add '-listen ipaddr' option

ChangeLog

+2005-03-04  Karl Runge <runge@karlrunge.com>
+	* libvncserver/{cargs.c,sockets.c}: add -listen option and
+	  rfbScreen member listenInterface.
+	* rfb/rfb.h: rfbListenOnTCPPort() and rfbListenOnUDPPort()
+	  function prototypes changed to include network interface.
+
 2005-02-14  Karl Runge <runge@karlrunge.com>
 	* x11vnc: -users lurk=, -solid for cde, -gui ez,.. beginner mode.
 

libvncclient/sockets.c

@@ -305,7 +305,7 @@ FindFreeTcpPort(void)
   struct sockaddr_in addr;
 
   addr.sin_family = AF_INET;
-  addr.sin_addr.s_addr = INADDR_ANY;
+  addr.sin_addr.s_addr = htonl(INADDR_ANY);
 
   sock = socket(AF_INET, SOCK_STREAM, 0);
   if (sock < 0) {
@@ -339,7 +339,7 @@ ListenAtTcpPort(int port)
 
   addr.sin_family = AF_INET;
   addr.sin_port = htons(port);
-  addr.sin_addr.s_addr = INADDR_ANY;
+  addr.sin_addr.s_addr = htonl(INADDR_ANY);
 
   sock = socket(AF_INET, SOCK_STREAM, 0);
   if (sock < 0) {

libvncserver/cargs.c

@@ -14,6 +14,8 @@
 
 #include <rfb/rfb.h>
 
+extern rfbStringToAddr(char *str, in_addr_t *iface);
+
 void
 rfbUsage(void)
 {
@@ -36,6 +38,8 @@ rfbUsage(void)
     fprintf(stderr, "-httpport portnum      use portnum for http connection\n");
     fprintf(stderr, "-enablehttpproxy       enable http proxy support\n");
     fprintf(stderr, "-progressive height    enable progressive updating for slow links\n");
+    fprintf(stderr, "-listen ipaddr         listen for connections only on network interface with\n");
+    fprintf(stderr, "                       addr ipaddr. '-listen localhost' and hostname work too.\n");
 }
 
 /* purges COUNT arguments from ARGV at POSITION and decrements ARGC.
@@ -125,6 +129,14 @@ rfbProcessArguments(rfbScreenInfoPtr rfbScreen,int* argc, char *argv[])
 		return FALSE;
 	    }
             rfbScreen->progressiveSliceHeight = atoi(argv[++i]);
+        } else if (strcmp(argv[i], "-listen") == 0) {  /* -listen ipaddr */
+            if (i + 1 >= *argc) {
+		rfbUsage();
+		return FALSE;
+	    }
+            if (! rfbStringToAddr(argv[++i], &(rfbScreen->listenInterface))) {
+                return FALSE;
+            }
         } else {
 	    i++;
 	    i1=i;

libvncserver/httpd.c

@@ -102,7 +102,8 @@ rfbHttpInitSockets(rfbScreenInfoPtr rfbScreen)
 
     rfbLog("  URL http://%s:%d\n",rfbScreen->thisHost,rfbScreen->httpPort);
 
-    if ((rfbScreen->httpListenSock = rfbListenOnTCPPort(rfbScreen->httpPort)) < 0) {
+    if ((rfbScreen->httpListenSock =
+      rfbListenOnTCPPort(rfbScreen->httpPort, rfbScreen->listenInterface)) < 0) {
 	rfbLogPerror("ListenOnTCPPort");
 	return;
     }

libvncserver/main.c

@@ -579,6 +579,8 @@ rfbScreenInfoPtr rfbGetScreen(int* argc,char** argv,
    /* disable progressive updating per default */
    screen->progressiveSliceHeight = 0;
 
+   screen->listenInterface = htonl(INADDR_ANY);
+
    if(!rfbProcessArguments(screen,argc,argv)) {
      free(screen);
      return 0;

libvncserver/sockets.c

@@ -102,6 +102,8 @@ int rfbMaxClientWait = 20000;   /* time (ms) after which we decide client has
 void
 rfbInitSockets(rfbScreenInfoPtr rfbScreen)
 {
+    in_addr_t iface = rfbScreen->listenInterface;
+
     if (rfbScreen->socketInitDone)
 	return;
 
@@ -132,9 +134,8 @@ rfbInitSockets(rfbScreenInfoPtr rfbScreen)
     if(rfbScreen->autoPort) {
         int i;
         rfbLog("Autoprobing TCP port \n");
-
         for (i = 5900; i < 6000; i++) {
-            if ((rfbScreen->listenSock = rfbListenOnTCPPort(i)) >= 0) {
+            if ((rfbScreen->listenSock = rfbListenOnTCPPort(i, iface)) >= 0) {
 		rfbScreen->port = i;
 		break;
 	    }
@@ -153,7 +154,7 @@ rfbInitSockets(rfbScreenInfoPtr rfbScreen)
     else if(rfbScreen->port>0) {
       rfbLog("Listening for VNC connections on TCP port %d\n", rfbScreen->port);
 
-      if ((rfbScreen->listenSock = rfbListenOnTCPPort(rfbScreen->port)) < 0) {
+      if ((rfbScreen->listenSock = rfbListenOnTCPPort(rfbScreen->port, iface)) < 0) {
 	rfbLogPerror("ListenOnTCPPort");
 	return;
       }
@@ -166,7 +167,7 @@ rfbInitSockets(rfbScreenInfoPtr rfbScreen)
     if (rfbScreen->udpPort != 0) {
 	rfbLog("rfbInitSockets: listening for input on UDP port %d\n",rfbScreen->udpPort);
 
-	if ((rfbScreen->udpSock = rfbListenOnUDPPort(rfbScreen->udpPort)) < 0) {
+	if ((rfbScreen->udpSock = rfbListenOnUDPPort(rfbScreen->udpPort, iface)) < 0) {
 	    rfbLogPerror("ListenOnUDPPort");
 	    return;
 	}
@@ -527,9 +528,29 @@ rfbWriteExact(cl, buf, len)
     return 1;
 }
 
+/* currently private, called by rfbProcessArguments() */
+int
+rfbStringToAddr(char *str, in_addr_t *addr)  {
+    if (str == NULL || *str == '\0' || strcmp(str, "any") == 0) {
+        *addr = htonl(INADDR_ANY);
+    } else if (strcmp(str, "localhost") == 0) {
+        *addr = htonl(INADDR_LOOPBACK);
+    } else {
+        struct hostent *hp;
+        if ((*addr = inet_addr(str)) == htonl(INADDR_NONE)) {
+            if (!(hp = gethostbyname(str))) {
+                return 0;
+            }
+            *addr = *(unsigned long *)hp->h_addr;
+        }
+    }
+    return 1;
+}
+
 int
-rfbListenOnTCPPort(port)
+rfbListenOnTCPPort(port, iface)
     int port;
+    in_addr_t iface;
 {
     struct sockaddr_in addr;
     int sock;
@@ -538,8 +559,7 @@ rfbListenOnTCPPort(port)
     memset(&addr, 0, sizeof(addr));
     addr.sin_family = AF_INET;
     addr.sin_port = htons(port);
-    /* addr.sin_addr.s_addr = interface.s_addr; */
-    addr.sin_addr.s_addr = INADDR_ANY;
+    addr.sin_addr.s_addr = iface;
 
     if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
 	return -1;
@@ -574,7 +594,7 @@ rfbConnectToTcpAddr(host, port)
     addr.sin_family = AF_INET;
     addr.sin_port = htons(port);
 
-    if ((addr.sin_addr.s_addr = inet_addr(host)) == INADDR_NONE)
+    if ((addr.sin_addr.s_addr = inet_addr(host)) == htonl(INADDR_NONE))
     {
 	if (!(hp = gethostbyname(host))) {
 	    errno = EINVAL;
@@ -596,8 +616,9 @@ rfbConnectToTcpAddr(host, port)
 }
 
 int
-rfbListenOnUDPPort(port)
+rfbListenOnUDPPort(port, iface)
     int port;
+    in_addr_t iface;
 {
     struct sockaddr_in addr;
     int sock;
@@ -606,8 +627,7 @@ rfbListenOnUDPPort(port)
     memset(&addr, 0, sizeof(addr));
     addr.sin_family = AF_INET;
     addr.sin_port = htons(port);
-    /* addr.sin_addr.s_addr = interface.s_addr; */
-    addr.sin_addr.s_addr = INADDR_ANY;
+    addr.sin_addr.s_addr = iface;
 
     if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
 	return -1;

rfb/rfb.h

@@ -257,6 +257,8 @@ typedef struct _rfbScreenInfo
     /* if LibVNCServer doesn't know the normal message, it calls this
      * hook. If the hook handles the message, it returns TRUE. */
     rfbProcessCustomClientMessageProcPtr processCustomClientMessage;
+
+    in_addr_t listenInterface;
 } rfbScreenInfo, *rfbScreenInfoPtr;
 
 
@@ -506,8 +508,8 @@ extern int rfbWriteExact(rfbClientPtr cl, const char *buf, int len);
 extern void rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec);
 extern int rfbConnect(rfbScreenInfoPtr rfbScreen, char* host, int port);
 extern int rfbConnectToTcpAddr(char* host, int port);
-extern int rfbListenOnTCPPort(int port);
-extern int rfbListenOnUDPPort(int port);
+extern int rfbListenOnTCPPort(int port, in_addr_t iface);
+extern int rfbListenOnUDPPort(int port, in_addr_t iface);
 
 /* rfbserver.c */
 

x11vnc/ChangeLog

+2005-03-04  Karl Runge <runge@karlrunge.com>
+	* add changes to couple with -listen option, in particular
+	  the behavior of -localhost and remote control cmds.
+	* workarounds for old trees.
+
 2005-02-23  Karl Runge <runge@karlrunge.com>
 	* final changes for 0.7.1 release.
 

x11vnc/tkx11vnc

@@ -49,6 +49,7 @@ catch {rename send {}}
 #         be the same after the remote command)
 #	G means gui internal item
 #	F means can be set via file browse
+#	D means for simple gui
 #	-C:val1,... means it will be a checkbox (radio button)
 #	   the "-" means no other options follow
 #	0 means to skip the item.
@@ -87,7 +88,7 @@ Clients
 	vncconnect
 	-- D
 	=D http
-	=F httpdir:
+	httpdir:
 	httpport:
 	enablehttpproxy
 
@@ -185,8 +186,9 @@ Permissions
 	=SQA deny_all
 	--
 	=DFP allow:
-	localhost
+	=D localhost
 	=RA allowonce:
+	listen:
 	-- D
 	=RA noremote
 	--

x11vnc/tkx11vnc.h

@@ -55,6 +55,7 @@
 "#         be the same after the remote command)\n"
 "#	G means gui internal item\n"
 "#	F means can be set via file browse\n"
+"#	D means for simple gui\n"
 "#	-C:val1,... means it will be a checkbox (radio button)\n"
 "#	   the \"-\" means no other options follow\n"
 "#	0 means to skip the item.\n"
@@ -93,7 +94,7 @@
 "	vncconnect\n"
 "	-- D\n"
 "	=D http\n"
-"	=F httpdir:\n"
+"	httpdir:\n"
 "	httpport:\n"
 "	enablehttpproxy\n"
 "\n"
@@ -191,8 +192,9 @@
 "	=SQA deny_all\n"
 "	--\n"
 "	=DFP allow:\n"
-"	localhost\n"
+"	=D localhost\n"
 "	=RA allowonce:\n"
+"	listen:\n"
 "	-- D\n"
 "	=RA noremote\n"
 "	--\n"

x11vnc/x11vnc.1

 .\" This file was automatically generated from x11vnc -help output.
-.TH X11VNC "1" "February 2005" "x11vnc " "User Commands"
+.TH X11VNC "1" "March 2005" "x11vnc " "User Commands"
 .SH NAME
 x11vnc - allow VNC connections to real X11 displays
-         version: 0.7.1, lastmod: 2005-02-23
+         version: 0.7.2pre, lastmod: 2005-03-04
 .SH SYNOPSIS
 .B x11vnc
 [OPTION]...
@@ -248,7 +248,19 @@ out with the "#" character in the usual way.
 .PP
 \fB-localhost\fR
 .IP
-Same as \fB-allow\fR 127.0.0.1
+Same as "\fB-allow\fR \fI127.0.0.1\fR".
+.IP
+Note: if you want to restrict which network interface
+x11vnc listens on, see the \fB-listen\fR option below.
+E.g. "\fB-listen\fR \fIlocalhost\fR" or "\fB-listen\fR \fI192.168.3.21\fR".
+As a special case, the option "\fB-localhost\fR" implies
+"\fB-listen\fR \fIlocalhost\fR".
+.IP
+For non-localhost \fB-listen\fR usage, if you use the remote
+control mechanism (-R) to change the \fB-listen\fR interface
+you may need to manually adjust the \fB-allow\fR list (and
+vice versa) to avoid situations where no connections
+(or too many) are allowed.
 .PP
 \fB-input\fR \fIstring\fR
 .IP
@@ -438,7 +450,7 @@ means to try to guess the DISPLAY from the utmpx login
 database as well.  So it "lurks" waiting for anyone
 to log into an X session and then connects to it.
 Specify a list of users after the = to limit which
-users will be tried.  To enable a difference searching
+users will be tried.  To enable a different searching
 mode, if the first user in the list is something like
 ":0" or ":0-2" that indicates a range of DISPLAY
 numbers that will be tried (regardless of whether
@@ -1202,6 +1214,8 @@ localhost       enable  \fB-localhost\fR mode
 .IP
 nolocalhost     disable \fB-localhost\fR mode
 .IP
+listen:str      set \fB-listen\fR to str, empty to disable.
+.IP
 input:str       set \fB-input\fR to "str", empty to disable.
 .IP
 client_input:str set the K, M, B \fB-input\fR on a per-client
@@ -1484,7 +1498,7 @@ nooverlay_nocursor nooverlay_cursor nooverlay_yescursor
 overlay_nocursor visual scale viewonly noviewonly
 shared noshared forever noforever once timeout deny
 lock nodeny unlock connect allowonce allow localhost
-nolocalhost accept gone shm noshm flipbyteorder
+nolocalhost listen accept gone shm noshm flipbyteorder
 noflipbyteorder onetile noonetile solid_color solid
 nosolid blackout xinerama noxinerama xrandr noxrandr
 xrandr_mode padgeom quiet q noquiet modtweak nomodtweak
@@ -1634,6 +1648,11 @@ enable http proxy support
 \fB-progressive\fR \fIheight\fR
 .IP
 enable progressive updating for slow links
+.PP
+\fB-listen\fR \fIipaddr\fR
+.IP
+listen for connections only on network interface with
+addr ipaddr. '-listen localhost' and hostname work too.
 .SH "FILES"
 .IR $HOME/.x11vncrc ,
 .IR $HOME/.Xauthority