x11vnc: more -unixpw mode. -gone popup mode. Change filexfer via -R. Tune SMALL_FOOTPRINT.

configure.ac

@@ -377,7 +377,7 @@ AC_FUNC_VPRINTF
 AC_FUNC_FORK
 AC_CHECK_LIB(nsl,gethostbyname)
 AC_CHECK_LIB(socket,socket)
-AC_CHECK_FUNCS([ftime gethostbyname gethostname gettimeofday inet_ntoa memmove memset mmap mkfifo select socket strchr strcspn strdup strerror strstr setsid getpwuid getpwnam getuid geteuid setuid seteuid setegid waitpid setutxent grantpt])
+AC_CHECK_FUNCS([ftime gethostbyname gethostname gettimeofday inet_ntoa memmove memset mmap mkfifo select socket strchr strcspn strdup strerror strstr setsid setpgrp getpwuid getpwnam getuid geteuid setuid setgid seteuid setegid waitpid setutxent grantpt])
 
 # check, if shmget is in cygipc.a
 AC_CHECK_LIB(cygipc,shmget)

x11vnc/8to24.c

@@ -12,6 +12,13 @@ void check_for_multivis(void);
 void bpp8to24(int, int, int, int);
 void mark_8bpp(int);
 
+#if SKIP_8TO24
+void check_for_multivis(void) {}
+void bpp8to24(int x, int y, int z, int t) {}
+void mark_8bpp(int x) {}
+#else
+/* lots... */
+
 static void set_root_cmap(void);
 static int check_pointer_in_depth24(void);
 static void parse_cmap8to24(void);
@@ -1962,3 +1969,5 @@ if (db24 > 1) fprintf(stderr, "mark_8bpp: 0x%lx %d %d %d %d\n", windows_8bpp[i].
 	}
 }
 
+#endif /* SKIP_8TO24 */
+

x11vnc/ChangeLog

+2006-03-02  Karl Runge <runge@karlrunge.com>
+	* x11vnc: more tweaks to -unixpw mode.  Add -gone popup mode.
+	  Change filexfer via -R.  Tune SMALL_FOOTPRINT.  gui fixes.
+
 2006-02-24  Karl Runge <runge@karlrunge.com>
 	* x11vnc: -unixpw for Unix password auth, -stunnel to setup
 	  stunnel(1) for an SSL tunnel on the server end.  Add clipboard

x11vnc/inet.c

@@ -17,7 +17,7 @@ char *get_remote_host(int sock);
 char *get_local_host(int sock);
 char *ident_username(rfbClientPtr client);
 int find_free_port(int start, int end);
-
+int have_ssh_env(void);
 
 static int get_port(int sock, int remote);
 static char *get_host(int sock, int remote);
@@ -314,3 +314,54 @@ int find_free_port(int start, int end) {
 	return 0;
 }
 
+int have_ssh_env(void) {
+	char *str, *p = getenv("SSH_CONNECTION");
+	char *rhost, *rport, *lhost, *lport;
+	
+	if (! p) return 0;
+
+	str = strdup(p);
+	
+	p = strtok(str, " ");
+	rhost = p;
+
+	p = strtok(NULL, " ");
+	if (! p) goto fail;
+
+	rport = p;
+
+	p = strtok(NULL, " ");
+	if (! p) goto fail;
+
+	lhost = p;
+	
+	p = strtok(NULL, " ");
+	if (! p) goto fail;
+
+	lport = p;
+
+if (0) fprintf(stderr, "%d/%d - '%s' '%s'\n", atoi(rport), atoi(lport), rhost, lhost);
+
+	if (atoi(rport) < 0 || atoi(rport) > 65535) {
+		goto fail;
+	}
+	if (atoi(lport) < 0 || atoi(lport) > 65535) {
+		goto fail;
+	}
+
+	if (!strcmp(rhost, lhost)) {
+		goto fail;
+	}
+
+	free(str);
+
+	return 1;
+	
+	fail:
+fprintf(stderr, "failed:\n");
+
+	free(str);
+
+	return 0;
+}
+

x11vnc/inet.h

@@ -14,5 +14,6 @@ extern char *get_remote_host(int sock);
 extern char *get_local_host(int sock);
 extern char *ident_username(rfbClientPtr client);
 extern int find_free_port(int start, int end);
+extern int have_ssh_env(void);
 
 #endif /* _X11VNC_INET_H */

x11vnc/keyboard.c

@@ -801,7 +801,7 @@ int sloppy_key_check(int key, rfbBool down, rfbKeySym keysym, int *new) {
 	return 0;
 }
 
-#if !LIBVNCSERVER_HAVE_XKEYBOARD
+#if !LIBVNCSERVER_HAVE_XKEYBOARD || SKIP_XKB
 
 /* empty functions for no xkb */
 static void initialize_xkb_modtweak(void) {}

x11vnc/remote.c

@@ -1141,6 +1141,36 @@ char *process_remote_cmd(char *cmd, int stringonly) {
 		first_conn_timeout = to;
 		rfbLog("remote_cmd: set -timeout to %d\n", -to);
 
+	} else if (!strcmp(p, "filexfer")) {
+		if (query) {
+			snprintf(buf, bufn, "ans=%s:%d", p, filexfer);
+			goto qry;
+		}
+#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
+		if (! filexfer) {
+			rfbLog("remote_cmd: enabling -filexfer for new clients.\n");
+			filexfer = 1;
+			rfbRegisterTightVNCFileTransferExtension();
+		}
+#else
+		rfbLog("remote_cmd: -filexfer not supported in this binary.\n");
+#endif
+
+	} else if (!strcmp(p, "nofilexfer")) {
+		if (query) {
+			snprintf(buf, bufn, "ans=%s:%d", p, !filexfer);
+			goto qry;
+		}
+#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
+		if (filexfer) {
+			rfbLog("remote_cmd: disabling -filexfer for new clients.\n");
+			filexfer = 0;
+			rfbUnregisterTightVNCFileTransferExtension();
+		}
+#else
+		rfbLog("remote_cmd: -filexfer not supported in this binary.\n");
+#endif
+
 	} else if (!strcmp(p, "deny") || !strcmp(p, "lock")) {
 		if (query) {
 			snprintf(buf, bufn, "ans=%s:%d", p, deny_all);
@@ -1415,7 +1445,7 @@ char *process_remote_cmd(char *cmd, int stringonly) {
 		host_lookup = 0;
 
 	} else if (strstr(p, "accept") == p) {
-		int doit = 1;
+		int doit = 1, safe = 0;
 		COLON_CHECK("accept:")
 		if (query) {
 			snprintf(buf, bufn, "ans=%s%s%s", p, co,
@@ -1423,16 +1453,13 @@ char *process_remote_cmd(char *cmd, int stringonly) {
 			goto qry;
 		}
 		p += strlen("accept:");
-		if (safe_remote_only) {
-			if (icon_mode && !strcmp(p, "")) { /* skip-cmd-list */
-				;
-			} else if (icon_mode && !strcmp(p, "popup")) { /* skip-cmd-list */
-				;
-			} else {
+		if (!strcmp(p, "") || strstr(p, "popup") == p) { /* skip-cmd-list */
+			safe = 1;
+		}
+		if (safe_remote_only && ! safe) {
 			rfbLog("unsafe: %s\n", p);
 			doit = 0;
 		}
-		}
 
 		if (doit) {
 			if (accept_cmd) free(accept_cmd);
@@ -1440,31 +1467,39 @@ char *process_remote_cmd(char *cmd, int stringonly) {
 		}
 
 	} else if (strstr(p, "afteraccept") == p) {
+		int safe = 0;
 		COLON_CHECK("afteraccept:")
 		if (query) {
 			snprintf(buf, bufn, "ans=%s%s%s", p, co,
 			    NONUL(afteraccept_cmd));
 			goto qry;
 		}
-		if (safe_remote_only) {
+		p += strlen("afteraccept:");
+		if (!strcmp(p, "")) { /* skip-cmd-list */
+			safe = 1;
+		}
+		if (safe_remote_only && ! safe) {
 			rfbLog("unsafe: %s\n", p);
 		} else {
-			p += strlen("afteraccept:");
 			if (afteraccept_cmd) free(afteraccept_cmd);
 			afteraccept_cmd = strdup(p);
 		}
 
 	} else if (strstr(p, "gone") == p) {
+		int safe = 0;
 		COLON_CHECK("gone:")
 		if (query) {
 			snprintf(buf, bufn, "ans=%s%s%s", p, co,
 			    NONUL(gone_cmd));
 			goto qry;
 		}
-		if (safe_remote_only) {
+		p += strlen("gone:");
+		if (!strcmp(p, "") || strstr(p, "popup") == p) { /* skip-cmd-list */
+			safe = 1;
+		}
+		if (safe_remote_only && ! safe) {
 			rfbLog("unsafe: %s\n", p);
 		} else {
-			p += strlen("gone:");
 			if (gone_cmd) free(gone_cmd);
 			gone_cmd = strdup(p);
 		}
@@ -3669,6 +3704,12 @@ char *process_remote_cmd(char *cmd, int stringonly) {
 			snprintf(buf, bufn, "aro=%s:%s", p, NONUL(passwdfile));
 		} else if (!strcmp(p, "unixpw")) {
 			snprintf(buf, bufn, "aro=%s:%d", p, unixpw);
+		} else if (!strcmp(p, "unixpw_list")) {
+			snprintf(buf, bufn, "aro=%s:%s", p, NONUL(unixpw_list));
+		} else if (!strcmp(p, "stunnel")) {
+			snprintf(buf, bufn, "aro=%s:%d", p, use_stunnel);
+		} else if (!strcmp(p, "stunnel_pem")) {
+			snprintf(buf, bufn, "aro=%s:%s", p, NONUL(stunnel_pem));
 		} else if (!strcmp(p, "using_shm")) {
 			snprintf(buf, bufn, "aro=%s:%d", p, !using_shm);
 		} else if (!strcmp(p, "logfile") || !strcmp(p, "o")) {

x11vnc/tkx11vnc

@@ -94,6 +94,7 @@ Clients
 	gone:
 	vncconnect
 	-- D
+	filexfer
 	=D http
 	httpdir:
 	httpport:
@@ -255,6 +256,8 @@ Permissions
 	viewpasswd:
 	=F passwdfile:
 	=F rfbauth:
+	unixpw
+	unixpw_list:
 	=0 storepasswd
 	=GAL LOFF
 	=GAL Misc-Perms::
@@ -262,6 +265,8 @@ Permissions
 	=0S nevershared
 	=0S dontdisconnect
 	=SQA deny_all
+	stunnel
+	=F stunnel_pem:
 	=GAL LOFF
 
 Tuning
@@ -515,6 +520,14 @@ Set the -solid color value.
 
 	set helptext(xrandr_mode) "
 Set the -xrandr mode value.
+"
+
+	set helptext(unixpw_list) "
+Set the -unixpw_list usernames list value.
+"
+
+	set helptext(stunnel_pem) "
+Set the -stunnel pem filename value.
 "
 
 	set helptext(wireframe_mode) "
@@ -3396,9 +3409,11 @@ proc set_widgets {} {
 	global connected_to_x11vnc item_case item_menu item_entry menu_m
 
 	foreach item [array names item_case] {
+		if ![info exists item_case($item)] { continue; }
 		set case $item_case($item)
-#		set menu $menu_m($case)
+		if ![info exists item_menu($item)] { continue; }
 		set menu $item_menu($item)
+		if ![info exists item_entry($item)] { continue; }
 		set entry $item_entry($item)
 		if {$entry < 0} {
 			# skip case under beginner_mode 
@@ -5391,6 +5406,10 @@ proc get_nitem {item} {
 		set nitem "sb"
 	} elseif {$nitem == "xrandr_mode"} {
 		set nitem "xrandr"
+	} elseif {$nitem == "unixpw_list"} {
+		set nitem "unixpw"
+	} elseif {$nitem == "stunnel_pem"} {
+		set nitem "stunnel"
 	} elseif {$nitem == "wireframe_mode"} {
 		set nitem "wireframe"
 	} elseif {$nitem == "solid_color"} {
@@ -5989,6 +6008,13 @@ if {$tk_version < 8.4} {
 	set have_labelframes 0
 }
 
+if {[info exists env(X11VNC_GUI_TEXT_HEIGHT)]} {
+	set max_text_height $env(X11VNC_GUI_TEXT_HEIGHT)
+}
+if {[info exists env(X11VNC_GUI_TEXT_WIDTH)]} {
+	set max_text_width  $env(X11VNC_GUI_TEXT_WIDTH)
+}
+
 if {"$argv" == "-spit"} {
 	set fh [open $argv0 r]
 	puts "#ifndef _TKX11VNC_H"

x11vnc/tkx11vnc.h

@@ -105,6 +105,7 @@ char gui_code[] = "";
 "	gone:\n"
 "	vncconnect\n"
 "	-- D\n"
+"	filexfer\n"
 "	=D http\n"
 "	httpdir:\n"
 "	httpport:\n"
@@ -266,6 +267,8 @@ char gui_code[] = "";
 "	viewpasswd:\n"
 "	=F passwdfile:\n"
 "	=F rfbauth:\n"
+"	unixpw\n"
+"	unixpw_list:\n"
 "	=0 storepasswd\n"
 "	=GAL LOFF\n"
 "	=GAL Misc-Perms::\n"
@@ -273,6 +276,8 @@ char gui_code[] = "";
 "	=0S nevershared\n"
 "	=0S dontdisconnect\n"
 "	=SQA deny_all\n"
+"	stunnel\n"
+"	=F stunnel_pem:\n"
 "	=GAL LOFF\n"
 "\n"
 "Tuning\n"
@@ -528,6 +533,14 @@ char gui_code[] = "";
 "Set the -xrandr mode value.\n"
 "\"\n"
 "\n"
+"	set helptext(unixpw_list) \"\n"
+"Set the -unixpw_list usernames list value.\n"
+"\"\n"
+"\n"
+"	set helptext(stunnel_pem) \"\n"
+"Set the -stunnel pem filename value.\n"
+"\"\n"
+"\n"
 "	set helptext(wireframe_mode) \"\n"
 "Set the -wireframe mode string value.\n"
 "\"\n"
@@ -3407,9 +3420,11 @@ char gui_code[] = "";
 "	global connected_to_x11vnc item_case item_menu item_entry menu_m\n"
 "\n"
 "	foreach item [array names item_case] {\n"
+"		if ![info exists item_case($item)] { continue; }\n"
 "		set case $item_case($item)\n"
-"#		set menu $menu_m($case)\n"
+"		if ![info exists item_menu($item)] { continue; }\n"
 "		set menu $item_menu($item)\n"
+"		if ![info exists item_entry($item)] { continue; }\n"
 "		set entry $item_entry($item)\n"
 "		if {$entry < 0} {\n"
 "			# skip case under beginner_mode \n"
@@ -5402,6 +5417,10 @@ char gui_code[] = "";
 "		set nitem \"sb\"\n"
 "	} elseif {$nitem == \"xrandr_mode\"} {\n"
 "		set nitem \"xrandr\"\n"
+"	} elseif {$nitem == \"unixpw_list\"} {\n"
+"		set nitem \"unixpw\"\n"
+"	} elseif {$nitem == \"stunnel_pem\"} {\n"
+"		set nitem \"stunnel\"\n"
 "	} elseif {$nitem == \"wireframe_mode\"} {\n"
 "		set nitem \"wireframe\"\n"
 "	} elseif {$nitem == \"solid_color\"} {\n"
@@ -6000,6 +6019,13 @@ char gui_code[] = "";
 "	set have_labelframes 0\n"
 "}\n"
 "\n"
+"if {[info exists env(X11VNC_GUI_TEXT_HEIGHT)]} {\n"
+"	set max_text_height $env(X11VNC_GUI_TEXT_HEIGHT)\n"
+"}\n"
+"if {[info exists env(X11VNC_GUI_TEXT_WIDTH)]} {\n"
+"	set max_text_width  $env(X11VNC_GUI_TEXT_WIDTH)\n"
+"}\n"
+"\n"
 "if {\"$argv\" == \"-spit\"} {\n"
 "	set fh [open $argv0 r]\n"
 "	puts \"#ifndef _TKX11VNC_H\"\n"

x11vnc/unixpw.h

@@ -5,8 +5,9 @@
 
 extern void unixpw_screen(int init);
 extern void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init);
-extern void unixpw_accept(void);
+extern void unixpw_accept(char *user);
 extern void unixpw_deny(void);
+extern int su_verify(char *user, char *pass);
 
 extern int unixpw_in_progress;
 extern time_t unixpw_last_try_time;

x11vnc/x11vnc.1

 .\" This file was automatically generated from x11vnc -help output.
-.TH X11VNC "1" "February 2006" "x11vnc " "User Commands"
+.TH X11VNC "1" "March 2006" "x11vnc " "User Commands"
 .SH NAME
 x11vnc - allow VNC connections to real X11 displays
-         version: 0.8.1, lastmod: 2006-02-24
+         version: 0.8.1, lastmod: 2006-03-02
 .SH SYNOPSIS
 .B x11vnc
 [OPTION]...
@@ -497,9 +497,10 @@ full-access passwords)
 Experimental option: use Unix username and password
 authentication.  x11vnc uses the 
 .IR su (1)
-program to
-verify the user's password.  [list] is an optional
-comma separated list of allowed Unix usernames.
+program to verify
+the user's password.  [list] is an optional comma
+separated list of allowed Unix usernames.  See below
+for per-user options that can be applied.
 .IP
 A familiar "login:" and "Password:" dialog is
 presented to the user on a black screen inside the
@@ -508,6 +509,25 @@ to supply the correct password in 3 tries or does not
 send one before a 20 second timeout.  Existing clients
 are view-only during this period.
 .IP
+Since the detailed behavior of 
+.IR su (1)
+can vary from
+OS to OS and for local configurations, please test
+the mode carefully on your systems before using it.
+Try different combinations of valid/invalid usernames
+and passwords.
+.IP
+For example, on FreeBSD and the other BSD's and Tru64
+it does not appear to be possible for the user running
+x11vnc to validate his *own* password via 
+.IR su (1).
+The x11vnc login will always fail in this case.
+A possible workaround would be to start x11vnc as
+root with the "\fB-users\fR \fI+nobody\fR" option to immediately
+switch to user nobody.  Another source of problems are
+PAM modules that prompt for extra info, e.g. password
+aging modules.  These logins will always fail as well.
+.IP
 *IMPORTANT*: to prevent the Unix password being sent in
 *clear text* over the network, two x11vnc options are
 enforced: 1) \fB-localhost\fR and 2) \fB-stunnel.\fR  The former
@@ -531,6 +551,15 @@ with
 user login (since Unix password or the user's public
 key authentication is used by ssh)
 .IP
+As a convenience, if you 
+.IR ssh (1)
+in and start x11vnc
+it will look to see if the environment variable
+SSH_CONNECTION is set and appears reasonable.  If it
+does, then the stunnel requirement is dropped since
+it is assumed you are using ssh for the encrypted
+tunnelling.  Use \fB-stunnel\fR to force stunnel usage.
+.IP
 Set UNIXPW_DISABLE_LOCALHOST=1 to disable the \fB-localhost\fR
 requirement.  One should never do this (i.e. allow the
 Unix passwords to be sniffed on the network).
@@ -539,7 +568,19 @@ NOTE: in \fB-inetd\fR mode the two settings are not enforced
 since x11vnc does not make network connections in
 that case.  Be sure to use encryption from the viewer
 to inetd.  One can also have your own stunnel spawn
-x11vnc in \fB-inetd\fR mode.
+x11vnc in \fB-inetd\fR mode.  See the FAQ.
+.IP
+The user names in the comma separated [list] can have
+per-user options after a ":", e.g. "fred:opts"
+where "opts" is a "+" separated list of
+"viewonly", "fullaccess", "input=XXXX", or
+"deny", e.g. "karl,fred:viewonly,boss:input=M".
+For "input=" it is the K,M,B,C describe under \fB-input.\fR
+.IP
+If a user in the list is "*" that means those options
+apply to all users.  It also means all users are allowed
+to log in.  Use "deny" to explicitly deny some users
+if you use "*" to set a global option.
 .PP
 \fB-stunnel\fR \fI[pem]\fR
 .IP
@@ -549,17 +590,22 @@ Use the
 encrypted SSL tunnel between viewers and x11vnc.
 This requires stunnel be installed on the system and
 available via PATH (n.b. stunnel is often installed in
-sbin directories).  Version 4.x of stunnel is assumed.
+sbin directories).  Version 4.x of stunnel is assumed;
+see \fB-stunnel3\fR below.
 .IP
 [pem] is optional, use "\fB-stunnel\fR \fI/path/to/stunnel.pem\fR"
 to specify a PEM certificate file to pass to stunnel.
+Whether one is needed or not depends on your stunnel
+configuration.
 .IP
-stunnel is started up as a child process and any SSL
-connections it receives are decrypted and sent to x11vnc
-over a local socket.  The strings "The SSL VNC desktop
-is ..." and SSLPORT=... are printed out at startup.
+stunnel is started up as a child process of x11vnc and
+any SSL connections stunnel receives are decrypted and
+sent to x11vnc over a local socket.  The strings "The
+SSL VNC desktop is ..." and SSLPORT=... are printed
+out at startup.
 .IP
-The \fB-localhost\fR option is enforced by default.  Set
+The \fB-localhost\fR option is enforced by default to
+avoid people routing around the SSL channel.  Set
 STUNNEL_DISABLE_LOCALHOST=1 to disable the requirement.
 .IP
 Your VNC viewer will need to be able to connect via SSL.
@@ -573,7 +619,8 @@ A simple example on Unix using stunnel 3.x is:
 % vncviewer localhost:1
 .IP
 For Windows, stunnel has been ported to it and there
-are probably other such tools available.
+are probably other such tools available.  See the FAQ
+for more examples.
 .PP
 \fB-stunnel3\fR \fI[pem]\fR
 .IP
@@ -685,8 +732,9 @@ Example: \fB-afteraccept\fR 'killall xlock &'
 As \fB-accept,\fR except to run a user supplied command when
 a client goes away (disconnects).  RFB_MODE will be
 set to "gone" and the other RFB_* variables are as
-in \fB-accept.\fR  Unlike \fB-accept,\fR the command return code
-is not interpreted by x11vnc.  Example: \fB-gone\fR 'xlock &'
+in \fB-accept.\fR  The "popup" actions apply as well.
+Unlike \fB-accept,\fR the command return code is not
+interpreted by x11vnc.  Example: \fB-gone\fR 'xlock &'
 .PP
 \fB-users\fR \fIlist\fR
 .IP
@@ -2183,6 +2231,10 @@ timeout:n       reset \fB-timeout\fR to n, if there are
 currently no clients, exit unless one
 connects in the next n secs.
 .IP
+filexfer        enable  filetransfer for new clients.
+.IP
+nofilexfer      disable filetransfer for new clients.
+.IP
 http            enable  http client connections.
 .IP
 nohttp          disable http client connections.
@@ -2600,11 +2652,11 @@ nowaitmapped clip flashcmap noflashcmap shiftcmap
 truecolor notruecolor overlay nooverlay overlay_cursor
 overlay_yescursor nooverlay_nocursor nooverlay_cursor
 nooverlay_yescursor overlay_nocursor 8to24 no8to24
-8to24_opts visual scale scale_cursor viewonly
-noviewonly shared noshared forever noforever once
-timeout filexfer deny lock nodeny unlock connect
-allowonce allow localhost nolocalhost listen lookup
-nolookup accept afteraccept gone shm noshm flipbyteorder
+8to24_opts visual scale scale_cursor viewonly noviewonly
+shared noshared forever noforever once timeout filexfer
+nofilexfer deny lock nodeny unlock connect allowonce
+allow localhost nolocalhost listen lookup nolookup
+accept afteraccept gone shm noshm flipbyteorder
 noflipbyteorder onetile noonetile solid_color solid
 nosolid blackout xinerama noxinerama xtrap noxtrap
 xrandr noxrandr xrandr_mode padgeom quiet q noquiet
@@ -2643,14 +2695,15 @@ http_url auth xauth users rootshift clipshift
 scale_str scaled_x scaled_y scale_numer scale_denom
 scale_fac scaling_blend scaling_nomult4 scaling_pad
 scaling_interpolate inetd privremote unsafe safer nocmds
-passwdfile using_shm logfile o flag rc norc h help V
-version lastmod bg sigpipe threads readrate netrate
-netlatency pipeinput clients client_count pid ext_xtest
-ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama
-ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin
-num_buttons button_mask mouse_x mouse_y bpp depth
-indexed_color dpy_x dpy_y wdpy_x wdpy_y off_x off_y
-cdpy_x cdpy_y coff_x coff_y rfbauth passwd viewpasswd
+passwdfile unixpw unixpw_list stunnel stunnel_pem
+using_shm logfile o flag rc norc h help V version
+lastmod bg sigpipe threads readrate netrate netlatency
+pipeinput clients client_count pid ext_xtest ext_xtrap
+ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay
+ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons
+button_mask mouse_x mouse_y bpp depth indexed_color
+dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y
+coff_x coff_y rfbauth passwd viewpasswd
 .PP
 \fB-QD\fR \fIvariable\fR
 .IP

x11vnc/x11vnc.c

@@ -904,6 +904,7 @@ static void print_settings(int try_http, int bg, char *gui_str) {
 	fprintf(stderr, "Settings:\n");
 	fprintf(stderr, " display:    %s\n", use_dpy ? use_dpy
 	    : "null");
+#if SMALL_FOOTPRINT < 2
 	fprintf(stderr, " authfile:   %s\n", auth_file ? auth_file
 	    : "null");
 	fprintf(stderr, " subwin:     0x%lx\n", subwin);
@@ -940,6 +941,7 @@ static void print_settings(int try_http, int bg, char *gui_str) {
 	fprintf(stderr, " passfile:   %s\n", passwdfile ? passwdfile
 	    : "null");
 	fprintf(stderr, " unixpw:     %d\n", unixpw);
+	fprintf(stderr, " unixpw_lst: %s\n", unixpw_list ? unixpw_list:"null");
 	fprintf(stderr, " stunnel:    %d\n", use_stunnel);
 	fprintf(stderr, " accept:     %s\n", accept_cmd ? accept_cmd
 	    : "null");
@@ -1073,6 +1075,7 @@ static void print_settings(int try_http, int bg, char *gui_str) {
 	fprintf(stderr, " nocmds:     %d\n", no_external_cmds);
 	fprintf(stderr, " deny_all:   %d\n", deny_all);
 	fprintf(stderr, "\n");
+#endif
 	rfbLog("x11vnc version: %s\n", lastmod);
 }
 
@@ -1282,6 +1285,7 @@ int main(int argc, char* argv[]) {
 		} else if (!strcmp(arg, "-overlay_yescursor")) {
 			overlay = 1;
 			overlay_cursor = 2;
+#if !SKIP_8TO24
 		} else if (!strcmp(arg, "-8to24")) {
 			cmap8to24 = 1;
 			if (i < argc-1) {
@@ -1291,6 +1295,7 @@ int main(int argc, char* argv[]) {
 					i++;
 				}
 			}
+#endif
 		} else if (!strcmp(arg, "-visual")) {
 			CHECK_ARGC
 			visual_str = strdup(argv[++i]);
@@ -1359,14 +1364,36 @@ int main(int argc, char* argv[]) {
 			CHECK_ARGC
 			passwdfile = strdup(argv[++i]);
 			got_passwdfile = 1;
-		} else if (!strcmp(arg, "-unixpw")) {
+		} else if (!strcmp(arg, "-unixpw")
+		    || !strcmp(arg, "-unixpw_unsafe")) {
 			unixpw = 1;
 			if (i < argc-1) {
-				char *s = argv[i+1];
+				char *p, *q, *s = argv[i+1];
 				if (s[0] != '-') {
 					unixpw_list = strdup(s);
 					i++;
 				}
+				if (s[0] == '%') {
+					p = unixpw_list;
+					unixpw_list = NULL;
+					strcpy(p, s+1);
+					strcat(p, "\n");	/* just fits */
+					if ((q = strchr(p, ':')) == NULL) {
+						exit(1);
+					}
+					*q = '\0';
+					if (su_verify(p, q+1)) {
+						fprintf(stderr, "\nY\n");
+					} else {
+						fprintf(stderr, "\nN\n");
+					}
+					exit(0);
+				}
+			}
+			if (!strcmp(arg, "-unixpw_unsafe")) {
+				/* hidden option for testing. */
+				set_env("UNIXPW_DISABLE_STUNNEL", "1");
+				set_env("UNIXPW_DISABLE_LOCALHOST", "1");
 			}
 		} else if (!strcmp(arg, "-stunnel")) {
 			use_stunnel = 1;
@@ -2079,12 +2106,16 @@ int main(int argc, char* argv[]) {
 			allow_list = strdup("127.0.0.1");
 			got_localhost = 1;
 		}
-		if (! got_stunnel && ! getenv("UNIXPW_DISABLE_STUNNEL")) {
+		if (! got_stunnel) {
+			if (! getenv("UNIXPW_DISABLE_STUNNEL") &&
+			    ! have_ssh_env()) {
 				if (! quiet) {
-				rfbLog("Setting -stunnel in -unixpw mode.\n");
+					rfbLog("Setting -stunnel in -unixpw "
+					    "mode.\n");
 				}
 				use_stunnel = 1;
 			}
+		}
 	    } else if (use_stunnel) {
 
 		if (! got_localhost && ! getenv("STUNNEL_DISABLE_LOCALHOST")) {

x11vnc/x11vnc.h

@@ -116,15 +116,18 @@
 #define NOGUI
 #endif
 
+#define SKIP_XKB 0
+#define SKIP_8TO24 0
+
 #if (SMALL_FOOTPRINT > 1)
-#undef LIBVNCSERVER_HAVE_XKEYBOARD
+#undef SKIP_XKB
+#undef SKIP_8TO24
 #undef LIBVNCSERVER_HAVE_LIBXINERAMA
-#undef LIBVNCSERVER_HAVE_LIBXRANDR
 #undef LIBVNCSERVER_HAVE_LIBXFIXES
 #undef LIBVNCSERVER_HAVE_LIBXDAMAGE
-#define LIBVNCSERVER_HAVE_XKEYBOARD 0
+#define SKIP_XKB 1
+#define SKIP_8TO24 1
 #define LIBVNCSERVER_HAVE_LIBXINERAMA 0
-#define LIBVNCSERVER_HAVE_LIBXRANDR 0
 #define LIBVNCSERVER_HAVE_LIBXFIXES 0
 #define LIBVNCSERVER_HAVE_LIBXDAMAGE 0
 #endif

x11vnc/x11vnc_defs.c

@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
 int xdamage_base_event_type = 0;
 
 /*               date +'lastmod: %Y-%m-%d' */
-char lastmod[] = "0.8.1 lastmod: 2006-02-24";
+char lastmod[] = "0.8.1 lastmod: 2006-03-02";
 
 /* X display info */