Commit 85303147 authored by runge's avatar runge

ssl: java viewer patches, onetimekey; x11vnc setsid/setpgrp and -cc 4 for -create

parent 3fcab6f1
EXTRA_DIST=VncViewer.jar index.vnc SignedVncViewer.jar proxy.vnc README ss_vncviewer
EXTRA_DIST=VncViewer.jar index.vnc SignedVncViewer.jar proxy.vnc README ss_vncviewer onetimekey
#!/bin/sh
#
# usage: onetimekey path/to/mycert.pem
#
# Takes an openssl cert+key pem file and turns into a long string
# for the x11vnc SSL VNC Java Viewer.
#
# The Java applet URL parameter can be oneTimeKey=<str> where str is
# the output of this program, or can be oneTimeKey=PROMPT in which
# case the applet will ask you to paste in the string.
#
# The problem trying to be solved here is it is difficult to get
# the Java applet to have or use a keystore with the key saved
# in it. Also, as the name implies, an HTTPS server can create
# a one time key to send to the applet (the user has already
# logged in via password to the HTTPS server).
in=$1
der=/tmp/1time$$.der
touch $der
chmod 600 $der
openssl pkcs8 -topk8 -nocrypt -in "$in" -out "$der" -outform der
pbinhex=/tmp/pbinhex.$$
cat > $pbinhex <<END
#!/usr/bin/perl
\$str = '';
while (1) {
\$c = getc(STDIN);
last if \$c eq '';
\$str .= sprintf("%02x", unpack("C", \$c));
}
print "\$str\n";
END
chmod 700 $pbinhex
str1=`$pbinhex < "$der"`
rm -f "$der"
n=`grep -n 'BEGIN CERTIFICATE' $in | awk -F: '{print $1}' | head -1`
str2=`tail +$n $in | $pbinhex`
echo "$str1,$str2"
rm -f $pbinhex
......@@ -218,6 +218,11 @@ do
shift
done
targ="-t"
if [ "X$SS_VNCVIEWER_NO_T" != "X" ]; then
targ=""
fi
if [ "X$gotalpha" = "X1" ]; then
VNCVIEWER_ALPHABLEND=1
export VNCVIEWER_ALPHABLEND
......@@ -438,8 +443,8 @@ if [ "X$use_ssh" = "X1" ]; then
proxport=`findfree 3500`
echo
echo "Running 1st ssh proxy:"
echo "$ssh -f -x -p $ssh_port1 -t -e none -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 \"sleep 30\""
$ssh -f -x -p $ssh_port1 -t -e none -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 "sleep 30"
echo "$ssh -f -x -p $ssh_port1 $targ -e none -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 \"sleep 30\""
$ssh -f -x -p $ssh_port1 $targ -e none -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 "sleep 30"
ssh_args="$ssh_args -o NoHostAuthenticationForLocalhost=yes"
sleep 1
stty sane
......@@ -475,18 +480,18 @@ if [ "X$use_ssh" = "X1" ]; then
pmark=`sh -c 'echo $$'`
# the -t option actually speeds up typing response via VNC!!
if [ "X$SS_VNCVIEWER_SSH_ONLY" != "X" ]; then
echo "$ssh -x -p $ssh_port -t $C $ssh_args $ssh_host \"$info\""
echo "$ssh -x -p $ssh_port $targ $C $ssh_args $ssh_host \"$info\""
echo ""
$ssh -x -p $ssh_port -t $C $ssh_args $ssh_host "$ssh_cmd"
$ssh -x -p $ssh_port $targ $C $ssh_args $ssh_host "$ssh_cmd"
exit $?
elif [ "X$SS_VNCVIEWER_NO_F" != "X" ]; then
echo "$ssh -x -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host \"$info\""
echo "$ssh -x -p $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host \"$info\""
echo ""
$ssh -x -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
$ssh -x -p $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
else
echo "$ssh -x -f -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host \"$info\""
echo "$ssh -x -f -p $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host \"$info\""
echo ""
$ssh -x -f -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
$ssh -x -f -p $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
fi
if [ "$?" != "0" ]; then
echo ""
......
2007-05-01 Karl Runge <runge@karlrunge.com>
* ssl: update to java viewer and utility scripts (add onetimekey).
* x11vnc: setsid() for -gone mode. setpgrp for -create script and
add -cc 4 to avoid DirectColor.
2007-04-28 Karl Runge <runge@karlrunge.com>
* x11vnc: -users sslpeer= option. RFB_SSL_CLIENT_CERT var.
X11VNC_FINDDISPLAY_ALWAYS_FAILS var. -ncache default 10.
......
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -595,6 +595,14 @@ int run_user_command(char *cmd, rfbClientPtr client, char *mode, char *input,
for (fd=3; fd<256; fd++) {
close(fd);
}
/* XXX test more */
if (!strcmp(mode, "gone")) {
#if LIBVNCSERVER_HAVE_SETSID
setsid();
#else
setpgrp();
#endif
}
execlp("/bin/sh", "/bin/sh", "-c", cmd, (char *) NULL);
exit(1);
}
......
......@@ -1069,7 +1069,7 @@ void print_help(int mode) {
" manpage for details.\n"
"\n"
" Examples:\n"
" x11vnc -ssl -sslverify ~/my.pem\n"
" x11vnc -ssl -sslverify ~/my.crt\n"
" x11vnc -ssl -sslverify ~/my_pem_dir/\n"
"\n"
" Note that if [path] is a directory, it must contain\n"
......
......@@ -1809,7 +1809,7 @@ if (db) fprintf(stderr, "iface: %s\n", iface);
if (vsock < 0) {
rfbLog("SSL: accept_openssl: connection from ssl_helper failed.\n");
rfbLog("SSL: accept_openssl: connection from ssl_helper FAILED.\n");
rfbLogPerror("accept");
kill(pid, SIGTERM);
......@@ -1829,6 +1829,9 @@ if (db) fprintf(stderr, "iface: %s\n", iface);
if (db) fprintf(stderr, "accept_openssl: vsock: %d\n", vsock);
n = read(vsock, rcookie, strlen(cookie));
if (n < 0 && errno != 0) {
rfbLogPerror("read");
}
if (certret) {
struct stat sbuf;
......@@ -1854,10 +1857,7 @@ if (db) fprintf(stderr, "iface: %s\n", iface);
}
if (n != (int) strlen(cookie) || strncmp(cookie, rcookie, n)) {
rfbLog("SSL: accept_openssl: cookie from ssl_helper failed. %d\n", n);
if (errno != 0) {
rfbLogPerror("read");
}
rfbLog("SSL: accept_openssl: cookie from ssl_helper FAILED. %d\n", n);
if (db) fprintf(stderr, "'%s'\n'%s'\n", cookie, rcookie);
close(vsock);
......@@ -2093,7 +2093,7 @@ if (db > 1) fprintf(stderr, "ssl_init: 4\n");
} else if (rc < 0) {
rfbLog("SSL: ssl_helper: SSL_accept() fatal: %d\n", rc);
rfbLog("SSL: ssl_helper: SSL_accept() *FATAL: %d\n", rc);
return 0;
} else if (dnow() > start + 3.0) {
......
......@@ -889,7 +889,12 @@ char create_display[] =
"\n"
"#CREATE_DISPLAY_OUTPUT=/tmp/cdo.txt\n"
"\n"
"CREATE_DISPLAY_OUTPUT=/tmp/cdo.$USER.txt\n"
"if echo \"$USER\" | egrep 'runge' > /dev/null ; then\n"
" CREATE_DISPLAY_OUTPUT=/tmp/cdo.$USER.txt\n"
" if [ -f $CREATE_DISPLAY_OUTPUT -a ! -w $CREATE_DISPLAY_OUTPUT ]; then\n"
" CREATE_DISPLAY_OUTPUT=$CREATE_DISPLAY_OUTPUT.$$\n"
" fi\n"
"fi\n"
"if [ \"X$CREATE_DISPLAY_OUTPUT\" != \"X\" ]; then\n"
" if [ \"X$CREATE_DISPLAY_EXEC\" = \"X\" ]; then\n"
" CREATE_DISPLAY_EXEC=1\n"
......@@ -902,6 +907,14 @@ char create_display[] =
" exit $?\n"
" fi\n"
"fi\n"
"if [ \"X$CREATE_DISPLAY_PERL_SETPGRP\" = \"X\" ]; then\n"
" CREATE_DISPLAY_PERL_SETPGRP=1\n"
" export CREATE_DISPLAY_PERL_SETPGRP\n"
" if type perl >/dev/null 2>&1; then\n"
" perl -e \"setpgrp(0,0); exec '/bin/sh $0 $*'\";\n"
" exit $?\n"
" fi\n"
"fi\n"
"\n"
"\n"
"if [ \"X$CREATE_DISPLAY_OUTPUT\" != \"X\" ]; then\n"
......@@ -1076,9 +1089,9 @@ char create_display[] =
" # we cannot use -nolisten tcp\n"
" echo \"$* -once -query localhost\" 1>&2\n"
" if [ \"X$have_root\" != \"X\" ]; then\n"
" nohup $* -once -query localhost 1>&2 &\n"
" $have_nohup $* -once -query localhost 1>&2 &\n"
" else\n"
" nohup sh -c \"(sleep $ns; $* -once -query localhost -auth $authfile)\" 1>&2 &\n"
" $have_nohup sh -c \"(sleep $ns; $* -once -query localhost -auth $authfile)\" 1>&2 &\n"
" ns=0\n"
" result=1\n"
" fi\n"
......@@ -1093,7 +1106,7 @@ char create_display[] =
" if [ \"X$have_root\" != \"X\" ]; then\n"
" $sxcmd $sess -- $* -nolisten tcp -auth $authfile 1>&2 &\n"
" else\n"
" nohup sh -c \"(sleep $ns; $sxcmd $sess -- $* -nolisten tcp -auth $authfile)\" 1>&2 &\n"
" $have_nohup sh -c \"(sleep $ns; $sxcmd $sess -- $* -nolisten tcp -auth $authfile)\" 1>&2 &\n"
" ns=0\n"
" result=1\n"
" fi\n"
......@@ -1101,15 +1114,15 @@ char create_display[] =
" else\n"
" echo \"$* -nolisten tcp -auth $authfile\" 1>&2\n"
" if [ \"X$have_root\" != \"X\" ]; then\n"
" nohup $* -nolisten tcp -auth $authfile 1>&2 &\n"
" $have_nohup $* -nolisten tcp -auth $authfile 1>&2 &\n"
" pid=$!\n"
" sleep 2\n"
" nohup $sess 1>&2 &\n"
" $have_nohup $sess 1>&2 &\n"
" else\n"
" nohup sh -c \"(sleep $ns; $* -nolisten tcp -auth $authfile)\" 1>&2 &\n"
" $have_nohup sh -c \"(sleep $ns; $* -nolisten tcp -auth $authfile)\" 1>&2 &\n"
" pid=$!\n"
" sleep 2\n"
" nohup sh -c \"(sleep $ns; $sess)\" 1>&2 &\n"
" $have_nohup sh -c \"(sleep $ns; $sess)\" 1>&2 &\n"
" ns=0\n"
" result=1\n"
" fi\n"
......@@ -1125,9 +1138,9 @@ char create_display[] =
" result=0\n"
" fi\n"
" if uname | grep SunOS > /dev/null; then\n"
" nohup sh -c \"(sleep 60; rm -f $rmf)\" 1>&2 &\n"
" $have_nohup sh -c \"(sleep 60; rm -f $rmf)\" 1>&2 &\n"
" else\n"
" nohup sh -c \"(sleep 60; rm -f $rmf $authfile)\" 1>&2 &\n"
" $have_nohup sh -c \"(sleep 60; rm -f $rmf $authfile)\" 1>&2 &\n"
" fi\n"
"}\n"
"\n"
......@@ -1171,24 +1184,22 @@ char create_display[] =
" return\n"
" fi\n"
"\n"
" #save_have_startx=$have_startx\n"
" #have_startx=\"\"\n"
" sarg=\"-screen\"\n"
" if uname | grep SunOS > /dev/null; then\n"
" if grep /usr/openwin/bin/Xsun $have_Xvfb > /dev/null; then\n"
" sarg=\"screen\"\n"
" if [ \"X$depth\" = \"X16\" ]; then\n"
" #depth=24\n"
" :\n"
" fi\n"
" fi\n"
" # remember to put server args after sarg ... to work on Solaris 9 and 10.\n"
" if [ $depth -ge 16 ]; then\n"
" server $have_Xvfb :$N $sarg 0 ${geom}x${depth} +kb -cc 4\n"
" else\n"
" server $have_Xvfb :$N $sarg 0 ${geom}x${depth} +kb\n"
" fi\n"
" server $have_Xvfb :$N +kb $sarg 0 ${geom}x${depth}\n"
" #have_startx=$save_have_startx\n"
"\n"
" if [ \"X$result\" = \"X1\" -a \"X$have_xmodmap\" != \"X\" ]; then\n"
" if [ \"X$have_root\" = \"X\" ]; then\n"
" nohup sh -c \"(\n"
" $have_nohup sh -c \"(\n"
" sleep 10;\n"
" $have_xmodmap -display :$N -e 'keycode any = Shift_R' \\\n"
" -e 'add Shift = Shift_L Shift_R' \\\n"
......@@ -1265,9 +1276,9 @@ char create_display[] =
" echo \"$tmp\"\n"
"}\n"
"\n"
"\n"
"depth=${depth:-16}\n"
"geom=${geom:-1280x1024}\n"
"\n"
"if [ \"X$X11VNC_CREATE_GEOM\" != \"X\" -a \"X$FD_GEOM\" = \"X\" ]; then\n"
" FD_GEOM=$X11VNC_CREATE_GEOM\n"
"fi\n"
......@@ -1284,6 +1295,20 @@ char create_display[] =
" fi\n"
"fi\n"
"\n"
"depth=`echo \"$depth\" | head -1`\n"
"geom=`echo \"$geom\" | head -1`\n"
"\n"
"if echo \"$depth\" | grep '^[0-9][0-9]*$' > /dev/null; then\n"
" :\n"
"else\n"
" depth=16\n"
"fi\n"
"if echo \"$geom\" | grep '^[0-9][0-9]*x[0-9][0-9]*$' > /dev/null; then\n"
" :\n"
"else\n"
" geom=1280x1024\n"
"fi\n"
"\n"
"if [ \"X$USER\" = \"X\" ]; then\n"
" USER=$LOGNAME\n"
"fi\n"
......@@ -1304,7 +1329,7 @@ char create_display[] =
" p_ok=1\n"
"fi\n"
"\n"
"for prog in startx xinit xdm gdm kdm xterm Xdummy Xvfb xauth mcookie md5sum xmodmap startkde gnome-session blackbox fvwm2 mwm openbox twm windowmaker metacity X Xorg XFree86 Xsun Xsession netstat\n"
"for prog in startx xinit xdm gdm kdm xterm Xdummy Xvfb xauth mcookie md5sum xmodmap startkde gnome-session blackbox fvwm2 mwm openbox twm windowmaker metacity X Xorg XFree86 Xsun Xsession netstat nohup\n"
"do\n"
" p2=`echo \"$prog\" | sed -e 's/-/_/g'`\n"
" eval \"have_$p2=''\"\n"
......@@ -1322,6 +1347,10 @@ char create_display[] =
" fi\n"
"done\n"
"\n"
"if [ \"X$have_nohup\" = \"X\" ]; then\n"
" have_nohup=\"nohup\"\n"
"fi\n"
"\n"
"N=`findfree`\n"
"\n"
"if [ \"X$N\" = \"X\" ]; then\n"
......
......@@ -1612,6 +1612,7 @@ if (0) db = 1;
}
sprintf(geom, "NONE");
xsess[0] = '\0';
geom[0] = '\0';
#if 0
if (!keep_unixpw_opts) {
fprintf(stderr, "no keep_unixpw_opts\n");
......@@ -1663,6 +1664,12 @@ if (!keep_unixpw_opts) {
}
free(t);
}
if (geom[0] == '\0' && getenv("FD_GEOM")) {
snprintf(geom, 30, "%s", getenv("FD_GEOM"));
}
if (xsess[0] == '\0' && getenv("FD_SESS")) {
snprintf(xsess, 30, "%s", getenv("FD_SESS"));
}
set_env("FD_GEOM", geom);
set_env("FD_SESS", xsess);
......@@ -1690,6 +1697,9 @@ if (!keep_unixpw_opts) {
if (db) fprintf(stderr, "create_cmd: %s\n", create_cmd);
}
if (getenv("X11VNC_SKIP_DISPLAY")) {
nd = strdup(getenv("X11VNC_SKIP_DISPLAY"));
}
if (unixpw && keep_unixpw_opts && keep_unixpw_opts[0] != '\0') {
char *q, *t = keep_unixpw_opts;
q = strstr(t, "nd=");
......
......@@ -2,7 +2,7 @@
.TH X11VNC "1" "April 2007" "x11vnc " "User Commands"
.SH NAME
x11vnc - allow VNC connections to real X11 displays
version: 0.9.1, lastmod: 2007-04-27
version: 0.9.1, lastmod: 2007-04-30
.SH SYNOPSIS
.B x11vnc
[OPTION]...
......@@ -1236,7 +1236,7 @@ below. These correspond to the "CApath = dir" and
manpage for details.
.IP
Examples:
x11vnc \fB-ssl\fR \fB-sslverify\fR ~/my.pem
x11vnc \fB-ssl\fR \fB-sslverify\fR ~/my.crt
x11vnc \fB-ssl\fR \fB-sslverify\fR ~/my_pem_dir/
.IP
Note that if [path] is a directory, it must contain
......
......@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */
char lastmod[] = "0.9.1 lastmod: 2007-04-27";
char lastmod[] = "0.9.1 lastmod: 2007-04-30";
/* X display info */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment