Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Contribute to GitLab
Sign in
Toggle navigation
L
libvncserver
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
rasky
libvncserver
Commits
a9a9c812
Commit
a9a9c812
authored
Mar 05, 2006
by
runge
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
x11vnc: -unixpw on *bsd, hpux and tru64. -unixpw_nis mode. stunnel and gui tweaks.
parent
b03a920c
Changes
20
Hide whitespace changes
Inline
Side-by-side
Showing
20 changed files
with
1314 additions
and
757 deletions
+1314
-757
configure.ac
configure.ac
+16
-1
ChangeLog
x11vnc/ChangeLog
+5
-0
README
x11vnc/README
+482
-439
connections.c
x11vnc/connections.c
+24
-7
gui.c
x11vnc/gui.c
+1
-1
help.c
x11vnc/help.c
+70
-52
inet.c
x11vnc/inet.c
+19
-4
options.c
x11vnc/options.c
+1
-0
options.h
x11vnc/options.h
+1
-0
remote.c
x11vnc/remote.c
+2
-0
sslcmds.c
x11vnc/sslcmds.c
+21
-0
sslcmds.h
x11vnc/sslcmds.h
+1
-0
tkx11vnc
x11vnc/tkx11vnc
+121
-39
tkx11vnc.h
x11vnc/tkx11vnc.h
+121
-39
unixpw.c
x11vnc/unixpw.c
+225
-99
unixpw.h
x11vnc/unixpw.h
+1
-0
x11vnc.1
x11vnc/x11vnc.1
+92
-59
x11vnc.c
x11vnc/x11vnc.c
+96
-16
x11vnc.h
x11vnc/x11vnc.h
+14
-0
x11vnc_defs.c
x11vnc/x11vnc_defs.c
+1
-1
No files found.
configure.ac
View file @
a9a9c812
...
...
@@ -175,6 +175,21 @@ if test "$X_CFLAGS" != "-DX_DISPLAY_MISSING"; then
esac
fi
# only x11vnc uses crypt()
AH_TEMPLATE(HAVE_LIBCRYPT, [libcrypt library present])
AC_ARG_WITH(crypt,
[ --without-crypt disable support for libcrypt],,)
if test "x$with_crypt" != "xno"; then
AC_CHECK_FUNCS([crypt], HAVE_LIBC_CRYPT="true")
if test -z "$HAVE_LIBC_CRYPT"; then
AC_CHECK_LIB(crypt, crypt,
X_PRELIBS="$X_PRELIBS -lcrypt"
[AC_DEFINE(HAVE_LIBCRYPT)], ,
$X_LIBS $X_PRELIBS -lcrypt $X_EXTRA_LIBS)
fi
fi
X_LIBS="$X_LIBS $X_PRELIBS -lX11 $X_EXTRA_LIBS"
fi
fi
...
...
@@ -345,7 +360,7 @@ AC_SUBST(WSOCKLIB)
# Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h sys/timeb.h syslog.h unistd.h pwd.h sys/wait.h utmpx.h termios.h sys/ioctl.h])
AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h sys/timeb.h syslog.h unistd.h pwd.h sys/wait.h utmpx.h termios.h sys/ioctl.h
sys/stropts.h
])
# Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
...
...
x11vnc/ChangeLog
View file @
a9a9c812
2006-03-04 Karl Runge <runge@karlrunge.com>
* x11vnc: -unixpw on *bsd, hpux and tru64. Add -unixpw_nis for
non-shadow systems. check stunnel dying. check SSH_CONNECTION
in -unixpw. gui icon tweaks, unix username.
2006-03-02 Karl Runge <runge@karlrunge.com>
* x11vnc: more tweaks to -unixpw mode. Add -gone popup mode.
Change filexfer via -R. Tune SMALL_FOOTPRINT. gui fixes.
...
...
x11vnc/README
View file @
a9a9c812
This source diff could not be displayed because it is too large. You can
view the blob
instead.
x11vnc/connections.c
View file @
a9a9c812
...
...
@@ -10,6 +10,7 @@
#include "rates.h"
#include "screen.h"
#include "unixpw.h"
#include "scan.h"
/*
* routines for handling incoming, outgoing, etc connections
...
...
@@ -78,7 +79,7 @@ int all_clients_initialized(void) {
char
*
list_clients
(
void
)
{
rfbClientIteratorPtr
iter
;
rfbClientPtr
cl
;
char
*
list
,
tmp
[
32
];
char
*
list
,
tmp
[
256
];
int
count
=
0
;
if
(
!
screen
)
{
...
...
@@ -93,12 +94,12 @@ char *list_clients(void) {
/*
* each client:
* <id>:<ip>:<port>:<user>:<
hostname>:<input>:<loginview
>,
* 8+1+
16+1+5+1+24+1+256+1+5+1+1
+1
* <id>:<ip>:<port>:<user>:<
unix>:<hostname>:<input>:<loginview>:<time
>,
* 8+1+
64+1+5+1+24+1+24+1+256+1+5+1+1+1+10
+1
* 123.123.123.123:60000/0x11111111-rw,
* so count+1 *
4
00 must cover it.
* so count+1 *
5
00 must cover it.
*/
list
=
(
char
*
)
malloc
((
count
+
1
)
*
4
00
);
list
=
(
char
*
)
malloc
((
count
+
1
)
*
5
00
);
list
[
0
]
=
'\0'
;
...
...
@@ -114,18 +115,27 @@ char *list_clients(void) {
strcat
(
list
,
":"
);
sprintf
(
tmp
,
"%d:"
,
cd
->
client_port
);
strcat
(
list
,
tmp
);
if
(
*
(
cd
->
username
)
==
'\0'
)
{
if
(
cd
->
username
[
0
]
==
'\0'
)
{
char
*
s
=
ident_username
(
cl
);
if
(
s
)
free
(
s
);
}
strcat
(
list
,
cd
->
username
);
strcat
(
list
,
":"
);
if
(
cd
->
unixname
[
0
]
==
'\0'
)
{
strcat
(
list
,
"none"
);
}
else
{
strcat
(
list
,
cd
->
unixname
);
}
strcat
(
list
,
":"
);
strcat
(
list
,
cd
->
hostname
);
strcat
(
list
,
":"
);
strcat
(
list
,
cd
->
input
);
strcat
(
list
,
":"
);
sprintf
(
tmp
,
"%d"
,
cd
->
login_viewonly
);
strcat
(
list
,
tmp
);
strcat
(
list
,
":"
);
sprintf
(
tmp
,
"%d"
,
(
int
)
cd
->
login_time
);
strcat
(
list
,
tmp
);
}
rfbReleaseClientIterator
(
iter
);
return
list
;
...
...
@@ -511,6 +521,10 @@ static void free_client_data(rfbClientPtr client) {
free
(
cd
->
username
);
cd
->
username
=
NULL
;
}
if
(
cd
->
unixname
)
{
free
(
cd
->
unixname
);
cd
->
unixname
=
NULL
;
}
}
free
(
client
->
clientData
);
client
->
clientData
=
NULL
;
...
...
@@ -828,6 +842,9 @@ static unsigned char t2x2_bits[] = {
sprintf
(
str_y
,
"OK"
);
sprop
=
"x11vnc client disconnected"
;
h
=
110
;
str1
=
""
;
str2
=
""
;
str3
=
""
;
}
else
if
(
!
strcmp
(
mode
,
"mouse_only"
))
{
str1
=
str1_m
;
str2
=
str2_m
;
...
...
@@ -1747,6 +1764,7 @@ enum rfbNewClientAction new_client(rfbClientPtr client) {
cd
->
server_ip
=
get_local_host
(
client
->
sock
);
cd
->
hostname
=
ip2host
(
client
->
host
);
cd
->
username
=
strdup
(
""
);
cd
->
unixname
=
strdup
(
""
);
cd
->
input
[
0
]
=
'-'
;
cd
->
login_viewonly
=
-
1
;
...
...
@@ -1947,7 +1965,6 @@ void check_new_clients(void) {
int
run_after_accept
=
0
;
if
(
unixpw_in_progress
)
{
int
present
=
0
;
if
(
time
(
0
)
>
unixpw_last_try_time
+
30
)
{
rfbLog
(
"unixpw_deny: timed out waiting for reply.
\n
"
);
unixpw_deny
();
...
...
x11vnc/gui.c
View file @
a9a9c812
...
...
@@ -14,7 +14,7 @@
#define XEMBED_VERSION 0
#define XEMBED_MAPPED (1 << 0)
int
icon_mode
=
0
;
/* hack for -gui tray */
int
icon_mode
=
0
;
/* hack for -gui tray
/icon
*/
char
*
icon_mode_file
=
NULL
;
FILE
*
icon_mode_fh
=
NULL
;
int
icon_mode_socks
[
ICON_MODE_SOCKS
];
...
...
x11vnc/help.c
View file @
a9a9c812
...
...
@@ -401,34 +401,38 @@ void print_help(int mode) {
" and last line be
\"
__BEGIN_VIEWONLY__
\"
to have 2
\n
"
" full-access passwords)
\n
"
"
\n
"
"-unixpw [list]
Experimental option: use Unix username and password
\n
"
"
authentication. x11vnc uses the su(1) program to verify
\n
"
"
the user's password. [list] is an optional comma
\n
"
"
separated list of allowed Unix usernames. See below
\n
"
"
for per-user options that
can be applied.
\n
"
"-unixpw [list]
Use Unix username and password authentication. x11vnc
\n
"
"
uses the su(1) program to verify the user's password.
\n
"
"
[list] is an optional comma separated list of allowed
\n
"
"
Unix usernames. See below for per-user options that
\n
"
" can be applied.
\n
"
"
\n
"
" A familiar
\"
login:
\"
and
\"
Password:
\"
dialog is
\n
"
" presented to the user on a black screen inside the
\n
"
" vncviewer. The connection is dropped if the user fails
\n
"
" to supply the correct password in 3 tries or does not
\n
"
" send one before a 2
0
second timeout. Existing clients
\n
"
" send one before a 2
5
second timeout. Existing clients
\n
"
" are view-only during this period.
\n
"
"
\n
"
" Since the detailed behavior of su(1) can vary from
\n
"
" OS to OS and for local configurations, please test
\n
"
" the mode carefully on your systems before using it.
\n
"
" Try different combinations of valid/invalid usernames
\n
"
" and passwords.
\n
"
" E.g. try different combinations of valid/invalid
\n
"
" usernames and valid/invalid passwords to see if it
\n
"
" behaves correctly. x11vnc will be conservative and
\n
"
" reject a user if anything abnormal occurs.
\n
"
"
\n
"
" For example, on FreeBSD and the other BSD's and Tru64
\n
"
" it does not appear to be possible for the user running
\n
"
" x11vnc to validate his *own* password via su(1).
\n
"
" The x11vnc login will always fail in this case.
\n
"
" A possible workaround would be to start x11vnc as
\n
"
" root with the
\"
-users +nobody
\"
option to immediately
\n
"
" switch to user nobody. Another source of problems are
\n
"
" PAM modules that prompt for extra info, e.g. password
\n
"
" aging modules. These logins will always fail as well.
\n
"
" For example, on FreeBSD and the other BSD's by default
\n
"
" it is impossible for the user running x11vnc to validate
\n
"
" his *own* password via su(1) (evidently commenting
\n
"
" out the pam_self.so entry in /etc/pam.d/su eliminates
\n
"
" the problem). So the x11vnc login will always fail for
\n
"
" this case. A possible workaround would be to start
\n
"
" x11vnc as root with the
\"
-users +nobody
\"
option to
\n
"
" immediately switch to user nobody. Another source of
\n
"
" problems are PAM modules that prompt for extra info,
\n
"
" e.g. password aging modules. These logins will always
\n
"
" fail as well.
\n
"
"
\n
"
" *IMPORTANT*: to prevent the Unix password being sent in
\n
"
" *clear text* over the network, two x11vnc options are
\n
"
...
...
@@ -444,17 +448,18 @@ void print_help(int mode) {
" Set UNIXPW_DISABLE_STUNNEL=1 to disable using -stunnel.
\n
"
" Evidently you will be using a different method to
\n
"
" encrypt the data between the vncviewer and x11vnc:
\n
"
" e.g. ssh(1) or a VPN. Note that use of ssh(1) with
\n
"
" -localhost is roughly the same as requiring a Unix
\n
"
" user login (since Unix password or the user's public
\n
"
" key authentication is used by ssh)
\n
"
"
\n
"
" As a convenience, if you ssh(1) in and start x11vnc
\n
"
" it will look to see if the environment variable
\n
"
" SSH_CONNECTION is set and appears reasonable. If it
\n
"
" does, then the stunnel requirement is dropped since
\n
"
" it is assumed you are using ssh for the encrypted
\n
"
" tunnelling. Use -stunnel to force stunnel usage.
\n
"
" e.g. ssh(1) or a VPN. Note that use of -localhost
\n
"
" with ssh(1) is roughly the same as requiring a Unix
\n
"
" user login (since a Unix password or the user's public
\n
"
" key authentication is used by ssh on the machine where
\n
"
" x11vnc runs and only local connections are accepted)
\n
"
"
\n
"
" As a convenience, if you ssh(1) in and start x11vnc it
\n
"
" will check if the environment variable SSH_CONNECTION
\n
"
" is set and appears reasonable. If it does, then the
\n
"
" stunnel requirement is dropped since it is assumed
\n
"
" you are using ssh for the encrypted tunnelling.
\n
"
" Use -stunnel to force stunnel usage.
\n
"
"
\n
"
" Set UNIXPW_DISABLE_LOCALHOST=1 to disable the -localhost
\n
"
" requirement. One should never do this (i.e. allow the
\n
"
...
...
@@ -471,16 +476,28 @@ void print_help(int mode) {
" where
\"
opts
\"
is a
\"
+
\"
separated list of
\n
"
"
\"
viewonly
\"
,
\"
fullaccess
\"
,
\"
input=XXXX
\"
, or
\n
"
"
\"
deny
\"
, e.g.
\"
karl,fred:viewonly,boss:input=M
\"
.
\n
"
" For
\"
input=
\"
it is the K,M,B,C describe under -input.
\n
"
"
\n
"
" If a user in the list is
\"
*
\"
that means those options
\n
"
" apply to all users. It also means all users are allowed
\n
"
" to log in. Use
\"
deny
\"
to explicitly deny some users
\n
"
" if you use
\"
*
\"
to set a global option.
\n
"
"
\n
"
"-stunnel [pem] Use the stunnel(1) (www.stunnel.org) to provide an
\n
"
" encrypted SSL tunnel between viewers and x11vnc.
\n
"
" This requires stunnel be installed on the system and
\n
"
" For
\"
input=
\"
it is the K,M,B,C described under -input.
\n
"
"
\n
"
" If a user in the list is
\"
*
\"
that means those
\n
"
" options apply to all users. It also means all users
\n
"
" are allowed to log in after supplying a valid password.
\n
"
" Use
\"
deny
\"
to explicitly deny some users if you use
\n
"
"
\"
*
\"
to set a global option.
\n
"
"
\n
"
"-unixpw_nis [list] As -unixpw above, however do not run su(1) but rather
\n
"
" use the traditional getpwnam() + crypt() method instead.
\n
"
" This requires that the encrpyted passwords be readable.
\n
"
" Passwords stored in /etc/shadow will be inaccessible
\n
"
" unless run as root. This is called
\"
NIS
\"
mode
\n
"
" simply because in most NIS setups the user encrypted
\n
"
" passwords are accessible (e.g.
\"
ypcat passwd
\"
).
\n
"
" NIS is not required for this mode to work, but it
\n
"
" is unlikely it will work for any other environment.
\n
"
" All of the -unixpw options and contraints apply.
\n
"
"
\n
"
"-stunnel [pem] Use the stunnel(1) (www.stunnel.org) to provide
\n
"
" an encrypted SSL tunnel between viewers and x11vnc.
\n
"
" This requires stunnel to be installed on the system and
\n
"
" available via PATH (n.b. stunnel is often installed in
\n
"
" sbin directories). Version 4.x of stunnel is assumed;
\n
"
" see -stunnel3 below.
\n
"
...
...
@@ -492,9 +509,9 @@ void print_help(int mode) {
"
\n
"
" stunnel is started up as a child process of x11vnc and
\n
"
" any SSL connections stunnel receives are decrypted and
\n
"
" sent to x11vnc over a local socket. The strings
\"
The
\n
"
"
SSL VNC desktop is ...
\"
and SSLPORT=... are printed
\n
"
" out at startup.
\n
"
" sent to x11vnc over a local socket. The strings
\n
"
"
\"
The SSL VNC desktop is ...
\"
and
\"
SSLPORT=...
\"
\n
"
"
are printed
out at startup.
\n
"
"
\n
"
" The -localhost option is enforced by default to
\n
"
" avoid people routing around the SSL channel. Set
\n
"
...
...
@@ -502,7 +519,7 @@ void print_help(int mode) {
"
\n
"
" Your VNC viewer will need to be able to connect via SSL.
\n
"
" Unfortunately not too many do this. UltraVNC seems to
\n
"
" have a SSL plugin.
It is not too difficult to set up
\n
"
" have a SSL plugin. It is not too difficult to set up
\n
"
" an stunnel or other SSL tunnel on the viewer side.
\n
"
"
\n
"
" A simple example on Unix using stunnel 3.x is:
\n
"
...
...
@@ -2100,16 +2117,17 @@ void print_help(int mode) {
" http_url auth xauth users rootshift clipshift
\n
"
" scale_str scaled_x scaled_y scale_numer scale_denom
\n
"
" scale_fac scaling_blend scaling_nomult4 scaling_pad
\n
"
" scaling_interpolate inetd privremote unsafe safer nocmds
\n
"
" passwdfile unixpw unixpw_list stunnel stunnel_pem
\n
"
" using_shm logfile o flag rc norc h help V version
\n
"
" lastmod bg sigpipe threads readrate netrate netlatency
\n
"
" pipeinput clients client_count pid ext_xtest ext_xtrap
\n
"
" ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay
\n
"
" ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons
\n
"
" button_mask mouse_x mouse_y bpp depth indexed_color
\n
"
" dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y
\n
"
" coff_x coff_y rfbauth passwd viewpasswd
\n
"
" scaling_interpolate inetd privremote unsafe safer
\n
"
" nocmds passwdfile unixpw unixpw_nis unixpw_list stunnel
\n
"
" stunnel_pem using_shm logfile o flag rc norc h help
\n
"
" V version lastmod bg sigpipe threads readrate netrate
\n
"
" netlatency pipeinput clients client_count pid ext_xtest
\n
"
" ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama
\n
"
" ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin
\n
"
" num_buttons button_mask mouse_x mouse_y bpp depth
\n
"
" indexed_color dpy_x dpy_y wdpy_x wdpy_y off_x off_y
\n
"
" cdpy_x cdpy_y coff_x coff_y rfbauth passwd viewpasswd
\n
"
"
\n
"
"-QD variable Just like -query variable, but returns the default
\n
"
" value for that parameter (no running x11vnc server
\n
"
" is consulted)
\n
"
...
...
x11vnc/inet.c
View file @
a9a9c812
...
...
@@ -288,6 +288,9 @@ char *ident_username(rfbClientPtr client) {
}
user
=
newuser
;
}
if
(
!
strcmp
(
user
,
"unknown-user"
)
&&
cd
&&
cd
->
unixname
[
0
]
!=
'\0'
)
{
user
=
cd
->
unixname
;
}
newhost
=
ip2host
(
client
->
host
);
len
=
strlen
(
user
)
+
1
+
strlen
(
newhost
)
+
1
;
str
=
(
char
*
)
malloc
(
len
);
...
...
@@ -318,7 +321,20 @@ int have_ssh_env(void) {
char
*
str
,
*
p
=
getenv
(
"SSH_CONNECTION"
);
char
*
rhost
,
*
rport
,
*
lhost
,
*
lport
;
if
(
!
p
)
return
0
;
if
(
!
p
)
{
char
*
q
=
getenv
(
"SSH_CLIENT"
);
if
(
!
q
)
{
return
0
;
}
if
(
strstr
(
q
,
"127.0.0.1"
)
!=
NULL
)
{
return
0
;
}
return
1
;
}
if
(
strstr
(
p
,
"127.0.0.1"
)
!=
NULL
)
{
return
0
;
}
str
=
strdup
(
p
);
...
...
@@ -342,10 +358,10 @@ int have_ssh_env(void) {
if
(
0
)
fprintf
(
stderr
,
"%d/%d - '%s' '%s'
\n
"
,
atoi
(
rport
),
atoi
(
lport
),
rhost
,
lhost
);
if
(
atoi
(
rport
)
<
0
||
atoi
(
rport
)
>
65535
)
{
if
(
atoi
(
rport
)
<
=
16
||
atoi
(
rport
)
>
65535
)
{
goto
fail
;
}
if
(
atoi
(
lport
)
<
0
||
atoi
(
lport
)
>
65535
)
{
if
(
atoi
(
lport
)
<
=
16
||
atoi
(
lport
)
>
65535
)
{
goto
fail
;
}
...
...
@@ -358,7 +374,6 @@ if (0) fprintf(stderr, "%d/%d - '%s' '%s'\n", atoi(rport), atoi(lport), rhost, l
return
1
;
fail:
fprintf
(
stderr
,
"failed:
\n
"
);
free
(
str
);
...
...
x11vnc/options.c
View file @
a9a9c812
...
...
@@ -16,6 +16,7 @@ int logfile_append = 0;
char
*
flagfile
=
NULL
;
/* -flag */
char
*
passwdfile
=
NULL
;
/* -passwdfile */
int
unixpw
=
0
;
/* -unixpw */
int
unixpw_nis
=
0
;
/* -unixpw_nis */
char
*
unixpw_list
=
NULL
;
int
use_stunnel
=
0
;
/* -stunnel */
int
stunnel_port
=
0
;
...
...
x11vnc/options.h
View file @
a9a9c812
...
...
@@ -16,6 +16,7 @@ extern int logfile_append;
extern
char
*
flagfile
;
extern
char
*
passwdfile
;
extern
int
unixpw
;
extern
int
unixpw_nis
;
extern
char
*
unixpw_list
;
extern
int
use_stunnel
;
extern
int
stunnel_port
;
...
...
x11vnc/remote.c
View file @
a9a9c812
...
...
@@ -3704,6 +3704,8 @@ char *process_remote_cmd(char *cmd, int stringonly) {
snprintf
(
buf
,
bufn
,
"aro=%s:%s"
,
p
,
NONUL
(
passwdfile
));
}
else
if
(
!
strcmp
(
p
,
"unixpw"
))
{
snprintf
(
buf
,
bufn
,
"aro=%s:%d"
,
p
,
unixpw
);
}
else
if
(
!
strcmp
(
p
,
"unixpw_nis"
))
{
snprintf
(
buf
,
bufn
,
"aro=%s:%d"
,
p
,
unixpw_nis
);
}
else
if
(
!
strcmp
(
p
,
"unixpw_list"
))
{
snprintf
(
buf
,
bufn
,
"aro=%s:%s"
,
p
,
NONUL
(
unixpw_list
));
}
else
if
(
!
strcmp
(
p
,
"stunnel"
))
{
...
...
x11vnc/sslcmds.c
View file @
a9a9c812
...
...
@@ -19,6 +19,27 @@ void setup_stunnel(int rport, int *argc, char **argv);
static
pid_t
stunnel_pid
=
0
;
void
check_stunnel
(
void
)
{
static
time_t
last_check
=
0
;
time_t
now
=
time
(
0
);
if
(
last_check
+
3
>=
now
)
{
return
;
}
last_check
=
now
;
if
(
stunnel_pid
>
0
)
{
int
status
;
waitpid
(
stunnel_pid
,
&
status
,
WNOHANG
);
if
(
kill
(
stunnel_pid
,
0
)
!=
0
)
{
waitpid
(
stunnel_pid
,
&
status
,
WNOHANG
);
rfbLog
(
"stunnel subprocess %d died.
\n
"
,
stunnel_pid
);
stunnel_pid
=
0
;
clean_up_exit
(
1
);
}
}
}
int
start_stunnel
(
int
stunnel_port
,
int
x11vnc_port
)
{
#ifdef SSLCMDS
char
extra
[]
=
":/usr/sbin:/usr/local/sbin"
;
...
...
x11vnc/sslcmds.h
View file @
a9a9c812
...
...
@@ -3,6 +3,7 @@
/* -- sslcmds.h -- */
extern
void
check_stunnel
(
void
);
extern
int
start_stunnel
(
int
stunnel_port
,
int
x11vnc_port
);
extern
void
stop_stunnel
(
void
);
extern
void
setup_stunnel
(
int
rport
,
int
*
argc
,
char
**
argv
);
...
...
x11vnc/tkx11vnc
View file @
a9a9c812
...
...
@@ -258,6 +258,8 @@ Permissions
=F rfbauth:
unixpw
unixpw_list:
unixpw_nis
unixpw_nis_list:
=0 storepasswd
=GAL LOFF
=GAL Misc-Perms::
...
...
@@ -523,7 +525,11 @@ Set the -xrandr mode value.
"
set
helptext
(
unixpw_list
)
"
Set the -unixpw_list usernames list value.
Set the -unixpw usernames list value.
"
set
helptext
(
unixpw_nis_list
)
"
Set the -unixpw_nis usernames list value.
"
set
helptext
(
stunnel_pem
)
"
...
...
@@ -658,10 +664,12 @@ to apply the changes, or press \"Cancel\" to skip applying them.
remote-control commands.
-
\"
Password
\"
lets you set the session password viewers may use to gain full
access to the display.
access to the display. This will only work if x11vnc was started with
the -gui icon or -gui tray mode.
-
\"
ViewOnly Password
\"
lets you set the session password viewers may
use to gain view only access to the display.
use to gain view only access to the display. This will only work if
x11vnc was started with the -gui icon or -gui tray mode.
NOTE: These
\"
session
\"
passwords only last for the current x11vnc
session (they are not remembered, see the -storepasswd, -passwdfile,
...
...
@@ -3217,25 +3225,36 @@ proc client_dialog {client} {
set
ip
""
global menu_var text_area cleanup_window item_bool
append_text
"
\n
Client info string:
$client
\n\n
"
if
{[
regexp
{
^
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
$}
\
$client
m0 m1 m2 m3 m4 m5 m6 m7]
}
{
# id:ip:port:user:hostname:input:loginvo
set
cid
$m1
set
ip
$m2
#<id>:<ip>:<port>:<user>:<unix>:<hostname>:<input>:<loginview>:<time>
append_text
"
\n
Client info string:
\n
-
$client
\n\n
"
if
{[
regexp
{
^
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
$}
\
$client
m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]
}
{
set
cid
$m1
set
ip
$m2
set
port
$m3
set
user
$m4
set
host
$m5
set
unix
$m5
set
host
$m6
regsub
{
\.
.
*
$}
$host
""
host
set
input
$m6
set
logvo
$m7
append_text
"Host:
$host
, Port:
$port
, User:
$user
, IP:
$ip
, Id:
$cid
\n
"
set
input
$m7
set
logvo
$m8
set
ltime
$m9
append_text
"Host:
$host
, Port:
$port
, User:
$user
"
if
{
$unix
!=
""
&&
$unix
!=
"none"
}
{
append_text
", Unix:
$unix
"
}
append_text
", IP:
$ip
, Id:
$cid
\n
"
append_text
" - originally logged in as: "
if
{
$logvo
==
"1"
}
{
append_text
"View-Only Client
\n
"
append_text
"View-Only Client"
}
else
{
append_text
"Normal Client
\n
"
append_text
"Normal Client"
}
if
{
$ltime
!=
""
}
{
set
tim
[
clock format
$ltime
]
append_text
",
$tim
"
}
append_text
"
\n
"
append_text
" - currently allowed input: "
set
sk 0
set
sm 0
...
...
@@ -3303,22 +3322,30 @@ proc disconnect_dialog {client} {
set
cid
""
set
host
""
set
msg
"
\n
"
append msg
"*** Client info string:
$client
\n
"
if
{[
regexp
{
^
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
$}
$client
m0 m1 m2 m3 m4 m5 m6]
}
{
set
cid
$m1
set
ip
$m2
append msg
"*** Client info string:
\n
$client
\n
"
if
{[
regexp
{
^
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
$}
\
$client
m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]
}
{
set
cid
$m1
set
ip
$m2
set
port
$m3
set
host
$m4
set
user
$m4
set
unix
$m5
set
host
$m6
regsub
{
\.
.
*
$}
$host
""
host
set
input
$m5
set
logvo
$m6
append_text
"Host:
$host
, Port:
$port
, IP:
$ip
, Id:
$cid
\n
"
set
input
$m7
set
logvo
$m8
set
ltime
$m9
append_text
"Host:
$host
, Port:
$port
, IP:
$ip
, User:
$user
"
if
{
$unix
!=
""
&&
$unix
!=
"none"
}
{
append_text
", Unix:
$unix
"
}
append_text
", Id:
$cid
\n
"
}
if
{
$cid
==
""
}
{
append_text
"Invalid client info string:
$client
\n
"
return
}
append msg
"*** To *DISCONNECT* this client press
\"
OK
\"
, otherwise press
\"
Cancel
\"\n
"
append msg
"*** To *DISCONNECT* this client press
\"
OK
\"
again
, otherwise press
\"
Cancel
\"\n
"
bell
if
{[
warning_dialog
$msg
"current"
]}
{
push_new_value
"disconnect"
"disconnect"
$cid
1
...
...
@@ -3389,12 +3416,19 @@ proc update_clients_menu {list} {
}
regsub
-all
{[{}()
~!
$&
*
|
;
'"`{}<>\[\]]} $client "" client
#'
if
{[
regexp
{
^
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
$}
\
$client
m0 m1 m2 m3 m4 m5 m6 m7]
}
{
# id:ip:port:user:hostname:input:loginvo
set
host
$m5
if
{[
regexp
{
^
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
$}
\
$client
m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]
}
{
set id
$m1
set
user
$m4
set
unix
$m5
set
host
$m6
regsub
{
\.
.
*
$}
$host
""
host
set
clabel
"
$host
$m1
"
set
clabel
"
$host
$id
"
if
{
$unix
!=
""
&&
$unix
!=
"none"
}
{
set
clabel
"
$unix
@
$clabel
"
}
elseif
{
$user
!=
"unknown-user"
}
{
set
clabel
"
$user
@
$clabel
"
}
}
else
{
regsub
{
:.
*
$}
$client
""
clabel
}
...
...
@@ -3943,6 +3977,7 @@ proc do_props {{msg ""}} {
global menu_var unset_str
global have_labelframes ffont bfont
global props_buttons icon_noadvanced
global icon_mode icon_mode_at_startup
check_update_vars
...
...
@@ -4054,6 +4089,7 @@ proc do_props {{msg ""}} {
entry
$vp
.e
-show
"*"
-textvariable
props_viewpasswd
-font
$bfont
pack
$vp
.e
-fill
x
-expand
1
-padx
1m
-pady
1m
-side
top
lappend props_buttons
$vp
.e
set
pw
"
$w
.passwd"
...
...
@@ -4068,6 +4104,17 @@ proc do_props {{msg ""}} {
entry
$pw
.e
-show
"*"
-textvariable
props_passwd
-font
$bfont
pack
$pw
.e
-fill
x
-expand
1
-padx
1m
-pady
1m
-side
top
if
{!
$icon_mode_at_startup
}
{
$vp
.e configure
-state
disabled
catch
{
$vp
.l configure
-state
disabled
}
catch
{
$vp
configure
-state
disabled
}
catch
{
$vp
configure
-foreground
grey60
}
$pw
.e configure
-state
disabled
catch
{
$pw
.l configure
-state
disabled
}
catch
{
$pw
configure
-state
disabled
}
catch
{
$pw
configure
-foreground
grey60
}
}
lappend props_buttons
$pw
.e
set
sh
"
$w
.shared"
...
...
@@ -4188,7 +4235,8 @@ proc popup_post {m} {
continue
}
if
{[
regexp
{
^
([
^:]
*
)
:
(
.
*
)
$}
$client
mat
id
lab]
}
{
$wd
add
command
-label
"
$lab
"
\
set
nid
[
expr
"
$id
+ 0"
]
$wd
add
command
-label
"
$nid
$lab
"
\
-command
"do_disconnect_client
$id
"
}
}
...
...
@@ -4213,26 +4261,38 @@ proc set_client_balloon {str} {
set
client_balloon
"
$vnc_display
"
set
count 0
regsub
-all
{
^.
*
aro
=
clients:
}
$str
""
str
regsub
-all
{
aro
=
.
*
$}
$str
""
str
regsub
-all
{
ans
=
.
*
$}
$str
""
str
foreach client
[
split
$str
","
]
{
if
{[
regexp
{
^
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
$}
\
$client
m0 m1 m2 m3 m4 m5 m6 m7]
}
{
# id:ip:port:user:hostname:input:loginvo
#puts "client: $client"
if
[
regexp
{
^[
]
*
$}
$client
]
{
continue
}
if
{[
regexp
{
^
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
:
(
.
*
)
$}
\
$client
m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]
}
{
set id
$m1
set
nid
[
expr
"
$m1
+ 0"
]
set
ip
$m2
set
port
$m3
set
user
$m4
set
unix
$m5
if
{[
string length
$user
]
>=
24
}
{
# weird identd hash...
set
user
[
string range
$user
0 8]
set
user
"
${
user
}
..."
}
set
host
$m5
set
input
$m6
set
vo
$m7
if
{
$unix
!=
""
&&
$unix
!=
"none"
}
{
set
user
$unix
}
set
host
$m6
set
input
$m7
set
vo
$m8
set
ltime
$m9
if
[
regexp
{
^[
]
*
$}
$host
]
{
set
host
$ip
}
set
client_balloon
"
${
client_balloon
}
\n
$user
\@
$host
"
set
client_balloon
"
${
client_balloon
}
\n
$
nid
$
user
\@
$host
"
if
{
$vo
==
"1"
}
{
set
client_balloon
"
${
client_balloon
}
- view"
lappend client_id_list
"
$id
:
$user
\@
$host
- view"
...
...
@@ -5408,6 +5468,8 @@ proc get_nitem {item} {
set nitem "xrandr"
} elseif {
$nitem
== "unixpw_list"} {
set nitem "unixpw"
} elseif {
$nitem
== "unixpw_nis_list"} {
set nitem "unixpw_nis"
} elseif {
$nitem
== "stunnel_pem"} {
set nitem "stunnel"
} elseif {
$nitem
== "wireframe_mode"} {
...
...
@@ -5870,12 +5932,16 @@ proc setup_tray_embed {} {
proc restart_everything {gui_mode} {
global env gui_argv0 x11vnc_prog full_win
global icon_mode_at_startup
global tray_embed tray_running
if {
$gui_mode
== "full"} {
set env(X11VNC_ICON_MODE) 0
} elseif {
$gui_mode
== "icon"} {
set env(X11VNC_ICON_MODE) 1
} elseif {
$gui_mode
== "tray"} {
if {![regexp -nocase {TRAY}
$env
(X11VNC_ICON_MODE)]} {
if {
$tray_running
} {
set env(X11VNC_ICON_MODE) "RUNNING"
} else {
set env(X11VNC_ICON_MODE) "TRAY"
}
}
...
...
@@ -5957,7 +6023,8 @@ global connected_to_x11vnc
global delay_sleep extra_sleep extra_sleep_split
global cache_all_query_vars
global last_query_all_time query_all_freq client_tail client_sock client_info_read
global icon_mode tray_embed tray_running icon_setpasswd icon_embed_id
global icon_mode icon_mode_at_startup
global tray_embed tray_running icon_setpasswd icon_embed_id
global icon_noadvanced icon_minimal
global make_gui_count text_area_str
global gui_argv0 gui_start_mode
...
...
@@ -6144,6 +6211,20 @@ if {[info exists env(X11VNC_SIMPLE_GUI)]} {
set icon_mode 0
set tray_embed 0
set tray_running 0
if {![info exists env(X11VNC_ICON_MODE_AT_STARTUP)]} {
if {[info exists env(X11VNC_ICON_MODE)]} {
if {
$env
(X11VNC_ICON_MODE) != 0} {
set env(X11VNC_ICON_MODE_AT_STARTUP) 1
} else {
set env(X11VNC_ICON_MODE_AT_STARTUP) 0
}
} else {
set env(X11VNC_ICON_MODE_AT_STARTUP) 0
}
}
set icon_mode_at_startup
$env
(X11VNC_ICON_MODE_AT_STARTUP)
if {![info exists env(X11VNC_ICON_MODE)]} {
set icon_mode 0
} elseif {
$env
(X11VNC_ICON_MODE) == "" ||
$env
(X11VNC_ICON_MODE) == "0"} {
...
...
@@ -6158,6 +6239,7 @@ if {![info exists env(X11VNC_ICON_MODE)]} {
set tray_running 1
}
}
set icon_setpasswd 0
if {[info exists env(X11VNC_ICON_SETPASS)]} {
if {
$env
(X11VNC_ICON_SETPASS) != ""} {
...
...
x11vnc/tkx11vnc.h
View file @
a9a9c812
...
...
@@ -269,6 +269,8 @@ char gui_code[] = "";
" =F rfbauth:
\n
"
" unixpw
\n
"
" unixpw_list:
\n
"
" unixpw_nis
\n
"
" unixpw_nis_list:
\n
"
" =0 storepasswd
\n
"
" =GAL LOFF
\n
"
" =GAL Misc-Perms::
\n
"
...
...
@@ -534,7 +536,11 @@ char gui_code[] = "";
"
\"\n
"
"
\n
"
" set helptext(unixpw_list)
\"\n
"
"Set the -unixpw_list usernames list value.
\n
"
"Set the -unixpw usernames list value.
\n
"
"
\"\n
"
"
\n
"
" set helptext(unixpw_nis_list)
\"\n
"
"Set the -unixpw_nis usernames list value.
\n
"
"
\"\n
"
"
\n
"
" set helptext(stunnel_pem)
\"\n
"
...
...
@@ -669,10 +675,12 @@ char gui_code[] = "";
" remote-control commands.
\n
"
"
\n
"
" -
\\\"
Password
\\\"
lets you set the session password viewers may use to gain full
\n
"
" access to the display.
\n
"
" access to the display. This will only work if x11vnc was started with
\n
"
" the -gui icon or -gui tray mode.
\n
"
"
\n
"
" -
\\\"
ViewOnly Password
\\\"
lets you set the session password viewers may
\n
"
" use to gain view only access to the display.
\n
"
" use to gain view only access to the display. This will only work if
\n
"
" x11vnc was started with the -gui icon or -gui tray mode.
\n
"
"
\n
"
"NOTE: These
\\\"
session
\\\"
passwords only last for the current x11vnc
\n
"
"session (they are not remembered, see the -storepasswd, -passwdfile,
\n
"
...
...
@@ -3228,25 +3236,36 @@ char gui_code[] = "";
" set ip
\"\"\n
"
" global menu_var text_area cleanup_window item_bool
\n
"
"
\n
"
"
append_text
\"\\
nClient info string: $client
\\
n
\\
n
\"
\n
"
"
if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*)$}
\\
\n
"
"
$client m0 m1 m2 m3 m4 m5 m6 m7]} {
\n
"
"
# id:ip:port:user:hostname:input:loginvo
\n
"
" set cid $m1
\n
"
" set ip $m2
\n
"
"
#<id>:<ip>:<port>:<user>:<unix>:<hostname>:<input>:<loginview>:<time>
\n
"
"
append_text
\"\\
nClient info string:
\\
n - $client
\\
n
\\
n
\"
\n
"
"
if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*)$}
\\
\n
"
"
$client m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]} {
\n
"
" set cid
$m1
\n
"
" set ip
$m2
\n
"
" set port $m3
\n
"
" set user $m4
\n
"
" set host $m5
\n
"
" set unix $m5
\n
"
" set host $m6
\n
"
" regsub {
\\
..*$} $host
\"\"
host
\n
"
" set input $m6
\n
"
" set logvo $m7
\n
"
" append_text
\"
Host: $host, Port: $port, User: $user, IP: $ip, Id: $cid
\\
n
\"\n
"
" set input $m7
\n
"
" set logvo $m8
\n
"
" set ltime $m9
\n
"
" append_text
\"
Host: $host, Port: $port, User: $user
\"\n
"
" if {$unix !=
\"\"
&& $unix !=
\"
none
\"
} {
\n
"
" append_text
\"
, Unix: $unix
\"\n
"
" }
\n
"
" append_text
\"
, IP: $ip, Id: $cid
\\
n
\"\n
"
" append_text
\"
- originally logged in as:
\"\n
"
" if {$logvo ==
\"
1
\"
} {
\n
"
" append_text
\"
View-Only Client
\
\
n
\
"\n
"
" append_text
\"
View-Only Client
\"\n
"
" } else {
\n
"
" append_text
\"
Normal Client
\\
n
\"\n
"
" append_text
\"
Normal Client
\"\n
"
" }
\n
"
" if {$ltime !=
\"\"
} {
\n
"
" set tim [clock format $ltime]
\n
"
" append_text
\"
, $tim
\"\n
"
" }
\n
"
" append_text
\"\\
n
\"\n
"
" append_text
\"
- currently allowed input:
\"\n
"
" set sk 0
\n
"
" set sm 0
\n
"
...
...
@@ -3314,22 +3333,30 @@ char gui_code[] = "";
" set cid
\"\"\n
"
" set host
\"\"\n
"
" set msg
\"\\
n
\"\n
"
" append msg
\"
*** Client info string: $client
\\
n
\"\n
"
" if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*)$} $client m0 m1 m2 m3 m4 m5 m6]} {
\n
"
" set cid $m1
\n
"
" set ip $m2
\n
"
" append msg
\"
*** Client info string:
\\
n $client
\\
n
\"\n
"
" if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*)$}
\\\n
"
" $client m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]} {
\n
"
" set cid $m1
\n
"
" set ip $m2
\n
"
" set port $m3
\n
"
" set host $m4
\n
"
" set user $m4
\n
"
" set unix $m5
\n
"
" set host $m6
\n
"
" regsub {
\\
..*$} $host
\"\"
host
\n
"
" set input $m5
\n
"
" set logvo $m6
\n
"
" append_text
\"
Host: $host, Port: $port, IP: $ip, Id: $cid
\\
n
\"\n
"
" set input $m7
\n
"
" set logvo $m8
\n
"
" set ltime $m9
\n
"
" append_text
\"
Host: $host, Port: $port, IP: $ip, User: $user
\"\n
"
" if {$unix !=
\"\"
&& $unix !=
\"
none
\"
} {
\n
"
" append_text
\"
, Unix: $unix
\"\n
"
" }
\n
"
" append_text
\"
, Id: $cid
\\
n
\"\n
"
" }
\n
"
" if {$cid ==
\"\"
} {
\n
"
" append_text
\"
Invalid client info string: $client
\\
n
\"\n
"
" return
\n
"
" }
\n
"
" append msg
\"
*** To *DISCONNECT* this client press
\\\"
OK
\\\"
, otherwise press
\\\"
Cancel
\\\"\\
n
\"\n
"
" append msg
\"
*** To *DISCONNECT* this client press
\\\"
OK
\\\"
again
, otherwise press
\\\"
Cancel
\\\"\\
n
\"\n
"
" bell
\n
"
" if {[warning_dialog $msg
\"
current
\"
]} {
\n
"
" push_new_value
\"
disconnect
\"
\"
disconnect
\"
$cid 1
\n
"
...
...
@@ -3400,12 +3427,19 @@ char gui_code[] = "";
" }
\n
"
" regsub -all {[{}()~!$&*|;'
\"
`{}<>
\\
[
\\
]]} $client
\"\"
client
\n
"
" #'
\n
"
" if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*)$}
\\\n
"
" $client m0 m1 m2 m3 m4 m5 m6 m7]} {
\n
"
" # id:ip:port:user:hostname:input:loginvo
\n
"
" set host $m5
\n
"
" if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*)$}
\\\n
"
" $client m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]} {
\n
"
" set id $m1
\n
"
" set user $m4
\n
"
" set unix $m5
\n
"
" set host $m6
\n
"
" regsub {
\\
..*$} $host
\"\"
host
\n
"
" set clabel
\"
$host $m1
\"\n
"
" set clabel
\"
$host $id
\"\n
"
" if {$unix !=
\"\"
&& $unix !=
\"
none
\"
} {
\n
"
" set clabel
\"
$unix@$clabel
\"\n
"
" } elseif {$user !=
\"
unknown-user
\"
} {
\n
"
" set clabel
\"
$user@$clabel
\"\n
"
" }
\n
"
" } else {
\n
"
" regsub {:.*$} $client
\"\"
clabel
\n
"
" }
\n
"
...
...
@@ -3954,6 +3988,7 @@ char gui_code[] = "";
" global menu_var unset_str
\n
"
" global have_labelframes ffont bfont
\n
"
" global props_buttons icon_noadvanced
\n
"
" global icon_mode icon_mode_at_startup
\n
"
"
\n
"
" check_update_vars
\n
"
"
\n
"
...
...
@@ -4065,6 +4100,7 @@ char gui_code[] = "";
" entry $vp.e -show
\"
*
\"
-textvariable props_viewpasswd -font $bfont
\n
"
" pack $vp.e -fill x -expand 1 -padx 1m -pady 1m -side top
\n
"
"
\n
"
"
\n
"
" lappend props_buttons $vp.e
\n
"
"
\n
"
" set pw
\"
$w.passwd
\"\n
"
...
...
@@ -4079,6 +4115,17 @@ char gui_code[] = "";
" entry $pw.e -show
\"
*
\"
-textvariable props_passwd -font $bfont
\n
"
" pack $pw.e -fill x -expand 1 -padx 1m -pady 1m -side top
\n
"
"
\n
"
" if {! $icon_mode_at_startup} {
\n
"
" $vp.e configure -state disabled
\n
"
" catch {$vp.l configure -state disabled}
\n
"
" catch {$vp configure -state disabled}
\n
"
" catch {$vp configure -foreground grey60}
\n
"
" $pw.e configure -state disabled
\n
"
" catch {$pw.l configure -state disabled}
\n
"
" catch {$pw configure -state disabled}
\n
"
" catch {$pw configure -foreground grey60}
\n
"
" }
\n
"
"
\n
"
" lappend props_buttons $pw.e
\n
"
"
\n
"
" set sh
\"
$w.shared
\"\n
"
...
...
@@ -4199,7 +4246,8 @@ char gui_code[] = "";
" continue
\n
"
" }
\n
"
" if {[regexp {^([^:]*):(.*)$} $client mat id lab]} {
\n
"
" $wd add command -label
\"
$lab
\"
\\\n
"
" set nid [expr
\"
$id + 0
\"
]
\n
"
" $wd add command -label
\"
$nid $lab
\"
\\\n
"
" -command
\"
do_disconnect_client $id
\"\n
"
" }
\n
"
" }
\n
"
...
...
@@ -4224,26 +4272,38 @@ char gui_code[] = "";
"
\n
"
" set client_balloon
\"
$vnc_display
\"\n
"
" set count 0
\n
"
" regsub -all {^.*aro=clients:} $str
\"\"
str
\n
"
" regsub -all {aro=.*$} $str
\"\"
str
\n
"
" regsub -all {ans=.*$} $str
\"\"
str
\n
"
" foreach client [split $str
\"
,
\"
] {
\n
"
" if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*)$}
\\\n
"
" $client m0 m1 m2 m3 m4 m5 m6 m7]} {
\n
"
" # id:ip:port:user:hostname:input:loginvo
\n
"
" #puts
\"
client: $client
\"\n
"
" if [regexp {^[ ]*$} $client] {
\n
"
" continue
\n
"
" }
\n
"
" if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*)$}
\\\n
"
" $client m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]} {
\n
"
" set id $m1
\n
"
" set nid [expr
\"
$m1 + 0
\"
]
\n
"
" set ip $m2
\n
"
" set port $m3
\n
"
" set user $m4
\n
"
" set unix $m5
\n
"
" if {[string length $user] >= 24} {
\n
"
" # weird identd hash...
\n
"
" set user [string range $user 0 8]
\n
"
" set user
\"
${user}...
\"\n
"
" }
\n
"
" set host $m5
\n
"
" set input $m6
\n
"
" set vo $m7
\n
"
" if {$unix !=
\"\"
&& $unix !=
\"
none
\"
} {
\n
"
" set user $unix
\n
"
" }
\n
"
" set host $m6
\n
"
" set input $m7
\n
"
" set vo $m8
\n
"
" set ltime $m9
\n
"
" if [regexp {^[ ]*$} $host] {
\n
"
" set host $ip
\n
"
" }
\n
"
" set client_balloon
\"
${client_balloon}
\\
n$user
\\
@$host
\"\n
"
" set client_balloon
\"
${client_balloon}
\\
n$
nid $
user
\\
@$host
\"\n
"
" if {$vo ==
\"
1
\"
} {
\n
"
" set client_balloon
\"
${client_balloon} - view
\"\n
"
" lappend client_id_list
\"
$id:$user
\\
@$host - view
\"\n
"
...
...
@@ -5419,6 +5479,8 @@ char gui_code[] = "";
" set nitem
\"
xrandr
\"\n
"
" } elseif {$nitem ==
\"
unixpw_list
\"
} {
\n
"
" set nitem
\"
unixpw
\"\n
"
" } elseif {$nitem ==
\"
unixpw_nis_list
\"
} {
\n
"
" set nitem
\"
unixpw_nis
\"\n
"
" } elseif {$nitem ==
\"
stunnel_pem
\"
} {
\n
"
" set nitem
\"
stunnel
\"\n
"
" } elseif {$nitem ==
\"
wireframe_mode
\"
} {
\n
"
...
...
@@ -5881,12 +5943,16 @@ char gui_code[] = "";
"
\n
"
"proc restart_everything {gui_mode} {
\n
"
" global env gui_argv0 x11vnc_prog full_win
\n
"
" global icon_mode_at_startup
\n
"
" global tray_embed tray_running
\n
"
" if {$gui_mode ==
\"
full
\"
} {
\n
"
" set env(X11VNC_ICON_MODE) 0
\n
"
" } elseif {$gui_mode ==
\"
icon
\"
} {
\n
"
" set env(X11VNC_ICON_MODE) 1
\n
"
" } elseif {$gui_mode ==
\"
tray
\"
} {
\n
"
" if {![regexp -nocase {TRAY} $env(X11VNC_ICON_MODE)]} {
\n
"
" if {$tray_running} {
\n
"
" set env(X11VNC_ICON_MODE)
\"
RUNNING
\"\n
"
" } else {
\n
"
" set env(X11VNC_ICON_MODE)
\"
TRAY
\"\n
"
" }
\n
"
" }
\n
"
...
...
@@ -5968,7 +6034,8 @@ char gui_code[] = "";
"global delay_sleep extra_sleep extra_sleep_split
\n
"
"global cache_all_query_vars
\n
"
"global last_query_all_time query_all_freq client_tail client_sock client_info_read
\n
"
"global icon_mode tray_embed tray_running icon_setpasswd icon_embed_id
\n
"
"global icon_mode icon_mode_at_startup
\n
"
"global tray_embed tray_running icon_setpasswd icon_embed_id
\n
"
"global icon_noadvanced icon_minimal
\n
"
"global make_gui_count text_area_str
\n
"
"global gui_argv0 gui_start_mode
\n
"
...
...
@@ -6155,6 +6222,20 @@ char gui_code[] = "";
"set icon_mode 0
\n
"
"set tray_embed 0
\n
"
"set tray_running 0
\n
"
"
\n
"
"if {![info exists env(X11VNC_ICON_MODE_AT_STARTUP)]} {
\n
"
" if {[info exists env(X11VNC_ICON_MODE)]} {
\n
"
" if {$env(X11VNC_ICON_MODE) != 0} {
\n
"
" set env(X11VNC_ICON_MODE_AT_STARTUP) 1
\n
"
" } else {
\n
"
" set env(X11VNC_ICON_MODE_AT_STARTUP) 0
\n
"
" }
\n
"
" } else {
\n
"
" set env(X11VNC_ICON_MODE_AT_STARTUP) 0
\n
"
" }
\n
"
"}
\n
"
"set icon_mode_at_startup $env(X11VNC_ICON_MODE_AT_STARTUP)
\n
"
"
\n
"
"if {![info exists env(X11VNC_ICON_MODE)]} {
\n
"
" set icon_mode 0
\n
"
"} elseif {$env(X11VNC_ICON_MODE) ==
\"\"
|| $env(X11VNC_ICON_MODE) ==
\"
0
\"
} {
\n
"
...
...
@@ -6169,6 +6250,7 @@ char gui_code[] = "";
" set tray_running 1
\n
"
" }
\n
"
"}
\n
"
"
\n
"
"set icon_setpasswd 0
\n
"
"if {[info exists env(X11VNC_ICON_SETPASS)]} {
\n
"
" if {$env(X11VNC_ICON_SETPASS) !=
\"\"
} {
\n
"
...
...
x11vnc/unixpw.c
View file @
a9a9c812
...
...
@@ -5,6 +5,7 @@
extern
int
grantpt
(
int
);
extern
int
unlockpt
(
int
);
extern
char
*
ptsname
(
int
);
extern
char
*
crypt
(
const
char
*
,
const
char
*
);
#endif
#include "x11vnc.h"
...
...
@@ -14,11 +15,15 @@ extern char *ptsname(int);
#include <rfb/default8x16.h>
#if LIBVNCSERVER_HAVE_FORK
#if LIBVNCSERVER_HAVE_SYS_WAIT_H
#if LIBVNCSERVER_HAVE_WAITPID
#define UNIXPW
#if LIBVNCSERVER_HAVE_SYS_WAIT_H && LIBVNCSERVER_HAVE_WAITPID
#define UNIXPW_SU
#endif
#endif
#if LIBVNCSERVER_HAVE_PWD_H && LIBVNCSERVER_HAVE_GETPWNAM
#if LIBVNCSERVER_HAVE_CRYPT || LIBVNCSERVER_HAVE_LIBCRYPT
#define UNIXPW_CRYPT
#endif
#endif
#if LIBVNCSERVER_HAVE_SYS_IOCTL_H
...
...
@@ -27,9 +32,10 @@ extern char *ptsname(int);
#if LIBVNCSERVER_HAVE_TERMIOS_H
#include <termios.h>
#endif
#if
0
#if
LIBVNCSERVER_HAVE_SYS_STROPTS_H
#include <sys/stropts.h>
#endif
#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__NetBSD__)
#define IS_BSD
#endif
...
...
@@ -39,6 +45,7 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init);
void
unixpw_accept
(
char
*
user
);
void
unixpw_deny
(
void
);
int
su_verify
(
char
*
user
,
char
*
pass
);
int
crypt_verify
(
char
*
user
,
char
*
pass
);
static
int
white
(
void
);
static
int
text_x
(
void
);
...
...
@@ -84,10 +91,17 @@ static int text_y(void) {
}
void
unixpw_screen
(
int
init
)
{
#ifndef UNIXPW
if
(
unixpw_nis
)
{
#ifndef UNIXPW_CRYPT
rfbLog
(
"-unixpw_nis is not supported on this OS/machine
\n
"
);
clean_up_exit
(
1
);
#endif
}
else
{
#ifndef UNIXPW_SU
rfbLog
(
"-unixpw is not supported on this OS/machine
\n
"
);
clean_up_exit
(
1
);
#endif
}
if
(
init
)
{
int
x
,
y
;
char
log
[]
=
"login: "
;
...
...
@@ -115,6 +129,8 @@ static char slave_str[MAXPATHLEN];
static
char
slave_str
[
4096
];
#endif
static
int
used_get_pty_ptmx
=
0
;
char
*
get_pty_ptmx
(
int
*
fd_p
)
{
char
*
slave
;
int
fd
=
-
1
,
i
,
ndevs
=
4
,
tmp
;
...
...
@@ -130,7 +146,6 @@ char *get_pty_ptmx(int *fd_p) {
#if LIBVNCSERVER_HAVE_GRANTPT
for
(
i
=
0
;
i
<
ndevs
;
i
++
)
{
#ifdef O_NOCTTY
fd
=
open
(
devs
[
i
],
O_RDWR
|
O_NOCTTY
);
#else
...
...
@@ -146,13 +161,6 @@ char *get_pty_ptmx(int *fd_p) {
return
NULL
;
}
#if 0
#if defined(FIONBIO)
tmp = 1;
ioctl(fd, FIONBIO, &tmp);
#endif
#endif
#if LIBVNCSERVER_HAVE_SYS_IOCTL_H && defined(TIOCPKT)
tmp
=
0
;
ioctl
(
fd
,
TIOCPKT
,
(
char
*
)
&
tmp
);
...
...
@@ -180,8 +188,6 @@ char *get_pty_ptmx(int *fd_p) {
ioctl
(
fd
,
TIOCFLUSH
,
(
char
*
)
0
);
#endif
strcpy
(
slave_str
,
slave
);
*
fd_p
=
fd
;
return
slave_str
;
...
...
@@ -194,7 +200,6 @@ char *get_pty_ptmx(int *fd_p) {
char
*
get_pty_loop
(
int
*
fd_p
)
{
char
*
slave
;
char
master_str
[
16
];
int
fd
=
-
1
,
i
;
char
c
;
...
...
@@ -233,6 +238,7 @@ char *get_pty_loop(int *fd_p) {
}
char
*
get_pty
(
int
*
fd_p
)
{
used_get_pty_ptmx
=
0
;
if
(
getenv
(
"BSD_PTY"
))
{
return
get_pty_loop
(
fd_p
);
}
...
...
@@ -240,6 +246,7 @@ char *get_pty(int *fd_p) {
return
get_pty_loop
(
fd_p
);
#else
#if LIBVNCSERVER_HAVE_GRANTPT
used_get_pty_ptmx
=
1
;
return
get_pty_ptmx
(
fd_p
);
#else
return
get_pty_loop
(
fd_p
);
...
...
@@ -267,28 +274,76 @@ void try_to_be_nobody(void) {
setegid
(
pw
->
pw_gid
);
#endif
}
#endif
/* PWD_H */
}
static
int
slave_fd
=
-
1
;
static
int
slave_fd
=
-
1
,
alarm_fired
=
0
;;
static
void
close_alarm
(
int
sig
)
{
if
(
slave_fd
>=
0
)
{
close
(
slave_fd
);
}
alarm_fired
=
1
;
if
(
0
)
sig
=
0
;
/* compiler warning */
}
static
void
kill_child
(
pid_t
pid
,
int
fd
)
{
int
status
;
slave_fd
=
-
1
;
alarm_fired
=
0
;
if
(
fd
>=
0
)
{
close
(
fd
);
}
kill
(
pid
,
SIGTERM
);
waitpid
(
pid
,
&
status
,
WNOHANG
);
}
int
crypt_verify
(
char
*
user
,
char
*
pass
)
{
#ifndef UNIXPW_CRYPT
return
0
;
#else
struct
passwd
*
pwd
;
char
*
realpw
,
*
cr
;
int
n
;
pwd
=
getpwnam
(
user
);
if
(
!
pwd
)
{
return
0
;
}
realpw
=
pwd
->
pw_passwd
;
if
(
realpw
==
NULL
||
realpw
[
0
]
==
'\0'
)
{
return
0
;
}
n
=
strlen
(
pass
);
if
(
pass
[
n
-
1
]
==
'\n'
)
{
pass
[
n
-
1
]
=
'\0'
;
}
cr
=
crypt
(
pass
,
realpw
);
if
(
cr
==
NULL
)
{
return
0
;
}
if
(
!
strcmp
(
cr
,
realpw
))
{
return
1
;
}
else
{
return
0
;
}
#endif
/* UNIXPW_CRYPT */
}
int
su_verify
(
char
*
user
,
char
*
pass
)
{
#ifndef UNIXPW
#ifndef UNIXPW
_SU
return
0
;
#else
int
i
,
j
,
status
,
fd
=
-
1
,
sfd
,
tfd
;
int
slow_pw
=
1
;
char
*
slave
,
*
bin_true
=
NULL
,
*
bin_su
=
NULL
;
pid_t
pid
,
pidw
;
struct
stat
sbuf
;
static
int
first
=
1
;
char
instr
[
16
];
char
instr
[
32
],
buf
[
10
];
if
(
first
)
{
set_db
();
...
...
@@ -316,7 +371,15 @@ int su_verify(char *user, char *pass) {
}
}
if
(
stat
(
"/bin/su"
,
&
sbuf
)
==
0
)
{
#define SU_DEBUG 0
#if SU_DEBUG
if
(
stat
(
"/su"
,
&
sbuf
)
==
0
)
{
bin_su
=
"/su"
;
/* Freesbie read-only-fs /bin/su not suid! */
#else
if
(
0
)
{
;
#endif
}
else
if
(
stat
(
"/bin/su"
,
&
sbuf
)
==
0
)
{
bin_su
=
"/bin/su"
;
}
else
if
(
stat
(
"/usr/bin/su"
,
&
sbuf
)
==
0
)
{
bin_su
=
"/usr/bin/su"
;
...
...
@@ -337,10 +400,12 @@ int su_verify(char *user, char *pass) {
}
slave
=
get_pty
(
&
fd
);
if
(
slave
==
NULL
)
{
rfbLogPerror
(
"get_pty failed."
);
return
0
;
}
if
(
db
)
fprintf
(
stderr
,
"slave is: %s fd=%d
\n
"
,
slave
,
fd
);
if
(
fd
<
0
)
{
...
...
@@ -358,8 +423,10 @@ if (db) fprintf(stderr, "slave is: %s fd=%d\n", slave, fd);
}
if
(
pid
==
0
)
{
/* child */
int
ttyfd
;
char
tmp
[
256
];
ttyfd
=
-
1
;
/* compiler warning */
#if LIBVNCSERVER_HAVE_SETSID
if
(
setsid
()
==
-
1
)
{
...
...
@@ -371,7 +438,6 @@ if (db) fprintf(stderr, "slave is: %s fd=%d\n", slave, fd);
perror
(
"setpgrp"
);
exit
(
1
);
}
#if LIBVNCSERVER_HAVE_SYS_IOCTL_H && defined(TIOCNOTTY)
ttyfd
=
open
(
"/dev/tty"
,
O_RDWR
);
if
(
ttyfd
>=
0
)
{
...
...
@@ -390,11 +456,21 @@ if (db) fprintf(stderr, "slave is: %s fd=%d\n", slave, fd);
if
(
sfd
<
0
)
{
exit
(
1
);
}
/* sfd should be 0 since we closed 0. */
#ifdef F_SETFL
fcntl
(
sfd
,
F_SETFL
,
O_NONBLOCK
);
/* streams options fixups, handle cases as they are found: */
#if defined(__hpux)
#if LIBVNCSERVER_HAVE_SYS_STROPTS_H
#if LIBVNCSERVER_HAVE_SYS_IOCTL_H && defined(I_PUSH)
if
(
used_get_pty_ptmx
)
{
ioctl
(
sfd
,
I_PUSH
,
"ptem"
);
ioctl
(
sfd
,
I_PUSH
,
"ldterm"
);
ioctl
(
sfd
,
I_PUSH
,
"ttcompat"
);
}
#endif
#endif
#endif
/* n.b. sfd will be 0 since we closed 0. so dup it to 1 and 2 */
if
(
fcntl
(
sfd
,
F_DUPFD
,
1
)
==
-
1
)
{
exit
(
1
);
}
...
...
@@ -402,33 +478,24 @@ if (db) fprintf(stderr, "slave is: %s fd=%d\n", slave, fd);
exit
(
1
);
}
unlink
(
"/tmp/isatty"
);
unlink
(
"/tmp/isastream"
);
#if LIBVNCSERVER_HAVE_SYS_IOCTL_H
#if 0
if (isastream(sfd)) {
tfd = open("/tmp/isastream", O_CREAT|O_WRONLY, 0600);
close(tfd);
ioctl(sfd, I_PUSH, "ptem");
ioctl(sfd, I_PUSH, "ldterm");
ioctl(sfd, I_PUSH, "ttcompat");
}
#endif
#if 1
#if defined(TIOCSCTTY) && !defined(sun) && !defined(hpux)
#if LIBVNCSERVER_HAVE_SYS_IOCTL_H && defined(TIOCSCTTY)
ioctl
(
sfd
,
TIOCSCTTY
,
(
char
*
)
0
);
#endif
#endif
if
(
isatty
(
sfd
)
)
{
if
(
db
>
2
)
{
char
nam
[
256
];
tfd
=
open
(
"/tmp/isatty"
,
O_CREAT
|
O_WRONLY
,
0600
);
close
(
tfd
);
sprintf
(
nam
,
"stty -a < %s > /tmp/isatty 2>&1"
,
slave
);
system
(
nam
);
unlink
(
"/tmp/isatty"
);
tfd
=
open
(
"/tmp/isatty"
,
O_CREAT
|
O_WRONLY
,
0600
);
if
(
isatty
(
sfd
))
{
close
(
tfd
);
sprintf
(
nam
,
"stty -a < %s > /tmp/isatty 2>&1"
,
slave
);
system
(
nam
);
}
else
{
write
(
tfd
,
"NOTTTY
\n
"
,
7
);
close
(
tfd
);
}
}
#endif
/* SYS_IOCTL_H */
chdir
(
"/"
);
try_to_be_nobody
();
...
...
@@ -444,102 +511,139 @@ close(tfd);
set_env
(
"LANG"
,
"C"
);
set_env
(
"SHELL"
,
"/bin/sh"
);
/* synchronize with parent: */
write
(
2
,
"C"
,
1
);
execlp
(
bin_su
,
bin_su
,
user
,
"-c"
,
bin_true
,
(
char
*
)
NULL
);
exit
(
1
);
}
/* parent */
if
(
db
)
fprintf
(
stderr
,
"pid: %d
\n
"
,
pid
);
if
(
db
>
3
)
{
char
cmd
[
32
];
usleep
(
100
*
1000
);
sprintf
(
cmd
,
"ps wu %d"
,
pid
);
system
(
cmd
);
sprintf
(
cmd
,
"stty -a < %s"
,
slave
);
system
(
cmd
);
}
usleep
(
500
*
1000
);
/* send the password "early" (i.e. before we drain) */
if
(
0
)
{
int
k
;
for
(
k
=
0
;
k
<
strlen
(
pass
);
k
++
)
{
write
(
fd
,
pass
+
k
,
1
);
usleep
(
100
*
1000
);
}
}
else
{
write
(
fd
,
pass
,
strlen
(
pass
));
}
/*
* set an alarm for blocking read() to close the master
* (presumably terminating the child.
we avoid SIGTERM for now
)
* (presumably terminating the child.
SIGTERM too...
)
*/
slave_fd
=
fd
;
alarm_fired
=
0
;
signal
(
SIGALRM
,
close_alarm
);
alarm
(
10
);
/* synchronize with child: */
for
(
i
=
0
;
i
<
10
;
i
++
)
{
int
n
;
buf
[
0
]
=
'\0'
;
buf
[
1
]
=
'\0'
;
n
=
read
(
fd
,
buf
,
1
);
if
(
n
<
0
&&
errno
==
EINTR
)
{
continue
;
}
else
{
break
;
}
}
if
(
db
)
{
fprintf
(
stderr
,
"read from child: '%s'
\n
"
,
buf
);
}
alarm
(
0
);
signal
(
SIGALRM
,
SIG_DFL
);
if
(
alarm_fired
)
{
kill_child
(
pid
,
fd
);
return
0
;
}
#if LIBVNCSERVER_HAVE_SYS_IOCTL_H && defined(TIOCTRAP)
{
int
control
=
1
;
ioctl
(
fd
,
TIOCTRAP
,
&
control
);
}
#endif
/*
* In addition to checking exit code below, we watch for the
* appearance of the string "Password:". BSD does not seem to
* ask for a password trying to su to yourself.
* ask for a password trying to su to yourself. This is the
* setting in /etc/pam.d/su:
* auth sufficient pam_self.so
* it may be commented out without problem.
*/
for
(
i
=
0
;
i
<
16
;
i
++
)
{
for
(
i
=
0
;
i
<
32
;
i
++
)
{
instr
[
i
]
=
'\0'
;
}
alarm_fired
=
0
;
signal
(
SIGALRM
,
close_alarm
);
alarm
(
10
);
j
=
0
;
for
(
i
=
0
;
i
<
strlen
(
"Password:"
);
i
++
)
{
for
(
i
=
0
;
i
<
(
int
)
strlen
(
"Password:"
);
i
++
)
{
char
pstr
[]
=
"password:"
;
char
buf
[
2
];
int
n
;
buf
[
0
]
=
'\0'
;
buf
[
1
]
=
'\0'
;
n
=
read
(
fd
,
buf
,
1
);
if
(
n
<
0
&&
errno
==
EINTR
)
{
i
--
;
continue
;
}
if
(
db
==
1
)
fprintf
(
stderr
,
"%d "
,
n
,
db
>
1
?
buf
:
""
);
if
(
db
>
1
)
fprintf
(
stderr
,
"%s"
,
buf
);
if
(
db
)
fprintf
(
stderr
,
"%s"
,
buf
);
if
(
db
>
3
&&
n
==
1
&&
buf
[
0
]
==
':'
)
{
char
cmd
[
32
];
usleep
(
100
*
1000
);
fprintf
(
stderr
,
"
\n\n
"
);
sprintf
(
cmd
,
"ps wu %d"
,
pid
);
system
(
cmd
);
sprintf
(
cmd
,
"stty -a < %s"
,
slave
);
system
(
cmd
);
fprintf
(
stderr
,
"
\n\n
"
);
}
if
(
n
==
1
)
{
if
(
isspace
(
buf
[
0
]))
{
i
--
;
continue
;
}
instr
[
j
++
]
=
tolower
(
buf
[
0
]);
}
if
(
n
<=
0
||
strstr
(
pstr
,
instr
)
!=
pstr
)
{
rfbLog
(
"
\"
Password:
\"
did not appear: '%s' n=%d
\n
"
,
instr
,
n
);
if
(
db
>
3
&&
n
==
1
)
{
continue
;
}
if
(
db
)
{
fprintf
(
stderr
,
"
\"
Password:
\"
did not appear: '%s'"
" n=%d
\n
"
,
instr
,
n
);
if
(
db
>
3
&&
n
==
1
&&
j
<
32
)
{
continue
;
}
}
alarm
(
0
);
signal
(
SIGALRM
,
SIG_DFL
);
slave_fd
=
-
1
;
close
(
fd
);
kill
(
pid
,
SIGTERM
);
waitpid
(
pid
,
&
status
,
WNOHANG
);
kill_child
(
pid
,
fd
);
return
0
;
}
}
alarm
(
0
);
signal
(
SIGALRM
,
SIG_DFL
);
if
(
alarm_fired
)
{
kill_child
(
pid
,
fd
);
return
0
;
}
usleep
(
250
*
1000
);
#if 0
tcdrain(fd);
#endif
usleep
(
100
*
1000
);
if
(
slow_pw
)
{
unsigned
int
k
;
for
(
k
=
0
;
k
<
strlen
(
pass
);
k
++
)
{
write
(
fd
,
pass
+
k
,
1
);
usleep
(
100
*
1000
);
}
}
else
{
write
(
fd
,
pass
,
strlen
(
pass
));
}
alarm_fired
=
0
;
signal
(
SIGALRM
,
close_alarm
);
alarm
(
15
);
...
...
@@ -549,16 +653,17 @@ if (db > 1) fprintf(stderr, "%s", buf);
* make cause child to die by signal.
*/
for
(
i
=
0
;
i
<
4096
;
i
++
)
{
char
buf
[
2
];
int
n
;
buf
[
0
]
=
'\0'
;
buf
[
1
]
=
'\0'
;
n
=
read
(
fd
,
buf
,
1
);
if
(
n
<
0
&&
errno
==
EINTR
)
{
continue
;
}
if
(
db
==
1
)
fprintf
(
stderr
,
"%d "
,
n
,
db
>
1
?
buf
:
""
);
if
(
db
>
1
)
fprintf
(
stderr
,
"%s"
,
buf
);
if
(
db
)
fprintf
(
stderr
,
"%s"
,
buf
);
if
(
n
<=
0
)
{
break
;
...
...
@@ -569,6 +674,11 @@ if (db) fprintf(stderr, "\n");
alarm
(
0
);
signal
(
SIGALRM
,
SIG_DFL
);
if
(
alarm_fired
)
{
kill_child
(
pid
,
fd
);
return
0
;
}
slave_fd
=
-
1
;
pidw
=
waitpid
(
pid
,
&
status
,
0
);
...
...
@@ -577,12 +687,13 @@ if (db) fprintf(stderr, "\n");
if
(
pid
!=
pidw
)
{
return
0
;
}
if
(
WIFEXITED
(
status
)
&&
WEXITSTATUS
(
status
)
==
0
)
{
return
1
;
/* this is the only return of success. */
}
else
{
return
0
;
}
#endif
/* UNIXPW */
#endif
/* UNIXPW
_SU
*/
}
static
void
unixpw_verify
(
char
*
user
,
char
*
pass
)
{
...
...
@@ -593,9 +704,18 @@ static void unixpw_verify(char *user, char *pass) {
if
(
db
)
fprintf
(
stderr
,
"unixpw_verify: '%s' '%s'
\n
"
,
user
,
db
>
1
?
pass
:
"********"
);
rfbLog
(
"unixpw_verify: %s
\n
"
,
user
);
if
(
su_verify
(
user
,
pass
))
{
unixpw_accept
(
user
);
return
;
if
(
unixpw_nis
)
{
if
(
crypt_verify
(
user
,
pass
))
{
unixpw_accept
(
user
);
return
;
}
else
{
usleep
(
3000
*
1000
);
}
}
else
{
if
(
su_verify
(
user
,
pass
))
{
unixpw_accept
(
user
);
return
;
}
}
if
(
tries
<
2
)
{
...
...
@@ -794,6 +914,13 @@ static void apply_opts (char *user) {
rfbClientPtr
cl
=
unixpw_client
;
int
i
;
if
(
user
)
{
if
(
cd
->
unixname
)
{
free
(
cd
->
unixname
);
}
cd
->
unixname
=
strdup
(
user
);
}
if
(
!
unixpw_list
)
{
return
;
}
...
...
@@ -808,7 +935,7 @@ static void apply_opts (char *user) {
p
=
strtok
(
NULL
,
","
);
continue
;
}
if
(
!
strcmp
(
user
,
p
))
{
if
(
user
&&
!
strcmp
(
user
,
p
))
{
opts
=
strdup
(
q
+
1
);
}
if
(
!
strcmp
(
"*"
,
p
))
{
...
...
@@ -846,7 +973,6 @@ static void apply_opts (char *user) {
}
void
unixpw_accept
(
char
*
user
)
{
apply_opts
(
user
);
unixpw_in_progress
=
0
;
...
...
x11vnc/unixpw.h
View file @
a9a9c812
...
...
@@ -8,6 +8,7 @@ extern void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init);
extern
void
unixpw_accept
(
char
*
user
);
extern
void
unixpw_deny
(
void
);
extern
int
su_verify
(
char
*
user
,
char
*
pass
);
extern
int
crypt_verify
(
char
*
user
,
char
*
pass
);
extern
int
unixpw_in_progress
;
extern
time_t
unixpw_last_try_time
;
...
...
x11vnc/x11vnc.1
View file @
a9a9c812
...
...
@@ -2,7 +2,7 @@
.TH X11VNC "1" "March 2006" "x11vnc " "User Commands"
.SH NAME
x11vnc - allow VNC connections to real X11 displays
version: 0.8.1, lastmod: 2006-03-0
2
version: 0.8.1, lastmod: 2006-03-0
4
.SH SYNOPSIS
.B x11vnc
[OPTION]...
...
...
@@ -32,10 +32,10 @@ these protections. See the FAQ for details how to tunnel the VNC connection
through an encrypted channel such as
.IR ssh (1).
In brief:
.
I
P
ssh -L 5900:localhost:5900 far-host 'x11vnc -localhost -display :0'
.
I
P
vncviewer -encodings 'copyrect tight zrle hextile' localhost:0
.
P
P
%
ssh -L 5900:localhost:5900 far-host 'x11vnc -localhost -display :0'
.
P
P
%
vncviewer -encodings 'copyrect tight zrle hextile' localhost:0
.PP
Also, use of a VNC password (-rfbauth or \fB-passwdfile)\fR is strongly recommend.
.PP
...
...
@@ -494,19 +494,19 @@ full-access passwords)
.PP
\fB-unixpw\fR \fI[list]\fR
.IP
Experimental option: use Unix username and password
authentication. x11vnc
uses the
Use Unix username and password authentication. x11vnc
uses the
.IR su (1)
program to verify
the user's password. [list] is an optional comma
separated list of allowed Unix usernames. See below
for per-user options that
can be applied.
program to verify
the user's password.
[list] is an optional comma separated list of allowed
Unix usernames. See below for per-user options that
can be applied.
.IP
A familiar "login:" and "Password:" dialog is
presented to the user on a black screen inside the
vncviewer. The connection is dropped if the user fails
to supply the correct password in 3 tries or does not
send one before a 2
0
second timeout. Existing clients
send one before a 2
5
second timeout. Existing clients
are view-only during this period.
.IP
Since the detailed behavior of
...
...
@@ -514,19 +514,24 @@ Since the detailed behavior of
can vary from
OS to OS and for local configurations, please test
the mode carefully on your systems before using it.
Try different combinations of valid/invalid usernames
and passwords.
.IP
For example, on FreeBSD and the other BSD's and Tru64
it does not appear to be possible for the user running
x11vnc to validate his *own* password via
.IR su (1).
The x11vnc login will always fail in this case.
A possible workaround would be to start x11vnc as
root with the "\fB-users\fR \fI+nobody\fR" option to immediately
switch to user nobody. Another source of problems are
PAM modules that prompt for extra info, e.g. password
aging modules. These logins will always fail as well.
E.g. try different combinations of valid/invalid
usernames and valid/invalid passwords to see if it
behaves correctly. x11vnc will be conservative and
reject a user if anything abnormal occurs.
.IP
For example, on FreeBSD and the other BSD's by default
it is impossible for the user running x11vnc to validate
his *own* password via
.IR su (1)
(evidently commenting
out the pam_self.so entry in /etc/pam.d/su eliminates
the problem). So the x11vnc login will always fail for
this case. A possible workaround would be to start
x11vnc as root with the "\fB-users\fR \fI+nobody\fR" option to
immediately switch to user nobody. Another source of
problems are PAM modules that prompt for extra info,
e.g. password aging modules. These logins will always
fail as well.
.IP
*IMPORTANT*: to prevent the Unix password being sent in
*clear text* over the network, two x11vnc options are
...
...
@@ -544,21 +549,22 @@ Evidently you will be using a different method to
encrypt the data between the vncviewer and x11vnc:
e.g.
.IR ssh (1)
or a VPN. Note that use of
or a VPN. Note that use of \fB-localhost\fR
with
.IR ssh (1)
with
\fB-localhost\fR is roughly the same as requiring a Unix
user login (since Unix password or the user's public
key authentication is used by ssh
)
is roughly the same as requiring a Unix
user login (since a Unix password or the user's public
key authentication is used by ssh on the machine where
x11vnc runs and only local connections are accepted
)
.IP
As a convenience, if you
.IR ssh (1)
in and start x11vnc
it will look to see if the environment variable
SSH_CONNECTION is set and appears reasonable. If it
does, then the stunnel requirement is dropped since
it is assumed you are using ssh for the encrypted
tunnelling.
Use \fB-stunnel\fR to force stunnel usage.
in and start x11vnc
it
will check if the environment variable SSH_CONNECTION
is set and appears reasonable. If it does, then the
stunnel requirement is dropped since it is assumed
you are using ssh for the encrypted tunnelling.
Use \fB-stunnel\fR to force stunnel usage.
.IP
Set UNIXPW_DISABLE_LOCALHOST=1 to disable the \fB-localhost\fR
requirement. One should never do this (i.e. allow the
...
...
@@ -575,20 +581,36 @@ per-user options after a ":", e.g. "fred:opts"
where "opts" is a "+" separated list of
"viewonly", "fullaccess", "input=XXXX", or
"deny", e.g. "karl,fred:viewonly,boss:input=M".
For "input=" it is the K,M,B,C describe under \fB-input.\fR
For "input=" it is the K,M,B,C describe
d
under \fB-input.\fR
.IP
If a user in the list is "*" that means those options
apply to all users. It also means all users are allowed
to log in. Use "deny" to explicitly deny some users
if you use "*" to set a global option.
If a user in the list is "*" that means those
options apply to all users. It also means all users
are allowed to log in after supplying a valid password.
Use "deny" to explicitly deny some users if you use
"*" to set a global option.
.PP
\fB-unixpw_nis\fR \fI[list]\fR
.IP
As \fB-unixpw\fR above, however do not run
.IR su (1)
but rather
use the traditional getpwnam() + crypt() method instead.
This requires that the encrpyted passwords be readable.
Passwords stored in /etc/shadow will be inaccessible
unless run as root. This is called "NIS" mode
simply because in most NIS setups the user encrypted
passwords are accessible (e.g. "ypcat passwd").
NIS is not required for this mode to work, but it
is unlikely it will work for any other environment.
All of the \fB-unixpw\fR options and contraints apply.
.PP
\fB-stunnel\fR \fI[pem]\fR
.IP
Use the
.IR stunnel (1)
(www.stunnel.org) to provide
an
encrypted SSL tunnel between viewers and x11vnc.
This requires stunnel be installed on the system and
(www.stunnel.org) to provide
an
encrypted SSL tunnel between viewers and x11vnc.
This requires stunnel
to
be installed on the system and
available via PATH (n.b. stunnel is often installed in
sbin directories). Version 4.x of stunnel is assumed;
see \fB-stunnel3\fR below.
...
...
@@ -600,9 +622,9 @@ configuration.
.IP
stunnel is started up as a child process of x11vnc and
any SSL connections stunnel receives are decrypted and
sent to x11vnc over a local socket. The strings
"The
SSL VNC desktop is ..." and SSLPORT=... are printed
out at startup.
sent to x11vnc over a local socket. The strings
"The SSL VNC desktop is ..." and "SSLPORT=..."
are printed
out at startup.
.IP
The \fB-localhost\fR option is enforced by default to
avoid people routing around the SSL channel. Set
...
...
@@ -610,7 +632,7 @@ STUNNEL_DISABLE_LOCALHOST=1 to disable the requirement.
.IP
Your VNC viewer will need to be able to connect via SSL.
Unfortunately not too many do this. UltraVNC seems to
have a SSL plugin.
It is not too difficult to set up
have a SSL plugin. It is not too difficult to set up
an stunnel or other SSL tunnel on the viewer side.
.IP
A simple example on Unix using stunnel 3.x is:
...
...
@@ -2694,16 +2716,16 @@ aro= noop display vncdisplay desktopname guess_desktop
http_url auth xauth users rootshift clipshift
scale_str scaled_x scaled_y scale_numer scale_denom
scale_fac scaling_blend scaling_nomult4 scaling_pad
scaling_interpolate inetd privremote unsafe safer
nocmds
passwdfile unixpw unixpw_list stunnel stunnel_pem
using_shm logfile o flag rc norc h help V version
lastmod bg sigpipe threads readrate netrate netlatency
pipeinput clients client_count pid ext_xtest ext_xtrap
ext_x
record ext_xkb ext_xshm ext_xinerama ext_overlay
ext_
xfixes ext_xdamage ext_xrandr rootwin num_buttons
button_mask mouse_x mouse_y bpp depth indexed_color
dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy
_y
coff_x coff_y rfbauth passwd viewpasswd
scaling_interpolate inetd privremote unsafe safer
nocmds passwdfile unixpw unixpw_nis unixpw_list stunnel
stunnel_pem using_shm logfile o flag rc norc h help
V version lastmod bg sigpipe threads readrate netrate
netlatency pipeinput clients client_count pid ext_xtest
ext_x
trap ext_xrecord ext_xkb ext_xshm ext_xinerama
ext_
overlay ext_xfixes ext_xdamage ext_xrandr rootwin
num_buttons button_mask mouse_x mouse_y bpp depth
indexed_color dpy_x dpy_y wdpy_x wdpy_y off_x off
_y
c
dpy_x cdpy_y c
off_x coff_y rfbauth passwd viewpasswd
.PP
\fB-QD\fR \fIvariable\fR
.IP
...
...
@@ -2896,15 +2918,26 @@ run by \fB-accept\fR and \fB-gone\fR:
.IR vncconnect (1),
.IR vncserver (1),
.IR Xvnc (1),
.IR inetd (1),
.IR xev (1),
.IR xdpyinfo (1),
.IR xwininfo (1),
.IR xprop (1),
.IR xmodmap (1),
.IR xrandr (1),
.IR Xserver (1),
.IR xauth (1),
.IR xhost (1),
.IR Xsecurity (7),
.IR xmessage (1),
.IR XGetImage (3X11),
.IR ipcrm (1),
.IR inetd (1),
.IR xdm (1),
.IR gdm (1),
.IR kdm (1),
.IR ssh (1),
.IR stunnel (8),
.IR su (1),
.IR http://www.tightvnc.com ,
.IR http://www.realvnc.com ,
.IR http://www.karlrunge.com/x11vnc/ ,
...
...
x11vnc/x11vnc.c
View file @
a9a9c812
...
...
@@ -138,6 +138,7 @@
#include "connections.h"
#include "rates.h"
#include "unixpw.h"
#include "inet.h"
/*
* main routine for the x11vnc program
...
...
@@ -467,6 +468,7 @@ if (debug_scroll) fprintf(stderr, "watch_loop: LOOP-BACK: %d\n", ret);
check_keycode_state
();
check_connect_inputs
();
check_gui_inputs
();
check_stunnel
();
record_last_fb_update
();
check_padded_fb
();
check_fixscreen
();
...
...
@@ -898,6 +900,82 @@ static void immediate_switch_user(int argc, char* argv[]) {
}
}
static
void
quick_pw
(
char
*
str
)
{
char
*
p
,
*
q
;
char
tmp
[
1024
];
int
db
=
0
;
if
(
db
)
fprintf
(
stderr
,
"quick_pw: %s
\n
"
,
str
);
if
(
!
str
||
str
[
0
]
==
'\0'
)
{
exit
(
1
);
}
if
(
str
[
0
]
!=
'%'
)
{
exit
(
1
);
}
/*
* "%-" or "%stdin" means read one line from stdin.
*
* "%env" means it is in $UNIXPW env var.
*
* starting "%/" or "%." means read the first line from that file.
*
* otherwise: %user:pass
*/
if
(
!
strcmp
(
str
,
"%-"
)
||
!
strcmp
(
str
,
"%stdin"
))
{
if
(
fgets
(
tmp
,
1024
,
stdin
)
==
NULL
)
{
exit
(
1
);
}
q
=
strdup
(
tmp
);
}
else
if
(
!
strcmp
(
str
,
"%env"
))
{
if
(
getenv
(
"UNIXPW"
)
==
NULL
)
{
exit
(
1
);
}
q
=
strdup
(
getenv
(
"UNIXPW"
));
}
else
if
(
str
[
1
]
==
'/'
||
str
[
1
]
==
'.'
)
{
FILE
*
in
=
fopen
(
str
+
1
,
"r"
);
if
(
in
==
NULL
)
{
exit
(
1
);
}
if
(
fgets
(
tmp
,
1024
,
in
)
==
NULL
)
{
exit
(
1
);
}
q
=
strdup
(
tmp
);
}
else
{
q
=
strdup
(
str
+
1
);
}
p
=
(
char
*
)
malloc
(
strlen
(
q
)
+
10
);
strcpy
(
p
,
q
);
if
(
strchr
(
p
,
'\n'
)
==
NULL
)
{
strcat
(
p
,
"
\n
"
);
}
if
((
q
=
strchr
(
p
,
':'
))
==
NULL
)
{
exit
(
1
);
}
*
q
=
'\0'
;
if
(
db
)
fprintf
(
stderr
,
"'%s' '%s'
\n
"
,
p
,
q
+
1
);
if
(
unixpw_nis
)
{
if
(
crypt_verify
(
p
,
q
+
1
))
{
fprintf
(
stdout
,
"Y %s
\n
"
,
p
);
exit
(
0
);
}
else
{
fprintf
(
stdout
,
"N %s
\n
"
,
p
);
exit
(
1
);
}
}
else
{
if
(
su_verify
(
p
,
q
+
1
))
{
fprintf
(
stdout
,
"Y %s
\n
"
,
p
);
exit
(
0
);
}
else
{
fprintf
(
stdout
,
"N %s
\n
"
,
p
);
exit
(
1
);
}
}
/* NOTREACHED */
exit
(
1
);
}
static
void
print_settings
(
int
try_http
,
int
bg
,
char
*
gui_str
)
{
fprintf
(
stderr
,
"
\n
"
);
...
...
@@ -1364,9 +1442,11 @@ int main(int argc, char* argv[]) {
CHECK_ARGC
passwdfile
=
strdup
(
argv
[
++
i
]);
got_passwdfile
=
1
;
}
else
if
(
!
strcmp
(
arg
,
"-unixpw"
)
||
!
strcmp
(
arg
,
"-unixpw_unsafe"
))
{
}
else
if
(
strstr
(
arg
,
"-unixpw"
)
==
arg
)
{
unixpw
=
1
;
if
(
strstr
(
arg
,
"-unixpw_nis"
))
{
unixpw_nis
=
1
;
}
if
(
i
<
argc
-
1
)
{
char
*
p
,
*
q
,
*
s
=
argv
[
i
+
1
];
if
(
s
[
0
]
!=
'-'
)
{
...
...
@@ -1374,23 +1454,12 @@ int main(int argc, char* argv[]) {
i
++
;
}
if
(
s
[
0
]
==
'%'
)
{
p
=
unixpw_list
;
unixpw_list
=
NULL
;
strcpy
(
p
,
s
+
1
);
strcat
(
p
,
"
\n
"
);
/* just fits */
if
((
q
=
strchr
(
p
,
':'
))
==
NULL
)
{
exit
(
1
);
}
*
q
=
'\0'
;
if
(
su_verify
(
p
,
q
+
1
))
{
fprintf
(
stderr
,
"
\n
Y
\n
"
);
}
else
{
fprintf
(
stderr
,
"
\n
N
\n
"
);
}
exit
(
0
);
quick_pw
(
s
);
exit
(
1
);
}
}
if
(
!
strcmp
(
arg
,
"-unixpw
_unsafe"
))
{
if
(
strstr
(
arg
,
"
_unsafe"
))
{
/* hidden option for testing. */
set_env
(
"UNIXPW_DISABLE_STUNNEL"
,
"1"
);
set_env
(
"UNIXPW_DISABLE_LOCALHOST"
,
"1"
);
...
...
@@ -2114,6 +2183,17 @@ int main(int argc, char* argv[]) {
"mode.
\n
"
);
}
use_stunnel
=
1
;
}
else
if
(
!
getenv
(
"UNIXPW_DISABLE_STUNNEL"
))
{
char
*
s
=
getenv
(
"SSH_CONNECTION"
);
if
(
!
s
)
s
=
getenv
(
"SSH_CLIENT"
);
if
(
!
s
)
s
=
"SSH_CONNECTION"
;
fprintf
(
stderr
,
"
\n
"
);
rfbLog
(
"Skipping -stunnel contraint in -unixpw mode,
\n
"
);
rfbLog
(
"assuming your SSH encryption is: %s
\n
"
,
s
);
fprintf
(
stderr
,
"
\n
"
);
if
(
!
nopw
)
{
usleep
(
2000
*
1000
);
}
}
}
}
else
if
(
use_stunnel
)
{
...
...
x11vnc/x11vnc.h
View file @
a9a9c812
...
...
@@ -247,6 +247,19 @@ extern int h_errno;
# endif
#endif
/*
* For reference, the OS header defines:
__SVR4 && __sun is solaris
__sgi
__hpux
__osf__
__OpenBSD__
__FreeBSD__
__NetBSD__
__linux__
_AIX
*/
#ifdef IRIX_OVERLAY
#include <X11/extensions/readdisplay.h>
#endif
...
...
@@ -422,6 +435,7 @@ typedef struct _ClientData {
int
uid
;
char
*
hostname
;
char
*
username
;
char
*
unixname
;
int
client_port
;
int
server_port
;
char
*
server_ip
;
...
...
x11vnc/x11vnc_defs.c
View file @
a9a9c812
...
...
@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
int
xdamage_base_event_type
=
0
;
/* date +'lastmod: %Y-%m-%d' */
char
lastmod
[]
=
"0.8.1 lastmod: 2006-03-0
2
"
;
char
lastmod
[]
=
"0.8.1 lastmod: 2006-03-0
4
"
;
/* X display info */
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment