Commit a9a9c812 authored by runge's avatar runge

x11vnc: -unixpw on *bsd, hpux and tru64. -unixpw_nis mode. stunnel and gui tweaks.

parent b03a920c
...@@ -175,6 +175,21 @@ if test "$X_CFLAGS" != "-DX_DISPLAY_MISSING"; then ...@@ -175,6 +175,21 @@ if test "$X_CFLAGS" != "-DX_DISPLAY_MISSING"; then
esac esac
fi fi
# only x11vnc uses crypt()
AH_TEMPLATE(HAVE_LIBCRYPT, [libcrypt library present])
AC_ARG_WITH(crypt,
[ --without-crypt disable support for libcrypt],,)
if test "x$with_crypt" != "xno"; then
AC_CHECK_FUNCS([crypt], HAVE_LIBC_CRYPT="true")
if test -z "$HAVE_LIBC_CRYPT"; then
AC_CHECK_LIB(crypt, crypt,
X_PRELIBS="$X_PRELIBS -lcrypt"
[AC_DEFINE(HAVE_LIBCRYPT)], ,
$X_LIBS $X_PRELIBS -lcrypt $X_EXTRA_LIBS)
fi
fi
X_LIBS="$X_LIBS $X_PRELIBS -lX11 $X_EXTRA_LIBS" X_LIBS="$X_LIBS $X_PRELIBS -lX11 $X_EXTRA_LIBS"
fi fi
fi fi
...@@ -345,7 +360,7 @@ AC_SUBST(WSOCKLIB) ...@@ -345,7 +360,7 @@ AC_SUBST(WSOCKLIB)
# Checks for header files. # Checks for header files.
AC_HEADER_STDC AC_HEADER_STDC
AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h sys/timeb.h syslog.h unistd.h pwd.h sys/wait.h utmpx.h termios.h sys/ioctl.h]) AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h sys/timeb.h syslog.h unistd.h pwd.h sys/wait.h utmpx.h termios.h sys/ioctl.h sys/stropts.h])
# Checks for typedefs, structures, and compiler characteristics. # Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST AC_C_CONST
......
2006-03-04 Karl Runge <runge@karlrunge.com>
* x11vnc: -unixpw on *bsd, hpux and tru64. Add -unixpw_nis for
non-shadow systems. check stunnel dying. check SSH_CONNECTION
in -unixpw. gui icon tweaks, unix username.
2006-03-02 Karl Runge <runge@karlrunge.com> 2006-03-02 Karl Runge <runge@karlrunge.com>
* x11vnc: more tweaks to -unixpw mode. Add -gone popup mode. * x11vnc: more tweaks to -unixpw mode. Add -gone popup mode.
Change filexfer via -R. Tune SMALL_FOOTPRINT. gui fixes. Change filexfer via -R. Tune SMALL_FOOTPRINT. gui fixes.
......
This source diff could not be displayed because it is too large. You can view the blob instead.
...@@ -10,6 +10,7 @@ ...@@ -10,6 +10,7 @@
#include "rates.h" #include "rates.h"
#include "screen.h" #include "screen.h"
#include "unixpw.h" #include "unixpw.h"
#include "scan.h"
/* /*
* routines for handling incoming, outgoing, etc connections * routines for handling incoming, outgoing, etc connections
...@@ -78,7 +79,7 @@ int all_clients_initialized(void) { ...@@ -78,7 +79,7 @@ int all_clients_initialized(void) {
char *list_clients(void) { char *list_clients(void) {
rfbClientIteratorPtr iter; rfbClientIteratorPtr iter;
rfbClientPtr cl; rfbClientPtr cl;
char *list, tmp[32]; char *list, tmp[256];
int count = 0; int count = 0;
if (!screen) { if (!screen) {
...@@ -93,12 +94,12 @@ char *list_clients(void) { ...@@ -93,12 +94,12 @@ char *list_clients(void) {
/* /*
* each client: * each client:
* <id>:<ip>:<port>:<user>:<hostname>:<input>:<loginview>, * <id>:<ip>:<port>:<user>:<unix>:<hostname>:<input>:<loginview>:<time>,
* 8+1+16+1+5+1+24+1+256+1+5+1+1+1 * 8+1+64+1+5+1+24+1+24+1+256+1+5+1+1+1+10+1
* 123.123.123.123:60000/0x11111111-rw, * 123.123.123.123:60000/0x11111111-rw,
* so count+1 * 400 must cover it. * so count+1 * 500 must cover it.
*/ */
list = (char *) malloc((count+1)*400); list = (char *) malloc((count+1)*500);
list[0] = '\0'; list[0] = '\0';
...@@ -114,18 +115,27 @@ char *list_clients(void) { ...@@ -114,18 +115,27 @@ char *list_clients(void) {
strcat(list, ":"); strcat(list, ":");
sprintf(tmp, "%d:", cd->client_port); sprintf(tmp, "%d:", cd->client_port);
strcat(list, tmp); strcat(list, tmp);
if (*(cd->username) == '\0') { if (cd->username[0] == '\0') {
char *s = ident_username(cl); char *s = ident_username(cl);
if (s) free(s); if (s) free(s);
} }
strcat(list, cd->username); strcat(list, cd->username);
strcat(list, ":"); strcat(list, ":");
if (cd->unixname[0] == '\0') {
strcat(list, "none");
} else {
strcat(list, cd->unixname);
}
strcat(list, ":");
strcat(list, cd->hostname); strcat(list, cd->hostname);
strcat(list, ":"); strcat(list, ":");
strcat(list, cd->input); strcat(list, cd->input);
strcat(list, ":"); strcat(list, ":");
sprintf(tmp, "%d", cd->login_viewonly); sprintf(tmp, "%d", cd->login_viewonly);
strcat(list, tmp); strcat(list, tmp);
strcat(list, ":");
sprintf(tmp, "%d", (int) cd->login_time);
strcat(list, tmp);
} }
rfbReleaseClientIterator(iter); rfbReleaseClientIterator(iter);
return list; return list;
...@@ -511,6 +521,10 @@ static void free_client_data(rfbClientPtr client) { ...@@ -511,6 +521,10 @@ static void free_client_data(rfbClientPtr client) {
free(cd->username); free(cd->username);
cd->username = NULL; cd->username = NULL;
} }
if (cd->unixname) {
free(cd->unixname);
cd->unixname = NULL;
}
} }
free(client->clientData); free(client->clientData);
client->clientData = NULL; client->clientData = NULL;
...@@ -828,6 +842,9 @@ static unsigned char t2x2_bits[] = { ...@@ -828,6 +842,9 @@ static unsigned char t2x2_bits[] = {
sprintf(str_y, "OK"); sprintf(str_y, "OK");
sprop = "x11vnc client disconnected"; sprop = "x11vnc client disconnected";
h = 110; h = 110;
str1 = "";
str2 = "";
str3 = "";
} else if (!strcmp(mode, "mouse_only")) { } else if (!strcmp(mode, "mouse_only")) {
str1 = str1_m; str1 = str1_m;
str2 = str2_m; str2 = str2_m;
...@@ -1747,6 +1764,7 @@ enum rfbNewClientAction new_client(rfbClientPtr client) { ...@@ -1747,6 +1764,7 @@ enum rfbNewClientAction new_client(rfbClientPtr client) {
cd->server_ip = get_local_host(client->sock); cd->server_ip = get_local_host(client->sock);
cd->hostname = ip2host(client->host); cd->hostname = ip2host(client->host);
cd->username = strdup(""); cd->username = strdup("");
cd->unixname = strdup("");
cd->input[0] = '-'; cd->input[0] = '-';
cd->login_viewonly = -1; cd->login_viewonly = -1;
...@@ -1947,7 +1965,6 @@ void check_new_clients(void) { ...@@ -1947,7 +1965,6 @@ void check_new_clients(void) {
int run_after_accept = 0; int run_after_accept = 0;
if (unixpw_in_progress) { if (unixpw_in_progress) {
int present = 0;
if (time(0) > unixpw_last_try_time + 30) { if (time(0) > unixpw_last_try_time + 30) {
rfbLog("unixpw_deny: timed out waiting for reply.\n"); rfbLog("unixpw_deny: timed out waiting for reply.\n");
unixpw_deny(); unixpw_deny();
......
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
#define XEMBED_VERSION 0 #define XEMBED_VERSION 0
#define XEMBED_MAPPED (1 << 0) #define XEMBED_MAPPED (1 << 0)
int icon_mode = 0; /* hack for -gui tray */ int icon_mode = 0; /* hack for -gui tray/icon */
char *icon_mode_file = NULL; char *icon_mode_file = NULL;
FILE *icon_mode_fh = NULL; FILE *icon_mode_fh = NULL;
int icon_mode_socks[ICON_MODE_SOCKS]; int icon_mode_socks[ICON_MODE_SOCKS];
......
This diff is collapsed.
...@@ -288,6 +288,9 @@ char *ident_username(rfbClientPtr client) { ...@@ -288,6 +288,9 @@ char *ident_username(rfbClientPtr client) {
} }
user = newuser; user = newuser;
} }
if (!strcmp(user, "unknown-user") && cd && cd->unixname[0] != '\0') {
user = cd->unixname;
}
newhost = ip2host(client->host); newhost = ip2host(client->host);
len = strlen(user) + 1 + strlen(newhost) + 1; len = strlen(user) + 1 + strlen(newhost) + 1;
str = (char *) malloc(len); str = (char *) malloc(len);
...@@ -318,7 +321,20 @@ int have_ssh_env(void) { ...@@ -318,7 +321,20 @@ int have_ssh_env(void) {
char *str, *p = getenv("SSH_CONNECTION"); char *str, *p = getenv("SSH_CONNECTION");
char *rhost, *rport, *lhost, *lport; char *rhost, *rport, *lhost, *lport;
if (! p) return 0; if (! p) {
char *q = getenv("SSH_CLIENT");
if (! q) {
return 0;
}
if (strstr(q, "127.0.0.1") != NULL) {
return 0;
}
return 1;
}
if (strstr(p, "127.0.0.1") != NULL) {
return 0;
}
str = strdup(p); str = strdup(p);
...@@ -342,10 +358,10 @@ int have_ssh_env(void) { ...@@ -342,10 +358,10 @@ int have_ssh_env(void) {
if (0) fprintf(stderr, "%d/%d - '%s' '%s'\n", atoi(rport), atoi(lport), rhost, lhost); if (0) fprintf(stderr, "%d/%d - '%s' '%s'\n", atoi(rport), atoi(lport), rhost, lhost);
if (atoi(rport) < 0 || atoi(rport) > 65535) { if (atoi(rport) <= 16 || atoi(rport) > 65535) {
goto fail; goto fail;
} }
if (atoi(lport) < 0 || atoi(lport) > 65535) { if (atoi(lport) <= 16 || atoi(lport) > 65535) {
goto fail; goto fail;
} }
...@@ -358,7 +374,6 @@ if (0) fprintf(stderr, "%d/%d - '%s' '%s'\n", atoi(rport), atoi(lport), rhost, l ...@@ -358,7 +374,6 @@ if (0) fprintf(stderr, "%d/%d - '%s' '%s'\n", atoi(rport), atoi(lport), rhost, l
return 1; return 1;
fail: fail:
fprintf(stderr, "failed:\n");
free(str); free(str);
......
...@@ -16,6 +16,7 @@ int logfile_append = 0; ...@@ -16,6 +16,7 @@ int logfile_append = 0;
char *flagfile = NULL; /* -flag */ char *flagfile = NULL; /* -flag */
char *passwdfile = NULL; /* -passwdfile */ char *passwdfile = NULL; /* -passwdfile */
int unixpw = 0; /* -unixpw */ int unixpw = 0; /* -unixpw */
int unixpw_nis = 0; /* -unixpw_nis */
char *unixpw_list = NULL; char *unixpw_list = NULL;
int use_stunnel = 0; /* -stunnel */ int use_stunnel = 0; /* -stunnel */
int stunnel_port = 0; int stunnel_port = 0;
......
...@@ -16,6 +16,7 @@ extern int logfile_append; ...@@ -16,6 +16,7 @@ extern int logfile_append;
extern char *flagfile; extern char *flagfile;
extern char *passwdfile; extern char *passwdfile;
extern int unixpw; extern int unixpw;
extern int unixpw_nis;
extern char *unixpw_list; extern char *unixpw_list;
extern int use_stunnel; extern int use_stunnel;
extern int stunnel_port; extern int stunnel_port;
......
...@@ -3704,6 +3704,8 @@ char *process_remote_cmd(char *cmd, int stringonly) { ...@@ -3704,6 +3704,8 @@ char *process_remote_cmd(char *cmd, int stringonly) {
snprintf(buf, bufn, "aro=%s:%s", p, NONUL(passwdfile)); snprintf(buf, bufn, "aro=%s:%s", p, NONUL(passwdfile));
} else if (!strcmp(p, "unixpw")) { } else if (!strcmp(p, "unixpw")) {
snprintf(buf, bufn, "aro=%s:%d", p, unixpw); snprintf(buf, bufn, "aro=%s:%d", p, unixpw);
} else if (!strcmp(p, "unixpw_nis")) {
snprintf(buf, bufn, "aro=%s:%d", p, unixpw_nis);
} else if (!strcmp(p, "unixpw_list")) { } else if (!strcmp(p, "unixpw_list")) {
snprintf(buf, bufn, "aro=%s:%s", p, NONUL(unixpw_list)); snprintf(buf, bufn, "aro=%s:%s", p, NONUL(unixpw_list));
} else if (!strcmp(p, "stunnel")) { } else if (!strcmp(p, "stunnel")) {
......
...@@ -19,6 +19,27 @@ void setup_stunnel(int rport, int *argc, char **argv); ...@@ -19,6 +19,27 @@ void setup_stunnel(int rport, int *argc, char **argv);
static pid_t stunnel_pid = 0; static pid_t stunnel_pid = 0;
void check_stunnel(void) {
static time_t last_check = 0;
time_t now = time(0);
if (last_check + 3 >= now) {
return;
}
last_check = now;
if (stunnel_pid > 0) {
int status;
waitpid(stunnel_pid, &status, WNOHANG);
if (kill(stunnel_pid, 0) != 0) {
waitpid(stunnel_pid, &status, WNOHANG);
rfbLog("stunnel subprocess %d died.\n", stunnel_pid);
stunnel_pid = 0;
clean_up_exit(1);
}
}
}
int start_stunnel(int stunnel_port, int x11vnc_port) { int start_stunnel(int stunnel_port, int x11vnc_port) {
#ifdef SSLCMDS #ifdef SSLCMDS
char extra[] = ":/usr/sbin:/usr/local/sbin"; char extra[] = ":/usr/sbin:/usr/local/sbin";
......
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
/* -- sslcmds.h -- */ /* -- sslcmds.h -- */
extern void check_stunnel(void);
extern int start_stunnel(int stunnel_port, int x11vnc_port); extern int start_stunnel(int stunnel_port, int x11vnc_port);
extern void stop_stunnel(void); extern void stop_stunnel(void);
extern void setup_stunnel(int rport, int *argc, char **argv); extern void setup_stunnel(int rport, int *argc, char **argv);
......
...@@ -258,6 +258,8 @@ Permissions ...@@ -258,6 +258,8 @@ Permissions
=F rfbauth: =F rfbauth:
unixpw unixpw
unixpw_list: unixpw_list:
unixpw_nis
unixpw_nis_list:
=0 storepasswd =0 storepasswd
=GAL LOFF =GAL LOFF
=GAL Misc-Perms:: =GAL Misc-Perms::
...@@ -523,7 +525,11 @@ Set the -xrandr mode value. ...@@ -523,7 +525,11 @@ Set the -xrandr mode value.
" "
set helptext(unixpw_list) " set helptext(unixpw_list) "
Set the -unixpw_list usernames list value. Set the -unixpw usernames list value.
"
set helptext(unixpw_nis_list) "
Set the -unixpw_nis usernames list value.
" "
set helptext(stunnel_pem) " set helptext(stunnel_pem) "
...@@ -658,10 +664,12 @@ to apply the changes, or press \"Cancel\" to skip applying them. ...@@ -658,10 +664,12 @@ to apply the changes, or press \"Cancel\" to skip applying them.
remote-control commands. remote-control commands.
- \"Password\" lets you set the session password viewers may use to gain full - \"Password\" lets you set the session password viewers may use to gain full
access to the display. access to the display. This will only work if x11vnc was started with
the -gui icon or -gui tray mode.
- \"ViewOnly Password\" lets you set the session password viewers may - \"ViewOnly Password\" lets you set the session password viewers may
use to gain view only access to the display. use to gain view only access to the display. This will only work if
x11vnc was started with the -gui icon or -gui tray mode.
NOTE: These \"session\" passwords only last for the current x11vnc NOTE: These \"session\" passwords only last for the current x11vnc
session (they are not remembered, see the -storepasswd, -passwdfile, session (they are not remembered, see the -storepasswd, -passwdfile,
...@@ -3217,25 +3225,36 @@ proc client_dialog {client} { ...@@ -3217,25 +3225,36 @@ proc client_dialog {client} {
set ip "" set ip ""
global menu_var text_area cleanup_window item_bool global menu_var text_area cleanup_window item_bool
append_text "\nClient info string: $client\n\n" #<id>:<ip>:<port>:<user>:<unix>:<hostname>:<input>:<loginview>:<time>
if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \ append_text "\nClient info string:\n - $client\n\n"
$client m0 m1 m2 m3 m4 m5 m6 m7]} { if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \
# id:ip:port:user:hostname:input:loginvo $client m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]} {
set cid $m1 set cid $m1
set ip $m2 set ip $m2
set port $m3 set port $m3
set user $m4 set user $m4
set host $m5 set unix $m5
set host $m6
regsub {\..*$} $host "" host regsub {\..*$} $host "" host
set input $m6 set input $m7
set logvo $m7 set logvo $m8
append_text "Host: $host, Port: $port, User: $user, IP: $ip, Id: $cid\n" set ltime $m9
append_text "Host: $host, Port: $port, User: $user"
if {$unix != "" && $unix != "none"} {
append_text ", Unix: $unix"
}
append_text ", IP: $ip, Id: $cid\n"
append_text " - originally logged in as: " append_text " - originally logged in as: "
if {$logvo == "1" } { if {$logvo == "1" } {
append_text "View-Only Client\n" append_text "View-Only Client"
} else { } else {
append_text "Normal Client\n" append_text "Normal Client"
}
if {$ltime != ""} {
set tim [clock format $ltime]
append_text ", $tim"
} }
append_text "\n"
append_text " - currently allowed input: " append_text " - currently allowed input: "
set sk 0 set sk 0
set sm 0 set sm 0
...@@ -3303,22 +3322,30 @@ proc disconnect_dialog {client} { ...@@ -3303,22 +3322,30 @@ proc disconnect_dialog {client} {
set cid "" set cid ""
set host "" set host ""
set msg "\n" set msg "\n"
append msg "*** Client info string: $client\n" append msg "*** Client info string:\n $client\n"
if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*)$} $client m0 m1 m2 m3 m4 m5 m6]} { if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \
set cid $m1 $client m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]} {
set ip $m2 set cid $m1
set ip $m2
set port $m3 set port $m3
set host $m4 set user $m4
set unix $m5
set host $m6
regsub {\..*$} $host "" host regsub {\..*$} $host "" host
set input $m5 set input $m7
set logvo $m6 set logvo $m8
append_text "Host: $host, Port: $port, IP: $ip, Id: $cid\n" set ltime $m9
append_text "Host: $host, Port: $port, IP: $ip, User: $user"
if {$unix != "" && $unix != "none"} {
append_text ", Unix: $unix"
}
append_text ", Id: $cid\n"
} }
if {$cid == ""} { if {$cid == ""} {
append_text "Invalid client info string: $client\n" append_text "Invalid client info string: $client\n"
return return
} }
append msg "*** To *DISCONNECT* this client press \"OK\", otherwise press \"Cancel\"\n" append msg "*** To *DISCONNECT* this client press \"OK\" again, otherwise press \"Cancel\"\n"
bell bell
if {[warning_dialog $msg "current"]} { if {[warning_dialog $msg "current"]} {
push_new_value "disconnect" "disconnect" $cid 1 push_new_value "disconnect" "disconnect" $cid 1
...@@ -3389,12 +3416,19 @@ proc update_clients_menu {list} { ...@@ -3389,12 +3416,19 @@ proc update_clients_menu {list} {
} }
regsub -all {[{}()~!$&*|;'"`{}<>\[\]]} $client "" client regsub -all {[{}()~!$&*|;'"`{}<>\[\]]} $client "" client
#' #'
if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \ if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \
$client m0 m1 m2 m3 m4 m5 m6 m7]} { $client m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]} {
# id:ip:port:user:hostname:input:loginvo set id $m1
set host $m5 set user $m4
set unix $m5
set host $m6
regsub {\..*$} $host "" host regsub {\..*$} $host "" host
set clabel "$host $m1" set clabel "$host $id"
if {$unix != "" && $unix != "none"} {
set clabel "$unix@$clabel"
} elseif {$user != "unknown-user"} {
set clabel "$user@$clabel"
}
} else { } else {
regsub {:.*$} $client "" clabel regsub {:.*$} $client "" clabel
} }
...@@ -3943,6 +3977,7 @@ proc do_props {{msg ""}} { ...@@ -3943,6 +3977,7 @@ proc do_props {{msg ""}} {
global menu_var unset_str global menu_var unset_str
global have_labelframes ffont bfont global have_labelframes ffont bfont
global props_buttons icon_noadvanced global props_buttons icon_noadvanced
global icon_mode icon_mode_at_startup
check_update_vars check_update_vars
...@@ -4054,6 +4089,7 @@ proc do_props {{msg ""}} { ...@@ -4054,6 +4089,7 @@ proc do_props {{msg ""}} {
entry $vp.e -show "*" -textvariable props_viewpasswd -font $bfont entry $vp.e -show "*" -textvariable props_viewpasswd -font $bfont
pack $vp.e -fill x -expand 1 -padx 1m -pady 1m -side top pack $vp.e -fill x -expand 1 -padx 1m -pady 1m -side top
lappend props_buttons $vp.e lappend props_buttons $vp.e
set pw "$w.passwd" set pw "$w.passwd"
...@@ -4068,6 +4104,17 @@ proc do_props {{msg ""}} { ...@@ -4068,6 +4104,17 @@ proc do_props {{msg ""}} {
entry $pw.e -show "*" -textvariable props_passwd -font $bfont entry $pw.e -show "*" -textvariable props_passwd -font $bfont
pack $pw.e -fill x -expand 1 -padx 1m -pady 1m -side top pack $pw.e -fill x -expand 1 -padx 1m -pady 1m -side top
if {! $icon_mode_at_startup} {
$vp.e configure -state disabled
catch {$vp.l configure -state disabled}
catch {$vp configure -state disabled}
catch {$vp configure -foreground grey60}
$pw.e configure -state disabled
catch {$pw.l configure -state disabled}
catch {$pw configure -state disabled}
catch {$pw configure -foreground grey60}
}
lappend props_buttons $pw.e lappend props_buttons $pw.e
set sh "$w.shared" set sh "$w.shared"
...@@ -4188,7 +4235,8 @@ proc popup_post {m} { ...@@ -4188,7 +4235,8 @@ proc popup_post {m} {
continue continue
} }
if {[regexp {^([^:]*):(.*)$} $client mat id lab]} { if {[regexp {^([^:]*):(.*)$} $client mat id lab]} {
$wd add command -label "$lab" \ set nid [expr "$id + 0"]
$wd add command -label "$nid $lab" \
-command "do_disconnect_client $id" -command "do_disconnect_client $id"
} }
} }
...@@ -4213,26 +4261,38 @@ proc set_client_balloon {str} { ...@@ -4213,26 +4261,38 @@ proc set_client_balloon {str} {
set client_balloon "$vnc_display" set client_balloon "$vnc_display"
set count 0 set count 0
regsub -all {^.*aro=clients:} $str "" str
regsub -all {aro=.*$} $str "" str
regsub -all {ans=.*$} $str "" str
foreach client [split $str ","] { foreach client [split $str ","] {
if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \ #puts "client: $client"
$client m0 m1 m2 m3 m4 m5 m6 m7]} { if [regexp {^[ ]*$} $client] {
# id:ip:port:user:hostname:input:loginvo continue
}
if {[regexp {^(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*):(.*)$} \
$client m0 m1 m2 m3 m4 m5 m6 m7 m8 m9]} {
set id $m1 set id $m1
set nid [expr "$m1 + 0"]
set ip $m2 set ip $m2
set port $m3 set port $m3
set user $m4 set user $m4
set unix $m5
if {[string length $user] >= 24} { if {[string length $user] >= 24} {
# weird identd hash... # weird identd hash...
set user [string range $user 0 8] set user [string range $user 0 8]
set user "${user}..." set user "${user}..."
} }
set host $m5 if {$unix != "" && $unix != "none"} {
set input $m6 set user $unix
set vo $m7 }
set host $m6
set input $m7
set vo $m8
set ltime $m9
if [regexp {^[ ]*$} $host] { if [regexp {^[ ]*$} $host] {
set host $ip set host $ip
} }
set client_balloon "${client_balloon}\n$user\@$host" set client_balloon "${client_balloon}\n$nid $user\@$host"
if {$vo == "1"} { if {$vo == "1"} {
set client_balloon "${client_balloon} - view" set client_balloon "${client_balloon} - view"
lappend client_id_list "$id:$user\@$host - view" lappend client_id_list "$id:$user\@$host - view"
...@@ -5408,6 +5468,8 @@ proc get_nitem {item} { ...@@ -5408,6 +5468,8 @@ proc get_nitem {item} {
set nitem "xrandr" set nitem "xrandr"
} elseif {$nitem == "unixpw_list"} { } elseif {$nitem == "unixpw_list"} {
set nitem "unixpw" set nitem "unixpw"
} elseif {$nitem == "unixpw_nis_list"} {
set nitem "unixpw_nis"
} elseif {$nitem == "stunnel_pem"} { } elseif {$nitem == "stunnel_pem"} {
set nitem "stunnel" set nitem "stunnel"
} elseif {$nitem == "wireframe_mode"} { } elseif {$nitem == "wireframe_mode"} {
...@@ -5870,12 +5932,16 @@ proc setup_tray_embed {} { ...@@ -5870,12 +5932,16 @@ proc setup_tray_embed {} {
proc restart_everything {gui_mode} { proc restart_everything {gui_mode} {
global env gui_argv0 x11vnc_prog full_win global env gui_argv0 x11vnc_prog full_win
global icon_mode_at_startup
global tray_embed tray_running
if {$gui_mode == "full"} { if {$gui_mode == "full"} {
set env(X11VNC_ICON_MODE) 0 set env(X11VNC_ICON_MODE) 0
} elseif {$gui_mode == "icon"} { } elseif {$gui_mode == "icon"} {
set env(X11VNC_ICON_MODE) 1 set env(X11VNC_ICON_MODE) 1
} elseif {$gui_mode == "tray"} { } elseif {$gui_mode == "tray"} {
if {![regexp -nocase {TRAY} $env(X11VNC_ICON_MODE)]} { if {$tray_running} {
set env(X11VNC_ICON_MODE) "RUNNING"
} else {
set env(X11VNC_ICON_MODE) "TRAY" set env(X11VNC_ICON_MODE) "TRAY"
} }
} }
...@@ -5957,7 +6023,8 @@ global connected_to_x11vnc ...@@ -5957,7 +6023,8 @@ global connected_to_x11vnc
global delay_sleep extra_sleep extra_sleep_split global delay_sleep extra_sleep extra_sleep_split
global cache_all_query_vars global cache_all_query_vars
global last_query_all_time query_all_freq client_tail client_sock client_info_read global last_query_all_time query_all_freq client_tail client_sock client_info_read
global icon_mode tray_embed tray_running icon_setpasswd icon_embed_id global icon_mode icon_mode_at_startup
global tray_embed tray_running icon_setpasswd icon_embed_id
global icon_noadvanced icon_minimal global icon_noadvanced icon_minimal
global make_gui_count text_area_str global make_gui_count text_area_str
global gui_argv0 gui_start_mode global gui_argv0 gui_start_mode
...@@ -6144,6 +6211,20 @@ if {[info exists env(X11VNC_SIMPLE_GUI)]} { ...@@ -6144,6 +6211,20 @@ if {[info exists env(X11VNC_SIMPLE_GUI)]} {
set icon_mode 0 set icon_mode 0
set tray_embed 0 set tray_embed 0
set tray_running 0 set tray_running 0
if {![info exists env(X11VNC_ICON_MODE_AT_STARTUP)]} {
if {[info exists env(X11VNC_ICON_MODE)]} {
if {$env(X11VNC_ICON_MODE) != 0} {
set env(X11VNC_ICON_MODE_AT_STARTUP) 1
} else {
set env(X11VNC_ICON_MODE_AT_STARTUP) 0
}
} else {
set env(X11VNC_ICON_MODE_AT_STARTUP) 0
}
}
set icon_mode_at_startup $env(X11VNC_ICON_MODE_AT_STARTUP)
if {![info exists env(X11VNC_ICON_MODE)]} { if {![info exists env(X11VNC_ICON_MODE)]} {
set icon_mode 0 set icon_mode 0
} elseif {$env(X11VNC_ICON_MODE) == "" || $env(X11VNC_ICON_MODE) == "0"} { } elseif {$env(X11VNC_ICON_MODE) == "" || $env(X11VNC_ICON_MODE) == "0"} {
...@@ -6158,6 +6239,7 @@ if {![info exists env(X11VNC_ICON_MODE)]} { ...@@ -6158,6 +6239,7 @@ if {![info exists env(X11VNC_ICON_MODE)]} {
set tray_running 1 set tray_running 1
} }
} }
set icon_setpasswd 0 set icon_setpasswd 0
if {[info exists env(X11VNC_ICON_SETPASS)]} { if {[info exists env(X11VNC_ICON_SETPASS)]} {
if {$env(X11VNC_ICON_SETPASS) != ""} { if {$env(X11VNC_ICON_SETPASS) != ""} {
......
This diff is collapsed.
This diff is collapsed.
...@@ -8,6 +8,7 @@ extern void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init); ...@@ -8,6 +8,7 @@ extern void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init);
extern void unixpw_accept(char *user); extern void unixpw_accept(char *user);
extern void unixpw_deny(void); extern void unixpw_deny(void);
extern int su_verify(char *user, char *pass); extern int su_verify(char *user, char *pass);
extern int crypt_verify(char *user, char *pass);
extern int unixpw_in_progress; extern int unixpw_in_progress;
extern time_t unixpw_last_try_time; extern time_t unixpw_last_try_time;
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
.TH X11VNC "1" "March 2006" "x11vnc " "User Commands" .TH X11VNC "1" "March 2006" "x11vnc " "User Commands"
.SH NAME .SH NAME
x11vnc - allow VNC connections to real X11 displays x11vnc - allow VNC connections to real X11 displays
version: 0.8.1, lastmod: 2006-03-02 version: 0.8.1, lastmod: 2006-03-04
.SH SYNOPSIS .SH SYNOPSIS
.B x11vnc .B x11vnc
[OPTION]... [OPTION]...
...@@ -32,10 +32,10 @@ these protections. See the FAQ for details how to tunnel the VNC connection ...@@ -32,10 +32,10 @@ these protections. See the FAQ for details how to tunnel the VNC connection
through an encrypted channel such as through an encrypted channel such as
.IR ssh (1). .IR ssh (1).
In brief: In brief:
.IP .PP
ssh -L 5900:localhost:5900 far-host 'x11vnc -localhost -display :0' % ssh -L 5900:localhost:5900 far-host 'x11vnc -localhost -display :0'
.IP .PP
vncviewer -encodings 'copyrect tight zrle hextile' localhost:0 % vncviewer -encodings 'copyrect tight zrle hextile' localhost:0
.PP .PP
Also, use of a VNC password (-rfbauth or \fB-passwdfile)\fR is strongly recommend. Also, use of a VNC password (-rfbauth or \fB-passwdfile)\fR is strongly recommend.
.PP .PP
...@@ -494,19 +494,19 @@ full-access passwords) ...@@ -494,19 +494,19 @@ full-access passwords)
.PP .PP
\fB-unixpw\fR \fI[list]\fR \fB-unixpw\fR \fI[list]\fR
.IP .IP
Experimental option: use Unix username and password Use Unix username and password authentication. x11vnc
authentication. x11vnc uses the uses the
.IR su (1) .IR su (1)
program to verify program to verify the user's password.
the user's password. [list] is an optional comma [list] is an optional comma separated list of allowed
separated list of allowed Unix usernames. See below Unix usernames. See below for per-user options that
for per-user options that can be applied. can be applied.
.IP .IP
A familiar "login:" and "Password:" dialog is A familiar "login:" and "Password:" dialog is
presented to the user on a black screen inside the presented to the user on a black screen inside the
vncviewer. The connection is dropped if the user fails vncviewer. The connection is dropped if the user fails
to supply the correct password in 3 tries or does not to supply the correct password in 3 tries or does not
send one before a 20 second timeout. Existing clients send one before a 25 second timeout. Existing clients
are view-only during this period. are view-only during this period.
.IP .IP
Since the detailed behavior of Since the detailed behavior of
...@@ -514,19 +514,24 @@ Since the detailed behavior of ...@@ -514,19 +514,24 @@ Since the detailed behavior of
can vary from can vary from
OS to OS and for local configurations, please test OS to OS and for local configurations, please test
the mode carefully on your systems before using it. the mode carefully on your systems before using it.
Try different combinations of valid/invalid usernames E.g. try different combinations of valid/invalid
and passwords. usernames and valid/invalid passwords to see if it
.IP behaves correctly. x11vnc will be conservative and
For example, on FreeBSD and the other BSD's and Tru64 reject a user if anything abnormal occurs.
it does not appear to be possible for the user running .IP
x11vnc to validate his *own* password via For example, on FreeBSD and the other BSD's by default
.IR su (1). it is impossible for the user running x11vnc to validate
The x11vnc login will always fail in this case. his *own* password via
A possible workaround would be to start x11vnc as .IR su (1)
root with the "\fB-users\fR \fI+nobody\fR" option to immediately (evidently commenting
switch to user nobody. Another source of problems are out the pam_self.so entry in /etc/pam.d/su eliminates
PAM modules that prompt for extra info, e.g. password the problem). So the x11vnc login will always fail for
aging modules. These logins will always fail as well. this case. A possible workaround would be to start
x11vnc as root with the "\fB-users\fR \fI+nobody\fR" option to
immediately switch to user nobody. Another source of
problems are PAM modules that prompt for extra info,
e.g. password aging modules. These logins will always
fail as well.
.IP .IP
*IMPORTANT*: to prevent the Unix password being sent in *IMPORTANT*: to prevent the Unix password being sent in
*clear text* over the network, two x11vnc options are *clear text* over the network, two x11vnc options are
...@@ -544,21 +549,22 @@ Evidently you will be using a different method to ...@@ -544,21 +549,22 @@ Evidently you will be using a different method to
encrypt the data between the vncviewer and x11vnc: encrypt the data between the vncviewer and x11vnc:
e.g. e.g.
.IR ssh (1) .IR ssh (1)
or a VPN. Note that use of or a VPN. Note that use of \fB-localhost\fR
with
.IR ssh (1) .IR ssh (1)
with is roughly the same as requiring a Unix
\fB-localhost\fR is roughly the same as requiring a Unix user login (since a Unix password or the user's public
user login (since Unix password or the user's public key authentication is used by ssh on the machine where
key authentication is used by ssh) x11vnc runs and only local connections are accepted)
.IP .IP
As a convenience, if you As a convenience, if you
.IR ssh (1) .IR ssh (1)
in and start x11vnc in and start x11vnc it
it will look to see if the environment variable will check if the environment variable SSH_CONNECTION
SSH_CONNECTION is set and appears reasonable. If it is set and appears reasonable. If it does, then the
does, then the stunnel requirement is dropped since stunnel requirement is dropped since it is assumed
it is assumed you are using ssh for the encrypted you are using ssh for the encrypted tunnelling.
tunnelling. Use \fB-stunnel\fR to force stunnel usage. Use \fB-stunnel\fR to force stunnel usage.
.IP .IP
Set UNIXPW_DISABLE_LOCALHOST=1 to disable the \fB-localhost\fR Set UNIXPW_DISABLE_LOCALHOST=1 to disable the \fB-localhost\fR
requirement. One should never do this (i.e. allow the requirement. One should never do this (i.e. allow the
...@@ -575,20 +581,36 @@ per-user options after a ":", e.g. "fred:opts" ...@@ -575,20 +581,36 @@ per-user options after a ":", e.g. "fred:opts"
where "opts" is a "+" separated list of where "opts" is a "+" separated list of
"viewonly", "fullaccess", "input=XXXX", or "viewonly", "fullaccess", "input=XXXX", or
"deny", e.g. "karl,fred:viewonly,boss:input=M". "deny", e.g. "karl,fred:viewonly,boss:input=M".
For "input=" it is the K,M,B,C describe under \fB-input.\fR For "input=" it is the K,M,B,C described under \fB-input.\fR
.IP .IP
If a user in the list is "*" that means those options If a user in the list is "*" that means those
apply to all users. It also means all users are allowed options apply to all users. It also means all users
to log in. Use "deny" to explicitly deny some users are allowed to log in after supplying a valid password.
if you use "*" to set a global option. Use "deny" to explicitly deny some users if you use
"*" to set a global option.
.PP
\fB-unixpw_nis\fR \fI[list]\fR
.IP
As \fB-unixpw\fR above, however do not run
.IR su (1)
but rather
use the traditional getpwnam() + crypt() method instead.
This requires that the encrpyted passwords be readable.
Passwords stored in /etc/shadow will be inaccessible
unless run as root. This is called "NIS" mode
simply because in most NIS setups the user encrypted
passwords are accessible (e.g. "ypcat passwd").
NIS is not required for this mode to work, but it
is unlikely it will work for any other environment.
All of the \fB-unixpw\fR options and contraints apply.
.PP .PP
\fB-stunnel\fR \fI[pem]\fR \fB-stunnel\fR \fI[pem]\fR
.IP .IP
Use the Use the
.IR stunnel (1) .IR stunnel (1)
(www.stunnel.org) to provide an (www.stunnel.org) to provide
encrypted SSL tunnel between viewers and x11vnc. an encrypted SSL tunnel between viewers and x11vnc.
This requires stunnel be installed on the system and This requires stunnel to be installed on the system and
available via PATH (n.b. stunnel is often installed in available via PATH (n.b. stunnel is often installed in
sbin directories). Version 4.x of stunnel is assumed; sbin directories). Version 4.x of stunnel is assumed;
see \fB-stunnel3\fR below. see \fB-stunnel3\fR below.
...@@ -600,9 +622,9 @@ configuration. ...@@ -600,9 +622,9 @@ configuration.
.IP .IP
stunnel is started up as a child process of x11vnc and stunnel is started up as a child process of x11vnc and
any SSL connections stunnel receives are decrypted and any SSL connections stunnel receives are decrypted and
sent to x11vnc over a local socket. The strings "The sent to x11vnc over a local socket. The strings
SSL VNC desktop is ..." and SSLPORT=... are printed "The SSL VNC desktop is ..." and "SSLPORT=..."
out at startup. are printed out at startup.
.IP .IP
The \fB-localhost\fR option is enforced by default to The \fB-localhost\fR option is enforced by default to
avoid people routing around the SSL channel. Set avoid people routing around the SSL channel. Set
...@@ -610,7 +632,7 @@ STUNNEL_DISABLE_LOCALHOST=1 to disable the requirement. ...@@ -610,7 +632,7 @@ STUNNEL_DISABLE_LOCALHOST=1 to disable the requirement.
.IP .IP
Your VNC viewer will need to be able to connect via SSL. Your VNC viewer will need to be able to connect via SSL.
Unfortunately not too many do this. UltraVNC seems to Unfortunately not too many do this. UltraVNC seems to
have a SSL plugin. It is not too difficult to set up have a SSL plugin. It is not too difficult to set up
an stunnel or other SSL tunnel on the viewer side. an stunnel or other SSL tunnel on the viewer side.
.IP .IP
A simple example on Unix using stunnel 3.x is: A simple example on Unix using stunnel 3.x is:
...@@ -2694,16 +2716,16 @@ aro= noop display vncdisplay desktopname guess_desktop ...@@ -2694,16 +2716,16 @@ aro= noop display vncdisplay desktopname guess_desktop
http_url auth xauth users rootshift clipshift http_url auth xauth users rootshift clipshift
scale_str scaled_x scaled_y scale_numer scale_denom scale_str scaled_x scaled_y scale_numer scale_denom
scale_fac scaling_blend scaling_nomult4 scaling_pad scale_fac scaling_blend scaling_nomult4 scaling_pad
scaling_interpolate inetd privremote unsafe safer nocmds scaling_interpolate inetd privremote unsafe safer
passwdfile unixpw unixpw_list stunnel stunnel_pem nocmds passwdfile unixpw unixpw_nis unixpw_list stunnel
using_shm logfile o flag rc norc h help V version stunnel_pem using_shm logfile o flag rc norc h help
lastmod bg sigpipe threads readrate netrate netlatency V version lastmod bg sigpipe threads readrate netrate
pipeinput clients client_count pid ext_xtest ext_xtrap netlatency pipeinput clients client_count pid ext_xtest
ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama
ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin
button_mask mouse_x mouse_y bpp depth indexed_color num_buttons button_mask mouse_x mouse_y bpp depth
dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y indexed_color dpy_x dpy_y wdpy_x wdpy_y off_x off_y
coff_x coff_y rfbauth passwd viewpasswd cdpy_x cdpy_y coff_x coff_y rfbauth passwd viewpasswd
.PP .PP
\fB-QD\fR \fIvariable\fR \fB-QD\fR \fIvariable\fR
.IP .IP
...@@ -2896,15 +2918,26 @@ run by \fB-accept\fR and \fB-gone\fR: ...@@ -2896,15 +2918,26 @@ run by \fB-accept\fR and \fB-gone\fR:
.IR vncconnect (1), .IR vncconnect (1),
.IR vncserver (1), .IR vncserver (1),
.IR Xvnc (1), .IR Xvnc (1),
.IR inetd (1),
.IR xev (1), .IR xev (1),
.IR xdpyinfo (1),
.IR xwininfo (1),
.IR xprop (1),
.IR xmodmap (1), .IR xmodmap (1),
.IR xrandr (1),
.IR Xserver (1), .IR Xserver (1),
.IR xauth (1), .IR xauth (1),
.IR xhost (1), .IR xhost (1),
.IR Xsecurity (7), .IR Xsecurity (7),
.IR xmessage (1), .IR xmessage (1),
.IR XGetImage (3X11),
.IR ipcrm (1), .IR ipcrm (1),
.IR inetd (1),
.IR xdm (1),
.IR gdm (1),
.IR kdm (1),
.IR ssh (1),
.IR stunnel (8),
.IR su (1),
.IR http://www.tightvnc.com , .IR http://www.tightvnc.com ,
.IR http://www.realvnc.com , .IR http://www.realvnc.com ,
.IR http://www.karlrunge.com/x11vnc/ , .IR http://www.karlrunge.com/x11vnc/ ,
......
...@@ -138,6 +138,7 @@ ...@@ -138,6 +138,7 @@
#include "connections.h" #include "connections.h"
#include "rates.h" #include "rates.h"
#include "unixpw.h" #include "unixpw.h"
#include "inet.h"
/* /*
* main routine for the x11vnc program * main routine for the x11vnc program
...@@ -467,6 +468,7 @@ if (debug_scroll) fprintf(stderr, "watch_loop: LOOP-BACK: %d\n", ret); ...@@ -467,6 +468,7 @@ if (debug_scroll) fprintf(stderr, "watch_loop: LOOP-BACK: %d\n", ret);
check_keycode_state(); check_keycode_state();
check_connect_inputs(); check_connect_inputs();
check_gui_inputs(); check_gui_inputs();
check_stunnel();
record_last_fb_update(); record_last_fb_update();
check_padded_fb(); check_padded_fb();
check_fixscreen(); check_fixscreen();
...@@ -898,6 +900,82 @@ static void immediate_switch_user(int argc, char* argv[]) { ...@@ -898,6 +900,82 @@ static void immediate_switch_user(int argc, char* argv[]) {
} }
} }
static void quick_pw(char *str) {
char *p, *q;
char tmp[1024];
int db = 0;
if (db) fprintf(stderr, "quick_pw: %s\n", str);
if (! str || str[0] == '\0') {
exit(1);
}
if (str[0] != '%') {
exit(1);
}
/*
* "%-" or "%stdin" means read one line from stdin.
*
* "%env" means it is in $UNIXPW env var.
*
* starting "%/" or "%." means read the first line from that file.
*
* otherwise: %user:pass
*/
if (!strcmp(str, "%-") || !strcmp(str, "%stdin")) {
if(fgets(tmp, 1024, stdin) == NULL) {
exit(1);
}
q = strdup(tmp);
} else if (!strcmp(str, "%env")) {
if (getenv("UNIXPW") == NULL) {
exit(1);
}
q = strdup(getenv("UNIXPW"));
} else if (str[1] == '/' || str[1] == '.') {
FILE *in = fopen(str+1, "r");
if (in == NULL) {
exit(1);
}
if(fgets(tmp, 1024, in) == NULL) {
exit(1);
}
q = strdup(tmp);
} else {
q = strdup(str+1);
}
p = (char *) malloc(strlen(q) + 10);
strcpy(p, q);
if (strchr(p, '\n') == NULL) {
strcat(p, "\n");
}
if ((q = strchr(p, ':')) == NULL) {
exit(1);
}
*q = '\0';
if (db) fprintf(stderr, "'%s' '%s'\n", p, q+1);
if (unixpw_nis) {
if (crypt_verify(p, q+1)) {
fprintf(stdout, "Y %s\n", p);
exit(0);
} else {
fprintf(stdout, "N %s\n", p);
exit(1);
}
} else {
if (su_verify(p, q+1)) {
fprintf(stdout, "Y %s\n", p);
exit(0);
} else {
fprintf(stdout, "N %s\n", p);
exit(1);
}
}
/* NOTREACHED */
exit(1);
}
static void print_settings(int try_http, int bg, char *gui_str) { static void print_settings(int try_http, int bg, char *gui_str) {
fprintf(stderr, "\n"); fprintf(stderr, "\n");
...@@ -1364,9 +1442,11 @@ int main(int argc, char* argv[]) { ...@@ -1364,9 +1442,11 @@ int main(int argc, char* argv[]) {
CHECK_ARGC CHECK_ARGC
passwdfile = strdup(argv[++i]); passwdfile = strdup(argv[++i]);
got_passwdfile = 1; got_passwdfile = 1;
} else if (!strcmp(arg, "-unixpw") } else if (strstr(arg, "-unixpw") == arg) {
|| !strcmp(arg, "-unixpw_unsafe")) {
unixpw = 1; unixpw = 1;
if (strstr(arg, "-unixpw_nis")) {
unixpw_nis = 1;
}
if (i < argc-1) { if (i < argc-1) {
char *p, *q, *s = argv[i+1]; char *p, *q, *s = argv[i+1];
if (s[0] != '-') { if (s[0] != '-') {
...@@ -1374,23 +1454,12 @@ int main(int argc, char* argv[]) { ...@@ -1374,23 +1454,12 @@ int main(int argc, char* argv[]) {
i++; i++;
} }
if (s[0] == '%') { if (s[0] == '%') {
p = unixpw_list;
unixpw_list = NULL; unixpw_list = NULL;
strcpy(p, s+1); quick_pw(s);
strcat(p, "\n"); /* just fits */ exit(1);
if ((q = strchr(p, ':')) == NULL) {
exit(1);
}
*q = '\0';
if (su_verify(p, q+1)) {
fprintf(stderr, "\nY\n");
} else {
fprintf(stderr, "\nN\n");
}
exit(0);
} }
} }
if (!strcmp(arg, "-unixpw_unsafe")) { if (strstr(arg, "_unsafe")) {
/* hidden option for testing. */ /* hidden option for testing. */
set_env("UNIXPW_DISABLE_STUNNEL", "1"); set_env("UNIXPW_DISABLE_STUNNEL", "1");
set_env("UNIXPW_DISABLE_LOCALHOST", "1"); set_env("UNIXPW_DISABLE_LOCALHOST", "1");
...@@ -2114,6 +2183,17 @@ int main(int argc, char* argv[]) { ...@@ -2114,6 +2183,17 @@ int main(int argc, char* argv[]) {
"mode.\n"); "mode.\n");
} }
use_stunnel = 1; use_stunnel = 1;
} else if (! getenv("UNIXPW_DISABLE_STUNNEL")) {
char *s = getenv("SSH_CONNECTION");
if (! s) s = getenv("SSH_CLIENT");
if (! s) s = "SSH_CONNECTION";
fprintf(stderr, "\n");
rfbLog("Skipping -stunnel contraint in -unixpw mode,\n");
rfbLog("assuming your SSH encryption is: %s\n", s);
fprintf(stderr, "\n");
if (! nopw) {
usleep(2000*1000);
}
} }
} }
} else if (use_stunnel) { } else if (use_stunnel) {
......
...@@ -247,6 +247,19 @@ extern int h_errno; ...@@ -247,6 +247,19 @@ extern int h_errno;
# endif # endif
#endif #endif
/*
* For reference, the OS header defines:
__SVR4 && __sun is solaris
__sgi
__hpux
__osf__
__OpenBSD__
__FreeBSD__
__NetBSD__
__linux__
_AIX
*/
#ifdef IRIX_OVERLAY #ifdef IRIX_OVERLAY
#include <X11/extensions/readdisplay.h> #include <X11/extensions/readdisplay.h>
#endif #endif
...@@ -422,6 +435,7 @@ typedef struct _ClientData { ...@@ -422,6 +435,7 @@ typedef struct _ClientData {
int uid; int uid;
char *hostname; char *hostname;
char *username; char *username;
char *unixname;
int client_port; int client_port;
int server_port; int server_port;
char *server_ip; char *server_ip;
......
...@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0; ...@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0; int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */ /* date +'lastmod: %Y-%m-%d' */
char lastmod[] = "0.8.1 lastmod: 2006-03-02"; char lastmod[] = "0.8.1 lastmod: 2006-03-04";
/* X display info */ /* X display info */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment