Commit 454c1fad authored by runge's avatar runge

x11vnc: enhance -passwdfile features, filetransfer on by default.

parent e673a125
2005-12-24 Karl Runge <runge@karlrunge.com>
* x11vnc: enhance -passwdfile features, filetransfer on by default.
2005-12-19 Dave Stuart <dave@justdave.us> 2005-12-19 Dave Stuart <dave@justdave.us>
* libvncserver/{main.c,rfbserver.c,cargs.c}, rfb/rfb.h: introduce * libvncserver/{main.c,rfbserver.c,cargs.c}, rfb/rfb.h: introduce
deferPtrUpdateTime, which defers the handling of pointer events deferPtrUpdateTime, which defers the handling of pointer events
......
2005-12-24 Karl Runge <runge@karlrunge.com>
* x11vnc: enhance -passwdfile features, filetransfer on by default,
call rfbRegisterTightVNCFileTransferExtension() earlier.
2005-11-28 Karl Runge <runge@karlrunge.com> 2005-11-28 Karl Runge <runge@karlrunge.com>
* x11vnc: add -loop option. * x11vnc: add -loop option.
......
x11vnc README file Date: Mon Nov 28 10:42:40 EST 2005 x11vnc README file Date: Sat Dec 24 10:14:27 EST 2005
The following information is taken from these URLs: The following information is taken from these URLs:
...@@ -4757,7 +4757,7 @@ x11vnc: a VNC server for real X displays ...@@ -4757,7 +4757,7 @@ x11vnc: a VNC server for real X displays
Here are all of x11vnc command line options: Here are all of x11vnc command line options:
% x11vnc -opts (see below for -help long descriptions) % x11vnc -opts (see below for -help long descriptions)
x11vnc: allow VNC connections to real X11 displays. 0.7.3 lastmod: 2005-11-28 x11vnc: allow VNC connections to real X11 displays. 0.7.3 lastmod: 2005-12-24
x11vnc options: x11vnc options:
-display disp -auth file -display disp -auth file
...@@ -4770,7 +4770,7 @@ x11vnc options: ...@@ -4770,7 +4770,7 @@ x11vnc options:
-shared -once -shared -once
-forever -loop -forever -loop
-timeout n -inetd -timeout n -inetd
-filexfer -http -nofilexfer -http
-connect string -vncconnect -connect string -vncconnect
-novncconnect -allow host1[,host2..] -novncconnect -allow host1[,host2..]
-localhost -nolookup -localhost -nolookup
...@@ -4845,6 +4845,7 @@ libvncserver options: ...@@ -4845,6 +4845,7 @@ libvncserver options:
-passwd plain-password use authentication -passwd plain-password use authentication
(use plain-password as password, USE AT YOUR RISK) (use plain-password as password, USE AT YOUR RISK)
-deferupdate time time in ms to defer updates (default 40) -deferupdate time time in ms to defer updates (default 40)
-deferptrupdate time time in ms to defer pointer updates (default none)
-desktop name VNC desktop name (default "LibVNCServer") -desktop name VNC desktop name (default "LibVNCServer")
-alwaysshared always treat new clients as shared -alwaysshared always treat new clients as shared
-nevershared never treat new clients as shared -nevershared never treat new clients as shared
...@@ -4857,11 +4858,16 @@ libvncserver options: ...@@ -4857,11 +4858,16 @@ libvncserver options:
-listen ipaddr listen for connections only on network interface with -listen ipaddr listen for connections only on network interface with
addr ipaddr. '-listen localhost' and hostname work too. addr ipaddr. '-listen localhost' and hostname work too.
libvncserver-tight-extension options:
-disablefiletransfer disable file transfer
-ftproot string set ftp root
% x11vnc -help % x11vnc -help
x11vnc: allow VNC connections to real X11 displays. 0.7.3 lastmod: 2005-11-28 x11vnc: allow VNC connections to real X11 displays. 0.7.3 lastmod: 2005-12-24
Typical usage is: Typical usage is:
...@@ -5051,7 +5057,13 @@ Options: ...@@ -5051,7 +5057,13 @@ Options:
option, otherwise the stderr goes to the viewer which option, otherwise the stderr goes to the viewer which
will cause it to abort. Specifying both -inetd and -q will cause it to abort. Specifying both -inetd and -q
and no -o will automatically close the stderr. and no -o will automatically close the stderr.
-filexfer Enable the TightVNC file transfer extension. -nofilexfer Disable the TightVNC file transfer extension. (same as
-disablefiletransfer). Note that when the -viewonly
option is supplied all file transfers are disabled.
Also clients that log in viewonly cannot transfer files.
However, if the remote control mechanism is used to
change the global or per-client viewonly state the
filetransfer permissions will NOT change.
-http Instead of using -httpdir (see below) to specify -http Instead of using -httpdir (see below) to specify
where the Java vncviewer applet is, have x11vnc try where the Java vncviewer applet is, have x11vnc try
to *guess* where the directory is by looking relative to *guess* where the directory is by looking relative
...@@ -5114,18 +5126,40 @@ Options: ...@@ -5114,18 +5126,40 @@ Options:
anything and enables view-only users to move the mouse. anything and enables view-only users to move the mouse.
This option is ignored when a global -viewonly is in This option is ignored when a global -viewonly is in
effect (all input is discarded in that case). effect (all input is discarded in that case).
-viewpasswd string Supply a 2nd password for view-only logins. The -passwd -viewpasswd string Supply a 2nd password for view-only logins. The -passwd
(full-access) password must also be supplied. (full-access) password must also be supplied.
-passwdfile filename Specify libvncserver -passwd via the first line of the
file "filename" instead of via command line (where -passwdfile filename Specify the libvncserver password via the first line
others might see it via ps(1)). If a second non blank of the file "filename" (instead of via -passwd on
line exists in the file it is taken as a view-only the command line where others might see it via ps(1)).
password (i.e. -viewpasswd) To supply an empty password
for either field the string "__EMPTY__" may be used. If the filename is prefixed with "rm:" it will be
Note: -passwdfile is a simple plaintext passwd, see removed after being read. In general, the password file
also -rfbauth and -storepasswd below for obfuscated should not be readable by untrusted users (BTW: neither
VNC password files. Neither file should be readable should the VNC -rfbauth file: it is NOT encrypted).
by untrusted users.
Note that only the first 8 characters of a password
are used.
If multiple non-blank lines exist in the file they are
all taken as valid passwords. Blank lines are ignored.
Password lines may be "commented out" (ignored) if
they begin with the charactor "#" or the line contains
the string "__SKIP__". Lines may be annotated by use
of the "__COMM__" string: from it to the end of the
line is ignored. An empty password may be specified
via the "__EMPTY__" string on a line by itself (note
your viewer might not accept empty passwords).
If the string "__BEGIN_VIEWONLY__" appears on a
line by itself, the remaining passwords are used for
viewonly access. For compatibility, as a special case
if the file contains only two password lines the 2nd
one is automatically taken as the viewonly password.
Otherwise the "__BEGIN_VIEWONLY__" token must be used
to have viewonly passwords. (tip: make it the 3rd and
last line to have 2 full-access passwords)
-nopw Disable the big warning message when you use x11vnc -nopw Disable the big warning message when you use x11vnc
without some sort of password. without some sort of password.
-storepasswd pass file Store password "pass" as the VNC password in the -storepasswd pass file Store password "pass" as the VNC password in the
...@@ -6758,6 +6792,7 @@ These options are passed to libvncserver: ...@@ -6758,6 +6792,7 @@ These options are passed to libvncserver:
-passwd plain-password use authentication -passwd plain-password use authentication
(use plain-password as password, USE AT YOUR RISK) (use plain-password as password, USE AT YOUR RISK)
-deferupdate time time in ms to defer updates (default 40) -deferupdate time time in ms to defer updates (default 40)
-deferptrupdate time time in ms to defer pointer updates (default none)
-desktop name VNC desktop name (default "LibVNCServer") -desktop name VNC desktop name (default "LibVNCServer")
-alwaysshared always treat new clients as shared -alwaysshared always treat new clients as shared
-nevershared never treat new clients as shared -nevershared never treat new clients as shared
...@@ -6770,6 +6805,10 @@ These options are passed to libvncserver: ...@@ -6770,6 +6805,10 @@ These options are passed to libvncserver:
-listen ipaddr listen for connections only on network interface with -listen ipaddr listen for connections only on network interface with
addr ipaddr. '-listen localhost' and hostname work too. addr ipaddr. '-listen localhost' and hostname work too.
libvncserver-tight-extension options:
-disablefiletransfer disable file transfer
-ftproot string set ftp root
Pretty wild huh? [1]Contact me if you have any questions or problems. Pretty wild huh? [1]Contact me if you have any questions or problems.
