x11vnc: -http_oneport for single port HTTP and VNC. Improve find_display wrt lsof blocking with -b.

prepare_x11vnc_dist.sh

 #!/bin/bash
 
-VERSION="0.9.5"
+VERSION="0.9.6"
 
 cd "$(dirname "$0")"
 

x11vnc/ChangeLog

+2008-10-29  Karl Runge <runge@karlrunge.com>
+	* x11vnc: -http_oneport for single port HTTP and VNC.
+	  Improve find_display wrt lsof blocking with -b.
+
 2008-10-19  Karl Runge <runge@karlrunge.com>
 	* x11vnc: -chatwindow for chat window on X console using SSVNC
 	  as a helper.	Print suggestion for X_ShmAttach failure.

x11vnc/help.c

@@ -1732,7 +1732,8 @@ void print_help(int mode) {
 "                       Use this option if you do not want to deal with SSL\n"
 "                       certificates for authentication and do not want to\n"
 "                       use SSH but want some encryption for your VNC session.\n"
-"                       Or if you must interface with some symmetric key tunnel.\n"
+"                       Or if you must interface with a symmetric key tunnel\n"
+"                       that you do not have control over.\n"
 "\n"
 "                       Note that this mode will NOT work with the UltraVNC DSM\n"
 "                       plugins because they alter the RFB protocol in addition\n"
@@ -1865,6 +1866,36 @@ void print_help(int mode) {
 "                       to include the PORT= in the browser URL, simply supply\n"
 "                       \"-httpsredir\" to x11vnc.\n"
 "\n"
+"-http_oneport          For un-encrypted connections mode (i.e. no -ssl,\n"
+"                       -stunnel, or -enc options), allow the Java VNC Viewer\n"
+"                       applet to be downloaded thru the VNC port via HTTP.\n"
+"\n"
+"                       That is to say, you can use a single port for Java\n"
+"                       applet viewer connections by using a URL in your web\n"
+"                       browser like this, for example:\n"
+"\n"
+"                       http://hostname:5900\n"
+"\n"
+"                       The regular, two-port mode, URL http://hostname:5800\n"
+"                       will continue to work as well.\n"
+"\n"
+"                       As mentioned above, this mode will NOT work with\n"
+"                       the -ssl, -stunnel, or -enc encryption options.\n"
+"                       Note that is it equivalent to '-enc none' (i.e. it\n"
+"                       uses the same detection mechanism as for HTTPS, but\n"
+"                       with no encryption.)\n"
+"\n"
+"                       HTTPS single-port is on by default in -ssl encrypted\n"
+"                       mode (and -enc too), so you only need -http_oneport\n"
+"                       when doing non-SSL encrypted connections.\n"
+"\n"
+"                       This mode could also be useful for SSH tunnels since\n"
+"                       it means only one port needs to be redirected.\n"
+"\n"
+"                       The -httpsredir option may also be useful for this\n"
+"                       mode when using an SSH tunnel as well as for router\n"
+"                       port redirections.\n"
+"\n"
 #endif
 "-ssh user@host:disp    Create a remote listening port on machine \"host\"\n"
 "                       via a SSH tunnel using the -R rport:localhost:lport\n"

x11vnc/nox11.h

@@ -6663,3 +6663,9 @@ extern XIOErrorHandler XSetIOErrorHandler (
     XIOErrorHandler	/* handler */
 );
 
+#define X_ShmQueryVersion               0
+#define X_ShmAttach                     1
+#define X_ShmDetach                     2
+#define X_ShmPutImage                   3
+#define X_ShmGetImage                   4
+#define X_ShmCreatePixmap               5

x11vnc/remote.c

@@ -333,13 +333,13 @@ int check_httpdir(void) {
 		len = strlen(prog) + 21 + 1;
 		*q = '\0';
 		httpdir = (char *) malloc(len);
-		if (use_openssl || use_stunnel || http_ssl) {
+		if (!enc_str && (use_openssl || use_stunnel || http_ssl)) {
 			snprintf(httpdir, len, "%s/../share/x11vnc/classes/ssl", prog);
 		} else {
 			snprintf(httpdir, len, "%s/../share/x11vnc/classes", prog);
 		}
 		if (stat(httpdir, &sbuf) != 0) {
-			if (use_openssl || use_stunnel || http_ssl) {
+			if (!enc_str && (use_openssl || use_stunnel || http_ssl)) {
 				snprintf(httpdir, len, "%s/../classes/ssl", prog);
 			} else {
 				snprintf(httpdir, len, "%s/../classes", prog);
@@ -367,7 +367,7 @@ int check_httpdir(void) {
 				"/usr/share/x11vnc/classes/ssl",
 				NULL
 			};
-			if (use_openssl || use_stunnel || http_ssl) {
+			if (!enc_str && (use_openssl || use_stunnel || http_ssl)) {
 				use = ssllist;
 			} else {
 				use = list;

x11vnc/screen.c

@@ -3101,7 +3101,9 @@ void announce(int lport, int ssl, char *iface) {
 	if (! ssl) {
 		tvdt = "The VNC desktop is:     ";
 	} else {
-		if (enc_str) {
+		if (enc_str && !strcmp(enc_str, "none")) {
+			tvdt = "The VNC desktop is:     ";
+		} else if (enc_str) {
 			tvdt = "The ENC VNC desktop is: ";
 		} else {
 			tvdt = "The SSL VNC desktop is: ";
@@ -3156,7 +3158,9 @@ static void announce_http(int lport, int ssl, char *iface) {
 	char *host = this_host();
 	char *jvu;
 
-	if (ssl == 1) {
+	if (enc_str && !strcmp(enc_str, "none")) {
+		jvu = "Java viewer URL:         http";
+	} else if (ssl == 1) {
 		jvu = "Java SSL viewer URL:     https";
 	} else if (ssl == 2) {
 		jvu = "Java SSL viewer URL:     http";
@@ -3170,6 +3174,9 @@ static void announce_http(int lport, int ssl, char *iface) {
 	if (host != NULL) {
 		if (! inetd) {
 			fprintf(stderr, "%s://%s:%d/\n", jvu, host, lport);
+			if (screen && enc_str && !strcmp(enc_str, "none")) {
+				fprintf(stderr, "%s://%s:%d/\n", jvu, host, screen->port);
+			}
 		}
 	}
 }
@@ -3187,7 +3194,9 @@ void set_vnc_desktop_name(void) {
 				rfbLog("\n");
 				rfbLog("The URLs printed out below ('Java ... viewer URL') can\n");
 				rfbLog("be used for Java enabled Web browser connections.\n");
-				if (use_openssl || stunnel_port) {
+				if (enc_str && !strcmp(enc_str, "none")) {
+					;
+				} else if (use_openssl || stunnel_port) {
 					rfbLog("Here are some additional possibilities:\n");
 					rfbLog("\n");
 					rfbLog("https://host:port/proxy.vnc (MUST be used if Web Proxy used)\n");
@@ -3213,7 +3222,11 @@ void set_vnc_desktop_name(void) {
 		}
 		if (screen->httpListenSock > -1 && screen->httpPort) {
 			if (use_openssl) {
-				announce_http(screen->port, 1, listen_str);
+				if (enc_str && !strcmp(enc_str, "none")) {
+					;
+				} else {
+					announce_http(screen->port, 1, listen_str);
+				}
 				if (https_port_num >= 0) {
 					announce_http(https_port_num, 1,
 					    listen_str);
@@ -3234,7 +3247,9 @@ void set_vnc_desktop_name(void) {
 			if (stunnel_port) {
 				fprintf(stdout, "SSLPORT=%d\n", stunnel_port);
 			} else if (use_openssl) {
-				if (enc_str) {
+				if (enc_str && !strcmp(enc_str, "none")) {
+					;
+				} else if (enc_str) {
 					fprintf(stdout, "ENCPORT=%d\n", screen->port);
 				} else {
 					fprintf(stdout, "SSLPORT=%d\n", screen->port);

x11vnc/sslhelper.c

@@ -1153,7 +1153,7 @@ if (db) fprintf(stderr, "tv_sec: %d - %s\n", (int) tv.tv_sec, last_get);
 }
 
 #define ABSIZE 16384
-static int watch_for_http_traffic(char *buf_a, int *n_a) {
+static int watch_for_http_traffic(char *buf_a, int *n_a, int raw_sock) {
 	int is_http, err, n, n2;
 	char *buf;
 	int db = 0;
@@ -1174,8 +1174,13 @@ static int watch_for_http_traffic(char *buf_a, int *n_a) {
 	buf = (char *) calloc((ABSIZE+1), 1);
 	*n_a = 0;
 
-	n = SSL_read(ssl, buf, 2);
-	err = SSL_get_error(ssl, n);
+	if (enc_str && !strcmp(enc_str, "none")) {
+		n = read(raw_sock, buf, 2);
+		err = SSL_ERROR_NONE;
+	} else {
+		n = SSL_read(ssl, buf, 2);
+		err = SSL_get_error(ssl, n);
+	}
 
 	if (err != SSL_ERROR_NONE || n < 2) {
 		if (n > 0) {
@@ -1204,7 +1209,11 @@ static int watch_for_http_traffic(char *buf_a, int *n_a) {
 	 * in ssl_xfer().
 	 */
 
-	n2 = SSL_read(ssl, buf + n, ABSIZE - n);
+	if (enc_str && !strcmp(enc_str, "none")) {
+		n2 = read(raw_sock, buf + n, ABSIZE - n);
+	} else {
+		n2 = SSL_read(ssl, buf + n, ABSIZE - n);
+	}
 	if (n2 >= 0) {
 		n += n2;
 	}
@@ -1663,7 +1672,7 @@ void accept_openssl(int mode, int presock) {
 
 			if (db) fprintf(stderr, "watch_for_http_traffic\n");
 
-			is_http = watch_for_http_traffic(buf, &n);
+			is_http = watch_for_http_traffic(buf, &n, s_in);
 
 			if (is_http < 0 || is_http == 0) {
 				/*
@@ -1707,7 +1716,7 @@ void accept_openssl(int mode, int presock) {
 						if (n > 0) {
 							ptr += n;
 						}
-			if (db) fprintf(stderr, "buf2: '%s'\n", buf2);
+						if (db) fprintf(stderr, "buf2: '%s'\n", buf2);
 
 						if (strstr(buf2, "\r\n\r\n")) {
 							break;
@@ -1807,7 +1816,7 @@ void accept_openssl(int mode, int presock) {
 			write(vncsock, tbuf, strlen(tbuf));
 
 			usleep(150*1000);
-if (db) fprintf(stderr, "close vncsock: %d\n", vncsock);
+			if (db) fprintf(stderr, "close vncsock: %d\n", vncsock);
 			close(vncsock);
 
 			/* now, finally, connect to the libvncserver httpd: */
@@ -1822,7 +1831,7 @@ if (db) fprintf(stderr, "close vncsock: %d\n", vncsock);
 			if (iface == NULL || !strcmp(iface, "")) {
 				iface = "127.0.0.1";
 			}
-if (db) fprintf(stderr, "iface: %s\n", iface);
+			if (db) fprintf(stderr, "iface: %s:%d\n", iface, hport);
 			usleep(150*1000);
 
 			httpsock = rfbConnectToTcpAddr(iface, hport);
@@ -1840,6 +1849,7 @@ if (db) fprintf(stderr, "iface: %s\n", iface);
 			 * the rest of the SSL session to it:
 			 */
 			if (n > 0) {
+				if (db) fprintf(stderr, "sending http buffer httpsock: %d\n'%s'\n", httpsock, buf);
 				write(httpsock, buf, n);
 			}
 			ssl_xfer(httpsock, s_in, s_out, is_http);
@@ -2288,7 +2298,13 @@ static void ssl_xfer(int csock, int s_in, int s_out, int is_https) {
 		return;
 	}
 	if (enc_str != NULL) {
-		symmetric_encryption_xfer(csock, s_in, s_out);
+		if (!strcmp(enc_str, "none")) {
+			usleep(250*1000);
+			rfbLog("doing '-enc none' raw transfer (no encryption)\n"); 
+			raw_xfer(csock, s_in, s_out);
+		} else {
+			symmetric_encryption_xfer(csock, s_in, s_out);
+		}
 		return;
 	}
 	if (getenv("SSL_DEBUG")) {
@@ -2772,8 +2788,11 @@ void raw_xfer(int csock, int s_in, int s_out) {
 	if (pid < 0) {
 		exit(1);
 	}
+	if (getenv("X11VNC_DEBUG_RAW_XFER")) {
+		db = atoi(getenv("X11VNC_DEBUG_RAW_XFER"));
+	}
 	if (pid) {
-		if (db) fprintf(stderr, "raw_xfer start: %d -> %d/%d\n", csock, s_in, s_out);
+		if (db) rfbLog("raw_xfer start: %d -> %d/%d\n", csock, s_in, s_out);
 
 		while (1) {
 			n = read(csock, buf, sz);
@@ -2793,7 +2812,7 @@ void raw_xfer(int csock, int s_in, int s_out) {
 					if (m < 0 && (errno == EINTR || errno == EAGAIN)) {
 						continue;
 					}
-if (db) fprintf(stderr, "raw_xfer bad write:  %d -> %d | %d/%d  errno=%d\n", csock, s_out, m, n, errno);
+if (db) rfbLog("raw_xfer bad write:  %d -> %d | %d/%d  errno=%d\n", csock, s_out, m, n, errno);
 					break;
 				}
 			}
@@ -2801,10 +2820,11 @@ if (db) fprintf(stderr, "raw_xfer bad write:  %d -> %d | %d/%d  errno=%d\n", cso
 		usleep(250*1000);
 		kill(pid, SIGTERM);
 		waitpid(pid, &status, WNOHANG); 
-		if (db) fprintf(stderr, "raw_xfer done:  %d -> %d\n", csock, s_out);
+		if (db) rfbLog("raw_xfer done:  %d -> %d\n", csock, s_out);
 
 	} else {
-		if (db) fprintf(stderr, "raw_xfer start: %d <- %d\n", csock, s_in);
+		if (db) usleep(50*1000);
+		if (db) rfbLog("raw_xfer start: %d <- %d\n", csock, s_in);
 
 		while (1) {
 			n = read(s_in, buf, sz);
@@ -2824,7 +2844,7 @@ if (db) fprintf(stderr, "raw_xfer bad write:  %d -> %d | %d/%d  errno=%d\n", cso
 					if (m < 0 && (errno == EINTR || errno == EAGAIN)) {
 						continue;
 					}
-		if (db) fprintf(stderr, "raw_xfer bad write:  %d <- %d | %d/%d errno=%d\n", csock, s_in, m, n, errno);
+		if (db) rfbLog("raw_xfer bad write:  %d <- %d | %d/%d errno=%d\n", csock, s_in, m, n, errno);
 					break;
 				}
 			}
@@ -2832,7 +2852,7 @@ if (db) fprintf(stderr, "raw_xfer bad write:  %d -> %d | %d/%d  errno=%d\n", cso
 		usleep(250*1000);
 		kill(par, SIGTERM);
 		waitpid(par, &status, WNOHANG); 
-		if (db) fprintf(stderr, "raw_xfer done:  %d <- %d\n", csock, s_in);
+		if (db) rfbLog("raw_xfer done:  %d <- %d\n", csock, s_in);
 	}
 	close(csock);
 	close(s_in);

x11vnc/ssltools.h

@@ -802,7 +802,7 @@ char find_display[] =
 "				# otherwise try lsof:\n"
 "				pvt=`ps wwwwwaux | grep X | egrep -v 'startx|xinit' | egrep \" $d4 \" | head -n 1 | awk '{print $2}'`\n"
 "				if [ \"X$pvt\" != \"X\" ]; then\n"
-"					vt=`lsof -p \"$pvt\" 2>/dev/null | egrep '/dev/tty([789]|[1-9][0-9][0-9]*)$' | grep -v grep | head -n 1 | awk '{print $NF}' | sed -e 's,/dev/tty,,'`\n"
+"					vt=`lsof -b -p \"$pvt\" 2>/dev/null | egrep '/dev/tty([789]|[1-9][0-9][0-9]*)$' | grep -v grep | head -n 1 | awk '{print $NF}' | sed -e 's,/dev/tty,,'`\n"
 "					if echo \"$vt\" | grep '^[0-9][0-9]*$' > /dev/null; then\n"
 "						chvt0=\",VT=$vt\"\n"
 "					else\n"

x11vnc/x11vnc.1

@@ -2,7 +2,7 @@
 .TH X11VNC "1" "October 2008" "x11vnc " "User Commands"
 .SH NAME
 x11vnc - allow VNC connections to real X11 displays
-         version: 0.9.5, lastmod: 2008-10-18
+         version: 0.9.6, lastmod: 2008-10-29
 .SH SYNOPSIS
 .B x11vnc
 [OPTION]...
@@ -1953,7 +1953,8 @@ session keys and is more compatible with other software.
 Use this option if you do not want to deal with SSL
 certificates for authentication and do not want to
 use SSH but want some encryption for your VNC session.
-Or if you must interface with some symmetric key tunnel.
+Or if you must interface with a symmetric key tunnel
+that you do not have control over.
 .IP
 Note that this mode will NOT work with the UltraVNC DSM
 plugins because they alter the RFB protocol in addition
@@ -2091,6 +2092,38 @@ https://mygateway.com:8000/?PORT=8000.  To avoid having
 to include the PORT= in the browser URL, simply supply
 "\fB-httpsredir\fR" to x11vnc.
 .PP
+\fB-http_oneport\fR
+.IP
+For un-encrypted connections mode (i.e. no \fB-ssl,\fR
+\fB-stunnel,\fR or \fB-enc\fR options), allow the Java VNC Viewer
+applet to be downloaded thru the VNC port via HTTP.
+.IP
+That is to say, you can use a single port for Java
+applet viewer connections by using a URL in your web
+browser like this, for example:
+.IP
+http://hostname:5900
+.IP
+The regular, two-port mode, URL http://hostname:5800
+will continue to work as well.
+.IP
+As mentioned above, this mode will NOT work with
+the \fB-ssl,\fR \fB-stunnel,\fR or \fB-enc\fR encryption options.
+Note that is it equivalent to '-enc none' (i.e. it
+uses the same detection mechanism as for HTTPS, but
+with no encryption.)
+.IP
+HTTPS single-port is on by default in \fB-ssl\fR encrypted
+mode (and \fB-enc\fR too), so you only need \fB-http_oneport\fR
+when doing non-SSL encrypted connections.
+.IP
+This mode could also be useful for SSH tunnels since
+it means only one port needs to be redirected.
+.IP
+The \fB-httpsredir\fR option may also be useful for this
+mode when using an SSH tunnel as well as for router
+port redirections.
+.PP
 \fB-ssh\fR \fIuser@host:disp\fR
 .IP
 Create a remote listening port on machine "host"

x11vnc/x11vnc.c

@@ -1800,6 +1800,7 @@ int main(int argc, char* argv[]) {
 	int got_rfbwait = 0;
 	int got_httpdir = 0, try_http = 0;
 	int orig_use_xdamage = use_xdamage;
+	int http_oneport_msg = 0;
 	XImage *fb0 = NULL;
 	int ncache_msg = 0;
 
@@ -2362,6 +2363,12 @@ int main(int argc, char* argv[]) {
 			enc_str = strdup(argv[++i]);
 			continue;
 		}
+		if (!strcmp(arg, "-http_oneport")) {
+			http_oneport_msg = 1;
+			use_openssl = 1;
+			enc_str = strdup("none");
+			continue;
+		}
 		if (!strcmp(arg, "-ssltimeout")) {
 			CHECK_ARGC
 			ssl_timeout_secs = atoi(argv[++i]);
@@ -3643,6 +3650,9 @@ int main(int argc, char* argv[]) {
 	}
 	if (! quiet && ! inetd) {
 		int i;
+		if (http_oneport_msg) {
+			rfbLog("setting '-enc none' for -http_oneport mode.\n");
+		}
 		for (i=1; i < argc_vnc; i++) {
 			rfbLog("passing arg to libvncserver: %s\n", argv_vnc[i]);
 			if (!strcmp(argv_vnc[i], "-passwd")) {
@@ -4620,11 +4630,13 @@ if (0) fprintf(stderr, "XA: %s\n", getenv("XAUTHORITY"));
 #endif
 		}
 	} else {
+#if !NO_X11
 		int op, ev, er;
 		if (XQueryExtension(dpy, "MIT-SHM", &op, &ev, &er)) {
 			xshm_opcode = op;
 			if (0) fprintf(stderr, "xshm_opcode: %d %d %d\n", op, ev, er);
 		}
+#endif
 	}
 
 #if LIBVNCSERVER_HAVE_XKEYBOARD

x11vnc/x11vnc_defs.c

@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
 int xdamage_base_event_type = 0;
 
 /*               date +'lastmod: %Y-%m-%d' */
-char lastmod[] = "0.9.5 lastmod: 2008-10-18";
+char lastmod[] = "0.9.6 lastmod: 2008-10-29";
 
 /* X display info */
 

x11vnc/xevents.c

@@ -1508,6 +1508,7 @@ static void try_local_chat_window(void) {
 	int i, port, lsock;
 	char cmd[100];
 	struct sockaddr_in addr;
+	pid_t pid = -1;
 #ifdef __hpux
 	int addrlen = sizeof(addr);
 #else
@@ -1532,7 +1533,9 @@ static void try_local_chat_window(void) {
 
 	sprintf(cmd, "ssvnc -cmd VNC://localhost:%d -chatonly", port);
 
-	pid_t pid = fork();
+#if LIBVNCSERVER_HAVE_FORK
+	pid = fork();
+#endif
 
 	if (pid == -1) {
 		perror("fork");
@@ -1542,14 +1545,19 @@ static void try_local_chat_window(void) {
 		int d;
 		args[0] = "/bin/sh";
 		args[1] = "-c";
-		/* "ssvnc -cmd VNC://fd=0 -chatonly"; */
+		/* "ssvnc -cmd VNC://fd=0 -chatonly"; not working */
 		args[2] = cmd;
 		args[3] = NULL;
 
+		set_env("VNCVIEWER_PASSWORD", "moo");
+#if !NO_X11
+		if (dpy != NULL) {
+			set_env("DISPLAY", DisplayString(dpy));
+		}
+#endif
 		for (d = 3; d < 256; d++) {
 			close(d);
 		}
-		set_env("VNCVIEWER_PASSWORD", "moo");
 
 		execvp(args[0], args);
 		perror("exec");