Commit 5c53ccbb authored by runge's avatar runge

Improvements to Java viewer: troubleshooting settings and workarounds, misc bug fixes.

parent 91d0e2fd
...@@ -382,7 +382,9 @@ if [ "X$reverse" != "X" ]; then ...@@ -382,7 +382,9 @@ if [ "X$reverse" != "X" ]; then
echo "*Warning*: -listen and a single proxy/gateway does not make sense." echo "*Warning*: -listen and a single proxy/gateway does not make sense."
sleep 2 sleep 2
fi fi
SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
# we now try to PPROXY_LOOP_THYSELF, set this var to disable that.
#SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
fi fi
fi fi
if [ "X$ssh_cmd" = "X" ]; then if [ "X$ssh_cmd" = "X" ]; then
...@@ -520,12 +522,6 @@ if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then ...@@ -520,12 +522,6 @@ if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
fi fi
fi fi
# (possibly) tell the vncviewer to only listen on lo:
if [ "X$reverse" != "X" -a "X$direct_connect" = "X" ]; then
VNCVIEWER_LISTEN_LOCALHOST=1
export VNCVIEWER_LISTEN_LOCALHOST
fi
# rsh mode is an internal/secret thing only I use. # rsh mode is an internal/secret thing only I use.
rsh="" rsh=""
if echo "$orig" | grep '^rsh://' > /dev/null; then if echo "$orig" | grep '^rsh://' > /dev/null; then
...@@ -551,11 +547,98 @@ else ...@@ -551,11 +547,98 @@ else
fi fi
# extract host and disp number: # extract host and disp number:
host=`echo "$orig" | awk -F: '{print $1}'`
disp=`echo "$orig" | awk -F: '{print $2}'` # try to see if it is ipv6 address:
ipv6=0
if echo "$orig" | grep '\[' > /dev/null; then
# ipv6 [fe80::219:dbff:fee5:3f92%eth1]:5900
host=`echo "$orig" | sed -e 's/\].*$//' -e 's/\[//'`
disp=`echo "$orig" | sed -e 's/^.*\]://'`
ipv6=1
elif echo "$orig" | grep ':..*:' > /dev/null; then
# ipv6 fe80::219:dbff:fee5:3f92%eth1:5900
host=`echo "$orig" | sed -e 's/:[^:]*$//'`
disp=`echo "$orig" | sed -e 's/^.*://'`
ipv6=1
else
# regular host:port
host=`echo "$orig" | awk -F: '{print $1}'`
disp=`echo "$orig" | awk -F: '{print $2}'`
fi
if [ "X$reverse" != "X" -a "X$STUNNEL_LISTEN" = "X" -a "X$host" != "X" ]; then
STUNNEL_LISTEN=$host
echo "set STUNNEL_LISTEN=$STUNNEL_LISTEN"
fi
if [ "X$host" = "X" ]; then if [ "X$host" = "X" ]; then
host=$localhost host=$localhost
fi fi
if [ "X$SSVNC_IPV6" = "X0" ]; then
# disable checking for it.
ipv6=0
#elif [ "X$reverse" != "X" -a "X$ipv6" = "X1" ]; then
# ipv6=0
elif [ "X$ipv6" = "X1" ]; then
:
elif echo "$host" | grep '^[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' > /dev/null; then
:
else
# regular hostname, can't be sure...
host "$host" >/dev/null 2>&1
host "$host" >/dev/null 2>&1
hout=`host "$host" 2>/dev/null`
if echo "$hout" | grep -i 'has ipv6 address' > /dev/null; then
if echo "$hout" | grep -i 'has address' > /dev/null; then
:
else
echo "ipv6: "`echo "$hout" | grep -i 'has ipv6 address' | head -n 1`
ipv6=1
fi
fi
if [ "X$ipv6" = "X0" ]; then
dout=`dig -t any "$host" 2>/dev/null`
if echo "$dout" | grep -i "^$host" | grep '[ ]AAAA[ ]' > /dev/null; then
if echo "$dout" | grep -i "^$host" | grep '[ ]A[ ]' > /dev/null; then
:
else
echo "ipv6: "`echo "$dout" | grep -i '[ ]AAAA[ ]' | head -n 1`
ipv6=1
fi
fi
fi
if [ "X$ipv6" = "X0" ]; then
sout=`env LOOKUP="$host" \
perl -e ' eval {use Socket}; exit 0 if $@;
eval {use Socket6}; exit 0 if $@;
@res = getaddrinfo($ENV{LOOKUP}, "daytime", AF_UNSPEC, SOCK_STREAM);
$ipv4 = 0;
$ipv6 = 0;
$ip6 = "";
while (scalar(@res) >= 5) {
($family, $socktype, $proto, $saddr, $canon, @res) = @res;
$ipv4 = 1 if $family == AF_INET;
$ipv6 = 1 if $family == AF_INET6;
if ($family == AF_INET6 && $ip6 eq "") {
my ($host, $port) = getnameinfo($saddr, NI_NUMERICHOST | NI_NUMERICSERV);
$ip6 = $host;
}
}
if (! $ipv4 && $ipv6) {
print "AF_INET6_ONLY: $ENV{LOOKUP}: $ip6\n";
}
exit 0;
' 2>/dev/null`
if echo "$sout" | grep AF_INET6_ONLY > /dev/null; then
echo "$sout"
ipv6=1
fi
fi
fi
if [ "X$ipv6" = "X1" ]; then
echo "ipv6: addr=$host disp=$disp"
fi
if [ "X$disp" = "X" ]; then if [ "X$disp" = "X" ]; then
port="" # probably -listen mode. port="" # probably -listen mode.
elif [ $disp -lt 0 ]; then elif [ $disp -lt 0 ]; then
...@@ -573,6 +656,21 @@ else ...@@ -573,6 +656,21 @@ else
port=$disp port=$disp
fi fi
if [ "X$ipv6" = "X1" -a "X$direct_connect" = "X1" ]; then
if [ "X$proxy" = "X" -a "X$reverse" = "X" ]; then
proxy="ipv6://$host:$port"
echo "direct connect: set proxy=$proxy"
fi
fi
# (possibly) tell the vncviewer to only listen on lo:
if [ "X$reverse" != "X" ]; then
if [ "X$direct_connect" = "X" -o "X$proxy" != "X" -o "X$STUNNEL_LISTEN" != "X" ]; then
VNCVIEWER_LISTEN_LOCALHOST=1
export VNCVIEWER_LISTEN_LOCALHOST
fi
fi
# try to find an open listening port via netstat(1): # try to find an open listening port via netstat(1):
inuse="" inuse=""
if uname | grep Linux > /dev/null; then if uname | grep Linux > /dev/null; then
...@@ -787,6 +885,60 @@ pcode() { ...@@ -787,6 +885,60 @@ pcode() {
use IO::Socket::INET; use IO::Socket::INET;
my $have_inet6 = "";
eval "use IO::Socket::INET6;";
$have_inet6 = 1 if $@ eq "";
#my $have_sock6 = "";
#eval "use Socket; use Socket6;";
#$have_sock6 = 1 if $@ eq "";
if (exists $ENV{PPROXY_LOOP_THYSELF}) {
# used for reverse vnc, run a repeating outer loop.
print STDERR "PPROXY_LOOP: $ENV{PPROXY_LOOP_THYSELF}\n";
my $rm = $ENV{PPROXY_REMOVE};
my $lp = $ENV{PPROXY_LOOP_THYSELF};
delete $ENV{PPROXY_REMOVE};
delete $ENV{PPROXY_LOOP_THYSELF};
$ENV{PPROXY_LOOP_THYSELF_MASTER} = $$;
my $pid = $$;
my $dbg = 0;
my $c = 0;
use POSIX ":sys_wait_h";
while (1) {
$pid = fork();
last if ! defined $pid;
if ($pid eq "0") {
last;
}
$c++;
print STDERR "\nPPROXY_LOOP: pid=$$ child=$pid count=$c\n";
while (1) {
waitpid(-1, WNOHANG);
fsleep(0.25);
if (! kill 0, $pid) {
print STDERR "PPROXY_LOOP: child=$pid gone.\n";
last;
}
print STDERR "PPROXY_LOOP: child=$pid alive.\n" if $dbg;
if (! -f $lp) {
print STDERR "PPROXY_LOOP: flag file $lp gone, killing $pid\n";
kill TERM, $pid;
fsleep(0.1);
wait;
last;
}
print STDERR "PPROXY_LOOP: file exists $lp\n" if $dbg;
}
last if ! -f $lp;
fsleep(0.25);
}
if ($pid ne "0") {
unlink($0) if $rm;
exit 0;
}
}
if (exists $ENV{PPROXY_SLEEP} && $ENV{PPROXY_SLEEP} > 0) { if (exists $ENV{PPROXY_SLEEP} && $ENV{PPROXY_SLEEP} > 0) {
print STDERR "PPROXY_PID: $$\n"; print STDERR "PPROXY_PID: $$\n";
sleep $ENV{PPROXY_SLEEP}; sleep $ENV{PPROXY_SLEEP};
...@@ -835,7 +987,7 @@ if (exists $ENV{SSVNC_PREDIGESTED_HANDSHAKE}) { ...@@ -835,7 +987,7 @@ if (exists $ENV{SSVNC_PREDIGESTED_HANDSHAKE}) {
} }
my $have_gettimeofday = 0; my $have_gettimeofday = 0;
eval "use Time::HiRes"; eval "use Time::HiRes;";
if ($@ eq "") { if ($@ eq "") {
$have_gettimeofday = 1; $have_gettimeofday = 1;
} }
...@@ -862,7 +1014,11 @@ my ($mode_1st, $mode_2nd, $mode_3rd) = ("", "", ""); ...@@ -862,7 +1014,11 @@ my ($mode_1st, $mode_2nd, $mode_3rd) = ("", "", "");
($first, $mode_1st) = url_parse($first); ($first, $mode_1st) = url_parse($first);
my ($proxy_host, $proxy_port) = split(/:/, $first); my ($proxy_host, $proxy_port) = ($first, "");
if ($proxy_host =~ /^(.*):(\d+)$/) {
$proxy_host = $1;
$proxy_port = $2;
}
my $connect = $ENV{PPROXY_DEST}; my $connect = $ENV{PPROXY_DEST};
if ($second ne "") { if ($second ne "") {
...@@ -875,13 +1031,15 @@ if ($third ne "") { ...@@ -875,13 +1031,15 @@ if ($third ne "") {
print STDERR "\n"; print STDERR "\n";
print STDERR "PPROXY v0.3: a tool for Web, SOCKS, and UltraVNC proxies and VeNCrypt bridging.\n"; print STDERR "PPROXY v0.4: a tool for Web, SOCKS, and UltraVNC proxies and for\n";
print STDERR "PPROXY v0.4: IPv6 and VNC VeNCrypt bridging.\n";
print STDERR "proxy_host: $proxy_host\n"; print STDERR "proxy_host: $proxy_host\n";
print STDERR "proxy_port: $proxy_port\n"; print STDERR "proxy_port: $proxy_port\n";
print STDERR "proxy_connect: $connect\n"; print STDERR "proxy_connect: $connect\n";
print STDERR "pproxy_params: $ENV{PPROXY_PROXY}\n"; print STDERR "pproxy_params: $ENV{PPROXY_PROXY}\n";
print STDERR "pproxy_listen: $ENV{PPROXY_LISTEN}\n"; print STDERR "pproxy_listen: $ENV{PPROXY_LISTEN}\n";
print STDERR "pproxy_reverse: $ENV{PPROXY_REVERSE}\n"; print STDERR "pproxy_reverse: $ENV{PPROXY_REVERSE}\n";
print STDERR "io_socket_inet6: $have_inet6\n";
print STDERR "\n"; print STDERR "\n";
if (1) { if (1) {
print STDERR "pproxy 1st: $first\t- $mode_1st\n"; print STDERR "pproxy 1st: $first\t- $mode_1st\n";
...@@ -897,15 +1055,29 @@ sub pdie { ...@@ -897,15 +1055,29 @@ sub pdie {
} }
if ($ENV{PPROXY_REVERSE} ne "") { if ($ENV{PPROXY_REVERSE} ne "") {
my ($rhost, $rport) = split(/:/, $ENV{PPROXY_REVERSE}); my ($rhost, $rport) = ($ENV{PPROXY_REVERSE}, "");
if ($rhost =~ /^(.*):(\d+)$/) {
$rhost = $1;
$rport = $2;
}
$rport = 5900 unless $rport; $rport = 5900 unless $rport;
my $emsg = "";
$listen_handle = IO::Socket::INET->new( $listen_handle = IO::Socket::INET->new(
PeerAddr => $rhost, PeerAddr => $rhost,
PeerPort => $rport, PeerPort => $rport,
Proto => "tcp" Proto => "tcp"
); );
$emsg = $!;
if (! $listen_handle && $have_inet6) {
eval {$listen_handle = IO::Socket::INET6->new(
PeerAddr => $rhost,
PeerPort => $rport,
Proto => "tcp"
);};
$emsg .= " / $!";
}
if (! $listen_handle) { if (! $listen_handle) {
pdie "pproxy: $! -- PPROXY_REVERSE\n"; pdie "pproxy: $emsg -- PPROXY_REVERSE\n";
} }
print STDERR "PPROXY_REVERSE: connected to $rhost $rport\n"; print STDERR "PPROXY_REVERSE: connected to $rhost $rport\n";
...@@ -914,27 +1086,75 @@ if ($ENV{PPROXY_REVERSE} ne "") { ...@@ -914,27 +1086,75 @@ if ($ENV{PPROXY_REVERSE} ne "") {
my $maxtry = 12; my $maxtry = 12;
my $sleep = 5; my $sleep = 5;
my $p2 = ""; my $p2 = "";
my $emsg = "";
for (my $i=0; $i < $maxtry; $i++) { for (my $i=0; $i < $maxtry; $i++) {
if ($ENV{PPROXY_LISTEN} =~ /^INADDR_ANY:(.*)/) { my ($if, $p) = ("", $ENV{PPROXY_LISTEN});
my $p = $1; if ($p =~ /^(.*):(\d+)$/) {
$p2 = "*:$p"; $if = $1;
$p = $2;
}
$p2 = "*:$p";
if ($if eq "") {
$if = "localhost";
}
print STDERR "pproxy interface: $if\n";
$emsg = "";
if (($if eq "INADDR_ANY6" || $if eq "::") && $have_inet6) {
eval {$listen_sock = IO::Socket::INET6->new(
Listen => 2,
ReuseAddr => 1,
Domain => AF_INET6,
LocalAddr => "::",
LocalPort => $p,
Proto => "tcp"
);};
$p2 = ":::$p";
} elsif ($if =~ /^INADDR_ANY/) {
$listen_sock = IO::Socket::INET->new( $listen_sock = IO::Socket::INET->new(
Listen => 2, Listen => 2,
ReuseAddr => 1,
LocalPort => $p, LocalPort => $p,
Proto => "tcp" Proto => "tcp"
); );
} elsif (($if eq "INADDR_LOOPBACK6" || $if eq "::1") && $have_inet6) {
$p2 = "::1:$p";
eval {$listen_sock = IO::Socket::INET6->new(
Listen => 2,
ReuseAddr => 1,
Domain => AF_INET6,
LocalAddr => "::1",
LocalPort => $p,
Proto => "tcp"
);};
$p2 = "::1:$p";
} else { } else {
$p2 = "localhost:$ENV{PPROXY_LISTEN}"; $p2 = "$if:$p";
$listen_sock = IO::Socket::INET->new( $listen_sock = IO::Socket::INET->new(
Listen => 2, Listen => 2,
LocalAddr => "127.0.0.1", ReuseAddr => 1,
LocalPort => $ENV{PPROXY_LISTEN}, LocalAddr => $if,
LocalPort => $p,
Proto => "tcp" Proto => "tcp"
); );
$emsg = $!;
if (! $listen_sock && $have_inet6) {
print STDERR "PPROXY_LISTEN: retry with INET6\n";
eval {$listen_sock = IO::Socket::INET6->new(
Listen => 2,
ReuseAddr => 1,
Domain => AF_INET6,
LocalAddr => $if,
LocalPort => $p,
Proto => "tcp"
);};
$emsg .= " / $!";
}
} }
if (! $listen_sock) { if (! $listen_sock) {
if ($i < $maxtry - 1) { if ($i < $maxtry - 1) {
warn "pproxy: $!\n"; warn "pproxy: $emsg $!\n";
warn "Could not listen on port $p2, retrying in $sleep seconds... (Ctrl-C to quit)\n"; warn "Could not listen on port $p2, retrying in $sleep seconds... (Ctrl-C to quit)\n";
sleep $sleep; sleep $sleep;
} }
...@@ -943,7 +1163,7 @@ if ($ENV{PPROXY_REVERSE} ne "") { ...@@ -943,7 +1163,7 @@ if ($ENV{PPROXY_REVERSE} ne "") {
} }
} }
if (! $listen_sock) { if (! $listen_sock) {
pdie "pproxy: $! -- PPROXY_LISTEN\n"; pdie "pproxy: $emsg -- PPROXY_LISTEN\n";
} }
print STDERR "pproxy: listening on $p2\n"; print STDERR "pproxy: listening on $p2\n";
my $ip; my $ip;
...@@ -953,6 +1173,24 @@ if ($ENV{PPROXY_REVERSE} ne "") { ...@@ -953,6 +1173,24 @@ if ($ENV{PPROXY_REVERSE} ne "") {
if (! $listen_handle) { if (! $listen_handle) {
pdie "pproxy: $err\n"; pdie "pproxy: $err\n";
} }
if ($ENV{PPROXY_LOOP_THYSELF_MASTER}) {
my $sml = $ENV{SSVNC_MULTIPLE_LISTEN};
if ($sml ne "" && $sml ne "0") {
setpgrp(0, 0);
if (fork()) {
close $viewer_sock;
wait;
exit 0;
}
if (fork()) {
close $viewer_sock;
exit 0;
}
setpgrp(0, 0);
$parent = $$;
}
}
} }
$sock = IO::Socket::INET->new( $sock = IO::Socket::INET->new(
...@@ -961,15 +1199,27 @@ $sock = IO::Socket::INET->new( ...@@ -961,15 +1199,27 @@ $sock = IO::Socket::INET->new(
Proto => "tcp" Proto => "tcp"
); );
my $err = "";
if (! $sock && $have_inet6) {
$err = $!;
eval {$sock = IO::Socket::INET6->new(
PeerAddr => $proxy_host,
PeerPort => $proxy_port,
Proto => "tcp"
);};
$err .= " / $!";
}
if (! $sock) { if (! $sock) {
my $err = $!;
unlink($0) if $ENV{PPROXY_REMOVE}; unlink($0) if $ENV{PPROXY_REMOVE};
pdie "pproxy: $err\n"; pdie "pproxy: $err\n";
} }
unlink($0) if $ENV{PPROXY_REMOVE}; unlink($0) if $ENV{PPROXY_REMOVE};
if ($ENV{PPROXY_PROXY} =~ /^vencrypt:/ && $ENV{PPROXY_LISTEN} =~ /^INADDR_ANY:/) { if ($ENV{PPROXY_PROXY} =~ /^vencrypt:/ && $ENV{PPROXY_VENCRYPT_REVERSE}) {
print STDERR "\nPPROXY: vencrypt+reverse: swapping listen socket with connect socket.\n"; print STDERR "\nPPROXY: vencrypt+reverse: swapping listen socket with connect socket.\n";
my $tmp_swap = $sock; my $tmp_swap = $sock;
$sock = $listen_handle; $sock = $listen_handle;
...@@ -1116,6 +1366,10 @@ xfer_both(); ...@@ -1116,6 +1366,10 @@ xfer_both();
exit; exit;
sub fsleep {
select(undef, undef, undef, shift);
}
sub url_parse { sub url_parse {
my $hostport = shift; my $hostport = shift;
my $mode = "http"; my $mode = "http";
...@@ -1128,11 +1382,14 @@ sub url_parse { ...@@ -1128,11 +1382,14 @@ sub url_parse {
} elsif ($hostport =~ m,^https?://(\S*)$,i) { } elsif ($hostport =~ m,^https?://(\S*)$,i) {
$mode = "http"; $mode = "http";
$hostport = $1; $hostport = $1;
} elsif ($hostport =~ m,^ipv6://(\S*)$,i) {
$mode = "ipv6";
$hostport = $1;
} elsif ($hostport =~ m,^repeater://(\S*)\+(\S*)$,i) { } elsif ($hostport =~ m,^repeater://(\S*)\+(\S*)$,i) {
# ultravnc repeater proxy. # ultravnc repeater proxy.
$hostport = $1; $hostport = $1;
$mode = "repeater:$2"; $mode = "repeater:$2";
if ($hostport !~ /:\d+/) { if ($hostport !~ /:\d+$/) {
$hostport .= ":5900"; $hostport .= ":5900";
} }
} elsif ($hostport =~ m,^vencrypt://(\S*)$,i) { } elsif ($hostport =~ m,^vencrypt://(\S*)$,i) {
...@@ -1144,7 +1401,7 @@ sub url_parse { ...@@ -1144,7 +1401,7 @@ sub url_parse {
$mode = $2; $mode = $2;
} }
$mode = "vencrypt:$m"; $mode = "vencrypt:$m";
if ($hostport !~ /:\d+/) { if ($hostport !~ /:\d+$/) {
$hostport .= ":5900"; $hostport .= ":5900";
} }
} }
...@@ -1161,6 +1418,8 @@ sub setmode { ...@@ -1161,6 +1418,8 @@ sub setmode {
} else { } else {
$ENV{PPROXY_SOCKS} = 1; $ENV{PPROXY_SOCKS} = 1;
} }
} elsif ($mode =~ /^ipv6/i) {
$ENV{PPROXY_SOCKS} = 0;
} elsif ($mode =~ /^repeater:(.*)/) { } elsif ($mode =~ /^repeater:(.*)/) {
$ENV{PPROXY_REPEATER} = $1; $ENV{PPROXY_REPEATER} = $1;
$ENV{PPROXY_SOCKS} = ""; $ENV{PPROXY_SOCKS} = "";
...@@ -1180,7 +1439,11 @@ sub connection { ...@@ -1180,7 +1439,11 @@ sub connection {
if ($ENV{PPROXY_SOCKS} eq "5") { if ($ENV{PPROXY_SOCKS} eq "5") {
# SOCKS5 # SOCKS5
my ($h, $p) = split(/:/, $CONNECT); my ($h, $p) = ($CONNECT, "");
if ($h =~ /^(.*):(\d+)$/) {
$h = $1;
$p = $2;
}
$con .= pack("C", 0x05); $con .= pack("C", 0x05);
$con .= pack("C", 0x01); $con .= pack("C", 0x01);
$con .= pack("C", 0x00); $con .= pack("C", 0x00);
...@@ -1242,9 +1505,13 @@ sub connection { ...@@ -1242,9 +1505,13 @@ sub connection {
exit(1); exit(1);
} }
} elsif ($ENV{PPROXY_SOCKS} ne "") { } elsif ($ENV{PPROXY_SOCKS} eq "1") {
# SOCKS4 SOCKS4a # SOCKS4 SOCKS4a
my ($h, $p) = split(/:/, $CONNECT); my ($h, $p) = ($CONNECT, "");
if ($h =~ /^(.*):(\d+)$/) {
$h = $1;
$p = $2;
}
$con .= pack("C", 0x04); $con .= pack("C", 0x04);
$con .= pack("C", 0x01); $con .= pack("C", 0x01);
$con .= pack("n", $p); $con .= pack("n", $p);
...@@ -1296,6 +1563,9 @@ sub connection { ...@@ -1296,6 +1563,9 @@ sub connection {
close $sock; close $sock;
exit(1); exit(1);
} }
} elsif ($ENV{PPROXY_SOCKS} eq "0") {
# hack for ipv6 "proxy", nothing to do, assume INET6 call worked.
;
} elsif ($ENV{PPROXY_REPEATER} ne "") { } elsif ($ENV{PPROXY_REPEATER} ne "") {
my $rep = $ENV{PPROXY_REPEATER}; my $rep = $ENV{PPROXY_REPEATER};
print STDERR "repeater: $rep\n"; print STDERR "repeater: $rep\n";
...@@ -1582,6 +1852,7 @@ sub do_vencrypt_viewer_bridge { ...@@ -1582,6 +1852,7 @@ sub do_vencrypt_viewer_bridge {
for (my $i=0; $i < $maxtry; $i++) { for (my $i=0; $i < $maxtry; $i++) {
$listen_sock = IO::Socket::INET->new( $listen_sock = IO::Socket::INET->new(
Listen => 2, Listen => 2,
ReuseAddr => 1,
LocalAddr => "127.0.0.1", LocalAddr => "127.0.0.1",
LocalPort => $listen, LocalPort => $listen,
Proto => "tcp" Proto => "tcp"
...@@ -1606,6 +1877,23 @@ sub do_vencrypt_viewer_bridge { ...@@ -1606,6 +1877,23 @@ sub do_vencrypt_viewer_bridge {
if (! $viewer_sock) { if (! $viewer_sock) {
die "pproxy: vencrypt_viewer_bridge[$$]: $err\n"; die "pproxy: vencrypt_viewer_bridge[$$]: $err\n";
} }
if ($ENV{PPROXY_LOOP_THYSELF_MASTER}) {
my $sml = $ENV{SSVNC_MULTIPLE_LISTEN};
if ($sml ne "" && $sml ne "0") {
setpgrp(0, 0);
if (fork()) {
close $viewer_sock;
wait;
exit 0;
}
if (fork()) {
close $viewer_sock;
exit 0;
}
setpgrp(0, 0);
$parent = $$;
}
}
print STDERR "vencrypt_viewer_bridge[$$]: viewer_sock $viewer_sock\n" if $db; print STDERR "vencrypt_viewer_bridge[$$]: viewer_sock $viewer_sock\n" if $db;
print STDERR "pproxy: vencrypt_viewer_bridge[$$]: connecting to 127.0.0.1:$connect\n"; print STDERR "pproxy: vencrypt_viewer_bridge[$$]: connecting to 127.0.0.1:$connect\n";
...@@ -2055,13 +2343,18 @@ NHAFL_warning() { ...@@ -2055,13 +2343,18 @@ NHAFL_warning() {
echo "** Warning: you to manually remove a key from ~/.ssh/known_hosts.)" echo "** Warning: you to manually remove a key from ~/.ssh/known_hosts.)"
echo "** Warning: " echo "** Warning: "
echo "** Warning: This decreases security: a Man-In-The-Middle attack is possible." echo "** Warning: This decreases security: a Man-In-The-Middle attack is possible."
echo "** Warning: For chained ssh connections the first ssh leg is secure but the"
echo "** Warning: 2nd ssh leg is vulnerable. For an ssh connection going through"
echo "** Warning: a HTTP or SOCKS proxy the ssh connection is vulnerable."
echo "** Warning: "
echo "** Warning: You can set the SSVNC_SSH_LOCALHOST_AUTH=1 env. var. to disable" echo "** Warning: You can set the SSVNC_SSH_LOCALHOST_AUTH=1 env. var. to disable"
echo "** Warning: using the NoHostAuthenticationForLocalhost ssh option." echo "** Warning: using the NoHostAuthenticationForLocalhost=yes ssh option."
echo "** Warning: " echo "** Warning: "
echo "** Warning: A better solution is to configure (in the SSVNC GUI) the setting:" echo "** Warning: A better solution is to configure (in the SSVNC GUI) the setting:"
echo "** Warning: 'Options -> Advanced -> Private SSH KnownHosts file' (or set" echo "** Warning: 'Options -> Advanced -> Private SSH KnownHosts file' (or set"
echo "** Warning: SSVNC_KNOWN_HOSTS_FILE directly) to a per-connection known hosts" echo "** Warning: SSVNC_KNOWN_HOSTS_FILE directly) to a per-connection known hosts"
echo "** Warning: file. This yields a both secure and convenient solution." echo "** Warning: file. That file holds the 'localhost' cert for this specific"
echo "** Warning: connection. This yields a both secure and convenient solution."
echo "" echo ""
} }
...@@ -2243,6 +2536,7 @@ if [ "X$use_ssh" = "X1" ]; then ...@@ -2243,6 +2536,7 @@ if [ "X$use_ssh" = "X1" ]; then
nd=`findfree 6600` nd=`findfree 6600`
PPROXY_LISTEN=$nd; export PPROXY_LISTEN PPROXY_LISTEN=$nd; export PPROXY_LISTEN
# XXX no reverse forever PPROXY_LOOP_THYSELF ...
$ptmp & $ptmp &
sleep 1 sleep 1
if [ "X$ssh_NHAFL" != "X" -a "X$did_ssh_NHAFL" != "X1" ]; then if [ "X$ssh_NHAFL" != "X" -a "X$did_ssh_NHAFL" != "X1" ]; then
...@@ -2633,6 +2927,16 @@ if [ "X$crl" != "X" ]; then ...@@ -2633,6 +2927,16 @@ if [ "X$crl" != "X" ]; then
fi fi
fi fi
if [ "X$showcert" = "X1" ]; then
if [ "X$ipv6" = "X1" -a "X$proxy" = "X" ]; then
proxy="ipv6://$host:$port"
fi
fi
if [ "X$direct_connect" != "X" -a "X$STUNNEL_LISTEN" != "X" ]; then
proxy=reverse_direct
fi
ptmp="" ptmp=""
if [ "X$proxy" != "X" ]; then if [ "X$proxy" != "X" ]; then
ptmp="/tmp/ss_vncviewer${RANDOM}.$$.pl" ptmp="/tmp/ss_vncviewer${RANDOM}.$$.pl"
...@@ -2841,9 +3145,22 @@ if [ "X$direct_connect" != "X" ]; then ...@@ -2841,9 +3145,22 @@ if [ "X$direct_connect" != "X" ]; then
PPROXY_LISTEN=$use PPROXY_LISTEN=$use
export PPROXY_LISTEN export PPROXY_LISTEN
else else
PPROXY_REVERSE="$localhost:$use" if [ "X$proxy" = "Xreverse_direct" ]; then
export PPROXY_REVERSE PPROXY_LISTEN="$STUNNEL_LISTEN:`expr 5500 + $disp`"
pps=3 PPROXY_DEST="$localhost:$use"
PPROXY_PROXY="ipv6://$localhost:$use" # not always ipv6..
export PPROXY_LISTEN PPROXY_DEST PPROXY_PROXY
pps=1
else
PPROXY_REVERSE="$localhost:$use"
export PPROXY_LISTEN
pps=3
fi
if [ "X$SSVNC_LISTEN_ONCE" != "X1" ]; then
PPROXY_LOOP_THYSELF=`mytmp "/tmp/pproxy_loop_thyself.${RANDOM}.$$"`
export PPROXY_LOOP_THYSELF
pps=2
fi
if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
pps=`expr $pps + $SSVNC_EXTRA_SLEEP` pps=`expr $pps + $SSVNC_EXTRA_SLEEP`
fi fi
...@@ -2904,10 +3221,13 @@ if [ "X$direct_connect" != "X" ]; then ...@@ -2904,10 +3221,13 @@ if [ "X$direct_connect" != "X" ]; then
echo "" echo ""
trap "final" 0 2 15 trap "final" 0 2 15
if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
echo "NOTE: The ultravnc_dsm_helper only runs once. So after the first LISTEN" if [ "X$SSVNC_LISTEN_ONCE" = "X1" ]; then
echo " ends, you may have to Press Ctrl-C and restart for another connection." echo "NOTE: The ultravnc_dsm_helper only runs once. So after the first LISTEN"
echo "" echo " ends you must restart the Listening mode. You may also need to"
SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE echo " Press Ctrl-C to stop the viewer and restart for another connection."
echo ""
fi
#SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
VNCVIEWER_LISTEN_LOCALHOST=1 VNCVIEWER_LISTEN_LOCALHOST=1
export VNCVIEWER_LISTEN_LOCALHOST export VNCVIEWER_LISTEN_LOCALHOST
dport=`expr 5500 + $disp` dport=`expr 5500 + $disp`
...@@ -2917,8 +3237,13 @@ if [ "X$direct_connect" != "X" ]; then ...@@ -2917,8 +3237,13 @@ if [ "X$direct_connect" != "X" ]; then
echo echo
echo "$ustr &" echo "$ustr &"
echo echo
$cmd & if [ "X$SSVNC_LISTEN_ONCE" = "X1" ]; then
dsm_pid=$! $cmd &
dsm_pid=$!
else
while [ 1 ]; do $cmd; sleep 1; done &
dsm_pid=$!
fi
sleep 2 sleep 2
disp=$use disp=$use
if [ $disp -ge 5500 ]; then if [ $disp -ge 5500 ]; then
...@@ -2935,6 +3260,9 @@ if [ "X$direct_connect" != "X" ]; then ...@@ -2935,6 +3260,9 @@ if [ "X$direct_connect" != "X" ]; then
echo "$VNCVIEWERCMD" "$@" -listen $disp2 echo "$VNCVIEWERCMD" "$@" -listen $disp2
echo "" echo ""
$VNCVIEWERCMD "$@" -listen $disp2 $VNCVIEWERCMD "$@" -listen $disp2
if [ "X$PPROXY_LOOP_THYSELF" != "X" ]; then
rm -f $PPROXY_LOOP_THYSELF
fi
fi fi
exit $? exit $?
fi fi
...@@ -2998,6 +3326,8 @@ else ...@@ -2998,6 +3326,8 @@ else
hloc="" hloc=""
if [ "X$use_ssh" = "X1" ]; then if [ "X$use_ssh" = "X1" ]; then
hloc="$localhost:" hloc="$localhost:"
elif [ "X$STUNNEL_LISTEN" != "X" ]; then
hloc="$STUNNEL_LISTEN:"
fi fi
if echo "$proxy" | grep -i '^vencrypt:' > /dev/null; then if echo "$proxy" | grep -i '^vencrypt:' > /dev/null; then
hloc="$localhost:" hloc="$localhost:"
...@@ -3127,7 +3457,12 @@ else ...@@ -3127,7 +3457,12 @@ else
if echo "$proxy" | grep -i '^vencrypt:' > /dev/null; then if echo "$proxy" | grep -i '^vencrypt:' > /dev/null; then
pstunnel=`echo "$proxy" | awk -F: '{print $2}'` pstunnel=`echo "$proxy" | awk -F: '{print $2}'`
plisten=`echo "$proxy" | awk -F: '{print $3}'` plisten=`echo "$proxy" | awk -F: '{print $3}'`
PPROXY_LISTEN="INADDR_ANY:$plisten"; export PPROXY_LISTEN IF=INADDR_ANY
if [ "X$STUNNEL_LISTEN" != "X" ]; then
IF=$STUNNEL_LISTEN
fi
PPROXY_VENCRYPT_REVERSE=1; export PPROXY_VENCRYPT_REVERSE
PPROXY_LISTEN="$IF:$plisten"; export PPROXY_LISTEN
PPROXY_PROXY="vencrypt://$localhost:$pstunnel"; export PPROXY_PROXY PPROXY_PROXY="vencrypt://$localhost:$pstunnel"; export PPROXY_PROXY
PPROXY_DEST="$localhost:$pstunnel"; export PPROXY_DEST PPROXY_DEST="$localhost:$pstunnel"; export PPROXY_DEST
STUNNEL_ONCE=1; export STUNNEL_ONCE STUNNEL_ONCE=1; export STUNNEL_ONCE
...@@ -3140,6 +3475,11 @@ else ...@@ -3140,6 +3475,11 @@ else
if [ $N2_trim -le 200 ]; then if [ $N2_trim -le 200 ]; then
N2_trim=`expr $N2_trim + 5500` N2_trim=`expr $N2_trim + 5500`
fi fi
if [ "X$SSVNC_LISTEN_ONCE" != "X1" ]; then
PPROXY_LOOP_THYSELF=`mytmp "/tmp/pproxy_loop_thyself1.${RANDOM}.$$"`
export PPROXY_LOOP_THYSELF
PPROXY_LOOP_THYSELF0=$PPROXY_LOOP_THYSELF
fi
env PPROXY_REMOVE=0 PPROXY_SLEEP=0 PPROXY_VENCRYPT_VIEWER_BRIDGE="-$port1,$port2" $ptmp & env PPROXY_REMOVE=0 PPROXY_SLEEP=0 PPROXY_VENCRYPT_VIEWER_BRIDGE="-$port1,$port2" $ptmp &
sleep 1 sleep 1
fi fi
...@@ -3148,6 +3488,10 @@ else ...@@ -3148,6 +3488,10 @@ else
PPROXY_SLEEP=1; export PPROXY_SLEEP; PPROXY_SLEEP=1; export PPROXY_SLEEP;
fi fi
PPROXY_KILLPID=+1; export PPROXY_KILLPID; PPROXY_KILLPID=+1; export PPROXY_KILLPID;
if [ "X$SSVNC_LISTEN_ONCE" != "X1" ]; then
PPROXY_LOOP_THYSELF=`mytmp "/tmp/pproxy_loop_thyself2.${RANDOM}.$$"`
export PPROXY_LOOP_THYSELF
fi
$ptmp & $ptmp &
# Important to have no extra pids generated between here and VNCVIEWERCMD # Important to have no extra pids generated between here and VNCVIEWERCMD
fi fi
...@@ -3157,6 +3501,13 @@ else ...@@ -3157,6 +3501,13 @@ else
echo "$VNCVIEWERCMD" "$@" -listen $N2 echo "$VNCVIEWERCMD" "$@" -listen $N2
echo "" echo ""
$VNCVIEWERCMD "$@" -listen $N2 $VNCVIEWERCMD "$@" -listen $N2
if [ "X$PPROXY_LOOP_THYSELF" != "X" ]; then
rm -f $PPROXY_LOOP_THYSELF
fi
if [ "X$PPROXY_LOOP_THYSELF0" != "X" ]; then
rm -f $PPROXY_LOOP_THYSELF0
fi
fi fi
sleep 1 sleep 1
...@@ -38,7 +38,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/Makefile vnc_javasrc/Makefile ...@@ -38,7 +38,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/Makefile vnc_javasrc/Makefile
@$(ExportJavaClasses) @$(ExportJavaClasses)
diff -x VncCanvas.java -Naur vnc_javasrc.orig/RfbProto.java vnc_javasrc/RfbProto.java diff -x VncCanvas.java -Naur vnc_javasrc.orig/RfbProto.java vnc_javasrc/RfbProto.java
--- vnc_javasrc.orig/RfbProto.java 2004-03-04 08:34:25.000000000 -0500 --- vnc_javasrc.orig/RfbProto.java 2004-03-04 08:34:25.000000000 -0500
+++ vnc_javasrc/RfbProto.java 2006-04-16 11:17:37.000000000 -0400 +++ vnc_javasrc/RfbProto.java 2010-03-27 17:58:37.000000000 -0400
@@ -199,7 +199,21 @@ @@ -199,7 +199,21 @@
host = h; host = h;
port = p; port = p;
...@@ -71,9 +71,68 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/RfbProto.java vnc_javasrc/RfbProto ...@@ -71,9 +71,68 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/RfbProto.java vnc_javasrc/RfbProto
} }
serverMajor = (b[4] - '0') * 100 + (b[5] - '0') * 10 + (b[6] - '0'); serverMajor = (b[4] - '0') * 100 + (b[5] - '0') * 10 + (b[6] - '0');
@@ -992,6 +1006,19 @@
boolean down = (evt.getID() == KeyEvent.KEY_PRESSED);
int key;
+ if (viewer.debugKeyboard) {
+ System.out.println("----------------------------------------");
+ System.out.println("evt.getKeyChar: " + evt.getKeyChar());
+ System.out.println("getKeyText: " + KeyEvent.getKeyText(evt.getKeyCode()));
+ System.out.println("evt.getKeyCode: " + evt.getKeyCode());
+ System.out.println("evt.getID: " + evt.getID());
+ System.out.println("evt.getKeyLocation: " + evt.getKeyLocation());
+ System.out.println("evt.isActionKey: " + evt.isActionKey());
+ System.out.println("evt.isControlDown: " + evt.isControlDown());
+ System.out.println("evt.getModifiers: " + evt.getModifiers());
+ System.out.println("getKeyModifiersText: " + KeyEvent.getKeyModifiersText(evt.getModifiers()));
+ System.out.println("evt.paramString: " + evt.paramString());
+ }
if (evt.isActionKey()) {
//
@@ -1025,6 +1052,13 @@
return;
}
+ if(key == 0xffc2 && viewer.mapF5_to_atsign) {
+ if (viewer.debugKeyboard) {
+ System.out.println("Mapping: F5 -> AT ");
+ }
+ key = 0x40;
+ }
+
} else {
//
@@ -1036,6 +1070,7 @@
key = keyChar;
+
if (key < 0x20) {
if (evt.isControlDown()) {
key += 0x60;
@@ -1121,6 +1156,16 @@
int oldModifiers = 0;
void writeModifierKeyEvents(int newModifiers) {
+ if(viewer.forbid_Ctrl_Alt) {
+ if ((newModifiers & CTRL_MASK) != 0 && (newModifiers & ALT_MASK) != 0) {
+ int orig = newModifiers;
+ newModifiers &= ~ALT_MASK;
+ newModifiers &= ~CTRL_MASK;
+ if (viewer.debugKeyboard) {
+ System.out.println("Ctrl+Alt modifiers: " + orig + " -> " + newModifiers);
+ }
+ }
+ }
if ((newModifiers & CTRL_MASK) != (oldModifiers & CTRL_MASK))
writeKeyEvent(0xffe3, (newModifiers & CTRL_MASK) != 0);
diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSLSocketToMe.java diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSLSocketToMe.java
--- vnc_javasrc.orig/SSLSocketToMe.java 1969-12-31 19:00:00.000000000 -0500 --- vnc_javasrc.orig/SSLSocketToMe.java 1969-12-31 19:00:00.000000000 -0500
+++ vnc_javasrc/SSLSocketToMe.java 2010-03-19 12:52:08.000000000 -0400 +++ vnc_javasrc/SSLSocketToMe.java 2010-03-21 12:53:24.000000000 -0400
@@ -0,0 +1,2055 @@ @@ -0,0 +1,2055 @@
+/* +/*
+ * SSLSocketToMe.java: add SSL encryption to Java VNC Viewer. + * SSLSocketToMe.java: add SSL encryption to Java VNC Viewer.
...@@ -1028,7 +1087,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL ...@@ -1028,7 +1087,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ str += "Pragma: No-Cache\r\n"; + str += "Pragma: No-Cache\r\n";
+ str += "\r\n"; + str += "\r\n";
+ +
+ System.out.println("sending GET: " + str); + System.out.println("sending: " + str);
+ OutputStream os = socket.getOutputStream(); + OutputStream os = socket.getOutputStream();
+ String type = "os"; + String type = "os";
+ +
...@@ -2132,7 +2191,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL ...@@ -2132,7 +2191,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+} +}
diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncViewer.java diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncViewer.java
--- vnc_javasrc.orig/VncViewer.java 2004-03-04 08:34:25.000000000 -0500 --- vnc_javasrc.orig/VncViewer.java 2004-03-04 08:34:25.000000000 -0500
+++ vnc_javasrc/VncViewer.java 2010-03-20 19:49:14.000000000 -0400 +++ vnc_javasrc/VncViewer.java 2010-03-27 17:57:04.000000000 -0400
@@ -29,6 +29,7 @@ @@ -29,6 +29,7 @@
import java.awt.event.*; import java.awt.event.*;
import java.io.*; import java.io.*;
...@@ -2150,7 +2209,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView ...@@ -2150,7 +2209,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
boolean showControls; boolean showControls;
boolean offerRelogin; boolean offerRelogin;
boolean showOfflineDesktop; boolean showOfflineDesktop;
@@ -88,6 +89,21 @@ @@ -88,6 +89,24 @@
int deferCursorUpdates; int deferCursorUpdates;
int deferUpdateRequests; int deferUpdateRequests;
...@@ -2168,11 +2227,54 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView ...@@ -2168,11 +2227,54 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
+ boolean trustAllVncCerts; + boolean trustAllVncCerts;
+ boolean trustUrlVncCert; + boolean trustUrlVncCert;
+ boolean debugCerts; + boolean debugCerts;
+ boolean debugKeyboard;
+ boolean mapF5_to_atsign;
+ boolean forbid_Ctrl_Alt;
+ +
// Reference to this applet for inter-applet communication. // Reference to this applet for inter-applet communication.
public static java.applet.Applet refApplet; public static java.applet.Applet refApplet;
@@ -590,9 +606,28 @@ @@ -282,10 +301,24 @@
validate();
}
- while (!tryAuthenticate()) {
- authenticator.retry();
- authenticatorUnixLogin.retry();
- }
+ if (false) {
+ /* a bug on retries: 'Error: bad position: 8' sun.awt.X11.XTextFieldPeer.setCaretPosition(XTextFieldPeer.java:215) */
+ while (!tryAuthenticate()) {
+ authenticator.retry();
+ authenticatorUnixLogin.retry();
+ }
+ } else {
+ /* just try once and not forever... */
+ if (!tryAuthenticate()) {
+ showConnectionStatus("Authentication Failed.");
+ showMessage("Authentication Failed.");
+ if (!offerRelogin) {
+ fatalError("auth failed.");
+ }
+ } else {
+ //showConnectionStatus("Authentication OK.");
+ }
+ }
}
@@ -428,7 +461,10 @@
gbc.ipadx = 100;
gbc.ipady = 50;
gridbag.setConstraints(authPanel, gbc);
+ try {
vncContainer.add(authPanel);
+ } catch (Exception e) {
+ }
if (inSeparateFrame) {
vncFrame.pack();
@@ -590,9 +626,28 @@
fatalError("HOST parameter not specified"); fatalError("HOST parameter not specified");
} }
} }
...@@ -2203,7 +2305,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView ...@@ -2203,7 +2305,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
if (inAnApplet) { if (inAnApplet) {
str = readParameter("Open New Window", false); str = readParameter("Open New Window", false);
@@ -626,6 +661,106 @@ @@ -626,6 +681,121 @@
// SocketFactory. // SocketFactory.
socketFactory = readParameter("SocketFactory", false); socketFactory = readParameter("SocketFactory", false);
...@@ -2306,6 +2408,21 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView ...@@ -2306,6 +2408,21 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
+ str = readParameter("debugCerts", false); + str = readParameter("debugCerts", false);
+ if (str != null && str.equalsIgnoreCase("Yes")) { + if (str != null && str.equalsIgnoreCase("Yes")) {
+ debugCerts = true; + debugCerts = true;
+ }
+ debugKeyboard = false;
+ str = readParameter("debugKeyboard", false);
+ if (str != null && str.equalsIgnoreCase("Yes")) {
+ debugKeyboard = true;
+ }
+ mapF5_to_atsign = false;
+ str = readParameter("mapF5_to_atsign", false);
+ if (str != null && str.equalsIgnoreCase("Yes")) {
+ mapF5_to_atsign = true;
+ }
+ forbid_Ctrl_Alt = false;
+ str = readParameter("forbid_Ctrl_Alt", false);
+ if (str != null && str.equalsIgnoreCase("Yes")) {
+ forbid_Ctrl_Alt = true;
+ } + }
} }
......
...@@ -1665,7 +1665,7 @@ diff -Naur JavaViewer.orig/OptionsFrame.java JavaViewer/OptionsFrame.java ...@@ -1665,7 +1665,7 @@ diff -Naur JavaViewer.orig/OptionsFrame.java JavaViewer/OptionsFrame.java
choices[shareDesktopIndex].select("Yes"); choices[shareDesktopIndex].select("Yes");
diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
--- JavaViewer.orig/RfbProto.java 2006-05-24 15:14:40.000000000 -0400 --- JavaViewer.orig/RfbProto.java 2006-05-24 15:14:40.000000000 -0400
+++ JavaViewer/RfbProto.java 2008-10-06 13:32:30.000000000 -0400 +++ JavaViewer/RfbProto.java 2010-03-27 17:59:56.000000000 -0400
@@ -31,6 +31,7 @@ @@ -31,6 +31,7 @@
import java.net.Socket; import java.net.Socket;
import java.util.*; import java.util.*;
...@@ -1909,8 +1909,8 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java ...@@ -1909,8 +1909,8 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
} }
- -
+ return maxc; + return maxc;
+ } }
+
+ String guess_encoding(char[] chars) { + String guess_encoding(char[] chars) {
+ boolean saw_high_char = false; + boolean saw_high_char = false;
+ +
...@@ -1964,8 +1964,8 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java ...@@ -1964,8 +1964,8 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
+ } else { + } else {
+ return "ISO-8859-1"; + return "ISO-8859-1";
+ } + }
} + }
+
+ +
//Internally used. Write an rfb message to the server for sending files ONLY //Internally used. Write an rfb message to the server for sending files ONLY
int writeRfbFileTransferMsgForSendFile( int writeRfbFileTransferMsgForSendFile(
...@@ -2642,9 +2642,58 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java ...@@ -2642,9 +2642,58 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
os.write(b); os.write(b);
// } // }
@@ -1610,6 +1971,21 @@
boolean down = (evt.getID() == KeyEvent.KEY_PRESSED);
+ if (viewer.debugKeyboard) {
+ System.out.println("----------------------------------------");
+ System.out.println("evt.getKeyChar: " + evt.getKeyChar());
+ System.out.println("getKeyText: " + KeyEvent.getKeyText(evt.getKeyCode()));
+ System.out.println("evt.getKeyCode: " + evt.getKeyCode());
+ System.out.println("evt.getID: " + evt.getID());
+ System.out.println("evt.getKeyLocation: " + evt.getKeyLocation());
+ System.out.println("evt.isActionKey: " + evt.isActionKey());
+ System.out.println("evt.isControlDown: " + evt.isControlDown());
+ System.out.println("evt.getModifiers: " + evt.getModifiers());
+ System.out.println("getKeyModifiersText: " + KeyEvent.getKeyModifiersText(evt.getModifiers()));
+ System.out.println("evt.paramString: " + evt.paramString());
+ }
+
+
int key;
if (evt.isActionKey()) {
@@ -1685,6 +2061,9 @@
default :
return;
}
+ if (key == 0xffc2 && viewer.mapF5_to_atsign) {
+ key = 0x40;
+ }
} else {
@@ -1794,6 +2173,16 @@
int oldModifiers = 0;
void writeModifierKeyEvents(int newModifiers) {
+ if(viewer.forbid_Ctrl_Alt) {
+ if ((newModifiers & CTRL_MASK) != 0 && (newModifiers & ALT_MASK) != 0) {
+ int orig = newModifiers;
+ newModifiers &= ~ALT_MASK;
+ newModifiers &= ~CTRL_MASK;
+ if (viewer.debugKeyboard) {
+ System.out.println("Ctrl+Alt modifiers: " + orig + " -> " + newModifiers);
+ }
+ }
+ }
if ((newModifiers & CTRL_MASK) != (oldModifiers & CTRL_MASK))
writeKeyEvent(0xffe3, (newModifiers & CTRL_MASK) != 0);
diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
--- JavaViewer.orig/SSLSocketToMe.java 1969-12-31 19:00:00.000000000 -0500 --- JavaViewer.orig/SSLSocketToMe.java 1969-12-31 19:00:00.000000000 -0500
+++ JavaViewer/SSLSocketToMe.java 2010-03-19 12:52:08.000000000 -0400 +++ JavaViewer/SSLSocketToMe.java 2010-03-21 12:53:24.000000000 -0400
@@ -0,0 +1,2055 @@ @@ -0,0 +1,2055 @@
+/* +/*
+ * SSLSocketToMe.java: add SSL encryption to Java VNC Viewer. + * SSLSocketToMe.java: add SSL encryption to Java VNC Viewer.
...@@ -3599,7 +3648,7 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java ...@@ -3599,7 +3648,7 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ str += "Pragma: No-Cache\r\n"; + str += "Pragma: No-Cache\r\n";
+ str += "\r\n"; + str += "\r\n";
+ +
+ System.out.println("sending GET: " + str); + System.out.println("sending: " + str);
+ OutputStream os = socket.getOutputStream(); + OutputStream os = socket.getOutputStream();
+ String type = "os"; + String type = "os";
+ +
...@@ -4826,7 +4875,7 @@ diff -Naur JavaViewer.orig/VncCanvas.java JavaViewer/VncCanvas.java ...@@ -4826,7 +4875,7 @@ diff -Naur JavaViewer.orig/VncCanvas.java JavaViewer/VncCanvas.java
result = 0; // Transparent pixel result = 0; // Transparent pixel
diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
--- JavaViewer.orig/VncViewer.java 2006-05-24 15:14:40.000000000 -0400 --- JavaViewer.orig/VncViewer.java 2006-05-24 15:14:40.000000000 -0400
+++ JavaViewer/VncViewer.java 2010-03-20 19:50:16.000000000 -0400 +++ JavaViewer/VncViewer.java 2010-03-27 18:00:28.000000000 -0400
@@ -41,6 +41,7 @@ @@ -41,6 +41,7 @@
import java.io.*; import java.io.*;
import java.net.*; import java.net.*;
...@@ -4858,7 +4907,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java ...@@ -4858,7 +4907,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
String passwordParam; String passwordParam;
String encPasswordParam; String encPasswordParam;
boolean showControls; boolean showControls;
@@ -115,28 +116,72 @@ @@ -115,28 +116,75 @@
int i; int i;
// mslogon support 2 end // mslogon support 2 end
...@@ -4878,6 +4927,9 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java ...@@ -4878,6 +4927,9 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
+boolean trustAllVncCerts; +boolean trustAllVncCerts;
+boolean trustUrlVncCert; +boolean trustUrlVncCert;
+boolean debugCerts; +boolean debugCerts;
+boolean debugKeyboard;
+boolean mapF5_to_atsign;
+boolean forbid_Ctrl_Alt;
+ +
+boolean ignoreMSLogonCheck; +boolean ignoreMSLogonCheck;
+boolean delayAuthPanel; +boolean delayAuthPanel;
...@@ -4937,7 +4989,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java ...@@ -4937,7 +4989,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
// authenticator = new AuthPanel(false); // mslogon support : go to connectAndAuthenticate() // authenticator = new AuthPanel(false); // mslogon support : go to connectAndAuthenticate()
if (RecordingFrame.checkSecurity()) if (RecordingFrame.checkSecurity())
rec = new RecordingFrame(this); rec = new RecordingFrame(this);
@@ -147,10 +192,11 @@ @@ -147,10 +195,11 @@
cursorUpdatesDef = null; cursorUpdatesDef = null;
eightBitColorsDef = null; eightBitColorsDef = null;
...@@ -4951,7 +5003,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java ...@@ -4951,7 +5003,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
rfbThread = new Thread(this); rfbThread = new Thread(this);
rfbThread.start(); rfbThread.start();
} }
@@ -186,6 +232,30 @@ @@ -186,6 +235,30 @@
gbc.weightx = 1.0; gbc.weightx = 1.0;
gbc.weighty = 1.0; gbc.weighty = 1.0;
...@@ -4982,7 +5034,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java ...@@ -4982,7 +5034,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
// Add ScrollPanel to applet mode // Add ScrollPanel to applet mode
// Create a panel which itself is resizeable and can hold // Create a panel which itself is resizeable and can hold
@@ -286,6 +356,24 @@ @@ -286,6 +359,24 @@
void connectAndAuthenticate() throws Exception { void connectAndAuthenticate() throws Exception {
...@@ -5007,7 +5059,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java ...@@ -5007,7 +5059,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
// If "ENCPASSWORD" parameter is set, decrypt the password into // If "ENCPASSWORD" parameter is set, decrypt the password into
// the passwordParam string. // the passwordParam string.
@@ -336,7 +424,22 @@ @@ -336,7 +427,22 @@
// //
...@@ -5031,18 +5083,29 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java ...@@ -5031,18 +5083,29 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
authenticator = new AuthPanel(mslogon); authenticator = new AuthPanel(mslogon);
@@ -390,6 +493,10 @@ @@ -371,6 +477,7 @@
//mslogon support end
}
+ int tries = 0;
while (true) {
// Wait for user entering a password, or a username and a password
synchronized(authenticator) {
@@ -390,6 +497,13 @@
break; break;
//mslogon support end //mslogon support end
+// begin runge/x11vnc +// begin runge/x11vnc
+ gotAuth = false; + gotAuth = false;
+ if (++tries > 2) {
+ throw new Exception("Incorrect password entered " + tries + " times.");
+ }
+// end runge/x11vnc +// end runge/x11vnc
+ +
// Retry on authentication failure. // Retry on authentication failure.
authenticator.retry(); authenticator.retry();
} }
@@ -405,9 +512,11 @@ @@ -405,9 +519,11 @@
void prologueDetectAuthProtocol() throws Exception { void prologueDetectAuthProtocol() throws Exception {
...@@ -5056,7 +5119,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java ...@@ -5056,7 +5119,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
System.out.println("RFB server supports protocol version " + System.out.println("RFB server supports protocol version " +
rfb.serverMajor + "." + rfb.serverMinor); rfb.serverMajor + "." + rfb.serverMinor);
@@ -431,16 +540,36 @@ @@ -431,16 +547,36 @@
boolean tryAuthenticate(String us, String pw) throws Exception { boolean tryAuthenticate(String us, String pw) throws Exception {
...@@ -5074,10 +5137,10 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java ...@@ -5074,10 +5137,10 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
- rfb.writeVersionMsg(); - rfb.writeVersionMsg();
+ System.out.println("RFB server supports protocol version: " + + System.out.println("RFB server supports protocol version: " +
+ rfb.serverMajor + "." + rfb.serverMinor); + rfb.serverMajor + "." + rfb.serverMinor);
+
+ rfb.writeVersionMsg();
- int authScheme = rfb.readAuthScheme(); - int authScheme = rfb.readAuthScheme();
+ rfb.writeVersionMsg();
+
+ authScheme = rfb.readAuthScheme(); + authScheme = rfb.readAuthScheme();
+ +
+ gotAuth = true; + gotAuth = true;
...@@ -5099,7 +5162,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java ...@@ -5099,7 +5162,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
switch (authScheme) { switch (authScheme) {
@@ -629,6 +758,10 @@ @@ -629,6 +765,10 @@
void doProtocolInitialisation() throws IOException { void doProtocolInitialisation() throws IOException {
...@@ -5110,7 +5173,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java ...@@ -5110,7 +5173,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
rfb.writeClientInit(); rfb.writeClientInit();
rfb.readServerInit(); rfb.readServerInit();
@@ -774,9 +907,28 @@ @@ -774,9 +914,28 @@
fatalError("HOST parameter not specified"); fatalError("HOST parameter not specified");
} }
} }
...@@ -5141,7 +5204,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java ...@@ -5141,7 +5204,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
if (inAnApplet) { if (inAnApplet) {
str = readParameter("Open New Window", false); str = readParameter("Open New Window", false);
@@ -804,6 +956,143 @@ @@ -804,6 +963,158 @@
deferScreenUpdates = readIntParameter("Defer screen updates", 20); deferScreenUpdates = readIntParameter("Defer screen updates", 20);
deferCursorUpdates = readIntParameter("Defer cursor updates", 10); deferCursorUpdates = readIntParameter("Defer cursor updates", 10);
deferUpdateRequests = readIntParameter("Defer update requests", 50); deferUpdateRequests = readIntParameter("Defer update requests", 50);
...@@ -5256,6 +5319,21 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java ...@@ -5256,6 +5319,21 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
+ if (str != null && str.equalsIgnoreCase("Yes")) { + if (str != null && str.equalsIgnoreCase("Yes")) {
+ debugCerts = true; + debugCerts = true;
+ } + }
+ debugKeyboard = false;
+ str = readParameter("debugKeyboard", false);
+ if (str != null && str.equalsIgnoreCase("Yes")) {
+ debugKeyboard = true;
+ }
+ mapF5_to_atsign = false;
+ str = readParameter("mapF5_to_atsign", false);
+ if (str != null && str.equalsIgnoreCase("Yes")) {
+ mapF5_to_atsign = true;
+ }
+ forbid_Ctrl_Alt = false;
+ str = readParameter("forbid_Ctrl_Alt", false);
+ if (str != null && str.equalsIgnoreCase("Yes")) {
+ forbid_Ctrl_Alt = true;
+ }
+ ignoreMSLogonCheck = false; + ignoreMSLogonCheck = false;
+ str = readParameter("ignoreMSLogonCheck", false); + str = readParameter("ignoreMSLogonCheck", false);
+ if (str != null && str.equalsIgnoreCase("Yes")) { + if (str != null && str.equalsIgnoreCase("Yes")) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment