Commit 5e454662 authored by runge's avatar runge

x11vnc: -httpsredir, x11cursor fix, nc=N login opt, no -ncache betatest for java viewer.

parent f57eb874
2007-03-20 Karl Runge <runge@karlrunge.com>
* x11vnc: Add -httpsredir option for router port redirs.
set Xcursor bg/fg color values to zero. Env var to
force timeout: X11VNC_HTTPS_VS_VNC_TIMEOUT. Let user
supply nc=N at login prompt. Disable -ncache beta
test under -http/-httpdir.
2007-03-13 Karl Runge <runge@karlrunge.com>
* x11vnc: fix crash for kde dcop. limit ncache beta
tester to 96MB viewers.
......
This diff is collapsed.
......@@ -1209,6 +1209,16 @@ static rfbCursorPtr pixels2curs(unsigned long *pixels, int w, int h,
c->cleanupRichSource = FALSE;
c->richSource = (unsigned char *) rich;
/* zeroes mean interpolate the rich cursor somehow and use B+W */
c->foreRed = 0;
c->foreGreen = 0;
c->foreBlue = 0;
c->backRed = 0;
c->backGreen = 0;
c->backBlue = 0;
c->source = NULL;
if (alpha_blend && !indexed_color) {
c->alphaSource = (unsigned char *) alpha;
c->alphaPreMultiplied = TRUE;
......
......@@ -1442,6 +1442,26 @@ void print_help(int mode) {
" -httpdir option. If not supplied it will try to guess\n"
" the directory as though the -http option was supplied.\n"
"\n"
"-httpsredir [port] In -ssl mode with the Java applet retrieved via HTTPS:\n"
" when the HTML file containing applet parameters\n"
" ('index.vnc' or 'proxy.vnc') is sent do not set the\n"
" applet PORT parameter to the actual VNC port but set it\n"
" to \"port\" instead. If \"port\" is not supplied, then\n"
" the port number is guessed from the Host: HTTP header.\n"
"\n"
" This is useful when an incoming TCP connection\n"
" redirection is performed by a router/gateway/firewall\n"
" from one port to an internal machine where x11vnc is\n"
" listening on a different port. The Java applet needs to\n"
" connect to the firewall/router port, not the VNC port\n"
" on the internal workstation. For example, one could\n"
" redir from mygateway.com:443 to workstation:5900.\n"
"\n"
" This spares the user from having to type in\n"
" https://mygateway.com/?PORT=443 into their web browser\n"
" (note 443 is the default https port; other ports must\n"
" be explicity indicated: https://mygateway.com:8000/...)\n"
"\n"
#endif
"-usepw If no other password method was supplied on the command\n"
" line, first look for ~/.vnc/passwd and if found use it\n"
......@@ -3784,17 +3804,17 @@ void print_help(int mode) {
" http_url auth xauth users rootshift clipshift\n"
" scale_str scaled_x scaled_y scale_numer scale_denom\n"
" scale_fac scaling_blend scaling_nomult4 scaling_pad\n"
" scaling_interpolate inetd privremote unsafe safer nocmds\n"
" passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem\n"
" sslverify stunnel stunnel_pem https usepw using_shm\n"
" logfile o flag rc norc h help V version lastmod bg\n"
" sigpipe threads readrate netrate netlatency pipeinput\n"
" clients client_count pid ext_xtest ext_xtrap ext_xrecord\n"
" ext_xkb ext_xshm ext_xinerama ext_overlay ext_xfixes\n"
" ext_xdamage ext_xrandr rootwin num_buttons button_mask\n"
" mouse_x mouse_y bpp depth indexed_color dpy_x dpy_y\n"
" wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y\n"
" rfbauth passwd viewpasswd\n"
" scaling_interpolate inetd privremote unsafe safer\n"
" nocmds passwdfile unixpw unixpw_nis unixpw_list ssl\n"
" ssl_pem sslverify stunnel stunnel_pem https httpsredir\n"
" usepw using_shm logfile o flag rc norc h help V version\n"
" lastmod bg sigpipe threads readrate netrate netlatency\n"
" pipeinput clients client_count pid ext_xtest ext_xtrap\n"
" ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay\n"
" ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons\n"
" button_mask mouse_x mouse_y bpp depth indexed_color\n"
" dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y\n"
" coff_x coff_y rfbauth passwd viewpasswd\n"
"\n"
"\n"
"-QD variable Just like -query variable, but returns the default\n"
......
......@@ -30,6 +30,7 @@ int ssl_no_fail = 0;
char *openssl_pem = NULL;
char *ssl_certs_dir = NULL;
int https_port_num = -1;
int https_port_redir = 0;
char *ssl_verify = NULL;
int ssl_initialized = 0;
int ssl_timeout_secs = -1;
......
......@@ -30,6 +30,7 @@ extern int ssl_no_fail;
extern char *openssl_pem;
extern char *ssl_certs_dir;
extern int https_port_num;
extern int https_port_redir;
extern char *ssl_verify;
extern int ssl_initialized;
extern int ssl_timeout_secs;
......
......@@ -4535,6 +4535,8 @@ char *process_remote_cmd(char *cmd, int stringonly) {
snprintf(buf, bufn, "aro=%s:%s", p, NONUL(stunnel_pem));
} else if (!strcmp(p, "https")) {
snprintf(buf, bufn, "aro=%s:%d", p, https_port_num);
} else if (!strcmp(p, "httpsredir")) {
snprintf(buf, bufn, "aro=%s:%d", p, https_port_redir);
#endif
} else if (!strcmp(p, "usepw")) {
snprintf(buf, bufn, "aro=%s:%d", p, usepw);
......
......@@ -1090,6 +1090,9 @@ static int is_ssl_readable(int s_in, time_t last_https, char *last_get,
tv.tv_sec = 4;
}
}
if (getenv("X11VNC_HTTPS_VS_VNC_TIMEOUT")) {
tv.tv_sec = atoi(getenv("X11VNC_HTTPS_VS_VNC_TIMEOUT"));
}
if (db) fprintf(stderr, "tv_sec: %d - %s\n", (int) tv.tv_sec, last_get);
FD_ZERO(&rd);
......@@ -1296,7 +1299,7 @@ void accept_openssl(int mode) {
#endif
rfbClientPtr client;
pid_t pid;
char uniq[] = "__evilrats__";
char uniq[] = "_evilrats_";
char cookie[128], rcookie[128], *name = NULL;
static time_t last_https = 0;
static char last_get[128];
......@@ -1627,6 +1630,27 @@ void accept_openssl(int mode) {
/* send the failure tag: */
strcpy(tbuf, uniq);
if (https_port_redir < 0) {
char *q = strstr(buf, "Host:");
int fport = 443;
char num[16];
if (q && strstr(q, "\n")) {
q += strlen("Host:") + 1;
while (*q != '\n') {
int p;
if (*q == ':' && sscanf(q, ":%d", &p) == 1) {
if (p > 0 && p < 65536) {
fport = p;
break;
}
}
q++;
}
}
sprintf(num, "HP=%d,", fport);
strcat(tbuf, num);
}
if (strstr(buf, "HTTP/") != NULL) {
char *q, *str;
/*
......@@ -1758,7 +1782,44 @@ if (db) fprintf(stderr, "iface: %s\n", iface);
}
ssl_helper_pid(pid, -2);
if (https_port_redir) {
double start;
int origport = screen->port;
int useport = screen->port;
/* to expand $PORT correctly in index.vnc */
if (https_port_redir < 0) {
char *q = strstr(rcookie, "HP=");
if (q) {
int p;
if (sscanf(q, "HP=%d,", &p) == 1) {
useport = p;
}
}
} else {
useport = https_port_redir;
}
screen->port = useport;
if (origport != useport) {
rfbLog("SSL: -httpsredir guess port: %d\n", screen->port);
}
start = dnow();
while (dnow() < start + 10.0) {
rfbPE(10000);
usleep(10000);
waitpid(pid, &status, WNOHANG);
if (kill(pid, 0) != 0) {
rfbPE(10000);
rfbPE(10000);
break;
}
}
screen->port = origport;
rfbLog("SSL: guessing child https finished.\n");
if (mode == OPENSSL_INETD) {
clean_up_exit(1);
}
} else if (mode == OPENSSL_INETD) {
double start;
/* to expand $PORT correctly in index.vnc */
if (screen->port == 0) {
......
......@@ -1200,6 +1200,15 @@ void user_supplied_opts(char *opts) {
!strcmp(p, "nc")) {
ncache = 0;
ncache0 = 0;
} else if (strstr(p, "nc=") == p) {
int n2 = atoi(p + strlen("nc="));
if (nabs(n2) < nabs(ncache)) {
if (ncache < 0) {
ncache = -nabs(n2);
} else {
ncache = nabs(n2);
}
}
} else if (!strcmp(p, "repeat")) {
no_autorepeat = 0;
} else if (strstr(p, "speeds=") == p ||
......
......@@ -2,7 +2,7 @@
.TH X11VNC "1" "March 2007" "x11vnc " "User Commands"
.SH NAME
x11vnc - allow VNC connections to real X11 displays
version: 0.8.5, lastmod: 2007-03-13
version: 0.8.5, lastmod: 2007-03-19
.SH SYNOPSIS
.B x11vnc
[OPTION]...
......@@ -1642,6 +1642,28 @@ The SSL Java applet directory is specified via the
\fB-httpdir\fR option. If not supplied it will try to guess
the directory as though the \fB-http\fR option was supplied.
.PP
\fB-httpsredir\fR \fI[port]\fR
.IP
In \fB-ssl\fR mode with the Java applet retrieved via HTTPS:
when the HTML file containing applet parameters
('index.vnc' or 'proxy.vnc') is sent do not set the
applet PORT parameter to the actual VNC port but set it
to "port" instead. If "port" is not supplied, then
the port number is guessed from the Host: HTTP header.
.IP
This is useful when an incoming TCP connection
redirection is performed by a router/gateway/firewall
from one port to an internal machine where x11vnc is
listening on a different port. The Java applet needs to
connect to the firewall/router port, not the VNC port
on the internal workstation. For example, one could
redir from mygateway.com:443 to workstation:5900.
.IP
This spares the user from having to type in
https://mygateway.com/?PORT=443 into their web browser
(note 443 is the default https port; other ports must
be explicity indicated: https://mygateway.com:8000/...)
.PP
\fB-usepw\fR
.IP
If no other password method was supplied on the command
......@@ -4638,17 +4660,17 @@ aro= noop display vncdisplay desktopname guess_desktop
http_url auth xauth users rootshift clipshift
scale_str scaled_x scaled_y scale_numer scale_denom
scale_fac scaling_blend scaling_nomult4 scaling_pad
scaling_interpolate inetd privremote unsafe safer nocmds
passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem
sslverify stunnel stunnel_pem https usepw using_shm
logfile o flag rc norc h help V version lastmod bg
sigpipe threads readrate netrate netlatency pipeinput
clients client_count pid ext_xtest ext_xtrap ext_xrecord
ext_xkb ext_xshm ext_xinerama ext_overlay ext_xfixes
ext_xdamage ext_xrandr rootwin num_buttons button_mask
mouse_x mouse_y bpp depth indexed_color dpy_x dpy_y
wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y
rfbauth passwd viewpasswd
scaling_interpolate inetd privremote unsafe safer
nocmds passwdfile unixpw unixpw_nis unixpw_list ssl
ssl_pem sslverify stunnel stunnel_pem https httpsredir
usepw using_shm logfile o flag rc norc h help V version
lastmod bg sigpipe threads readrate netrate netlatency
pipeinput clients client_count pid ext_xtest ext_xtrap
ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay
ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons
button_mask mouse_x mouse_y bpp depth indexed_color
dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y
coff_x coff_y rfbauth passwd viewpasswd
.PP
\fB-QD\fR \fIvariable\fR
.IP
......
......@@ -1983,6 +1983,15 @@ int main(int argc, char* argv[]) {
i++;
}
}
} else if (!strcmp(arg, "-httpsredir")) {
https_port_redir = -1;
if (i < argc-1) {
char *s = argv[i+1];
if (s[0] != '-') {
https_port_redir = atoi(s);
i++;
}
}
#endif
} else if (!strcmp(arg, "-nopw")) {
nopw = 1;
......@@ -3069,6 +3078,10 @@ int main(int argc, char* argv[]) {
if (ncache < 0) {
ncache_beta_tester = 1;
ncache = -ncache;
if (try_http || got_httpdir) {
/* JVM usually not set to handle all the memory */
ncache = 0;
}
}
if (raw_fb_str) {
......
......@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */
char lastmod[] = "0.8.5 lastmod: 2007-03-13";
char lastmod[] = "0.8.5 lastmod: 2007-03-19";
/* X display info */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment