Commit 52ed38f6 authored by runge's avatar runge

ETV release 1.0.4

parent b65eaf1d
...@@ -64,6 +64,8 @@ The enhanced TightVNC viewer features are: ...@@ -64,6 +64,8 @@ The enhanced TightVNC viewer features are:
- xgrabserver support for fullscreen mode, for old window - xgrabserver support for fullscreen mode, for old window
managers (-grab option, Unix only). managers (-grab option, Unix only).
- Create or Import SSL Certificates and Private Keys.
- Automatic Service tunnelling via SSH for CUPS and SMB Printing, - Automatic Service tunnelling via SSH for CUPS and SMB Printing,
ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem mounting. ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem mounting.
...@@ -72,9 +74,14 @@ The enhanced TightVNC viewer features are: ...@@ -72,9 +74,14 @@ The enhanced TightVNC viewer features are:
a hook is also provided to run any port knocking client before a a hook is also provided to run any port knocking client before a
connecting. connecting.
- You can also use your own VNC Viewer, e.g. UltraVNC or RealVNC,
with the front-end if you like.
- Sets up any additional SSH port redirections that you want.
Your package should have included binaries for many OS's: Linux, Solaris, Your package should have included binaries for many OS's: Linux, Solaris,
FreeBSD, etc. See the subdirectories of FreeBSD, etc. Unpack your archive and see the subdirectories of
./bin ./bin
...@@ -100,7 +107,8 @@ README is in) and like this: ...@@ -100,7 +107,8 @@ README is in) and like this:
The programs: The programs:
------------ ------------
The wrapper scripts: Unpack your archive, and you will see "bin", "Windows", "src" directories
and other files. The wrapper scripts:
./bin/ssl_tightvncviewer ./bin/ssl_tightvncviewer
./bin/tightvncviewer ./bin/tightvncviewer
...@@ -133,7 +141,7 @@ assuming $HOME/bin is in your $PATH: ...@@ -133,7 +141,7 @@ assuming $HOME/bin is in your $PATH:
"install" this package on Unix. "install" this package on Unix.
On Windows run: On Windows unpack your archive and run:
Windows/ssl_tightvncviewer.exe Windows/ssl_tightvncviewer.exe
...@@ -141,6 +149,9 @@ On Windows run: ...@@ -141,6 +149,9 @@ On Windows run:
Examples: Examples:
-------- --------
The following assume you are in the toplevel directory of the
archive you unpacked.
Use enhanced TightVNC unix viewer to connect to x11vnc via SSL: Use enhanced TightVNC unix viewer to connect to x11vnc via SSL:
./bin/ssl_tightvncviewer far-away.east:0 ./bin/ssl_tightvncviewer far-away.east:0
...@@ -213,12 +224,16 @@ See also: ...@@ -213,12 +224,16 @@ See also:
Windows: Windows:
------- -------
Unpack the zip archive somewhere.
A wrapper to create a STUNNEL tunnel and then launch the A wrapper to create a STUNNEL tunnel and then launch the
Windows TightVNC viewer is provided in: Windows TightVNC viewer is provided in:
Windows/ssl_tightvncviewer.exe Windows/ssl_tightvncviewer.exe
Just launch it and fill in the remote VNC display. Just launch it (Start ... Run) and fill in the remote VNC
display then click "Connect". You can make a shortcut if
you prefer.
Click the Help buttons for more info. There is also a Click the Help buttons for more info. There is also a
Windows/README.txt file. Windows/README.txt file.
...@@ -226,3 +241,4 @@ Windows: ...@@ -226,3 +241,4 @@ Windows:
On Windows you may need to terminate the STUNNEL process On Windows you may need to terminate the STUNNEL process
from the System Tray if the tool cannot terminate it from the System Tray if the tool cannot terminate it
by itself. Just right-click on the STUNNEL icon. by itself. Just right-click on the STUNNEL icon.
...@@ -841,9 +841,32 @@ proc contag {} { ...@@ -841,9 +841,32 @@ proc contag {} {
set str "-$str-$concount" set str "-$str-$concount"
} }
proc make_plink {} {
catch {destroy .plink}
toplevel .plink
#wm geometry .plink +700+500
wm geometry .plink -40-40
wm title .plink "plink SSH status?"
set wd 37
label .plink.l1 -anchor w -text "Login via plink/ssh to the remote server" -width $wd
label .plink.l2 -anchor w -text "(supply username and password as needed)." -width $wd
label .plink.l3 -anchor w -text "" -width $wd
label .plink.l4 -anchor w -text "After ssh is set up, AND if the connection" -width $wd
label .plink.l5 -anchor w -text "success is not autodetected, please click" -width $wd
label .plink.l6 -anchor w -text "one of these buttons:" -width $wd
global plink_status
button .plink.fail -text "Failed" -command {destroy .plink; set plink_status no}
button .plink.ok -text "Success" -command {destroy .plink; set plink_status yes}
pack .plink.l1 .plink.l2 .plink.l3 .plink.l4 .plink.l5 .plink.l6 .plink.fail .plink.ok -side top -fill x
#wm deiconify .plink
update
}
proc launch_windows_ssh {hp file n} { proc launch_windows_ssh {hp file n} {
global is_win9x global is_win9x
global use_sshssl use_ssh putty_pw global use_sshssl use_ssh putty_pw
global port_knocking_list
set hpnew [get_ssh_hp $hp] set hpnew [get_ssh_hp $hp]
set proxy [get_ssh_proxy $hp] set proxy [get_ssh_proxy $hp]
...@@ -865,7 +888,10 @@ proc launch_windows_ssh {hp file n} { ...@@ -865,7 +888,10 @@ proc launch_windows_ssh {hp file n} {
} }
} }
if {$vnc_disp < 200} { set vnc_port 5900
if {![regexp {^[0-9][0-9]*$} $vnc_disp]} {
;
} elseif {$vnc_disp < 200} {
set vnc_port [expr $vnc_disp + 5900] set vnc_port [expr $vnc_disp + 5900]
} else { } else {
set vnc_port $vnc_disp set vnc_port $vnc_disp
...@@ -901,6 +927,9 @@ proc launch_windows_ssh {hp file n} { ...@@ -901,6 +927,9 @@ proc launch_windows_ssh {hp file n} {
set pwd [pwd] set pwd [pwd]
regsub -all {/} $pwd "\\" pwd regsub -all {/} $pwd "\\" pwd
} }
if {! [regexp {^[0-9][0-9]*$} $n]} {
set n 0
}
set use [expr $n + 5900] set use [expr $n + 5900]
...@@ -1042,6 +1071,9 @@ proc launch_windows_ssh {hp file n} { ...@@ -1042,6 +1071,9 @@ proc launch_windows_ssh {hp file n} {
set plink_str "putty.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host" set plink_str "putty.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host"
} else { } else {
set plink_str "start \"putty $ssh_host\" putty.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host" set plink_str "start \"putty $ssh_host\" putty.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host"
if [regexp {FINISH} $port_knocking_list] {
regsub {start} $plink_str "start /wait" plink_str
}
} }
} else { } else {
set plink_str "plink.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host" set plink_str "plink.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host"
...@@ -1066,7 +1098,7 @@ proc launch_windows_ssh {hp file n} { ...@@ -1066,7 +1098,7 @@ proc launch_windows_ssh {hp file n} {
catch {destroy .o} catch {destroy .o}
catch {destroy .oa} catch {destroy .oa}
if { ![do_port_knock $ssh_host]} { if { ![do_port_knock $ssh_host start]} {
catch {file delete $file} catch {file delete $file}
if {$file_cmd != ""} { if {$file_cmd != ""} {
catch {file delete $file_cmd} catch {file delete $file_cmd}
...@@ -1092,7 +1124,6 @@ proc launch_windows_ssh {hp file n} { ...@@ -1092,7 +1124,6 @@ proc launch_windows_ssh {hp file n} {
} }
if {$file_pre != ""} { if {$file_pre != ""} {
exec $com /c $file_pre &
set sl 0 set sl 0
if {$use_smbmnt} { if {$use_smbmnt} {
global smb_su_mode global smb_su_mode
...@@ -1111,17 +1142,30 @@ proc launch_windows_ssh {hp file n} { ...@@ -1111,17 +1142,30 @@ proc launch_windows_ssh {hp file n} {
set sl [expr $sl + 5] set sl [expr $sl + 5]
set st [clock seconds] set st [clock seconds]
set dt 0 set dt 0
global entered_gui_top global entered_gui_top button_gui_top
set entered_gui_top 0 set entered_gui_top 0
set button_gui_top 0
catch {wm geometry . "-40-40"}
catch {wm withdraw .; update; wm deiconify .; raise .; update}
mesg "Click on *This* Label when done with 1st SSH 0/$sl"
after 600
exec $com /c $file_pre &
catch {lower .; update; raise .; update}
while {$dt < $sl} { while {$dt < $sl} {
after 100 after 100
set dt [clock seconds] set dt [clock seconds]
set dt [expr $dt - $st] set dt [expr $dt - $st]
mesg "Click or Enter when done with 1st SSH $dt/$sl" mesg "Click on *This* Label when done with 1st SSH $dt/$sl"
update update
update idletasks update idletasks
if {$entered_gui_top != 0 && $dt >= 3} { if {$dt <= 1} {
set button_gui_top 0
}
if {$button_gui_top != 0 && $dt >= 3} {
mesg "Running 2nd SSH now ..." mesg "Running 2nd SSH now ..."
after 1000 after 1000
break break
...@@ -1130,34 +1174,31 @@ proc launch_windows_ssh {hp file n} { ...@@ -1130,34 +1174,31 @@ proc launch_windows_ssh {hp file n} {
mesg "Running 2nd SSH ..." mesg "Running 2nd SSH ..."
} }
if {! $do_shell} {
make_plink
}
wm withdraw . wm withdraw .
update update
if {$do_shell && [regexp {FINISH} $port_knocking_list]} {
catch {exec $com /c $file}
} else {
exec $com /c $file & exec $com /c $file &
}
after 1000 after 1000
} }
if {$do_shell} { if {$do_shell} {
wm deiconify . wm deiconify .
update
if {[regexp {FINISH} $port_knocking_list]} {
do_port_knock $ssh_host finish
}
return 1 return 1
} }
if {$is_win9x} {
catch {destroy .plink} make_plink
toplevel .plink }
wm title .plink "plink SSH status?"
set wd 37
label .plink.l1 -anchor w -text "Login via plink/ssh to the remote server" -width $wd
label .plink.l2 -anchor w -text "(supply username and password as needed)." -width $wd
label .plink.l3 -anchor w -text "" -width $wd
label .plink.l4 -anchor w -text "After ssh is set up, AND if the connection" -width $wd
label .plink.l5 -anchor w -text "success is not autodetected, please click" -width $wd
label .plink.l6 -anchor w -text "one of these buttons:" -width $wd
global plink_status global plink_status
button .plink.fail -text "Failed" -command {destroy .plink; set plink_status no}
button .plink.ok -text "Success" -command {destroy .plink; set plink_status yes}
pack .plink.l1 .plink.l2 .plink.l3 .plink.l4 .plink.l5 .plink.l6 .plink.fail .plink.ok -side top -fill x
wm geometry .plink +700+500
wm deiconify .plink
set plink_status "" set plink_status ""
set waited 0 set waited 0
set cnt 0 set cnt 0
...@@ -1176,14 +1217,13 @@ proc launch_windows_ssh {hp file n} { ...@@ -1176,14 +1217,13 @@ proc launch_windows_ssh {hp file n} {
} }
if {$waited == 0} { if {$waited == 0} {
wm deiconify .plink #wm deiconify .plink
} }
set waited [expr "$waited + 500"] set waited [expr "$waited + 500"]
incr cnt incr cnt
if {$cnt >= 12} { if {$cnt >= 12} {
set cnt 0 set cnt 0
#catch {wm deiconify .plink}
} }
} }
if {$plink_status == ""} { if {$plink_status == ""} {
...@@ -1213,6 +1253,10 @@ proc launch_windows_ssh {hp file n} { ...@@ -1213,6 +1253,10 @@ proc launch_windows_ssh {hp file n} {
wm deiconify . wm deiconify .
mesg "Disconnected from $hp" mesg "Disconnected from $hp"
} }
update
if [regexp {FINISH} $port_knocking_list] {
do_port_knock $ssh_host finish
}
if {$file != ""} { if {$file != ""} {
catch {file delete $file} catch {file delete $file}
...@@ -1360,7 +1404,7 @@ proc do_unix_pre {tag proxy hp pk_hp} { ...@@ -1360,7 +1404,7 @@ proc do_unix_pre {tag proxy hp pk_hp} {
set c "$c -sshargs '$smb_redir_0'" set c "$c -sshargs '$smb_redir_0'"
} }
if {! [do_port_knock $pk_hp]} { if {! [do_port_knock $pk_hp start]} {
return return
} }
set did_port_knock 1 set did_port_knock 1
...@@ -1410,6 +1454,7 @@ proc launch_unix {hp} { ...@@ -1410,6 +1454,7 @@ proc launch_unix {hp} {
global smb_redir_0 smb_mounts global smb_redir_0 smb_mounts
global sound_daemon_remote_cmd sound_daemon_remote_port sound_daemon_kill sound_daemon_restart global sound_daemon_remote_cmd sound_daemon_remote_port sound_daemon_kill sound_daemon_restart
global sound_daemon_local_cmd sound_daemon_local_port sound_daemon_local_kill sound_daemon_local_start global sound_daemon_local_cmd sound_daemon_local_port sound_daemon_local_kill sound_daemon_local_start
global port_knocking_list
set cmd "" set cmd ""
...@@ -1505,14 +1550,24 @@ proc launch_unix {hp} { ...@@ -1505,14 +1550,24 @@ proc launch_unix {hp} {
set pk_hp $hp set pk_hp $hp
} }
if {! $did_port_knock} { if {! $did_port_knock} {
if {! [do_port_knock $pk_hp]} { if {! [do_port_knock $pk_hp start]} {
return return
} }
set did_port_knock 1 set did_port_knock 1
} }
exec xterm -geometry $geometry -title "SHELL to $hp" \ if {[regexp {FINISH} $port_knocking_list]} {
-e sh -c "$cmd" & wm withdraw .
update
exec xterm -geometry $geometry \
-title "SHELL to $hp" -e sh -c "$cmd"
wm deiconify .
update
do_port_knock $pk_hp finish
} else {
exec xterm -geometry $geometry \
-title "SHELL to $hp" -e sh -c "$cmd" &
}
set env(SSL_VNCVIEWER_SSH_CMD) "" set env(SSL_VNCVIEWER_SSH_CMD) ""
set env(SSL_VNCVIEWER_SSH_ONLY) "" set env(SSL_VNCVIEWER_SSH_ONLY) ""
set env(SSL_VNCVIEWER_USE_C) "" set env(SSL_VNCVIEWER_USE_C) ""
...@@ -1598,7 +1653,6 @@ proc launch_unix {hp} { ...@@ -1598,7 +1653,6 @@ proc launch_unix {hp} {
catch {destroy .o} catch {destroy .o}
catch {destroy .oa} catch {destroy .oa}
wm withdraw .
update update
if {$sound_daemon_local_start && $sound_daemon_local_cmd != ""} { if {$sound_daemon_local_start && $sound_daemon_local_cmd != ""} {
...@@ -1612,12 +1666,15 @@ proc launch_unix {hp} { ...@@ -1612,12 +1666,15 @@ proc launch_unix {hp} {
set pk_hp $hp set pk_hp $hp
} }
if {! $did_port_knock} { if {! $did_port_knock} {
if {! [do_port_knock $pk_hp]} { if {! [do_port_knock $pk_hp start]} {
wm deiconify . wm deiconify .
update
return return
} }
set did_port_knock 1 set did_port_knock 1
} }
wm withdraw .
update
set geometry [xterm_center_geometry] set geometry [xterm_center_geometry]
set xrm1 "*.srinterCommand:true" set xrm1 "*.srinterCommand:true"
...@@ -1647,6 +1704,9 @@ proc launch_unix {hp} { ...@@ -1647,6 +1704,9 @@ proc launch_unix {hp} {
} }
wm deiconify . wm deiconify .
mesg "Disconnected from $hp" mesg "Disconnected from $hp"
if {[regexp {FINISH} $port_knocking_list]} {
do_port_knock $pk_hp finish
}
} }
proc kill_stunnel {pids} { proc kill_stunnel {pids} {
...@@ -1886,12 +1946,22 @@ proc launch {{hp ""}} { ...@@ -1886,12 +1946,22 @@ proc launch {{hp ""}} {
set list [split $hp ":"] set list [split $hp ":"]
set host [lindex $list 0] set host [lindex $list 0]
set disp [lindex $list 1] set disp [lindex $list 1]
set disp [string trim $disp]
regsub { .*$} $disp "" disp
if {$disp == ""} {
set disp 0
}
set port [expr "$disp + 5900"] set port [expr "$disp + 5900"]
} }
set list [split $hp ":"] set list [split $hp ":"]
set host [lindex $list 0] set host [lindex $list 0]
set disp [lindex $list 1] set disp [lindex $list 1]
set disp [string trim $disp]
regsub { .*$} $disp "" disp
if {$disp == "" || ! [regexp {^[0-9][0-9]*$} $disp]} {
set disp 0
}
set port [expr "$disp + 5900"] set port [expr "$disp + 5900"]
if {$debug} { if {$debug} {
...@@ -1936,6 +2006,12 @@ proc launch {{hp ""}} { ...@@ -1936,6 +2006,12 @@ proc launch {{hp ""}} {
puts $fh "verify = 2" puts $fh "verify = 2"
} }
if {$n == ""} {
set n 10
}
if {$n2 == ""} {
set n2 11
}
puts $fh "\[vnc$n\]" puts $fh "\[vnc$n\]"
set port2 [expr "$n + 5900"] set port2 [expr "$n + 5900"]
puts $fh "accept = localhost:$port2" puts $fh "accept = localhost:$port2"
...@@ -1952,7 +2028,7 @@ proc launch {{hp ""}} { ...@@ -1952,7 +2028,7 @@ proc launch {{hp ""}} {
close $fh close $fh
if {! $did_port_knock} { if {! $did_port_knock} {
if {! [do_port_knock $host]} { if {! [do_port_knock $host start]} {
set fail 1 set fail 1
} }
set did_port_knock 1 set did_port_knock 1
...@@ -1997,6 +2073,11 @@ proc launch {{hp ""}} { ...@@ -1997,6 +2073,11 @@ proc launch {{hp ""}} {
} }
mesg "Disconnected from $hp." mesg "Disconnected from $hp."
global port_knocking_list
if [regexp {FINISH} $port_knocking_list] {
do_port_knock $host finish
}
if {[llength $pids_new] > 0} { if {[llength $pids_new] > 0} {
set plist [join $pids_new ", "] set plist [join $pids_new ", "]
global terminate_pids global terminate_pids
...@@ -2018,7 +2099,8 @@ proc launch {{hp ""}} { ...@@ -2018,7 +2099,8 @@ proc launch {{hp ""}} {
} }
} }
proc get_idir {str} { proc get_idir_certs {str} {
global is_windows env
set idir "" set idir ""
if {$str != ""} { if {$str != ""} {
if [file isdirectory $str] { if [file isdirectory $str] {
...@@ -2028,7 +2110,14 @@ proc get_idir {str} { ...@@ -2028,7 +2110,14 @@ proc get_idir {str} {
} }
} }
if {$idir == ""} { if {$idir == ""} {
global env if {$is_windows} {
set t [file dirname [pwd]]
set t "$t/certs"
if [file isdirectory $t] {
set idir $t
}
}
if {$idir == ""} {
if [info exists env(HOME)] { if [info exists env(HOME)] {
set t "$env(HOME)/.vnc/certs" set t "$env(HOME)/.vnc/certs"
if [file isdirectory $t] { if [file isdirectory $t] {
...@@ -2036,8 +2125,8 @@ proc get_idir {str} { ...@@ -2036,8 +2125,8 @@ proc get_idir {str} {
} }
} }
} }
}
if {$idir == ""} { if {$idir == ""} {
global is_windows
if {$is_windows} { if {$is_windows} {
set idir [get_profiles_dir] set idir [get_profiles_dir]
} }
...@@ -2050,7 +2139,7 @@ proc get_idir {str} { ...@@ -2050,7 +2139,7 @@ proc get_idir {str} {
proc set_mycert {} { proc set_mycert {} {
global mycert global mycert
set idir [get_idir $mycert] set idir [get_idir_certs $mycert]
set t "" set t ""
if {$idir != ""} { if {$idir != ""} {
set t [tk_getOpenFile -initialdir $idir] set t [tk_getOpenFile -initialdir $idir]
...@@ -2105,7 +2194,7 @@ proc show_svcert {} { ...@@ -2105,7 +2194,7 @@ proc show_svcert {} {
proc set_svcert {} { proc set_svcert {} {
global svcert crtdir global svcert crtdir
set idir [get_idir $svcert] set idir [get_idir_certs $svcert]
set t "" set t ""
if {$idir != ""} { if {$idir != ""} {
set t [tk_getOpenFile -initialdir $idir] set t [tk_getOpenFile -initialdir $idir]
...@@ -2122,7 +2211,7 @@ proc set_svcert {} { ...@@ -2122,7 +2211,7 @@ proc set_svcert {} {
proc set_crtdir {} { proc set_crtdir {} {
global svcert crtdir global svcert crtdir
set idir [get_idir $crtdir] set idir [get_idir_certs $crtdir]
set t "" set t ""
if {$idir != ""} { if {$idir != ""} {
set t [tk_chooseDirectory -initialdir $idir] set t [tk_chooseDirectory -initialdir $idir]
...@@ -2140,7 +2229,7 @@ proc set_crtdir {} { ...@@ -2140,7 +2229,7 @@ proc set_crtdir {} {
proc set_createcert_file {} { proc set_createcert_file {} {
global ccert global ccert
if {[info exists ccert(FILE)]} { if {[info exists ccert(FILE)]} {
set idir [get_idir $ccert(FILE)] set idir [get_idir_certs $ccert(FILE)]
} }
if {$idir != ""} { if {$idir != ""} {
set t [tk_getSaveFile -defaultextension ".pem" -initialdir $idir] set t [tk_getSaveFile -defaultextension ".pem" -initialdir $idir]
...@@ -2591,15 +2680,9 @@ proc create_cert {} { ...@@ -2591,15 +2680,9 @@ proc create_cert {} {
set tcert(DAYS) "Days until expiration:" set tcert(DAYS) "Days until expiration:"
if {$ccert(FILE) == ""} { if {$ccert(FILE) == ""} {
global is_windows set idir [get_idir_certs ""]
if {$is_windows} {
set pdir [get_profiles_dir]
set ccert(FILE) "$pdir/vnccert.pem"
} else {
set idir [get_idir ""]
set ccert(FILE) "$idir/vnccert.pem" set ccert(FILE) "$idir/vnccert.pem"
} }
}
button .ccrt.cancel -text "Cancel" -command {destroy .ccrt; catch {raise .c}} button .ccrt.cancel -text "Cancel" -command {destroy .ccrt; catch {raise .c}}
bind .ccrt <Escape> {destroy .ccrt; catch {raise .c}} bind .ccrt <Escape> {destroy .ccrt; catch {raise .c}}
...@@ -2671,7 +2754,7 @@ proc import_browse {} { ...@@ -2671,7 +2754,7 @@ proc import_browse {} {
set idir "" set idir ""
if {$import_file != ""} { if {$import_file != ""} {
set idir [get_idir $import_file] set idir [get_idir_certs $import_file]
} }
if {$idir != ""} { if {$idir != ""} {
set t [tk_getOpenFile -initialdir $idir] set t [tk_getOpenFile -initialdir $idir]
...@@ -2690,15 +2773,10 @@ proc import_save_browse {} { ...@@ -2690,15 +2773,10 @@ proc import_save_browse {} {
set idir "" set idir ""
if {$import_save_file != ""} { if {$import_save_file != ""} {
set idir [get_idir $import_save_file] set idir [get_idir_certs $import_save_file]
} }
if {$idir == ""} { if {$idir == ""} {
global is_windows set idir [get_idir_certs ""]
if {$is_windows} {
set idir [get_profiles_dir]
} else {
set idir [get_idir ""]
}
} }
if {$idir != ""} { if {$idir != ""} {
set t [tk_getSaveFile -defaultextension ".crt" -initialdir $idir] set t [tk_getSaveFile -defaultextension ".crt" -initialdir $idir]
...@@ -3132,6 +3210,7 @@ proc save_profile {} { ...@@ -3132,6 +3210,7 @@ proc save_profile {} {
set host $h set host $h
regsub {[ ].*$} $p "" p regsub {[ ].*$} $p "" p
regsub {^.*:} $p "" p regsub {^.*:} $p "" p
regsub { .*$} $p "" p
if {$p == ""} { if {$p == ""} {
set p 0 set p 0
} }
...@@ -3737,6 +3816,9 @@ set cmd(6) { ...@@ -3737,6 +3816,9 @@ set cmd(6) {
fi fi
echo
#FINMSG
echo
echo "--vnc-helper-exiting--" echo "--vnc-helper-exiting--"
echo echo
rm -f $0 rm -f $0
...@@ -3781,9 +3863,8 @@ set cmd(6) { ...@@ -3781,9 +3863,8 @@ set cmd(6) {
} }
} }
global use_smbmnt smb_su_mode global use_smbmnt smb_su_mode smb_mounts
if {$use_smbmnt} { if {$use_smbmnt} {
global smb_mounts
if {$smb_mounts != ""} { if {$smb_mounts != ""} {
set smbm $smb_mounts set smbm $smb_mounts
regsub -all {%USER} $smbm "__USER__" smbm regsub -all {%USER} $smbm "__USER__" smbm
...@@ -3827,6 +3908,24 @@ set cmd(6) { ...@@ -3827,6 +3908,24 @@ set cmd(6) {
} }
} }
if {$mode == "pre"} {
set dopre 0
if {$use_smbmnt && $smb_mounts != ""} {
set dopre 1
}
if {$use_sound && $sound_daemon_kill} {
set dopre 1
}
if {$dopre} {
global is_windows
if {$is_windows} {
regsub {#FINMSG} $cmdall {echo "Now Go Click on the Label to Start the 2nd SSH"} cmdall
} else {
regsub {#FINMSG} $cmdall {echo "Finished with the 1st SSH tasks, the 2nd SSH should start shortly..."} cmdall
}
}
}
if {"$orig" == "$cmdall"} { if {"$orig" == "$cmdall"} {
return "" return ""
} else { } else {
...@@ -5147,7 +5246,7 @@ proc read_from_pad {file} { ...@@ -5147,7 +5246,7 @@ proc read_from_pad {file} {
return $match return $match
} }
proc do_port_knock {hp} { proc do_port_knock {hp mode} {
global use_port_knocking port_knocking_list global use_port_knocking port_knocking_list
global is_windows global is_windows
...@@ -5157,6 +5256,19 @@ proc do_port_knock {hp} { ...@@ -5157,6 +5256,19 @@ proc do_port_knock {hp} {
if {$port_knocking_list == ""} { if {$port_knocking_list == ""} {
return 1 return 1
} }
set list $port_knocking_list
if {$mode == "finish"} {
if {! [regexp {FINISH} $list]} {
return 1
} else {
regsub {^.*FINISH} $list "" list
}
} elseif {$mode == "start"} {
if {[regexp {FINISH} $list]} {
regsub {FINISH.*$} $list "" list
}
}
set default_delay 0 set default_delay 0
...@@ -5167,10 +5279,13 @@ proc do_port_knock {hp} { ...@@ -5167,10 +5279,13 @@ proc do_port_knock {hp} {
if {$host0 == ""} { if {$host0 == ""} {
bell bell
mesg "No host: $hp" mesg "PortKnock: No host: $hp"
return 0 return 0
} }
if [regexp {PAD=([^\n]+)} $port_knocking_list mv padfile] {
set m ""
if [regexp {PAD=([^\n]+)} $list mv padfile] {
set tlist [read_from_pad $padfile] set tlist [read_from_pad $padfile]
set tlist [string trim $tlist] set tlist [string trim $tlist]
if {$tlist == "" || $tlist == "FAIL"} { if {$tlist == "" || $tlist == "FAIL"} {
...@@ -5179,9 +5294,7 @@ proc do_port_knock {hp} { ...@@ -5179,9 +5294,7 @@ proc do_port_knock {hp} {
-title "Error: Padfile $padfile" -title "Error: Padfile $padfile"
return 0 return 0
} }
regsub -all {PAD=([^\n]+)} $port_knocking_list $tlist list regsub -all {PAD=([^\n]+)} $list $tlist list
} else {
set list $port_knocking_list
} }
set spl ",\n\r" set spl ",\n\r"
...@@ -5203,25 +5316,30 @@ proc do_port_knock {hp} { ...@@ -5203,25 +5316,30 @@ proc do_port_knock {hp} {
if [regexp {^#} $line] { if [regexp {^#} $line] {
continue continue
} }
if [regexp {^sleep[ \t][ \t]*([0-9][0-9]*)} $line mv sl] { if [regexp {^sleep[ \t][ \t]*([0-9][0-9]*)} $line mv sl] {
mesg "sleep: $sl" set m "PortKnock: sleep $sl"
mesg $m
after $sl after $sl
continue continue
} }
if [regexp {^delay[ \t][ \t]*([0-9][0-9]*)} $line mv sl] { if [regexp {^delay[ \t][ \t]*([0-9][0-9]*)} $line mv sl] {
mesg "delay: $sl" set m "PortKnock: delay=$sl"
mesg $m
set default_delay $sl set default_delay $sl
continue continue
} }
if [regexp {^CMD=(.*)} $line mv cmd] { if [regexp {^CMD=(.*)} $line mv cmd] {
mesg "CMD: $cmd" set m "PortKnock: CMD: $cmd"
mesg $m
eval exec $cmd eval exec $cmd
continue continue
} }
if [regexp {^CMDX=(.*)} $line mv cmd] { if [regexp {^CMDX=(.*)} $line mv cmd] {
set cmd [pk_expand $cmd $host0] set cmd [pk_expand $cmd $host0]
mesg "CMDX: $cmd" set m "PortKnock: CMDX: $cmd"
mesg $m
eval exec $cmd eval exec $cmd
continue continue
} }
...@@ -5271,22 +5389,26 @@ proc do_port_knock {hp} { ...@@ -5271,22 +5389,26 @@ proc do_port_knock {hp} {
if {$port == ""} { if {$port == ""} {
bell bell
mesg "No port found: \"$line0\"" set m "PortKnock: No port found: \"$line0\""
mesg $m
return 0 return 0
} }
if {! [regexp {^[0-9][0-9]*$} $port]} { if {! [regexp {^[0-9][0-9]*$} $port]} {
bell bell
mesg "Invalid port: \"$port\"" set m "PortKnock: Invalid port: \"$port\""
mesg $m
return 0 return 0
} }
if {[regexp {[ \t]} $host]} { if {[regexp {[ \t]} $host]} {
bell bell
mesg "Invalid host: \"$host\"" set m "PortKnock: Invalid host: \"$host\""
mesg $m
return 0 return 0
} }
if {! [regexp {^[-A-z0-9_.][-A-z0-9_.]*$} $host]} { if {! [regexp {^[-A-z0-9_.][-A-z0-9_.]*$} $host]} {
bell bell
mesg "Invalid host: \"$host\"" set m "PortKnock: Invalid host: \"$host\""
mesg $m
return 0 return 0
} }
...@@ -5295,7 +5417,8 @@ proc do_port_knock {hp} { ...@@ -5295,7 +5417,8 @@ proc do_port_knock {hp} {
set nc [find_netcat] set nc [find_netcat]
if {$nc == ""} { if {$nc == ""} {
bell bell
mesg "UDP: netcat(1) not found" set m "PortKnock: UDP: netcat(1) not found"
mesg $m
after 1000 after 1000
continue continue
} }
...@@ -5313,7 +5436,8 @@ proc do_port_knock {hp} { ...@@ -5313,7 +5436,8 @@ proc do_port_knock {hp} {
puts -nonewline $fh "$snd" puts -nonewline $fh "$snd"
close $fh close $fh
mesg "SEND: $host $port" set m "PortKnock: SEND: $host $port"
mesg $m
if {$is_windows} { if {$is_windows} {
if {$udp} { if {$udp} {
catch {exec $nc -d -u -w 1 "$host" "$port" < $pfile &} catch {exec $nc -d -u -w 1 "$host" "$port" < $pfile &}
...@@ -5330,7 +5454,8 @@ proc do_port_knock {hp} { ...@@ -5330,7 +5454,8 @@ proc do_port_knock {hp} {
catch {after 50; file delete $pfile} catch {after 50; file delete $pfile}
} elseif {$udp} { } elseif {$udp} {
mesg "UDP: $host $port" set m "PortKnock: UDP: $host $port"
mesg $m
if {! $is_windows} { if {! $is_windows} {
catch {exec echo a | $nc -u -w 1 "$host" "$port" &} catch {exec echo a | $nc -u -w 1 "$host" "$port" &}
} else { } else {
...@@ -5340,7 +5465,8 @@ proc do_port_knock {hp} { ...@@ -5340,7 +5465,8 @@ proc do_port_knock {hp} {
catch {exec $nc -d -u -w 1 "$host" "$port" < "nc_in.txt" &} catch {exec $nc -d -u -w 1 "$host" "$port" < "nc_in.txt" &}
} }
} else { } else {
mesg "TCP: $host $port" set m "PortKnock: TCP: $host $port"
mesg $m
set s "" set s ""
set emess "" set emess ""
set rc [catch {set s [socket -async $host $port]} emess] set rc [catch {set s [socket -async $host $port]} emess]
...@@ -5383,6 +5509,10 @@ proc do_port_knock {hp} { ...@@ -5383,6 +5509,10 @@ proc do_port_knock {hp} {
if {$is_windows} { if {$is_windows} {
catch {file delete "nc_in.txt"} catch {file delete "nc_in.txt"}
} }
if {$m != ""} {
set m "$m,"
}
mesg "PortKnock: done"
return 1 return 1
} }
...@@ -5481,6 +5611,14 @@ proc port_knocking_dialog {} { ...@@ -5481,6 +5611,14 @@ proc port_knocking_dialog {} {
the VNC/SSH host. By default, the VNC/SSH host is the one the packet is the VNC/SSH host. By default, the VNC/SSH host is the one the packet is
sent to. sent to.
If one of the items is the string "FINISH", then the part before it is
used prior to connecting and the part after is used once the connection
is finished. This can be used, say, to close the firewall port. Example:
5433, 12321, FINISH, 7659, 2314
(or one can split them up via lines as above.)
Advanced port knock actions: Advanced port knock actions:
...@@ -5940,10 +6078,11 @@ bind . <Control-q> "destroy .; exit" ...@@ -5940,10 +6078,11 @@ bind . <Control-q> "destroy .; exit"
bind . <Shift-Escape> "destroy .; exit" bind . <Shift-Escape> "destroy .; exit"
bind . <Control-s> "launch_shell_only" bind . <Control-s> "launch_shell_only"
global entered_gui_top global entered_gui_top button_gui_top
set entered_gui_top 0 set entered_gui_top 0
set button_gui_top 0
bind . <Enter> {set entered_gui_top 1} bind . <Enter> {set entered_gui_top 1}
bind .l <ButtonPress> {set button_gui_top 1}
bind .f.l <ButtonPress> {set button_gui_top 1}
#smb_help_me_decide
update update
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment