x11vnc: more -unixpw work. add -license, etc. options

ChangeLog

+2006-07-04  Karl Runge <runge@karlrunge.com>
+	* configure.ac: add getspnam.
+
 2006-06-08  Karl Runge <runge@karlrunge.com>
 	* prepare_x11vnc_dist.sh: to 0.8.2
 

configure.ac

@@ -445,7 +445,7 @@ AC_FUNC_VPRINTF
 AC_FUNC_FORK
 AC_CHECK_LIB(nsl,gethostbyname)
 AC_CHECK_LIB(socket,socket)
-AC_CHECK_FUNCS([ftime gethostbyname gethostname gettimeofday inet_ntoa memmove memset mmap mkfifo select socket strchr strcspn strdup strerror strstr setsid setpgrp getpwuid getpwnam getuid geteuid setuid setgid seteuid setegid waitpid setutxent grantpt])
+AC_CHECK_FUNCS([ftime gethostbyname gethostname gettimeofday inet_ntoa memmove memset mmap mkfifo select socket strchr strcspn strdup strerror strstr setsid setpgrp getpwuid getpwnam getspnam getuid geteuid setuid setgid seteuid setegid waitpid setutxent grantpt])
 
 # check, if shmget is in cygipc.a
 AC_CHECK_LIB(cygipc,shmget)

x11vnc/ChangeLog

+2006-07-04  Karl Runge <runge@karlrunge.com>
+	* x11vnc: 2nd -accept popup with WAIT, and UNIX: info for unixpw
+	  login.  Use RFB_CLIENT_ON_HOLD for -unixpw. -unixpw white arrow
+	  -license option.  Use getspnam if getpwnam is short.
+	  abbrevs sc=, cm, ck for user:opts.
+
 2006-06-23  Karl Runge <runge@karlrunge.com>
 	* x11vnc: misc cleanup.
 

x11vnc/connections.c

@@ -48,6 +48,7 @@ void start_client_info_sock(char *host_port_cookie);
 void send_client_info(char *str);
 void adjust_grabs(int grab, int quiet);
 void check_new_clients(void);
+int accept_client(rfbClientPtr client);
 
 
 static rfbClientPtr *client_match(char *str);
@@ -58,7 +59,6 @@ static void ugly_geom(char *p, int *x, int *y);
 static int ugly_window(char *addr, char *userhost, int X, int Y,
     int timeout, char *mode, int accept);
 static int action_match(char *action, int rc);
-static int accept_client(rfbClientPtr client);
 static void check_connect_file(char *file);
 static void send_client_connect(void);
 
@@ -133,7 +133,11 @@ char *list_clients(void) {
 			char *s = ident_username(cl);
 			if (s) free(s);
 		}
+		if (strstr(cd->username, "UNIX:") == cd->username) {
+			strcat(list, cd->username + strlen("UNIX:"));
+		} else {
 			strcat(list, cd->username);
+		}
 		strcat(list, ":");
 		if (cd->unixname[0] == '\0') {
 			strcat(list, "none");
@@ -996,7 +1000,15 @@ static unsigned char t2x2_bits[] = {
 	XFlush_wr(dpy);
 
 	if (accept) {
-		snprintf(strh, 100, "x11vnc: accept connection from %s?", addr);
+		char *ip = addr;
+		char *type = "accept";
+		if (unixpw && strstr(userhost, "UNIX:") != userhost) {
+			type = "unixpw";
+			if (openssl_last_ip) {
+				ip = openssl_last_ip;
+			}
+		}
+		snprintf(strh, 100, "x11vnc: %s connection from %s?", type, ip);
 	} else {
 		snprintf(strh, 100, "x11vnc: client disconnected from %s", addr);
 	}
@@ -1282,7 +1294,7 @@ static void ugly_geom(char *p, int *x, int *y) {
  *	popup:     use internal X widgets for prompting.
  * 
  */
-static int accept_client(rfbClientPtr client) {
+int accept_client(rfbClientPtr client) {
 
 	char xmessage[200], *cmd = NULL;
 	char *addr = client->host;
@@ -1327,6 +1339,14 @@ static int accept_client(rfbClientPtr client) {
 			mode = "both";
 		}
 
+		if (dpy == NULL && use_dpy && strstr(use_dpy, "WAIT:") ==
+		    use_dpy) {
+			rfbLog("accept_client: warning allowing client under conditions:\n");
+			rfbLog("  -display WAIT:, dpy == NULL, -accept popup.\n");
+			rfbLog("   There will be another popup.\n");
+			return 1;
+		}
+
 		rfbLog("accept_client: using builtin popup for: %s\n", addr);
 		if ((ret = ugly_window(addr, userhost, x, y, timeout,
 		    mode, 1))) {
@@ -1526,6 +1546,7 @@ static int do_reverse_connect(char *str) {
 		rfbLog("reverse connections disabled in -ssl mode.\n");
 		return 0;
 	}
+	if (unixpw_in_progress) return 0;
 
 	/* copy in to host */
 	host = (char *) malloc(len+1);
@@ -1579,11 +1600,15 @@ static int do_reverse_connect(char *str) {
  * Break up comma separated list of hosts and call do_reverse_connect()
  */
 void reverse_connect(char *str) {
-	char *p, *tmp = strdup(str);
+	char *p, *tmp;
 	int sleep_between_host = 300;
 	int sleep_min = 1500, sleep_max = 4500, n_max = 5;
 	int n, tot, t, dt = 100, cnt = 0;
 
+	if (unixpw_in_progress) return;
+
+	tmp = strdup(str);
+
 	p = strtok(tmp, ", \t\r\n");
 	while (p) {
 		if ((n = do_reverse_connect(p)) != 0) {
@@ -1887,7 +1912,6 @@ enum rfbNewClientAction new_client(rfbClientPtr client) {
 
 	last_event = last_input = time(NULL);
 
-
 	if (inetd) {
 		/* 
 		 * Set this so we exit as soon as connection closes,
@@ -2010,6 +2034,12 @@ if (0) fprintf(stderr, "SET ssl_helper_pid: %d\n", openssl_last_helper_pid);
 		unixpw_last_try_time = time(NULL);
 		unixpw_screen(1);
 		unixpw_keystroke(0, 0, 1);
+		if (!unixpw_in_rfbPE) {
+			rfbLog("new client: %s in non-unixpw_in_rfbPE.\n",
+			     client->host);
+		}
+		/* always put client on hold even if unixpw_in_rfbPE is true */
+		return(RFB_CLIENT_ON_HOLD);
 	}
 
 	return(RFB_CLIENT_ACCEPT);

x11vnc/connections.h

@@ -31,5 +31,6 @@ extern void start_client_info_sock(char *host_port_cookie);
 extern void send_client_info(char *str);
 extern void adjust_grabs(int grab, int quiet);
 extern void check_new_clients(void);
+extern int accept_client(rfbClientPtr client);
 
 #endif /* _X11VNC_CONNECTIONS_H */

x11vnc/cursor.c

@@ -30,6 +30,7 @@ int cursor_shape_updates_clients(rfbScreenInfoPtr s);
 int cursor_pos_updates_clients(rfbScreenInfoPtr s);
 void cursor_position(int x, int y);
 void set_no_cursor(void);
+void set_warrow_cursor(void);
 int set_cursor(int x, int y, int which);
 int check_x11_pointer(void);
 
@@ -490,6 +491,7 @@ enum cursor_names {
 	CURS_DOT,
 
 	CURS_ARROW,
+	CURS_WARROW,
 	CURS_ROOT,
 	CURS_WM,
 	CURS_TERM,
@@ -657,6 +659,7 @@ static void setup_cursors(void) {
 		alt_arrow = 1;
 		curs_copy(cursors[CURS_ARROW], &cur_arrow);	n++;
 	}
+	curs_copy(cursors[CURS_WARROW], &cur_arrow2);	n++;
 
 	curs_copy(cursors[CURS_ROOT], &cur_root);	n++;
 	curs_copy(cursors[CURS_WM],   &cur_fleur);	n++;
@@ -1744,6 +1747,10 @@ void set_no_cursor(void) {
 	set_rfb_cursor(CURS_EMPTY);
 }
 
+void set_warrow_cursor(void) {
+	set_rfb_cursor(CURS_WARROW);
+}
+
 int set_cursor(int x, int y, int which) {
 	static int last = -1;
 	int changed_cursor = 0;

x11vnc/cursor.h

@@ -27,6 +27,7 @@ extern int cursor_shape_updates_clients(rfbScreenInfoPtr s);
 extern int cursor_pos_updates_clients(rfbScreenInfoPtr s);
 extern void cursor_position(int x, int y);
 extern void set_no_cursor(void);
+extern void set_warrow_cursor(void);
 extern int set_cursor(int x, int y, int which);
 extern int check_x11_pointer(void);
 

x11vnc/help.c

@@ -9,6 +9,7 @@
  */
 
 void print_help(int mode);
+void print_license(void);
 void xopen_display_fail_message(char *disp);
 void nopassword_warning_msg(int gotloc);
 
@@ -48,7 +49,7 @@ void print_help(int mode) {
 "\n"
 "       vncviewer -encodings 'copyrect tight zrle hextile' localhost:0\n"
 "\n"
-"Also, use of a VNC password (-rfbauth or -passwdfile) is strongly recommend.\n"
+"Also, use of a VNC password (-rfbauth or -passwdfile) is strongly recommended.\n"
 "\n"
 "For additional info see: http://www.karlrunge.com/x11vnc/\n"
 "                    and  http://www.karlrunge.com/x11vnc/#faq\n"
@@ -201,11 +202,11 @@ void print_help(int mode) {
 "                       This enables a scheme were XGetImage() is not used\n"
 "                       to retrieve the 8bpp data.  Instead, it assumes that\n"
 "                       the 8bpp data is in bits 25-32 of the 32bit X pixels.\n"
-"                       There is no reason the X server should put the data\n"
-"                       there for our poll requests, but some do and so the\n"
-"                       extra steps to retrieve it can be skipped.  Tested with\n"
-"                       mga driver with XFree86/Xorg.  For the default depth\n"
-"                       8 case this option is ignored.\n"
+"                       There is no requirement that the X server should put\n"
+"                       the data there for our poll requests, but some do and\n"
+"                       so the extra steps to retrieve it can be skipped.\n"
+"                       Tested with mga driver with XFree86/Xorg.  For the\n"
+"                       default depth 8 case this option is ignored.\n"
 "\n"
 "                       To adjust how often XGetImage() is used to poll the\n"
 "                       non-default visual regions for changes, use the option\n"
@@ -314,6 +315,11 @@ void print_help(int mode) {
 "                       change the global or per-client viewonly state the\n"
 "                       filetransfer permissions will NOT change.\n"
 "\n"
+"                       Note, to *enable* UltraVNC filetransfer (currently\n"
+"                       disabled by default, this may change...) and to get it\n"
+"                       to work you probably need to supply these libvncserver\n"
+"                       options: \"-rfbversion 3.6 -permitfiletransfer\"\n"
+"\n"
 "-http                  Instead of using -httpdir (see below) to specify\n"
 "                       where the Java vncviewer applet is, have x11vnc try\n"
 "                       to *guess* where the directory is by looking relative\n"
@@ -357,7 +363,7 @@ void print_help(int mode) {
 "                       file containing addresses or prefixes that is re-read\n"
 "                       each time a new client connects.  Lines can be commented\n"
 "                       out with the \"#\" character in the usual way.\n"
-"-localhost             Same as \"-allow 127.0.0.1\".\n"
+"-localhost             Basically the same as \"-allow 127.0.0.1\".\n"
 "\n"
 "                       Note: if you want to restrict which network interface\n"
 "                       x11vnc listens on, see the -listen option below.\n"
@@ -365,11 +371,11 @@ void print_help(int mode) {
 "                       As a special case, the option \"-localhost\" implies\n"
 "                       \"-listen localhost\".\n"
 "\n"
-"                       For non-localhost -listen usage, if you use the remote\n"
-"                       control mechanism (-R) to change the -listen interface\n"
-"                       you may need to manually adjust the -allow list (and\n"
-"                       vice versa) to avoid situations where no connections\n"
-"                       (or too many) are allowed.\n"
+"                       A rare case, but for non-localhost -listen usage, if\n"
+"                       you use the remote control mechanism (-R) to change\n"
+"                       the -listen interface you may need to manually adjust\n"
+"                       the -allow list (and vice versa) to avoid situations\n"
+"                       where no connections (or too many) are allowed.\n"
 "\n"
 "-nolookup              Do not use gethostbyname() or gethostbyaddr() to look up\n"
 "                       host names or IP numbers.  Use this if name resolution\n"
@@ -420,7 +426,7 @@ void print_help(int mode) {
 "                       limiting the readability of the file.  In general,\n"
 "                       the password file should not be readable by untrusted\n"
 "                       users (BTW: neither should the VNC -rfbauth file:\n"
-"                       it is NOT encrypted).\n"
+"                       it is NOT encrypted, only obscured).\n"
 "\n"
 "                       If the filename is prefixed with \"read:\" it will\n"
 "                       periodically be checked for changes and reread.\n"
@@ -549,7 +555,7 @@ void print_help(int mode) {
 "                       per-user options after a \":\", e.g. \"fred:opts\"\n"
 "                       where \"opts\" is a \"+\" separated list of\n"
 "                       \"viewonly\", \"fullaccess\", \"input=XXXX\", or\n"
-"                       \"deny\", e.g. \"karl,fred:viewonly,boss:input=M\".\n"
+"                       \"deny\", e.g. \"karl,wally:viewonly,boss:input=M\".\n"
 "                       For \"input=\" it is the K,M,B,C described under -input.\n"
 "\n"
 "                       If a user in the list is \"*\" that means those\n"
@@ -574,8 +580,10 @@ void print_help(int mode) {
 "                       (e.g. \"ypcat passwd\").  NIS is not required for this\n"
 "                       mode to work (only that getpwnam(3) return the encrypted\n"
 "                       password is required), but it is unlikely it will work\n"
-"                       for any other modern environment.  All of the -unixpw\n"
-"                       options and contraints apply.\n"
+"                       for any other modern environment unless x11vnc is run\n"
+"                       as root (which, btw, is often done when running x11vnc\n"
+"                       from inetd and xdm/gdm/kdm).  All of the -unixpw options\n"
+"                       and contraints apply.\n"
 "\n"
 "-display WAIT:...      A special usage mode for the normal -display option.\n"
 "                       Useful with -unixpw, but can be used independently\n"
@@ -602,17 +610,17 @@ void print_help(int mode) {
 "                       of the form XAUTHORITY=<file> or raw xauthority data for\n"
 "                       the display (e.g. \"xauth extract - $DISPLAY\" output).\n"
 "\n"
-"                       In the case of -unixpw, then the above command is run\n"
-"                       as the user who just authenticated via the login and\n"
-"                       password prompt.\n"
+"                       In the case of -unixpw (but not -unixpw_nis), then the\n"
+"                       above command is run as the user who just authenticated\n"
+"                       via the login and password prompt.\n"
 "\n"
 "                       Also in the case of -unixpw, the user logging in can\n"
 "                       place a colon at the end of his username and supply\n"
-"                       a few options: scale=, scale_cursor=, solid, id=,\n"
-"                       clear_mods, clear_keys, repeat, or speeds= separated\n"
-"                       by commas if there is more than one.  After the user\n"
-"                       logs in successfully, these options will be applied to\n"
-"                       the VNC screen.  For example,\n"
+"                       a few options: scale=, scale_cursor= (or sc=), solid,\n"
+"                       id=, clear_mods (or cm), clear_keys (or ck), repeat, or\n"
+"                       speeds= separated by commas if there is more than one.\n"
+"                       After the user logs in successfully, these options will\n"
+"                       be applied to the VNC screen.  For example,\n"
 "\n"
 "                          login: fred:scale=3/4,repeat\n"
 "                          Password: ...\n"
@@ -635,17 +643,17 @@ void print_help(int mode) {
 "                       A nice way to use WAIT:cmd=... is out of inetd(8)\n"
 "                       (it automatically forks a new x11vnc for each user).\n"
 "                       You can have the x11vnc inetd spawned process run as,\n"
-"                       say, root or nobody.  When run as root (for either\n"
-"                       inetd or display manager), you can also supply the\n"
-"                       option \"-users unixpw=\" to have the x11vnc process\n"
-"                       switch to the user as well.  Note: there will be a 2nd\n"
-"                       SSL helper process that will not switch, but it is only\n"
-"                       encoding and decoding the stream at that point.\n"
-"\n"
-"                       As a special case, WAIT:cmd=FINDDISPLAY will run\n"
-"                       a script that works on most Unixes to determine a\n"
-"                       user's DISPLAY variable and xauthority data.  To have\n"
-"                       this default script printed to stdout (e.g. for\n"
+"                       say, root or nobody.  When run as root (for either inetd\n"
+"                       or display manager), you can also supply the option\n"
+"                       \"-users unixpw=\" to have the x11vnc process switch to\n"
+"                       the user as well.  Note: there will be a 2nd SSL helper\n"
+"                       process that will not switch, but it is only encoding\n"
+"                       and decoding the encrypted stream at that point.\n"
+"\n"
+"                       As a special case, WAIT:cmd=FINDDISPLAY will run a\n"
+"                       script that works on most Unixes to determine a user's\n"
+"                       DISPLAY variable and xauthority data (see who(1)).\n"
+"                       To have this default script printed to stdout (e.g. for\n"
 "                       customization) run with WAIT:cmd=FINDDISPLAY-print\n"
 "\n"
 "                       As another special case, WAIT:cmd=HTTPONCE will allow\n"
@@ -1223,6 +1231,15 @@ void print_help(int mode) {
 "                       use \"popup:N\" to modify the timeout to N seconds\n"
 "                       (use 0 for no timeout).\n"
 "\n"
+"                       In the case of \"popup\" and when the -unixpw option\n"
+"                       is specified, then a *second* window will be popped\n"
+"                       up after the user successfully logs in via his UNIX\n"
+"                       password.  This time the user will be identified as\n"
+"                       UNIX:username@hostname, the \"UNIX:\" prefix indicates\n"
+"                       which user the viewer logged as via -unixpw.  The first\n"
+"                       popup is only for whether to allow him to even *try*\n"
+"                       to login via unix password.\n"
+"\n"
 "                       If \"string\" is \"xmessage\" then an xmessage(1)\n"
 "                       invocation is used for the command.  xmessage must be\n"
 "                       installed on the machine for this to work.\n"
@@ -1450,6 +1467,8 @@ void print_help(int mode) {
 "-h, -help              Print this help text.\n"
 "-?, -opts              Only list the x11vnc options.\n"
 "-V, -version           Print program version and last modification date.\n"
+"-license               Print out license information.  Same as -copying and\n"
+"                       -warranty.\n"
 "\n"
 "-dbg                   Instead of exiting after cleaning up, run a simple\n"
 "                       \"debug crash shell\" when fatal errors are trapped.\n"
@@ -3393,4 +3412,363 @@ void nopassword_warning_msg(int gotloc) {
 #endif
 }
 
+void print_license(void) {
+#if !SKIP_HELP
+	char license[] = 
+"		    GNU GENERAL PUBLIC LICENSE\n"
+"		       Version 2, June 1991\n"
+"\n"
+" Copyright (C) 1989, 1991 Free Software Foundation, Inc.\n"
+"                          59 Temple Place - Suite 330, Boston, MA\n"
+"                          02111-1307, USA.\n"
+" Everyone is permitted to copy and distribute verbatim copies\n"
+" of this license document, but changing it is not allowed.\n"
+"\n"
+"			    Preamble\n"
+"\n"
+"  The licenses for most software are designed to take away your\n"
+"freedom to share and change it.  By contrast, the GNU General Public\n"
+"License is intended to guarantee your freedom to share and change free\n"
+"software--to make sure the software is free for all its users.  This\n"
+"General Public License applies to most of the Free Software\n"
+"Foundation's software and to any other program whose authors commit to\n"
+"using it.  (Some other Free Software Foundation software is covered by\n"
+"the GNU Library General Public License instead.)  You can apply it to\n"
+"your programs, too.\n"
+"\n"
+"  When we speak of free software, we are referring to freedom, not\n"
+"price.  Our General Public Licenses are designed to make sure that you\n"
+"have the freedom to distribute copies of free software (and charge for\n"
+"this service if you wish), that you receive source code or can get it\n"
+"if you want it, that you can change the software or use pieces of it\n"
+"in new free programs; and that you know you can do these things.\n"
+"\n"
+"  To protect your rights, we need to make restrictions that forbid\n"
+"anyone to deny you these rights or to ask you to surrender the rights.\n"
+"These restrictions translate to certain responsibilities for you if you\n"
+"distribute copies of the software, or if you modify it.\n"
+"\n"
+"  For example, if you distribute copies of such a program, whether\n"
+"gratis or for a fee, you must give the recipients all the rights that\n"
+"you have.  You must make sure that they, too, receive or can get the\n"
+"source code.  And you must show them these terms so they know their\n"
+"rights.\n"
+"\n"
+"  We protect your rights with two steps: (1) copyright the software, and\n"
+"(2) offer you this license which gives you legal permission to copy,\n"
+"distribute and/or modify the software.\n"
+"\n"
+"  Also, for each author's protection and ours, we want to make certain\n"
+"that everyone understands that there is no warranty for this free\n"
+"software.  If the software is modified by someone else and passed on, we\n"
+"want its recipients to know that what they have is not the original, so\n"
+"that any problems introduced by others will not reflect on the original\n"
+"authors' reputations.\n"
+"\n"
+"  Finally, any free program is threatened constantly by software\n"
+"patents.  We wish to avoid the danger that redistributors of a free\n"
+"program will individually obtain patent licenses, in effect making the\n"
+"program proprietary.  To prevent this, we have made it clear that any\n"
+"patent must be licensed for everyone's free use or not licensed at all.\n"
+"\n"
+"  The precise terms and conditions for copying, distribution and\n"
+"modification follow.\n"
+"\n"
+"		    GNU GENERAL PUBLIC LICENSE\n"
+"   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n"
+"\n"
+"  0. This License applies to any program or other work which contains\n"
+"a notice placed by the copyright holder saying it may be distributed\n"
+"under the terms of this General Public License.  The \"Program\", below,\n"
+"refers to any such program or work, and a \"work based on the Program\"\n"
+"means either the Program or any derivative work under copyright law:\n"
+"that is to say, a work containing the Program or a portion of it,\n"
+"either verbatim or with modifications and/or translated into another\n"
+"language.  (Hereinafter, translation is included without limitation in\n"
+"the term \"modification\".)  Each licensee is addressed as \"you\".\n"
+"\n"
+"Activities other than copying, distribution and modification are not\n"
+"covered by this License; they are outside its scope.  The act of\n"
+"running the Program is not restricted, and the output from the Program\n"
+"is covered only if its contents constitute a work based on the\n"
+"Program (independent of having been made by running the Program).\n"
+"Whether that is true depends on what the Program does.\n"
+"\n"
+"  1. You may copy and distribute verbatim copies of the Program's\n"
+"source code as you receive it, in any medium, provided that you\n"
+"conspicuously and appropriately publish on each copy an appropriate\n"
+"copyright notice and disclaimer of warranty; keep intact all the\n"
+"notices that refer to this License and to the absence of any warranty;\n"
+"and give any other recipients of the Program a copy of this License\n"
+"along with the Program.\n"
+"\n"
+"You may charge a fee for the physical act of transferring a copy, and\n"
+"you may at your option offer warranty protection in exchange for a fee.\n"
+"\n"
+"  2. You may modify your copy or copies of the Program or any portion\n"
+"of it, thus forming a work based on the Program, and copy and\n"
+"distribute such modifications or work under the terms of Section 1\n"
+"above, provided that you also meet all of these conditions:\n"
+"\n"
+"    a) You must cause the modified files to carry prominent notices\n"
+"    stating that you changed the files and the date of any change.\n"
+"\n"
+"    b) You must cause any work that you distribute or publish, that in\n"
+"    whole or in part contains or is derived from the Program or any\n"
+"    part thereof, to be licensed as a whole at no charge to all third\n"
+"    parties under the terms of this License.\n"
+"\n"
+"    c) If the modified program normally reads commands interactively\n"
+"    when run, you must cause it, when started running for such\n"
+"    interactive use in the most ordinary way, to print or display an\n"
+"    announcement including an appropriate copyright notice and a\n"
+"    notice that there is no warranty (or else, saying that you provide\n"
+"    a warranty) and that users may redistribute the program under\n"
+"    these conditions, and telling the user how to view a copy of this\n"
+"    License.  (Exception: if the Program itself is interactive but\n"
+"    does not normally print such an announcement, your work based on\n"
+"    the Program is not required to print an announcement.)\n"
+"\n"
+"These requirements apply to the modified work as a whole.  If\n"
+"identifiable sections of that work are not derived from the Program,\n"
+"and can be reasonably considered independent and separate works in\n"
+"themselves, then this License, and its terms, do not apply to those\n"
+"sections when you distribute them as separate works.  But when you\n"
+"distribute the same sections as part of a whole which is a work based\n"
+"on the Program, the distribution of the whole must be on the terms of\n"
+"this License, whose permissions for other licensees extend to the\n"
+"entire whole, and thus to each and every part regardless of who wrote it.\n"
+"\n"
+"Thus, it is not the intent of this section to claim rights or contest\n"
+"your rights to work written entirely by you; rather, the intent is to\n"
+"exercise the right to control the distribution of derivative or\n"
+"collective works based on the Program.\n"
+"\n"
+"In addition, mere aggregation of another work not based on the Program\n"
+"with the Program (or with a work based on the Program) on a volume of\n"
+"a storage or distribution medium does not bring the other work under\n"
+"the scope of this License.\n"
+"\n"
+"  3. You may copy and distribute the Program (or a work based on it,\n"
+"under Section 2) in object code or executable form under the terms of\n"
+"Sections 1 and 2 above provided that you also do one of the following:\n"
+"\n"
+"    a) Accompany it with the complete corresponding machine-readable\n"
+"    source code, which must be distributed under the terms of Sections\n"
+"    1 and 2 above on a medium customarily used for software interchange; or,\n"
+"\n"
+"    b) Accompany it with a written offer, valid for at least three\n"
+"    years, to give any third party, for a charge no more than your\n"
+"    cost of physically performing source distribution, a complete\n"
+"    machine-readable copy of the corresponding source code, to be\n"
+"    distributed under the terms of Sections 1 and 2 above on a medium\n"
+"    customarily used for software interchange; or,\n"
+"\n"
+"    c) Accompany it with the information you received as to the offer\n"
+"    to distribute corresponding source code.  (This alternative is\n"
+"    allowed only for noncommercial distribution and only if you\n"
+"    received the program in object code or executable form with such\n"
+"    an offer, in accord with Subsection b above.)\n"
+"\n"
+"The source code for a work means the preferred form of the work for\n"
+"making modifications to it.  For an executable work, complete source\n"
+"code means all the source code for all modules it contains, plus any\n"
+"associated interface definition files, plus the scripts used to\n"
+"control compilation and installation of the executable.  However, as a\n"
+"special exception, the source code distributed need not include\n"
+"anything that is normally distributed (in either source or binary\n"
+"form) with the major components (compiler, kernel, and so on) of the\n"
+"operating system on which the executable runs, unless that component\n"
+"itself accompanies the executable.\n"
+"\n"
+"If distribution of executable or object code is made by offering\n"
+"access to copy from a designated place, then offering equivalent\n"
+"access to copy the source code from the same place counts as\n"
+"distribution of the source code, even though third parties are not\n"
+"compelled to copy the source along with the object code.\n"
+"\n"
+"  4. You may not copy, modify, sublicense, or distribute the Program\n"
+"except as expressly provided under this License.  Any attempt\n"
+"otherwise to copy, modify, sublicense or distribute the Program is\n"
+"void, and will automatically terminate your rights under this License.\n"
+"However, parties who have received copies, or rights, from you under\n"
+"this License will not have their licenses terminated so long as such\n"
+"parties remain in full compliance.\n"
+"\n"
+"  5. You are not required to accept this License, since you have not\n"
+"signed it.  However, nothing else grants you permission to modify or\n"
+"distribute the Program or its derivative works.  These actions are\n"
+"prohibited by law if you do not accept this License.  Therefore, by\n"
+"modifying or distributing the Program (or any work based on the\n"
+"Program), you indicate your acceptance of this License to do so, and\n"
+"all its terms and conditions for copying, distributing or modifying\n"
+"the Program or works based on it.\n"
+"\n"
+"  6. Each time you redistribute the Program (or any work based on the\n"
+"Program), the recipient automatically receives a license from the\n"
+"original licensor to copy, distribute or modify the Program subject to\n"
+"these terms and conditions.  You may not impose any further\n"
+"restrictions on the recipients' exercise of the rights granted herein.\n"
+"You are not responsible for enforcing compliance by third parties to\n"
+"this License.\n"
+"\n"
+"  7. If, as a consequence of a court judgment or allegation of patent\n"
+"infringement or for any other reason (not limited to patent issues),\n"
+"conditions are imposed on you (whether by court order, agreement or\n"
+"otherwise) that contradict the conditions of this License, they do not\n"
+"excuse you from the conditions of this License.  If you cannot\n"
+"distribute so as to satisfy simultaneously your obligations under this\n"
+"License and any other pertinent obligations, then as a consequence you\n"
+"may not distribute the Program at all.  For example, if a patent\n"
+"license would not permit royalty-free redistribution of the Program by\n"
+"all those who receive copies directly or indirectly through you, then\n"
+"the only way you could satisfy both it and this License would be to\n"
+"refrain entirely from distribution of the Program.\n"
+"\n"
+"If any portion of this section is held invalid or unenforceable under\n"
+"any particular circumstance, the balance of the section is intended to\n"
+"apply and the section as a whole is intended to apply in other\n"
+"circumstances.\n"
+"\n"
+"It is not the purpose of this section to induce you to infringe any\n"
+"patents or other property right claims or to contest validity of any\n"
+"such claims; this section has the sole purpose of protecting the\n"
+"integrity of the free software distribution system, which is\n"
+"implemented by public license practices.  Many people have made\n"
+"generous contributions to the wide range of software distributed\n"
+"through that system in reliance on consistent application of that\n"
+"system; it is up to the author/donor to decide if he or she is willing\n"
+"to distribute software through any other system and a licensee cannot\n"
+"impose that choice.\n"
+"\n"
+"This section is intended to make thoroughly clear what is believed to\n"
+"be a consequence of the rest of this License.\n"
+"\n"
+"  8. If the distribution and/or use of the Program is restricted in\n"
+"certain countries either by patents or by copyrighted interfaces, the\n"
+"original copyright holder who places the Program under this License\n"
+"may add an explicit geographical distribution limitation excluding\n"
+"those countries, so that distribution is permitted only in or among\n"
+"countries not thus excluded.  In such case, this License incorporates\n"
+"the limitation as if written in the body of this License.\n"
+"\n"
+"  9. The Free Software Foundation may publish revised and/or new versions\n"
+"of the General Public License from time to time.  Such new versions will\n"
+"be similar in spirit to the present version, but may differ in detail to\n"
+"address new problems or concerns.\n"
+"\n"
+"Each version is given a distinguishing version number.  If the Program\n"
+"specifies a version number of this License which applies to it and \"any\n"
+"later version\", you have the option of following the terms and conditions\n"
+"either of that version or of any later version published by the Free\n"
+"Software Foundation.  If the Program does not specify a version number of\n"
+"this License, you may choose any version ever published by the Free Software\n"
+"Foundation.\n"
+"\n"
+"  10. If you wish to incorporate parts of the Program into other free\n"
+"programs whose distribution conditions are different, write to the author\n"
+"to ask for permission.  For software which is copyrighted by the Free\n"
+"Software Foundation, write to the Free Software Foundation; we sometimes\n"
+"make exceptions for this.  Our decision will be guided by the two goals\n"
+"of preserving the free status of all derivatives of our free software and\n"
+"of promoting the sharing and reuse of software generally.\n"
+"\n"
+"			    NO WARRANTY\n"
+"\n"
+"  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY\n"
+"FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN\n"
+"OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES\n"
+"PROVIDE THE PROGRAM \"AS IS\" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED\n"
+"OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF\n"
+"MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS\n"
+"TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE\n"
+"PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,\n"
+"REPAIR OR CORRECTION.\n"
+"\n"
+"  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING\n"
+"WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR\n"
+"REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,\n"
+"INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING\n"
+"OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED\n"
+"TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY\n"
+"YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER\n"
+"PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE\n"
+"POSSIBILITY OF SUCH DAMAGES.\n"
+"\n"
+"		     END OF TERMS AND CONDITIONS\n"
+"\n"
+"	Appendix: How to Apply These Terms to Your New Programs\n"
+"\n"
+"  If you develop a new program, and you want it to be of the greatest\n"
+"possible use to the public, the best way to achieve this is to make it\n"
+"free software which everyone can redistribute and change under these terms.\n"
+"\n"
+"  To do so, attach the following notices to the program.  It is safest\n"
+"to attach them to the start of each source file to most effectively\n"
+"convey the exclusion of warranty; and each file should have at least\n"
+"the \"copyright\" line and a pointer to where the full notice is found.\n"
+"\n"
+"    <one line to give the program's name and a brief idea of what it does.>\n"
+"    Copyright (C) 19yy  <name of author>\n"
+"\n"
+"    This program is free software; you can redistribute it and/or modify\n"
+"    it under the terms of the GNU General Public License as published by\n"
+"    the Free Software Foundation; either version 2 of the License, or\n"
+"    (at your option) any later version.\n"
+"\n"
+"    This program is distributed in the hope that it will be useful,\n"
+"    but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
+"    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n"
+"    GNU General Public License for more details.\n"
+"\n"
+"    You should have received a copy of the GNU General Public License\n"
+"    along with this program; if not, write to the Free Software\n"
+"    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.\n"
+"\n"
+"Also add information on how to contact you by electronic and paper mail.\n"
+"\n"
+"If the program is interactive, make it output a short notice like this\n"
+"when it starts in an interactive mode:\n"
+"\n"
+"    Gnomovision version 69, Copyright (C) 19yy name of author\n"
+"    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.\n"
+"    This is free software, and you are welcome to redistribute it\n"
+"    under certain conditions; type `show c' for details.\n"
+"\n"
+"The hypothetical commands `show w' and `show c' should show the appropriate\n"
+"parts of the General Public License.  Of course, the commands you use may\n"
+"be called something other than `show w' and `show c'; they could even be\n"
+"mouse-clicks or menu items--whatever suits your program.\n"
+"\n"
+"You should also get your employer (if you work as a programmer) or your\n"
+"school, if any, to sign a \"copyright disclaimer\" for the program, if\n"
+"necessary.  Here is a sample; alter the names:\n"
+"\n"
+"  Yoyodyne, Inc., hereby disclaims all copyright interest in the program\n"
+"  `Gnomovision' (which makes passes at compilers) written by James Hacker.\n"
+"\n"
+"  <signature of Ty Coon>, 1 April 1989\n"
+"  Ty Coon, President of Vice\n"
+"\n"
+"This General Public License does not permit incorporating your program into\n"
+"proprietary programs.  If your program is a subroutine library, you may\n"
+"consider it more useful to permit linking proprietary applications with the\n"
+"library.  If this is what you want to do, use the GNU Library General\n"
+"Public License instead of this License.\n"
+;
+
+	char top[] =
+"\n"
+"x11vnc: a VNC server for X displays.  %s\n"
+"\n"
+"Copyright (c) 2002-2006 Karl J. Runge <runge@karlrunge.com>\n"
+"All rights reserved.\n"
+"\n"
+;
+	dup2(1, 2);
+	fprintf(stderr, top, lastmod);
+	fprintf(stderr, "%s", license);
+#endif
+	exit(1);
+}
 

x11vnc/help.h

@@ -4,6 +4,7 @@
 /* -- help.h -- */
 
 extern void print_help(int mode);
+extern void print_license(void);
 extern void xopen_display_fail_message(char *disp);
 extern void nopassword_warning_msg(int gotloc);
 

x11vnc/inet.c

 /* -- inet.c -- */
 
 #include "x11vnc.h"
+#include "unixpw.h"
+#include "sslhelper.h"
 
 /*
  * Simple utility to map host name to dotted IP address.  Ignores aliases.
@@ -22,7 +24,6 @@ int have_ssh_env(void);
 static int get_port(int sock, int remote);
 static char *get_host(int sock, int remote);
 
-
 char *host2ip(char *host) {
 	struct hostent *hp;
 	struct sockaddr_in addr;
@@ -291,7 +292,11 @@ char *ident_username(rfbClientPtr client) {
 	if (!strcmp(user, "unknown-user") && cd && cd->unixname[0] != '\0') {
 		user = cd->unixname;
 	}
+	if (unixpw && openssl_last_ip && strstr("UNIX:", user) != user) {
+		newhost = ip2host(openssl_last_ip);
+	} else {
 		newhost = ip2host(client->host);
+	}
 	len = strlen(user) + 1 + strlen(newhost) + 1;
 	str = (char *) malloc(len);
 	sprintf(str, "%s@%s", user, newhost);

x11vnc/pointer.c

@@ -617,7 +617,7 @@ void pointer(int mask, int x, int y, rfbClientPtr client) {
 		last_x = x;
 		last_y = y;
 	}
-	if (mask >= 0 && unixpw && unixpw_in_progress) {
+	if (unixpw && unixpw_in_progress) {
 		return;
 	}
 

x11vnc/remote.c

@@ -23,6 +23,7 @@
 #include "userinput.h"
 #include "keyboard.h"
 #include "selection.h"
+#include "unixpw.h"
 
 int send_remote_cmd(char *cmd, int query, int wait);
 int do_remote_query(char *remote_cmd, char *query_cmd, int remote_sync,
@@ -633,6 +634,10 @@ char *process_remote_cmd(char *cmd, int stringonly) {
 		rfbLog("remote commands disabled: %s\n", cmd);
 		return NULL;
 	}
+	if (unixpw_in_progress) {
+		rfbLog("skip remote command: %s unixpw_in_progress.\n", cmd);
+		return NULL;
+	}
 
 	if (!query_default && priv_remote) {
 		if (! remote_control_access_ok()) {

x11vnc/scan.c

@@ -1294,6 +1294,8 @@ static int copy_tiles(int tx, int ty, int nt) {
 
 	char *src, *dst, *s_src, *s_dst, *m_src, *m_dst;
 	char *h_src, *h_dst;
+	if (unixpw_in_progress) return 0;
+
 	if (! first_line) {
 		/* allocate arrays first time in. */
 		int n = ntiles_x + 1;
@@ -1626,6 +1628,8 @@ static int copy_all_tiles(void) {
 	int x, y, n, m;
 	int diffs = 0, ct;
 
+	if (unixpw_in_progress) return 0;
+
 	for (y=0; y < ntiles_y; y++) {
 		for (x=0; x < ntiles_x; x++) {
 			n = x + y * ntiles_x;
@@ -1672,6 +1676,8 @@ static int copy_all_tile_runs(void) {
 	int in_run = 0, run = 0;
 	int ntave = 0, ntcnt = 0;
 
+	if (unixpw_in_progress) return 0;
+
 	for (y=0; y < ntiles_y; y++) {
 		for (x=0; x < ntiles_x + 1; x++) {
 			n = x + y * ntiles_x;
@@ -1742,6 +1748,8 @@ static int copy_tiles_backward_pass(void) {
 	int x, y, n, m;
 	int diffs = 0, ct;
 
+	if (unixpw_in_progress) return 0;
+
 	for (y = ntiles_y - 1; y >= 0; y--) {
 	    for (x = ntiles_x - 1; x >= 0; x--) {
 		n = x + y * ntiles_x;		/* number of this tile */
@@ -1783,6 +1791,8 @@ static int copy_tiles_additional_pass(void) {
 	int x, y, n;
 	int diffs = 0, ct;
 
+	if (unixpw_in_progress) return 0;
+
 	for (y=0; y < ntiles_y; y++) {
 		for (x=0; x < ntiles_x; x++) {
 			n = x + y * ntiles_x;		/* number of this tile */
@@ -1974,6 +1984,7 @@ int copy_screen(void) {
 	if (! fs_factor) {
 		return 0;
 	}
+
 	if (unixpw_in_progress) return 0;
 
 	block_size = (dpy_x * (dpy_y/fs_factor) * pixelsize);
@@ -2686,6 +2697,9 @@ int scan_for_updates(int count_only) {
 		 */
 		old_copy_tile = 0;
 	}
+
+	if (unixpw_in_progress) return 0;
+
 	if (old_copy_tile) {
 		tile_diffs = copy_all_tiles();
 	} else {

x11vnc/sslhelper.c

@@ -31,6 +31,7 @@ int openssl_sock = -1;
 int openssl_port_num = 0;
 int https_sock = -1;
 pid_t openssl_last_helper_pid = 0;
+char *openssl_last_ip = NULL;
 
 void raw_xfer(int csock, int s_in, int s_out);
 
@@ -1030,7 +1031,6 @@ if (db) fprintf(stderr, "waitpid(%d) 2\n", helpers[i]);
 	}
 }
 
-/* AUDIT */
 static int is_ssl_readable(int s_in, time_t last_https, char *last_get,
     int mode) {
 	int nfd, db = 0;
@@ -1063,7 +1063,7 @@ static int is_ssl_readable(int s_in, time_t last_https, char *last_get,
 	 */
 	if (time(NULL) < last_https + 30) {
 		tv.tv_sec  = 8;
-		if (strstr(last_get, "VncViewer")) {
+		if (last_get && strstr(last_get, "VncViewer")) {
 			tv.tv_sec  = 4;
 		}
 	}
@@ -1099,6 +1099,9 @@ static int watch_for_http_traffic(char *buf_a, int *n_a) {
 	if (getenv("ACCEPT_OPENSSL_DEBUG")) {
 		db = atoi(getenv("ACCEPT_OPENSSL_DEBUG"));
 	}
+	if (! buf_a || ! n_a) {
+		return 0;
+	}
 
 	buf = (char *) calloc((ABSIZE+1), 1);
 	*n_a = 0;
@@ -1137,7 +1140,9 @@ static int watch_for_http_traffic(char *buf_a, int *n_a) {
 	if (n2 >= 0) {
 		n += n2;
 	}
+
 	*n_a = n;
+
 	if (db) fprintf(stderr, "watch_for_http_traffic readmore: %d\n", n2);
 
 	if (n > 0) {
@@ -1180,6 +1185,7 @@ static int wait_conn(int sock) {
 
 int proxy_hack(int vncsock, int listen, int s_in, int s_out, char *cookie,
     int mode) {
+	int sock1, db = 0;
 	char reply[] = "HTTP/1.1 200 OK\r\n"
 	    "Content-Type: octet-stream\r\n"
 	    "Pragma: no-cache\r\n\r\n";
@@ -1187,7 +1193,6 @@ int proxy_hack(int vncsock, int listen, int s_in, int s_out, char *cookie,
 	    "Content-Type: octet-stream\r\n"
 	    "Content-Length: 9\r\n"
 	    "Pragma: no-cache\r\n\r\nGO_AHEAD\n";
-	int sock1, db = 0;
 
 	rfbLog("SSL: accept_openssl: detected https proxied connection"
 	    " request.\n");
@@ -1208,20 +1213,24 @@ int proxy_hack(int vncsock, int listen, int s_in, int s_out, char *cookie,
 	} else if (mode == OPENSSL_HTTPS) {
 		listen = https_sock;
 	} else {
+		/* inetd */
 		return 0;
 	}
+
 	sock1 = wait_conn(listen);
 
 	if (csock_timeout_sock < 0 || sock1 < 0) {
 		close(sock1);
 		return 0;
 	}
+
 if (db) fprintf(stderr, "got applet input sock1: %d\n", sock1);
 
 	if (! ssl_init(sock1, sock1)) {
 if (db) fprintf(stderr, "ssl_init FAILED\n");
 		exit(1);
 	}
+
 	SSL_write(ssl, reply, strlen(reply));
 
 	{
@@ -1241,21 +1250,23 @@ if (db) fprintf(stderr, "buf: '%s'\n", buf);
 		}
 	}
 
+	if (cookie) {
 		write(vncsock, cookie, strlen(cookie));
+	}
 	ssl_xfer(vncsock, sock1, sock1, 0);
 
 	return 1;
 }
 
 void accept_openssl(int mode) {
-	int sock = -1, cport, csock, vsock, listen = -1;	
+	int sock = -1, listen = -1, cport, csock, vsock;	
 	int status, n, i, db = 0;
 	struct sockaddr_in addr;
 	socklen_t addrlen = sizeof(addr);
-	char cookie[128], rcookie[128], *name;
 	rfbClientPtr client;
 	pid_t pid;
 	char uniq[] = "__evilrats__";
+	char cookie[128], rcookie[128], *name = NULL;
 	static time_t last_https = 0;
 	static char last_get[128];
 	static int first = 1;
@@ -1280,26 +1291,35 @@ void accept_openssl(int mode) {
 	if (mode == OPENSSL_INETD) {
 		ssl_initialized = 1;
 
-	} else if (mode == OPENSSL_VNC && openssl_sock >= 0) {
+	} else if (mode == OPENSSL_VNC) {
 		sock = accept(openssl_sock, (struct sockaddr *)&addr, &addrlen);
-		listen = openssl_sock;
 		if (sock < 0)  {
 			rfbLog("SSL: accept_openssl: accept connection failed\n");
 			rfbLogPerror("accept");
 			return;
 		}
+		listen = openssl_sock;
 
-	} else if (mode == OPENSSL_HTTPS && https_sock >= 0) {
+	} else if (mode == OPENSSL_HTTPS) {
 		sock = accept(https_sock, (struct sockaddr *)&addr, &addrlen);
-		listen = https_sock;
 		if (sock < 0)  {
 			rfbLog("SSL: accept_openssl: accept connection failed\n");
 			rfbLogPerror("accept");
 			return;
 		}
+		listen = https_sock;
 	}
 	if (db) fprintf(stderr, "SSL: accept_openssl: sock: %d\n", sock);
 
+	if (openssl_last_ip) {
+		free(openssl_last_ip);
+		openssl_last_ip = NULL;
+	}
+	if (mode == OPENSSL_INETD) {
+		openssl_last_ip = get_remote_host(fileno(stdin));
+	} else {
+		openssl_last_ip = get_remote_host(sock);
+	}
 
 	/* now make a listening socket for child to connect back to us by: */
 
@@ -1339,11 +1359,23 @@ void accept_openssl(int mode) {
 	if (mode != OPENSSL_INETD) {
 		name = get_remote_host(sock);
 	} else {
-		name = strdup("inetd-connection");
+		openssl_last_ip = get_remote_host(fileno(stdin));
+		if (openssl_last_ip) {
+			name = strdup(openssl_last_ip);
+		} else {
+			name = strdup("unknown");
+		}
 	}
 	if (name) {
-		rfbLog("SSL: spawning helper process to handle: %s\n", name);
+		if (mode == OPENSSL_INETD) {
+			rfbLog("SSL: (inetd) spawning helper process "
+			    "to handle: %s\n", name);
+		} else {
+			rfbLog("SSL: spawning helper process to handle: "
+			    "%s\n", name);
+		}
 		free(name);
+		name = NULL;
 	}
 
 	/* now fork the child to handle the SSL: */
@@ -1361,7 +1393,7 @@ void accept_openssl(int mode) {
 
 	} else if (pid == 0) {
 		int s_in, s_out, httpsock = -1;
-		int vncsock, sslsock = sock;
+		int vncsock;
 		int i, have_httpd = 0;
 		int f_in  = fileno(stdin);
 		int f_out = fileno(stdout);
@@ -1376,7 +1408,7 @@ void accept_openssl(int mode) {
 					continue;
 				}
 			}
-			if (i == sslsock) {
+			if (i == sock) {
 				continue;
 			}
 			if (i == 2) {
@@ -1400,7 +1432,6 @@ void accept_openssl(int mode) {
 		if (vncsock < 0) {
 			rfbLog("SSL: ssl_helper[%d]: could not connect"
 			    " back to: %d\n", getpid(), cport);
-			close(vncsock);
 			exit(1);
 		}
 
@@ -1424,6 +1455,10 @@ void accept_openssl(int mode) {
 		 * SSL socket.
 		 */
 
+		if (! screen) {
+			close(vncsock);
+			exit(1);
+		}
 		if (screen->httpListenSock >= 0 && screen->httpPort > 0) {
 			have_httpd = 1;
 		}
@@ -1470,6 +1505,7 @@ void accept_openssl(int mode) {
 			 */
 
 			if (db) fprintf(stderr, "watch_for_http_traffic\n");
+
 			is_http = watch_for_http_traffic(buf, &n);
 
 			if (is_http < 0 || is_http == 0) {
@@ -1484,7 +1520,9 @@ void accept_openssl(int mode) {
 				}
 				goto wrote_cookie;
 			}
-			if (db) fprintf(stderr, "is_http: %d n: %d\n", is_http, n);
+
+			if (db) fprintf(stderr, "is_http: %d n: %d\n",
+			    is_http, n);
 			if (db) fprintf(stderr, "buf: '%s'\n", buf);
 
 			if (strstr(buf, "/request.https.vnc.connection")) {
@@ -1497,6 +1535,8 @@ void accept_openssl(int mode) {
 				 * instead of a direct SSL connection.
 				 */
 				rfbLog("Handling VNC request via https GET. [%d]\n", getpid());
+/* AUDIT */
+
 				if (strstr(buf, "/reverse.proxy")) {
 					char *buf;
 					int n, ptr;
@@ -1736,6 +1776,10 @@ if (db) fprintf(stderr, "iface: %s\n", iface);
 			inetd_client = client;
 			client->clientGoneHook = client_gone;
 		}
+		if (openssl_last_ip &&
+		    strpbrk(openssl_last_ip, "0123456789") == openssl_last_ip) {
+			client->host = strdup(openssl_last_ip);
+		}
 	} else {
 		rfbLog("SSL: accept_openssl: rfbNewClient failed.\n");
 		close(vsock);

x11vnc/sslhelper.h

@@ -12,6 +12,7 @@ extern int openssl_sock;
 extern int openssl_port_num;
 extern int https_sock;
 extern pid_t openssl_last_helper_pid;
+extern char *openssl_last_ip;
 
 extern void raw_xfer(int csock, int s_in, int s_out);
 

x11vnc/unixpw.c

@@ -5,6 +5,7 @@
 extern int grantpt(int);
 extern int unlockpt(int);
 extern char *ptsname(int);
+/* XXX remove need for this */
 extern char *crypt(const char*, const char *);
 #endif
 
@@ -14,6 +15,8 @@ extern char *crypt(const char*, const char *);
 #include "xinerama.h"
 #include "connections.h"
 #include "user.h"
+#include "connections.h"
+#include "cursor.h"
 #include <rfb/default8x16.h>
 
 #if LIBVNCSERVER_HAVE_FORK
@@ -25,6 +28,9 @@ extern char *crypt(const char*, const char *);
 #if LIBVNCSERVER_HAVE_PWD_H && LIBVNCSERVER_HAVE_GETPWNAM
 #if LIBVNCSERVER_HAVE_CRYPT || LIBVNCSERVER_HAVE_LIBCRYPT
 #define UNIXPW_CRYPT
+#if LIBVNCSERVER_HAVE_GETSPNAM
+#include <shadow.h>
+#endif
 #endif
 #endif
 
@@ -65,6 +71,7 @@ static void set_db(void);
 static void unixpw_verify(char *user, char *pass);
 
 int unixpw_in_progress = 0;
+int unixpw_in_rfbPE = 0;
 int unixpw_login_viewonly = 0;
 time_t unixpw_last_try_time = 0;
 rfbClientPtr unixpw_client = NULL;
@@ -143,6 +150,8 @@ void unixpw_screen(int init) {
 		char_y = y;
 		char_col = strlen(log);
 		char_row = 0;
+
+		set_warrow_cursor();
 	}
 
 	if (scaling) {
@@ -347,11 +356,32 @@ int crypt_verify(char *user, char *pass) {
 		return 0;
 	}
 
+	if (db > 1) fprintf(stderr, "realpw='%s'\n", realpw);
+
+	if (strlen(realpw) < 10) {
+		/* e.g. "x", try getspnam(), sometimes root for inetd, etc */
+#if LIBVNCSERVER_HAVE_GETSPNAM
+		struct spwd *sp = getspnam(user);
+		if (sp != NULL && sp->sp_pwdp != NULL) {
+			if (db) fprintf(stderr, "using getspnam()\n");
+			realpw = sp->sp_pwdp;
+		} else {
+			if (db) fprintf(stderr, "skipping getspnam()\n");
+		}
+#endif
+	}
+
 	n = strlen(pass);
 	if (pass[n-1] == '\n') {
 		pass[n-1] = '\0';
 	}
+
+	/* XXX remove need for cast */
 	cr = (char *) crypt(pass, realpw);
+	if (db > 1) {
+		fprintf(stderr, "user='%s' pass='%s' realpw='%s' cr='%s'\n",
+		    user, pass, realpw, cr ? cr : "(null)");
+	}
 	if (cr == NULL) {
 		return 0;
 	}
@@ -793,6 +823,7 @@ static void unixpw_verify(char *user, char *pass) {
 	char li[] = "Login incorrect";
 	char log[] = "login: ";
 	char *colon = NULL;
+	ClientData *cd = NULL;
 
 if (db) fprintf(stderr, "unixpw_verify: '%s' '%s'\n", user, db > 1 ? pass : "********");
 	rfbLog("unixpw_verify: %s\n", user);
@@ -802,10 +833,23 @@ if (db) fprintf(stderr, "unixpw_verify: '%s' '%s'\n", user, db > 1 ? pass : "***
 		*colon = '\0';
 		rfbLog("unixpw_verify: colon: %s\n", user);
 	}
-
+	if (unixpw_client) {
+		cd = (ClientData *) unixpw_client->clientData;
+		if (cd) {
+			char *str = (char *)malloc(strlen("UNIX:") +
+			    strlen(user) + 1);
+			sprintf(str, "UNIX:%s", user);	
+			if (cd->username) {
+				free(cd->username);
+			}
+			cd->username = str;
+		}
+	}
 
 	if (unixpw_nis) {
 		if (crypt_verify(user, pass)) {
+			rfbLog("unixpw_verify: crypt_verify login for '%s'"
+			    " succeeded.\n", user);
 			unixpw_accept(user);
 			if (keep_unixpw) {
 				keep_unixpw_user = strdup(user);
@@ -818,12 +862,14 @@ if (db) fprintf(stderr, "unixpw_verify: '%s' '%s'\n", user, db > 1 ? pass : "***
 			}
 			if (colon) *colon = ':';
 			return;
-		} else {
-			rfbLog("unixpw_verify: crypt_verify login for %s failed.\n", user);
-			usleep(3000*1000);
 		}
+		rfbLog("unixpw_verify: crypt_verify login for '%s' failed.\n",
+		    user);
+		usleep(3000*1000);
 	} else {
 		if (su_verify(user, pass, NULL, NULL, NULL)) {
+			rfbLog("unixpw_verify: su_verify login for '%s'"
+			    " succeeded.\n", user);
 			unixpw_accept(user);
 			if (keep_unixpw) {
 				keep_unixpw_user = strdup(user);
@@ -837,7 +883,8 @@ if (db) fprintf(stderr, "unixpw_verify: '%s' '%s'\n", user, db > 1 ? pass : "***
 			if (colon) *colon = ':';
 			return;
 		}
-		rfbLog("unixpw_verify: su_verify login for %s failed.\n", user);
+		rfbLog("unixpw_verify: su_verify login for '%s' failed.\n",
+		    user);
 	}
 	if (colon) *colon = ':';
 
@@ -1142,6 +1189,17 @@ static void apply_opts (char *user) {
 void unixpw_accept(char *user) {
 	apply_opts(user);
 
+	if (accept_cmd && strstr(accept_cmd, "popup") == accept_cmd) {
+		if (use_dpy && strstr(use_dpy, "WAIT:") == use_dpy &&
+		    dpy == NULL) {
+			/* handled in main() */
+			unixpw_client->onHold = TRUE;
+		} else if (! accept_client(unixpw_client)) {
+			unixpw_deny();
+			return;
+		}
+	}
+
 	if (started_as_root == 1 && users_list
 	    && strstr(users_list, "unixpw=") == users_list) {
 		if (getuid() && geteuid()) {

x11vnc/unixpw.h

@@ -12,6 +12,7 @@ extern int su_verify(char *user, char *pass, char *cmd, char *rbuf, int *rbuf_si
 extern int crypt_verify(char *user, char *pass);
 
 extern int unixpw_in_progress;
+extern int unixpw_in_rfbPE;
 extern int unixpw_login_viewonly;
 extern time_t unixpw_last_try_time;
 extern rfbClientPtr unixpw_client;

x11vnc/user.c

@@ -1038,8 +1038,8 @@ void user_supplied_opts(char *opts) {
 	char *p, *str;
 	char *allow[] = {
 		"skip-display", "skip-auth", "skip-shared",
-		"scale", "scale_cursor", "solid", "id", "clear_mods",
-		"clear_keys", "repeat", "speeds",
+		"scale", "scale_cursor", "sc", "solid", "id",
+		"clear_mods", "cm", "clear_keys", "ck", "repeat", "speeds",
 		NULL
 	};
 
@@ -1067,7 +1067,8 @@ void user_supplied_opts(char *opts) {
 			i++;
 		}
 
-		if (! ok && sscanf(p, "%d/%d", &n, &m) == 2) {
+		if (! ok && strpbrk(p, "0123456789") == p &&
+		    sscanf(p, "%d/%d", &n, &m) == 2) {
 			if (scale_str) free(scale_str);
 			scale_str = strdup(p);
 		} else if (ok) {
@@ -1077,6 +1078,8 @@ void user_supplied_opts(char *opts) {
 			} else if (strstr(p, "auth=") == p) {
 				if (auth_file) free(auth_file);
 				auth_file = strdup(p + strlen("auth="));
+			} else if (!strcmp(p, "shared")) {
+				shared = 1;
 			} else if (strstr(p, "scale=") == p) {
 				if (scale_str) free(scale_str);
 				scale_str = strdup(p + strlen("scale="));
@@ -1084,8 +1087,9 @@ void user_supplied_opts(char *opts) {
 				if (scale_cursor_str) free(scale_cursor_str);
 				scale_cursor_str = strdup(p +
 				    strlen("scale_cursor="));
-			} else if (!strcmp(p, "shared")) {
-				shared = 1;
+			} else if (strstr(p, "sc=") == p) {
+				if (scale_cursor_str) free(scale_cursor_str);
+				scale_cursor_str = strdup(p + strlen("sc="));
 			} else if (!strcmp(p, "solid")) {
 				use_solid_bg = 1;
 				if (!solid_str) {
@@ -1103,9 +1107,11 @@ void user_supplied_opts(char *opts) {
 						subwin = win;
 					}
 				}
-			} else if (!strcmp(p, "clear_mods")) {
+			} else if (!strcmp(p, "clear_mods") ||
+			    !strcmp(p, "cm")) {
 				clear_mods = 1;
-			} else if (!strcmp(p, "clear_keys")) {
+			} else if (!strcmp(p, "clear_keys") ||
+			    !strcmp(p, "ck")) {
 				clear_mods = 2;
 			} else if (!strcmp(p, "repeat")) {
 				no_autorepeat = 0;
@@ -1296,12 +1302,18 @@ int wait_for_client(int *argc, char** argv, int http) {
 			rfbLog("unixpw but no unixpw_in_progress\n");
 			clean_up_exit(1);
 		}
+		if (unixpw_client && unixpw_client->onHold) {
+			rfbLog("taking unixpw_client off hold.\n");
+			unixpw_client->onHold = FALSE;
+		}
 		while (1) {
 			if (shut_down) {
 				clean_up_exit(0);
 			}
 			if (! use_threads) {
+				unixpw_in_rfbPE = 1;
 				rfbPE(-1);
+				unixpw_in_rfbPE = 0;
 			}
 			if (unixpw_in_progress) {
 				usleep(20 * 1000);

x11vnc/userinput.c

@@ -2145,6 +2145,8 @@ static int check_xrecord_keys(void) {
 
 	RAWFB_RET(0)
 
+	if (unixpw_in_progress) return 0;
+
 	set_repeat_in = set_repeat;
 	set_repeat = 0.0;
 
@@ -3303,6 +3305,7 @@ int check_wireframe(void) {
 	RAWFB_RET(0)
 
 	if (unixpw_in_progress) return 0;
+
 	if (nofb) {
 		return 0;
 	}

x11vnc/util.c

@@ -3,6 +3,7 @@
 #include "x11vnc.h"
 #include "cleanup.h"
 #include "win_utils.h"
+#include "unixpw.h"
 
 struct timeval _mysleep;
 
@@ -407,9 +408,14 @@ double rfac(void) {
  */
 #define USEC_MAX 999999		/* libvncsever assumes < 1 second */
 void rfbPE(long usec) {
+	int uip0 = unixpw_in_progress;
 	if (! screen) {
 		return;
 	}
+ 	if (unixpw && unixpw_in_progress && !unixpw_in_rfbPE) {
+		rfbLog("unixpw_in_rfbPE: skipping rfbPE\n");
+ 		return;
+ 	}
 
 	if (usec > USEC_MAX) {
 		usec = USEC_MAX;
@@ -417,18 +423,38 @@ void rfbPE(long usec) {
 	if (! use_threads) {
 		rfbProcessEvents(screen, usec);
 	}
+
+ 	if (unixpw && unixpw_in_progress && !uip0) {
+		if (!unixpw_in_rfbPE) {
+			rfbLog("rfbPE: got new client in non-rfbPE\n");
+			;	/* this is new unixpw client  */
+		}
+ 	}
 }
 
 void rfbCFD(long usec) {
+	int uip0 = unixpw_in_progress;
 	if (! screen) {
 		return;
 	}
+ 	if (unixpw && unixpw_in_progress && !unixpw_in_rfbPE) {
+		rfbLog("unixpw_in_rfbPE: skipping rfbCFD\n");
+ 		return;
+ 	}
 	if (usec > USEC_MAX) {
 		usec = USEC_MAX;
 	}
+
 	if (! use_threads) {
 		rfbCheckFds(screen, usec);
 	}
+
+ 	if (unixpw && unixpw_in_progress && !uip0) {
+		if (!unixpw_in_rfbPE) {
+			rfbLog("rfbCFD: got new client in non-rfbPE\n");
+			;	/* this is new unixpw client  */
+		}
+ 	}
 }
 
 double rect_overlap(int x1, int y1, int x2, int y2, int X1, int Y1,

x11vnc/x11vnc.1

 .\" This file was automatically generated from x11vnc -help output.
-.TH X11VNC "1" "June 2006" "x11vnc " "User Commands"
+.TH X11VNC "1" "July 2006" "x11vnc " "User Commands"
 .SH NAME
 x11vnc - allow VNC connections to real X11 displays
-         version: 0.8.2, lastmod: 2006-06-23
+         version: 0.8.2, lastmod: 2006-07-04
 .SH SYNOPSIS
 .B x11vnc
 [OPTION]...
@@ -37,7 +37,7 @@ In brief:
 .PP
 % vncviewer -encodings 'copyrect tight zrle hextile' localhost:0
 .PP
-Also, use of a VNC password (-rfbauth or \fB-passwdfile)\fR is strongly recommend.
+Also, use of a VNC password (-rfbauth or \fB-passwdfile)\fR is strongly recommended.
 .PP
 For additional info see: http://www.karlrunge.com/x11vnc/
 and  http://www.karlrunge.com/x11vnc/#faq
@@ -231,11 +231,11 @@ speedup may be achieved via the option "nogetimage".
 This enables a scheme were XGetImage() is not used
 to retrieve the 8bpp data.  Instead, it assumes that
 the 8bpp data is in bits 25-32 of the 32bit X pixels.
-There is no reason the X server should put the data
-there for our poll requests, but some do and so the
-extra steps to retrieve it can be skipped.  Tested with
-mga driver with XFree86/Xorg.  For the default depth
-8 case this option is ignored.
+There is no requirement that the X server should put
+the data there for our poll requests, but some do and
+so the extra steps to retrieve it can be skipped.
+Tested with mga driver with XFree86/Xorg.  For the
+default depth 8 case this option is ignored.
 .IP
 To adjust how often XGetImage() is used to poll the
 non-default visual regions for changes, use the option
@@ -373,6 +373,11 @@ Also clients that log in viewonly cannot transfer files.
 However, if the remote control mechanism is used to
 change the global or per-client viewonly state the
 filetransfer permissions will NOT change.
+.IP
+Note, to *enable* UltraVNC filetransfer (currently
+disabled by default, this may change...) and to get it
+to work you probably need to supply these libvncserver
+options: "\fB-rfbversion\fR \fI3.6 \fB-permitfiletransfer\fR"\fR
 .PP
 \fB-http\fR
 .IP
@@ -437,7 +442,7 @@ out with the "#" character in the usual way.
 .PP
 \fB-localhost\fR
 .IP
-Same as "\fB-allow\fR \fI127.0.0.1\fR".
+Basically the same as "\fB-allow\fR \fI127.0.0.1\fR".
 .IP
 Note: if you want to restrict which network interface
 x11vnc listens on, see the \fB-listen\fR option below.
@@ -445,11 +450,11 @@ E.g. "\fB-listen\fR \fIlocalhost\fR" or "\fB-listen\fR \fI192.168.3.21\fR".
 As a special case, the option "\fB-localhost\fR" implies
 "\fB-listen\fR \fIlocalhost\fR".
 .IP
-For non-localhost \fB-listen\fR usage, if you use the remote
-control mechanism (-R) to change the \fB-listen\fR interface
-you may need to manually adjust the \fB-allow\fR list (and
-vice versa) to avoid situations where no connections
-(or too many) are allowed.
+A rare case, but for non-localhost \fB-listen\fR usage, if
+you use the remote control mechanism (-R) to change
+the \fB-listen\fR interface you may need to manually adjust
+the \fB-allow\fR list (and vice versa) to avoid situations
+where no connections (or too many) are allowed.
 .PP
 \fB-nolookup\fR
 .IP
@@ -519,7 +524,7 @@ removed after being read.  Perhaps this is useful in
 limiting the readability of the file.  In general,
 the password file should not be readable by untrusted
 users (BTW: neither should the VNC \fB-rfbauth\fR file:
-it is NOT encrypted).
+it is NOT encrypted, only obscured).
 .IP
 If the filename is prefixed with "read:" it will
 periodically be checked for changes and reread.
@@ -661,7 +666,7 @@ The user names in the comma separated [list] can have
 per-user options after a ":", e.g. "fred:opts"
 where "opts" is a "+" separated list of
 "viewonly", "fullaccess", "input=XXXX", or
-"deny", e.g. "karl,fred:viewonly,boss:input=M".
+"deny", e.g. "karl,wally:viewonly,boss:input=M".
 For "input=" it is the K,M,B,C described under \fB-input.\fR
 .IP
 If a user in the list is "*" that means those
@@ -696,8 +701,10 @@ mode to work (only that
 .IR getpwnam (3)
 return the encrypted
 password is required), but it is unlikely it will work
-for any other modern environment.  All of the \fB-unixpw\fR
-options and contraints apply.
+for any other modern environment unless x11vnc is run
+as root (which, btw, is often done when running x11vnc
+from inetd and xdm/gdm/kdm).  All of the \fB-unixpw\fR options
+and contraints apply.
 .PP
 \fB-display\fR \fIWAIT:...\fR
 .IP
@@ -726,17 +733,17 @@ output is taken as XAUTHORITY data.  It can be either
 of the form XAUTHORITY=<file> or raw xauthority data for
 the display (e.g. "xauth extract - $DISPLAY" output).
 .IP
-In the case of \fB-unixpw,\fR then the above command is run
-as the user who just authenticated via the login and
-password prompt.
+In the case of \fB-unixpw\fR (but not \fB-unixpw_nis),\fR then the
+above command is run as the user who just authenticated
+via the login and password prompt.
 .IP
 Also in the case of \fB-unixpw,\fR the user logging in can
 place a colon at the end of his username and supply
-a few options: scale=, scale_cursor=, solid, id=,
-clear_mods, clear_keys, repeat, or speeds= separated
-by commas if there is more than one.  After the user
-logs in successfully, these options will be applied to
-the VNC screen.  For example,
+a few options: scale=, scale_cursor= (or sc=), solid,
+id=, clear_mods (or cm), clear_keys (or ck), repeat, or
+speeds= separated by commas if there is more than one.
+After the user logs in successfully, these options will
+be applied to the VNC screen.  For example,
 .IP
 login: fred:scale=3/4,repeat
 Password: ...
@@ -760,17 +767,19 @@ A nice way to use WAIT:cmd=... is out of
 .IR inetd (8)
 (it automatically forks a new x11vnc for each user).
 You can have the x11vnc inetd spawned process run as,
-say, root or nobody.  When run as root (for either
-inetd or display manager), you can also supply the
-option "\fB-users\fR \fIunixpw=\fR" to have the x11vnc process
-switch to the user as well.  Note: there will be a 2nd
-SSL helper process that will not switch, but it is only
-encoding and decoding the stream at that point.
-.IP
-As a special case, WAIT:cmd=FINDDISPLAY will run
-a script that works on most Unixes to determine a
-user's DISPLAY variable and xauthority data.  To have
-this default script printed to stdout (e.g. for
+say, root or nobody.  When run as root (for either inetd
+or display manager), you can also supply the option
+"\fB-users\fR \fIunixpw=\fR" to have the x11vnc process switch to
+the user as well.  Note: there will be a 2nd SSL helper
+process that will not switch, but it is only encoding
+and decoding the encrypted stream at that point.
+.IP
+As a special case, WAIT:cmd=FINDDISPLAY will run a
+script that works on most Unixes to determine a user's
+DISPLAY variable and xauthority data (see 
+.IR who (1)
+).
+To have this default script printed to stdout (e.g. for
 customization) run with WAIT:cmd=FINDDISPLAY-print
 .IP
 As another special case, WAIT:cmd=HTTPONCE will allow
@@ -1399,6 +1408,15 @@ is used.  The popup will time out after 120 seconds,
 use "popup:N" to modify the timeout to N seconds
 (use 0 for no timeout).
 .IP
+In the case of "popup" and when the \fB-unixpw\fR option
+is specified, then a *second* window will be popped
+up after the user successfully logs in via his UNIX
+password.  This time the user will be identified as
+UNIX:username@hostname, the "UNIX:" prefix indicates
+which user the viewer logged as via \fB-unixpw.\fR  The first
+popup is only for whether to allow him to even *try*
+to login via unix password.
+.IP
 If \fIstring\fR is "xmessage" then an 
 .IR xmessage (1)
 invocation is used for the command.  xmessage must be
@@ -1690,6 +1708,11 @@ Print this help text.
 .IP
 Print program version and last modification date.
 .PP
+\fB-license\fR
+.IP
+Print out license information.  Same as \fB-copying\fR and
+\fB-warranty.\fR
+.PP
 \fB-dbg\fR
 .IP
 Instead of exiting after cleaning up, run a simple

x11vnc/x11vnc.c

@@ -407,6 +407,7 @@ static void watch_loop(void) {
 	}
 
 	while (1) {
+		char msg[] = "new client: %s taking unixpw client off hold.\n";
 
 		got_user_input = 0;
 		got_pointer_input = 0;
@@ -418,11 +419,36 @@ static void watch_loop(void) {
 		if (! use_threads) {
 			dtime0(&tm);
 			if (! skip_pe) {
+				if (unixpw && unixpw_in_progress) {
+					rfbClientPtr cl = unixpw_client;
+					if (cl && cl->onHold) {
+						rfbLog(msg, cl->host);
+						unixpw_client->onHold = FALSE;
+					}
+				} else {
 					measure_send_rates(1);
+				}
+
+				unixpw_in_rfbPE = 1;
+
 				rfbPE(-1);
+
+				unixpw_in_rfbPE = 0;
+
+				if (unixpw && unixpw_in_progress) {
+					/* rfbPE loop until logged in. */
+					skip_pe = 0;
+					continue;
+				} else {
 					measure_send_rates(0);
 					fb_update_sent(NULL);
 				}
+			} else {
+				if (unixpw && unixpw_in_progress) {
+					skip_pe = 0;
+					continue;
+				}
+			}
 			dtr = dtime(&tm);
 
 			if (! cursor_shape_updates) {
@@ -432,26 +458,27 @@ static void watch_loop(void) {
 			if (screen && screen->clientHead) {
 				int ret = check_user_input(dt, dtr,
 				    tile_diffs, &cnt);
-				/* true means loop back for more input */
+				/* true: loop back for more input */
 				if (ret == 2) {
 					skip_pe = 1;
 				}
 				if (ret) {
-if (debug_scroll) fprintf(stderr, "watch_loop: LOOP-BACK: %d\n", ret);
+					if (debug_scroll) fprintf(stderr, "watch_loop: LOOP-BACK: %d\n", ret);
 					continue;
 				}
 			}
-
 			/* watch for viewonly input piling up: */
-			if ((got_pointer_calls > got_pointer_input)
-			    || (got_keyboard_calls > got_keyboard_input)) {
+			if ((got_pointer_calls > got_pointer_input) ||
+			    (got_keyboard_calls > got_keyboard_input)) {
 				eat_viewonly_input(10, 3);
 			}
 		} else {
+#if 0
 			if (0 && use_xrecord) {
 				/* XXX not working */
 				check_xrecord();
 			}
+#endif
 			if (wireframe && button_mask) {
 				check_wireframe();
 			}
@@ -462,6 +489,8 @@ if (debug_scroll) fprintf(stderr, "watch_loop: LOOP-BACK: %d\n", ret);
 			clean_up_exit(0);
 		}
 
+		if (unixpw_in_progress) continue;
+
 		if (! urgent_update) {
 			if (do_copy_screen) {
 				do_copy_screen = 0;
@@ -540,6 +569,8 @@ if (debug_scroll) fprintf(stderr, "watch_loop: LOOP-BACK: %d\n", ret);
 			if (use_xdamage && last_dt > xdamage_thrash)  {
 				clear_xdamage_mark_region(NULL, 0);
 			}
+
+			if (unixpw_in_progress) continue;
 			dtime0(&tm);
 			if (use_snapfb) {
 				int t, tries = 3;
@@ -1823,6 +1854,9 @@ int main(int argc, char* argv[]) {
 		} else if (!strcmp(arg, "-V") || !strcmp(arg, "-version")) {
 			fprintf(stdout, "x11vnc: %s\n", lastmod);
 			exit(0);
+		} else if (!strcmp(arg, "-license") ||
+		    !strcmp(arg, "-copying") || !strcmp(arg, "-warranty")) {
+			print_license();
 		} else if (!strcmp(arg, "-dbg")) {
 			crash_debug = 1;
 		} else if (!strcmp(arg, "-nodbg")) {
@@ -2569,6 +2603,12 @@ int main(int argc, char* argv[]) {
 				}
 			}
 		}
+		if (use_threads) {
+			if (! quiet) {
+				rfbLog("disabling -threads under -unixpw\n");
+			}
+			use_threads = 0;
+		}
 	}
 	if (use_stunnel && ! got_localhost) {
 		if (! getenv("STUNNEL_DISABLE_LOCALHOST") &&
@@ -3203,6 +3243,31 @@ int main(int argc, char* argv[]) {
 		if (use_solid_bg && client_count) {
 			solid_bg(0);
 		}
+		if (accept_cmd && strstr(accept_cmd, "popup") == accept_cmd) {
+			rfbClientIteratorPtr iter;
+			rfbClientPtr cl, cl0 = NULL;
+			int i = 0;
+			iter = rfbGetClientIterator(screen);
+			while( (cl = rfbClientIteratorNext(iter)) ) {
+				i++;	
+				if (i != 1) {
+					rfbLog("WAIT popup: too many clients\n");
+					clean_up_exit(1);
+				}
+				cl0 = cl;
+			}
+			rfbReleaseClientIterator(iter);
+			if (i != 1 || cl0 == NULL) {
+				rfbLog("WAIT popup: no clients.\n");
+				clean_up_exit(1);
+			}
+			if (! accept_client(cl0)) {
+				rfbLog("WAIT popup: denied.\n");
+				clean_up_exit(1);
+			}
+			rfbLog("waited_for_client: popup accepted.\n");
+			cl0->onHold = FALSE;
+		}
 	}
 
 	if (! waited_for_client) {

x11vnc/x11vnc_defs.c

@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
 int xdamage_base_event_type = 0;
 
 /*               date +'lastmod: %Y-%m-%d' */
-char lastmod[] = "0.8.2 lastmod: 2006-06-23";
+char lastmod[] = "0.8.2 lastmod: 2006-07-04";
 
 /* X display info */
 

x11vnc/xevents.c

@@ -1089,7 +1089,10 @@ void xcut_receive(char *text, int len, rfbClientPtr cl) {
 
 	RAWFB_RET_VOID
 
-	if (unixpw_in_progress) return;
+	if (unixpw_in_progress) {
+		rfbLog("xcut_receive: unixpw_in_progress, skipping.\n");
+		return;
+	}
 
 	if (!watch_selection) {
 		return;