Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Contribute to GitLab
Sign in
Toggle navigation
L
libvncserver
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
rasky
libvncserver
Commits
a1e5d55e
Commit
a1e5d55e
authored
Sep 17, 2008
by
runge
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
x11vnc: make -allow work in -ssl mode.
parent
95d7788e
Changes
7
Show whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
124 additions
and
48 deletions
+124
-48
ChangeLog
x11vnc/ChangeLog
+3
-0
README
x11vnc/README
+21
-17
connections.c
x11vnc/connections.c
+22
-2
help.c
x11vnc/help.c
+18
-14
sslhelper.c
x11vnc/sslhelper.c
+41
-0
x11vnc.1
x11vnc/x11vnc.1
+18
-14
x11vnc_defs.c
x11vnc/x11vnc_defs.c
+1
-1
No files found.
x11vnc/ChangeLog
View file @
a1e5d55e
2008-09-17 Karl Runge <runge@karlrunge.com>
* x11vnc: make -allow work in -ssl mode.
2008-09-14 Karl Runge <runge@karlrunge.com>
* x11vnc: -sleepin m-n for random sleep. More mktemp and mkstemp
protections. SSL_INIT_TIMEOUT=n env. var. Fix macosx console
...
...
x11vnc/README
View file @
a1e5d55e
x11vnc
README
file
Date
:
Sun
Sep
14
15
:
20
:
38
EDT
2008
x11vnc
README
file
Date
:
Tue
Sep
16
10
:
02
:
40
EDT
2008
The
following
information
is
taken
from
these
URLs
:
...
...
@@ -11808,7 +11808,7 @@ x11vnc: a VNC server for real X displays
Here are all of x11vnc command line options:
% x11vnc -opts (see below for -help long descriptions)
x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-09-1
4
x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-09-1
6
x11vnc options:
-display disp -auth file -N
...
...
@@ -11928,7 +11928,7 @@ libvncserver-tight-extension options:
%
x11vnc
-
help
x11vnc
:
allow
VNC
connections
to
real
X11
displays
.
0.9.4
lastmod
:
2008
-
09
-
1
4
x11vnc
:
allow
VNC
connections
to
real
X11
displays
.
0.9.4
lastmod
:
2008
-
09
-
1
6
(
type
"x11vnc -opts"
to
just
list
the
options
.)
...
...
@@ -12475,10 +12475,13 @@ e
Can also be a numerical IP prefix, e.g. "192.168.100."
to match a simple subnet, for more control build
libvncserver with libwrap support (See the FAQ). If the
list contains a "/" it instead is a interpreted as a
file containing addresses or prefixes that is re-read
each time a new client connects. Lines can be commented
out with the "#" character in the usual way.
list contains a "/" it instead is a interpreted
as a file containing addresses or prefixes that is
re-read each time a new client connects. Lines can be
commented out with the "#" character in the usual way.
-allow applies in -ssl mode, but not in -stunnel mode.
-localhost Basically the same as "-allow 127.0.0.1".
Note: if you want to restrict which network interface
...
...
@@ -13601,7 +13604,7 @@ e
For
Windows
,
stunnel
has
been
ported
to
it
and
there
are
probably
other
such
tools
available
.
See
the
FAQ
for
more
examples
.
and
SSVNC
for
more
examples
.
-
stunnel3
[
pem
]
Use
version
3.
x
stunnel
command
line
syntax
instead
of
version
4.
x
...
...
@@ -15769,7 +15772,9 @@ n
proxy:host:port set reverse connection proxy (empty to
disable).
allowonce:host For the next connection only, allow
connection from "host".
connection from "host". In -ssl mode
two connections are allowed (i.e. Fetch
Cert) unless X11VNC_NO_SSL_ALLOW_TWICE=1
allow:hostlist set -allow list to (comma separated)
"hostlist". See -allow and -localhost.
Do not use with -allow /path/to/file
...
...
@@ -16100,14 +16105,14 @@ n
nowfl
wirecopyrect
wcr
nowirecopyrect
nowcr
scr_area
scr_skip
scr_inc
scr_keys
scr_term
scr_keyrepeat
scr_parms
scrollcopyrect
scr
noscrollcopyrect
noscr
fixscreen
noxrecord
xrecord
reset_record
pointer_mode
pm
input_skip
allinput
noallinput
input
grabkbd
nograbkbd
grabptr
nograbptr
grabalways
nograbalways
fixscreen
noxrecord
xrecord
reset_record
pointer_mode
pm
input_skip
allinput
noallinput
input
grabkbd
no
grabkbd
grabptr
nograbptr
grabalways
nograbalways
grablocal
client_input
ssltimeout
speeds
wmdt
debug_pointer
dp
nodebug_pointer
nodp
debug_keyboard
dk
nodebug_keyboard
nodk
deferupdate
defer
wait_ui
wait_bog
no
wait_bog
slow_fb
xrefresh
wait
readtimeout
nap
nonap
sb
screen_blank
fbpm
nofbpm
dpms
nodpms
clientdpms
nodk
keycode
deferupdate
defer
wait_ui
wait_bog
nowait_bog
slow_fb
xrefresh
wait
readtimeout
nap
nonap
s
b
s
creen_blank
fbpm
nofbpm
dpms
nodpms
clientdpms
noclientdpms
forcedpms
noforcedpms
noserverdpms
serverdpms
noultraext
ultraext
fs
gaps
grow
fuzz
snapfb
nosnapfb
rawfb
uinput_accel
uinput_thresh
uinput_reset
...
...
@@ -16123,7 +16128,7 @@ n
nodbg
macnosaver
macsaver
nomacnosaver
macnowait
macwait
nomacnowait
macwheel
macnoswap
macswap
nomacnoswap
macnoresize
macresize
nomacnoresize
maciconanim
macmenu
macnomenu
nomacmenu
noremote
macnomenu
nomacmenu
macuskbd
nomacuskbd
noremote
aro
=
noop
display
vncdisplay
desktopname
guess_desktop
http_url
auth
xauth
users
rootshift
clipshift
...
...
@@ -16141,7 +16146,6 @@ n
dpy_x
dpy_y
wdpy_x
wdpy_y
off_x
off_y
cdpy_x
cdpy_y
coff_x
coff_y
rfbauth
passwd
viewpasswd
-
QD
variable
Just
like
-
query
variable
,
but
returns
the
default
value
for
that
parameter
(
no
running
x11vnc
server
is
consulted
)
...
...
x11vnc/connections.c
View file @
a1e5d55e
...
...
@@ -55,10 +55,10 @@ void check_new_clients(void);
int
accept_client
(
rfbClientPtr
client
);
int
run_user_command
(
char
*
cmd
,
rfbClientPtr
client
,
char
*
mode
,
char
*
input
,
int
len
,
FILE
*
output
);
int
check_access
(
char
*
addr
);
static
rfbClientPtr
*
client_match
(
char
*
str
);
static
void
free_client_data
(
rfbClientPtr
client
);
static
int
check_access
(
char
*
addr
);
static
void
ugly_geom
(
char
*
p
,
int
*
x
,
int
*
y
);
static
int
ugly_window
(
char
*
addr
,
char
*
userhost
,
int
X
,
int
Y
,
int
timeout
,
char
*
mode
,
int
accept
);
...
...
@@ -800,10 +800,14 @@ void client_gone(rfbClientPtr client) {
* Simple routine to limit access via string compare. A power user will
* want to compile libvncserver with libwrap support and use /etc/hosts.allow.
*/
static
int
check_access
(
char
*
addr
)
{
int
check_access
(
char
*
addr
)
{
int
allowed
=
0
;
int
ssl
=
0
;
char
*
p
,
*
list
;
if
(
use_openssl
||
use_stunnel
)
{
ssl
=
1
;
}
if
(
deny_all
)
{
rfbLog
(
"check_access: new connections are currently "
"blocked.
\n
"
);
...
...
@@ -842,6 +846,10 @@ static int check_access(char *addr) {
len2
=
strlen
(
allow_once
)
+
2
;
len
+=
len2
;
}
if
(
ssl
)
{
len2
=
strlen
(
"127.0.0.1"
)
+
2
;
len
+=
len2
;
}
list
=
(
char
*
)
malloc
(
len
);
list
[
0
]
=
'\0'
;
...
...
@@ -869,11 +877,19 @@ static int check_access(char *addr) {
strcat
(
list
,
allow_once
);
strcat
(
list
,
"
\n
"
);
}
if
(
ssl
)
{
strcat
(
list
,
"
\n
"
);
strcat
(
list
,
"127.0.0.1"
);
strcat
(
list
,
"
\n
"
);
}
}
else
{
int
len
=
strlen
(
allow_list
)
+
1
;
if
(
allow_once
)
{
len
+=
strlen
(
allow_once
)
+
1
;
}
if
(
ssl
)
{
len
+=
strlen
(
"127.0.0.1"
)
+
1
;
}
list
=
(
char
*
)
malloc
(
len
);
list
[
0
]
=
'\0'
;
strcat
(
list
,
allow_list
);
...
...
@@ -881,6 +897,10 @@ static int check_access(char *addr) {
strcat
(
list
,
","
);
strcat
(
list
,
allow_once
);
}
if
(
ssl
)
{
strcat
(
list
,
","
);
strcat
(
list
,
"127.0.0.1"
);
}
}
if
(
allow_once
)
{
...
...
x11vnc/help.c
View file @
a1e5d55e
...
...
@@ -566,10 +566,13 @@ void print_help(int mode) {
" Can also be a numerical IP prefix, e.g.
\"
192.168.100.
\"\n
"
" to match a simple subnet, for more control build
\n
"
" libvncserver with libwrap support (See the FAQ). If the
\n
"
" list contains a
\"
/
\"
it instead is a interpreted as a
\n
"
" file containing addresses or prefixes that is re-read
\n
"
" each time a new client connects. Lines can be commented
\n
"
" out with the
\"
#
\"
character in the usual way.
\n
"
" list contains a
\"
/
\"
it instead is a interpreted
\n
"
" as a file containing addresses or prefixes that is
\n
"
" re-read each time a new client connects. Lines can be
\n
"
" commented out with the
\"
#
\"
character in the usual way.
\n
"
"
\n
"
" -allow applies in -ssl mode, but not in -stunnel mode.
\n
"
"
\n
"
"-localhost Basically the same as
\"
-allow 127.0.0.1
\"
.
\n
"
"
\n
"
" Note: if you want to restrict which network interface
\n
"
...
...
@@ -1707,7 +1710,7 @@ void print_help(int mode) {
"
\n
"
" For Windows, stunnel has been ported to it and there
\n
"
" are probably other such tools available. See the FAQ
\n
"
" for more examples.
\n
"
"
and SSVNC
for more examples.
\n
"
"
\n
"
"-stunnel3 [pem] Use version 3.x stunnel command line syntax instead of
\n
"
" version 4.x
\n
"
...
...
@@ -3879,7 +3882,9 @@ void print_help(int mode) {
" disable).
\n
"
/* access */
" allowonce:host For the next connection only, allow
\n
"
" connection from
\"
host
\"
.
\n
"
" connection from
\"
host
\"
. In -ssl mode
\n
"
" two connections are allowed (i.e. Fetch
\n
"
" Cert) unless X11VNC_NO_SSL_ALLOW_TWICE=1
\n
"
/* access */
" allow:hostlist set -allow list to (comma separated)
\n
"
"
\"
hostlist
\"
. See -allow and -localhost.
\n
"
...
...
@@ -4212,14 +4217,14 @@ void print_help(int mode) {
" nowfl wirecopyrect wcr nowirecopyrect nowcr scr_area
\n
"
" scr_skip scr_inc scr_keys scr_term scr_keyrepeat
\n
"
" scr_parms scrollcopyrect scr noscrollcopyrect noscr
\n
"
" fixscreen noxrecord xrecord reset_record pointer_mode
\n
"
"
pm input_skip allinput noallinput input
grabkbd
\n
"
"
nograbkbd grabptr nograbptr grabalways nograbalways
\n
"
" fixscreen noxrecord xrecord reset_record pointer_mode
pm
\n
"
"
input_skip allinput noallinput input grabkbd no
grabkbd
\n
"
"
grabptr nograbptr grabalways nograbalways grablocal
\n
"
" client_input ssltimeout speeds wmdt debug_pointer dp
\n
"
" nodebug_pointer nodp debug_keyboard dk nodebug_keyboard
\n
"
" nodk
deferupdate defer wait_ui wait_bog no
wait_bog
\n
"
"
slow_fb xrefresh wait readtimeout nap nonap sb
\n
"
" screen_blank fbpm nofbpm dpms nodpms clientdpms
\n
"
" nodk
keycode deferupdate defer wait_ui
wait_bog
\n
"
"
nowait_bog slow_fb xrefresh wait readtimeout nap nonap
\n
"
" s
b s
creen_blank fbpm nofbpm dpms nodpms clientdpms
\n
"
" noclientdpms forcedpms noforcedpms noserverdpms
\n
"
" serverdpms noultraext ultraext fs gaps grow fuzz snapfb
\n
"
" nosnapfb rawfb uinput_accel uinput_thresh uinput_reset
\n
"
...
...
@@ -4235,7 +4240,7 @@ void print_help(int mode) {
" nodbg macnosaver macsaver nomacnosaver macnowait macwait
\n
"
" nomacnowait macwheel macnoswap macswap nomacnoswap
\n
"
" macnoresize macresize nomacnoresize maciconanim macmenu
\n
"
" macnomenu nomacmenu noremote
\n
"
" macnomenu nomacmenu
macuskbd nomacuskbd
noremote
\n
"
"
\n
"
" aro= noop display vncdisplay desktopname guess_desktop
\n
"
" http_url auth xauth users rootshift clipshift
\n
"
...
...
@@ -4253,7 +4258,6 @@ void print_help(int mode) {
" dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y
\n
"
" coff_x coff_y rfbauth passwd viewpasswd
\n
"
"
\n
"
"
\n
"
"-QD variable Just like -query variable, but returns the default
\n
"
" value for that parameter (no running x11vnc server
\n
"
" is consulted)
\n
"
...
...
x11vnc/sslhelper.c
View file @
a1e5d55e
...
...
@@ -1227,6 +1227,9 @@ static void csock_timeout (int sig) {
}
}
#define PROXY_HACK 0
#if PROXY_HACK
static
int
wait_conn
(
int
sock
)
{
int
conn
;
struct
sockaddr_in
addr
;
...
...
@@ -1247,6 +1250,8 @@ static int wait_conn(int sock) {
return
conn
;
}
/* no longer used */
int
proxy_hack
(
int
vncsock
,
int
listen
,
int
s_in
,
int
s_out
,
char
*
cookie
,
int
mode
)
{
int
sock1
,
db
=
0
;
...
...
@@ -1321,6 +1326,31 @@ if (db) fprintf(stderr, "buf: '%s'\n", buf);
return
1
;
}
#endif
/* PROXY_HACK */
static
int
check_ssl_access
(
char
*
addr
)
{
static
char
*
save_allow_once
=
NULL
;
static
time_t
time_allow_once
=
0
;
/* due to "Fetch Cert" activities for SSL really need to "allow twice" */
if
(
allow_once
!=
NULL
)
{
save_allow_once
=
strdup
(
allow_once
);
time_allow_once
=
time
(
NULL
);
}
else
if
(
save_allow_once
!=
NULL
)
{
if
(
getenv
(
"X11VNC_NO_SSL_ALLOW_TWICE"
))
{
;
}
else
if
(
time
(
NULL
)
<
time_allow_once
+
30
)
{
/* give them 30 secs to check and save the fetched cert. */
allow_once
=
save_allow_once
;
rfbLog
(
"SSL: Permitting 30 sec grace period for allowonce.
\n
"
);
rfbLog
(
"SSL: Set X11VNC_NO_SSL_ALLOW_TWICE=1 to disable.
\n
"
);
}
save_allow_once
=
NULL
;
time_allow_once
=
0
;
}
return
check_access
(
addr
);
}
void
accept_openssl
(
int
mode
,
int
presock
)
{
int
sock
=
-
1
,
listen
=
-
1
,
cport
,
csock
,
vsock
;
...
...
@@ -1407,6 +1437,17 @@ void accept_openssl(int mode, int presock) {
openssl_last_ip
=
get_remote_host
(
sock
);
}
if
(
!
check_ssl_access
(
openssl_last_ip
))
{
rfbLog
(
"SSL: accept_openssl: denying client %s
\n
"
,
openssl_last_ip
);
rfbLog
(
"SSL: accept_openssl: does not match -allow (or other reason).
\n
"
);
close
(
sock
);
sock
=
-
1
;
if
(
ssl_no_fail
)
{
clean_up_exit
(
1
);
}
return
;
}
/* now make a listening socket for child to connect back to us by: */
cport
=
find_free_port
(
20000
,
0
);
...
...
x11vnc/x11vnc.1
View file @
a1e5d55e
...
...
@@ -2,7 +2,7 @@
.TH X11VNC "1" "September 2008" "x11vnc " "User Commands"
.SH NAME
x11vnc - allow VNC connections to real X11 displays
version: 0.9.4, lastmod: 2008-09-1
4
version: 0.9.4, lastmod: 2008-09-1
6
.SH SYNOPSIS
.B x11vnc
[OPTION]...
...
...
@@ -657,10 +657,12 @@ the comma separated list of hostnames or IP addresses.
Can also be a numerical IP prefix, e.g. "192.168.100."
to match a simple subnet, for more control build
libvncserver with libwrap support (See the FAQ). If the
list contains a "/" it instead is a interpreted as a
file containing addresses or prefixes that is re-read
each time a new client connects. Lines can be commented
out with the "#" character in the usual way.
list contains a "/" it instead is a interpreted
as a file containing addresses or prefixes that is
re-read each time a new client connects. Lines can be
commented out with the "#" character in the usual way.
.IP
\fB-allow\fR applies in \fB-ssl\fR mode, but not in \fB-stunnel\fR mode.
.PP
\fB-localhost\fR
.IP
...
...
@@ -1923,7 +1925,7 @@ on Unix using stunnel 3.x is:
.IP
For Windows, stunnel has been ported to it and there
are probably other such tools available. See the FAQ
for more examples.
and SSVNC
for more examples.
.PP
\fB-stunnel3\fR \fI[pem]\fR
.IP
...
...
@@ -4553,7 +4555,9 @@ proxy:host:port set reverse connection proxy (empty to
disable).
.IP
allowonce:host For the next connection only, allow
connection from "host".
connection from "host". In \fB-ssl\fR mode
two connections are allowed (i.e. Fetch
Cert) unless X11VNC_NO_SSL_ALLOW_TWICE=1
.IP
allow:hostlist set \fB-allow\fR list to (comma separated)
"hostlist". See \fB-allow\fR and \fB-localhost.\fR
...
...
@@ -5129,14 +5133,14 @@ nowireframe nowf wireframelocal wfl nowireframelocal
nowfl wirecopyrect wcr nowirecopyrect nowcr scr_area
scr_skip scr_inc scr_keys scr_term scr_keyrepeat
scr_parms scrollcopyrect scr noscrollcopyrect noscr
fixscreen noxrecord xrecord reset_record pointer_mode
pm input_skip allinput noallinput input
grabkbd
nograbkbd grabptr nograbptr grabalways nograbalways
fixscreen noxrecord xrecord reset_record pointer_mode
pm
input_skip allinput noallinput input grabkbd no
grabkbd
grabptr nograbptr grabalways nograbalways grablocal
client_input ssltimeout speeds wmdt debug_pointer dp
nodebug_pointer nodp debug_keyboard dk nodebug_keyboard
nodk
deferupdate defer wait_ui wait_bog no
wait_bog
slow_fb xrefresh wait readtimeout nap nonap sb
screen_blank fbpm nofbpm dpms nodpms clientdpms
nodk
keycode deferupdate defer wait_ui
wait_bog
nowait_bog slow_fb xrefresh wait readtimeout nap nonap
s
b s
creen_blank fbpm nofbpm dpms nodpms clientdpms
noclientdpms forcedpms noforcedpms noserverdpms
serverdpms noultraext ultraext fs gaps grow fuzz snapfb
nosnapfb rawfb uinput_accel uinput_thresh uinput_reset
...
...
@@ -5152,7 +5156,7 @@ debug_grabs nodebug_grabs debug_sel nodebug_sel dbg
nodbg macnosaver macsaver nomacnosaver macnowait macwait
nomacnowait macwheel macnoswap macswap nomacnoswap
macnoresize macresize nomacnoresize maciconanim macmenu
macnomenu nomacmenu noremote
macnomenu nomacmenu
macuskbd nomacuskbd
noremote
.IP
aro= noop display vncdisplay desktopname guess_desktop
http_url auth xauth users rootshift clipshift
...
...
x11vnc/x11vnc_defs.c
View file @
a1e5d55e
...
...
@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
int
xdamage_base_event_type
=
0
;
/* date +'lastmod: %Y-%m-%d' */
char
lastmod
[]
=
"0.9.4 lastmod: 2008-09-1
4
"
;
char
lastmod
[]
=
"0.9.4 lastmod: 2008-09-1
6
"
;
/* X display info */
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment