SSL patch for Java viewer. https support for x11vnc.

5920dc18 · runge · 10c61b53 · 5920dc18 · 5920dc18 · 5920dc18
Commit 5920dc18 authored Mar 28, 2006 by runge
35 changed files
--- a/ChangeLog
+++ b/ChangeLog
+2006-03-28  Karl Runge <runge@karlrunge.com>
+	* classes/ssl: patch to tightvnc Java viewer for SSL support
+	  plus other fixes (richcursor colors, Tab keysym, etc).
+	* libvncserver/httpd.c: add missing \r in 200 OK.
+
 2006-03-27  Steven Carr <scarr@jsa-usa.com>
 	* rfbserver.c: Zlib encoding cannot have a limit via
 	  maxRectsPerUpdate

--- a/classes/Makefile.am
+++ b/classes/Makefile.am
 EXTRA_DIST=VncViewer.jar  index.vnc  javaviewer.pseudo_proxy.patch

+SUBDIRS = ssl
+DIST_SUBDIRS = ssl
+
--- a/classes/ssl/Makefile.am
+++ b/classes/ssl/Makefile.am
+EXTRA_DIST=VncViewer.jar  index.vnc
+
--- a/classes/ssl/VncViewer.jar
+++ b/classes/ssl/VncViewer.jar
--- a/classes/ssl/index.vnc
+++ b/classes/ssl/index.vnc
+<!-- 
+     index.vnc - default HTML page for TightVNC Java viewer applet, to be
+     used with Xvnc. On any file ending in .vnc, the HTTP server embedded in
+     Xvnc will substitute the following variables when preceded by a dollar:
+     USER, DESKTOP, DISPLAY, APPLETWIDTH, APPLETHEIGHT, WIDTH, HEIGHT, PORT,
+     PARAMS. Use two dollar signs ($$) to get a dollar sign in the generated
+     HTML page.
+
+     NOTE: the $PARAMS variable is not supported by the standard VNC, so
+     make sure you have TightVNC on the server side, if you're using this
+     variable.
+-->
+
+<HTML>
+<TITLE>
+$USER's $DESKTOP desktop ($DISPLAY)
+</TITLE>
+<APPLET CODE=VncViewer.class ARCHIVE=VncViewer.jar
+        WIDTH=$APPLETWIDTH HEIGHT=$APPLETHEIGHT>
+<param name=PORT value=$PORT>
+<param name="Open New Window" value=yes>
+$PARAMS
+</APPLET>
+<BR>
+<A href="http://www.tightvnc.com/">TightVNC site</A>
+</HTML>
--- a/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-cursor-colors+no-tab-traversal.patch
+++ b/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-cursor-colors+no-tab-traversal.patch
+--- vnc_javasrc.orig/VncCanvas.java	2004-10-10 02:15:54.000000000 -0400
+++ vnc_javasrc/VncCanvas.java	2006-03-27 22:34:02.000000000 -0500
+@@ -28,6 +28,7 @@
+ import java.lang.*;
+ import java.util.zip.*;
+ 
+import java.util.Collections;
+ 
+ //
+ // VncCanvas is a subclass of Canvas which draws a VNC desktop on it.
+@@ -81,6 +82,20 @@
+     cm8 = new DirectColorModel(8, 7, (7 << 3), (3 << 6));
+     cm24 = new DirectColorModel(24, 0xFF0000, 0x00FF00, 0x0000FF);
+ 
+    // kludge to not show any Java cursor in the canvas since we are
+    // showing the soft cursor (should be a user setting...)
+    Cursor dot = Toolkit.getDefaultToolkit().createCustomCursor(
+        Toolkit.getDefaultToolkit().createImage(new byte[4]), new Point(0,0),
+        "dot");
+    this.setCursor(dot);
+
+    // while we are at it... get rid of the keyboard traversals that
+    // make it so we can't type a Tab character:
+    this.setFocusTraversalKeys(KeyboardFocusManager.FORWARD_TRAVERSAL_KEYS,
+        Collections.EMPTY_SET);
+    this.setFocusTraversalKeys(KeyboardFocusManager.BACKWARD_TRAVERSAL_KEYS,
+        Collections.EMPTY_SET);
+
+     colors = new Color[256];
+     for (int i = 0; i < 256; i++)
+       colors[i] = new Color(cm8.getRGB(i));
+@@ -1387,9 +1402,9 @@
+ 		result = cm8.getRGB(pixBuf[i]);
+ 	      } else {
+ 		result = 0xFF000000 |
+-		  (pixBuf[i * 4 + 1] & 0xFF) << 16 |
+-		  (pixBuf[i * 4 + 2] & 0xFF) << 8 |
+-		  (pixBuf[i * 4 + 3] & 0xFF);
+		  (pixBuf[i * 4 + 2] & 0xFF) << 16 |
+		  (pixBuf[i * 4 + 1] & 0xFF) << 8 |
+		  (pixBuf[i * 4 + 0] & 0xFF);
+ 	      }
+ 	    } else {
+ 	      result = 0;	// Transparent pixel
+@@ -1403,9 +1418,9 @@
+ 	      result = cm8.getRGB(pixBuf[i]);
+ 	    } else {
+ 	      result = 0xFF000000 |
+-		(pixBuf[i * 4 + 1] & 0xFF) << 16 |
+-		(pixBuf[i * 4 + 2] & 0xFF) << 8 |
+-		(pixBuf[i * 4 + 3] & 0xFF);
+		(pixBuf[i * 4 + 2] & 0xFF) << 16 |
+		(pixBuf[i * 4 + 1] & 0xFF) << 8 |
+		(pixBuf[i * 4 + 0] & 0xFF);
+ 	    }
+ 	  } else {
+ 	    result = 0;		// Transparent pixel
--- a/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch
+++ b/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch
--- a/configure.ac
+++ b/configure.ac
@@ -184,30 +184,36 @@ if test "$X_CFLAGS" != "-DX_DISPLAY_MISSING"; then
 			if test -z "$HAVE_LIBC_CRYPT"; then
 				AC_CHECK_LIB(crypt, crypt,
 					X_PRELIBS="$X_PRELIBS -lcrypt"
-					[AC_DEFINE(HAVE_LIBCRYPT)], ,
-					$X_LIBS $X_PRELIBS -lcrypt $X_EXTRA_LIBS)
+					[AC_DEFINE(HAVE_LIBCRYPT)], ,)
 			fi
 		fi
-		AH_TEMPLATE(HAVE_LIBSSL, [openssl libssl library present])
-		AC_ARG_WITH(ssl,
-		[  --without-ssl           disable support for openssl libssl],,)
-		if test "x$with_ssl" != "xno"; then
-			AC_CHECK_LIB(ssl, SSL_library_init,
-				X_PRELIBS="$X_PRELIBS -lssl"
-				[AC_DEFINE(HAVE_LIBSSL) HAVE_LIBSSL="true"], ,
-				$X_LIBS $X_PRELIBS -lssl $X_EXTRA_LIBS)
-		fi
+
+		# some OS's need both -lssl and -lcrypto on link line:
 		AH_TEMPLATE(HAVE_LIBCRYPTO, [openssl libcrypto library present])
 		AC_ARG_WITH(crypto,
 		[  --without-crypto        disable support for openssl libcrypto],,)
-		# some OS's need both -lssl and -lcrypto
-		if test "x$HAVE_LIBSSL" = "xtrue"; then
-			AC_CHECK_LIB(crypto, RAND_load_file,
-				X_PRELIBS="$X_PRELIBS -lcrypto"
-				[AC_DEFINE(HAVE_LIBSSL) HAVE_LIBSSL="true"], ,
-				$X_LIBS $X_PRELIBS -lcrypto $X_EXTRA_LIBS)
+
+		AH_TEMPLATE(HAVE_LIBSSL, [openssl libssl library present])
+		AC_ARG_WITH(ssl,
+		[  --without-ssl           disable support for openssl libssl],,)
+
+		if test "x$with_crypto" != "xno" -a "x$with_ssl" != "xno"; then
+			AC_CHECK_LIB(crypto, RAND_file_name,
+				[AC_DEFINE(HAVE_LIBCRYPTO) HAVE_LIBCRYPTO="true"], ,)
 		fi

+		if test "x$with_ssl" != "xno"; then
+			if test "x$HAVE_LIBCRYPTO" = "xtrue"; then
+				AC_CHECK_LIB(ssl, SSL_library_init,
+					X_PRELIBS="$X_PRELIBS -lssl -lcrypto"
+					[AC_DEFINE(HAVE_LIBSSL) HAVE_LIBSSL="true"], ,
+					-lcrypto)
+			else
+				AC_CHECK_LIB(ssl, SSL_library_init,
+					X_PRELIBS="$X_PRELIBS -lssl"
+					[AC_DEFINE(HAVE_LIBSSL) HAVE_LIBSSL="true"], ,)
+			fi
+		fi

 		X_LIBS="$X_LIBS $X_PRELIBS -lX11 $X_EXTRA_LIBS"
 	fi
@@ -452,6 +458,7 @@ AC_CONFIG_FILES([Makefile
                 examples/Makefile
 		 vncterm/Makefile
 		 classes/Makefile
+		 classes/ssl/Makefile
 		 libvncclient/Makefile
 		 client_examples/Makefile
 		 test/Makefile

--- a/libvncserver/httpd.c
+++ b/libvncserver/httpd.c
@@ -67,7 +67,11 @@
    "<HEAD><TITLE>Invalid Request</TITLE></HEAD>\n" \
    "<BODY><H1>Invalid request</H1></BODY>\n"

-#define OK_STR "HTTP/1.0 200 OK\nContent-Type: text/html\r\n\r\n"
+#if 1
+#define OK_STR "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n"
+#else
+#define OK_STR "HTTP/1.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n"
+#endif

 static void httpProcessInput(rfbScreenInfoPtr screen);
 static rfbBool compareAndSkip(char **ptr, const char *str);

--- a/prepare_x11vnc_dist.sh
+++ b/prepare_x11vnc_dist.sh
@@ -58,6 +58,12 @@ cp classes/Makefile.am classes/Makefile.am.LibVNCServer
 echo 'pkgdatadir = $(datadir)/@PACKAGE@/classes' >> classes/Makefile.am
 echo 'pkgdata_DATA=VncViewer.jar index.vnc' >> classes/Makefile.am

+cp classes/ssl/Makefile.am classes/ssl/Makefile.am.LibVNCServer
+sed -e 's/EXTRA_DIST=/EXTRA_DIST=tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch tightvnc-1.3dev7_javasrc-vncviewer-cursor-colors+no-tab-traversal.patch /' \
+	classes/ssl/Makefile.am.LibVNCServer > classes/ssl/Makefile.am
+echo 'pkgdatadir = $(datadir)/@PACKAGE@/classes/ssl' >> classes/ssl/Makefile.am
+echo 'pkgdata_DATA=VncViewer.jar index.vnc' >> classes/ssl/Makefile.am
+
 mv acinclude.m4 acinclude.m4.LibVNCServer

 cat acinclude.m4.LibVNCServer | \
@@ -65,7 +71,7 @@ sed -e "s/^\(_PKG.*\)\$PACKAGE\(.*\)$/\1LibVNCServer\2/" \
 > acinclude.m4

 make x11vnc-${VERSION}.tar.gz
-for f in configure.ac Makefile.am libvncserver/Makefile.am classes/Makefile.am acinclude.m4 README; do
+for f in configure.ac Makefile.am libvncserver/Makefile.am classes/Makefile.am classes/ssl/Makefile.am acinclude.m4 README; do
 	mv -f $f.LibVNCServer $f
 done

--- a/x11vnc/ChangeLog
+++ b/x11vnc/ChangeLog
+2006-03-26  Karl Runge <runge@karlrunge.com>
+	* x11vnc: -xinerama now on by default.  In -ssl mode accept https
+	  applet downloads thru VNC port.  -https option for 2nd https
+	  port.  Look for classes/ssl under -http.  add Java URL messages
+	  to final output lines.  make -inetd work with -ssl (even for
+	  https).  fix -unixpw login prompt under -scale.  guard against
+	  clientData = NULL. 
+
 2006-03-11  Karl Runge <runge@karlrunge.com>
 	* x11vnc: add -ssl mode using libssl.  Include Xdummy in misc.
 	  a few more macros for smallerfoot, etc.

--- a/x11vnc/README
+++ b/x11vnc/README
--- a/x11vnc/cleanup.c
+++ b/x11vnc/cleanup.c
@@ -135,7 +135,7 @@ void clean_up_exit (int ret) {
 	}
 	stop_stunnel();
 	if (use_openssl) {
-		ssh_helper_pid(0, 0);	/* killall */
+		ssl_helper_pid(0, 0);	/* killall */
 	}

 	X_LOCK;

--- a/x11vnc/connections.c
+++ b/x11vnc/connections.c
@@ -32,6 +32,7 @@ void close_all_clients(void);
 void close_clients(char *str);
 void set_client_input(char *str);
 void set_child_info(void);
+void client_gone(rfbClientPtr client);
 void reverse_connect(char *str);
 void set_vnc_connect_prop(char *str);
 void read_vnc_connect_prop(int);
@@ -48,7 +49,6 @@ void check_new_clients(void);
 static rfbClientPtr *client_match(char *str);
 static int run_user_command(char *cmd, rfbClientPtr client, char *mode);
 static void free_client_data(rfbClientPtr client);
-static void client_gone(rfbClientPtr client);
 static int check_access(char *addr);
 static void ugly_geom(char *p, int *x, int *y);
 static int ugly_window(char *addr, char *userhost, int X, int Y,
@@ -113,6 +113,9 @@ char *list_clients(void) {
 	iter = rfbGetClientIterator(screen);
 	while( (cl = rfbClientIteratorNext(iter)) ) {
 		ClientData *cd = (ClientData *) cl->clientData;
+		if (! cd) {
+			continue;
+		}
 		if (*list != '\0') {
 			strcat(list, ",");
 		}
@@ -199,6 +202,9 @@ static rfbClientPtr *client_match(char *str) {
 			unsigned int in;
 			int id;
 			ClientData *cd = (ClientData *) cl->clientData;
+			if (! cd) {
+				continue;
+			}
 			if (sscanf(str, "0x%x", &in) != 1) {
 				if (hex_warn++) {
 					continue;
@@ -289,6 +295,9 @@ void set_client_input(char *str) {
 	cp = cl_list;
 	while (*cp) {
 		ClientData *cd = (ClientData *) (*cp)->clientData;
+		if (! cd) {
+			continue;
+		}
 		cd->input[0] = '\0';
 		strcat(cd->input, "_");
 		strcat(cd->input, val);
@@ -543,7 +552,7 @@ static int accepted_client = 0;
 /*
 * callback for when a client disconnects
 */
-static void client_gone(rfbClientPtr client) {
+void client_gone(rfbClientPtr client) {
 	ClientData *cd = NULL;

 	client_count--;
@@ -571,15 +580,16 @@ static void client_gone(rfbClientPtr client) {
 	}
 	if (client->clientData) {
 		cd = (ClientData *) client->clientData;
-		if (cd->ssh_helper_pid > 0) {
+		if (cd->ssl_helper_pid > 0) {
 			int status;
-			rfbLog("sending SIGTERM to ssh_helper_pid: %d\n",
-			    cd->ssh_helper_pid);
-			kill(cd->ssh_helper_pid, SIGTERM);
+			rfbLog("sending SIGTERM to ssl_helper_pid: %d\n",
+			    cd->ssl_helper_pid);
+			kill(cd->ssl_helper_pid, SIGTERM);
+			usleep(200*1000);
 #if LIBVNCSERVER_HAVE_SYS_WAIT_H && LIBVNCSERVER_HAVE_WAITPID 
-			waitpid(cd->ssh_helper_pid, &status, WNOHANG); 
+			waitpid(cd->ssl_helper_pid, &status, WNOHANG); 
 #endif
-			ssh_helper_pid(cd->ssh_helper_pid, -1);	/* delete */
+			ssl_helper_pid(cd->ssl_helper_pid, -1);	/* delete */
 		}
 	}
 	if (gone_cmd && *gone_cmd != '\0') {
@@ -1486,13 +1496,13 @@ static int do_reverse_connect(char *str) {
 	}

 	if (inetd && unixpw) {
-	    if(strcmp(host, "localhost") && strcmp(host, "127.0.0.1")) {
-		if (! getenv("UNIXPW_DISABLE_LOCALHOST")) {
-			rfbLog("reverse_connect: in -inetd only localhost\n");
-			rfbLog("connections allowed under -unixpw\n");
-			return 0;
+		if(strcmp(host, "localhost") && strcmp(host, "127.0.0.1")) {
+			if (! getenv("UNIXPW_DISABLE_LOCALHOST")) {
+				rfbLog("reverse_connect: in -inetd only localhost\n");
+				rfbLog("connections allowed under -unixpw\n");
+				return 0;
+			}
 		}
-	    }
 		if (! getenv("UNIXPW_DISABLE_SSL") && ! have_ssh_env()) {
 			rfbLog("reverse_connect: in -inetd stunnel/ssh\n");
 			rfbLog("required under -unixpw\n");
@@ -1839,7 +1849,7 @@ enum rfbNewClientAction new_client(rfbClientPtr client) {
 	}

 	clients_served++;
-if (0) fprintf(stderr, "new_client: %s %d\n", client->host, clients_served);
+if (getenv("NEW_CLIENT")) fprintf(stderr, "new_client: %s %d\n", client->host, clients_served);

 	if (use_openssl || use_stunnel) {
 		if (! ssl_initialized) {
@@ -1881,11 +1891,11 @@ if (0) fprintf(stderr, "new_client: %s %d\n", client->host, clients_served);
 	cd->input[0] = '-';
 	cd->login_viewonly = -1;
 	cd->login_time = time(0);
-	cd->ssh_helper_pid = 0;
+	cd->ssl_helper_pid = 0;

 	if (use_openssl && openssl_last_helper_pid) {
-if (0) fprintf(stderr, "SET ssh_helper_pid: %d\n", openssl_last_helper_pid);
-		cd->ssh_helper_pid = openssl_last_helper_pid;
+if (0) fprintf(stderr, "SET ssl_helper_pid: %d\n", openssl_last_helper_pid);
+		cd->ssl_helper_pid = openssl_last_helper_pid;
 		openssl_last_helper_pid = 0;
 	}

@@ -2131,6 +2141,10 @@ void check_new_clients(void) {
 		ClientData *cd = (ClientData *) cl->clientData;
 		char *s;

+		if (! cd) {
+			continue;
+		}
+
 		if (cd->login_viewonly < 0) {
 			/* this is a general trigger to initialize things */
 			if (cl->viewOnly) {

--- a/x11vnc/connections.h
+++ b/x11vnc/connections.h
@@ -17,6 +17,7 @@ extern void close_all_clients(void);
 extern void close_clients(char *str);
 extern void set_client_input(char *str);
 extern void set_child_info(void);
+extern void client_gone(rfbClientPtr client);
 extern void reverse_connect(char *str);
 extern void set_vnc_connect_prop(char *str);
 extern void read_vnc_connect_prop(int);

--- a/x11vnc/cursor.c
+++ b/x11vnc/cursor.c
@@ -799,6 +799,7 @@ static void setup_cursors(void) {
 		UNLOCK(screen->cursorMutex);
 	}
 	rfbLog("  done.\n");
+	rfbLog("\n");
 }

 void setup_cursors_and_push(void) {
@@ -1541,6 +1542,9 @@ void restore_cursor_shape_updates(rfbScreenInfoPtr s) {
 		int changed = 0;
 		ClientData *cd = (ClientData *) cl->clientData;

+		if (! cd) {
+			continue;
+		}
 		if (cd->had_cursor_shape_updates) {
 			rfbLog("restoring enableCursorShapeUpdates for client"
 			    " 0x%x\n", cl);
@@ -1578,14 +1582,18 @@ void disable_cursor_shape_updates(rfbScreenInfoPtr s) {
 		cd = (ClientData *) cl->clientData;

 		if (cl->enableCursorShapeUpdates) {
-			cd->had_cursor_shape_updates = 1;
+			if (cd) {
+				cd->had_cursor_shape_updates = 1;
+			}
 			count++;
 			if (debug_pointer) {
 				rfbLog("%s disable HCSU\n", cl->host);
 			}
 		}
 		if (cl->enableCursorPosUpdates) {
-			cd->had_cursor_pos_updates = 1;
+			if (cd) {
+				cd->had_cursor_pos_updates = 1;
+			}
 			count++;
 			if (debug_pointer) {
 				rfbLog("%s disable HCPU\n", cl->host);

--- a/x11vnc/help.c
+++ b/x11vnc/help.c
--- a/x11vnc/keyboard.c
+++ b/x11vnc/keyboard.c
@@ -2098,6 +2098,16 @@ void initialize_allowed_input(void) {
 		while( (cl = rfbClientIteratorNext(iter)) ) {
 			ClientData *cd = (ClientData *) cl->clientData;

+			if (! cd) {
+				continue;
+			}
+#if 0
+rfbLog("cd: %p\n", cd);
+rfbLog("cd->input: %s\n", cd->input);
+rfbLog("cd->login_viewonly: %d\n", cd->login_viewonly);
+rfbLog("allowed_input_view_only: %s\n", allowed_input_view_only);
+#endif
+
 			if (cd->input[0] == '=') {
 				;	/* custom setting */
 			} else if (cd->login_viewonly) {
@@ -2365,6 +2375,10 @@ void get_allowed_input(rfbClientPtr client, allowed_input_t *input) {
 	}

 	cd = (ClientData *) client->clientData;
+
+	if (! cd) {
+		return;
+	}
 	
 	if (cd->input[0] != '-') {
 		str = cd->input;
@@ -2398,7 +2412,7 @@ void get_allowed_input(rfbClientPtr client, allowed_input_t *input) {

 /* for -pipeinput mode */
 static void pipe_keyboard(rfbBool down, rfbKeySym keysym, rfbClientPtr client) {
-	int can_input = 0, uid;
+	int can_input = 0, uid = 0;
 	allowed_input_t input;
 	char *name;
 	ClientData *cd = (ClientData *) client->clientData;
@@ -2413,7 +2427,9 @@ static void pipe_keyboard(rfbBool down, rfbKeySym keysym, rfbClientPtr client) {
 			can_input = 1;	/* XXX distinguish later */
 		}
 	}
-	uid = cd->uid;
+	if (cd) {
+		uid = cd->uid;
+	}
 	if (! can_input) {
 		uid = -uid;
 	}

--- a/x11vnc/options.c
+++ b/x11vnc/options.c
@@ -23,6 +23,7 @@ int stunnel_port = 0;
 char *stunnel_pem = NULL;
 int use_openssl = 0;
 char *openssl_pem = NULL;
+int https_port_num = -1;
 char *ssl_verify = NULL;
 int ssl_initialized = 0;
 int usepw = USEPW;
@@ -124,7 +125,7 @@ int debug_grabs = 0;
 int debug_sel = 0;

 int xtrap_input = 0;		/* -xtrap for user input insertion */
-int xinerama = 0;		/* -xinerama */
+int xinerama = XINERAMA;	/* -xinerama */
 int xrandr = 0;			/* -xrandr */
 char *xrandr_mode = NULL;
 char *pad_geometry = NULL;

--- a/x11vnc/options.h
+++ b/x11vnc/options.h
@@ -23,6 +23,7 @@ extern int stunnel_port;
 extern char *stunnel_pem;
 extern int use_openssl;
 extern char *openssl_pem;
+extern int https_port_num;
 extern char *ssl_verify;
 extern int ssl_initialized;
 extern int usepw;

--- a/x11vnc/pointer.c
+++ b/x11vnc/pointer.c
@@ -508,7 +508,7 @@ if (debug_scroll > 1) fprintf(stderr, "internal scrollbar: %dx%d\n", w, h);


 static void pipe_pointer(int mask, int x, int y, rfbClientPtr client) {
-	int can_input = 0, uid;
+	int can_input = 0, uid = 0;
 	allowed_input_t input;
 	ClientData *cd = (ClientData *) client->clientData;
 	char hint[MAX_BUTTONS * 20];
@@ -523,7 +523,9 @@ static void pipe_pointer(int mask, int x, int y, rfbClientPtr client) {
 			can_input = 1;	/* XXX distinguish later */
 		}
 	}
-	uid = cd->uid;
+	if (cd) {
+		uid = cd->uid;
+	}
 	if (! can_input) {
 		uid = -uid;
 	}

--- a/x11vnc/rates.c
+++ b/x11vnc/rates.c
@@ -30,6 +30,9 @@ static int get_latency(void);

 static void measure_display_hook(rfbClientPtr cl) {
 	ClientData *cd = (ClientData *) cl->clientData;
+	if (! cd) {
+		return;
+	}
 	dtime0(&cd->timer);
 }

@@ -50,6 +53,9 @@ static int get_rate(int which) {
 	while( (cl = rfbClientIteratorNext(iter)) ) {
 		ClientData *cd = (ClientData *) cl->clientData;

+		if (! cd) {
+			continue;
+		}
 		if (cl->state != RFB_NORMAL) {
 			continue;
 		}
@@ -109,6 +115,9 @@ static int get_latency(void) {
 	while( (cl = rfbClientIteratorNext(iter)) ) {
 		ClientData *cd = (ClientData *) cl->clientData;
 		
+		if (! cd) {
+			continue;
+		}
 		if (cl->state != RFB_NORMAL) {
 			continue;
 		}
@@ -335,6 +344,9 @@ db = 0;
 		int got_t2 = 0, got_t3 = 0;
 		ClientData *cd = (ClientData *) cl->clientData;

+		if (! cd) {
+			continue;
+		}
 		if (cd->send_cmp_rate > 0.0) {
 			continue;
 		}

--- a/x11vnc/remote.c
+++ b/x11vnc/remote.c
@@ -310,6 +310,8 @@ int check_httpdir(void) {
 		 * /path/to/bin/x11vnc
 		 * /path/to/bin/../share/x11vnc/classes
 		 *                    12345678901234567
+		 * /path/to/bin/../share/x11vnc/classes/ssl
+		 *                    123456789012345678901
 		 */
 		if ((q = strrchr(prog, '/')) == NULL) {
 			rfbLog("check_httpdir: bad program path: %s\n", prog);
@@ -317,10 +319,14 @@ int check_httpdir(void) {
 			return 0;
 		}

-		len = strlen(prog) + 17 + 1;
+		len = strlen(prog) + 21 + 1;
 		*q = '\0';
 		httpdir = (char *) malloc(len);
-		snprintf(httpdir, len, "%s/../share/x11vnc/classes", prog);
+		if (use_openssl || use_stunnel) {
+			snprintf(httpdir, len, "%s/../share/x11vnc/classes/ssl", prog);
+		} else {
+			snprintf(httpdir, len, "%s/../share/x11vnc/classes", prog);
+		}
 		free(prog);

 		if (stat(httpdir, &sbuf) == 0) {
@@ -331,16 +337,32 @@ int check_httpdir(void) {
 			return 1;
 		} else {
 			/* try some hardwires: */
-			if (stat("/usr/local/share/x11vnc/classes",
-			    &sbuf) == 0) {
-				http_dir =
-				    strdup("/usr/local/share/x11vnc/classes");	
-				return 1;
+			int i;
+			char **use;
+			char *list[] = {
+				"/usr/local/share/x11vnc/classes",
+				"/usr/share/x11vnc/classes",
+				NULL
+			};
+			char *ssllist[] = {
+				"/usr/local/share/x11vnc/classes/ssl",
+				"/usr/share/x11vnc/classes/ssl",
+				NULL
+			};
+			if (use_openssl || use_stunnel) {
+				use = ssllist;
+			} else {
+				use = list;
 			}
-			if (stat("/usr/share/x11vnc/classes", &sbuf) == 0) {
-				http_dir = strdup("/usr/share/x11vnc/classes");	
-				return 1;
+			i = 0;
+			while (use[i] != NULL) {
+				if (stat(use[i], &sbuf) == 0) {
+					http_dir = strdup(use[i]);	
+					return 1;
+				}
+				i++;
 			}
+
 			rfbLog("check_httpdir: bad guess:\n");
 			rfbLog("   %s\n", httpdir);
 			return 0;
@@ -354,6 +376,19 @@ void http_connections(int on) {
 	}
 	if (on) {
 		rfbLog("http_connections: turning on http service.\n");
+
+		if (inetd && use_openssl) {
+			/*
+			 * try to work around rapid fire https requests
+			 * in inetd mode... ugh.
+			 */
+			if (screen->httpPort == 0) {
+				int port = find_free_port(5800, 5850);
+				if (port) {
+					screen->httpPort = port;
+				}
+			}
+		}
 		screen->httpInitDone = FALSE;
 		screen->httpDir = http_dir;
 		if (check_httpdir()) {
@@ -3785,6 +3820,8 @@ char *process_remote_cmd(char *cmd, int stringonly) {
 			snprintf(buf, bufn, "aro=%s:%d", p, use_stunnel);
 		} else if (!strcmp(p, "stunnel_pem")) {
 			snprintf(buf, bufn, "aro=%s:%s", p, NONUL(stunnel_pem));
+		} else if (!strcmp(p, "https")) {
+			snprintf(buf, bufn, "aro=%s:%d", p, https_port_num);
 		} else if (!strcmp(p, "usepw")) {
 			snprintf(buf, bufn, "aro=%s:%d", p, usepw);
 		} else if (!strcmp(p, "using_shm")) {

--- a/x11vnc/screen.c
+++ b/x11vnc/screen.c
@@ -1924,8 +1924,17 @@ void initialize_screen(int *argc, char **argv, XImage *fb) {
 	 * at screen creation time.
 	 */

+	/* event callbacks: */
+	screen->newClientHook = new_client;
+	screen->kbdAddEvent = keyboard;
+	screen->ptrAddEvent = pointer;
+	screen->setXCutText = xcut_receive;
+
 	/* called from inetd, we need to treat stdio as our socket */
-	if (inetd) {
+	if (inetd && use_openssl) {
+		/* accept_openssl() called later */
+		screen->port = 0;
+	} else if (inetd) {
 		int fd = dup(0);
 		if (fd < 0) {
 			rfbLogEnable(1);
@@ -1955,16 +1964,13 @@ void initialize_screen(int *argc, char **argv, XImage *fb) {
 		screen->deferUpdateTime = defer_update;
 	}

-	/* event callbacks: */
-	screen->newClientHook = new_client;
-	screen->kbdAddEvent = keyboard;
-	screen->ptrAddEvent = pointer;
-	screen->setXCutText = xcut_receive;
-
 	rfbInitServer(screen);

 	if (use_openssl) {
 		openssl_port();
+		if (https_port_num >= 0) {
+			https_port();
+		}
 	}

 	install_passwds();
@@ -1976,9 +1982,9 @@ static void announce(int lport, int ssl, char *iface) {
 	char *tvdt;

 	if (! ssl) {
-		tvdt = "The VNC desktop";
+		tvdt = "The VNC desktop is:     ";
 	} else {
-		tvdt = "The SSL VNC desktop";
+		tvdt = "The SSL VNC desktop is: ";
 	}

 	if (iface != NULL && *iface != '\0' && strcmp(iface, "any")) {
@@ -1993,18 +1999,18 @@ static void announce(int lport, int ssl, char *iface) {
 			if (lport >= 5900) {
 				snprintf(vnc_desktop_name, sz, "%s:%d",
 				    host, lport - 5900);
-				fprintf(stderr, "%s is %s\n", tvdt,
+				fprintf(stderr, "%s %s\n", tvdt,
 				    vnc_desktop_name);
 			} else {
 				snprintf(vnc_desktop_name, sz, "%s:%d",
 				    host, lport);
-				fprintf(stderr, "%s is %s\n", tvdt,
+				fprintf(stderr, "%s %s\n", tvdt,
 				    vnc_desktop_name);
 			}
 		} else if (lport >= 5900) {
 			snprintf(vnc_desktop_name, sz, "%s:%d",
 			    host, lport - 5900);
-			fprintf(stderr, "%s is %s\n", tvdt, vnc_desktop_name);
+			fprintf(stderr, "%s %s\n", tvdt, vnc_desktop_name);
 			if (lport >= 6000) {
 				rfbLog("possible aliases:  %s:%d, "
 				    "%s::%d\n", host, lport,
@@ -2013,17 +2019,41 @@ static void announce(int lport, int ssl, char *iface) {
 		} else {
 			snprintf(vnc_desktop_name, sz, "%s:%d",
 			    host, lport);
-			fprintf(stderr, "%s is %s\n", tvdt, vnc_desktop_name);
+			fprintf(stderr, "%s %s\n", tvdt, vnc_desktop_name);
 			rfbLog("possible alias:    %s::%d\n",
 			    host, lport);
 		}
 	}
 }

+static void announce_http(int lport, int ssl, char *iface) {
+	
+	char *host = this_host();
+	char *jvu;
+
+	if (ssl == 1) {
+		jvu = "Java SSL viewer URL:     https";
+	} else if (ssl == 2) {
+		jvu = "Java SSL viewer URL:     http";
+	} else {
+		jvu = "Java viewer URL:         http";
+	}
+
+	if (iface != NULL && *iface != '\0' && strcmp(iface, "any")) {
+		host = iface;
+	}
+	if (host != NULL) {
+		if (! inetd) {
+			fprintf(stderr, "%s://%s:%d/\n", jvu, host, lport);
+		}
+	}
+}
+
 void set_vnc_desktop_name(void) {
 	sprintf(vnc_desktop_name, "unknown");
 	if (inetd) {
-		sprintf(vnc_desktop_name, "inetd-no-further-clients");
+		sprintf(vnc_desktop_name, "%s/inetd-no-further-clients",
+		    this_host());
 	}
 	if (screen->port) {

@@ -2031,10 +2061,28 @@ void set_vnc_desktop_name(void) {
 			rfbLog("\n");
 		}

-		announce(screen->port, 0, listen_str);
+		if (use_openssl) {
+			announce(screen->port, 1, listen_str);
+		} else {
+			announce(screen->port, 0, listen_str);
+		}
 		if (stunnel_port) {
 			announce(stunnel_port, 1, NULL);
 		}
+		if (screen->httpListenSock > -1 && screen->httpPort) {
+			if (use_openssl) {
+				announce_http(screen->port, 1, listen_str);
+				if (https_port_num >= 0) {
+					announce_http(https_port_num, 1,
+					    listen_str);
+				}
+				announce_http(screen->httpPort, 2, listen_str);
+			} else if (use_stunnel) {
+				announce_http(screen->httpPort, 2, listen_str);
+			} else {
+				announce_http(screen->httpPort, 0, listen_str);
+			}
+		}
 		
 		fflush(stderr);	
 		if (inetd) {
@@ -2043,6 +2091,8 @@ void set_vnc_desktop_name(void) {
 			fprintf(stdout, "PORT=%d\n", screen->port);
 			if (stunnel_port) {
 				fprintf(stdout, "SSLPORT=%d\n", stunnel_port);
+			} else if (use_openssl) {
+				fprintf(stdout, "SSLPORT=%d\n", screen->port);
 			}
 			fflush(stdout);	
 			if (flagfile) {

--- a/x11vnc/sslcmds.c
+++ b/x11vnc/sslcmds.c
@@ -29,6 +29,8 @@ void check_stunnel(void) {
 	}
 	last_check = now;

+	/* double check that stunnel is still running: */
+
 	if (stunnel_pid > 0) {
 		int status;
 		waitpid(stunnel_pid, &status, WNOHANG); 

--- a/x11vnc/sslhelper.c
+++ b/x11vnc/sslhelper.c
--- a/x11vnc/sslhelper.h
+++ b/x11vnc/sslhelper.h
@@ -4,14 +4,23 @@
 /* -- sslhelper.h -- */


+#define OPENSSL_INETD 1
+#define OPENSSL_VNC   2
+#define OPENSSL_HTTPS 3
+
 extern int openssl_sock;
+extern int openssl_port_num;
+extern int https_sock;
 extern pid_t openssl_last_helper_pid;

 extern int openssl_present(void);
 extern void openssl_init(void);
 extern void openssl_port(void);
+extern void https_port(void);
 extern void check_openssl(void);
-extern void ssh_helper_pid(pid_t pid, int sock);
+extern void check_https(void);
+extern void ssl_helper_pid(pid_t pid, int sock);
+extern void accept_openssl(int mode);


 #endif /* _X11VNC_SSLHELPER_H */
--- a/x11vnc/tkx11vnc
+++ b/x11vnc/tkx11vnc
@@ -295,6 +295,7 @@ Permissions
 	stunnel
 	=F stunnel_pem:
 	=F sslverify:
+	https:
 	=GAL LOFF
 	=GAL Misc-Perms::
 	safer

--- a/x11vnc/tkx11vnc.h
+++ b/x11vnc/tkx11vnc.h
@@ -306,6 +306,7 @@ char gui_code[] = "";
 "	stunnel\n"
 "	=F stunnel_pem:\n"
 "	=F sslverify:\n"
+"	https:\n"
 "	=GAL LOFF\n"
 "	=GAL Misc-Perms::\n"
 "	safer\n"

--- a/x11vnc/unixpw.c
+++ b/x11vnc/unixpw.c
@@ -109,9 +109,16 @@ void unixpw_screen(int init) {

 		zero_fb(0, 0, dpy_x, dpy_y);

+		mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0);
+
 		x = nfix(dpy_x / 2 -  strlen(log) * char_w, dpy_x);
 		y = dpy_y / 4;

+		if (scaling) {
+			x = (int) (x * scale_fac);
+			y = (int) (y * scale_fac);
+		}
+
 		rfbDrawString(screen, &default8x16Font, x, y, log, white());

 		char_x = x;
@@ -120,7 +127,11 @@ void unixpw_screen(int init) {
 		char_row = 0;
 	}

-	mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0);
+	if (scaling) {
+		mark_rect_as_modified(0, 0, dpy_x, dpy_y, 1);
+	} else {
+		mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0);
+	}
 }

 	
@@ -322,7 +333,7 @@ int crypt_verify(char *user, char *pass) {
 	if (pass[n-1] == '\n') {
 		pass[n-1] = '\0';
 	}
-	cr = crypt(pass, realpw);
+	cr = (char *) crypt(pass, realpw);
 	if (cr == NULL) {
 		return 0;
 	}
@@ -741,7 +752,11 @@ if (db) fprintf(stderr, "unixpw_verify: '%s' '%s'\n", user, db > 1 ? pass : "***

 		char_col = strlen(log);

-		mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0);
+		if (scaling) {
+			mark_rect_as_modified(0, 0, dpy_x, dpy_y, 1);
+		} else {
+			mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0);
+		}

 		unixpw_last_try_time = time(0);
 		unixpw_keystroke(0, 0, 2);
@@ -805,9 +820,20 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
 				user[u_cnt-1] = '\0';
 				x = text_x();
 				y = text_y();
-				zero_fb(x - char_w, y - char_h, x, y);
-				mark_rect_as_modified(x - char_w, y - char_h,
-				    x, y, 0);
+				if (scaling) {
+					int x2 = x / scale_fac;
+					int y2 = y / scale_fac;
+					int w2 = char_w / scale_fac;
+					int h2 = char_h / scale_fac;
+					
+					zero_fb(x2 - w2, y2 - h2, x2, y2);
+					mark_rect_as_modified(x2 - w2,
+					    y2 - h2, x2, y2, 0);
+				} else {
+					zero_fb(x - char_w, y - char_h, x, y);
+					mark_rect_as_modified(x - char_w,
+					    y - char_h, x, y, 0);
+				}
 				char_col--;
 				u_cnt--;
 			}
@@ -836,7 +862,11 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
 			    white());

 			char_col = strlen(pw);
-			mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0);
+			if (scaling) {
+				mark_rect_as_modified(0, 0, dpy_x, dpy_y, 1);
+			} else {
+				mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0);
+			}
 			return;
 		}
 		if (keysym <= ' ' || keysym >= 0x7f) {
@@ -862,7 +892,11 @@ if (db && db <= 2) fprintf(stderr, "u_cnt: %d %d/%d ks: 0x%x  %s\n", u_cnt, x, y
 		keystr[1] = '\0';
 		rfbDrawString(screen, &default8x16Font, x, y, keystr, white());

-		mark_rect_as_modified(x, y-char_h, x+char_w, y, 0);
+		if (scaling) {
+			mark_rect_as_modified(x, y-char_h, x+char_w, y, 1);
+		} else {
+			mark_rect_as_modified(x, y-char_h, x+char_w, y, 0);
+		}
 		char_col++;

 	} else if (in_passwd) {
@@ -920,6 +954,10 @@ static void apply_opts (char *user) {
 	ClientData *cd = (ClientData *) unixpw_client->clientData;
 	rfbClientPtr cl = unixpw_client;
 	int i;
+
+	if (! cd) {
+		return;
+	}
 	
 	if (user) {
 		if (cd->unixname) {
@@ -1000,7 +1038,11 @@ void unixpw_deny(void) {
 	y = char_y + char_row * char_h;

 	rfbDrawString(screen, &default8x16Font, x, y, pd, white());
-	mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0);
+	if (scaling) {
+		mark_rect_as_modified(0, 0, dpy_x, dpy_y, 1);
+	} else {
+		mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0);
+	}

 	for (i=0; i<5; i++) {
 		rfbPE(-1);

--- a/x11vnc/x11vnc.1
+++ b/x11vnc/x11vnc.1
--- a/x11vnc/x11vnc.c
+++ b/x11vnc/x11vnc.c
@@ -473,6 +473,7 @@ if (debug_scroll) fprintf(stderr, "watch_loop: LOOP-BACK: %d\n", ret);
 			check_gui_inputs();		
 			check_stunnel();		
 			check_openssl();		
+			check_https();		
 			record_last_fb_update();
 			check_padded_fb();		
 			check_fixscreen();		
@@ -1617,6 +1618,16 @@ int main(int argc, char* argv[]) {
 					i++;
 				}
 			}
+		} else if (!strcmp(arg, "-https")) {
+			https_port_num = 0;
+			try_http = 1;
+			if (i < argc-1) {
+				char *s = argv[i+1];
+				if (s[0] != '-') {
+					https_port_num = atoi(s);
+					i++;
+				}
+			}
 		} else if (!strcmp(arg, "-nopw")) {
 			nopw = 1;
 		} else if (!strcmp(arg, "-usepw")) {
@@ -2403,7 +2414,10 @@ int main(int argc, char* argv[]) {
 		launch_gui = 0;
 	}

-	if (! inetd && unixpw) {
+	if (unixpw) {
+		if (inetd) {
+			use_stunnel = 0;
+		}
 		if (! use_stunnel && ! use_openssl) {
 			if (have_ssh_env()) {
 				char *s = getenv("SSH_CONNECTION");
@@ -2426,6 +2440,9 @@ int main(int argc, char* argv[]) {
 				if (openssl_present()) {
 					rfbLog("set -ssl in -unixpw mode.\n");
 					use_openssl = 1;
+				} else if (inetd) {
+					rfbLog("could not set -ssl in -inetd + -unixpw mode.\n");
+					exit(1);
 				} else {
 					rfbLog("set -stunnel in -unixpw mode.\n");
 					use_stunnel = 1;
@@ -2447,6 +2464,10 @@ int main(int argc, char* argv[]) {
 		rfbLog("-sslverify must be used with -ssl or -stunnel\n");
 		exit(1);
 	}
+	if (https_port_num >= 0 && ! use_openssl) {
+		rfbLog("-https must be used with -ssl\n");
+		exit(1);
+	}

 	/* fixup settings that do not make sense */
 		
@@ -2498,7 +2519,9 @@ int main(int argc, char* argv[]) {
 		shared = 0;
 		connect_once = 1;
 		bg = 0;
-		use_stunnel = 0;
+		if (use_stunnel) {
+			exit(1);
+		}
 		/* others? */
 	}

@@ -3065,6 +3088,9 @@ int main(int argc, char* argv[]) {

 	initialize_allowed_input();

+	if (inetd && use_openssl) {
+		accept_openssl(OPENSSL_INETD);
+	}
 	if (! inetd && ! use_openssl) {
 		if (! screen->port || screen->listenSock < 0) {
 			rfbLogEnable(1);

--- a/x11vnc/x11vnc.h
+++ b/x11vnc/x11vnc.h
@@ -46,6 +46,7 @@
 * -DVNCSHARED  to have the vnc display shared by default.
 * -DFOREVER  to have -forever on by default.
 * -DNOREPEAT=0  to have -repeat on by default.
+ * -DXINERAMA=0  to have -noxinerama on by default.
 * -DADDKEYSYMS=0  to have -noadd_keysyms the default.
 *
 * -DREMOTE_DEFAULT=0  to disable remote-control on by default (-yesremote).
@@ -93,6 +94,10 @@
 #define REMOTE_CONTROL 1
 #endif

+#ifndef XINERAMA
+#define XINERAMA 1
+#endif
+
 #ifndef NOPW
 #define NOPW 0
 #endif
@@ -465,7 +470,7 @@ typedef struct _ClientData {
 	int login_viewonly;
 	time_t login_time;

-	pid_t ssh_helper_pid;
+	pid_t ssl_helper_pid;

 	int had_cursor_shape_updates;
 	int had_cursor_pos_updates;

--- a/x11vnc/x11vnc_defs.c
+++ b/x11vnc/x11vnc_defs.c
@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
 int xdamage_base_event_type = 0;

 /*               date +'lastmod: %Y-%m-%d' */
-char lastmod[] = "0.8.1 lastmod: 2006-03-11";
+char lastmod[] = "0.8.1 lastmod: 2006-03-27";

 /* X display info */


--- a/x11vnc/xwrappers.c
+++ b/x11vnc/xwrappers.c
@@ -680,8 +680,10 @@ void disable_grabserver(Display *in_dpy, int change) {
 		}
 	}
 	if (! ok && ! didmsg) {
-		rfbLog("No XTEST or DEC-XTRAP protection from XGrabServer.\n");
-		rfbLog("Deadlock if your window manager calls XGrabServer!!\n");
+		rfbLog("*********************************************************\n");
+		rfbLog("* No XTEST or DEC-XTRAP protection from XGrabServer !!! *\n");
+		rfbLog("* DEADLOCK if your window manager calls XGrabServer !!! *\n");
+		rfbLog("*********************************************************\n");
 	}
 	XFlush(in_dpy);
 }