Commit 268359a6 authored by runge's avatar runge

x11vnc: tweaks to ssl_xfer; -ssltimeout option.

parent 34c62cfd
...@@ -220,6 +220,7 @@ if [ "X$use_ssh" = "X1" ]; then ...@@ -220,6 +220,7 @@ if [ "X$use_ssh" = "X1" ]; then
echo "" echo ""
echo "Running ssh:" echo "Running ssh:"
echo "$ssh -f -p $ssh_port -L ${use}:${vnc_host}:${port} $ssh_host \"$ssh_cmd\"" echo "$ssh -f -p $ssh_port -L ${use}:${vnc_host}:${port} $ssh_host \"$ssh_cmd\""
echo ""
$ssh -f -p $ssh_port -L ${use}:${vnc_host}:${port} $ssh_host "$ssh_cmd" $ssh -f -p $ssh_port -L ${use}:${vnc_host}:${port} $ssh_host "$ssh_cmd"
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
echo "" echo ""
...@@ -236,6 +237,7 @@ if [ "X$use_ssh" = "X1" ]; then ...@@ -236,6 +237,7 @@ if [ "X$use_ssh" = "X1" ]; then
echo "" echo ""
echo "Running viewer:" echo "Running viewer:"
echo $VNCVIEWERCMD "$@" localhost:$N echo $VNCVIEWERCMD "$@" localhost:$N
echo ""
$VNCVIEWERCMD "$@" localhost:$N $VNCVIEWERCMD "$@" localhost:$N
exit $? exit $?
...@@ -420,11 +422,12 @@ foreground = yes ...@@ -420,11 +422,12 @@ foreground = yes
pid = pid =
client = yes client = yes
debug = 6 debug = 6
$STUNNEL_EXTRA_OPTS
$verify $verify
$cert $cert
[vnc_stunnel] [vnc_stunnel]
accept = $use accept = localhost:$use
$connect $connect
END END
...@@ -436,7 +439,8 @@ echo "" ...@@ -436,7 +439,8 @@ echo ""
sleep 1 sleep 1
echo "" echo ""
echo "Running: $STUNNEL $tmp" echo "Running: stunnel"
echo "$STUNNEL $tmp"
$STUNNEL "$tmp" < /dev/tty > /dev/tty & $STUNNEL "$tmp" < /dev/tty > /dev/tty &
pid=$! pid=$!
echo "" echo ""
...@@ -452,6 +456,7 @@ rm -f "$tmp" ...@@ -452,6 +456,7 @@ rm -f "$tmp"
echo "" echo ""
echo "Running viewer:" echo "Running viewer:"
echo $VNCVIEWERCMD "$@" localhost:$N echo $VNCVIEWERCMD "$@" localhost:$N
echo ""
$VNCVIEWERCMD "$@" localhost:$N $VNCVIEWERCMD "$@" localhost:$N
kill $pid kill $pid
......
This source diff could not be displayed because it is too large. You can view the blob instead.
...@@ -759,6 +759,13 @@ void print_help(int mode) { ...@@ -759,6 +759,13 @@ void print_help(int mode) {
" Also in the x11vnc source a SSL enabled Java VNC Viewer\n" " Also in the x11vnc source a SSL enabled Java VNC Viewer\n"
" applet is provided in the classes/ssl directory.\n" " applet is provided in the classes/ssl directory.\n"
"\n" "\n"
"-ssltimeout n Set SSL read timeout to n seconds. In some situations\n"
" (i.e. an iconified viewer in Windows) the viewer stops\n"
" talking and the connection is dropped after the default\n"
" timeout (25s for about the first minute, 43200s later).\n"
" Set to zero to poll forever. Set to a negative value\n"
" to use the builtin setting.\n"
"\n"
"-ssldir [dir] Use [dir] as an alternate ssl certificate and key\n" "-ssldir [dir] Use [dir] as an alternate ssl certificate and key\n"
" management toplevel directory. The default is\n" " management toplevel directory. The default is\n"
" ~/.vnc/certs\n" " ~/.vnc/certs\n"
...@@ -3048,6 +3055,7 @@ void print_help(int mode) { ...@@ -3048,6 +3055,7 @@ void print_help(int mode) {
" input_skip:n set -input_skip to n.\n" " input_skip:n set -input_skip to n.\n"
" allinput enable use of -allinput mode.\n" " allinput enable use of -allinput mode.\n"
" noallinput disable use of -allinput mode.\n" " noallinput disable use of -allinput mode.\n"
" ssltimeout:n set -ssltimeout to n.\n"
" speeds:str set -speeds to str.\n" " speeds:str set -speeds to str.\n"
" wmdt:str set -wmdt to str.\n" " wmdt:str set -wmdt to str.\n"
" debug_pointer enable -debug_pointer, same as \"dp\"\n" " debug_pointer enable -debug_pointer, same as \"dp\"\n"
...@@ -3177,9 +3185,9 @@ void print_help(int mode) { ...@@ -3177,9 +3185,9 @@ void print_help(int mode) {
" nowf wirecopyrect wcr nowirecopyrect nowcr scr_area\n" " nowf wirecopyrect wcr nowirecopyrect nowcr scr_area\n"
" scr_skip scr_inc scr_keys scr_term scr_keyrepeat\n" " scr_skip scr_inc scr_keys scr_term scr_keyrepeat\n"
" scr_parms scrollcopyrect scr noscrollcopyrect noscr\n" " scr_parms scrollcopyrect scr noscrollcopyrect noscr\n"
" fixscreen noxrecord xrecord reset_record pointer_mode\n" " fixscreen noxrecord xrecord reset_record pointer_mode pm\n"
" pm input_skip allinput noallinput input grabkbd\n" " input_skip allinput noallinput input grabkbd nograbkbd\n"
" nograbkbd grabptr nograbptr client_input speeds wmdt\n" " grabptr nograbptr client_input ssltimeout speeds wmdt\n"
" debug_pointer dp nodebug_pointer nodp debug_keyboard\n" " debug_pointer dp nodebug_pointer nodp debug_keyboard\n"
" dk nodebug_keyboard nodk deferupdate defer wait_ui\n" " dk nodebug_keyboard nodk deferupdate defer wait_ui\n"
" wait_bog nowait_bog slow_fb wait readtimeout nap nonap\n" " wait_bog nowait_bog slow_fb wait readtimeout nap nonap\n"
......
...@@ -29,6 +29,7 @@ char *ssl_certs_dir = NULL; ...@@ -29,6 +29,7 @@ char *ssl_certs_dir = NULL;
int https_port_num = -1; int https_port_num = -1;
char *ssl_verify = NULL; char *ssl_verify = NULL;
int ssl_initialized = 0; int ssl_initialized = 0;
int ssl_timeout_secs = -1;
int usepw = USEPW; int usepw = USEPW;
char *blackout_str = NULL; /* -blackout */ char *blackout_str = NULL; /* -blackout */
int blackout_ptr = 0; int blackout_ptr = 0;
......
...@@ -29,6 +29,7 @@ extern char *ssl_certs_dir; ...@@ -29,6 +29,7 @@ extern char *ssl_certs_dir;
extern int https_port_num; extern int https_port_num;
extern char *ssl_verify; extern char *ssl_verify;
extern int ssl_initialized; extern int ssl_initialized;
extern int ssl_timeout_secs;
extern int usepw; extern int usepw;
extern char *blackout_str; extern char *blackout_str;
extern int blackout_ptr; extern int blackout_ptr;
......
...@@ -3136,6 +3136,19 @@ char *process_remote_cmd(char *cmd, int stringonly) { ...@@ -3136,6 +3136,19 @@ char *process_remote_cmd(char *cmd, int stringonly) {
p += strlen("client_input:"); p += strlen("client_input:");
set_client_input(p); set_client_input(p);
} else if (strstr(p, "ssltimeout") == p) {
int is;
COLON_CHECK("ssltimeout:")
if (query) {
snprintf(buf, bufn, "ans=%s%s%d", p, co,
ssl_timeout_secs);
goto qry;
}
p += strlen("ssltimeout:");
is = atoi(p);
rfbLog("remote_cmd: setting ssltimeout: %d\n", is);
ssl_timeout_secs = is;
} else if (strstr(p, "speeds") == p) { } else if (strstr(p, "speeds") == p) {
COLON_CHECK("speeds:") COLON_CHECK("speeds:")
if (query) { if (query) {
......
...@@ -1932,20 +1932,21 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) { ...@@ -1932,20 +1932,21 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
int cptr, sptr, c_rd, c_wr, s_rd, s_wr; int cptr, sptr, c_rd, c_wr, s_rd, s_wr;
fd_set rd, wr; fd_set rd, wr;
struct timeval tv; struct timeval tv;
int ssock, cnt = 0; int ssock, cnt = 0, ndata = 0;
/* /*
* we want to switch to a longer timeout for long term VNC * we want to switch to a longer timeout for long term VNC
* connections (in case the network is not working for short * connections (in case the network is not working for periods of
* periods), but we also want the timeout shorter at the beginning * time), but we also want the timeout shorter at the beginning
* in case the client went away. * in case the client went away.
*/ */
time_t start; time_t start;
int tv_https_early = 60; int tv_https_early = 60;
int tv_https_later = 20; int tv_https_later = 20;
int tv_vnc_early = 25; int tv_vnc_early = 25;
int tv_vnc_later = 300; int tv_vnc_later = 43200; /* was 300, stunnel: 43200 */
int tv_cutover = 120; int tv_cutover = 70;
int tv_closing = 60;
int tv_use; int tv_use;
if (dbxfer) { if (dbxfer) {
...@@ -2002,7 +2003,7 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) { ...@@ -2002,7 +2003,7 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
sptr = 0; sptr = 0;
while (1) { while (1) {
int c_to_s, s_to_c; int c_to_s, s_to_c, closing;
if ( s_wr && (c_rd || cptr > 0) ) { if ( s_wr && (c_rd || cptr > 0) ) {
/* /*
...@@ -2070,6 +2071,8 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) { ...@@ -2070,6 +2071,8 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
} }
if (tv_cutover && time(NULL) > start + tv_cutover) { if (tv_cutover && time(NULL) > start + tv_cutover) {
rfbLog("SSL: ssl_xfer[%d]: tv_cutover: %d\n", getpid(),
tv_cutover);
tv_cutover = 0; tv_cutover = 0;
if (is_https) { if (is_https) {
tv_use = tv_https_later; tv_use = tv_https_later;
...@@ -2077,12 +2080,26 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) { ...@@ -2077,12 +2080,26 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
tv_use = tv_vnc_later; tv_use = tv_vnc_later;
} }
} }
if (ssl_timeout_secs > 0) {
tv_use = ssl_timeout_secs;
}
if ( (s_rd && c_rd) || cptr || sptr) {
closing = 0;
} else {
closing = 1;
tv_use = tv_closing;
}
tv.tv_sec = tv_use; tv.tv_sec = tv_use;
tv.tv_usec = 0; tv.tv_usec = 0;
/* do the select, repeat if interrupted */ /* do the select, repeat if interrupted */
do { do {
nfd = select(fdmax+1, &rd, &wr, NULL, &tv); if (ssl_timeout_secs == 0) {
nfd = select(fdmax+1, &rd, &wr, NULL, NULL);
} else {
nfd = select(fdmax+1, &rd, &wr, NULL, &tv);
}
} while (nfd < 0 && errno == EINTR); } while (nfd < 0 && errno == EINTR);
if (db > 1) fprintf(stderr, "nfd: %d\n", nfd); if (db > 1) fprintf(stderr, "nfd: %d\n", nfd);
...@@ -2095,8 +2112,17 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) { ...@@ -2095,8 +2112,17 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
} }
if (nfd == 0) { if (nfd == 0) {
rfbLog("SSL: ssl_xfer[%d]: connection timedout.\n", if (!closing && tv_cutover && ndata > 25000) {
getpid()); static int cn = 0;
/* probably ok, early windows iconify */
if (cn++ < 2) {
rfbLog("SSL: ssl_xfer[%d]: early time"
"out: %d\n", getpid(), ndata);
}
continue;
}
rfbLog("SSL: ssl_xfer[%d]: connection timedout. %d\n",
getpid(), ndata);
/* connection finished */ /* connection finished */
return; return;
} }
...@@ -2132,6 +2158,7 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) { ...@@ -2132,6 +2158,7 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
shutdown(csock, SHUT_WR); shutdown(csock, SHUT_WR);
c_wr = 0; c_wr = 0;
} }
ndata += n;
} }
} }
...@@ -2154,6 +2181,7 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) { ...@@ -2154,6 +2181,7 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
SSL_shutdown(ssl); SSL_shutdown(ssl);
s_wr = 0; s_wr = 0;
} }
ndata += n;
} else if (err == SSL_ERROR_WANT_WRITE } else if (err == SSL_ERROR_WANT_WRITE
|| err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_READ
...@@ -2203,6 +2231,7 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) { ...@@ -2203,6 +2231,7 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
/* good */ /* good */
cptr += n; cptr += n;
ndata += n;
} }
} }
...@@ -2220,6 +2249,7 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) { ...@@ -2220,6 +2249,7 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
/* good */ /* good */
sptr += n; sptr += n;
ndata += n;
} else if (err == SSL_ERROR_WANT_WRITE } else if (err == SSL_ERROR_WANT_WRITE
|| err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_READ
......
...@@ -303,6 +303,7 @@ Permissions ...@@ -303,6 +303,7 @@ Permissions
=F stunnel_pem: =F stunnel_pem:
=F ssldir: =F ssldir:
=F sslverify: =F sslverify:
ssltimeout:
https: https:
=GAL LOFF =GAL LOFF
=GAL Misc-Perms:: =GAL Misc-Perms::
......
...@@ -314,6 +314,7 @@ char gui_code[] = ""; ...@@ -314,6 +314,7 @@ char gui_code[] = "";
" =F stunnel_pem:\n" " =F stunnel_pem:\n"
" =F ssldir:\n" " =F ssldir:\n"
" =F sslverify:\n" " =F sslverify:\n"
" ssltimeout:\n"
" https:\n" " https:\n"
" =GAL LOFF\n" " =GAL LOFF\n"
" =GAL Misc-Perms::\n" " =GAL Misc-Perms::\n"
......
.\" This file was automatically generated from x11vnc -help output. .\" This file was automatically generated from x11vnc -help output.
.TH X11VNC "1" "July 2006" "x11vnc " "User Commands" .TH X11VNC "1" "August 2006" "x11vnc " "User Commands"
.SH NAME .SH NAME
x11vnc - allow VNC connections to real X11 displays x11vnc - allow VNC connections to real X11 displays
version: 0.8.3, lastmod: 2006-07-30 version: 0.8.3, lastmod: 2006-08-02
.SH SYNOPSIS .SH SYNOPSIS
.B x11vnc .B x11vnc
[OPTION]... [OPTION]...
...@@ -889,6 +889,15 @@ script that starts up stunnel and then vncviewer. ...@@ -889,6 +889,15 @@ script that starts up stunnel and then vncviewer.
Also in the x11vnc source a SSL enabled Java VNC Viewer Also in the x11vnc source a SSL enabled Java VNC Viewer
applet is provided in the classes/ssl directory. applet is provided in the classes/ssl directory.
.PP .PP
\fB-ssltimeout\fR \fIn\fR
.IP
Set SSL read timeout to n seconds. In some situations
(i.e. an iconified viewer in Windows) the viewer stops
talking and the connection is dropped after the default
timeout (25s for about the first minute, 43200s later).
Set to zero to poll forever. Set to a negative value
to use the builtin setting.
.PP
\fB-ssldir\fR \fI[dir]\fR \fB-ssldir\fR \fI[dir]\fR
.IP .IP
Use [dir] as an alternate ssl certificate and key Use [dir] as an alternate ssl certificate and key
...@@ -3669,6 +3678,8 @@ allinput enable use of \fB-allinput\fR mode. ...@@ -3669,6 +3678,8 @@ allinput enable use of \fB-allinput\fR mode.
.IP .IP
noallinput disable use of \fB-allinput\fR mode. noallinput disable use of \fB-allinput\fR mode.
.IP .IP
ssltimeout:n set \fB-ssltimeout\fR to n.
.IP
speeds:str set \fB-speeds\fR to str. speeds:str set \fB-speeds\fR to str.
.IP .IP
wmdt:str set \fB-wmdt\fR to str. wmdt:str set \fB-wmdt\fR to str.
...@@ -3876,9 +3887,9 @@ nodragging wireframe_mode wireframe wf nowireframe ...@@ -3876,9 +3887,9 @@ nodragging wireframe_mode wireframe wf nowireframe
nowf wirecopyrect wcr nowirecopyrect nowcr scr_area nowf wirecopyrect wcr nowirecopyrect nowcr scr_area
scr_skip scr_inc scr_keys scr_term scr_keyrepeat scr_skip scr_inc scr_keys scr_term scr_keyrepeat
scr_parms scrollcopyrect scr noscrollcopyrect noscr scr_parms scrollcopyrect scr noscrollcopyrect noscr
fixscreen noxrecord xrecord reset_record pointer_mode fixscreen noxrecord xrecord reset_record pointer_mode pm
pm input_skip allinput noallinput input grabkbd input_skip allinput noallinput input grabkbd nograbkbd
nograbkbd grabptr nograbptr client_input speeds wmdt grabptr nograbptr client_input ssltimeout speeds wmdt
debug_pointer dp nodebug_pointer nodp debug_keyboard debug_pointer dp nodebug_pointer nodp debug_keyboard
dk nodebug_keyboard nodk deferupdate defer wait_ui dk nodebug_keyboard nodk deferupdate defer wait_ui
wait_bog nowait_bog slow_fb wait readtimeout nap nonap wait_bog nowait_bog slow_fb wait readtimeout nap nonap
......
...@@ -1059,6 +1059,10 @@ static void print_settings(int try_http, int bg, char *gui_str) { ...@@ -1059,6 +1059,10 @@ static void print_settings(int try_http, int bg, char *gui_str) {
: "null"); : "null");
fprintf(stderr, " unixpw: %d\n", unixpw); fprintf(stderr, " unixpw: %d\n", unixpw);
fprintf(stderr, " unixpw_lst: %s\n", unixpw_list ? unixpw_list:"null"); fprintf(stderr, " unixpw_lst: %s\n", unixpw_list ? unixpw_list:"null");
fprintf(stderr, " ssl: %s\n", openssl_pem ? openssl_pem:"null");
fprintf(stderr, " ssldir: %s\n", ssl_certs_dir ? ssl_certs_dir:"null");
fprintf(stderr, " ssltimeout %d\n", ssl_timeout_secs);
fprintf(stderr, " sslverify: %s\n", ssl_verify ? ssl_verify:"null");
fprintf(stderr, " stunnel: %d\n", use_stunnel); fprintf(stderr, " stunnel: %d\n", use_stunnel);
fprintf(stderr, " accept: %s\n", accept_cmd ? accept_cmd fprintf(stderr, " accept: %s\n", accept_cmd ? accept_cmd
: "null"); : "null");
...@@ -1674,6 +1678,9 @@ int main(int argc, char* argv[]) { ...@@ -1674,6 +1678,9 @@ int main(int argc, char* argv[]) {
i++; i++;
} }
} }
} else if (!strcmp(arg, "-ssltimeout")) {
CHECK_ARGC
ssl_timeout_secs = atoi(argv[++i]);
} else if (!strcmp(arg, "-ssldir")) { } else if (!strcmp(arg, "-ssldir")) {
CHECK_ARGC CHECK_ARGC
ssl_certs_dir = strdup(argv[++i]); ssl_certs_dir = strdup(argv[++i]);
......
...@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0; ...@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0; int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */ /* date +'lastmod: %Y-%m-%d' */
char lastmod[] = "0.8.3 lastmod: 2006-07-30"; char lastmod[] = "0.8.3 lastmod: 2006-08-02";
/* X display info */ /* X display info */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment