diff --git a/x11vnc/ChangeLog b/x11vnc/ChangeLog
index cb9e49a039bf97d7a94d2c20d0d0cb862032c488..fbc3b2ca4675ad44724712a6daf59e22d666313a 100644
--- a/x11vnc/ChangeLog
+++ b/x11vnc/ChangeLog
@@ -1,3 +1,11 @@
+2009-12-06 Karl Runge <runge@karlrunge.com>
+ * x11vnc: findauth/-auth guess works with FD_XDM=1 for root
+ finding dm's xauthority. Work around for GDM's recent
+ 'xhost SI:localuser:root' usage. X11VNC_REOPEN_SLEEP_MAX
+ for longer lived -reopen-ing. X11VNC_EXTRA_HTTPS_PARAMS for
+ additional URL parameters, X11VNC_HTTP_LISTEN_LOCALHOST=1 to
+ force libvncserver http to listen on localhost.
+
2009-12-04 Karl Runge <runge@karlrunge.com>
* classes/ssl: update binaries; new signing key; ss_vncviewer.
* x11vnc: add more wish possibilities for -gui. Declare crypt()
diff --git a/x11vnc/README b/x11vnc/README
index b041f1afe6e5d2408f281b9bf24158422a8cd613..7115695ff7ebf6ae2ed217d7de33589dffd0e302 100644
--- a/x11vnc/README
+++ b/x11vnc/README
@@ -2,7 +2,7 @@
Copyright (C) 2002-2009 Karl J. Runge <runge@karlrunge.com>
All rights reserved.
-x11vnc README file Date: Fri Dec 4 20:44:56 EST 2009
+x11vnc README file Date: Mon Dec 7 08:14:20 EST 2009
The following information is taken from these URLs:
@@ -932,7 +932,12 @@ make
applies heuristics that try to determine the XAUTHORITY file. The
use of '[130]-auth guess' will use the XAUTHORITY that -findauth
reveals. This can be handy in with the lastest GDM where the
- ability to store cookies in ~/.Xauthority has been removed.
+ ability to store cookies in ~/.Xauthority has been removed. If
+ x11vnc is running as root (e.g. inetd) and you add -env FD_XDM=1
+ to the above -findauth or -auth guess command lines, it will find
+ the correct XAUTHORITY for the given display (this works for
+ XDM/GDM/KDM if the login greeter panel is up or if someone has
+ already logged into an X session.)
* The FINDDISPLAY and FINDCREATEDISPLAY modes (i.e. "[131]-display
WAIT:cmd=...", [132]-find, [133]-create) now work correctly for
the user-supplied login program scheme "[134]-unixpw_cmd ...", as
@@ -12894,7 +12899,7 @@ x11vnc: a VNC server for real X displays
Here are all of x11vnc command line options:
% x11vnc -opts (see below for -help long descriptions)
-x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-04
+x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-06
x11vnc options:
-display disp -auth file -N
@@ -13021,7 +13026,7 @@ libvncserver-tight-extension options:
% x11vnc -help
-x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-04
+x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-06
(type "x11vnc -opts" to just list the options.)
@@ -13089,6 +13094,12 @@ Options:
mechanism (described below) to try to guess the
XAUTHORITY filename and use it.
+ XDM/GDM/KDM: if you are running x11vnc as root and want
+ to find the XAUTHORITY before anyone has logged into an
+ X session yet, use: x11vnc -env FD_XDM=1 -auth guess ...
+ (This will also find the XAUTHORITY if a user is already
+ logged into the X session.)
+
-N If the X display is :N, try to set the VNC display to
also be :N This just sets the -rfbport option to 5900+N
The program will exit immediately if that port is not
@@ -13110,7 +13121,10 @@ Options:
for display managers like GDM (KillInitClients option)
that kill x11vnc just after the user logs into the
X session. Note: the reopened state may be unstable.
- Set X11VNC_REOPEN_DISPLAY=n to reopen n times.
+ Set X11VNC_REOPEN_DISPLAY=n to reopen n times and
+ set X11VNC_REOPEN_SLEEP_MAX to the number of seconds,
+ default 10, to keep trying to reopen the display (once
+ per second.)
Update: as of 0.9.9, x11vnc tries to automatically avoid
being killed by the display manager by delaying creating
@@ -14018,17 +14032,23 @@ Options:
(i.e. all the X displays on the local machine that you
have access rights to).
--findauth [disp] Apply the -find/-finddpy heuristics to try to guess the
- XAUTHORITY file for DISPLAY 'disp'. If 'disp' is not
- supplied, then the value in the -display earlier in
+-findauth [disp] Apply the -find/-finddpy heuristics to try to guess
+ the XAUTHORITY file for DISPLAY 'disp'. If 'disp'
+ is not supplied, then the value in the -display on
the cmdline is used; failing that $DISPLAY is used;
and failing that ":0" is used.
If nothing is printed out, that means no XAUTHORITY was
- found for 'disp'. If "XAUTHORITY=" is printed out,
- that means use the default (i.e. do not set XAUTHORITY).
- If "XAUTHORITY=/path/to/file" is printed out, then
- use that file.
+ found for 'disp'; i.e. failure. If "XAUTHORITY="
+ is printed out, that means use the default (i.e. do
+ not set XAUTHORITY). If "XAUTHORITY=/path/to/file"
+ is printed out, then use that file.
+
+ XDM/GDM/KDM: if you are running x11vnc as root and want
+ to find the XAUTHORITY before anyone has logged into an
+ X session yet, use: x11vnc -env FD_XDM=1 -findauth ...
+ (This will also find the XAUTHORITY if a user is already
+ logged into the X session.)
-create First try to find the user's display using FINDDISPLAY,
if that doesn't succeed create an X session via the
@@ -14270,6 +14290,12 @@ Options:
for how to disable this for dtgreet on Solaris and
possibly for other greeters.
+ In -find/cmd=FINDDISPLAY mode, if you set FD_XDM=1,
+ e.g. 'x11vnc -env FD_XDM=1 -find ...' and x11vnc is
+ running as root (e.g. inetd) then it will try to find
+ the XAUTHORITY file of a running XDM/GDM/KDM login
+ greeter (i.e. no user has logged into an X session yet.)
+
As another special case, WAIT:cmd=HTTPONCE will allow
x11vnc to service one http request and then exit.
This is usually done in -inetd mode to run on, say,
@@ -15269,7 +15295,21 @@ Options:
to include the PORT= in the browser URL, simply supply
"-httpsredir" to x11vnc.
- This options does not work in -stunnel mode.
+ This option does not work in -stunnel mode.
+
+ More tricks: set the env var X11VNC_EXTRA_HTTPS_PARAMS
+ to be extra URL parameters to use. This way you do
+ not need to specify extra PARAMS in the index.vnc file.
+ E.g. x11vnc -env X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' ...
+
+ If you do not want to expose the non-SSL HTTP port to
+ the network (i.e. you just want the single VNC/HTTPS
+ port, e.g. 5900, open for connections) then specify the
+ option -env X11VNC_HTTP_LISTEN_LOCALHOST=1 This way
+ the connection to the libvncserver httpd server will
+ only be available on localhost (note that in -ssl mode,
+ HTTPS requests are redirected from SSL to the non-SSL
+ libvncserver HTTP server.)
-http_oneport For UN-encrypted connections mode (i.e. no -ssl,
-stunnel, or -enc options), allow the Java VNC Viewer
@@ -15301,6 +15341,10 @@ Options:
mode when using an SSH tunnel as well as for router
port redirections.
+ Note that the -env X11VNC_HTTP_LISTEN_LOCALHOST=1
+ option described above under -httpsredir applies for
+ the libvncserver httpd server in all cases (ssl or not.)
+
-ssh user@host:disp Create a remote listening port on machine "host"
via a SSH tunnel using the -R rport:localhost:lport
method. lport will be the local x11vnc listening port,
@@ -16135,6 +16179,12 @@ t
-buttonmap currently does not work on MacOSX console
or in -rawfb mode.
+ Workaround: use -buttonmap IJ...-LM...=n to limit the
+ number of mouse buttons to n, e.g. 123-123=3. This will
+ prevent x11vnc from crashing if the X server reports
+ there are 5 buttons (4/5 scroll wheel), but there are
+ only really 3.
+
-nodragging Do not update the display during mouse dragging events
(mouse button held down). Greatly improves response on
slow setups, but you lose all visual feedback for drags,
diff --git a/x11vnc/cleanup.c b/x11vnc/cleanup.c
index 5d2339d9d09d20edf7421498a5221395ffcd3086..834c567f8bbabf66630ee69631056ccdc6b811bb 100644
--- a/x11vnc/cleanup.c
+++ b/x11vnc/cleanup.c
@@ -325,13 +325,23 @@ static int XIOerr(Display *d) {
#if !NO_X11
if (reopen < rmax && getenv("X11VNC_REOPEN_DISPLAY")) {
int db = getenv("X11VNC_REOPEN_DEBUG") ? 1 : 0;
+ int sleepmax = 10, i;
Display *save_dpy = dpy;
- char *dstr = DisplayString(save_dpy);
+ char *dstr = strdup(DisplayString(save_dpy));
reopen++;
+ if (getenv("X11VNC_REOPEN_SLEEP_MAX")) {
+ sleepmax = atoi(getenv("X11VNC_REOPEN_SLEEP_MAX"));
+ }
rfbLog("*** XIO error: Trying to reopen[%d/%d] display '%s'\n", reopen, rmax, dstr);
rfbLog("*** XIO error: Note the reopened state may be unstable.\n");
- usleep (3000 * 1000);
- dpy = XOpenDisplay_wr(dstr);
+ for (i=0; i < sleepmax; i++) {
+ usleep (1000 * 1000);
+ dpy = XOpenDisplay_wr(dstr);
+ rfbLog("dpy[%d/%d]: %p\n", i+1, sleepmax, dpy);
+ if (dpy) {
+ break;
+ }
+ }
last_open_xdisplay = time(NULL);
if (dpy) {
rfbLog("*** XIO error: Reopened display '%s' successfully.\n", dstr);
@@ -353,6 +363,7 @@ static int XIOerr(Display *d) {
do_new_fb(1);
if (db) rfbLog("*** XIO error: check_xevents\n");
check_xevents(1);
+
/* sadly, we can never return... */
if (db) rfbLog("*** XIO error: watch_loop\n");
watch_loop();
diff --git a/x11vnc/help.c b/x11vnc/help.c
index 279c9642eab2b805c5411e81e667cdac9667fc1e..03c91713d7433bc0f71ba93d1698ad52aebc6498 100644
--- a/x11vnc/help.c
+++ b/x11vnc/help.c
@@ -118,6 +118,12 @@ void print_help(int mode) {
" mechanism (described below) to try to guess the\n"
" XAUTHORITY filename and use it.\n"
"\n"
+" XDM/GDM/KDM: if you are running x11vnc as root and want\n"
+" to find the XAUTHORITY before anyone has logged into an\n"
+" X session yet, use: x11vnc -env FD_XDM=1 -auth guess ...\n"
+" (This will also find the XAUTHORITY if a user is already\n"
+" logged into the X session.)\n"
+"\n"
"-N If the X display is :N, try to set the VNC display to\n"
" also be :N This just sets the -rfbport option to 5900+N\n"
" The program will exit immediately if that port is not\n"
@@ -139,7 +145,10 @@ void print_help(int mode) {
" for display managers like GDM (KillInitClients option)\n"
" that kill x11vnc just after the user logs into the\n"
" X session. Note: the reopened state may be unstable.\n"
-" Set X11VNC_REOPEN_DISPLAY=n to reopen n times.\n"
+" Set X11VNC_REOPEN_DISPLAY=n to reopen n times and\n"
+" set X11VNC_REOPEN_SLEEP_MAX to the number of seconds,\n"
+" default 10, to keep trying to reopen the display (once\n"
+" per second.)\n"
"\n"
" Update: as of 0.9.9, x11vnc tries to automatically avoid\n"
" being killed by the display manager by delaying creating\n"
@@ -1064,17 +1073,23 @@ void print_help(int mode) {
" (i.e. all the X displays on the local machine that you\n"
" have access rights to).\n"
"\n"
-"-findauth [disp] Apply the -find/-finddpy heuristics to try to guess the\n"
-" XAUTHORITY file for DISPLAY 'disp'. If 'disp' is not\n"
-" supplied, then the value in the -display earlier in\n"
+"-findauth [disp] Apply the -find/-finddpy heuristics to try to guess\n"
+" the XAUTHORITY file for DISPLAY 'disp'. If 'disp'\n"
+" is not supplied, then the value in the -display on\n"
" the cmdline is used; failing that $DISPLAY is used;\n"
" and failing that \":0\" is used.\n"
"\n"
" If nothing is printed out, that means no XAUTHORITY was\n"
-" found for 'disp'. If \"XAUTHORITY=\" is printed out,\n"
-" that means use the default (i.e. do not set XAUTHORITY).\n"
-" If \"XAUTHORITY=/path/to/file\" is printed out, then\n"
-" use that file.\n"
+" found for 'disp'; i.e. failure. If \"XAUTHORITY=\"\n"
+" is printed out, that means use the default (i.e. do\n"
+" not set XAUTHORITY). If \"XAUTHORITY=/path/to/file\"\n"
+" is printed out, then use that file.\n"
+"\n"
+" XDM/GDM/KDM: if you are running x11vnc as root and want\n"
+" to find the XAUTHORITY before anyone has logged into an\n"
+" X session yet, use: x11vnc -env FD_XDM=1 -findauth ...\n"
+" (This will also find the XAUTHORITY if a user is already\n"
+" logged into the X session.)\n"
"\n"
"-create First try to find the user's display using FINDDISPLAY,\n"
" if that doesn't succeed create an X session via the\n"
@@ -1316,6 +1331,12 @@ void print_help(int mode) {
" for how to disable this for dtgreet on Solaris and\n"
" possibly for other greeters.\n"
"\n"
+" In -find/cmd=FINDDISPLAY mode, if you set FD_XDM=1,\n"
+" e.g. 'x11vnc -env FD_XDM=1 -find ...' and x11vnc is\n"
+" running as root (e.g. inetd) then it will try to find\n"
+" the XAUTHORITY file of a running XDM/GDM/KDM login\n"
+" greeter (i.e. no user has logged into an X session yet.)\n"
+"\n"
" As another special case, WAIT:cmd=HTTPONCE will allow\n"
" x11vnc to service one http request and then exit.\n"
" This is usually done in -inetd mode to run on, say,\n"
@@ -2315,7 +2336,21 @@ void print_help(int mode) {
" to include the PORT= in the browser URL, simply supply\n"
" \"-httpsredir\" to x11vnc.\n"
"\n"
-" This options does not work in -stunnel mode.\n"
+" This option does not work in -stunnel mode.\n"
+"\n"
+" More tricks: set the env var X11VNC_EXTRA_HTTPS_PARAMS\n"
+" to be extra URL parameters to use. This way you do\n"
+" not need to specify extra PARAMS in the index.vnc file.\n"
+" E.g. x11vnc -env X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' ...\n"
+"\n"
+" If you do not want to expose the non-SSL HTTP port to\n"
+" the network (i.e. you just want the single VNC/HTTPS\n"
+" port, e.g. 5900, open for connections) then specify the\n"
+" option -env X11VNC_HTTP_LISTEN_LOCALHOST=1 This way\n"
+" the connection to the libvncserver httpd server will\n"
+" only be available on localhost (note that in -ssl mode,\n"
+" HTTPS requests are redirected from SSL to the non-SSL\n"
+" libvncserver HTTP server.)\n"
"\n"
"-http_oneport For UN-encrypted connections mode (i.e. no -ssl,\n"
" -stunnel, or -enc options), allow the Java VNC Viewer\n"
@@ -2347,6 +2382,10 @@ void print_help(int mode) {
" mode when using an SSH tunnel as well as for router\n"
" port redirections.\n"
"\n"
+" Note that the -env X11VNC_HTTP_LISTEN_LOCALHOST=1\n"
+" option described above under -httpsredir applies for\n"
+" the libvncserver httpd server in all cases (ssl or not.)\n"
+"\n"
"-ssh user@host:disp Create a remote listening port on machine \"host\"\n"
" via a SSH tunnel using the -R rport:localhost:lport\n"
" method. lport will be the local x11vnc listening port,\n"
@@ -3179,6 +3218,12 @@ void print_help(int mode) {
" -buttonmap currently does not work on MacOSX console\n"
" or in -rawfb mode.\n"
"\n"
+" Workaround: use -buttonmap IJ...-LM...=n to limit the\n"
+" number of mouse buttons to n, e.g. 123-123=3. This will\n"
+" prevent x11vnc from crashing if the X server reports\n"
+" there are 5 buttons (4/5 scroll wheel), but there are\n"
+" only really 3.\n"
+"\n"
"-nodragging Do not update the display during mouse dragging events\n"
" (mouse button held down). Greatly improves response on\n"
" slow setups, but you lose all visual feedback for drags,\n"
diff --git a/x11vnc/remote.c b/x11vnc/remote.c
index 356aa81459de8f48e06bf416641c3184692d4c07..71abec85ed95f3b9ce349398522e23fb2ee6dd4b 100644
--- a/x11vnc/remote.c
+++ b/x11vnc/remote.c
@@ -469,6 +469,20 @@ int check_httpdir(void) {
}
}
+static void rfb_http_init_sockets(void) {
+ in_addr_t iface;
+ if (!screen) {
+ return;
+ }
+ iface = screen->listenInterface;
+ if (getenv("X11VNC_HTTP_LISTEN_LOCALHOST")) {
+ rfbLog("http_connections: HTTP listen on localhost only. (not HTTPS)\n");
+ screen->listenInterface = htonl(INADDR_LOOPBACK);
+ }
+ rfbHttpInitSockets(screen);
+ screen->listenInterface = iface;
+}
+
void http_connections(int on) {
if (!screen) {
return;
@@ -492,7 +506,7 @@ void http_connections(int on) {
screen->httpInitDone = FALSE;
if (check_httpdir()) {
screen->httpDir = http_dir;
- rfbHttpInitSockets(screen);
+ rfb_http_init_sockets();
if (screen->httpPort != 0 && screen->httpListenSock < 0) {
rfbLog("http_connections: failed to listen on http port: %d\n", screen->httpPort);
clean_up_exit(1);
@@ -526,7 +540,7 @@ static void reset_httpport(int old, int new) {
}
rfbLog("reset_httpport: setting httpport %d -> %d.\n",
old == -1 ? hp : old, hp);
- rfbHttpInitSockets(screen);
+ rfb_http_init_sockets();
if (screen->httpPort != 0 && screen->httpListenSock < 0) {
rfbLog("reset_httpport: failed to listen on http port: %d\n", screen->httpPort);
}
diff --git a/x11vnc/screen.c b/x11vnc/screen.c
index b34a941314fc3a9b0c4ff4fc5b421349e6b41690..f1f4cedf54f1cd0d23d7fc1eea649d536533d668 100644
--- a/x11vnc/screen.c
+++ b/x11vnc/screen.c
@@ -3681,20 +3681,27 @@ static void announce_http(int lport, int ssl, char *iface, char *extra) {
char *host = this_host();
char *jvu;
+ int http = 0;
if (enc_str && !strcmp(enc_str, "none") && !use_stunnel) {
jvu = "Java viewer URL: http";
+ http = 1;
} else if (ssl == 1) {
jvu = "Java SSL viewer URL: https";
} else if (ssl == 2) {
jvu = "Java SSL viewer URL: http";
+ http = 1;
} else {
jvu = "Java viewer URL: http";
+ http = 1;
}
if (iface != NULL && *iface != '\0' && strcmp(iface, "any")) {
host = iface;
}
+ if (http && getenv("X11VNC_HTTP_LISTEN_LOCALHOST")) {
+ host = "localhost";
+ }
if (host != NULL) {
if (! inetd) {
fprintf(stderr, "%s://%s:%d/%s\n", jvu, host, lport, extra);
@@ -3763,7 +3770,8 @@ void do_mention_java_urls(void) {
rfbLog("Where you replace \"host:port\" with that printed below, or\n");
rfbLog("whatever is needed to reach the host e.g. Internet IP number\n");
rfbLog("\n");
- rfbLog("Append ?GET=1 to a URL for faster loading.\n");
+ rfbLog("Append ?GET=1 to a URL for faster loading or supply:\n");
+ rfbLog("-env X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' to cmdline.\n");
}
}
rfbLog("\n");
diff --git a/x11vnc/sslhelper.c b/x11vnc/sslhelper.c
index 12f581974485e2b48092fc78f347a7f5439b8802..b36c7fdee4d881474231998e57fb02d816545346 100644
--- a/x11vnc/sslhelper.c
+++ b/x11vnc/sslhelper.c
@@ -3626,8 +3626,26 @@ void accept_openssl(int mode, int presock) {
* the rest of the SSL session to it:
*/
if (n > 0) {
- if (db) fprintf(stderr, "sending http buffer httpsock: %d\n'%s'\n", httpsock, buf);
- write(httpsock, buf, n);
+ char *s = getenv("X11VNC_EXTRA_HTTPS_PARAMS");
+ int did_extra = 0;
+
+ if (db) fprintf(stderr, "sending http buffer httpsock: %d n=%d\n'%s'\n", httpsock, n, buf);
+ if (s != NULL) {
+ char *q = strstr(buf, " HTTP/");
+ if (q) {
+ int m;
+ *q = '\0';
+ m = strlen(buf);
+ write(httpsock, buf, m);
+ write(httpsock, s, strlen(s));
+ *q = ' ';
+ write(httpsock, q, n-m);
+ did_extra = 1;
+ }
+ }
+ if (!did_extra) {
+ write(httpsock, buf, n);
+ }
}
ssl_xfer(httpsock, s_in, s_out, is_http);
rfbLog("SSL: ssl_helper[%d]: exit case 6 (https ssl_xfer done)\n", getpid());
diff --git a/x11vnc/ssltools.h b/x11vnc/ssltools.h
index a454772e9814fed2f92b3cce5d06bafd7ff066a8..e6f82c3b432184c7d2b0ba80586df531ba93e279 100644
--- a/x11vnc/ssltools.h
+++ b/x11vnc/ssltools.h
@@ -1017,6 +1017,14 @@ char find_display[] =
" fi\n"
"}\n"
"\n"
+"am_root=\"\"\n"
+"if id | sed -e 's/ gid.*$//' | grep -w root > /dev/null; then\n"
+" am_root=1\n"
+"fi\n"
+"am_gdm=\"\"\n"
+"if id | sed -e 's/ gid.*$//' | grep -w gdm > /dev/null; then\n"
+" am_gdm=1\n"
+"fi\n"
"\n"
"# this mode is to try to grab a display manager (gdm, kdm, xdm...) display\n"
"# when we are run as root (e.g. no one is logged in yet). We look at the\n"
@@ -1037,42 +1045,72 @@ char find_display[] =
" #\n"
" env XAUTHORITY=\"$xa\" xdpyinfo -display \"$da\" >/dev/null 2>&1\n"
" if [ $? = 0 ]; then\n"
-" env XAUTHORITY=/dev/null xdpyinfo -display \"$da\" >/dev/null 2>&1\n"
-" if [ $? != 0 ]; then\n"
-" y=`prdpy $da`\n"
-" echo \"DISPLAY=$y\"\n"
-" if [ \"X$showxauth\" != \"X\" ]; then\n"
-" # copy the cookie:\n"
-" cook=`xauth -f \"$xa\" list | head -n 1 | awk '{print $NF}'`\n"
-" xtf=$HOME/.xat.$$\n"
-" xtf=`mytmp \"$xtf\"`\n"
-" if [ ! -f $xtf ]; then\n"
-" xtf=/tmp/.xat.$$\n"
-" xtf=`mytmp \"$xtf\"`\n"
+" si_root=\"\"\n"
+" si_gdm=\"\"\n"
+" # recent gdm seems to use SI:localuser: for xauth.\n"
+" if env DISPLAY=\"$da\" xhost 2>/dev/null | grep -i '^SI:localuser:root$' > /dev/null; then\n"
+" si_root=1\n"
+" fi\n"
+" if env DISPLAY=\"$da\" xhost 2>/dev/null | grep -i '^SI:localuser:gdm$' > /dev/null; then\n"
+" si_gdm=1\n"
+" fi\n"
+" env XAUTHORITY=/dev/null xdpyinfo -display \"$da\" >/dev/null 2>&1\n"
+" rc=$?\n"
+" if [ \"X$rc\" = \"X0\" ]; then\n"
+" # assume it is ok for server interpreted case.\n"
+" if [ \"X$am_root\" = \"X1\" -a \"X$si_root\" = \"X1\" ]; then\n"
+" rc=5\n"
+" elif [ \"X$am_gdm\" = \"X1\" -a \"X$si_gdm\" = \"X1\" ]; then\n"
+" rc=6\n"
" fi\n"
-" if [ ! -f $xtf ]; then\n"
-" xtf=/tmp/.xatb.$$\n"
-" rm -f $xtf\n"
-" if [ -f $xtf ]; then\n"
-" exit 1\n"
+" fi\n"
+" if [ $rc != 0 ]; then\n"
+" y=`prdpy $da`\n"
+" if [ \"X$FIND_DISPLAY_NO_SHOW_DISPLAY\" = \"X\" ]; then\n"
+" echo \"DISPLAY=$y\"\n"
+" fi\n"
+" if [ \"X$FIND_DISPLAY_XAUTHORITY_PATH\" != \"X\" ]; then\n"
+" # caller wants XAUTHORITY printed out too.\n"
+" if [ \"X$xa\" != \"X\" -a -f \"$xa\" ]; then\n"
+" echo \"XAUTHORITY=$xa\"\n"
+" else\n"
+" echo \"XAUTHORITY=$XAUTHORITY\"\n"
+" fi\n"
+" fi\n"
+" if [ \"X$showxauth\" != \"X\" ]; then\n"
+" # copy the cookie:\n"
+" cook=`xauth -f \"$xa\" list | head -n 1 | awk '{print $NF}'`\n"
+" xtf=$HOME/.xat.$$\n"
+" xtf=`mytmp \"$xtf\"`\n"
+" if [ ! -f $xtf ]; then\n"
+" xtf=/tmp/.xat.$$\n"
+" xtf=`mytmp \"$xtf\"`\n"
" fi\n"
-" touch $xtf 2>/dev/null\n"
-" chmod 600 $xtf 2>/dev/null\n"
" if [ ! -f $xtf ]; then\n"
-" exit 1\n"
+" xtf=/tmp/.xatb.$$\n"
+" rm -f $xtf\n"
+" if [ -f $xtf ]; then\n"
+" exit 1\n"
+" fi\n"
+" touch $xtf 2>/dev/null\n"
+" chmod 600 $xtf 2>/dev/null\n"
+" if [ ! -f $xtf ]; then\n"
+" exit 1\n"
+" fi\n"
" fi\n"
+" xauth -f $xtf add \"$da\" . $cook\n"
+" xauth -f $xtf extract - \"$da\" 2>/dev/null\n"
+" rm -f $xtf\n"
" fi\n"
-" xauth -f $xtf add \"$da\" . $cook\n"
-" xauth -f $xtf extract - \"$da\" 2>/dev/null\n"
-" rm -f $xtf\n"
+" # DONE\n"
+" exit 0\n"
" fi\n"
-" # DONE\n"
-" exit 0\n"
-" fi\n"
" fi\n"
" fi\n"
" done\n"
-" echo \"\" # failure\n"
+" if [ \"X$FIND_DISPLAY_XAUTHORITY_PATH\" = \"X\" ]; then\n"
+" echo \"\" # failure\n"
+" fi\n"
" if [ \"X$showxauth\" != \"X\" ]; then\n"
" echo \"\"\n"
" fi\n"
@@ -1106,7 +1144,7 @@ char find_display[] =
" for xa in /tmp/.gdm* /tmp/.Xauth* /var/run/gdm/auth-for-*/database /var/run/gdm/auth-cookie-*-for-*\n"
" do\n"
" # try to be somewhat careful about the real owner of the file:\n"
-" if id | sed -e 's/ gid.*$//' | grep -w root > /dev/null; then\n"
+" if [ \"X$am_root\" = \"X1\" ]; then\n"
" break\n"
" fi\n"
" if [ -f $xa -a -r $xa ]; then\n"
diff --git a/x11vnc/x11vnc.1 b/x11vnc/x11vnc.1
index b51ce0c6e1428e92c6ed4524aa48f8e2129412ca..174480f9c043a867be1abcff1e84a6eae5d04c7c 100644
--- a/x11vnc/x11vnc.1
+++ b/x11vnc/x11vnc.1
@@ -2,7 +2,7 @@
.TH X11VNC "1" "December 2009" "x11vnc " "User Commands"
.SH NAME
x11vnc - allow VNC connections to real X11 displays
- version: 0.9.9, lastmod: 2009-12-04
+ version: 0.9.9, lastmod: 2009-12-06
.SH SYNOPSIS
.B x11vnc
[OPTION]...
@@ -80,6 +80,12 @@ man pages for more info.
Use '-auth guess' to have x11vnc use its \fB-findauth\fR
mechanism (described below) to try to guess the
XAUTHORITY filename and use it.
+.IP
+XDM/GDM/KDM: if you are running x11vnc as root and want
+to find the XAUTHORITY before anyone has logged into an
+X session yet, use: x11vnc \fB-env\fR FD_XDM=1 \fB-auth\fR guess ...
+(This will also find the XAUTHORITY if a user is already
+logged into the X session.)
.PP
\fB-N\fR
.IP
@@ -110,7 +116,10 @@ reopen the X display (up to one time.) This is of use
for display managers like GDM (KillInitClients option)
that kill x11vnc just after the user logs into the
X session. Note: the reopened state may be unstable.
-Set X11VNC_REOPEN_DISPLAY=n to reopen n times.
+Set X11VNC_REOPEN_DISPLAY=n to reopen n times and
+set X11VNC_REOPEN_SLEEP_MAX to the number of seconds,
+default 10, to keep trying to reopen the display (once
+per second.)
.IP
Update: as of 0.9.9, x11vnc tries to automatically avoid
being killed by the display manager by delaying creating
@@ -1184,17 +1193,23 @@ have access rights to).
.PP
\fB-findauth\fR \fI[disp]\fR
.IP
-Apply the \fB-find/-finddpy\fR heuristics to try to guess the
-XAUTHORITY file for DISPLAY 'disp'. If 'disp' is not
-supplied, then the value in the \fB-display\fR earlier in
+Apply the \fB-find/-finddpy\fR heuristics to try to guess
+the XAUTHORITY file for DISPLAY 'disp'. If 'disp'
+is not supplied, then the value in the \fB-display\fR on
the cmdline is used; failing that $DISPLAY is used;
and failing that ":0" is used.
.IP
If nothing is printed out, that means no XAUTHORITY was
-found for 'disp'. If "XAUTHORITY=" is printed out,
-that means use the default (i.e. do not set XAUTHORITY).
-If "XAUTHORITY=/path/to/file" is printed out, then
-use that file.
+found for 'disp'; i.e. failure. If "XAUTHORITY="
+is printed out, that means use the default (i.e. do
+not set XAUTHORITY). If "XAUTHORITY=/path/to/file"
+is printed out, then use that file.
+.IP
+XDM/GDM/KDM: if you are running x11vnc as root and want
+to find the XAUTHORITY before anyone has logged into an
+X session yet, use: x11vnc \fB-env\fR FD_XDM=1 \fB-findauth\fR ...
+(This will also find the XAUTHORITY if a user is already
+logged into the X session.)
.PP
\fB-create\fR
.IP
@@ -1471,6 +1486,12 @@ www.karlrunge.com/x11vnc/faq.html#faq-display-manager
for how to disable this for dtgreet on Solaris and
possibly for other greeters.
.IP
+In \fB-find/cmd=FINDDISPLAY\fR mode, if you set FD_XDM=1,
+e.g. 'x11vnc \fB-env\fR FD_XDM=1 \fB-find\fR ...' and x11vnc is
+running as root (e.g. inetd) then it will try to find
+the XAUTHORITY file of a running XDM/GDM/KDM login
+greeter (i.e. no user has logged into an X session yet.)
+.IP
As another special case, WAIT:cmd=HTTPONCE will allow
x11vnc to service one http request and then exit.
This is usually done in \fB-inetd\fR mode to run on, say,
@@ -2540,7 +2561,21 @@ https://mygateway.com:8000/?PORT=8000. To avoid having
to include the PORT= in the browser URL, simply supply
"\fB-httpsredir\fR" to x11vnc.
.IP
-This options does not work in \fB-stunnel\fR mode.
+This option does not work in \fB-stunnel\fR mode.
+.IP
+More tricks: set the env var X11VNC_EXTRA_HTTPS_PARAMS
+to be extra URL parameters to use. This way you do
+not need to specify extra PARAMS in the index.vnc file.
+E.g. x11vnc \fB-env\fR X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' ...
+.IP
+If you do not want to expose the non-SSL HTTP port to
+the network (i.e. you just want the single VNC/HTTPS
+port, e.g. 5900, open for connections) then specify the
+option \fB-env\fR X11VNC_HTTP_LISTEN_LOCALHOST=1 This way
+the connection to the libvncserver httpd server will
+only be available on localhost (note that in \fB-ssl\fR mode,
+HTTPS requests are redirected from SSL to the non-SSL
+libvncserver HTTP server.)
.PP
\fB-http_oneport\fR
.IP
@@ -2573,6 +2608,10 @@ it means only one port needs to be redirected.
The \fB-httpsredir\fR option may also be useful for this
mode when using an SSH tunnel as well as for router
port redirections.
+.IP
+Note that the \fB-env\fR X11VNC_HTTP_LISTEN_LOCALHOST=1
+option described above under \fB-httpsredir\fR applies for
+the libvncserver httpd server in all cases (ssl or not.)
.PP
\fB-ssh\fR \fIuser@host:disp\fR
.IP
@@ -3605,6 +3644,12 @@ To include button events use "Button1", ... etc.
.IP
\fB-buttonmap\fR currently does not work on MacOSX console
or in \fB-rawfb\fR mode.
+.IP
+Workaround: use \fB-buttonmap\fR IJ...-LM...=n to limit the
+number of mouse buttons to n, e.g. 123-123=3. This will
+prevent x11vnc from crashing if the X server reports
+there are 5 buttons (4/5 scroll wheel), but there are
+only really 3.
.PP
\fB-nodragging\fR
.IP
diff --git a/x11vnc/x11vnc.c b/x11vnc/x11vnc.c
index e13e2289e25933c8e739a37edd6376eb2c77dd48..b5e27b46090a8303dd0ddccdcbff3da20a7a6bee 100644
--- a/x11vnc/x11vnc.c
+++ b/x11vnc/x11vnc.c
@@ -2013,6 +2013,7 @@ int main(int argc, char* argv[]) {
int got_tls = 0;
int got_inetd = 0;
int got_noxrandr = 0;
+ int got_findauth = 0;
/* used to pass args we do not know about to rfbGetScreen(): */
int argc_vnc_max = 1024;
@@ -2180,24 +2181,14 @@ int main(int argc, char* argv[]) {
continue;
}
if (!strcmp(arg, "-findauth")) {
- int ic = 0;
- if (use_dpy != NULL) {
- set_env("DISPLAY", use_dpy);
- }
- use_dpy = strdup("WAIT:cmd=FINDDISPLAY-run");
+ got_findauth = 1;
if (argc > i+1) {
- set_env("X11VNC_SKIP_DISPLAY", argv[i+1]);
- } else if (getenv("DISPLAY")) {
- set_env("X11VNC_SKIP_DISPLAY", getenv("DISPLAY"));
- } else {
- set_env("X11VNC_SKIP_DISPLAY", ":0");
+ char *s = argv[i+1];
+ if (s[0] != '-') {
+ set_env("FINDAUTH_DISPLAY", argv[i+1]);
+ i++;
+ }
}
- set_env("X11VNC_SKIP_DISPLAY_NEGATE", "1");
- set_env("FIND_DISPLAY_XAUTHORITY_PATH", "1");
- set_env("FIND_DISPLAY_NO_SHOW_XAUTH", "1");
- set_env("FIND_DISPLAY_NO_SHOW_DISPLAY", "1");
- wait_for_client(&ic, NULL, 0);
- exit(0);
continue;
}
if (!strcmp(arg, "-create")) {
@@ -4030,6 +4021,33 @@ int main(int argc, char* argv[]) {
set_env("PATH", "/bin:/usr/bin");
}
+ /* handle -findauth case now that cmdline has been read */
+ if (got_findauth) {
+ char *s;
+ int ic = 0;
+ if (use_dpy != NULL) {
+ set_env("DISPLAY", use_dpy);
+ }
+ use_dpy = strdup("WAIT:cmd=FINDDISPLAY-run");
+
+ s = getenv("FINDAUTH_DISPLAY");
+ if (s && strcmp("", s)) {
+ set_env("DISPLAY", s);
+ }
+ s = getenv("DISPLAY");
+ if (s && strcmp("", s)) {
+ set_env("X11VNC_SKIP_DISPLAY", s);
+ } else {
+ set_env("X11VNC_SKIP_DISPLAY", ":0");
+ }
+ set_env("X11VNC_SKIP_DISPLAY_NEGATE", "1");
+ set_env("FIND_DISPLAY_XAUTHORITY_PATH", "1");
+ set_env("FIND_DISPLAY_NO_SHOW_XAUTH", "1");
+ set_env("FIND_DISPLAY_NO_SHOW_DISPLAY", "1");
+ wait_for_client(&ic, NULL, 0);
+ exit(0);
+ }
+
/* set OS struct UT */
uname(&UT);
diff --git a/x11vnc/x11vnc_defs.c b/x11vnc/x11vnc_defs.c
index f5c35b43d54f7af371055b29e28e25419869e433..8cc1cd303a4557978a1c79f415b4e0a97f00c121 100644
--- a/x11vnc/x11vnc_defs.c
+++ b/x11vnc/x11vnc_defs.c
@@ -47,7 +47,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */
-char lastmod[] = "0.9.9 lastmod: 2009-12-04";
+char lastmod[] = "0.9.9 lastmod: 2009-12-06";
/* X display info */