x11vnc: more features to ssl_vncviewer for enhanced tightvnc viewer project

classes/ssl/ssl_vncviewer

 #!/bin/sh
 #
-# ssl_vncviewer:  wrapper for vncviewer to use an stunnel SSL tunnel.
+# ssl_vncviewer:  wrapper for vncviewer to use an stunnel SSL tunnel
+#                 or an SSH tunnel.
 #
 # Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com>
 #
-# You must have stunnel(8) installed on the system and in your
-# PATH (n.b. stunnel is usually in an sbin subdir).
+# You must have stunnel(8) installed on the system and in your PATH
+# (however, see the -ssh option below, in which case you will need ssh(1)
+# installed)  Note: stunnel is usually installed in an "sbin" subdirectory.
 #
 # You should have "x11vnc -ssl ..." or "x11vnc -stunnel ..." 
-# running as the VNC server. 
+# already running as the VNC server on the remote machine.
+# (or use stunnel on the server side for any other VNC server)
 #
-# usage: ssl_vncviewer [cert-args] host:display <vncviewer-args>
+#
+# Usage: ssl_vncviewer [cert-args] host:display <vncviewer-args>
 #
 # e.g.:  ssl_vncviewer snoopy:0
 #        ssl_vncviewer snoopy:0 -encodings "copyrect tight zrle hextile"
 #
 # [cert-args] can be:
+#
 #	-verify /path/to/cacert.pem		
 #	-mycert /path/to/mycert.pem		
 #	-proxy  host:port
@@ -30,7 +35,39 @@
 #         to reach the VNC server (e.g. your firewall requires a proxy).
 #         For the "double proxy" case use -proxy host1:port1,host2:port2
 #
-# A couple other args (not related to certs):
+#    See http://www.karlrunge.com/x11vnc/#faq-ssl-ca for details on SSL
+#    certificates with VNC.
+#
+# A few other args (not related to SSL and certs):
+#
+# -ssh    Use ssh instead of stunnel SSL.  ssh(1) must be installed and you
+#         must be able to log into the remote machine via ssh.
+#
+#         In this case "host:display" may be of the form "user@host:display"
+#         where "user@host" is used for the ssh login (see ssh(1) manpage).
+#
+#         If -proxy is supplied it can be of the forms: "gwhost" "gwhost:port"
+#         "user@gwhost" or "user@gwhost:port".  "gwhost" is an incoming ssh 
+#         gateway machine (the VNC server is not running there), an ssh -L
+#         redir is used to "host" in "host:display" from "gwhost". Any "user@"
+#         part must be in the -proxy string (not in "host:display").
+#
+#         Under -proxy use "gwhost:port" if connecting to any ssh port
+#         other than the default (22).  (even for the non-gateway case,
+#         -proxy must be used to specify a non-standard ssh port)
+#
+#         Examples:
+#
+#         ssl_vncviewer -ssh bob@bobs-home.net:0
+#         ssl_vncviewer -ssh -sshcmd 'x11vnc -localhost' bob@bobs-home.net:0
+#
+#         ssl_vncviewer -ssh -proxy fred@mygate.com:2022 mymachine:0
+#         ssl_vncviewer -ssh -proxy bob@bobs-home.net:2222 localhost:0
+#
+#
+# -sshcmd cmd   Run "cmd" via ssh instead of the default "sleep 15"
+#               e.g. -sshcmd 'x11vnc -display :0 -localhost -rfbport 5900'
+#
 #
 # -alpha  turn on cursor alphablending hack if you are using the
 #         enhanced tightvnc vncviewer.
@@ -40,14 +77,15 @@
 #         fvwm that do not otherwise work in fullscreen mode)
 #
 #
-# set VNCVIEWERCMD to whatever vncviewer command you want to use:
+# set VNCVIEWERCMD to whatever vncviewer command you want to use.
 #
 VNCIPCMD=${VNCVIEWERCMD:-vncip}
 VNCVIEWERCMD=${VNCVIEWERCMD:-vncviewer}
 #
-# Same for STUNNEL, e.g. /path/to/stunnel or stunnel4, etc.
+# Same for STUNNEL, e.g. set it to /path/to/stunnel or stunnel4, etc.
 #
 
+
 PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH
 
 if [ "X$STUNNEL" = "X" ]; then
@@ -60,10 +98,13 @@ if [ "X$STUNNEL" = "X" ]; then
 fi
 
 help() {
-	head -39 $0 | tail +2
+	tail +2 "$0" | sed -e '/^$/ q'
 }
 
 gotalpha=""
+use_ssh=""
+ssl_sleep=15
+ssh_cmd="sleep $ssl_sleep"
 
 # grab our cmdline options:
 while [ "X$1" != "X" ]
@@ -75,12 +116,18 @@ do
                 ;;
 	"-proxy")	shift; proxy="$1"
                 ;;
+	"-ssh")		use_ssh=1
+                ;;
+	"-sshcmd")	shift; ssh_cmd="$1"
+                ;;
 	"-alpha")	gotalpha=1
                 ;;
 	"-grab")	VNCVIEWER_GRAB_SERVER=1; export VNCVIEWER_GRAB_SERVER
                 ;;
 	"-h"*)	help; exit 0
                 ;;
+	"--h"*)	help; exit 0
+                ;;
 	*)	break
                 ;;
     esac
@@ -95,6 +142,13 @@ fi
 orig="$1"
 shift
 
+if [ "X$use_ssh" = "X1" ]; then
+	if [ "X$mycert" != "X" -o "X$verify" != "X" ]; then
+		echo "-mycert and -verify cannot be used in -ssh mode" 
+		exit 1
+	fi
+fi
+
 # play around with host:display port:
 if echo "$orig" | grep ':' > /dev/null; then
 	:
@@ -117,7 +171,7 @@ fi
 use=""
 inuse=""
 if uname | grep Linux > /dev/null; then
-	inuse=`netstat -ant | grep LISTEN | awk '{print $4}' | sed 's/^.*://'`
+	inuse=`netstat -ant | egrep 'LISTEN|WAIT|ESTABLISH|CLOSE' | awk '{print $4}' | sed 's/^.*://'`
 elif uname | grep SunOS > /dev/null; then
 	inuse=`netstat -an -f inet -P tcp | grep LISTEN | awk '{print $1}' | sed 's/^.*\.//'`
 fi
@@ -140,6 +194,53 @@ if [ "X$use" = "X" ]; then
 	use=`expr $use + 5930`
 fi
 
+if [ $use -ge 5900 ]; then
+	N=`expr $use - 5900`
+else
+	N=$use
+fi
+
+if echo "$0" | grep vncip > /dev/null; then
+	VNCVIEWERCMD="$VNCIPCMD"
+fi
+
+if [ "X$use_ssh" = "X1" ]; then
+	ssh_port="22"
+	ssh_host="$host"
+	vnc_host="localhost"
+	ssh=${SSH:-"ssh -x"}
+	if [ "X$proxy" != "X" ]; then
+		ssh_port=`echo "$proxy" | awk -F: '{print $2}'`
+		if [ "X$ssh_port" = "X" ]; then
+			ssh_port="22"
+		fi
+		ssh_host=`echo "$proxy" | awk -F: '{print $1}'`
+		vnc_host="$host"
+	fi
+	echo ""
+	echo "Running ssh:"
+	echo "$ssh -f -p $ssh_port -L ${use}:${vnc_host}:${port} $ssh_host \"$ssh_cmd\""
+	$ssh -f -p $ssh_port -L ${use}:${vnc_host}:${port} $ssh_host "$ssh_cmd"
+	if [ "$?" != "0" ]; then
+		echo ""
+		echo "ssh to $ssh_host failed."
+		exit 1
+	fi
+	echo ""
+	if [ "X$ssh_cmd" = "Xsleep $ssl_sleep" ] ; then
+		sleep 1
+	else
+		# let any command get started a bit.
+		sleep 5
+	fi
+	echo ""
+	echo "Running viewer:"
+	echo $VNCVIEWERCMD "$@" localhost:$N
+	$VNCVIEWERCMD "$@" localhost:$N
+
+	exit $?
+fi
+
 # create the stunnel config file:
 if [ "X$verify" != "X" ]; then
 	if [ -d $verify ]; then
@@ -154,6 +255,27 @@ if [ "X$mycert" != "X" ]; then
 	cert="cert = $mycert"
 fi
 
+mytmp() {
+	tf=$1
+	rm -rf "$tf" || exit 1
+	if [ -d "$tf" ]; then
+		echo "tmp file $tf still exists as a directory."
+		exit 1
+	elif [ -L "$tf" ]; then
+		echo "tmp file $tf still exists as a symlink."
+		exit 1
+	elif [ -f "$tf" ]; then
+		echo "tmp file $tf still exists."
+		exit 1
+	fi
+	touch "$tf" || exit 1
+	chmod 600 "$tf" || exit 1
+}
+
+if echo "$RANDOM" | grep '[^0-9]' > /dev/null; then
+	RANDOM=`date +%S`
+fi
+
 pcode() {
 	tf=$1
 	SSL_VNC_PROXY=$proxy; export SSL_VNC_PROXY
@@ -274,19 +396,15 @@ sub xfer {
 	close($out);
 }
 '
-	rm -f $tf
-	if [ -f $tf ]; then
-		echo "$tf still exists!"
-		exit 1
-	fi
 	echo "$cod" > $tf
 	chmod 700 $tf
 }
 
 ptmp=""
 if [ "X$proxy" != "X" ]; then
-	ptmp="/tmp/ssl_vncviewer.$$.pl"
-	pcode $ptmp
+	ptmp="/tmp/ssl_vncviewer${RANDOM}.$$.pl"
+	mytmp "$ptmp"
+	pcode "$ptmp"
 	connect="exec = $ptmp"
 else
 	connect="connect = $host:$port"
@@ -294,8 +412,10 @@ fi
 
 
 ##debug = 7
-tmp=/tmp/ssl_vncviewer.$$
-cat > $tmp <<END
+tmp=/tmp/ssl_vncviewer${RANDOM}.$$
+mytmp "$tmp"
+
+cat > "$tmp" <<END
 foreground = yes
 pid =
 client = yes
@@ -311,12 +431,13 @@ END
 echo ""
 echo "Using this stunnel configuration:"
 echo ""
-cat $tmp | uniq
+cat "$tmp" | uniq
 echo ""
 sleep 1
 
-echo "running: $STUNNEL $tmp"
-$STUNNEL $tmp < /dev/tty > /dev/tty &
+echo ""
+echo "Running: $STUNNEL $tmp"
+$STUNNEL "$tmp" < /dev/tty > /dev/tty &
 pid=$!
 echo ""
 
@@ -326,18 +447,12 @@ if [ "X$mycert" != "X" ]; then
 	sleep 4
 fi
 sleep 2
-rm -f $tmp
+rm -f "$tmp"
 
-if [ $use -ge 5900 ]; then
-	n=`expr $use - 5900`
-fi
-
-if echo "$0" | grep vncip > /dev/null; then
-	# hack for runge's special wrapper script vncip.
-	$VNCIPCMD "$@" localhost:$n
-else
-	$VNCVIEWERCMD "$@" localhost:$n
-fi
+echo ""
+echo "Running viewer:"
+echo $VNCVIEWERCMD "$@" localhost:$N
+$VNCVIEWERCMD "$@" localhost:$N
 
 kill $pid
 sleep 1

x11vnc/pointer.c

@@ -14,6 +14,7 @@
 #include "v4l.h"
 #include "linuxfb.h"
 #include "uinput.h"
+#include "scan.h"
 
 int pointer_queued_sent = 0;
 

x11vnc/scan.c

@@ -32,7 +32,9 @@ int copy_snap(void);
 void nap_sleep(int ms, int split);
 void set_offset(void);
 int scan_for_updates(int count_only);
-
+void rotate_curs(char *dst_0, char *src_0, int Dx, int Dy, int Bpp);
+void rotate_coords(int x, int y, int *xo, int *yo, int dxi, int dyi);
+void rotate_coords_inverse(int x, int y, int *xo, int *yo, int dxi, int dyi);
 
 static void set_fs_factor(int max);
 static char *flip_ximage_byte_order(XImage *xim);

x11vnc/scan.h

@@ -21,5 +21,8 @@ extern int copy_snap(void);
 extern void nap_sleep(int ms, int split);
 extern void set_offset(void);
 extern int scan_for_updates(int count_only);
+extern void rotate_curs(char *dst_0, char *src_0, int Dx, int Dy, int Bpp);
+extern void rotate_coords(int x, int y, int *xo, int *yo, int dxi, int dyi);
+extern void rotate_coords_inverse(int x, int y, int *xo, int *yo, int dxi, int dyi);
 
 #endif /* _X11VNC_SCAN_H */

x11vnc/x11vnc.1

@@ -2,7 +2,7 @@
 .TH X11VNC "1" "July 2006" "x11vnc " "User Commands"
 .SH NAME
 x11vnc - allow VNC connections to real X11 displays
-         version: 0.8.3, lastmod: 2006-07-28
+         version: 0.8.3, lastmod: 2006-07-30
 .SH SYNOPSIS
 .B x11vnc
 [OPTION]...

x11vnc/x11vnc_defs.c

@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
 int xdamage_base_event_type = 0;
 
 /*               date +'lastmod: %Y-%m-%d' */
-char lastmod[] = "0.8.3 lastmod: 2006-07-28";
+char lastmod[] = "0.8.3 lastmod: 2006-07-30";
 
 /* X display info */