Commit b03a920c authored by runge's avatar runge

x11vnc: more -unixpw mode. -gone popup mode. Change filexfer via -R. Tune SMALL_FOOTPRINT.

parent f38f67e4
...@@ -377,7 +377,7 @@ AC_FUNC_VPRINTF ...@@ -377,7 +377,7 @@ AC_FUNC_VPRINTF
AC_FUNC_FORK AC_FUNC_FORK
AC_CHECK_LIB(nsl,gethostbyname) AC_CHECK_LIB(nsl,gethostbyname)
AC_CHECK_LIB(socket,socket) AC_CHECK_LIB(socket,socket)
AC_CHECK_FUNCS([ftime gethostbyname gethostname gettimeofday inet_ntoa memmove memset mmap mkfifo select socket strchr strcspn strdup strerror strstr setsid getpwuid getpwnam getuid geteuid setuid seteuid setegid waitpid setutxent grantpt]) AC_CHECK_FUNCS([ftime gethostbyname gethostname gettimeofday inet_ntoa memmove memset mmap mkfifo select socket strchr strcspn strdup strerror strstr setsid setpgrp getpwuid getpwnam getuid geteuid setuid setgid seteuid setegid waitpid setutxent grantpt])
# check, if shmget is in cygipc.a # check, if shmget is in cygipc.a
AC_CHECK_LIB(cygipc,shmget) AC_CHECK_LIB(cygipc,shmget)
......
...@@ -12,6 +12,13 @@ void check_for_multivis(void); ...@@ -12,6 +12,13 @@ void check_for_multivis(void);
void bpp8to24(int, int, int, int); void bpp8to24(int, int, int, int);
void mark_8bpp(int); void mark_8bpp(int);
#if SKIP_8TO24
void check_for_multivis(void) {}
void bpp8to24(int x, int y, int z, int t) {}
void mark_8bpp(int x) {}
#else
/* lots... */
static void set_root_cmap(void); static void set_root_cmap(void);
static int check_pointer_in_depth24(void); static int check_pointer_in_depth24(void);
static void parse_cmap8to24(void); static void parse_cmap8to24(void);
...@@ -1962,3 +1969,5 @@ if (db24 > 1) fprintf(stderr, "mark_8bpp: 0x%lx %d %d %d %d\n", windows_8bpp[i]. ...@@ -1962,3 +1969,5 @@ if (db24 > 1) fprintf(stderr, "mark_8bpp: 0x%lx %d %d %d %d\n", windows_8bpp[i].
} }
} }
#endif /* SKIP_8TO24 */
2006-03-02 Karl Runge <runge@karlrunge.com>
* x11vnc: more tweaks to -unixpw mode. Add -gone popup mode.
Change filexfer via -R. Tune SMALL_FOOTPRINT. gui fixes.
2006-02-24 Karl Runge <runge@karlrunge.com> 2006-02-24 Karl Runge <runge@karlrunge.com>
* x11vnc: -unixpw for Unix password auth, -stunnel to setup * x11vnc: -unixpw for Unix password auth, -stunnel to setup
stunnel(1) for an SSL tunnel on the server end. Add clipboard stunnel(1) for an SSL tunnel on the server end. Add clipboard
......
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
This diff is collapsed.
...@@ -17,7 +17,7 @@ char *get_remote_host(int sock); ...@@ -17,7 +17,7 @@ char *get_remote_host(int sock);
char *get_local_host(int sock); char *get_local_host(int sock);
char *ident_username(rfbClientPtr client); char *ident_username(rfbClientPtr client);
int find_free_port(int start, int end); int find_free_port(int start, int end);
int have_ssh_env(void);
static int get_port(int sock, int remote); static int get_port(int sock, int remote);
static char *get_host(int sock, int remote); static char *get_host(int sock, int remote);
...@@ -314,3 +314,54 @@ int find_free_port(int start, int end) { ...@@ -314,3 +314,54 @@ int find_free_port(int start, int end) {
return 0; return 0;
} }
int have_ssh_env(void) {
char *str, *p = getenv("SSH_CONNECTION");
char *rhost, *rport, *lhost, *lport;
if (! p) return 0;
str = strdup(p);
p = strtok(str, " ");
rhost = p;
p = strtok(NULL, " ");
if (! p) goto fail;
rport = p;
p = strtok(NULL, " ");
if (! p) goto fail;
lhost = p;
p = strtok(NULL, " ");
if (! p) goto fail;
lport = p;
if (0) fprintf(stderr, "%d/%d - '%s' '%s'\n", atoi(rport), atoi(lport), rhost, lhost);
if (atoi(rport) < 0 || atoi(rport) > 65535) {
goto fail;
}
if (atoi(lport) < 0 || atoi(lport) > 65535) {
goto fail;
}
if (!strcmp(rhost, lhost)) {
goto fail;
}
free(str);
return 1;
fail:
fprintf(stderr, "failed:\n");
free(str);
return 0;
}
...@@ -14,5 +14,6 @@ extern char *get_remote_host(int sock); ...@@ -14,5 +14,6 @@ extern char *get_remote_host(int sock);
extern char *get_local_host(int sock); extern char *get_local_host(int sock);
extern char *ident_username(rfbClientPtr client); extern char *ident_username(rfbClientPtr client);
extern int find_free_port(int start, int end); extern int find_free_port(int start, int end);
extern int have_ssh_env(void);
#endif /* _X11VNC_INET_H */ #endif /* _X11VNC_INET_H */
...@@ -801,7 +801,7 @@ int sloppy_key_check(int key, rfbBool down, rfbKeySym keysym, int *new) { ...@@ -801,7 +801,7 @@ int sloppy_key_check(int key, rfbBool down, rfbKeySym keysym, int *new) {
return 0; return 0;
} }
#if !LIBVNCSERVER_HAVE_XKEYBOARD #if !LIBVNCSERVER_HAVE_XKEYBOARD || SKIP_XKB
/* empty functions for no xkb */ /* empty functions for no xkb */
static void initialize_xkb_modtweak(void) {} static void initialize_xkb_modtweak(void) {}
......
...@@ -1141,6 +1141,36 @@ char *process_remote_cmd(char *cmd, int stringonly) { ...@@ -1141,6 +1141,36 @@ char *process_remote_cmd(char *cmd, int stringonly) {
first_conn_timeout = to; first_conn_timeout = to;
rfbLog("remote_cmd: set -timeout to %d\n", -to); rfbLog("remote_cmd: set -timeout to %d\n", -to);
} else if (!strcmp(p, "filexfer")) {
if (query) {
snprintf(buf, bufn, "ans=%s:%d", p, filexfer);
goto qry;
}
#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
if (! filexfer) {
rfbLog("remote_cmd: enabling -filexfer for new clients.\n");
filexfer = 1;
rfbRegisterTightVNCFileTransferExtension();
}
#else
rfbLog("remote_cmd: -filexfer not supported in this binary.\n");
#endif
} else if (!strcmp(p, "nofilexfer")) {
if (query) {
snprintf(buf, bufn, "ans=%s:%d", p, !filexfer);
goto qry;
}
#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
if (filexfer) {
rfbLog("remote_cmd: disabling -filexfer for new clients.\n");
filexfer = 0;
rfbUnregisterTightVNCFileTransferExtension();
}
#else
rfbLog("remote_cmd: -filexfer not supported in this binary.\n");
#endif
} else if (!strcmp(p, "deny") || !strcmp(p, "lock")) { } else if (!strcmp(p, "deny") || !strcmp(p, "lock")) {
if (query) { if (query) {
snprintf(buf, bufn, "ans=%s:%d", p, deny_all); snprintf(buf, bufn, "ans=%s:%d", p, deny_all);
...@@ -1415,7 +1445,7 @@ char *process_remote_cmd(char *cmd, int stringonly) { ...@@ -1415,7 +1445,7 @@ char *process_remote_cmd(char *cmd, int stringonly) {
host_lookup = 0; host_lookup = 0;
} else if (strstr(p, "accept") == p) { } else if (strstr(p, "accept") == p) {
int doit = 1; int doit = 1, safe = 0;
COLON_CHECK("accept:") COLON_CHECK("accept:")
if (query) { if (query) {
snprintf(buf, bufn, "ans=%s%s%s", p, co, snprintf(buf, bufn, "ans=%s%s%s", p, co,
...@@ -1423,16 +1453,13 @@ char *process_remote_cmd(char *cmd, int stringonly) { ...@@ -1423,16 +1453,13 @@ char *process_remote_cmd(char *cmd, int stringonly) {
goto qry; goto qry;
} }
p += strlen("accept:"); p += strlen("accept:");
if (safe_remote_only) { if (!strcmp(p, "") || strstr(p, "popup") == p) { /* skip-cmd-list */
if (icon_mode && !strcmp(p, "")) { /* skip-cmd-list */ safe = 1;
; }
} else if (icon_mode && !strcmp(p, "popup")) { /* skip-cmd-list */ if (safe_remote_only && ! safe) {
;
} else {
rfbLog("unsafe: %s\n", p); rfbLog("unsafe: %s\n", p);
doit = 0; doit = 0;
} }
}
if (doit) { if (doit) {
if (accept_cmd) free(accept_cmd); if (accept_cmd) free(accept_cmd);
...@@ -1440,31 +1467,39 @@ char *process_remote_cmd(char *cmd, int stringonly) { ...@@ -1440,31 +1467,39 @@ char *process_remote_cmd(char *cmd, int stringonly) {
} }
} else if (strstr(p, "afteraccept") == p) { } else if (strstr(p, "afteraccept") == p) {
int safe = 0;
COLON_CHECK("afteraccept:") COLON_CHECK("afteraccept:")
if (query) { if (query) {
snprintf(buf, bufn, "ans=%s%s%s", p, co, snprintf(buf, bufn, "ans=%s%s%s", p, co,
NONUL(afteraccept_cmd)); NONUL(afteraccept_cmd));
goto qry; goto qry;
} }
if (safe_remote_only) { p += strlen("afteraccept:");
if (!strcmp(p, "")) { /* skip-cmd-list */
safe = 1;
}
if (safe_remote_only && ! safe) {
rfbLog("unsafe: %s\n", p); rfbLog("unsafe: %s\n", p);
} else { } else {
p += strlen("afteraccept:");
if (afteraccept_cmd) free(afteraccept_cmd); if (afteraccept_cmd) free(afteraccept_cmd);
afteraccept_cmd = strdup(p); afteraccept_cmd = strdup(p);
} }
} else if (strstr(p, "gone") == p) { } else if (strstr(p, "gone") == p) {
int safe = 0;
COLON_CHECK("gone:") COLON_CHECK("gone:")
if (query) { if (query) {
snprintf(buf, bufn, "ans=%s%s%s", p, co, snprintf(buf, bufn, "ans=%s%s%s", p, co,
NONUL(gone_cmd)); NONUL(gone_cmd));
goto qry; goto qry;
} }
if (safe_remote_only) { p += strlen("gone:");
if (!strcmp(p, "") || strstr(p, "popup") == p) { /* skip-cmd-list */
safe = 1;
}
if (safe_remote_only && ! safe) {
rfbLog("unsafe: %s\n", p); rfbLog("unsafe: %s\n", p);
} else { } else {
p += strlen("gone:");
if (gone_cmd) free(gone_cmd); if (gone_cmd) free(gone_cmd);
gone_cmd = strdup(p); gone_cmd = strdup(p);
} }
...@@ -3669,6 +3704,12 @@ char *process_remote_cmd(char *cmd, int stringonly) { ...@@ -3669,6 +3704,12 @@ char *process_remote_cmd(char *cmd, int stringonly) {
snprintf(buf, bufn, "aro=%s:%s", p, NONUL(passwdfile)); snprintf(buf, bufn, "aro=%s:%s", p, NONUL(passwdfile));
} else if (!strcmp(p, "unixpw")) { } else if (!strcmp(p, "unixpw")) {
snprintf(buf, bufn, "aro=%s:%d", p, unixpw); snprintf(buf, bufn, "aro=%s:%d", p, unixpw);
} else if (!strcmp(p, "unixpw_list")) {
snprintf(buf, bufn, "aro=%s:%s", p, NONUL(unixpw_list));
} else if (!strcmp(p, "stunnel")) {
snprintf(buf, bufn, "aro=%s:%d", p, use_stunnel);
} else if (!strcmp(p, "stunnel_pem")) {
snprintf(buf, bufn, "aro=%s:%s", p, NONUL(stunnel_pem));
} else if (!strcmp(p, "using_shm")) { } else if (!strcmp(p, "using_shm")) {
snprintf(buf, bufn, "aro=%s:%d", p, !using_shm); snprintf(buf, bufn, "aro=%s:%d", p, !using_shm);
} else if (!strcmp(p, "logfile") || !strcmp(p, "o")) { } else if (!strcmp(p, "logfile") || !strcmp(p, "o")) {
......
...@@ -94,6 +94,7 @@ Clients ...@@ -94,6 +94,7 @@ Clients
gone: gone:
vncconnect vncconnect
-- D -- D
filexfer
=D http =D http
httpdir: httpdir:
httpport: httpport:
...@@ -255,6 +256,8 @@ Permissions ...@@ -255,6 +256,8 @@ Permissions
viewpasswd: viewpasswd:
=F passwdfile: =F passwdfile:
=F rfbauth: =F rfbauth:
unixpw
unixpw_list:
=0 storepasswd =0 storepasswd
=GAL LOFF =GAL LOFF
=GAL Misc-Perms:: =GAL Misc-Perms::
...@@ -262,6 +265,8 @@ Permissions ...@@ -262,6 +265,8 @@ Permissions
=0S nevershared =0S nevershared
=0S dontdisconnect =0S dontdisconnect
=SQA deny_all =SQA deny_all
stunnel
=F stunnel_pem:
=GAL LOFF =GAL LOFF
Tuning Tuning
...@@ -515,6 +520,14 @@ Set the -solid color value. ...@@ -515,6 +520,14 @@ Set the -solid color value.
set helptext(xrandr_mode) " set helptext(xrandr_mode) "
Set the -xrandr mode value. Set the -xrandr mode value.
"
set helptext(unixpw_list) "
Set the -unixpw_list usernames list value.
"
set helptext(stunnel_pem) "
Set the -stunnel pem filename value.
" "
set helptext(wireframe_mode) " set helptext(wireframe_mode) "
...@@ -3396,9 +3409,11 @@ proc set_widgets {} { ...@@ -3396,9 +3409,11 @@ proc set_widgets {} {
global connected_to_x11vnc item_case item_menu item_entry menu_m global connected_to_x11vnc item_case item_menu item_entry menu_m
foreach item [array names item_case] { foreach item [array names item_case] {
if ![info exists item_case($item)] { continue; }
set case $item_case($item) set case $item_case($item)
# set menu $menu_m($case) if ![info exists item_menu($item)] { continue; }
set menu $item_menu($item) set menu $item_menu($item)
if ![info exists item_entry($item)] { continue; }
set entry $item_entry($item) set entry $item_entry($item)
if {$entry < 0} { if {$entry < 0} {
# skip case under beginner_mode # skip case under beginner_mode
...@@ -5391,6 +5406,10 @@ proc get_nitem {item} { ...@@ -5391,6 +5406,10 @@ proc get_nitem {item} {
set nitem "sb" set nitem "sb"
} elseif {$nitem == "xrandr_mode"} { } elseif {$nitem == "xrandr_mode"} {
set nitem "xrandr" set nitem "xrandr"
} elseif {$nitem == "unixpw_list"} {
set nitem "unixpw"
} elseif {$nitem == "stunnel_pem"} {
set nitem "stunnel"
} elseif {$nitem == "wireframe_mode"} { } elseif {$nitem == "wireframe_mode"} {
set nitem "wireframe" set nitem "wireframe"
} elseif {$nitem == "solid_color"} { } elseif {$nitem == "solid_color"} {
...@@ -5989,6 +6008,13 @@ if {$tk_version < 8.4} { ...@@ -5989,6 +6008,13 @@ if {$tk_version < 8.4} {
set have_labelframes 0 set have_labelframes 0
} }
if {[info exists env(X11VNC_GUI_TEXT_HEIGHT)]} {
set max_text_height $env(X11VNC_GUI_TEXT_HEIGHT)
}
if {[info exists env(X11VNC_GUI_TEXT_WIDTH)]} {
set max_text_width $env(X11VNC_GUI_TEXT_WIDTH)
}
if {"$argv" == "-spit"} { if {"$argv" == "-spit"} {
set fh [open $argv0 r] set fh [open $argv0 r]
puts "#ifndef _TKX11VNC_H" puts "#ifndef _TKX11VNC_H"
......
...@@ -105,6 +105,7 @@ char gui_code[] = ""; ...@@ -105,6 +105,7 @@ char gui_code[] = "";
" gone:\n" " gone:\n"
" vncconnect\n" " vncconnect\n"
" -- D\n" " -- D\n"
" filexfer\n"
" =D http\n" " =D http\n"
" httpdir:\n" " httpdir:\n"
" httpport:\n" " httpport:\n"
...@@ -266,6 +267,8 @@ char gui_code[] = ""; ...@@ -266,6 +267,8 @@ char gui_code[] = "";
" viewpasswd:\n" " viewpasswd:\n"
" =F passwdfile:\n" " =F passwdfile:\n"
" =F rfbauth:\n" " =F rfbauth:\n"
" unixpw\n"
" unixpw_list:\n"
" =0 storepasswd\n" " =0 storepasswd\n"
" =GAL LOFF\n" " =GAL LOFF\n"
" =GAL Misc-Perms::\n" " =GAL Misc-Perms::\n"
...@@ -273,6 +276,8 @@ char gui_code[] = ""; ...@@ -273,6 +276,8 @@ char gui_code[] = "";
" =0S nevershared\n" " =0S nevershared\n"
" =0S dontdisconnect\n" " =0S dontdisconnect\n"
" =SQA deny_all\n" " =SQA deny_all\n"
" stunnel\n"
" =F stunnel_pem:\n"
" =GAL LOFF\n" " =GAL LOFF\n"
"\n" "\n"
"Tuning\n" "Tuning\n"
...@@ -528,6 +533,14 @@ char gui_code[] = ""; ...@@ -528,6 +533,14 @@ char gui_code[] = "";
"Set the -xrandr mode value.\n" "Set the -xrandr mode value.\n"
"\"\n" "\"\n"
"\n" "\n"
" set helptext(unixpw_list) \"\n"
"Set the -unixpw_list usernames list value.\n"
"\"\n"
"\n"
" set helptext(stunnel_pem) \"\n"
"Set the -stunnel pem filename value.\n"
"\"\n"
"\n"
" set helptext(wireframe_mode) \"\n" " set helptext(wireframe_mode) \"\n"
"Set the -wireframe mode string value.\n" "Set the -wireframe mode string value.\n"
"\"\n" "\"\n"
...@@ -3407,9 +3420,11 @@ char gui_code[] = ""; ...@@ -3407,9 +3420,11 @@ char gui_code[] = "";
" global connected_to_x11vnc item_case item_menu item_entry menu_m\n" " global connected_to_x11vnc item_case item_menu item_entry menu_m\n"
"\n" "\n"
" foreach item [array names item_case] {\n" " foreach item [array names item_case] {\n"
" if ![info exists item_case($item)] { continue; }\n"
" set case $item_case($item)\n" " set case $item_case($item)\n"
"# set menu $menu_m($case)\n" " if ![info exists item_menu($item)] { continue; }\n"
" set menu $item_menu($item)\n" " set menu $item_menu($item)\n"
" if ![info exists item_entry($item)] { continue; }\n"
" set entry $item_entry($item)\n" " set entry $item_entry($item)\n"
" if {$entry < 0} {\n" " if {$entry < 0} {\n"
" # skip case under beginner_mode \n" " # skip case under beginner_mode \n"
...@@ -5402,6 +5417,10 @@ char gui_code[] = ""; ...@@ -5402,6 +5417,10 @@ char gui_code[] = "";
" set nitem \"sb\"\n" " set nitem \"sb\"\n"
" } elseif {$nitem == \"xrandr_mode\"} {\n" " } elseif {$nitem == \"xrandr_mode\"} {\n"
" set nitem \"xrandr\"\n" " set nitem \"xrandr\"\n"
" } elseif {$nitem == \"unixpw_list\"} {\n"
" set nitem \"unixpw\"\n"
" } elseif {$nitem == \"stunnel_pem\"} {\n"
" set nitem \"stunnel\"\n"
" } elseif {$nitem == \"wireframe_mode\"} {\n" " } elseif {$nitem == \"wireframe_mode\"} {\n"
" set nitem \"wireframe\"\n" " set nitem \"wireframe\"\n"
" } elseif {$nitem == \"solid_color\"} {\n" " } elseif {$nitem == \"solid_color\"} {\n"
...@@ -6000,6 +6019,13 @@ char gui_code[] = ""; ...@@ -6000,6 +6019,13 @@ char gui_code[] = "";
" set have_labelframes 0\n" " set have_labelframes 0\n"
"}\n" "}\n"
"\n" "\n"
"if {[info exists env(X11VNC_GUI_TEXT_HEIGHT)]} {\n"
" set max_text_height $env(X11VNC_GUI_TEXT_HEIGHT)\n"
"}\n"
"if {[info exists env(X11VNC_GUI_TEXT_WIDTH)]} {\n"
" set max_text_width $env(X11VNC_GUI_TEXT_WIDTH)\n"
"}\n"
"\n"
"if {\"$argv\" == \"-spit\"} {\n" "if {\"$argv\" == \"-spit\"} {\n"
" set fh [open $argv0 r]\n" " set fh [open $argv0 r]\n"
" puts \"#ifndef _TKX11VNC_H\"\n" " puts \"#ifndef _TKX11VNC_H\"\n"
......
This diff is collapsed.
...@@ -5,8 +5,9 @@ ...@@ -5,8 +5,9 @@
extern void unixpw_screen(int init); extern void unixpw_screen(int init);
extern void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init); extern void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init);
extern void unixpw_accept(void); extern void unixpw_accept(char *user);
extern void unixpw_deny(void); extern void unixpw_deny(void);
extern int su_verify(char *user, char *pass);
extern int unixpw_in_progress; extern int unixpw_in_progress;
extern time_t unixpw_last_try_time; extern time_t unixpw_last_try_time;
......
.\" This file was automatically generated from x11vnc -help output. .\" This file was automatically generated from x11vnc -help output.
.TH X11VNC "1" "February 2006" "x11vnc " "User Commands" .TH X11VNC "1" "March 2006" "x11vnc " "User Commands"
.SH NAME .SH NAME
x11vnc - allow VNC connections to real X11 displays x11vnc - allow VNC connections to real X11 displays
version: 0.8.1, lastmod: 2006-02-24 version: 0.8.1, lastmod: 2006-03-02
.SH SYNOPSIS .SH SYNOPSIS
.B x11vnc .B x11vnc
[OPTION]... [OPTION]...
...@@ -497,9 +497,10 @@ full-access passwords) ...@@ -497,9 +497,10 @@ full-access passwords)
Experimental option: use Unix username and password Experimental option: use Unix username and password
authentication. x11vnc uses the authentication. x11vnc uses the
.IR su (1) .IR su (1)
program to program to verify
verify the user's password. [list] is an optional the user's password. [list] is an optional comma
comma separated list of allowed Unix usernames. separated list of allowed Unix usernames. See below
for per-user options that can be applied.
.IP .IP
A familiar "login:" and "Password:" dialog is A familiar "login:" and "Password:" dialog is
presented to the user on a black screen inside the presented to the user on a black screen inside the
...@@ -508,6 +509,25 @@ to supply the correct password in 3 tries or does not ...@@ -508,6 +509,25 @@ to supply the correct password in 3 tries or does not
send one before a 20 second timeout. Existing clients send one before a 20 second timeout. Existing clients
are view-only during this period. are view-only during this period.
.IP .IP
Since the detailed behavior of
.IR su (1)
can vary from
OS to OS and for local configurations, please test
the mode carefully on your systems before using it.
Try different combinations of valid/invalid usernames
and passwords.
.IP
For example, on FreeBSD and the other BSD's and Tru64
it does not appear to be possible for the user running
x11vnc to validate his *own* password via
.IR su (1).
The x11vnc login will always fail in this case.
A possible workaround would be to start x11vnc as
root with the "\fB-users\fR \fI+nobody\fR" option to immediately
switch to user nobody. Another source of problems are
PAM modules that prompt for extra info, e.g. password
aging modules. These logins will always fail as well.
.IP
*IMPORTANT*: to prevent the Unix password being sent in *IMPORTANT*: to prevent the Unix password being sent in
*clear text* over the network, two x11vnc options are *clear text* over the network, two x11vnc options are
enforced: 1) \fB-localhost\fR and 2) \fB-stunnel.\fR The former enforced: 1) \fB-localhost\fR and 2) \fB-stunnel.\fR The former
...@@ -531,6 +551,15 @@ with ...@@ -531,6 +551,15 @@ with
user login (since Unix password or the user's public user login (since Unix password or the user's public
key authentication is used by ssh) key authentication is used by ssh)
.IP .IP
As a convenience, if you
.IR ssh (1)
in and start x11vnc
it will look to see if the environment variable
SSH_CONNECTION is set and appears reasonable. If it
does, then the stunnel requirement is dropped since
it is assumed you are using ssh for the encrypted
tunnelling. Use \fB-stunnel\fR to force stunnel usage.
.IP
Set UNIXPW_DISABLE_LOCALHOST=1 to disable the \fB-localhost\fR Set UNIXPW_DISABLE_LOCALHOST=1 to disable the \fB-localhost\fR
requirement. One should never do this (i.e. allow the requirement. One should never do this (i.e. allow the
Unix passwords to be sniffed on the network). Unix passwords to be sniffed on the network).
...@@ -539,7 +568,19 @@ NOTE: in \fB-inetd\fR mode the two settings are not enforced ...@@ -539,7 +568,19 @@ NOTE: in \fB-inetd\fR mode the two settings are not enforced
since x11vnc does not make network connections in since x11vnc does not make network connections in
that case. Be sure to use encryption from the viewer that case. Be sure to use encryption from the viewer
to inetd. One can also have your own stunnel spawn to inetd. One can also have your own stunnel spawn
x11vnc in \fB-inetd\fR mode. x11vnc in \fB-inetd\fR mode. See the FAQ.
.IP
The user names in the comma separated [list] can have
per-user options after a ":", e.g. "fred:opts"
where "opts" is a "+" separated list of
"viewonly", "fullaccess", "input=XXXX", or
"deny", e.g. "karl,fred:viewonly,boss:input=M".
For "input=" it is the K,M,B,C describe under \fB-input.\fR
.IP
If a user in the list is "*" that means those options
apply to all users. It also means all users are allowed
to log in. Use "deny" to explicitly deny some users
if you use "*" to set a global option.
.PP .PP
\fB-stunnel\fR \fI[pem]\fR \fB-stunnel\fR \fI[pem]\fR
.IP .IP
...@@ -549,17 +590,22 @@ Use the ...@@ -549,17 +590,22 @@ Use the
encrypted SSL tunnel between viewers and x11vnc. encrypted SSL tunnel between viewers and x11vnc.
This requires stunnel be installed on the system and This requires stunnel be installed on the system and
available via PATH (n.b. stunnel is often installed in available via PATH (n.b. stunnel is often installed in
sbin directories). Version 4.x of stunnel is assumed. sbin directories). Version 4.x of stunnel is assumed;
see \fB-stunnel3\fR below.
.IP .IP
[pem] is optional, use "\fB-stunnel\fR \fI/path/to/stunnel.pem\fR" [pem] is optional, use "\fB-stunnel\fR \fI/path/to/stunnel.pem\fR"
to specify a PEM certificate file to pass to stunnel. to specify a PEM certificate file to pass to stunnel.
Whether one is needed or not depends on your stunnel
configuration.
.IP .IP
stunnel is started up as a child process and any SSL stunnel is started up as a child process of x11vnc and
connections it receives are decrypted and sent to x11vnc any SSL connections stunnel receives are decrypted and
over a local socket. The strings "The SSL VNC desktop sent to x11vnc over a local socket. The strings "The
is ..." and SSLPORT=... are printed out at startup. SSL VNC desktop is ..." and SSLPORT=... are printed
out at startup.
.IP .IP
The \fB-localhost\fR option is enforced by default. Set The \fB-localhost\fR option is enforced by default to
avoid people routing around the SSL channel. Set
STUNNEL_DISABLE_LOCALHOST=1 to disable the requirement. STUNNEL_DISABLE_LOCALHOST=1 to disable the requirement.
.IP .IP
Your VNC viewer will need to be able to connect via SSL. Your VNC viewer will need to be able to connect via SSL.
...@@ -573,7 +619,8 @@ A simple example on Unix using stunnel 3.x is: ...@@ -573,7 +619,8 @@ A simple example on Unix using stunnel 3.x is:
% vncviewer localhost:1 % vncviewer localhost:1
.IP .IP
For Windows, stunnel has been ported to it and there For Windows, stunnel has been ported to it and there
are probably other such tools available. are probably other such tools available. See the FAQ
for more examples.
.PP .PP
\fB-stunnel3\fR \fI[pem]\fR \fB-stunnel3\fR \fI[pem]\fR
.IP .IP
...@@ -685,8 +732,9 @@ Example: \fB-afteraccept\fR 'killall xlock &' ...@@ -685,8 +732,9 @@ Example: \fB-afteraccept\fR 'killall xlock &'
As \fB-accept,\fR except to run a user supplied command when As \fB-accept,\fR except to run a user supplied command when
a client goes away (disconnects). RFB_MODE will be a client goes away (disconnects). RFB_MODE will be
set to "gone" and the other RFB_* variables are as set to "gone" and the other RFB_* variables are as
in \fB-accept.\fR Unlike \fB-accept,\fR the command return code in \fB-accept.\fR The "popup" actions apply as well.
is not interpreted by x11vnc. Example: \fB-gone\fR 'xlock &' Unlike \fB-accept,\fR the command return code is not
interpreted by x11vnc. Example: \fB-gone\fR 'xlock &'
.PP .PP
\fB-users\fR \fIlist\fR \fB-users\fR \fIlist\fR
.IP .IP
...@@ -2183,6 +2231,10 @@ timeout:n reset \fB-timeout\fR to n, if there are ...@@ -2183,6 +2231,10 @@ timeout:n reset \fB-timeout\fR to n, if there are
currently no clients, exit unless one currently no clients, exit unless one
connects in the next n secs. connects in the next n secs.
.IP .IP
filexfer enable filetransfer for new clients.
.IP
nofilexfer disable filetransfer for new clients.
.IP
http enable http client connections. http enable http client connections.
.IP .IP
nohttp disable http client connections. nohttp disable http client connections.
...@@ -2600,11 +2652,11 @@ nowaitmapped clip flashcmap noflashcmap shiftcmap ...@@ -2600,11 +2652,11 @@ nowaitmapped clip flashcmap noflashcmap shiftcmap
truecolor notruecolor overlay nooverlay overlay_cursor truecolor notruecolor overlay nooverlay overlay_cursor
overlay_yescursor nooverlay_nocursor nooverlay_cursor overlay_yescursor nooverlay_nocursor nooverlay_cursor
nooverlay_yescursor overlay_nocursor 8to24 no8to24 nooverlay_yescursor overlay_nocursor 8to24 no8to24
8to24_opts visual scale scale_cursor viewonly 8to24_opts visual scale scale_cursor viewonly noviewonly
noviewonly shared noshared forever noforever once shared noshared forever noforever once timeout filexfer
timeout filexfer deny lock nodeny unlock connect nofilexfer deny lock nodeny unlock connect allowonce
allowonce allow localhost nolocalhost listen lookup allow localhost nolocalhost listen lookup nolookup
nolookup accept afteraccept gone shm noshm flipbyteorder accept afteraccept gone shm noshm flipbyteorder
noflipbyteorder onetile noonetile solid_color solid noflipbyteorder onetile noonetile solid_color solid
nosolid blackout xinerama noxinerama xtrap noxtrap nosolid blackout xinerama noxinerama xtrap noxtrap
xrandr noxrandr xrandr_mode padgeom quiet q noquiet xrandr noxrandr xrandr_mode padgeom quiet q noquiet
...@@ -2643,14 +2695,15 @@ http_url auth xauth users rootshift clipshift ...@@ -2643,14 +2695,15 @@ http_url auth xauth users rootshift clipshift
scale_str scaled_x scaled_y scale_numer scale_denom scale_str scaled_x scaled_y scale_numer scale_denom
scale_fac scaling_blend scaling_nomult4 scaling_pad scale_fac scaling_blend scaling_nomult4 scaling_pad
scaling_interpolate inetd privremote unsafe safer nocmds scaling_interpolate inetd privremote unsafe safer nocmds
passwdfile using_shm logfile o flag rc norc h help V passwdfile unixpw unixpw_list stunnel stunnel_pem
version lastmod bg sigpipe threads readrate netrate using_shm logfile o flag rc norc h help V version
netlatency pipeinput clients client_count pid ext_xtest lastmod bg sigpipe threads readrate netrate netlatency
ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama pipeinput clients client_count pid ext_xtest ext_xtrap
ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay
num_buttons button_mask mouse_x mouse_y bpp depth ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons
indexed_color dpy_x dpy_y wdpy_x wdpy_y off_x off_y button_mask mouse_x mouse_y bpp depth indexed_color
cdpy_x cdpy_y coff_x coff_y rfbauth passwd viewpasswd dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y
coff_x coff_y rfbauth passwd viewpasswd
.PP .PP
\fB-QD\fR \fIvariable\fR \fB-QD\fR \fIvariable\fR
.IP .IP
......
...@@ -904,6 +904,7 @@ static void print_settings(int try_http, int bg, char *gui_str) { ...@@ -904,6 +904,7 @@ static void print_settings(int try_http, int bg, char *gui_str) {
fprintf(stderr, "Settings:\n"); fprintf(stderr, "Settings:\n");
fprintf(stderr, " display: %s\n", use_dpy ? use_dpy fprintf(stderr, " display: %s\n", use_dpy ? use_dpy
: "null"); : "null");
#if SMALL_FOOTPRINT < 2
fprintf(stderr, " authfile: %s\n", auth_file ? auth_file fprintf(stderr, " authfile: %s\n", auth_file ? auth_file
: "null"); : "null");
fprintf(stderr, " subwin: 0x%lx\n", subwin); fprintf(stderr, " subwin: 0x%lx\n", subwin);
...@@ -940,6 +941,7 @@ static void print_settings(int try_http, int bg, char *gui_str) { ...@@ -940,6 +941,7 @@ static void print_settings(int try_http, int bg, char *gui_str) {
fprintf(stderr, " passfile: %s\n", passwdfile ? passwdfile fprintf(stderr, " passfile: %s\n", passwdfile ? passwdfile
: "null"); : "null");
fprintf(stderr, " unixpw: %d\n", unixpw); fprintf(stderr, " unixpw: %d\n", unixpw);
fprintf(stderr, " unixpw_lst: %s\n", unixpw_list ? unixpw_list:"null");
fprintf(stderr, " stunnel: %d\n", use_stunnel); fprintf(stderr, " stunnel: %d\n", use_stunnel);
fprintf(stderr, " accept: %s\n", accept_cmd ? accept_cmd fprintf(stderr, " accept: %s\n", accept_cmd ? accept_cmd
: "null"); : "null");
...@@ -1073,6 +1075,7 @@ static void print_settings(int try_http, int bg, char *gui_str) { ...@@ -1073,6 +1075,7 @@ static void print_settings(int try_http, int bg, char *gui_str) {
fprintf(stderr, " nocmds: %d\n", no_external_cmds); fprintf(stderr, " nocmds: %d\n", no_external_cmds);
fprintf(stderr, " deny_all: %d\n", deny_all); fprintf(stderr, " deny_all: %d\n", deny_all);
fprintf(stderr, "\n"); fprintf(stderr, "\n");
#endif
rfbLog("x11vnc version: %s\n", lastmod); rfbLog("x11vnc version: %s\n", lastmod);
} }
...@@ -1282,6 +1285,7 @@ int main(int argc, char* argv[]) { ...@@ -1282,6 +1285,7 @@ int main(int argc, char* argv[]) {
} else if (!strcmp(arg, "-overlay_yescursor")) { } else if (!strcmp(arg, "-overlay_yescursor")) {
overlay = 1; overlay = 1;
overlay_cursor = 2; overlay_cursor = 2;
#if !SKIP_8TO24
} else if (!strcmp(arg, "-8to24")) { } else if (!strcmp(arg, "-8to24")) {
cmap8to24 = 1; cmap8to24 = 1;
if (i < argc-1) { if (i < argc-1) {
...@@ -1291,6 +1295,7 @@ int main(int argc, char* argv[]) { ...@@ -1291,6 +1295,7 @@ int main(int argc, char* argv[]) {
i++; i++;
} }
} }
#endif
} else if (!strcmp(arg, "-visual")) { } else if (!strcmp(arg, "-visual")) {
CHECK_ARGC CHECK_ARGC
visual_str = strdup(argv[++i]); visual_str = strdup(argv[++i]);
...@@ -1359,14 +1364,36 @@ int main(int argc, char* argv[]) { ...@@ -1359,14 +1364,36 @@ int main(int argc, char* argv[]) {
CHECK_ARGC CHECK_ARGC
passwdfile = strdup(argv[++i]); passwdfile = strdup(argv[++i]);
got_passwdfile = 1; got_passwdfile = 1;
} else if (!strcmp(arg, "-unixpw")) { } else if (!strcmp(arg, "-unixpw")
|| !strcmp(arg, "-unixpw_unsafe")) {
unixpw = 1; unixpw = 1;
if (i < argc-1) { if (i < argc-1) {
char *s = argv[i+1]; char *p, *q, *s = argv[i+1];
if (s[0] != '-') { if (s[0] != '-') {
unixpw_list = strdup(s); unixpw_list = strdup(s);
i++; i++;
} }
if (s[0] == '%') {
p = unixpw_list;
unixpw_list = NULL;
strcpy(p, s+1);
strcat(p, "\n"); /* just fits */
if ((q = strchr(p, ':')) == NULL) {
exit(1);
}
*q = '\0';
if (su_verify(p, q+1)) {
fprintf(stderr, "\nY\n");
} else {
fprintf(stderr, "\nN\n");
}
exit(0);
}
}
if (!strcmp(arg, "-unixpw_unsafe")) {
/* hidden option for testing. */
set_env("UNIXPW_DISABLE_STUNNEL", "1");
set_env("UNIXPW_DISABLE_LOCALHOST", "1");
} }
} else if (!strcmp(arg, "-stunnel")) { } else if (!strcmp(arg, "-stunnel")) {
use_stunnel = 1; use_stunnel = 1;
...@@ -2079,12 +2106,16 @@ int main(int argc, char* argv[]) { ...@@ -2079,12 +2106,16 @@ int main(int argc, char* argv[]) {
allow_list = strdup("127.0.0.1"); allow_list = strdup("127.0.0.1");
got_localhost = 1; got_localhost = 1;
} }
if (! got_stunnel && ! getenv("UNIXPW_DISABLE_STUNNEL")) { if (! got_stunnel) {
if (! getenv("UNIXPW_DISABLE_STUNNEL") &&
! have_ssh_env()) {
if (! quiet) { if (! quiet) {
rfbLog("Setting -stunnel in -unixpw mode.\n"); rfbLog("Setting -stunnel in -unixpw "
"mode.\n");
} }
use_stunnel = 1; use_stunnel = 1;
} }
}
} else if (use_stunnel) { } else if (use_stunnel) {
if (! got_localhost && ! getenv("STUNNEL_DISABLE_LOCALHOST")) { if (! got_localhost && ! getenv("STUNNEL_DISABLE_LOCALHOST")) {
......
...@@ -116,15 +116,18 @@ ...@@ -116,15 +116,18 @@
#define NOGUI #define NOGUI
#endif #endif
#define SKIP_XKB 0
#define SKIP_8TO24 0
#if (SMALL_FOOTPRINT > 1) #if (SMALL_FOOTPRINT > 1)
#undef LIBVNCSERVER_HAVE_XKEYBOARD #undef SKIP_XKB
#undef SKIP_8TO24
#undef LIBVNCSERVER_HAVE_LIBXINERAMA #undef LIBVNCSERVER_HAVE_LIBXINERAMA
#undef LIBVNCSERVER_HAVE_LIBXRANDR
#undef LIBVNCSERVER_HAVE_LIBXFIXES #undef LIBVNCSERVER_HAVE_LIBXFIXES
#undef LIBVNCSERVER_HAVE_LIBXDAMAGE #undef LIBVNCSERVER_HAVE_LIBXDAMAGE
#define LIBVNCSERVER_HAVE_XKEYBOARD 0 #define SKIP_XKB 1
#define SKIP_8TO24 1
#define LIBVNCSERVER_HAVE_LIBXINERAMA 0 #define LIBVNCSERVER_HAVE_LIBXINERAMA 0
#define LIBVNCSERVER_HAVE_LIBXRANDR 0
#define LIBVNCSERVER_HAVE_LIBXFIXES 0 #define LIBVNCSERVER_HAVE_LIBXFIXES 0
#define LIBVNCSERVER_HAVE_LIBXDAMAGE 0 #define LIBVNCSERVER_HAVE_LIBXDAMAGE 0
#endif #endif
......
...@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0; ...@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0; int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */ /* date +'lastmod: %Y-%m-%d' */
char lastmod[] = "0.8.1 lastmod: 2006-02-24"; char lastmod[] = "0.8.1 lastmod: 2006-03-02";
/* X display info */ /* X display info */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment