Skip to content

L
libvncserver
Switch branch/tag
Find file
Normal viewHistoryPermalink
ssl_vncviewer 2.72 KB
Newer Older
runge's avatar
SSL Java viewer work thru proxy. -sslGenCA, etc key/cert management utils...
d14cf0a8
 
runge committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 
#!/bin/sh
#
# ssl_vncviewer:  wrapper for vncviewer to use stunnel SSL tunnel.
#
# You must have stunnel(8) installed on the system and in your
# PATH (n.b. stunnel is usually in an sbin subdir).
#
# You should have "x11vnc -ssl ..." or "x11vnc -stunnel ..." 
# running as the VNC server. 
#
# usage: ssl_vncviewer [cert-args] host:display <vncviewer-args>
#
# e.g.:  ssl_vncviewer snoopy:0
#        ssl_vncviewer snoopy:0 -encodings "copyrect tight zrle hextile"
#
# [cert-args] can be:
#	-verify /path/to/cacert.pem		
#	-mycert /path/to/mycert.pem		
#
# -verify specifies a CA cert PEM file (or a self-signed one) for
#         authenticating the VNC server.
#
# -mycert specifies this client's cert+key PEM file for the VNC server to
#	  authenticate this client. 
#

VNCVIEWERCMD="vncviewer"
PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH

help() {
	head -26 $0 | tail +2
}

# grab our cmdline options:
while [ "X$1" != "X" ]
do
    case $1 in 
	"-verify")	shift; verify="$1"
                ;;
	"-mycert")	shift; mycert="$1"
                ;;
	"-h"*)	help; exit 0
                ;;
	*)	break
                ;;
    esac
    shift
done

orig="$1"
shift

# play around with host:display port:
if ! echo "$orig" | grep ':' > /dev/null; then
	orig="$orig:0"
fi

host=`echo "$orig" | awk -F: '{print $1}'`
disp=`echo "$orig" | awk -F: '{print $2}'`
if [ $disp -lt 200 ]; then
	port=`expr $disp + 5900`
fi

# try to find an open listening port via netstat(1):
use=""
if uname | grep Linux > /dev/null; then
	inuse=`netstat -ant | grep LISTEN | awk '{print $4}' | sed 's/^.*://'`
	try=5920
	while [ $try -lt 6000 ]
	do
		if ! echo "$inuse" | grep -w $try > /dev/null; then
			use=$try
			break
		fi
		try=`expr $try + 1`
	done
fi
if [ "X$use" = "X" ]; then
	# otherwise choose a "random" one:
	use=`date +%S`
	use=`expr $use + 5920`
fi

# create the stunnel config file:
if [ "X$verify" != "X" ]; then
	if [ -d $verify ]; then
		verify="CApath = $verify"
	else
		verify="CAfile = $verify"
	fi
	verify="$verify
verify = 2"
fi
if [ "X$mycert" != "X" ]; then
	cert="cert = $mycert"
fi

##debug = 7
tmp=/tmp/ssl_vncviewer.$$
cat > $tmp <<END
foreground = yes
pid =
client = yes
$verify
$cert

[vnc_stunnel]
accept = $use
connect= $host:$port
END

echo ""
echo "Using this stunnel configuration:"
cat $tmp
echo ""
sleep 1

echo "running: stunnel $tmp"
stunnel $tmp < /dev/tty > /dev/tty &
pid=$!
echo ""

# pause here to let the user supply a possible passphrase for the
# mycert key:
if [ "X$mycert" != "X" ]; then
	sleep 4
fi
sleep 2
rm -f $tmp

if [ $use -ge 5900 ]; then
	n=`expr $use - 5900`
fi

if echo "$0" | grep vncip > /dev/null; then
	# hack for runge's special wrapper script vncip.
	vncip "$@" localhost:$n
else
	$VNCVIEWERCMD "$@" localhost:$n
fi

kill $pid