Personally, I use: Personally, I use:
......
.\" This file was automatically generated from x11vnc -help output. .\" This file was automatically generated from x11vnc -help output.
.TH X11VNC "1" "November 2005" "x11vnc " "User Commands" .TH X11VNC "1" "December 2005" "x11vnc " "User Commands"
.SH NAME .SH NAME
x11vnc - allow VNC connections to real X11 displays x11vnc - allow VNC connections to real X11 displays
version: 0.7.3, lastmod: 2005-11-28 version: 0.7.3, lastmod: 2005-12-24
.SH SYNOPSIS .SH SYNOPSIS
.B x11vnc .B x11vnc
[OPTION]... [OPTION]...
...@@ -264,9 +264,15 @@ option, otherwise the stderr goes to the viewer which ...@@ -264,9 +264,15 @@ option, otherwise the stderr goes to the viewer which
will cause it to abort. Specifying both \fB-inetd\fR and \fB-q\fR will cause it to abort. Specifying both \fB-inetd\fR and \fB-q\fR
and no \fB-o\fR will automatically close the stderr. and no \fB-o\fR will automatically close the stderr.
.PP .PP
\fB-filexfer\fR \fB-nofilexfer\fR
.IP .IP
Enable the TightVNC file transfer extension. Disable the TightVNC file transfer extension. (same as
\fB-disablefiletransfer).\fR Note that when the \fB-viewonly\fR
option is supplied all file transfers are disabled.
Also clients that log in viewonly cannot transfer files.
However, if the remote control mechanism is used to
change the global or per-client viewonly state the
filetransfer permissions will NOT change.
.PP .PP
\fB-http\fR \fB-http\fR
.IP .IP
...@@ -361,18 +367,38 @@ Supply a 2nd password for view-only logins. The \fB-passwd\fR ...@@ -361,18 +367,38 @@ Supply a 2nd password for view-only logins. The \fB-passwd\fR
.PP .PP
\fB-passwdfile\fR \fIfilename\fR \fB-passwdfile\fR \fIfilename\fR
.IP .IP
Specify libvncserver \fB-passwd\fR via the first line of the Specify the libvncserver password via the first line
file \fIfilename\fR instead of via command line (where of the file \fIfilename\fR (instead of via \fB-passwd\fR on
others might see it via the command line where others might see it via
.IR ps (1) .IR ps (1)
). If a second non blank ).
line exists in the file it is taken as a view-only .IP
password (i.e. \fB-viewpasswd)\fR To supply an empty password If the filename is prefixed with "rm:" it will be
for either field the string "__EMPTY__" may be used. removed after being read. In general, the password file
Note: \fB-passwdfile\fR is a simple plaintext passwd, see should not be readable by untrusted users (BTW: neither
also \fB-rfbauth\fR and \fB-storepasswd\fR below for obfuscated should the VNC \fB-rfbauth\fR file: it is NOT encrypted).
VNC password files. Neither file should be readable .IP
by untrusted users. Note that only the first 8 characters of a password
are used.
.IP
If multiple non-blank lines exist in the file they are
all taken as valid passwords. Blank lines are ignored.
Password lines may be "commented out" (ignored) if
they begin with the charactor "#" or the line contains
the string "__SKIP__". Lines may be annotated by use
of the "__COMM__" string: from it to the end of the
line is ignored. An empty password may be specified
via the "__EMPTY__" string on a line by itself (note
your viewer might not accept empty passwords).
.IP
If the string "__BEGIN_VIEWONLY__" appears on a
line by itself, the remaining passwords are used for
viewonly access. For compatibility, as a special case
if the file contains only two password lines the 2nd
one is automatically taken as the viewonly password.
Otherwise the "__BEGIN_VIEWONLY__" token must be used
to have viewonly passwords. (tip: make it the 3rd and
last line to have 2 full-access passwords)
.PP .PP
\fB-nopw\fR \fB-nopw\fR
.IP .IP
...@@ -2534,6 +2560,10 @@ use authentication ...@@ -2534,6 +2560,10 @@ use authentication
.IP .IP
time in ms to defer updates (default 40) time in ms to defer updates (default 40)
.PP .PP
\fB-deferptrupdate\fR \fItime\fR
.IP
time in ms to defer pointer updates (default none)
.PP
\fB-desktop\fR \fIname\fR \fB-desktop\fR \fIname\fR
.IP .IP
VNC desktop name (default "LibVNCServer") VNC desktop name (default "LibVNCServer")
...@@ -2571,6 +2601,16 @@ enable progressive updating for slow links ...@@ -2571,6 +2601,16 @@ enable progressive updating for slow links
.IP .IP
listen for connections only on network interface with listen for connections only on network interface with
addr ipaddr. '-listen localhost' and hostname work too. addr ipaddr. '-listen localhost' and hostname work too.
.PP
libvncserver-tight-extension options:
.PP
\fB-disablefiletransfer\fR
.IP
disable file transfer
.PP
\fB-ftproot\fR \fIstring\fR
.IP
set ftp root
.SH "FILES" .SH "FILES"
.IR $HOME/.x11vncrc , .IR $HOME/.x11vncrc ,
.IR $HOME/.Xauthority .IR $HOME/.Xauthority
......
...@@ -163,7 +163,7 @@ ...@@ -163,7 +163,7 @@
* -DREMOTE_DEFAULT=0 to disable remote-control on by default (-yesremote). * -DREMOTE_DEFAULT=0 to disable remote-control on by default (-yesremote).
* -DREMOTE_CONTROL=0 to disable remote-control mechanism completely. * -DREMOTE_CONTROL=0 to disable remote-control mechanism completely.
* -DEXTERNAL_COMMANDS=0 to disable the running of all external commands. * -DEXTERNAL_COMMANDS=0 to disable the running of all external commands.
* -DFILEXFER=1 enable -filexfer as the default. * -DFILEXFER=0 disable filexfer.
* *
* -DHARDWIRE_PASSWD=... hardwired passwords, quoting necessary. * -DHARDWIRE_PASSWD=... hardwired passwords, quoting necessary.
* -DHARDWIRE_VIEWPASSWD=... * -DHARDWIRE_VIEWPASSWD=...
...@@ -398,7 +398,7 @@ double xdamage_scheduled_mark = 0.0; ...@@ -398,7 +398,7 @@ double xdamage_scheduled_mark = 0.0;
sraRegionPtr xdamage_scheduled_mark_region = NULL; sraRegionPtr xdamage_scheduled_mark_region = NULL;
/* date +'lastmod: %Y-%m-%d' */ /* date +'lastmod: %Y-%m-%d' */
char lastmod[] = "0.7.3 lastmod: 2005-11-28"; char lastmod[] = "0.7.3 lastmod: 2005-12-24";
int hack_val = 0; int hack_val = 0;
/* X display info */ /* X display info */
...@@ -866,9 +866,11 @@ char *allowed_input_view_only = NULL; ...@@ -866,9 +866,11 @@ char *allowed_input_view_only = NULL;
char *allowed_input_normal = NULL; char *allowed_input_normal = NULL;
char *allowed_input_str = NULL; char *allowed_input_str = NULL;
char *viewonly_passwd = NULL; /* view only passwd. */ char *viewonly_passwd = NULL; /* view only passwd. */
char **passwd_list = NULL; /* for -passwdfile */
int begin_viewonly = -1;
int inetd = 0; /* spawned from inetd(1) */ int inetd = 0; /* spawned from inetd(1) */
#ifndef FILEXFER #ifndef FILEXFER
#define FILEXFER 0 #define FILEXFER 1
#endif #endif
int filexfer = FILEXFER; int filexfer = FILEXFER;
int first_conn_timeout = 0; /* -timeout */ int first_conn_timeout = 0; /* -timeout */
...@@ -20433,11 +20435,6 @@ void initialize_screen(int *argc, char **argv, XImage *fb) { ...@@ -20433,11 +20435,6 @@ void initialize_screen(int *argc, char **argv, XImage *fb) {
screen->ptrAddEvent = pointer; screen->ptrAddEvent = pointer;
screen->setXCutText = xcut_receive; screen->setXCutText = xcut_receive;
if (filexfer) {
#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
rfbRegisterTightVNCFileTransferExtension();
#endif
}
rfbInitServer(screen); rfbInitServer(screen);
if (viewonly_passwd) { if (viewonly_passwd) {
...@@ -20448,6 +20445,16 @@ void initialize_screen(int *argc, char **argv, XImage *fb) { ...@@ -20448,6 +20445,16 @@ void initialize_screen(int *argc, char **argv, XImage *fb) {
passwds_new[1] = viewonly_passwd; passwds_new[1] = viewonly_passwd;
passwds_new[2] = NULL; passwds_new[2] = NULL;
screen->authPasswdData = (void*) passwds_new; screen->authPasswdData = (void*) passwds_new;
} else if (passwd_list) {
int i = 0;
while(passwd_list[i] != NULL) {
i++;
}
if (begin_viewonly < 0) {
begin_viewonly = i+1;
}
screen->authPasswdData = (void*) passwd_list;
screen->authPasswdFirstViewOnly = begin_viewonly;
} }
} }
...@@ -30344,7 +30351,13 @@ static void print_help(int mode) { ...@@ -30344,7 +30351,13 @@ static void print_help(int mode) {
" option, otherwise the stderr goes to the viewer which\n" " option, otherwise the stderr goes to the viewer which\n"
" will cause it to abort. Specifying both -inetd and -q\n" " will cause it to abort. Specifying both -inetd and -q\n"
" and no -o will automatically close the stderr.\n" " and no -o will automatically close the stderr.\n"
"-filexfer Enable the TightVNC file transfer extension.\n" "-nofilexfer Disable the TightVNC file transfer extension. (same as\n"
" -disablefiletransfer). Note that when the -viewonly\n"
" option is supplied all file transfers are disabled.\n"
" Also clients that log in viewonly cannot transfer files.\n"
" However, if the remote control mechanism is used to\n"
" change the global or per-client viewonly state the\n"
" filetransfer permissions will NOT change.\n"
"-http Instead of using -httpdir (see below) to specify\n" "-http Instead of using -httpdir (see below) to specify\n"
" where the Java vncviewer applet is, have x11vnc try\n" " where the Java vncviewer applet is, have x11vnc try\n"
" to *guess* where the directory is by looking relative\n" " to *guess* where the directory is by looking relative\n"
...@@ -30407,18 +30420,41 @@ static void print_help(int mode) { ...@@ -30407,18 +30420,41 @@ static void print_help(int mode) {
" anything and enables view-only users to move the mouse.\n" " anything and enables view-only users to move the mouse.\n"
" This option is ignored when a global -viewonly is in\n" " This option is ignored when a global -viewonly is in\n"
" effect (all input is discarded in that case).\n" " effect (all input is discarded in that case).\n"
"\n"
"-viewpasswd string Supply a 2nd password for view-only logins. The -passwd\n" "-viewpasswd string Supply a 2nd password for view-only logins. The -passwd\n"
" (full-access) password must also be supplied.\n" " (full-access) password must also be supplied.\n"
"-passwdfile filename Specify libvncserver -passwd via the first line of the\n" "\n"
" file \"filename\" instead of via command line (where\n" "-passwdfile filename Specify the libvncserver password via the first line\n"
" others might see it via ps(1)). If a second non blank\n" " of the file \"filename\" (instead of via -passwd on\n"
" line exists in the file it is taken as a view-only\n" " the command line where others might see it via ps(1)).\n"
" password (i.e. -viewpasswd) To supply an empty password\n" "\n"
" for either field the string \"__EMPTY__\" may be used.\n" " If the filename is prefixed with \"rm:\" it will be\n"
" Note: -passwdfile is a simple plaintext passwd, see\n" " removed after being read. In general, the password file\n"
" also -rfbauth and -storepasswd below for obfuscated\n" " should not be readable by untrusted users (BTW: neither\n"
" VNC password files. Neither file should be readable\n" " should the VNC -rfbauth file: it is NOT encrypted).\n"
" by untrusted users.\n" "\n"
" Note that only the first 8 characters of a password\n"
" are used.\n"
"\n"
" If multiple non-blank lines exist in the file they are\n"
" all taken as valid passwords. Blank lines are ignored.\n"
" Password lines may be \"commented out\" (ignored) if\n"
" they begin with the charactor \"#\" or the line contains\n"
" the string \"__SKIP__\". Lines may be annotated by use\n"
" of the \"__COMM__\" string: from it to the end of the\n"
" line is ignored. An empty password may be specified\n"
" via the \"__EMPTY__\" string on a line by itself (note\n"
" your viewer might not accept empty passwords).\n"
"\n"
" If the string \"__BEGIN_VIEWONLY__\" appears on a\n"
" line by itself, the remaining passwords are used for\n"
" viewonly access. For compatibility, as a special case\n"
" if the file contains only two password lines the 2nd\n"
" one is automatically taken as the viewonly password.\n"
" Otherwise the \"__BEGIN_VIEWONLY__\" token must be used\n"
" to have viewonly passwords. (tip: make it the 3rd and\n"
" last line to have 2 full-access passwords)\n"
"-nopw Disable the big warning message when you use x11vnc\n" "-nopw Disable the big warning message when you use x11vnc\n"
" without some sort of password.\n" " without some sort of password.\n"
"-storepasswd pass file Store password \"pass\" as the VNC password in the\n" "-storepasswd pass file Store password \"pass\" as the VNC password in the\n"
...@@ -32062,6 +32098,11 @@ static void print_help(int mode) { ...@@ -32062,6 +32098,11 @@ static void print_help(int mode) {
/* have both our help and rfbUsage to stdout for more(1), etc. */ /* have both our help and rfbUsage to stdout for more(1), etc. */
dup2(1, 2); dup2(1, 2);
/* register extention(s) to get their help output */
#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
rfbRegisterTightVNCFileTransferExtension();
#endif
if (mode == 1) { if (mode == 1) {
char *p; char *p;
int l = 0; int l = 0;
...@@ -33116,6 +33157,8 @@ int main(int argc, char* argv[]) { ...@@ -33116,6 +33157,8 @@ int main(int argc, char* argv[]) {
users_list = strdup(argv[++i]); users_list = strdup(argv[++i]);
} else if (!strcmp(arg, "-inetd")) { } else if (!strcmp(arg, "-inetd")) {
inetd = 1; inetd = 1;
} else if (!strcmp(arg, "-nofilexfer")) {
filexfer = 0;
} else if (!strcmp(arg, "-filexfer")) { } else if (!strcmp(arg, "-filexfer")) {
filexfer = 1; filexfer = 1;
} else if (!strcmp(arg, "-http")) { } else if (!strcmp(arg, "-http")) {
...@@ -33737,6 +33780,16 @@ int main(int argc, char* argv[]) { ...@@ -33737,6 +33780,16 @@ int main(int argc, char* argv[]) {
} }
} }
if (got_rfbauth && (got_passwd || got_viewpasswd || got_passwdfile)) {
fprintf(stderr, "option -rfbauth is incompatible with:\n");
fprintf(stderr, " -passwd, -viewpasswd, and -passwdfile\n");
exit(1);
}
if (got_passwdfile && (got_passwd || got_viewpasswd)) {
fprintf(stderr, "option -passwdfile is incompatible with:\n");
fprintf(stderr, " -passwd and -viewpasswd\n");
exit(1);
}
/* /*
* If -passwd was used, clear it out of argv. This does not * If -passwd was used, clear it out of argv. This does not
...@@ -33753,72 +33806,129 @@ int main(int argc, char* argv[]) { ...@@ -33753,72 +33806,129 @@ int main(int argc, char* argv[]) {
} }
} }
} else if (passwdfile) { } else if (passwdfile) {
/* read passwd from file */ /* read passwd(s) from file */
char line[1024]; char line[1024];
char *filename;
int remove = 0;
struct stat sbuf;
int linecount = 0, i, max;
FILE *in; FILE *in;
in = fopen(passwdfile, "r");
filename = passwdfile;
if (strstr(filename, "rm:") == filename) {
filename += strlen("rm:");
remove = 1;
}
if (stat(filename, &sbuf) == 0) {
/* upper bound to number of lines... */
max = (int) sbuf.st_size;
} else {
max = 16;
}
/* create 1 more than max to have it be the ending NULL */
passwd_list = (char **) malloc( (max+1) * (sizeof(char *)) );
for (i=0; i<max+1; i++) {
passwd_list[i] = NULL;
}
in = fopen(filename, "r");
if (in == NULL) { if (in == NULL) {
rfbLog("cannot open passwdfile: %s\n", passwdfile); rfbLog("cannot open passwdfile: %s\n", passwdfile);
rfbLogPerror("fopen"); rfbLogPerror("fopen");
if (remove) {
unlink(filename);
}
exit(1); exit(1);
} }
if (fgets(line, 1024, in) != NULL) {
char *q; while (fgets(line, 1024, in) != NULL) {
char *p;
int blank = 1;
int len = strlen(line); int len = strlen(line);
if (len > 0 && line[len-1] == '\n') {
if (len == 0) {
continue;
} else if (line[len-1] == '\n') {
line[len-1] = '\0'; line[len-1] = '\0';
} }
argv_vnc[argc_vnc++] = strdup("-passwd"); if (line[0] == '\0') {
got_passwd = 1; continue;
if (!strcmp(line, "__EMPTY__")) {
argv_vnc[argc_vnc++] = strdup("");
} else if ((q = strstr(line, "__ENDPASSWD__")) !=NULL) {
*q = '\0';
argv_vnc[argc_vnc++] = strdup(line);
} else {
argv_vnc[argc_vnc++] = strdup(line);
} }
pw_loc = 100; /* just for pw_loc check below */ if (strstr(line, "__SKIP__") != NULL) {
if (fgets(line, 1024, in) != NULL) { continue;
/* try to read viewonly passwd from file */ }
int ok = 0; if (strstr(line, "__COMM__") == line) {
len = strlen(line); continue;
if (len > 0 && line[len-1] == '\n') { }
line[len-1] = '\0'; if (!strcmp(line, "__BEGIN_VIEWONLY__")) {
if (begin_viewonly < 0) {
begin_viewonly = linecount;
} }
if (strlen(line) > 0) { continue;
char *p = line; }
/* check for non-blank line */ if (line[0] == '#') {
/* commented out, cannot have password beginning with # */
continue;
}
p = line;
while (*p != '\0') { while (*p != '\0') {
if (! isspace(*p)) { if (! isspace(*p)) {
ok = 1; blank = 0;
break;
} }
p++; p++;
} }
if (blank) {
continue;
} }
if (ok) {
if (!strcmp(line, "__EMPTY__")) { passwd_list[linecount++] = strdup(line);
viewonly_passwd = strdup("");
} else if ((q = strstr(line, if (linecount >= max) {
"__ENDPASSWD__")) != NULL) { break;
*q = '\0';
viewonly_passwd = strdup(line);
} else {
viewonly_passwd = strdup(line);
} }
} else {
rfbLog("*** not setting"
" viewonly password to the 2nd"
" line of %s. (blank or other"
" problem)\n", passwdfile);
} }
fclose(in);
for (i=0; i<1024; i++) {
line[i] = '\0';
}
if (remove) {
unlink(filename);
} }
} else {
rfbLog("cannot read a line from passwdfile: %s\n", if (! linecount) {
rfbLog("cannot read a valid line from passwdfile: %s\n",
passwdfile); passwdfile);
exit(1); exit(1);
} }
fclose(in);
for (i=0; i<linecount; i++) {
char *q, *p = passwd_list[i];
if (!strcmp(p, "__EMPTY__")) {
*p = '\0';
} else if ((q = strstr(p, "__COMM__")) != NULL) {
*q = '\0';
}
passwd_list[i] = strdup(p);
while (*p != '\0') {
*p = '\0'; p++;
}
}
argv_vnc[argc_vnc++] = strdup("-passwd");
argv_vnc[argc_vnc++] = strdup(passwd_list[0]);
got_passwd = 1;
pw_loc = 100; /* just for pw_loc check below */
if (begin_viewonly < 0 && linecount == 2) {
/* for compatibility with previous 2-line usage: */
viewonly_passwd = strdup(passwd_list[1]);
begin_viewonly = 1;
}
} }
if (vpw_loc > 0) { if (vpw_loc > 0) {
int i; int i;
...@@ -33832,7 +33942,7 @@ int main(int argc, char* argv[]) { ...@@ -33832,7 +33942,7 @@ int main(int argc, char* argv[]) {
} }
} }
#ifdef HARDWIRE_PASSWD #ifdef HARDWIRE_PASSWD
if (! got_rfbauth && ! got_passwd) { if (!got_rfbauth && !got_passwd) {
argv_vnc[argc_vnc++] = strdup("-passwd"); argv_vnc[argc_vnc++] = strdup("-passwd");
argv_vnc[argc_vnc++] = strdup(HARDWIRE_PASSWD); argv_vnc[argc_vnc++] = strdup(HARDWIRE_PASSWD);
got_passwd = 1; got_passwd = 1;
...@@ -33840,7 +33950,7 @@ int main(int argc, char* argv[]) { ...@@ -33840,7 +33950,7 @@ int main(int argc, char* argv[]) {
} }
#endif #endif
#ifdef HARDWIRE_VIEWPASSWD #ifdef HARDWIRE_VIEWPASSWD
if (! got_rfbauth && got_passwd && ! viewonly_passwd) { if (!got_rfbauth && got_passwd && !viewonly_passwd && !passwd_list) {
viewonly_passwd = strdup(HARDWIRE_VIEWPASSWD); viewonly_passwd = strdup(HARDWIRE_VIEWPASSWD);
} }
#endif #endif
...@@ -33849,8 +33959,8 @@ int main(int argc, char* argv[]) { ...@@ -33849,8 +33959,8 @@ int main(int argc, char* argv[]) {
exit(1); exit(1);
} }
if (!got_passwd && !got_rfbauth && !got_passwdfile && if (!got_passwd && !got_rfbauth && (!got_passwdfile || !passwd_list)
!query_cmd && !remote_cmd) { && !query_cmd && !remote_cmd) {
char message[] = char message[] =
"-rfbauth, -passwdfile, or -passwd password required."; "-rfbauth, -passwdfile, or -passwd password required.";
if (! nopw) { if (! nopw) {
...@@ -33866,7 +33976,7 @@ int main(int argc, char* argv[]) { ...@@ -33866,7 +33976,7 @@ int main(int argc, char* argv[]) {
exit(1); exit(1);
} }
#endif #endif
if (0) message[0] = '\0'; message[0] = '\0'; /* avoid compiler warning */
} }
if (more_safe) { if (more_safe) {
...@@ -33914,6 +34024,13 @@ int main(int argc, char* argv[]) { ...@@ -33914,6 +34024,13 @@ int main(int argc, char* argv[]) {
alpha_remove = 0; alpha_remove = 0;
} }
if (filexfer && view_only) {
if (! quiet) {
rfbLog("setting -nofilexfer in -viewonly mode.\n");
}
filexfer = 0;
}
if (inetd) { if (inetd) {
shared = 0; shared = 0;
connect_once = 1; connect_once = 1;
...@@ -34427,6 +34544,12 @@ int main(int argc, char* argv[]) { ...@@ -34427,6 +34544,12 @@ int main(int argc, char* argv[]) {
} }
#endif #endif
if (filexfer) {
#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
rfbRegisterTightVNCFileTransferExtension();
#endif
}
if (! quiet) { if (! quiet) {
rfbLog("--------------------------------------------------------\n"); rfbLog("--------------------------------------------------------\n");
rfbLog("\n"); rfbLog("\n");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment