Commit 7fffc5d3 authored by runge's avatar runge

x11vnc: in -unixpw, initial Escape means no echo username.

parent cb227d4b
#!/bin/bash
VERSION="0.9.1"
VERSION="0.9.2"
cd "$(dirname "$0")"
......
2007-05-26 Karl Runge <runge@karlrunge.com>
* x11vnc: set to version 0.9.2, back to NCACHE -12 for testing.
in -unixpw, initial Escape means no echo username (see ssvnc).
2007-05-21 Karl Runge <runge@karlrunge.com>
* x11vnc: set things up (NCACHE = -1) to not have -ncache
on by default; just give a blurb about it.
......
This diff is collapsed.
......@@ -603,27 +603,32 @@ void print_help(int mode) {
" send one before a 25 second timeout. Existing clients\n"
" are view-only during this period.\n"
"\n"
" If the first character received is \"Escape\" then the\n"
" unix username will not be displayed after \"login:\"\n"
" as it is typed. This could be of use for VNC viewers\n"
" that automatically type the username and password.\n"
"\n"
" Since the detailed behavior of su(1) can vary from\n"
" OS to OS and for local configurations, test the mode\n"
" carefully on your systems before using it in production.\n"
" Test different combinations of valid/invalid usernames\n"
" and valid/invalid passwords to see if it behaves as\n"
" expected. x11vnc will attempt to be conservative and\n"
" carefully. x11vnc will attempt to be conservative and\n"
" reject a login if anything abnormal occurs.\n"
"\n"
" On FreeBSD and the other BSD's by default it is\n"
" impossible for the user running x11vnc to validate\n"
" his *own* password via su(1) (evidently commenting out\n"
" One case to note: FreeBSD and the other BSD's by\n"
" default it is impossible for the user running x11vnc to\n"
" validate his *own* password via su(1) (commenting out\n"
" the pam_self.so entry in /etc/pam.d/su eliminates this\n"
" problem). So the x11vnc login will always *fail* for\n"
" behavior). So the x11vnc login will always *FAIL* for\n"
" this case (even when the correct password is supplied).\n"
"\n"
" A possible workaround for this would be to start\n"
" x11vnc as root with the \"-users +nobody\" option to\n"
" immediately switch to user nobody. Another source of\n"
" problems are PAM modules that prompt for extra info,\n"
" e.g. password aging modules. These logins will fail\n"
" as well even when the correct password is supplied.\n"
" A possible workaround for this on *BSD would be to\n"
" start x11vnc as root with the \"-users +nobody\" option\n"
" to immediately switch to user nobody where the su'ing\n"
" will proceed normally.\n"
"\n"
" Another source of potential problems are PAM modules\n"
" that prompt for extra info, e.g. password aging modules.\n"
" These logins will fail as well even when the correct\n"
" password is supplied.\n"
"\n"
" **IMPORTANT**: to prevent the Unix password being sent\n"
" in *clear text* over the network, one of two schemes\n"
......@@ -676,10 +681,6 @@ void print_help(int mode) {
" (default port 5500). Please use a ssh or stunnel port\n"
" redirection to the viewer machine to tunnel the reverse\n"
" connection over an encrypted channel.\n"
#if 0
" Note that in -ssl\n"
" mode reverse connection are disabled (see below). XXX\n"
#endif
"\n"
" In -inetd mode the Method 1) will be enforced (not\n"
" Method 2). With -ssl in effect reverse connections\n"
......@@ -1707,6 +1708,9 @@ void print_help(int mode) {
" commands, RFB_SSL_CLIENT_CERT will be set to the\n"
" client's x509 certificate string.\n"
"\n"
" The sslpeer= mode can aid finding X sessions via the\n"
" FINDDISPLAY and FINDCREATEDISPLAY mechanisms.\n"
"\n"
" To immediately switch to a user *before* connections\n"
" to the X display are made or any files opened use the\n"
" \"=\" character: \"-users =bob\". That user needs to\n"
......
......@@ -206,8 +206,8 @@ int wireframe_local = 1;
#ifdef NO_NCACHE
#define NCACHE 0
#else
#define xxNCACHE -12
#define NCACHE -1
#define NCACHE -12
#define xxNCACHE -1
#endif
#endif
......
......@@ -1126,6 +1126,7 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
int x, y, i, rc, nmax = 100;
static char user_r[100], user[100], pass[100];
static int u_cnt = 0, p_cnt = 0, first = 1;
static int echo = 1;
char keystr[100];
char *str;
......@@ -1143,6 +1144,7 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
in_login = 1;
in_passwd = 0;
unixpw_denied = 0;
echo = 1;
if (init == 1) {
tries = 0;
}
......@@ -1209,6 +1211,11 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
} else if (! down) {
return;
}
if (in_login && keysym == XK_Escape && u_cnt == 0) {
echo = 0;
rfbLog("unixpw_keystroke: echo off.\n");
return;
}
if (in_login) {
if (keysym == XK_BackSpace || keysym == XK_Delete) {
......@@ -1295,8 +1302,10 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
x = text_x();
y = text_y();
if (echo) {
rfbDrawString(pscreen, &default8x16Font, x, y,
str, white_pixel());
}
mark_rect_as_modified(x, y-char_h, x+char_w,
y, scaling);
char_col++;
......@@ -1340,7 +1349,9 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) {
if (db && db <= 2) fprintf(stderr, "u_cnt: %d %d/%d ks: 0x%x '%s'\n", u_cnt, x, y, keysym, keystr);
if (echo ) {
rfbDrawString(pscreen, &default8x16Font, x, y, keystr, white_pixel());
}
mark_rect_as_modified(x, y-char_h, x+char_w, y, scaling);
char_col++;
......
......@@ -2,7 +2,7 @@
.TH X11VNC "1" "May 2007" "x11vnc " "User Commands"
.SH NAME
x11vnc - allow VNC connections to real X11 displays
version: 0.9.1, lastmod: 2007-05-21
version: 0.9.2, lastmod: 2007-05-26
.SH SYNOPSIS
.B x11vnc
[OPTION]...
......@@ -718,31 +718,36 @@ to supply the correct password in 3 tries or does not
send one before a 25 second timeout. Existing clients
are view-only during this period.
.IP
If the first character received is "Escape" then the
unix username will not be displayed after "login:"
as it is typed. This could be of use for VNC viewers
that automatically type the username and password.
.IP
Since the detailed behavior of
.IR su (1)
can vary from
OS to OS and for local configurations, test the mode
carefully on your systems before using it in production.
Test different combinations of valid/invalid usernames
and valid/invalid passwords to see if it behaves as
expected. x11vnc will attempt to be conservative and
carefully. x11vnc will attempt to be conservative and
reject a login if anything abnormal occurs.
.IP
On FreeBSD and the other BSD's by default it is
impossible for the user running x11vnc to validate
his *own* password via
One case to note: FreeBSD and the other BSD's by
default it is impossible for the user running x11vnc to
validate his *own* password via
.IR su (1)
(evidently commenting out
(commenting out
the pam_self.so entry in /etc/pam.d/su eliminates this
problem). So the x11vnc login will always *fail* for
behavior). So the x11vnc login will always *FAIL* for
this case (even when the correct password is supplied).
.IP
A possible workaround for this would be to start
x11vnc as root with the "\fB-users\fR \fI+nobody\fR" option to
immediately switch to user nobody. Another source of
problems are PAM modules that prompt for extra info,
e.g. password aging modules. These logins will fail
as well even when the correct password is supplied.
A possible workaround for this on *BSD would be to
start x11vnc as root with the "\fB-users\fR \fI+nobody\fR" option
to immediately switch to user nobody where the su'ing
will proceed normally.
.IP
Another source of potential problems are PAM modules
that prompt for extra info, e.g. password aging modules.
These logins will fail as well even when the correct
password is supplied.
.IP
**IMPORTANT**: to prevent the Unix password being sent
in *clear text* over the network, one of two schemes
......@@ -1934,6 +1939,9 @@ env. vars. (see \fB-accept)\fR passed to external cmd=
commands, RFB_SSL_CLIENT_CERT will be set to the
client's x509 certificate string.
.IP
The sslpeer= mode can aid finding X sessions via the
FINDDISPLAY and FINDCREATEDISPLAY mechanisms.
.IP
To immediately switch to a user *before* connections
to the X display are made or any files opened use the
"=" character: "\fB-users\fR \fI=bob\fR". That user needs to
......
......@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */
char lastmod[] = "0.9.1 lastmod: 2007-05-21";
char lastmod[] = "0.9.2 lastmod: 2007-05-26";
/* X display info */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment