Skip to content

L
libvncserver
Commit a9a9c812 authored by runge's avatar runge
Browse files
Options

x11vnc: -unixpw on *bsd, hpux and tru64. -unixpw_nis mode. stunnel and gui tweaks.

parent b03a920c
Show whitespace changes
Inline Side-by-side
Showing with 1314 additions and 757 deletions
configure.ac
View file @ a9a9c812
...@@ -175,6 +175,21 @@ if test "$X_CFLAGS" != "-DX_DISPLAY_MISSING"; then ...@@ -175,6 +175,21 @@ if test "$X_CFLAGS" != "-DX_DISPLAY_MISSING"; then
esac esac
fi fi
# only x11vnc uses crypt()
AH_TEMPLATE(HAVE_LIBCRYPT, [libcrypt library present])
AC_ARG_WITH(crypt,
[ --without-crypt disable support for libcrypt],,)
if test "x$with_crypt" != "xno"; then
AC_CHECK_FUNCS([crypt], HAVE_LIBC_CRYPT="true")
if test -z "$HAVE_LIBC_CRYPT"; then
AC_CHECK_LIB(crypt, crypt,
X_PRELIBS="$X_PRELIBS -lcrypt"
[AC_DEFINE(HAVE_LIBCRYPT)], ,
$X_LIBS $X_PRELIBS -lcrypt $X_EXTRA_LIBS)
fi
fi
X_LIBS="$X_LIBS $X_PRELIBS -lX11 $X_EXTRA_LIBS" X_LIBS="$X_LIBS $X_PRELIBS -lX11 $X_EXTRA_LIBS"
fi fi
fi fi
...@@ -345,7 +360,7 @@ AC_SUBST(WSOCKLIB) ...@@ -345,7 +360,7 @@ AC_SUBST(WSOCKLIB)
# Checks for header files. # Checks for header files.
AC_HEADER_STDC AC_HEADER_STDC
AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h sys/timeb.h syslog.h unistd.h pwd.h sys/wait.h utmpx.h termios.h sys/ioctl.h]) AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h sys/timeb.h syslog.h unistd.h pwd.h sys/wait.h utmpx.h termios.h sys/ioctl.h sys/stropts.h])
# Checks for typedefs, structures, and compiler characteristics. # Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST AC_C_CONST
......
x11vnc/ChangeLog
View file @ a9a9c812
2006-03-04 Karl Runge <runge@karlrunge.com>
* x11vnc: -unixpw on *bsd, hpux and tru64. Add -unixpw_nis for
non-shadow systems. check stunnel dying. check SSH_CONNECTION
in -unixpw. gui icon tweaks, unix username.
2006-03-02 Karl Runge <runge@karlrunge.com> 2006-03-02 Karl Runge <runge@karlrunge.com>
* x11vnc: more tweaks to -unixpw mode. Add -gone popup mode. * x11vnc: more tweaks to -unixpw mode. Add -gone popup mode.
Change filexfer via -R. Tune SMALL_FOOTPRINT. gui fixes. Change filexfer via -R. Tune SMALL_FOOTPRINT. gui fixes.
......
x11vnc/README
View file @ a9a9c812
x11vnc README file Date: Thu Mar 2 19:06:49 EST 2006 x11vnc README file Date: Sat Mar 4 17:57:40 EST 2006
The following information is taken from these URLs: The following information is taken from these URLs:
...@@ -184,11 +184,12 @@ splay :0' ...@@ -184,11 +184,12 @@ splay :0'
command: command:
sitting-here> vncviewer -encodings "copyrect tight zrle hextile" localhost:0 sitting-here> vncviewer -encodings "copyrect tight zrle hextile" localhost:0
Note: The -encodings option is very important: vncviewer will default Note: The -encodings option is very important: vncviewer will often
to "raw" encoding if it thinks the connection is to the local machine, default to "raw" encoding if it thinks the connection is to the local
and so vncviewer gets tricked this way by the ssh redirection. "raw" machine, and so vncviewer gets tricked this way by the ssh
encoding will be extremely slow over a networked link, so you need to redirection. "raw" encoding will be extremely slow over a networked
force the issue with -encodings "copyrect tight ...". link, so you need to force the issue with -encodings "copyrect tight
...".
Note that "x11vnc -localhost ..." limits incoming vncviewer Note that "x11vnc -localhost ..." limits incoming vncviewer
connections to only those from the same machine. This is very natural connections to only those from the same machine. This is very natural
...@@ -522,6 +523,8 @@ r/sfw; make' ...@@ -522,6 +523,8 @@ r/sfw; make'
Here is a build script that indicates one way to pass the library Here is a build script that indicates one way to pass the library
locations information to the libvncserver configuration via the locations information to the libvncserver configuration via the
CPPFLAGS and LDFLAGS environment variables. CPPFLAGS and LDFLAGS environment variables.
---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8
<---
#!/bin/sh #!/bin/sh
# Build script for Solaris, etc, with gcc, libjpeg and libz in # Build script for Solaris, etc, with gcc, libjpeg and libz in
...@@ -562,6 +565,9 @@ make ...@@ -562,6 +565,9 @@ make
ls -l ./x11vnc/x11vnc ls -l ./x11vnc/x11vnc
---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8
<---
Then do make install or copy the x11vnc binary to your desired Then do make install or copy the x11vnc binary to your desired
destination. destination.
...@@ -1391,7 +1397,7 @@ env DISPLAY=`echo $DISPLAY | sed -e 's/^.*:/unix:/'` xscreensaver & ...@@ -1391,7 +1397,7 @@ env DISPLAY=`echo $DISPLAY | sed -e 's/^.*:/unix:/'` xscreensaver &
mouse to the edge of the screen where the popups happen, the taskbars mouse to the edge of the screen where the popups happen, the taskbars
interfere and fight with each other in strange ways. What can I do? interfere and fight with each other in strange ways. What can I do?
[Misc: Clipboard, Beeps, Thanks, etc.] [Misc: Clipboard, File Transfer, Beeps, Thanks, etc.]
[182]Q-85: Does the Clipboard/Selection get transferred between the [182]Q-85: Does the Clipboard/Selection get transferred between the
vncviewer and the X display? vncviewer and the X display?
...@@ -2732,24 +2738,41 @@ exit 1 ...@@ -2732,24 +2738,41 @@ exit 1
and "Password:" dialog is presented to the user on a black screen and "Password:" dialog is presented to the user on a black screen
inside the vncviewer. The connection is dropped if the user fails to inside the vncviewer. The connection is dropped if the user fails to
supply the correct password in 3 tries or does not send one before a supply the correct password in 3 tries or does not send one before a
20 second timeout. Existing clients are view-only during this period. 25 second timeout. Existing clients are view-only during this period.
A list of allowed Unix usernames can also be supplied. Two settings A list of allowed Unix usernames may also be supplied along with
are enforced in -unixpw mode to provide extra security: the per-user settings.
[308]-localhost and [309]-stunnel options. Without these one might
send the Unix username and password in clear text over the network There is also the [308]-unixpw_nis option for non-shadow-password
which is a very bad idea. They can be relaxed if you want to provide (typically NIS environments, hence the name) systems where the
encryption other than stunnel (the stunnel constraint is automatically traditional getpwnam() and crypt() functions are used. The encrypted
relaxed if SSH_CONNECTION is set and indicates you have ssh-ed in). user passwords must be accessible to the user running x11vnc in
-unixpw_nis mode. See ypcat(1) and shadow(5).
Two settings are enforced in the -unixpw and -unixpw_nis modes to
provide extra security: the 1) [309]-localhost and 2) [310]-stunnel
options. Without these one might send the Unix username and password
data in clear text over the network which is a very bad idea. They can
be relaxed if you want to provide encryption other than stunnel (the
stunnel constraint is automatically relaxed if SSH_CONNECTION is set
and indicates you have ssh-ed in, however the -localhost requirement
is still enforced).
The two -unixpw modes have been tested on Linux, Solaris, HP-UX,
Tru64, FreeBSD, OpenBSD, and NetBSD. Additional testing is
appreciated. For the last 4 it appears that su(1) will not prompt for
a password if su-ing to oneself. Since x11vnc requires a password
prompt from su, those logins will fail. On *BSD it appears this can be
corrected by commenting out the pam_self.so entry in /etc/pam.d/su.
Previous discussion: One approximate method involves starting x11vnc Previous discussion: One approximate method involves starting x11vnc
with the [310]-localhost option. This basically requires the viewer with the [311]-localhost option. This basically requires the viewer
user to log into the workstation where x11vnc is running via their user to log into the workstation where x11vnc is running via their
Unix username and password, and then somehow set up a port redirection Unix username and password, and then somehow set up a port redirection
of his vncviewer connection to make it appear to emanate from the of his vncviewer connection to make it appear to emanate from the
local machine. As discussed above, ssh is useful for this: "ssh -L local machine. As discussed above, ssh is useful for this: "ssh -L
5900:localhost:5900 user@hostname ..." See the ssh wrapper scripts 5900:localhost:5900 user@hostname ..." See the ssh wrapper scripts
mentioned [311]elsewhere on this page. [312]stunnel does this as well. mentioned [312]elsewhere on this page. [313]stunnel does this as well.
Of course a malicious user could allow other users to get in through Of course a malicious user could allow other users to get in through
his channel, but that is a problem with every method. Another thing to his channel, but that is a problem with every method. Another thing to
...@@ -2760,7 +2783,7 @@ exit 1 ...@@ -2760,7 +2783,7 @@ exit 1
traditional way would be to further require a VNC password to supplied traditional way would be to further require a VNC password to supplied
(-rfbauth, -passwd, etc) and only tell the people allowed in what the (-rfbauth, -passwd, etc) and only tell the people allowed in what the
VNC password is. A scheme that avoids a second password involves using VNC password is. A scheme that avoids a second password involves using
the [313]-accept option that runs a program to examine the connection the [314]-accept option that runs a program to examine the connection
information to determine which user is connecting from the local information to determine which user is connecting from the local
machine. That may be difficult to do, but, for example, the program machine. That may be difficult to do, but, for example, the program
could use the ident service on the local machine (normally ident could use the ident service on the local machine (normally ident
...@@ -2796,7 +2819,7 @@ exit 1 # reject it ...@@ -2796,7 +2819,7 @@ exit 1 # reject it
display manager like gdm(1). Can I have x11vnc later switch to a display manager like gdm(1). Can I have x11vnc later switch to a
different user? different user?
As of Feb/2005 x11vnc has the [314]-users option that allows things As of Feb/2005 x11vnc has the [315]-users option that allows things
like this. Please read the documentation on it (also in the x11vnc like this. Please read the documentation on it (also in the x11vnc
-help output) carefully for features and caveats. It's use can often -help output) carefully for features and caveats. It's use can often
decrease security unless care is taken. decrease security unless care is taken.
...@@ -2821,7 +2844,7 @@ exit 1 # reject it ...@@ -2821,7 +2844,7 @@ exit 1 # reject it
In any event, as of Jun/2004 there is an experimental utility to make In any event, as of Jun/2004 there is an experimental utility to make
it more difficult for nosey people to see your x11vnc activities. The it more difficult for nosey people to see your x11vnc activities. The
source for it is [315]blockdpy.c The idea behind it is simple (but source for it is [316]blockdpy.c The idea behind it is simple (but
obviously not bulletproof): when a VNC client attaches to x11vnc put obviously not bulletproof): when a VNC client attaches to x11vnc put
the display monitor in the DPMS "off" state, if the DPMS state ever the display monitor in the DPMS "off" state, if the DPMS state ever
changes immediately start up the screen-lock program. The x11vnc user changes immediately start up the screen-lock program. The x11vnc user
...@@ -2837,8 +2860,8 @@ exit 1 # reject it ...@@ -2837,8 +2860,8 @@ exit 1 # reject it
bulletproof. A really robust solution would likely require X server bulletproof. A really robust solution would likely require X server
and perhaps even video hardware support. and perhaps even video hardware support.
The blockdpy utility is launched by the [316]-accept option and told The blockdpy utility is launched by the [317]-accept option and told
to exit via the [317]-gone option (the vnc client user should to exit via the [318]-gone option (the vnc client user should
obviously re-lock the screen before disconnecting!). Instructions can obviously re-lock the screen before disconnecting!). Instructions can
be found in the source code for the utility at the above link. be found in the source code for the utility at the above link.
...@@ -2846,7 +2869,7 @@ exit 1 # reject it ...@@ -2846,7 +2869,7 @@ exit 1 # reject it
Q-42: Can I have x11vnc automatically lock the screen when I Q-42: Can I have x11vnc automatically lock the screen when I
disconnect the VNC viewer? disconnect the VNC viewer?
Yes, a user mentions he uses the [318]-gone option under CDE to run a Yes, a user mentions he uses the [319]-gone option under CDE to run a
screen lock program: screen lock program:
x11vnc -display :0 -forever -gone 'dtaction LockDisplay' x11vnc -display :0 -forever -gone 'dtaction LockDisplay'
...@@ -2855,7 +2878,7 @@ exit 1 # reject it ...@@ -2855,7 +2878,7 @@ exit 1 # reject it
x11vnc -display :0 -forever -gone 'kdesktop_lock' x11vnc -display :0 -forever -gone 'kdesktop_lock'
x11vnc -display :0 -forever -gone 'xlock &' x11vnc -display :0 -forever -gone 'xlock &'
Here is a scheme using the [319]-afteraccept option (in version 0.7.3) Here is a scheme using the [320]-afteraccept option (in version 0.7.3)
to unlock the screen after the first valid VNC login and to lock the to unlock the screen after the first valid VNC login and to lock the
screen after the last valid VNC login disconnects: screen after the last valid VNC login disconnects:
x11vnc -display :0 -forever -shared -afteraccept ./myxlocker -gone ./myxlocke x11vnc -display :0 -forever -shared -afteraccept ./myxlocker -gone ./myxlocke
...@@ -2894,11 +2917,11 @@ fi ...@@ -2894,11 +2917,11 @@ fi
need to have sufficient permissions to connect to the X display. need to have sufficient permissions to connect to the X display.
Here are some ideas: Here are some ideas:
* Use the description under "Continuously" in the [320]FAQ on x11vnc * Use the description under "Continuously" in the [321]FAQ on x11vnc
and Display Managers and Display Managers
* Use the description in the [321]FAQ on x11vnc and inetd(1) * Use the description in the [322]FAQ on x11vnc and inetd(1)
* Start x11vnc from your $HOME/.xsession (or $HOME/.xinitrc) * Start x11vnc from your $HOME/.xsession (or $HOME/.xinitrc)
* Although less reliable, see the [322]x11vnc_loop rc.local hack * Although less reliable, see the [323]x11vnc_loop rc.local hack
below. below.
The display manager scheme will not be specific to which user has the The display manager scheme will not be specific to which user has the
...@@ -2929,7 +2952,7 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg ...@@ -2929,7 +2952,7 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg
while running x11vnc as root, e.g. for the gnome display manager, gdm: while running x11vnc as root, e.g. for the gnome display manager, gdm:
x11vnc -auth /var/gdm/:0.Xauth -display :0 x11vnc -auth /var/gdm/:0.Xauth -display :0
(the [323]-auth option sets the XAUTHORITY variable for you). (the [324]-auth option sets the XAUTHORITY variable for you).
There will be a similar thing for xdm using however a different auth There will be a similar thing for xdm using however a different auth
directory path (perhaps something like directory path (perhaps something like
...@@ -2954,7 +2977,7 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg ...@@ -2954,7 +2977,7 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg
auth file should be in /var/dt), you'll also need to add something auth file should be in /var/dt), you'll also need to add something
like Dtlogin*grabServer:False to the Xconfig file like Dtlogin*grabServer:False to the Xconfig file
(/etc/dt/config/Xconfig or /usr/dt/config/Xconfig on Solaris, see (/etc/dt/config/Xconfig or /usr/dt/config/Xconfig on Solaris, see
[324]the example at the end of this FAQ). Then restart dtlogin, e.g.: [325]the example at the end of this FAQ). Then restart dtlogin, e.g.:
/etc/init.d/dtlogin stop; /etc/init.d/dtlogin start or reboot. /etc/init.d/dtlogin stop; /etc/init.d/dtlogin start or reboot.
Continuously. Have x11vnc reattach each time the X server is Continuously. Have x11vnc reattach each time the X server is
...@@ -3017,7 +3040,7 @@ rever -bg ...@@ -3017,7 +3040,7 @@ rever -bg
Then restart: /usr/sbin/gdm-restart (or reboot). The Then restart: /usr/sbin/gdm-restart (or reboot). The
KillInitClients=false setting is important: without it x11vnc will be KillInitClients=false setting is important: without it x11vnc will be
killed immediately after the user logs in. Here are [325]full details killed immediately after the user logs in. Here are [326]full details
on how to configure gdm on how to configure gdm
_________________________________________________________________ _________________________________________________________________
...@@ -3059,13 +3082,13 @@ rever -bg ...@@ -3059,13 +3082,13 @@ rever -bg
If you do not want to deal with any display manager startup scripts, If you do not want to deal with any display manager startup scripts,
here is a kludgey script that can be run manually or out of a boot here is a kludgey script that can be run manually or out of a boot
file like rc.local: [326]x11vnc_loop It will need some local file like rc.local: [327]x11vnc_loop It will need some local
customization before running. Because the XAUTHORITY auth file must be customization before running. Because the XAUTHORITY auth file must be
guessed by this script, use of the display manager script method guessed by this script, use of the display manager script method
described above is greatly preferred. described above is greatly preferred.
If the machine is a traditional Xterminal you may want to read If the machine is a traditional Xterminal you may want to read
[327]this FAQ. [328]this FAQ.
Q-45: Can I run x11vnc out of inetd(1)? How about xinetd(1)? Q-45: Can I run x11vnc out of inetd(1)? How about xinetd(1)?
...@@ -3075,7 +3098,7 @@ rever -bg ...@@ -3075,7 +3098,7 @@ rever -bg
5900 stream tcp nowait root /usr/sbin/tcpd /usr/local/bin/x11vnc_sh 5900 stream tcp nowait root /usr/sbin/tcpd /usr/local/bin/x11vnc_sh
where the shell script /usr/local/bin/x11vnc_sh uses the [328]-inetd where the shell script /usr/local/bin/x11vnc_sh uses the [329]-inetd
option and looks something like (you'll need to customize to your option and looks something like (you'll need to customize to your
settings). settings).
#!/bin/sh #!/bin/sh
...@@ -3088,7 +3111,7 @@ rever -bg ...@@ -3088,7 +3111,7 @@ rever -bg
and that confuses it greatly, causing it to abort). If you do not use and that confuses it greatly, causing it to abort). If you do not use
a wrapper script as above but rather call x11vnc directly in a wrapper script as above but rather call x11vnc directly in
/etc/inetd.conf and do not redirect stderr to a file, then you must /etc/inetd.conf and do not redirect stderr to a file, then you must
specify the -q (aka [329]-quiet) option: "/usr/local/bin/x11vnc -q specify the -q (aka [330]-quiet) option: "/usr/local/bin/x11vnc -q
-inetd ...". When you supply both -q and -inet and no "-o logfile" -inetd ...". When you supply both -q and -inet and no "-o logfile"
then stderr will automatically be closed (to prevent, e.g. library then stderr will automatically be closed (to prevent, e.g. library
stderr messages leaking out to the viewer). The recommended practice stderr messages leaking out to the viewer). The recommended practice
...@@ -3096,7 +3119,7 @@ rever -bg ...@@ -3096,7 +3119,7 @@ rever -bg
script with "2>logfile" redirection because the errors and warnings script with "2>logfile" redirection because the errors and warnings
printed out are very useful in troubleshooting problems. printed out are very useful in troubleshooting problems.
Note also the need to set XAUTHORITY via [330]-auth to point to the Note also the need to set XAUTHORITY via [331]-auth to point to the
MIT-COOKIE auth file to get permission to connect to the X display MIT-COOKIE auth file to get permission to connect to the X display
(setting and exporting the XAUTHORITY variable accomplishes the same (setting and exporting the XAUTHORITY variable accomplishes the same
thing). See the x11vnc_loop file in the previous question for more thing). See the x11vnc_loop file in the previous question for more
...@@ -3164,7 +3187,7 @@ service x11vncservice ...@@ -3164,7 +3187,7 @@ service x11vncservice
Q-46: Can I have x11vnc restart itself after it terminates? Q-46: Can I have x11vnc restart itself after it terminates?
One could do this in a shell script, but now there is an option One could do this in a shell script, but now there is an option
[331]-loop that makes it easier. Of course when x11vnc restarts it [332]-loop that makes it easier. Of course when x11vnc restarts it
needs to have permissions to connect to the (potentially new) X needs to have permissions to connect to the (potentially new) X
display. This mode could be useful if the X server restarts often. Use display. This mode could be useful if the X server restarts often. Use
e.g. "-loop5000" to sleep 5000 ms between restarts. Also "-loop2000,5" e.g. "-loop5000" to sleep 5000 ms between restarts. Also "-loop2000,5"
...@@ -3175,7 +3198,7 @@ service x11vncservice ...@@ -3175,7 +3198,7 @@ service x11vncservice
web browser? web browser?
To have x11vnc serve up a Java VNC viewer applet to any web browsers To have x11vnc serve up a Java VNC viewer applet to any web browsers
that connect to it, run x11vnc with this [332]option: that connect to it, run x11vnc with this [333]option:
-httpdir /path/to/the/java/classes/dir -httpdir /path/to/the/java/classes/dir
(this directory will contain the files index.vnc and, for example, (this directory will contain the files index.vnc and, for example,
...@@ -3194,7 +3217,7 @@ service x11vncservice ...@@ -3194,7 +3217,7 @@ service x11vncservice
then you can connect to that URL with any Java enabled browser. Feel then you can connect to that URL with any Java enabled browser. Feel
free to customize the default index.vnc file in the classes directory. free to customize the default index.vnc file in the classes directory.
As of May/2005 the [333]-http option will try to guess where the Java As of May/2005 the [334]-http option will try to guess where the Java
classes jar file is by looking a expected locations. classes jar file is by looking a expected locations.
Also note that if you wanted to, you could also start the Java viewer Also note that if you wanted to, you could also start the Java viewer
...@@ -3208,7 +3231,7 @@ service x11vncservice ...@@ -3208,7 +3231,7 @@ service x11vncservice
As of Mar/2004 in the libvncserver CVS x11vnc supports reverse As of Mar/2004 in the libvncserver CVS x11vnc supports reverse
connections. On Unix one starts the VNC viewer in listen mode: connections. On Unix one starts the VNC viewer in listen mode:
vncviewer -listen (see your documentation for Windows, etc), and then vncviewer -listen (see your documentation for Windows, etc), and then
starts up x11vnc with the [334]-connect option. To connect immediately starts up x11vnc with the [335]-connect option. To connect immediately
at x11vnc startup time use the "-connect host:port" option (use commas at x11vnc startup time use the "-connect host:port" option (use commas
for a list of hosts to connect to). The ":port" is optional (default for a list of hosts to connect to). The ":port" is optional (default
is 5500). If a file is specified instead: -connect /path/to/some/file is 5500). If a file is specified instead: -connect /path/to/some/file
...@@ -3216,7 +3239,7 @@ service x11vncservice ...@@ -3216,7 +3239,7 @@ service x11vncservice
hosts to connect to. hosts to connect to.
To use the vncconnect(1) program (from the core VNC package at To use the vncconnect(1) program (from the core VNC package at
www.realvnc.com) specify the [335]-vncconnect option to x11vnc (Note: www.realvnc.com) specify the [336]-vncconnect option to x11vnc (Note:
as of Dec/2004 -vncconnect is now the default). vncconnect(1) must be as of Dec/2004 -vncconnect is now the default). vncconnect(1) must be
pointed to the same X11 DISPLAY as x11vnc (since it uses X properties pointed to the same X11 DISPLAY as x11vnc (since it uses X properties
to communicate with x11vnc). If you do not have or do not want to get to communicate with x11vnc). If you do not have or do not want to get
...@@ -3260,7 +3283,7 @@ xprop -root -f VNC_CONNECT 8s -set VNC_CONNECT "$1" ...@@ -3260,7 +3283,7 @@ xprop -root -f VNC_CONNECT 8s -set VNC_CONNECT "$1"
There are some annoyances WRT Xvfb though. The default keyboard There are some annoyances WRT Xvfb though. The default keyboard
mapping seems to be very poor. One should run x11vnc with mapping seems to be very poor. One should run x11vnc with
[336]-add_keysyms option to have keysyms added automatically. Also, to [337]-add_keysyms option to have keysyms added automatically. Also, to
add the Shift_R and Control_R modifiers something like this is needed: add the Shift_R and Control_R modifiers something like this is needed:
#!/bin/sh #!/bin/sh
xmodmap -e "keycode any = Shift_R" xmodmap -e "keycode any = Shift_R"
...@@ -3282,11 +3305,11 @@ xmodmap -e "add Control = Control_L Control_R" ...@@ -3282,11 +3305,11 @@ xmodmap -e "add Control = Control_L Control_R"
The main drawback to this method (besides requiring extra The main drawback to this method (besides requiring extra
configuration and possibly root permission) is that it also does the configuration and possibly root permission) is that it also does the
Linux Virtual Console/Terminal (VC/VT) [337]switching even though it Linux Virtual Console/Terminal (VC/VT) [338]switching even though it
does not need to (since it doesn't use a real framebuffer). There are does not need to (since it doesn't use a real framebuffer). There are
some "dual headed" (actually multi-headed/multi-user) patches to the X some "dual headed" (actually multi-headed/multi-user) patches to the X
server that turn off the VT usage in the X server. Update: As of server that turn off the VT usage in the X server. Update: As of
Jul/2005 we have an LD_PRELOAD script [338]Xdummy that allows you to Jul/2005 we have an LD_PRELOAD script [339]Xdummy that allows you to
use a stock (i.e. unpatched) Xorg or XFree86 server with the "dummy" use a stock (i.e. unpatched) Xorg or XFree86 server with the "dummy"
driver and not have any VT switching problems! Currently Xdummy needs driver and not have any VT switching problems! Currently Xdummy needs
to be run as root, but with some luck that may be relaxed in the to be run as root, but with some luck that may be relaxed in the
...@@ -3318,7 +3341,7 @@ startx -- /path/to/Xdummy :1 ...@@ -3318,7 +3341,7 @@ startx -- /path/to/Xdummy :1
An X server can be started on the headless machine (sometimes this An X server can be started on the headless machine (sometimes this
requires configuring the X server to not fail if it cannot detect a requires configuring the X server to not fail if it cannot detect a
keyboard or mouse, see the next paragraph). Then you can export that X keyboard or mouse, see the next paragraph). Then you can export that X
display via x11vnc (e.g. see [339]this FAQ) and access it from display via x11vnc (e.g. see [340]this FAQ) and access it from
anywhere on the network via a VNC viewer. anywhere on the network via a VNC viewer.
Some tips on getting X servers to start on machines without keyboard Some tips on getting X servers to start on machines without keyboard
...@@ -3361,7 +3384,7 @@ startx -- /path/to/Xdummy :1 ...@@ -3361,7 +3384,7 @@ startx -- /path/to/Xdummy :1
19/03/2004 10:10:58 error creating tile-row shm for len=4 19/03/2004 10:10:58 error creating tile-row shm for len=4
19/03/2004 10:10:58 reverting to single_copytile mode 19/03/2004 10:10:58 reverting to single_copytile mode
Here is a shell script [340]shm_clear to list and prompt for removal Here is a shell script [341]shm_clear to list and prompt for removal
of your unattached shm segments (attached ones are skipped). I use it of your unattached shm segments (attached ones are skipped). I use it
while debugging x11vnc (I use "shm_clear -y" to assume "yes" for each while debugging x11vnc (I use "shm_clear -y" to assume "yes" for each
prompt). If x11vnc is regularly not cleaning up its shm segments, prompt). If x11vnc is regularly not cleaning up its shm segments,
...@@ -3395,36 +3418,36 @@ ied) ...@@ -3395,36 +3418,36 @@ ied)
in /etc/system. See the next paragraph for more workarounds. in /etc/system. See the next paragraph for more workarounds.
To minimize the number of shm segments used by x11vnc try using the To minimize the number of shm segments used by x11vnc try using the
[341]-onetile option (corresponds to only 3 shm segments used, and [342]-onetile option (corresponds to only 3 shm segments used, and
adding -fs 1.0 knocks it down to 2). If you are having much trouble adding -fs 1.0 knocks it down to 2). If you are having much trouble
with shm segments, consider disabling shm completely via the with shm segments, consider disabling shm completely via the
[342]-noshm option. Performance will be somewhat degraded but when [343]-noshm option. Performance will be somewhat degraded but when
done over local machine sockets it should be acceptable (see an done over local machine sockets it should be acceptable (see an
[343]earlier question discussing -noshm). [344]earlier question discussing -noshm).
Q-52: How can I make x11vnc use less system resources? Q-52: How can I make x11vnc use less system resources?
The [344]-nap and "[345]-wait n" (where n is the sleep between polls The [345]-nap and "[346]-wait n" (where n is the sleep between polls
in milliseconds, the default is 30 or so) option are good places to in milliseconds, the default is 30 or so) option are good places to
start. Reducing the X server bits per pixel depth (e.g. to 16bpp or start. Reducing the X server bits per pixel depth (e.g. to 16bpp or
even 8bpp) will further decrease memory I/O and network I/O. The even 8bpp) will further decrease memory I/O and network I/O. The
ShadowFB will make x11vnc's screen polling less severe. Using the ShadowFB will make x11vnc's screen polling less severe. Using the
[346]-onetile option will use less memory and use fewer shared memory [347]-onetile option will use less memory and use fewer shared memory
slots (add [347]-fs 1.0 for one less slot). slots (add [348]-fs 1.0 for one less slot).
Q-53: How can I make x11vnc use MORE system resources? Q-53: How can I make x11vnc use MORE system resources?
You can try [348]-threads and dial down the wait time (e.g. -wait 1) You can try [349]-threads and dial down the wait time (e.g. -wait 1)
and possibly dial down [349]-defer as well. Note that if you try to and possibly dial down [350]-defer as well. Note that if you try to
increase the "frame rate" too much you can bog down the server end increase the "frame rate" too much you can bog down the server end
with the extra work it needs to do compressing the framebuffer data, with the extra work it needs to do compressing the framebuffer data,
etc. etc.
That said, it is possible to "stream" video via x11vnc if the video That said, it is possible to "stream" video via x11vnc if the video
window is small enough. E.g. a 256x192 xawtv TV capture window (using window is small enough. E.g. a 256x192 xawtv TV capture window (using
the x11vnc [350]-id option) can be streamed over a LAN or wireless at the x11vnc [351]-id option) can be streamed over a LAN or wireless at
a reasonable frame rate. a reasonable frame rate.
...@@ -3440,16 +3463,16 @@ ied) ...@@ -3440,16 +3463,16 @@ ied)
* Use a smaller desktop size (e.g. 1024x768 instead of 1280x1024) * Use a smaller desktop size (e.g. 1024x768 instead of 1280x1024)
* Make sure the desktop background is a solid color (the background * Make sure the desktop background is a solid color (the background
is resent every time it is re-exposed). Consider using the is resent every time it is re-exposed). Consider using the
[351]-solid [color] option to try to do this automatically. [352]-solid [color] option to try to do this automatically.
* Configure your window manager or desktop "theme" to not use fancy * Configure your window manager or desktop "theme" to not use fancy
images, shading, and gradients for the window decorations, etc. images, shading, and gradients for the window decorations, etc.
Disable window animations, etc. Maybe your desktop has a "low Disable window animations, etc. Maybe your desktop has a "low
bandwidth" theme you can easily switch into and out of. bandwidth" theme you can easily switch into and out of.
* Avoid small scrolls of large windows using the Arrow keys or * Avoid small scrolls of large windows using the Arrow keys or
scrollbar. Try to use PageUp/PageDown instead. (not so much of a scrollbar. Try to use PageUp/PageDown instead. (not so much of a
problem in x11vnc 0.7.2 if [352]-scrollcopyrect is active and problem in x11vnc 0.7.2 if [353]-scrollcopyrect is active and
detecting scrolls for the application). detecting scrolls for the application).
* If the [353]-wireframe option is not available (earlier than * If the [354]-wireframe option is not available (earlier than
x11vnc 0.7.2 or you have disabled it via -nowireframe) then x11vnc 0.7.2 or you have disabled it via -nowireframe) then
Disable Opaque Moves and Resizes in the window manager/desktop. Disable Opaque Moves and Resizes in the window manager/desktop.
* However if -wireframe is active (on by default in x11vnc 0.7.2) * However if -wireframe is active (on by default in x11vnc 0.7.2)
...@@ -3469,7 +3492,7 @@ ied) ...@@ -3469,7 +3492,7 @@ ied)
noticed. noticed.
VNC viewer parameters: VNC viewer parameters:
* Use a [354]TightVNC enabled viewer! (Actually, RealVNC 4.x viewer * Use a [355]TightVNC enabled viewer! (Actually, RealVNC 4.x viewer
with ZRLE encoding is not too bad either; some claim it is with ZRLE encoding is not too bad either; some claim it is
faster). faster).
* Make sure the tight (or zrle) encoding is being used (look at * Make sure the tight (or zrle) encoding is being used (look at
...@@ -3492,28 +3515,28 @@ ied) ...@@ -3492,28 +3515,28 @@ ied)
file. file.
x11vnc parameters: x11vnc parameters:
* Try using [355]-nodragging (no screen updates when dragging mouse, * Try using [356]-nodragging (no screen updates when dragging mouse,
but sometimes you miss visual feedback) but sometimes you miss visual feedback)
* Make sure the [356]-wireframe option is active (it should be on by * Make sure the [357]-wireframe option is active (it should be on by
default) and you have Opaque Moves/Resizes Enabled in the window default) and you have Opaque Moves/Resizes Enabled in the window
manager. manager.
* Make sure the [357]-scrollcopyrect option is active (it should be * Make sure the [358]-scrollcopyrect option is active (it should be
on by default). This detects scrolls in many (but not all) on by default). This detects scrolls in many (but not all)
applications an applies the CopyRect encoding for a big speedup. applications an applies the CopyRect encoding for a big speedup.
* Set [358]-fs 1.0 (disables fullscreen updates) * Set [359]-fs 1.0 (disables fullscreen updates)
* Try increasing [359]-wait or [360]-defer (reduces the maximum * Try increasing [360]-wait or [361]-defer (reduces the maximum
"frame rate", but won't help much for large screen changes) "frame rate", but won't help much for large screen changes)
* Try the [361]-progressive pixelheight mode with the block * Try the [362]-progressive pixelheight mode with the block
pixelheight 100 or so (delays sending vertical blocks since they pixelheight 100 or so (delays sending vertical blocks since they
may change while viewer is receiving earlier ones) may change while viewer is receiving earlier ones)
* If you just want to watch one (simple) window use [362]-id (cuts * If you just want to watch one (simple) window use [363]-id (cuts
down extraneous polling and updates, but can be buggy or down extraneous polling and updates, but can be buggy or
insufficient) insufficient)
* Set [363]-nosel (disables all clipboard selection exchange) * Set [364]-nosel (disables all clipboard selection exchange)
* Use [364]-nocursor and [365]-nocursorpos (repainting the remote * Use [365]-nocursor and [366]-nocursorpos (repainting the remote
cursor position and shape takes resources and round trips) cursor position and shape takes resources and round trips)
* On very slow links (e.g. <= 28.8) you may need to increase the * On very slow links (e.g. <= 28.8) you may need to increase the
[366]-readtimeout n setting if it sometimes takes more than 20sec [367]-readtimeout n setting if it sometimes takes more than 20sec
to paint the full screen, etc. to paint the full screen, etc.
...@@ -3535,7 +3558,7 @@ ied) ...@@ -3535,7 +3558,7 @@ ied)
Note that the DAMAGE extension does not speed up the actual reading of Note that the DAMAGE extension does not speed up the actual reading of
pixels from the video card framebuffer memory, by, say, mirroring them pixels from the video card framebuffer memory, by, say, mirroring them
in main memory. So reading the fb is still painfully [367]slow (e.g. in main memory. So reading the fb is still painfully [368]slow (e.g.
5MB/sec), and so even using X DAMAGE when large changes occur on the 5MB/sec), and so even using X DAMAGE when large changes occur on the
screen the bulk of the time is still spent retrieving them. Not ideal, screen the bulk of the time is still spent retrieving them. Not ideal,
but use of the ShadowFB XFree86/Xorg option speeds up the reading but use of the ShadowFB XFree86/Xorg option speeds up the reading
...@@ -3553,27 +3576,27 @@ ied) ...@@ -3553,27 +3576,27 @@ ied)
DAMAGE rectangles to contain real damage. The larger rectangles are DAMAGE rectangles to contain real damage. The larger rectangles are
only used as hints to focus the traditional scanline polling (i.e. if only used as hints to focus the traditional scanline polling (i.e. if
a scanline doesn't intersect a recent DAMAGE rectangle, the scan is a scanline doesn't intersect a recent DAMAGE rectangle, the scan is
skipped). You can use the "[368]-xd_area A" option to adjust the size skipped). You can use the "[369]-xd_area A" option to adjust the size
of the trusted DAMAGE rectangles. The default is 20000 pixels (e.g. a of the trusted DAMAGE rectangles. The default is 20000 pixels (e.g. a
140x140 square, etc). Use "-xd_area 0" to disable the cutoff and trust 140x140 square, etc). Use "-xd_area 0" to disable the cutoff and trust
all DAMAGE rectangles. all DAMAGE rectangles.
The option "[369]-xd_mem f" may also be of use in tuning the The option "[370]-xd_mem f" may also be of use in tuning the
algorithm. To disable using DAMAGE entirely use "[370]-noxdamage". algorithm. To disable using DAMAGE entirely use "[371]-noxdamage".
Q-56: When I drag windows around with the mouse or scroll up and down Q-56: When I drag windows around with the mouse or scroll up and down
things really bog down (unless I do the drag in a single, quick things really bog down (unless I do the drag in a single, quick
motion). Is there anything to do to improve things? motion). Is there anything to do to improve things?
This problem is primarily due to [371]slow hardware read rates from This problem is primarily due to [372]slow hardware read rates from
video cards: as you scroll or move a large window around the screen video cards: as you scroll or move a large window around the screen
changes are much too rapid for x11vnc to keep up them (it can usually changes are much too rapid for x11vnc to keep up them (it can usually
only read the video card at about 5-10 MB/sec, so it can take a good only read the video card at about 5-10 MB/sec, so it can take a good
fraction of a second to read the changes induce from moving a large fraction of a second to read the changes induce from moving a large
window, if this to be done a number of times in succession the window window, if this to be done a number of times in succession the window
or scroll appears to "lurch" forward). See the description in the or scroll appears to "lurch" forward). See the description in the
[372]-pointer_mode option for more info. The next bottleneck is [373]-pointer_mode option for more info. The next bottleneck is
compressing all of these changes and sending them out to connected compressing all of these changes and sending them out to connected
viewers, however the VNC protocol is pretty much self-adapting with viewers, however the VNC protocol is pretty much self-adapting with
respect to that (updates are only packaged and sent when viewers ask respect to that (updates are only packaged and sent when viewers ask
...@@ -3583,26 +3606,26 @@ ied) ...@@ -3583,26 +3606,26 @@ ied)
tree. The default should now be much better than before and dragging tree. The default should now be much better than before and dragging
small windows around should no longer be a huge pain. If for some small windows around should no longer be a huge pain. If for some
reason these changes make matters worse, you can go back to the old reason these changes make matters worse, you can go back to the old
way via the "[373]-pointer_mode 1" option. way via the "[374]-pointer_mode 1" option.
Also added was the [374]-nodragging option that disables all screen Also added was the [375]-nodragging option that disables all screen
updates while dragging with the mouse (i.e. mouse motion with a button updates while dragging with the mouse (i.e. mouse motion with a button
held down). This gives the snappiest response, but might be undesired held down). This gives the snappiest response, but might be undesired
in some circumstances when you want to see the visual feedback while in some circumstances when you want to see the visual feedback while
dragging (e.g. menu traversal or text selection). dragging (e.g. menu traversal or text selection).
As of Dec/2004 in the libvncserver CVS the [375]-pointer_mode n option As of Dec/2004 in the libvncserver CVS the [376]-pointer_mode n option
was introduced. n=1 is the original mode, n=2 an improvement, etc.. was introduced. n=1 is the original mode, n=2 an improvement, etc..
See the -pointer_mode n help for more info. See the -pointer_mode n help for more info.
Also, in some circumstances the [376]-threads option can improve Also, in some circumstances the [377]-threads option can improve
response considerably. Be forewarned that if more than one vncviewer response considerably. Be forewarned that if more than one vncviewer
is connected at the same time then libvncserver may not be thread safe is connected at the same time then libvncserver may not be thread safe
(try to get the viewers to use different VNC encodings, e.g. tight and (try to get the viewers to use different VNC encodings, e.g. tight and
ZRLE). ZRLE).
As of Apr/2005 in the libvncserver CVS two new options (see the As of Apr/2005 in the libvncserver CVS two new options (see the
[377]wireframe FAQ and [378]scrollcopyrect FAQ below) provide schemes [378]wireframe FAQ and [379]scrollcopyrect FAQ below) provide schemes
to sweep this problem under the rug for window moves or resizes and to sweep this problem under the rug for window moves or resizes and
for some (but not all) window scrolls. for some (but not all) window scrolls.
...@@ -3618,8 +3641,8 @@ ied) ...@@ -3618,8 +3641,8 @@ ied)
shown. When the window move/resize stops, it returns to normal shown. When the window move/resize stops, it returns to normal
processing: you should only see the window appear in the new position. processing: you should only see the window appear in the new position.
This spares you from interacting with a "lurching" window between all This spares you from interacting with a "lurching" window between all
of the intermediate steps. BTW the lurching is due to [379]slow video of the intermediate steps. BTW the lurching is due to [380]slow video
card read rates (see [380]here too). A displacement, even a small one, card read rates (see [381]here too). A displacement, even a small one,
of a large window requires a non-negligible amount of time, a good of a large window requires a non-negligible amount of time, a good
fraction of a second, to read in from the hardware framebuffer. fraction of a second, to read in from the hardware framebuffer.
...@@ -3627,7 +3650,7 @@ ied) ...@@ -3627,7 +3650,7 @@ ied)
for -wireframe to do any good. for -wireframe to do any good.
The mode is currently on by default because most people are inflicted The mode is currently on by default because most people are inflicted
with the problem. It can be disabled with the [381]-nowireframe option with the problem. It can be disabled with the [382]-nowireframe option
(aka -nowf). Why might one want to turn off the wireframing? Since (aka -nowf). Why might one want to turn off the wireframing? Since
x11vnc is merely guessing when windows are being moved/resized, it may x11vnc is merely guessing when windows are being moved/resized, it may
guess poorly for your window-manager or desktop, or even for the way guess poorly for your window-manager or desktop, or even for the way
...@@ -3672,13 +3695,13 @@ ied) ...@@ -3672,13 +3695,13 @@ ied)
* Maximum time to show a wireframe animation. * Maximum time to show a wireframe animation.
* Minimum time between sending wireframe outlines. * Minimum time between sending wireframe outlines.
See the [382]"-wireframe tweaks" option for more details. On a slow See the [383]"-wireframe tweaks" option for more details. On a slow
link, e.g. dialup modem, the parameters may be automatically adjusted link, e.g. dialup modem, the parameters may be automatically adjusted
for better response. for better response.
CopyRect encoding: In addition to the above there is the CopyRect encoding: In addition to the above there is the
[383]"-wirecopyrect mode" option. It is also on by default. This [384]"-wirecopyrect mode" option. It is also on by default. This
instructs x11vnc to not only show the wireframe animation, but to also instructs x11vnc to not only show the wireframe animation, but to also
instruct all connected VNC viewers to locally translate the window instruct all connected VNC viewers to locally translate the window
image data from the original position to the new position on the image data from the original position to the new position on the
...@@ -3726,7 +3749,7 @@ ied) ...@@ -3726,7 +3749,7 @@ ied)
requiring the image data to be transmitted over the network. For fast requiring the image data to be transmitted over the network. For fast
links the speedup is primarily due to x11vnc not having to read the links the speedup is primarily due to x11vnc not having to read the
scrolled framebuffer data from the X server (recall that reading from scrolled framebuffer data from the X server (recall that reading from
the hardware framebuffer is [384]slow). the hardware framebuffer is [385]slow).
To do this x11vnc uses the RECORD X extension to snoop the X11 To do this x11vnc uses the RECORD X extension to snoop the X11
protocol between the X client with the focus window and the X server. protocol between the X client with the focus window and the X server.
...@@ -3748,10 +3771,10 @@ ied) ...@@ -3748,10 +3771,10 @@ ied)
the X server display: if one falls too far behind it could become a the X server display: if one falls too far behind it could become a
mess... mess...
The initial implementation of [385]-scrollcopyrect option is useful in The initial implementation of [386]-scrollcopyrect option is useful in
that it detects many scrolls and thus gives a much nicer working that it detects many scrolls and thus gives a much nicer working
environment (especially when combined with the [386]-wireframe environment (especially when combined with the [387]-wireframe
[387]-wirecopyrect [388]options, which are also on by default; and if [388]-wirecopyrect [389]options, which are also on by default; and if
you are willing to enable the ShadowFB things are very fast). The fact you are willing to enable the ShadowFB things are very fast). The fact
that there aren't long delays or lurches during scrolling is the that there aren't long delays or lurches during scrolling is the
primary improvement. primary improvement.
...@@ -3784,10 +3807,10 @@ ied) ...@@ -3784,10 +3807,10 @@ ied)
One can tap the Alt_L key (Left "Alt" key) 3 times in a row to One can tap the Alt_L key (Left "Alt" key) 3 times in a row to
signal x11vnc to refresh the screen to all viewers. Your signal x11vnc to refresh the screen to all viewers. Your
VNC-viewer may have its own screen refresh hot-key or button. See VNC-viewer may have its own screen refresh hot-key or button. See
also: [389]-fixscreen also: [390]-fixscreen
* Some applications, notably OpenOffice, do XCopyArea scrolls in * Some applications, notably OpenOffice, do XCopyArea scrolls in
weird ways that assume ancestor window clipping is taking place. weird ways that assume ancestor window clipping is taking place.
See the [390]-scr_skip option for ways to tweak this on a See the [391]-scr_skip option for ways to tweak this on a
per-application basis. per-application basis.
* Selecting text while dragging the mouse may be slower, especially * Selecting text while dragging the mouse may be slower, especially
if the Button-down event happens near the window's edge. This is if the Button-down event happens near the window's edge. This is
...@@ -3804,7 +3827,7 @@ ied) ...@@ -3804,7 +3827,7 @@ ied)
because it fails to detect scrolls in it. Sometimes clicking because it fails to detect scrolls in it. Sometimes clicking
inside the application window or selecting some text in it to inside the application window or selecting some text in it to
force the focus helps. force the focus helps.
* When using the [391]-scale option there will be a quick CopyRect * When using the [392]-scale option there will be a quick CopyRect
scroll, but it needs to be followed by a slower "cleanup" update. scroll, but it needs to be followed by a slower "cleanup" update.
This is because for a fixed finite screen resolution (e.g. 75 dpi) This is because for a fixed finite screen resolution (e.g. 75 dpi)
scaling and copyrect-ing are not exactly independent. Scaling scaling and copyrect-ing are not exactly independent. Scaling
...@@ -3817,7 +3840,7 @@ ied) ...@@ -3817,7 +3840,7 @@ ied)
If you find the -scrollcopyrect behavior too approximate or If you find the -scrollcopyrect behavior too approximate or
distracting you can go back to the standard polling-only update method distracting you can go back to the standard polling-only update method
with the [392]-noscrollcopyrect (or -noscr for short). If you find with the [393]-noscrollcopyrect (or -noscr for short). If you find
some extremely bad and repeatable behavior for -scrollcopyrect please some extremely bad and repeatable behavior for -scrollcopyrect please
report a bug. report a bug.
...@@ -3856,16 +3879,16 @@ ied) ...@@ -3856,16 +3879,16 @@ ied)
this is because the cursor shape is often downloaded to the graphics this is because the cursor shape is often downloaded to the graphics
hardware (video card), but I could be mistaken. hardware (video card), but I could be mistaken.
A simple kludge is provided by the "[393]-cursor X" option that A simple kludge is provided by the "[394]-cursor X" option that
changes the cursor when the mouse is on the root background (or any changes the cursor when the mouse is on the root background (or any
window has the same cursor as the root background). Note that desktops window has the same cursor as the root background). Note that desktops
like GNOME or KDE often cover up the root background, so this won't like GNOME or KDE often cover up the root background, so this won't
work for those cases. Also see the "[394]-cursor some" option for work for those cases. Also see the "[395]-cursor some" option for
additional kludges. additional kludges.
Note that as of Aug/2004 in the libvncserver CVS, on Solaris using the Note that as of Aug/2004 in the libvncserver CVS, on Solaris using the
SUN_OVL overlay extension and IRIX, x11vnc can show the correct mouse SUN_OVL overlay extension and IRIX, x11vnc can show the correct mouse
cursor when the [395]-overlay option is supplied. See [396]this FAQ cursor when the [396]-overlay option is supplied. See [397]this FAQ
for more info. for more info.
Also as of Dec/2004 in the libvncserver CVS XFIXES X extension support Also as of Dec/2004 in the libvncserver CVS XFIXES X extension support
...@@ -3873,7 +3896,7 @@ ied) ...@@ -3873,7 +3896,7 @@ ied)
XFIXES fixes the problem of the cursor-shape being write-only: x11vnc XFIXES fixes the problem of the cursor-shape being write-only: x11vnc
can now query the X server for the current shape and send it back to can now query the X server for the current shape and send it back to
the connected viewers. XFIXES is available on recent Linux Xorg based the connected viewers. XFIXES is available on recent Linux Xorg based
distros and [397]Solaris 10. distros and [398]Solaris 10.
The only XFIXES issue is the handling of alpha channel transparency in The only XFIXES issue is the handling of alpha channel transparency in
cursors. If a cursor has any translucency then in general it must be cursors. If a cursor has any translucency then in general it must be
...@@ -3881,7 +3904,7 @@ ied) ...@@ -3881,7 +3904,7 @@ ied)
situations where the cursor transparency can also handled exactly: situations where the cursor transparency can also handled exactly:
when the VNC Viewer requires the cursor shape be drawn into the VNC when the VNC Viewer requires the cursor shape be drawn into the VNC
framebuffer or if you apply a patch to your VNC Viewer to extract framebuffer or if you apply a patch to your VNC Viewer to extract
hidden alpha channel data under 32bpp. [398]Details can be found here. hidden alpha channel data under 32bpp. [399]Details can be found here.
Q-60: When using XFIXES cursorshape mode, some of the cursors look Q-60: When using XFIXES cursorshape mode, some of the cursors look
...@@ -3914,17 +3937,17 @@ ied) ...@@ -3914,17 +3937,17 @@ ied)
for most cursor themes and you don't have to worry about it. for most cursor themes and you don't have to worry about it.
In case it still looks bad for your cursor theme, there are (of In case it still looks bad for your cursor theme, there are (of
course!) some tunable parameters. The "[399]-alphacut n" option lets course!) some tunable parameters. The "[400]-alphacut n" option lets
you set the threshold "n" (between 0 and 255): cursor pixels with you set the threshold "n" (between 0 and 255): cursor pixels with
alpha values below n will be considered completely transparent while alpha values below n will be considered completely transparent while
values equal to or above n will be completely opaque. The default is values equal to or above n will be completely opaque. The default is
240. The "[400]-alphafrac f" option tries to correct individual 240. The "[401]-alphafrac f" option tries to correct individual
cursors that did not fare well with the default -alphacut value: if a cursors that did not fare well with the default -alphacut value: if a
cursor has less than fraction f (between 0.0 and 1.0) of its pixels cursor has less than fraction f (between 0.0 and 1.0) of its pixels
selected by the default -alphacut, the threshold is lowered until f of selected by the default -alphacut, the threshold is lowered until f of
its pixels are selected. The default fraction is 0.33. its pixels are selected. The default fraction is 0.33.
Finally, there is an option [401]-alpharemove that is useful for Finally, there is an option [402]-alpharemove that is useful for
themes where many cursors are light colored (e.g. "whiteglass"). themes where many cursors are light colored (e.g. "whiteglass").
XFIXES returns the cursor data with the RGB values pre-multiplied by XFIXES returns the cursor data with the RGB values pre-multiplied by
the alpha value. If the white cursors look too grey, specify the alpha value. If the white cursors look too grey, specify
...@@ -3950,11 +3973,11 @@ ied) ...@@ -3950,11 +3973,11 @@ ied)
send the alpha channel data to libvncserver. However, this data will send the alpha channel data to libvncserver. However, this data will
only be used for VNC clients that do not support the only be used for VNC clients that do not support the
CursorShapeUpdates VNC extension (or have disabled it). It can be CursorShapeUpdates VNC extension (or have disabled it). It can be
disabled for all clients with the [402]-nocursorshape x11vnc option. disabled for all clients with the [403]-nocursorshape x11vnc option.
In this case the cursor is drawn, correctly blended with the In this case the cursor is drawn, correctly blended with the
background, into the VNC framebuffer before being sent out to the background, into the VNC framebuffer before being sent out to the
client. So the alpha blending is done on the x11vnc side. Use the client. So the alpha blending is done on the x11vnc side. Use the
[403]-noalphablend option to disable this behavior (always approximate [404]-noalphablend option to disable this behavior (always approximate
transparent cursors with opaque RGB values). transparent cursors with opaque RGB values).
The CursorShapeUpdates VNC extension complicates matters because the The CursorShapeUpdates VNC extension complicates matters because the
...@@ -3982,9 +4005,9 @@ ied) ...@@ -3982,9 +4005,9 @@ ied)
Q-62: Why does the mouse arrow just stay in one corner in my Q-62: Why does the mouse arrow just stay in one corner in my
vncviewer, whereas my cursor (that does move) is just a dot? vncviewer, whereas my cursor (that does move) is just a dot?
This default takes advantage of a [404]tightvnc extension This default takes advantage of a [405]tightvnc extension
(CursorShapeUpdates) that allows specifying a cursor image shape for (CursorShapeUpdates) that allows specifying a cursor image shape for
the local VNC viewer. You may disable it with the [405]-nocursor the local VNC viewer. You may disable it with the [406]-nocursor
option to x11vnc if your viewer does not have this extension. option to x11vnc if your viewer does not have this extension.
Note: as of Aug/2004 in the libvncserver CVS this should be fixed: the Note: as of Aug/2004 in the libvncserver CVS this should be fixed: the
...@@ -3998,18 +4021,18 @@ ied) ...@@ -3998,18 +4021,18 @@ ied)
clients (i.e. passive viewers can see the mouse cursor being moved clients (i.e. passive viewers can see the mouse cursor being moved
around by another viewer)? around by another viewer)?
Use the [406]-cursorpos option when starting x11vnc. A VNC viewer must Use the [407]-cursorpos option when starting x11vnc. A VNC viewer must
support the Cursor Positions Updates for the user to see the mouse support the Cursor Positions Updates for the user to see the mouse
motions (the TightVNC viewers support this). As of Aug/2004 in the motions (the TightVNC viewers support this). As of Aug/2004 in the
libvncserver CVS -cursorpos is the default. See also [407]-nocursorpos libvncserver CVS -cursorpos is the default. See also [408]-nocursorpos
and [408]-nocursorshape. and [409]-nocursorshape.
Q-64: Is it possible to swap the mouse buttons (e.g. left-handed Q-64: Is it possible to swap the mouse buttons (e.g. left-handed
operation), or arbitrarily remap them? How about mapping button clicks operation), or arbitrarily remap them? How about mapping button clicks
to keystrokes, e.g. to partially emulate Mouse wheel scrolling? to keystrokes, e.g. to partially emulate Mouse wheel scrolling?
You can remap the mouse buttons via something like: [409]-buttonmap You can remap the mouse buttons via something like: [410]-buttonmap
13-31 (or perhaps 12-21). Also, note that xmodmap(1) lets you directly 13-31 (or perhaps 12-21). Also, note that xmodmap(1) lets you directly
adjust the X server's button mappings, but in some circumstances it adjust the X server's button mappings, but in some circumstances it
might be more desirable to have x11vnc do it. might be more desirable to have x11vnc do it.
...@@ -4017,7 +4040,7 @@ ied) ...@@ -4017,7 +4040,7 @@ ied)
One user had an X server with only one mouse button(!) and was able to One user had an X server with only one mouse button(!) and was able to
map all of the VNC client mouse buttons to it via: -buttonmap 123-111. map all of the VNC client mouse buttons to it via: -buttonmap 123-111.
Note that the [410]-debug_pointer option prints out much info for Note that the [411]-debug_pointer option prints out much info for
every mouse/pointer event and is handy in solving problems. every mouse/pointer event and is handy in solving problems.
To map mouse button clicks to keystrokes you can use the alternate To map mouse button clicks to keystrokes you can use the alternate
...@@ -4039,7 +4062,7 @@ ied) ...@@ -4039,7 +4062,7 @@ ied)
Exactly what keystroke "scrolling" events they should be bound to Exactly what keystroke "scrolling" events they should be bound to
depends on one's taste. If this method is too approximate, one could depends on one's taste. If this method is too approximate, one could
consider not using [411]-buttonmap but rather configuring the X server consider not using [412]-buttonmap but rather configuring the X server
to think it has a mouse with 5 buttons even though the physical mouse to think it has a mouse with 5 buttons even though the physical mouse
does not. (e.g. 'Option "ZAxisMapping" "4 5"'). does not. (e.g. 'Option "ZAxisMapping" "4 5"').
...@@ -4069,7 +4092,7 @@ ied) ...@@ -4069,7 +4092,7 @@ ied)
Q-65: How can I get my AltGr and Shift modifiers to work between Q-65: How can I get my AltGr and Shift modifiers to work between
keyboards for different languages? keyboards for different languages?
The option [412]-modtweak should help here. It is a mode that monitors The option [413]-modtweak should help here. It is a mode that monitors
the state of the Shift and AltGr Modifiers and tries to deduce the the state of the Shift and AltGr Modifiers and tries to deduce the
correct keycode to send, possibly by sending fake modifier key presses correct keycode to send, possibly by sending fake modifier key presses
and releases in addition to the actual keystroke. and releases in addition to the actual keystroke.
...@@ -4078,17 +4101,17 @@ ied) ...@@ -4078,17 +4101,17 @@ ied)
default (use -nomodtweak to get the old behavior). This was done default (use -nomodtweak to get the old behavior). This was done
because it was noticed on newer XFree86 setups even on bland "us" because it was noticed on newer XFree86 setups even on bland "us"
keyboards like "pc104 us" XFree86 included a "ghost" key with both "<" keyboards like "pc104 us" XFree86 included a "ghost" key with both "<"
and ">" it. This key does not exist on the keyboard (see [413]this FAQ and ">" it. This key does not exist on the keyboard (see [414]this FAQ
for more info). Without -modtweak there was then an ambiguity in the for more info). Without -modtweak there was then an ambiguity in the
reverse map keysym => keycode, making it so the "<" symbol could not reverse map keysym => keycode, making it so the "<" symbol could not
be typed. be typed.
Also see the [414]FAQ about the -xkb option for a more powerful method Also see the [415]FAQ about the -xkb option for a more powerful method
of modifier tweaking for use on X servers with the XKEYBOARD of modifier tweaking for use on X servers with the XKEYBOARD
extension. extension.
When trying to resolve keyboard mapping problems, note that the When trying to resolve keyboard mapping problems, note that the
[415]-debug_keyboard option prints out much info for every keystroke [416]-debug_keyboard option prints out much info for every keystroke
and so can be useful debugging things. and so can be useful debugging things.
...@@ -4100,9 +4123,9 @@ ied) ...@@ -4100,9 +4123,9 @@ ied)
(e.g. pc105 in the XF86Config file when it should be something else, (e.g. pc105 in the XF86Config file when it should be something else,
say pc104). say pc104).
Short Cut: Try the [416]-xkb or [417]-sloppy_keys options and see if Short Cut: Try the [417]-xkb or [418]-sloppy_keys options and see if
that helps the situation. The discussion below is a bit outdated (e.g. that helps the situation. The discussion below is a bit outdated (e.g.
[418]-modtweak is now the default) but is useful reference for various [419]-modtweak is now the default) but is useful reference for various
tricks and so is kept. tricks and so is kept.
...@@ -4145,17 +4168,17 @@ ied) ...@@ -4145,17 +4168,17 @@ ied)
-remap less-comma -remap less-comma
These are convenient in that they do not modify the actual X server These are convenient in that they do not modify the actual X server
settings. The former ([419]-modtweak) is a mode that monitors the settings. The former ([420]-modtweak) is a mode that monitors the
state of the Shift and AltGr modifiers and tries to deduce the correct state of the Shift and AltGr modifiers and tries to deduce the correct
keycode sequence to send. Since Jul/2004 -modtweak is now the default. keycode sequence to send. Since Jul/2004 -modtweak is now the default.
The latter ([420]-remap less-comma) is an immediate remapping of the The latter ([421]-remap less-comma) is an immediate remapping of the
keysym less to the keysym comma when it comes in from a client (so keysym less to the keysym comma when it comes in from a client (so
when Shift is down the comma press will yield "<"). when Shift is down the comma press will yield "<").
See also the [421]FAQ about the -xkb option as a possible workaround See also the [422]FAQ about the -xkb option as a possible workaround
using the XKEYBOARD extension. using the XKEYBOARD extension.
Note that the [422]-debug_keyboard option prints out much info for Note that the [423]-debug_keyboard option prints out much info for
every keystroke to aid debugging keyboard problems. every keystroke to aid debugging keyboard problems.
...@@ -4163,13 +4186,13 @@ ied) ...@@ -4163,13 +4186,13 @@ ied)
(i.e. an extra comma). (i.e. an extra comma).
This is likely because you press "Shift" then "<" but then released This is likely because you press "Shift" then "<" but then released
the Shift key before releasing the "<". Because of a [423]keymapping the Shift key before releasing the "<". Because of a [424]keymapping
ambiguity the last event "< up" is interpreted as "," because that key ambiguity the last event "< up" is interpreted as "," because that key
unshifted is the comma. unshifted is the comma.
This should not happen in [424]-xkb mode, because it works hard to This should not happen in [425]-xkb mode, because it works hard to
resolve the ambiguities. If you do not want to use -xkb, try the resolve the ambiguities. If you do not want to use -xkb, try the
option [425]-sloppy_keys to attempt a similar type of algorithm. option [426]-sloppy_keys to attempt a similar type of algorithm.
Q-68: I'm using an "international" keyboard (e.g. German "de", or Q-68: I'm using an "international" keyboard (e.g. German "de", or
...@@ -4193,7 +4216,7 @@ ied) ...@@ -4193,7 +4216,7 @@ ied)
In both cases no AltGr is sent to the VNC server, but we know AltGr is In both cases no AltGr is sent to the VNC server, but we know AltGr is
needed on the physical international keyboard to type a "@". needed on the physical international keyboard to type a "@".
This all worked fine with x11vnc running with the [426]-modtweak This all worked fine with x11vnc running with the [427]-modtweak
option (it figures out how to adjust the Modifier keys (Shift or option (it figures out how to adjust the Modifier keys (Shift or
AltGr) to get the "@"). However it fails under recent versions of AltGr) to get the "@"). However it fails under recent versions of
XFree86 (and the X.org fork). These run the XKEYBOARD extension by XFree86 (and the X.org fork). These run the XKEYBOARD extension by
...@@ -4211,7 +4234,7 @@ ied) ...@@ -4211,7 +4234,7 @@ ied)
* there is a new option -xkb to use the XKEYBOARD extension API to * there is a new option -xkb to use the XKEYBOARD extension API to
do the Modifier key tweaking. do the Modifier key tweaking.
The [427]-xkb option seems to fix all of the missing keys: "@", "<", The [428]-xkb option seems to fix all of the missing keys: "@", "<",
">", etc.: it is recommended that you try it if you have this sort of ">", etc.: it is recommended that you try it if you have this sort of
problem. Let us know if there are any remaining problems (see the next problem. Let us know if there are any remaining problems (see the next
paragraph for some known problems). If you specify the -debug_keyboard paragraph for some known problems). If you specify the -debug_keyboard
...@@ -4219,7 +4242,7 @@ ied) ...@@ -4219,7 +4242,7 @@ ied)
debugging output (send it along with any problems you report). debugging output (send it along with any problems you report).
Update: as of Jun/2005 x11vnc will try to automatically enable Update: as of Jun/2005 x11vnc will try to automatically enable
[428]-xkb if it appears that would be beneficial (e.g. if it sees any [429]-xkb if it appears that would be beneficial (e.g. if it sees any
of "@", "<", ">", "[" and similar keys are mapped in a way that needs of "@", "<", ">", "[" and similar keys are mapped in a way that needs
the -xkb to access them). To disable this automatic check use -noxkb. the -xkb to access them). To disable this automatic check use -noxkb.
...@@ -4234,7 +4257,7 @@ ied) ...@@ -4234,7 +4257,7 @@ ied)
was attached to keycode 93 (no physical key generates this was attached to keycode 93 (no physical key generates this
keycode) while ISO_Level3_Shift was attached to keycode 113. The keycode) while ISO_Level3_Shift was attached to keycode 113. The
keycode skipping option was used to disable the ghost key: keycode skipping option was used to disable the ghost key:
[429]-skip_keycodes 93 [430]-skip_keycodes 93
* In implementing -xkb we noticed that some characters were still * In implementing -xkb we noticed that some characters were still
not getting through, e.g. "~" and "^". This is not really an not getting through, e.g. "~" and "^". This is not really an
XKEYBOARD problem. What was happening was the VNC viewer was XKEYBOARD problem. What was happening was the VNC viewer was
...@@ -4251,16 +4274,16 @@ ied) ...@@ -4251,16 +4274,16 @@ ied)
What to do? In general the VNC protocol has not really solved this What to do? In general the VNC protocol has not really solved this
problem: what should be done if the VNC viewer sends a keysym not problem: what should be done if the VNC viewer sends a keysym not
recognized by the VNC server side? Workarounds can possibly be recognized by the VNC server side? Workarounds can possibly be
created using the [430]-remap x11vnc option: created using the [431]-remap x11vnc option:
-remap asciitilde-dead_tilde,asciicircum-dead_circumflex -remap asciitilde-dead_tilde,asciicircum-dead_circumflex
etc. Use -remap filename if the list is long. Please send us your etc. Use -remap filename if the list is long. Please send us your
workarounds for this problem on your keyboard. Perhaps we can have workarounds for this problem on your keyboard. Perhaps we can have
x11vnc adjust automatically at some point. Also see the x11vnc adjust automatically at some point. Also see the
[431]-add_keysyms option in the next paragraph. [432]-add_keysyms option in the next paragraph.
Update: for convenience "[432]-remap DEAD" does many of these Update: for convenience "[433]-remap DEAD" does many of these
mappings at once. mappings at once.
* To complement the above workaround using the [433]-remap, an * To complement the above workaround using the [434]-remap, an
option [434]-add_keysyms was added. This option instructs x11vnc option [435]-add_keysyms was added. This option instructs x11vnc
to bind any unknown Keysyms coming in from VNC viewers to unused to bind any unknown Keysyms coming in from VNC viewers to unused
Keycodes in the X server. This modifies the global state of the X Keycodes in the X server. This modifies the global state of the X
server. When x11vnc exits it removes the extra keymappings it server. When x11vnc exits it removes the extra keymappings it
...@@ -4279,7 +4302,7 @@ ied) ...@@ -4279,7 +4302,7 @@ ied)
Short answer: disable key autorepeating by running the command "xset r Short answer: disable key autorepeating by running the command "xset r
off" on the Xserver where x11vnc is run (restore via "xset r on") or off" on the Xserver where x11vnc is run (restore via "xset r on") or
use the new (Jul/2004) [435]-norepeat x11vnc option. You will still use the new (Jul/2004) [436]-norepeat x11vnc option. You will still
have autorepeating because that is taken care of on your VNC viewer have autorepeating because that is taken care of on your VNC viewer
side. side.
...@@ -4303,7 +4326,7 @@ ied) ...@@ -4303,7 +4326,7 @@ ied)
off", does the problem go away? off", does the problem go away?
The workaround is to manually apply "xset r off" and "xset r on" as The workaround is to manually apply "xset r off" and "xset r on" as
needed, or to use the [436]-norepeat (which has since Dec/2004 been needed, or to use the [437]-norepeat (which has since Dec/2004 been
made the default). Note that with X server autorepeat turned off the made the default). Note that with X server autorepeat turned off the
VNC viewer side of the connection will (nearly always) do its own VNC viewer side of the connection will (nearly always) do its own
autorepeating so there is no big loss here, unless someone is also autorepeating so there is no big loss here, unless someone is also
...@@ -4314,7 +4337,7 @@ ied) ...@@ -4314,7 +4337,7 @@ ied)
keystrokes!! keystrokes!!
Are you using x11vnc to log in to an X session? (as described in Are you using x11vnc to log in to an X session? (as described in
[437]this FAQ) If so, x11vnc is starting before your session and it [438]this FAQ) If so, x11vnc is starting before your session and it
disables autorepeat when you connect, but then after you log in your disables autorepeat when you connect, but then after you log in your
session startup (GNOME, KDE, ...) could be resetting the autorepeat to session startup (GNOME, KDE, ...) could be resetting the autorepeat to
be on. Or it could be something inside your desktop trying to be be on. Or it could be something inside your desktop trying to be
...@@ -4338,7 +4361,7 @@ ied) ...@@ -4338,7 +4361,7 @@ ied)
machine where I run the VNC viewer does not. Is there a way I can map machine where I run the VNC viewer does not. Is there a way I can map
a local unused key to send an AltGr? How about a Compose key as well? a local unused key to send an AltGr? How about a Compose key as well?
Something like "[438]-remap Super_R-Mode_switch" x11vnc option may Something like "[439]-remap Super_R-Mode_switch" x11vnc option may
work. Note that Super_R is the "Right Windoze(tm) Flaggie" key; you work. Note that Super_R is the "Right Windoze(tm) Flaggie" key; you
may want to choose another. The -debug_keyboard option comes in handy may want to choose another. The -debug_keyboard option comes in handy
in finding keysym names (so does xev(1)). in finding keysym names (so does xev(1)).
...@@ -4361,7 +4384,7 @@ ied) ...@@ -4361,7 +4384,7 @@ ied)
Since xmodmap(1) modifies the X server mappings you may not want to do Since xmodmap(1) modifies the X server mappings you may not want to do
this (because it affects local work on that machine). Something like this (because it affects local work on that machine). Something like
the [439]-remap Alt_L-Meta_L to x11vnc may be sufficient for ones the [440]-remap Alt_L-Meta_L to x11vnc may be sufficient for ones
needs, and does not modify the X server environment. Note that you needs, and does not modify the X server environment. Note that you
cannot send Alt_L in this case, maybe -remap Super_L-Meta_L would be a cannot send Alt_L in this case, maybe -remap Super_L-Meta_L would be a
better choice if the Super_L key is typically unused in Unix. better choice if the Super_L key is typically unused in Unix.
...@@ -4372,7 +4395,7 @@ ied) ...@@ -4372,7 +4395,7 @@ ied)
This can be done directly in some X servers using AccessX and This can be done directly in some X servers using AccessX and
Pointer_EnableKeys, but is a bit awkward. It may be more convenient to Pointer_EnableKeys, but is a bit awkward. It may be more convenient to
have x11vnc do the remapping. This can be done via the [440]-remap have x11vnc do the remapping. This can be done via the [441]-remap
option using the fake "keysyms" Button1, Button2, etc. as the "to" option using the fake "keysyms" Button1, Button2, etc. as the "to"
keys (i.e. the ones after the "-") keys (i.e. the ones after the "-")
...@@ -4381,7 +4404,7 @@ ied) ...@@ -4381,7 +4404,7 @@ ied)
button "paste" because (using XFree86/Xorg Emulate3Buttons) you have button "paste" because (using XFree86/Xorg Emulate3Buttons) you have
to click both buttons on the touch pad at the same time. This to click both buttons on the touch pad at the same time. This
remapping: remapping:
[441]-remap Super_R-Button2 [442]-remap Super_R-Button2
maps the Super_R "flag" key press to the Button2 click, thereby making maps the Super_R "flag" key press to the Button2 click, thereby making
X pasting a bit easier. X pasting a bit easier.
...@@ -4411,7 +4434,7 @@ ied) ...@@ -4411,7 +4434,7 @@ ied)
There may also be scaling viewers out there (e.g. TightVNC or UltraVNC There may also be scaling viewers out there (e.g. TightVNC or UltraVNC
on Windows) that automatically shrink or expand the remote framebuffer on Windows) that automatically shrink or expand the remote framebuffer
to fit the local display. Especially for hand-held devices. See also to fit the local display. Especially for hand-held devices. See also
[442]this FAQ on x11vnc scaling. [443]this FAQ on x11vnc scaling.
Q-75: Does x11vnc support server-side framebuffer scaling? (E.g. to Q-75: Does x11vnc support server-side framebuffer scaling? (E.g. to
...@@ -4419,7 +4442,7 @@ ied) ...@@ -4419,7 +4442,7 @@ ied)
As of Jun/2004 in the libvncserver CVS x11vnc provides basic As of Jun/2004 in the libvncserver CVS x11vnc provides basic
server-side scaling. It is a global scaling of the desktop, not a server-side scaling. It is a global scaling of the desktop, not a
per-client setting. To enable it use the "[443]-scale fraction" per-client setting. To enable it use the "[444]-scale fraction"
option. "fraction" can either be a floating point number (e.g. -scale option. "fraction" can either be a floating point number (e.g. -scale
0.5) or the alternative m/n fraction notation (e.g. -scale 2/3). Note 0.5) or the alternative m/n fraction notation (e.g. -scale 2/3). Note
that if fraction is greater than one the display is magnified. that if fraction is greater than one the display is magnified.
...@@ -4440,7 +4463,7 @@ ied) ...@@ -4440,7 +4463,7 @@ ied)
One can also use the ":nb" with an integer scale factor (say "-scale One can also use the ":nb" with an integer scale factor (say "-scale
2:nb") to use x11vnc as a screen magnifier for vision impaired 2:nb") to use x11vnc as a screen magnifier for vision impaired
[444]applications. Since with integer scale factors the framebuffers [445]applications. Since with integer scale factors the framebuffers
become huge and scaling operations time consuming, be sure to use become huge and scaling operations time consuming, be sure to use
":nb" for the fastest response. ":nb" for the fastest response.
...@@ -4466,12 +4489,12 @@ ied) ...@@ -4466,12 +4489,12 @@ ied)
If one desires per-client scaling for something like 1:1 from a If one desires per-client scaling for something like 1:1 from a
workstation and 1:2 from a smaller device (e.g. handheld), currently workstation and 1:2 from a smaller device (e.g. handheld), currently
the only option is to run two (or more) x11vnc processes with the only option is to run two (or more) x11vnc processes with
different scalings listening on separate ports ([445]-rfbport option, different scalings listening on separate ports ([446]-rfbport option,
etc.). etc.).
BTW, whenever you run two or more x11vnc's on the same X display and BTW, whenever you run two or more x11vnc's on the same X display and
use the [446]GUI, then to avoid all of the x11vnc's simultaneously use the [447]GUI, then to avoid all of the x11vnc's simultaneously
answering the gui you will need to use something like [447]"-connect answering the gui you will need to use something like [448]"-connect
file1 -gui ..." with different connect files for each x11vnc you want file1 -gui ..." with different connect files for each x11vnc you want
to control via the gui (or remote-control). The "-connect file1" usage to control via the gui (or remote-control). The "-connect file1" usage
gives separate communication channels between a x11vnc proces and the gives separate communication channels between a x11vnc proces and the
...@@ -4480,7 +4503,7 @@ ied) ...@@ -4480,7 +4503,7 @@ ied)
Update: As of Mar/2005 in the libvncserver CVS x11vnc now scales the Update: As of Mar/2005 in the libvncserver CVS x11vnc now scales the
mouse cursor with the same scale factor as the screen. If you don't mouse cursor with the same scale factor as the screen. If you don't
want that, use the [448]"-scale_cursor frac" option to set the cursor want that, use the [449]"-scale_cursor frac" option to set the cursor
scaling to a different factor (e.g. use "-scale_cursor 1" to keep the scaling to a different factor (e.g. use "-scale_cursor 1" to keep the
cursor at its natural unscaled size). cursor at its natural unscaled size).
...@@ -4502,16 +4525,16 @@ ied) ...@@ -4502,16 +4525,16 @@ ied)
screen is not rectangular (e.g. 1280x1024 and 1024x768 monitors joined screen is not rectangular (e.g. 1280x1024 and 1024x768 monitors joined
together), then there will be "non-existent" areas on the screen. The together), then there will be "non-existent" areas on the screen. The
X server will return "garbage" image data for these areas and so they X server will return "garbage" image data for these areas and so they
may be distracting to the viewer. The [449]-blackout x11vnc option may be distracting to the viewer. The [450]-blackout x11vnc option
allows you to blacken-out rectangles by manually specifying their allows you to blacken-out rectangles by manually specifying their
WxH+X+Y geometries. If your system has the libXinerama library, the WxH+X+Y geometries. If your system has the libXinerama library, the
[450]-xinerama x11vnc option can be used to have it automatically [451]-xinerama x11vnc option can be used to have it automatically
determine the rectangles to be blackened out. (Note on 8bpp determine the rectangles to be blackened out. (Note on 8bpp
PseudoColor displays the fill color may not be black). PseudoColor displays the fill color may not be black).
Some users have reported that the mouse does not behave properly for Some users have reported that the mouse does not behave properly for
their Xinerama display: i.e. the mouse cannot be moved to all regions their Xinerama display: i.e. the mouse cannot be moved to all regions
of the large display. If this happens try using the [451]-xwarppointer of the large display. If this happens try using the [452]-xwarppointer
option. This instructs x11vnc to fake mouse pointer motions using the option. This instructs x11vnc to fake mouse pointer motions using the
XWarpPointer function instead of the XTestFakeMotionEvent XTEST XWarpPointer function instead of the XTestFakeMotionEvent XTEST
function. (This may be due to a bug in the X server for XTEST when function. (This may be due to a bug in the X server for XTEST when
...@@ -4536,23 +4559,23 @@ ied) ...@@ -4536,23 +4559,23 @@ ied)
Note: if you are running on Solaris 8 or earlier you can easily hit up Note: if you are running on Solaris 8 or earlier you can easily hit up
against the maximum of 6 shm segments per process (for Xsun in this against the maximum of 6 shm segments per process (for Xsun in this
case) from running multiple x11vnc processes. You should modify case) from running multiple x11vnc processes. You should modify
/etc/system as mentioned in another [452]FAQ to increase the limit. It /etc/system as mentioned in another [453]FAQ to increase the limit. It
is probably also a good idea to run with the [453]-onetile option in is probably also a good idea to run with the [454]-onetile option in
this case (to limit each x11vnc to 3 shm segments), or even this case (to limit each x11vnc to 3 shm segments), or even
[454]-noshm to use no shm segments. [455]-noshm to use no shm segments.
Q-78: Can x11vnc show only a portion of the display? (E.g. for a Q-78: Can x11vnc show only a portion of the display? (E.g. for a
special purpose rfb application). special purpose rfb application).
As of Mar/2005 in the libvncserver CVS x11vnc has the "[455]-clip As of Mar/2005 in the libvncserver CVS x11vnc has the "[456]-clip
WxH+X+Y" option to select a rectangle of width W, height H and offset WxH+X+Y" option to select a rectangle of width W, height H and offset
(X, Y). Thus the VNC screen will be the clipped sub-region of the (X, Y). Thus the VNC screen will be the clipped sub-region of the
display and be only WxH in size. One user used -clip to split up a display and be only WxH in size. One user used -clip to split up a
large [456]Xinerama screen into two more managable smaller screens. large [457]Xinerama screen into two more managable smaller screens.
This also works to view a sub-region of a single application window if This also works to view a sub-region of a single application window if
the [457]-id or [458]-sid options are used. The offset is measured the [458]-id or [459]-sid options are used. The offset is measured
from the upper left corner of the selected window. from the upper left corner of the selected window.
...@@ -4561,7 +4584,7 @@ ied) ...@@ -4561,7 +4584,7 @@ ied)
crash. crash.
As of Dec/2004 in the libvncserver CVS x11vnc supports XRANDR. You As of Dec/2004 in the libvncserver CVS x11vnc supports XRANDR. You
enable it with the [459]-xrandr option to make x11vnc monitor XRANDR enable it with the [460]-xrandr option to make x11vnc monitor XRANDR
events and also trap X server errors if the screen change occurred in events and also trap X server errors if the screen change occurred in
the middle of an X call like XGetImage. Once it traps the screen the middle of an X call like XGetImage. Once it traps the screen
change it will create a new framebuffer using the new screen. change it will create a new framebuffer using the new screen.
...@@ -4571,7 +4594,7 @@ ied) ...@@ -4571,7 +4594,7 @@ ied)
then the viewer will automatically resize. Otherwise, the new then the viewer will automatically resize. Otherwise, the new
framebuffer is fit as best as possible into the original viewer size framebuffer is fit as best as possible into the original viewer size
(portions of the screen may be clipped, unused, etc). For these (portions of the screen may be clipped, unused, etc). For these
viewers you can try the [460]-padgeom option to make the region big viewers you can try the [461]-padgeom option to make the region big
enough to hold all resizes and rotations. enough to hold all resizes and rotations.
If you specify "-xrandr newfbsize" then vnc viewers that do not If you specify "-xrandr newfbsize" then vnc viewers that do not
...@@ -4625,9 +4648,9 @@ ied) ...@@ -4625,9 +4648,9 @@ ied)
* Fullscreen mode * Fullscreen mode
The way VMWare does Fullscreen mode on Linux is to display the Guest The way VMWare does Fullscreen mode on Linux is to display the Guest
desktop in a separate Virtual Console (e.g. VC 8) (see [461]this FAQ desktop in a separate Virtual Console (e.g. VC 8) (see [462]this FAQ
on VC's for background). Unfortunately, this Fullscreen VC is not an X on VC's for background). Unfortunately, this Fullscreen VC is not an X
server. So x11vnc cannot access it (however, [462]see this for a server. So x11vnc cannot access it (however, [463]see this for a
possible partial workaround). x11vnc works fine with "Normal X possible partial workaround). x11vnc works fine with "Normal X
application window" and "Quick-Switch mode" because these use X. application window" and "Quick-Switch mode" because these use X.
...@@ -4644,13 +4667,13 @@ ied) ...@@ -4644,13 +4667,13 @@ ied)
response. One can also cut the display depth (e.g. to 16bpp) in this response. One can also cut the display depth (e.g. to 16bpp) in this
2nd X session to improve video performance. This 2nd X session 2nd X session to improve video performance. This 2nd X session
emulates Fullscreen mode to some degree and can be viewed via x11vnc emulates Fullscreen mode to some degree and can be viewed via x11vnc
as long as the VMWare X session [463]is in the active VC. as long as the VMWare X session [464]is in the active VC.
Also note that with a little bit of playing with "xwininfo -all Also note that with a little bit of playing with "xwininfo -all
-children" output one can extract the (non-toplevel) windowid of the -children" output one can extract the (non-toplevel) windowid of the
of the Guest desktop only when VMWare is running as a normal X of the Guest desktop only when VMWare is running as a normal X
application. Then one can export just the guest desktop (i.e. without application. Then one can export just the guest desktop (i.e. without
the VMWare menu buttons) by use of the [464]-id windowid option. The the VMWare menu buttons) by use of the [465]-id windowid option. The
caveats are the X session VMWare is in must be in the active VC and caveats are the X session VMWare is in must be in the active VC and
the window must be fully visible, so this mode is not terribly the window must be fully visible, so this mode is not terribly
convenient, but could be useful in some circumstances (e.g. running convenient, but could be useful in some circumstances (e.g. running
...@@ -4731,7 +4754,7 @@ ied) ...@@ -4731,7 +4754,7 @@ ied)
screen to either shm or a mapped file. The format of these is XWD and screen to either shm or a mapped file. The format of these is XWD and
so the initial header should be skipped. BTW, since XWD is not so the initial header should be skipped. BTW, since XWD is not
strictly RGB the view will only be approximate. Of course for the case strictly RGB the view will only be approximate. Of course for the case
of Xvfb x11vnc can poll it much better via the [465]X API, but you get of Xvfb x11vnc can poll it much better via the [466]X API, but you get
the idea. the idea.
By default in -rawfb mode x11vnc will actually close any X display it By default in -rawfb mode x11vnc will actually close any X display it
...@@ -4784,7 +4807,7 @@ ied) ...@@ -4784,7 +4807,7 @@ ied)
keystrokes into the Linux console (e.g. the virtual consoles: keystrokes into the Linux console (e.g. the virtual consoles:
/dev/tty1, /dev/tty2, etc) in x11vnc/misc/vcinject.pl. It is based on /dev/tty1, /dev/tty2, etc) in x11vnc/misc/vcinject.pl. It is based on
the vncterm/LinuxVNC.c program also in the libvncserver CVS. So to the vncterm/LinuxVNC.c program also in the libvncserver CVS. So to
view and interact with VC #2 (assuming it is the [466]active VC) one view and interact with VC #2 (assuming it is the [467]active VC) one
can run something like: can run something like:
x11vnc -rawfb map:/dev/fb0@1024x768x16 -pipeinput './vcinject.pl 2' x11vnc -rawfb map:/dev/fb0@1024x768x16 -pipeinput './vcinject.pl 2'
...@@ -4797,7 +4820,7 @@ ied) ...@@ -4797,7 +4820,7 @@ ied)
more accurate and faster LinuxVNC program. The only advantage x11vnc more accurate and faster LinuxVNC program. The only advantage x11vnc
-rawfb might have is that it can presumably allow interaction with a -rawfb might have is that it can presumably allow interaction with a
non-text application, e.g. one based on svgalib. For example the non-text application, e.g. one based on svgalib. For example the
[467]VMWare Fullscreen mode is actually viewable under -rawfb. But [468]VMWare Fullscreen mode is actually viewable under -rawfb. But
this isn't much use until one figures out how to inject keystrokes and this isn't much use until one figures out how to inject keystrokes and
mouse events... mouse events...
...@@ -4821,7 +4844,7 @@ ied) ...@@ -4821,7 +4844,7 @@ ied)
click on the task bar panel, and uncheck "enable auto-hide" from the click on the task bar panel, and uncheck "enable auto-hide" from the
panel properties dialog box. This will make the panel always visible. panel properties dialog box. This will make the panel always visible.
[Misc: Clipboard, Beeps, Thanks, etc.] [Misc: Clipboard, File Transfer, Beeps, Thanks, etc.]
Q-85: Does the Clipboard/Selection get transferred between the Q-85: Does the Clipboard/Selection get transferred between the
vncviewer and the X display? vncviewer and the X display?
...@@ -4829,10 +4852,10 @@ ied) ...@@ -4829,10 +4852,10 @@ ied)
As of Jan/2004 in the libvncserver CVS x11vnc supports the "CutText" As of Jan/2004 in the libvncserver CVS x11vnc supports the "CutText"
part of the rfb protocol. Furthermore, x11vnc is able to hold the part of the rfb protocol. Furthermore, x11vnc is able to hold the
PRIMARY selection (Xvnc does not seem to do this). If you don't want PRIMARY selection (Xvnc does not seem to do this). If you don't want
the Clipboard/Selection exchanged use the [468]-nosel option. If you the Clipboard/Selection exchanged use the [469]-nosel option. If you
don't want the PRIMARY selection to be polled for changes use the don't want the PRIMARY selection to be polled for changes use the
[469]-noprimary option. You can also fine-tune it a bit with the [470]-noprimary option. You can also fine-tune it a bit with the
[470]-seldir dir option. [471]-seldir dir option.
You may need to watch out for desktop utilities such as KDE's You may need to watch out for desktop utilities such as KDE's
"Klipper" that do odd things with the selection, clipboard, and "Klipper" that do odd things with the selection, clipboard, and
...@@ -4844,7 +4867,7 @@ ied) ...@@ -4844,7 +4867,7 @@ ied)
As of Oct/2005 x11vnc enables the TightVNC file transfer As of Oct/2005 x11vnc enables the TightVNC file transfer
implementation that was added to libvncserver. This currently only implementation that was added to libvncserver. This currently only
works with TightVNC viewers (and Windows only it appears). It is on by works with TightVNC viewers (and Windows only it appears). It is on by
default, to disable it use the [471]-nofilexfer option. default, to disable it use the [472]-nofilexfer option.
Q-87: Why don't I hear the "Beeps" in my X session (e.g. when typing Q-87: Why don't I hear the "Beeps" in my X session (e.g. when typing
...@@ -4855,7 +4878,7 @@ ied) ...@@ -4855,7 +4878,7 @@ ied)
not on by default in Solaris, see Xserver(1) for how to turn it on via not on by default in Solaris, see Xserver(1) for how to turn it on via
+kb), and so you won't hear them if the extension is not present. +kb), and so you won't hear them if the extension is not present.
If you don't want to hear the beeps use the [472]-nobell option. If If you don't want to hear the beeps use the [473]-nobell option. If
you want to hear the audio from the remote applications, consider you want to hear the audio from the remote applications, consider
trying a redirector such as esd. trying a redirector such as esd.
...@@ -5181,171 +5204,172 @@ References ...@@ -5181,171 +5204,172 @@ References
305. http://www.karlrunge.com/x11vnc/dtVncPopup 305. http://www.karlrunge.com/x11vnc/dtVncPopup
306. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone 306. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone
307. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw 307. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
308. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost 308. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis
309. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel 309. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost
310. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost 310. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel
311. http://www.karlrunge.com/x11vnc/index.html#tunnelling 311. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost
312. http://www.karlrunge.com/x11vnc/index.html#faq-ssl-tunnel 312. http://www.karlrunge.com/x11vnc/index.html#tunnelling
313. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept 313. http://www.karlrunge.com/x11vnc/index.html#faq-ssl-tunnel
314. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users 314. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept
315. http://www.karlrunge.com/x11vnc/blockdpy.c 315. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users
316. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept 316. http://www.karlrunge.com/x11vnc/blockdpy.c
317. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone 317. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept
318. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone 318. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone
319. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-afteraccept 319. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone
320. http://www.karlrunge.com/x11vnc/index.html#display-manager-continuously 320. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-afteraccept
321. http://www.karlrunge.com/x11vnc/index.html#faq-inetd 321. http://www.karlrunge.com/x11vnc/index.html#display-manager-continuously
322. http://www.karlrunge.com/x11vnc/index.html#x11vnc_loop 322. http://www.karlrunge.com/x11vnc/index.html#faq-inetd
323. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth 323. http://www.karlrunge.com/x11vnc/index.html#x11vnc_loop
324. http://www.karlrunge.com/x11vnc/index.html#dtlogin_solaris 324. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth
325. http://www.jirka.org/gdm-documentation/x241.html 325. http://www.karlrunge.com/x11vnc/index.html#dtlogin_solaris
326. http://www.karlrunge.com/x11vnc/x11vnc_loop 326. http://www.jirka.org/gdm-documentation/x241.html
327. http://www.karlrunge.com/x11vnc/index.html#faq-xterminal-xauth 327. http://www.karlrunge.com/x11vnc/x11vnc_loop
328. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-inetd 328. http://www.karlrunge.com/x11vnc/index.html#faq-xterminal-xauth
329. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-q 329. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-inetd
330. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth 330. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-q
331. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop 331. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth
332. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir 332. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop
333. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http 333. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir
334. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect 334. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http
335. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vncconnect 335. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
336. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms 336. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vncconnect
337. http://www.karlrunge.com/x11vnc/index.html#faq-linuxvc 337. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms
338. http://www.karlrunge.com/x11vnc/Xdummy 338. http://www.karlrunge.com/x11vnc/index.html#faq-linuxvc
339. http://www.karlrunge.com/x11vnc/index.html#display-manager-continuously 339. http://www.karlrunge.com/x11vnc/Xdummy
340. http://www.karlrunge.com/x11vnc/shm_clear 340. http://www.karlrunge.com/x11vnc/index.html#display-manager-continuously
341. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile 341. http://www.karlrunge.com/x11vnc/shm_clear
342. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm 342. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile
343. http://www.karlrunge.com/x11vnc/index.html#faq-noshm 343. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm
344. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nap 344. http://www.karlrunge.com/x11vnc/index.html#faq-noshm
345. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait 345. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nap
346. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile 346. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait
347. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs 347. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile
348. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads 348. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs
349. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer 349. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads
350. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id 350. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer
351. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid 351. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
352. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect 352. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid
353. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe 353. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect
354. http://www.tightvnc.com/ 354. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
355. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging 355. http://www.tightvnc.com/
356. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe 356. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging
357. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect 357. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
358. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs 358. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect
359. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait 359. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs
360. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer 360. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait
361. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-progressive 361. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer
362. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id 362. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-progressive
363. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel 363. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
364. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor 364. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel
365. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos 365. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor
366. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-readtimeout 366. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos
367. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow 367. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-readtimeout
368. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_area 368. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow
369. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_mem 369. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_area
370. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage 370. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_mem
371. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow 371. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage
372. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode 372. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow
373. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode 373. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode
374. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging 374. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode
375. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode 375. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging
376. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads 376. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode
377. http://www.karlrunge.com/x11vnc/index.html#faq-wireframe 377. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads
378. http://www.karlrunge.com/x11vnc/index.html#faq-scrollcopyrect 378. http://www.karlrunge.com/x11vnc/index.html#faq-wireframe
379. http://www.karlrunge.com/x11vnc/index.html#faq-pointer-mode 379. http://www.karlrunge.com/x11vnc/index.html#faq-scrollcopyrect
380. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow 380. http://www.karlrunge.com/x11vnc/index.html#faq-pointer-mode
381. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe 381. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow
382. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe 382. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
383. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe 383. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
384. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow 384. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
385. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect 385. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow
386. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe 386. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect
387. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wirecopyrect 387. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
388. http://www.karlrunge.com/x11vnc/index.html#faq-wireframe 388. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wirecopyrect
389. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen 389. http://www.karlrunge.com/x11vnc/index.html#faq-wireframe
390. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scr_skip 390. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen
391. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale 391. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scr_skip
392. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect 392. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale
393. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor 393. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect
394. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor 394. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor
395. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay 395. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor
396. http://www.karlrunge.com/x11vnc/index.html#the-overlay-mode 396. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay
397. http://www.karlrunge.com/x11vnc/index.html#solaris10-build 397. http://www.karlrunge.com/x11vnc/index.html#the-overlay-mode
398. http://www.karlrunge.com/x11vnc/index.html#faq-xfixes-alpha-hacks 398. http://www.karlrunge.com/x11vnc/index.html#solaris10-build
399. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphacut 399. http://www.karlrunge.com/x11vnc/index.html#faq-xfixes-alpha-hacks
400. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphafrac 400. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphacut
401. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alpharemove 401. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphafrac
402. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape 402. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alpharemove
403. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noalphablend 403. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape
404. http://www.tightvnc.com/ 404. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noalphablend
405. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor 405. http://www.tightvnc.com/
406. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursorpos 406. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor
407. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos 407. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursorpos
408. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape 408. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos
409. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap 409. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape
410. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_pointer 410. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap
411. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap 411. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_pointer
412. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak 412. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap
413. http://www.karlrunge.com/x11vnc/index.html#faq-greaterless 413. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
414. http://www.karlrunge.com/x11vnc/index.html#faq-xkbmodtweak 414. http://www.karlrunge.com/x11vnc/index.html#faq-greaterless
415. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard 415. http://www.karlrunge.com/x11vnc/index.html#faq-xkbmodtweak
416. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb 416. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard
417. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys 417. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
418. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak 418. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys
419. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak 419. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
420. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap 420. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
421. http://www.karlrunge.com/x11vnc/index.html#faq-xkbmodtweak 421. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
422. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard 422. http://www.karlrunge.com/x11vnc/index.html#faq-xkbmodtweak
423. http://www.karlrunge.com/x11vnc/index.html#faq-greaterless 423. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard
424. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb 424. http://www.karlrunge.com/x11vnc/index.html#faq-greaterless
425. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys 425. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
426. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak 426. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys
427. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb 427. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
428. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb 428. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
429. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_keycodes 429. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
430. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap 430. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_keycodes
431. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms 431. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
432. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap 432. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms
433. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap 433. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
434. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms 434. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
435. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat 435. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms
436. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat 436. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat
437. http://www.karlrunge.com/x11vnc/index.html#faq-display-manager 437. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat
438. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap 438. http://www.karlrunge.com/x11vnc/index.html#faq-display-manager
439. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap 439. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
440. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap 440. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
441. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap 441. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
442. http://www.karlrunge.com/x11vnc/index.html#faq-scaling 442. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
443. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale 443. http://www.karlrunge.com/x11vnc/index.html#faq-scaling
444. http://www.cus.cam.ac.uk/~ssb22/source/vnc-magnification.html 444. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale
445. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport 445. http://www.cus.cam.ac.uk/~ssb22/source/vnc-magnification.html
446. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui 446. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport
447. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect 447. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui
448. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale_cursor 448. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
449. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-blackout 449. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale_cursor
450. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama 450. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-blackout
451. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer 451. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama
452. http://www.karlrunge.com/x11vnc/index.html#faq-solshm 452. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer
453. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile 453. http://www.karlrunge.com/x11vnc/index.html#faq-solshm
454. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm 454. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile
455. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip 455. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm
456. http://www.karlrunge.com/x11vnc/index.html#faq-xinerama 456. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip
457. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id 457. http://www.karlrunge.com/x11vnc/index.html#faq-xinerama
458. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id 458. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
459. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xrandr 459. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
460. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-padgeom 460. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xrandr
461. http://www.karlrunge.com/x11vnc/index.html#faq-linuxvc 461. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-padgeom
462. http://www.karlrunge.com/x11vnc/index.html#faq-rawfb 462. http://www.karlrunge.com/x11vnc/index.html#faq-linuxvc
463. http://www.karlrunge.com/x11vnc/index.html#faq-linuxvc 463. http://www.karlrunge.com/x11vnc/index.html#faq-rawfb
464. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id 464. http://www.karlrunge.com/x11vnc/index.html#faq-linuxvc
465. http://www.karlrunge.com/x11vnc/index.html#faq-xvfb 465. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
466. http://www.karlrunge.com/x11vnc/index.html#faq-linuxvc 466. http://www.karlrunge.com/x11vnc/index.html#faq-xvfb
467. http://www.karlrunge.com/x11vnc/index.html#faq-vmware 467. http://www.karlrunge.com/x11vnc/index.html#faq-linuxvc
468. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel 468. http://www.karlrunge.com/x11vnc/index.html#faq-vmware
469. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noprimary 469. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel
470. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-seldir 470. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noprimary
471. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nofilexfer 471. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-seldir
472. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell 472. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nofilexfer
473. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell
======================================================================= =======================================================================
...@@ -5358,7 +5382,7 @@ x11vnc: a VNC server for real X displays ...@@ -5358,7 +5382,7 @@ x11vnc: a VNC server for real X displays
Here are all of x11vnc command line options: Here are all of x11vnc command line options:
% x11vnc -opts (see below for -help long descriptions) % x11vnc -opts (see below for -help long descriptions)
x11vnc: allow VNC connections to real X11 displays. 0.8.1 lastmod: 2006-03-02 x11vnc: allow VNC connections to real X11 displays. 0.8.1 lastmod: 2006-03-04
x11vnc options: x11vnc options:
-display disp -auth file -display disp -auth file
...@@ -5377,68 +5401,69 @@ x11vnc options: ...@@ -5377,68 +5401,69 @@ x11vnc options:
-allow host1[,host2..] -localhost -allow host1[,host2..] -localhost
-nolookup -input string -nolookup -input string
-viewpasswd string -passwdfile filename -viewpasswd string -passwdfile filename
-unixpw [list] -stunnel [pem] -unixpw [list] -unixpw_nis [list]
-stunnel3 [pem] -nopw -stunnel [pem] -stunnel3 [pem]
-storepasswd pass file -accept string -nopw -storepasswd pass file
-afteraccept string -gone string -accept string -afteraccept string
-users list -noshm -gone string -users list
-flipbyteorder -onetile -noshm -flipbyteorder
-solid [color] -blackout string -onetile -solid [color]
-xinerama -xtrap -blackout string -xinerama
-xrandr [mode] -padgeom WxH -xtrap -xrandr [mode]
-o logfile -flag file -padgeom WxH -o logfile
-rc filename -norc -flag file -rc filename
-h, -help -?, -opts -norc -h, -help
-V, -version -dbg -?, -opts -V, -version
-q -bg -dbg -q
-modtweak -nomodtweak -bg -modtweak
-xkb -noxkb -nomodtweak -xkb
-skip_keycodes string -sloppy_keys -noxkb -skip_keycodes string
-skip_dups -noskip_dups -sloppy_keys -skip_dups
-add_keysyms -noadd_keysyms -noskip_dups -add_keysyms
-clear_mods -clear_keys -noadd_keysyms -clear_mods
-remap string -norepeat -clear_keys -remap string
-repeat -nofb -norepeat -repeat
-nobell -nosel -nofb -nobell
-noprimary -seldir string -nosel -noprimary
-cursor [mode] -nocursor -seldir string -cursor [mode]
-arrow n -noxfixes -nocursor -arrow n
-alphacut n -alphafrac fraction -noxfixes -alphacut n
-alpharemove -noalphablend -alphafrac fraction -alpharemove
-nocursorshape -cursorpos -noalphablend -nocursorshape
-nocursorpos -xwarppointer -cursorpos -nocursorpos
-buttonmap string -nodragging -xwarppointer -buttonmap string
-wireframe [str] -nowireframe -nodragging -wireframe [str]
-wirecopyrect mode -nowirecopyrect -nowireframe -wirecopyrect mode
-debug_wireframe -scrollcopyrect mode -nowirecopyrect -debug_wireframe
-noscrollcopyrect -scr_area n -scrollcopyrect mode -noscrollcopyrect
-scr_skip list -scr_inc list -scr_area n -scr_skip list
-scr_keys list -scr_term list -scr_inc list -scr_keys list
-scr_keyrepeat lo-hi -scr_parms string -scr_term list -scr_keyrepeat lo-hi
-fixscreen string -debug_scroll -scr_parms string -fixscreen string
-noxrecord -grab_buster -debug_scroll -noxrecord
-nograb_buster -debug_grabs -grab_buster -nograb_buster
-pointer_mode n -input_skip n -debug_grabs -pointer_mode n
-speeds rd,bw,lat -wmdt string -input_skip n -speeds rd,bw,lat
-debug_pointer -debug_keyboard -wmdt string -debug_pointer
-defer time -wait time -debug_keyboard -defer time
-wait_ui factor -nowait_bog -wait time -wait_ui factor
-slow_fb time -readtimeout n -nowait_bog -slow_fb time
-nap -nonap -readtimeout n -nap
-sb time -noxdamage -nonap -sb time
-xd_area A -xd_mem f -noxdamage -xd_area A
-sigpipe string -threads -xd_mem f -sigpipe string
-nothreads -fs f -threads -nothreads
-gaps n -grow n -fs f -gaps n
-fuzz n -debug_tiles -grow n -fuzz n
-snapfb -rawfb string -debug_tiles -snapfb
-pipeinput cmd -gui [gui-opts] -rawfb string -pipeinput cmd
-remote command -query variable -gui [gui-opts] -remote command
-QD variable -sync -query variable -QD variable
-noremote -yesremote -sync -noremote
-unsafe -safer -yesremote -unsafe
-privremote -nocmds -safer -privremote
-deny_all -nocmds -deny_all
libvncserver options: libvncserver options:
-rfbport port TCP port for RFB protocol -rfbport port TCP port for RFB protocol
...@@ -5470,7 +5495,7 @@ libvncserver-tight-extension options: ...@@ -5470,7 +5495,7 @@ libvncserver-tight-extension options:
% x11vnc -help % x11vnc -help
x11vnc: allow VNC connections to real X11 displays. 0.8.1 lastmod: 2006-03-02 x11vnc: allow VNC connections to real X11 displays. 0.8.1 lastmod: 2006-03-04
Typical usage is: Typical usage is:
...@@ -5854,34 +5879,38 @@ Options: ...@@ -5854,34 +5879,38 @@ Options:
and last line be "__BEGIN_VIEWONLY__" to have 2 and last line be "__BEGIN_VIEWONLY__" to have 2
full-access passwords) full-access passwords)
-unixpw [list] Experimental option: use Unix username and password -unixpw [list] Use Unix username and password authentication. x11vnc
authentication. x11vnc uses the su(1) program to verify uses the su(1) program to verify the user's password.
the user's password. [list] is an optional comma [list] is an optional comma separated list of allowed
separated list of allowed Unix usernames. See below Unix usernames. See below for per-user options that
for per-user options that can be applied. can be applied.
A familiar "login:" and "Password:" dialog is A familiar "login:" and "Password:" dialog is
presented to the user on a black screen inside the presented to the user on a black screen inside the
vncviewer. The connection is dropped if the user fails vncviewer. The connection is dropped if the user fails
to supply the correct password in 3 tries or does not to supply the correct password in 3 tries or does not
send one before a 20 second timeout. Existing clients send one before a 25 second timeout. Existing clients
are view-only during this period. are view-only during this period.
Since the detailed behavior of su(1) can vary from Since the detailed behavior of su(1) can vary from
OS to OS and for local configurations, please test OS to OS and for local configurations, please test
the mode carefully on your systems before using it. the mode carefully on your systems before using it.
Try different combinations of valid/invalid usernames E.g. try different combinations of valid/invalid
and passwords. usernames and valid/invalid passwords to see if it
behaves correctly. x11vnc will be conservative and
For example, on FreeBSD and the other BSD's and Tru64 reject a user if anything abnormal occurs.
it does not appear to be possible for the user running
x11vnc to validate his *own* password via su(1). For example, on FreeBSD and the other BSD's by default
The x11vnc login will always fail in this case. it is impossible for the user running x11vnc to validate
A possible workaround would be to start x11vnc as his *own* password via su(1) (evidently commenting
root with the "-users +nobody" option to immediately out the pam_self.so entry in /etc/pam.d/su eliminates
switch to user nobody. Another source of problems are the problem). So the x11vnc login will always fail for
PAM modules that prompt for extra info, e.g. password this case. A possible workaround would be to start
aging modules. These logins will always fail as well. x11vnc as root with the "-users +nobody" option to
immediately switch to user nobody. Another source of
problems are PAM modules that prompt for extra info,
e.g. password aging modules. These logins will always
fail as well.
*IMPORTANT*: to prevent the Unix password being sent in *IMPORTANT*: to prevent the Unix password being sent in
*clear text* over the network, two x11vnc options are *clear text* over the network, two x11vnc options are
...@@ -5897,17 +5926,18 @@ Options: ...@@ -5897,17 +5926,18 @@ Options:
Set UNIXPW_DISABLE_STUNNEL=1 to disable using -stunnel. Set UNIXPW_DISABLE_STUNNEL=1 to disable using -stunnel.
Evidently you will be using a different method to Evidently you will be using a different method to
encrypt the data between the vncviewer and x11vnc: encrypt the data between the vncviewer and x11vnc:
e.g. ssh(1) or a VPN. Note that use of ssh(1) with e.g. ssh(1) or a VPN. Note that use of -localhost
-localhost is roughly the same as requiring a Unix with ssh(1) is roughly the same as requiring a Unix
user login (since Unix password or the user's public user login (since a Unix password or the user's public
key authentication is used by ssh) key authentication is used by ssh on the machine where
x11vnc runs and only local connections are accepted)
As a convenience, if you ssh(1) in and start x11vnc
it will look to see if the environment variable As a convenience, if you ssh(1) in and start x11vnc it
SSH_CONNECTION is set and appears reasonable. If it will check if the environment variable SSH_CONNECTION
does, then the stunnel requirement is dropped since is set and appears reasonable. If it does, then the
it is assumed you are using ssh for the encrypted stunnel requirement is dropped since it is assumed
tunnelling. Use -stunnel to force stunnel usage. you are using ssh for the encrypted tunnelling.
Use -stunnel to force stunnel usage.
Set UNIXPW_DISABLE_LOCALHOST=1 to disable the -localhost Set UNIXPW_DISABLE_LOCALHOST=1 to disable the -localhost
requirement. One should never do this (i.e. allow the requirement. One should never do this (i.e. allow the
...@@ -5924,16 +5954,28 @@ Options: ...@@ -5924,16 +5954,28 @@ Options:
where "opts" is a "+" separated list of where "opts" is a "+" separated list of
"viewonly", "fullaccess", "input=XXXX", or "viewonly", "fullaccess", "input=XXXX", or
"deny", e.g. "karl,fred:viewonly,boss:input=M". "deny", e.g. "karl,fred:viewonly,boss:input=M".
For "input=" it is the K,M,B,C describe under -input. For "input=" it is the K,M,B,C described under -input.
If a user in the list is "*" that means those options If a user in the list is "*" that means those
apply to all users. It also means all users are allowed options apply to all users. It also means all users
to log in. Use "deny" to explicitly deny some users are allowed to log in after supplying a valid password.
if you use "*" to set a global option. Use "deny" to explicitly deny some users if you use
"*" to set a global option.
-stunnel [pem] Use the stunnel(1) (www.stunnel.org) to provide an
encrypted SSL tunnel between viewers and x11vnc. -unixpw_nis [list] As -unixpw above, however do not run su(1) but rather
This requires stunnel be installed on the system and use the traditional getpwnam() + crypt() method instead.
This requires that the encrpyted passwords be readable.
Passwords stored in /etc/shadow will be inaccessible
unless run as root. This is called "NIS" mode
simply because in most NIS setups the user encrypted
passwords are accessible (e.g. "ypcat passwd").
NIS is not required for this mode to work, but it
is unlikely it will work for any other environment.
All of the -unixpw options and contraints apply.
-stunnel [pem] Use the stunnel(1) (www.stunnel.org) to provide
an encrypted SSL tunnel between viewers and x11vnc.
This requires stunnel to be installed on the system and
available via PATH (n.b. stunnel is often installed in available via PATH (n.b. stunnel is often installed in
sbin directories). Version 4.x of stunnel is assumed; sbin directories). Version 4.x of stunnel is assumed;
see -stunnel3 below. see -stunnel3 below.
...@@ -5945,9 +5987,9 @@ Options: ...@@ -5945,9 +5987,9 @@ Options:
stunnel is started up as a child process of x11vnc and stunnel is started up as a child process of x11vnc and
any SSL connections stunnel receives are decrypted and any SSL connections stunnel receives are decrypted and
sent to x11vnc over a local socket. The strings "The sent to x11vnc over a local socket. The strings
SSL VNC desktop is ..." and SSLPORT=... are printed "The SSL VNC desktop is ..." and "SSLPORT=..."
out at startup. are printed out at startup.
The -localhost option is enforced by default to The -localhost option is enforced by default to
avoid people routing around the SSL channel. Set avoid people routing around the SSL channel. Set
...@@ -7539,16 +7581,17 @@ n ...@@ -7539,16 +7581,17 @@ n
http_url auth xauth users rootshift clipshift http_url auth xauth users rootshift clipshift
scale_str scaled_x scaled_y scale_numer scale_denom scale_str scaled_x scaled_y scale_numer scale_denom
scale_fac scaling_blend scaling_nomult4 scaling_pad scale_fac scaling_blend scaling_nomult4 scaling_pad
scaling_interpolate inetd privremote unsafe safer nocmds scaling_interpolate inetd privremote unsafe safer
passwdfile unixpw unixpw_list stunnel stunnel_pem nocmds passwdfile unixpw unixpw_nis unixpw_list stunnel
using_shm logfile o flag rc norc h help V version stunnel_pem using_shm logfile o flag rc norc h help
lastmod bg sigpipe threads readrate netrate netlatency V version lastmod bg sigpipe threads readrate netrate
pipeinput clients client_count pid ext_xtest ext_xtrap netlatency pipeinput clients client_count pid ext_xtest
ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama
ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin
button_mask mouse_x mouse_y bpp depth indexed_color num_buttons button_mask mouse_x mouse_y bpp depth
dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y indexed_color dpy_x dpy_y wdpy_x wdpy_y off_x off_y
coff_x coff_y rfbauth passwd viewpasswd cdpy_x cdpy_y coff_x coff_y rfbauth passwd viewpasswd
-QD variable Just like -query variable, but returns the default -QD variable Just like -query variable, but returns the default
value for that parameter (no running x11vnc server value for that parameter (no running x11vnc server
is consulted) is consulted)
......
x11vnc/connections.c
View file @ a9a9c812
...@@ -10,6 +10,7 @@ ...@@ -10,6 +10,7 @@
#include "rates.h" #include "rates.h"
#include "screen.h" #include "screen.h"
#include "unixpw.h" #include "unixpw.h"
#include "scan.h"
/* /*
* routines for handling incoming, outgoing, etc connections * routines for handling incoming, outgoing, etc connections
...@@ -78,7 +79,7 @@ int all_clients_initialized(void) { ...@@ -78,7 +79,7 @@ int all_clients_initialized(void) {
char *list_clients(void) { char *list_clients(void) {
rfbClientIteratorPtr iter; rfbClientIteratorPtr iter;
rfbClientPtr cl; rfbClientPtr cl;
char *list, tmp[32]; char *list, tmp[256];
int count = 0; int count = 0;
if (!screen) { if (!screen) {
...@@ -93,12 +94,12 @@ char *list_clients(void) { ...@@ -93,12 +94,12 @@ char *list_clients(void) {
/* /*
* each client: * each client:
* <id>:<ip>:<port>:<user>:<hostname>:<input>:<loginview>, * <id>:<ip>:<port>:<user>:<unix>:<hostname>:<input>:<loginview>:<time>,
* 8+1+16+1+5+1+24+1+256+1+5+1+1+1 * 8+1+64+1+5+1+24+1+24+1+256+1+5+1+1+1+10+1
* 123.123.123.123:60000/0x11111111-rw, * 123.123.123.123:60000/0x11111111-rw,
* so count+1 * 400 must cover it. * so count+1 * 500 must cover it.
*/ */
list = (char *) malloc((count+1)*400); list = (char *) malloc((count+1)*500);
list[0] = '\0'; list[0] = '\0';
...@@ -114,18 +115,27 @@ char *list_clients(void) { ...@@ -114,18 +115,27 @@ char *list_clients(void) {
strcat(list, ":"); strcat(list, ":");
sprintf(tmp, "%d:", cd->client_port); sprintf(tmp, "%d:", cd->client_port);
strcat(list, tmp); strcat(list, tmp);
if (*(cd->username) == '\0') { if (cd->username[0] == '\0') {
char *s = ident_username(cl); char *s = ident_username(cl);
if (s) free(s); if (s) free(s);
} }
strcat(list, cd->username); strcat(list, cd->username);
strcat(list, ":"); strcat(list, ":");
if (cd->unixname[0] == '\0') {
strcat(list, "none");
} else {
strcat(list, cd->unixname);
}
strcat(list, ":");
strcat(list, cd->hostname); strcat(list, cd->hostname);
strcat(list, ":"); strcat(list, ":");
strcat(list, cd->input); strcat(list, cd->input);
strcat(list, ":"); strcat(list, ":");
sprintf(tmp, "%d", cd->login_viewonly); sprintf(tmp, "%d", cd->login_viewonly);
strcat(list, tmp); strcat(list, tmp);
strcat(list, ":");
sprintf(tmp, "%d", (int) cd->login_time);
strcat(list, tmp);
} }
rfbReleaseClientIterator(iter); rfbReleaseClientIterator(iter);
return list; return list;
...@@ -511,6 +521,10 @@ static void free_client_data(rfbClientPtr client) { ...@@ -511,6 +521,10 @@ static void free_client_data(rfbClientPtr client) {
free(cd->username); free(cd->username);
cd->username = NULL; cd->username = NULL;
} }
if (cd->unixname) {
free(cd->unixname);
cd->unixname = NULL;
}
} }
free(client->clientData); free(client->clientData);
client->clientData = NULL; client->clientData = NULL;
...@@ -828,6 +842,9 @@ static unsigned char t2x2_bits[] = { ...@@ -828,6 +842,9 @@ static unsigned char t2x2_bits[] = {
sprintf(str_y, "OK"); sprintf(str_y, "OK");
sprop = "x11vnc client disconnected"; sprop = "x11vnc client disconnected";
h = 110; h = 110;
str1 = "";
str2 = "";
str3 = "";
} else if (!strcmp(mode, "mouse_only")) { } else if (!strcmp(mode, "mouse_only")) {
str1 = str1_m; str1 = str1_m;
str2 = str2_m; str2 = str2_m;
...@@ -1747,6 +1764,7 @@ enum rfbNewClientAction new_client(rfbClientPtr client) { ...@@ -1747,6 +1764,7 @@ enum rfbNewClientAction new_client(rfbClientPtr client) {
cd->server_ip = get_local_host(client->sock); cd->server_ip = get_local_host(client->sock);
cd->hostname = ip2host(client->host); cd->hostname = ip2host(client->host);
cd->username = strdup(""); cd->username = strdup("");
cd->unixname = strdup("");
cd->input[0] = '-'; cd->input[0] = '-';
cd->login_viewonly = -1; cd->login_viewonly = -1;
...@@ -1947,7 +1965,6 @@ void check_new_clients(void) { ...@@ -1947,7 +1965,6 @@ void check_new_clients(void) {
int run_after_accept = 0; int run_after_accept = 0;
if (unixpw_in_progress) { if (unixpw_in_progress) {
int present = 0;
if (time(0) > unixpw_last_try_time + 30) { if (time(0) > unixpw_last_try_time + 30) {
rfbLog("unixpw_deny: timed out waiting for reply.\n"); rfbLog("unixpw_deny: timed out waiting for reply.\n");
unixpw_deny(); unixpw_deny();
......
x11vnc/gui.c
View file @ a9a9c812
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
#define XEMBED_VERSION 0 #define XEMBED_VERSION 0
#define XEMBED_MAPPED (1 << 0) #define XEMBED_MAPPED (1 << 0)
int icon_mode = 0; /* hack for -gui tray */ int icon_mode = 0; /* hack for -gui tray/icon */
char *icon_mode_file = NULL; char *icon_mode_file = NULL;
FILE *icon_mode_fh = NULL; FILE *icon_mode_fh = NULL;
int icon_mode_socks[ICON_MODE_SOCKS]; int icon_mode_socks[ICON_MODE_SOCKS];
......
x11vnc/help.c
View file @ a9a9c812
...@@ -401,34 +401,38 @@ void print_help(int mode) { ...@@ -401,34 +401,38 @@ void print_help(int mode) {
" and last line be \"__BEGIN_VIEWONLY__\" to have 2\n" " and last line be \"__BEGIN_VIEWONLY__\" to have 2\n"
" full-access passwords)\n" " full-access passwords)\n"
"\n" "\n"
"-unixpw [list] Experimental option: use Unix username and password\n" "-unixpw [list] Use Unix username and password authentication. x11vnc\n"
" authentication. x11vnc uses the su(1) program to verify\n" " uses the su(1) program to verify the user's password.\n"
" the user's password. [list] is an optional comma\n" " [list] is an optional comma separated list of allowed\n"
" separated list of allowed Unix usernames. See below\n" " Unix usernames. See below for per-user options that\n"
" for per-user options that can be applied.\n" " can be applied.\n"
"\n" "\n"
" A familiar \"login:\" and \"Password:\" dialog is\n" " A familiar \"login:\" and \"Password:\" dialog is\n"
" presented to the user on a black screen inside the\n" " presented to the user on a black screen inside the\n"
" vncviewer. The connection is dropped if the user fails\n" " vncviewer. The connection is dropped if the user fails\n"
" to supply the correct password in 3 tries or does not\n" " to supply the correct password in 3 tries or does not\n"
" send one before a 20 second timeout. Existing clients\n" " send one before a 25 second timeout. Existing clients\n"
" are view-only during this period.\n" " are view-only during this period.\n"
"\n" "\n"
" Since the detailed behavior of su(1) can vary from\n" " Since the detailed behavior of su(1) can vary from\n"
" OS to OS and for local configurations, please test\n" " OS to OS and for local configurations, please test\n"
" the mode carefully on your systems before using it.\n" " the mode carefully on your systems before using it.\n"
" Try different combinations of valid/invalid usernames\n" " E.g. try different combinations of valid/invalid\n"
" and passwords.\n" " usernames and valid/invalid passwords to see if it\n"
" behaves correctly. x11vnc will be conservative and\n"
" reject a user if anything abnormal occurs.\n"
" \n" " \n"
" For example, on FreeBSD and the other BSD's and Tru64\n" " For example, on FreeBSD and the other BSD's by default\n"
" it does not appear to be possible for the user running\n" " it is impossible for the user running x11vnc to validate\n"
" x11vnc to validate his *own* password via su(1).\n" " his *own* password via su(1) (evidently commenting\n"
" The x11vnc login will always fail in this case.\n" " out the pam_self.so entry in /etc/pam.d/su eliminates\n"
" A possible workaround would be to start x11vnc as\n" " the problem). So the x11vnc login will always fail for\n"
" root with the \"-users +nobody\" option to immediately\n" " this case. A possible workaround would be to start\n"
" switch to user nobody. Another source of problems are\n" " x11vnc as root with the \"-users +nobody\" option to\n"
" PAM modules that prompt for extra info, e.g. password\n" " immediately switch to user nobody. Another source of\n"
" aging modules. These logins will always fail as well.\n" " problems are PAM modules that prompt for extra info,\n"
" e.g. password aging modules. These logins will always\n"
" fail as well.\n"
"\n" "\n"
" *IMPORTANT*: to prevent the Unix password being sent in\n" " *IMPORTANT*: to prevent the Unix password being sent in\n"
" *clear text* over the network, two x11vnc options are\n" " *clear text* over the network, two x11vnc options are\n"
...@@ -444,17 +448,18 @@ void print_help(int mode) { ...@@ -444,17 +448,18 @@ void print_help(int mode) {
" Set UNIXPW_DISABLE_STUNNEL=1 to disable using -stunnel.\n" " Set UNIXPW_DISABLE_STUNNEL=1 to disable using -stunnel.\n"
" Evidently you will be using a different method to\n" " Evidently you will be using a different method to\n"
" encrypt the data between the vncviewer and x11vnc:\n" " encrypt the data between the vncviewer and x11vnc:\n"
" e.g. ssh(1) or a VPN. Note that use of ssh(1) with\n" " e.g. ssh(1) or a VPN. Note that use of -localhost\n"
" -localhost is roughly the same as requiring a Unix\n" " with ssh(1) is roughly the same as requiring a Unix\n"
" user login (since Unix password or the user's public\n" " user login (since a Unix password or the user's public\n"
" key authentication is used by ssh)\n" " key authentication is used by ssh on the machine where\n"
"\n" " x11vnc runs and only local connections are accepted)\n"
" As a convenience, if you ssh(1) in and start x11vnc\n" "\n"
" it will look to see if the environment variable\n" " As a convenience, if you ssh(1) in and start x11vnc it\n"
" SSH_CONNECTION is set and appears reasonable. If it\n" " will check if the environment variable SSH_CONNECTION\n"
" does, then the stunnel requirement is dropped since\n" " is set and appears reasonable. If it does, then the\n"
" it is assumed you are using ssh for the encrypted\n" " stunnel requirement is dropped since it is assumed\n"
" tunnelling. Use -stunnel to force stunnel usage.\n" " you are using ssh for the encrypted tunnelling.\n"
" Use -stunnel to force stunnel usage.\n"
"\n" "\n"
" Set UNIXPW_DISABLE_LOCALHOST=1 to disable the -localhost\n" " Set UNIXPW_DISABLE_LOCALHOST=1 to disable the -localhost\n"
" requirement. One should never do this (i.e. allow the\n" " requirement. One should never do this (i.e. allow the\n"
...@@ -471,16 +476,28 @@ void print_help(int mode) { ...@@ -471,16 +476,28 @@ void print_help(int mode) {
" where \"opts\" is a \"+\" separated list of\n" " where \"opts\" is a \"+\" separated list of\n"
" \"viewonly\", \"fullaccess\", \"input=XXXX\", or\n" " \"viewonly\", \"fullaccess\", \"input=XXXX\", or\n"
" \"deny\", e.g. \"karl,fred:viewonly,boss:input=M\".\n" " \"deny\", e.g. \"karl,fred:viewonly,boss:input=M\".\n"
" For \"input=\" it is the K,M,B,C describe under -input.\n" " For \"input=\" it is the K,M,B,C described under -input.\n"
"\n" "\n"
" If a user in the list is \"*\" that means those options\n" " If a user in the list is \"*\" that means those\n"
" apply to all users. It also means all users are allowed\n" " options apply to all users. It also means all users\n"
" to log in. Use \"deny\" to explicitly deny some users\n" " are allowed to log in after supplying a valid password.\n"
" if you use \"*\" to set a global option.\n" " Use \"deny\" to explicitly deny some users if you use\n"
"\n" " \"*\" to set a global option.\n"
"-stunnel [pem] Use the stunnel(1) (www.stunnel.org) to provide an\n" "\n"
" encrypted SSL tunnel between viewers and x11vnc.\n" "-unixpw_nis [list] As -unixpw above, however do not run su(1) but rather\n"
" This requires stunnel be installed on the system and\n" " use the traditional getpwnam() + crypt() method instead.\n"
" This requires that the encrpyted passwords be readable.\n"
" Passwords stored in /etc/shadow will be inaccessible\n"
" unless run as root. This is called \"NIS\" mode\n"
" simply because in most NIS setups the user encrypted\n"
" passwords are accessible (e.g. \"ypcat passwd\").\n"
" NIS is not required for this mode to work, but it\n"
" is unlikely it will work for any other environment.\n"
" All of the -unixpw options and contraints apply.\n"
"\n"
"-stunnel [pem] Use the stunnel(1) (www.stunnel.org) to provide\n"
" an encrypted SSL tunnel between viewers and x11vnc.\n"
" This requires stunnel to be installed on the system and\n"
" available via PATH (n.b. stunnel is often installed in\n" " available via PATH (n.b. stunnel is often installed in\n"
" sbin directories). Version 4.x of stunnel is assumed;\n" " sbin directories). Version 4.x of stunnel is assumed;\n"
" see -stunnel3 below.\n" " see -stunnel3 below.\n"
...@@ -492,9 +509,9 @@ void print_help(int mode) { ...@@ -492,9 +509,9 @@ void print_help(int mode) {
"\n" "\n"
" stunnel is started up as a child process of x11vnc and\n" " stunnel is started up as a child process of x11vnc and\n"
" any SSL connections stunnel receives are decrypted and\n" " any SSL connections stunnel receives are decrypted and\n"
" sent to x11vnc over a local socket. The strings \"The\n" " sent to x11vnc over a local socket. The strings\n"
" SSL VNC desktop is ...\" and SSLPORT=... are printed\n" " \"The SSL VNC desktop is ...\" and \"SSLPORT=...\"\n"
" out at startup.\n" " are printed out at startup.\n"
"\n" "\n"
" The -localhost option is enforced by default to\n" " The -localhost option is enforced by default to\n"
" avoid people routing around the SSL channel. Set\n" " avoid people routing around the SSL channel. Set\n"
...@@ -2100,16 +2117,17 @@ void print_help(int mode) { ...@@ -2100,16 +2117,17 @@ void print_help(int mode) {
" http_url auth xauth users rootshift clipshift\n" " http_url auth xauth users rootshift clipshift\n"
" scale_str scaled_x scaled_y scale_numer scale_denom\n" " scale_str scaled_x scaled_y scale_numer scale_denom\n"
" scale_fac scaling_blend scaling_nomult4 scaling_pad\n" " scale_fac scaling_blend scaling_nomult4 scaling_pad\n"
" scaling_interpolate inetd privremote unsafe safer nocmds\n" " scaling_interpolate inetd privremote unsafe safer\n"
" passwdfile unixpw unixpw_list stunnel stunnel_pem\n" " nocmds passwdfile unixpw unixpw_nis unixpw_list stunnel\n"
" using_shm logfile o flag rc norc h help V version\n" " stunnel_pem using_shm logfile o flag rc norc h help\n"
" lastmod bg sigpipe threads readrate netrate netlatency\n" " V version lastmod bg sigpipe threads readrate netrate\n"
" pipeinput clients client_count pid ext_xtest ext_xtrap\n" " netlatency pipeinput clients client_count pid ext_xtest\n"
" ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay\n" " ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama\n"
" ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons\n" " ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin\n"
" button_mask mouse_x mouse_y bpp depth indexed_color\n" " num_buttons button_mask mouse_x mouse_y bpp depth\n"
" dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y\n" " indexed_color dpy_x dpy_y wdpy_x wdpy_y off_x off_y\n"
" coff_x coff_y rfbauth passwd viewpasswd\n" " cdpy_x cdpy_y coff_x coff_y rfbauth passwd viewpasswd\n"
"\n"
"-QD variable Just like -query variable, but returns the default\n" "-QD variable Just like -query variable, but returns the default\n"
" value for that parameter (no running x11vnc server\n" " value for that parameter (no running x11vnc server\n"
" is consulted)\n" " is consulted)\n"
......
x11vnc/inet.c
View file @ a9a9c812
...@@ -288,6 +288,9 @@ char *ident_username(rfbClientPtr client) { ...@@ -288,6 +288,9 @@ char *ident_username(rfbClientPtr client) {
} }
user = newuser; user = newuser;
} }
if (!strcmp(user, "unknown-user") && cd && cd->unixname[0] != '\0') {
user = cd->unixname;
}
newhost = ip2host(client->host); newhost = ip2host(client->host);
len = strlen(user) + 1 + strlen(newhost) + 1; len = strlen(user) + 1 + strlen(newhost) + 1;
str = (char *) malloc(len); str = (char *) malloc(len);
...@@ -318,7 +321,20 @@ int have_ssh_env(void) { ...@@ -318,7 +321,20 @@ int have_ssh_env(void) {
char *str, *p = getenv("SSH_CONNECTION"); char *str, *p = getenv("SSH_CONNECTION");
char *rhost, *rport, *lhost, *lport; char *rhost, *rport, *lhost, *lport;
if (! p) return 0; if (! p) {
char *q = getenv("SSH_CLIENT");
if (! q) {
return 0;
}
if (strstr(q, "127.0.0.1") != NULL) {
return 0;
}
return 1;
}
if (strstr(p, "127.0.0.1") != NULL) {
return 0;
}
str = strdup(p); str = strdup(p);
...@@ -342,10 +358,10 @@ int have_ssh_env(void) { ...@@ -342,10 +358,10 @@ int have_ssh_env(void) {
if (0) fprintf(stderr, "%d/%d - '%s' '%s'\n", atoi(rport), atoi(lport), rhost, lhost); if (0) fprintf(stderr, "%d/%d - '%s' '%s'\n", atoi(rport), atoi(lport), rhost, lhost);
if (atoi(rport) < 0 || atoi(rport) > 65535) { if (atoi(rport) <= 16 || atoi(rport) > 65535) {
goto fail; goto fail;
} }
if (atoi(lport) < 0 || atoi(lport) > 65535) { if (atoi(lport) <= 16 || atoi(lport) > 65535) {
goto fail; goto fail;
} }
...@@ -358,7 +374,6 @@ if (0) fprintf(stderr, "%d/%d - '%s' '%s'\n", atoi(rport), atoi(lport), rhost, l ...@@ -358,7 +374,6 @@ if (0) fprintf(stderr, "%d/%d - '%s' '%s'\n", atoi(rport), atoi(lport), rhost, l
return 1; return 1;
fail: fail:
fprintf(stderr, "failed:\n");
free(str); free(str);
......
x11vnc/options.c
View file @ a9a9c812
...@@ -16,6 +16,7 @@ int logfile_append = 0; ...@@ -16,6 +16,7 @@ int logfile_append = 0;
char *flagfile = NULL; /* -flag */ char *flagfile = NULL; /* -flag */
char *passwdfile = NULL; /* -passwdfile */ char *passwdfile = NULL; /* -passwdfile */
int unixpw = 0; /* -unixpw */ int unixpw = 0; /* -unixpw */
int unixpw_nis = 0; /* -unixpw_nis */
char *unixpw_list = NULL; char *unixpw_list = NULL;
int use_stunnel = 0; /* -stunnel */ int use_stunnel = 0; /* -stunnel */
int stunnel_port = 0; int stunnel_port = 0;
......
x11vnc/options.h
View file @ a9a9c812
...@@ -16,6 +16,7 @@ extern int logfile_append; ...@@ -16,6 +16,7 @@ extern int logfile_append;
extern char *flagfile; extern char *flagfile;
extern char *passwdfile; extern char *passwdfile;
extern int unixpw; extern int unixpw;
extern int unixpw_nis;
extern char *unixpw_list; extern char *unixpw_list;
extern int use_stunnel; extern int use_stunnel;
extern int stunnel_port; extern int stunnel_port;
......
x11vnc/remote.c
View file @ a9a9c812
...@@ -3704,6 +3704,8 @@ char *process_remote_cmd(char *cmd, int stringonly) { ...@@ -3704,6 +3704,8 @@ char *process_remote_cmd(char *cmd, int stringonly) {
snprintf(buf, bufn, "aro=%s:%s", p, NONUL(passwdfile)); snprintf(buf, bufn, "aro=%s:%s", p, NONUL(passwdfile));
} else if (!strcmp(p, "unixpw")) { } else if (!strcmp(p, "unixpw")) {
snprintf(buf, bufn, "aro=%s:%d", p, unixpw); snprintf(buf, bufn, "aro=%s:%d", p, unixpw);
} else if (!strcmp(p, "unixpw_nis")) {
snprintf(buf, bufn, "aro=%s:%d", p, unixpw_nis);
} else if (!strcmp(p, "unixpw_list")) { } else if (!strcmp(p, "unixpw_list")) {
snprintf(buf, bufn, "aro=%s:%s", p, NONUL(unixpw_list)); snprintf(buf, bufn, "aro=%s:%s", p, NONUL(unixpw_list));
} else if (!strcmp(p, "stunnel")) { } else if (!strcmp(p, "stunnel")) {
......
x11vnc/sslcmds.c
View file @ a9a9c812
...@@ -19,6 +19,27 @@ void setup_stunnel(int rport, int *argc, char **argv); ...@@ -19,6 +19,27 @@ void setup_stunnel(int rport, int *argc, char **argv);
static pid_t stunnel_pid = 0; static pid_t stunnel_pid = 0;
void check_stunnel(void) {
static time_t last_check = 0;
time_t now = time(0);
if (last_check + 3 >= now) {
return;
}
last_check = now;
if (stunnel_pid > 0) {
int status;
waitpid(stunnel_pid, &status, WNOHANG);
if (kill(stunnel_pid, 0) != 0) {
waitpid(stunnel_pid, &status, WNOHANG);
rfbLog("stunnel subprocess %d died.\n", stunnel_pid);
stunnel_pid = 0;
clean_up_exit(1);
}
}
}
int start_stunnel(int stunnel_port, int x11vnc_port) { int start_stunnel(int stunnel_port, int x11vnc_port) {
#ifdef SSLCMDS #ifdef SSLCMDS
char extra[] = ":/usr/sbin:/usr/local/sbin"; char extra[] = ":/usr/sbin:/usr/local/sbin";
......
x11vnc/sslcmds.h
View file @ a9a9c812
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
/* -- sslcmds.h -- */ /* -- sslcmds.h -- */
extern void check_stunnel(void);
extern int start_stunnel(int stunnel_port, int x11vnc_port); extern int start_stunnel(int stunnel_port, int x11vnc_port);
extern void stop_stunnel(void); extern void stop_stunnel(void);
extern void setup_stunnel(int rport, int *argc, char **argv); extern void setup_stunnel(int rport, int *argc, char **argv);
......
x11vnc/tkx11vnc
View file @ a9a9c812
...@@ -258,6 +258,8 @@ Permissions ...@@ -258,6 +258,8 @@ Permissions
=F rfbauth: =F rfbauth:
unixpw unixpw
unixpw_list: unixpw_list:
unixpw_nis
unixpw_nis_list:
=0 storepasswd =0 storepasswd
=GAL LOFF =GAL LOFF
=GAL Misc-Perms:: =GAL Misc-Perms::
...@@ -523,7 +525,11 @@ Set the -xrandr mode value. ...@@ -523,7 +525,11 @@ Set the -xrandr mode value.
" "
set helptext(unixpw_list) " set helptext(unixpw_list) "
Set the -unixpw_list usernames list value. Set the -unixpw usernames list value.
"
set helptext(unixpw_nis_list) "
Set the -unixpw_nis usernames list value.
" "
set helptext(stunnel_pem) " set helptext(stunnel_pem) "
...@@ -658,10 +664,12 @@ to apply the changes, or press \"Cancel\" to skip applying them. ...@@ -658,10 +664,12 @@ to apply the changes, or press \"Cancel\" to skip applying them.
remote-control commands. remote-control commands.
- \"Password\" lets you set the session password viewers may use to gain full - \"Password\" lets you set the session password viewers may use to gain full
access to the display. access to the display. This will only work if x11vnc was started with
the -gui icon or -gui tray mode.
- \"ViewOnly Password\" lets you set the session password viewers may - \"ViewOnly Password\" lets you set the session password viewers may
use to gain view only access to the display. use to gain view only access to the display. This will only work if
x11vnc was started with the -gui icon or -gui tray mode.
NOTE: These \"session\" passwords only last for the current x11vnc NOTE: These \"session\" passwords only last for the current x11vnc
session (they are not remembered, see the -storepasswd, -passwdfile, session (they are not remembered, see the -storepasswd, -passwdfile,
...@@ -3217,25 +3225,36 @@ proc client_dialog {client} { ...@@ -3217,25 +3225,36 @@ proc client_dialog {client} {
set ip "" set ip ""
global menu_var text_area cleanup_window item_bool global menu_var text_area cleanup_window item_bool
append_text "\nClient info string: $client\n\n" #<id>:<ip>:<port>:<user>:<unix>:<hostname>:<input>:<loginview>:<time>
if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \ append_text "\nClient info string:\n - $client\n\n"
$client m0 m1 m2 m3 m4 m5 m6 m7]} { if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \
# id:ip:port:user:hostname:input:loginvo $client m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]} {
set cid $m1 set cid $m1
set ip $m2 set ip $m2
set port $m3 set port $m3
set user $m4 set user $m4
set host $m5 set unix $m5
set host $m6
regsub {\..*$} $host "" host regsub {\..*$} $host "" host
set input $m6 set input $m7
set logvo $m7 set logvo $m8
append_text "Host: $host, Port: $port, User: $user, IP: $ip, Id: $cid\n" set ltime $m9
append_text "Host: $host, Port: $port, User: $user"
if {$unix != "" && $unix != "none"} {
append_text ", Unix: $unix"
}
append_text ", IP: $ip, Id: $cid\n"
append_text " - originally logged in as: " append_text " - originally logged in as: "
if {$logvo == "1" } { if {$logvo == "1" } {
append_text "View-Only Client\n" append_text "View-Only Client"
} else { } else {
append_text "Normal Client\n" append_text "Normal Client"
}
if {$ltime != ""} {
set tim [clock format $ltime]
append_text ", $tim"
} }
append_text "\n"
append_text " - currently allowed input: " append_text " - currently allowed input: "
set sk 0 set sk 0
set sm 0 set sm 0
...@@ -3303,22 +3322,30 @@ proc disconnect_dialog {client} { ...@@ -3303,22 +3322,30 @@ proc disconnect_dialog {client} {
set cid "" set cid ""
set host "" set host ""
set msg "\n" set msg "\n"
append msg "*** Client info string: $client\n" append msg "*** Client info string:\n $client\n"
if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*)$} $client m0 m1 m2 m3 m4 m5 m6]} { if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \
$client m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]} {
set cid $m1 set cid $m1
set ip $m2 set ip $m2
set port $m3 set port $m3
set host $m4 set user $m4
set unix $m5
set host $m6
regsub {\..*$} $host "" host regsub {\..*$} $host "" host
set input $m5 set input $m7
set logvo $m6 set logvo $m8
append_text "Host: $host, Port: $port, IP: $ip, Id: $cid\n" set ltime $m9
append_text "Host: $host, Port: $port, IP: $ip, User: $user"
if {$unix != "" && $unix != "none"} {
append_text ", Unix: $unix"
}
append_text ", Id: $cid\n"
} }
if {$cid == ""} { if {$cid == ""} {
append_text "Invalid client info string: $client\n" append_text "Invalid client info string: $client\n"
return return
} }
append msg "*** To *DISCONNECT* this client press \"OK\", otherwise press \"Cancel\"\n" append msg "*** To *DISCONNECT* this client press \"OK\" again, otherwise press \"Cancel\"\n"
bell bell
if {[warning_dialog $msg "current"]} { if {[warning_dialog $msg "current"]} {
push_new_value "disconnect" "disconnect" $cid 1 push_new_value "disconnect" "disconnect" $cid 1
...@@ -3389,12 +3416,19 @@ proc update_clients_menu {list} { ...@@ -3389,12 +3416,19 @@ proc update_clients_menu {list} {
} }
regsub -all {[{}()~!$&*|;'"`{}<>\[\]]} $client "" client regsub -all {[{}()~!$&*|;'"`{}<>\[\]]} $client "" client
#' #'
if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \ if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \
$client m0 m1 m2 m3 m4 m5 m6 m7]} { $client m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]} {
# id:ip:port:user:hostname:input:loginvo set id $m1
set host $m5 set user $m4
set unix $m5
set host $m6
regsub {\..*$} $host "" host regsub {\..*$} $host "" host
set clabel "$host $m1" set clabel "$host $id"
if {$unix != "" && $unix != "none"} {
set clabel "$unix@$clabel"
} elseif {$user != "unknown-user"} {
set clabel "$user@$clabel"
}
} else { } else {
regsub {:.*$} $client "" clabel regsub {:.*$} $client "" clabel
} }
...@@ -3943,6 +3977,7 @@ proc do_props {{msg ""}} { ...@@ -3943,6 +3977,7 @@ proc do_props {{msg ""}} {
global menu_var unset_str global menu_var unset_str
global have_labelframes ffont bfont global have_labelframes ffont bfont
global props_buttons icon_noadvanced global props_buttons icon_noadvanced
global icon_mode icon_mode_at_startup
check_update_vars check_update_vars
...@@ -4054,6 +4089,7 @@ proc do_props {{msg ""}} { ...@@ -4054,6 +4089,7 @@ proc do_props {{msg ""}} {
entry $vp.e -show "*" -textvariable props_viewpasswd -font $bfont entry $vp.e -show "*" -textvariable props_viewpasswd -font $bfont
pack $vp.e -fill x -expand 1 -padx 1m -pady 1m -side top pack $vp.e -fill x -expand 1 -padx 1m -pady 1m -side top
lappend props_buttons $vp.e lappend props_buttons $vp.e
set pw "$w.passwd" set pw "$w.passwd"
...@@ -4068,6 +4104,17 @@ proc do_props {{msg ""}} { ...@@ -4068,6 +4104,17 @@ proc do_props {{msg ""}} {
entry $pw.e -show "*" -textvariable props_passwd -font $bfont entry $pw.e -show "*" -textvariable props_passwd -font $bfont
pack $pw.e -fill x -expand 1 -padx 1m -pady 1m -side top pack $pw.e -fill x -expand 1 -padx 1m -pady 1m -side top
if {! $icon_mode_at_startup} {
$vp.e configure -state disabled
catch {$vp.l configure -state disabled}
catch {$vp configure -state disabled}
catch {$vp configure -foreground grey60}
$pw.e configure -state disabled
catch {$pw.l configure -state disabled}
catch {$pw configure -state disabled}
catch {$pw configure -foreground grey60}
}
lappend props_buttons $pw.e lappend props_buttons $pw.e
set sh "$w.shared" set sh "$w.shared"
...@@ -4188,7 +4235,8 @@ proc popup_post {m} { ...@@ -4188,7 +4235,8 @@ proc popup_post {m} {
continue continue
} }
if {[regexp {^([^:]*):(.*)$} $client mat id lab]} { if {[regexp {^([^:]*):(.*)$} $client mat id lab]} {
$wd add command -label "$lab" \ set nid [expr "$id + 0"]
$wd add command -label "$nid $lab" \
-command "do_disconnect_client $id" -command "do_disconnect_client $id"
} }
} }
...@@ -4213,26 +4261,38 @@ proc set_client_balloon {str} { ...@@ -4213,26 +4261,38 @@ proc set_client_balloon {str} {
set client_balloon "$vnc_display" set client_balloon "$vnc_display"
set count 0 set count 0
regsub -all {^.*aro=clients:} $str "" str
regsub -all {aro=.*$} $str "" str
regsub -all {ans=.*$} $str "" str
foreach client [split $str ","] { foreach client [split $str ","] {
if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \ #puts "client: $client"
$client m0 m1 m2 m3 m4 m5 m6 m7]} { if [regexp {^[ ]*$} $client] {
# id:ip:port:user:hostname:input:loginvo continue
}
if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \
$client m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]} {
set id $m1 set id $m1
set nid [expr "$m1 + 0"]
set ip $m2 set ip $m2
set port $m3 set port $m3
set user $m4 set user $m4
set unix $m5
if {[string length $user] >= 24} { if {[string length $user] >= 24} {
# weird identd hash... # weird identd hash...
set user [string range $user 0 8] set user [string range $user 0 8]
set user "${user}..." set user "${user}..."
} }
set host $m5 if {$unix != "" && $unix != "none"} {
set input $m6 set user $unix
set vo $m7 }
set host $m6
set input $m7
set vo $m8
set ltime $m9
if [regexp {^[ ]*$} $host] { if [regexp {^[ ]*$} $host] {
set host $ip set host $ip
} }
set client_balloon "${client_balloon}\n$user\@$host" set client_balloon "${client_balloon}\n$nid $user\@$host"
if {$vo == "1"} { if {$vo == "1"} {
set client_balloon "${client_balloon} - view" set client_balloon "${client_balloon} - view"
lappend client_id_list "$id:$user\@$host - view" lappend client_id_list "$id:$user\@$host - view"
...@@ -5408,6 +5468,8 @@ proc get_nitem {item} { ...@@ -5408,6 +5468,8 @@ proc get_nitem {item} {
set nitem "xrandr" set nitem "xrandr"
} elseif {$nitem == "unixpw_list"} { } elseif {$nitem == "unixpw_list"} {
set nitem "unixpw" set nitem "unixpw"
} elseif {$nitem == "unixpw_nis_list"} {
set nitem "unixpw_nis"
} elseif {$nitem == "stunnel_pem"} { } elseif {$nitem == "stunnel_pem"} {
set nitem "stunnel" set nitem "stunnel"
} elseif {$nitem == "wireframe_mode"} { } elseif {$nitem == "wireframe_mode"} {
...@@ -5870,12 +5932,16 @@ proc setup_tray_embed {} { ...@@ -5870,12 +5932,16 @@ proc setup_tray_embed {} {
proc restart_everything {gui_mode} { proc restart_everything {gui_mode} {
global env gui_argv0 x11vnc_prog full_win global env gui_argv0 x11vnc_prog full_win
global icon_mode_at_startup
global tray_embed tray_running
if {$gui_mode == "full"} { if {$gui_mode == "full"} {
set env(X11VNC_ICON_MODE) 0 set env(X11VNC_ICON_MODE) 0
} elseif {$gui_mode == "icon"} { } elseif {$gui_mode == "icon"} {
set env(X11VNC_ICON_MODE) 1 set env(X11VNC_ICON_MODE) 1
} elseif {$gui_mode == "tray"} { } elseif {$gui_mode == "tray"} {
if {![regexp -nocase {TRAY} $env(X11VNC_ICON_MODE)]} { if {$tray_running} {
set env(X11VNC_ICON_MODE) "RUNNING"
} else {
set env(X11VNC_ICON_MODE) "TRAY" set env(X11VNC_ICON_MODE) "TRAY"
} }
} }
...@@ -5957,7 +6023,8 @@ global connected_to_x11vnc ...@@ -5957,7 +6023,8 @@ global connected_to_x11vnc
global delay_sleep extra_sleep extra_sleep_split global delay_sleep extra_sleep extra_sleep_split
global cache_all_query_vars global cache_all_query_vars
global last_query_all_time query_all_freq client_tail client_sock client_info_read global last_query_all_time query_all_freq client_tail client_sock client_info_read
global icon_mode tray_embed tray_running icon_setpasswd icon_embed_id global icon_mode icon_mode_at_startup
global tray_embed tray_running icon_setpasswd icon_embed_id
global icon_noadvanced icon_minimal global icon_noadvanced icon_minimal
global make_gui_count text_area_str global make_gui_count text_area_str
global gui_argv0 gui_start_mode global gui_argv0 gui_start_mode
...@@ -6144,6 +6211,20 @@ if {[info exists env(X11VNC_SIMPLE_GUI)]} { ...@@ -6144,6 +6211,20 @@ if {[info exists env(X11VNC_SIMPLE_GUI)]} {
set icon_mode 0 set icon_mode 0
set tray_embed 0 set tray_embed 0
set tray_running 0 set tray_running 0
if {![info exists env(X11VNC_ICON_MODE_AT_STARTUP)]} {
if {[info exists env(X11VNC_ICON_MODE)]} {
if {$env(X11VNC_ICON_MODE) != 0} {
set env(X11VNC_ICON_MODE_AT_STARTUP) 1
} else {
set env(X11VNC_ICON_MODE_AT_STARTUP) 0
}
} else {
set env(X11VNC_ICON_MODE_AT_STARTUP) 0
}
}
set icon_mode_at_startup $env(X11VNC_ICON_MODE_AT_STARTUP)
if {![info exists env(X11VNC_ICON_MODE)]} { if {![info exists env(X11VNC_ICON_MODE)]} {
set icon_mode 0 set icon_mode 0
} elseif {$env(X11VNC_ICON_MODE) == "" || $env(X11VNC_ICON_MODE) == "0"} { } elseif {$env(X11VNC_ICON_MODE) == "" || $env(X11VNC_ICON_MODE) == "0"} {
...@@ -6158,6 +6239,7 @@ if {![info exists env(X11VNC_ICON_MODE)]} { ...@@ -6158,6 +6239,7 @@ if {![info exists env(X11VNC_ICON_MODE)]} {
set tray_running 1 set tray_running 1
} }
} }
set icon_setpasswd 0 set icon_setpasswd 0
if {[info exists env(X11VNC_ICON_SETPASS)]} { if {[info exists env(X11VNC_ICON_SETPASS)]} {
if {$env(X11VNC_ICON_SETPASS) != ""} { if {$env(X11VNC_ICON_SETPASS) != ""} {
......
x11vnc/tkx11vnc.h
View file @ a9a9c812
...@@ -269,6 +269,8 @@ char gui_code[] = ""; ...@@ -269,6 +269,8 @@ char gui_code[] = "";
" =F rfbauth:\n" " =F rfbauth:\n"
" unixpw\n" " unixpw\n"
" unixpw_list:\n" " unixpw_list:\n"
" unixpw_nis\n"
" unixpw_nis_list:\n"
" =0 storepasswd\n" " =0 storepasswd\n"
" =GAL LOFF\n" " =GAL LOFF\n"
" =GAL Misc-Perms::\n" " =GAL Misc-Perms::\n"
...@@ -534,7 +536,11 @@ char gui_code[] = ""; ...@@ -534,7 +536,11 @@ char gui_code[] = "";
"\"\n" "\"\n"
"\n" "\n"
" set helptext(unixpw_list) \"\n" " set helptext(unixpw_list) \"\n"
"Set the -unixpw_list usernames list value.\n" "Set the -unixpw usernames list value.\n"
"\"\n"
"\n"
" set helptext(unixpw_nis_list) \"\n"
"Set the -unixpw_nis usernames list value.\n"
"\"\n" "\"\n"
"\n" "\n"
" set helptext(stunnel_pem) \"\n" " set helptext(stunnel_pem) \"\n"
...@@ -669,10 +675,12 @@ char gui_code[] = ""; ...@@ -669,10 +675,12 @@ char gui_code[] = "";
" remote-control commands.\n" " remote-control commands.\n"
"\n" "\n"
" - \\\"Password\\\" lets you set the session password viewers may use to gain full\n" " - \\\"Password\\\" lets you set the session password viewers may use to gain full\n"
" access to the display.\n" " access to the display. This will only work if x11vnc was started with \n"
" the -gui icon or -gui tray mode.\n"
" \n" " \n"
" - \\\"ViewOnly Password\\\" lets you set the session password viewers may\n" " - \\\"ViewOnly Password\\\" lets you set the session password viewers may\n"
" use to gain view only access to the display.\n" " use to gain view only access to the display. This will only work if\n"
" x11vnc was started with the -gui icon or -gui tray mode.\n"
"\n" "\n"
"NOTE: These \\\"session\\\" passwords only last for the current x11vnc\n" "NOTE: These \\\"session\\\" passwords only last for the current x11vnc\n"
"session (they are not remembered, see the -storepasswd, -passwdfile,\n" "session (they are not remembered, see the -storepasswd, -passwdfile,\n"
...@@ -3228,25 +3236,36 @@ char gui_code[] = ""; ...@@ -3228,25 +3236,36 @@ char gui_code[] = "";
" set ip \"\"\n" " set ip \"\"\n"
" global menu_var text_area cleanup_window item_bool\n" " global menu_var text_area cleanup_window item_bool\n"
"\n" "\n"
" append_text \"\\nClient info string: $client\\n\\n\"\n" " #<id>:<ip>:<port>:<user>:<unix>:<hostname>:<input>:<loginview>:<time>\n"
" if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \\\n" " append_text \"\\nClient info string:\\n - $client\\n\\n\"\n"
" $client m0 m1 m2 m3 m4 m5 m6 m7]} {\n" " if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \\\n"
" # id:ip:port:user:hostname:input:loginvo\n" " $client m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]} {\n"
" set cid $m1\n" " set cid $m1\n"
" set ip $m2\n" " set ip $m2\n"
" set port $m3\n" " set port $m3\n"
" set user $m4\n" " set user $m4\n"
" set host $m5\n" " set unix $m5\n"
" set host $m6\n"
" regsub {\\..*$} $host \"\" host\n" " regsub {\\..*$} $host \"\" host\n"
" set input $m6\n" " set input $m7\n"
" set logvo $m7\n" " set logvo $m8\n"
" append_text \"Host: $host, Port: $port, User: $user, IP: $ip, Id: $cid\\n\"\n" " set ltime $m9\n"
" append_text \"Host: $host, Port: $port, User: $user\"\n"
" if {$unix != \"\" && $unix != \"none\"} {\n"
" append_text \", Unix: $unix\"\n"
" }\n"
" append_text \", IP: $ip, Id: $cid\\n\"\n"
" append_text \" - originally logged in as: \"\n" " append_text \" - originally logged in as: \"\n"
" if {$logvo == \"1\" } {\n" " if {$logvo == \"1\" } {\n"
" append_text \"View-Only Client\\n\"\n" " append_text \"View-Only Client\"\n"
" } else {\n" " } else {\n"
" append_text \"Normal Client\\n\"\n" " append_text \"Normal Client\"\n"
" }\n"
" if {$ltime != \"\"} {\n"
" set tim [clock format $ltime]\n"
" append_text \", $tim\"\n"
" }\n" " }\n"
" append_text \"\\n\"\n"
" append_text \" - currently allowed input: \"\n" " append_text \" - currently allowed input: \"\n"
" set sk 0\n" " set sk 0\n"
" set sm 0\n" " set sm 0\n"
...@@ -3314,22 +3333,30 @@ char gui_code[] = ""; ...@@ -3314,22 +3333,30 @@ char gui_code[] = "";
" set cid \"\"\n" " set cid \"\"\n"
" set host \"\"\n" " set host \"\"\n"
" set msg \"\\n\"\n" " set msg \"\\n\"\n"
" append msg \"*** Client info string: $client\\n\"\n" " append msg \"*** Client info string:\\n $client\\n\"\n"
" if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*)$} $client m0 m1 m2 m3 m4 m5 m6]} {\n" " if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \\\n"
" $client m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]} {\n"
" set cid $m1\n" " set cid $m1\n"
" set ip $m2\n" " set ip $m2\n"
" set port $m3\n" " set port $m3\n"
" set host $m4\n" " set user $m4\n"
" set unix $m5\n"
" set host $m6\n"
" regsub {\\..*$} $host \"\" host\n" " regsub {\\..*$} $host \"\" host\n"
" set input $m5\n" " set input $m7\n"
" set logvo $m6\n" " set logvo $m8\n"
" append_text \"Host: $host, Port: $port, IP: $ip, Id: $cid\\n\"\n" " set ltime $m9\n"
" append_text \"Host: $host, Port: $port, IP: $ip, User: $user\"\n"
" if {$unix != \"\" && $unix != \"none\"} {\n"
" append_text \", Unix: $unix\"\n"
" }\n"
" append_text \", Id: $cid\\n\"\n"
" }\n" " }\n"
" if {$cid == \"\"} {\n" " if {$cid == \"\"} {\n"
" append_text \"Invalid client info string: $client\\n\"\n" " append_text \"Invalid client info string: $client\\n\"\n"
" return\n" " return\n"
" }\n" " }\n"
" append msg \"*** To *DISCONNECT* this client press \\\"OK\\\", otherwise press \\\"Cancel\\\"\\n\"\n" " append msg \"*** To *DISCONNECT* this client press \\\"OK\\\" again, otherwise press \\\"Cancel\\\"\\n\"\n"
" bell\n" " bell\n"
" if {[warning_dialog $msg \"current\"]} {\n" " if {[warning_dialog $msg \"current\"]} {\n"
" push_new_value \"disconnect\" \"disconnect\" $cid 1\n" " push_new_value \"disconnect\" \"disconnect\" $cid 1\n"
...@@ -3400,12 +3427,19 @@ char gui_code[] = ""; ...@@ -3400,12 +3427,19 @@ char gui_code[] = "";
" }\n" " }\n"
" regsub -all {[{}()~!$&*|;'\"`{}<>\\[\\]]} $client \"\" client\n" " regsub -all {[{}()~!$&*|;'\"`{}<>\\[\\]]} $client \"\" client\n"
" #'\n" " #'\n"
" if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \\\n" " if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \\\n"
" $client m0 m1 m2 m3 m4 m5 m6 m7]} {\n" " $client m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]} {\n"
" # id:ip:port:user:hostname:input:loginvo\n" " set id $m1\n"
" set host $m5\n" " set user $m4\n"
" set unix $m5\n"
" set host $m6\n"
" regsub {\\..*$} $host \"\" host\n" " regsub {\\..*$} $host \"\" host\n"
" set clabel \"$host $m1\"\n" " set clabel \"$host $id\"\n"
" if {$unix != \"\" && $unix != \"none\"} {\n"
" set clabel \"$unix@$clabel\"\n"
" } elseif {$user != \"unknown-user\"} {\n"
" set clabel \"$user@$clabel\"\n"
" }\n"
" } else {\n" " } else {\n"
" regsub {:.*$} $client \"\" clabel\n" " regsub {:.*$} $client \"\" clabel\n"
" }\n" " }\n"
...@@ -3954,6 +3988,7 @@ char gui_code[] = ""; ...@@ -3954,6 +3988,7 @@ char gui_code[] = "";
" global menu_var unset_str\n" " global menu_var unset_str\n"
" global have_labelframes ffont bfont\n" " global have_labelframes ffont bfont\n"
" global props_buttons icon_noadvanced\n" " global props_buttons icon_noadvanced\n"
" global icon_mode icon_mode_at_startup\n"
"\n" "\n"
" check_update_vars\n" " check_update_vars\n"
"\n" "\n"
...@@ -4065,6 +4100,7 @@ char gui_code[] = ""; ...@@ -4065,6 +4100,7 @@ char gui_code[] = "";
" entry $vp.e -show \"*\" -textvariable props_viewpasswd -font $bfont\n" " entry $vp.e -show \"*\" -textvariable props_viewpasswd -font $bfont\n"
" pack $vp.e -fill x -expand 1 -padx 1m -pady 1m -side top\n" " pack $vp.e -fill x -expand 1 -padx 1m -pady 1m -side top\n"
"\n" "\n"
"\n"
" lappend props_buttons $vp.e\n" " lappend props_buttons $vp.e\n"
"\n" "\n"
" set pw \"$w.passwd\"\n" " set pw \"$w.passwd\"\n"
...@@ -4079,6 +4115,17 @@ char gui_code[] = ""; ...@@ -4079,6 +4115,17 @@ char gui_code[] = "";
" entry $pw.e -show \"*\" -textvariable props_passwd -font $bfont\n" " entry $pw.e -show \"*\" -textvariable props_passwd -font $bfont\n"
" pack $pw.e -fill x -expand 1 -padx 1m -pady 1m -side top\n" " pack $pw.e -fill x -expand 1 -padx 1m -pady 1m -side top\n"
"\n" "\n"
" if {! $icon_mode_at_startup} {\n"
" $vp.e configure -state disabled\n"
" catch {$vp.l configure -state disabled}\n"
" catch {$vp configure -state disabled}\n"
" catch {$vp configure -foreground grey60}\n"
" $pw.e configure -state disabled\n"
" catch {$pw.l configure -state disabled}\n"
" catch {$pw configure -state disabled}\n"
" catch {$pw configure -foreground grey60}\n"
" }\n"
"\n"
" lappend props_buttons $pw.e\n" " lappend props_buttons $pw.e\n"
"\n" "\n"
" set sh \"$w.shared\"\n" " set sh \"$w.shared\"\n"
...@@ -4199,7 +4246,8 @@ char gui_code[] = ""; ...@@ -4199,7 +4246,8 @@ char gui_code[] = "";
" continue\n" " continue\n"
" }\n" " }\n"
" if {[regexp {^([^:]*):(.*)$} $client mat id lab]} {\n" " if {[regexp {^([^:]*):(.*)$} $client mat id lab]} {\n"
" $wd add command -label \"$lab\" \\\n" " set nid [expr \"$id + 0\"]\n"
" $wd add command -label \"$nid $lab\" \\\n"
" -command \"do_disconnect_client $id\"\n" " -command \"do_disconnect_client $id\"\n"
" }\n" " }\n"
" }\n" " }\n"
...@@ -4224,26 +4272,38 @@ char gui_code[] = ""; ...@@ -4224,26 +4272,38 @@ char gui_code[] = "";
" \n" " \n"
" set client_balloon \"$vnc_display\"\n" " set client_balloon \"$vnc_display\"\n"
" set count 0\n" " set count 0\n"
" regsub -all {^.*aro=clients:} $str \"\" str\n"
" regsub -all {aro=.*$} $str \"\" str\n"
" regsub -all {ans=.*$} $str \"\" str\n"
" foreach client [split $str \",\"] {\n" " foreach client [split $str \",\"] {\n"
" if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \\\n" " #puts \"client: $client\"\n"
" $client m0 m1 m2 m3 m4 m5 m6 m7]} {\n" " if [regexp {^[ ]*$} $client] {\n"
" # id:ip:port:user:hostname:input:loginvo\n" " continue\n"
" }\n"
" if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \\\n"
" $client m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]} {\n"
" set id $m1\n" " set id $m1\n"
" set nid [expr \"$m1 + 0\"]\n"
" set ip $m2\n" " set ip $m2\n"
" set port $m3\n" " set port $m3\n"
" set user $m4\n" " set user $m4\n"
" set unix $m5\n"
" if {[string length $user] >= 24} {\n" " if {[string length $user] >= 24} {\n"
" # weird identd hash...\n" " # weird identd hash...\n"
" set user [string range $user 0 8]\n" " set user [string range $user 0 8]\n"
" set user \"${user}...\"\n" " set user \"${user}...\"\n"
" }\n" " }\n"
" set host $m5\n" " if {$unix != \"\" && $unix != \"none\"} {\n"
" set input $m6\n" " set user $unix\n"
" set vo $m7\n" " }\n"
" set host $m6\n"
" set input $m7\n"
" set vo $m8\n"
" set ltime $m9\n"
" if [regexp {^[ ]*$} $host] {\n" " if [regexp {^[ ]*$} $host] {\n"
" set host $ip\n" " set host $ip\n"
" }\n" " }\n"
" set client_balloon \"${client_balloon}\\n$user\\@$host\"\n" " set client_balloon \"${client_balloon}\\n$nid $user\\@$host\"\n"
" if {$vo == \"1\"} {\n" " if {$vo == \"1\"} {\n"
" set client_balloon \"${client_balloon} - view\"\n" " set client_balloon \"${client_balloon} - view\"\n"
" lappend client_id_list \"$id:$user\\@$host - view\"\n" " lappend client_id_list \"$id:$user\\@$host - view\"\n"
...@@ -5419,6 +5479,8 @@ char gui_code[] = ""; ...@@ -5419,6 +5479,8 @@ char gui_code[] = "";
" set nitem \"xrandr\"\n" " set nitem \"xrandr\"\n"
" } elseif {$nitem == \"unixpw_list\"} {\n" " } elseif {$nitem == \"unixpw_list\"} {\n"
" set nitem \"unixpw\"\n" " set nitem \"unixpw\"\n"
" } elseif {$nitem == \"unixpw_nis_list\"} {\n"
" set nitem \"unixpw_nis\"\n"
" } elseif {$nitem == \"stunnel_pem\"} {\n" " } elseif {$nitem == \"stunnel_pem\"} {\n"
" set nitem \"stunnel\"\n" " set nitem \"stunnel\"\n"
" } elseif {$nitem == \"wireframe_mode\"} {\n" " } elseif {$nitem == \"wireframe_mode\"} {\n"
...@@ -5881,12 +5943,16 @@ char gui_code[] = ""; ...@@ -5881,12 +5943,16 @@ char gui_code[] = "";
"\n" "\n"
"proc restart_everything {gui_mode} {\n" "proc restart_everything {gui_mode} {\n"
" global env gui_argv0 x11vnc_prog full_win\n" " global env gui_argv0 x11vnc_prog full_win\n"
" global icon_mode_at_startup\n"
" global tray_embed tray_running\n"
" if {$gui_mode == \"full\"} {\n" " if {$gui_mode == \"full\"} {\n"
" set env(X11VNC_ICON_MODE) 0\n" " set env(X11VNC_ICON_MODE) 0\n"
" } elseif {$gui_mode == \"icon\"} {\n" " } elseif {$gui_mode == \"icon\"} {\n"
" set env(X11VNC_ICON_MODE) 1\n" " set env(X11VNC_ICON_MODE) 1\n"
" } elseif {$gui_mode == \"tray\"} {\n" " } elseif {$gui_mode == \"tray\"} {\n"
" if {![regexp -nocase {TRAY} $env(X11VNC_ICON_MODE)]} {\n" " if {$tray_running} {\n"
" set env(X11VNC_ICON_MODE) \"RUNNING\"\n"
" } else {\n"
" set env(X11VNC_ICON_MODE) \"TRAY\"\n" " set env(X11VNC_ICON_MODE) \"TRAY\"\n"
" }\n" " }\n"
" }\n" " }\n"
...@@ -5968,7 +6034,8 @@ char gui_code[] = ""; ...@@ -5968,7 +6034,8 @@ char gui_code[] = "";
"global delay_sleep extra_sleep extra_sleep_split\n" "global delay_sleep extra_sleep extra_sleep_split\n"
"global cache_all_query_vars\n" "global cache_all_query_vars\n"
"global last_query_all_time query_all_freq client_tail client_sock client_info_read\n" "global last_query_all_time query_all_freq client_tail client_sock client_info_read\n"
"global icon_mode tray_embed tray_running icon_setpasswd icon_embed_id\n" "global icon_mode icon_mode_at_startup\n"
"global tray_embed tray_running icon_setpasswd icon_embed_id\n"
"global icon_noadvanced icon_minimal\n" "global icon_noadvanced icon_minimal\n"
"global make_gui_count text_area_str\n" "global make_gui_count text_area_str\n"
"global gui_argv0 gui_start_mode\n" "global gui_argv0 gui_start_mode\n"
...@@ -6155,6 +6222,20 @@ char gui_code[] = ""; ...@@ -6155,6 +6222,20 @@ char gui_code[] = "";
"set icon_mode 0\n" "set icon_mode 0\n"
"set tray_embed 0\n" "set tray_embed 0\n"
"set tray_running 0\n" "set tray_running 0\n"
"\n"
"if {![info exists env(X11VNC_ICON_MODE_AT_STARTUP)]} {\n"
" if {[info exists env(X11VNC_ICON_MODE)]} {\n"
" if {$env(X11VNC_ICON_MODE) != 0} {\n"
" set env(X11VNC_ICON_MODE_AT_STARTUP) 1\n"
" } else {\n"
" set env(X11VNC_ICON_MODE_AT_STARTUP) 0\n"
" }\n"
" } else {\n"
" set env(X11VNC_ICON_MODE_AT_STARTUP) 0\n"
" }\n"
"}\n"
"set icon_mode_at_startup $env(X11VNC_ICON_MODE_AT_STARTUP)\n"
"\n"
"if {![info exists env(X11VNC_ICON_MODE)]} {\n" "if {![info exists env(X11VNC_ICON_MODE)]} {\n"
" set icon_mode 0\n" " set icon_mode 0\n"
"} elseif {$env(X11VNC_ICON_MODE) == \"\" || $env(X11VNC_ICON_MODE) == \"0\"} {\n" "} elseif {$env(X11VNC_ICON_MODE) == \"\" || $env(X11VNC_ICON_MODE) == \"0\"} {\n"
...@@ -6169,6 +6250,7 @@ char gui_code[] = ""; ...@@ -6169,6 +6250,7 @@ char gui_code[] = "";
" set tray_running 1\n" " set tray_running 1\n"
" }\n" " }\n"
"}\n" "}\n"
"\n"
"set icon_setpasswd 0\n" "set icon_setpasswd 0\n"
"if {[info exists env(X11VNC_ICON_SETPASS)]} {\n" "if {[info exists env(X11VNC_ICON_SETPASS)]} {\n"
" if {$env(X11VNC_ICON_SETPASS) != \"\"} {\n" " if {$env(X11VNC_ICON_SETPASS) != \"\"} {\n"
......
x11vnc/unixpw.c
View file @ a9a9c812
...@@ -5,6 +5,7 @@ ...@@ -5,6 +5,7 @@
extern int grantpt(int); extern int grantpt(int);
extern int unlockpt(int); extern int unlockpt(int);
extern char *ptsname(int); extern char *ptsname(int);
extern char *crypt(const char*, const char *);
#endif #endif
#include "x11vnc.h" #include "x11vnc.h"
...@@ -14,11 +15,15 @@ extern char *ptsname(int); ...@@ -14,11 +15,15 @@ extern char *ptsname(int);
#include <rfb/default8x16.h> #include <rfb/default8x16.h>
#if LIBVNCSERVER_HAVE_FORK #if LIBVNCSERVER_HAVE_FORK
#if LIBVNCSERVER_HAVE_SYS_WAIT_H #if LIBVNCSERVER_HAVE_SYS_WAIT_H && LIBVNCSERVER_HAVE_WAITPID
#if LIBVNCSERVER_HAVE_WAITPID #define UNIXPW_SU
#define UNIXPW
#endif #endif
#endif #endif
#if LIBVNCSERVER_HAVE_PWD_H && LIBVNCSERVER_HAVE_GETPWNAM
#if LIBVNCSERVER_HAVE_CRYPT || LIBVNCSERVER_HAVE_LIBCRYPT
#define UNIXPW_CRYPT
#endif
#endif #endif
#if LIBVNCSERVER_HAVE_SYS_IOCTL_H #if LIBVNCSERVER_HAVE_SYS_IOCTL_H
...@@ -27,9 +32,10 @@ extern char *ptsname(int); ...@@ -27,9 +32,10 @@ extern char *ptsname(int);
#if LIBVNCSERVER_HAVE_TERMIOS_H #if LIBVNCSERVER_HAVE_TERMIOS_H
#include <termios.h> #include <termios.h>
#endif #endif
#if 0 #if LIBVNCSERVER_HAVE_SYS_STROPTS_H
#include <sys/stropts.h> #include <sys/stropts.h>
#endif #endif
#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__NetBSD__) #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__NetBSD__)
#define IS_BSD #define IS_BSD
#endif #endif
...@@ -39,6 +45,7 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init); ...@@ -39,6 +45,7 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init);
void unixpw_accept(char *user); void unixpw_accept(char *user);
void unixpw_deny(void); void unixpw_deny(void);
int su_verify(char *user, char *pass); int su_verify(char *user, char *pass);
int crypt_verify(char *user, char *pass);
static int white(void); static int white(void);
static int text_x(void); static int text_x(void);
...@@ -84,10 +91,17 @@ static int text_y(void) { ...@@ -84,10 +91,17 @@ static int text_y(void) {
} }
void unixpw_screen(int init) { void unixpw_screen(int init) {
#ifndef UNIXPW if (unixpw_nis) {
#ifndef UNIXPW_CRYPT
rfbLog("-unixpw_nis is not supported on this OS/machine\n");
clean_up_exit(1);
#endif
} else {
#ifndef UNIXPW_SU
rfbLog("-unixpw is not supported on this OS/machine\n"); rfbLog("-unixpw is not supported on this OS/machine\n");
clean_up_exit(1); clean_up_exit(1);
#endif #endif
}
if (init) { if (init) {
int x, y; int x, y;
char log[] = "login: "; char log[] = "login: ";
...@@ -115,6 +129,8 @@ static char slave_str[MAXPATHLEN]; ...@@ -115,6 +129,8 @@ static char slave_str[MAXPATHLEN];
static char slave_str[4096]; static char slave_str[4096];
#endif #endif
static int used_get_pty_ptmx = 0;
char *get_pty_ptmx(int *fd_p) { char *get_pty_ptmx(int *fd_p) {
char *slave; char *slave;
int fd = -1, i, ndevs = 4, tmp; int fd = -1, i, ndevs = 4, tmp;
...@@ -130,7 +146,6 @@ char *get_pty_ptmx(int *fd_p) { ...@@ -130,7 +146,6 @@ char *get_pty_ptmx(int *fd_p) {
#if LIBVNCSERVER_HAVE_GRANTPT #if LIBVNCSERVER_HAVE_GRANTPT
for (i=0; i < ndevs; i++) { for (i=0; i < ndevs; i++) {
#ifdef O_NOCTTY #ifdef O_NOCTTY
fd = open(devs[i], O_RDWR|O_NOCTTY); fd = open(devs[i], O_RDWR|O_NOCTTY);
#else #else
...@@ -146,13 +161,6 @@ char *get_pty_ptmx(int *fd_p) { ...@@ -146,13 +161,6 @@ char *get_pty_ptmx(int *fd_p) {
return NULL; return NULL;
} }
#if 0
#if defined(FIONBIO)
tmp = 1;
ioctl(fd, FIONBIO, &tmp);
#endif
#endif
#if LIBVNCSERVER_HAVE_SYS_IOCTL_H && defined(TIOCPKT) #if LIBVNCSERVER_HAVE_SYS_IOCTL_H && defined(TIOCPKT)
tmp = 0; tmp = 0;
ioctl(fd, TIOCPKT, (char *) &tmp); ioctl(fd, TIOCPKT, (char *) &tmp);
...@@ -180,8 +188,6 @@ char *get_pty_ptmx(int *fd_p) { ...@@ -180,8 +188,6 @@ char *get_pty_ptmx(int *fd_p) {
ioctl(fd, TIOCFLUSH, (char *) 0); ioctl(fd, TIOCFLUSH, (char *) 0);
#endif #endif
strcpy(slave_str, slave); strcpy(slave_str, slave);
*fd_p = fd; *fd_p = fd;
return slave_str; return slave_str;
...@@ -194,7 +200,6 @@ char *get_pty_ptmx(int *fd_p) { ...@@ -194,7 +200,6 @@ char *get_pty_ptmx(int *fd_p) {
char *get_pty_loop(int *fd_p) { char *get_pty_loop(int *fd_p) {
char *slave;
char master_str[16]; char master_str[16];
int fd = -1, i; int fd = -1, i;
char c; char c;
...@@ -233,6 +238,7 @@ char *get_pty_loop(int *fd_p) { ...@@ -233,6 +238,7 @@ char *get_pty_loop(int *fd_p) {
} }
char *get_pty(int *fd_p) { char *get_pty(int *fd_p) {
used_get_pty_ptmx = 0;
if (getenv("BSD_PTY")) { if (getenv("BSD_PTY")) {
return get_pty_loop(fd_p); return get_pty_loop(fd_p);
} }
...@@ -240,6 +246,7 @@ char *get_pty(int *fd_p) { ...@@ -240,6 +246,7 @@ char *get_pty(int *fd_p) {
return get_pty_loop(fd_p); return get_pty_loop(fd_p);
#else #else
#if LIBVNCSERVER_HAVE_GRANTPT #if LIBVNCSERVER_HAVE_GRANTPT
used_get_pty_ptmx = 1;
return get_pty_ptmx(fd_p); return get_pty_ptmx(fd_p);
#else #else
return get_pty_loop(fd_p); return get_pty_loop(fd_p);
...@@ -267,28 +274,76 @@ void try_to_be_nobody(void) { ...@@ -267,28 +274,76 @@ void try_to_be_nobody(void) {
setegid(pw->pw_gid); setegid(pw->pw_gid);
#endif #endif
} }
#endif /* PWD_H */ #endif /* PWD_H */
} }
static int slave_fd = -1; static int slave_fd = -1, alarm_fired = 0;;
static void close_alarm (int sig) { static void close_alarm (int sig) {
if (slave_fd >= 0) { if (slave_fd >= 0) {
close(slave_fd); close(slave_fd);
} }
alarm_fired = 1;
if (0) sig = 0; /* compiler warning */
}
static void kill_child (pid_t pid, int fd) {
int status;
slave_fd = -1;
alarm_fired = 0;
if (fd >= 0) {
close(fd);
}
kill(pid, SIGTERM);
waitpid(pid, &status, WNOHANG);
}
int crypt_verify(char *user, char *pass) {
#ifndef UNIXPW_CRYPT
return 0;
#else
struct passwd *pwd;
char *realpw, *cr;
int n;
pwd = getpwnam(user);
if (! pwd) {
return 0;
}
realpw = pwd->pw_passwd;
if (realpw == NULL || realpw[0] == '\0') {
return 0;
}
n = strlen(pass);
if (pass[n-1] == '\n') {
pass[n-1] = '\0';
}
cr = crypt(pass, realpw);
if (cr == NULL) {
return 0;
}
if (!strcmp(cr, realpw)) {
return 1;
} else {
return 0;
}
#endif /* UNIXPW_CRYPT */
} }
int su_verify(char *user, char *pass) { int su_verify(char *user, char *pass) {
#ifndef UNIXPW #ifndef UNIXPW_SU
return 0; return 0;
#else #else
int i, j, status, fd = -1, sfd, tfd; int i, j, status, fd = -1, sfd, tfd;
int slow_pw = 1;
char *slave, *bin_true = NULL, *bin_su = NULL; char *slave, *bin_true = NULL, *bin_su = NULL;
pid_t pid, pidw; pid_t pid, pidw;
struct stat sbuf; struct stat sbuf;
static int first = 1; static int first = 1;
char instr[16]; char instr[32], buf[10];
if (first) { if (first) {
set_db(); set_db();
...@@ -316,7 +371,15 @@ int su_verify(char *user, char *pass) { ...@@ -316,7 +371,15 @@ int su_verify(char *user, char *pass) {
} }
} }
if (stat("/bin/su", &sbuf) == 0) { #define SU_DEBUG 0
#if SU_DEBUG
if (stat("/su", &sbuf) == 0) {
bin_su = "/su"; /* Freesbie read-only-fs /bin/su not suid! */
#else
if (0) {
;
#endif
} else if (stat("/bin/su", &sbuf) == 0) {
bin_su = "/bin/su"; bin_su = "/bin/su";
} else if (stat("/usr/bin/su", &sbuf) == 0) { } else if (stat("/usr/bin/su", &sbuf) == 0) {
bin_su = "/usr/bin/su"; bin_su = "/usr/bin/su";
...@@ -337,10 +400,12 @@ int su_verify(char *user, char *pass) { ...@@ -337,10 +400,12 @@ int su_verify(char *user, char *pass) {
} }
slave = get_pty(&fd); slave = get_pty(&fd);
if (slave == NULL) { if (slave == NULL) {
rfbLogPerror("get_pty failed."); rfbLogPerror("get_pty failed.");
return 0; return 0;
} }
if (db) fprintf(stderr, "slave is: %s fd=%d\n", slave, fd); if (db) fprintf(stderr, "slave is: %s fd=%d\n", slave, fd);
if (fd < 0) { if (fd < 0) {
...@@ -358,8 +423,10 @@ if (db) fprintf(stderr, "slave is: %s fd=%d\n", slave, fd); ...@@ -358,8 +423,10 @@ if (db) fprintf(stderr, "slave is: %s fd=%d\n", slave, fd);
} }
if (pid == 0) { if (pid == 0) {
/* child */
int ttyfd; int ttyfd;
char tmp[256]; ttyfd = -1; /* compiler warning */
#if LIBVNCSERVER_HAVE_SETSID #if LIBVNCSERVER_HAVE_SETSID
if (setsid() == -1) { if (setsid() == -1) {
...@@ -371,7 +438,6 @@ if (db) fprintf(stderr, "slave is: %s fd=%d\n", slave, fd); ...@@ -371,7 +438,6 @@ if (db) fprintf(stderr, "slave is: %s fd=%d\n", slave, fd);
perror("setpgrp"); perror("setpgrp");
exit(1); exit(1);
} }
#if LIBVNCSERVER_HAVE_SYS_IOCTL_H && defined(TIOCNOTTY) #if LIBVNCSERVER_HAVE_SYS_IOCTL_H && defined(TIOCNOTTY)
ttyfd = open("/dev/tty", O_RDWR); ttyfd = open("/dev/tty", O_RDWR);
if (ttyfd >= 0) { if (ttyfd >= 0) {
...@@ -390,11 +456,21 @@ if (db) fprintf(stderr, "slave is: %s fd=%d\n", slave, fd); ...@@ -390,11 +456,21 @@ if (db) fprintf(stderr, "slave is: %s fd=%d\n", slave, fd);
if (sfd < 0) { if (sfd < 0) {
exit(1); exit(1);
} }
/* sfd should be 0 since we closed 0. */
#ifdef F_SETFL /* streams options fixups, handle cases as they are found: */
fcntl (sfd, F_SETFL, O_NONBLOCK); #if defined(__hpux)
#if LIBVNCSERVER_HAVE_SYS_STROPTS_H
#if LIBVNCSERVER_HAVE_SYS_IOCTL_H && defined(I_PUSH)
if (used_get_pty_ptmx) {
ioctl(sfd, I_PUSH, "ptem");
ioctl(sfd, I_PUSH, "ldterm");
ioctl(sfd, I_PUSH, "ttcompat");
}
#endif
#endif #endif
#endif
/* n.b. sfd will be 0 since we closed 0. so dup it to 1 and 2 */
if (fcntl(sfd, F_DUPFD, 1) == -1) { if (fcntl(sfd, F_DUPFD, 1) == -1) {
exit(1); exit(1);
} }
...@@ -402,32 +478,23 @@ if (db) fprintf(stderr, "slave is: %s fd=%d\n", slave, fd); ...@@ -402,32 +478,23 @@ if (db) fprintf(stderr, "slave is: %s fd=%d\n", slave, fd);
exit(1); exit(1);
} }
unlink("/tmp/isatty"); #if LIBVNCSERVER_HAVE_SYS_IOCTL_H && defined(TIOCSCTTY)
unlink("/tmp/isastream");
#if LIBVNCSERVER_HAVE_SYS_IOCTL_H
#if 0
if (isastream(sfd)) {
tfd = open("/tmp/isastream", O_CREAT|O_WRONLY, 0600);
close(tfd);
ioctl(sfd, I_PUSH, "ptem");
ioctl(sfd, I_PUSH, "ldterm");
ioctl(sfd, I_PUSH, "ttcompat");
}
#endif
#if 1
#if defined(TIOCSCTTY) && !defined(sun) && !defined(hpux)
ioctl(sfd, TIOCSCTTY, (char *) 0); ioctl(sfd, TIOCSCTTY, (char *) 0);
#endif #endif
#endif
if (isatty(sfd)) { if (db > 2) {
char nam[256]; char nam[256];
tfd = open("/tmp/isatty", O_CREAT|O_WRONLY, 0600); unlink("/tmp/isatty");
close(tfd); tfd = open("/tmp/isatty", O_CREAT|O_WRONLY, 0600);
if (isatty(sfd)) {
close(tfd);
sprintf(nam, "stty -a < %s > /tmp/isatty 2>&1", slave); sprintf(nam, "stty -a < %s > /tmp/isatty 2>&1", slave);
system(nam); system(nam);
} else {
write(tfd, "NOTTTY\n", 7);
close(tfd);
}
} }
#endif /* SYS_IOCTL_H */
chdir("/"); chdir("/");
...@@ -444,102 +511,139 @@ close(tfd); ...@@ -444,102 +511,139 @@ close(tfd);
set_env("LANG", "C"); set_env("LANG", "C");
set_env("SHELL", "/bin/sh"); set_env("SHELL", "/bin/sh");
/* synchronize with parent: */
write(2, "C", 1);
execlp(bin_su, bin_su, user, "-c", bin_true, (char *) NULL); execlp(bin_su, bin_su, user, "-c", bin_true, (char *) NULL);
exit(1); exit(1);
} }
/* parent */
if (db) fprintf(stderr, "pid: %d\n", pid); if (db) fprintf(stderr, "pid: %d\n", pid);
if (db > 3) {
char cmd[32];
usleep( 100 * 1000 );
sprintf(cmd, "ps wu %d", pid);
system(cmd);
sprintf(cmd, "stty -a < %s", slave);
system(cmd);
}
usleep( 500 * 1000 );
/* send the password "early" (i.e. before we drain) */
if (0) {
int k;
for (k = 0; k < strlen(pass); k++) {
write(fd, pass+k, 1);
usleep(100 * 1000);
}
} else {
write(fd, pass, strlen(pass));
}
/* /*
* set an alarm for blocking read() to close the master * set an alarm for blocking read() to close the master
* (presumably terminating the child. we avoid SIGTERM for now) * (presumably terminating the child. SIGTERM too...)
*/ */
slave_fd = fd; slave_fd = fd;
alarm_fired = 0;
signal(SIGALRM, close_alarm); signal(SIGALRM, close_alarm);
alarm(10); alarm(10);
/* synchronize with child: */
for (i=0; i<10; i++) {
int n;
buf[0] = '\0';
buf[1] = '\0';
n = read(fd, buf, 1);
if (n < 0 && errno == EINTR) {
continue;
} else {
break;
}
}
if (db) {
fprintf(stderr, "read from child: '%s'\n", buf);
}
alarm(0);
signal(SIGALRM, SIG_DFL);
if (alarm_fired) {
kill_child(pid, fd);
return 0;
}
#if LIBVNCSERVER_HAVE_SYS_IOCTL_H && defined(TIOCTRAP)
{
int control = 1;
ioctl(fd, TIOCTRAP, &control);
}
#endif
/* /*
* In addition to checking exit code below, we watch for the * In addition to checking exit code below, we watch for the
* appearance of the string "Password:". BSD does not seem to * appearance of the string "Password:". BSD does not seem to
* ask for a password trying to su to yourself. * ask for a password trying to su to yourself. This is the
* setting in /etc/pam.d/su:
* auth sufficient pam_self.so
* it may be commented out without problem.
*/ */
for (i=0; i<16; i++) { for (i=0; i<32; i++) {
instr[i] = '\0'; instr[i] = '\0';
} }
alarm_fired = 0;
signal(SIGALRM, close_alarm);
alarm(10);
j = 0; j = 0;
for (i=0; i < strlen("Password:"); i++) { for (i=0; i < (int) strlen("Password:"); i++) {
char pstr[] = "password:"; char pstr[] = "password:";
char buf[2];
int n; int n;
buf[0] = '\0'; buf[0] = '\0';
buf[1] = '\0'; buf[1] = '\0';
n = read(fd, buf, 1); n = read(fd, buf, 1);
if (n < 0 && errno == EINTR) {
i--;
continue;
}
if (db == 1) fprintf(stderr, "%d ", n, db > 1 ? buf : ""); if (db) fprintf(stderr, "%s", buf);
if (db > 1) fprintf(stderr, "%s", buf);
if (db > 3 && n == 1 && buf[0] == ':') { if (db > 3 && n == 1 && buf[0] == ':') {
char cmd[32]; char cmd[32];
usleep( 100 * 1000 ); usleep( 100 * 1000 );
fprintf(stderr, "\n\n");
sprintf(cmd, "ps wu %d", pid); sprintf(cmd, "ps wu %d", pid);
system(cmd); system(cmd);
sprintf(cmd, "stty -a < %s", slave); sprintf(cmd, "stty -a < %s", slave);
system(cmd); system(cmd);
fprintf(stderr, "\n\n");
} }
if (n == 1) { if (n == 1) {
if (isspace(buf[0])) { if (isspace(buf[0])) {
i--;
continue; continue;
} }
instr[j++] = tolower(buf[0]); instr[j++] = tolower(buf[0]);
} }
if (n <= 0 || strstr(pstr, instr) != pstr) { if (n <= 0 || strstr(pstr, instr) != pstr) {
rfbLog("\"Password:\" did not appear: '%s' n=%d\n", if (db) {
instr, n); fprintf(stderr, "\"Password:\" did not appear: '%s'" " n=%d\n", instr, n);
if (db > 3 && n == 1) { if (db > 3 && n == 1 && j < 32) {
continue; continue;
} }
}
alarm(0); alarm(0);
signal(SIGALRM, SIG_DFL); signal(SIGALRM, SIG_DFL);
slave_fd = -1; kill_child(pid, fd);
close(fd);
kill(pid, SIGTERM);
waitpid(pid, &status, WNOHANG);
return 0; return 0;
} }
} }
alarm(0); alarm(0);
signal(SIGALRM, SIG_DFL); signal(SIGALRM, SIG_DFL);
if (alarm_fired) {
kill_child(pid, fd);
return 0;
}
usleep( 250 * 1000 ); usleep(100 * 1000);
if (slow_pw) {
#if 0 unsigned int k;
tcdrain(fd); for (k = 0; k < strlen(pass); k++) {
#endif write(fd, pass+k, 1);
usleep(100 * 1000);
}
} else {
write(fd, pass, strlen(pass));
}
alarm_fired = 0;
signal(SIGALRM, close_alarm); signal(SIGALRM, close_alarm);
alarm(15); alarm(15);
...@@ -549,16 +653,17 @@ if (db > 1) fprintf(stderr, "%s", buf); ...@@ -549,16 +653,17 @@ if (db > 1) fprintf(stderr, "%s", buf);
* make cause child to die by signal. * make cause child to die by signal.
*/ */
for (i = 0; i<4096; i++) { for (i = 0; i<4096; i++) {
char buf[2];
int n; int n;
buf[0] = '\0'; buf[0] = '\0';
buf[1] = '\0'; buf[1] = '\0';
n = read(fd, buf, 1); n = read(fd, buf, 1);
if (n < 0 && errno == EINTR) {
continue;
}
if (db == 1) fprintf(stderr, "%d ", n, db > 1 ? buf : ""); if (db) fprintf(stderr, "%s", buf);
if (db > 1) fprintf(stderr, "%s", buf);
if (n <= 0) { if (n <= 0) {
break; break;
...@@ -569,6 +674,11 @@ if (db) fprintf(stderr, "\n"); ...@@ -569,6 +674,11 @@ if (db) fprintf(stderr, "\n");
alarm(0); alarm(0);
signal(SIGALRM, SIG_DFL); signal(SIGALRM, SIG_DFL);
if (alarm_fired) {
kill_child(pid, fd);
return 0;
}
slave_fd = -1; slave_fd = -1;
pidw = waitpid(pid, &status, 0); pidw = waitpid(pid, &status, 0);
...@@ -577,12 +687,13 @@ if (db) fprintf(stderr, "\n"); ...@@ -577,12 +687,13 @@ if (db) fprintf(stderr, "\n");
if (pid != pidw) { if (pid != pidw) {
return 0; return 0;
} }
if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
return 1; /* this is the only return of success. */ return 1; /* this is the only return of success. */
} else { } else {
return 0; return 0;
} }
#endif /* UNIXPW */ #endif /* UNIXPW_SU */
} }
static void unixpw_verify(char *user, char *pass) { static void unixpw_verify(char *user, char *pass) {
...@@ -593,10 +704,19 @@ static void unixpw_verify(char *user, char *pass) { ...@@ -593,10 +704,19 @@ static void unixpw_verify(char *user, char *pass) {
if (db) fprintf(stderr, "unixpw_verify: '%s' '%s'\n", user, db > 1 ? pass : "********"); if (db) fprintf(stderr, "unixpw_verify: '%s' '%s'\n", user, db > 1 ? pass : "********");
rfbLog("unixpw_verify: %s\n", user); rfbLog("unixpw_verify: %s\n", user);
if (unixpw_nis) {
if (crypt_verify(user, pass)) {
unixpw_accept(user);
return;
} else {
usleep(3000*1000);
}
} else {
if (su_verify(user, pass)) { if (su_verify(user, pass)) {
unixpw_accept(user); unixpw_accept(user);
return; return;
} }
}
if (tries < 2) { if (tries < 2) {
char_row++; char_row++;
...@@ -794,6 +914,13 @@ static void apply_opts (char *user) { ...@@ -794,6 +914,13 @@ static void apply_opts (char *user) {
rfbClientPtr cl = unixpw_client; rfbClientPtr cl = unixpw_client;
int i; int i;
if (user) {
if (cd->unixname) {
free(cd->unixname);
}
cd->unixname = strdup(user);
}
if (! unixpw_list) { if (! unixpw_list) {
return; return;
} }
...@@ -808,7 +935,7 @@ static void apply_opts (char *user) { ...@@ -808,7 +935,7 @@ static void apply_opts (char *user) {
p = strtok(NULL, ","); p = strtok(NULL, ",");
continue; continue;
} }
if (!strcmp(user, p)) { if (user && !strcmp(user, p)) {
opts = strdup(q+1); opts = strdup(q+1);
} }
if (!strcmp("*", p)) { if (!strcmp("*", p)) {
...@@ -846,7 +973,6 @@ static void apply_opts (char *user) { ...@@ -846,7 +973,6 @@ static void apply_opts (char *user) {
} }
void unixpw_accept(char *user) { void unixpw_accept(char *user) {
apply_opts(user); apply_opts(user);
unixpw_in_progress = 0; unixpw_in_progress = 0;
......
x11vnc/unixpw.h
View file @ a9a9c812
...@@ -8,6 +8,7 @@ extern void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init); ...@@ -8,6 +8,7 @@ extern void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init);
extern void unixpw_accept(char *user); extern void unixpw_accept(char *user);
extern void unixpw_deny(void); extern void unixpw_deny(void);
extern int su_verify(char *user, char *pass); extern int su_verify(char *user, char *pass);
extern int crypt_verify(char *user, char *pass);
extern int unixpw_in_progress; extern int unixpw_in_progress;
extern time_t unixpw_last_try_time; extern time_t unixpw_last_try_time;
......
x11vnc/x11vnc.1
View file @ a9a9c812
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
.TH X11VNC "1" "March 2006" "x11vnc " "User Commands" .TH X11VNC "1" "March 2006" "x11vnc " "User Commands"
.SH NAME .SH NAME
x11vnc - allow VNC connections to real X11 displays x11vnc - allow VNC connections to real X11 displays
version: 0.8.1, lastmod: 2006-03-02 version: 0.8.1, lastmod: 2006-03-04
.SH SYNOPSIS .SH SYNOPSIS
.B x11vnc .B x11vnc
[OPTION]... [OPTION]...
...@@ -32,10 +32,10 @@ these protections. See the FAQ for details how to tunnel the VNC connection ...@@ -32,10 +32,10 @@ these protections. See the FAQ for details how to tunnel the VNC connection
through an encrypted channel such as through an encrypted channel such as
.IR ssh (1). .IR ssh (1).
In brief: In brief:
.IP .PP
ssh -L 5900:localhost:5900 far-host 'x11vnc -localhost -display :0' % ssh -L 5900:localhost:5900 far-host 'x11vnc -localhost -display :0'
.IP .PP
vncviewer -encodings 'copyrect tight zrle hextile' localhost:0 % vncviewer -encodings 'copyrect tight zrle hextile' localhost:0
.PP .PP
Also, use of a VNC password (-rfbauth or \fB-passwdfile)\fR is strongly recommend. Also, use of a VNC password (-rfbauth or \fB-passwdfile)\fR is strongly recommend.
.PP .PP
...@@ -494,19 +494,19 @@ full-access passwords) ...@@ -494,19 +494,19 @@ full-access passwords)
.PP .PP
\fB-unixpw\fR \fI[list]\fR \fB-unixpw\fR \fI[list]\fR
.IP .IP
Experimental option: use Unix username and password Use Unix username and password authentication. x11vnc
authentication. x11vnc uses the uses the
.IR su (1) .IR su (1)
program to verify program to verify the user's password.
the user's password. [list] is an optional comma [list] is an optional comma separated list of allowed
separated list of allowed Unix usernames. See below Unix usernames. See below for per-user options that
for per-user options that can be applied. can be applied.
.IP .IP
A familiar "login:" and "Password:" dialog is A familiar "login:" and "Password:" dialog is
presented to the user on a black screen inside the presented to the user on a black screen inside the
vncviewer. The connection is dropped if the user fails vncviewer. The connection is dropped if the user fails
to supply the correct password in 3 tries or does not to supply the correct password in 3 tries or does not
send one before a 20 second timeout. Existing clients send one before a 25 second timeout. Existing clients
are view-only during this period. are view-only during this period.
.IP .IP
Since the detailed behavior of Since the detailed behavior of
...@@ -514,19 +514,24 @@ Since the detailed behavior of ...@@ -514,19 +514,24 @@ Since the detailed behavior of
can vary from can vary from
OS to OS and for local configurations, please test OS to OS and for local configurations, please test
the mode carefully on your systems before using it. the mode carefully on your systems before using it.
Try different combinations of valid/invalid usernames E.g. try different combinations of valid/invalid
and passwords. usernames and valid/invalid passwords to see if it
.IP behaves correctly. x11vnc will be conservative and
For example, on FreeBSD and the other BSD's and Tru64 reject a user if anything abnormal occurs.
it does not appear to be possible for the user running .IP
x11vnc to validate his *own* password via For example, on FreeBSD and the other BSD's by default
.IR su (1). it is impossible for the user running x11vnc to validate
The x11vnc login will always fail in this case. his *own* password via
A possible workaround would be to start x11vnc as .IR su (1)
root with the "\fB-users\fR \fI+nobody\fR" option to immediately (evidently commenting
switch to user nobody. Another source of problems are out the pam_self.so entry in /etc/pam.d/su eliminates
PAM modules that prompt for extra info, e.g. password the problem). So the x11vnc login will always fail for
aging modules. These logins will always fail as well. this case. A possible workaround would be to start
x11vnc as root with the "\fB-users\fR \fI+nobody\fR" option to
immediately switch to user nobody. Another source of
problems are PAM modules that prompt for extra info,
e.g. password aging modules. These logins will always
fail as well.
.IP .IP
*IMPORTANT*: to prevent the Unix password being sent in *IMPORTANT*: to prevent the Unix password being sent in
*clear text* over the network, two x11vnc options are *clear text* over the network, two x11vnc options are
...@@ -544,21 +549,22 @@ Evidently you will be using a different method to ...@@ -544,21 +549,22 @@ Evidently you will be using a different method to
encrypt the data between the vncviewer and x11vnc: encrypt the data between the vncviewer and x11vnc:
e.g. e.g.
.IR ssh (1) .IR ssh (1)
or a VPN. Note that use of or a VPN. Note that use of \fB-localhost\fR
.IR ssh (1)
with with
\fB-localhost\fR is roughly the same as requiring a Unix .IR ssh (1)
user login (since Unix password or the user's public is roughly the same as requiring a Unix
key authentication is used by ssh) user login (since a Unix password or the user's public
key authentication is used by ssh on the machine where
x11vnc runs and only local connections are accepted)
.IP .IP
As a convenience, if you As a convenience, if you
.IR ssh (1) .IR ssh (1)
in and start x11vnc in and start x11vnc it
it will look to see if the environment variable will check if the environment variable SSH_CONNECTION
SSH_CONNECTION is set and appears reasonable. If it is set and appears reasonable. If it does, then the
does, then the stunnel requirement is dropped since stunnel requirement is dropped since it is assumed
it is assumed you are using ssh for the encrypted you are using ssh for the encrypted tunnelling.
tunnelling. Use \fB-stunnel\fR to force stunnel usage. Use \fB-stunnel\fR to force stunnel usage.
.IP .IP
Set UNIXPW_DISABLE_LOCALHOST=1 to disable the \fB-localhost\fR Set UNIXPW_DISABLE_LOCALHOST=1 to disable the \fB-localhost\fR
requirement. One should never do this (i.e. allow the requirement. One should never do this (i.e. allow the
...@@ -575,20 +581,36 @@ per-user options after a ":", e.g. "fred:opts" ...@@ -575,20 +581,36 @@ per-user options after a ":", e.g. "fred:opts"
where "opts" is a "+" separated list of where "opts" is a "+" separated list of
"viewonly", "fullaccess", "input=XXXX", or "viewonly", "fullaccess", "input=XXXX", or
"deny", e.g. "karl,fred:viewonly,boss:input=M". "deny", e.g. "karl,fred:viewonly,boss:input=M".
For "input=" it is the K,M,B,C describe under \fB-input.\fR For "input=" it is the K,M,B,C described under \fB-input.\fR
.IP
If a user in the list is "*" that means those
options apply to all users. It also means all users
are allowed to log in after supplying a valid password.
Use "deny" to explicitly deny some users if you use
"*" to set a global option.
.PP
\fB-unixpw_nis\fR \fI[list]\fR
.IP .IP
If a user in the list is "*" that means those options As \fB-unixpw\fR above, however do not run
apply to all users. It also means all users are allowed .IR su (1)
to log in. Use "deny" to explicitly deny some users but rather
if you use "*" to set a global option. use the traditional getpwnam() + crypt() method instead.
This requires that the encrpyted passwords be readable.
Passwords stored in /etc/shadow will be inaccessible
unless run as root. This is called "NIS" mode
simply because in most NIS setups the user encrypted
passwords are accessible (e.g. "ypcat passwd").
NIS is not required for this mode to work, but it
is unlikely it will work for any other environment.
All of the \fB-unixpw\fR options and contraints apply.
.PP .PP
\fB-stunnel\fR \fI[pem]\fR \fB-stunnel\fR \fI[pem]\fR
.IP .IP
Use the Use the
.IR stunnel (1) .IR stunnel (1)
(www.stunnel.org) to provide an (www.stunnel.org) to provide
encrypted SSL tunnel between viewers and x11vnc. an encrypted SSL tunnel between viewers and x11vnc.
This requires stunnel be installed on the system and This requires stunnel to be installed on the system and
available via PATH (n.b. stunnel is often installed in available via PATH (n.b. stunnel is often installed in
sbin directories). Version 4.x of stunnel is assumed; sbin directories). Version 4.x of stunnel is assumed;
see \fB-stunnel3\fR below. see \fB-stunnel3\fR below.
...@@ -600,9 +622,9 @@ configuration. ...@@ -600,9 +622,9 @@ configuration.
.IP .IP
stunnel is started up as a child process of x11vnc and stunnel is started up as a child process of x11vnc and
any SSL connections stunnel receives are decrypted and any SSL connections stunnel receives are decrypted and
sent to x11vnc over a local socket. The strings "The sent to x11vnc over a local socket. The strings
SSL VNC desktop is ..." and SSLPORT=... are printed "The SSL VNC desktop is ..." and "SSLPORT=..."
out at startup. are printed out at startup.
.IP .IP
The \fB-localhost\fR option is enforced by default to The \fB-localhost\fR option is enforced by default to
avoid people routing around the SSL channel. Set avoid people routing around the SSL channel. Set
...@@ -2694,16 +2716,16 @@ aro= noop display vncdisplay desktopname guess_desktop ...@@ -2694,16 +2716,16 @@ aro= noop display vncdisplay desktopname guess_desktop
http_url auth xauth users rootshift clipshift http_url auth xauth users rootshift clipshift
scale_str scaled_x scaled_y scale_numer scale_denom scale_str scaled_x scaled_y scale_numer scale_denom
scale_fac scaling_blend scaling_nomult4 scaling_pad scale_fac scaling_blend scaling_nomult4 scaling_pad
scaling_interpolate inetd privremote unsafe safer nocmds scaling_interpolate inetd privremote unsafe safer
passwdfile unixpw unixpw_list stunnel stunnel_pem nocmds passwdfile unixpw unixpw_nis unixpw_list stunnel
using_shm logfile o flag rc norc h help V version stunnel_pem using_shm logfile o flag rc norc h help
lastmod bg sigpipe threads readrate netrate netlatency V version lastmod bg sigpipe threads readrate netrate
pipeinput clients client_count pid ext_xtest ext_xtrap netlatency pipeinput clients client_count pid ext_xtest
ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama
ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin
button_mask mouse_x mouse_y bpp depth indexed_color num_buttons button_mask mouse_x mouse_y bpp depth
dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y indexed_color dpy_x dpy_y wdpy_x wdpy_y off_x off_y
coff_x coff_y rfbauth passwd viewpasswd cdpy_x cdpy_y coff_x coff_y rfbauth passwd viewpasswd
.PP .PP
\fB-QD\fR \fIvariable\fR \fB-QD\fR \fIvariable\fR
.IP .IP
...@@ -2896,15 +2918,26 @@ run by \fB-accept\fR and \fB-gone\fR: ...@@ -2896,15 +2918,26 @@ run by \fB-accept\fR and \fB-gone\fR:
.IR vncconnect (1), .IR vncconnect (1),
.IR vncserver (1), .IR vncserver (1),
.IR Xvnc (1), .IR Xvnc (1),
.IR inetd (1),
.IR xev (1), .IR xev (1),
.IR xdpyinfo (1),
.IR xwininfo (1),
.IR xprop (1),
.IR xmodmap (1), .IR xmodmap (1),
.IR xrandr (1),
.IR Xserver (1), .IR Xserver (1),
.IR xauth (1), .IR xauth (1),
.IR xhost (1), .IR xhost (1),
.IR Xsecurity (7), .IR Xsecurity (7),
.IR xmessage (1), .IR xmessage (1),
.IR XGetImage (3X11),
.IR ipcrm (1), .IR ipcrm (1),
.IR inetd (1),
.IR xdm (1),
.IR gdm (1),
.IR kdm (1),
.IR ssh (1),
.IR stunnel (8),
.IR su (1),
.IR http://www.tightvnc.com , .IR http://www.tightvnc.com ,
.IR http://www.realvnc.com , .IR http://www.realvnc.com ,
.IR http://www.karlrunge.com/x11vnc/ , .IR http://www.karlrunge.com/x11vnc/ ,
......
x11vnc/x11vnc.c
View file @ a9a9c812
...@@ -138,6 +138,7 @@ ...@@ -138,6 +138,7 @@
#include "connections.h" #include "connections.h"
#include "rates.h" #include "rates.h"
#include "unixpw.h" #include "unixpw.h"
#include "inet.h"
/* /*
* main routine for the x11vnc program * main routine for the x11vnc program
...@@ -467,6 +468,7 @@ if (debug_scroll) fprintf(stderr, "watch_loop: LOOP-BACK: %d\n", ret); ...@@ -467,6 +468,7 @@ if (debug_scroll) fprintf(stderr, "watch_loop: LOOP-BACK: %d\n", ret);
check_keycode_state(); check_keycode_state();
check_connect_inputs(); check_connect_inputs();
check_gui_inputs(); check_gui_inputs();
check_stunnel();
record_last_fb_update(); record_last_fb_update();
check_padded_fb(); check_padded_fb();
check_fixscreen(); check_fixscreen();
...@@ -898,6 +900,82 @@ static void immediate_switch_user(int argc, char* argv[]) { ...@@ -898,6 +900,82 @@ static void immediate_switch_user(int argc, char* argv[]) {
} }
} }
static void quick_pw(char *str) {
char *p, *q;
char tmp[1024];
int db = 0;
if (db) fprintf(stderr, "quick_pw: %s\n", str);
if (! str || str[0] == '\0') {
exit(1);
}
if (str[0] != '%') {
exit(1);
}
/*
* "%-" or "%stdin" means read one line from stdin.
*
* "%env" means it is in $UNIXPW env var.
*
* starting "%/" or "%." means read the first line from that file.
*
* otherwise: %user:pass
*/
if (!strcmp(str, "%-") || !strcmp(str, "%stdin")) {
if(fgets(tmp, 1024, stdin) == NULL) {
exit(1);
}
q = strdup(tmp);
} else if (!strcmp(str, "%env")) {
if (getenv("UNIXPW") == NULL) {
exit(1);
}
q = strdup(getenv("UNIXPW"));
} else if (str[1] == '/' || str[1] == '.') {
FILE *in = fopen(str+1, "r");
if (in == NULL) {
exit(1);
}
if(fgets(tmp, 1024, in) == NULL) {
exit(1);
}
q = strdup(tmp);
} else {
q = strdup(str+1);
}
p = (char *) malloc(strlen(q) + 10);
strcpy(p, q);
if (strchr(p, '\n') == NULL) {
strcat(p, "\n");
}
if ((q = strchr(p, ':')) == NULL) {
exit(1);
}
*q = '\0';
if (db) fprintf(stderr, "'%s' '%s'\n", p, q+1);
if (unixpw_nis) {
if (crypt_verify(p, q+1)) {
fprintf(stdout, "Y %s\n", p);
exit(0);
} else {
fprintf(stdout, "N %s\n", p);
exit(1);
}
} else {
if (su_verify(p, q+1)) {
fprintf(stdout, "Y %s\n", p);
exit(0);
} else {
fprintf(stdout, "N %s\n", p);
exit(1);
}
}
/* NOTREACHED */
exit(1);
}
static void print_settings(int try_http, int bg, char *gui_str) { static void print_settings(int try_http, int bg, char *gui_str) {
fprintf(stderr, "\n"); fprintf(stderr, "\n");
...@@ -1364,9 +1442,11 @@ int main(int argc, char* argv[]) { ...@@ -1364,9 +1442,11 @@ int main(int argc, char* argv[]) {
CHECK_ARGC CHECK_ARGC
passwdfile = strdup(argv[++i]); passwdfile = strdup(argv[++i]);
got_passwdfile = 1; got_passwdfile = 1;
} else if (!strcmp(arg, "-unixpw") } else if (strstr(arg, "-unixpw") == arg) {
|| !strcmp(arg, "-unixpw_unsafe")) {
unixpw = 1; unixpw = 1;
if (strstr(arg, "-unixpw_nis")) {
unixpw_nis = 1;
}
if (i < argc-1) { if (i < argc-1) {
char *p, *q, *s = argv[i+1]; char *p, *q, *s = argv[i+1];
if (s[0] != '-') { if (s[0] != '-') {
...@@ -1374,23 +1454,12 @@ int main(int argc, char* argv[]) { ...@@ -1374,23 +1454,12 @@ int main(int argc, char* argv[]) {
i++; i++;
} }
if (s[0] == '%') { if (s[0] == '%') {
p = unixpw_list;
unixpw_list = NULL; unixpw_list = NULL;
strcpy(p, s+1); quick_pw(s);
strcat(p, "\n"); /* just fits */
if ((q = strchr(p, ':')) == NULL) {
exit(1); exit(1);
} }
*q = '\0';
if (su_verify(p, q+1)) {
fprintf(stderr, "\nY\n");
} else {
fprintf(stderr, "\nN\n");
} }
exit(0); if (strstr(arg, "_unsafe")) {
}
}
if (!strcmp(arg, "-unixpw_unsafe")) {
/* hidden option for testing. */ /* hidden option for testing. */
set_env("UNIXPW_DISABLE_STUNNEL", "1"); set_env("UNIXPW_DISABLE_STUNNEL", "1");
set_env("UNIXPW_DISABLE_LOCALHOST", "1"); set_env("UNIXPW_DISABLE_LOCALHOST", "1");
...@@ -2114,6 +2183,17 @@ int main(int argc, char* argv[]) { ...@@ -2114,6 +2183,17 @@ int main(int argc, char* argv[]) {
"mode.\n"); "mode.\n");
} }
use_stunnel = 1; use_stunnel = 1;
} else if (! getenv("UNIXPW_DISABLE_STUNNEL")) {
char *s = getenv("SSH_CONNECTION");
if (! s) s = getenv("SSH_CLIENT");
if (! s) s = "SSH_CONNECTION";
fprintf(stderr, "\n");
rfbLog("Skipping -stunnel contraint in -unixpw mode,\n");
rfbLog("assuming your SSH encryption is: %s\n", s);
fprintf(stderr, "\n");
if (! nopw) {
usleep(2000*1000);
}
} }
} }
} else if (use_stunnel) { } else if (use_stunnel) {
......
x11vnc/x11vnc.h
View file @ a9a9c812
...@@ -247,6 +247,19 @@ extern int h_errno; ...@@ -247,6 +247,19 @@ extern int h_errno;
# endif # endif
#endif #endif
/*
* For reference, the OS header defines:
__SVR4 && __sun is solaris
__sgi
__hpux
__osf__
__OpenBSD__
__FreeBSD__
__NetBSD__
__linux__
_AIX
*/
#ifdef IRIX_OVERLAY #ifdef IRIX_OVERLAY
#include <X11/extensions/readdisplay.h> #include <X11/extensions/readdisplay.h>
#endif #endif
...@@ -422,6 +435,7 @@ typedef struct _ClientData { ...@@ -422,6 +435,7 @@ typedef struct _ClientData {
int uid; int uid;
char *hostname; char *hostname;
char *username; char *username;
char *unixname;
int client_port; int client_port;
int server_port; int server_port;
char *server_ip; char *server_ip;
......
x11vnc/x11vnc_defs.c
View file @ a9a9c812
...@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0; ...@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0; int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */ /* date +'lastmod: %Y-%m-%d' */
char lastmod[] = "0.8.1 lastmod: 2006-03-02"; char lastmod[] = "0.8.1 lastmod: 2006-03-04";
/* X display info */ /* X display info */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment