Commit 5e454662 authored by runge's avatar runge

x11vnc: -httpsredir, x11cursor fix, nc=N login opt, no -ncache betatest for java viewer.

parent f57eb874
2007-03-20 Karl Runge <runge@karlrunge.com>
* x11vnc: Add -httpsredir option for router port redirs.
set Xcursor bg/fg color values to zero. Env var to
force timeout: X11VNC_HTTPS_VS_VNC_TIMEOUT. Let user
supply nc=N at login prompt. Disable -ncache beta
test under -http/-httpdir.
2007-03-13 Karl Runge <runge@karlrunge.com> 2007-03-13 Karl Runge <runge@karlrunge.com>
* x11vnc: fix crash for kde dcop. limit ncache beta * x11vnc: fix crash for kde dcop. limit ncache beta
tester to 96MB viewers. tester to 96MB viewers.
......
x11vnc README file Date: Tue Mar 13 06:20:11 EDT 2007 x11vnc README file Date: Mon Mar 19 22:29:18 EDT 2007
The following information is taken from these URLs: The following information is taken from these URLs:
...@@ -41,7 +41,7 @@ x11vnc: a VNC server for real X displays ...@@ -41,7 +41,7 @@ x11vnc: a VNC server for real X displays
x0rfbserver build problems centered around esoteric C++ toolkits. x0rfbserver build problems centered around esoteric C++ toolkits.
x11vnc is written in plain C and needs only standard libraries and so x11vnc is written in plain C and needs only standard libraries and so
should work on nearly all Unixes. I also added some enhancements to should work on nearly all Unixes. I also added some enhancements to
improve the interactive response, many esoteric features, etc. improve the interactive response, add many features, etc.
This page and the [19]FAQ contain a lot of information [20][*], This page and the [19]FAQ contain a lot of information [20][*],
solutions to many problems, and interesting applications, but solutions to many problems, and interesting applications, but
...@@ -1492,6 +1492,15 @@ make ...@@ -1492,6 +1492,15 @@ make
clients must be allowed to connect to the X server to function clients must be allowed to connect to the X server to function
properly). properly).
Firewalls: Speaking of permissions, it should go without saying that
the host-level firewall will need to be configured to allow
connections in on a port. E.g. 5900 (default VNC port) or 22 (default
SSH port for tunnelling VNC). Most systems these days have firewalls
turned on by default, so you will actively have to do something to
poke a hole in the firewall at the desired port number. See your
system administration tool for Firewall settings (Yast, Firestarter,
etc.).
Q-2: I can't get x11vnc and/or libvncserver to compile. Q-2: I can't get x11vnc and/or libvncserver to compile.
...@@ -3104,7 +3113,8 @@ connect = 5900 ...@@ -3104,7 +3113,8 @@ connect = 5900
Update Jul/2006: we now provide an [466]Enhanced TightVNC Viewer Update Jul/2006: we now provide an [466]Enhanced TightVNC Viewer
(ssvnc) package that starts up STUNNEL automatically along with some (ssvnc) package that starts up STUNNEL automatically along with some
other features. All binaries are provided in the package. other features. All binaries (stunnel, vncviewer, and some utilities)
are provided in the package. It works on Unix, Mac OS X, and Windows.
Q-46: Does x11vnc have built-in SSL tunneling? Q-46: Does x11vnc have built-in SSL tunneling?
...@@ -3281,15 +3291,43 @@ connect = 5900 ...@@ -3281,15 +3291,43 @@ connect = 5900
"_2F_" (a deficiency in libvncserver prevents using the more natural "_2F_" (a deficiency in libvncserver prevents using the more natural
"%2F".) "%2F".)
You apply multiple applet parameters in the regular way, e.g.:
https://far-away.east:5900/?GET=1&urlPrefix=mysubdir&...
Router/Firewall port redirs: If you are doing port redirection at
your router to an internal machine running x11vnc AND the internet
facing port is different from the internal machine's VNC port, you
will need to apply the PORT applet parameter to indicate to the applet
the Internet facing port number (otherwise by default the internal
machine's port, say 5900, is sent and that of course is rejected at
the firewall/router). For example:
https://far-away.east:443/?GET=1&PORT=443
(actually, in this case the first ":443" isn't needed because that is
the default port for https; it would be needed for any other port). So
in this example the user configures his router to redirect connections
to port 443 on his Internet side to, say, port 5900 on the internal
machine running x11vnc.
To configure your router to do port redirection, see its instructions.
Typically, from the inside you point a web browser to a special URL
(e.g. http://192.168.1.1) and you get a web interface to configure it.
Look for something like "Port Redirection" or "Port Forwarding",
probably under "Advanced" or something like that. If you have a Linux
or Unix system acting as your firewall/router, see its firewall
configuration.
If you do serve the SSL enabled Java viewer via https be prepared for If you do serve the SSL enabled Java viewer via https be prepared for
quite a number of "are you sure you trust this site?" dialogs: quite a number of "are you sure you trust this site?" dialogs:
* First from the Web browser that cannot verify the self-signed * First from the Web browser that cannot verify the self-signed
certificate when it downloads index.vnc. certificate when it downloads index.vnc.
* From the Web browser noting that the common name on the * From the Web browser again noting that the common name on the
certificate does not match the hostname of the remote machine. certificate does not match the hostname of the remote machine.
* Next from the Java VM that cannot verify the self-signed * Next from the Java VM that cannot verify the self-signed
certificate when it downloads VncViewer.jar. certificate when it downloads VncViewer.jar.
* And also from the Java VM noting that the common name on the * And also from the Java VM again noting that the common name on the
certificate does not match the hostname of the remote machine. certificate does not match the hostname of the remote machine.
* Finally from the Java VncViewer applet itself saying it cannot * Finally from the Java VncViewer applet itself saying it cannot
verify the certificate! (or a popup asking you if you want to see verify the certificate! (or a popup asking you if you want to see
...@@ -3300,8 +3338,12 @@ connect = 5900 ...@@ -3300,8 +3338,12 @@ connect = 5900
connection is VNC instead of the HTTPS it actually is (but since you connection is VNC instead of the HTTPS it actually is (but since you
have paused too long at the dialog the GET request comes too late). have paused too long at the dialog the GET request comes too late).
Often hitting Reload and going through the dialogs more quickly will Often hitting Reload and going through the dialogs more quickly will
let you connect. Use the [483]-https option if you want a dedicated let you connect. The Java VM dialogs are the most important ones to
port for HTTPS connections instead of sharing the VNC port. NOT linger at. If you see in the x11vnc output a request for
VncViewer.class instead of VncViewer.jar it is too late... you may
need to restart the Web browser to get it to try for the jar again.
You can use the [483]-https option if you want a dedicated port for
HTTPS connections instead of sharing the VNC port.
To see example x11vnc output for a successful https://host:5900/ To see example x11vnc output for a successful https://host:5900/
connection with the Java Applet see [484]This Page. connection with the Java Applet see [484]This Page.
...@@ -3356,7 +3398,8 @@ connect = 5900 ...@@ -3356,7 +3398,8 @@ connect = 5900
Update Jul/2006: we now provide an [489]Enhanced TightVNC Viewer Update Jul/2006: we now provide an [489]Enhanced TightVNC Viewer
(ssvnc) package that starts up STUNNEL automatically along with some (ssvnc) package that starts up STUNNEL automatically along with some
other features. All binaries are provided in the package. other features. All binaries (stunnel, vncviewer, and some utilities)
are provided in the package. It works on Unix, Mac OS X, and Windows.
Q-48: How do I use VNC Viewers with built-in SSL tunneling when going Q-48: How do I use VNC Viewers with built-in SSL tunneling when going
...@@ -3420,7 +3463,7 @@ connect = 5900 ...@@ -3420,7 +3463,7 @@ connect = 5900
this is cleaner because it avoids editing the file, but requires more this is cleaner because it avoids editing the file, but requires more
parameters in the URL. To use the GET [491]trick discussed above, do: parameters in the URL. To use the GET [491]trick discussed above, do:
https://yourmachine.com/proxy.vnc?PORT=443&GET=1 https://yourmachine.com/proxy.vnc?GET=1&PORT=443
Q-49: Can Apache web server act as a gateway for users to connect via Q-49: Can Apache web server act as a gateway for users to connect via
...@@ -3485,6 +3528,14 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg ...@@ -3485,6 +3528,14 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg
recommends the description under 'Running Scripts Automatically' at recommends the description under 'Running Scripts Automatically' at
[498]this link. [498]this link.
Firewalls: note all methods will require the host-level firewall will
need to be configured to allow connections in on a port. E.g. 5900
(default VNC port) or 22 (default SSH port for tunnelling VNC). Most
systems these days have firewalls turned on by default, so you will
actively have to do something to poke a hole in the firewall at the
desired port number. See your system administration tool for Firewall
settings (Yast, Firestarter, etc.).
Q-52: How can I use x11vnc to connect to an X login screen like xdm, Q-52: How can I use x11vnc to connect to an X login screen like xdm,
GNOME gdm, KDE kdm, or CDE dtlogin? (i.e. nobody is logged into an X GNOME gdm, KDE kdm, or CDE dtlogin? (i.e. nobody is logged into an X
...@@ -9551,20 +9602,22 @@ http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html: ...@@ -9551,20 +9602,22 @@ http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html:
Enhanced TightVNC Viewer (ssvnc: SSL/SSH VNC viewer) Enhanced TightVNC Viewer (ssvnc: SSL/SSH VNC viewer)
[1](To Downloads) [2](To Quick Start)
The Enhanced TightVNC Viewer package started as a project to add some The Enhanced TightVNC Viewer package started as a project to add some
patches to the long neglected Unix TightVNC Viewer. However, now the patches to the long neglected Unix TightVNC Viewer. However, now the
front-end GUI and wrapper scripts features dwarf the Unix TightVNC front-end GUI and wrapper scripts features dwarf the Unix TightVNC
Viewer patches (see the lists below). Viewer patches (see the lists below).
It adds a GUI for Windows, Mac OS X, and Unix that automatically It adds a GUI for Windows, Mac OS X, and Unix that automatically
starts up a STUNNEL SSL tunnel for SSL or SSH connections to starts up STUNNEL SSL tunnel for SSL or SSH connections to [3]x11vnc,
[1]x11vnc, and then launches the TightVNC Viewer to use that tunnel. and then launches the TightVNC Viewer to use the tunnel. It also
It also enables SSL encrypted VNC connections to any other VNC Server enables SSL encrypted VNC connections to any other VNC Server running
running an SSL tunnel, such as STUNNEL, at their end. It can be used an SSL tunnel, such as STUNNEL, at their end. It can be used to
to perform SSH connections to any other VNC Server as well. The tool perform SSH tunnelled connections to any VNC Server as well. The tool
has many additional features (see below for a list). has many additional features (see below for a list).
The short name for this project is ssvnc for SSL/SSH VNC Viewer. The short name for this project is "ssvnc" for SSL/SSH VNC Viewer.
It is a self-contained bundle, you could carry it around on, say, a It is a self-contained bundle, you could carry it around on, say, a
USB memory stick for secure VNC viewing from almost any machine, Unix, USB memory stick for secure VNC viewing from almost any machine, Unix,
...@@ -9589,16 +9642,17 @@ Enhanced TightVNC Viewer (ssvnc: SSL/SSH VNC viewer) ...@@ -9589,16 +9642,17 @@ Enhanced TightVNC Viewer (ssvnc: SSL/SSH VNC viewer)
* Support for native MacOS X usage with bundled Chicken of the VNC * Support for native MacOS X usage with bundled Chicken of the VNC
viewer. viewer.
Unix TightVNC Viewer improvements (these only apply to our Unix viewer Unix TightVNC Viewer improvements (these only apply to the Unix VNC
binaries): viewer):
* rfbNewFBSize VNC support (dynamic screen resizing) * rfbNewFBSize VNC support (dynamic screen resizing)
* ZRLE VNC encoding support (RealVNC's encoding) * ZRLE VNC encoding support (RealVNC's encoding)
* Extremely low color modes: 64 and 8 colors in 8bpp * Extremely low color modes: 64 and 8 colors in 8bpp
(-use64/-bgr222, -use8/-bgr111) (-use64/-bgr222, -use8/-bgr111)
* Medium color mode: 16bpp mode on a 32bpp Viewer display * Medium color mode: 16bpp mode on a 32bpp Viewer display
(-16bpp/-bgr565) (-16bpp/-bgr565)
* Cursor [2]alphablending with x11vnc at 32bpp (-alpha option) * Cursor [4]alphablending with x11vnc at 32bpp (-alpha option)
* For use with x11vnc's [3]client-side caching -ncache method use * Maintains its own BackingStore if the X server does not
* For use with x11vnc's [5]client-side caching -ncache method use
the cropping option -ycrop n. This will "hide" the large pixel the cropping option -ycrop n. This will "hide" the large pixel
buffer cache below the actual display. Set to the actual height or buffer cache below the actual display. Set to the actual height or
use -1 for autodetection (also, tall screens, H > 2*W, are use -1 for autodetection (also, tall screens, H > 2*W, are
...@@ -9606,8 +9660,8 @@ Enhanced TightVNC Viewer (ssvnc: SSL/SSH VNC viewer) ...@@ -9606,8 +9660,8 @@ Enhanced TightVNC Viewer (ssvnc: SSL/SSH VNC viewer)
* Scrollbar width setting: -sbwidth n, the default is very thin, 2 * Scrollbar width setting: -sbwidth n, the default is very thin, 2
pixels, for less distracting -ycrop usage. pixels, for less distracting -ycrop usage.
* The default for localhost:0 connections is not raw encoding since * The default for localhost:0 connections is not raw encoding since
same-machine connections are very rare. Default assumes you are same-machine connections are pretty rare. Default assumes you are
using SSH tunnel. Use -rawlocal to revert. using a SSL or SSH tunnel. Use -rawlocal to revert.
* XGrabServer support for fullscreen mode, for old window managers * XGrabServer support for fullscreen mode, for old window managers
(-grab/-graball option). (-grab/-graball option).
* Fix for Popup menu positioning for old window managers (-popupfix * Fix for Popup menu positioning for old window managers (-popupfix
...@@ -9615,8 +9669,12 @@ Enhanced TightVNC Viewer (ssvnc: SSL/SSH VNC viewer) ...@@ -9615,8 +9669,12 @@ Enhanced TightVNC Viewer (ssvnc: SSL/SSH VNC viewer)
* Improvements to the Popup menu, all of these can now be changed * Improvements to the Popup menu, all of these can now be changed
dynamically via the menu: ViewOnly, CursorShape updates, X11 dynamically via the menu: ViewOnly, CursorShape updates, X11
Cursor, Cursor Alphablending, Toggle Tight/ZRLE, Toggle JPEG, Cursor, Cursor Alphablending, Toggle Tight/ZRLE, Toggle JPEG,
FullColor/16bpp/8bpp (256/64/8 colors) without having to restart Toggle Greyscale, FullColor/16bpp/8bpp (256/64/8 colors) without
the viewer. having to restart the viewer.
* Support for UltraVNC extensions: Single Window, Disable
Server-side Input, 1/n Server side scaling, Text Chat (shell
terminal UI). Both UltraVNC and x11vnc servers support these
extensions.
The list of software bundled in the archive files: The list of software bundled in the archive files:
* TightVNC Viewer (windows, unix, macosx) * TightVNC Viewer (windows, unix, macosx)
...@@ -9640,7 +9698,7 @@ Unix and Mac OS X: ...@@ -9640,7 +9698,7 @@ Unix and Mac OS X:
Unpack the archive: Unpack the archive:
% gzip -dc ssvnc-1.0.12.tar.gz | tar xvf - % gzip -dc ssvnc-1.0.13.tar.gz | tar xvf -
Run the GUI: Run the GUI:
...@@ -9648,7 +9706,7 @@ Unix and Mac OS X: ...@@ -9648,7 +9706,7 @@ Unix and Mac OS X:
% ./ssvnc/MacOSX/ssvnc (for Mac OS X) % ./ssvnc/MacOSX/ssvnc (for Mac OS X)
The smaller file "ssvnc_no_windows-1.0.12.tar.gz" could have been The smaller file "ssvnc_no_windows-1.0.13.tar.gz" could have been
used as well. used as well.
On MacOSX there is also a SSVNC.app directory icon you can click on On MacOSX there is also a SSVNC.app directory icon you can click on
...@@ -9659,7 +9717,7 @@ Windows: ...@@ -9659,7 +9717,7 @@ Windows:
Unzip, using WinZip or a similar utility, the zip file: Unzip, using WinZip or a similar utility, the zip file:
ssvnc-1.0.12.zip ssvnc-1.0.13.zip
Run the GUI, e.g.: Run the GUI, e.g.:
...@@ -9671,12 +9729,28 @@ Windows: ...@@ -9671,12 +9729,28 @@ Windows:
select Open, and then OK to launch it. select Open, and then OK to launch it.
The smaller file "ssvnc_windows_only-1.0.12.zip" could have been used The smaller file "ssvnc_windows_only-1.0.13.zip" could have been used
as well. as well.
You can make a Windows shortcut to this program if you want to. You can make a Windows shortcut to this program if you want to.
See the Windows/README.txt for more info. See the Windows/README.txt for more info.
Important Note for Windows Vista: One user reports that on Windows
Vista if you move or extract the "ssvnc" folder down to the "Program
Files" folder you will be prompted to do this as the Administrator.
But then when you start up ssvnc, as a regular user, it cannot create
files in that folder and so it fails to run properly. We recommend to
not copy or extract the "ssvnc" folder into "Program Files". Rather,
extract it to somewhere you have write permission (e.g. C:\ or your
User dir) and create a Shortcut to ssvnc.exe on the desktop.
If you must put a launcher file down in "Program Files", perhaps an
"ssvnc.bat" that looks like this:
C:
cd \ssvnc\Windows
ssvnc.exe
_________________________________________________________________ _________________________________________________________________
The bundle unpacks a directory/folder named: ssvnc. It contains these The bundle unpacks a directory/folder named: ssvnc. It contains these
...@@ -9691,7 +9765,7 @@ Windows: ...@@ -9691,7 +9765,7 @@ Windows:
The Viewer SSL support is done via a wrapper script (bin/ssvnc_cmd The Viewer SSL support is done via a wrapper script (bin/ssvnc_cmd
that calls bin/util/ss_vncviewer) that starts up the STUNNEL tunnel that calls bin/util/ss_vncviewer) that starts up the STUNNEL tunnel
first and then starts the TightVNC viewer pointed at that tunnel. The first and then starts the TightVNC viewer pointed at that tunnel. The
bin/ssvnc program is a GUI front-end to that script. See [4]this FAQ bin/ssvnc program is a GUI front-end to that script. See [6]this FAQ
for more details on SSL tunnelling. for more details on SSL tunnelling.
...@@ -9701,16 +9775,17 @@ Windows: ...@@ -9701,16 +9775,17 @@ Windows:
resize when the server does (e.g. "x11vnc -R scale=3/4" remote control resize when the server does (e.g. "x11vnc -R scale=3/4" remote control
command). command).
The cursor alphablending is [5]described here. The cursor alphablending is [7]described here.
The RealVNC ZRLE encoding is supported, in addition to some low colors The RealVNC ZRLE encoding is supported, in addition to some low colors
modes (16bpp and 8bpp at 256, 64, and even 8 colors, for use on very modes (16bpp and 8bpp at 256, 64, and even 8 colors, for use on very
slow connections). slow connections). Greyscales are also enabled for the low color
modes.
The Popup menu (F8) is enhanced with the ability to change many things The Popup menu (F8) is enhanced with the ability to change many things
on the fly. F9 is added as a shortcut to toggle FullScreen mode. on the fly. F9 is added as a shortcut to toggle FullScreen mode.
Client Side Caching: The x11vnc [6]client-side caching is handled Client Side Caching: The x11vnc [8]client-side caching is handled
nicely by this viewer. The very large pixel cache below the actual nicely by this viewer. The very large pixel cache below the actual
display in this caching method is distracting. Our Unix VNC viewer display in this caching method is distracting. Our Unix VNC viewer
will automatically try to autodetect the actual display height if the will automatically try to autodetect the actual display height if the
...@@ -9723,14 +9798,14 @@ Windows: ...@@ -9723,14 +9798,14 @@ Windows:
scrollbars are set to be very thin (2 pixels) to be less distracting. scrollbars are set to be very thin (2 pixels) to be less distracting.
Use the -sbwidth n to make them wider. Use the -sbwidth n to make them wider.
Probably nobody is interested in the [7]grabserver patch for old Probably nobody is interested in the [9]grabserver patch for old
window managers when the viewer is in fullscreen mode... This and some window managers when the viewer is in fullscreen mode... This and some
other unfixed bugs have been fixed in our patches (fullscreen toggle other unfixed bugs have been fixed in our patches (fullscreen toggle
works with KDE, -x11cursor has been fixed, and the dot cursor has been works with KDE, -x11cursor has been fixed, and the dot cursor has been
made smaller). made smaller).
From the -help output: From the -help output:
Enhanced TightVNC viewer options: Enhanced TightVNC viewer (SSVNC) options:
URL http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html URL http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html
...@@ -9750,6 +9825,8 @@ Enhanced TightVNC viewer options: ...@@ -9750,6 +9825,8 @@ Enhanced TightVNC viewer options:
pixels to 32bpp locally. pixels to 32bpp locally.
-bgr565 Same as -16bpp. -bgr565 Same as -16bpp.
-grey Use a grey scale for the 16- and 8-bpp modes.
-alpha Use alphablending transparency for local cursors -alpha Use alphablending transparency for local cursors
requires: x11vnc server, both client and server requires: x11vnc server, both client and server
must be 32bpp and same endianness. must be 32bpp and same endianness.
...@@ -9760,8 +9837,10 @@ Enhanced TightVNC viewer options: ...@@ -9760,8 +9837,10 @@ Enhanced TightVNC viewer options:
Use a negative value (e.g. -1) for autodetection. Use a negative value (e.g. -1) for autodetection.
Autodetection will always take place if the remote Autodetection will always take place if the remote
fb height is more than 2 times the width. fb height is more than 2 times the width.
-sbwidth n Scrollbar width, default is very narrow: 2 pixels,
it is narrow to avoid distraction in -ycrop mode. -sbwidth n Scrollbar width for x11vnc -ncache mode (-ycrop),
default is very narrow: 2 pixels, it is narrow to
avoid distraction in -ycrop mode.
-rawlocal Prefer raw encoding for localhost, default is -rawlocal Prefer raw encoding for localhost, default is
no, i.e. assumes you have a SSH tunnel instead. no, i.e. assumes you have a SSH tunnel instead.
...@@ -9775,6 +9854,53 @@ Enhanced TightVNC viewer options: ...@@ -9775,6 +9854,53 @@ Enhanced TightVNC viewer options:
needed by some window managers. Same as -grabkeyboard. needed by some window managers. Same as -grabkeyboard.
-grabkbd is the default, use -nograbkbd to disable. -grabkbd is the default, use -nograbkbd to disable.
-bs, -nobs Whether or not to use X server Backingstore for the
main viewer window. The default is to not, mainly
because most Linux, etc, systems X servers disable
*all* Backingstore by default. To re-enable it put
Option "Backingstore"
in the Device section of /etc/X11/xorg.conf.
In -bs mode with no X server backingstore, whenever an
area of the screen is re-exposed it must go out to the
VNC server to retrieve the pixels. This is too slow.
In -nobs mode, memory is allocated by the viewer to
provide its own backing of the main viewer window. This
actually makes some activities faster (changes in large
regions) but can appear to "flash" too much.
-noshm Disable use of MIT shared memory extension (not recommended
)
New Popup actions:
Cursor Shape: ~ -nocursorshape
X11 Cursor: ~ -x11cursor
Cursor Alphablend: ~ -alpha
Disable JPEG: ~ -nojpeg
Prefer raw for localhost ~ -rawlocal
Full Color as many colors as local screen allows.
Grey scale (16 & 8-bpp) ~ -grey, for low colors 16/8bpp modes only.
16 bit color (BGR565) ~ -16bpp / -bgr565
8 bit color (BGR233) ~ -bgr233
256 colors ~ -bgr233 default # of colors.
64 colors ~ -bgr222 / -use64
8 colors ~ -bgr111 / -use8
Disable Remote Input Ultravnc ext. Try to prevent input and
viewing of monitor at physical display.
Single Window Ultravnc ext. Grab and view a single window.
(click on the window you want).
Set 1/n Server Scale Ultravnc ext. Scale desktop by 1/n.
prompt is from the terminal.
Text Chat Ultravnc ext. Do Text Chat, currently
input via the terminal (no window).
Note: the Ultravnc extensions only apply to servers that support
them. x11vnc/libvncserver supports some of them.
Nearly all of these can be changed dynamically in the Popup menu. Nearly all of these can be changed dynamically in the Popup menu.
...@@ -9793,7 +9919,7 @@ Enhanced TightVNC viewer options: ...@@ -9793,7 +9919,7 @@ Enhanced TightVNC viewer options:
_________________________________________________________________ _________________________________________________________________
Hopefully this tool will make it convenient for people to help test Hopefully this tool will make it convenient for people to help test
and use the [8]built-in SSL support in x11vnc. Extra testing of this and use the [10]built-in SSL support in x11vnc. Extra testing of this
feature is much appreciated!! Thanks. feature is much appreciated!! Thanks.
Please Help Test the newly added features: Please Help Test the newly added features:
...@@ -9806,9 +9932,9 @@ Enhanced TightVNC viewer options: ...@@ -9806,9 +9932,9 @@ Enhanced TightVNC viewer options:
Server machine, and to mount your local Windows or Samba shares on the Server machine, and to mount your local Windows or Samba shares on the
remote VNC Server machine. Basically these new features try to remote VNC Server machine. Basically these new features try to
automate the tricks described here: automate the tricks described here:
[9]http://www.karlrunge.com/x11vnc/#faq-smb-shares [11]http://www.karlrunge.com/x11vnc/#faq-smb-shares
[10]http://www.karlrunge.com/x11vnc/#faq-cups [12]http://www.karlrunge.com/x11vnc/#faq-cups
[11]http://www.karlrunge.com/x11vnc/#faq-sound [13]http://www.karlrunge.com/x11vnc/#faq-sound
(and there may be kinks to work out). (and there may be kinks to work out).
_________________________________________________________________ _________________________________________________________________
...@@ -9816,30 +9942,30 @@ Enhanced TightVNC viewer options: ...@@ -9816,30 +9942,30 @@ Enhanced TightVNC viewer options:
Downloading: This project can be downloaded here, choose the archive Downloading: This project can be downloaded here, choose the archive
file bundle that best suits you (e.g. no source code, windows only, file bundle that best suits you (e.g. no source code, windows only,
unix only, zip, tar etc): unix only, zip, tar etc):
[12]ssvnc_windows_only-1.0.12.zip Windows Binaries Only. No source incl [14]ssvnc_windows_only-1.0.13.zip Windows Binaries Only. No source incl
uded (~6MB) uded (~6MB)
[13]ssvnc_no_windows-1.0.12.tar.gz Unix and Mac OS X Only. No Windows bin [15]ssvnc_no_windows-1.0.13.tar.gz Unix and Mac OS X Only. No Windows bin
aries. Source included. (~3.5MB) aries. Source included. (~3.5MB)
[14]ssvnc_unix_only-1.0.12.tar.gz Unix Binaries Only. No source incl [16]ssvnc_unix_only-1.0.13.tar.gz Unix Binaries Only. No source incl
uded. (~1MB) uded. (~1MB)
[15]ssvnc_unix_minimal-1.0.12.tar.gz Unix Minimal. You must supply your ow [17]ssvnc_unix_minimal-1.0.13.tar.gz Unix Minimal. You must supply your ow
n vncviewer and stunnel. (~0.1MB) n vncviewer and stunnel. (~0.1MB)
[16]ssvnc-1.0.12.tar.gz All Unix, Mac OS X, and Windows binari [18]ssvnc-1.0.13.tar.gz All Unix, Mac OS X, and Windows binari
es and source TGZ. (~10MB) es and source TGZ. (~10MB)
[17]ssvnc-1.0.12.zip All Unix, Mac OS X, and Windows binari [19]ssvnc-1.0.13.zip All Unix, Mac OS X, and Windows binari
es and source ZIP. (~10MB) es and source ZIP. (~10MB)
[18]ssvnc_all-1.0.12.zip All Unix, Mac OS X, and Windows binari [20]ssvnc_all-1.0.13.zip All Unix, Mac OS X, and Windows binari
es and source AND full archives in the zip dir. (~12MB) es and source AND full archives in the zip dir. (~12MB)
You can try for an older one by replacing, e.g. ".12" by ".11", etc. You can try for an older one by replacing, e.g. ".13" by ".11", etc.
Sorry for the inconvenience of lumping all the Unix binaries and Sorry for the inconvenience of lumping all the Unix binaries and
source together in one archive. To save space you can delete the src source together in one archive. To save space you can delete the src
subdirectory if you like. subdirectory if you like.
A self-extracting and running file for the "ssvnc_unix_minimal" A self-extracting and running file for the "ssvnc_unix_minimal"
package is here: [19]ssvnc. Save it as filename "ssvnc", type "chmod package is here: [21]ssvnc. Save it as filename "ssvnc", type "chmod
755 ./ssvnc", and then launch the GUI via typing "./ssvnc". Note that 755 ./ssvnc", and then launch the GUI via typing "./ssvnc". Note that
this "ssvnc_unix_minimal" mode requires you install the "stunnel" and this "ssvnc_unix_minimal" mode requires you install the "stunnel" and
"vncviewer" programs externally (for example, install your distros' "vncviewer" programs externally (for example, install your distros'
...@@ -9858,6 +9984,9 @@ es and source AND full archives in the zip dir. (~12MB) ...@@ -9858,6 +9984,9 @@ es and source AND full archives in the zip dir. (~12MB)
Darwin.Power.Macintosh Darwin.Power.Macintosh
Darwin.i386 Darwin.i386
(some of these are out of date because I no longer have access to
machines running those OS's).
Note: some of the above binaries depend on libssl.so.0.9.7, whereas Note: some of the above binaries depend on libssl.so.0.9.7, whereas
some recent distros only provide libssl.so.0.9.8 by default (for some recent distros only provide libssl.so.0.9.8 by default (for
compatibility reasons they should install both by default but not all compatibility reasons they should install both by default but not all
...@@ -9875,20 +10004,13 @@ es and source AND full archives in the zip dir. (~12MB) ...@@ -9875,20 +10004,13 @@ es and source AND full archives in the zip dir. (~12MB)
redistribute the above because of cryptographic software they contain redistribute the above because of cryptographic software they contain
or for other reasons. Please check out your situation and information or for other reasons. Please check out your situation and information
at the following and related sites: at the following and related sites:
[20]http://www.stunnel.org [22]http://www.stunnel.org
[21]http://stunnel.mirt.net [23]http://stunnel.mirt.net
[22]http://www.openssl.org [24]http://www.openssl.org
[23]http://www.chiark.greenend.org.uk/~sgtatham/putty/ [25]http://www.chiark.greenend.org.uk/~sgtatham/putty/
[24]http://www.tightvnc.com [26]http://www.tightvnc.com
[25]http://www.realvnc.com [27]http://www.realvnc.com
[26]http://sourceforge.net/projects/cotvnc/ [28]http://sourceforge.net/projects/cotvnc/
It is my belief (but I cannot be absolutely sure) that the bundle
ssvnc_no_windows-1.0.12.tar.gz contains no cryptographic software
(again, if your situation warrants, you will need to check). This
"no_windows" tarball only contains software (from the above URL's and
elsewhere) that will use cryptographic software (libraries) already
installed on your system. See the section on this in the README below.
_________________________________________________________________ _________________________________________________________________
Here is the toplevel README from the bundle: Here is the toplevel README from the bundle:
...@@ -9916,17 +10038,15 @@ See these sites and related ones for more information: ...@@ -9916,17 +10038,15 @@ See these sites and related ones for more information:
http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.chiark.greenend.org.uk/~sgtatham/putty/
http://sourceforge.net/projects/cotvnc/ http://sourceforge.net/projects/cotvnc/
Note: Some of the Windows binaries included contain cryptographic software Note: Some of the binaries included contain cryptographic software that
that you may not be allowed to download, use, or redistribute. Please you may not be allowed to download, use, or redistribute. Please check
check your situation first before downloading any of these bundles. your situation first before downloading any of these bundles. See the
See the survey http://rechten.uvt.nl/koops/cryptolaw/index.htm for useful survey http://rechten.uvt.nl/koops/cryptolaw/index.htm for useful
information. The Unix programs do not contain cryptographic software, but information.
rather will make use of cryptographic libraries that are installed on your
Unix system. Depending on your circumstances you may still need to check.
All work by Karl J. Runge in this project is Copyright (c) 2006 Karl J. Runge All work done by Karl J. Runge in this project is
and is licensed under the GPL as described in the file COPYING in this Copyright (c) 2006-2007 Karl J. Runge and is licensed under the GPL as
directory. described in the file COPYING in this directory.
All the files and information in this project are provided "AS IS" All the files and information in this project are provided "AS IS"
without any warranty of any kind. Use them at your own risk. without any warranty of any kind. Use them at your own risk.
...@@ -9946,7 +10066,7 @@ The short name of the project is "ssvnc" for SSL/SSH VNC Viewer. ...@@ -9946,7 +10066,7 @@ The short name of the project is "ssvnc" for SSL/SSH VNC Viewer.
It is a self-contained bundle, you could carry it around on, say, It is a self-contained bundle, you could carry it around on, say,
a USB memory stick for secure VNC viewing from almost any machine, a USB memory stick for secure VNC viewing from almost any machine,
Unix or Windows. Unix, Mac, or Windows.
Features: Features:
-------- --------
...@@ -9993,6 +10113,8 @@ The enhanced TightVNC viewer features are: ...@@ -9993,6 +10113,8 @@ The enhanced TightVNC viewer features are:
- Cursor alphablending with x11vnc at 32bpp (-alpha option) - Cursor alphablending with x11vnc at 32bpp (-alpha option)
- Maintains its own BackingStore if the X server does not
- x11vnc's client-side caching -ncache method cropping option - x11vnc's client-side caching -ncache method cropping option
(-ycrop n). This will "hide" the large pixel buffer cache (-ycrop n). This will "hide" the large pixel buffer cache
below the actual display. Set to actual height or use -1 for below the actual display. Set to actual height or use -1 for
...@@ -10043,7 +10165,7 @@ Unix and Mac OS X: ...@@ -10043,7 +10165,7 @@ Unix and Mac OS X:
Unpack the archive: Unpack the archive:
% gzip -dc ssvnc-1.0.12.tar.gz | tar xvf - % gzip -dc ssvnc-1.0.13.tar.gz | tar xvf -
Run the GUI: Run the GUI:
...@@ -10053,16 +10175,18 @@ Unix and Mac OS X: ...@@ -10053,16 +10175,18 @@ Unix and Mac OS X:
On MacOSX you could also click on the SSVNC app in the Finder. On MacOSX you could also click on the SSVNC app in the Finder.
The smaller file "ssvnc_no_windows-1.0.12.tar.gz" The smaller file "ssvnc_no_windows-1.0.13.tar.gz"
could have been used as well. could have been used as well.
On MacOSX there is also a SSVNC.app directory icon you can click on
in Finder to start the application.
Windows: Windows:
Unzip, using WinZip or a similar utility, the zip file: Unzip, using WinZip or a similar utility, the zip file:
ssvnc-1.0.12.zip ssvnc-1.0.13.zip
Run the GUI, e.g.: Run the GUI, e.g.:
...@@ -10074,7 +10198,7 @@ Windows: ...@@ -10074,7 +10198,7 @@ Windows:
select Open, and then OK to launch it. select Open, and then OK to launch it.
The smaller file "ssvnc_windows_only-1.0.12.zip" The smaller file "ssvnc_windows_only-1.0.13.zip"
could have been used as well. could have been used as well.
You can make a Windows shortcut to this program if you want to. You can make a Windows shortcut to this program if you want to.
...@@ -10082,6 +10206,24 @@ Windows: ...@@ -10082,6 +10206,24 @@ Windows:
See the Windows/README.txt for more info. See the Windows/README.txt for more info.
Important Note for Windows Vista: One user reports that on Windows Vista
if you move or extract the "ssvnc" folder down to the "Program Files"
folder you will be prompted to do this as the Administrator. But then
when you start up ssvnc, as a regular user, it cannot create files in
that folder and so it fails to run properly. We recommend to not copy
or extract the "ssvnc" folder into "Program Files". Rather, extract
it to somewhere you have write permission (e.g. C:\ or your User dir)
and create a Shortcut to ssvnc.exe on the desktop.
If you must put a launcher file down in "Program Files", perhaps an
"ssvnc.bat" that looks like this:
C:
cd \ssvnc\Windows
ssvnc.exe
Bundle Info: Bundle Info:
------------ ------------
...@@ -10154,6 +10296,8 @@ README is in, i.e "ssvnc") and like this: ...@@ -10154,6 +10296,8 @@ README is in, i.e "ssvnc") and like this:
To use custom locations for libraries see the LDFLAGS_OS and CPPFLAGS_OS To use custom locations for libraries see the LDFLAGS_OS and CPPFLAGS_OS
description at the top of the build.unix script. description at the top of the build.unix script.
Feel free to ask us if you need help running ./build.unix
The programs: The programs:
------------ ------------
...@@ -10286,32 +10430,34 @@ See also: ...@@ -10286,32 +10430,34 @@ See also:
References References
1. http://www.karlrunge.com/x11vnc/index.html 1. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#download
2. http://www.karlrunge.com/x11vnc/index.html#faq-xfixes-alpha-hacks 2. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#quickstart
3. http://www.karlrunge.com/x11vnc/index.html#faq-client-caching 3. http://www.karlrunge.com/x11vnc/index.html
4. http://www.karlrunge.com/x11vnc/index.html#faq-ssl-tunnel-ext 4. http://www.karlrunge.com/x11vnc/index.html#faq-xfixes-alpha-hacks
5. http://www.karlrunge.com/x11vnc/index.html#faq-xfixes-alpha-hacks 5. http://www.karlrunge.com/x11vnc/index.html#faq-client-caching
6. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#faq-client-caching 6. http://www.karlrunge.com/x11vnc/index.html#faq-ssl-tunnel-ext
7. http://www.karlrunge.com/x11vnc/index.html#faq-scrollbars 7. http://www.karlrunge.com/x11vnc/index.html#faq-xfixes-alpha-hacks
8. http://www.karlrunge.com/x11vnc/index.html#faq-ssl-tunnel-int 8. http://www.karlrunge.com/x11vnc/index.html#faq-client-caching
9. http://www.karlrunge.com/x11vnc/index.html#faq-smb-shares 9. http://www.karlrunge.com/x11vnc/index.html#faq-scrollbars
10. http://www.karlrunge.com/x11vnc/index.html#faq-cups 10. http://www.karlrunge.com/x11vnc/index.html#faq-ssl-tunnel-int
11. http://www.karlrunge.com/x11vnc/index.html#faq-sound 11. http://www.karlrunge.com/x11vnc/index.html#faq-smb-shares
12. http://www.karlrunge.com/x11vnc/etv/ssvnc_windows_only-1.0.12.zip 12. http://www.karlrunge.com/x11vnc/index.html#faq-cups
13. http://www.karlrunge.com/x11vnc/etv/ssvnc_no_windows-1.0.12.tar.gz 13. http://www.karlrunge.com/x11vnc/index.html#faq-sound
14. http://www.karlrunge.com/x11vnc/etv/ssvnc_unix_only-1.0.12.tar.gz 14. http://www.karlrunge.com/x11vnc/etv/ssvnc_windows_only-1.0.13.zip
15. http://www.karlrunge.com/x11vnc/etv/ssvnc_unix_minimal-1.0.12.tar.gz 15. http://www.karlrunge.com/x11vnc/etv/ssvnc_no_windows-1.0.13.tar.gz
16. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.12.tar.gz 16. http://www.karlrunge.com/x11vnc/etv/ssvnc_unix_only-1.0.13.tar.gz
17. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.12.zip 17. http://www.karlrunge.com/x11vnc/etv/ssvnc_unix_minimal-1.0.13.tar.gz
18. http://www.karlrunge.com/x11vnc/etv/ssvnc_all-1.0.12.zip 18. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.13.tar.gz
19. http://www.karlrunge.com/x11vnc/etv/ssvnc 19. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.13.zip
20. http://www.stunnel.org/ 20. http://www.karlrunge.com/x11vnc/etv/ssvnc_all-1.0.13.zip
21. http://stunnel.mirt.net/ 21. http://www.karlrunge.com/x11vnc/etv/ssvnc
22. http://www.openssl.org/ 22. http://www.stunnel.org/
23. http://www.chiark.greenend.org.uk/~sgtatham/putty/ 23. http://stunnel.mirt.net/
24. http://www.tightvnc.com/ 24. http://www.openssl.org/
25. http://www.realvnc.com/ 25. http://www.chiark.greenend.org.uk/~sgtatham/putty/
26. http://sourceforge.net/projects/cotvnc/ 26. http://www.tightvnc.com/
27. http://www.realvnc.com/
28. http://sourceforge.net/projects/cotvnc/
======================================================================= =======================================================================
http://www.karlrunge.com/x11vnc/x11vnc_opts.html: http://www.karlrunge.com/x11vnc/x11vnc_opts.html:
...@@ -10324,7 +10470,7 @@ x11vnc: a VNC server for real X displays ...@@ -10324,7 +10470,7 @@ x11vnc: a VNC server for real X displays
Here are all of x11vnc command line options: Here are all of x11vnc command line options:
% x11vnc -opts (see below for -help long descriptions) % x11vnc -opts (see below for -help long descriptions)
x11vnc: allow VNC connections to real X11 displays. 0.8.5 lastmod: 2007-03-13 x11vnc: allow VNC connections to real X11 displays. 0.8.5 lastmod: 2007-03-19
x11vnc options: x11vnc options:
-display disp -auth file -N -display disp -auth file -N
...@@ -10348,62 +10494,62 @@ x11vnc options: ...@@ -10348,62 +10494,62 @@ x11vnc options:
-sslnofail -ssldir [dir] -sslverify [path] -sslnofail -ssldir [dir] -sslverify [path]
-sslGenCA [dir] -sslGenCert type name -sslEncKey [pem] -sslGenCA [dir] -sslGenCert type name -sslEncKey [pem]
-sslCertInfo [pem] -sslDelCert [pem] -stunnel [pem] -sslCertInfo [pem] -sslDelCert [pem] -stunnel [pem]
-stunnel3 [pem] -https [port] -usepw -stunnel3 [pem] -https [port] -httpsredir [port]
-storepasswd pass file -nopw -accept string -usepw -storepasswd pass file -nopw
-afteraccept string -gone string -users list -accept string -afteraccept string -gone string
-noshm -flipbyteorder -onetile -users list -noshm -flipbyteorder
-solid [color] -blackout string -xinerama -onetile -solid [color] -blackout string
-noxinerama -xtrap -xrandr [mode] -xinerama -noxinerama -xtrap
-rotate string -padgeom WxH -o logfile -xrandr [mode] -rotate string -padgeom WxH
-flag file -rc filename -norc -o logfile -flag file -rc filename
-env VAR=VALUE -prog /path/to/x11vnc -h, -help -norc -env VAR=VALUE -prog /path/to/x11vnc
-?, -opts -V, -version -license -h, -help -?, -opts -V, -version
-dbg -q, -quiet -v, -verbose -license -dbg -q, -quiet
-bg -modtweak -nomodtweak -v, -verbose -bg -modtweak
-xkb -noxkb -capslock -nomodtweak -xkb -noxkb
-skip_lockkeys -skip_keycodes string -sloppy_keys -capslock -skip_lockkeys -skip_keycodes string
-skip_dups -noskip_dups -add_keysyms -sloppy_keys -skip_dups -noskip_dups
-noadd_keysyms -clear_mods -clear_keys -add_keysyms -noadd_keysyms -clear_mods
-remap string -norepeat -repeat -clear_keys -remap string -norepeat
-nofb -nobell -nosel -repeat -nofb -nobell
-noprimary -nosetprimary -noclipboard -nosel -noprimary -nosetprimary
-nosetclipboard -seldir string -cursor [mode] -noclipboard -nosetclipboard -seldir string
-nocursor -cursor_drag -arrow n -cursor [mode] -nocursor -cursor_drag
-noxfixes -alphacut n -alphafrac fraction -arrow n -noxfixes -alphacut n
-alpharemove -noalphablend -nocursorshape -alphafrac fraction -alpharemove -noalphablend
-cursorpos -nocursorpos -xwarppointer -nocursorshape -cursorpos -nocursorpos
-noxwarppointer -buttonmap string -nodragging -xwarppointer -noxwarppointer -buttonmap string
-ncache n -ncache_cr -ncache_no_moveraise -nodragging -ncache n -ncache_cr
-ncache_no_dtchange -ncache_no_rootpixmap -ncache_keep_anims -ncache_no_moveraise -ncache_no_dtchange -ncache_no_rootpixmap
-ncache_old_wm -ncache_pad n -wireframe [str] -ncache_keep_anims -ncache_old_wm -ncache_pad n
-nowireframe -nowireframelocal -wirecopyrect mode -wireframe [str] -nowireframe -nowireframelocal
-nowirecopyrect -debug_wireframe -scrollcopyrect mode -wirecopyrect mode -nowirecopyrect -debug_wireframe
-noscrollcopyrect -scr_area n -scr_skip list -scrollcopyrect mode -noscrollcopyrect -scr_area n
-scr_inc list -scr_keys list -scr_term list -scr_skip list -scr_inc list -scr_keys list
-scr_keyrepeat lo-hi -scr_parms string -fixscreen string -scr_term list -scr_keyrepeat lo-hi -scr_parms string
-debug_scroll -noxrecord -grab_buster -fixscreen string -debug_scroll -noxrecord
-nograb_buster -debug_grabs -debug_sel -grab_buster -nograb_buster -debug_grabs
-pointer_mode n -input_skip n -allinput -debug_sel -pointer_mode n -input_skip n
-speeds rd,bw,lat -wmdt string -debug_pointer -allinput -speeds rd,bw,lat -wmdt string
-debug_keyboard -defer time -wait time -debug_pointer -debug_keyboard -defer time
-wait_ui factor -nowait_bog -slow_fb time -wait time -wait_ui factor -nowait_bog
-readtimeout n -nap -nonap -slow_fb time -readtimeout n -nap
-sb time -nofbpm -fbpm -nonap -sb time -nofbpm
-nodpms -dpms -forcedpms -fbpm -nodpms -dpms
-clientdpms -noserverdpms -noultraext -forcedpms -clientdpms -noserverdpms
-noxdamage -xd_area A -xd_mem f -noultraext -noxdamage -xd_area A
-sigpipe string -threads -nothreads -xd_mem f -sigpipe string -threads
-fs f -gaps n -grow n -nothreads -fs f -gaps n
-fuzz n -debug_tiles -snapfb -grow n -fuzz n -debug_tiles
-rawfb string -freqtab file -pipeinput cmd -snapfb -rawfb string -freqtab file
-macnodim -macnosleep -macnosaver -pipeinput cmd -macnodim -macnosleep
-macnowait -macwheel n -macnoswap -macnosaver -macnowait -macwheel n
-macnoresize -maciconanim n -macmenu -macnoswap -macnoresize -maciconanim n
-gui [gui-opts] -remote command -query variable -macmenu -gui [gui-opts] -remote command
-QD variable -sync -noremote -query variable -QD variable -sync
-yesremote -unsafe -safer -noremote -yesremote -unsafe
-privremote -nocmds -allowedcmds list -safer -privremote -nocmds
-deny_all -allowedcmds list -deny_all
libvncserver options: libvncserver options:
-rfbport port TCP port for RFB protocol -rfbport port TCP port for RFB protocol
...@@ -10437,7 +10583,7 @@ libvncserver-tight-extension options: ...@@ -10437,7 +10583,7 @@ libvncserver-tight-extension options:
% x11vnc -help % x11vnc -help
x11vnc: allow VNC connections to real X11 displays. 0.8.5 lastmod: 2007-03-13 x11vnc: allow VNC connections to real X11 displays. 0.8.5 lastmod: 2007-03-19
(type "x11vnc -opts" to just list the options.) (type "x11vnc -opts" to just list the options.)
...@@ -11854,6 +12000,26 @@ Options: ...@@ -11854,6 +12000,26 @@ Options:
-httpdir option. If not supplied it will try to guess -httpdir option. If not supplied it will try to guess
the directory as though the -http option was supplied. the directory as though the -http option was supplied.
-httpsredir [port] In -ssl mode with the Java applet retrieved via HTTPS:
when the HTML file containing applet parameters
('index.vnc' or 'proxy.vnc') is sent do not set the
applet PORT parameter to the actual VNC port but set it
to "port" instead. If "port" is not supplied, then
the port number is guessed from the Host: HTTP header.
This is useful when an incoming TCP connection
redirection is performed by a router/gateway/firewall
from one port to an internal machine where x11vnc is
listening on a different port. The Java applet needs to
connect to the firewall/router port, not the VNC port
on the internal workstation. For example, one could
redir from mygateway.com:443 to workstation:5900.
This spares the user from having to type in
https://mygateway.com/?PORT=443 into their web browser
(note 443 is the default https port; other ports must
be explicity indicated: https://mygateway.com:8000/...)
-usepw If no other password method was supplied on the command -usepw If no other password method was supplied on the command
line, first look for ~/.vnc/passwd and if found use it line, first look for ~/.vnc/passwd and if found use it
with -rfbauth; next, look for ~/.vnc/passwdfile and with -rfbauth; next, look for ~/.vnc/passwdfile and
...@@ -14181,17 +14347,17 @@ n ...@@ -14181,17 +14347,17 @@ n
http_url auth xauth users rootshift clipshift http_url auth xauth users rootshift clipshift
scale_str scaled_x scaled_y scale_numer scale_denom scale_str scaled_x scaled_y scale_numer scale_denom
scale_fac scaling_blend scaling_nomult4 scaling_pad scale_fac scaling_blend scaling_nomult4 scaling_pad
scaling_interpolate inetd privremote unsafe safer nocmds scaling_interpolate inetd privremote unsafe safer
passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem nocmds passwdfile unixpw unixpw_nis unixpw_list ssl
sslverify stunnel stunnel_pem https usepw using_shm ssl_pem sslverify stunnel stunnel_pem https httpsredir
logfile o flag rc norc h help V version lastmod bg usepw using_shm logfile o flag rc norc h help V version
sigpipe threads readrate netrate netlatency pipeinput lastmod bg sigpipe threads readrate netrate netlatency
clients client_count pid ext_xtest ext_xtrap ext_xrecord pipeinput clients client_count pid ext_xtest ext_xtrap
ext_xkb ext_xshm ext_xinerama ext_overlay ext_xfixes ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay
ext_xdamage ext_xrandr rootwin num_buttons button_mask ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons
mouse_x mouse_y bpp depth indexed_color dpy_x dpy_y button_mask mouse_x mouse_y bpp depth indexed_color
wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y
rfbauth passwd viewpasswd coff_x coff_y rfbauth passwd viewpasswd
-QD variable Just like -query variable, but returns the default -QD variable Just like -query variable, but returns the default
......
...@@ -1209,6 +1209,16 @@ static rfbCursorPtr pixels2curs(unsigned long *pixels, int w, int h, ...@@ -1209,6 +1209,16 @@ static rfbCursorPtr pixels2curs(unsigned long *pixels, int w, int h,
c->cleanupRichSource = FALSE; c->cleanupRichSource = FALSE;
c->richSource = (unsigned char *) rich; c->richSource = (unsigned char *) rich;
/* zeroes mean interpolate the rich cursor somehow and use B+W */
c->foreRed = 0;
c->foreGreen = 0;
c->foreBlue = 0;
c->backRed = 0;
c->backGreen = 0;
c->backBlue = 0;
c->source = NULL;
if (alpha_blend && !indexed_color) { if (alpha_blend && !indexed_color) {
c->alphaSource = (unsigned char *) alpha; c->alphaSource = (unsigned char *) alpha;
c->alphaPreMultiplied = TRUE; c->alphaPreMultiplied = TRUE;
......
...@@ -1442,6 +1442,26 @@ void print_help(int mode) { ...@@ -1442,6 +1442,26 @@ void print_help(int mode) {
" -httpdir option. If not supplied it will try to guess\n" " -httpdir option. If not supplied it will try to guess\n"
" the directory as though the -http option was supplied.\n" " the directory as though the -http option was supplied.\n"
"\n" "\n"
"-httpsredir [port] In -ssl mode with the Java applet retrieved via HTTPS:\n"
" when the HTML file containing applet parameters\n"
" ('index.vnc' or 'proxy.vnc') is sent do not set the\n"
" applet PORT parameter to the actual VNC port but set it\n"
" to \"port\" instead. If \"port\" is not supplied, then\n"
" the port number is guessed from the Host: HTTP header.\n"
"\n"
" This is useful when an incoming TCP connection\n"
" redirection is performed by a router/gateway/firewall\n"
" from one port to an internal machine where x11vnc is\n"
" listening on a different port. The Java applet needs to\n"
" connect to the firewall/router port, not the VNC port\n"
" on the internal workstation. For example, one could\n"
" redir from mygateway.com:443 to workstation:5900.\n"
"\n"
" This spares the user from having to type in\n"
" https://mygateway.com/?PORT=443 into their web browser\n"
" (note 443 is the default https port; other ports must\n"
" be explicity indicated: https://mygateway.com:8000/...)\n"
"\n"
#endif #endif
"-usepw If no other password method was supplied on the command\n" "-usepw If no other password method was supplied on the command\n"
" line, first look for ~/.vnc/passwd and if found use it\n" " line, first look for ~/.vnc/passwd and if found use it\n"
...@@ -3784,17 +3804,17 @@ void print_help(int mode) { ...@@ -3784,17 +3804,17 @@ void print_help(int mode) {
" http_url auth xauth users rootshift clipshift\n" " http_url auth xauth users rootshift clipshift\n"
" scale_str scaled_x scaled_y scale_numer scale_denom\n" " scale_str scaled_x scaled_y scale_numer scale_denom\n"
" scale_fac scaling_blend scaling_nomult4 scaling_pad\n" " scale_fac scaling_blend scaling_nomult4 scaling_pad\n"
" scaling_interpolate inetd privremote unsafe safer nocmds\n" " scaling_interpolate inetd privremote unsafe safer\n"
" passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem\n" " nocmds passwdfile unixpw unixpw_nis unixpw_list ssl\n"
" sslverify stunnel stunnel_pem https usepw using_shm\n" " ssl_pem sslverify stunnel stunnel_pem https httpsredir\n"
" logfile o flag rc norc h help V version lastmod bg\n" " usepw using_shm logfile o flag rc norc h help V version\n"
" sigpipe threads readrate netrate netlatency pipeinput\n" " lastmod bg sigpipe threads readrate netrate netlatency\n"
" clients client_count pid ext_xtest ext_xtrap ext_xrecord\n" " pipeinput clients client_count pid ext_xtest ext_xtrap\n"
" ext_xkb ext_xshm ext_xinerama ext_overlay ext_xfixes\n" " ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay\n"
" ext_xdamage ext_xrandr rootwin num_buttons button_mask\n" " ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons\n"
" mouse_x mouse_y bpp depth indexed_color dpy_x dpy_y\n" " button_mask mouse_x mouse_y bpp depth indexed_color\n"
" wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y\n" " dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y\n"
" rfbauth passwd viewpasswd\n" " coff_x coff_y rfbauth passwd viewpasswd\n"
"\n" "\n"
"\n" "\n"
"-QD variable Just like -query variable, but returns the default\n" "-QD variable Just like -query variable, but returns the default\n"
......
...@@ -30,6 +30,7 @@ int ssl_no_fail = 0; ...@@ -30,6 +30,7 @@ int ssl_no_fail = 0;
char *openssl_pem = NULL; char *openssl_pem = NULL;
char *ssl_certs_dir = NULL; char *ssl_certs_dir = NULL;
int https_port_num = -1; int https_port_num = -1;
int https_port_redir = 0;
char *ssl_verify = NULL; char *ssl_verify = NULL;
int ssl_initialized = 0; int ssl_initialized = 0;
int ssl_timeout_secs = -1; int ssl_timeout_secs = -1;
......
...@@ -30,6 +30,7 @@ extern int ssl_no_fail; ...@@ -30,6 +30,7 @@ extern int ssl_no_fail;
extern char *openssl_pem; extern char *openssl_pem;
extern char *ssl_certs_dir; extern char *ssl_certs_dir;
extern int https_port_num; extern int https_port_num;
extern int https_port_redir;
extern char *ssl_verify; extern char *ssl_verify;
extern int ssl_initialized; extern int ssl_initialized;
extern int ssl_timeout_secs; extern int ssl_timeout_secs;
......
...@@ -4535,6 +4535,8 @@ char *process_remote_cmd(char *cmd, int stringonly) { ...@@ -4535,6 +4535,8 @@ char *process_remote_cmd(char *cmd, int stringonly) {
snprintf(buf, bufn, "aro=%s:%s", p, NONUL(stunnel_pem)); snprintf(buf, bufn, "aro=%s:%s", p, NONUL(stunnel_pem));
} else if (!strcmp(p, "https")) { } else if (!strcmp(p, "https")) {
snprintf(buf, bufn, "aro=%s:%d", p, https_port_num); snprintf(buf, bufn, "aro=%s:%d", p, https_port_num);
} else if (!strcmp(p, "httpsredir")) {
snprintf(buf, bufn, "aro=%s:%d", p, https_port_redir);
#endif #endif
} else if (!strcmp(p, "usepw")) { } else if (!strcmp(p, "usepw")) {
snprintf(buf, bufn, "aro=%s:%d", p, usepw); snprintf(buf, bufn, "aro=%s:%d", p, usepw);
......
...@@ -1090,6 +1090,9 @@ static int is_ssl_readable(int s_in, time_t last_https, char *last_get, ...@@ -1090,6 +1090,9 @@ static int is_ssl_readable(int s_in, time_t last_https, char *last_get,
tv.tv_sec = 4; tv.tv_sec = 4;
} }
} }
if (getenv("X11VNC_HTTPS_VS_VNC_TIMEOUT")) {
tv.tv_sec = atoi(getenv("X11VNC_HTTPS_VS_VNC_TIMEOUT"));
}
if (db) fprintf(stderr, "tv_sec: %d - %s\n", (int) tv.tv_sec, last_get); if (db) fprintf(stderr, "tv_sec: %d - %s\n", (int) tv.tv_sec, last_get);
FD_ZERO(&rd); FD_ZERO(&rd);
...@@ -1296,7 +1299,7 @@ void accept_openssl(int mode) { ...@@ -1296,7 +1299,7 @@ void accept_openssl(int mode) {
#endif #endif
rfbClientPtr client; rfbClientPtr client;
pid_t pid; pid_t pid;
char uniq[] = "__evilrats__"; char uniq[] = "_evilrats_";
char cookie[128], rcookie[128], *name = NULL; char cookie[128], rcookie[128], *name = NULL;
static time_t last_https = 0; static time_t last_https = 0;
static char last_get[128]; static char last_get[128];
...@@ -1627,6 +1630,27 @@ void accept_openssl(int mode) { ...@@ -1627,6 +1630,27 @@ void accept_openssl(int mode) {
/* send the failure tag: */ /* send the failure tag: */
strcpy(tbuf, uniq); strcpy(tbuf, uniq);
if (https_port_redir < 0) {
char *q = strstr(buf, "Host:");
int fport = 443;
char num[16];
if (q && strstr(q, "\n")) {
q += strlen("Host:") + 1;
while (*q != '\n') {
int p;
if (*q == ':' && sscanf(q, ":%d", &p) == 1) {
if (p > 0 && p < 65536) {
fport = p;
break;
}
}
q++;
}
}
sprintf(num, "HP=%d,", fport);
strcat(tbuf, num);
}
if (strstr(buf, "HTTP/") != NULL) { if (strstr(buf, "HTTP/") != NULL) {
char *q, *str; char *q, *str;
/* /*
...@@ -1758,7 +1782,44 @@ if (db) fprintf(stderr, "iface: %s\n", iface); ...@@ -1758,7 +1782,44 @@ if (db) fprintf(stderr, "iface: %s\n", iface);
} }
ssl_helper_pid(pid, -2); ssl_helper_pid(pid, -2);
if (mode == OPENSSL_INETD) { if (https_port_redir) {
double start;
int origport = screen->port;
int useport = screen->port;
/* to expand $PORT correctly in index.vnc */
if (https_port_redir < 0) {
char *q = strstr(rcookie, "HP=");
if (q) {
int p;
if (sscanf(q, "HP=%d,", &p) == 1) {
useport = p;
}
}
} else {
useport = https_port_redir;
}
screen->port = useport;
if (origport != useport) {
rfbLog("SSL: -httpsredir guess port: %d\n", screen->port);
}
start = dnow();
while (dnow() < start + 10.0) {
rfbPE(10000);
usleep(10000);
waitpid(pid, &status, WNOHANG);
if (kill(pid, 0) != 0) {
rfbPE(10000);
rfbPE(10000);
break;
}
}
screen->port = origport;
rfbLog("SSL: guessing child https finished.\n");
if (mode == OPENSSL_INETD) {
clean_up_exit(1);
}
} else if (mode == OPENSSL_INETD) {
double start; double start;
/* to expand $PORT correctly in index.vnc */ /* to expand $PORT correctly in index.vnc */
if (screen->port == 0) { if (screen->port == 0) {
......
...@@ -1198,8 +1198,17 @@ void user_supplied_opts(char *opts) { ...@@ -1198,8 +1198,17 @@ void user_supplied_opts(char *opts) {
clear_mods = 2; clear_mods = 2;
} else if (!strcmp(p, "noncache") || } else if (!strcmp(p, "noncache") ||
!strcmp(p, "nc")) { !strcmp(p, "nc")) {
ncache = 0; ncache = 0;
ncache0 = 0; ncache0 = 0;
} else if (strstr(p, "nc=") == p) {
int n2 = atoi(p + strlen("nc="));
if (nabs(n2) < nabs(ncache)) {
if (ncache < 0) {
ncache = -nabs(n2);
} else {
ncache = nabs(n2);
}
}
} else if (!strcmp(p, "repeat")) { } else if (!strcmp(p, "repeat")) {
no_autorepeat = 0; no_autorepeat = 0;
} else if (strstr(p, "speeds=") == p || } else if (strstr(p, "speeds=") == p ||
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
.TH X11VNC "1" "March 2007" "x11vnc " "User Commands" .TH X11VNC "1" "March 2007" "x11vnc " "User Commands"
.SH NAME .SH NAME
x11vnc - allow VNC connections to real X11 displays x11vnc - allow VNC connections to real X11 displays
version: 0.8.5, lastmod: 2007-03-13 version: 0.8.5, lastmod: 2007-03-19
.SH SYNOPSIS .SH SYNOPSIS
.B x11vnc .B x11vnc
[OPTION]... [OPTION]...
...@@ -1642,6 +1642,28 @@ The SSL Java applet directory is specified via the ...@@ -1642,6 +1642,28 @@ The SSL Java applet directory is specified via the
\fB-httpdir\fR option. If not supplied it will try to guess \fB-httpdir\fR option. If not supplied it will try to guess
the directory as though the \fB-http\fR option was supplied. the directory as though the \fB-http\fR option was supplied.
.PP .PP
\fB-httpsredir\fR \fI[port]\fR
.IP
In \fB-ssl\fR mode with the Java applet retrieved via HTTPS:
when the HTML file containing applet parameters
('index.vnc' or 'proxy.vnc') is sent do not set the
applet PORT parameter to the actual VNC port but set it
to "port" instead. If "port" is not supplied, then
the port number is guessed from the Host: HTTP header.
.IP
This is useful when an incoming TCP connection
redirection is performed by a router/gateway/firewall
from one port to an internal machine where x11vnc is
listening on a different port. The Java applet needs to
connect to the firewall/router port, not the VNC port
on the internal workstation. For example, one could
redir from mygateway.com:443 to workstation:5900.
.IP
This spares the user from having to type in
https://mygateway.com/?PORT=443 into their web browser
(note 443 is the default https port; other ports must
be explicity indicated: https://mygateway.com:8000/...)
.PP
\fB-usepw\fR \fB-usepw\fR
.IP .IP
If no other password method was supplied on the command If no other password method was supplied on the command
...@@ -4638,17 +4660,17 @@ aro= noop display vncdisplay desktopname guess_desktop ...@@ -4638,17 +4660,17 @@ aro= noop display vncdisplay desktopname guess_desktop
http_url auth xauth users rootshift clipshift http_url auth xauth users rootshift clipshift
scale_str scaled_x scaled_y scale_numer scale_denom scale_str scaled_x scaled_y scale_numer scale_denom
scale_fac scaling_blend scaling_nomult4 scaling_pad scale_fac scaling_blend scaling_nomult4 scaling_pad
scaling_interpolate inetd privremote unsafe safer nocmds scaling_interpolate inetd privremote unsafe safer
passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem nocmds passwdfile unixpw unixpw_nis unixpw_list ssl
sslverify stunnel stunnel_pem https usepw using_shm ssl_pem sslverify stunnel stunnel_pem https httpsredir
logfile o flag rc norc h help V version lastmod bg usepw using_shm logfile o flag rc norc h help V version
sigpipe threads readrate netrate netlatency pipeinput lastmod bg sigpipe threads readrate netrate netlatency
clients client_count pid ext_xtest ext_xtrap ext_xrecord pipeinput clients client_count pid ext_xtest ext_xtrap
ext_xkb ext_xshm ext_xinerama ext_overlay ext_xfixes ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay
ext_xdamage ext_xrandr rootwin num_buttons button_mask ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons
mouse_x mouse_y bpp depth indexed_color dpy_x dpy_y button_mask mouse_x mouse_y bpp depth indexed_color
wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y
rfbauth passwd viewpasswd coff_x coff_y rfbauth passwd viewpasswd
.PP .PP
\fB-QD\fR \fIvariable\fR \fB-QD\fR \fIvariable\fR
.IP .IP
......
...@@ -1983,6 +1983,15 @@ int main(int argc, char* argv[]) { ...@@ -1983,6 +1983,15 @@ int main(int argc, char* argv[]) {
i++; i++;
} }
} }
} else if (!strcmp(arg, "-httpsredir")) {
https_port_redir = -1;
if (i < argc-1) {
char *s = argv[i+1];
if (s[0] != '-') {
https_port_redir = atoi(s);
i++;
}
}
#endif #endif
} else if (!strcmp(arg, "-nopw")) { } else if (!strcmp(arg, "-nopw")) {
nopw = 1; nopw = 1;
...@@ -3069,6 +3078,10 @@ int main(int argc, char* argv[]) { ...@@ -3069,6 +3078,10 @@ int main(int argc, char* argv[]) {
if (ncache < 0) { if (ncache < 0) {
ncache_beta_tester = 1; ncache_beta_tester = 1;
ncache = -ncache; ncache = -ncache;
if (try_http || got_httpdir) {
/* JVM usually not set to handle all the memory */
ncache = 0;
}
} }
if (raw_fb_str) { if (raw_fb_str) {
......
...@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0; ...@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0; int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */ /* date +'lastmod: %Y-%m-%d' */
char lastmod[] = "0.8.5 lastmod: 2007-03-13"; char lastmod[] = "0.8.5 lastmod: 2007-03-19";
/* X display info */ /* X display info */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment