PPROXY: sending sec-subtype: $fake\n";
		$subtype = $fake;
	}

1331 1332 1333 1334 1335
	append_handshake("subtype=$subtype\n");

	my $pst = pack("N", $subtype);
	syswrite($sock, $pst, 4); 

1336 1337 1338 1339 1340
	if (exists $ENV{SSVNC_TEST_SEC_SUBTYPE}) {
		print STDERR "PPROXY: continuing on in test mode.\n";
	} else {
		vdie if $subtype == 0;
	}
1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356

	my $ok;
	sysread($sock, $ok, 1);
	$ok = unpack("C", $ok);
	print STDERR "ok=$ok\n" if $db;

	append_handshake("done\n");

	vdie if $ok == 0;
}

sub vencrypt_dialog {
	my $vmode = shift;
	my $db = 0;

	$db = 1 if exists $ENV{SS_DEBUG};
1357
	$db = 1 if exists $ENV{SSVNC_VENCRYPT_DEBUG};
1358 1359 1360 1361

	append_handshake("mode=$vmode\n");

	my $server_rfb = "";
1362
	#syswrite($sock, $rep, 250);
1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384
	for (my $i = 0; $i < 12; $i++) {
		my $c;
		sysread($sock, $c, 1);
		$server_rfb .= $c;
		print STDERR $c;
	}
	print STDERR "server_rfb: $server_rfb\n" if $db;
	append_handshake("server=$server_rfb");

	my $minor = "";
	if ($server_rfb =~ /^RFB 003\.(\d+)/) {
		$minor = $1;
	} else {
		vdie;
	}
	my $viewer_rfb = "RFB 003.008\n";
	if ($minor < 7) {
		vdie;
	} elsif ($minor == 7) {
		$viewer_rfb = "RFB 003.007\n";
	}
	my $nsec;
1385 1386
	my $t1 = gettime();
	my $t0 = gettime();
1387

1388
	syswrite($sock, $viewer_rfb, 12);
1389
	sysread($sock, $nsec, 1);
1390 1391 1392 1393 1394 1395 1396

	$t1 = gettime();
	$t1 = sprintf("%.6f", $t1 - $t0);

	append_handshake("viewer=$viewer_rfb");
	append_handshake("latency=$t1\n");

1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418
	vdie if $nsec eq "";

	$nsec = unpack("C", $nsec);

	print STDERR "nsec: $nsec\n" if $db;
	vdie if $nsec eq 0 || $nsec > 100;

	my %sectypes = ();

	for (my $i = 0; $i < $nsec; $i++) {
		my $sec;
		sysread($sock, $sec, 1);
		vdie if $sec eq "";
		$sec = unpack("C", $sec);
		print STDERR "sec: $sec\n" if $db;
		$sectypes{$sec} = 1;
	}
	
	if (exists $sectypes{$rfbSecTypeVencrypt}) {
		print STDERR "found rfbSecTypeVencrypt\n" if $db;
		append_handshake("sectype=$rfbSecTypeVencrypt\n");
		vencrypt_handshake($vmode, $db);
1419 1420 1421 1422
	} elsif (exists $sectypes{$rfbSecTypeAnonTls}) {
		print STDERR "found rfbSecTypeAnonTls\n" if $db;
		append_handshake("sectype=$rfbSecTypeAnonTls\n");
		anontls_handshake($vmode, $db);
1423 1424 1425 1426 1427 1428
	} else {
		print STDERR "No supported sec-type found\n" if $db;
		vdie;
	}
}

1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468
sub xfer {
	my($in, $out) = @_;
	$RIN = $WIN = $EIN = "";
	$ROUT = "";
	vec($RIN, fileno($in), 1) = 1;
	vec($WIN, fileno($in), 1) = 1;
	$EIN = $RIN | $WIN;

	while (1) {
		my $nf = 0;
		while (! $nf) {
			$nf = select($ROUT=$RIN, undef, undef, undef);
		}
		my $len = sysread($in, $buf, 8192);
		if (! defined($len)) {
			next if $! =~ /^Interrupted/;
			print STDERR "pproxy\[$$]: $!\n";
			last;
		} elsif ($len == 0) {
			print STDERR "pproxy\[$$]: Input is EOF.\n";
			last;
		}
		my $offset = 0;
		my $quit = 0;
		while ($len) {
			my $written = syswrite($out, $buf, $len, $offset);
			if (! defined $written) {
				print STDERR "pproxy\[$$]: Output is EOF. $!\n";
				$quit = 1;
				last;
			}
			$len -= $written;
			$offset += $written;
		}
		last if $quit;
	}
	close($in);
	close($out);
}
'
1469
	# '
1470 1471
	# xpg_echo will expand \n \r, etc.
	# try to unset and then test for it.
1472 1473 1474
	if type shopt > /dev/null 2>&1; then
		shopt -u xpg_echo >/dev/null 2>&1
	fi
1475 1476
	v='print STDOUT "abc\n";'
	echo "$v" > $tf
1477
	chmod 700 $tf
1478 1479 1480 1481 1482 1483 1484 1485

	lc=`wc -l $tf | awk '{print $1}'`
	if [ "X$lc" = "X1" ]; then
		echo "$cod" > $tf
	else
		printf "%s" "$cod" > $tf
		echo "" >> $tf
	fi
1486 1487 1488 1489
	# prime perl
	perl -e 'use IO::Socket::INET; select(undef, undef, undef, 0.01)' >/dev/null 2>&1
}

1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550
# make_tcert is no longer invoked via the ssvnc gui (Listen mode).
# make_tcert is for testing only now via -mycert BUILTIN
make_tcert() {
	tcert="/tmp/ss_vnc_viewer_tcert${RANDOM}.$$"
	tcert=`mytmp "$tcert"`
	cat > $tcert <<END
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvkfXxb0wcxgrjV2ziFikjII+ze8iKcTBt47L0GM/c21efelN
+zZpJUUXLu4zz8Ryq8Q+sQgfNy7uTOpN9bUUaOk1TnD7gaDQnQWiNHmqbW2kL+DS
OKngJVPo9dETAS8hf7+D1e1DBZxjTc1a4RQqWJixwpYj99ixWzu8VC2m/xXsjvOs
jp4+DLBB490nbkwvstmhmiWm1CmI5O5xOkgioVNQqHvQMdVKOSz9PpbjvZiRX1Uo
qoMrk+2NOqwP90TB35yPASXb9zXKpO7DLhkube+yYGf+yk46aD707L07Eb7cosFP
S84vNZ9gX7rQ0UOwm5rYA/oZTBskgaqhtIzkLwIDAQABAoIBAD4ot/sXt5kRn0Ca
CIkU9AQWlC+v28grR2EQW9JiaZrqcoDNUzUqbCTJsi4ZkIFh2lf0TsqELbZYNW6Y
6AjJM7al4E0UqYSKJTv2WCuuRxdiRs2BMwthqyBmjeanev7bB6V0ybt7u3Y8xU/o
MrTuYnr4vrEjXPKdLirwk7AoDbKsRXHSIiHEIBOq1+dUQ32t36ukdnnza4wKDLZc
PKHiCdCk/wOGhuDlxD6RspqUAlRnJ8/aEhrgWxadFXw1hRhRsf/v1shtB0T3DmTe
Jchjwyiw9mryb9JZAcKxW+fUc4EVvj6VdQGqYInQJY5Yxm5JAlVQUJicuuJEvn6A
rj5osQECgYEA552CaHpUiFlB4HGkjaH00kL+f0+gRF4PANCPk6X3UPDVYzKnzmuu
yDvIdEETGFWBwoztUrOOKqVvPEQ+kBa2+DWWYaERZLtg2cI5byfDJxQ3ldzilS3J
1S3WgCojqcsG/hlxoQJ1dZFanUy/QhUZ0B+wlC+Zp1Q8AyuGQvhHp68CgYEA0lBI
eqq2GGCdJuNHMPFbi8Q0BnX55LW5C1hWjhuYiEkb3hOaIJuJrqvayBlhcQa2cGqp
uP34e9UCfoeLgmoCQ0b4KpL2NGov/mL4i8bMgog4hcoYuIi3qxN18vVR14VKEh4U
RLk0igAYPU+IK2QByaQlBo9OSaKkcfm7U1/pK4ECgYAxr6VpGk0GDvfF2Tsusv6d
GIgV8ZP09qSLTTJvvxvF/lQYeqZq7sjI5aJD5i3de4JhpO/IXQJzfZfWOuGc8XKA
3qYK/Y2IqXXGYRcHFGWV/Y1LFd55mCADHlk0l1WdOBOg8P5iRu/Br9PbiLpCx9oI
vrOXpnp03eod1/luZmqguwKBgQCWFRSj9Q7ddpSvG6HCG3ro0qsNsUMTI1tZ7UBX
SPogx4tLf1GN03D9ZUZLZVFUByZKMtPLX/Hi7K9K/A9ikaPrvsl6GEX6QYzeTGJx
3Pw0amFrmDzr8ySewNR6/PXahxPEuhJcuI31rPufRRI3ZLah3rFNbRbBFX+klkJH
zTnoAQKBgDbUK/aQFGduSy7WUT7LlM3UlGxJ2sA90TQh4JRQwzur0ACN5GdYZkqM
YBts4sBJVwwJoxD9OpbvKu3uKCt41BSj0/KyoBzjT44S2io2tj1syujtlVUsyyBy
/ca0A7WBB8lD1D7QMIhYUm2O9kYtSCLlUTHt5leqGaRG38DqlX36
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDzDCCArQCCQDSzxzxqhyqLzANBgkqhkiG9w0BAQQFADCBpzELMAkGA1UEBhMC
VVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxDzANBgNVBAcTBkJvc3RvbjETMBEG
A1UEChMKTXkgQ29tcGFueTEcMBoGA1UECxMTUHJvZHVjdCBEZXZlbG9wbWVudDEZ
MBcGA1UEAxMQd3d3Lm5vd2hlcmUubm9uZTEhMB8GCSqGSIb3DQEJARYSYWRtaW5A
bm93aGVyZS5ub25lMB4XDTA3MDMyMzE4MDc0NVoXDTI2MDUyMjE4MDc0NVowgacx
CzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQ8wDQYDVQQHEwZC
b3N0b24xEzARBgNVBAoTCk15IENvbXBhbnkxHDAaBgNVBAsTE1Byb2R1Y3QgRGV2
ZWxvcG1lbnQxGTAXBgNVBAMTEHd3dy5ub3doZXJlLm5vbmUxITAfBgkqhkiG9w0B
CQEWEmFkbWluQG5vd2hlcmUubm9uZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAL5H18W9MHMYK41ds4hYpIyCPs3vIinEwbeOy9BjP3NtXn3pTfs2aSVF
Fy7uM8/EcqvEPrEIHzcu7kzqTfW1FGjpNU5w+4Gg0J0FojR5qm1tpC/g0jip4CVT
6PXREwEvIX+/g9XtQwWcY03NWuEUKliYscKWI/fYsVs7vFQtpv8V7I7zrI6ePgyw
QePdJ25ML7LZoZolptQpiOTucTpIIqFTUKh70DHVSjks/T6W472YkV9VKKqDK5Pt
jTqsD/dEwd+cjwEl2/c1yqTuwy4ZLm3vsmBn/spOOmg+9Oy9OxG+3KLBT0vOLzWf
YF+60NFDsJua2AP6GUwbJIGqobSM5C8CAwEAATANBgkqhkiG9w0BAQQFAAOCAQEA
vGomHEp6TVU83X2EBUgnbOhzKJ9u3fOI/Uf5L7p//Vxqow7OR1cguzh/YEzmXOIL
ilMVnzX9nj/bvcLAuqEP7MR1A8f4+E807p/L/Sf49BiCcwQq5I966sGKYXjkve+T
2GTBNwMSq+5kLSf6QY8VZI+qnrAudEQMeJByQhTZZ0dH8Njeq8EGl9KUio+VWaiW
CQK6xJuAvAHqa06OjLmwu1fYD4GLGSrOIiRVkSXV8qLIUmzxdJaIRznkFWsrCEKR
wAH966SAOvd2s6yOHMvyDRIL7WHxfESB6rDHsdIW/yny1fBePjv473KrxyXtbz7I
dMw1yW09l+eEo4A7GzwOdw==
-----END CERTIFICATE-----
END
	chmod 600 $tcert
	echo "$tcert"
}

1551 1552 1553 1554
Kecho() {
	if [ "X$USER" = "Xrunge" ]; then
		echo "dbg: $*"
	fi
1555 1556
}

runge's avatar
runge committed
1557
if [ "X$use_ssh" = "X1" ]; then
1558 1559 1560
	#
	# USING SSH
	#
runge's avatar
runge committed
1561 1562
	ssh_port="22"
	ssh_host="$host"
1563
	vnc_host="$localhost"
1564
	# let user override ssh via $SSH
runge's avatar
runge committed
1565
	ssh=${SSH:-"ssh -x"}
1566

1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586
	sshword=`echo "$ssh" | awk '{print $1}'`
	if [ "X$sshword" != "X" ]; then
		if [ -x "$sshword" ]; then
			:
		elif type "$sshword" > /dev/null 2>&1; then
			:
		else
			echo ""
			echo "*********************************************************"
			echo "** Problem finding the SSH command '$sshword': **"
			echo ""
			type "$sshword"
			echo ""
			echo "** Perhaps you need to install the SSH client package. **"
			echo "*********************************************************"
			echo ""
			sleep 5
		fi
	fi

1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604
	if [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" ]; then
		SSVNC_LIM_ACCEPT_PRELOAD="$SSVNC_BASEDIR/$SSVNC_UNAME/$SSVNC_LIM_ACCEPT_PRELOAD"
	fi
	if [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" ]; then
		echo ""
		echo "SSVNC_LIM_ACCEPT_PRELOAD=$SSVNC_LIM_ACCEPT_PRELOAD"
	fi

	if [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" -a -f "$SSVNC_LIM_ACCEPT_PRELOAD" ]; then
		plvar=LD_PRELOAD
		if uname | grep Darwin >/dev/null; then
			plvar="DYLD_FORCE_FLAT_NAMESPACE=1 DYLD_INSERT_LIBRARIES"
		fi
		ssh="env $plvar=$SSVNC_LIM_ACCEPT_PRELOAD $ssh"
	else
		SSVNC_LIM_ACCEPT_PRELOAD=""
	fi

1605 1606
	if echo "$proxy" | egrep '(http|https|socks|socks4|socks5)://' > /dev/null; then
		# Handle Web or SOCKS proxy(ies) for the initial connect.
1607 1608
		Kecho host=$host
		Kecho port=$port
1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628
		pproxy=""
		sproxy1=""
		sproxy_rest=""
		for part in `echo "$proxy" | tr ',' ' '`
		do
			Kecho proxy_part=$part
			if [ "X$part" = "X" ]; then
				continue
			elif echo "$part" | egrep -i '^(http|https|socks|socks4|socks5)://' > /dev/null; then
				pproxy="$pproxy,$part"
			else
				if [ "X$sproxy1" = "X" ]; then
					sproxy1="$part"
				else
					sproxy_rest="$sproxy_rest,$part"
				fi
			fi
		done
		pproxy=`echo "$pproxy" | sed -e 's/^,,*//' -e 's/,,*/,/g'`
		sproxy_rest=`echo "$sproxy_rest" | sed -e 's/^,,*//' -e 's/,,*/,/g'`
1629 1630 1631 1632

		Kecho pproxy=$pproxy
		Kecho sproxy1=$sproxy1
		Kecho sproxy_rest=$sproxy_rest
1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667

		sproxy1_host=""
		sproxy1_port=""
		sproxy1_user=""

		if [ "X$sproxy1" != "X" ]; then
			sproxy1_host=`echo "$sproxy1" | awk -F: '{print $1}'`
			sproxy1_user=`echo "$sproxy1_host" | awk -F@ '{print $1}'`
			sproxy1_host=`echo "$sproxy1_host" | awk -F@ '{print $2}'`
			if [ "X$sproxy1_host" = "X" ]; then
				sproxy1_host=$sproxy1_user
				sproxy1_user=""
			else
				sproxy1_user="${sproxy1_user}@"
			fi
			sproxy1_port=`echo "$sproxy1" | awk -F: '{print $2}'`
			if [ "X$sproxy1_port" = "X" ]; then
				sproxy1_port="22"
			fi
		else
			sproxy1_host=`echo "$host" | awk -F: '{print $1}'`
			sproxy1_user=`echo "$sproxy1_host" | awk -F@ '{print $1}'`
			sproxy1_host=`echo "$sproxy1_host" | awk -F@ '{print $2}'`
			if [ "X$sproxy1_host" = "X" ]; then
				sproxy1_host=$sproxy1_user
				sproxy1_user=""
			else
				sproxy1_user="${sproxy1_user}@"
			fi
			sproxy1_port=`echo "$host" | awk -F: '{print $2}'`
			if [ "X$sproxy1_port" = "X" ]; then
				sproxy1_port="22"
			fi
		fi

1668 1669 1670
		Kecho sproxy1_host=$sproxy1_host
		Kecho sproxy1_port=$sproxy1_port
		Kecho sproxy1_user=$sproxy1_user
1671

1672 1673
		ptmp="/tmp/ss_vncviewer_ssh${RANDOM}.$$.pl"
		ptmp=`mytmp "$ptmp"`
1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700
		PPROXY_REMOVE=1; export PPROXY_REMOVE
		proxy=$pproxy
		port_save=$port
		host_save=$host
		if [ "X$sproxy1_host" != "X" ]; then
			host=$sproxy1_host
		fi
		if [ "X$sproxy1_port" != "X" ]; then
			port=$sproxy1_port
		fi
		host=`echo "$host" | sed -e 's/^.*@//'`
		port=`echo "$port" | sed -e 's/^.*://'`
		pcode "$ptmp"
		port=$port_save
		host=$host_save

		nd=`findfree 6700`
		PPROXY_LISTEN=$nd; export PPROXY_LISTEN
		$ptmp &
		sleep 2
		ssh_args="$ssh_args -o NoHostAuthenticationForLocalhost=yes"
		if [ "X$sproxy1" = "X" ]; then
			u=""
			if echo "$host" | grep '@' > /dev/null; then
				u=`echo "$host" | sed -e 's/@.*$/@/'`
			fi
			
1701
			proxy="${u}$localhost:$nd"
1702
		else
1703
			proxy="${sproxy1_user}$localhost:$nd"
1704 1705 1706 1707
		fi
		if [ "X$sproxy_rest" != "X" ]; then
			proxy="$proxy,$sproxy_rest"
		fi
1708
		Kecho proxy=$proxy
1709 1710
	fi

runge's avatar
runge committed
1711
	if echo "$proxy" | grep "," > /dev/null; then
1712

runge's avatar
runge committed
1713 1714
		proxy1=`echo "$proxy" | awk -F, '{print $1}'`
		proxy2=`echo "$proxy" | awk -F, '{print $2}'`
1715

runge's avatar
runge committed
1716 1717 1718
		# user1@gw1.com:port1,user2@ws2:port2
		ssh_host1=`echo "$proxy1" | awk -F: '{print $1}'`
		ssh_port1=`echo "$proxy1" | awk -F: '{print $2}'`
1719
		if [ "X$ssh_port1" != "X" ]; then
1720
			ssh_port1="-p $ssh_port1"
runge's avatar
runge committed
1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737
		fi
		ssh_host2=`echo "$proxy2" | awk -F: '{print $1}'`
		ssh_user2=`echo "$ssh_host2" | awk -F@ '{print $1}'`
		ssh_host2=`echo "$ssh_host2" | awk -F@ '{print $2}'`
		if [ "X$ssh_host2" = "X" ]; then
			ssh_host2=$ssh_user2
			ssh_user2=""
		else
			ssh_user2="${ssh_user2}@"
		fi
		ssh_port2=`echo "$proxy2" | awk -F: '{print $2}'`
		if [ "X$ssh_port2" = "X" ]; then
			ssh_port2="22"
		fi
		proxport=`findfree 3500`
		echo
		echo "Running 1st ssh proxy:"
1738 1739 1740
		echo "$ssh -f -x $ssh_port1 $targ -e none -o NoHostAuthenticationForLocalhost=yes -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 \"sleep 30\""
		echo ""
		      $ssh -f -x $ssh_port1 $targ -e none -o NoHostAuthenticationForLocalhost=yes -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 "sleep 30"
runge's avatar
runge committed
1741 1742 1743
		ssh_args="$ssh_args -o NoHostAuthenticationForLocalhost=yes"
		sleep 1
		stty sane
1744
		proxy="${ssh_user2}$localhost:$proxport"
runge's avatar
runge committed
1745
	fi
1746

runge's avatar
runge committed
1747 1748 1749 1750 1751 1752 1753 1754
	if [ "X$proxy" != "X" ]; then
		ssh_port=`echo "$proxy" | awk -F: '{print $2}'`
		if [ "X$ssh_port" = "X" ]; then
			ssh_port="22"
		fi
		ssh_host=`echo "$proxy" | awk -F: '{print $1}'`
		vnc_host="$host"
	fi
1755

runge's avatar
runge committed
1756 1757 1758
	echo ""
	echo "Running ssh:"
	sz=`echo "$ssh_cmd" | wc -c`
1759
	if [ "$sz" -gt 300 ]; then
runge's avatar
runge committed
1760 1761 1762 1763 1764 1765
		info="..."
	else
		info="$ssh_cmd"
	fi

	C=""
runge's avatar
runge committed
1766
	if [ "X$SS_VNCVIEWER_USE_C" != "X" ]; then
runge's avatar
runge committed
1767 1768
		C="-C"
	fi
1769 1770

	getport=""
1771
	teeport=""
1772
	if echo "$ssh_cmd" | egrep "(PORT=|P=) " > /dev/null; then
1773
		getport=1
1774
		if echo "$ssh_cmd" | egrep "P= " > /dev/null; then
1775 1776 1777
			teeport=1
		fi

1778
		PORT=""
1779
		ssh_cmd=`echo "$ssh_cmd" | sed -e 's/PORT=[ 	]*//' -e 's/P=//'`
1780 1781 1782 1783 1784 1785 1786 1787
		SSVNC_NO_ENC_WARN=1
		if [ "X$use_sshssl" = "X" ]; then
			direct_connect=1
		fi
	fi
	if [ "X$getport" != "X" ]; then
		ssh_redir="-D ${use}"
	elif [ "X$reverse" = "X" ]; then
1788 1789 1790 1791 1792
		ssh_redir="-L ${use}:${vnc_host}:${port}"
	else
		ssh_redir="-R ${port}:${vnc_host}:${use}"
	fi
	pmark=`sh -c 'echo $$'`
1793

runge's avatar
runge committed
1794
	# the -t option actually speeds up typing response via VNC!!
1795 1796 1797 1798 1799
	if [ "X$ssh_port" = "X22" ]; then
		ssh_port=""
	else
		ssh_port="-p $ssh_port"
	fi
1800

runge's avatar
runge committed
1801
	if [ "X$SS_VNCVIEWER_SSH_ONLY" != "X" ]; then
1802
		echo "$ssh -x $ssh_port $targ $C $ssh_args $ssh_host \"$info\""
runge's avatar
runge committed
1803
		echo ""
1804
		$ssh -x $ssh_port $targ $C $ssh_args $ssh_host "$ssh_cmd"
runge's avatar
runge committed
1805
		exit $?
1806

runge's avatar
runge committed
1807
	elif [ "X$SS_VNCVIEWER_NO_F" != "X" ]; then
1808
		echo "$ssh -x $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host \"$info\""
runge's avatar
runge committed
1809
		echo ""
1810
		$ssh -x $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
1811 1812 1813
		rc=$?

	elif [ "X$getport" != "X" ]; then
1814 1815
		tport=/tmp/ss_vncviewer_tport${RANDOM}.$$
		tport=`mytmp "$tport"`
1816 1817

		if [ "X$rsh" != "X1" ]; then
1818
			if echo "$ssh_cmd" | grep "sudo " > /dev/null; then
1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842
				echo ""
				echo "Initial ssh with 'sudo id' to prime sudo so hopefully the next one"
				echo "will require no password..."
				echo ""
				targ="-t"
				$ssh -x $ssh_port $targ $ssh_args $ssh_host "sudo id; tty"
				echo ""
			fi
			echo "$ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host \"$info\""
			echo ""
			$ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd" > $tport 
			if [ "X$teeport" = "X1" ]; then
				tail -f $tport 1>&2 &
				tail_pid=$!
			fi
			rc=$?
		else
			rsh_setup
			echo "rsh $ul $ssh_host \"$ssh_cmd\""
			echo ""
			rsh $ul $ssh_host "$ssh_cmd" > $tport &
			sleep 1
			rc=0
		fi
1843

1844
		if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
1845
			echo "sleep $SSVNC_EXTRA_SLEEP"
1846 1847 1848
			sleep $SSVNC_EXTRA_SLEEP
		fi

1849 1850
		stty sane
		i=0
1851 1852 1853 1854 1855 1856 1857 1858 1859 1860
		if type perl > /dev/null 2>&1; then
			imax=50
			sleepit="perl -e 'select(undef, undef, undef, 0.20)'"
		else
			imax=10
			sleepit="sleep 1"
		fi
		while [ $i -lt $imax ]; do
			#echo $sleepit
			eval $sleepit
1861
			PORT=`grep "^PORT=" $tport | head -n 1 | sed -e 's/PORT=//' -e 's/\r//g'`
1862 1863 1864
			if echo "$PORT" | grep '^[0-9][0-9]*$' > /dev/null; then
				break
			fi
1865
			vnss=`sed -e 's/\r//g' $tport | egrep -i '^(New.* desktop is|A VNC server is already running).*:[0-9[0-9]*$' | head -n 1 | awk '{print $NF}'`
1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880
			if [ "X$vnss" != "X" ]; then
				PORT=`echo "$vnss" | awk -F: '{print $2}'`
				if echo "$PORT" | grep '^[0-9][0-9]*$' > /dev/null; then
					if [ $PORT -lt 100 ]; then
						PORT=`expr $PORT + 5900`
					fi
				fi
				if echo "$PORT" | grep '^[0-9][0-9]*$' > /dev/null; then
					break
				fi
			fi
			i=`expr $i + 1`
		done

		echo "PORT=$PORT" 1>&2
1881 1882 1883 1884 1885
		rm -f $tport
		if [ "X$rsh" = "X1" ]; then
			rsh_viewer "$@"
			exit $?
		fi
1886
		PPROXY_SOCKS=1
1887 1888 1889
		if [ "X$SSVNC_SOCKS5" != "X" ]; then
			PPROXY_SOCKS=5
		fi
1890
		export PPROXY_SOCKS
1891
		host="$localhost"
1892
		port="$PORT"
1893
		proxy="$localhost:$use"
1894

runge's avatar
runge committed
1895
	else
1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910
		if [ "X$rsh" != "X1" ]; then
			echo "$ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host \"$info\""
			echo ""
			$ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
			rc=$?
		else
			rsh_setup
			echo "rsh $ul $ssh_host \"$ssh_cmd\""
			echo ""
			rsh $ul $ssh_host "$ssh_cmd" &
			sleep 1
			PORT=$port
			rsh_viewer "$@"
			exit $?
		fi
runge's avatar
runge committed
1911
	fi
1912 1913

	if [ "$rc" != "0" ]; then
runge's avatar
runge committed
1914 1915 1916 1917
		echo ""
		echo "ssh to $ssh_host failed."
		exit 1
	fi
1918 1919 1920 1921
	stty sane

	c=0
	pssh=""
1922
	while [ $c -lt 40 ]
1923 1924
	do
		p=`expr $pmark + $c`
1925 1926 1927 1928 1929 1930 1931 1932 1933 1934
		pout=`ps -p "$p" 2>/dev/null | grep -v '^[ 	]*PID' | sed -e 's/-L.*$//' -e 's/-x .*$//'`
		if echo "$pout" | grep "ssh" > /dev/null; then
			if echo "$pout" | egrep -i 'ssh.*(-add|-agent|-ask|-keygen|-argv0|vnc)' >/dev/null; then
				:
			elif echo "$pout" | egrep -i 'scp|sshd' >/dev/null; then
				:
			else
				pssh=$p
				break
			fi
1935 1936 1937
		fi
		c=`expr $c + 1`
	done
1938 1939
	if [ "X$getport" != "X" ]; then
		:
1940 1941
	elif [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" ] ; then
		sleep 2
1942
	elif [ "X$ssh_cmd" = "Xsleep $ssh_sleep" ] ; then
1943
		#echo T sleep 1
runge's avatar
runge committed
1944
		sleep 1
1945 1946 1947
	elif echo "$ssh_cmd" | grep '^sleep ' >/dev/null; then
		#echo T sleep 2
		sleep 2
runge's avatar
runge committed
1948 1949
	else
		# let any command get started a bit.
1950
		#echo T sleep 5
runge's avatar
runge committed
1951 1952 1953
		sleep 5
	fi
	echo ""
1954 1955
	#reset
	stty sane
1956
	if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
1957
		echo "sleep $SSVNC_EXTRA_SLEEP"
1958 1959
		sleep $SSVNC_EXTRA_SLEEP
	fi
1960
	echo "ssh_pid='$pssh'"; echo
1961
	if [ "X$use_sshssl" = "X" -a "X$getport" = "X" ]; then
runge's avatar
runge committed
1962
		echo "Running viewer:"
1963 1964 1965

		trap "final" 0 2 15
		if [ "X$reverse" = "X" ]; then
1966
			echo "$VNCVIEWERCMD" "$@" $localhost:$N
1967
			echo ""
1968
			$VNCVIEWERCMD "$@" $localhost:$N
1969 1970 1971 1972
			if [ $? != 0 ]; then
				echo "vncviewer command failed: $?"
				if [ "X$secondtry" = "X1" ]; then
					sleep 2
1973
					$VNCVIEWERCMD "$@" $localhost:$N
1974 1975
				fi
			fi
1976 1977 1978 1979
		else
			echo ""
			echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
			echo ""
1980 1981 1982 1983 1984 1985 1986 1987
			N2=$N
			if [ "X$VNCVIEWER_IS_REALVNC4" = "X1" ]; then
				N2=`echo "$N2" | sed -e 's/://g'`
				if [ $N2 -le 200 ]; then
					N2=`expr $N2 + 5500`
				fi
			fi
			echo "$VNCVIEWERCMD" "$@" -listen $N2
1988
			echo ""
1989
			$VNCVIEWERCMD "$@" -listen $N2
1990
		fi
runge's avatar
runge committed
1991 1992 1993 1994 1995 1996

		exit $?
	else
		use2=`findfree 5960`
		host0=$host
		port0=$port
1997
		host=$localhost
runge's avatar
runge committed
1998 1999 2000
		port=$use
		use=$use2
		N=`expr $use - 5900`
2001 2002 2003 2004 2005 2006
		if [ "X$getport" != "X" ]; then
			host="$host0"
			port="$port0"
		else
			proxy=""
		fi
runge's avatar
runge committed
2007 2008 2009
	fi
fi

2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026
if [ "X$stunnel_set_here" = "X1" -a "X$showcert" = "X" ]; then
	if type $STUNNEL > /dev/null 2>&1; then
		:
	else
		echo ""
		echo "***************************************************************"
		echo "** Problem finding the Stunnel command '$STUNNEL': **"
		echo ""
		type $STUNNEL
		echo ""
		echo "** Perhaps you need to install the stunnel/stunnel4 package. **"
		echo "***************************************************************"
		echo ""
		sleep 5
	fi
fi

runge's avatar
runge committed
2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039
# create the stunnel config file:
if [ "X$verify" != "X" ]; then
	if [ -d $verify ]; then
		verify="CApath = $verify"
	else
		verify="CAfile = $verify"
	fi
	verify="$verify
verify = 2"
fi
if [ "X$mycert" != "X" ]; then
	cert="cert = $mycert"
fi
2040 2041 2042 2043 2044 2045 2046
if [ "X$crl" != "X" ]; then
	if [ -d $crl ]; then
		crl="CRLpath = $crl"
	else
		crl="CRLfile = $crl"
	fi
fi
runge's avatar
runge committed
2047 2048 2049

ptmp=""
if [ "X$proxy" != "X" ]; then
runge's avatar
runge committed
2050
	ptmp="/tmp/ss_vncviewer${RANDOM}.$$.pl"
2051
	ptmp=`mytmp "$ptmp"`
2052
	PPROXY_REMOVE=1; export PPROXY_REMOVE
runge's avatar
runge committed
2053
	pcode "$ptmp"
runge's avatar
runge committed
2054
	if [ "X$showcert" != "X1" -a "X$direct_connect" = "X" ]; then
2055
		if uname | egrep 'Darwin|SunOS' >/dev/null; then
2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072
			vout=`echo "$proxy" | grep -i vencrypt`
			if [ "X$vout" != "X" -a "X$reverse" = "X1" ]; then
				# need to exec for reverse vencrypt
				connect="exec = $ptmp"
			else
				# on mac and solaris we need to listen on socket instead of stdio:
				nd=`findfree 6700`
				PPROXY_LISTEN=$nd
				export PPROXY_LISTEN
				if [ "X$reverse" = "X" ]; then
					#$ptmp 2>/dev/null &
					$ptmp &
				fi
				sleep 2
				host="$localhost"
				port="$nd"
				connect="connect = $localhost:$nd"
2073
			fi
runge's avatar
runge committed
2074
		else
2075
			# otherwise on unix we can exec it:
runge's avatar
runge committed
2076 2077 2078 2079 2080
			connect="exec = $ptmp"
		fi
	else
		connect="exec = $ptmp"
	fi
runge's avatar
runge committed
2081 2082 2083 2084
else
	connect="connect = $host:$port"
fi

runge's avatar
runge committed
2085 2086
if [ "X$showcert" = "X1" ]; then
	if [ "X$proxy" != "X" ]; then
2087 2088
		PPROXY_LISTEN=$use
		export PPROXY_LISTEN
2089 2090 2091 2092 2093
		if [ "X$SS_DEBUG" != "X" ]; then
			$ptmp &
		else
			$ptmp 2>/dev/null &
		fi
2094
		sleep 1
2095
		host="$localhost"
runge's avatar
runge committed
2096 2097
		port="$use"
	fi
2098 2099 2100 2101
	cipher_args=""
	if [ "X$ciphers" != "X" ]; then
		cipher_args=`echo "$ciphers" | sed -e 's/ciphers=/-cipher /'`
	fi
2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114
	if type openssl > /dev/null 2>&1; then
		:
	else
		echo ""
		echo "********************************************************"
		echo "** Problem finding the OpenSSL command 'openssl': **" 
		echo ""
		type openssl 2>&1
		echo ""
		echo "** Perhaps you need to install the 'openssl' package. **"
		echo "********************************************************"
		echo ""
	fi
2115
	#echo "openssl s_client $cipher_args -connect $host:$port" 
2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133
	if [ "X$reverse" = "X" ]; then
		openssl s_client $cipher_args -prexit -connect $host:$port 2>&1 < /dev/null
		rc=$?
	else
		tcert=""
		if [ "X$mycert" = "X" ]; then
			tcert=`make_tcert`
			cert_args="-cert $tcert -CAfile $tcert"
		else
			cert_args="-cert $mycert -CAfile $mycert"
		fi
		tmp_out=/tmp/showcert_out${RANDOM}.$$
		tmp_out=`mytmp "$tmp_out"`
		tmp_err=/tmp/showcert_err${RANDOM}.$$
		tmp_err=`mytmp "$tmp_err"`

		#echo "openssl s_server $cipher_args $cert_args -accept $port -verify 2 > $tmp_out 2> $tmp_err" 1>&2

2134 2135 2136
		# assume we have perl:
		check_perl perl

2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175
		perl -e "
			\$p = open(O, \"|openssl s_server $cipher_args $cert_args -accept $port -verify 2 1>$tmp_out 2> $tmp_err\");
			exit 1 unless \$p;
			while (1) {
				sleep 1;
				if (!open(F, \"<$tmp_out\")) {
					kill \$p;
					exit 1;
				}
				while (<F>) {
					if (/RFB 00/) {
						fsleep(0.25);
						print O \"RFB 000.000\\n\";
						fsleep(1.00);
						kill \$p;
						fsleep(0.25);
						exit 0;
					}
				}
				close F;
			}
			sub fsleep {
				select(undef, undef, undef, shift);
			}
		";

		echo ""
		cat $tmp_out
		echo ""
		echo "----2----"
		cat $tmp_err
		if grep BEGIN.CERTIFICATE $tmp_out >/dev/null; then
			rc=0
		else
			rc=1
		fi

		rm -f $tmp_out $tmp_err
	fi
2176 2177 2178
	if [ "X$SSVNC_PREDIGESTED_HANDSHAKE" != "X" ]; then
		rm -f $SSVNC_PREDIGESTED_HANDSHAKE
	fi
2179 2180 2181 2182 2183
	if [ "X$SSVNC_SHOWCERT_EXIT_0" = "X1" ]; then
		exit 0
	else
		exit $rc
	fi
runge's avatar
runge committed
2184 2185
fi

runge's avatar
runge committed
2186
if [ "X$direct_connect" != "X" ]; then
2187 2188 2189 2190 2191
	if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
		SSVNC_NO_ENC_WARN=1
		echo ""
		echo "Using UltraVNC DSM Plugin key for encryption:"
		echo ""
2192 2193
		ustr=`echo "$SSVNC_ULTRA_DSM" | sed -e 's/pw=[^ ]*/pw=******/g'`
		echo "  $ustr PORT HOST:PORT"
2194 2195
		echo ""
	elif [ "X$getport" = "X" ]; then
2196 2197
		echo ""
		echo "Running viewer for direct connection:"
2198 2199 2200 2201 2202 2203 2204
		if echo X"$@" | grep chatonly > /dev/null; then
			:
		else
			echo ""
			echo "** NOTE: THERE WILL BE NO SSL OR SSH ENCRYPTION **"
			echo ""
		fi
2205
	fi
2206
	x=""
2207
	if [ "X$SSVNC_NO_ENC_WARN" != "X" ]; then
2208 2209 2210
		if [ "X$getport" = "X" ]; then
			sleep 1
		fi
2211
	elif type printf > /dev/null 2>&1; then
runge's avatar
runge committed
2212
		printf  "Are you sure you want to continue? [y]/n "
2213
		read x
runge's avatar
runge committed
2214 2215
	else
		echo -n "Are you sure you want to continue? [y]/n "
2216
		read x
runge's avatar
runge committed
2217 2218 2219 2220 2221 2222
	fi
	if [ "X$x" = "Xn" ]; then
		exit 1
	fi
	echo ""
	if [ "X$ptmp" != "X" ]; then
2223 2224 2225 2226
		if [ "X$reverse" = "X" ]; then
			PPROXY_LISTEN=$use
			export PPROXY_LISTEN
		else
2227
			PPROXY_REVERSE="$localhost:$use"
2228 2229 2230 2231 2232 2233 2234 2235 2236
			export PPROXY_REVERSE
			pps=3
			if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
				pps=`expr $pps + $SSVNC_EXTRA_SLEEP`
			fi
			PPROXY_SLEEP=$pps; export PPROXY_SLEEP;
			PPROXY_KILLPID=+1; export PPROXY_KILLPID;
		fi

runge's avatar
runge committed
2237
		$ptmp &
2238

2239
		if [ "X$reverse" = "X" ]; then
2240 2241 2242
			#sleep 2
			#echo T sleep 1
			sleep 1
2243
		fi
2244
		host="$localhost"
runge's avatar
runge committed
2245
		disp="$N"
2246
		port=`expr $disp + 5900`
runge's avatar
runge committed
2247
	fi
2248
	if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
2249
		echo "T sleep $SSVNC_EXTRA_SLEEP"
2250 2251
		sleep $SSVNC_EXTRA_SLEEP
	fi
2252
	if [ "X$reverse" = "X" ]; then
2253 2254
		hostdisp="$host:$disp"
		if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
2255 2256 2257 2258 2259 2260
			if [ "X$SSVNC_USE_OURS" = "X1" ]; then
				hostdisp="exec=$SSVNC_ULTRA_DSM 0 $host:$port"
			else
				pf=`findfree 5970`
				cmd="$SSVNC_ULTRA_DSM -$pf $host:$port"
				pf=`expr $pf - 5900`
2261
				hostdisp="$localhost:$pf"
2262 2263 2264 2265 2266 2267 2268 2269 2270
				ustr=`echo "$cmd" | sed -e 's/pw=[^ ]*/pw=******/g'`
				echo "Running:"
				echo
				echo "$ustr &"
				echo
				$cmd &
				dsm_pid=$!
				sleep 2
			fi
2271
		fi
2272 2273
		hostdisp2=`echo "$hostdisp" | sed -e 's/pw=[^ ]*/pw=******/g'`
		echo "$VNCVIEWERCMD" "$@" "$hostdisp2"
2274 2275
		trap "final" 0 2 15
		echo ""
2276
		$VNCVIEWERCMD "$@" "$hostdisp"
2277 2278 2279 2280
		if [ $? != 0 ]; then
			echo "vncviewer command failed: $?"
			if [ "X$secondtry" = "X1" ]; then
				sleep 2
2281
				$VNCVIEWERCMD "$@" "$hostdisp"
2282 2283
			fi
		fi
2284 2285 2286 2287 2288
	else
		echo ""
		echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
		echo ""
		trap "final" 0 2 15
2289 2290
		if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
			echo "NOTE: The ultravnc_dsm_helper only runs once.  So after the first LISTEN"
2291
			echo "      ends, you may have to Press Ctrl-C and restart for another connection."
2292
			echo ""
2293 2294 2295
			SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
			VNCVIEWER_LISTEN_LOCALHOST=1
			export VNCVIEWER_LISTEN_LOCALHOST
2296
			dport=`expr 5500 + $disp`
2297
			cmd="$SSVNC_ULTRA_DSM $dport $localhost:$use"
2298
			ustr=`echo "$cmd" | sed -e 's/pw=[^ ]*/pw=******/g'`
2299 2300
			echo "Running:"
			echo
2301
			echo "$ustr &"
2302 2303 2304 2305 2306 2307 2308 2309 2310
			echo
			$cmd &
			dsm_pid=$!
			sleep 2
			disp=$use
			if [ $disp -ge 5500 ]; then
				disp=`expr $disp - 5500`
			fi
		fi
2311 2312 2313 2314 2315 2316 2317 2318
		disp2=$disp
		if [ "X$VNCVIEWER_IS_REALVNC4" = "X1" ]; then
			disp2=`echo "$disp2" | sed -e 's/://g'`
			if [ $disp2 -le 200 ]; then
				disp2=`expr $disp2 + 5500`
			fi
		fi
		echo "$VNCVIEWERCMD" "$@" -listen $disp2
2319
		echo ""
2320
		$VNCVIEWERCMD "$@" -listen $disp2
2321
	fi
runge's avatar
runge committed
2322 2323 2324
	exit $?
fi

2325
tmp_cfg=/tmp/ss_vncviewer${RANDOM}.$$
2326
tmp_cfg=`mytmp "$tmp_cfg"`
runge's avatar
runge committed
2327

2328
stunnel_exec=""
2329 2330 2331
if [ "X$SSVNC_USE_OURS" != "X1" ]; then
	:
elif echo $STUNNEL_EXTRA_SVC_OPTS | grep '#stunnel-exec' > /dev/null; then
2332 2333 2334
	stunnel_exec="#"
fi

2335 2336
if [ "X$reverse" = "X" ]; then

2337
	if echo "$proxy" | grep "^repeater://" > /dev/null; then
2338
		if [ "X$cert" = "XBUILTIN" ]; then
2339 2340 2341
			ttcert=`make_tcert`
			cert="cert = $ttcert"
		fi
2342 2343
		# Note for listen mode, an empty cert will cause stunnel to fail.
		# The ssvnc gui will have already taken care of this.
2344 2345
	fi

2346
	cat > "$tmp_cfg" <<END
2347 2348 2349
foreground = yes
pid =
client = yes
2350
debug = $stunnel_debug
2351
$ciphers
2352
$STUNNEL_EXTRA_OPTS
2353
$STUNNEL_EXTRA_OPTS_USER
2354
$cert
2355 2356
$crl
$verify
2357

2358
${stunnel_exec}[vnc_stunnel]
2359
${stunnel_exec}accept = $localhost:$use
2360
$connect
2361 2362
$STUNNEL_EXTRA_SVC_OPTS
$STUNNEL_EXTRA_SVC_OPTS_USER
2363 2364

END
2365

2366
else
2367 2368
	# REVERSE case:

2369
	stunnel_exec=""	# doesn't work for listening.
2370 2371

	p2=`expr 5500 + $N`
2372
	connect="connect = $localhost:$p2"
2373
	if [ "X$cert" = "XBUILTIN" ]; then
2374 2375
		ttcert=`make_tcert`
		cert="cert = $ttcert"
2376
	fi
2377 2378
	# Note for listen mode, an empty cert will cause stunnel to fail.
	# The ssvnc gui will have already taken care of this.
2379 2380 2381 2382


	hloc=""
	if [ "X$use_ssh" = "X1" ]; then
2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394
		hloc="$localhost:"
	fi
	if echo "$proxy" | grep -i '^vencrypt:' > /dev/null; then
		hloc="$localhost:"
		pv=`findfree 5570`
		proxy="vencrypt:$pv:$port"
		port=$pv
		if [ "X$anondh_set" = "X1" ]; then
			# not needed for ANONDH in this mode
			#ciphers="ciphers = ADH:@STRENGTH"
			:
		fi
2395
	fi
2396
	cat > "$tmp_cfg" <<END
2397 2398 2399
foreground = yes
pid =
client = no
2400
debug = $stunnel_debug
2401
$ciphers
2402
$STUNNEL_EXTRA_OPTS
2403
$STUNNEL_EXTRA_OPTS_USER
2404
$cert
2405 2406
$crl
$verify
2407 2408 2409 2410

[vnc_stunnel]
accept = $hloc$port
$connect
2411 2412
$STUNNEL_EXTRA_SVC_OPTS
$STUNNEL_EXTRA_SVC_OPTS_USER
2413

runge's avatar
runge committed
2414
END
2415

2416 2417
fi

runge's avatar
runge committed
2418 2419 2420
echo ""
echo "Using this stunnel configuration:"
echo ""
2421
cat "$tmp_cfg" | uniq
runge's avatar
runge committed
2422 2423 2424
echo ""
sleep 1

2425
if [ "X$stunnel_exec" = "X" ]; then
2426
	echo ""
2427 2428 2429 2430 2431 2432
	echo "Running stunnel:"
	echo "$STUNNEL $tmp_cfg"
	st=`echo "$STUNNEL" | awk '{print $1}'`
	$st -help > /dev/null 2>&1
	$STUNNEL "$tmp_cfg" < /dev/tty > /dev/tty &
	stunnel_pid=$!
2433
	echo ""
2434 2435 2436 2437

	# pause here to let the user supply a possible passphrase for the
	# mycert key:
	if [ "X$mycert" != "X" ]; then
2438 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452
		nsl=10
		dsl=0
		if [ ! -f $mycert ]; then
			dsl=0
		elif grep -i 'Proc-Type.*ENCRYPTED' "$mycert" > /dev/null 2>/dev/null; then
			dsl=1
		fi
		if [ "X$dsl" = "X1" ]; then
			echo ""
			echo "(** pausing $nsl secs for possible certificate passphrase dialog **)"
			echo ""
			sleep $nsl
			echo "(** done pausing for passphrase **)"
			echo ""
		fi
2453 2454 2455 2456
	fi
	#echo T sleep 1
	sleep 1
	rm -f "$tmp_cfg"
runge's avatar
runge committed
2457 2458
fi

2459

runge's avatar
runge committed
2460
echo ""
2461
if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
2462
	echo "sleep $SSVNC_EXTRA_SLEEP"
2463 2464
	sleep $SSVNC_EXTRA_SLEEP
fi
runge's avatar
runge committed
2465
echo "Running viewer:"
2466
if [ "X$reverse" = "X" ]; then
2467
	vnc_hp=$localhost:$N
2468 2469 2470 2471
	if [ "X$stunnel_exec" != "X" ]; then
		vnc_hp="exec=$STUNNEL $tmp_cfg"
	fi
	echo "$VNCVIEWERCMD" "$@" "$vnc_hp"
2472 2473
	trap "final" 0 2 15
	echo ""
2474
	$VNCVIEWERCMD "$@" "$vnc_hp"
2475 2476 2477 2478
	if [ $? != 0 ]; then
		echo "vncviewer command failed: $?"
		if [ "X$secondtry" = "X1" ]; then
			sleep 2
2479
			$VNCVIEWERCMD "$@" "$vnc_hp"
2480 2481
		fi
	fi
2482 2483 2484 2485
else
	echo ""
	echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
	echo ""
2486 2487 2488 2489 2490 2491 2492 2493
	N2=$N
	if [ "X$VNCVIEWER_IS_REALVNC4" = "X1" ]; then
		N2=`echo "$N2" | sed -e 's/://g'`
		if [ $N2 -le 200 ]; then
			N2=`expr $N2 + 5500`
		fi
	fi
	echo "$VNCVIEWERCMD" "$@" -listen $N2
2494 2495
	trap "final" 0 2 15
	echo ""
2496
	if [ "X$proxy" != "X" ]; then
2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508
		if echo "$proxy" | grep -i '^vencrypt:' > /dev/null; then
			pstunnel=`echo "$proxy" | awk -F: '{print $2}'`
			plisten=`echo "$proxy" | awk -F: '{print $3}'`
			PPROXY_LISTEN="INADDR_ANY:$plisten"; export PPROXY_LISTEN
			PPROXY_PROXY="vencrypt://$localhost:$pstunnel"; export PPROXY_PROXY
			PPROXY_DEST="$localhost:$pstunnel"; export PPROXY_DEST
			STUNNEL_ONCE=1; export STUNNEL_ONCE
			STUNNEL_MAX_CLIENTS=1; export STUNNEL_MAX_CLIENTS
		else
			PPROXY_REVERSE="$localhost:$port"; export PPROXY_REVERSE
			PPROXY_SLEEP=1; export PPROXY_SLEEP;
		fi
2509 2510 2511
		PPROXY_KILLPID=+1; export PPROXY_KILLPID;
		$ptmp &
	fi
2512
	$VNCVIEWERCMD "$@" -listen $N2
2513
fi
runge's avatar
runge committed
2514 2515

sleep 1