Commit 41c7b74a authored by runge's avatar runge

SSVNC sync: stunnel upgrade and patch, change wish order, -anondh -ciphers option

  VeNCrypt and TLSVNC support (in pproxy and unix vncviewer). Help text tweaks
  -killstunnel, s_client fixes, No Encryption easier. Zeroconf/avahi support.
  tk font fixes. SSVNC_ULTRA_FTP_JAR finding SSVNC_PREDIGESTED_HANDSHAKE
  SSVNC_SKIP_RFB_PROTOCOL_VERSION, SSVNC_SET_SECURITY_TYPE, etc hacks.
parent 6fbba525
...@@ -82,6 +82,10 @@ The enhanced TightVNC viewer features are: ...@@ -82,6 +82,10 @@ The enhanced TightVNC viewer features are:
- Sets up any additional SSH port redirections that you want. - Sets up any additional SSH port redirections that you want.
- Zeroconf (aka Bonjour) is used on Unix and Mac OS X to find
VNC servers on your local network if the avahi-browse or dns-sd
program is available and in your PATH.
- Port Knocking for "closed port" SSH/SSL connections. In addition - Port Knocking for "closed port" SSH/SSL connections. In addition
to a simple fixed port sequence and one-time-pad implementation, to a simple fixed port sequence and one-time-pad implementation,
a hook is also provided to run any port knocking client before a a hook is also provided to run any port knocking client before a
...@@ -108,6 +112,8 @@ The enhanced TightVNC viewer features are: ...@@ -108,6 +112,8 @@ The enhanced TightVNC viewer features are:
- rfbNewFBSize VNC support (screen resizing) - rfbNewFBSize VNC support (screen resizing)
- Client-side Scaling of the Viewer.
- ZRLE VNC encoding support (RealVNC's encoding) - ZRLE VNC encoding support (RealVNC's encoding)
- Support for the ZYWRLE encoding, a wavelet based extension to - Support for the ZYWRLE encoding, a wavelet based extension to
...@@ -268,8 +274,8 @@ Unix/MacOSX Install: ...@@ -268,8 +274,8 @@ Unix/MacOSX Install:
For the conventional source tarball it will compile and install, e.g.: For the conventional source tarball it will compile and install, e.g.:
gzip -dc ssvnc-1.0.20.src.tar.gz | tar xvf - gzip -dc ssvnc-1.0.21.src.tar.gz | tar xvf -
cd ssvnc-1.0.20 cd ssvnc-1.0.21
make config make config
make all make all
make PREFIX=/my/install/dir install make PREFIX=/my/install/dir install
...@@ -428,9 +434,10 @@ On Mac OS X depending on what you do you need these programs installed: ...@@ -428,9 +434,10 @@ On Mac OS X depending on what you do you need these programs installed:
Lesser used ones: netcat, smbclient, cups Lesser used ones: netcat, smbclient, cups
Most Mac OS X and Unix OS come with the main components installed. Most Mac OS X and Unix OS come with the main components installed.
See the README.src for a more detailed description of dependencies.
If you need to Build: If you need to Build:
-------------------- --------------------
...@@ -467,7 +474,7 @@ Feel free to ask us if you need help running ./build.unix ...@@ -467,7 +474,7 @@ Feel free to ask us if you need help running ./build.unix
Convential Build: Convential Build:
A more conventional source tarball is provided in ssvnc-x.y.z.src.tar.gz. A more conventional source tarball is provided in ssvnc-x.y.z.src.tar.gz.
It uses a more or less familiar 'make config; make all; make install' It uses a more or less familiar 'make config; make all; make PREFIX=path install'
method. It does not include stunnel, so that must be installed on the method. It does not include stunnel, so that must be installed on the
system separately. system separately.
......
...@@ -30,7 +30,7 @@ fi ...@@ -30,7 +30,7 @@ fi
if [ "X$WISH" = "X" ]; then if [ "X$WISH" = "X" ]; then
WISH=wish WISH=wish
for try in wish wish8.3 wish8.4 wish8.5 wish8.6 for try in wish8.4 wish wish8.3 wish8.5 wish8.6
do do
if type $try > /dev/null; then if type $try > /dev/null; then
WISH=$try WISH=$try
...@@ -114,8 +114,8 @@ elif [ ! -d "$dir/$name" -a $nearby = 0 ]; then ...@@ -114,8 +114,8 @@ elif [ ! -d "$dir/$name" -a $nearby = 0 ]; then
echo "Using externel \"vncviewer\" and \"stunnel\" found in PATH." echo "Using externel \"vncviewer\" and \"stunnel\" found in PATH."
else else
STUNNEL=stunnel STUNNEL=stunnel
STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"} #STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
export STUNNEL STUNNEL_EXTRA_OPTS #export STUNNEL STUNNEL_EXTRA_OPTS
SSVNC_VIEWER_INTERNAL=1 SSVNC_VIEWER_INTERNAL=1
export SSVNC_VIEWER_INTERNAL export SSVNC_VIEWER_INTERNAL
fi fi
......
...@@ -201,8 +201,8 @@ elif [ ! -d "$dir/$name" -a $nearby = 0 ]; then ...@@ -201,8 +201,8 @@ elif [ ! -d "$dir/$name" -a $nearby = 0 ]; then
else else
STUNNEL=stunnel STUNNEL=stunnel
STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"} #STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
export STUNNEL STUNNEL_EXTRA_OPTS #export STUNNEL STUNNEL_EXTRA_OPTS
SSVNC_VIEWER_INTERNAL=1 SSVNC_VIEWER_INTERNAL=1
export SSVNC_VIEWER_INTERNAL export SSVNC_VIEWER_INTERNAL
fi fi
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
.\" License as specified in the file LICENCE.TXT that comes with the .\" License as specified in the file LICENCE.TXT that comes with the
.\" TightVNC distribution. .\" TightVNC distribution.
.\" .\"
.TH ssvnc 1 "September 2008" "" "SSVNC" .TH ssvnc 1 "November 2008" "" "SSVNC"
.SH NAME .SH NAME
ssvnc \- a GUI wrapper for SSL and SSH VNC connections. ssvnc \- a GUI wrapper for SSL and SSH VNC connections.
.SH SYNOPSIS .SH SYNOPSIS
...@@ -21,7 +21,7 @@ ssvnc \- a GUI wrapper for SSL and SSH VNC connections. ...@@ -21,7 +21,7 @@ ssvnc \- a GUI wrapper for SSL and SSH VNC connections.
.RI [\| saved-profile-name \|] .RI [\| saved-profile-name \|]
.br .br
.B ssvnc .B ssvnc
.RI [\| options \|][\| host-or-profile \] .RI [\| options \|]\ [\| host-or-profile \]
.br .br
.B ssvnc .B ssvnc
.IR \--help .IR \--help
...@@ -49,7 +49,8 @@ E.g. "fred@far-away.east:0". ...@@ -49,7 +49,8 @@ E.g. "fred@far-away.east:0".
As an easter egg, we note it is also possible to disable the use of SSL/SSH As an easter egg, we note it is also possible to disable the use of SSL/SSH
encryption tunnels by using a vnc:// or Vnc:// prefix before encryption tunnels by using a vnc:// or Vnc:// prefix before
host:display. host:display. Shift+Ctrl-E is a short-cut to add/remove it.
See also the \fB-noenc\fR option below.
Normally you do not specify any command line options. You simply Normally you do not specify any command line options. You simply
run \fBssvnc\fR and use the GUI that starts up. run \fBssvnc\fR and use the GUI that starts up.
...@@ -59,7 +60,7 @@ on the command line to connect to immediately (the GUI is started ...@@ -59,7 +60,7 @@ on the command line to connect to immediately (the GUI is started
and the connection is initiated). For example, "\fBssvnc far-away.east:0\fR" and the connection is initiated). For example, "\fBssvnc far-away.east:0\fR"
Instead of a host:display, you can specify the name of a saved profile to Instead of a host:display, you can specify the name of a saved profile to
automatically load that profile and then connect to its server. automatically load that profile and then connect to its server.
For example "\fBssvnc far\fR", if you name the profile "far". For example "\fBssvnc far\fR", if you named the profile "far".
You can use the \fB-profiles\fR option to list the profiles you have saved. You can use the \fB-profiles\fR option to list the profiles you have saved.
The related commands \fBsshvnc\fR and \fBtsvnc\fR start up the GUI in The related commands \fBsshvnc\fR and \fBtsvnc\fR start up the GUI in
...@@ -108,6 +109,18 @@ Same as SSVNC_NO_VERIFY_ALL_BUTTON=1. ...@@ -108,6 +109,18 @@ Same as SSVNC_NO_VERIFY_ALL_BUTTON=1.
\fB\-bigger\fR \fB\-bigger\fR
Make the Profile Selection Dialog window bigger. Make the Profile Selection Dialog window bigger.
Same as SSVNC_BIGGER_DIALOG=1. Same as SSVNC_BIGGER_DIALOG=1.
.TP
\fB\-noenc\fR
Start off in a mode where a 'No Encryption' check button is present.
You can toggle the mode with Ctrl-E.
Same as SSVNC_DISABLE_ENCRYPTION_BUTTON=1. Or noenc=1 in ~/.ssvncrc.
Selecting no encryption is the same as the vnc:// and Vnc:// prefixes
described below.
.TP
\fB\-killstunnel\fR
On Windows, automatically terminate the STUNNEL process when the viewer
exits instead of prompting you (same as killstunnel=1 in ssvnc_rc or
toggle in Options menu)
.SH URL NOTATION .SH URL NOTATION
Here are all of our URL-like prefixes that you can put in front of Here are all of our URL-like prefixes that you can put in front of
host:display (or host:port): host:display (or host:port):
...@@ -116,7 +129,7 @@ For SSL: vncs:// vncssl:// and vnc+ssl:// ...@@ -116,7 +129,7 @@ For SSL: vncs:// vncssl:// and vnc+ssl://
For SSH: vncssh:// and vnc+ssh:// For SSH: vncssh:// and vnc+ssh://
For No Encryption Tunnel: vnc:// and Vnc:// For No Encryption: vnc:// and Vnc://
Examples: Examples:
...@@ -128,6 +141,10 @@ To quickly make a direct connection: \fBssvnc Vnc://snoopy.com:0\fR ...@@ -128,6 +141,10 @@ To quickly make a direct connection: \fBssvnc Vnc://snoopy.com:0\fR
The above will also work in the "VNC Host:Display" entry box in the GUI. The above will also work in the "VNC Host:Display" entry box in the GUI.
Press the "Connect" button after entering them. Press the "Connect" button after entering them.
The difference between vnc:// and Vnc:// is that the latter one will not
prompt you whether you really want to make an unencrypted connection
or not.
.SH FILES .SH FILES
Your SSVNC vnc profiles are stored in the \fB$HOME/.vnc/profiles\fR Your SSVNC vnc profiles are stored in the \fB$HOME/.vnc/profiles\fR
directory. They end in suffix \fB.vnc\fR directory. They end in suffix \fB.vnc\fR
......
#!/bin/sh #!/bin/sh
rm -rf ./src/tmp/* || exit 1 rm -rf ./src/tmp/* || exit 1
vers=1.0.21 vers=1.0.22
cd .. || exit 1 cd .. || exit 1
...@@ -12,7 +12,7 @@ dest=./t.unix_only ...@@ -12,7 +12,7 @@ dest=./t.unix_only
rm -rf $dest rm -rf $dest
mkdir -p $dest || exit 1 mkdir -p $dest || exit 1
tar cvf - ssvnc/{README,COPYING} ssvnc/bin ssvnc/Unix | (cd $dest; tar xvf -) tar cvf - ssvnc/{README,COPYING,ssvnc.desktop} ssvnc/bin ssvnc/Unix | (cd $dest; tar xvf -)
rm -f $dest/ssvnc/bin/.linkin rm -f $dest/ssvnc/bin/.linkin
tar=ssvnc_unix_only-${vers}.tar.gz tar=ssvnc_unix_only-${vers}.tar.gz
...@@ -25,8 +25,7 @@ dest=./t.unix_minimal ...@@ -25,8 +25,7 @@ dest=./t.unix_minimal
rm -rf $dest rm -rf $dest
mkdir -p $dest || exit 1 mkdir -p $dest || exit 1
#tar cvf - ssvnc/{README,COPYING} ssvnc/bin/{ss*,util/ss*} ssvnc/Unix | (cd $dest; tar xvf -) tar cvf - ssvnc/{README,COPYING,ssvnc.desktop} ssvnc/bin/{ss*,util/ss*} | (cd $dest; tar xvf -)
tar cvf - ssvnc/{README,COPYING} ssvnc/bin/{ss*,util/ss*} | (cd $dest; tar xvf -)
tar=ssvnc_unix_minimal-${vers}.tar.gz tar=ssvnc_unix_minimal-${vers}.tar.gz
(cd $dest; tar czvf ../$tar ssvnc) (cd $dest; tar czvf ../$tar ssvnc)
...@@ -46,7 +45,7 @@ data__() {' ...@@ -46,7 +45,7 @@ data__() {'
scr=./ssvnc.sh scr=./ssvnc.sh
echo "$top" > $scr echo "$top" > $scr
(cd ssvnc; tar cvf - README COPYING bin/{ss*,util/ss*}) >> $scr (cd ssvnc; tar cvf - README COPYING ssvnc.desktop bin/{ss*,util/ss*}) >> $scr
chmod 755 $scr chmod 755 $scr
ls -l $scr ls -l $scr
......
diff -Naur stunnel.orig/src/client.c stunnel/src/client.c diff -Naur stunnel.orig/src/client.c stunnel/src/client.c
--- stunnel.orig/src/client.c 2005-10-24 14:00:56.000000000 -0400 --- stunnel.orig/src/client.c 2008-03-27 04:35:27.000000000 -0400
+++ stunnel/src/client.c 2006-07-31 21:51:37.000000000 -0400 +++ stunnel/src/client.c 2008-11-19 21:40:00.000000000 -0500
@@ -126,6 +126,10 @@ @@ -191,6 +191,7 @@
enter_critical_section(CRIT_CLIENTS); /* for multi-cpu machines */
s_log(LOG_DEBUG, "%s finished (%d left)", c->opt->servname, s_log(LOG_DEBUG, "%s finished (%d left)", c->opt->servname,
--num_clients); --num_clients);
+ if (getenv("STUNNEL_ONCE")) {fprintf(stderr, "stunnel: exiting.\n"); exit(0);}
leave_critical_section(CRIT_CLIENTS); leave_critical_section(CRIT_CLIENTS);
+ if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
+ s_log(LOG_NOTICE, "client() finished: exceeded maxconn");
+ exit(0);
+ }
#endif #endif
free(c); }
#ifdef DEBUG_STACK_SIZE
diff -Naur stunnel.orig/src/network.c stunnel/src/network.c diff -Naur stunnel.orig/src/network.c stunnel/src/network.c
--- stunnel.orig/src/network.c 2005-10-30 16:35:42.000000000 -0500 --- stunnel.orig/src/network.c 2008-03-27 05:28:16.000000000 -0400
+++ stunnel/src/network.c 2006-07-31 21:53:49.000000000 -0400 +++ stunnel/src/network.c 2008-11-19 21:39:41.000000000 -0500
@@ -329,6 +329,10 @@ @@ -346,6 +346,7 @@
/* no logging is possible in a signal handler */ /* no logging is possible in a signal handler */
#ifdef USE_FORK #ifdef USE_FORK
num_clients--; /* one client less */ --num_clients; /* one client less */
+ if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) { + if (getenv("STUNNEL_ONCE")) exit(0);
+ s_log(LOG_NOTICE, "sigchld_handler() finished: exceeded maxconn");
+ exit(0);
+ }
#endif /* USE_FORK */ #endif /* USE_FORK */
} }
#else /* __sgi */ #else /* __sgi */
@@ -375,6 +379,10 @@ @@ -432,9 +433,11 @@
#ifdef HAVE_WAIT_FOR_PID
while((pid=wait_for_pid(-1, &status, WNOHANG))>0) {
--num_clients; /* one client less */
+ if (getenv("STUNNEL_ONCE")) exit(0);
#else
if((pid=wait(&status))>0) { if((pid=wait(&status))>0) {
num_clients--; /* one client less */ --num_clients; /* one client less */
+ if (getenv("STUNNEL_ONCE")) exit(0);
#endif #endif
+ if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
+ s_log(LOG_NOTICE, "client_status() finished: exceeded maxconn");
+ exit(0);
+ }
#ifdef WIFSIGNALED #ifdef WIFSIGNALED
if(WIFSIGNALED(status)) { if(WIFSIGNALED(status)) {
s_log(LOG_DEBUG, "Process %d terminated on signal %d (%d left)",
diff -Naur stunnel.orig/src/options.c stunnel/src/options.c diff -Naur stunnel.orig/src/options.c stunnel/src/options.c
--- stunnel.orig/src/options.c 2005-10-20 03:12:07.000000000 -0400 --- stunnel.orig/src/options.c 2008-06-21 17:18:23.000000000 -0400
+++ stunnel/src/options.c 2006-07-31 22:49:57.000000000 -0400 +++ stunnel/src/options.c 2008-11-19 21:15:01.000000000 -0500
@@ -665,6 +665,24 @@ @@ -465,6 +465,7 @@
switch(cmd) {
case CMD_INIT:
options.option.syslog=1;
+ if (getenv("STUNNEL_NO_SYSLOG")) options.option.syslog=0;
break; break;
} case CMD_EXEC:
if(strcasecmp(opt, "syslog"))
+ /* maxconn */
+ switch(cmd) {
+ case CMD_INIT:
+ options.maxconn=0;
+ break;
+ case CMD_EXEC:
+ if(strcasecmp(opt, "maxconn"))
+ break;
+ options.maxconn=atoi(arg);
+ return NULL; /* OK */
+ case CMD_DEFAULT:
+ log_raw("%-15s = 0", "maxconn");
+ break;
+ case CMD_HELP:
+ log_raw("%-15s = maximum number of accepted connections", "maxconn");
+ break;
+ }
+
if(cmd==CMD_EXEC)
return option_not_found;
return NULL; /* OK */
diff -Naur stunnel.orig/src/prototypes.h stunnel/src/prototypes.h
--- stunnel.orig/src/prototypes.h 2005-10-27 05:41:28.000000000 -0400
+++ stunnel/src/prototypes.h 2006-07-31 22:49:36.000000000 -0400
@@ -44,6 +44,7 @@
/**************************************** Prototypes for stunnel.c */
extern int num_clients;
+extern int num_conn;
void main_initialize(char *, char *);
void main_execute(void);
@@ -113,6 +114,7 @@
long session_timeout;
int verify_level;
int verify_use_only_my;
+ int maxconn;
long ssl_options;
/* some global data for stunnel.c */
diff -Naur stunnel.orig/src/stunnel.c stunnel/src/stunnel.c diff -Naur stunnel.orig/src/stunnel.c stunnel/src/stunnel.c
--- stunnel.orig/src/stunnel.c 2005-11-02 15:18:42.000000000 -0500 --- stunnel.orig/src/stunnel.c 2008-06-21 17:32:45.000000000 -0400
+++ stunnel/src/stunnel.c 2006-07-31 21:40:04.000000000 -0400 +++ stunnel/src/stunnel.c 2008-11-19 21:14:28.000000000 -0500
@@ -53,6 +53,7 @@ @@ -301,6 +301,7 @@
}
#endif #endif
#endif
int num_clients=0; /* Current number of clients */ + if (getenv("STUNNEL_MAX_CLIENTS")) max_clients = atoi(getenv("STUNNEL_MAX_CLIENTS"));
+int num_conn=0; /* Total number of connections */
/* Functions */
@@ -138,6 +139,7 @@
} }
num_clients=0; #if !defined (USE_WIN32) && !defined (__vms) && !defined(USE_OS2)
+ num_conn=0;
/* bind local ports */
for(opt=local_options.next; opt; opt=opt->next) {
@@ -222,6 +224,18 @@
return; /* error */
}
}
+ num_conn++;
+fprintf(stderr, "num_conn: %d\n", num_conn);
+ if (options.maxconn > 0 && num_conn > options.maxconn) {
+ s_log(LOG_WARNING, "Connection rejected: exceeded maxconn (%d>%d)",
+ num_conn, options.maxconn);
+ closesocket(s);
+ if (num_clients == 0) {
+ s_log(LOG_WARNING, "Finished via maxconn.");
+ exit(0);
+ }
+ return;
+ }
s_ntop(from_address, &addr);
s_log(LOG_DEBUG, "%s accepted FD=%d from %s",
opt->servname, s, from_address);
[Desktop Entry]
# Copy this file to "/usr/shared/applications/ssvnc.desktop" then SSVNC will
# appear in desktop menus (once they are updated; e.g. update-menus command).
Name=SSL/SSH VNC Viewer
Comment=SSVNC - access remote VNC desktops
Exec=ssvnc -noenc
Icon=computer
Terminal=false
Type=Application
StartupWMClass=Ssvnc.tcl
Categories=Network;RemoteAccess;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment