x11vnc: -httpsredir, x11cursor fix, nc=N login opt, no -ncache betatest for java viewer.

x11vnc/ChangeLog

+2007-03-20  Karl Runge <runge@karlrunge.com>
+	* x11vnc: Add -httpsredir option for router port redirs.
+	  set Xcursor bg/fg color values to zero.  Env var to
+	  force timeout: X11VNC_HTTPS_VS_VNC_TIMEOUT.  Let user
+	  supply nc=N at login prompt.  Disable -ncache beta
+	  test under -http/-httpdir.
+
 2007-03-13  Karl Runge <runge@karlrunge.com>
 	* x11vnc: fix crash for kde dcop. limit ncache beta
 	  tester to 96MB viewers. 

x11vnc/cursor.c

@@ -1209,6 +1209,16 @@ static rfbCursorPtr pixels2curs(unsigned long *pixels, int w, int h,
 	c->cleanupRichSource = FALSE;
 	c->richSource = (unsigned char *) rich;
 
+	/* zeroes mean interpolate the rich cursor somehow and use B+W */
+	c->foreRed   = 0;
+	c->foreGreen = 0;
+	c->foreBlue  = 0;
+	c->backRed   = 0;
+	c->backGreen = 0;
+	c->backBlue  = 0;
+
+	c->source = NULL;
+
 	if (alpha_blend && !indexed_color) {
 		c->alphaSource = (unsigned char *) alpha;
 		c->alphaPreMultiplied = TRUE;

x11vnc/help.c

@@ -1442,6 +1442,26 @@ void print_help(int mode) {
 "                       -httpdir option.  If not supplied it will try to guess\n"
 "                       the directory as though the -http option was supplied.\n"
 "\n"
+"-httpsredir [port]     In -ssl mode with the Java applet retrieved via HTTPS:\n"
+"                       when the HTML file containing applet parameters\n"
+"                       ('index.vnc' or 'proxy.vnc') is sent do not set the\n"
+"                       applet PORT parameter to the actual VNC port but set it\n"
+"                       to \"port\" instead.  If \"port\" is not supplied, then\n"
+"                       the port number is guessed from the Host: HTTP header.\n"
+"\n"
+"                       This is useful when an incoming TCP connection\n"
+"                       redirection is performed by a router/gateway/firewall\n"
+"                       from one port to an internal machine where x11vnc is\n"
+"                       listening on a different port. The Java applet needs to\n"
+"                       connect to the firewall/router port, not the VNC port\n"
+"                       on the internal workstation. For example, one could\n"
+"                       redir from mygateway.com:443 to workstation:5900.\n"
+"\n"
+"                       This spares the user from having to type in\n"
+"                       https://mygateway.com/?PORT=443 into their web browser\n"
+"                       (note 443 is the default https port; other ports must\n"
+"                       be explicity indicated: https://mygateway.com:8000/...)\n"
+"\n"
 #endif
 "-usepw                 If no other password method was supplied on the command\n"
 "                       line, first look for ~/.vnc/passwd and if found use it\n"
@@ -3784,17 +3804,17 @@ void print_help(int mode) {
 "                       http_url auth xauth users rootshift clipshift\n"
 "                       scale_str scaled_x scaled_y scale_numer scale_denom\n"
 "                       scale_fac scaling_blend scaling_nomult4 scaling_pad\n"
-"                       scaling_interpolate inetd privremote unsafe safer nocmds\n"
-"                       passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem\n"
-"                       sslverify stunnel stunnel_pem https usepw using_shm\n"
-"                       logfile o flag rc norc h help V version lastmod bg\n"
-"                       sigpipe threads readrate netrate netlatency pipeinput\n"
-"                       clients client_count pid ext_xtest ext_xtrap ext_xrecord\n"
-"                       ext_xkb ext_xshm ext_xinerama ext_overlay ext_xfixes\n"
-"                       ext_xdamage ext_xrandr rootwin num_buttons button_mask\n"
-"                       mouse_x mouse_y bpp depth indexed_color dpy_x dpy_y\n"
-"                       wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y\n"
-"                       rfbauth passwd viewpasswd\n"
+"                       scaling_interpolate inetd privremote unsafe safer\n"
+"                       nocmds passwdfile unixpw unixpw_nis unixpw_list ssl\n"
+"                       ssl_pem sslverify stunnel stunnel_pem https httpsredir\n"
+"                       usepw using_shm logfile o flag rc norc h help V version\n"
+"                       lastmod bg sigpipe threads readrate netrate netlatency\n"
+"                       pipeinput clients client_count pid ext_xtest ext_xtrap\n"
+"                       ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay\n"
+"                       ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons\n"
+"                       button_mask mouse_x mouse_y bpp depth indexed_color\n"
+"                       dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y\n"
+"                       coff_x coff_y rfbauth passwd viewpasswd\n"
 "\n"
 "\n"
 "-QD variable           Just like -query variable, but returns the default\n"

x11vnc/options.c

@@ -30,6 +30,7 @@ int ssl_no_fail = 0;
 char *openssl_pem = NULL;
 char *ssl_certs_dir = NULL;
 int https_port_num = -1;
+int https_port_redir = 0;
 char *ssl_verify = NULL;
 int ssl_initialized = 0;
 int ssl_timeout_secs = -1;

x11vnc/options.h

@@ -30,6 +30,7 @@ extern int ssl_no_fail;
 extern char *openssl_pem;
 extern char *ssl_certs_dir;
 extern int https_port_num;
+extern int https_port_redir;
 extern char *ssl_verify;
 extern int ssl_initialized;
 extern int ssl_timeout_secs;

x11vnc/remote.c

@@ -4535,6 +4535,8 @@ char *process_remote_cmd(char *cmd, int stringonly) {
 			snprintf(buf, bufn, "aro=%s:%s", p, NONUL(stunnel_pem));
 		} else if (!strcmp(p, "https")) {
 			snprintf(buf, bufn, "aro=%s:%d", p, https_port_num);
+		} else if (!strcmp(p, "httpsredir")) {
+			snprintf(buf, bufn, "aro=%s:%d", p, https_port_redir);
 #endif
 		} else if (!strcmp(p, "usepw")) {
 			snprintf(buf, bufn, "aro=%s:%d", p, usepw);

x11vnc/sslhelper.c

@@ -1090,6 +1090,9 @@ static int is_ssl_readable(int s_in, time_t last_https, char *last_get,
 			tv.tv_sec  = 4;
 		}
 	}
+	if (getenv("X11VNC_HTTPS_VS_VNC_TIMEOUT")) {
+		tv.tv_sec  = atoi(getenv("X11VNC_HTTPS_VS_VNC_TIMEOUT"));
+	}
 if (db) fprintf(stderr, "tv_sec: %d - %s\n", (int) tv.tv_sec, last_get);
 
 	FD_ZERO(&rd);
@@ -1296,7 +1299,7 @@ void accept_openssl(int mode) {
 #endif
 	rfbClientPtr client;
 	pid_t pid;
-	char uniq[] = "__evilrats__";
+	char uniq[] = "_evilrats_";
 	char cookie[128], rcookie[128], *name = NULL;
 	static time_t last_https = 0;
 	static char last_get[128];
@@ -1627,6 +1630,27 @@ void accept_openssl(int mode) {
 			/* send the failure tag: */
 			strcpy(tbuf, uniq);
 
+			if (https_port_redir < 0) {
+				char *q = strstr(buf, "Host:");
+				int fport = 443;
+				char num[16];
+				if (q && strstr(q, "\n")) {
+				    q += strlen("Host:") + 1;
+				    while (*q != '\n') {
+					int p;
+					if (*q == ':' && sscanf(q, ":%d", &p) == 1) {
+						if (p > 0 && p < 65536) {
+							fport = p;
+							break;
+						}
+					}
+					q++;
+				    }
+				}
+				sprintf(num, "HP=%d,", fport);
+				strcat(tbuf, num);
+			}
+
 			if (strstr(buf, "HTTP/") != NULL)  {
 				char *q, *str;
 				/*
@@ -1758,7 +1782,44 @@ if (db) fprintf(stderr, "iface: %s\n", iface);
 			}
 			ssl_helper_pid(pid, -2);
 
-			if (mode == OPENSSL_INETD) {
+			if (https_port_redir) {
+				double start;
+				int origport = screen->port;
+				int useport = screen->port;
+				/* to expand $PORT correctly in index.vnc */
+				if (https_port_redir < 0) {
+					char *q = strstr(rcookie, "HP=");
+					if (q) {
+						int p;
+						if (sscanf(q, "HP=%d,", &p) == 1) {
+							useport = p;
+						}
+					}
+				} else {
+					useport = https_port_redir;
+				}
+				screen->port = useport;
+				if (origport != useport) {
+					rfbLog("SSL: -httpsredir guess port: %d\n", screen->port);
+				}
+
+				start = dnow();
+				while (dnow() < start + 10.0) {
+					rfbPE(10000);
+					usleep(10000);
+					waitpid(pid, &status, WNOHANG); 
+					if (kill(pid, 0) != 0) {
+						rfbPE(10000);
+						rfbPE(10000);
+						break;
+					}
+				}
+				screen->port = origport;
+				rfbLog("SSL: guessing child https finished.\n");
+				if (mode == OPENSSL_INETD) {
+					clean_up_exit(1);
+				}
+			} else if (mode == OPENSSL_INETD) {
 				double start;
 				/* to expand $PORT correctly in index.vnc */
 				if (screen->port == 0) {

x11vnc/user.c

@@ -1198,8 +1198,17 @@ void user_supplied_opts(char *opts) {
 				clear_mods = 2;
 			} else if (!strcmp(p, "noncache") ||
 			    !strcmp(p, "nc")) {
-				ncache = 0;
+				ncache  = 0;
 				ncache0 = 0;
+			} else if (strstr(p, "nc=") == p) {
+				int n2 = atoi(p + strlen("nc="));
+				if (nabs(n2) < nabs(ncache)) {
+					if (ncache < 0) {
+						ncache = -nabs(n2);
+					} else {
+						ncache = nabs(n2);
+					}
+				}
 			} else if (!strcmp(p, "repeat")) {
 				no_autorepeat = 0;
 			} else if (strstr(p, "speeds=") == p ||

x11vnc/x11vnc.1

@@ -2,7 +2,7 @@
 .TH X11VNC "1" "March 2007" "x11vnc " "User Commands"
 .SH NAME
 x11vnc - allow VNC connections to real X11 displays
-         version: 0.8.5, lastmod: 2007-03-13
+         version: 0.8.5, lastmod: 2007-03-19
 .SH SYNOPSIS
 .B x11vnc
 [OPTION]...
@@ -1642,6 +1642,28 @@ The SSL Java applet directory is specified via the
 \fB-httpdir\fR option.  If not supplied it will try to guess
 the directory as though the \fB-http\fR option was supplied.
 .PP
+\fB-httpsredir\fR \fI[port]\fR
+.IP
+In \fB-ssl\fR mode with the Java applet retrieved via HTTPS:
+when the HTML file containing applet parameters
+('index.vnc' or 'proxy.vnc') is sent do not set the
+applet PORT parameter to the actual VNC port but set it
+to "port" instead.  If "port" is not supplied, then
+the port number is guessed from the Host: HTTP header.
+.IP
+This is useful when an incoming TCP connection
+redirection is performed by a router/gateway/firewall
+from one port to an internal machine where x11vnc is
+listening on a different port. The Java applet needs to
+connect to the firewall/router port, not the VNC port
+on the internal workstation. For example, one could
+redir from mygateway.com:443 to workstation:5900.
+.IP
+This spares the user from having to type in
+https://mygateway.com/?PORT=443 into their web browser
+(note 443 is the default https port; other ports must
+be explicity indicated: https://mygateway.com:8000/...)
+.PP
 \fB-usepw\fR
 .IP
 If no other password method was supplied on the command
@@ -4638,17 +4660,17 @@ aro=  noop display vncdisplay desktopname guess_desktop
 http_url auth xauth users rootshift clipshift
 scale_str scaled_x scaled_y scale_numer scale_denom
 scale_fac scaling_blend scaling_nomult4 scaling_pad
-scaling_interpolate inetd privremote unsafe safer nocmds
-passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem
-sslverify stunnel stunnel_pem https usepw using_shm
-logfile o flag rc norc h help V version lastmod bg
-sigpipe threads readrate netrate netlatency pipeinput
-clients client_count pid ext_xtest ext_xtrap ext_xrecord
-ext_xkb ext_xshm ext_xinerama ext_overlay ext_xfixes
-ext_xdamage ext_xrandr rootwin num_buttons button_mask
-mouse_x mouse_y bpp depth indexed_color dpy_x dpy_y
-wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y
-rfbauth passwd viewpasswd
+scaling_interpolate inetd privremote unsafe safer
+nocmds passwdfile unixpw unixpw_nis unixpw_list ssl
+ssl_pem sslverify stunnel stunnel_pem https httpsredir
+usepw using_shm logfile o flag rc norc h help V version
+lastmod bg sigpipe threads readrate netrate netlatency
+pipeinput clients client_count pid ext_xtest ext_xtrap
+ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay
+ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons
+button_mask mouse_x mouse_y bpp depth indexed_color
+dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y
+coff_x coff_y rfbauth passwd viewpasswd
 .PP
 \fB-QD\fR \fIvariable\fR
 .IP

x11vnc/x11vnc.c

@@ -1983,6 +1983,15 @@ int main(int argc, char* argv[]) {
 					i++;
 				}
 			}
+		} else if (!strcmp(arg, "-httpsredir")) {
+			https_port_redir = -1;
+			if (i < argc-1) {
+				char *s = argv[i+1];
+				if (s[0] != '-') {
+					https_port_redir = atoi(s);
+					i++;
+				}
+			}
 #endif
 		} else if (!strcmp(arg, "-nopw")) {
 			nopw = 1;
@@ -3069,6 +3078,10 @@ int main(int argc, char* argv[]) {
 	if (ncache < 0) {
 		ncache_beta_tester = 1;
 		ncache = -ncache;
+		if (try_http || got_httpdir) {
+			/* JVM usually not set to handle all the memory */
+			ncache = 0;
+		}
 	}
 
 	if (raw_fb_str) {

x11vnc/x11vnc_defs.c

@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
 int xdamage_base_event_type = 0;
 
 /*               date +'lastmod: %Y-%m-%d' */
-char lastmod[] = "0.8.5 lastmod: 2007-03-13";
+char lastmod[] = "0.8.5 lastmod: 2007-03-19";
 
 /* X display info */