Skip to content

L
libvncserver
Commit 41c7b74a authored by runge's avatar runge
Browse files
Options

SSVNC sync: stunnel upgrade and patch, change wish order, -anondh -ciphers option 

  VeNCrypt and TLSVNC support (in pproxy and unix vncviewer). Help text tweaks
  -killstunnel, s_client fixes, No Encryption easier. Zeroconf/avahi support.
  tk font fixes. SSVNC_ULTRA_FTP_JAR finding SSVNC_PREDIGESTED_HANDSHAKE
  SSVNC_SKIP_RFB_PROTOCOL_VERSION, SSVNC_SET_SECURITY_TYPE, etc hacks.
parent 6fbba525
Show whitespace changes
Inline Side-by-side
Showing with 2359 additions and 872 deletions
x11vnc/misc/enhanced_tightvnc_viewer/README
View file @ 41c7b74a
......@@ -82,6 +82,10 @@ The enhanced TightVNC viewer features are:
- Sets up any additional SSH port redirections that you want.
- Zeroconf (aka Bonjour) is used on Unix and Mac OS X to find
VNC servers on your local network if the avahi-browse or dns-sd
program is available and in your PATH.
- Port Knocking for "closed port" SSH/SSL connections. In addition
to a simple fixed port sequence and one-time-pad implementation,
a hook is also provided to run any port knocking client before a
......@@ -108,6 +112,8 @@ The enhanced TightVNC viewer features are:
- rfbNewFBSize VNC support (screen resizing)
- Client-side Scaling of the Viewer.
- ZRLE VNC encoding support (RealVNC's encoding)
- Support for the ZYWRLE encoding, a wavelet based extension to
......@@ -268,8 +274,8 @@ Unix/MacOSX Install:
For the conventional source tarball it will compile and install, e.g.:
gzip -dc ssvnc-1.0.20.src.tar.gz | tar xvf -
cd ssvnc-1.0.20
gzip -dc ssvnc-1.0.21.src.tar.gz | tar xvf -
cd ssvnc-1.0.21
make config
make all
make PREFIX=/my/install/dir install
......@@ -428,9 +434,10 @@ On Mac OS X depending on what you do you need these programs installed:
Lesser used ones: netcat, smbclient, cups
Most Mac OS X and Unix OS come with the main components installed.
See the README.src for a more detailed description of dependencies.
If you need to Build:
--------------------
......@@ -467,7 +474,7 @@ Feel free to ask us if you need help running ./build.unix
Convential Build:
A more conventional source tarball is provided in ssvnc-x.y.z.src.tar.gz.
It uses a more or less familiar 'make config; make all; make install'
It uses a more or less familiar 'make config; make all; make PREFIX=path install'
method. It does not include stunnel, so that must be installed on the
system separately.
......
x11vnc/misc/enhanced_tightvnc_viewer/bin/ssvnc
View file @ 41c7b74a
......@@ -30,7 +30,7 @@ fi
if [ "X$WISH" = "X" ]; then
WISH=wish
for try in wish wish8.3 wish8.4 wish8.5 wish8.6
for try in wish8.4 wish wish8.3 wish8.5 wish8.6
do
if type $try > /dev/null; then
WISH=$try
......@@ -114,8 +114,8 @@ elif [ ! -d "$dir/$name" -a $nearby = 0 ]; then
echo "Using externel \"vncviewer\" and \"stunnel\" found in PATH."
else
STUNNEL=stunnel
STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
export STUNNEL STUNNEL_EXTRA_OPTS
#STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
#export STUNNEL STUNNEL_EXTRA_OPTS
SSVNC_VIEWER_INTERNAL=1
export SSVNC_VIEWER_INTERNAL
fi
......
x11vnc/misc/enhanced_tightvnc_viewer/bin/ssvnc_cmd
View file @ 41c7b74a
......@@ -201,8 +201,8 @@ elif [ ! -d "$dir/$name" -a $nearby = 0 ]; then
else
STUNNEL=stunnel
STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
export STUNNEL STUNNEL_EXTRA_OPTS
#STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
#export STUNNEL STUNNEL_EXTRA_OPTS
SSVNC_VIEWER_INTERNAL=1
export SSVNC_VIEWER_INTERNAL
fi
......
x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
View file @ 41c7b74a
......@@ -162,6 +162,9 @@ ssh_args=""
showcert=""
reverse=""
ciphers=""
anondh="ALL:RC4+RSA:+SSLv2:@STRENGTH"
if [ "X$1" = "X-viewerflavor" ]; then
# special case, try to guess which viewer:
#
......@@ -196,6 +199,10 @@ if [ "X$SS_VNCVIEWER_NO_MAXCONN" != "X" ]; then
STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
elif echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then
STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
else
STUNNEL_ONCE=1; export STUNNEL_ONCE
STUNNEL_MAX_CLIENTS=1; export STUNNEL_MAX_CLIENTS
STUNNEL_NO_SYSLOG=1; export STUNNEL_NO_SYSLOG
fi
# grab our cmdline options:
......@@ -217,6 +224,10 @@ do
;;
"-sshargs") shift; ssh_args="$1"
;;
"-anondh") ciphers="ciphers=$anondh"
;;
"-ciphers") shift; ciphers="ciphers=$1"
;;
"-alpha") gotalpha=1
;;
"-showcert") showcert=1
......@@ -304,6 +315,47 @@ fi
orig="$1"
shift
dL="-L"
if uname -sr | egrep 'SunOS 5\.[5-8]' > /dev/null; then
dL="-h"
fi
# a portable, but not absolutely safe, tmp file creator
mytmp() {
tf=$1
if type mktemp > /dev/null 2>&1; then
# if we have mktemp(1), use it:
tf2="$tf.XXXXXX"
tf2=`mktemp "$tf2"`
if [ "X$tf2" != "X" -a -f "$tf2" ]; then
if [ "X$DEBUG_MKTEMP" != "X" ]; then
echo "mytmp-mktemp: $tf2" 1>&2
fi
echo "$tf2"
return
fi
fi
# fallback to multiple cmds:
rm -rf "$tf" || exit 1
if [ -d "$tf" ]; then
echo "tmp file $tf still exists as a directory."
exit 1
elif [ $dL "$tf" ]; then
echo "tmp file $tf still exists as a symlink."
exit 1
elif [ -f "$tf" ]; then
echo "tmp file $tf still exists."
exit 1
fi
touch "$tf" || exit 1
chmod 600 "$tf" || exit 1
rchk
if [ "X$DEBUG_MKTEMP" != "X" ]; then
echo "mytmp-touch: $tf" 1>&2
fi
echo "$tf"
}
# set up special case of ultravnc single click III mode:
if echo "$proxy" | egrep "^sslrepeater://" > /dev/null; then
pstr=`echo "$proxy" | sed -e 's,sslrepeater://,,'`
......@@ -315,6 +367,13 @@ if echo "$proxy" | egrep "^sslrepeater://" > /dev/null; then
echo "reset: SSVNC_REPEATER=$SSVNC_REPEATER orig=$orig proxy=''"
proxy=""
fi
if echo "$proxy" | egrep "vencrypt://" > /dev/null; then
vtmp="/tmp/ss_handshake${RANDOM}.$$.txt"
vtmp=`mytmp "$vtmp"`
SSVNC_PREDIGESTED_HANDSHAKE="$vtmp"
export SSVNC_PREDIGESTED_HANDSHAKE
#echo "SSVNC_PREDIGESTED_HANDSHAKE=$SSVNC_PREDIGESTED_HANDSHAKE"
fi
# check -ssh and -mycert/-verify conflict:
......@@ -561,47 +620,6 @@ rchk() {
}
rchk
dL="-L"
if uname -sr | egrep 'SunOS 5\.[5-8]' > /dev/null; then
dL="-h"
fi
# a portable, but not absolutely safe, tmp file creator
mytmp() {
tf=$1
if type mktemp > /dev/null 2>&1; then
# if we have mktemp(1), use it:
tf2="$tf.XXXXXX"
tf2=`mktemp "$tf2"`
if [ "X$tf2" != "X" -a -f "$tf2" ]; then
if [ "X$DEBUG_MKTEMP" != "X" ]; then
echo "mytmp-mktemp: $tf2" 1>&2
fi
echo "$tf2"
return
fi
fi
# fallback to multiple cmds:
rm -rf "$tf" || exit 1
if [ -d "$tf" ]; then
echo "tmp file $tf still exists as a directory."
exit 1
elif [ $dL "$tf" ]; then
echo "tmp file $tf still exists as a symlink."
exit 1
elif [ -f "$tf" ]; then
echo "tmp file $tf still exists."
exit 1
fi
touch "$tf" || exit 1
chmod 600 "$tf" || exit 1
rchk
if [ "X$DEBUG_MKTEMP" != "X" ]; then
echo "mytmp-touch: $tf" 1>&2
fi
echo "$tf"
}
# trick for the undocumented rsh://host:port method.
rsh_setup() {
if echo "$ssh_host" | grep '@' > /dev/null; then
......@@ -665,6 +683,32 @@ if ($ENV{PPROXY_SOCKS} ne "" && $ENV{PPROXY_PROXY} !~ m,^socks5?://,i) {
}
}
my $rfbSecTypeTlsVnc = 18;
my $rfbSecTypeVencrypt = 19;
my $rfbVencryptPlain = 256;
my $rfbVencryptTlsNone = 257;
my $rfbVencryptTlsVnc = 258;
my $rfbVencryptTlsPlain = 259;
my $rfbVencryptX509None = 260;
my $rfbVencryptX509Vnc = 261;
my $rfbVencryptX509Plain = 262;
my $handshake_file = "";
if (exists $ENV{SSVNC_PREDIGESTED_HANDSHAKE}) {
$handshake_file = $ENV{SSVNC_PREDIGESTED_HANDSHAKE};
}
sub append_handshake {
my $str = shift;
if ($handshake_file) {
if (open(HSF, ">>$handshake_file")) {
print HSF $str;
close HSF;
}
}
}
my ($first, $second, $third) = split(/,/, $ENV{PPROXY_PROXY}, 3);
my ($mode_1st, $mode_2nd, $mode_3rd) = ("", "", "");
......@@ -825,6 +869,18 @@ sub url_parse {
if ($hostport !~ /:\d+/) {
$hostport .= ":5900";
}
} elsif ($hostport =~ m,^vencrypt://(\S*)$,i) {
# vencrypt handshake.
$hostport = $1;
my $m = "connect";
if ($hostpost =~ /^(\S+)\+(\S+)$/) {
$hostport = $1;
$mode = $2;
}
$mode = "vencrypt:$m";
if ($hostport !~ /:\d+/) {
$hostport .= ":5900";
}
}
return ($hostport, $mode);
}
......@@ -832,6 +888,7 @@ sub url_parse {
sub setmode {
my $mode = shift;
$ENV{PPROXY_REPEATER} = "";
$ENV{PPROXY_VENCRYPT} = "";
if ($mode =~ /^socks/) {
if ($mode =~ /^socks5/) {
$ENV{PPROXY_SOCKS} = 5;
......@@ -841,6 +898,9 @@ sub setmode {
} elsif ($mode =~ /^repeater:(.*)/) {
$ENV{PPROXY_REPEATER} = $1;
$ENV{PPROXY_SOCKS} = "";
} elsif ($mode =~ /^vencrypt:(.*)/) {
$ENV{PPROXY_VENCRYPT} = $1;
$ENV{PPROXY_SOCKS} = "";
} else {
$ENV{PPROXY_SOCKS} = "";
}
......@@ -982,6 +1042,9 @@ sub connection {
sysread($sock, $c, 1);
print STDERR $c;
}
} elsif ($ENV{PPROXY_VENCRYPT} ne "") {
my $vencrypt = $ENV{PPROXY_VENCRYPT};
vencrypt_dialog($vencrypt);
} else {
# Web Proxy:
......@@ -1010,6 +1073,189 @@ sub connection {
}
}
sub vdie {
append_handshake("done\n");
close $sock;
exit(1);
}
sub tlsvnc_handshake {
my ($vmode, $db) = @_;
print STDERR "PPROXY: Doing TLSVNC Handshake\n";
my $psec = pack("C", $rfbSecTypeTlsVnc);
syswrite($sock, $psec, 1);
append_handshake("done\n");
}
sub vencrypt_handshake {
my ($vmode, $db) = @_;
print STDERR "PPROXY: Doing VeNCrypt Handshake\n";
my $psec = pack("C", $rfbSecTypeVencrypt);
syswrite($sock, $psec, 1);
my $vmajor;
my $vminor;
sysread($sock, $vmajor, 1);
sysread($sock, $vminor, 1);
vdie if $vmajor eq "" || $vminor eq "";
$vmajor = unpack("C", $vmajor);
$vminor = unpack("C", $vminor);
print STDERR "$vmajor.$vminor\n" if $db;
vdie if $vmajor ne 0;
vdie if $vminor < 2;
$vmajor = pack("C", 0);
$vminor = pack("C", 2);
append_handshake("subversion=0.2\n");
syswrite($sock, $vmajor, 1);
syswrite($sock, $vminor, 1);
my $result;
sysread($sock, $result, 1);
vdie if $result eq "";
$result = unpack("C", $result);
print STDERR "result=$result\n" if $db;
vdie if $result ne 0;
my $nsubtypes;
sysread($sock, $nsubtypes, 1);
vdie if $nsubtypes eq "";
$nsubtypes = unpack("C", $nsubtypes);
print STDERR "nsubtypes=$nsubtypes\n" if $db;
my %subtypes;
for (my $i = 0; $i < $nsubtypes; $i++) {
my $subtype = "";
sysread($sock, $subtype, 4);
vdie if length($subtype) != 4;
# XXX fix 64bit.
$subtype = unpack("N", $subtype);
print STDERR "subtype: $subtype\n" if $db;
$subtypes{$subtype} = 1;
append_handshake("sst$i=$subtype\n");
}
my $subtype = 0;
if (exists $subtypes{$rfbVencryptX509None}) {
$subtype = $rfbVencryptX509None;
print STDERR "selected rfbVencryptX509None\n" if $db;
} elsif (exists $subtypes{$rfbVencryptX509Vnc}) {
$subtype = $rfbVencryptX509Vnc;
print STDERR "selected rfbVencryptX509Vnc\n" if $db;
} elsif (exists $subtypes{$rfbVencryptX509Plain}) {
$subtype = $rfbVencryptX509Plain;
print STDERR "selected rfbVencryptX509Plain\n" if $db;
} elsif (exists $subtypes{$rfbVencryptTlsNone}) {
$subtype = $rfbVencryptTlsNone;
print STDERR "selected rfbVencryptTlsNone\n" if $db;
} elsif (exists $subtypes{$rfbVencryptTlsVnc}) {
$subtype = $rfbVencryptTlsVnc;
print STDERR "selected rfbVencryptTlsVnc\n" if $db;
} elsif (exists $subtypes{$rfbVencryptTlsPlain}) {
$subtype = $rfbVencryptTlsPlain;
print STDERR "selected rfbVencryptTlsPlain\n" if $db;
}
append_handshake("subtype=$subtype\n");
my $pst = pack("N", $subtype);
syswrite($sock, $pst, 4);
vdie if $subtype == 0;
my $ok;
sysread($sock, $ok, 1);
$ok = unpack("C", $ok);
print STDERR "ok=$ok\n" if $db;
append_handshake("done\n");
vdie if $ok == 0;
}
sub vencrypt_dialog {
my $vmode = shift;
my $db = 0;
$db = 1 if exists $ENV{SS_DEBUG};
append_handshake("mode=$vmode\n");
my $server_rfb = "";
syswrite($sock, $rep, 250);
for (my $i = 0; $i < 12; $i++) {
my $c;
sysread($sock, $c, 1);
$server_rfb .= $c;
print STDERR $c;
}
print STDERR "server_rfb: $server_rfb\n" if $db;
append_handshake("server=$server_rfb");
my $minor = "";
if ($server_rfb =~ /^RFB 003\.(\d+)/) {
$minor = $1;
} else {
vdie;
}
my $viewer_rfb = "RFB 003.008\n";
if ($minor < 7) {
vdie;
} elsif ($minor == 7) {
$viewer_rfb = "RFB 003.007\n";
}
syswrite($sock, $viewer_rfb, 12);
append_handshake("viewer=$viewer_rfb");
my $nsec;
sysread($sock, $nsec, 1);
vdie if $nsec eq "";
$nsec = unpack("C", $nsec);
print STDERR "nsec: $nsec\n" if $db;
vdie if $nsec eq 0 || $nsec > 100;
my %sectypes = ();
for (my $i = 0; $i < $nsec; $i++) {
my $sec;
sysread($sock, $sec, 1);
vdie if $sec eq "";
$sec = unpack("C", $sec);
print STDERR "sec: $sec\n" if $db;
$sectypes{$sec} = 1;
}
if (exists $sectypes{$rfbSecTypeVencrypt}) {
print STDERR "found rfbSecTypeVencrypt\n" if $db;
append_handshake("sectype=$rfbSecTypeVencrypt\n");
vencrypt_handshake($vmode, $db);
} elsif (exists $sectypes{$rfbSecTypeTlsVnc}) {
print STDERR "found rfbSecTypeTlsVnc\n" if $db;
append_handshake("sectype=$rfbSecTypeTlsVnc\n");
tlsvnc_handshake($vmode, $db);
} else {
print STDERR "No supported sec-type found\n" if $db;
vdie;
}
}
sub xfer {
my($in, $out) = @_;
$RIN = $WIN = $EIN = "";
......@@ -1104,8 +1350,8 @@ if [ "X$use_ssh" = "X1" ]; then
if echo "$proxy" | egrep '(http|https|socks|socks4|socks5)://' > /dev/null; then
# Handle Web or SOCKS proxy(ies) for the initial connect.
Kecho host=$host
Kecho port=$port
Kecho host=$host
Kecho port=$port
pproxy=""
sproxy1=""
sproxy_rest=""
......@@ -1126,9 +1372,10 @@ Kecho port=$port
done
pproxy=`echo "$pproxy" | sed -e 's/^,,*//' -e 's/,,*/,/g'`
sproxy_rest=`echo "$sproxy_rest" | sed -e 's/^,,*//' -e 's/,,*/,/g'`
Kecho pproxy=$pproxy
Kecho sproxy1=$sproxy1
Kecho sproxy_rest=$sproxy_rest
Kecho pproxy=$pproxy
Kecho sproxy1=$sproxy1
Kecho sproxy_rest=$sproxy_rest
sproxy1_host=""
sproxy1_port=""
......@@ -1164,9 +1411,9 @@ Kecho sproxy_rest=$sproxy_rest
fi
fi
Kecho sproxy1_host=$sproxy1_host
Kecho sproxy1_port=$sproxy1_port
Kecho sproxy1_user=$sproxy1_user
Kecho sproxy1_host=$sproxy1_host
Kecho sproxy1_port=$sproxy1_port
Kecho sproxy1_user=$sproxy1_user
ptmp="/tmp/ss_vncviewer_ssh${RANDOM}.$$.pl"
ptmp=`mytmp "$ptmp"`
......@@ -1204,7 +1451,7 @@ Kecho sproxy1_user=$sproxy1_user
if [ "X$sproxy_rest" != "X" ]; then
proxy="$proxy,$sproxy_rest"
fi
Kecho proxy=$proxy
Kecho proxy=$proxy
fi
if echo "$proxy" | grep "," > /dev/null; then
......@@ -1550,13 +1797,26 @@ if [ "X$showcert" = "X1" ]; then
if [ "X$proxy" != "X" ]; then
PPROXY_LISTEN=$use
export PPROXY_LISTEN
if [ "X$SS_DEBUG" != "X" ]; then
$ptmp &
else
$ptmp 2>/dev/null &
fi
sleep 1
host="localhost"
port="$use"
fi
openssl s_client -connect $host:$port 2>&1 < /dev/null
exit $?
cipher_args=""
if [ "X$ciphers" != "X" ]; then
cipher_args=`echo "$ciphers" | sed -e 's/ciphers=/-cipher /'`
fi
#echo "openssl s_client $cipher_args -connect $host:$port"
openssl s_client $cipher_args -prexit -connect $host:$port 2>&1 < /dev/null
rc=$?
if [ "X$SSVNC_PREDIGESTED_HANDSHAKE" != "X" ]; then
rm -f $SSVNC_PREDIGESTED_HANDSHAKE
fi
exit $rc
fi
if [ "X$direct_connect" != "X" ]; then
......@@ -1783,6 +2043,7 @@ foreground = yes
pid =
client = yes
debug = 6
$ciphers
$STUNNEL_EXTRA_OPTS
$STUNNEL_EXTRA_OPTS_USER
$verify
......@@ -1818,6 +2079,7 @@ foreground = yes
pid =
client = no
debug = 6
$ciphers
$STUNNEL_EXTRA_OPTS
$STUNNEL_EXTRA_OPTS_USER
$verify
......
x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl
View file @ 41c7b74a
......@@ -8,7 +8,7 @@ exec wish "$0" "$@"
# ssvnc.tcl: gui wrapper to the programs in this
# package. Also sets up service port forwarding.
#
set version 1.0.21
set version 1.0.22
set buck_zero $argv0
......@@ -171,6 +171,36 @@ proc ts_help {} {
(unlike SSVNC mode, the number is the SSH port, not the VNC display)
Zeroconf/Bonjour:
On Unix or Mac OS X, if the 'avahi-browse' or 'dns-sd' command is
available on the system and in your PATH, a 'Find' button is placed by
'VNC Host:Display'. Clicking on Find will try to find VNC Servers
on your Local Network that advertize via the Zeroconf protocol.
A menu of found hosts is presented for you to select from.
Profiles:
Use "Save" to save a profile (i.e. a host:display and its specific
settings) with a name. The "TS-" prefix will be suggested to help
you distinguish between Terminal Services and regular profiles.
To load in a saved Options profile, click on the "Load" button,
and choose which one you want.
To list your profiles from the command line use:
tsvnc -profiles (or -list)
To launch profile1 directly from the command-line, or to a server
use things like:
tsvnc profile1
tsvnc hostname
tsvnc user@hostname
Proxies/Gateways:
Proxy/Gateway is usually a gateway machine to log into via SSH that is
......@@ -247,27 +277,6 @@ proc ts_help {} {
- SSVNC Mode (Return to full SSVNC mode)
Profiles:
Use "Save" to save a profile (i.e. a host:display and its specific
settings) with a name. The "TS-" prefix will be suggested to help
you distinguish between Terminal Services and regular profiles.
To load in a saved Options profile, click on the "Load" button,
and choose which one you want.
To list your profiles from the command line use:
tsvnc -profiles (or -list)
To launch profile1 directly from the command-line, or to a server
use things like:
tsvnc profile1
tsvnc hostname
tsvnc user@hostname
Requirements:
When running this application on Unix/MacOSX the ssh(1) program must
......@@ -326,12 +335,14 @@ proc help {} {
}
toplev .h
scroll_text_dismiss .h.f
scroll_text_dismiss .h.f 82 36
center_win .h
wm title .h "SSL/SSH VNC Viewer Help"
set msg {
global help_main help_prox help_misc help_tips
set help_main {
Hosts and Displays:
Enter the VNC host and display in the 'VNC Host:Display' entry box.
......@@ -348,29 +359,28 @@ proc help {} {
24.67.132.27:0
Then click on "Connect". When you do the STUNNEL program will be
started locally to provide you with an outgoing SSL tunnel.
Then click on "Connect". When you do the STUNNEL program will be started
locally to provide you with an outgoing SSL tunnel.
Once the STUNNEL is running, the TightVNC Viewer (Or Chicken of the
VNC on Mac OS X, or one you set under Options) will be automatically
started directed to the local port of the SSL tunnel which, in turn,
started and directed to the local port of the SSL tunnel which, in turn,
encrypts and redirects the connection to the remote VNC server.
The remote VNC server **MUST** support an initial SSL handshake
before using the VNC protocol (i.e. VNC is tunnelled through the SSL
channel after it is established). "x11vnc -ssl ..." does this,
and any VNC server can be made to do this by using, e.g., STUNNEL
or socat on the remote side.
The remote VNC server **MUST** support an initial SSL/TLS handshake before
using the VNC protocol (i.e. VNC is tunnelled through the SSL channel
after it is established). "x11vnc -ssl ..." does this, and any VNC server
can be made to do this by using, e.g., STUNNEL or socat on the remote side.
* Automatic SSH Tunnels are described below.
* See Tip 5) below for how to Disable Encryption.
* To have a "No Encryption" button use the -noenc cmdline option, or select
it under Options. Also see Tip 3) for other ways to disable Encryption.
Port numbers:
If you are using a port less than the default VNC port 5900
(usually the VNC display = port - 5900), use the full port number
itself, e.g.:
If you are using a port less than the default VNC port 5900 (usually
the VNC display = port - 5900), use the full port number itself, e.g.:
24.67.132.27:443
......@@ -379,11 +389,73 @@ proc help {} {
If you must use a TCP port less than 200, specify a negative value,
e.g.: 24.67.132.27:-80
For Reverse VNC connections (listening viewer, See Tip 6 below and
For Reverse VNC connections (listening viewer, See Tip 6 and
Options -> Help), the port mapping is similar, except "listening
display :0" corresponds to port 5500, :1 to 5501, etc.
Zeroconf/Bonjour:
On Unix or Mac OS X, if the 'avahi-browse' or 'dns-sd' command is
available on the system and in your PATH, a 'Find' button is placed by
'VNC Host:Display'. Clicking on Find will try to find VNC Servers on
your Local Network that advertize via the Zeroconf protocol. A menu of
found hosts is presented for you to select from.
VNC Password:
On Unix or MacOSX *IF* there is a VNC password for the server you can
enter it in the "VNC Password:" entry box.
This is *REQUIRED* on MacOSX when Chicken of the VNC is used, because does
not put up a user password prompt when it learns that a password is needed.
On Unix (including MacOSX using the X11 viewer) if you choose not to
enter the password you will simply be prompted for it in the terminal
window running TightVNC viewer if one is required.
On Windows TightVNC viewer should prompt you when a password is required.
NOTE: when you Save a VNC profile, the password is NOT saved (you need
to enter it each time).
Profiles:
Use "Save" to save a profile (i.e. a host:display and its specific
settings) with a name.
To load in a saved Options profile, click on the "Load" button.
To list your profiles from the command line use:
ssvnc -profiles (or -list)
You can launch ssvnc and have it immediately connect to the server
by invoking it something like this:
ssvnc profile1 (launches profile named "profile1")
ssvnc hostname:0 (connect to hostname VNC disp 0 via SSL)
ssvnc vnc+ssl://hostname:0 (same)
ssvnc vnc+ssh://hostname:0 (connect to hostname VNC disp 0 via SSH)
see the Tips 3 and 9 for more about the URL-like syntax.
SSL/TLS Variants; VeNCrypt and TLSVNC:
SSVNC can also connect to VNC specific SSL/TLS variants; namely the
VeNCrypt and 'TLS' VNC Security types. Vino uses the latter, and
a growing number use the former. On Unix and Mac OS X, when "Verify
All Certs" is enabled, it applies heuristics to detect the protocol,
and switches to SSL/TLS at the right time. To improve the accuracy
and speed with which this takes place, you can specify the one or both
of the 'Server uses VeNCrypt SSL/TLS encryption' and 'Server uses
Anonymous Diffie-Hellman' in the 'Unix ssvncviewer' options panel.
See its Help for more info.
SSL Certificate Verification:
***IMPORTANT***: If you do not take the steps to VERIFY the VNC Server's
......@@ -403,45 +475,191 @@ proc help {} {
"Verify All Certs" is on by default.
However, "Fetch Cert" and "Verify All Certs" are currently disabled
in the rare "SSH + SSL" usage mode (e.g. SSH is used to enter a
firewall gateway, and then SSL is tunneled through that to reach
the workstation). This is to avoid having to SSH in twice. You are
always free to use a "ServerCert" ("Certs..." button) to authenticate
SSL Servers against.
in the very rare "SSH + SSL" usage mode to avoid SSHing in twice.
You can manually set a ServerCert in this case if you like.
Advanced Method: If you, or your site administrator, goes though the
steps of setting up a Certificate Authority (CA) to sign the VNC server
and/or VNC client Certs, that can be used instead and avoids the need to
manually verify every cert while still authenticating every connection.
More info: http://www.karlrunge.com/x11vnc/#faq-ssl-ca
Windows STUNNEL problems:
Note that on Windows when the Viewer connection is finished you
will be prompted if you want SSVNC to try to kill the STUNNEL process
for you. Usually you will say Yes, however if there are problems
connecting you may want to look at the STUNNEL Log first.
Deciphering SSL Negotiation Success or Failure:
Double clicking the STUNNEL tray icon (dark green) will show you
its Log file (useful for debugging connections).
Since SSVNC is a "glue program", in this case gluing VNCViewer and
stunnel together (with possibly a proxy helper) reporting is clumsy at
best. In most cases the programs being "glued" are run in a terminal
window where you can see the programs' output. On Windows you will
need to double click on the stunnel tray icon to view its log.
SSVNC will kill the STUNNEL process for you, but you may still need
to move the mouse over the icon to make the picture go away!
Although the output is quite cryptic, you are encouraged to learn to
recognize some of the errors reported in it.
In some cases you may need to terminate STUNNEL manually from the
System Tray (right click on dark green icon) and selecting "Exit".
Here is stunnel output for a case of successfully verifying the VNC
Server's Certificate:
2008.11.20 08:09:39 LOG5[1472]: VERIFY OK: depth=0, /C=AU/L=...
2008.11.20 08:09:39 LOG6[1472]: SSL connected: new session negotiated
2008.11.20 08:09:39 LOG6[1472]: Negotiated ciphers: AES256-SHA SSLv3 ...
VNC Password:
Here is a case where the Server's Cert did not match the ServerCert
we set:
On Unix or MacOSX *IF* there is a VNC password for the server you
can enter it in the "VNC Password:" entry box.
2008.11.20 08:12:31 LOG4[1662]: VERIFY ERROR: depth=0, error=self ...
2008.11.20 08:12:31 LOG3[1662]: SSL_connect: 14090086: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
This is *REQUIRED* on MacOSX when Chicken of the VNC is used.
If you disable "Verify All Certs" and do not supply a ServerCert,
then there will be no 'VERIFY ...' in the output because the SSVNC
stunnel accepts the server's cert without question.
On Unix (including MacOSX using the X11 viewer) if you choose not
to enter the password you will simply be prompted for it in the
terminal window running TightVNC viewer if one is required.
Also in the output will be messages about whether the SSL VNC server
rejected your connection because it requires you to authenticate
yourself with a certificate (MyCert). Here is the case when you
supplied no MyCert:
On Windows TightVNC viewer should prompt you when a password is required.
2008.11.20 08:16:29 LOG3[1746]: SSL_connect: 14094410: error:14094410:
SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
or you used a certificate the server did not recognize:
2008.11.20 08:18:46 LOG3[1782]: SSL_connect: 14094412: error:14094412:
SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
or your certificate has been revoked:
2008.11.20 08:20:08 LOG3[1913]: SSL_connect: 14094414: error:14094414:
SSL routines:SSL3_READ_BYTES:sslv3 alert certificate revoked
SSH:
Click on "Use SSH" if you want to use an *SSH* tunnel instead of SSL
(then the VNC Server does not need to speak SSL or use STUNNEL or socat).
You will need to be able to login to your account on the remote host
via SSH (e.g. via password, ssh keys, or ssh-agent).
Specify the SSH hostname and VNC display in the VNC Host:Display entry.
Use something like:
username@far-away.east:0
if your remote username is different from the one on the local viewer
machine.
On Windows you *MUST* supply the "username@" part because Putty/Plink
needs it to work correctly.
"SSH + SSL" is similar but its use is more rare because it requires 2
encrypted tunnels to reach the VNC server. See the Help under Options
for more info.
To connect to a non-standard SSH port, see SSH Proxies/Gateways section.
See Tip 13) for how to make this application be SSH-only with the -ssh
command line option or "sshvnc".
Remote SSH Command:
In SSH or SSH + SSL mode you can also specify a remote command to run
on the remote ssh host in the "Remote SSH Command" entry. The default
is just to sleep a bit (e.g. sleep 30) to make sure the tunnel ports
are established. Alternatively you could have the remote command start
the VNC server, e.g.
x11vnc -display :0 -rfbport 5900 -localhost -nopw
When starting the VNC server this way, note that sometimes you will need
to correlate the VNC Display number with the "-rfbport" (or similar)
option of the server. E.g.:
VNC Host:Display username@somehost.com:2
Remote SSH Command: x11vnc -find -rfbport 5902 -nopw
See the Tip 11) for using x11vnc PORT=NNNN feature (or vncserver(1)
output) to not need to specify the VNC display number or the x11vnc
-rfbport option.
SSL Certificates:
NOTE: when you Save a VNC profile, the password is NOT saved (you
need to enter it each time).
If you want to use a SSL Certificate (PEM) file to authenticate YOURSELF to
the VNC server ("MyCert") and/or to verify the identity of the VNC Server
("ServerCert" or "CertsDir") select the certificate file by clicking the
"Certs ..." button before connecting.
Certificate verification is needed to prevent Man-In-The-Middle attacks;
if it is not done then only passive network sniffing attacks are prevented.
See the x11vnc documentation:
http://www.karlrunge.com/x11vnc/ssl.html
for how to create and use PEM SSL certificate files. An easy way is:
x11vnc -ssl SAVE ...
where it will print out its automatically generated certificate to the
screen and that can be copied safely to the viewer side.
You can also use the "Create Certificate" feature of this program under
"Certs ...". Just click on it and follow the instructions in the dialog.
Then copy the cert file to the VNC Server and specify the other one in
the "Certs ..." dialog.
Alternatively you can use the "Import Certificate" action to paste in a
certificate or read one in from a file. Or you can use the "Fetch Cert"
button on the main panel. If "Verify All Certs" is checked, you will
be forced to check Certs of any new servers the first time you connect.
Note that "Verify All Certs" is on by default so that users who do not
understand the SSL Man-In-The-Middle problem will not be left completely
vulnerable to it (everyone still must make the effort to verify new
certificates by an external method to be completely safe).
To have "Verify All Certs" toggled off at startup, use "ssvnc -nv" or
set SSVNC_NO_VERIFY_ALL=1 before starting. If you do not even want to
see the button, use "ssvnc -nvb" or SSVNC_NO_VERIFY_ALL_BUTTON=1.
More Options:
To set other Options, e.g. for View-Only usage or to limit the number
of colors used, click on the "Options ..." button and read the Help there.
More Info:
Press the 'Proxies', 'Misc', and 'Tips' buttons below.
See also these links for more information:
http://www.karlrunge.com/x11vnc/#faq-ssl-tunnel-ext
http://www.stunnel.org
http://www.tightvnc.com
}
set help_misc {
Windows STUNNEL problems:
Note that on Windows when the Viewer connection is finished you will be
prompted if you want SSVNC to try to kill the STUNNEL process for you.
Usually you will say Yes, however if there are problems connecting you
may want to look at the STUNNEL Log first.
Double clicking the STUNNEL tray icon (dark green) will show you its
Log file (useful for debugging connections).
SSVNC will kill the STUNNEL process for you, but you may still need to
move the mouse over the icon to make the picture go away!
In some cases you may need to terminate STUNNEL manually from the System
Tray (right click on dark green icon) and selecting "Exit".
If you want SSVNC to always kill STUNNEL automatically, run with the
'-killstunnel' (also '-skill') command line option or set it under Options.
You can also set killstunnel=1 in ssvnc_rc.
Untrusted Local Users:
......@@ -499,10 +717,10 @@ proc help {} {
Options -> Advanced -> "STUNNEL Local Port Protections".
1) For SSL tunnelling with stunnel(8) on Unix there is a setting
'Use stunnel EXEC mode' (experimental) that will try to exec(2)
stunnel instead of using a listening socket. This will require
using the specially modified vncviewer unix viewer provided
by SSVNC. If this mode proves stable it will become the default.
'Use stunnel EXEC mode' that will try to exec(2) stunnel
instead of using a listening socket. This will require using
the specially modified vncviewer unix viewer provided by SSVNC.
The mode works well and is currently set as the default.
2) For SSL tunnelling with stunnel(8) on Unix there is a setting
'Use stunnel IDENT check' (experimental) to limit socket
......@@ -521,123 +739,11 @@ proc help {} {
SSVNC tunnels and there are users you don't trust on your workstation.
The same applies to ANY use of SSH '-L' port redirections or outgoing
stunnel SSL redirection services.
}
SSH:
Click on "Use SSH" if you want to use an *SSH* tunnel instead of
SSL (then the VNC Server does not need to speak SSL or use STUNNEL
or socat).
You will need to be able to login to your account on the remote host
via SSH (e.g. via password, ssh keys, or ssh-agent).
Specify the SSH hostname and VNC display in the VNC Host:Display entry.
Use something like:
username@far-away.east:0
if your remote username is different from the one on the local viewer
machine. On Windows you *MUST* supply the "username@" part.
"SSH + SSL" is similar but its use is more rare because it requires 2
encrypted tunnels to reach the VNC server. See the Help under Options
for more info.
To connect to a non-standard SSH port, see SSH Proxies/Gateways below.
See Tip 13) below for how to make this application be SSH-only with
the -ssh command line option or "sshvnc".
Remote SSH Command:
In SSH or SSH + SSL mode you can also specify a remote command
to run on the remote ssh host in the "Remote SSH Command" entry.
The default is just to sleep a bit (e.g. sleep 30) to make sure
the tunnel ports are established. Alternatively you could have the
remote command start the VNC server, e.g.
x11vnc -display :0 -rfbport 5900 -localhost -nopw
When starting the VNC server this way, note that sometimes you
will need to correlate the VNC Display number with the "-rfbport"
(or similar) option of the server. E.g.:
VNC Host:Display username@somehost.com:2
Remote SSH Command: x11vnc -find -rfbport 5902 -nopw
See the Tip below (11) for using x11vnc PORT=NNNN feature (or
vncserver(1) output) to not need to specify the VNC display number
or the x11vnc -rfbport option.
Profiles:
Use "Save" to save a profile (i.e. a host:display and its specific
settings) with a name.
To load in a saved Options profile, click on the "Load" button.
To list your profiles from the command line use:
ssvnc -profiles (or -list)
You can launch ssvnc and have it immediately connect to the server
by invoking it something like this:
ssvnc profile1 (launches profile named "profile1")
ssvnc hostname:0 (connect to hostname VNC disp 0 via SSL)
ssvnc vnc+ssl://hostname:0 (same)
ssvnc vnc+ssh://hostname:0 (connect to hostname VNC disp 0 via SSH)
see the Tips 5 and 9 below for more about the URL-like syntax.
SSL Certificates:
If you want to use a SSL Certificate (PEM) file to authenticate
yourself to the VNC server ("MyCert") and/or to verify the identity
of the VNC Server ("ServerCert" or "CertsDir") select the certificate
file by clicking the "Certs ..." button before connecting.
Certificate verification is needed to prevent Man-In-The-Middle
attacks; if it is not done then only passive network sniffing attacks
are prevented. See the x11vnc documentation:
http://www.karlrunge.com/x11vnc/ssl.html
for how to create and use PEM SSL certificate files. An easy way is:
x11vnc -ssl SAVE ...
where it will print out its automatically generated certificate to
the screen and that can be safely copied to the viewer side.
You can also use the "Create Certificate" feature of this program
under "Certs ...". Just click on it and follow the instructions in
the dialog. Then copy the cert file to the VNC Server and specify
the other one in the "Certs ..." dialog.
Alternatively you can use the "Import Certificate" action to paste
in a certificate or read one in from a file. Or you can use the
"Fetch Cert" button on the main panel. If "Verify All Certs" is
checked, you will be forced to check Certs of any new servers the
first time you connect.
Note that "Verify All Certs" is on by default so that users who do
not understand the SSL Man-In-The-Middle problem will not be left
completely vulnerable to it (everyone still must make the effort to
verify new certificates by an external method to be completely safe).
To have "Verify All Certs" toggled off at startup, use "ssvnc -nv"
or set SSVNC_NO_VERIFY_ALL=1 before starting. If you do not even want
to see the button, use "ssvnc -nvb" or SSVNC_NO_VERIFY_ALL_BUTTON=1.
Here we start a number of long sections on all sorts of proxies, Web,
SOCKS, ssh, UltraVNC, Single Click, etc., etc.
set help_prox {
Here are a number of long sections on all sorts of proxies, Web, SOCKS,
ssh, UltraVNC, Single Click, etc., etc.
Proxies/Gateways:
......@@ -774,7 +880,7 @@ proc help {} {
and so are not enabled to (let us know if you find a way to use it).
Unencrypted (aka Direct) SSVNC VNC connections (Vnc:// prefix in
'VNC Host:Display'; see Tip 5) also work with the UltraVNC repeater.
'VNC Host:Display'; see Tip 3) also work with the UltraVNC repeater.
For the mode I repeater the viewer initiates the connection and
passes a string that is the VNC server's IP address (or hostname)
......@@ -826,7 +932,7 @@ proc help {} {
connection in this situation.
Note that for unencrypted (i.e. direct) SSVNC connections (see vnc://
in Tip 5) there is no need to use a reverse "Listening connection"
in Tip 3) there is no need to use a reverse "Listening connection"
and so you might as well use a forward connection.
For mode II when tunnelling via SSL, you probably should also disable
......@@ -898,7 +1004,7 @@ proc help {} {
mode and the SSL encrypted "SC III" mode. For both cases SSVNC
must be run in Listening mode (Options -> Reverse VNC Connection)
For SC I, enable Reverse VNC Connection and put Vnc://0 (see Tip 5
For SC I, enable Reverse VNC Connection and put Vnc://0 (see Tip 3
below) in the VNC Host:Display to disable encryption (use a different
number if you are not using the default listening port 5500).
Then click on the "Listen" button and finally have the user run your
......@@ -950,91 +1056,89 @@ proc help {} {
SSVNC vncviewer. The modified viewer is needed; stock VNC viewers
will not work. Also, proxy chaining (bouncing off of more than one
proxy) currently does not work.
}
set help_tips {
Tips and Tricks:
(End of long discussion about proxies...)
1) On Unix to get a 2nd GUI (e.g. for a 2nd connection) press Ctrl-N
on the GUI. If only the xterm window is visible you can press
Ctrl-N or try Ctrl-LeftButton -> New SSVNC_GUI. On Windows you
will have to manually Start a new one: Start -> Run ..., etc.
2) Pressing the "Load" button or pressing Ctrl-L or Clicking the Right
mouse button on the main GUI will invoke the Load dialog.
More Options:
Pressing Ctrl-O on the main GUI will bring up the Options Panel.
Pressing Ctrl-A on the main GUI will bring up the Advanced Options.
To set other Options, e.g. for View-Only usage or to limit the
number of colors used. click on the "Options ..." button and read
the Help there.
3) If you want to make a Direct VNC connection, WITH NO SSL OR
SSH ENCRYPTION, use the "vnc://" prefix in the VNC Host:Display
entry box, e.g. "vnc://far-away.east:0" This also works for
reverse connections, e.g. vnc://0
Use Vnc:// (i.e. capital 'V') to avoid being prompted if you are
sure you want no encryption. For example, "Vnc://far-away.east:0"
More Info:
Shift+Ctrl-E in the entry box is a short-cut to add or remove
the prefix "Vnc://" from the host:disp string.
See these links for more information:
You can also run ssvnc with the '-noenc' cmdline option to have a
check option that lets you turn off Encryption (and profiles will
store this setting). Pressing Ctrl-E on the main panel is a short-cut
to toggle between the -noenc 'No Encryption' mode and normal mode.
The option "Show 'No Encryption' Option" under Options also toggles it.
http://www.karlrunge.com/x11vnc/#faq-ssl-tunnel-ext
http://www.stunnel.org
http://www.tightvnc.com
Setting SSVNC_DISABLE_ENCRYPTION_BUTTON=1 in your environment is
the same as -noenc. You can also put noenc=1 in your ~/.ssvncrc file.
Apologies that we do not make this easy to figure out how to do,
but the goal of SSVNC is secure and encrypted connections!
Please be cautious/thoughtful when you make a VNC connection with
encryption disabled. You may send sensitive information (e.g. a
password) over the network that can be sniffed.
Tips and Tricks:
It is also possible (although difficult) for someone to hijack an
unencrypted VNC session.
1) On Unix to get a 2nd GUI (e.g. for a 2nd connection) press Ctrl-N
on the GUI. If only the xterm window is visible you can press
Ctrl-N or try Ctrl-LeftButton -> New SSVNC_GUI. On Windows you
will have to manually Start a new one: Start -> Run ..., etc.
Often SSVNC is used to connect to x11vnc where the Unix username and
password is sent over the channel. It would be a very bad idea to
let that data be sent over an unencrypted connection. In general,
it is not wise to have a plaintext VNC connection.
Note that even the VNC Password challenge-response method (the password
is not sent in plaintext) leaves your VNC password susceptible a
dictionary attack unless encryption is used to hide it.
So we force you to learn about and supply the "vnc://" or "Vnc://"
prefix to the host:port or use -noenc or the "Show 'No Encryption'
Option" to disable encryption. This is a small hurdle, but maybe
someone will think twice. It is a shame that VNC has been around
for over 10 years and still does not have built-in strong encryption.
2) If you use "SHELL" for the "Remote SSH Command" (or in the display
Note the Vnc:// or vnc:// prefix will be stored in any profile that
you save so you do not have to enter it every time.
Set the env var SSVNC_NO_ENC_WARN=1 to skip the warning prompts the
same as the capitalized Vnc:// does.
4) If you use "SHELL" for the "Remote SSH Command" (or in the display
line: "user@hostname cmd=SHELL") then you get an SSH shell only:
no VNC viewer will be launched. On Windows "PUTTY" will try
to use putty.exe (better terminal emulation than plink.exe).
A ShortCut for this is Ctrl-S as long as user@hostname is present
in the entry box.
A ShortCut for this is Ctrl-S with user@hostname in the entry box.
3) If you use "KNOCK" for the "Remote SSH Command" (or in the display
line "user@hostname cmd=KNOCK") then only the port-knocking is
performed.
5) If you use "KNOCK" for the "Remote SSH Command" (or in the display
line "user@hostname cmd=KNOCK") then only the port-knocking is done.
A ShortCut for this is Ctrl-P as long as hostname is present in
the entry box.
A ShortCut for this is Ctrl-P with hostname the entry box.
If it is KNOCKF, i.e. an extra "F", then the port-knocking
"FINISH" sequence is sent, if any. A ShortCut for this
Shift-Ctrl-P as long as hostname is present.
4) Pressing the "Load" button or pressing Ctrl-L or Clicking the Right
mouse button on the main GUI will invoke the Load dialog.
Pressing Ctrl-A on the main GUI will bring up the Advanced
Options Panel.
5) If you want to make a Direct VNC connection, WITH **NO** SSL OR
SSH ENCRYPTION, use the "vnc://" prefix in the VNC Host:Display
entry box, e.g. "vnc://far-away.east:0" This also works for
reverse connections (e.g. vnc://0 more info below). Use Vnc://
to avoid being prompted if you are sure you want no encryption.
Apologies that we do not make this easy to figure out how to do
(e.g. a button on the main panel), but the goal of SSVNC is
secure and encrypted connections!
Often SSVNC is used to connect to x11vnc where the Unix username
and password is sent over the channel. It would be a very bad
idea to let that data be sent over an unencrypted connection.
In general, it is not wise to have a plaintext VNC connection.
So we force you to learn about and supply the "vnc://" or "Vnc://"
prefix to the host:port to disable encryption rather than simply
click on an option and not think too much about the consequences.
Note that even the VNC Password challenge-response method (the
password is not sent in plaintext) leaves your VNC password
susceptible a dictionary attack unless encryption is used.
The prefix will be stored in any profile that you save so you
do not have to enter it every time.
Set the env var SSVNC_NO_ENC_WARN=1 to skip the warning prompts.
Using capitalized: Vnc:// will also skip the prompts, for example,
"Vnc://far-away.east:0" in the VNC Host:Display entry box.
6) Reverse VNC connections (Listening) are possible as well.
In this case the VNC Server initiates the connection to your
waiting (i.e. listening) SSVNC viewer.
......@@ -1187,6 +1291,11 @@ proc help {} {
(The above 4 settings apply only to the Terminal Services Mode.)
noenc=1 (same as the -noenc option for a 'No Encryption' button)
killstunnel=1 (same as -killstunnel, on Windows automatically kills
the STUNNEL process when the viewer exits.
16) On Unix you can make the "Open File" and "Save File" dialogs
bigger by setting the env. var. SSVNC_BIGGER_DIALOG=1 or
supplying the -bigger option. If you set it to a Width x Height,
......@@ -1194,12 +1303,43 @@ proc help {} {
}
global version
set msg " SSVNC version: $version\n$msg"
set help_main " SSVNC version: $version\n$help_main"
set help_misc " SSVNC version: $version\n$help_misc"
set help_prox " SSVNC version: $version\n$help_prox"
set help_tips " SSVNC version: $version\n$help_tips"
.h.f.t insert end $msg
frame .h.w
button .h.w.b1 -text "Main" -command {help_text main}
button .h.w.b2 -text "Proxies" -command {help_text prox}
button .h.w.b3 -text "Misc" -command {help_text misc}
button .h.w.b4 -text "Tips" -command {help_text tips}
pack .h.w.b1 .h.w.b2 .h.w.b3 .h.w.b4 -side left -fill x -expand 1
pack .h.w -side bottom -after .h.d -fill x
.h.f.t insert end $help_main
jiggle_text .h.f.t
}
proc help_text {which} {
global help_main help_misc help_prox help_tips
set txt ""
if {$which == "main"} {
set txt $help_main
}
if {$which == "misc"} {
set txt $help_misc
}
if {$which == "prox"} {
set txt $help_prox
}
if {$which == "tips"} {
set txt $help_tips
}
catch {.h.f.t delete 0.0 end; .h.f.t insert end $txt; jiggle_text .h.f.t}
}
proc ssvnc_escape_help {} {
toplev .ekh
......@@ -1581,7 +1721,7 @@ set msg {
On MacOSX try to use the bundled X11 vncviewer instead of the
Chicken of the VNC viewer; the Xquartz X server must be installed
(it is by default on 10.5.x) and the DISPLAY variable must be set
(see tip 12 of SSVNC Help to do this manually.)
(see Tip 12 of SSVNC Help to do this manually.)
Advanced Options:
......@@ -1678,72 +1818,13 @@ set msg {
xserver_type=Xdummy (e.g.) to switch the default X Server Type.
(The above 4 settings apply only to the Terminal Services Mode.)
noenc=1 (same as the -noenc option for a 'No Encryption' button)
}
.oh.f.t insert end $msg
jiggle_text .oh.f.t
}
proc help_fetch_cert {} {
toplev .fh
scroll_text_dismiss .fh.f 85 35
center_win .fh
wm resizable .fh 1 0
wm title .fh "Fetch Certificates Help"
set msg {
The above SSL Certificate has been retrieved from the VNC Server via the
"Fetch Cert" action.
It has merely been downloaded via the SSL Protocol: **IT HAS NOT BEEN VERIFIED
IN ANY WAY**
So, in principle, it could be a fake certificate being inserted by a bad
person attempting to perform a Man-In-The-Middle attack on your SSL connection.
If, however, by some external means you can verify the authenticity of
this SSL Certificate you can use it for your VNC SSL connection to the
VNC server you wish to connect to. It will provide an authenticated and
encrypted connection.
You can verify the SSL Certificate by comparing the MD5 or SHA1 hash
value via a method/channel you know is safe (i.e. not also under control
of a Man-In-The-Middle attacker). You could also check the text between
the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- tags, etc.
Once you are sure it is correct, you can press the Save button to save the
certificate to a file on the local machine for use when you connect via
VNC tunneled through SSL. If you save it, then that file will be set as
the Certificate to verify the VNC server against. You can see this in
the dialog started via the "Certs..." button on the main panel.
NOTE: If you want to make PERMANENT the association of the saved SSL
certificate file with the VNC server host, you MUST save the setting as
a profile for loading later. To Save a Profile, click on Options -> Save
Profile ..., and choose a name for the profile and then click on Save.
If "Verify All Certs" is checked, then you are forced to check all
new certs. In this case the certs are saved in the 'Accepted Certs'
directory against which all servers will be checked unless "ServerCert"
or "CertsDir" has been set to something else.
To reload the profile at a later time, click on the "Load" button on
the main panel and then select the name and click "Open". If you want
to be sure the certificate is still associated with the loaded in host,
click on "Certs..." button and make sure the "ServerCert" points to the
desired SSL filename.
See the Certs... Help for more information. A sophisticated method
can be set up using a Certificate Authority key to verify never before
seen certificates (i.e. like your web browser does).
}
.fh.f.t insert end $msg
jiggle_text .fh.f.t
}
proc help_opts {} {
toplev .oh
......@@ -1830,6 +1911,13 @@ set msg {
mode, but included in case the need arises.
No Encryption:
In '-noenc' mode (Ctrl-E also toggles this mode), use this to
make a Direct connection to the VNC Server with no encryption
whatsoever. (Be careful about passwords, etc.)
Automatically Find X Session:
When using SSH mode to connect, you can select this option. It
......@@ -1857,34 +1945,12 @@ set msg {
similar (it runs x11vnc on the remote side with the intent
of automatically finding, or creating, your desktop).
Automatically Find X Login/Greeter:
This mode is similar to "Automatically Find X Session" except
that it will attach to a X Login/Greeter screen that no one
has logged into yet. It requires root privileges via sudo(1)
on the remote machine.
As with "Automatically Find X Session" it works only with SSH
mode and requires x11vnc be installed on the remote computer.
It simply sets the Remote SSH Command to:
PORT= sudo x11vnc -find -localhost -env FD_XDM=1
An initial ssh running 'sudo id' is performed to try to
'prime' sudo so the 2nd one that runs x11vnc does not need
a password. This may not always succeed... please mail us
the details if it doesn't.
See the 'X Login' description in 'Terminal Services' Mode
Help for more info.
Unix Username & Password:
This is only available on Unix and when using the SSVNC
enhanced TightVNC viewer (it has been modified to do
Unix logins). It supports a login dialog with servers
This is only available on Unix and MacOSX and when using
the SSVNC enhanced TightVNC viewer (it has been modified to
do Unix logins). It supports a login dialog with servers
doing something like x11vnc's "-unixpw" mode. After any
regular VNC authentication takes place (VNC Password), then
it sends the Unix Username, a Return, the Unix Password and
......@@ -2004,7 +2070,14 @@ set msg {
instead of the Chicken of the VNC viewer;
The Xquartz X server must be installed (it is by
default on 10.5.x) and the DISPLAY variable must
be set (see tip 12 of Help to do this manually.)
be set (see Tip 12 of Help to do this manually.)
Kill Stunnel Automatically:
On Windows, automatically try to kill the STUNNEL
process when the VNC Viewer exits. This is a
global setting; it can be also set via either the
-killstunnel cmdline option, or killstunnel=1
in ssvnc_rc
Compress Level/Quality: Set TightVNC encoding parameters.
......@@ -2026,6 +2099,18 @@ set msg {
~/.ssvncrc file (ssvnc_rc on Windows) to have the application
start up in the given mode.
Show 'No Encryption' Option:
Select this to display a button that disables both SSL and
SSH encryption. This is the same as Ctrl+E. This puts
a check item "None" on the main panel and also a "No
Encryption" check item in the "Options" panel. If you
select this item, there will be NO encryption for the VNC
connection (use cautiously) See Tip 3) under Help for more
information about disabling encryption.
Buttons:
Clear Options: Set all options to their defaults (i.e. unset).
......@@ -2149,9 +2234,10 @@ proc win_nokill_msg {} {
proc win_kill_msg {pids} {
global terminate_pids
global help_font
toplev .w
eval text .w.t -width 72 -height 19 $help_font
eval text .w.t -width 72 -height 21 $help_font
button .w.d -text "Dismiss" -command {destroy .w; set terminate_pids no}
button .w.k -text "Terminate STUNNEL" -command {destroy .w; set terminate_pids yes}
pack .w.t .w.k .w.d -side top -fill x
......@@ -2182,6 +2268,9 @@ proc win_kill_msg {pids} {
on the STUNNEL icon (dark green). Then click "Exit". You will
probably also need to hover the mouse over the STUNNEL Tray Icon to
make the Tray notice STUNNEL is gone...
To have STUNNEL automatically killed when the Viewer exits use the
-killstunnel cmdline option, or set it under Options or in ssvnc_rc.
}
.w.t insert end $msg
}
......@@ -2426,6 +2515,7 @@ proc set_defaults {} {
global mycert svcert crtdir
global use_alpha use_grab use_ssl use_ssh use_sshssl use_viewonly use_fullscreen use_bgr233
global disable_all_encryption
global use_nojpeg use_raise_on_beep use_compresslevel use_quality use_x11_macosx
global compresslevel_text quality_text
global use_cups use_sound use_smbmnt
......@@ -2447,6 +2537,7 @@ proc set_defaults {} {
global use_port_knocking port_knocking_list
global ycrop_string ssvnc_scale ssvnc_escape sbwid_string rfbversion ssvnc_encodings use_x11cursor use_nobell use_rawlocal use_popupfix extra_sleep use_listen use_unixpw use_x11vnc_find unixpw_username
global disable_ssl_workarounds disable_ssl_workarounds_type
global server_vencrypt server_anondh
global include_list
......@@ -2461,6 +2552,8 @@ proc set_defaults {} {
set defs(use_raise_on_beep) 0
set defs(use_bgr233) 0
set defs(use_alpha) 0
set defs(server_vencrypt) 0
set defs(server_anondh) 0
set defs(use_grab) 0
set defs(use_nojpeg) 0
set defs(use_x11_macosx) 0
......@@ -2510,7 +2603,7 @@ proc set_defaults {} {
set defs(additional_port_redirs) 0
set defs(additional_port_redirs_list) ""
set defs(stunnel_local_protection) 0
set defs(stunnel_local_protection) 1
set defs(stunnel_local_protection_type) "exec"
set defs(ssh_local_protection) 0
set defs(multiple_listen) 0
......@@ -2566,6 +2659,7 @@ proc set_defaults {} {
set defs(use_ssh) 0
set defs(use_sshssl) 0
}
set defs(disable_all_encryption) 0
foreach var [array names defs] {
set $var $defs($var)
......@@ -4211,7 +4305,7 @@ proc direct_connect_msg {} {
}
proc fetch_cert {save} {
global vncdisplay is_windows
global env vncdisplay is_windows
set hp [get_vncdisplay]
regsub {[ ]*cmd=.*$} $hp "" tt
......@@ -4247,6 +4341,50 @@ proc fetch_cert {save} {
} else {
catch {set cert_text [fetch_cert_unix $hp]}
}
if [info exists env(CERTDBG)] {puts "\nFetch-0-\n$cert_text"}
if {! $is_windows} {
set vencrypt 0
set anondh 0
if {![regexp {BEGIN CERTIFICATE} $cert_text]} {
if [regexp {CONNECTED} $cert_text] {
if {![regexp -nocase {GET_SERVER_HELLO} $cert_text]
|| [regexp -nocase {GET_SERVER_HELLO.*unknown protocol} $cert_text]} {
# suspect VeNCrypt or TLSVNC plaintext RFB
set cert_text ""
set vencrypt 1
catch {set cert_text [fetch_cert_unix $hp $vencrypt $anondh]}
if [info exists env(CERTDBG)] {puts "\nFetch-1-\n$cert_text"}
}
}
}
if {![regexp {BEGIN CERTIFICATE} $cert_text]} {
if [regexp {CONNECTED} $cert_text] {
if {[regexp -nocase {error.*handshake failure} $cert_text]
|| [regexp -nocase {error.*unknown protocol} $cert_text]} {
# suspect Anonymous Diffie Hellman
set cert_text ""
set anondh 1
catch {set cert_text [fetch_cert_unix $hp $vencrypt $anondh]}
if [info exists env(CERTDBG)] {puts "\nFetch-2-\n$cert_text"}
}
}
}
if {![regexp {BEGIN CERTIFICATE} $cert_text]} {
if [regexp {CONNECTED} $cert_text] {
if {[regexp -nocase {cipher.*ADH} $cert_text]} {
# it is Anonymous Diffie Hellman
mesg "WARNING: Anonymous Diffie Hellman Server detected"
.f4.getcert configure -state normal
return $cert_text
} else {
global vencrypt_detected
set vencrypt_detected ""
}
}
}
}
.f4.getcert configure -state normal
mesg "Fetched $hpnew Cert"
......@@ -4316,6 +4454,7 @@ proc fetch_dialog {cert_text hp hpnew ok n} {
button .fetch.save -text Save -command "destroy .fetch; save_cert {$hpnew}"
button .fetch.help -text Help -command "help_fetch_cert"
pack .fetch.help .fetch.save -side bottom -fill x
.fetch.d configure -text "Cancel"
}
center_win .fetch
......@@ -4325,14 +4464,55 @@ proc fetch_dialog {cert_text hp hpnew ok n} {
jiggle_text .fetch.f.t
}
proc fetch_cert_unix {hp} {
proc get_vencrypt_proxy {hpnew} {
set list [split $hpnew ":"]
set h [lindex $list 0]
set p [lindex $list 1]
set hp2 $h
if {$p < 0} {
set hp2 "$hp2:[expr - $p]"
} elseif {$p < 200} {
set hp2 "$hp2:[expr $p + 5900]"
}
return "vencrypt://$hp2"
}
proc fetch_cert_unix {hp {vencrypt 0} {anondh 0}} {
set hpnew [get_ssh_hp $hp]
set proxy [get_ssh_proxy $hp]
if {$vencrypt} {
global vencrypt_detected
set vencrypt_detected [get_vencrypt_proxy $hpnew]
if {$proxy != ""} {
return [exec ss_vncviewer -proxy $proxy -showcert $hpnew 2>/dev/null]
set proxy "$proxy,$vencrypt_detected"
} else {
return [exec ss_vncviewer -showcert $hpnew]
set proxy $vencrypt_detected
}
}
set cmd [list ss_vncviewer]
if {$anondh} {
lappend cmd "-anondh"
}
if {$proxy != ""} {
lappend cmd "-proxy"
lappend cmd $proxy
}
if {0} {
global mycert
if {$mycert != ""} {
lappend cmd "-mycert"
lappend cmd $mycert
}
}
lappend cmd "-showcert"
lappend cmd $hpnew
if {$proxy != ""} {
lappend cmd "2>/dev/null"
}
return [eval exec $cmd]
}
proc fetch_cert_windows {hp} {
......@@ -4430,10 +4610,12 @@ proc fetch_cert_windows {hp} {
puts $fh "GET /WOMBAT HTTP/1.1\r\nHost: wombat.com\r\n\r\n\r\n"
close $fh
}
if {1} {
set ph ""
set ph [open "| $ossl s_client -connect $host:$port < $tin 2>NUL" "r"]
# set ph [open "| $ossl s_client -connect $host:$port" "r"]
set ph [open "| $ossl s_client -prexit -connect $host:$port < $tin 2>NUL" "r"]
# set ph [open "| $ossl s_client -prexit -connect $host:$port" "r"]
set text ""
if {$ph != ""} {
set pids [pid $ph]
......@@ -4462,18 +4644,19 @@ proc fetch_cert_windows {hp} {
}
} else {
set pids ""
if {1} {
set ph2 [open "| $ossl s_client -connect $host:$port > $tou 2>NUL" "w"]
set ph2 [open "| $ossl s_client -prexit -connect $host:$port > $tou 2>NUL" "w"]
set pids [pid $ph2]
after 500
for {set i 0} {$i < 128} {incr i} {
puts $ph2 "Q"
}
catch {close $ph2}
} else {
set pids [exec $ossl s_client -connect $host:$port < $tin >& $tou &]
set pids [exec $ossl s_client -prexit -connect $host:$port < $tin >& $tou &]
}
for {set i 0} {$i < 10} {incr i} {
after 500
set got 0
......@@ -4526,8 +4709,33 @@ proc check_accepted_certs {} {
return 1;
}
global server_anondh
if {$server_anondh} {
mesg "WARNING: Anonymous Diffie Hellman (skipping cert check)"
after 1000
set skip_verify_accepted_certs 1
return 1
}
global anon_dh_detected
set anon_dh_detected 0
global vencrypt_detected
set vencrypt_detected ""
set cert_text [fetch_cert 0]
if {[regexp -nocase {cipher.*ADH} $cert_text]} {
set msg "Anonymous Diffie-Hellman server detected.\nThere can be no SSL/TLS authentication. Continue?"
set reply [tk_messageBox -type okcancel -icon warning -message $msg -title "Anonymous Diffie-Hellman Detected"]
set anon_dh_detected 1
if {$reply == "cancel"} {
return 0
} else {
global skip_verify_accepted_certs
set skip_verify_accepted_certs 1
return 1
}
}
set from ""
set fingerprint ""
......@@ -4769,13 +4977,16 @@ proc check_accepted_certs {} {
global fetch_cert_filename
set fetch_cert_filename $crt
global do_save_saved_it
set do_save_saved_it 0
fetch_dialog $cert_text $hp $hp 1 47
after 100
update; after 150
catch {tkwait window .fetch}
after 200
update; after 250
catch {tkwait window .scrt}
after 200
update; after 250
if [winfo exists .scrt] {
catch {tkwait window .scrt}
}
......@@ -4785,7 +4996,11 @@ proc check_accepted_certs {} {
save_hash $crt $adir $hp $fingerline $from $fingerprint
if {$do_save_saved_it} {
return 1
} else {
return 0
}
}
proc save_hash {crt adir hp fingerline from fingerprint} {
......@@ -5401,6 +5616,22 @@ proc launch_unix {hp} {
}
}
}
global vencrypt_detected
if {$vencrypt_detected != ""} {
if {$proxy != ""} {
set proxy "$proxy,$vencrypt_detected"
} else {
set proxy "$vencrypt_detected"
}
set vencrypt_detected ""
} elseif {$server_vencrypt} {
set vdp [get_vencrypt_proxy $hp]
if {$proxy != ""} {
set proxy "$proxy,$vdp"
} else {
set proxy $vdp
}
}
if {$proxy != ""} {
set cmd "$cmd -proxy '$proxy'"
}
......@@ -5419,7 +5650,11 @@ proc launch_unix {hp} {
}
}
global anon_dh_detected
if {$anon_dh_detected || $server_anondh} {
set cmd "$cmd -anondh"
set anon_dh_detected 0
}
if {$use_alpha} {
set cmd "$cmd -alpha"
}
......@@ -5566,7 +5801,11 @@ proc launch_unix {hp} {
global env
set env(SS_VNCVIEWER_RM) $passwdfile
} else {
catch {exec sh -c "sleep 15; rm $passwdfile 2>/dev/null" &}
if {$darwin_cotvnc} {
catch {exec sh -c "sleep 60; rm $passwdfile 2>/dev/null" &}
} else {
catch {exec sh -c "sleep 20; rm $passwdfile 2>/dev/null" &}
}
}
if {$darwin_cotvnc} {
set cmd "$cmd --PasswordFile $passwdfile"
......@@ -5899,6 +6138,10 @@ proc launch_shell_only {} {
proc to_sshonly {} {
global ssh_only ts_only env
global showing_no_encryption
if {$showing_no_encryption} {
toggle_no_encryption
}
if {$ssh_only && !$ts_only} {
return
}
......@@ -5946,6 +6189,10 @@ proc toggle_sshonly {} {
proc to_tsonly {} {
global ts_only
global showing_no_encryption
if {$showing_no_encryption} {
toggle_no_encryption
}
if {$ts_only} {
return
}
......@@ -6007,7 +6254,7 @@ proc launch {{hp ""}} {
global mycert svcert crtdir
global pids_before pids_after pids_new
global env
global use_ssl use_ssh use_sshssl use_listen disable_ssl_workarounds
global use_ssl use_ssh use_sshssl sshssl_sw use_listen disable_ssl_workarounds
global vncdisplay
set debug 0
......@@ -6128,6 +6375,11 @@ proc launch {{hp ""}} {
}
}
if {!$use_ssl && !$use_ssh && !$use_sshssl && $sshssl_sw == "none"} {
regsub -nocase {^[A-z+]*://} $hp "" hp
set hp "Vnc://$hp"
}
mesg "Using: $hp"
after 600
......@@ -6538,9 +6790,14 @@ proc launch {{hp ""}} {
set plist [join $pids_new ", "]
global terminate_pids
set terminate_pids ""
global kill_stunnel
if {$kill_stunnel} {
set terminate_pids yes
} else {
win_kill_msg $plist
update
vwait terminate_pids
}
if {$terminate_pids == "yes"} {
kill_stunnel $pids_new
}
......@@ -7588,9 +7845,13 @@ proc do_save {par} {
catch {file attributes $import_save_file -permissions go-rw}
}
}
puts -nonewline $fh $str
close $fh
global do_save_saved_it
set do_save_saved_it 1
if {$also_save_to_accepted_certs} {
set ossl [get_openssl]
set fp_txt ""
......@@ -8225,7 +8486,7 @@ proc load_profile {{parent "."} {infile ""}} {
mesg "Switching to SSVNC mode."
set goto_mode "ssvnc"
update
after 500
after 300
} else {
bell
mesg "Cannot Load an SSL profile in SSH-ONLY mode."
......@@ -8241,7 +8502,7 @@ proc load_profile {{parent "."} {infile ""}} {
mesg "Switching to Terminal Services mode."
set goto_mode "tsonly"
update
after 500
after 300
} else {
bell
mesg "Cannot Load a Terminal Svcs profile SSVNC mode."
......@@ -8256,7 +8517,7 @@ proc load_profile {{parent "."} {infile ""}} {
mesg "Switching to SSVNC mode."
set goto_mode "ssvnc"
update
after 500
after 300
} else {
bell
mesg "Cannot Load a Terminal Svcs profile SSVNC mode."
......@@ -8325,8 +8586,10 @@ proc load_profile {{parent "."} {infile ""}} {
init_vncdisplay
if {! $use_ssl && ! $use_ssh && ! $use_sshssl} {
if {! $disable_all_encryption} {
set use_ssl 1
}
}
if {$use_ssl} {
set use_ssh 0
set use_sshssl 0
......@@ -8360,13 +8623,18 @@ proc load_profile {{parent "."} {infile ""}} {
}
proc sync_use_ssl_ssh {} {
global use_ssl use_ssh use_sshssl ssl_ssh_adjust
global use_ssl use_ssh use_sshssl
global disable_all_encryption
if {$use_ssl} {
ssl_ssh_adjust ssl
} elseif {$use_ssh} {
ssl_ssh_adjust ssh
} elseif {$use_sshssl} {
ssl_ssh_adjust sshssl
} elseif {$disable_all_encryption} {
ssl_ssh_adjust none
} else {
ssl_ssh_adjust ssl
}
}
......@@ -8486,6 +8754,12 @@ proc save_profile {{parent "."}} {
if {$include_list != ""} {
load_include $include_list [get_profiles_dir]
}
if {! $use_ssl && ! $use_ssh && ! $use_sshssl} {
global sshssl_sw
if {$sshssl_sw == "none"} {
set disable_all_encryption 1
}
}
global ts_only
if {$ts_only} {
......@@ -10976,6 +11250,28 @@ proc help_advanced_opts {} {
Specify additional -L port:host:port and -R port:host:port
cmdline options for SSH to enable additional services.
Automatically Find X Login/Greeter:
This mode is similar to "Automatically Find X Session" except
that it will attach to a X Login/Greeter screen that no one
has logged into yet. It requires root privileges via sudo(1)
on the remote machine.
As with "Automatically Find X Session" it works only with SSH
mode and requires x11vnc be installed on the remote computer.
It simply sets the Remote SSH Command to:
PORT= sudo x11vnc -find -localhost -env FD_XDM=1
An initial ssh running 'sudo id' is performed to try to
'prime' sudo so the 2nd one that runs x11vnc does not need
a password. This may not always succeed... please mail us
the details if it doesn't.
See the 'X Login' description in 'Terminal Services' Mode
Help for more info.
SSH Local Port Protections:
An LD_PRELOAD hack to limit the number of SSH port redirections
......@@ -11104,6 +11400,32 @@ proc help_ssvncviewer_opts {} {
Use the x11vnc alpha hack for translucent cursors (requires Unix,
32bpp and same endianness)
Server uses VeNCrypt SSL/TLS encryption:
Use the VeNCrypt extension to VNC that switches to an SSL/TLS
tunnel at a certain point in the VNC Handshake. This is in
constrast to the default ssvnc/x11vnc SSL tunnel mode where
the entire VNC session goes through SSL (e.g. vncs://)
Enable this option if you know the server supports VeNCrypt.
(SSVNC may also be able to autodetect it and switch). Also use
this option for the older TLSVNC extension (vino).
Note: many VeNCrypt servers only support Anonymous Diffie Hellman
TLS which has no built in authentication (see next section)
Server uses Anonymous Diffie-Hellman
Anonymous Diffie-Hellman can be used for SSL/TLS connections but
there are no Certificates for authentication. Therefore
only passive eavesdropping attacks are prevented, not
Man-In-The-Middle attacks. Not recommended; use verified X509
certs instead.
Enable this option if you know the server supports Anon DH.
(SSVNC may also be able to detect it and prompt you whether it
should continue).
Scaling:
Use viewer-side (i.e. local) scaling of the VNC screen. Supply
......@@ -11350,8 +11672,8 @@ proc stunnel_sec_dialog {} {
used: it execs the stunnel program instead of connecting to it via
TCP/IP. Thus there is no localhost listening port involved at all.
This is the best solution for SSL stunnel tunnels, but is currently
experimental. If it works well it will become the default mechanism.
This is the best solution for SSL stunnel tunnels, it works well and
is currently enabled by default. Disable it if there are problems.
2) The second one 'Use stunnel IDENT check', uses the stunnel(8)
'ident = username' to use the local identd daemon (IDENT RFC 1413
......@@ -11490,8 +11812,8 @@ proc ultra_dsm_dialog {} {
On Unix with the provided SSVNC vncviewer, you can connect to an UltraVNC
server that is using one of its encryption plugins: MSRC4, ARC4, or AESV2.
See the end of this text for how to use symmetric encryption with NON-UltraVNC
servers (for example, x11vnc 0.9.5 or later).
See the bottom of this help text for how to use symmetric encryption with
NON-UltraVNC servers (for example, x11vnc 0.9.5 or later).
You will need to specify the corresponding UltraVNC encryption key (created
by you using an UltraVNC server or viewer). It is usually called 'rc4.key'
......@@ -11519,12 +11841,18 @@ proc ultra_dsm_dialog {} {
Note that this mode also requires the utility tool named 'ultravnc_dsm_helper'
that should be included in your SSVNC kit.
Select Non-Ultra DSM to use symmetric encryption to a Non-UltraVNC server
via a supported symmetric key cipher. x11vnc supports symmetric
encryption via, e.g., "x11vnc -enc aesv2:./my.key". Extra ciphers are
enabled for this mode (e.g. blowfish and 3des). You can also set the random
salt size and initialization vector size in Salt,IV for example "8,16".
See the x11vnc and 'ultravnc_dsm_helper -help' documentation for more info.
Select 'Non-Ultra DSM' to use symmetric encryption to a Non-UltraVNC server
via a supported symmetric key cipher. x11vnc supports symmetric encryption
via, e.g., "x11vnc -enc aesv2:./my.key". Extra ciphers are enabled for
this mode (e.g. blowfish and 3des).
Note for the Non-Ultra DSM case it will also work with any VNC Viewer
(i.e. selected by Options -> Advanced -> Change VNC Viewer) not only the
supplied SSVNC vncviewer.
You can also set the random salt size and initialization vector size in
Salt,IV for example "8,16". See the x11vnc and 'ultravnc_dsm_helper -help'
documentation for more info on this.
}
.ultradsm.f.t insert end $msg
......@@ -12719,6 +13047,8 @@ proc set_advanced_options {} {
global use_ssh use_sshssl
global use_x11_macosx
global adv_ssh
global showing_no_encryption
global x11vnc_xlogin_widget
catch {destroy .o}
toplev .oa
......@@ -12751,7 +13081,13 @@ proc set_advanced_options {} {
"Additional Port Redirs" \
-command {if {$additional_port_redirs} {port_redir_dialog}}
if {!$use_ssh && !$use_sshssl} {.oa.b$i configure -state disabled}
set adv_ssh(redirs) .oa.b$i
set adv_ssh(redirs) .oa.b$i
incr i
checkbutton .oa.b$i -anchor w -variable use_x11vnc_xlogin -text \
"Automatically Find X Login/Greeter" -command {x11vnc_find_adjust "xlogin"}
if {!$use_ssh && !$use_sshssl} {.oa.b$i configure -state disabled}
set x11vnc_xlogin_widget ".oa.b$i"
incr i
global use_ssl use_ssh use_sshssl
......@@ -12870,6 +13206,7 @@ proc set_ssvncviewer_options {} {
global is_windows darwin_cotvnc
global use_ssh use_sshssl use_x11cursor use_rawlocal use_popupfix use_alpha use_grab use_nobell
global ssvnc_scale ssvnc_escape
global server_vencrypt server_anondh
if {$is_windows} {
return
......@@ -12925,13 +13262,22 @@ proc set_ssvncviewer_options {} {
lappend darwinlist .os.b$i; if {$darwin_cotvnc} {.os.b$i configure -state disabled}
incr i
checkbutton .os.b$i -anchor w -variable server_vencrypt -text \
"Server uses VeNCrypt SSL/TLS encryption"
incr i
checkbutton .os.b$i -anchor w -variable server_anondh -text \
"Server uses Anonymous Diffie-Hellman"
incr i
set relief ridge
frame .os.b$i -height 2; incr i
frame .os.b$i -relief $relief -borderwidth 2
label .os.b$i.l -font fixed -anchor w -text "Examples: '0.75', '1024x768', 'fit' (fill screen), or 'auto'";
global ffont
label .os.b$i.l -font $ffont -anchor w -text "Examples: '0.75', '1024x768', 'fit' (fill screen), or 'auto'";
global ssvnc_scale
frame .os.b$i.f
......@@ -12950,7 +13296,7 @@ proc set_ssvncviewer_options {} {
frame .os.b$i -relief $relief -borderwidth 2
label .os.b$i.l -font fixed -anchor w -text "Examples: 'default', 'Control_L,Alt_L', 'never'";
label .os.b$i.l -font $ffont -anchor w -text "Examples: 'default', 'Control_L,Alt_L', 'never'";
global ssvnc_escape
frame .os.b$i.f
......@@ -12972,7 +13318,7 @@ proc set_ssvncviewer_options {} {
frame .os.b$i -relief $relief -borderwidth 2
label .os.b$i.l -font fixed -anchor w -text "Enter the max height in pixels, e.g. '900'";
label .os.b$i.l -font $ffont -anchor w -text "Enter the max height in pixels, e.g. '900'";
global ycrop_string
frame .os.b$i.f
......@@ -12991,7 +13337,7 @@ proc set_ssvncviewer_options {} {
frame .os.b$i -relief $relief -borderwidth 2
label .os.b$i.l -font fixed -anchor w -text "Enter the scrollbar width in pixels, e.g. '4'";
label .os.b$i.l -font $ffont -anchor w -text "Enter the scrollbar width in pixels, e.g. '4'";
global sbwid_string
frame .os.b$i.f
......@@ -13010,8 +13356,8 @@ proc set_ssvncviewer_options {} {
frame .os.b$i -relief $relief -borderwidth 2
label .os.b$i.l -font fixed -anchor w -text "Enter the RFB version to pretend to be using, e.g. '3.4'";
label .os.b$i.l2 -font fixed -anchor w -text "Sometimes needed for UltraVNC: 3.4, 3.6, 3.14, 3.16";
label .os.b$i.l -font $ffont -anchor w -text "Enter the RFB version to pretend to be using, e.g. '3.4'";
label .os.b$i.l2 -font $ffont -anchor w -text "Sometimes needed for UltraVNC: 3.4, 3.6, 3.14, 3.16";
global rfbversion
frame .os.b$i.f
......@@ -13030,9 +13376,9 @@ proc set_ssvncviewer_options {} {
frame .os.b$i -relief $relief -borderwidth 2
label .os.b$i.l1 -font fixed -anchor w -text "List encodings in preferred order, for example";
label .os.b$i.l2 -font fixed -anchor w -text "'copyrect zrle tight' The list of encodings is:";
label .os.b$i.l3 -font fixed -anchor w -text "copyrect tight zrle zywrle hextile zlib corre rre raw";
label .os.b$i.l1 -font $ffont -anchor w -text "List encodings in preferred order, for example";
label .os.b$i.l2 -font $ffont -anchor w -text "'copyrect zrle tight' The list of encodings is:";
label .os.b$i.l3 -font $ffont -anchor w -text "copyrect tight zrle zywrle hextile zlib corre rre raw";
global ssvnc_encodings
frame .os.b$i.f
......@@ -13261,6 +13607,25 @@ proc ssl_ssh_adjust {which} {
adv_ssh_tog 0
adv_listen_ssl_tog 1
adv_listen_ssh_tog 0
} elseif {$which == "none"} {
set use_ssl 0
set use_ssh 0
set use_sshssl 0
set sshssl_sw "none"
catch {.f4.getcert configure -state disabled}
catch {.f4.always configure -state disabled}
if [info exists x11vnc_find_widget] {
catch {$x11vnc_find_widget configure -state disabled}
}
if [info exists x11vnc_xlogin_widget] {
catch {$x11vnc_xlogin_widget configure -state disabled}
}
if [info exists uvnc_bug_widget] {
catch {$uvnc_bug_widget configure -state normal}
}
adv_ssh_tog 0
adv_listen_ssl_tog 0
adv_listen_ssh_tog 0
} elseif {$which == "ssh"} {
set use_ssl 0
set use_ssh 1
......@@ -13307,7 +13672,7 @@ proc ssl_ssh_adjust {which} {
$w configure -state normal
}
}
if {$use_ssl} {
if {$use_ssl || $sshssl_sw == "none"} {
foreach w $remote_ssh_cmd_list {
$w configure -state disabled
}
......@@ -13315,9 +13680,11 @@ proc ssl_ssh_adjust {which} {
}
if {! $use_ssl && ! $use_ssh && ! $use_sshssl} {
if {$sshssl_sw != "none"} {
set use_ssl 1
set sshssl_sw "ssl"
}
}
global ssh_only ts_only
if {$ssh_only || $ts_only} {
set use_ssl 0
......@@ -13414,6 +13781,16 @@ proc set_darwin_cotvnc_buttons {} {
}
}
proc disable_encryption {} {
global env
if {[info exists env(SSVNC_DISABLE_ENCRYPTION_BUTTON)]} {
set s $env(SSVNC_DISABLE_ENCRYPTION_BUTTON)
if {$s != "" && $s != "0"} {
return 1;
}
}
return 0;
}
proc set_options {} {
global use_alpha use_grab use_ssh use_sshssl use_viewonly use_fullscreen use_bgr233
global use_nojpeg use_raise_on_beep use_compresslevel use_quality use_x11_macosx
......@@ -13424,6 +13801,8 @@ proc set_options {} {
global use_x11vnc_xlogin x11vnc_xlogin_widget uvnc_bug_widget
global ts_only
global darwin_cotvnc_blist
global showing_no_encryption no_enc_button no_enc_prev
if {$ts_only} {
set_ts_options
return
......@@ -13445,6 +13824,13 @@ proc set_options {} {
radiobutton .o.b$i -anchor w -variable sshssl_sw -value sshssl -text \
"Use SSH + SSL" -command {ssl_ssh_adjust sshssl}
set iss $i
set no_enc_prev .o.b$i
incr i
radiobutton .o.b$i -anchor w -variable sshssl_sw -value none -text \
"No Encryption" -command {ssl_ssh_adjust none}
set no_enc_button .o.b$i
set ine $i
incr i
checkbutton .o.b$i -anchor w -variable use_x11vnc_find -text \
......@@ -13453,18 +13839,13 @@ proc set_options {} {
set x11vnc_find_widget ".o.b$i"
incr i
checkbutton .o.b$i -anchor w -variable use_x11vnc_xlogin -text \
"Automatically Find X Login/Greeter" -command {x11vnc_find_adjust "xlogin"}
if {!$use_ssh && !$use_sshssl} {.o.b$i configure -state disabled}
set x11vnc_xlogin_widget ".o.b$i"
incr i
if {! $is_windows} {
checkbutton .o.b$i -anchor w -variable use_unixpw -text \
"Unix Username & Password" -command {unixpw_adjust}
if {$is_windows} {.o.b$i configure -state disabled}
if {$darwin_cotvnc} {.o.b$i configure -state disabled}
set darwin_cotvnc_blist(.o.b$i) 1
incr i
}
checkbutton .o.b$i -anchor w -variable use_listen -text \
"Reverse VNC Connection (-LISTEN)" -command {listen_adjust; if {$vncdisplay == ""} {set vncdisplay ":0"} else {set vncdisplay ""}; if {$use_listen} {destroy .o}}
......@@ -13499,11 +13880,21 @@ proc set_options {} {
set darwin_cotvnc_blist(.o.b$i) 1
incr i
if {$uname == "Darwin"} {
checkbutton .o.b$i -anchor w -variable use_x11_macosx -text \
"Use X11 vncviewer on MacOSX" \
-command {if {$use_x11_macosx} {set darwin_cotvnc 0} else {set darwin_cotvnc 1}; set_darwin_cotvnc_buttons}
if {$uname != "Darwin"} {.o.b$i configure -state disabled}
incr i
}
if {$is_windows} {
global kill_stunnel
checkbutton .o.b$i -anchor w -variable kill_stunnel -text \
"Kill Stunnel Automatically"
incr i
}
menubutton .o.b$i -anchor w -menu .o.b$i.m -textvariable compresslevel_text -relief groove
set compresslevel_text "Compress Level: $use_compresslevel"
......@@ -13543,8 +13934,6 @@ proc set_options {} {
}
incr i
set oldmode 0
global use_mode ts_only ssh_only
if {$ts_only} {
set use_mode "Terminal Services (tsvnc)"
......@@ -13555,7 +13944,7 @@ proc set_options {} {
}
global mode_text
set mode_text "Mode: $use_mode"
if {! $oldmode} {
menubutton .o.b$i -anchor w -menu .o.b$i.m -textvariable mode_text -relief groove
menu .o.b$i.m -tearoff 0
......@@ -13566,6 +13955,16 @@ proc set_options {} {
.o.b$i.m add radiobutton -variable use_mode -value "Terminal Services (tsvnc)" \
-label "Terminal Services (tsvnc)" -command {to_tsonly; set mode_text "Mode: Terminal Services (tsvnc)"; destroy .o}
incr i
global started_with_noenc
if {$started_with_noenc && $showing_no_encryption} {
;
} else {
checkbutton .o.b$i -anchor w -variable showing_no_encryption -text \
"Show 'No Encryption' Option" -relief raised -pady 5 \
-command {toggle_no_encryption 1}
incr i
}
for {set j 1} {$j < $i} {incr j} {
......@@ -13576,6 +13975,10 @@ proc set_options {} {
if {$ts_only && $j <= 3} {
continue;
}
if {!$showing_no_encryption && $j == $ine} {
continue;
}
pack .o.b$j -side top -fill x
}
......@@ -13591,11 +13994,7 @@ proc set_options {} {
# button .o.s_prof -text "Save Profile ..." -command {save_profile .o; raise .o}
# button .o.l_prof -text " Load Profile ..." -command {load_profile .o; raise .o}
if {$oldmode} {
button .o.ssv -anchor w -text " SSVNC Mode" -command {to_ssvnc; destroy .o}
button .o.ssh -anchor w -text " SSH-Only Mode" -command {to_sshonly; destroy .o}
button .o.tso -anchor w -text " Terminal Svc Mode" -command {to_tsonly; destroy .o}
}
global uname
set t1 " Advanced ..."
set t2 " Clear Options"
......@@ -13617,12 +14016,6 @@ proc set_options {} {
# pack .o.s_prof -side top -fill x
# pack .o.l_prof -side top -fill x
if {$oldmode} {
pack .o.ssv -side top -fill x
pack .o.ssh -side top -fill x
pack .o.tso -side top -fill x
}
frame .o.b
button .o.b.done -text "Done" -command {destroy .o}
bind .o <Escape> {destroy .o}
......@@ -13674,10 +14067,15 @@ proc check_writable {} {
proc print_help {} {
global help_main help_prox help_misc help_tips
set b "\n============================================================================\n"
help
set str [.h.f.t get 1.0 end]
puts "${b}Help:\n$str"
#set str [.h.f.t get 1.0 end]
#puts "${b}Help:\n$str"
puts "${b}Help Main:\n$help_main"
puts "${b}Help Proxies:\n$help_prox"
puts "${b}Help Misc:\n$help_misc"
puts "${b}Help Tips:\n$help_tips"
destroy .h
help_opts
......@@ -13705,28 +14103,502 @@ proc print_help {} {
puts "${b}Fetch Certificates Help:\n$str"
destroy .fh
create_cert
set str [.ccrt.f.t get 1.0 end]
puts "${b}Create SSL Certificate Dialog:\n$str"
destroy .ccrt
import_cert
set str [.icrt.f.t get 1.0 end]
puts "${b}Import SSL Certificate Dialog:\n$str"
destroy .icrt
global cert_text
set cert_text "empty"
save_cert "help:0"
set str [.scrt.f.t get 1.0 end]
puts "${b}Save SSL Certificate Dialog:\n$str"
destroy .scrt
ts_help
set str [.h.f.t get 1.0 end]
puts "${b}Terminal Services Help:\n$str"
destroy .h
help_ts_opts
set str [.oh.f.t get 1.0 end]
puts "${b}Terminal Services VNC Options Help:\n$str"
destroy .oh
ts_unixpw_dialog
set str [.uxpw.f.t get 1.0 end]
puts "${b}Terminal Services Use unixpw Dialog:\n$str"
destroy .uxpw
ts_vncshared_dialog
set str [.vncs.f.t get 1.0 end]
puts "${b}Terminal Services VNC Shared Dialog:\n$str"
destroy .vncs
ts_multi_dialog
set str [.mult.f.t get 1.0 end]
puts "${b}Terminal Services Multiple Sessions Dialog:\n$str"
destroy .mult
ts_xlogin_dialog
set str [.xlog.f.t get 1.0 end]
puts "${b}Terminal Services X Login Dialog:\n$str"
destroy .xlog
ts_othervnc_dialog
set str [.ovnc.f.t get 1.0 end]
puts "${b}Terminal Services Other VNC Server Dialog:\n$str"
destroy .ovnc
ts_ncache_dialog
set str [.nche.f.t get 1.0 end]
puts "${b}Terminal Services Client-Side Caching Dialog:\n$str"
destroy .nche
ts_x11vnc_opts_dialog
set str [.x11v.f.t get 1.0 end]
puts "${b}Terminal Services x11vnc Options Dialog:\n$str"
destroy .x11v
ts_filexfer_dialog
set str [.xfer.f.t get 1.0 end]
puts "${b}Terminal Services File Transfer Dialog:\n$str"
destroy .xfer
ts_sound_dialog
set str [.snd.f.t get 1.0 end]
puts "${b}Terminal Services Sound Tunnelling Dialog:\n$str"
destroy .snd
ts_cups_dialog
set str [.cups.f.t get 1.0 end]
puts "${b}Terminal Services CUPS Dialog:\n$str"
destroy .cups
help_ssvncviewer_opts
set str [.av.f.t get 1.0 end]
puts "${b}Unix SSVNC viewer Options Help:\n$str"
destroy .av
change_vncviewer_dialog
set str [.chviewer.t get 1.0 end]
puts "${b}Unix Change VNC Viewer Dialog:\n$str"
destroy .chviewer
cups_dialog
set str [.cups.f.t get 1.0 end]
puts "${b}CUPS Dialog:\n$str"
destroy .cups
sound_dialog
set str [.snd.f.t get 1.0 end]
puts "${b}ESD Audio Tunnelling Dialog:\n$str"
destroy .snd
smb_dialog
set str [.smb.f.t get 1.0 end]
puts "${b}SMB Mounting Dialog:\n$str"
destroy .smb
port_redir_dialog
set str [.redirs.t get 1.0 end]
puts "${b}Additional Port Redirections Dialog:\n$str"
destroy .redirs
port_knocking_dialog
set str [.pk.f.t get 1.0 end]
puts "${b}Port Knocking Dialog:\n$str"
destroy .pk
ssvnc_escape_help
set str [.ekh.f.t get 1.0 end]
puts "${b}SSVNC Escape Keys Help:\n$str"
destroy .ekh
stunnel_sec_dialog
set str [.stlsec.f.t get 1.0 end]
puts "${b}STUNNEL Local Port Protections Dialog:\n$str"
destroy .stlsec
disable_ssl_workarounds_dialog
set str [.sslwrk.f.t get 1.0 end]
puts "${b}Disable SSL Workarounds Dialog:\n$str"
destroy .sslwrk
ultra_dsm_dialog
set str [.ultradsm.f.t get 1.0 end]
puts "${b}UltraVNC DSM Encryption Plugin Dialog:\n$str"
destroy .ultradsm
ssh_sec_dialog
set str [.sshsec.t get 1.0 end]
puts "${b}SSH Local Port Protections Dialog:\n$str"
destroy .sshsec
multilisten_dialog
set str [.multil.t get 1.0 end]
puts "${b}Multiple LISTEN Connections Dialog:\n$str"
destroy .multil
use_grab_dialog
set str [.usegrb.t get 1.0 end]
puts "${b}Use XGrabServer (for fullscreen) Dialog:\n$str"
destroy .usegrb
}
proc zeroconf_fill {b m} {
global is_windows zeroconf_command last_post
if {$is_windows} {
return;
}
if {![info exists last_post]} {
set last_post 0
}
set now [clock seconds]
if {$now < [expr $last_post + 10]} {
# cache menu for 10 secs.
return
}
. config -cursor {watch}
$b config -cursor {watch}
$b configure -state disabled
$m delete 0 end
update
set emsg ""
set output ""
set none "No VNC servers detected"
set rc 1
set rd 0
if {$zeroconf_command == "avahi-browse"} {
set rc [catch {set output [exec avahi-browse -r -t -p -k _rfb._tcp 2>/dev/null]} emsg]
} elseif {$zeroconf_command == "dns-sd"} {
set rc [catch {set output [exec /bin/sh -c {pid=$$; export pid; (sleep 1; kill $pid) & exec dns-sd -B _rfb._tcp} 2>/dev/null]} emsg]
set rd 1
} elseif {$zeroconf_command == "mDNS"} {
set rc [catch {set output [exec /bin/sh -c {pid=$$; export pid; (sleep 1; kill $pid) & exec mDNS -B _rfb._tcp} 2>/dev/null]} emsg]
set rd 1
}
#puts "rc=$rc output=$output"
if {$rd == 1 && $rc != 0} {
if [regexp {_rfb} $emsg] {
set rc 0
set output $emsg
}
}
set count 0
if {$rc != 0} {
$m add command -label $none
incr count
} elseif {$output == "" || [regexp {^[ \t\n]*$} $output]} {
$m add command -label $none
incr count
} elseif {$zeroconf_command == "avahi-browse"} {
set lines [split $output "\n"]
set saw("__none__") 1
foreach line $lines {
set items [split $line ";"]
if {[llength $items] != 10} {
continue
}
if {[lindex $items 0] != "="} {
continue
}
# =;eth0;IPv4;tmp2\0582;_rfb._tcp;local;tmp2.local;10.0.2.252;5902;
set eth [lindex $items 1]
set ipv [lindex $items 2]
set name [lindex $items 3]
set type [lindex $items 4]
set loc [lindex $items 5]
set host [lindex $items 6]
set ip [lindex $items 7]
set port [lindex $items 8]
if {![regexp -nocase {ipv4} $ipv]} {
continue
}
set name0 $name
regsub -all {\\\\} $name "__bockslosh__" name
regsub -all {\\\.} $name "." name
set n 0
while {1} {
incr n
if {$n > 100} {
break
}
if {[regexp {\\[0-9][0-9][0-9]} $name match]} {
#puts "match1=$match"
regsub {\\} $match "" match
set d $match
regsub {^0*} $d "" d
set c [format "%c" $d]
if {"$c" == "&"} {
set c "\\$c"
}
regsub "\\\\$match" $name $c name
#puts "match: $match c='$c'\nname=$name"
} else {
break
}
}
regsub -all {__bockslosh__} $name "\\" name
set hp $host
if {$port >= 5900 && $port <= 6100} {
set d [expr $port - 5900]
set hp "$host:$d"
} else {
set hp "$host:$port"
}
if {![info exists saw($name)]} {
regsub -all {[^[:alnum:],./:@%_=+-]} $hp "" hp
$m add command -label "$name - $hp" -command "set vncdisplay \"$hp\""
incr count
set p $port
if {$p <= 200} {
set p "-$port"
}
regsub -all {[^[:alnum:],./:@%_=+-]} "$ip:$p" "" ipp
$m add command -label "$name - $ipp" -command "set vncdisplay \"$ipp\""
incr count
set saw($name) 1
}
}
} else {
set lines [split $output "\n"]
set saw("__none__") 1
global dns_sd_cache last_dns_sd
if {![info exists last_dns_sd]} {
set last_dns_sd 0
}
if {[clock seconds] > [expr $last_dns_sd + 1800]} {
unset -nocomplain dns_sd_cache
set last_dns_sd [clock seconds]
}
foreach line $lines {
if [regexp -nocase {^Browsing} $line] {
continue;
}
if [regexp -nocase {^Timestamp} $line] {
continue;
}
if [regexp -nocase {killed:} $line] {
continue;
}
if {![regexp {_rfb\._tcp} $line]} {
continue;
}
regsub {[ \t\n]*$} $line "" line
regsub {^.*_rfb\._tcp[^ ]* *} $line "" name
if {[info exists saw($name)]} {
continue
}
set saw($name) 1
set hp "$name"
if {[info exists dns_sd_cache($name)]} {
set hp $dns_sd_cache($name)
} else {
global env
regsub -all {["']} $name "" name2
set env(DNS_SD_LU) $name2
set emsg ""
if {$zeroconf_command == "dns-sd"} {
set rc [catch {set output [exec /bin/sh -c {pid=$$; export pid; (sleep 1; kill $pid) & exec dns-sd -L "$DNS_SD_LU" _rfb._tcp .} 2>/dev/null]} emsg]
} elseif {$zeroconf_command == "mDNS"} {
set rc [catch {set output [exec /bin/sh -c {pid=$$; export pid; (sleep 1; kill $pid) & exec mDNS -L "$DNS_SD_LU" _rfb._tcp .} 2>/dev/null]} emsg]
regsub -all {[ \t][ \t]*:} $emsg ":" emsg
}
regsub -all { *} $emsg " " emsg
if [regexp -nocase {be reached at *([^ \t\n][^ \t\n]*)} $emsg match hpm] {
if [regexp {^(.*):([0-9][0-9]*)$} $hpm mv hm pm] {
if {$pm >= 5900 && $pm <= 6100} {
set pm [expr $pm - 5900]
}
set hp "$hm:$pm"
} else {
set hp $hpm
}
set dns_sd_cache($name) $hp
} else {
set hp "$name"
if {![regexp {:[0-9][0-9]*$} $hp]} {
set hp "$name:0"
}
}
}
regsub -all {[^[:alnum:],./:@%_=+-]} $hp "" hp
$m add command -label "$name - $hp" -command "set vncdisplay \"$hp\""
incr count
}
}
$b configure -state normal
. config -cursor {}
$b config -cursor {}
if {$count == 0} {
$m add command -label $none
}
set last_post [clock seconds]
}
proc check_zeroconf_browse {} {
global is_windows zeroconf_command
set zeroconf_command ""
if {$is_windows} {
return 0;
}
set p ""
set r [catch {set p [exec /bin/sh -c {type avahi-browse}]}]
if {$r == 0} {
regsub {^.* is *} $p "" p
regsub -all {[ \t\n\r]} $p "" p
if [file exists $p] {
set zeroconf_command "avahi-browse"
return 1
}
}
set p ""
set r [catch {set p [exec /bin/sh -c {type dns-sd}]}]
if {$r == 0} {
regsub {^.* is *} $p "" p
regsub -all {[ \t\n\r]} $p "" p
if [file exists $p] {
set zeroconf_command "dns-sd"
global env
if [info exists env(USE_MDNS)] {
# testing
set zeroconf_command "mDNS"
}
return 1
}
}
set p ""
set r [catch {set p [exec /bin/sh -c {type mDNS}]}]
if {$r == 0} {
regsub {^.* is *} $p "" p
regsub -all {[ \t\n\r]} $p "" p
if [file exists $p] {
set zeroconf_command "mDNS"
return 1
}
}
return 0
}
proc toggle_no_encryption {{rev 0}} {
global showing_no_encryption
global no_enc_button no_enc_prev
global ts_only ssh_only
global use_ssl use_ssh use_sshssl
if {$rev} {
# reverse it first
if {$showing_no_encryption} {
set showing_no_encryption 0
} else {
set showing_no_encryption 1
}
}
if {$showing_no_encryption} {
catch {pack forget .f4.none}
catch {pack forget $no_enc_button}
if {!$use_ssl && !$use_ssh && !$use_sshssl} {
set use_ssl 1
sync_use_ssl_ssh
}
set showing_no_encryption 0
} else {
if {$ts_only || $ssh_only} {
return
}
catch {pack .f4.none -side left}
if {![info exists no_enc_button]} {
catch {destroy .o}
} elseif {![winfo exists $no_enc_button]} {
catch {destroy .o}
} else {
catch {pack $no_enc_button -after $no_enc_prev -fill x}
}
set showing_no_encryption 1
}
}
proc toggle_vnc_prefix {} {
global vncdisplay
if [regexp -nocase {^vnc://} $vncdisplay] {
regsub -nocase {^vnc://} $vncdisplay "" vncdisplay
} else {
regsub -nocase {^[A-z+]*://} $vncdisplay "" vncdisplay
set vncdisplay "Vnc://$vncdisplay"
}
catch {.f0.e icursor end}
}
global env
set is_windows 0
set help_font "-font fixed"
if {[regexp -nocase {Windows.9} $tcl_platform(os)]} {
set is_win9x 1
} else {
set is_win9x 0
}
set ffont "fixed"
set help_font "-font $ffont"
if { [regexp -nocase {Windows} $tcl_platform(os)]} {
cd util
set help_font ""
set is_windows 1
}
if {[regexp -nocase {Windows.9} $tcl_platform(os)]} {
set is_win9x 1
} else {
set is_win9x 0
# need to check if "fixed" font under XFT on tk8.5 is actually fixed width!!
if {$tcl_platform(platform) == "unix"} {
set ls ""
catch {set ls [font metrics $ffont -linespace]}
set fs ""
catch {set fs [font metrics $ffont -fixed]}
set redo 0
if {$fs != "" && $fs != "1"} {
set redo 1
}
if {$ls != "" && $ls > 14} {
set redo 1
}
if {$redo} {
foreach fn [font names] {
if {$fn == "TkFixedFont"} {
set ffont $fn
break
}
}
}
set help_font "-font $ffont"
}
# set SSVNC_HOME to HOME in case we modify it for mobile use:
if [info exists env(HOME)] {
if {! [info exists env(SSVNC_HOME)]} {
......@@ -13814,6 +14686,12 @@ set ts_xserver_type_def ""
global win_localhost
set win_localhost "127.0.0.1"
global kill_stunnel
set kill_stunnel 0
global started_with_noenc
set started_with_noenc 0
if [file exists $ssvncrc] {
set fh ""
catch {set fh [open $ssvncrc "r"]}
......@@ -13849,6 +14727,14 @@ if [file exists $ssvncrc] {
set val [string trim $val]
set ts_xserver_type_def $val
}
if [regexp {^noenc=1} $str] {
global env
set env(SSVNC_DISABLE_ENCRYPTION_BUTTON) 1
set started_with_noenc 1
}
if [regexp {^killstunnel=1} $str] {
set kill_stunnel 1
}
}
close $fh
}
......@@ -13901,6 +14787,13 @@ for {set i 0} {$i < $argc} {incr i} {
} elseif {$item == "-nvb"} {
global env
set env(SSVNC_NO_VERIFY_ALL_BUTTON) 1
} elseif {$item == "-noenc"} {
global env
set env(SSVNC_DISABLE_ENCRYPTION_BUTTON) 1
set started_with_noenc 1
} elseif {$item == "-enc"} {
global env
set env(SSVNC_DISABLE_ENCRYPTION_BUTTON) 0
} elseif {$item == "-bigger"} {
global env
if {![info exists env(SSVNC_BIGGER_DIALOG)]} {
......@@ -13919,6 +14812,10 @@ for {set i 0} {$i < $argc} {incr i} {
global env
set env(SSVNC_TS_ALWAYS) 1
set saw_ts_only 1
} elseif {$item == "-killstunnel"} {
set kill_stunnel 1
} elseif {$item == "-skill"} {
set kill_stunnel 1
}
}
......@@ -14026,8 +14923,15 @@ if {$multientry} {
}
entry .f0.e -width $we -textvariable vncdisplay
pack .f0.l -side left
pack .f0.e -side left -expand 1 -fill x
bind .f0.e <Return> launch
bind .f0.e <Control-E> {toggle_vnc_prefix}
pack .f0.e -side left -expand 1 -fill x
if {[check_zeroconf_browse]} {
menubutton .f0.mb -relief ridge -menu .f0.mb.m -text "Find"
menu .f0.mb.m -tearoff 0 -postcommand {zeroconf_fill .f0.mb .f0.mb.m}
pack .f0.mb -side left
}
frame .f1
label .f1.l -width $wl -anchor w -text "VNC Password:" -relief ridge
......@@ -14067,12 +14971,22 @@ set remote_ssh_cmd_list {.f3.e .f3.l}
frame .f4
radiobutton .f4.ssl -anchor w -variable sshssl_sw -value ssl -command {ssl_ssh_adjust ssl} -text "Use SSL"
radiobutton .f4.ssh -anchor w -variable sshssl_sw -value ssh -command {ssl_ssh_adjust ssh} -text "Use SSH"
radiobutton .f4.sshssl -anchor w -variable sshssl_sw -value sshssl -command {ssl_ssh_adjust sshssl} -text "SSH + SSL "
radiobutton .f4.sshssl -anchor w -variable sshssl_sw -value sshssl -command {ssl_ssh_adjust sshssl} -text "SSH + SSL"
pack .f4.ssl .f4.ssh .f4.sshssl -side left -fill x
set showing_no_encryption 0
radiobutton .f4.none -anchor w -variable sshssl_sw -value none -command {ssl_ssh_adjust none} -text "None "
if [disable_encryption] {
pack .f4.none -side left
set showing_no_encryption 1
}
global skip_verify_accepted_certs
set skip_verify_accepted_certs 0
global anon_dh_detected
set anon_dh_detected 0
global vencrypt_detected
set vencrypt_detected ""
global always_verify_ssl
set always_verify_ssl 1;
......@@ -14165,7 +15079,9 @@ bind .l <Shift-ButtonRelease> {toggle_tsonly}
bind . <Control-h> {toggle_sshonly}
bind . <Control-T> {to_ssvnc}
bind . <Control-a> {set_advanced_options}
bind . <Control-o> {set_options}
bind . <Control-u> {set_ssvncviewer_options}
bind . <Control-e> {toggle_no_encryption}
global entered_gui_top button_gui_top
set entered_gui_top 0
......
x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvnc.1
View file @ 41c7b74a
......@@ -8,7 +8,7 @@
.\" License as specified in the file LICENCE.TXT that comes with the
.\" TightVNC distribution.
.\"
.TH ssvnc 1 "September 2008" "" "SSVNC"
.TH ssvnc 1 "November 2008" "" "SSVNC"
.SH NAME
ssvnc \- a GUI wrapper for SSL and SSH VNC connections.
.SH SYNOPSIS
......@@ -21,7 +21,7 @@ ssvnc \- a GUI wrapper for SSL and SSH VNC connections.
.RI [\| saved-profile-name \|]
.br
.B ssvnc
.RI [\| options \|][\| host-or-profile \]
.RI [\| options \|]\ [\| host-or-profile \]
.br
.B ssvnc
.IR \--help
......@@ -49,7 +49,8 @@ E.g. "fred@far-away.east:0".
As an easter egg, we note it is also possible to disable the use of SSL/SSH
encryption tunnels by using a vnc:// or Vnc:// prefix before
host:display.
host:display. Shift+Ctrl-E is a short-cut to add/remove it.
See also the \fB-noenc\fR option below.
Normally you do not specify any command line options. You simply
run \fBssvnc\fR and use the GUI that starts up.
......@@ -59,7 +60,7 @@ on the command line to connect to immediately (the GUI is started
and the connection is initiated). For example, "\fBssvnc far-away.east:0\fR"
Instead of a host:display, you can specify the name of a saved profile to
automatically load that profile and then connect to its server.
For example "\fBssvnc far\fR", if you name the profile "far".
For example "\fBssvnc far\fR", if you named the profile "far".
You can use the \fB-profiles\fR option to list the profiles you have saved.
The related commands \fBsshvnc\fR and \fBtsvnc\fR start up the GUI in
......@@ -108,6 +109,18 @@ Same as SSVNC_NO_VERIFY_ALL_BUTTON=1.
\fB\-bigger\fR
Make the Profile Selection Dialog window bigger.
Same as SSVNC_BIGGER_DIALOG=1.
.TP
\fB\-noenc\fR
Start off in a mode where a 'No Encryption' check button is present.
You can toggle the mode with Ctrl-E.
Same as SSVNC_DISABLE_ENCRYPTION_BUTTON=1. Or noenc=1 in ~/.ssvncrc.
Selecting no encryption is the same as the vnc:// and Vnc:// prefixes
described below.
.TP
\fB\-killstunnel\fR
On Windows, automatically terminate the STUNNEL process when the viewer
exits instead of prompting you (same as killstunnel=1 in ssvnc_rc or
toggle in Options menu)
.SH URL NOTATION
Here are all of our URL-like prefixes that you can put in front of
host:display (or host:port):
......@@ -116,7 +129,7 @@ For SSL: vncs:// vncssl:// and vnc+ssl://
For SSH: vncssh:// and vnc+ssh://
For No Encryption Tunnel: vnc:// and Vnc://
For No Encryption: vnc:// and Vnc://
Examples:
......@@ -128,6 +141,10 @@ To quickly make a direct connection: \fBssvnc Vnc://snoopy.com:0\fR
The above will also work in the "VNC Host:Display" entry box in the GUI.
Press the "Connect" button after entering them.
The difference between vnc:// and Vnc:// is that the latter one will not
prompt you whether you really want to make an unencrypted connection
or not.
.SH FILES
Your SSVNC vnc profiles are stored in the \fB$HOME/.vnc/profiles\fR
directory. They end in suffix \fB.vnc\fR
......
x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle
View file @ 41c7b74a
#!/bin/sh
rm -rf ./src/tmp/* || exit 1
vers=1.0.21
vers=1.0.22
cd .. || exit 1
......@@ -12,7 +12,7 @@ dest=./t.unix_only
rm -rf $dest
mkdir -p $dest || exit 1
tar cvf - ssvnc/{README,COPYING} ssvnc/bin ssvnc/Unix | (cd $dest; tar xvf -)
tar cvf - ssvnc/{README,COPYING,ssvnc.desktop} ssvnc/bin ssvnc/Unix | (cd $dest; tar xvf -)
rm -f $dest/ssvnc/bin/.linkin
tar=ssvnc_unix_only-${vers}.tar.gz
......@@ -25,8 +25,7 @@ dest=./t.unix_minimal
rm -rf $dest
mkdir -p $dest || exit 1
#tar cvf - ssvnc/{README,COPYING} ssvnc/bin/{ss*,util/ss*} ssvnc/Unix | (cd $dest; tar xvf -)
tar cvf - ssvnc/{README,COPYING} ssvnc/bin/{ss*,util/ss*} | (cd $dest; tar xvf -)
tar cvf - ssvnc/{README,COPYING,ssvnc.desktop} ssvnc/bin/{ss*,util/ss*} | (cd $dest; tar xvf -)
tar=ssvnc_unix_minimal-${vers}.tar.gz
(cd $dest; tar czvf ../$tar ssvnc)
......@@ -46,7 +45,7 @@ data__() {'
scr=./ssvnc.sh
echo "$top" > $scr
(cd ssvnc; tar cvf - README COPYING bin/{ss*,util/ss*}) >> $scr
(cd ssvnc; tar cvf - README COPYING ssvnc.desktop bin/{ss*,util/ss*}) >> $scr
chmod 755 $scr
ls -l $scr
......
x11vnc/misc/enhanced_tightvnc_viewer/src/patches/stunnel-maxconn.patch
View file @ 41c7b74a
diff -Naur stunnel.orig/src/client.c stunnel/src/client.c
--- stunnel.orig/src/client.c 2005-10-24 14:00:56.000000000 -0400
+++ stunnel/src/client.c 2006-07-31 21:51:37.000000000 -0400
@@ -126,6 +126,10 @@
--- stunnel.orig/src/client.c 2008-03-27 04:35:27.000000000 -0400
+++ stunnel/src/client.c 2008-11-19 21:40:00.000000000 -0500
@@ -191,6 +191,7 @@
enter_critical_section(CRIT_CLIENTS); /* for multi-cpu machines */
s_log(LOG_DEBUG, "%s finished (%d left)", c->opt->servname,
--num_clients);
+ if (getenv("STUNNEL_ONCE")) {fprintf(stderr, "stunnel: exiting.\n"); exit(0);}
leave_critical_section(CRIT_CLIENTS);
+ if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
+ s_log(LOG_NOTICE, "client() finished: exceeded maxconn");
+ exit(0);
+ }
#endif
free(c);
#ifdef DEBUG_STACK_SIZE
}
diff -Naur stunnel.orig/src/network.c stunnel/src/network.c
--- stunnel.orig/src/network.c 2005-10-30 16:35:42.000000000 -0500
+++ stunnel/src/network.c 2006-07-31 21:53:49.000000000 -0400
@@ -329,6 +329,10 @@
--- stunnel.orig/src/network.c 2008-03-27 05:28:16.000000000 -0400
+++ stunnel/src/network.c 2008-11-19 21:39:41.000000000 -0500
@@ -346,6 +346,7 @@
/* no logging is possible in a signal handler */
#ifdef USE_FORK
num_clients--; /* one client less */
+ if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
+ s_log(LOG_NOTICE, "sigchld_handler() finished: exceeded maxconn");
+ exit(0);
+ }
--num_clients; /* one client less */
+ if (getenv("STUNNEL_ONCE")) exit(0);
#endif /* USE_FORK */
}
#else /* __sgi */
@@ -375,6 +379,10 @@
@@ -432,9 +433,11 @@
#ifdef HAVE_WAIT_FOR_PID
while((pid=wait_for_pid(-1, &status, WNOHANG))>0) {
--num_clients; /* one client less */
+ if (getenv("STUNNEL_ONCE")) exit(0);
#else
if((pid=wait(&status))>0) {
num_clients--; /* one client less */
--num_clients; /* one client less */
+ if (getenv("STUNNEL_ONCE")) exit(0);
#endif
+ if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
+ s_log(LOG_NOTICE, "client_status() finished: exceeded maxconn");
+ exit(0);
+ }
#ifdef WIFSIGNALED
if(WIFSIGNALED(status)) {
s_log(LOG_DEBUG, "Process %d terminated on signal %d (%d left)",
diff -Naur stunnel.orig/src/options.c stunnel/src/options.c
--- stunnel.orig/src/options.c 2005-10-20 03:12:07.000000000 -0400
+++ stunnel/src/options.c 2006-07-31 22:49:57.000000000 -0400
@@ -665,6 +665,24 @@
--- stunnel.orig/src/options.c 2008-06-21 17:18:23.000000000 -0400
+++ stunnel/src/options.c 2008-11-19 21:15:01.000000000 -0500
@@ -465,6 +465,7 @@
switch(cmd) {
case CMD_INIT:
options.option.syslog=1;
+ if (getenv("STUNNEL_NO_SYSLOG")) options.option.syslog=0;
break;
}
+ /* maxconn */
+ switch(cmd) {
+ case CMD_INIT:
+ options.maxconn=0;
+ break;
+ case CMD_EXEC:
+ if(strcasecmp(opt, "maxconn"))
+ break;
+ options.maxconn=atoi(arg);
+ return NULL; /* OK */
+ case CMD_DEFAULT:
+ log_raw("%-15s = 0", "maxconn");
+ break;
+ case CMD_HELP:
+ log_raw("%-15s = maximum number of accepted connections", "maxconn");
+ break;
+ }
+
if(cmd==CMD_EXEC)
return option_not_found;
return NULL; /* OK */
diff -Naur stunnel.orig/src/prototypes.h stunnel/src/prototypes.h
--- stunnel.orig/src/prototypes.h 2005-10-27 05:41:28.000000000 -0400
+++ stunnel/src/prototypes.h 2006-07-31 22:49:36.000000000 -0400
@@ -44,6 +44,7 @@
/**************************************** Prototypes for stunnel.c */
extern int num_clients;
+extern int num_conn;
void main_initialize(char *, char *);
void main_execute(void);
@@ -113,6 +114,7 @@
long session_timeout;
int verify_level;
int verify_use_only_my;
+ int maxconn;
long ssl_options;
/* some global data for stunnel.c */
case CMD_EXEC:
if(strcasecmp(opt, "syslog"))
diff -Naur stunnel.orig/src/stunnel.c stunnel/src/stunnel.c
--- stunnel.orig/src/stunnel.c 2005-11-02 15:18:42.000000000 -0500
+++ stunnel/src/stunnel.c 2006-07-31 21:40:04.000000000 -0400
@@ -53,6 +53,7 @@
--- stunnel.orig/src/stunnel.c 2008-06-21 17:32:45.000000000 -0400
+++ stunnel/src/stunnel.c 2008-11-19 21:14:28.000000000 -0500
@@ -301,6 +301,7 @@
}
#endif
int num_clients=0; /* Current number of clients */
+int num_conn=0; /* Total number of connections */
/* Functions */
@@ -138,6 +139,7 @@
#endif
+ if (getenv("STUNNEL_MAX_CLIENTS")) max_clients = atoi(getenv("STUNNEL_MAX_CLIENTS"));
}
num_clients=0;
+ num_conn=0;
/* bind local ports */
for(opt=local_options.next; opt; opt=opt->next) {
@@ -222,6 +224,18 @@
return; /* error */
}
}
+ num_conn++;
+fprintf(stderr, "num_conn: %d\n", num_conn);
+ if (options.maxconn > 0 && num_conn > options.maxconn) {
+ s_log(LOG_WARNING, "Connection rejected: exceeded maxconn (%d>%d)",
+ num_conn, options.maxconn);
+ closesocket(s);
+ if (num_clients == 0) {
+ s_log(LOG_WARNING, "Finished via maxconn.");
+ exit(0);
+ }
+ return;
+ }
s_ntop(from_address, &addr);
s_log(LOG_DEBUG, "%s accepted FD=%d from %s",
opt->servname, s, from_address);
#if !defined (USE_WIN32) && !defined (__vms) && !defined(USE_OS2)
x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-full.patch
View file @ 41c7b74a
......@@ -664,7 +664,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/Vncviewer vnc_unixsrc/vncview
+
diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/vncviewer/argsresources.c
--- vnc_unixsrc.orig/vncviewer/argsresources.c 2007-02-04 17:10:31.000000000 -0500
+++ vnc_unixsrc/vncviewer/argsresources.c 2008-10-29 08:20:51.000000000 -0400
+++ vnc_unixsrc/vncviewer/argsresources.c 2008-11-16 14:26:47.000000000 -0500
@@ -31,9 +31,9 @@
char *fallback_resources[] = {
......@@ -1809,7 +1809,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
/*
@@ -347,73 +1267,161 @@
@@ -347,73 +1267,191 @@
void
GetArgsAndResources(int argc, char **argv)
{
......@@ -1891,6 +1891,41 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
+ if (appData.escapeKeys != NULL) {
+ appData.escapeActive = True;
+ }
+
+ if (appData.useBGR233 && appData.useBGR565) {
+ appData.useBGR233 = 0;
+ }
+
+ if (getenv("SSVNC_ULTRA_FTP_JAR") == NULL && programName != NULL) {
+ int len = strlen(programName) + 200;
+ char *q, *jar = (char *) malloc(len);
+
+ sprintf(jar, "%s", programName);
+ q = strrchr(jar, '/');
+ if (q) {
+ struct stat sb;
+ *(q+1) = '\0';
+ strcat(jar, "../lib/ssvnc/util/ultraftp.jar");
+ if (stat(jar, &sb) == 0) {
+ char *put = (char *) malloc(len);
+ sprintf(put, "SSVNC_ULTRA_FTP_JAR=%s", jar);
+ fprintf(stderr, "Setting: %s\n\n", put);
+ putenv(put);
+ } else {
+ sprintf(jar, "%s", programName);
+ q = strrchr(jar, '/');
+ *(q+1) = '\0';
+ strcat(jar, "util/ultraftp.jar");
+ if (stat(jar, &sb) == 0) {
+ char *put = (char *) malloc(len);
+ sprintf(put, "SSVNC_ULTRA_FTP_JAR=%s", jar);
+ fprintf(stderr, "Setting: %s\n\n", put);
+ putenv(put);
+ }
+ }
+ }
+ free(jar);
+ }
+
/* Add our actions to the actions table so they can be used in widget
......@@ -1962,10 +1997,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
+ return;
+ }
+
+ if (appData.useBGR233 && appData.useBGR565) {
+ appData.useBGR233 = 0;
+ }
+
+ if (argc == 1) {
+ vncServerName = DoServerDialog();
+ appData.passwordDialog = True;
......@@ -1982,7 +2013,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
+ }
+ }
+
+
+ if (strlen(vncServerName) > 255) {
+ fprintf(stderr,"VNC server name too long\n");
+ exit(1);
......@@ -6331,7 +6361,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
}
diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncviewer/dialogs.c
--- vnc_unixsrc.orig/vncviewer/dialogs.c 2000-10-26 15:19:19.000000000 -0400
+++ vnc_unixsrc/vncviewer/dialogs.c 2008-10-29 08:04:15.000000000 -0400
+++ vnc_unixsrc/vncviewer/dialogs.c 2008-11-16 12:09:19.000000000 -0500
@@ -26,6 +26,393 @@
static Bool serverDialogDone = False;
......@@ -6740,7 +6770,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncview
+ if (appData.popupFix) {
+ popupFixer(pshell);
+ }
+ dialog_input(pshell);
+ //dialog_input(pshell);
+ wm_delete(pshell, "ServerDialogDone()");
+
serverDialogDone = False;
......@@ -6768,7 +6798,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncview
+ if (appData.popupFix) {
+ popupFixer(pshell);
+ }
+ dialog_input(pshell);
+ //dialog_input(pshell);
+ wm_delete(pshell, "PasswordDialogDone()");
+
passwordDialogDone = False;
......@@ -8549,7 +8579,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/misc.c vnc_unixsrc/vncviewer/
diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer/popup.c
--- vnc_unixsrc.orig/vncviewer/popup.c 2000-06-11 08:00:53.000000000 -0400
+++ vnc_unixsrc/vncviewer/popup.c 2008-10-26 15:52:08.000000000 -0400
+++ vnc_unixsrc/vncviewer/popup.c 2008-11-10 10:03:59.000000000 -0500
@@ -25,22 +25,56 @@
#include <X11/Xaw/Form.h>
......@@ -8613,7 +8643,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
}
@@ -52,42 +86,544 @@
@@ -52,42 +86,546 @@
};
void
......@@ -9174,6 +9204,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
+ XtAddCallback(dismiss, XtNcallback, dismiss_proc, NULL);
+
+ XtRealizeWidget(chat);
+
+ XtSetKeyboardFocus(chat, entry);
+}
diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup_ad vnc_unixsrc/vncviewer/popup_ad
--- vnc_unixsrc.orig/vncviewer/popup_ad 1969-12-31 19:00:00.000000000 -0500
......@@ -9201,7 +9233,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup_ad vnc_unixsrc/vncviewe
+}
diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncviewer/rfbproto.c
--- vnc_unixsrc.orig/vncviewer/rfbproto.c 2008-09-05 19:51:24.000000000 -0400
+++ vnc_unixsrc/vncviewer/rfbproto.c 2008-10-15 08:00:20.000000000 -0400
+++ vnc_unixsrc/vncviewer/rfbproto.c 2008-11-19 20:38:51.000000000 -0500
@@ -23,6 +23,7 @@
* rfbproto.c - functions to deal with client side of RFB protocol.
*/
......@@ -9210,7 +9242,17 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
#include <unistd.h>
#include <errno.h>
#include <pwd.h>
@@ -57,6 +58,44 @@
@@ -31,6 +32,9 @@
#include <zlib.h>
#include <jpeglib.h>
+int server_major = 0, server_minor = 0;
+int viewer_major = 0, viewer_minor = 0;
+
static void InitCapabilities(void);
static Bool SetupTunneling(void);
static int ReadSecurityType(void);
@@ -57,6 +61,44 @@
static Bool HandleTight16(int rx, int ry, int rw, int rh);
static Bool HandleTight32(int rx, int ry, int rw, int rh);
......@@ -9255,7 +9297,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
static void ReadConnFailedReason(void);
static long ReadCompactLen (void);
@@ -67,6 +106,13 @@
@@ -67,6 +109,13 @@
static void JpegSetSrcManager(j_decompress_ptr cinfo, CARD8 *compressedData,
int compressedLen);
......@@ -9269,7 +9311,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
int rfbsock;
char *desktopName;
@@ -177,6 +223,9 @@
@@ -177,6 +226,9 @@
sig_rfbEncodingPointerPos, "Pointer position update");
CapsAdd(encodingCaps, rfbEncodingLastRect, rfbTightVncVendor,
sig_rfbEncodingLastRect, "LastRect protocol extension");
......@@ -9279,7 +9321,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
}
@@ -187,21 +236,117 @@
@@ -187,23 +239,158 @@
Bool
ConnectToRFBServer(const char *hostname, int port)
{
......@@ -9289,8 +9331,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
- fprintf(stderr,"Couldn't convert '%s' to host address\n", hostname);
- return False;
- }
-
- rfbsock = ConnectToTcpAddr(host, port);
+ unsigned int host;
+ char *q, *cmd = NULL;
+ Bool setnb;
......@@ -9315,10 +9355,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
+ }
+ }
- if (rfbsock < 0) {
- fprintf(stderr,"Unable to connect to VNC server\n");
- return False;
- }
- rfbsock = ConnectToTcpAddr(host, port);
+ if (cmd != NULL) {
+ int sfd[2];
+ char *q, *cmd2 = strdup(cmd);
......@@ -9404,13 +9441,58 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
+ }
+ }
- return SetNonBlocking(rfbsock);
- if (rfbsock < 0) {
- fprintf(stderr,"Unable to connect to VNC server\n");
- return False;
- }
+ setnb = SetNonBlocking(rfbsock);
+ return setnb;
+}
- return SetNonBlocking(rfbsock);
+static void printFailureReason(void) {
+ CARD32 reasonLen;
+ ReadFromRFBServer((char *)&reasonLen, 4);
+ reasonLen = Swap32IfLE(reasonLen);
+ if (reasonLen < 4096) {
+ char *reason = (char *) malloc(reasonLen+1);
+ memset(reason, 0, reasonLen+1);
+ ReadFromRFBServer(reason, reasonLen);
+ fprintf(stderr, "Reason: %s\n", reason);
+ free(reason);
+ }
}
+static char *pr_sec_type(int type) {
+ char *str = "unknown";
+ if (type == rfbSecTypeInvalid) str = "rfbSecTypeInvalid";
+ if (type == rfbSecTypeNone) str = "rfbSecTypeNone";
+ if (type == rfbSecTypeVncAuth) str = "rfbSecTypeVncAuth";
+ if (type == rfbSecTypeRA2) str = "rfbSecTypeRA2";
+ if (type == rfbSecTypeRA2ne) str = "rfbSecTypeRA2ne";
+ if (type == rfbSecTypeTight) str = "rfbSecTypeTight";
+ if (type == rfbSecTypeUltra) str = "rfbSecTypeUltra";
+
+ if (type == rfbSecTypeTlsVnc) str = "rfbSecTypeTlsVnc";
+ if (type == rfbSecTypeVencrypt) str = "rfbSecTypeVencrypt";
+ return str;
+}
+
+static char *pr_sec_subtype(int type) {
+ char *str = "unknown";
+ if (type == rfbVencryptPlain) str = "rfbVencryptPlain";
+ if (type == rfbVencryptTlsNone) str = "rfbVencryptTlsNone";
+ if (type == rfbVencryptTlsVnc) str = "rfbVencryptTlsVnc";
+ if (type == rfbVencryptTlsPlain) str = "rfbVencryptTlsPlain";
+ if (type == rfbVencryptX509None) str = "rfbVencryptX509None";
+ if (type == rfbVencryptX509Vnc) str = "rfbVencryptX509Vnc";
+ if (type == rfbVencryptX509Plain) str = "rfbVencryptX509Plain";
+ return str;
+}
@@ -212,211 +357,307 @@
/*
* InitialiseRFBConnection.
@@ -212,211 +399,494 @@
Bool
InitialiseRFBConnection(void)
{
......@@ -9420,10 +9502,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
- rfbClientInitMsg ci;
- int secType;
+ rfbProtocolVersionMsg pv;
+ int server_major, server_minor;
+ int viewer_major, viewer_minor;
+ rfbClientInitMsg ci;
+ int secType;
+ int i, secType, anon_dh = 0;
+ FILE *pd;
+ char *hsfile = NULL;
+ char *hsparam[128];
+ char line[128];
- /* if the connection is immediately closed, don't report anything, so
- that pmw's monitor can make test connections */
......@@ -9438,21 +9522,87 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
- if (!ReadFromRFBServer(pv, sz_rfbProtocolVersionMsg))
- return False;
+ if (!ReadFromRFBServer(pv, sz_rfbProtocolVersionMsg)) {
+ return False;
+ for (i=0; i < 128; i++) {
+ hsparam[i] = NULL;
+ }
- errorMessageOnReadFailure = True;
+ errorMessageOnReadFailure = True;
+ if (getenv("SSVNC_PREDIGESTED_HANDSHAKE")) {
+ double start = dnow();
+ hsfile = getenv("SSVNC_PREDIGESTED_HANDSHAKE");
+ while (dnow() < start + 10.0) {
+ int done = 0;
+ usleep(100 * 1000);
+ if ((pd = fopen(hsfile, "r")) != NULL) {
+ while (fgets(line, 128, pd) != NULL) {
+ if (strstr(line, "done") == line) {
+ done = 1;
+ usleep(100 * 1000);
+ break;
+ }
+ }
+ fclose(pd);
+ }
+ if (done) {
+ break;
+ }
+ }
+ if ((pd = fopen(hsfile, "r")) != NULL) {
+ i = 0;
+ while (fgets(line, 128, pd) != NULL) {
+ hsparam[i] = strdup(line);
+ fprintf(stderr, "%s", line);
+ if (i++ > 100) break;
+ }
+ fclose(pd);
+ }
+ unlink(hsfile);
+ }
- pv[sz_rfbProtocolVersionMsg] = 0;
+ pv[sz_rfbProtocolVersionMsg] = 0;
+ if (getenv("SSVNC_SKIP_RFB_PROTOCOL_VERSION")) {
+ viewer_major = 3;
+ viewer_minor = 8;
+ goto end_of_proto_msg;
+ } else if (hsfile) {
+ int k = 0;
+ while (hsparam[k] != NULL) {
+ char *str = hsparam[k++];
+ if (strstr(str, "server=") == str) {
+ sprintf(pv, "%s", str + strlen("server="));
+ goto readed_pv;
+ }
+ }
+ }
- if (sscanf(pv, rfbProtocolVersionFormat,
- &server_major, &server_minor) != 2) {
- fprintf(stderr,"Not a valid VNC server\n");
- return False;
- }
+ if (!ReadFromRFBServer(pv, sz_rfbProtocolVersionMsg)) {
+ return False;
+ }
- viewer_major = rfbProtocolMajorVersion;
- if (server_major == 3 && server_minor >= rfbProtocolMinorVersion) {
- /* the server supports at least the standard protocol 3.7 */
- viewer_minor = rfbProtocolMinorVersion;
- } else {
- /* any other server version, request the standard 3.3 */
- viewer_minor = rfbProtocolFallbackMinorVersion;
- }
+ readed_pv:
- fprintf(stderr, "Connected to RFB server, using protocol version %d.%d\n",
- viewer_major, viewer_minor);
+ errorMessageOnReadFailure = True;
- sprintf(pv, rfbProtocolVersionFormat, viewer_major, viewer_minor);
+ pv[sz_rfbProtocolVersionMsg] = 0;
- if (!WriteExact(rfbsock, pv, sz_rfbProtocolVersionMsg))
- return False;
+ if (strstr(pv, "ID:") == pv) {
+ ;
+ } else if (sscanf(pv, rfbProtocolVersionFormat, &server_major, &server_minor) != 2) {
......@@ -9503,14 +9653,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
+ return False;
+ }
- viewer_major = rfbProtocolMajorVersion;
- if (server_major == 3 && server_minor >= rfbProtocolMinorVersion) {
- /* the server supports at least the standard protocol 3.7 */
- viewer_minor = rfbProtocolMinorVersion;
- /* Read or select the security type. */
- if (viewer_minor == rfbProtocolMinorVersion) {
- secType = SelectSecurityType();
- } else {
- /* any other server version, request the standard 3.3 */
- viewer_minor = rfbProtocolFallbackMinorVersion;
- secType = ReadSecurityType();
- }
- if (secType == rfbSecTypeInvalid)
- return False;
+ check_ID_string:
+ if (strstr(pv, "ID:") == pv) {
+ char tmp[256];
......@@ -9528,42 +9678,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
+ }
+ }
- fprintf(stderr, "Connected to RFB server, using protocol version %d.%d\n",
- viewer_major, viewer_minor);
+ ultra_vnc_nonsense:
+ fprintf(stderr,"Proto: %s\n", pv);
- sprintf(pv, rfbProtocolVersionFormat, viewer_major, viewer_minor);
+ viewer_major = rfbProtocolMajorVersion;
- if (!WriteExact(rfbsock, pv, sz_rfbProtocolVersionMsg))
- return False;
+ if (appData.rfbVersion != NULL && sscanf(appData.rfbVersion, "%d.%d", &viewer_major, &viewer_minor) == 2) {
+ fprintf(stderr,"Setting RFB version to %d.%d from -rfbversion.\n", viewer_major, viewer_minor);
+ } else if (getenv("SSVNC_RFB_VERSION") != NULL && sscanf(getenv("SSVNC_RFB_VERSION"), "%d.%d", &viewer_major, &viewer_minor) == 2) {
+ fprintf(stderr,"Setting RFB version to %d.%d from SSVNC_RFB_VERSION.\n", viewer_major, viewer_minor);
+ } else if (server_major == 3 && (server_minor == 14 || server_minor == 16)) {
+ /* hack for UltraVNC Single Click. They misuse rfb proto version */
+ fprintf(stderr,"Setting RFB version to 3.3 for UltraVNC Single Click.\n");
+ viewer_minor = rfbProtocolFallbackMinorVersion;
+ } else if (server_major == 3 && server_minor >= rfbProtocolMinorVersion) {
+ /* the server supports at least the standard protocol 3.7 */
+ viewer_minor = rfbProtocolMinorVersion;
+ } else {
+ /* any other server version, request the standard 3.3 */
+ viewer_minor = rfbProtocolFallbackMinorVersion;
+ }
- /* Read or select the security type. */
- if (viewer_minor == rfbProtocolMinorVersion) {
- secType = SelectSecurityType();
- } else {
- secType = ReadSecurityType();
- }
- if (secType == rfbSecTypeInvalid)
- return False;
+ fprintf(stderr, "\nConnected to RFB server, using protocol version %d.%d\n", viewer_major, viewer_minor);
- switch (secType) {
- case rfbSecTypeNone:
- fprintf(stderr, "No authentication needed\n");
......@@ -9584,30 +9698,200 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
- fprintf(stderr, "Internal error: Invalid security type\n");
- return False;
- }
+ sprintf(pv, rfbProtocolVersionFormat, viewer_major, viewer_minor);
+ ultra_vnc_nonsense:
+ fprintf(stderr,"\nProto: %s\n", pv);
- ci.shared = (appData.shareDesktop ? 1 : 0);
+ viewer_major = 3;
- if (!WriteExact(rfbsock, (char *)&ci, sz_rfbClientInitMsg))
- return False;
+ if (appData.rfbVersion != NULL && sscanf(appData.rfbVersion, "%d.%d", &viewer_major, &viewer_minor) == 2) {
+ fprintf(stderr,"Setting RFB version to %d.%d from -rfbversion.\n\n", viewer_major, viewer_minor);
- if (!ReadFromRFBServer((char *)&si, sz_rfbServerInitMsg))
- return False;
+ } else if (getenv("SSVNC_RFB_VERSION") != NULL && sscanf(getenv("SSVNC_RFB_VERSION"), "%d.%d", &viewer_major, &viewer_minor) == 2) {
+ fprintf(stderr,"Setting RFB version to %d.%d from SSVNC_RFB_VERSION.\n\n", viewer_major, viewer_minor);
+
+ } else if (server_major > 3) {
+ viewer_minor = 8;
+ } else if (server_major == 3 && (server_minor == 14 || server_minor == 16)) {
+ /* hack for UltraVNC Single Click. They misuse rfb proto version */
+ fprintf(stderr,"Setting RFB version to 3.3 for UltraVNC Single Click.\n\n");
+ viewer_minor = 3;
+
+ } else if (server_major == 3 && server_minor >= 8) {
+ /* the server supports at least the standard protocol 3.8 */
+ viewer_minor = 8;
+
+ } else if (server_major == 3 && server_minor == 7) {
+ /* the server supports at least the standard protocol 3.7 */
+ viewer_minor = 7;
+
+ } else {
+ /* any other server version, request the standard 3.3 */
+ viewer_minor = 3;
+ }
+ /* n.b. Apple Remote Desktop uses 003.889, but we should be OK with 3.8 */
- si.framebufferWidth = Swap16IfLE(si.framebufferWidth);
- si.framebufferHeight = Swap16IfLE(si.framebufferHeight);
- si.format.redMax = Swap16IfLE(si.format.redMax);
- si.format.greenMax = Swap16IfLE(si.format.greenMax);
- si.format.blueMax = Swap16IfLE(si.format.blueMax);
- si.nameLength = Swap32IfLE(si.nameLength);
-
- /* FIXME: Check arguments to malloc() calls. */
- desktopName = malloc(si.nameLength + 1);
- if (!desktopName) {
- fprintf(stderr, "Error allocating memory for desktop name, %lu bytes\n",
- (unsigned long)si.nameLength);
- return False;
- }
+ fprintf(stderr, "Connected to RFB server, using protocol version %d.%d\n", viewer_major, viewer_minor);
- if (!ReadFromRFBServer(desktopName, si.nameLength)) return False;
+ if (hsfile) {
+ int k = 0;
+ while (hsparam[k] != NULL) {
+ char *str = hsparam[k++];
+ int v1, v2;
+ if (sscanf(str, "viewer=RFB %d.%d\n", &v1, &v2) == 2) {
+ viewer_major = v1;
+ viewer_minor = v2;
+ fprintf(stderr, "\nPre-Handshake set protocol version to: %d.%d\n", viewer_major, viewer_minor);
+ goto end_of_proto_msg;
+ }
+ }
+ }
+ sprintf(pv, rfbProtocolVersionFormat, viewer_major, viewer_minor);
- desktopName[si.nameLength] = 0;
+ if (!WriteExact(rfbsock, pv, sz_rfbProtocolVersionMsg)) {
+ return False;
+ }
- if (!WriteExact(rfbsock, (char *)&ci, sz_rfbClientInitMsg))
- fprintf(stderr,"Desktop name \"%s\"\n",desktopName);
+ end_of_proto_msg:
- fprintf(stderr,"VNC server default format:\n");
- PrintPixelFormat(&si.format);
+ if (getenv("SSVNC_SET_SECURITY_TYPE")) {
+ secType = atoi(getenv("SSVNC_SET_SECURITY_TYPE"));
+ goto sec_type;
+ }
+ if (hsfile) {
+ int k = 0;
+ while (hsparam[k] != NULL) {
+ char *str = hsparam[k++];
+ int st;
+ if (sscanf(str, "sectype=%d\n", &st) == 1) {
+ secType = st;
+ fprintf(stderr, "Pre-Handshake set Security-Type to: %d (%s)\n", st, pr_sec_type(st));
+ if (secType == rfbSecTypeVencrypt) {
+ goto sec_type;
+ } else if (secType == rfbSecTypeTlsVnc) {
+ break;
+ }
+ }
+ }
+ }
- if (tightVncProtocol) {
- /* Read interaction capabilities (protocol 3.7t) */
- if (!ReadInteractionCaps())
- return False;
- }
+ /* Read or select the security type. */
+ if (viewer_minor == rfbProtocolMinorVersion) {
+ if (viewer_minor >= 7) {
+ secType = SelectSecurityType();
+ } else {
+ secType = ReadSecurityType();
+ }
+ fprintf(stderr, "Security-Type: %d (%s)\n", (int) secType, pr_sec_type(secType));
+ if (secType == rfbSecTypeInvalid) {
+ return False;
+ }
- if (!ReadFromRFBServer((char *)&si, sz_rfbServerInitMsg))
- return False;
- return True;
+ sec_type:
+
+ if (hsfile) {
+ int subsectype = 0;
+ int k = 0;
+ while (hsparam[k] != NULL) {
+ char *str = hsparam[k++];
+ int st;
+ if (sscanf(str, "subtype=%d\n", &st) == 1) {
+ subsectype = st;
+ fprintf(stderr, "Pre-Handshake set Sub-Security-Type to: %d (%s)\n\n", st, pr_sec_subtype(st));
+ break;
+ }
+ }
+
+ if (!subsectype) {
+ ;
+ } else if (secType == rfbSecTypeVencrypt) {
+ if (subsectype == rfbVencryptTlsNone) {
+ anon_dh = 1;
+ secType = rfbSecTypeNone;
+ } else if (subsectype == rfbVencryptTlsVnc) {
+ anon_dh = 1;
+ secType = rfbSecTypeVncAuth;
+ } else if (subsectype == rfbVencryptTlsPlain) {
+ anon_dh = 1;
+ secType = rfbSecTypeNone;
+ } else if (subsectype == rfbVencryptX509None) {
+ secType = rfbSecTypeNone;
+ } else if (subsectype == rfbVencryptX509Vnc) {
+ secType = rfbSecTypeVncAuth;
+ } else if (subsectype == rfbVencryptX509Plain) {
+ secType = rfbSecTypeNone;
+ }
+ if (subsectype == rfbVencryptTlsPlain || subsectype == rfbVencryptX509Plain) {
+ usleep(300*1000);
+ }
+ if (subsectype == rfbVencryptTlsNone || subsectype == rfbVencryptTlsVnc || subsectype == rfbVencryptTlsPlain) {
+ fprintf(stderr, "\nWARNING: Anonymous Diffie-Hellman TLS used (%s),\n", pr_sec_subtype(subsectype));
+ fprintf(stderr, "WARNING: there will be *NO* Authentication of the VNC Server.\n");
+ fprintf(stderr, "WARNING: I.e. a Man-In-The-Middle attack is possible.\n");
+ fprintf(stderr, "WARNING: Configure the server to use X509 certs and verify them.\n\n");
+ }
+ if (subsectype == rfbVencryptTlsPlain || subsectype == rfbVencryptX509Plain) {
+ fprintf(stderr, "\nVeNCrypt Plain (username + passwd) selected.\n\n");
+ if (appData.unixPW != NULL) {
+ unixpw(appData.unixPW, 1);
+ } else if (getenv("SSVNC_UNIXPW")) {
+ unixpw(getenv("SSVNC_UNIXPW"), 1);
+ } else {
+ unixpw(".", 1);
+ }
+ }
+ }
+ }
+
+ switch (secType) {
+ case rfbSecTypeNone:
+ fprintf(stderr, "No authentication needed\n\n");
+ fprintf(stderr, "No authentication needed\n");
+ /* TBD 3.8 */
+ if (viewer_minor == 8) {
+ CARD32 authResult;
+
+ if (!ReadFromRFBServer((char *)&authResult, 4)) {
+ return False;
+ }
+
+ authResult = Swap32IfLE(authResult);
+
+ if (authResult == rfbVncAuthOK) {
+ fprintf(stderr, "VNC authentication succeeded (%d) for rfbSecTypeNone (RFB 3.8)\n", authResult);
+ } else {
+ fprintf(stderr, "VNC authentication failed (%d) for rfbSecTypeNone (RFB 3.8)\n\n", authResult);
+ return False;
+ }
+ }
+ fprintf(stderr, "\n");
+ break;
+ case rfbSecTypeVncAuth:
+ if (!AuthenticateVNC()) {
......@@ -9625,37 +9909,20 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
+ }
+ break;
+ default: /* should never happen */
+ fprintf(stderr, "Internal error: Invalid security type\n");
+ fprintf(stderr, "Internal error: Invalid security type: %d\n", secType);
+ return False;
+ }
- si.framebufferWidth = Swap16IfLE(si.framebufferWidth);
- si.framebufferHeight = Swap16IfLE(si.framebufferHeight);
- si.format.redMax = Swap16IfLE(si.format.redMax);
- si.format.greenMax = Swap16IfLE(si.format.greenMax);
- si.format.blueMax = Swap16IfLE(si.format.blueMax);
- si.nameLength = Swap32IfLE(si.nameLength);
-
- /* FIXME: Check arguments to malloc() calls. */
- desktopName = malloc(si.nameLength + 1);
- if (!desktopName) {
- fprintf(stderr, "Error allocating memory for desktop name, %lu bytes\n",
- (unsigned long)si.nameLength);
- return False;
- }
+
+ ci.shared = (appData.shareDesktop ? 1 : 0);
- if (!ReadFromRFBServer(desktopName, si.nameLength)) return False;
+
+ if (!WriteExact(rfbsock, (char *)&ci, sz_rfbClientInitMsg)) {
+ return False;
+ }
- desktopName[si.nameLength] = 0;
+
+ if (!ReadFromRFBServer((char *)&si, sz_rfbServerInitMsg)) {
+ return False;
+ }
- fprintf(stderr,"Desktop name \"%s\"\n",desktopName);
+
+ si.framebufferWidth = Swap16IfLE(si.framebufferWidth);
+ si.framebufferHeight = Swap16IfLE(si.framebufferHeight);
+ si.format.redMax = Swap16IfLE(si.format.redMax);
......@@ -9667,27 +9934,20 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
+ si.framebufferWidth = 32;
+ si.framebufferHeight = 32;
+ }
- fprintf(stderr,"VNC server default format:\n");
- PrintPixelFormat(&si.format);
+
+ /* FIXME: Check arguments to malloc() calls. */
+ desktopName = malloc(si.nameLength + 1);
+ memset(desktopName, 0, si.nameLength + 1);
+ if (!desktopName) {
+ fprintf(stderr, "Error allocating memory for desktop name, %lu bytes\n",
+ (unsigned long)si.nameLength);
+ return False;
+ }
- if (tightVncProtocol) {
- /* Read interaction capabilities (protocol 3.7t) */
- if (!ReadInteractionCaps())
- return False;
- }
+
+ if (!ReadFromRFBServer(desktopName, si.nameLength)) {
+ return False;
+ }
- return True;
+
+ desktopName[si.nameLength] = 0;
+
+ fprintf(stderr,"Desktop name \"%s\"\n\n", desktopName);
......@@ -9829,6 +10089,13 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
+ return rfbSecTypeInvalid;
+ }
+
+ if (getenv("SSVNC_DEBUG_SEC_TYPES")) {
+ for (j = 0; j < (int)nSecTypes; j++) {
+ fprintf(stderr, "sec-type[%d] %d\n", j, (int) secTypes[j]);
+ }
+ }
- free(secTypes);
+ /* Find out if the server supports TightVNC protocol extensions */
+ for (j = 0; j < (int)nSecTypes; j++) {
+ if (secTypes[j] == rfbSecTypeTight) {
......@@ -9859,21 +10126,23 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
+ }
+ }
- free(secTypes);
+ free(secTypes);
- if (secType == rfbSecTypeInvalid)
- fprintf(stderr, "Server did not offer supported security type\n");
+ if (secType == rfbSecTypeInvalid) {
+ fprintf(stderr, "Server did not offer supported security type\n");
+ fprintf(stderr, "Server did not offer supported security type:\n");
+ for (j = 0; j < (int)nSecTypes; j++) {
+ fprintf(stderr, " sectype[%d] %d\n", j, (int) secTypes[j]);
+ }
+ }
+
+ free(secTypes);
- return (int)secType;
+ return (int)secType;
}
@@ -451,6 +692,9 @@
@@ -451,6 +921,9 @@
return True;
}
......@@ -9883,7 +10152,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
/*
* Negotiate authentication scheme (protocol version 3.7t)
@@ -459,56 +703,61 @@
@@ -459,56 +932,61 @@
static Bool
PerformAuthenticationTight(void)
{
......@@ -9987,7 +10256,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
}
@@ -519,80 +768,100 @@
@@ -519,80 +997,104 @@
static Bool
AuthenticateVNC(void)
{
......@@ -10135,7 +10404,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
+ fprintf(stderr, "VNC authentication succeeded\n\n");
+ break;
+ case rfbVncAuthFailed:
+ fprintf(stderr, "VNC authentication failed\n\n");
+ fprintf(stderr, "VNC authentication failed.\n");
+ if (viewer_minor >= 8) {
+ printFailureReason();
+ }
+ fprintf(stderr, "\n");
+ return False;
+ case rfbVncAuthTooMany:
+ fprintf(stderr, "VNC authentication failed - too many tries\n\n");
......@@ -10151,7 +10424,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
}
/*
@@ -602,68 +871,71 @@
@@ -602,68 +1104,71 @@
static Bool
AuthenticateUnixLogin(void)
{
......@@ -10275,7 +10548,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
}
@@ -675,19 +947,20 @@
@@ -675,19 +1180,20 @@
static Bool
ReadInteractionCaps(void)
{
......@@ -10308,7 +10581,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
}
@@ -700,17 +973,18 @@
@@ -700,17 +1206,18 @@
static Bool
ReadCapabilityList(CapsContainer *caps, int count)
{
......@@ -10336,7 +10609,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
}
@@ -729,6 +1003,11 @@
@@ -729,6 +1236,11 @@
Bool requestCompressLevel = False;
Bool requestQualityLevel = False;
Bool requestLastRectEncoding = False;
......@@ -10348,7 +10621,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
spf.type = rfbSetPixelFormat;
spf.format = myFormat;
@@ -736,12 +1015,18 @@
@@ -736,12 +1248,18 @@
spf.format.greenMax = Swap16IfLE(spf.format.greenMax);
spf.format.blueMax = Swap16IfLE(spf.format.blueMax);
......@@ -10367,7 +10640,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
if (appData.encodingsString) {
char *encStr = appData.encodingsString;
int encStrLen;
@@ -754,11 +1039,17 @@
@@ -754,11 +1272,17 @@
encStrLen = strlen(encStr);
}
......@@ -10386,7 +10659,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
encs[se->nEncodings++] = Swap32IfLE(rfbEncodingTight);
requestLastRectEncoding = True;
if (appData.compressLevel >= 0 && appData.compressLevel <= 9)
@@ -767,16 +1058,33 @@
@@ -767,16 +1291,33 @@
requestQualityLevel = True;
} else if (strncasecmp(encStr,"hextile",encStrLen) == 0) {
encs[se->nEncodings++] = Swap32IfLE(rfbEncodingHextile);
......@@ -10422,7 +10695,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
}
encStr = nextEncStr;
@@ -797,7 +1105,7 @@
@@ -797,7 +1338,7 @@
if (appData.useRemoteCursor) {
if (se->nEncodings < MAX_ENCODINGS)
encs[se->nEncodings++] = Swap32IfLE(rfbEncodingXCursor);
......@@ -10431,7 +10704,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
encs[se->nEncodings++] = Swap32IfLE(rfbEncodingRichCursor);
if (se->nEncodings < MAX_ENCODINGS)
encs[se->nEncodings++] = Swap32IfLE(rfbEncodingPointerPos);
@@ -806,10 +1114,14 @@
@@ -806,10 +1347,14 @@
if (se->nEncodings < MAX_ENCODINGS && requestLastRectEncoding) {
encs[se->nEncodings++] = Swap32IfLE(rfbEncodingLastRect);
}
......@@ -10447,7 +10720,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
fprintf(stderr,"Same machine: preferring raw encoding\n");
encs[se->nEncodings++] = Swap32IfLE(rfbEncodingRaw);
} else {
@@ -818,13 +1130,15 @@
@@ -818,13 +1363,15 @@
}
encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCopyRect);
......@@ -10467,7 +10740,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
encs[se->nEncodings++] = Swap32IfLE(appData.compressLevel +
rfbEncodingCompressLevel0);
} else if (!tunnelSpecified) {
@@ -835,7 +1149,7 @@
@@ -835,7 +1382,7 @@
encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCompressLevel1);
}
......@@ -10476,7 +10749,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
if (appData.qualityLevel < 0 || appData.qualityLevel > 9)
appData.qualityLevel = 5;
encs[se->nEncodings++] = Swap32IfLE(appData.qualityLevel +
@@ -844,18 +1158,35 @@
@@ -844,18 +1391,35 @@
if (appData.useRemoteCursor) {
encs[se->nEncodings++] = Swap32IfLE(rfbEncodingXCursor);
......@@ -10515,7 +10788,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
return True;
}
@@ -868,31 +1199,86 @@
@@ -868,31 +1432,86 @@
Bool
SendIncrementalFramebufferUpdateRequest()
{
......@@ -10545,13 +10818,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
- rfbFramebufferUpdateRequestMsg fur;
+ rfbFramebufferUpdateRequestMsg fur;
+ static int db = -1;
- fur.type = rfbFramebufferUpdateRequest;
- fur.incremental = incremental ? 1 : 0;
- fur.x = Swap16IfLE(x);
- fur.y = Swap16IfLE(y);
- fur.w = Swap16IfLE(w);
- fur.h = Swap16IfLE(h);
+
+ if (db < 0) {
+ if (getenv("SSVNC_DEBUG_RECTS")) {
+ db = atoi(getenv("SSVNC_DEBUG_RECTS"));
......@@ -10560,11 +10827,16 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
+ }
+ }
- if (!WriteExact(rfbsock, (char *)&fur, sz_rfbFramebufferUpdateRequestMsg))
- return False;
- fur.type = rfbFramebufferUpdateRequest;
- fur.incremental = incremental ? 1 : 0;
- fur.x = Swap16IfLE(x);
- fur.y = Swap16IfLE(y);
- fur.w = Swap16IfLE(w);
- fur.h = Swap16IfLE(h);
+ if (db) fprintf(stderr, "SendFramebufferUpdateRequest(%d, %d, %d, %d, incremental=%d)\n", x, y, w, h, (int) incremental);
- return True;
- if (!WriteExact(rfbsock, (char *)&fur, sz_rfbFramebufferUpdateRequestMsg))
- return False;
+ if (dyn < 0) {
+ struct stat sb;
+ if (getenv("USER") && !strcmp(getenv("USER"), "runge")) {
......@@ -10579,7 +10851,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
+ dyn = 1;
+ }
+ }
+
- return True;
+ if (appData.fileActive && filexfer_sock >= 0) {
+ static int first = 1;
+ if (first) {
......@@ -10615,7 +10888,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
}
@@ -903,19 +1289,36 @@
@@ -903,19 +1522,36 @@
Bool
SendPointerEvent(int x, int y, int buttonMask)
{
......@@ -10641,10 +10914,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
+
+ if (x < 0) x = 0;
+ if (y < 0) y = 0;
+
+ if (!appData.useX11Cursor) {
+ SoftCursorMove(x, y);
+ }
- pe.type = rfbPointerEvent;
- pe.buttonMask = buttonMask;
......@@ -10657,6 +10926,10 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
- pe.x = Swap16IfLE(x);
- pe.y = Swap16IfLE(y);
- return WriteExact(rfbsock, (char *)&pe, sz_rfbPointerEventMsg);
+ if (!appData.useX11Cursor) {
+ SoftCursorMove(x, y);
+ }
+
+ pe.x = Swap16IfLE(x);
+ pe.y = Swap16IfLE(y);
+ currentMsg = rfbPointerEvent;
......@@ -10664,7 +10937,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
}
@@ -926,12 +1329,20 @@
@@ -926,12 +1562,20 @@
Bool
SendKeyEvent(CARD32 key, Bool down)
{
......@@ -10690,12 +10963,17 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
}
@@ -942,281 +1353,943 @@
@@ -942,281 +1586,943 @@
Bool
SendClientCutText(char *str, int len)
{
- rfbClientCutTextMsg cct;
+ rfbClientCutTextMsg cct;
+
+ if (serverCutText) {
+ free(serverCutText);
+ }
+ serverCutText = NULL;
- if (serverCutText)
- free(serverCutText);
......@@ -10705,11 +10983,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
- cct.length = Swap32IfLE(len);
- return (WriteExact(rfbsock, (char *)&cct, sz_rfbClientCutTextMsg) &&
- WriteExact(rfbsock, str, len));
+ if (serverCutText) {
+ free(serverCutText);
+ }
+ serverCutText = NULL;
+
+ if (appData.fileActive) {
+ if (!dyn || time(NULL) < last_filexfer + delay_filexfer) {
+ // ultravnc java viewer lets this one through.
......@@ -11111,12 +11384,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
+ fprintf(stderr, "filexfer_sock closed, discarding %d bytes\n", len);
+ }
+ }
- switch (rect.encoding) {
+
+ len = (hdr[4] << 24) | (hdr[5] << 16) | (hdr[6] << 8) | hdr[7];
+ if (db) fprintf(stderr, "Got rfbFileTransfer: len2 %u\n", len);
- case rfbEncodingRaw:
- switch (rect.encoding) {
+#if 0
+ if (hdr[1] == rfbFileHeader && len != rfbRErrorCmd)
+#else
......@@ -11149,14 +11421,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
+ fprintf(stderr, "filexfer_sock closed, discarding %d bytes\n", len);
+ }
+ }
- bytesPerLine = rect.r.w * myFormat.bitsPerPixel / 8;
- linesToRead = BUFFER_SIZE / bytesPerLine;
+
+ read_no_more:
- while (rect.r.h > 0) {
- if (linesToRead > rect.r.h)
- linesToRead = rect.r.h;
+
+ if (filexfer_sock < 0) {
+ int stop = 0;
+ static time_t last_stop = 0;
......@@ -11180,34 +11447,58 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
+ }
+ }
- if (!ReadFromRFBServer(buffer,bytesPerLine * linesToRead))
- return False;
- case rfbEncodingRaw:
+ if (db) fprintf(stderr, "Got rfbFileTransfer done.\n");
+ skip_XtUpdateAll = 0;
- CopyDataToScreen(buffer, rect.r.x, rect.r.y, rect.r.w,
- linesToRead);
- bytesPerLine = rect.r.w * myFormat.bitsPerPixel / 8;
- linesToRead = BUFFER_SIZE / bytesPerLine;
+ if (db) fprintf(stderr, "CFX: B\n");
+ CheckFileXfer();
+//fprintf(stderr, "Out HandleFileXfer\n");
+ return True;
+}
+
- while (rect.r.h > 0) {
- if (linesToRead > rect.r.h)
- linesToRead = rect.r.h;
+/*
+ * HandleRFBServerMessage.
+ */
- rect.r.h -= linesToRead;
- rect.r.y += linesToRead;
- if (!ReadFromRFBServer(buffer,bytesPerLine * linesToRead))
- return False;
- }
- break;
- CopyDataToScreen(buffer, rect.r.x, rect.r.y, rect.r.w,
- linesToRead);
+Bool
+HandleRFBServerMessage()
+{
+ static int db = -1;
+ rfbServerToClientMsg msg;
- rect.r.h -= linesToRead;
- rect.r.y += linesToRead;
+ if (db < 0) {
+ if (getenv("DEBUG_RFB_SMSG")) {
+ db = 1;
+ } else {
+ db = 0;
+ }
+ }
+ if (!ReadFromRFBServer((char *)&msg, 1)) {
+ return False;
}
- break;
+ if (appData.ultraDSM) {
+ if (!ReadFromRFBServer((char *)&msg, 1)) {
+ return False;
+ }
+ }
+
+//fprintf(stderr, "msg.type: %d\n", msg.type);
- case rfbEncodingCopyRect:
- {
- rfbCopyRect cr;
......@@ -11234,28 +11525,21 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
- rect.r.w, rect.r.h);
- XFillRectangle(dpy, desktopWin, srcGC, cr.srcX, cr.srcY,
- rect.r.w, rect.r.h);
+ if (db < 0) {
+ if (getenv("DEBUG_RFB_SMSG")) {
+ db = 1;
+ } else {
+ db = 0;
+ }
+ if (msg.type == rfbFileTransfer) {
+ return HandleFileXfer();
}
- XCopyArea(dpy, desktopWin, desktopWin, gc, cr.srcX, cr.srcY,
- rect.r.w, rect.r.h, rect.r.x, rect.r.y);
+ if (!ReadFromRFBServer((char *)&msg, 1)) {
+ return False;
+ }
+ if (appData.ultraDSM) {
+ if (!ReadFromRFBServer((char *)&msg, 1)) {
+ return False;
+ }
+ }
+ switch (msg.type) {
- break;
- }
+//fprintf(stderr, "msg.type: %d\n", msg.type);
+ case rfbSetColourMapEntries:
+ {
+ int i;
+ CARD16 rgb[3];
+ XColor xc;
- case rfbEncodingRRE:
- {
......@@ -11272,8 +11556,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
- if (!HandleRRE32(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
- return False;
- break;
+ if (msg.type == rfbFileTransfer) {
+ return HandleFileXfer();
+ if (!ReadFromRFBServer(((char *)&msg) + 1, sz_rfbSetColourMapEntriesMsg - 1)) {
+ return False;
}
- break;
- }
......@@ -11293,19 +11577,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
- if (!HandleCoRRE32(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
- return False;
- break;
+ switch (msg.type) {
+
+ case rfbSetColourMapEntries:
+ {
+ int i;
+ CARD16 rgb[3];
+ XColor xc;
+
+ if (!ReadFromRFBServer(((char *)&msg) + 1, sz_rfbSetColourMapEntriesMsg - 1)) {
+ return False;
}
- }
- break;
- }
+ msg.scme.firstColour = Swap16IfLE(msg.scme.firstColour);
+ msg.scme.nColours = Swap16IfLE(msg.scme.nColours);
- case rfbEncodingHextile:
- {
......@@ -11322,9 +11598,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
- if (!HandleHextile32(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
- return False;
- break;
+ msg.scme.firstColour = Swap16IfLE(msg.scme.firstColour);
+ msg.scme.nColours = Swap16IfLE(msg.scme.nColours);
+
+ for (i = 0; i < msg.scme.nColours; i++) {
+ if (!ReadFromRFBServer((char *)rgb, 6)) {
+ return False;
......@@ -11857,7 +12130,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
#ifdef MITSHM
/* if using shared memory PutImage, make sure that the X server has
@@ -1224,59 +2297,165 @@
@@ -1224,59 +2530,165 @@
mainly to avoid copyrect using invalid screen contents - not sure
if we'd need it otherwise. */
......@@ -11893,15 +12166,15 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
+ if (appData.useBell) {
+ XBell(dpy, 0);
+ }
+
+ if (appData.raiseOnBeep) {
+ toplevelWin = XtWindow(toplevel);
+ XMapRaised(dpy, toplevelWin);
+ }
- if (appData.raiseOnBeep) {
- toplevelWin = XtWindow(toplevel);
- XMapRaised(dpy, toplevelWin);
+ if (appData.raiseOnBeep) {
+ toplevelWin = XtWindow(toplevel);
+ XMapRaised(dpy, toplevelWin);
+ }
+
+ break;
}
......@@ -12056,7 +12329,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
}
@@ -1296,26 +2475,47 @@
@@ -1296,26 +2708,47 @@
#define CONCAT2(a,b) a##b
#define CONCAT2E(a,b) CONCAT2(a,b)
......@@ -12104,7 +12377,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
#undef BPP
/*
@@ -1358,9 +2558,9 @@
@@ -1358,9 +2791,9 @@
" %s significant bit in each byte is leftmost on the screen.\n",
(format->bigEndian ? "Most" : "Least"));
} else {
......@@ -12116,7 +12389,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
(format->bigEndian ? "Most" : "Least"));
}
if (format->trueColour) {
@@ -1462,4 +2662,3 @@
@@ -1462,4 +2895,3 @@
cinfo->src = &jpegSrcManager;
}
......@@ -13706,7 +13979,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer._man vnc_unixsrc/vn
+Karl Runge <runge@karlrunge.com>
diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncviewer/vncviewer.c
--- vnc_unixsrc.orig/vncviewer/vncviewer.c 2004-01-13 09:22:05.000000000 -0500
+++ vnc_unixsrc/vncviewer/vncviewer.c 2008-10-27 10:28:50.000000000 -0400
+++ vnc_unixsrc/vncviewer/vncviewer.c 2008-11-17 21:29:21.000000000 -0500
@@ -22,6 +22,7 @@
*/
......@@ -13715,7 +13988,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
char *programName;
XtAppContext appContext;
@@ -29,11 +30,190 @@
@@ -29,11 +30,221 @@
Widget toplevel;
......@@ -13759,13 +14032,19 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
+#include <sys/stat.h>
+#include <unistd.h>
+
+void unixpw(char *instr) {
+void unixpw(char *instr, int vencrypt_plain) {
+ char *str, *q, *infile = NULL;
+ FILE *in;
+ int i, rmfile = 0;
+ struct stat sb;
+ int N = 99;
+ char username[100], passwd[100];
+ static int did = 0;
+
+ if (did) {
+ return;
+ }
+ did = 1;
+
+ for (i=0; i<100; i++) {
+ username[i] = '\0';
......@@ -13842,6 +14121,31 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
+
+ free(str);
+
+ if (vencrypt_plain) {
+ CARD32 ulen, plen;
+ char *q;
+
+ q = strrchr(username, '\n');
+ if (q) *q = '\0';
+ q = strrchr(passwd, '\n');
+ if (q) *q = '\0';
+
+ ulen = Swap32IfLE((CARD32)strlen(username));
+ plen = Swap32IfLE((CARD32)strlen(passwd));
+
+ if (!WriteExact(rfbsock, (char *)&ulen, 4) ||
+ !WriteExact(rfbsock, (char *)&plen, 4)) {
+ return;
+ }
+
+ if (!WriteExact(rfbsock, username, strlen(username)) ||
+ !WriteExact(rfbsock, passwd, strlen(passwd))) {
+ return;
+ }
+ return;
+ }
+
+
+ if (! getenv("SSVNC_UNIXPW_NOESC")) {
+ SendKeyEvent(XK_Escape, 1);
+ SendKeyEvent(XK_Escape, 0);
......@@ -13908,7 +14212,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
/* The -listen option is used to make us a daemon process which listens for
incoming connections from servers, rather than actively connecting to a
@@ -45,89 +225,1391 @@
@@ -45,89 +256,1398 @@
listenForIncomingConnections() returns, setting the listenSpecified
flag. */
......@@ -13965,6 +14269,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
+ }
+ }
+
+
+ if (argc > 1 && strstr(argv[1], "-h") == argv[1]) {
+ usage();
+ return 0;
......@@ -14088,9 +14393,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
+ exit(1);
+ }
+ if (appData.unixPW != NULL) {
+ unixpw(appData.unixPW);
+ unixpw(appData.unixPW, 0);
+ } else if (getenv("SSVNC_UNIXPW")) {
+ unixpw(getenv("SSVNC_UNIXPW"));
+ unixpw(getenv("SSVNC_UNIXPW"), 0);
+ }
/* Create the "popup" widget - this won't actually appear on the screen until
......@@ -14646,6 +14951,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
+void
+ToggleFileXfer(Widget w, XEvent *ev, String *params, Cardinal *num_params)
+{
+ static double last_start = 0.0;
+ if (appData.fileActive) {
+ //HideFile(w, ev, params, num_params);
+ //appData.fileActive = False;
......@@ -14656,6 +14962,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
+#else
+ if (java_helper != 0) {
+ int i;
+ if (dnow() < last_start + 6.0) {
+ fprintf(stderr, "skipping early kill of java helper (less than 5 secs)\n");
+ } else {
+ for (i=1; i<=5; i++) {
+ pid_t p = java_helper + i;
+ fprintf(stderr, "trying to kill java helper: %d\n", p);
......@@ -14665,10 +14974,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
+ }
+ }
+ }
+ }
+#endif
+ } else {
+ ShowFile(w, ev, params, num_params);
+ appData.fileActive = True;
+ last_start = dnow();
+ }
+}
+
......@@ -15338,8 +15649,16 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
}
diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncviewer/vncviewer.h
--- vnc_unixsrc.orig/vncviewer/vncviewer.h 2004-03-11 13:14:40.000000000 -0500
+++ vnc_unixsrc/vncviewer/vncviewer.h 2008-10-25 22:51:22.000000000 -0400
@@ -51,7 +51,7 @@
+++ vnc_unixsrc/vncviewer/vncviewer.h 2008-11-17 21:22:35.000000000 -0500
@@ -28,6 +28,7 @@
#include <string.h>
#include <sys/time.h>
#include <sys/types.h>
+#include <sys/stat.h>
#include <unistd.h>
#include <pwd.h>
#include <X11/IntrinsicP.h>
@@ -51,7 +52,7 @@
(((l) & 0x0000ff00) << 8) | \
(((l) & 0x000000ff) << 24)) : (l))
......@@ -15348,7 +15667,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
#define FLASH_PORT_OFFSET 5400
#define LISTEN_PORT_OFFSET 5500
@@ -65,59 +65,95 @@
@@ -65,59 +66,95 @@
(DEFAULT_SSH_CMD " -f -L %L:%H:%R %G sleep 20")
......@@ -15485,7 +15804,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
extern int listenPort, flashPort;
extern XrmOptionDescRec cmdLineOptions[];
@@ -130,10 +166,11 @@
@@ -130,10 +167,11 @@
/* colour.c */
extern unsigned long BGR233ToPixel[];
......@@ -15498,7 +15817,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
extern void SetVisualAndCmap();
@@ -157,13 +194,52 @@
@@ -157,13 +195,52 @@
extern void DesktopInitBeforeRealization();
extern void DesktopInitAfterRealization();
......@@ -15551,7 +15870,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
extern void ServerDialogDone(Widget w, XEvent *event, String *params,
Cardinal *num_params);
extern char *DoServerDialog();
@@ -181,6 +257,13 @@
@@ -181,6 +258,13 @@
extern void FullScreenOn();
extern void FullScreenOff();
......@@ -15565,7 +15884,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
/* listen.c */
extern void listenForIncomingConnections();
@@ -196,6 +279,8 @@
@@ -196,6 +280,8 @@
Cardinal *num_params);
extern void Quit(Widget w, XEvent *event, String *params,
Cardinal *num_params);
......@@ -15574,7 +15893,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
extern void Cleanup();
/* popup.c */
@@ -207,6 +292,20 @@
@@ -207,6 +293,20 @@
Cardinal *num_params);
extern void CreatePopup();
......@@ -15595,7 +15914,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
/* rfbproto.c */
extern int rfbsock;
@@ -229,8 +328,19 @@
@@ -229,8 +329,19 @@
extern Bool SendClientCutText(char *str, int len);
extern Bool HandleRFBServerMessage();
......@@ -15615,7 +15934,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
/* selection.c */
extern void InitialiseSelection();
@@ -241,8 +351,9 @@
@@ -241,8 +352,9 @@
/* shm.c */
......@@ -15626,7 +15945,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
/* sockets.c */
@@ -253,8 +364,11 @@
@@ -253,8 +365,11 @@
extern int FindFreeTcpPort(void);
extern int ListenAtTcpPort(int port);
extern int ConnectToTcpAddr(unsigned int host, int port);
......@@ -15638,12 +15957,13 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
extern int StringToIPAddr(const char *str, unsigned int *addr);
extern Bool SameMachine(int sock);
@@ -271,3 +385,69 @@
@@ -271,3 +386,70 @@
extern XtAppContext appContext;
extern Display* dpy;
extern Widget toplevel;
+
+extern void GotChatText(char *str, int len);
+extern void unixpw(char *instr, int vencrypt_plain);
+
+extern void Toggle8bpp(Widget w, XEvent *ev, String *params, Cardinal *num_params);
+extern void Toggle16bpp(Widget w, XEvent *ev, String *params, Cardinal *num_params);
......@@ -18390,8 +18710,31 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/zywrletemplate.c vnc_unixsrc/
+#undef ZYWRLE_SAVE_PIXEL
diff -Naur vnc_unixsrc.orig/include/rfbproto.h vnc_unixsrc/include/rfbproto.h
--- vnc_unixsrc.orig/include/rfbproto.h 2004-05-27 03:02:02.000000000 -0400
+++ vnc_unixsrc/include/rfbproto.h 2008-09-05 17:01:18.000000000 -0400
@@ -381,6 +381,11 @@
+++ vnc_unixsrc/include/rfbproto.h 2008-11-18 11:08:50.000000000 -0500
@@ -205,7 +205,22 @@
#define rfbSecTypeInvalid 0
#define rfbSecTypeNone 1
#define rfbSecTypeVncAuth 2
+#define rfbSecTypeRA2 5
+#define rfbSecTypeRA2ne 6
#define rfbSecTypeTight 16
+#define rfbSecTypeUltra 17
+
+/* try to support VeNCrypt and TLS */
+#define rfbSecTypeTlsVnc 18
+#define rfbSecTypeVencrypt 19
+
+#define rfbVencryptPlain 256
+#define rfbVencryptTlsNone 257
+#define rfbVencryptTlsVnc 258
+#define rfbVencryptTlsPlain 259
+#define rfbVencryptX509None 260
+#define rfbVencryptX509Vnc 261
+#define rfbVencryptX509Plain 262
/*-----------------------------------------------------------------------------
@@ -381,6 +396,11 @@
#define rfbBell 2
#define rfbServerCutText 3
......@@ -18403,7 +18746,7 @@ diff -Naur vnc_unixsrc.orig/include/rfbproto.h vnc_unixsrc/include/rfbproto.h
#define rfbFileListData 130
#define rfbFileDownloadData 131
#define rfbFileUploadCancel 132
@@ -403,6 +408,18 @@
@@ -403,6 +423,18 @@
#define rfbPointerEvent 5
#define rfbClientCutText 6
......@@ -18422,7 +18765,7 @@ diff -Naur vnc_unixsrc.orig/include/rfbproto.h vnc_unixsrc/include/rfbproto.h
#define rfbFileListRequest 130
#define rfbFileDownloadRequest 131
#define rfbFileUploadRequest 132
@@ -435,6 +452,11 @@
@@ -435,6 +467,11 @@
#define rfbEncodingTight 7
#define rfbEncodingZlibHex 8
......@@ -18434,7 +18777,7 @@ diff -Naur vnc_unixsrc.orig/include/rfbproto.h vnc_unixsrc/include/rfbproto.h
/* signatures for basic encoding types */
#define sig_rfbEncodingRaw "RAW_____"
#define sig_rfbEncodingCopyRect "COPYRECT"
@@ -955,6 +977,51 @@
@@ -955,6 +992,51 @@
#define sz_rfbFileDownloadFailedMsg 4
/*-----------------------------------------------------------------------------
......@@ -18486,7 +18829,7 @@ diff -Naur vnc_unixsrc.orig/include/rfbproto.h vnc_unixsrc/include/rfbproto.h
* Union of all server->client messages.
*/
@@ -968,6 +1035,8 @@
@@ -968,6 +1050,8 @@
rfbFileDownloadDataMsg fdd;
rfbFileUploadCancelMsg fuc;
rfbFileDownloadFailedMsg fdf;
......@@ -18495,7 +18838,7 @@ diff -Naur vnc_unixsrc.orig/include/rfbproto.h vnc_unixsrc/include/rfbproto.h
} rfbServerToClientMsg;
@@ -1221,6 +1290,41 @@
@@ -1221,6 +1305,41 @@
#define sz_rfbFileCreateDirRequestMsg 4
......@@ -18537,7 +18880,7 @@ diff -Naur vnc_unixsrc.orig/include/rfbproto.h vnc_unixsrc/include/rfbproto.h
/*-----------------------------------------------------------------------------
* Union of all client->server messages.
*/
@@ -1241,4 +1345,9 @@
@@ -1241,4 +1360,9 @@
rfbFileDownloadCancelMsg fdc;
rfbFileUploadFailedMsg fuf;
rfbFileCreateDirRequestMsg fcdr;
......
x11vnc/misc/enhanced_tightvnc_viewer/ssvnc.desktop 0 → 100644
View file @ 41c7b74a
[Desktop Entry]
# Copy this file to "/usr/shared/applications/ssvnc.desktop" then SSVNC will
# appear in desktop menus (once they are updated; e.g. update-menus command).
Name=SSL/SSH VNC Viewer
Comment=SSVNC - access remote VNC desktops
Exec=ssvnc -noenc
Icon=computer
Terminal=false
Type=Application
StartupWMClass=Ssvnc.tcl
Categories=Network;RemoteAccess;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment