Commit 5e454662 authored by runge's avatar runge

x11vnc: -httpsredir, x11cursor fix, nc=N login opt, no -ncache betatest for java viewer.

parent f57eb874
2007-03-20 Karl Runge <runge@karlrunge.com>
* x11vnc: Add -httpsredir option for router port redirs.
set Xcursor bg/fg color values to zero. Env var to
force timeout: X11VNC_HTTPS_VS_VNC_TIMEOUT. Let user
supply nc=N at login prompt. Disable -ncache beta
test under -http/-httpdir.
2007-03-13 Karl Runge <runge@karlrunge.com> 2007-03-13 Karl Runge <runge@karlrunge.com>
* x11vnc: fix crash for kde dcop. limit ncache beta * x11vnc: fix crash for kde dcop. limit ncache beta
tester to 96MB viewers. tester to 96MB viewers.
......
This diff is collapsed.
...@@ -1209,6 +1209,16 @@ static rfbCursorPtr pixels2curs(unsigned long *pixels, int w, int h, ...@@ -1209,6 +1209,16 @@ static rfbCursorPtr pixels2curs(unsigned long *pixels, int w, int h,
c->cleanupRichSource = FALSE; c->cleanupRichSource = FALSE;
c->richSource = (unsigned char *) rich; c->richSource = (unsigned char *) rich;
/* zeroes mean interpolate the rich cursor somehow and use B+W */
c->foreRed = 0;
c->foreGreen = 0;
c->foreBlue = 0;
c->backRed = 0;
c->backGreen = 0;
c->backBlue = 0;
c->source = NULL;
if (alpha_blend && !indexed_color) { if (alpha_blend && !indexed_color) {
c->alphaSource = (unsigned char *) alpha; c->alphaSource = (unsigned char *) alpha;
c->alphaPreMultiplied = TRUE; c->alphaPreMultiplied = TRUE;
......
...@@ -1442,6 +1442,26 @@ void print_help(int mode) { ...@@ -1442,6 +1442,26 @@ void print_help(int mode) {
" -httpdir option. If not supplied it will try to guess\n" " -httpdir option. If not supplied it will try to guess\n"
" the directory as though the -http option was supplied.\n" " the directory as though the -http option was supplied.\n"
"\n" "\n"
"-httpsredir [port] In -ssl mode with the Java applet retrieved via HTTPS:\n"
" when the HTML file containing applet parameters\n"
" ('index.vnc' or 'proxy.vnc') is sent do not set the\n"
" applet PORT parameter to the actual VNC port but set it\n"
" to \"port\" instead. If \"port\" is not supplied, then\n"
" the port number is guessed from the Host: HTTP header.\n"
"\n"
" This is useful when an incoming TCP connection\n"
" redirection is performed by a router/gateway/firewall\n"
" from one port to an internal machine where x11vnc is\n"
" listening on a different port. The Java applet needs to\n"
" connect to the firewall/router port, not the VNC port\n"
" on the internal workstation. For example, one could\n"
" redir from mygateway.com:443 to workstation:5900.\n"
"\n"
" This spares the user from having to type in\n"
" https://mygateway.com/?PORT=443 into their web browser\n"
" (note 443 is the default https port; other ports must\n"
" be explicity indicated: https://mygateway.com:8000/...)\n"
"\n"
#endif #endif
"-usepw If no other password method was supplied on the command\n" "-usepw If no other password method was supplied on the command\n"
" line, first look for ~/.vnc/passwd and if found use it\n" " line, first look for ~/.vnc/passwd and if found use it\n"
...@@ -3784,17 +3804,17 @@ void print_help(int mode) { ...@@ -3784,17 +3804,17 @@ void print_help(int mode) {
" http_url auth xauth users rootshift clipshift\n" " http_url auth xauth users rootshift clipshift\n"
" scale_str scaled_x scaled_y scale_numer scale_denom\n" " scale_str scaled_x scaled_y scale_numer scale_denom\n"
" scale_fac scaling_blend scaling_nomult4 scaling_pad\n" " scale_fac scaling_blend scaling_nomult4 scaling_pad\n"
" scaling_interpolate inetd privremote unsafe safer nocmds\n" " scaling_interpolate inetd privremote unsafe safer\n"
" passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem\n" " nocmds passwdfile unixpw unixpw_nis unixpw_list ssl\n"
" sslverify stunnel stunnel_pem https usepw using_shm\n" " ssl_pem sslverify stunnel stunnel_pem https httpsredir\n"
" logfile o flag rc norc h help V version lastmod bg\n" " usepw using_shm logfile o flag rc norc h help V version\n"
" sigpipe threads readrate netrate netlatency pipeinput\n" " lastmod bg sigpipe threads readrate netrate netlatency\n"
" clients client_count pid ext_xtest ext_xtrap ext_xrecord\n" " pipeinput clients client_count pid ext_xtest ext_xtrap\n"
" ext_xkb ext_xshm ext_xinerama ext_overlay ext_xfixes\n" " ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay\n"
" ext_xdamage ext_xrandr rootwin num_buttons button_mask\n" " ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons\n"
" mouse_x mouse_y bpp depth indexed_color dpy_x dpy_y\n" " button_mask mouse_x mouse_y bpp depth indexed_color\n"
" wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y\n" " dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y\n"
" rfbauth passwd viewpasswd\n" " coff_x coff_y rfbauth passwd viewpasswd\n"
"\n" "\n"
"\n" "\n"
"-QD variable Just like -query variable, but returns the default\n" "-QD variable Just like -query variable, but returns the default\n"
......
...@@ -30,6 +30,7 @@ int ssl_no_fail = 0; ...@@ -30,6 +30,7 @@ int ssl_no_fail = 0;
char *openssl_pem = NULL; char *openssl_pem = NULL;
char *ssl_certs_dir = NULL; char *ssl_certs_dir = NULL;
int https_port_num = -1; int https_port_num = -1;
int https_port_redir = 0;
char *ssl_verify = NULL; char *ssl_verify = NULL;
int ssl_initialized = 0; int ssl_initialized = 0;
int ssl_timeout_secs = -1; int ssl_timeout_secs = -1;
......
...@@ -30,6 +30,7 @@ extern int ssl_no_fail; ...@@ -30,6 +30,7 @@ extern int ssl_no_fail;
extern char *openssl_pem; extern char *openssl_pem;
extern char *ssl_certs_dir; extern char *ssl_certs_dir;
extern int https_port_num; extern int https_port_num;
extern int https_port_redir;
extern char *ssl_verify; extern char *ssl_verify;
extern int ssl_initialized; extern int ssl_initialized;
extern int ssl_timeout_secs; extern int ssl_timeout_secs;
......
...@@ -4535,6 +4535,8 @@ char *process_remote_cmd(char *cmd, int stringonly) { ...@@ -4535,6 +4535,8 @@ char *process_remote_cmd(char *cmd, int stringonly) {
snprintf(buf, bufn, "aro=%s:%s", p, NONUL(stunnel_pem)); snprintf(buf, bufn, "aro=%s:%s", p, NONUL(stunnel_pem));
} else if (!strcmp(p, "https")) { } else if (!strcmp(p, "https")) {
snprintf(buf, bufn, "aro=%s:%d", p, https_port_num); snprintf(buf, bufn, "aro=%s:%d", p, https_port_num);
} else if (!strcmp(p, "httpsredir")) {
snprintf(buf, bufn, "aro=%s:%d", p, https_port_redir);
#endif #endif
} else if (!strcmp(p, "usepw")) { } else if (!strcmp(p, "usepw")) {
snprintf(buf, bufn, "aro=%s:%d", p, usepw); snprintf(buf, bufn, "aro=%s:%d", p, usepw);
......
...@@ -1090,6 +1090,9 @@ static int is_ssl_readable(int s_in, time_t last_https, char *last_get, ...@@ -1090,6 +1090,9 @@ static int is_ssl_readable(int s_in, time_t last_https, char *last_get,
tv.tv_sec = 4; tv.tv_sec = 4;
} }
} }
if (getenv("X11VNC_HTTPS_VS_VNC_TIMEOUT")) {
tv.tv_sec = atoi(getenv("X11VNC_HTTPS_VS_VNC_TIMEOUT"));
}
if (db) fprintf(stderr, "tv_sec: %d - %s\n", (int) tv.tv_sec, last_get); if (db) fprintf(stderr, "tv_sec: %d - %s\n", (int) tv.tv_sec, last_get);
FD_ZERO(&rd); FD_ZERO(&rd);
...@@ -1296,7 +1299,7 @@ void accept_openssl(int mode) { ...@@ -1296,7 +1299,7 @@ void accept_openssl(int mode) {
#endif #endif
rfbClientPtr client; rfbClientPtr client;
pid_t pid; pid_t pid;
char uniq[] = "__evilrats__"; char uniq[] = "_evilrats_";
char cookie[128], rcookie[128], *name = NULL; char cookie[128], rcookie[128], *name = NULL;
static time_t last_https = 0; static time_t last_https = 0;
static char last_get[128]; static char last_get[128];
...@@ -1627,6 +1630,27 @@ void accept_openssl(int mode) { ...@@ -1627,6 +1630,27 @@ void accept_openssl(int mode) {
/* send the failure tag: */ /* send the failure tag: */
strcpy(tbuf, uniq); strcpy(tbuf, uniq);
if (https_port_redir < 0) {
char *q = strstr(buf, "Host:");
int fport = 443;
char num[16];
if (q && strstr(q, "\n")) {
q += strlen("Host:") + 1;
while (*q != '\n') {
int p;
if (*q == ':' && sscanf(q, ":%d", &p) == 1) {
if (p > 0 && p < 65536) {
fport = p;
break;
}
}
q++;
}
}
sprintf(num, "HP=%d,", fport);
strcat(tbuf, num);
}
if (strstr(buf, "HTTP/") != NULL) { if (strstr(buf, "HTTP/") != NULL) {
char *q, *str; char *q, *str;
/* /*
...@@ -1758,7 +1782,44 @@ if (db) fprintf(stderr, "iface: %s\n", iface); ...@@ -1758,7 +1782,44 @@ if (db) fprintf(stderr, "iface: %s\n", iface);
} }
ssl_helper_pid(pid, -2); ssl_helper_pid(pid, -2);
if (mode == OPENSSL_INETD) { if (https_port_redir) {
double start;
int origport = screen->port;
int useport = screen->port;
/* to expand $PORT correctly in index.vnc */
if (https_port_redir < 0) {
char *q = strstr(rcookie, "HP=");
if (q) {
int p;
if (sscanf(q, "HP=%d,", &p) == 1) {
useport = p;
}
}
} else {
useport = https_port_redir;
}
screen->port = useport;
if (origport != useport) {
rfbLog("SSL: -httpsredir guess port: %d\n", screen->port);
}
start = dnow();
while (dnow() < start + 10.0) {
rfbPE(10000);
usleep(10000);
waitpid(pid, &status, WNOHANG);
if (kill(pid, 0) != 0) {
rfbPE(10000);
rfbPE(10000);
break;
}
}
screen->port = origport;
rfbLog("SSL: guessing child https finished.\n");
if (mode == OPENSSL_INETD) {
clean_up_exit(1);
}
} else if (mode == OPENSSL_INETD) {
double start; double start;
/* to expand $PORT correctly in index.vnc */ /* to expand $PORT correctly in index.vnc */
if (screen->port == 0) { if (screen->port == 0) {
......
...@@ -1198,8 +1198,17 @@ void user_supplied_opts(char *opts) { ...@@ -1198,8 +1198,17 @@ void user_supplied_opts(char *opts) {
clear_mods = 2; clear_mods = 2;
} else if (!strcmp(p, "noncache") || } else if (!strcmp(p, "noncache") ||
!strcmp(p, "nc")) { !strcmp(p, "nc")) {
ncache = 0; ncache = 0;
ncache0 = 0; ncache0 = 0;
} else if (strstr(p, "nc=") == p) {
int n2 = atoi(p + strlen("nc="));
if (nabs(n2) < nabs(ncache)) {
if (ncache < 0) {
ncache = -nabs(n2);
} else {
ncache = nabs(n2);
}
}
} else if (!strcmp(p, "repeat")) { } else if (!strcmp(p, "repeat")) {
no_autorepeat = 0; no_autorepeat = 0;
} else if (strstr(p, "speeds=") == p || } else if (strstr(p, "speeds=") == p ||
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
.TH X11VNC "1" "March 2007" "x11vnc " "User Commands" .TH X11VNC "1" "March 2007" "x11vnc " "User Commands"
.SH NAME .SH NAME
x11vnc - allow VNC connections to real X11 displays x11vnc - allow VNC connections to real X11 displays
version: 0.8.5, lastmod: 2007-03-13 version: 0.8.5, lastmod: 2007-03-19
.SH SYNOPSIS .SH SYNOPSIS
.B x11vnc .B x11vnc
[OPTION]... [OPTION]...
...@@ -1642,6 +1642,28 @@ The SSL Java applet directory is specified via the ...@@ -1642,6 +1642,28 @@ The SSL Java applet directory is specified via the
\fB-httpdir\fR option. If not supplied it will try to guess \fB-httpdir\fR option. If not supplied it will try to guess
the directory as though the \fB-http\fR option was supplied. the directory as though the \fB-http\fR option was supplied.
.PP .PP
\fB-httpsredir\fR \fI[port]\fR
.IP
In \fB-ssl\fR mode with the Java applet retrieved via HTTPS:
when the HTML file containing applet parameters
('index.vnc' or 'proxy.vnc') is sent do not set the
applet PORT parameter to the actual VNC port but set it
to "port" instead. If "port" is not supplied, then
the port number is guessed from the Host: HTTP header.
.IP
This is useful when an incoming TCP connection
redirection is performed by a router/gateway/firewall
from one port to an internal machine where x11vnc is
listening on a different port. The Java applet needs to
connect to the firewall/router port, not the VNC port
on the internal workstation. For example, one could
redir from mygateway.com:443 to workstation:5900.
.IP
This spares the user from having to type in
https://mygateway.com/?PORT=443 into their web browser
(note 443 is the default https port; other ports must
be explicity indicated: https://mygateway.com:8000/...)
.PP
\fB-usepw\fR \fB-usepw\fR
.IP .IP
If no other password method was supplied on the command If no other password method was supplied on the command
...@@ -4638,17 +4660,17 @@ aro= noop display vncdisplay desktopname guess_desktop ...@@ -4638,17 +4660,17 @@ aro= noop display vncdisplay desktopname guess_desktop
http_url auth xauth users rootshift clipshift http_url auth xauth users rootshift clipshift
scale_str scaled_x scaled_y scale_numer scale_denom scale_str scaled_x scaled_y scale_numer scale_denom
scale_fac scaling_blend scaling_nomult4 scaling_pad scale_fac scaling_blend scaling_nomult4 scaling_pad
scaling_interpolate inetd privremote unsafe safer nocmds scaling_interpolate inetd privremote unsafe safer
passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem nocmds passwdfile unixpw unixpw_nis unixpw_list ssl
sslverify stunnel stunnel_pem https usepw using_shm ssl_pem sslverify stunnel stunnel_pem https httpsredir
logfile o flag rc norc h help V version lastmod bg usepw using_shm logfile o flag rc norc h help V version
sigpipe threads readrate netrate netlatency pipeinput lastmod bg sigpipe threads readrate netrate netlatency
clients client_count pid ext_xtest ext_xtrap ext_xrecord pipeinput clients client_count pid ext_xtest ext_xtrap
ext_xkb ext_xshm ext_xinerama ext_overlay ext_xfixes ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay
ext_xdamage ext_xrandr rootwin num_buttons button_mask ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons
mouse_x mouse_y bpp depth indexed_color dpy_x dpy_y button_mask mouse_x mouse_y bpp depth indexed_color
wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y
rfbauth passwd viewpasswd coff_x coff_y rfbauth passwd viewpasswd
.PP .PP
\fB-QD\fR \fIvariable\fR \fB-QD\fR \fIvariable\fR
.IP .IP
......
...@@ -1983,6 +1983,15 @@ int main(int argc, char* argv[]) { ...@@ -1983,6 +1983,15 @@ int main(int argc, char* argv[]) {
i++; i++;
} }
} }
} else if (!strcmp(arg, "-httpsredir")) {
https_port_redir = -1;
if (i < argc-1) {
char *s = argv[i+1];
if (s[0] != '-') {
https_port_redir = atoi(s);
i++;
}
}
#endif #endif
} else if (!strcmp(arg, "-nopw")) { } else if (!strcmp(arg, "-nopw")) {
nopw = 1; nopw = 1;
...@@ -3069,6 +3078,10 @@ int main(int argc, char* argv[]) { ...@@ -3069,6 +3078,10 @@ int main(int argc, char* argv[]) {
if (ncache < 0) { if (ncache < 0) {
ncache_beta_tester = 1; ncache_beta_tester = 1;
ncache = -ncache; ncache = -ncache;
if (try_http || got_httpdir) {
/* JVM usually not set to handle all the memory */
ncache = 0;
}
} }
if (raw_fb_str) { if (raw_fb_str) {
......
...@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0; ...@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0; int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */ /* date +'lastmod: %Y-%m-%d' */
char lastmod[] = "0.8.5 lastmod: 2007-03-13"; char lastmod[] = "0.8.5 lastmod: 2007-03-19";
/* X display info */ /* X display info */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment