Skip to content

L
libvncserver
Commit 21fd3a45 authored by runge's avatar runge
Browse files
Options

misc/etv sync.

parent a8ae0625
Hide whitespace changes
Inline Side-by-side
Showing with 923 additions and 345 deletions
classes/ssl/index.vnc
View file @ 21fd3a45
...@@ -22,5 +22,5 @@ $USER's $DESKTOP desktop ($DISPLAY) ...@@ -22,5 +22,5 @@ $USER's $DESKTOP desktop ($DISPLAY)
$PARAMS $PARAMS
</APPLET> </APPLET>
<BR> <BR>
<A href="http://www.tightvnc.com/">TightVNC site</A> <A href="http://www.karlrunge.com/x11vnc">x11vnc site</A>
</HTML> </HTML>
classes/ssl/proxy.vnc
View file @ 21fd3a45
...@@ -69,5 +69,5 @@ $USER's $DESKTOP desktop ($DISPLAY) ...@@ -69,5 +69,5 @@ $USER's $DESKTOP desktop ($DISPLAY)
$PARAMS $PARAMS
</APPLET> </APPLET>
<BR> <BR>
<A href="http://www.tightvnc.com/">TightVNC site</A> <A href="http://www.karlrunge.com/x11vnc">x11vnc site</A>
</HTML> </HTML>
classes/ssl/ultra.vnc
View file @ 21fd3a45
...@@ -24,5 +24,5 @@ $USER's $DESKTOP desktop ($DISPLAY) ...@@ -24,5 +24,5 @@ $USER's $DESKTOP desktop ($DISPLAY)
$PARAMS $PARAMS
</APPLET> </APPLET>
<BR> <BR>
<A href="http://www.ultravnc.com/">UltraVNC site</A> <A href="http://www.karlrunge.com/x11vnc">x11vnc site</A>
</HTML> </HTML>
classes/ssl/ultraproxy.vnc
View file @ 21fd3a45
...@@ -24,5 +24,5 @@ $USER's $DESKTOP desktop ($DISPLAY) ...@@ -24,5 +24,5 @@ $USER's $DESKTOP desktop ($DISPLAY)
$PARAMS $PARAMS
</APPLET> </APPLET>
<BR> <BR>
<A href="http://www.ultravnc.com/">UltraVNC site</A> <A href="http://www.karlrunge.com/x11vnc">x11vnc site</A>
</HTML> </HTML>
classes/ssl/ultrasigned.vnc
View file @ 21fd3a45
...@@ -24,5 +24,5 @@ $USER's $DESKTOP desktop ($DISPLAY) ...@@ -24,5 +24,5 @@ $USER's $DESKTOP desktop ($DISPLAY)
$PARAMS $PARAMS
</APPLET> </APPLET>
<BR> <BR>
<A href="http://www.ultravnc.com/">UltraVNC site</A> <A href="http://www.karlrunge.com/x11vnc">x11vnc site</A>
</HTML> </HTML>
prepare_x11vnc_dist.sh
View file @ 21fd3a45
#!/bin/bash #!/bin/bash
VERSION="0.9.10" VERSION="0.9.11"
cd "$(dirname "$0")" cd "$(dirname "$0")"
......
x11vnc/README
View file @ 21fd3a45
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
Copyright (C) 2002-2010 Karl J. Runge <runge@karlrunge.com> Copyright (C) 2002-2010 Karl J. Runge <runge@karlrunge.com>
All rights reserved. All rights reserved.
x11vnc README file Date: Fri Apr 30 00:43:58 EDT 2010 x11vnc README file Date: Sun May 2 18:25:14 EDT 2010
The following information is taken from these URLs: The following information is taken from these URLs:
...@@ -586,12 +586,12 @@ vncviewer -via $host localhost:0 # must be TightVNC vncviewer. ...@@ -586,12 +586,12 @@ vncviewer -via $host localhost:0 # must be TightVNC vncviewer.
SourceForge.net. I use libvncserver for all of the VNC aspects; I SourceForge.net. I use libvncserver for all of the VNC aspects; I
couldn't have done without it. The full source code may be found and couldn't have done without it. The full source code may be found and
downloaded (either file-release tarball or GIT tree) from the above downloaded (either file-release tarball or GIT tree) from the above
link. As of Dec 2009, the x11vnc-0.9.9.tar.gz source package is link. As of May 2010, the x11vnc-0.9.10.tar.gz source package is
released (recommended download). The x11vnc 0.9.9 release notes. released (recommended download). The x11vnc 0.9.10 release notes.
The x11vnc package is the subset of the libvncserver package needed to The x11vnc package is the subset of the libvncserver package needed to
build the x11vnc program. Also, you can get a copy of my latest, build the x11vnc program. Also, you can get a copy of my latest,
bleeding edge x11vnc-0.9.10-dev.tar.gz tarball to build the most up to bleeding edge x11vnc-0.9.11-dev.tar.gz tarball to build the most up to
date one. date one.
Precompiled Binaries/Packages: See the FAQ below for information Precompiled Binaries/Packages: See the FAQ below for information
...@@ -629,13 +629,13 @@ vncviewer -via $host localhost:0 # must be TightVNC vncviewer. ...@@ -629,13 +629,13 @@ vncviewer -via $host localhost:0 # must be TightVNC vncviewer.
default.) See this build FAQ for more details. default.) See this build FAQ for more details.
If your OS has libjpeg.so and libz.so in standard locations you can If your OS has libjpeg.so and libz.so in standard locations you can
build as follows (example given for the 0.9.9 release of x11vnc: build as follows (example given for the 0.9.10 release of x11vnc:
replace with the version you downloaded): replace with the version you downloaded):
(un-tar the x11vnc+libvncserver tarball) (un-tar the x11vnc+libvncserver tarball)
# gzip -dc x11vnc-0.9.9.tar.gz | tar -xvf - # gzip -dc x11vnc-0.9.10.tar.gz | tar -xvf -
(cd to the source directory) (cd to the source directory)
# cd x11vnc-0.9.9 # cd x11vnc-0.9.10
(run configure and then run make) (run configure and then run make)
# ./configure # ./configure
...@@ -885,13 +885,13 @@ make ...@@ -885,13 +885,13 @@ make
I'd appreciate any additional testing very much. I'd appreciate any additional testing very much.
Thanks to those who suggested features and helped beta test x11vnc Thanks to those who suggested features and helped beta test x11vnc
0.9.9 released in Dec 2009! 0.9.10 released in May 2010!
Please help test and debug the 0.9.10 version for release sometime in Please help test and debug the 0.9.11 version for release sometime in
Spring 2010. Summer 2010.
The version 0.9.10 beta tarball is kept here: The version 0.9.11 beta tarball is kept here:
x11vnc-0.9.10-dev.tar.gz x11vnc-0.9.11-dev.tar.gz
There are also some Linux, Solaris, Mac OS X, and other OS test There are also some Linux, Solaris, Mac OS X, and other OS test
binaries here. Please kick the tires and report bugs, performance binaries here. Please kick the tires and report bugs, performance
...@@ -908,6 +908,10 @@ make ...@@ -908,6 +908,10 @@ make
settings panel.) settings panel.)
Here are some features that will appear in the 0.9.11 release:
* Coming Soon.
Here are some features that will appear in the 0.9.10 release: Here are some features that will appear in the 0.9.10 release:
* The included SSL enabled Java applet viewer now supports Chained * The included SSL enabled Java applet viewer now supports Chained
SSL Certificates. The debugCerts=yes applet parameter aids SSL Certificates. The debugCerts=yes applet parameter aids
...@@ -11495,13 +11499,13 @@ or: PORT= vncserver :4; sleep 15 ...@@ -11495,13 +11499,13 @@ or: PORT= vncserver :4; sleep 15
From the -help output: From the -help output:
SSVNC Viewer (based on TightVNC viewer version 1.3.9) SSVNC Viewer (based on TightVNC viewer version 1.3.9)
Usage: ./vncviewer [<OPTIONS>] [<HOST>][:<DISPLAY#>] Usage: vncviewer [<OPTIONS>] [<HOST>][:<DISPLAY#>]
./vncviewer [<OPTIONS>] [<HOST>][::<PORT#>] vncviewer [<OPTIONS>] [<HOST>][::<PORT#>]
./vncviewer [<OPTIONS>] exec=[CMD ARGS...] vncviewer [<OPTIONS>] exec=[CMD ARGS...]
./vncviewer [<OPTIONS>] fd=n vncviewer [<OPTIONS>] fd=n
./vncviewer [<OPTIONS>] /path/to/unix/socket vncviewer [<OPTIONS>] /path/to/unix/socket
./vncviewer [<OPTIONS>] -listen [<DISPLAY#>] vncviewer [<OPTIONS>] -listen [<DISPLAY#>]
./vncviewer -help vncviewer -help
<OPTIONS> are standard Xt options, or: <OPTIONS> are standard Xt options, or:
-via <GATEWAY> -via <GATEWAY>
...@@ -11781,6 +11785,10 @@ r ...@@ -11781,6 +11785,10 @@ r
specify as many as you need on the command line. For specify as many as you need on the command line. For
example, -env SSVNC_MULTIPLE_LISTEN=MAX:5 -env EDITOR=vi example, -env SSVNC_MULTIPLE_LISTEN=MAX:5 -env EDITOR=vi
-noipv6 Disable all IPv6 sockets. Same as VNCVIEWER_NO_IPV6=1.
-noipv4 Disable all IPv4 sockets. Same as VNCVIEWER_NO_IPV4=1.
-printres Print out the Ssvnc X resources (appdefaults) and then exit -printres Print out the Ssvnc X resources (appdefaults) and then exit
You can save them to a file and customize them (e.g. the You can save them to a file and customize them (e.g. the
keybindings and Popup menu) Then point to the file via keybindings and Popup menu) Then point to the file via
...@@ -11792,6 +11800,18 @@ r ...@@ -11792,6 +11800,18 @@ r
. .
This is currently the default, use -nopipeline to disable. This is currently the default, use -nopipeline to disable.
-appshare Enable features for use with x11vnc's -appshare mode where
instead of sharing the full desktop only the application's
windows are shared. Viewer multilisten mode is used to
create the multiple windows: -multilisten is implied.
See 'x11vnc -appshare -help' more information on the mode.
Features enabled in the viewer under -appshare are:
Minimum extra text in the title, auto -ycrop is disabled,
x11vnc -remote_prefix X11VNC_APPSHARE_CMD: message channel,
x11vnc initial window position hints. See also Escape Keys
below for additional key and mouse bindings.
-escape str This sets the 'Escape Keys' modifier sequence and enables -escape str This sets the 'Escape Keys' modifier sequence and enables
escape keys mode. When the modifier keys escape sequence escape keys mode. When the modifier keys escape sequence
is held down, the next keystroke is interpreted locally is held down, the next keystroke is interpreted locally
...@@ -12079,7 +12099,7 @@ x11vnc: a VNC server for real X displays ...@@ -12079,7 +12099,7 @@ x11vnc: a VNC server for real X displays
Here are all of x11vnc command line options: Here are all of x11vnc command line options:
% x11vnc -opts (see below for -help long descriptions) % x11vnc -opts (see below for -help long descriptions)
x11vnc: allow VNC connections to real X11 displays. 0.9.10 lastmod: 2010-04-28 x11vnc: allow VNC connections to real X11 displays. 0.9.11 lastmod: 2010-05-02
x11vnc options: x11vnc options:
-display disp -auth file -N -display disp -auth file -N
...@@ -12209,7 +12229,7 @@ libvncserver-tight-extension options: ...@@ -12209,7 +12229,7 @@ libvncserver-tight-extension options:
% x11vnc -help % x11vnc -help
x11vnc: allow VNC connections to real X11 displays. 0.9.10 lastmod: 2010-04-28 x11vnc: allow VNC connections to real X11 displays. 0.9.11 lastmod: 2010-05-02
(type "x11vnc -opts" to just list the options.) (type "x11vnc -opts" to just list the options.)
......
x11vnc/misc/enhanced_tightvnc_viewer/README
View file @ 21fd3a45
...@@ -255,7 +255,7 @@ Unix and Mac OS X: ...@@ -255,7 +255,7 @@ Unix and Mac OS X:
Unpack the archive: Unpack the archive:
% gzip -dc ssvnc-1.0.27.tar.gz | tar xvf - % gzip -dc ssvnc-1.0.28.tar.gz | tar xvf -
Run the GUI: Run the GUI:
...@@ -263,7 +263,7 @@ Unix and Mac OS X: ...@@ -263,7 +263,7 @@ Unix and Mac OS X:
% ./ssvnc/MacOSX/ssvnc (for Mac OS X) % ./ssvnc/MacOSX/ssvnc (for Mac OS X)
The smaller file "ssvnc_no_windows-1.0.27.tar.gz" The smaller file "ssvnc_no_windows-1.0.28.tar.gz"
could have been used as well. could have been used as well.
On MacOSX you could also click on the SSVNC app icon in the Finder. On MacOSX you could also click on the SSVNC app icon in the Finder.
...@@ -309,8 +309,8 @@ Unix/MacOSX Install: ...@@ -309,8 +309,8 @@ Unix/MacOSX Install:
For the conventional source tarball it will compile and install, e.g.: For the conventional source tarball it will compile and install, e.g.:
gzip -dc ssvnc-1.0.27.src.tar.gz | tar xvf - gzip -dc ssvnc-1.0.28.src.tar.gz | tar xvf -
cd ssvnc-1.0.27 cd ssvnc-1.0.28
make config make config
make all make all
make PREFIX=/my/install/dir install make PREFIX=/my/install/dir install
...@@ -322,7 +322,7 @@ Windows: ...@@ -322,7 +322,7 @@ Windows:
Unzip, using WinZip or a similar utility, the zip file: Unzip, using WinZip or a similar utility, the zip file:
ssvnc-1.0.27.zip ssvnc-1.0.28.zip
Run the GUI, e.g.: Run the GUI, e.g.:
...@@ -334,7 +334,7 @@ Windows: ...@@ -334,7 +334,7 @@ Windows:
select Open, and then OK to launch it. select Open, and then OK to launch it.
The smaller file "ssvnc_windows_only-1.0.27.zip" The smaller file "ssvnc_windows_only-1.0.28.zip"
could have been used as well. could have been used as well.
You can make a Windows shortcut to this program if you want to. You can make a Windows shortcut to this program if you want to.
......
x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/connect_br.tcl
View file @ 21fd3a45
...@@ -1086,11 +1086,25 @@ proc proxy_hostport {proxy} { ...@@ -1086,11 +1086,25 @@ proc proxy_hostport {proxy} {
proc setb {} { proc setb {} {
wm withdraw . wm withdraw .
catch {destroy .b}
button .b -text "CONNECT_BR" -command {destroy .} button .b -text "CONNECT_BR" -command {destroy .}
pack .b pack .b
after 1000 check_callback after 1000 check_callback
} }
proc connect_br_sleep {} {
global env
if [info exists env(CONNECT_BR_SLEEP)] {
if [regexp {^[0-9][0-9]*$} $env(CONNECT_BR_SLEEP)] {
setb
for {set i 0} {$i < $env(CONNECT_BR_SLEEP)} {incr i} {
bmesg "$i sleep"
after 1000
}
}
}
}
global env global env
set got_connection 0 set got_connection 0
...@@ -1220,16 +1234,32 @@ if {$do_bridge} { ...@@ -1220,16 +1234,32 @@ if {$do_bridge} {
destroy . destroy .
exit 1 exit 1
} }
setb
set rc [catch {set lsock [socket $rhost $rport]}] set rc [catch {set lsock [socket $rhost $rport]}]
if {$rc != 0} { if {$rc != 0} {
puts stderr "error reversing" puts stderr "error reversing"
bmesg "1 error reversing"
after 2000
set rc [catch {set lsock [socket $rhost $rport]}]
}
if {$rc != 0} {
puts stderr "error reversing"
bmesg "2 error reversing"
after 2000
set rc [catch {set lsock [socket $rhost $rport]}]
}
if {$rc != 0} {
puts stderr "error reversing"
bmesg "3 error reversing"
destroy .; exit 1 destroy .; exit 1
} }
puts stderr "SSVNC_REVERSE to $rhost $rport OK"; puts stderr "SSVNC_REVERSE to $rhost $rport OK";
setb bmesg "SSVNC_REVERSE to $rhost $rport OK";
connect_br_sleep
handle_connection $lsock $rhost $rport handle_connection $lsock $rhost $rport
} else { } else {
set lport $env(SSVNC_LISTEN) set lport $env(SSVNC_LISTEN)
connect_br_sleep
set rc [catch {set lsock [socket -myaddr 127.0.0.1 -server handle_connection $lport]}] set rc [catch {set lsock [socket -myaddr 127.0.0.1 -server handle_connection $lport]}]
if {$rc != 0} { if {$rc != 0} {
puts stderr "error listening" puts stderr "error listening"
......
x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
View file @ 21fd3a45
...@@ -60,7 +60,8 @@ ...@@ -60,7 +60,8 @@
# sslrepeater://host:port. # sslrepeater://host:port.
# #
# -showcert Only fetch the certificate using the 'openssl s_client' # -showcert Only fetch the certificate using the 'openssl s_client'
# command (openssl(1) must in installed). # command (openssl(1) must in installed). On ssvnc 1.0.27 and
# later the bundled command 'ultravnc_dsm_helper' is used.
# #
# See http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-ca for details on # See http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-ca for details on
# SSL certificates with VNC. # SSL certificates with VNC.
...@@ -273,6 +274,8 @@ do ...@@ -273,6 +274,8 @@ do
"-sshargs") shift; ssh_args="$1" "-sshargs") shift; ssh_args="$1"
;; ;;
"-anondh") ciphers="ciphers=$anondh" "-anondh") ciphers="ciphers=$anondh"
ULTRAVNC_DSM_HELPER_SHOWCERT_ADH=1
export ULTRAVNC_DSM_HELPER_SHOWCERT_ADH
anondh_set=1 anondh_set=1
;; ;;
"-ciphers") shift; ciphers="ciphers=$1" "-ciphers") shift; ciphers="ciphers=$1"
...@@ -402,6 +405,23 @@ if uname -sr | egrep 'SunOS 5\.[5-8]' > /dev/null; then ...@@ -402,6 +405,23 @@ if uname -sr | egrep 'SunOS 5\.[5-8]' > /dev/null; then
dL="-h" dL="-h"
fi fi
have_uvnc_dsm_helper_showcert=""
if [ "X$showcert" = "X1" -a "X$SSVNC_USE_S_CLIENT" = "X" -a "X$reverse" = "X" ]; then
if type ultravnc_dsm_helper >/dev/null 2>&1; then
if ultravnc_dsm_helper -help 2>&1 | grep -w showcert >/dev/null; then
have_uvnc_dsm_helper_showcert=1
fi
fi
fi
have_uvnc_dsm_helper_ipv6=""
if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
if type ultravnc_dsm_helper >/dev/null 2>&1; then
if ultravnc_dsm_helper -help 2>&1 | grep -iw ipv6 >/dev/null; then
have_uvnc_dsm_helper_ipv6=1
fi
fi
fi
rchk() { rchk() {
# a kludge to set $RANDOM if we are not bash: # a kludge to set $RANDOM if we are not bash:
if [ "X$BASH_VERSION" = "X" ]; then if [ "X$BASH_VERSION" = "X" ]; then
...@@ -586,20 +606,34 @@ elif echo "$host" | grep '^[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' ...@@ -586,20 +606,34 @@ elif echo "$host" | grep '^[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$'
: :
else else
# regular hostname, can't be sure... # regular hostname, can't be sure...
hout="" gout=""
if type host > /dev/null 2>/dev/null; then if type getent > /dev/null 2>/dev/null; then
host "$host" >/dev/null 2>&1 gout=`getent hosts "$host" 2>/dev/null`
host "$host" >/dev/null 2>&1 fi
hout=`host "$host" 2>/dev/null` if echo "$gout" | grep ':.*:' > /dev/null; then
fi if echo "$gout" | grep '^[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' > /dev/null; then
if echo "$hout" | grep -i 'has ipv6 address' > /dev/null; then
if echo "$hout" | grep -i 'has address' > /dev/null; then
: :
else else
echo "ipv6: "`echo "$hout" | grep -i 'has ipv6 address' | head -n 1` echo "ipv6: "`echo "$gout" | grep ':.*:' | head -n 1`
ipv6=1 ipv6=1
fi fi
fi fi
if [ "X$ipv6" = "X0" ]; then
hout=""
if type host > /dev/null 2>/dev/null; then
host "$host" >/dev/null 2>&1
host "$host" >/dev/null 2>&1
hout=`host "$host" 2>/dev/null`
fi
if echo "$hout" | grep -i 'has ipv6 address' > /dev/null; then
if echo "$hout" | grep -i 'has address' > /dev/null; then
:
else
echo "ipv6: "`echo "$hout" | grep -i 'has ipv6 address' | head -n 1`
ipv6=1
fi
fi
fi
if [ "X$ipv6" = "X0" ]; then if [ "X$ipv6" = "X0" ]; then
dout="" dout=""
if type dig > /dev/null 2>/dev/null; then if type dig > /dev/null 2>/dev/null; then
...@@ -664,8 +698,16 @@ fi ...@@ -664,8 +698,16 @@ fi
if [ "X$ipv6" = "X1" -a "X$direct_connect" = "X1" ]; then if [ "X$ipv6" = "X1" -a "X$direct_connect" = "X1" ]; then
if [ "X$proxy" = "X" -a "X$reverse" = "X" ]; then if [ "X$proxy" = "X" -a "X$reverse" = "X" ]; then
proxy="ipv6://$host:$port" if [ "X$SSVNC_ULTRA_DSM" != "X" -a "X$have_uvnc_dsm_helper_ipv6" = "X1" ]; then
echo "direct connect: set proxy=$proxy" :
elif [ "X$SSVNC_NO_IPV6_PROXY" != "X" ]; then
:
elif [ "X$SSVNC_NO_IPV6_PROXY_DIRECT" != "X" ]; then
:
else
proxy="ipv6://$host:$port"
echo "direct connect: set proxy=$proxy"
fi
fi fi
fi fi
...@@ -1009,6 +1051,8 @@ my $listen_handle = ""; ...@@ -1009,6 +1051,8 @@ my $listen_handle = "";
my $sock = ""; my $sock = "";
my $parent = $$; my $parent = $$;
my $initial_data = "";
if ($ENV{PPROXY_VENCRYPT_VIEWER_BRIDGE}) { if ($ENV{PPROXY_VENCRYPT_VIEWER_BRIDGE}) {
my ($from, $to) = split(/,/, $ENV{PPROXY_VENCRYPT_VIEWER_BRIDGE}); my ($from, $to) = split(/,/, $ENV{PPROXY_VENCRYPT_VIEWER_BRIDGE});
do_vencrypt_viewer_bridge($from, $to); do_vencrypt_viewer_bridge($from, $to);
...@@ -1047,6 +1091,10 @@ print STDERR "pproxy_listen: $ENV{PPROXY_LISTEN}\n"; ...@@ -1047,6 +1091,10 @@ print STDERR "pproxy_listen: $ENV{PPROXY_LISTEN}\n";
print STDERR "pproxy_reverse: $ENV{PPROXY_REVERSE}\n"; print STDERR "pproxy_reverse: $ENV{PPROXY_REVERSE}\n";
print STDERR "io_socket_inet6: $have_inet6\n"; print STDERR "io_socket_inet6: $have_inet6\n";
print STDERR "\n"; print STDERR "\n";
if (! $have_inet6) {
print STDERR "PPROXY: To enable IPv6 connections, install the IO::Socket::INET6 perl module.\n\n";
}
if (1) { if (1) {
print STDERR "pproxy 1st: $first\t- $mode_1st\n"; print STDERR "pproxy 1st: $first\t- $mode_1st\n";
print STDERR "pproxy 2nd: $second\t- $mode_2nd\n"; print STDERR "pproxy 2nd: $second\t- $mode_2nd\n";
...@@ -1347,10 +1395,24 @@ sub xfer_both { ...@@ -1347,10 +1395,24 @@ sub xfer_both {
} else { } else {
select(undef, undef, undef, 0.05); select(undef, undef, undef, 0.05);
if ($listen_handle) { if ($listen_handle) {
print STDERR "pproxy child [$$] socket -> listen_handle\n\n"; print STDERR "pproxy child [$$] socket -> listen_handle\n";
if ($initial_data ne "") {
my $len = length $initial_data;
print STDERR "pproxy child [$$] sending initial_data, length $len\n\n";
syswrite($listen_handle, $initial_data, $len);
} else {
print STDERR "\n";
}
xfer($sock, $listen_handle); xfer($sock, $listen_handle);
} else { } else {
print STDERR "pproxy child [$$] socket -> STDOUT\n\n"; print STDERR "pproxy child [$$] socket -> STDOUT\n";
if ($initial_data ne "") {
my $len = length $initial_data;
print STDERR "pproxy child [$$] sending initial_data, length $len\n\n";
syswrite(STDOUT, $initial_data, $len);
} else {
print STDERR "\n";
}
xfer($sock, STDOUT); xfer($sock, STDOUT);
} }
select(undef, undef, undef, 0.25); select(undef, undef, undef, 0.25);
...@@ -1578,11 +1640,20 @@ sub connection { ...@@ -1578,11 +1640,20 @@ sub connection {
$rep .= pack("x") x 250; $rep .= pack("x") x 250;
syswrite($sock, $rep, 250); syswrite($sock, $rep, 250);
my $rfb = "";
my $ok = 1; my $ok = 1;
for (my $i = 0; $i < 12; $i++) { for (my $i = 0; $i < 12; $i++) {
my $c; my $c;
last if $ENV{PPROXY_GENERIC_REPEATER};
sysread($sock, $c, 1); sysread($sock, $c, 1);
print STDERR $c; print STDERR $c;
$rfb .= $c;
}
if ($rfb ne "" && $rfb !~ /^RFB 000\.000/) {
$initial_data = $rfb;
$rfb =~ s/\n//g;
print STDERR "detected non-UltraVNC repeater; forwarding \"$rfb\"\nlength: ", length($initial_data), "\n";
} }
} elsif ($ENV{PPROXY_VENCRYPT} ne "") { } elsif ($ENV{PPROXY_VENCRYPT} ne "") {
my $vencrypt = $ENV{PPROXY_VENCRYPT}; my $vencrypt = $ENV{PPROXY_VENCRYPT};
...@@ -2364,6 +2435,11 @@ NHAFL_warning() { ...@@ -2364,6 +2435,11 @@ NHAFL_warning() {
echo "" echo ""
} }
space_expand() {
str=`echo "$1" | sed -e 's/%SPACE/ /g' -e 's/%TAB/\t/g'`
echo "$str"
}
# handle ssh case: # handle ssh case:
# #
if [ "X$use_ssh" = "X1" ]; then if [ "X$use_ssh" = "X1" ]; then
...@@ -2604,9 +2680,14 @@ if [ "X$use_ssh" = "X1" ]; then ...@@ -2604,9 +2680,14 @@ if [ "X$use_ssh" = "X1" ]; then
if [ "X$ssh_UKHF" != "X" ]; then if [ "X$ssh_UKHF" != "X" ]; then
ukhf="$ssh_UKHF$localhost_extra" ukhf="$ssh_UKHF$localhost_extra"
fi fi
echo "$ssh -f -x $ssh_port1 $targ -e none $ssh_NHAFL $ukhf -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 \"sleep 30\"" if echo "$ssh_host1" | grep '%' > /dev/null; then
uath=`space_expand "$ssh_host1"`
else
uath="$ssh_host1"
fi
echo "$ssh -f -x $ssh_port1 $targ -e none $ssh_NHAFL $ukhf -L $proxport:$ssh_host2:$ssh_port2 \"$uath\" \"sleep 30\""
echo "" echo ""
$ssh -f -x $ssh_port1 $targ -e none $ssh_NHAFL $ukhf -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 "sleep 30" $ssh -f -x $ssh_port1 $targ -e none $ssh_NHAFL $ukhf -L $proxport:$ssh_host2:$ssh_port2 "$uath" "sleep 30"
ssh_args="$ssh_args $ssh_NHAFL" ssh_args="$ssh_args $ssh_NHAFL"
sleep 1 sleep 1
stty sane stty sane
...@@ -2667,16 +2748,21 @@ if [ "X$use_ssh" = "X1" ]; then ...@@ -2667,16 +2748,21 @@ if [ "X$use_ssh" = "X1" ]; then
ssh_port="-p $ssh_port" ssh_port="-p $ssh_port"
fi fi
if echo "$ssh_host" | grep '%' > /dev/null; then
uath=`space_expand "$ssh_host"`
else
uath="$ssh_host"
fi
if [ "X$SS_VNCVIEWER_SSH_ONLY" != "X" ]; then if [ "X$SS_VNCVIEWER_SSH_ONLY" != "X" ]; then
echo "$ssh -x $ssh_port $targ $C $ssh_args $ssh_host \"$info\"" echo "$ssh -x $ssh_port $targ $C $ssh_args \"$uath\" \"$info\""
echo "" echo ""
$ssh -x $ssh_port $targ $C $ssh_args $ssh_host "$ssh_cmd" $ssh -x $ssh_port $targ $C $ssh_args "$uath" "$ssh_cmd"
exit $? exit $?
elif [ "X$SS_VNCVIEWER_NO_F" != "X" ]; then elif [ "X$SS_VNCVIEWER_NO_F" != "X" ]; then
echo "$ssh -x $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host \"$info\"" echo "$ssh -x $ssh_port $targ $C $ssh_redir $ssh_args \"$uath\" \"$info\""
echo "" echo ""
$ssh -x $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd" $ssh -x $ssh_port $targ $C $ssh_redir $ssh_args "$uath" "$ssh_cmd"
rc=$? rc=$?
elif [ "X$getport" != "X" ]; then elif [ "X$getport" != "X" ]; then
...@@ -2692,12 +2778,12 @@ if [ "X$use_ssh" = "X1" ]; then ...@@ -2692,12 +2778,12 @@ if [ "X$use_ssh" = "X1" ]; then
echo "will require no password..." echo "will require no password..."
echo "" echo ""
targ="-t" targ="-t"
$ssh -x $ssh_port $targ $ssh_args $ssh_host "sudo id; tty" $ssh -x $ssh_port $targ $ssh_args "$uath" "sudo id; tty"
echo "" echo ""
fi fi
echo "$ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host \"$info\"" echo "$ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args \"$uath\" \"$info\""
echo "" echo ""
$ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd" > $tport 2> $tport2 $ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args "$uath" "$ssh_cmd" > $tport 2> $tport2
if [ "X$teeport" = "X1" ]; then if [ "X$teeport" = "X1" ]; then
tail -f $tport 1>&2 & tail -f $tport 1>&2 &
tail_pid=$! tail_pid=$!
...@@ -2707,9 +2793,9 @@ if [ "X$use_ssh" = "X1" ]; then ...@@ -2707,9 +2793,9 @@ if [ "X$use_ssh" = "X1" ]; then
rc=$? rc=$?
else else
rsh_setup rsh_setup
echo "rsh $ul $ssh_host \"$ssh_cmd\"" echo "rsh $ul \"$ssh_host\" \"$ssh_cmd\""
echo "" echo ""
rsh $ul $ssh_host "$ssh_cmd" > $tport & rsh $ul "$ssh_host" "$ssh_cmd" > $tport &
sleep 1 sleep 1
rc=0 rc=0
fi fi
...@@ -2753,31 +2839,46 @@ if [ "X$use_ssh" = "X1" ]; then ...@@ -2753,31 +2839,46 @@ if [ "X$use_ssh" = "X1" ]; then
done done
echo "found: PORT='$PORT'" 1>&2 echo "found: PORT='$PORT'" 1>&2
lh6=""
if [ "X$SSVNC_PORT_IPV6" != "X" ]; then
lh6=1
elif egrep 'Info: listening on IPv6 only|Info: listening only on IPv6' $tport > /dev/null; then
lh6=1
fi
if [ "X$lh6" = "X1" ]; then
echo "set SOCKS5 localhost to ::1" 1>&2
fi
rm -f $tport $tport2 rm -f $tport $tport2
if [ "X$rsh" = "X1" ]; then if [ "X$rsh" = "X1" ]; then
rsh_viewer "$@" rsh_viewer "$@"
exit $? exit $?
fi fi
PPROXY_SOCKS=1 PPROXY_SOCKS=5
if [ "X$SSVNC_SOCKS5" != "X" ]; then if [ "X$SSVNC_SOCKS5" != "X" ]; then
PPROXY_SOCKS=5 PPROXY_SOCKS=5
elif [ "X$SSVNC_SOCKS4" != "X" ]; then
PPROXY_SOCKS=1
fi fi
export PPROXY_SOCKS export PPROXY_SOCKS
host="$localhost" if [ "X$lh6" = "X" ]; then
host="$localhost"
else
host="::1"
fi
port="$PORT" port="$PORT"
proxy="$localhost:$use" proxy="$localhost:$use"
else else
if [ "X$rsh" != "X1" ]; then if [ "X$rsh" != "X1" ]; then
echo "$ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host \"$info\"" echo "$ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args \"$uath\" \"$info\""
echo "" echo ""
$ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd" $ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args "$uath" "$ssh_cmd"
rc=$? rc=$?
else else
rsh_setup rsh_setup
echo "rsh $ul $ssh_host \"$ssh_cmd\"" echo "rsh $ul \"$ssh_host\" \"$ssh_cmd\""
echo "" echo ""
rsh $ul $ssh_host "$ssh_cmd" & rsh $ul "$ssh_host" "$ssh_cmd" &
sleep 1 sleep 1
PORT=$port PORT=$port
rsh_viewer "$@" rsh_viewer "$@"
...@@ -2787,7 +2888,7 @@ if [ "X$use_ssh" = "X1" ]; then ...@@ -2787,7 +2888,7 @@ if [ "X$use_ssh" = "X1" ]; then
if [ "$rc" != "0" ]; then if [ "$rc" != "0" ]; then
echo "" echo ""
echo "ssh to $ssh_host failed." echo "ssh to \"$uath\" failed."
exit 1 exit 1
fi fi
stty sane stty sane
...@@ -2934,7 +3035,11 @@ if [ "X$crl" != "X" ]; then ...@@ -2934,7 +3035,11 @@ if [ "X$crl" != "X" ]; then
fi fi
if [ "X$showcert" = "X1" ]; then if [ "X$showcert" = "X1" ]; then
if [ "X$ipv6" = "X1" -a "X$proxy" = "X" ]; then if [ "X$have_uvnc_dsm_helper_showcert" = "X1" ]; then
:
elif [ "X$SSVNC_NO_IPV6_PROXY" != "X" ]; then
:
elif [ "X$ipv6" = "X1" -a "X$proxy" = "X" ]; then
proxy="ipv6://$host:$port" proxy="ipv6://$host:$port"
fi fi
fi fi
...@@ -3015,7 +3120,9 @@ if [ "X$showcert" = "X1" ]; then ...@@ -3015,7 +3120,9 @@ if [ "X$showcert" = "X1" ]; then
if [ "X$ciphers" != "X" ]; then if [ "X$ciphers" != "X" ]; then
cipher_args=`echo "$ciphers" | sed -e 's/ciphers=/-cipher /'` cipher_args=`echo "$ciphers" | sed -e 's/ciphers=/-cipher /'`
fi fi
if type openssl > /dev/null 2>&1; then if [ "X$have_uvnc_dsm_helper_showcert" = "X1" ]; then
:
elif type openssl > /dev/null 2>&1; then
: :
else else
echo "" echo ""
...@@ -3038,10 +3145,17 @@ if [ "X$showcert" = "X1" ]; then ...@@ -3038,10 +3145,17 @@ if [ "X$showcert" = "X1" ]; then
if [ "X$SSVNC_FETCH_TIMEOUT" != "X" ]; then if [ "X$SSVNC_FETCH_TIMEOUT" != "X" ]; then
timeout=$SSVNC_FETCH_TIMEOUT timeout=$SSVNC_FETCH_TIMEOUT
fi fi
if type pkill >/dev/null 2>&1; then if [ "X$have_uvnc_dsm_helper_showcert" = "X1" ]; then
(sleep $timeout; if kill -0 $$; then pkill -TERM -f "openssl.*s_client.*$host.*$port"; fi) >/dev/null 2>&1 & if type pkill >/dev/null 2>&1; then
(sleep $timeout; if kill -0 $$; then pkill -TERM -f "ultravnc_dsm_helper.*$host.*$port"; fi) >/dev/null 2>&1 &
fi
ultravnc_dsm_helper showcert $host:$port 2>&1
else
if type pkill >/dev/null 2>&1; then
(sleep $timeout; if kill -0 $$; then pkill -TERM -f "openssl.*s_client.*$host.*$port"; fi) >/dev/null 2>&1 &
fi
openssl s_client $cipher_args -prexit -connect $host:$port 2>&1 < /dev/null
fi fi
openssl s_client $cipher_args -prexit -connect $host:$port 2>&1 < /dev/null
rc=$? rc=$?
else else
tcert="" tcert=""
......
x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl
View file @ 21fd3a45
...@@ -8,7 +8,7 @@ exec wish "$0" "$@" ...@@ -8,7 +8,7 @@ exec wish "$0" "$@"
# ssvnc.tcl: gui wrapper to the programs in this # ssvnc.tcl: gui wrapper to the programs in this
# package. Also sets up service port forwarding. # package. Also sets up service port forwarding.
# #
set version 1.0.27 set version 1.0.28
set buck_zero $argv0 set buck_zero $argv0
...@@ -194,6 +194,11 @@ proc ts_help {} { ...@@ -194,6 +194,11 @@ proc ts_help {} {
(unlike SSVNC mode, the number is the SSH port, not the VNC display) (unlike SSVNC mode, the number is the SSH port, not the VNC display)
If you find yourself in the unfortunate circumstance that your ssh
username has a space in it, use %SPACE (or %TAB) like this:
fred%SPACEflintstone@xyzzy.net
Zeroconf/Bonjour: Zeroconf/Bonjour:
...@@ -221,6 +226,7 @@ proc ts_help {} { ...@@ -221,6 +226,7 @@ proc ts_help {} {
use things like: use things like:
tsvnc profile1 tsvnc profile1
tsvnc /path/to/profile1.vnc
tsvnc hostname tsvnc hostname
tsvnc user@hostname tsvnc user@hostname
...@@ -280,6 +286,9 @@ proc ts_help {} { ...@@ -280,6 +286,9 @@ proc ts_help {} {
use socks5://... to force the SOCKS5 version. For a non-standard use socks5://... to force the SOCKS5 version. For a non-standard
port the above would be, e.g., fred@someplace.no:2222 port the above would be, e.g., fred@someplace.no:2222
As with a username that contains a space, use %SPACE (or %TAB) to
indicate it in the SSH proxies, e.g. john%SPACEsmith@ssh.company.com
One can also chain proxies and other things. See the section One can also chain proxies and other things. See the section
"SSH Proxies/Gateways" in the Main SSVNC Help for full details. "SSH Proxies/Gateways" in the Main SSVNC Help for full details.
...@@ -310,6 +319,9 @@ proc ts_help {} { ...@@ -310,6 +319,9 @@ proc ts_help {} {
- Client-Side Caching (experimental x11vnc speedup) - Client-Side Caching (experimental x11vnc speedup)
- X11VNC Options (set any extra x11vnc options) - X11VNC Options (set any extra x11vnc options)
- Extra Sleep (delay a bit before starting viewer) - Extra Sleep (delay a bit before starting viewer)
- Putty Args (Windows: string for plink/putty cmd)
- Putty Agent (Windows: launch pageant)
- Putty Key-Gen (Windows: launch puttygen)
- SSH Local Protections (a bit of safety on local side) - SSH Local Protections (a bit of safety on local side)
- SSH KnownHosts file (to avoid SSH 'localhost' collisions) - SSH KnownHosts file (to avoid SSH 'localhost' collisions)
- SSVNC Mode (Return to full SSVNC mode) - SSVNC Mode (Return to full SSVNC mode)
...@@ -487,12 +499,17 @@ proc help {} { ...@@ -487,12 +499,17 @@ proc help {} {
by invoking it something like this: by invoking it something like this:
ssvnc profile1 (launches profile named "profile1") ssvnc profile1 (launches profile named "profile1")
ssvnc /path/to/profile.vnc (loads the profile file, no launching)
ssvnc hostname:0 (connect to hostname VNC disp 0 via SSL) ssvnc hostname:0 (connect to hostname VNC disp 0 via SSL)
ssvnc vnc+ssl://hostname:0 (same) ssvnc vnc+ssl://hostname:0 (same)
ssvnc vnc+ssh://hostname:0 (connect to hostname VNC disp 0 via SSH) ssvnc vnc+ssh://hostname:0 (connect to hostname VNC disp 0 via SSH)
see the Tips 5 and 7 for more about the URL-like syntax. see the Tips 5 and 7 for more about the URL-like syntax.
If you don't want "ssvnc profile1" to immediately launch the connection
to the VNC server set the SSVNC_PROFILE_LOADONLY env. var. to 1.
(or specify the full path to the profile.vnc as shown above.)
SSL Certificate Verification: SSL Certificate Verification:
...@@ -503,6 +520,17 @@ proc help {} { ...@@ -503,6 +520,17 @@ proc help {} {
tools like dsniff/webmitm and cain that implement SSL Man-In-The-Middle tools like dsniff/webmitm and cain that implement SSL Man-In-The-Middle
attacks. They rely on the client user not bothering to check the cert. attacks. They rely on the client user not bothering to check the cert.
Some people may be confused by the above because they are familiar with
their Web Browser using SSL (i.e. https://... websites) and those sites
are authenticated securely without the user's need to verify anything
manually. The reason why this happens automatically is because 1) their
web browser comes with a bundle of Certificate Authority certificates
and 2) the https sites have paid money to the Certificate Authorities to
have their website certificate signed by them. When using SSL in VNC we
normally do not do something this sophisticated, and so we have to verify
the certificates manually. However, it is possible to use Certificate
Authorities with SSVNC; that method is described below.
You can use the "Fetch Cert" button to retrieve the Cert and then You can use the "Fetch Cert" button to retrieve the Cert and then
after you check it is OK (say, via comparing the MD5 or other info) after you check it is OK (say, via comparing the MD5 or other info)
you can "Save" it and use it to verify future connections to servers. you can "Save" it and use it to verify future connections to servers.
...@@ -681,12 +709,16 @@ proc help {} { ...@@ -681,12 +709,16 @@ proc help {} {
See Tip 8) for how to make this application be SSH-only with the -ssh See Tip 8) for how to make this application be SSH-only with the -ssh
command line option or "sshvnc". command line option or "sshvnc".
If you find yourself in the unfortunate circumstance that your ssh
username has a space in it, use %SPACE (or %TAB) like this:
fred%SPACEflintstone@xyzzy.net:0
Remote SSH Command: Remote SSH Command:
In SSH or SSH + SSL mode you can also specify a remote command to run In SSH or SSH + SSL mode you can also specify a remote command to run
on the remote ssh host in the "Remote SSH Command" entry. The default on the remote ssh host in the "Remote SSH Command" entry. The default
is just to sleep a bit (e.g. sleep 30) to make sure the tunnel ports is just to sleep a bit (e.g. sleep 15) to make sure the tunnel ports
are established. Alternatively you could have the remote command start are established. Alternatively you could have the remote command start
the VNC server, e.g. the VNC server, e.g.
...@@ -694,7 +726,7 @@ proc help {} { ...@@ -694,7 +726,7 @@ proc help {} {
When starting the VNC server this way, note that sometimes you will need When starting the VNC server this way, note that sometimes you will need
to correlate the VNC Display number with the "-rfbport" (or similar) to correlate the VNC Display number with the "-rfbport" (or similar)
option of the server. E.g.: option of the server. E.g. for VNC display :2
VNC Host:Display username@somehost.com:2 VNC Host:Display username@somehost.com:2
Remote SSH Command: x11vnc -find -rfbport 5902 -nopw Remote SSH Command: x11vnc -find -rfbport 5902 -nopw
...@@ -703,6 +735,11 @@ proc help {} { ...@@ -703,6 +735,11 @@ proc help {} {
output) to not need to specify the VNC display number or the x11vnc output) to not need to specify the VNC display number or the x11vnc
-rfbport option. -rfbport option.
Windows SSH SERVER: if you are ssh'ing INTO Windows (e.g. CYGWIN SSHD
server) there may be no "sleep" command so put in something like
"ping localhost" or "ping -n 10 -w 1000 localhost" to set a short
delay to let the tunnel ports get established.
SSL Certificates: SSL Certificates:
...@@ -1070,6 +1107,8 @@ proc help {} { ...@@ -1070,6 +1107,8 @@ proc help {} {
gateway (but is still vulnerable there when NoHostAuthenticationForLocalhost gateway (but is still vulnerable there when NoHostAuthenticationForLocalhost
is used.) is used.)
As with a username that contains a space, use %SPACE (or %TAB) to
indicate it in the SSH proxies, e.g. john%SPACEsmith@ssh.company.com
UltraVNC Proxies/Gateways: UltraVNC Proxies/Gateways:
...@@ -1077,6 +1116,13 @@ proc help {} { ...@@ -1077,6 +1116,13 @@ proc help {} {
and http://koti.mbnet.fi/jtko/) that acts as a VNC proxy. SSVNC can and http://koti.mbnet.fi/jtko/) that acts as a VNC proxy. SSVNC can
work with both mode I and mode II schemes of this repeater. work with both mode I and mode II schemes of this repeater.
For Unix and MacOS X there is another re-implementation of the
UltraVNC repeater:
http://www.karlrunge.com/x11vnc/ultravnc_repeater.pl
So one does not need to run the repeater on a Windows machine.
Note that even though the UltraVNC repeater tool is NOT SSL enabled, Note that even though the UltraVNC repeater tool is NOT SSL enabled,
it can nevertheless act as a proxy for SSVNC SSL connections. it can nevertheless act as a proxy for SSVNC SSL connections.
This is because, just as with a Web proxy, the proxy negotiations This is because, just as with a Web proxy, the proxy negotiations
...@@ -1090,9 +1136,13 @@ proc help {} { ...@@ -1090,9 +1136,13 @@ proc help {} {
Unencrypted (aka Direct) SSVNC VNC connections (Vnc:// prefix in Unencrypted (aka Direct) SSVNC VNC connections (Vnc:// prefix in
'VNC Host:Display'; see Tip 5) also work with the UltraVNC repeater. 'VNC Host:Display'; see Tip 5) also work with the UltraVNC repeater.
For the mode I repeater the viewer initiates the connection and MODE I REPEATER:
passes a string that is the VNC server's IP address (or hostname)
and port or display: For the mode I UltraVNC repeater the Viewer initiates the connection
and passes a string that is the VNC server's IP address (or hostname)
and port or display to the repeater (the repeater then makes the
connection to the server host and then exchanges data back and forth.)
To do this in SSVNC:
VNC Host:Display: :0 VNC Host:Display: :0
Proxy/Gateway: repeater://myuvncrep.west:5900+joes-pc:1 Proxy/Gateway: repeater://myuvncrep.west:5900+joes-pc:1
...@@ -1101,7 +1151,7 @@ proc help {} { ...@@ -1101,7 +1151,7 @@ proc help {} {
"joes-pc:1" is the VNC server the repeater will connect us to. "joes-pc:1" is the VNC server the repeater will connect us to.
Note here that the VNC Host:Display can be anything because it is Note here that the VNC Host:Display can be anything because it is
not used; we choose :0. not used; we choose :0. You cannot leave VNC Host:Display empty.
The Proxy/Gateway format is repeater://proxy:port+vncserver:display. The Proxy/Gateway format is repeater://proxy:port+vncserver:display.
The string after the "+" sign is passed to the repeater server for The string after the "+" sign is passed to the repeater server for
...@@ -1111,66 +1161,120 @@ proc help {} { ...@@ -1111,66 +1161,120 @@ proc help {} {
192.168.1.4:5901, etc. 192.168.1.4:5901, etc.
If you do not supply a proxy port, then the default 5900 is assumed, If you do not supply a proxy port, then the default 5900 is assumed,
e.g. use repeater://myuvncrep.west+joes-pc:1 for port 5901. e.g. use repeater://myuvncrep.west+joes-pc:1 for port 5900 on
myuvncrep.west then connecting to port 5901 on joes-pc.
For the mode II repeater both the VNC viewer and VNC server initiate
connections to the repeater proxy. In this case they pass a string
that identifies their mutual connection via "ID:XYZ":
VNC Host:Display: :0
Proxy/Gateway: repeater://myuvncrep.west:5900+ID:1234
again, the default proxy port is 5900 if not supplied.
In this case, mode II, you MUST set Options -> Reverse VNC Connection.
That is to say a "Listening Connection". The reason for this is that
the VNC server acts as a SSL *client* and so requires the Viewer end
to have the SSL cert, (which it does in Listen mode).
Note that in Listening SSL mode you must supply a MyCert or use the X11VNC: For mode I operation the VNC server x11vnc simply runs as
"listen.pem" one you are prompted to create. a normal SSL/VNC server:
We have also found that usually the Listening viewer must be started x11vnc -ssl SAVE
BEFORE the VNC Server connects to the proxy. This bug may be in
SSVNC, x11vnc, or the repeater tool.
Set REPEATER_FORCE=1 in the Host:Display (then hit Enter, and then
clear it, and reenter host:disp) to force SSVNC to try a forward
connection in this situation.
Note that for unencrypted (i.e. direct) SSVNC connections (see vnc://
in Tip 5) there is no need to use a reverse "Listening connection"
and so you might as well use a forward connection.
For mode II when tunnelling via SSL, you probably should also disable
"Verify All Certs" unless you have taken the steps beforehand to
import the VNC server's certificate, or have previously accepted
it using another method. With the mode II proxying scheme, there
is no way to do the initial "Fetch Cert" and check if it has been
previously accepted.
Even when you disable "Verify All Certs", you are of course free to
set a ServerCert or CertsDir under "Certs ..." to authenticate the
VNC Server against.
Also, after the connection you MUST terminate the listening VNC Viewer
(Ctrl-C) and connect again (the proxy only runs once.) In Windows,
go to the System Tray and terminate the Listening VNC Viewer.
Subsequent connection attempts after the first one will fail unless
you return to the GUI and restart listening.
BTW, the x11vnc VNC server command for the mode II case would be because the repeater will connect to it as a VNC client would.
something like: For mode II operation additional options are needed (see below.)
x11vnc -ssl SAVE -connect repeater=ID:1234+myuvncrep.west:5500 ...
x11vnc also supports -connect repeater://myuvncrep.west:5500+ID:1234 MODE II REPEATER:
URL-like notation.
For mode I operation x11vnc simply runs as a normal SSL/VNC server For the mode II repeater both the VNC viewer and VNC server initiate
TCP connections to the repeater proxy. In this case they pass a string
that identifies their mutual connection via "ID:NNNN", for example:
x11vnc -ssl SAVE VNC Host:Display: :0
Proxy/Gateway: repeater://myuvncrep.west:5900+ID:2345
again, the default proxy port is 5900 if not supplied. And we need
to supply a placeholder display ":0".
The fact that BOTH the VNC viewer and VNC server initiate outgoing
TCP connections to the repeater makes some things tricky, especially
for the SSL aspect. In SSL one side takes the 'client' role and
the other side must take the 'server' role. These roles must be
coordinated correctly or otherwise the SSL handshake will fail.
We now describe two scenarios: 1) SSVNC in Listening mode with STUNNEL
in 'SSL server' role; and 2) SSVNC in Forward mode with STUNNEL in
'SSL client' role. For both cases we show how the corresponding
VNC server x11vnc would be run.
SSVNC Listening mode / STUNNEL 'SSL server' role:
By default, when using SSL over a reverse connection the x11vnc VNC
server will take the 'SSL client' role. This way it can connect to a
standard STUNNEL (SSL server) redirecting connections to a VNC viewer
in Listen mode. This is how SSVNC with SSL is normally intended to
be used for reverse connections (i.e. without the UltraVNC Repeater.)
To do it this way with the mode II UltraVNC Repeater; you set
Options -> Reverse VNC Connection, i.e. a "Listening Connection".
You should disable 'Verify All Certs' unless you have already
saved the VNC Server's certificate to Accepted Certs. Or you can
set ServerCert to the saved certificate. Then click 'Listen'.
In this case an outgoing connection is made to the UltraVNC
repeater, but everything else is as for a Reverse connection.
Note that in Listening SSL mode you must supply a MyCert or use the
"listen.pem" one you are prompted by SSVNC to create.
X11VNC command:
x11vnc -ssl -connect_or_exit repeater://myuvncrep.west+ID:2345
SSVNC Forward mode / STUNNEL 'SSL client' role:
x11vnc 0.9.10 and later can act in the 'SSL server' role for Reverse
connections (i.e. as it does for forward connections.) Set these
x11vnc options: '-env X11VNC_DISABLE_SSL_CLIENT_MODE=1 -sslonly'
The -sslonly option is to prevent x11vnc from thinking the delay in
connection implies VeNCrypt instead of VNC over SSL. With x11vnc
in X11VNC_DISABLE_SSL_CLIENT_MODE mode, you can then have SSVNC make
a regular forward connection to the UltraVNC repeater.
Note that SSVNC may attempt to do a 'Fetch Cert' action in forward
connection mode to either retrieve the certificate or probe for
VeNCrypt and/or ANONDH. After that 'Fetch Cert' is done the
connection to the UltraVNC repeater will be dropped. This is a
problem for the subsequent real VNC connection. You can disable
'Verify All Certs' AND also set 'Do not Probe for VeNCrypt'
to avoid the 'Fetch Cert' action. Or, perhaps better, add to
x11vnc command line '-connect_or_exit repeater://... -loop300,2'
(in addition to the options in the previous paragraphs.) That way
x11vnc will reconnect once to the Repeater after the 'Fetch Cert'
action. Then things should act pretty much as a normal forward
SSL connection.
X11VNC 0.9.10 command (split into two lines):
x11vnc -ssl -connect_or_exit repeater://myuvncrep.west+ID:2345 \
-env X11VNC_DISABLE_SSL_CLIENT_MODE=1 -loop300,2 -sslonly
We recommend using "SSVNC Forward mode / STUNNEL 'SSL client' role"
if you are connecting to x11vnc 0.9.10 or later. Since this does
not use Listen mode it should be less error prone and less confusing
and more compatible with other features. Be sure to use all of
the x11vnc options in the above command line. To enable VeNCrypt,
replace '-sslonly' with '-vencrypt force'. If you do not indicate
them explicitly to SSVNC, SSVNC may have to probe multiple times for
VeNCrypt and/or ANONDH. So you may need '-loop300,4' on the x11vnc
cmdline so it will reconnect to the UltraVNC repeater 3 times.
Note that for UNENCRYPTED (i.e. direct) SSVNC connections (see vnc://
in Tip 5) using the UltraVNC Repeater mode II there is no need to
use a reverse "Listening connection" and so you might as well use
a forward connection.
For Listening connections, on Windows after the VNC connection you
MUST manually terminate the listening VNC Viewer (and connect again
if desired.) Do this by going to the System Tray and terminating
the Listening VNC Viewer. Subsequent connection attempts using the
repeater will fail unless you do this and restart the Listen.
On Unix and MacOS X after the VNC connection the UltraVNC repeater
proxy script will automatically restart and reconnect to the repeater
for another connection. So you do not need to manually restart it.
To stop the listening, kill the listening VNC Viewer with Ctrl-C.
In the previous sections it was mentioned one can chain up to 3 In the previous sections it was mentioned one can chain up to 3
proxies together by separating them with commas: proxy1,proxy2,proxy3. proxies together by separating them with commas: proxy1,proxy2,proxy3.
...@@ -1234,7 +1338,7 @@ proc help {} { ...@@ -1234,7 +1338,7 @@ proc help {} {
user run your Single Click III EXE. user run your Single Click III EXE.
Note that in Listening SSL mode you MUST supply a MyCert or use the Note that in Listening SSL mode you MUST supply a MyCert or use the
"listen.pem" one you are prompted to create. "listen.pem" one you are prompted by SSVNC to create.
UltraVNC repeater_SSL.exe proxy: UltraVNC repeater_SSL.exe proxy:
...@@ -1247,7 +1351,7 @@ proc help {} { ...@@ -1247,7 +1351,7 @@ proc help {} {
Proxies/Gateways'. In this case do something like this: Proxies/Gateways'. In this case do something like this:
VNC Host:Display: :0 VNC Host:Display: :0
Proxy/Gateway: sslrepeater://myuvncrep.west:443+ID:1234 Proxy/Gateway: sslrepeater://myuvncrep.west:443+ID:2345
The sslrepeater:// part indicates the entire ID:XYZ negotiation must The sslrepeater:// part indicates the entire ID:XYZ negotiation must
occur inside the SSL tunnel. Listening mode is not required in this occur inside the SSL tunnel. Listening mode is not required in this
...@@ -1263,7 +1367,7 @@ proc help {} { ...@@ -1263,7 +1367,7 @@ proc help {} {
sslrepeater:// only works on Unix or MacOSX using the provided sslrepeater:// only works on Unix or MacOSX using the provided
SSVNC vncviewer. The modified viewer is needed; stock VNC viewers SSVNC vncviewer. The modified viewer is needed; stock VNC viewers
will not work. Also, proxy chaining (bouncing off of more than one will not work. Also, proxy chaining (bouncing off of more than one
proxy) currently does not work. proxy) currently does not work for repeater_SSL.exe.
VeNCrypt is treated as a proxy: VeNCrypt is treated as a proxy:
...@@ -1289,7 +1393,7 @@ proc help {} { ...@@ -1289,7 +1393,7 @@ proc help {} {
In short, because stunnel and ssh support IPv6 hostnames and In short, because stunnel and ssh support IPv6 hostnames and
addresses, SSVNC does too without you needing to do anything. addresses, SSVNC does too without you needing to do anything.
However, in some usages modes you will need to specify the IPv6 However, in some rare usage modes you will need to specify the IPv6
server destination in the Proxy/Gateway entry box. The only case server destination in the Proxy/Gateway entry box. The only case
this appears to be needed is when making an un-encrypted connection this appears to be needed is when making an un-encrypted connection
to an IPv6 VNC server. In this case neither stunnel nor ssh are to an IPv6 VNC server. In this case neither stunnel nor ssh are
...@@ -1302,8 +1406,8 @@ proc help {} { ...@@ -1302,8 +1406,8 @@ proc help {} {
'localhost:0' setting can be anything; it is basically ignored. 'localhost:0' setting can be anything; it is basically ignored.
Note that on Unix, MacOSX, and Windows un-encrypted ipv6 connections Note that on Unix, MacOSX, and Windows un-encrypted ipv6 connections
are AUTODETECTED and so you likely never need to supply ipv6:// are AUTODETECTED and so you likely NEVER need to supply ipv6://
Only try it if there are problems. Also note that the ipv6:// Only try it if you encounter problems. Also note that the ipv6://
proxy type does not work on Windows, so only the autodetection is proxy type does not work on Windows, so only the autodetection is
available there. available there.
...@@ -1645,6 +1749,15 @@ proc help {} { ...@@ -1645,6 +1749,15 @@ proc help {} {
bat files on Windows (for debugging); BAT_SLEEP: sleep this many bat files on Windows (for debugging); BAT_SLEEP: sleep this many
seconds at the end of each Windows bat file (for debugging.) seconds at the end of each Windows bat file (for debugging.)
You can also set any environment variable by entering in something
like ENV=VAR=VAL e.g. ENV=SSH_AUTH_SOCK=/tmp/ssh-BF2297/agent.2297
Use an empty VAL to unset the variable.
There are also a HUGE number of env. vars. that apply to the Unix
and MacOS X wrapper script 'ss_vncviewer' and/or the ssvncviewer
binary. See Options -> Advanced -> Unix ssvncviewer -> Help for
all of them.
16) On Unix you can make the "Open File" and "Save File" dialogs 16) On Unix you can make the "Open File" and "Save File" dialogs
bigger by setting the env. var. SSVNC_BIGGER_DIALOG=1 or bigger by setting the env. var. SSVNC_BIGGER_DIALOG=1 or
supplying the -bigger option. If you set it to a Width x Height, supplying the -bigger option. If you set it to a Width x Height,
...@@ -1937,6 +2050,17 @@ proc help_certs {} { ...@@ -1937,6 +2050,17 @@ proc help_certs {} {
Man-In-The-Middle attacks. They rely on the client user not bothering to Man-In-The-Middle attacks. They rely on the client user not bothering to
check the cert. check the cert.
Some people may be confused by the above because they are familiar with
their Web Browser using SSL (i.e. https://... websites) and those sites
are authenticated securely without the user's need to verify anything
manually. The reason why this happens automatically is because 1) their
web browser comes with a bundle of Certificate Authority certificates
and 2) the https sites have paid money to the Certificate Authorities to
have their website certificate signed by them. When using SSL in VNC we
normally do not do something this sophisticated, and so we have to verify
the certificates manually. However, it is possible to use Certificate
Authorities with SSVNC; that method is described below.
The SSL Certificate files described below may have been created externally The SSL Certificate files described below may have been created externally
(e.g. by x11vnc or openssl): you can import them via "Import Certificate". (e.g. by x11vnc or openssl): you can import them via "Import Certificate".
OR you can click on "Create Certificate ..." to use THIS program to generate OR you can click on "Create Certificate ..." to use THIS program to generate
...@@ -2433,11 +2557,19 @@ set msg { ...@@ -2433,11 +2557,19 @@ set msg {
Remote Command: In the "Remote SSH Command" entry you can to Remote Command: In the "Remote SSH Command" entry you can to
indicate that a remote command to be run. The default is indicate that a remote command to be run. The default is
"sleep 15". For example, to run x11vnc for your X :0 display: "sleep 15" to make sure port redirections get established. But you
can run anything else, for example, to run x11vnc on your X :0
workstation display:
x11vnc -display :0 -nopw x11vnc -display :0 -nopw
Windows SSH SERVER: if you are ssh'ing INTO Windows (e.g. CYGWIN
SSHD server) there may be no "sleep" command so put in something
like "ping localhost" or "ping -n 10 -w 1000 localhost" to
set a short delay to let the port redir get established.
Trick: If you use "SHELL" asl the "Remote SSH Command" then Trick: If you use "SHELL" asl the "Remote SSH Command" then
you get an SSH shell only: no VNC viewer will be launched. you get an SSH shell only: no VNC viewer will be launched.
On Windows "PUTTY" will try to use putty.exe (better terminal On Windows "PUTTY" will try to use putty.exe (better terminal
...@@ -2655,10 +2787,10 @@ set msg { ...@@ -2655,10 +2787,10 @@ set msg {
when 'Save' is performed. This feature is useful when when 'Save' is performed. This feature is useful when
options under "Advanced" are set that require TWO SSH's: options under "Advanced" are set that require TWO SSH's:
you just have to type the password once in this entry box. you just have to type the password once in this entry box.
The bundled pagent.exe and puttygen.exe programs can also The bundled pageant.exe and puttygen.exe programs can also
be used to avoid repeatedly entering passwords (note this be used to avoid repeatedly entering passwords (note this
requires setting up and distributing SSH keys). Start up requires setting up and distributing SSH keys). Start up
pagent.exe or puttygen.exe and read the instructions there. pageant.exe or puttygen.exe and read the instructions there.
Note, that there is a small exposure to someone seeing the Note, that there is a small exposure to someone seeing the
putty password on the plink command line. putty password on the plink command line.
...@@ -3169,7 +3301,7 @@ proc set_defaults {} { ...@@ -3169,7 +3301,7 @@ proc set_defaults {} {
global sound_daemon_remote_cmd sound_daemon_remote_port sound_daemon_kill sound_daemon_restart global sound_daemon_remote_cmd sound_daemon_remote_port sound_daemon_kill sound_daemon_restart
global sound_daemon_local_cmd sound_daemon_local_port sound_daemon_local_kill sound_daemon_x11vnc sound_daemon_local_start global sound_daemon_local_cmd sound_daemon_local_port sound_daemon_local_kill sound_daemon_x11vnc sound_daemon_local_start
global smb_su_mode smb_mount_list global smb_su_mode smb_mount_list
global use_port_knocking port_knocking_list port_slot global use_port_knocking port_knocking_list port_slot putty_args
global ycrop_string ssvnc_scale ssvnc_escape sbwid_string rfbversion ssvnc_encodings ssvnc_extra_opts use_x11cursor use_nobell use_rawlocal use_notty use_popupfix extra_sleep use_listen use_unixpw use_x11vnc_find unixpw_username global ycrop_string ssvnc_scale ssvnc_escape sbwid_string rfbversion ssvnc_encodings ssvnc_extra_opts use_x11cursor use_nobell use_rawlocal use_notty use_popupfix extra_sleep use_listen use_unixpw use_x11vnc_find unixpw_username
global disable_ssl_workarounds disable_ssl_workarounds_type global disable_ssl_workarounds disable_ssl_workarounds_type
global no_probe_vencrypt server_vencrypt server_anondh global no_probe_vencrypt server_vencrypt server_anondh
...@@ -3270,6 +3402,7 @@ proc set_defaults {} { ...@@ -3270,6 +3402,7 @@ proc set_defaults {} {
set defs(ultra_dsm_salt) "" set defs(ultra_dsm_salt) ""
set defs(port_slot) "" set defs(port_slot) ""
set defs(putty_args) ""
set defs(cups_local_server) "" set defs(cups_local_server) ""
set defs(cups_remote_port) "" set defs(cups_remote_port) ""
...@@ -3379,12 +3512,79 @@ proc set_defaults {} { ...@@ -3379,12 +3512,79 @@ proc set_defaults {} {
set last_load "" set last_load ""
} }
proc do_viewer_windows {n} { proc windows_listening_message {n} {
global use_alpha use_grab use_x11cursor use_nobell use_ssh use_sshssl use_viewonly use_fullscreen use_bgr233 global did_listening_message
global extra_cmd
set extra_cmd ""
set cmd [get_cmd $n]
if {$did_listening_message < 2} {
incr did_listening_message
global listening_name
set ln $listening_name
if {$ln == ""} {
set ln "this-computer:$n"
}
set msg "
About to start the Listening VNC Viewer (Reverse Connection).
The VNC Viewer command to be run is:
$cmd
After the Viewer starts listening, the VNC server should
then Reverse connect to:
$ln
When the VNC Connection has ended **YOU MUST MANUALLY STOP**
the Listening VNC Viewer.
To stop the Listening Viewer: right click on the VNC Icon in
the tray and select 'Close listening daemon' (or similar).
ONLY AFTER THAT will you return to the SSVNC GUI.
Click OK now to start the Listening VNC Viewer.$extra_cmd
"
global use_ssh use_sshssl
if {$use_ssh || $use_sshssl} {
set msg "${msg} NOTE: You will probably also need to kill the SSH in the\n terminal via Ctrl-C"
}
global help_font is_windows system_button_face
toplev .wll
global wll_done
set wll_done 0
eval text .wll.t -width 64 -height 22 $help_font
button .wll.d -text "OK" -command {destroy .wll; set wll_done 1}
pack .wll.t .wll.d -side top -fill x
apply_bg .wll.t
center_win .wll
wm resizable .wll 1 0
wm title .wll "SSL/SSH Viewer: Listening VNC Info"
.wll.t insert end $msg
vwait wll_done
}
}
proc get_cmd {n} {
global use_alpha use_grab use_x11cursor use_nobell use_ssh
global use_sshssl use_viewonly use_fullscreen use_bgr233
global use_nojpeg use_raise_on_beep use_compresslevel use_quality global use_nojpeg use_raise_on_beep use_compresslevel use_quality
global use_send_clipboard use_send_always global use_send_clipboard use_send_always change_vncviewer
global change_vncviewer change_vncviewer_path vncviewer_realvnc4 global change_vncviewer_path vncviewer_realvnc4 use_listen
global use_listen disable_ssl_workarounds disable_ssl_workarounds_type env global disable_ssl_workarounds disable_ssl_workarounds_type env
set cmd "vncviewer" set cmd "vncviewer"
if {$change_vncviewer && $change_vncviewer_path != ""} { if {$change_vncviewer && $change_vncviewer_path != ""} {
...@@ -3443,8 +3643,8 @@ proc do_viewer_windows {n} { ...@@ -3443,8 +3643,8 @@ proc do_viewer_windows {n} {
} }
} }
set ipv6_pid2 "" global extra_cmd
set extra "" set extra_cmd ""
if {$use_listen} { if {$use_listen} {
if {$vncviewer_realvnc4} { if {$vncviewer_realvnc4} {
append cmd " listen=1" append cmd " listen=1"
...@@ -3463,71 +3663,12 @@ proc do_viewer_windows {n} { ...@@ -3463,71 +3663,12 @@ proc do_viewer_windows {n} {
set nn2 [expr $nn + 15] set nn2 [expr $nn + 15]
set h0 $direct_connect_reverse_host_orig set h0 $direct_connect_reverse_host_orig
global win_localhost global win_localhost
set extra "\n\n relay6.exe $nn $win_localhost $nn2 /b:$h0" set extra_cmd "\n\nrelay6.exe $nn $win_localhost $nn2 /b:$h0"
set ipv6_pid2 [exec relay6.exe $nn $win_localhost $nn2 /b:$h0 &]
set nn $nn2 set nn $nn2
} }
append cmd " $nn" append cmd " $nn"
global did_listening_message
if {$did_listening_message < 3} {
incr did_listening_message
global listening_name
set ln $listening_name
if {$ln == ""} {
set ln "this-computer:$n"
}
set msg "
About to start the Listening VNC Viewer (Reverse Connection).
The VNC Viewer command to be run is:
$cmd
After the Viewer starts listening, the VNC server should
then Reverse connect to:
$ln
When the VNC Connection has ended **YOU MUST MANUALLY STOP**
the Listening VNC Viewer.
To stop the Listening Viewer: right click on the VNC Icon in
the tray and select 'Close listening daemon' (or similar).
ONLY AFTER THAT will you return to the SSVNC GUI.
Click OK now to start the Listening VNC Viewer.$extra
"
global use_ssh use_sshssl
if {$use_ssh || $use_sshssl} {
set msg "${msg} NOTE: You will probably also need to kill the SSH in the\n terminal via Ctrl-C"
}
global help_font is_windows system_button_face
toplev .wll
global wll_done
set wll_done 0
eval text .wll.t -width 64 -height 22 $help_font
button .wll.d -text "OK" -command {destroy .wll; set wll_done 1}
pack .wll.t .wll.d -side top -fill x
apply_bg .wll.t
center_win .wll
wm resizable .wll 1 0
wm title .wll "SSL/SSH Viewer: Listening VNC Info"
.wll.t insert end $msg
vwait wll_done
}
} else { } else {
if [regexp {^[0-9][0-9]*$} $n] { if [regexp {^[0-9][0-9]*$} $n] {
global win_localhost global win_localhost
...@@ -3536,6 +3677,32 @@ proc do_viewer_windows {n} { ...@@ -3536,6 +3677,32 @@ proc do_viewer_windows {n} {
append cmd " $n" append cmd " $n"
} }
} }
return $cmd
}
proc do_viewer_windows {n} {
global use_listen env
set cmd [get_cmd $n]
set ipv6_pid2 ""
if {$use_listen} {
set nn $n
if {$nn < 100} {
set nn [expr "$nn + 5500"]
}
global direct_connect_reverse_host_orig is_win9x
if {![info exists direct_connect_reverse_host_orig]} {
set direct_connect_reverse_host_orig ""
}
if {$direct_connect_reverse_host_orig != "" && !$is_win9x} {
set nn2 [expr $nn + 15]
set h0 $direct_connect_reverse_host_orig
global win_localhost
set ipv6_pid2 [exec relay6.exe $nn $win_localhost $nn2 /b:$h0 &]
set nn $nn2
}
}
if [info exists env(SSVNC_EXTRA_SLEEP)] { if [info exists env(SSVNC_EXTRA_SLEEP)] {
set t $env(SSVNC_EXTRA_SLEEP) set t $env(SSVNC_EXTRA_SLEEP)
...@@ -3923,7 +4090,7 @@ proc check_debug_netstat {port str wn} { ...@@ -3923,7 +4090,7 @@ proc check_debug_netstat {port str wn} {
proc launch_windows_ssh {hp file n} { proc launch_windows_ssh {hp file n} {
global is_win9x env global is_win9x env
global use_sshssl use_ssh putty_pw global use_sshssl use_ssh putty_pw putty_args
global port_knocking_list global port_knocking_list
global use_listen listening_name global use_listen listening_name
global disable_ssl_workarounds disable_ssl_workarounds_type global disable_ssl_workarounds disable_ssl_workarounds_type
...@@ -3964,9 +4131,14 @@ proc launch_windows_ssh {hp file n} { ...@@ -3964,9 +4131,14 @@ proc launch_windows_ssh {hp file n} {
; ;
} else { } else {
# XXX add :0 instead? # XXX add :0 instead?
mesg "Bad vncdisp, missing :0 ?, $vnc_disp" if {1} {
bell set vnc_disp "vnc_disp:0"
return 0 mesg "Added :0 to $vnc_disp"
} else {
mesg "Bad vncdisp, missing :0 ?, $vnc_disp"
bell
return 0
}
} }
} }
...@@ -4242,13 +4414,23 @@ proc launch_windows_ssh {hp file n} { ...@@ -4242,13 +4414,23 @@ proc launch_windows_ssh {hp file n} {
regsub {\.bat} $file "pre.bat" file_pre regsub {\.bat} $file "pre.bat" file_pre
set fh [open $file_pre "w"] set fh [open $file_pre "w"]
set plink_str "plink.exe -ssh -C -P $ssh_port -m $file_pre_cmd $verb -t" set plink_str "plink.exe -ssh -C -P $ssh_port -m $file_pre_cmd $verb -t"
if {$putty_args != ""} {
append plink_str " $putty_args"
}
global smb_redir_0 global smb_redir_0
if {$smb_redir_0 != ""} { if {$smb_redir_0 != ""} {
append plink_str " $smb_redir_0" append plink_str " $smb_redir_0"
} }
append plink_str "$pw $ssh_host" if [regexp {%} $ssh_host] {
set uath ""
regsub -all {%SPACE} $ssh_host " " uath
regsub -all {%TAB} $uath " " uath
append plink_str "$pw \"$uath\""
} else {
append plink_str "$pw $ssh_host"
}
if {$pw != ""} { if {$pw != ""} {
puts $fh "echo off" puts $fh "echo off"
...@@ -4386,6 +4568,9 @@ proc launch_windows_ssh {hp file n} { ...@@ -4386,6 +4568,9 @@ proc launch_windows_ssh {hp file n} {
} }
set plink_str "plink.exe -ssh -P $ssh_port $verb $redir $extra_redirs -t" set plink_str "plink.exe -ssh -P $ssh_port $verb $redir $extra_redirs -t"
if {$putty_args != ""} {
append plink_str " $putty_args"
}
if {$extra_redirs != ""} { if {$extra_redirs != ""} {
regsub {exe} $plink_str "exe -C" plink_str regsub {exe} $plink_str "exe -C" plink_str
} else { } else {
...@@ -4393,24 +4578,34 @@ proc launch_windows_ssh {hp file n} { ...@@ -4393,24 +4578,34 @@ proc launch_windows_ssh {hp file n} {
# ssh typing response? # ssh typing response?
regsub {exe} $plink_str "exe -C" plink_str regsub {exe} $plink_str "exe -C" plink_str
} }
set uath $ssh_host
if [regexp {%} $uath] {
regsub -all {%SPACE} $uath " " uath
regsub -all {%TAB} $uath " " uath
set uath "\"$uath\""
}
if {$do_shell} { if {$do_shell} {
if {$sshcmd == "PUTTY"} { if {$sshcmd == "PUTTY"} {
if [regexp {^".*@} $uath] { #"
regsub {@} $uath {" "} uath
set uath "-l $uath"
}
if {$is_win9x} { if {$is_win9x} {
set plink_str "putty.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host" set plink_str "putty.exe -ssh -C -P $ssh_port $extra_redirs $putty_args -t $pw $uath"
} else { } else {
set plink_str "start \"putty $ssh_host\" putty.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host" set plink_str "start \"putty $ssh_host\" putty.exe -ssh -C -P $ssh_port $extra_redirs $putty_args -t $pw $uath"
if [regexp {FINISH} $port_knocking_list] { if [regexp {FINISH} $port_knocking_list] {
regsub {start} $plink_str "start /wait" plink_str regsub {start} $plink_str "start /wait" plink_str
} }
} }
} else { } else {
set plink_str "plink.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host" set plink_str "plink.exe -ssh -C -P $ssh_port $extra_redirs $putty_args -t $pw $uath"
append plink_str { "$SHELL"} append plink_str { "$SHELL"}
} }
} elseif {$file_cmd != ""} { } elseif {$file_cmd != ""} {
append plink_str " -m $file_cmd$pw $ssh_host" append plink_str " -m $file_cmd$pw $uath"
} else { } else {
append plink_str "$pw $ssh_host \"$sshcmd\"" append plink_str "$pw $uath \"$sshcmd\""
} }
if {$pw != ""} { if {$pw != ""} {
...@@ -4420,7 +4615,7 @@ proc launch_windows_ssh {hp file n} { ...@@ -4420,7 +4615,7 @@ proc launch_windows_ssh {hp file n} {
puts $fh "echo \" \"" puts $fh "echo \" \""
puts $fh "echo \"Doing Initial SSH with sudo id to prime sudo...\"" puts $fh "echo \"Doing Initial SSH with sudo id to prime sudo...\""
puts $fh "echo \" \"" puts $fh "echo \" \""
puts $fh "plink.exe -ssh -t $ssh_host \"sudo id; tty\"" puts $fh "plink.exe -ssh $putty_args -t $uath \"sudo id; tty\""
puts $fh "echo \" \"" puts $fh "echo \" \""
} }
puts $fh $plink_str puts $fh $plink_str
...@@ -4454,7 +4649,7 @@ proc launch_windows_ssh {hp file n} { ...@@ -4454,7 +4649,7 @@ proc launch_windows_ssh {hp file n} {
} }
if {$double_ssh != ""} { if {$double_ssh != ""} {
set plink_str_double_ssh "plink.exe -ssh -t $pw $double_ssh \"echo sleep 60 ...; sleep 60; echo done.\"" set plink_str_double_ssh "plink.exe -ssh $putty_args -t $pw $double_ssh \"echo sleep 60 ...; sleep 60; echo done.\""
# VF # VF
regsub {\.bat} $file "dob.bat" file_double regsub {\.bat} $file "dob.bat" file_double
...@@ -5378,6 +5573,9 @@ proc fetch_cert {save} { ...@@ -5378,6 +5573,9 @@ proc fetch_cert {save} {
if [regexp -nocase -line {GET_SERVER_HELLO.*unknown protocol} $cert_text] { if [regexp -nocase -line {GET_SERVER_HELLO.*unknown protocol} $cert_text] {
set m 1 set m 1
} }
if {![regexp -nocase {show_cert: SSL_connect failed} $cert_text]} {
set m 1
}
if {!$m && $is_windows} { if {!$m && $is_windows} {
if [regexp -nocase {write:errno} $cert_text] { if [regexp -nocase {write:errno} $cert_text] {
if [regexp -nocase {no peer certificate} $cert_text] { if [regexp -nocase {no peer certificate} $cert_text] {
...@@ -5410,6 +5608,9 @@ proc fetch_cert {save} { ...@@ -5410,6 +5608,9 @@ proc fetch_cert {save} {
if [regexp -nocase -line {error.*unknown protocol} $cert_text] { if [regexp -nocase -line {error.*unknown protocol} $cert_text] {
set m 1 set m 1
} }
if {![regexp -nocase {show_cert: SSL_connect failed} $cert_text]} {
set m 1
}
if {!$m && $is_windows} { if {!$m && $is_windows} {
if [regexp -nocase {no peer certificate} $cert_text] { if [regexp -nocase {no peer certificate} $cert_text] {
set m 1 set m 1
...@@ -5814,8 +6015,15 @@ proc ipv6_proxy {proxy host port} { ...@@ -5814,8 +6015,15 @@ proc ipv6_proxy {proxy host port} {
for {set i 0} {$i < $n} {incr i} { for {set i 0} {$i < $n} {incr i} {
set part [lindex $parts $i] set part [lindex $parts $i]
set prefix "" set prefix ""
set repeater 0
regexp -nocase {^[a-z0-9+]*://} $part prefix regexp -nocase {^[a-z0-9+]*://} $part prefix
regsub -nocase {^[a-z0-9+]*://} $part "" part regsub -nocase {^[a-z0-9+]*://} $part "" part
if [regexp {^repeater://} $prefix] {
regsub {\+.*$} $part "" part
if {![regexp {:([0-9][0-9]*)$} $part]} {
set part "$part:5900"
}
}
set modit 0 set modit 0
set h1 "" set h1 ""
set p1 "" set p1 ""
...@@ -6184,6 +6392,7 @@ proc check_accepted_certs {{probe_only 0}} { ...@@ -6184,6 +6392,7 @@ proc check_accepted_certs {{probe_only 0}} {
regsub -all {[\\/=]} $fingerprint "_" fingerprint regsub -all {[\\/=]} $fingerprint "_" fingerprint
set from [string tolower $from] set from [string tolower $from]
regsub -all {[\[\]]} $from "" from
regsub -all {^[+a-z]*://} $from "" from regsub -all {^[+a-z]*://} $from "" from
regsub -all {:} $from "-" from regsub -all {:} $from "-" from
regsub -all {[\\/=]} $from "_" from regsub -all {[\\/=]} $from "_" from
...@@ -6591,33 +6800,53 @@ proc tpid {} { ...@@ -6591,33 +6800,53 @@ proc tpid {} {
proc repeater_proxy_check {proxy} { proc repeater_proxy_check {proxy} {
if [regexp {^repeater://.*\+ID:[0-9]} $proxy] { if [regexp {^repeater://.*\+ID:[0-9]} $proxy] {
global env global env rpc_m1 rpc_m2
if {![info exists rpc_m1]} {
set rpc_m1 0
set rpc_m2 0
}
set force 0 set force 0
if [info exists env(REPEATER_FORCE)] { if [info exists env(REPEATER_FORCE)] {
if {$env(REPEATER_FORCE) != "" && $env(REPEATER_FORCE) != "0"} { if {$env(REPEATER_FORCE) != "" && $env(REPEATER_FORCE) != "0"} {
# no longer makes a difference.
set force 1 set force 1
} }
} }
global use_listen ultra_dsm global use_listen ultra_dsm
if {! $use_listen} { if {! $use_listen} {
if {$ultra_dsm != ""} { if {$ultra_dsm} {
return 1; return 1;
} elseif {$force} {
mesg "WARNING: repeater:// ID:nnn proxy must use Listen Mode"
after 1000
} else { } else {
bell if {0} {
mesg "ERROR: repeater:// ID:nnn proxy must use Listen Mode" mesg "WARNING: repeater:// ID:nnn proxy might need Listen Mode"
after 1000 incr rpc_m1
return 0 if {$rpc_m1 <= 2} {
after 1000
} else {
after 200
}
}
if {0} {
# no longer required by x11vnc (X11VNC_DISABLE_SSL_CLIENT_MODE)
bell
mesg "ERROR: repeater:// ID:nnn proxy must use Listen Mode"
after 1000
return 0
}
} }
} }
global always_verify_ssl global always_verify_ssl
if [info exists always_verify_ssl] { if [info exists always_verify_ssl] {
if {$always_verify_ssl} { if {$always_verify_ssl} {
bell
mesg "WARNING: repeater:// ID:nnn Verify All Certs may fail" mesg "WARNING: repeater:// ID:nnn Verify All Certs may fail"
after 2500 incr rpc_m2
if {$rpc_m2 == 1} {
after 1500
} elseif {$rpc_m2 == 2} {
after 500
} else {
after 200
}
} }
} }
} }
...@@ -6870,6 +7099,7 @@ proc maybe_add_vencrypt {proxy hp} { ...@@ -6870,6 +7099,7 @@ proc maybe_add_vencrypt {proxy hp} {
set vpd [get_vencrypt_proxy $hp] set vpd [get_vencrypt_proxy $hp]
} }
if {$vpd != ""} { if {$vpd != ""} {
mesg "vencrypt proxy: $vpd"
if {$proxy != ""} { if {$proxy != ""} {
set proxy "$proxy,$vpd" set proxy "$proxy,$vpd"
} else { } else {
...@@ -7341,7 +7571,7 @@ proc launch_unix {hp} { ...@@ -7341,7 +7571,7 @@ proc launch_unix {hp} {
set hpnew [get_ssh_hp $hp] set hpnew [get_ssh_hp $hp]
set proxy [get_ssh_proxy $hp] set proxy [get_ssh_proxy $hp]
if {!$do_direct && ! [repeater_proxy_check $proxy]} { if {!$do_direct && ![repeater_proxy_check $proxy]} {
reset_stunnel_extra_opts reset_stunnel_extra_opts
return return
} }
...@@ -8228,7 +8458,18 @@ proc launch {{hp ""}} { ...@@ -8228,7 +8458,18 @@ proc launch {{hp ""}} {
set vncdisplay "" set vncdisplay ""
return 0 return 0
} }
if {[regexp {^ENV=([A-z0-9][A-z0-9]*)=(.*)$} $hpt mv var val]} {
global env
if {$val == ""} {
catch {unset env($var)}
mesg "Unset $var"
} else {
set env($var) "$val"
mesg "Set $var to $val"
}
set vncdisplay ""
return 0
}
regsub {[ ]*cmd=.*$} $hp "" tt regsub {[ ]*cmd=.*$} $hp "" tt
...@@ -8642,6 +8883,8 @@ proc launch {{hp ""}} { ...@@ -8642,6 +8883,8 @@ proc launch {{hp ""}} {
} }
} }
set p_reverse 0
if {$proxy != ""} { if {$proxy != ""} {
if {$use_sshssl} { if {$use_sshssl} {
; ;
...@@ -8655,6 +8898,8 @@ proc launch {{hp ""}} { ...@@ -8655,6 +8898,8 @@ proc launch {{hp ""}} {
set env(SSVNC_DEST) "$host:$port" set env(SSVNC_DEST) "$host:$port"
if {$use_listen} { if {$use_listen} {
set env(SSVNC_REVERSE) "$win_localhost:$port" set env(SSVNC_REVERSE) "$win_localhost:$port"
set env(CONNECT_BR_SLEEP) 3
set p_reverse 1
} else { } else {
if {$use_sshssl && [regexp {vencrypt:} $proxy]} { if {$use_sshssl && [regexp {vencrypt:} $proxy]} {
set env(SSVNC_LISTEN) [expr "$n4 + 5900"] set env(SSVNC_LISTEN) [expr "$n4 + 5900"]
...@@ -8662,6 +8907,13 @@ proc launch {{hp ""}} { ...@@ -8662,6 +8907,13 @@ proc launch {{hp ""}} {
set env(SSVNC_LISTEN) [expr "$n2 + 5900"] set env(SSVNC_LISTEN) [expr "$n2 + 5900"]
} }
} }
if {[info exists env(PROXY_DEBUG)]} {
foreach var [list SSVNC_PROXY SSVNC_DEST SSVNC_REVERSE CONNECT_BR_SLEEP SSVNC_LISTEN] {
if [info exists env($var)] {
mesg "$var $env($var)"; after 2500;
}
}
}
} }
global anon_dh_detected server_anondh global anon_dh_detected server_anondh
...@@ -8734,6 +8986,7 @@ proc launch {{hp ""}} { ...@@ -8734,6 +8986,7 @@ proc launch {{hp ""}} {
catch { unset env(SSVNC_REVERSE) } catch { unset env(SSVNC_REVERSE) }
catch { unset env(SSVNC_DEST) } catch { unset env(SSVNC_DEST) }
catch { unset env(SSVNC_PREDIGESTED_HANDSHAKE) } catch { unset env(SSVNC_PREDIGESTED_HANDSHAKE) }
catch { unset env(CONNECT_BR_SLEEP) }
winkill $ipv6_pid winkill $ipv6_pid
winkill $ssh_ipv6_pid winkill $ssh_ipv6_pid
set ssh_ipv6_pid "" set ssh_ipv6_pid ""
...@@ -8745,6 +8998,10 @@ proc launch {{hp ""}} { ...@@ -8745,6 +8998,10 @@ proc launch {{hp ""}} {
set proxy_pid "" set proxy_pid ""
set proxy_pid2 "" set proxy_pid2 ""
if {$use_listen} {
windows_listening_message $n1
}
if {$proxy != ""} { if {$proxy != ""} {
if [regexp {vencrypt:} $proxy] { if [regexp {vencrypt:} $proxy] {
set vport [expr "$n1 + 5900"] set vport [expr "$n1 + 5900"]
...@@ -8767,6 +9024,7 @@ proc launch {{hp ""}} { ...@@ -8767,6 +9024,7 @@ proc launch {{hp ""}} {
catch { unset env(SSVNC_REVERSE) } catch { unset env(SSVNC_REVERSE) }
catch { unset env(SSVNC_DEST) } catch { unset env(SSVNC_DEST) }
catch { unset env(SSVNC_PREDIGESTED_HANDSHAKE) } catch { unset env(SSVNC_PREDIGESTED_HANDSHAKE) }
catch { unset env(CONNECT_BR_SLEEP) }
} }
mesg "Starting STUNNEL on port $port2 ..." mesg "Starting STUNNEL on port $port2 ..."
...@@ -8774,10 +9032,12 @@ proc launch {{hp ""}} { ...@@ -8774,10 +9032,12 @@ proc launch {{hp ""}} {
set pids [exec stunnel $file1 &] set pids [exec stunnel $file1 &]
after 300 if {! $p_reverse} {
set vtm [vencrypt_tutorial_mesg] after 300
if {$vtm == ""} { set vtm [vencrypt_tutorial_mesg]
after 1000 if {$vtm == ""} {
after 300
}
} }
note_stunnel_pids "after" note_stunnel_pids "after"
...@@ -11023,6 +11283,7 @@ proc save_profile {{parent "."}} { ...@@ -11023,6 +11283,7 @@ proc save_profile {{parent "."}} {
} else { } else {
regsub -all {:} $dispf "-" dispf regsub -all {:} $dispf "-" dispf
} }
regsub -all {[\[\]]} $dispf "" dispf
if {$ts_only && ![regexp {^TS-} $dispf]} { if {$ts_only && ![regexp {^TS-} $dispf]} {
set dispf "TS-$dispf" set dispf "TS-$dispf"
} }
...@@ -12260,6 +12521,45 @@ proc ts_sleep_dialog {} { ...@@ -12260,6 +12521,45 @@ proc ts_sleep_dialog {} {
focus .eslp.c.e focus .eslp.c.e
} }
proc ts_putty_args_dialog {} {
toplev .parg
wm title .parg "Putty Args"
scroll_text .parg.f 80 5
global putty_args
set msg {
Putty Args: Enter a string to be added to every plink.exe and putty.exe
command line. For example: -i C:\mykey.ppk
}
.parg.f.t insert end $msg
frame .parg.c
label .parg.c.l -anchor w -text "Putty Args:"
entry .parg.c.e -width 20 -textvariable putty_args
pack .parg.c.l -side left
pack .parg.c.e -side left -expand 1 -fill x
button .parg.cancel -text "Cancel" -command {destroy .parg; set choose_parg 0}
bind .parg <Escape> {destroy .parg; set choose_parg 0}
wm protocol .parg WM_DELETE_WINDOW {destroy .parg; set choose_parg 0}
button .parg.done -text "Done" -command {destroy .parg; set choose_parg 1}
bind .parg.c.e <Return> {destroy .parg; set choose_parg 1}
global choose_parg
if {! $choose_parg} {
set putty_args ""
}
pack .parg.done .parg.cancel .parg.c -side bottom -fill x
pack .parg.f -side top -fill both -expand 1
center_win .parg
focus .parg.c.e
}
proc ts_ncache_dialog {} { proc ts_ncache_dialog {} {
toplev .nche toplev .nche
...@@ -14158,6 +14458,21 @@ proc help_advanced_opts {} { ...@@ -14158,6 +14458,21 @@ proc help_advanced_opts {} {
while waiting for the VNC viewer to start up. On Windows this while waiting for the VNC viewer to start up. On Windows this
can give extra time to enter the Putty/Plink password, etc. can give extra time to enter the Putty/Plink password, etc.
Putty Args:
Windows only, supply a string to be added to all plink.exe
and putty.exe commands. Example: -i C:\mykey.ppk
Launch Putty Pagent:
Windows only, launch the Putty key agent tool (pageant) to hold
your SSH private keys for automatic logging in by putty/plink.
Launch Putty Key-Gen:
Windows only, launch the Putty key generation tool (puttygen)
to create new SSH private keys.
Unix ssvncviewer: Unix ssvncviewer:
Display a popup menu with options that apply to the special Display a popup menu with options that apply to the special
...@@ -14372,7 +14687,8 @@ proc help_ssvncviewer_opts {} { ...@@ -14372,7 +14687,8 @@ proc help_ssvncviewer_opts {} {
These are environment variables one may set to affect the options These are environment variables one may set to affect the options
of the SSVNC vncviewer: of the SSVNC vncviewer and also the ss_vncviewer wrapper script
(and hence may apply to 3rd party vncviewers too)
VNCVIEWER_ALPHABLEND (-alpha, see Cursor Alphablending above) VNCVIEWER_ALPHABLEND (-alpha, see Cursor Alphablending above)
VNCVIEWER_POPUP_FIX (-popupfix, warp popup to mouse location) VNCVIEWER_POPUP_FIX (-popupfix, warp popup to mouse location)
...@@ -14387,17 +14703,36 @@ proc help_ssvncviewer_opts {} { ...@@ -14387,17 +14703,36 @@ proc help_ssvncviewer_opts {} {
VNCVIEWER_NOTTY (-notty, see Avoid Using Terminal above) VNCVIEWER_NOTTY (-notty, see Avoid Using Terminal above)
VNCVIEWER_ESCAPE (-escape, see Escape Keys above) VNCVIEWER_ESCAPE (-escape, see Escape Keys above)
VNCVIEWER_ULTRADSM (-ultradsm) VNCVIEWER_ULTRADSM (-ultradsm)
VNCVIEWER_PIPELINE_UPDATES (-pipeline, see above)
VNCVIEWER_SEND_CLIPBOARD (-sendclipboard) VNCVIEWER_SEND_CLIPBOARD (-sendclipboard)
VNCVIEWER_SEND_ALWAYS (-sendalways) VNCVIEWER_SEND_ALWAYS (-sendalways)
VNCVIEWER_RECV_TEXT (-recvtext clipboard/primary/both) VNCVIEWER_RECV_TEXT (-recvtext clipboard/primary/both)
VNCVIEWER_NO_CUTBUFFER (do not send CUTBUFFER0 as fallback) VNCVIEWER_NO_CUTBUFFER (do not send CUTBUFFER0 as fallback)
VNCVIEWER_NO_PIPELINE_UPDATES (-nopipeline) VNCVIEWER_NO_PIPELINE_UPDATES (-nopipeline)
VNCVIEWER_ALWAYS_RECENTER (set to avoid(?) recentering on resize)
VNCVIEWER_IS_REALVNC4 (indicate vncviewer is realvnc4 flavor.)
VNCVIEWER_NO_IPV4 (-noipv4)
VNCVIEWER_NO_IPV6 (-noipv6)
VNCVIEWER_FORCE_UP (force raise on fullscreen graball)
VNCVIEWER_PASSWORD (danger: set vnc passwd via env. var.)
VNCVIEWER_MIN_TITLE (minimum window title (appshare))
VNCVIEWERCMD (unix viewer command, default vncviewer) VNCVIEWERCMD (unix viewer command, default vncviewer)
VNCVIEWERCMD_OVERRIDE (force override of VNCVIEWERCMD) VNCVIEWERCMD_OVERRIDE (force override of VNCVIEWERCMD)
VNCVIEWERCMD_EXTRA_OPTS (extra options to pass to VNCVIEWERCMD) VNCVIEWERCMD_EXTRA_OPTS (extra options to pass to VNCVIEWERCMD)
VNCVIEWER_LISTEN_LOCALHOST (force ssvncviewer to -listen on localhost) VNCVIEWER_LISTEN_LOCALHOST (force ssvncviewer to -listen on localhost)
VNCVIEWER_NO_SEC_TYPE_TIGHT(force ssvncviewer to skip rfbSecTypeTight) VNCVIEWER_NO_SEC_TYPE_TIGHT(force ssvncviewer to skip rfbSecTypeTight)
HEXTILE_YCROP_TOO (testing: nosync_ycrop for hextile updates.)
SS_DEBUG (very verbose debug printout by script.)
SS_VNCVIEWER_LISTEN_PORT (force listen port.)
SS_VNCVIEWER_NO_F (no -f for SSH.)
SS_VNCVIEWER_NO_T (no -t for SSH.)
SS_VNCVIEWER_USE_C (force -C compression for SSH.)
SS_VNCVIEWER_SSH_CMD (override SSH command to run.)
SS_VNCVIEWER_NO_MAXCONN (no maxconn for stunnel (obsolete))
SS_VNCVIEWER_RM (file containing vnc passwd to remove.)
SS_VNCVIEWER_SSH_ONLY (run the SSH command, then exit.)
SSVNC_MULTIPLE_LISTEN (-multilisten, see Multiple LISTEN above) SSVNC_MULTIPLE_LISTEN (-multilisten, see Multiple LISTEN above)
SSVNC_ACCEPT_POPUP (-acceptpopup, see Accept Popup Dialog) SSVNC_ACCEPT_POPUP (-acceptpopup, see Accept Popup Dialog)
...@@ -14415,36 +14750,58 @@ proc help_ssvncviewer_opts {} { ...@@ -14415,36 +14750,58 @@ proc help_ssvncviewer_opts {} {
Misc (special usage or debugging or ss_vncviewer settings): Misc (special usage or debugging or ss_vncviewer settings):
SSVNC_MESG_DELAY (sleep this many millisec between messages) SSVNC_MESG_DELAY (sleep this many millisec between messages)
SSVNC_NO_ENC_WARN (do not print out a NO ENCRYPTION warning)
SSVNC_EXTRA_SLEEP (same as Sleep: window) SSVNC_EXTRA_SLEEP (same as Sleep: window)
SSVNC_NO_ULTRA_DSM (disable ultravnc dsm encryption) SSVNC_NO_ULTRA_DSM (disable ultravnc dsm encryption)
SSVNC_ULTRA_DSM (the ultravnc_dsm_helper command)
SSVNC_ULTRA_FTP_JAR (file location of ultraftp.jar jar file) SSVNC_ULTRA_FTP_JAR (file location of ultraftp.jar jar file)
SSVNC_KNOWN_HOSTS_FILE (file for per-connection ssh known hosts) SSVNC_KNOWN_HOSTS_FILE (file for per-connection ssh known hosts)
SSVNC_SCALE_STATS SSVNC_SCALE_STATS (print scaling stats)
SSVNC_DEBUG_RELEASE SSVNC_NOSOLID (disable solid special case while scaling)
SSVNC_DEBUG_ESCAPE_KEYS SSVNC_DEBUG_RELEASE (debug printout for keyboard modifiers.)
SSVNC_NO_MAYBE_SYNC SSVNC_DEBUG_ESCAPE_KEYS (debug printout for escape keys)
SSVNC_NO_MAYBE_SYNC (skip XSync() calls in certain painting)
SSVNC_MAX_LISTEN (number of time to listen for reverse conn.) SSVNC_MAX_LISTEN (number of time to listen for reverse conn.)
SSVNC_LISTEN_ONCE (listen for reverse conn. only once) SSVNC_LISTEN_ONCE (listen for reverse conn. only once)
STUNNEL_LISTEN (stunnel interface for reverse conn. STUNNEL_LISTEN (stunnel interface for reverse conn.
SSVNC_EXIT_DEBUG SSVNC_NO_MESSAGE_POPUP (do not place info messages in popup.)
SSVNC_DEBUG_CHAT SSVNC_SET_SECURITY_TYPE (force VeNCrypt security type)
SSVNC_NO_MESSAGE_POPUP SSVNC_PREDIGESTED_HANDSHAKE (string used for VeNCrypt, etc. connect)
SSVNC_SET_SECURITY_TYPE SSVNC_SKIP_RFB_PROTOCOL_VERSION (force viewer to be RFB 3.8)
SSVNC_PREDIGESTED_HANDSHAKE SSVNC_DEBUG_SEC_TYPES (debug security types for VeNCrypt)
SSVNC_SKIP_RFB_PROTOCOL_VERSION SSVNC_DEBUG_MSLOGON (extra printout for ultravnc mslogon proto)
SSVNC_DEBUG_SEC_TYPES SSVNC_DEBUG_RECTS (printout debug for RFB rectangles.)
SSVNC_DEBUG_MSLOGON SSVNC_DEBUG_CHAT (printout debug info for chat mode.)
SSVNC_DEBUG_RECTS SSVNC_DELAY_SYNC (faster local drawing delaying XSync)
SSVNC_DEBUG_CHAT SSVNC_DEBUG_SELECTION (printout debug for selection/clipboard)
SSVNC_DELAY_SYNC SSVNC_REPEATER (URL-ish sslrepeater:// thing for UltraVNC)
SSVNC_DEBUG_SELECTION SSVNC_VENCRYPT_DEBUG (debug printout for VeNCrypt mode.)
SSVNC_REPEATER SSVNC_VENCRYPT_USERPASS (force VeNCrypt user:pass)
SSVNC_VENCRYPT_DEBUG SSVNC_STUNNEL_DEBUG (increase stunnel debugging printout)
SSVNC_STUNNEL_DEBUG SSVNC_STUNNEL_VERIFY3 (increase stunnel verify from 2 to 3)
SSVNC_TEST_SEC_TYPE SSVNC_LIM_ACCEPT_PRELOAD (preload library to limit accept(2))
SSVNC_LIM_ACCEPT_PRELOAD SSVNC_SOCKS5 (socks5 for x11vnc PORT= mode, default)
SSVNC_SOCKS5 SSVNC_SOCKS4 (socks4 for x11vnc PORT= mode)
SSVNC_NO_IPV6_PROXY (do not setup a ipv6:// proxy)
SSVNC_NO_IPV6_PROXY_DIRECT (do not setup a ipv6:// proxy unencrypted)
SSVNC_PORT_IPV6 (x11vnc PORT= mode is to ipv6-only)
SSVNC_IPV6 (0 to disable ss_vncviewer ipv6 check) SSVNC_IPV6 (0 to disable ss_vncviewer ipv6 check)
SSVNC_FETCH_TIMEOUT (ss_vncviewer cert fetch timeout)
SSVNC_USE_S_CLIENT (force cert fetch to be 'openssl s_client')
SSVNC_SHOWCERT_EXIT_0 (force showcert to exit with success)
SSVNC_SSH_LOCALHOST_AUTH (force SSH localhost auth check.)
SSVNC_TEST_SEC_TYPE (force PPROXY VeNCrypt type; testing)
SSVNC_TEST_SEC_SUBTYPE (force PPROXY VeNCrypt subtype; testing)
SSVNC_EXIT_DEBUG (testing: prompt to exit at end.)
SSVNC_UP_DEBUG (gui user/passwd debug mode.)
SSVNC_UP_FILE (gui user/passwd file.)
STUNNEL_EXTRA_OPTS (extra options for stunnel.)
X11VNC_APPSHARE_DEBUG (for debugging -appshare mode.)
NO_X11VNC_APPSHARE (shift down for escape keys.)
DEBUG_HandleFileXfer (ultravnc filexfer)
DEBUG_RFB_SMSG (RFB server message debug.)
} }
.av.f.t insert end $msg .av.f.t insert end $msg
...@@ -15956,7 +16313,7 @@ proc choose_xserver_dialog {} { ...@@ -15956,7 +16313,7 @@ proc choose_xserver_dialog {} {
proc set_ts_options {} { proc set_ts_options {} {
global use_cups use_sound use_smbmnt global use_cups use_sound use_smbmnt
global change_vncviewer choose_xserver global change_vncviewer choose_xserver
global ts_only global ts_only is_windows
global darwin_cotvnc use_x11_macosx uname global darwin_cotvnc use_x11_macosx uname
if {! $ts_only} { if {! $ts_only} {
return return
...@@ -16011,11 +16368,12 @@ proc set_ts_options {} { ...@@ -16011,11 +16368,12 @@ proc set_ts_options {} {
-command change_vncviewer_dialog_wrap -command change_vncviewer_dialog_wrap
incr i incr i
checkbutton .ot.b$i -anchor w -variable use_x11_macosx -text \ if {!$is_windows && $uname == "Darwin"} {
"X11 viewer MacOSX" \ checkbutton .ot.b$i -anchor w -variable use_x11_macosx -text \
-command {if {$use_x11_macosx} {set darwin_cotvnc 0} else {set darwin_cotvnc 1}; set_darwin_cotvnc_buttons} "X11 viewer MacOSX" \
if {$uname != "Darwin"} {.ot.b$i configure -state disabled} -command {if {$use_x11_macosx} {set darwin_cotvnc 0} else {set darwin_cotvnc 1}; set_darwin_cotvnc_buttons}
incr i incr i
}
button .ot.b$i -anchor w -text " Delete Profile..." \ button .ot.b$i -anchor w -text " Delete Profile..." \
-command {destroy .ot; delete_profile} -command {destroy .ot; delete_profile}
...@@ -16105,17 +16463,36 @@ proc set_ts_adv_options {} { ...@@ -16105,17 +16463,36 @@ proc set_ts_adv_options {} {
-command {if {$choose_sleep} {ts_sleep_dialog}} -command {if {$choose_sleep} {ts_sleep_dialog}}
incr i incr i
checkbutton .ot2.b$i -anchor w -variable ssh_local_protection -text \ if {$is_windows} {
"SSH Local Protections" \ checkbutton .ot2.b$i -anchor w -variable choose_parg -text \
-command {if {$ssh_local_protection} {ssh_sec_dialog}} "Putty Args" \
if {$is_windows} {.ot2.b$i configure -state disabled} -command {if {$choose_parg} {ts_putty_args_dialog}}
incr i incr i
}
checkbutton .ot2.b$i -anchor w -variable ssh_known_hosts -text \ if {!$is_windows} {
"SSH KnownHosts file" \ checkbutton .ot2.b$i -anchor w -variable ssh_local_protection -text \
-command {if {$ssh_known_hosts} {ssh_known_hosts_dialog}} "SSH Local Protections" \
if {$is_windows} {.ot2.b$i configure -state disabled} -command {if {$ssh_local_protection} {ssh_sec_dialog}}
incr i if {$is_windows} {.ot2.b$i configure -state disabled}
incr i
checkbutton .ot2.b$i -anchor w -variable ssh_known_hosts -text \
"SSH KnownHosts file" \
-command {if {$ssh_known_hosts} {ssh_known_hosts_dialog}}
if {$is_windows} {.ot2.b$i configure -state disabled}
incr i
}
if {$is_windows} {
button .ot2.b$i -anchor w -text " Putty Agent" \
-command {catch {exec pageant.exe &}}
incr i
button .ot2.b$i -anchor w -text " Putty Key-Gen" \
-command {catch {exec puttygen.exe &}}
incr i
}
global env global env
if {![info exists env(SSVNC_TS_ALWAYS)]} { if {![info exists env(SSVNC_TS_ALWAYS)]} {
...@@ -16123,18 +16500,21 @@ proc set_ts_adv_options {} { ...@@ -16123,18 +16500,21 @@ proc set_ts_adv_options {} {
-command {destroy .ot2; to_ssvnc} -command {destroy .ot2; to_ssvnc}
incr i incr i
} }
button .ot2.b$i -anchor w -text " Unix ssvncviewer ..." \
-command {set_ssvncviewer_options} if {!$is_windows} {
if {$is_windows} { button .ot2.b$i -anchor w -text " Unix ssvncviewer ..." \
.ot2.b$i configure -state disabled -command {set_ssvncviewer_options}
} if {$is_windows} {
global change_vncviewer .ot2.b$i configure -state disabled
if {$change_vncviewer} { }
.ot2.b$i configure -state disabled global change_vncviewer
if {$change_vncviewer} {
.ot2.b$i configure -state disabled
}
global ts_uss_button
set ts_uss_button .ot2.b$i
incr i
} }
global ts_uss_button
set ts_uss_button .ot2.b$i
incr i
for {set j 1} {$j < $i} {incr j} { for {set j 1} {$j < $i} {incr j} {
pack .ot2.b$j -side top -fill x pack .ot2.b$j -side top -fill x
...@@ -16228,33 +16608,37 @@ proc set_advanced_options {} { ...@@ -16228,33 +16608,37 @@ proc set_advanced_options {} {
global use_ssl use_ssh use_sshssl global use_ssl use_ssh use_sshssl
checkbutton .oa.b$i -anchor w -variable ssh_known_hosts -text \ if {!$is_windows} {
"Private SSH KnownHosts file" \ checkbutton .oa.b$i -anchor w -variable ssh_known_hosts -text \
-command {if {$ssh_known_hosts} {ssh_known_hosts_dialog}} "Private SSH KnownHosts file" \
set adv_ssh(knownhosts) .oa.b$i -command {if {$ssh_known_hosts} {ssh_known_hosts_dialog}}
if {$use_ssl} {.oa.b$i configure -state disabled} set adv_ssh(knownhosts) .oa.b$i
if {$is_windows} {.oa.b$i configure -state disabled} if {$use_ssl} {.oa.b$i configure -state disabled}
incr i if {$is_windows} {.oa.b$i configure -state disabled}
incr i
checkbutton .oa.b$i -anchor w -variable ssh_local_protection -text \ checkbutton .oa.b$i -anchor w -variable ssh_local_protection -text \
"SSH Local Port Protections" \ "SSH Local Port Protections" \
-command {if {$ssh_local_protection} {ssh_sec_dialog}} -command {if {$ssh_local_protection} {ssh_sec_dialog}}
global ssh_local_protection_button global ssh_local_protection_button
set ssh_local_protection_button .oa.b$i set ssh_local_protection_button .oa.b$i
if {$use_ssl} {.oa.b$i configure -state disabled} if {$use_ssl} {.oa.b$i configure -state disabled}
if {$is_windows} {.oa.b$i configure -state disabled} if {$is_windows} {.oa.b$i configure -state disabled}
incr i incr i
}
global ssh_only global ssh_only
if {!$ssh_only} { if {!$ssh_only} {
checkbutton .oa.b$i -anchor w -variable stunnel_local_protection -text \ if {!$is_windows} {
"STUNNEL Local Port Protections" \ checkbutton .oa.b$i -anchor w -variable stunnel_local_protection -text \
-command {if {$stunnel_local_protection} {stunnel_sec_dialog}} "STUNNEL Local Port Protections" \
global stunnel_local_protection_button -command {if {$stunnel_local_protection} {stunnel_sec_dialog}}
set stunnel_local_protection_button .oa.b$i global stunnel_local_protection_button
if {$use_ssh} {.oa.b$i configure -state disabled} set stunnel_local_protection_button .oa.b$i
if {$is_windows} {.oa.b$i configure -state disabled} if {$use_ssh} {.oa.b$i configure -state disabled}
incr i if {$is_windows} {.oa.b$i configure -state disabled}
incr i
}
checkbutton .oa.b$i -anchor w -variable disable_ssl_workarounds -text \ checkbutton .oa.b$i -anchor w -variable disable_ssl_workarounds -text \
"Disable SSL Workarounds" \ "Disable SSL Workarounds" \
...@@ -16264,14 +16648,16 @@ proc set_advanced_options {} { ...@@ -16264,14 +16648,16 @@ proc set_advanced_options {} {
if {$use_ssh} {.oa.b$i configure -state disabled} if {$use_ssh} {.oa.b$i configure -state disabled}
incr i incr i
checkbutton .oa.b$i -anchor w -variable ultra_dsm -text \ if {!$is_windows} {
"UltraVNC DSM Encryption Plugin" \ checkbutton .oa.b$i -anchor w -variable ultra_dsm -text \
-command {if {$ultra_dsm} {ultra_dsm_dialog}} "UltraVNC DSM Encryption Plugin" \
global ultra_dsm_button -command {if {$ultra_dsm} {ultra_dsm_dialog}}
set ultra_dsm_button .oa.b$i global ultra_dsm_button
if {$is_windows} {.oa.b$i configure -state disabled} set ultra_dsm_button .oa.b$i
if {$use_ssh} {.oa.b$i configure -state disabled} if {$is_windows} {.oa.b$i configure -state disabled}
incr i if {$use_ssh} {.oa.b$i configure -state disabled}
incr i
}
checkbutton .oa.b$i -anchor w -variable no_probe_vencrypt -text \ checkbutton .oa.b$i -anchor w -variable no_probe_vencrypt -text \
"Do not Probe for VeNCrypt" "Do not Probe for VeNCrypt"
...@@ -16315,37 +16701,58 @@ proc set_advanced_options {} { ...@@ -16315,37 +16701,58 @@ proc set_advanced_options {} {
frame .oa.fis.fR frame .oa.fis.fR
label .oa.fis.fL.la -anchor w -text "Include:" label .oa.fis.fL.la -anchor w -text "Include:"
label .oa.fis.fL.lb -anchor w -text "Sleep:" label .oa.fis.fL.lb -anchor w -text "Sleep:"
pack .oa.fis.fL.la .oa.fis.fL.lb -side top -fill x if {$is_windows} {
label .oa.fis.fL.lc -anchor w -text "Putty Args:"
pack .oa.fis.fL.la .oa.fis.fL.lb .oa.fis.fL.lc -side top -fill x
} else {
pack .oa.fis.fL.la .oa.fis.fL.lb -side top -fill x
}
entry .oa.fis.fR.ea -width 10 -textvariable include_list entry .oa.fis.fR.ea -width 10 -textvariable include_list
entry .oa.fis.fR.eb -width 10 -textvariable extra_sleep entry .oa.fis.fR.eb -width 10 -textvariable extra_sleep
pack .oa.fis.fR.ea .oa.fis.fR.eb -side top -fill x if {$is_windows} {
entry .oa.fis.fR.ec -width 10 -textvariable putty_args
pack .oa.fis.fR.ea .oa.fis.fR.eb .oa.fis.fR.ec -side top -fill x
} else {
pack .oa.fis.fR.ea .oa.fis.fR.eb -side top -fill x
}
pack .oa.fis.fL -side left pack .oa.fis.fL -side left
pack .oa.fis.fR -side right -expand 1 -fill x pack .oa.fis.fR -side right -expand 1 -fill x
pack .oa.fis -side top -fill x pack .oa.fis -side top -fill x
global uname
set t1 " Unix ssvncviewer ..."
if {$uname == "Darwin" } { regsub {^ *} $t1 "" t1 }
button .oa.ss -anchor w -text $t1 -command set_ssvncviewer_options
pack .oa.ss -side top -fill x
if {$is_windows} {
.oa.ss configure -state disabled
}
global change_vncviewer
if {$change_vncviewer} {
.oa.ss configure -state disabled
}
set t2 " Use ssh-agent" if {!$is_windows} {
if {$uname == "Darwin" } { regsub {^ *} $t2 "" t2 } global uname
set t1 " Unix ssvncviewer ..."
if {$uname == "Darwin" } { regsub {^ *} $t1 "" t1 }
button .oa.ss -anchor w -text $t1 -command set_ssvncviewer_options
pack .oa.ss -side top -fill x
if {$is_windows} {
.oa.ss configure -state disabled
}
global change_vncviewer
if {$change_vncviewer} {
.oa.ss configure -state disabled
}
button .oa.sa -anchor w -text $t2 -command ssh_agent_restart set t2 " Use ssh-agent"
pack .oa.sa -side top -fill x if {$uname == "Darwin" } { regsub {^ *} $t2 "" t2 }
if {$is_windows} {
.oa.sa configure -state disabled button .oa.sa -anchor w -text $t2 -command ssh_agent_restart
pack .oa.sa -side top -fill x
if {$is_windows} {
.oa.sa configure -state disabled
}
} else {
set t1 " Launch Putty Agent"
button .oa.pa -anchor w -text $t1 -command {catch {exec pageant.exe &}}
pack .oa.pa -side top -fill x
set t2 " Launch Putty Key-Gen"
button .oa.pg -anchor w -text $t2 -command {catch {exec puttygen.exe &}}
pack .oa.pg -side top -fill x
} }
frame .oa.b frame .oa.b
...@@ -18619,8 +19026,15 @@ for {set i 0} {$i < $argc} {incr i} { ...@@ -18619,8 +19026,15 @@ for {set i 0} {$i < $argc} {incr i} {
if {$ok} { if {$ok} {
update update
set didload 1 set didload 1
after 750 if [info exists env(SSVNC_PROFILE_LOADONLY)] {
launch if {$env(SSVNC_PROFILE_LOADONLY) == "1"} {
set ok 0
}
}
if {$ok} {
after 750
launch
}
} }
} }
} }
......
x11vnc/misc/enhanced_tightvnc_viewer/build.unix
View file @ 21fd3a45
...@@ -453,7 +453,7 @@ if [ "X$SSVNC_BUILD_SKIP_VNCSTOREPW" = "X" ]; then ...@@ -453,7 +453,7 @@ if [ "X$SSVNC_BUILD_SKIP_VNCSTOREPW" = "X" ]; then
cd $tmp/vncstorepw cd $tmp/vncstorepw
make clean make clean
env LD_SSL="-L$start/$libs $LDFLAGS_OS" CPP_SSL="$CPPFLAGS_OS" make ultravnc_dsm_helper env LD_SSL="-L$start/$libs $LDFLAGS_OS $LD_SSL" CPP_SSL="$CPPFLAGS_OS" make ultravnc_dsm_helper
cd "$start" cd "$start"
cp -p $tmp/vncstorepw/ultravnc_dsm_helper $dest cp -p $tmp/vncstorepw/ultravnc_dsm_helper $dest
......
x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle
View file @ 21fd3a45
#!/bin/sh #!/bin/sh
rm -rf ./src/tmp/* || exit 1 rm -rf ./src/tmp/* || exit 1
vers=1.0.27 vers=1.0.28
cd .. || exit 1 cd .. || exit 1
......
x11vnc/x11vnc.1
View file @ 21fd3a45
.\" This file was automatically generated from x11vnc -help output. .\" This file was automatically generated from x11vnc -help output.
.TH X11VNC "1" "April 2010" "x11vnc " "User Commands" .TH X11VNC "1" "May 2010" "x11vnc " "User Commands"
.SH NAME .SH NAME
x11vnc - allow VNC connections to real X11 displays x11vnc - allow VNC connections to real X11 displays
version: 0.9.10, lastmod: 2010-04-28 version: 0.9.11, lastmod: 2010-05-02
.SH SYNOPSIS .SH SYNOPSIS
.B x11vnc .B x11vnc
[OPTION]... [OPTION]...
......
x11vnc/x11vnc_defs.c
View file @ 21fd3a45
...@@ -47,7 +47,7 @@ int xtrap_base_event_type = 0; ...@@ -47,7 +47,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0; int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */ /* date +'lastmod: %Y-%m-%d' */
char lastmod[] = "0.9.10 lastmod: 2010-04-28"; char lastmod[] = "0.9.11 lastmod: 2010-05-02";
/* X display info */ /* X display info */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment