Changes for ETV, double SSL/SSH.

classes/ssl/ssl_vncviewer

@@ -33,7 +33,10 @@
 #
 # -proxy  try host:port as a Web proxy to use the CONNECT method
 #         to reach the VNC server (e.g. your firewall requires a proxy).
+#
 #         For the "double proxy" case use -proxy host1:port1,host2:port2
+#         (the first CONNECT is done through host1:port1 to host2:port2
+#         and then a 2nd CONNECT to the destination VNC server.)
 #
 #    See http://www.karlrunge.com/x11vnc/#faq-ssl-ca for details on SSL
 #    certificates with VNC.
@@ -56,6 +59,14 @@
 #         other than the default (22).  (even for the non-gateway case,
 #         -proxy must be used to specify a non-standard ssh port)
 #
+#         A "double ssh" can be specified via a -proxy string with the two
+#         hosts separated by a comma:
+#
+#             [user1@]host1[:port1],[user2@]host2[:port2]
+#
+#         in which case a ssh to host1 and thru it via a -L redir a 2nd
+#         ssh is established to host2.  
+#
 #         Examples:
 #
 #         ssl_vncviewer -ssh bob@bobs-home.net:0
@@ -64,6 +75,8 @@
 #         ssl_vncviewer -ssh -proxy fred@mygate.com:2022 mymachine:0
 #         ssl_vncviewer -ssh -proxy bob@bobs-home.net:2222 localhost:0
 #
+#         ssl_vncviewer -ssh -proxy fred@gw-host,fred@peecee localhost:0
+#
 # -sshcmd cmd   Run "cmd" via ssh instead of the default "sleep 15"
 #               e.g. -sshcmd 'x11vnc -display :0 -localhost -rfbport 5900'
 #
@@ -95,7 +108,6 @@ VNCVIEWERCMD=${VNCVIEWERCMD:-vncviewer}
 # Same for STUNNEL, e.g. set it to /path/to/stunnel or stunnel4, etc.
 #
 
-
 PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH
 
 if [ "X$STUNNEL" = "X" ]; then
@@ -240,6 +252,38 @@ if [ "X$use_ssh" = "X1" ]; then
 	ssh_host="$host"
 	vnc_host="localhost"
 	ssh=${SSH:-"ssh -x"}
+	if echo "$proxy" | grep "," > /dev/null; then
+		proxy1=`echo "$proxy" | awk -F, '{print $1}'`
+		proxy2=`echo "$proxy" | awk -F, '{print $2}'`
+		# user1@gw1.com:port1,user2@ws2:port2
+		ssh_host1=`echo "$proxy1" | awk -F: '{print $1}'`
+		ssh_port1=`echo "$proxy1" | awk -F: '{print $2}'`
+		if [ "X$ssh_port1" = "X" ]; then
+			ssh_port1="22"
+		fi
+		ssh_host2=`echo "$proxy2" | awk -F: '{print $1}'`
+		ssh_user2=`echo "$ssh_host2" | awk -F@ '{print $1}'`
+		ssh_host2=`echo "$ssh_host2" | awk -F@ '{print $2}'`
+		if [ "X$ssh_host2" = "X" ]; then
+			ssh_host2=$ssh_user2
+			ssh_user2=""
+		else
+			ssh_user2="${ssh_user2}@"
+		fi
+		ssh_port2=`echo "$proxy2" | awk -F: '{print $2}'`
+		if [ "X$ssh_port2" = "X" ]; then
+			ssh_port2="22"
+		fi
+		proxport=`findfree 3500`
+		echo
+		echo "Running 1st ssh proxy:"
+		echo "$ssh -f -p $ssh_port1 -t -e none -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 \"sleep 30\""
+		      $ssh -f -p $ssh_port1 -t -e none -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 "sleep 30"
+		ssh_args="$ssh_args -o NoHostAuthenticationForLocalhost=yes"
+		sleep 1
+		stty sane
+		proxy="${ssh_user2}localhost:$proxport"
+	fi
 	if [ "X$proxy" != "X" ]; then
 		ssh_port=`echo "$proxy" | awk -F: '{print $2}'`
 		if [ "X$ssh_port" = "X" ]; then

x11vnc/misc/enhanced_tightvnc_viewer/README

@@ -17,6 +17,7 @@ by others.  See these sites and related ones for more information:
         http://www.tightvnc.com
         http://www.realvnc.com
         http://www.stunnel.org
+        http://stunnel.mirt.net
         http://www.openssl.org
         http://www.chiark.greenend.org.uk/~sgtatham/putty/
 
@@ -46,6 +47,9 @@ Also, a Windows SSL wrapper for the co-bundled TightVNC binary and other
 utilities are provided.  (Launch ssl_tightvncviewer.exe in the
 Windows subdirectory).
 
+It is a self-contained package, you could carry it around on, say,
+a USB memory stick for secure VNC viewing from almost any machine,
+Unix or Windows.
 
 Features:
 --------
@@ -215,6 +219,7 @@ See also:
 	x11vnc -h | more
 
 	http://www.stunnel.org
+	http://stunnel.mirt.net
 	http://www.openssl.org
 	http://www.tightvnc.com
         http://www.realvnc.com

x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/connect_br.tcl

+#!/usr/bin/wish
+
+global env
+
+set proxy1 ""
+set proxy2 ""
+set client_fh ""
+set server_fh ""
+
+set debug 0
+if {$debug} {
+	if {! [info exists env(SSL_VNC_DEST)]} {
+		set env(SSL_VNC_DEST) "haystack:2037"
+	}
+	if {! [info exists env(SSL_VNC_PROXY)]} {
+		set env(SSL_VNC_PROXY) "haystack:2037"
+	}
+	if {! [info exists env(SSL_VNC_LISTEN)]} {
+		set env(SSL_VNC_LISTEN) "6789"
+	}
+}
+
+set dest $env(SSL_VNC_DEST)
+
+if [regexp {,} $env(SSL_VNC_PROXY)] {
+	set s [split $env(SSL_VNC_PROXY) ","]
+	set proxy1 [lindex $s 0]
+	set proxy2 [lindex $s 1]
+} else {
+	set proxy1 $env(SSL_VNC_PROXY)
+}
+
+set s [split $proxy1 ":"]
+set proxy1_host [lindex $s 0]
+set proxy1_port [lindex $s 1]
+
+if {$proxy2 != ""} {
+	set s [split $proxy2 ":"]
+	set proxy2_host [lindex $s 0]
+	set proxy2_port [lindex $s 1]
+}
+
+set lport $env(SSL_VNC_LISTEN)
+
+set got_connection 0
+set lsock [socket -myaddr 127.0.0.1 -server handle_connection $lport]
+
+if {1} {
+	wm withdraw .
+}
+button .b -text "CONNECT_BR" -command {destroy .}
+pack .b
+after 1000 check_callback 
+
+proc check_callback {} {
+	global debug
+	if {$debug} {
+		puts stderr "."
+	}
+	check_closed
+	after 1000 check_callback 
+}
+
+proc check_closed {} {
+	global client_fh server_fh debug
+	global got_connection
+
+	if {! $got_connection} {
+		return
+	}
+	set delay 100
+	if {$client_fh != "" && [eof $client_fh]} {
+		if {$debug} {
+			puts stderr "client_fh EOF"
+		}
+		catch {flush $client_fh}
+		after $delay
+		catch {close $client_fh}
+		after $delay
+		catch {flush $server_fh}
+		after $delay
+		catch {close $server_fh}
+		destroy .
+		exit
+	}
+	if {$server_fh != "" && [eof $server_fh]} {
+		if {$debug} {
+			puts stderr "server_fh EOF"
+		}
+		catch {flush $server_fh}
+		after $delay
+		catch {close $server_fh}
+		after $delay
+		catch {flush $client_fh}
+		after $delay
+		catch {close $client_fh}
+		destroy .
+		exit
+	}
+}
+
+proc xfer_in_to_out {} {
+	global client_fh server_fh debug
+	if {$client_fh != "" && ![eof $client_fh]} {
+		set str [read $client_fh 4096]
+		if {$debug} {
+			puts stderr "xfer_in_to_out: $str"
+		}
+		if {$server_fh != ""} {
+			puts -nonewline $server_fh $str
+			flush $server_fh
+		}
+	}
+	check_closed
+}
+
+proc xfer_out_to_in {} {
+	global client_fh server_fh debug
+	if {$server_fh != "" && ![eof $server_fh]} {
+		set str [read $server_fh 4096]
+		if {$debug} {
+			puts stderr "xfer_out_to_in: $str"
+		}
+		if {$client_fh != ""} {
+			puts -nonewline $client_fh $str
+			flush $client_fh
+		}
+	}
+	check_closed
+}
+
+proc handle_connection {fh host port} {
+	global proxy1_host proxy1_port
+	global proxy2_host proxy2_port
+	global proxy1 proxy2
+	global dest
+	global debug
+	global got_connection
+
+	if {$got_connection} {
+		catch {close $fh}
+		return
+	}
+	set got_connection 1
+
+	if {$debug} {
+		puts stderr "connection from: $host $port"	
+		puts stderr "socket $proxy1_host $proxy1_port"
+	}
+
+	set sock [socket $proxy1_host $proxy1_port]
+
+	global client_fh server_fh
+	set client_fh $fh
+	set server_fh $sock
+
+	fconfigure $fh   -translation binary -blocking 0
+	fconfigure $sock -translation binary -blocking 0
+
+	set con ""
+	if {$proxy2 != ""} {
+		append con "CONNECT $proxy2 HTTP/1.1\r\n"
+		append con "Host: $proxy2\r\n\r\n"
+	} else {
+		append con "CONNECT $dest HTTP/1.1\r\n"
+		append con "Host: $dest\r\n\r\n"
+	}
+
+	puts -nonewline $sock $con
+	flush $sock
+
+	set r ""
+	set cnt 0
+	while {1} {
+		set c [read $sock 1]
+		if {$c == ""} {
+			check_closed
+			after 20
+		}
+		incr cnt
+		if {$debug} {
+			.b configure -text "A $cnt -- $c"
+			update
+		}
+		append r $c
+		if {[regexp "\r\n\r\n" $r] || [regexp "a--no--\n\n" $r]} {
+			break
+		}
+		if {$cnt > 3000} {
+			break
+		}
+	}
+	if {! [regexp {HTTP/.* 200} $r]} {
+		puts stderr "did not find HTTP 200 #1"
+		if {1} {
+			destroy .
+			exit 1
+		}
+	}
+
+	if {$proxy2 != ""} {
+		set con ""
+		append con "CONNECT $dest HTTP/1.1\r\n"
+		append con "Host: $dest\r\n\r\n"
+
+		puts -nonewline $sock $con
+		flush $sock
+
+		set r ""
+		set cnt 0
+		while {1} {
+			set c [read $sock 1]
+			if {$c == ""} {
+				check_closed
+				after 20
+			}
+			incr cnt
+			if {$debug} {
+				.b configure -text "B $cnt -- $c"
+				update
+			}
+			append r $c
+			if {[regexp "\r\n\r\n" $r] || [regexp "a--no--\n\n" $r]} {
+				break
+			}
+			if {$cnt > 3000} {
+				break
+			}
+		}
+		if {! [regexp {HTTP/.* 200} $r]} {
+			puts stderr "did not find HTTP 200 #2"
+			destroy .
+			exit 1
+		}
+	}
+
+	fileevent $fh   readable xfer_in_to_out
+	fileevent $sock readable xfer_out_to_in
+}

x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/stunnel/location.url

 http://www.stunnel.org/download/binaries.html
+http://stunnel.mirt.net/

x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_vncviewer

@@ -33,7 +33,10 @@
 #
 # -proxy  try host:port as a Web proxy to use the CONNECT method
 #         to reach the VNC server (e.g. your firewall requires a proxy).
+#
 #         For the "double proxy" case use -proxy host1:port1,host2:port2
+#         (the first CONNECT is done through host1:port1 to host2:port2
+#         and then a 2nd CONNECT to the destination VNC server.)
 #
 #    See http://www.karlrunge.com/x11vnc/#faq-ssl-ca for details on SSL
 #    certificates with VNC.
@@ -56,6 +59,14 @@
 #         other than the default (22).  (even for the non-gateway case,
 #         -proxy must be used to specify a non-standard ssh port)
 #
+#         A "double ssh" can be specified via a -proxy string with the two
+#         hosts separated by a comma:
+#
+#             [user1@]host1[:port1],[user2@]host2[:port2]
+#
+#         in which case a ssh to host1 and thru it via a -L redir a 2nd
+#         ssh is established to host2.  
+#
 #         Examples:
 #
 #         ssl_vncviewer -ssh bob@bobs-home.net:0
@@ -64,6 +75,8 @@
 #         ssl_vncviewer -ssh -proxy fred@mygate.com:2022 mymachine:0
 #         ssl_vncviewer -ssh -proxy bob@bobs-home.net:2222 localhost:0
 #
+#         ssl_vncviewer -ssh -proxy fred@gw-host,fred@peecee localhost:0
+#
 # -sshcmd cmd   Run "cmd" via ssh instead of the default "sleep 15"
 #               e.g. -sshcmd 'x11vnc -display :0 -localhost -rfbport 5900'
 #
@@ -239,6 +252,38 @@ if [ "X$use_ssh" = "X1" ]; then
 	ssh_host="$host"
 	vnc_host="localhost"
 	ssh=${SSH:-"ssh -x"}
+	if echo "$proxy" | grep "," > /dev/null; then
+		proxy1=`echo "$proxy" | awk -F, '{print $1}'`
+		proxy2=`echo "$proxy" | awk -F, '{print $2}'`
+		# user1@gw1.com:port1,user2@ws2:port2
+		ssh_host1=`echo "$proxy1" | awk -F: '{print $1}'`
+		ssh_port1=`echo "$proxy1" | awk -F: '{print $2}'`
+		if [ "X$ssh_port1" = "X" ]; then
+			ssh_port1="22"
+		fi
+		ssh_host2=`echo "$proxy2" | awk -F: '{print $1}'`
+		ssh_user2=`echo "$ssh_host2" | awk -F@ '{print $1}'`
+		ssh_host2=`echo "$ssh_host2" | awk -F@ '{print $2}'`
+		if [ "X$ssh_host2" = "X" ]; then
+			ssh_host2=$ssh_user2
+			ssh_user2=""
+		else
+			ssh_user2="${ssh_user2}@"
+		fi
+		ssh_port2=`echo "$proxy2" | awk -F: '{print $2}'`
+		if [ "X$ssh_port2" = "X" ]; then
+			ssh_port2="22"
+		fi
+		proxport=`findfree 3500`
+		echo
+		echo "Running 1st ssh proxy:"
+		echo "$ssh -f -p $ssh_port1 -t -e none -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 \"sleep 30\""
+		      $ssh -f -p $ssh_port1 -t -e none -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 "sleep 30"
+		ssh_args="$ssh_args -o NoHostAuthenticationForLocalhost=yes"
+		sleep 1
+		stty sane
+		proxy="${ssh_user2}localhost:$proxport"
+	fi
 	if [ "X$proxy" != "X" ]; then
 		ssh_port=`echo "$proxy" | awk -F: '{print $2}'`
 		if [ "X$ssh_port" = "X" ]; then

x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle

 #!/bin/sh
 
 rm -rf ./src/tmp/* || exit 1
-vers=1.0.4
+vers=1.0.5
 
 cd .. || exit 1
 

x11vnc/misc/enhanced_tightvnc_viewer/src/zips/README

@@ -2,6 +2,7 @@ This is where we keep the 3rd party source zip and tar.gz files used
 to build this package.
 
 www.stunnel.org source       488512 Jul 25 15:09 stunnel-4.14.tar.gz
+http://stunnel.mirt.net
 www.tightvnc.com source     2182134 Jul 25 15:11 tightvnc-1.3dev7_unixsrc.tar.gz
 www.tightvnc.com windows
   standalone viewer binary:  209149 Jul 25 15:10 tightvnc-1.3dev7_x86_viewer.zip

x11vnc/x11vnc.1

 .\" This file was automatically generated from x11vnc -help output.
-.TH X11VNC "1" "September 2006" "x11vnc " "User Commands"
+.TH X11VNC "1" "October 2006" "x11vnc " "User Commands"
 .SH NAME
 x11vnc - allow VNC connections to real X11 displays
-         version: 0.8.3, lastmod: 2006-09-23
+         version: 0.8.3, lastmod: 2006-10-07
 .SH SYNOPSIS
 .B x11vnc
 [OPTION]...

x11vnc/x11vnc_defs.c

@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
 int xdamage_base_event_type = 0;
 
 /*               date +'lastmod: %Y-%m-%d' */
-char lastmod[] = "0.8.3 lastmod: 2006-09-23";
+char lastmod[] = "0.8.3 lastmod: 2006-10-07";
 
 /* X display info */