x11vnc: in -unixpw, initial Escape means no echo username.

prepare_x11vnc_dist.sh

 #!/bin/bash
 
-VERSION="0.9.1"
+VERSION="0.9.2"
 
 cd "$(dirname "$0")"
 

x11vnc/ChangeLog

+2007-05-26  Karl Runge <runge@karlrunge.com>
+	* x11vnc: set to version 0.9.2, back to NCACHE -12 for testing.
+	  in -unixpw, initial Escape means no echo username (see ssvnc).
+
 2007-05-21  Karl Runge <runge@karlrunge.com>
 	* x11vnc: set things up (NCACHE = -1) to not have -ncache
 	  on by default; just give a blurb about it.

x11vnc/help.c

@@ -603,27 +603,32 @@ void print_help(int mode) {
 "                       send one before a 25 second timeout.  Existing clients\n"
 "                       are view-only during this period.\n"
 "\n"
+"                       If the first character received is \"Escape\" then the\n"
+"                       unix username will not be displayed after \"login:\"\n"
+"                       as it is typed.  This could be of use for VNC viewers\n"
+"                       that automatically type the username and password.\n"
+"\n"
 "                       Since the detailed behavior of su(1) can vary from\n"
 "                       OS to OS and for local configurations, test the mode\n"
-"                       carefully on your systems before using it in production.\n"
-"                       Test different combinations of valid/invalid usernames\n"
-"                       and valid/invalid passwords to see if it behaves as\n"
-"                       expected.  x11vnc will attempt to be conservative and\n"
+"                       carefully.  x11vnc will attempt to be conservative and\n"
 "                       reject a login if anything abnormal occurs.\n"
 "\n"
-"                       On FreeBSD and the other BSD's by default it is\n"
-"                       impossible for the user running x11vnc to validate\n"
-"                       his *own* password via su(1) (evidently commenting out\n"
+"                       One case to note: FreeBSD and the other BSD's by\n"
+"                       default it is impossible for the user running x11vnc to\n"
+"                       validate his *own* password via su(1) (commenting out\n"
 "                       the pam_self.so entry in /etc/pam.d/su eliminates this\n"
-"                       problem).  So the x11vnc login will always *fail* for\n"
+"                       behavior).  So the x11vnc login will always *FAIL* for\n"
 "                       this case (even when the correct password is supplied).\n"
 "\n"
-"                       A possible workaround for this would be to start\n"
-"                       x11vnc as root with the \"-users +nobody\" option to\n"
-"                       immediately switch to user nobody.  Another source of\n"
-"                       problems are PAM modules that prompt for extra info,\n"
-"                       e.g. password aging modules.  These logins will fail\n"
-"                       as well even when the correct password is supplied.\n"
+"                       A possible workaround for this on *BSD would be to\n"
+"                       start x11vnc as root with the \"-users +nobody\" option\n"
+"                       to immediately switch to user nobody where the su'ing\n"
+"                       will proceed normally.\n"
+"\n"
+"                       Another source of potential problems are PAM modules\n"
+"                       that prompt for extra info, e.g. password aging modules.\n"
+"                       These logins will fail as well even when the correct\n"
+"                       password is supplied.\n"
 "\n"
 "                       **IMPORTANT**: to prevent the Unix password being sent\n"
 "                       in *clear text* over the network, one of two schemes\n"
@@ -676,10 +681,6 @@ void print_help(int mode) {
 "                       (default port 5500).  Please use a ssh or stunnel port\n"
 "                       redirection to the viewer machine to tunnel the reverse\n"
 "                       connection over an encrypted channel.\n"
-#if 0
-"                       Note that in -ssl\n"
-"                       mode reverse connection are disabled (see below). XXX\n"
-#endif
 "\n"
 "                       In -inetd mode the Method 1) will be enforced (not\n"
 "                       Method 2).  With -ssl in effect reverse connections\n"
@@ -1707,6 +1708,9 @@ void print_help(int mode) {
 "                       commands, RFB_SSL_CLIENT_CERT will be set to the\n"
 "                       client's x509 certificate string.\n"
 "\n"
+"                       The sslpeer= mode can aid finding X sessions via the\n"
+"                       FINDDISPLAY and FINDCREATEDISPLAY mechanisms.\n"
+"\n"
 "                       To immediately switch to a user *before* connections\n"
 "                       to the X display are made or any files opened use the\n"
 "                       \"=\" character: \"-users =bob\".  That user needs to\n"

x11vnc/options.c

@@ -206,8 +206,8 @@ int wireframe_local = 1;
 #ifdef NO_NCACHE
 #define NCACHE 0 
 #else
-#define xxNCACHE -12
-#define NCACHE -1
+#define NCACHE -12
+#define xxNCACHE -1
 #endif
 #endif
 

x11vnc/unixpw.c

@@ -1126,6 +1126,7 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
 	int x, y, i, rc, nmax = 100;
 	static char user_r[100], user[100], pass[100];
 	static int  u_cnt = 0, p_cnt = 0, first = 1;
+	static int echo = 1;
 	char keystr[100];
 	char *str;
 
@@ -1143,6 +1144,7 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
 		in_login = 1;
 		in_passwd = 0;
 		unixpw_denied = 0;
+		echo = 1;
 		if (init == 1) {
 			tries = 0;
 		}
@@ -1209,6 +1211,11 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
 	} else if (! down) {
 		return;
 	}
+	if (in_login && keysym == XK_Escape && u_cnt == 0) {
+		echo = 0;	
+		rfbLog("unixpw_keystroke: echo off.\n");
+		return;
+	}
 
 	if (in_login) {
 		if (keysym == XK_BackSpace || keysym == XK_Delete) {
@@ -1295,8 +1302,10 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
 
 				x = text_x();
 				y = text_y();
-				rfbDrawString(pscreen, &default8x16Font, x, y,
-				    str, white_pixel());
+				if (echo) {
+					rfbDrawString(pscreen, &default8x16Font, x, y,
+					    str, white_pixel());
+				}
 				mark_rect_as_modified(x, y-char_h, x+char_w,
 				    y, scaling);
 				char_col++;
@@ -1340,7 +1349,9 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
 
 if (db && db <= 2) fprintf(stderr, "u_cnt: %d %d/%d ks: 0x%x  '%s'\n", u_cnt, x, y, keysym, keystr);
 
-		rfbDrawString(pscreen, &default8x16Font, x, y, keystr, white_pixel());
+		if (echo ) {
+			rfbDrawString(pscreen, &default8x16Font, x, y, keystr, white_pixel());
+		}
 
 		mark_rect_as_modified(x, y-char_h, x+char_w, y, scaling);
 		char_col++;

x11vnc/x11vnc.1

@@ -2,7 +2,7 @@
 .TH X11VNC "1" "May 2007" "x11vnc " "User Commands"
 .SH NAME
 x11vnc - allow VNC connections to real X11 displays
-         version: 0.9.1, lastmod: 2007-05-21
+         version: 0.9.2, lastmod: 2007-05-26
 .SH SYNOPSIS
 .B x11vnc
 [OPTION]...
@@ -718,31 +718,36 @@ to supply the correct password in 3 tries or does not
 send one before a 25 second timeout.  Existing clients
 are view-only during this period.
 .IP
+If the first character received is "Escape" then the
+unix username will not be displayed after "login:"
+as it is typed.  This could be of use for VNC viewers
+that automatically type the username and password.
+.IP
 Since the detailed behavior of 
 .IR su (1)
 can vary from
 OS to OS and for local configurations, test the mode
-carefully on your systems before using it in production.
-Test different combinations of valid/invalid usernames
-and valid/invalid passwords to see if it behaves as
-expected.  x11vnc will attempt to be conservative and
+carefully.  x11vnc will attempt to be conservative and
 reject a login if anything abnormal occurs.
 .IP
-On FreeBSD and the other BSD's by default it is
-impossible for the user running x11vnc to validate
-his *own* password via 
+One case to note: FreeBSD and the other BSD's by
+default it is impossible for the user running x11vnc to
+validate his *own* password via 
 .IR su (1)
-(evidently commenting out
+(commenting out
 the pam_self.so entry in /etc/pam.d/su eliminates this
-problem).  So the x11vnc login will always *fail* for
+behavior).  So the x11vnc login will always *FAIL* for
 this case (even when the correct password is supplied).
 .IP
-A possible workaround for this would be to start
-x11vnc as root with the "\fB-users\fR \fI+nobody\fR" option to
-immediately switch to user nobody.  Another source of
-problems are PAM modules that prompt for extra info,
-e.g. password aging modules.  These logins will fail
-as well even when the correct password is supplied.
+A possible workaround for this on *BSD would be to
+start x11vnc as root with the "\fB-users\fR \fI+nobody\fR" option
+to immediately switch to user nobody where the su'ing
+will proceed normally.
+.IP
+Another source of potential problems are PAM modules
+that prompt for extra info, e.g. password aging modules.
+These logins will fail as well even when the correct
+password is supplied.
 .IP
 **IMPORTANT**: to prevent the Unix password being sent
 in *clear text* over the network, one of two schemes
@@ -1934,6 +1939,9 @@ env. vars. (see \fB-accept)\fR passed to external cmd=
 commands, RFB_SSL_CLIENT_CERT will be set to the
 client's x509 certificate string.
 .IP
+The sslpeer= mode can aid finding X sessions via the
+FINDDISPLAY and FINDCREATEDISPLAY mechanisms.
+.IP
 To immediately switch to a user *before* connections
 to the X display are made or any files opened use the
 "=" character: "\fB-users\fR \fI=bob\fR".  That user needs to

x11vnc/x11vnc_defs.c

@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
 int xdamage_base_event_type = 0;
 
 /*               date +'lastmod: %Y-%m-%d' */
-char lastmod[] = "0.9.1 lastmod: 2007-05-21";
+char lastmod[] = "0.9.2 lastmod: 2007-05-26";
 
 /* X display info */