Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Contribute to GitLab
Sign in
Toggle navigation
L
libvncserver
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
rasky
libvncserver
Commits
c997e901
Commit
c997e901
authored
Mar 06, 2006
by
runge
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
x11vnc: gui speedup and fixes. -unixpw and -inetd
parent
a9a9c812
Changes
19
Expand all
Show whitespace changes
Inline
Side-by-side
Showing
19 changed files
with
682 additions
and
223 deletions
+682
-223
ChangeLog
x11vnc/ChangeLog
+7
-0
README
x11vnc/README
+49
-32
connections.c
x11vnc/connections.c
+122
-26
connections.h
x11vnc/connections.h
+7
-1
gui.c
x11vnc/gui.c
+46
-11
gui.h
x11vnc/gui.h
+1
-0
help.c
x11vnc/help.c
+46
-29
params.h
x11vnc/params.h
+1
-0
remote.c
x11vnc/remote.c
+15
-14
sslcmds.c
x11vnc/sslcmds.c
+1
-0
tkx11vnc
x11vnc/tkx11vnc
+133
-35
tkx11vnc.h
x11vnc/tkx11vnc.h
+133
-35
unixpw.c
x11vnc/unixpw.c
+4
-0
unixpw.h
x11vnc/unixpw.h
+1
-0
x11vnc.1
x11vnc/x11vnc.1
+51
-30
x11vnc.c
x11vnc/x11vnc.c
+41
-7
x11vnc_defs.c
x11vnc/x11vnc_defs.c
+1
-1
xevents.c
x11vnc/xevents.c
+22
-2
xevents.h
x11vnc/xevents.h
+1
-0
No files found.
x11vnc/ChangeLog
View file @
c997e901
2006-03-06 Karl Runge <runge@karlrunge.com>
* x11vnc: switch remote control to X11VNC_REMOTE property. Put
in -unixpw constraints for reverse connections under -inetd.
-inetd won't quit when reverse conn client leaves. Allow keyboard
input for viewonly -unixpw logins. "%*" utils for testing
-unixpw. improve start time fix bugs, small screen in gui.
2006-03-04 Karl Runge <runge@karlrunge.com>
2006-03-04 Karl Runge <runge@karlrunge.com>
* x11vnc: -unixpw on *bsd, hpux and tru64. Add -unixpw_nis for
* x11vnc: -unixpw on *bsd, hpux and tru64. Add -unixpw_nis for
non-shadow systems. check stunnel dying. check SSH_CONNECTION
non-shadow systems. check stunnel dying. check SSH_CONNECTION
...
...
x11vnc/README
View file @
c997e901
x11vnc
README
file
Date
:
Sat
Mar
4
17
:
57
:
40
EST
2006
x11vnc
README
file
Date
:
Mon
Mar
6
10
:
24
:
41
EST
2006
The
following
information
is
taken
from
these
URLs
:
The
following
information
is
taken
from
these
URLs
:
...
@@ -5382,7 +5382,7 @@ x11vnc: a VNC server for real X displays
...
@@ -5382,7 +5382,7 @@ x11vnc: a VNC server for real X displays
Here are all of x11vnc command line options:
Here are all of x11vnc command line options:
% x11vnc -opts (see below for -help long descriptions)
% x11vnc -opts (see below for -help long descriptions)
x11vnc: allow VNC connections to real X11 displays. 0.8.1 lastmod: 2006-03-0
4
x11vnc: allow VNC connections to real X11 displays. 0.8.1 lastmod: 2006-03-0
6
x11vnc options:
x11vnc options:
-display disp -auth file
-display disp -auth file
...
@@ -5495,7 +5495,7 @@ libvncserver-tight-extension options:
...
@@ -5495,7 +5495,7 @@ libvncserver-tight-extension options:
% x11vnc -help
% x11vnc -help
x11vnc: allow VNC connections to real X11 displays. 0.8.1 lastmod: 2006-03-0
4
x11vnc: allow VNC connections to real X11 displays. 0.8.1 lastmod: 2006-03-0
6
Typical usage is:
Typical usage is:
...
@@ -5793,8 +5793,9 @@ Options:
...
@@ -5793,8 +5793,9 @@ Options:
-novncconnect VNC program vncconnect(1). When the property is
-novncconnect VNC program vncconnect(1). When the property is
set to "host" or "host:port" establish a reverse
set to "host" or "host:port" establish a reverse
connection. Using xprop(1) instead of vncconnect may
connection. Using xprop(1) instead of vncconnect may
work (see the FAQ). The -remote control mechanism also
work (see the FAQ). The -remote control mechanism uses
uses this VNC_CONNECT channel. Default: -vncconnect
X11VNC_REMOTE channel, and this option disables/enables
it as well. Default: -vncconnect
-allow host1[,host2..] Only allow client connections from hosts matching
-allow host1[,host2..] Only allow client connections from hosts matching
the comma separated list of hostnames or IP addresses.
the comma separated list of hostnames or IP addresses.
...
@@ -5909,8 +5910,8 @@ Options:
...
@@ -5909,8 +5910,8 @@ Options:
x11vnc as root with the "-users +nobody" option to
x11vnc as root with the "-users +nobody" option to
immediately switch to user nobody. Another source of
immediately switch to user nobody. Another source of
problems are PAM modules that prompt for extra info,
problems are PAM modules that prompt for extra info,
e.g. password aging modules. These logins will
always
e.g. password aging modules. These logins will
fail
fail as well
.
as well even when the correct password is supplied
.
*IMPORTANT*: to prevent the Unix password being sent in
*IMPORTANT*: to prevent the Unix password being sent in
*clear text* over the network, two x11vnc options are
*clear text* over the network, two x11vnc options are
...
@@ -5937,17 +5938,28 @@ Options:
...
@@ -5937,17 +5938,28 @@ Options:
is set and appears reasonable. If it does, then the
is set and appears reasonable. If it does, then the
stunnel requirement is dropped since it is assumed
stunnel requirement is dropped since it is assumed
you are using ssh for the encrypted tunnelling.
you are using ssh for the encrypted tunnelling.
Use -stunnel to force stunnel usage.
Use -stunnel to force stunnel usage
for this case
.
Set UNIXPW_DISABLE_LOCALHOST=1 to disable the -localhost
Set UNIXPW_DISABLE_LOCALHOST=1 to disable the -localhost
requirement. One should never do this (i.e. allow the
requirement. One should never do this (i.e. allow the
Unix passwords to be sniffed on the network).
Unix passwords to be sniffed on the network).
NOTE: in -inetd mode the two settings are not enforced
Regarding reverse connections (e.g. -R connect:host),
since x11vnc does not make network connections in
the -localhost constraint is in effect and the reverse
that case. Be sure to use encryption from the viewer
connections can only be used to connect to the same
to inetd. One can also have your own stunnel spawn
machine x11vnc is running on (default port 5500).
x11vnc in -inetd mode. See the FAQ.
Please use a ssh or stunnel port redirection to the
viewer machine to tunnel the reverse connection over
an encrypted channel. Note that Unix username and
password *will* be prompted for (unlike VNC passwords
that are skipped for reverse connections).
NOTE: in -inetd mode the two settings are attempted
to be enforced for reverse connections. Be sure to
use encryption from the viewer to inetd since x11vnc
cannot guess easily if it is encrpyted. Note: you can
also have your own stunnel spawn x11vnc in -inetd mode
(i.e. bypassing inetd). See the FAQ.
The user names in the comma separated [list] can have
The user names in the comma separated [list] can have
per-user options after a ":", e.g. "fred:opts"
per-user options after a ":", e.g. "fred:opts"
...
@@ -5962,16 +5974,21 @@ Options:
...
@@ -5962,16 +5974,21 @@ Options:
Use "deny" to explicitly deny some users if you use
Use "deny" to explicitly deny some users if you use
"*" to set a global option.
"*" to set a global option.
-unixpw_nis [list] As -unixpw above, however do not run su(1) but rather
There are also some tools for testing password if [list]
use the traditional getpwnam() + crypt() method instead.
starts with the "%" character. See the quick_pw()
This requires that the encrpyted passwords be readable.
function for details.
Passwords stored in /etc/shadow will be inaccessible
unless run as root. This is called "NIS" mode
-unixpw_nis [list] As -unixpw above, however do not use su(1) but rather
simply because in most NIS setups the user encrypted
use the traditional getpwnam(3) + crypt(3) method
passwords are accessible (e.g. "ypcat passwd").
instead. This requires that the encrpyted passwords
NIS is not required for this mode to work, but it
be readable. Passwords stored in /etc/shadow will
is unlikely it will work for any other environment.
be inaccessible unless run as root. This is called
All of the -unixpw options and contraints apply.
"NIS" mode simply because in most NIS setups the
user encrypted passwords are accessible (e.g. "ypcat
passwd"). NIS is not required for this mode to
work, but it is unlikely it will work for any other
environment. All of the -unixpw options and contraints
apply.
-stunnel [pem] Use the stunnel(1) (www.stunnel.org) to provide
-stunnel [pem] Use the stunnel(1) (www.stunnel.org) to provide
an encrypted SSL tunnel between viewers and x11vnc.
an encrypted SSL tunnel between viewers and x11vnc.
...
@@ -7238,7 +7255,7 @@ n
...
@@ -7238,7 +7255,7 @@ n
-remote command.
-remote command.
The default communication channel is that of X
The default communication channel is that of X
properties (specifically
VNC_CONNECT
), and so this
properties (specifically
X11VNC_REMOTE
), and so this
command must be run with correct settings for DISPLAY
command must be run with correct settings for DISPLAY
and possibly XAUTHORITY to connect to the X server
and possibly XAUTHORITY to connect to the X server
and set the property. Alternatively, use the -display
and set the property. Alternatively, use the -display
...
@@ -7520,9 +7537,9 @@ n
...
@@ -7520,9 +7537,9 @@ n
it
comes
back
with
prefix
"aro="
instead
of
"ans="
.
it
comes
back
with
prefix
"aro="
instead
of
"ans="
.
Some
-
remote
commands
are
pure
actions
that
do
not
make
Some
-
remote
commands
are
pure
actions
that
do
not
make
sense
as
variables
,
e
.
g
.
"stop"
or
"disconnect"
,
sense
as
variables
,
e
.
g
.
"stop"
or
"disconnect"
,
in
in
these
cases
the
value
returned
is
"N/A"
.
To
direct
these
cases
the
value
returned
is
"N/A"
.
To
direct
a
a
query
straight
to
the
VNC_CONNECT
property
or
connect
query
straight
to
the
X11VNC_REMOTE
property
or
connect
file
use
"qry=..."
instead
of
"cmd=..."
file
use
"qry=..."
instead
of
"cmd=..."
Here
is
the
current
list
of
"variables"
that
can
Here
is
the
current
list
of
"variables"
that
can
...
@@ -7621,9 +7638,9 @@ n
...
@@ -7621,9 +7638,9 @@ n
A
note
about
security
wrt
remote
control
commands
.
A
note
about
security
wrt
remote
control
commands
.
If
someone
can
connect
to
the
X
display
and
change
If
someone
can
connect
to
the
X
display
and
change
the
property
VNC_CONNECT
,
then
they
can
remotely
the
property
X11VNC_REMOTE
,
then
they
can
remotely
control
x11vnc
.
Normally
access
to
the
X
display
is
control
x11vnc
.
Normally
access
to
the
X
display
is
protected
.
Note
that
if
they
can
modify
VNC_CONNECT
protected
.
Note
that
if
they
can
modify
X11VNC_REMOTE
on
the
X
server
,
they
have
enough
permissions
to
also
on
the
X
server
,
they
have
enough
permissions
to
also
run
their
own
x11vnc
and
thus
have
complete
control
run
their
own
x11vnc
and
thus
have
complete
control
of
the
desktop
.
If
the
"-connect /path/to/file"
of
the
desktop
.
If
the
"-connect /path/to/file"
...
@@ -7633,9 +7650,9 @@ n
...
@@ -7633,9 +7650,9 @@ n
permissions. See -privremote below.
permissions. See -privremote below.
If you are paranoid and do not think -noremote is
If you are paranoid and do not think -noremote is
enough, to disable the
VNC_CONNECT
property channel
enough, to disable the
X11VNC_REMOTE
property channel
completely use -novncconnect, or use the -safer
completely use -novncconnect, or use the -safer
option
option
that shuts many things off.
that shuts many things off.
-unsafe A few remote commands are disabled by default
-unsafe A few remote commands are disabled by default
(currently: id:pick, accept:<cmd>, gone:<cmd>, and
(currently: id:pick, accept:<cmd>, gone:<cmd>, and
...
...
x11vnc/connections.c
View file @
c997e901
...
@@ -19,6 +19,9 @@
...
@@ -19,6 +19,9 @@
/* string for the VNC_CONNECT property */
/* string for the VNC_CONNECT property */
char
vnc_connect_str
[
VNC_CONNECT_MAX
+
1
];
char
vnc_connect_str
[
VNC_CONNECT_MAX
+
1
];
Atom
vnc_connect_prop
=
None
;
Atom
vnc_connect_prop
=
None
;
char
x11vnc_remote_str
[
X11VNC_REMOTE_MAX
+
1
];
Atom
x11vnc_remote_prop
=
None
;
rfbClientPtr
inetd_client
=
NULL
;
int
all_clients_initialized
(
void
);
int
all_clients_initialized
(
void
);
char
*
list_clients
(
void
);
char
*
list_clients
(
void
);
...
@@ -29,7 +32,9 @@ void set_client_input(char *str);
...
@@ -29,7 +32,9 @@ void set_client_input(char *str);
void
set_child_info
(
void
);
void
set_child_info
(
void
);
void
reverse_connect
(
char
*
str
);
void
reverse_connect
(
char
*
str
);
void
set_vnc_connect_prop
(
char
*
str
);
void
set_vnc_connect_prop
(
char
*
str
);
void
read_vnc_connect_prop
(
void
);
void
read_vnc_connect_prop
(
int
);
void
set_x11vnc_remote_prop
(
char
*
str
);
void
read_x11vnc_remote_prop
(
int
);
void
check_connect_inputs
(
void
);
void
check_connect_inputs
(
void
);
void
check_gui_inputs
(
void
);
void
check_gui_inputs
(
void
);
enum
rfbNewClientAction
new_client
(
rfbClientPtr
client
);
enum
rfbNewClientAction
new_client
(
rfbClientPtr
client
);
...
@@ -604,8 +609,8 @@ static void client_gone(rfbClientPtr client) {
...
@@ -604,8 +609,8 @@ static void client_gone(rfbClientPtr client) {
free_client_data
(
client
);
free_client_data
(
client
);
if
(
inetd
)
{
if
(
inetd
&&
client
==
inetd_client
)
{
rfbLog
(
"viewer exited.
\n
"
);
rfbLog
(
"
inetd
viewer exited.
\n
"
);
clean_up_exit
(
0
);
clean_up_exit
(
0
);
}
}
if
(
connect_once
)
{
if
(
connect_once
)
{
...
@@ -1463,6 +1468,21 @@ static int do_reverse_connect(char *str) {
...
@@ -1463,6 +1468,21 @@ static int do_reverse_connect(char *str) {
*
p
=
'\0'
;
*
p
=
'\0'
;
}
}
if
(
inetd
&&
unixpw
)
{
if
(
strcmp
(
host
,
"localhost"
)
&&
strcmp
(
host
,
"127.0.0.1"
))
{
if
(
!
getenv
(
"UNIXPW_DISABLE_LOCALHOST"
))
{
rfbLog
(
"reverse_connect: in -inetd only localhost
\n
"
);
rfbLog
(
"connections allowed under -unixpw
\n
"
);
return
0
;
}
}
if
(
!
getenv
(
"UNIXPW_DISABLE_STUNNEL"
)
&&
!
have_ssh_env
())
{
rfbLog
(
"reverse_connect: in -inetd stunnel/ssh
\n
"
);
rfbLog
(
"required under -unixpw
\n
"
);
return
0
;
}
}
cl
=
rfbReverseConnection
(
screen
,
host
,
rport
);
cl
=
rfbReverseConnection
(
screen
,
host
,
rport
);
free
(
host
);
free
(
host
);
...
@@ -1529,15 +1549,20 @@ void reverse_connect(char *str) {
...
@@ -1529,15 +1549,20 @@ void reverse_connect(char *str) {
}
}
/*
/*
* Routines for monitoring the VNC_CONNECT
property for changes.
* Routines for monitoring the VNC_CONNECT
and X11VNC_REMOTE properties
* The vncconnect(1) will set it on our X display.
*
for changes.
The vncconnect(1) will set it on our X display.
*/
*/
void
set_vnc_connect_prop
(
char
*
str
)
{
void
set_vnc_connect_prop
(
char
*
str
)
{
XChangeProperty
(
dpy
,
rootwin
,
vnc_connect_prop
,
XA_STRING
,
8
,
XChangeProperty
(
dpy
,
rootwin
,
vnc_connect_prop
,
XA_STRING
,
8
,
PropModeReplace
,
(
unsigned
char
*
)
str
,
strlen
(
str
));
PropModeReplace
,
(
unsigned
char
*
)
str
,
strlen
(
str
));
}
}
void
read_vnc_connect_prop
(
void
)
{
void
set_x11vnc_remote_prop
(
char
*
str
)
{
XChangeProperty
(
dpy
,
rootwin
,
x11vnc_remote_prop
,
XA_STRING
,
8
,
PropModeReplace
,
(
unsigned
char
*
)
str
,
strlen
(
str
));
}
void
read_vnc_connect_prop
(
int
nomsg
)
{
Atom
type
;
Atom
type
;
int
format
,
slen
,
dlen
;
int
format
,
slen
,
dlen
;
unsigned
long
nitems
=
0
,
bytes_after
=
0
;
unsigned
long
nitems
=
0
,
bytes_after
=
0
;
...
@@ -1575,28 +1600,73 @@ void read_vnc_connect_prop(void) {
...
@@ -1575,28 +1600,73 @@ void read_vnc_connect_prop(void) {
}
while
(
bytes_after
>
0
);
}
while
(
bytes_after
>
0
);
vnc_connect_str
[
VNC_CONNECT_MAX
]
=
'\0'
;
vnc_connect_str
[
VNC_CONNECT_MAX
]
=
'\0'
;
if
(
!
db
)
{
if
(
!
db
||
nomsg
)
{
;
;
}
else
if
(
strstr
(
vnc_connect_str
,
"ans=stop:N/A,ans=quit:N/A,ans="
))
{
}
else
{
rfbLog
(
"read VNC_CONNECT: %s
\n
"
,
vnc_connect_str
);
}
}
void
read_x11vnc_remote_prop
(
int
nomsg
)
{
Atom
type
;
int
format
,
slen
,
dlen
;
unsigned
long
nitems
=
0
,
bytes_after
=
0
;
unsigned
char
*
data
=
NULL
;
int
db
=
1
;
x11vnc_remote_str
[
0
]
=
'\0'
;
slen
=
0
;
if
(
!
vnc_connect
||
x11vnc_remote_prop
==
None
)
{
/* not active or problem with X11VNC_REMOTE atom */
return
;
}
/* read the property value into x11vnc_remote_str: */
do
{
if
(
XGetWindowProperty
(
dpy
,
DefaultRootWindow
(
dpy
),
x11vnc_remote_prop
,
nitems
/
4
,
X11VNC_REMOTE_MAX
/
16
,
False
,
AnyPropertyType
,
&
type
,
&
format
,
&
nitems
,
&
bytes_after
,
&
data
)
==
Success
)
{
dlen
=
nitems
*
(
format
/
8
);
if
(
slen
+
dlen
>
X11VNC_REMOTE_MAX
)
{
/* too big */
rfbLog
(
"warning: truncating large X11VNC_REMOTE"
" string > %d bytes.
\n
"
,
X11VNC_REMOTE_MAX
);
XFree
(
data
);
break
;
}
memcpy
(
x11vnc_remote_str
+
slen
,
data
,
dlen
);
slen
+=
dlen
;
x11vnc_remote_str
[
slen
]
=
'\0'
;
XFree
(
data
);
}
}
while
(
bytes_after
>
0
);
x11vnc_remote_str
[
X11VNC_REMOTE_MAX
]
=
'\0'
;
if
(
!
db
||
nomsg
)
{
;
}
else
if
(
strstr
(
x11vnc_remote_str
,
"ans=stop:N/A,ans=quit:N/A,ans="
))
{
;
;
}
else
if
(
strstr
(
vnc_connect
_str
,
"qry=stop,quit,exit"
))
{
}
else
if
(
strstr
(
x11vnc_remote
_str
,
"qry=stop,quit,exit"
))
{
;
;
}
else
if
(
strstr
(
vnc_connect_str
,
"ack="
)
==
vnc_connect
_str
)
{
}
else
if
(
strstr
(
x11vnc_remote_str
,
"ack="
)
==
x11vnc_remote
_str
)
{
;
;
}
else
if
(
quiet
&&
strstr
(
vnc_connect
_str
,
"qry=ping"
)
==
}
else
if
(
quiet
&&
strstr
(
x11vnc_remote
_str
,
"qry=ping"
)
==
vnc_connect
_str
)
{
x11vnc_remote
_str
)
{
;
;
}
else
if
(
strstr
(
vnc_connect
_str
,
"cmd="
)
&&
}
else
if
(
strstr
(
x11vnc_remote
_str
,
"cmd="
)
&&
strstr
(
vnc_connect
_str
,
"passwd"
))
{
strstr
(
x11vnc_remote
_str
,
"passwd"
))
{
rfbLog
(
"read
VNC_CONNECT
: *
\n
"
);
rfbLog
(
"read
X11VNC_REMOTE
: *
\n
"
);
}
else
if
(
strlen
(
vnc_connect
_str
)
>
38
)
{
}
else
if
(
strlen
(
x11vnc_remote
_str
)
>
38
)
{
char
trim
[
100
];
char
trim
[
100
];
trim
[
0
]
=
'\0'
;
trim
[
0
]
=
'\0'
;
strncat
(
trim
,
vnc_connect
_str
,
38
);
strncat
(
trim
,
x11vnc_remote
_str
,
38
);
rfbLog
(
"read
VNC_CONNECT
: %s ...
\n
"
,
trim
);
rfbLog
(
"read
X11VNC_REMOTE
: %s ...
\n
"
,
trim
);
}
else
{
}
else
{
rfbLog
(
"read
VNC_CONNECT: %s
\n
"
,
vnc_connect
_str
);
rfbLog
(
"read
X11VNC_REMOTE: %s
\n
"
,
x11vnc_remote
_str
);
}
}
}
}
...
@@ -1643,6 +1713,13 @@ void check_connect_inputs(void) {
...
@@ -1643,6 +1713,13 @@ void check_connect_inputs(void) {
vnc_connect_str
[
0
]
=
'\0'
;
vnc_connect_str
[
0
]
=
'\0'
;
}
}
send_client_connect
();
send_client_connect
();
/* X11VNC_REMOTE property */
if
(
vnc_connect
&&
*
x11vnc_remote_str
!=
'\0'
)
{
client_connect
=
strdup
(
x11vnc_remote_str
);
x11vnc_remote_str
[
0
]
=
'\0'
;
}
send_client_connect
();
}
}
void
check_gui_inputs
(
void
)
{
void
check_gui_inputs
(
void
)
{
...
@@ -1650,7 +1727,7 @@ void check_gui_inputs(void) {
...
@@ -1650,7 +1727,7 @@ void check_gui_inputs(void) {
int
socks
[
ICON_MODE_SOCKS
];
int
socks
[
ICON_MODE_SOCKS
];
fd_set
fds
;
fd_set
fds
;
struct
timeval
tv
;
struct
timeval
tv
;
char
buf
[
VNC_CONNECT
_MAX
+
1
];
char
buf
[
X11VNC_REMOTE
_MAX
+
1
];
ssize_t
nbytes
;
ssize_t
nbytes
;
if
(
unixpw_in_progress
)
return
;
if
(
unixpw_in_progress
)
return
;
...
@@ -1686,10 +1763,10 @@ void check_gui_inputs(void) {
...
@@ -1686,10 +1763,10 @@ void check_gui_inputs(void) {
if
(
!
FD_ISSET
(
fd
,
&
fds
))
{
if
(
!
FD_ISSET
(
fd
,
&
fds
))
{
continue
;
continue
;
}
}
for
(
k
=
0
;
k
<=
VNC_CONNECT
_MAX
;
k
++
)
{
for
(
k
=
0
;
k
<=
X11VNC_REMOTE
_MAX
;
k
++
)
{
buf
[
k
]
=
'\0'
;
buf
[
k
]
=
'\0'
;
}
}
nbytes
=
read
(
fd
,
buf
,
VNC_CONNECT
_MAX
);
nbytes
=
read
(
fd
,
buf
,
X11VNC_REMOTE
_MAX
);
if
(
nbytes
<=
0
)
{
if
(
nbytes
<=
0
)
{
close
(
fd
);
close
(
fd
);
icon_mode_socks
[
socks
[
i
]]
=
-
1
;
icon_mode_socks
[
socks
[
i
]]
=
-
1
;
...
@@ -1726,15 +1803,20 @@ enum rfbNewClientAction new_client(rfbClientPtr client) {
...
@@ -1726,15 +1803,20 @@ enum rfbNewClientAction new_client(rfbClientPtr client) {
last_event
=
last_input
=
time
(
0
);
last_event
=
last_input
=
time
(
0
);
if
(
inetd
)
{
if
(
inetd
)
{
/*
/*
* Set this so we exit as soon as connection closes,
* Set this so we exit as soon as connection closes,
* otherwise client_gone is only called after RFB_CLIENT_ACCEPT
* otherwise client_gone is only called after RFB_CLIENT_ACCEPT
*/
*/
if
(
inetd_client
==
NULL
)
{
inetd_client
=
client
;
client
->
clientGoneHook
=
client_gone
;
client
->
clientGoneHook
=
client_gone
;
}
}
}
clients_served
++
;
clients_served
++
;
if
(
0
)
fprintf
(
stderr
,
"new_client: %s %d
\n
"
,
client
->
host
,
clients_served
);
if
(
unixpw
&&
unixpw_in_progress
)
{
if
(
unixpw
&&
unixpw_in_progress
)
{
rfbLog
(
"denying additional client: %s during -unixpw login.
\n
"
,
rfbLog
(
"denying additional client: %s during -unixpw login.
\n
"
,
...
@@ -1822,6 +1904,11 @@ enum rfbNewClientAction new_client(rfbClientPtr client) {
...
@@ -1822,6 +1904,11 @@ enum rfbNewClientAction new_client(rfbClientPtr client) {
if
(
unixpw
)
{
if
(
unixpw
)
{
unixpw_in_progress
=
1
;
unixpw_in_progress
=
1
;
unixpw_client
=
client
;
unixpw_client
=
client
;
unixpw_login_viewonly
=
0
;
if
(
client
->
viewOnly
)
{
unixpw_login_viewonly
=
1
;
client
->
viewOnly
=
FALSE
;
}
unixpw_last_try_time
=
time
(
0
);
unixpw_last_try_time
=
time
(
0
);
unixpw_screen
(
1
);
unixpw_screen
(
1
);
unixpw_keystroke
(
0
,
0
,
1
);
unixpw_keystroke
(
0
,
0
,
1
);
...
@@ -1926,6 +2013,7 @@ void send_client_info(char *str) {
...
@@ -1926,6 +2013,7 @@ void send_client_info(char *str) {
strcat
(
pstr
,
"
\n
"
);
strcat
(
pstr
,
"
\n
"
);
if
(
icon_mode_fh
)
{
if
(
icon_mode_fh
)
{
if
(
0
)
fprintf
(
icon_mode_fh
,
"
\n
"
);
fprintf
(
icon_mode_fh
,
"%s"
,
pstr
);
fprintf
(
icon_mode_fh
,
"%s"
,
pstr
);
fflush
(
icon_mode_fh
);
fflush
(
icon_mode_fh
);
}
}
...
@@ -1940,6 +2028,7 @@ void send_client_info(char *str) {
...
@@ -1940,6 +2028,7 @@ void send_client_info(char *str) {
len
=
strlen
(
pstr
);
len
=
strlen
(
pstr
);
while
(
len
>
0
)
{
while
(
len
>
0
)
{
if
(
0
)
write
(
sock
,
"
\n
"
,
1
);
n
=
write
(
sock
,
buf
,
len
);
n
=
write
(
sock
,
buf
,
len
);
if
(
n
>
0
)
{
if
(
n
>
0
)
{
buf
+=
n
;
buf
+=
n
;
...
@@ -1965,7 +2054,11 @@ void check_new_clients(void) {
...
@@ -1965,7 +2054,11 @@ void check_new_clients(void) {
int
run_after_accept
=
0
;
int
run_after_accept
=
0
;
if
(
unixpw_in_progress
)
{
if
(
unixpw_in_progress
)
{
if
(
time
(
0
)
>
unixpw_last_try_time
+
30
)
{
if
(
unixpw_client
&&
unixpw_client
->
viewOnly
)
{
unixpw_login_viewonly
=
1
;
unixpw_client
->
viewOnly
=
FALSE
;
}
if
(
time
(
0
)
>
unixpw_last_try_time
+
25
)
{
rfbLog
(
"unixpw_deny: timed out waiting for reply.
\n
"
);
rfbLog
(
"unixpw_deny: timed out waiting for reply.
\n
"
);
unixpw_deny
();
unixpw_deny
();
}
}
...
@@ -1992,7 +2085,7 @@ void check_new_clients(void) {
...
@@ -1992,7 +2085,7 @@ void check_new_clients(void) {
return
;
return
;
}
}
if
(
!
client_count
)
{
if
(
!
client_count
)
{
send_client_info
(
"none"
);
send_client_info
(
"
clients:
none"
);
return
;
return
;
}
}
...
@@ -2037,9 +2130,12 @@ void check_new_clients(void) {
...
@@ -2037,9 +2130,12 @@ void check_new_clients(void) {
}
}
}
}
if
(
send_info
)
{
if
(
send_info
)
{
char
*
str
=
list_clients
();
char
*
str
,
*
s
=
list_clients
();
str
=
(
char
*
)
malloc
(
strlen
(
"clients:"
)
+
strlen
(
s
)
+
1
);
sprintf
(
str
,
"clients:%s"
,
s
);
send_client_info
(
str
);
send_client_info
(
str
);
free
(
str
);
free
(
str
);
free
(
s
);
}
}
}
}
...
...
x11vnc/connections.h
View file @
c997e901
...
@@ -5,6 +5,10 @@
...
@@ -5,6 +5,10 @@
extern
char
vnc_connect_str
[];
extern
char
vnc_connect_str
[];
extern
Atom
vnc_connect_prop
;
extern
Atom
vnc_connect_prop
;
extern
char
x11vnc_remote_str
[];
extern
Atom
x11vnc_remote_prop
;
extern
rfbClientPtr
inetd_client
;
extern
int
all_clients_initialized
(
void
);
extern
int
all_clients_initialized
(
void
);
extern
char
*
list_clients
(
void
);
extern
char
*
list_clients
(
void
);
...
@@ -15,7 +19,9 @@ extern void set_client_input(char *str);
...
@@ -15,7 +19,9 @@ extern void set_client_input(char *str);
extern
void
set_child_info
(
void
);
extern
void
set_child_info
(
void
);
extern
void
reverse_connect
(
char
*
str
);
extern
void
reverse_connect
(
char
*
str
);
extern
void
set_vnc_connect_prop
(
char
*
str
);
extern
void
set_vnc_connect_prop
(
char
*
str
);
extern
void
read_vnc_connect_prop
(
void
);
extern
void
read_vnc_connect_prop
(
int
);
extern
void
set_x11vnc_remote_prop
(
char
*
str
);
extern
void
read_x11vnc_remote_prop
(
int
);
extern
void
check_connect_inputs
(
void
);
extern
void
check_connect_inputs
(
void
);
extern
void
check_gui_inputs
(
void
);
extern
void
check_gui_inputs
(
void
);
extern
enum
rfbNewClientAction
new_client
(
rfbClientPtr
client
);
extern
enum
rfbNewClientAction
new_client
(
rfbClientPtr
client
);
...
...
x11vnc/gui.c
View file @
c997e901
...
@@ -22,6 +22,7 @@ int tray_manager_ok = 0;
...
@@ -22,6 +22,7 @@ int tray_manager_ok = 0;
Window
tray_request
=
None
;
Window
tray_request
=
None
;
Window
tray_window
=
None
;
Window
tray_window
=
None
;
int
tray_unembed
=
0
;
int
tray_unembed
=
0
;
pid_t
run_gui_pid
=
0
;
char
*
get_gui_code
(
void
);
char
*
get_gui_code
(
void
);
...
@@ -183,6 +184,12 @@ static char *icon_mode_embed_id = NULL;
...
@@ -183,6 +184,12 @@ static char *icon_mode_embed_id = NULL;
static
char
*
icon_mode_font
=
NULL
;
static
char
*
icon_mode_font
=
NULL
;
static
char
*
icon_mode_params
=
NULL
;
static
char
*
icon_mode_params
=
NULL
;
static
int
got_sigusr1
=
0
;
static
void
sigusr1
(
int
sig
)
{
got_sigusr1
=
1
;
}
static
void
run_gui
(
char
*
gui_xdisplay
,
int
connect_to_x11vnc
,
int
start_x11vnc
,
static
void
run_gui
(
char
*
gui_xdisplay
,
int
connect_to_x11vnc
,
int
start_x11vnc
,
int
simple_gui
,
pid_t
parent
,
char
*
gui_opts
)
{
int
simple_gui
,
pid_t
parent
,
char
*
gui_opts
)
{
char
*
x11vnc_xdisplay
=
NULL
;
char
*
x11vnc_xdisplay
=
NULL
;
...
@@ -191,10 +198,11 @@ static void run_gui(char *gui_xdisplay, int connect_to_x11vnc, int start_x11vnc,
...
@@ -191,10 +198,11 @@ static void run_gui(char *gui_xdisplay, int connect_to_x11vnc, int start_x11vnc,
char
cmd
[
100
];
char
cmd
[
100
];
char
*
wish
=
NULL
,
*
orig_path
,
*
full_path
,
*
tpath
,
*
p
;
char
*
wish
=
NULL
,
*
orig_path
,
*
full_path
,
*
tpath
,
*
p
;
char
*
old_xauth
=
NULL
;
char
*
old_xauth
=
NULL
;
int
try_max
=
4
,
sleep
=
300
;
int
try_max
=
4
,
sleep
=
300
,
totms
;
pid_t
mypid
=
getpid
();
pid_t
mypid
=
getpid
();
FILE
*
pipe
,
*
tmpf
;
FILE
*
pipe
,
*
tmpf
;
if
(
0
)
fprintf
(
stderr
,
"run_gui: %s -- %d %d
\n
"
,
gui_xdisplay
,
connect_to_x11vnc
,
(
int
)
parent
);
if
(
*
gui_code
==
'\0'
)
{
if
(
*
gui_code
==
'\0'
)
{
rfbLog
(
"gui: gui not compiled into this program.
\n
"
);
rfbLog
(
"gui: gui not compiled into this program.
\n
"
);
exit
(
0
);
exit
(
0
);
...
@@ -234,15 +242,34 @@ static void run_gui(char *gui_xdisplay, int connect_to_x11vnc, int start_x11vnc,
...
@@ -234,15 +242,34 @@ static void run_gui(char *gui_xdisplay, int connect_to_x11vnc, int start_x11vnc,
scr
=
DefaultScreen
(
dpy
);
scr
=
DefaultScreen
(
dpy
);
rootwin
=
RootWindow
(
dpy
,
scr
);
rootwin
=
RootWindow
(
dpy
,
scr
);
initialize_vnc_connect_prop
();
initialize_vnc_connect_prop
();
initialize_x11vnc_remote_prop
();
}
}
usleep
(
2200
*
1000
);
signal
(
SIGUSR1
,
sigusr1
);
got_sigusr1
=
0
;
totms
=
0
;
while
(
totms
<
3500
)
{
usleep
(
50
*
1000
);
totms
+=
50
;
if
(
got_sigusr1
)
{
fprintf
(
stderr
,
"
\n
"
);
fprintf
(
stderr
,
"
\n
"
);
if
(
!
quiet
)
{
if
(
!
quiet
)
rfbLog
(
"gui: got SIGUSR1
\n
"
);
break
;
}
if
(
!
start_x11vnc
&&
totms
>=
150
)
{
break
;
}
}
signal
(
SIGUSR1
,
SIG_DFL
);
if
(
!
got_sigusr1
)
fprintf
(
stderr
,
"
\n
"
);
if
(
!
quiet
&&
!
got_sigusr1
)
{
rfbLog
(
"gui: trying to contact a x11vnc server at X"
rfbLog
(
"gui: trying to contact a x11vnc server at X"
" display %s ...
\n
"
,
NONUL
(
x11vnc_xdisplay
));
" display %s ...
\n
"
,
NONUL
(
x11vnc_xdisplay
));
}
}
for
(
i
=
0
;
i
<
try_max
;
i
++
)
{
for
(
i
=
0
;
i
<
try_max
;
i
++
)
{
usleep
(
sleep
*
1000
);
if
(
!
got_sigusr1
)
{
if
(
!
quiet
)
{
if
(
!
quiet
)
{
rfbLog
(
"gui: pinging %s try=%d ...
\n
"
,
rfbLog
(
"gui: pinging %s try=%d ...
\n
"
,
NONUL
(
x11vnc_xdisplay
),
i
+
1
);
NONUL
(
x11vnc_xdisplay
),
i
+
1
);
...
@@ -251,12 +278,17 @@ static void run_gui(char *gui_xdisplay, int connect_to_x11vnc, int start_x11vnc,
...
@@ -251,12 +278,17 @@ static void run_gui(char *gui_xdisplay, int connect_to_x11vnc, int start_x11vnc,
if
(
rc
==
0
)
{
if
(
rc
==
0
)
{
break
;
break
;
}
}
}
else
{
rc
=
0
;
break
;
}
if
(
parent
&&
mypid
!=
parent
&&
kill
(
parent
,
0
)
!=
0
)
{
if
(
parent
&&
mypid
!=
parent
&&
kill
(
parent
,
0
)
!=
0
)
{
rfbLog
(
"gui: parent process %d has gone"
rfbLog
(
"gui: parent process %d has gone"
" away: bailing out.
\n
"
,
parent
);
" away: bailing out.
\n
"
,
parent
);
rc
=
1
;
rc
=
1
;
break
;
break
;
}
}
usleep
(
sleep
*
1000
);
}
}
set_env
(
"X11VNC_XDISPLAY"
,
x11vnc_xdisplay
);
set_env
(
"X11VNC_XDISPLAY"
,
x11vnc_xdisplay
);
if
(
getenv
(
"XAUTHORITY"
)
!=
NULL
)
{
if
(
getenv
(
"XAUTHORITY"
)
!=
NULL
)
{
...
@@ -619,6 +651,9 @@ void do_gui(char *opts, int sleep) {
...
@@ -619,6 +651,9 @@ void do_gui(char *opts, int sleep) {
simple_gui
,
parent
,
opts
);
simple_gui
,
parent
,
opts
);
exit
(
1
);
exit
(
1
);
}
}
if
(
connect_to_x11vnc
)
{
run_gui_pid
=
p
;
}
#else
#else
fprintf
(
stderr
,
"system does not support fork: start "
fprintf
(
stderr
,
"system does not support fork: start "
"x11vnc in the gui.
\n
"
);
"x11vnc in the gui.
\n
"
);
...
...
x11vnc/gui.h
View file @
c997e901
...
@@ -11,6 +11,7 @@ extern int tray_manager_ok;
...
@@ -11,6 +11,7 @@ extern int tray_manager_ok;
extern
Window
tray_request
;
extern
Window
tray_request
;
extern
Window
tray_window
;
extern
Window
tray_window
;
extern
int
tray_unembed
;
extern
int
tray_unembed
;
extern
pid_t
run_gui_pid
;
extern
char
*
get_gui_code
(
void
);
extern
char
*
get_gui_code
(
void
);
extern
int
tray_embed
(
Window
iconwin
,
int
remove
);
extern
int
tray_embed
(
Window
iconwin
,
int
remove
);
...
...
x11vnc/help.c
View file @
c997e901
...
@@ -315,8 +315,9 @@ void print_help(int mode) {
...
@@ -315,8 +315,9 @@ void print_help(int mode) {
"-novncconnect VNC program vncconnect(1). When the property is
\n
"
"-novncconnect VNC program vncconnect(1). When the property is
\n
"
" set to
\"
host
\"
or
\"
host:port
\"
establish a reverse
\n
"
" set to
\"
host
\"
or
\"
host:port
\"
establish a reverse
\n
"
" connection. Using xprop(1) instead of vncconnect may
\n
"
" connection. Using xprop(1) instead of vncconnect may
\n
"
" work (see the FAQ). The -remote control mechanism also
\n
"
" work (see the FAQ). The -remote control mechanism uses
\n
"
" uses this VNC_CONNECT channel. Default: %s
\n
"
" X11VNC_REMOTE channel, and this option disables/enables
\n
"
" it as well. Default: %s
\n
"
"
\n
"
"
\n
"
"-allow host1[,host2..] Only allow client connections from hosts matching
\n
"
"-allow host1[,host2..] Only allow client connections from hosts matching
\n
"
" the comma separated list of hostnames or IP addresses.
\n
"
" the comma separated list of hostnames or IP addresses.
\n
"
...
@@ -431,8 +432,8 @@ void print_help(int mode) {
...
@@ -431,8 +432,8 @@ void print_help(int mode) {
" x11vnc as root with the
\"
-users +nobody
\"
option to
\n
"
" x11vnc as root with the
\"
-users +nobody
\"
option to
\n
"
" immediately switch to user nobody. Another source of
\n
"
" immediately switch to user nobody. Another source of
\n
"
" problems are PAM modules that prompt for extra info,
\n
"
" problems are PAM modules that prompt for extra info,
\n
"
" e.g. password aging modules. These logins will
always
\n
"
" e.g. password aging modules. These logins will
fail
\n
"
"
fail as well
.
\n
"
"
as well even when the correct password is supplied
.
\n
"
"
\n
"
"
\n
"
" *IMPORTANT*: to prevent the Unix password being sent in
\n
"
" *IMPORTANT*: to prevent the Unix password being sent in
\n
"
" *clear text* over the network, two x11vnc options are
\n
"
" *clear text* over the network, two x11vnc options are
\n
"
...
@@ -459,17 +460,28 @@ void print_help(int mode) {
...
@@ -459,17 +460,28 @@ void print_help(int mode) {
" is set and appears reasonable. If it does, then the
\n
"
" is set and appears reasonable. If it does, then the
\n
"
" stunnel requirement is dropped since it is assumed
\n
"
" stunnel requirement is dropped since it is assumed
\n
"
" you are using ssh for the encrypted tunnelling.
\n
"
" you are using ssh for the encrypted tunnelling.
\n
"
" Use -stunnel to force stunnel usage.
\n
"
" Use -stunnel to force stunnel usage
for this case
.
\n
"
"
\n
"
"
\n
"
" Set UNIXPW_DISABLE_LOCALHOST=1 to disable the -localhost
\n
"
" Set UNIXPW_DISABLE_LOCALHOST=1 to disable the -localhost
\n
"
" requirement. One should never do this (i.e. allow the
\n
"
" requirement. One should never do this (i.e. allow the
\n
"
" Unix passwords to be sniffed on the network).
\n
"
" Unix passwords to be sniffed on the network).
\n
"
"
\n
"
"
\n
"
" NOTE: in -inetd mode the two settings are not enforced
\n
"
" Regarding reverse connections (e.g. -R connect:host),
\n
"
" since x11vnc does not make network connections in
\n
"
" the -localhost constraint is in effect and the reverse
\n
"
" that case. Be sure to use encryption from the viewer
\n
"
" connections can only be used to connect to the same
\n
"
" to inetd. One can also have your own stunnel spawn
\n
"
" machine x11vnc is running on (default port 5500).
\n
"
" x11vnc in -inetd mode. See the FAQ.
\n
"
" Please use a ssh or stunnel port redirection to the
\n
"
" viewer machine to tunnel the reverse connection over
\n
"
" an encrypted channel. Note that Unix username and
\n
"
" password *will* be prompted for (unlike VNC passwords
\n
"
" that are skipped for reverse connections).
\n
"
"
\n
"
" NOTE: in -inetd mode the two settings are attempted
\n
"
" to be enforced for reverse connections. Be sure to
\n
"
" use encryption from the viewer to inetd since x11vnc
\n
"
" cannot guess easily if it is encrpyted. Note: you can
\n
"
" also have your own stunnel spawn x11vnc in -inetd mode
\n
"
" (i.e. bypassing inetd). See the FAQ.
\n
"
"
\n
"
"
\n
"
" The user names in the comma separated [list] can have
\n
"
" The user names in the comma separated [list] can have
\n
"
" per-user options after a
\"
:
\"
, e.g.
\"
fred:opts
\"\n
"
" per-user options after a
\"
:
\"
, e.g.
\"
fred:opts
\"\n
"
...
@@ -484,16 +496,21 @@ void print_help(int mode) {
...
@@ -484,16 +496,21 @@ void print_help(int mode) {
" Use
\"
deny
\"
to explicitly deny some users if you use
\n
"
" Use
\"
deny
\"
to explicitly deny some users if you use
\n
"
"
\"
*
\"
to set a global option.
\n
"
"
\"
*
\"
to set a global option.
\n
"
"
\n
"
"
\n
"
"-unixpw_nis [list] As -unixpw above, however do not run su(1) but rather
\n
"
" There are also some tools for testing password if [list]
\n
"
" use the traditional getpwnam() + crypt() method instead.
\n
"
" starts with the
\"
%
\"
character. See the quick_pw()
\n
"
" This requires that the encrpyted passwords be readable.
\n
"
" function for details.
\n
"
" Passwords stored in /etc/shadow will be inaccessible
\n
"
"
\n
"
" unless run as root. This is called
\"
NIS
\"
mode
\n
"
"-unixpw_nis [list] As -unixpw above, however do not use su(1) but rather
\n
"
" simply because in most NIS setups the user encrypted
\n
"
" use the traditional getpwnam(3) + crypt(3) method
\n
"
" passwords are accessible (e.g.
\"
ypcat passwd
\"
).
\n
"
" instead. This requires that the encrpyted passwords
\n
"
" NIS is not required for this mode to work, but it
\n
"
" be readable. Passwords stored in /etc/shadow will
\n
"
" is unlikely it will work for any other environment.
\n
"
" be inaccessible unless run as root. This is called
\n
"
" All of the -unixpw options and contraints apply.
\n
"
"
\"
NIS
\"
mode simply because in most NIS setups the
\n
"
" user encrypted passwords are accessible (e.g.
\"
ypcat
\n
"
" passwd
\"
). NIS is not required for this mode to
\n
"
" work, but it is unlikely it will work for any other
\n
"
" environment. All of the -unixpw options and contraints
\n
"
" apply.
\n
"
"
\n
"
"
\n
"
"-stunnel [pem] Use the stunnel(1) (www.stunnel.org) to provide
\n
"
"-stunnel [pem] Use the stunnel(1) (www.stunnel.org) to provide
\n
"
" an encrypted SSL tunnel between viewers and x11vnc.
\n
"
" an encrypted SSL tunnel between viewers and x11vnc.
\n
"
...
@@ -1767,7 +1784,7 @@ void print_help(int mode) {
...
@@ -1767,7 +1784,7 @@ void print_help(int mode) {
" -remote command.
\n
"
" -remote command.
\n
"
"
\n
"
"
\n
"
" The default communication channel is that of X
\n
"
" The default communication channel is that of X
\n
"
" properties (specifically
VNC_CONNECT
), and so this
\n
"
" properties (specifically
X11VNC_REMOTE
), and so this
\n
"
" command must be run with correct settings for DISPLAY
\n
"
" command must be run with correct settings for DISPLAY
\n
"
" and possibly XAUTHORITY to connect to the X server
\n
"
" and possibly XAUTHORITY to connect to the X server
\n
"
" and set the property. Alternatively, use the -display
\n
"
" and set the property. Alternatively, use the -display
\n
"
...
@@ -2056,9 +2073,9 @@ void print_help(int mode) {
...
@@ -2056,9 +2073,9 @@ void print_help(int mode) {
" it comes back with prefix
\"
aro=
\"
instead of
\"
ans=
\"
.
\n
"
" it comes back with prefix
\"
aro=
\"
instead of
\"
ans=
\"
.
\n
"
"
\n
"
"
\n
"
" Some -remote commands are pure actions that do not make
\n
"
" Some -remote commands are pure actions that do not make
\n
"
" sense as variables, e.g.
\"
stop
\"
or
\"
disconnect
\"
,
\n
"
" sense as variables, e.g.
\"
stop
\"
or
\"
disconnect
\"
,
in
\n
"
"
in these cases the value returned is
\"
N/A
\"
. To direct
\n
"
"
these cases the value returned is
\"
N/A
\"
. To direct a
\n
"
"
a query straight to the VNC_CONNECT
property or connect
\n
"
"
query straight to the X11VNC_REMOTE
property or connect
\n
"
" file use
\"
qry=...
\"
instead of
\"
cmd=...
\"\n
"
" file use
\"
qry=...
\"
instead of
\"
cmd=...
\"\n
"
"
\n
"
"
\n
"
" Here is the current list of
\"
variables
\"
that can
\n
"
" Here is the current list of
\"
variables
\"
that can
\n
"
...
@@ -2157,9 +2174,9 @@ void print_help(int mode) {
...
@@ -2157,9 +2174,9 @@ void print_help(int mode) {
"
\n
"
"
\n
"
" A note about security wrt remote control commands.
\n
"
" A note about security wrt remote control commands.
\n
"
" If someone can connect to the X display and change
\n
"
" If someone can connect to the X display and change
\n
"
" the property
VNC_CONNECT
, then they can remotely
\n
"
" the property
X11VNC_REMOTE
, then they can remotely
\n
"
" control x11vnc. Normally access to the X display is
\n
"
" control x11vnc. Normally access to the X display is
\n
"
" protected. Note that if they can modify
VNC_CONNECT
\n
"
" protected. Note that if they can modify
X11VNC_REMOTE
\n
"
" on the X server, they have enough permissions to also
\n
"
" on the X server, they have enough permissions to also
\n
"
" run their own x11vnc and thus have complete control
\n
"
" run their own x11vnc and thus have complete control
\n
"
" of the desktop. If the
\"
-connect /path/to/file
\"\n
"
" of the desktop. If the
\"
-connect /path/to/file
\"\n
"
...
@@ -2169,9 +2186,9 @@ void print_help(int mode) {
...
@@ -2169,9 +2186,9 @@ void print_help(int mode) {
" permissions. See -privremote below.
\n
"
" permissions. See -privremote below.
\n
"
"
\n
"
"
\n
"
" If you are paranoid and do not think -noremote is
\n
"
" If you are paranoid and do not think -noremote is
\n
"
" enough, to disable the
VNC_CONNECT
property channel
\n
"
" enough, to disable the
X11VNC_REMOTE
property channel
\n
"
" completely use -novncconnect, or use the -safer
\n
"
" completely use -novncconnect, or use the -safer
option
\n
"
"
option
that shuts many things off.
\n
"
" that shuts many things off.
\n
"
"
\n
"
"
\n
"
"-unsafe A few remote commands are disabled by default
\n
"
"-unsafe A few remote commands are disabled by default
\n
"
" (currently: id:pick, accept:<cmd>, gone:<cmd>, and
\n
"
" (currently: id:pick, accept:<cmd>, gone:<cmd>, and
\n
"
...
...
x11vnc/params.h
View file @
c997e901
...
@@ -30,6 +30,7 @@
...
@@ -30,6 +30,7 @@
#define FB_REQ 0x4
#define FB_REQ 0x4
#define VNC_CONNECT_MAX 16384
#define VNC_CONNECT_MAX 16384
#define X11VNC_REMOTE_MAX 16384
#define PROP_MAX (131072L)
#define PROP_MAX (131072L)
#define MAXN 256
#define MAXN 256
...
...
x11vnc/remote.c
View file @
c997e901
...
@@ -55,11 +55,11 @@ int send_remote_cmd(char *cmd, int query, int wait) {
...
@@ -55,11 +55,11 @@ int send_remote_cmd(char *cmd, int query, int wait) {
perror
(
"fopen"
);
perror
(
"fopen"
);
return
1
;
return
1
;
}
}
}
else
if
(
vnc_connect
_prop
==
None
)
{
}
else
if
(
x11vnc_remote
_prop
==
None
)
{
initialize_
vnc_connect
_prop
();
initialize_
x11vnc_remote
_prop
();
if
(
vnc_connect
_prop
==
None
)
{
if
(
x11vnc_remote
_prop
==
None
)
{
fprintf
(
stderr
,
"send_remote_cmd: could not obtain "
fprintf
(
stderr
,
"send_remote_cmd: could not obtain "
"
VNC_CONNECT
X property
\n
"
);
"
X11VNC_REMOTE
X property
\n
"
);
return
1
;
return
1
;
}
}
}
}
...
@@ -71,13 +71,13 @@ int send_remote_cmd(char *cmd, int query, int wait) {
...
@@ -71,13 +71,13 @@ int send_remote_cmd(char *cmd, int query, int wait) {
fclose
(
in
);
fclose
(
in
);
}
else
{
}
else
{
fprintf
(
stderr
,
">>> sending remote command:
\"
%s
\"
via"
fprintf
(
stderr
,
">>> sending remote command:
\"
%s
\"
via"
"
VNC_CONNECT
X property.
\n
"
,
cmd
);
"
X11VNC_REMOTE
X property.
\n
"
,
cmd
);
set_
vnc_connect
_prop
(
cmd
);
set_
x11vnc_remote
_prop
(
cmd
);
XFlush
(
dpy
);
XFlush
(
dpy
);
}
}
if
(
query
||
wait
)
{
if
(
query
||
wait
)
{
char
line
[
VNC_CONNECT
_MAX
];
char
line
[
X11VNC_REMOTE
_MAX
];
int
rc
=
1
,
i
=
0
,
max
=
70
,
ms_sl
=
50
;
int
rc
=
1
,
i
=
0
,
max
=
70
,
ms_sl
=
50
;
if
(
!
strcmp
(
cmd
,
"cmd=stop"
))
{
if
(
!
strcmp
(
cmd
,
"cmd=stop"
))
{
...
@@ -95,7 +95,7 @@ int send_remote_cmd(char *cmd, int query, int wait) {
...
@@ -95,7 +95,7 @@ int send_remote_cmd(char *cmd, int query, int wait) {
perror
(
"fopen"
);
perror
(
"fopen"
);
return
1
;
return
1
;
}
}
fgets
(
line
,
VNC_CONNECT
_MAX
,
in
);
fgets
(
line
,
X11VNC_REMOTE
_MAX
,
in
);
fclose
(
in
);
fclose
(
in
);
q
=
line
;
q
=
line
;
while
(
*
q
!=
'\0'
)
{
while
(
*
q
!=
'\0'
)
{
...
@@ -103,8 +103,9 @@ int send_remote_cmd(char *cmd, int query, int wait) {
...
@@ -103,8 +103,9 @@ int send_remote_cmd(char *cmd, int query, int wait) {
q
++
;
q
++
;
}
}
}
else
{
}
else
{
read_vnc_connect_prop
();
read_x11vnc_remote_prop
(
1
);
strncpy
(
line
,
vnc_connect_str
,
VNC_CONNECT_MAX
);
strncpy
(
line
,
x11vnc_remote_str
,
X11VNC_REMOTE_MAX
);
}
}
if
(
strcmp
(
cmd
,
line
)){
if
(
strcmp
(
cmd
,
line
)){
if
(
query
)
{
if
(
query
)
{
...
@@ -581,8 +582,8 @@ char *process_remote_cmd(char *cmd, int stringonly) {
...
@@ -581,8 +582,8 @@ char *process_remote_cmd(char *cmd, int stringonly) {
#if REMOTE_CONTROL
#if REMOTE_CONTROL
char
*
p
=
cmd
;
char
*
p
=
cmd
;
char
*
co
=
""
;
char
*
co
=
""
;
char
buf
[
VNC_CONNECT
_MAX
];
char
buf
[
X11VNC_REMOTE
_MAX
];
int
bufn
=
VNC_CONNECT
_MAX
;
int
bufn
=
X11VNC_REMOTE
_MAX
;
int
query
=
0
;
int
query
=
0
;
static
char
*
prev_cursors_mode
=
NULL
;
static
char
*
prev_cursors_mode
=
NULL
;
...
@@ -617,7 +618,7 @@ char *process_remote_cmd(char *cmd, int stringonly) {
...
@@ -617,7 +618,7 @@ char *process_remote_cmd(char *cmd, int stringonly) {
strncat
(
tmp
,
q
,
500
);
strncat
(
tmp
,
q
,
500
);
res
=
process_remote_cmd
(
tmp
,
1
);
res
=
process_remote_cmd
(
tmp
,
1
);
if
(
res
&&
strlen
(
buf
)
+
strlen
(
res
)
if
(
res
&&
strlen
(
buf
)
+
strlen
(
res
)
>=
VNC_CONNECT
_MAX
-
1
)
{
>=
X11VNC_REMOTE
_MAX
-
1
)
{
rfbLog
(
"overflow in process_remote_cmd:"
rfbLog
(
"overflow in process_remote_cmd:"
" %s -- %s
\n
"
,
buf
,
res
);
" %s -- %s
\n
"
,
buf
,
res
);
free
(
res
);
free
(
res
);
...
@@ -3848,7 +3849,7 @@ char *process_remote_cmd(char *cmd, int stringonly) {
...
@@ -3848,7 +3849,7 @@ char *process_remote_cmd(char *cmd, int stringonly) {
}
}
}
else
{
}
else
{
if
(
dpy
)
{
/* raw_fb hack */
if
(
dpy
)
{
/* raw_fb hack */
set_
vnc_connect
_prop
(
buf
);
set_
x11vnc_remote
_prop
(
buf
);
XFlush
(
dpy
);
XFlush
(
dpy
);
}
}
}
}
...
...
x11vnc/sslcmds.c
View file @
c997e901
...
@@ -13,6 +13,7 @@
...
@@ -13,6 +13,7 @@
#endif
#endif
void
check_stunnel
(
void
);
int
start_stunnel
(
int
stunnel_port
,
int
x11vnc_port
);
int
start_stunnel
(
int
stunnel_port
,
int
x11vnc_port
);
void
stop_stunnel
(
void
);
void
stop_stunnel
(
void
);
void
setup_stunnel
(
int
rport
,
int
*
argc
,
char
**
argv
);
void
setup_stunnel
(
int
rport
,
int
*
argc
,
char
**
argv
);
...
...
x11vnc/tkx11vnc
View file @
c997e901
This diff is collapsed.
Click to expand it.
x11vnc/tkx11vnc.h
View file @
c997e901
This diff is collapsed.
Click to expand it.
x11vnc/unixpw.c
View file @
c997e901
...
@@ -54,6 +54,7 @@ static void set_db(void);
...
@@ -54,6 +54,7 @@ static void set_db(void);
static
void
unixpw_verify
(
char
*
user
,
char
*
pass
);
static
void
unixpw_verify
(
char
*
user
,
char
*
pass
);
int
unixpw_in_progress
=
0
;
int
unixpw_in_progress
=
0
;
int
unixpw_login_viewonly
=
0
;
time_t
unixpw_last_try_time
=
0
;
time_t
unixpw_last_try_time
=
0
;
rfbClientPtr
unixpw_client
=
NULL
;
rfbClientPtr
unixpw_client
=
NULL
;
...
@@ -975,6 +976,9 @@ static void apply_opts (char *user) {
...
@@ -975,6 +976,9 @@ static void apply_opts (char *user) {
void
unixpw_accept
(
char
*
user
)
{
void
unixpw_accept
(
char
*
user
)
{
apply_opts
(
user
);
apply_opts
(
user
);
if
(
unixpw_login_viewonly
)
{
unixpw_client
->
viewOnly
=
TRUE
;
}
unixpw_in_progress
=
0
;
unixpw_in_progress
=
0
;
unixpw_client
=
NULL
;
unixpw_client
=
NULL
;
mark_rect_as_modified
(
0
,
0
,
dpy_x
,
dpy_y
,
0
);
mark_rect_as_modified
(
0
,
0
,
dpy_x
,
dpy_y
,
0
);
...
...
x11vnc/unixpw.h
View file @
c997e901
...
@@ -11,6 +11,7 @@ extern int su_verify(char *user, char *pass);
...
@@ -11,6 +11,7 @@ extern int su_verify(char *user, char *pass);
extern
int
crypt_verify
(
char
*
user
,
char
*
pass
);
extern
int
crypt_verify
(
char
*
user
,
char
*
pass
);
extern
int
unixpw_in_progress
;
extern
int
unixpw_in_progress
;
extern
int
unixpw_login_viewonly
;
extern
time_t
unixpw_last_try_time
;
extern
time_t
unixpw_last_try_time
;
extern
rfbClientPtr
unixpw_client
;
extern
rfbClientPtr
unixpw_client
;
...
...
x11vnc/x11vnc.1
View file @
c997e901
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
.TH X11VNC "1" "March 2006" "x11vnc " "User Commands"
.TH X11VNC "1" "March 2006" "x11vnc " "User Commands"
.SH NAME
.SH NAME
x11vnc - allow VNC connections to real X11 displays
x11vnc - allow VNC connections to real X11 displays
version: 0.8.1, lastmod: 2006-03-0
4
version: 0.8.1, lastmod: 2006-03-0
6
.SH SYNOPSIS
.SH SYNOPSIS
.B x11vnc
.B x11vnc
[OPTION]...
[OPTION]...
...
@@ -391,8 +391,9 @@ set to "host" or "host:port" establish a reverse
...
@@ -391,8 +391,9 @@ set to "host" or "host:port" establish a reverse
connection. Using
connection. Using
.IR xprop (1)
.IR xprop (1)
instead of vncconnect may
instead of vncconnect may
work (see the FAQ). The \fB-remote\fR control mechanism also
work (see the FAQ). The \fB-remote\fR control mechanism uses
uses this VNC_CONNECT channel. Default: \fB-vncconnect\fR
X11VNC_REMOTE channel, and this option disables/enables
it as well. Default: \fB-vncconnect\fR
.PP
.PP
\fB-allow\fR \fIhost1[,host2..]\fR
\fB-allow\fR \fIhost1[,host2..]\fR
.IP
.IP
...
@@ -530,8 +531,8 @@ this case. A possible workaround would be to start
...
@@ -530,8 +531,8 @@ this case. A possible workaround would be to start
x11vnc as root with the "\fB-users\fR \fI+nobody\fR" option to
x11vnc as root with the "\fB-users\fR \fI+nobody\fR" option to
immediately switch to user nobody. Another source of
immediately switch to user nobody. Another source of
problems are PAM modules that prompt for extra info,
problems are PAM modules that prompt for extra info,
e.g. password aging modules. These logins will
always
e.g. password aging modules. These logins will
fail
fail as well
.
as well even when the correct password is supplied
.
.IP
.IP
*IMPORTANT*: to prevent the Unix password being sent in
*IMPORTANT*: to prevent the Unix password being sent in
*clear text* over the network, two x11vnc options are
*clear text* over the network, two x11vnc options are
...
@@ -564,17 +565,28 @@ will check if the environment variable SSH_CONNECTION
...
@@ -564,17 +565,28 @@ will check if the environment variable SSH_CONNECTION
is set and appears reasonable. If it does, then the
is set and appears reasonable. If it does, then the
stunnel requirement is dropped since it is assumed
stunnel requirement is dropped since it is assumed
you are using ssh for the encrypted tunnelling.
you are using ssh for the encrypted tunnelling.
Use \fB-stunnel\fR to force stunnel usage.
Use \fB-stunnel\fR to force stunnel usage
for this case
.
.IP
.IP
Set UNIXPW_DISABLE_LOCALHOST=1 to disable the \fB-localhost\fR
Set UNIXPW_DISABLE_LOCALHOST=1 to disable the \fB-localhost\fR
requirement. One should never do this (i.e. allow the
requirement. One should never do this (i.e. allow the
Unix passwords to be sniffed on the network).
Unix passwords to be sniffed on the network).
.IP
.IP
NOTE: in \fB-inetd\fR mode the two settings are not enforced
Regarding reverse connections (e.g. \fB-R\fR connect:host),
since x11vnc does not make network connections in
the \fB-localhost\fR constraint is in effect and the reverse
that case. Be sure to use encryption from the viewer
connections can only be used to connect to the same
to inetd. One can also have your own stunnel spawn
machine x11vnc is running on (default port 5500).
x11vnc in \fB-inetd\fR mode. See the FAQ.
Please use a ssh or stunnel port redirection to the
viewer machine to tunnel the reverse connection over
an encrypted channel. Note that Unix username and
password *will* be prompted for (unlike VNC passwords
that are skipped for reverse connections).
.IP
NOTE: in \fB-inetd\fR mode the two settings are attempted
to be enforced for reverse connections. Be sure to
use encryption from the viewer to inetd since x11vnc
cannot guess easily if it is encrpyted. Note: you can
also have your own stunnel spawn x11vnc in \fB-inetd\fR mode
(i.e. bypassing inetd). See the FAQ.
.IP
.IP
The user names in the comma separated [list] can have
The user names in the comma separated [list] can have
per-user options after a ":", e.g. "fred:opts"
per-user options after a ":", e.g. "fred:opts"
...
@@ -588,21 +600,30 @@ options apply to all users. It also means all users
...
@@ -588,21 +600,30 @@ options apply to all users. It also means all users
are allowed to log in after supplying a valid password.
are allowed to log in after supplying a valid password.
Use "deny" to explicitly deny some users if you use
Use "deny" to explicitly deny some users if you use
"*" to set a global option.
"*" to set a global option.
.IP
There are also some tools for testing password if [list]
starts with the "%" character. See the quick_pw()
function for details.
.PP
.PP
\fB-unixpw_nis\fR \fI[list]\fR
\fB-unixpw_nis\fR \fI[list]\fR
.IP
.IP
As \fB-unixpw\fR above, however do not
run
As \fB-unixpw\fR above, however do not
use
.IR su (1)
.IR su (1)
but rather
but rather
use the traditional getpwnam() + crypt() method instead.
use the traditional
This requires that the encrpyted passwords be readable.
.IR getpwnam (3)
Passwords stored in /etc/shadow will be inaccessible
+
unless run as root. This is called "NIS" mode
.IR crypt (3)
simply because in most NIS setups the user encrypted
method
passwords are accessible (e.g. "ypcat passwd").
instead. This requires that the encrpyted passwords
NIS is not required for this mode to work, but it
be readable. Passwords stored in /etc/shadow will
is unlikely it will work for any other environment.
be inaccessible unless run as root. This is called
All of the \fB-unixpw\fR options and contraints apply.
"NIS" mode simply because in most NIS setups the
user encrypted passwords are accessible (e.g. "ypcat
passwd"). NIS is not required for this mode to
work, but it is unlikely it will work for any other
environment. All of the \fB-unixpw\fR options and contraints
apply.
.PP
.PP
\fB-stunnel\fR \fI[pem]\fR
\fB-stunnel\fR \fI[pem]\fR
.IP
.IP
...
@@ -2163,7 +2184,7 @@ command exits. You can often use the \fB-query\fR command
...
@@ -2163,7 +2184,7 @@ command exits. You can often use the \fB-query\fR command
\fB-remote\fR command.
\fB-remote\fR command.
.IP
.IP
The default communication channel is that of X
The default communication channel is that of X
properties (specifically
VNC_CONNECT
), and so this
properties (specifically
X11VNC_REMOTE
), and so this
command must be run with correct settings for DISPLAY
command must be run with correct settings for DISPLAY
and possibly XAUTHORITY to connect to the X server
and possibly XAUTHORITY to connect to the X server
and set the property. Alternatively, use the \fB-display\fR
and set the property. Alternatively, use the \fB-display\fR
...
@@ -2655,9 +2676,9 @@ to the standard output. If a variable is read-only,
...
@@ -2655,9 +2676,9 @@ to the standard output. If a variable is read-only,
it comes back with prefix "aro=" instead of "ans=".
it comes back with prefix "aro=" instead of "ans=".
.IP
.IP
Some \fB-remote\fR commands are pure actions that do not make
Some \fB-remote\fR commands are pure actions that do not make
sense as variables, e.g. "stop" or "disconnect",
sense as variables, e.g. "stop" or "disconnect",
in
in these cases the value returned is "N/A". To direct
these cases the value returned is "N/A". To direct a
a query straight to the VNC_CONNECT
property or connect
query straight to the X11VNC_REMOTE
property or connect
file use "qry=..." instead of "cmd=..."
file use "qry=..." instead of "cmd=..."
.IP
.IP
Here is the current list of "variables" that can
Here is the current list of "variables" that can
...
@@ -2762,9 +2783,9 @@ Default: \fB-yesremote\fR
...
@@ -2762,9 +2783,9 @@ Default: \fB-yesremote\fR
.IP
.IP
A note about security wrt remote control commands.
A note about security wrt remote control commands.
If someone can connect to the X display and change
If someone can connect to the X display and change
the property
VNC_CONNECT
, then they can remotely
the property
X11VNC_REMOTE
, then they can remotely
control x11vnc. Normally access to the X display is
control x11vnc. Normally access to the X display is
protected. Note that if they can modify
VNC_CONNECT
protected. Note that if they can modify
X11VNC_REMOTE
on the X server, they have enough permissions to also
on the X server, they have enough permissions to also
run their own x11vnc and thus have complete control
run their own x11vnc and thus have complete control
of the desktop. If the "\fB-connect\fR \fI/path/to/file\fR"
of the desktop. If the "\fB-connect\fR \fI/path/to/file\fR"
...
@@ -2774,9 +2795,9 @@ sure to protect the X display and that file's write
...
@@ -2774,9 +2795,9 @@ sure to protect the X display and that file's write
permissions. See \fB-privremote\fR below.
permissions. See \fB-privremote\fR below.
.IP
.IP
If you are paranoid and do not think \fB-noremote\fR is
If you are paranoid and do not think \fB-noremote\fR is
enough, to disable the
VNC_CONNECT
property channel
enough, to disable the
X11VNC_REMOTE
property channel
completely use \fB-novncconnect,\fR or use the \fB-safer\fR
completely use \fB-novncconnect,\fR or use the \fB-safer\fR
option
option
that shuts many things off.
that shuts many things off.
.PP
.PP
\fB-unsafe\fR
\fB-unsafe\fR
.IP
.IP
...
...
x11vnc/x11vnc.c
View file @
c997e901
...
@@ -139,6 +139,7 @@
...
@@ -139,6 +139,7 @@
#include "rates.h"
#include "rates.h"
#include "unixpw.h"
#include "unixpw.h"
#include "inet.h"
#include "inet.h"
#include "sslcmds.h"
/*
/*
* main routine for the x11vnc program
* main routine for the x11vnc program
...
@@ -920,6 +921,8 @@ static void quick_pw(char *str) {
...
@@ -920,6 +921,8 @@ static void quick_pw(char *str) {
*
*
* starting "%/" or "%." means read the first line from that file.
* starting "%/" or "%." means read the first line from that file.
*
*
* "%%" or "%" means prompt user.
*
* otherwise: %user:pass
* otherwise: %user:pass
*/
*/
if
(
!
strcmp
(
str
,
"%-"
)
||
!
strcmp
(
str
,
"%stdin"
))
{
if
(
!
strcmp
(
str
,
"%-"
)
||
!
strcmp
(
str
,
"%stdin"
))
{
...
@@ -932,6 +935,31 @@ static void quick_pw(char *str) {
...
@@ -932,6 +935,31 @@ static void quick_pw(char *str) {
exit
(
1
);
exit
(
1
);
}
}
q
=
strdup
(
getenv
(
"UNIXPW"
));
q
=
strdup
(
getenv
(
"UNIXPW"
));
}
else
if
(
!
strcmp
(
str
,
"%%"
)
||
!
strcmp
(
str
,
"%"
))
{
char
*
t
,
inp
[
1024
];
fprintf
(
stdout
,
"username: "
);
if
(
fgets
(
tmp
,
128
,
stdin
)
==
NULL
)
{
exit
(
1
);
}
strcpy
(
inp
,
tmp
);
t
=
strchr
(
inp
,
'\n'
);
if
(
t
)
{
*
t
=
':'
;
}
else
{
strcat
(
inp
,
":"
);
}
fprintf
(
stdout
,
"password: "
);
system
(
"stty -echo"
);
if
(
fgets
(
tmp
,
128
,
stdin
)
==
NULL
)
{
fprintf
(
stdout
,
"
\n
"
);
system
(
"stty echo"
);
exit
(
1
);
}
system
(
"stty echo"
);
fprintf
(
stdout
,
"
\n
"
);
strcat
(
inp
,
tmp
);
q
=
strdup
(
inp
);
}
else
if
(
str
[
1
]
==
'/'
||
str
[
1
]
==
'.'
)
{
}
else
if
(
str
[
1
]
==
'/'
||
str
[
1
]
==
'.'
)
{
FILE
*
in
=
fopen
(
str
+
1
,
"r"
);
FILE
*
in
=
fopen
(
str
+
1
,
"r"
);
if
(
in
==
NULL
)
{
if
(
in
==
NULL
)
{
...
@@ -1235,6 +1263,10 @@ static void check_loop_mode(int argc, char* argv[]) {
...
@@ -1235,6 +1263,10 @@ static void check_loop_mode(int argc, char* argv[]) {
}
}
}
}
#define SHOW_NO_PASSWORD_WARNING \
(!got_passwd && !got_rfbauth && (!got_passwdfile || !passwd_list) \
&& !query_cmd && !remote_cmd && !unixpw && !got_gui_pw)
int
main
(
int
argc
,
char
*
argv
[])
{
int
main
(
int
argc
,
char
*
argv
[])
{
int
i
,
len
,
tmpi
;
int
i
,
len
,
tmpi
;
...
@@ -1244,6 +1276,7 @@ int main(int argc, char* argv[]) {
...
@@ -1244,6 +1276,7 @@ int main(int argc, char* argv[]) {
char
*
remote_cmd
=
NULL
;
char
*
remote_cmd
=
NULL
;
char
*
query_cmd
=
NULL
;
char
*
query_cmd
=
NULL
;
char
*
gui_str
=
NULL
;
char
*
gui_str
=
NULL
;
int
got_gui_pw
=
0
;
int
pw_loc
=
-
1
,
got_passwd
=
0
,
got_rfbauth
=
0
,
nopw
=
NOPW
;
int
pw_loc
=
-
1
,
got_passwd
=
0
,
got_rfbauth
=
0
,
nopw
=
NOPW
;
int
got_viewpasswd
=
0
,
got_localhost
=
0
,
got_passwdfile
=
0
;
int
got_viewpasswd
=
0
,
got_localhost
=
0
,
got_passwdfile
=
0
;
int
got_stunnel
=
0
;
int
got_stunnel
=
0
;
...
@@ -1448,7 +1481,7 @@ int main(int argc, char* argv[]) {
...
@@ -1448,7 +1481,7 @@ int main(int argc, char* argv[]) {
unixpw_nis
=
1
;
unixpw_nis
=
1
;
}
}
if
(
i
<
argc
-
1
)
{
if
(
i
<
argc
-
1
)
{
char
*
p
,
*
q
,
*
s
=
argv
[
i
+
1
];
char
*
s
=
argv
[
i
+
1
];
if
(
s
[
0
]
!=
'-'
)
{
if
(
s
[
0
]
!=
'-'
)
{
unixpw_list
=
strdup
(
s
);
unixpw_list
=
strdup
(
s
);
i
++
;
i
++
;
...
@@ -1875,6 +1908,9 @@ int main(int argc, char* argv[]) {
...
@@ -1875,6 +1908,9 @@ int main(int argc, char* argv[]) {
char
*
s
=
argv
[
i
+
1
];
char
*
s
=
argv
[
i
+
1
];
if
(
*
s
!=
'-'
)
{
if
(
*
s
!=
'-'
)
{
gui_str
=
strdup
(
s
);
gui_str
=
strdup
(
s
);
if
(
strstr
(
gui_str
,
"setp"
))
{
got_gui_pw
=
1
;
}
i
++
;
i
++
;
}
}
}
}
...
@@ -2005,8 +2041,8 @@ int main(int argc, char* argv[]) {
...
@@ -2005,8 +2041,8 @@ int main(int argc, char* argv[]) {
}
}
if
(
launch_gui
)
{
if
(
launch_gui
)
{
int
sleep
=
0
;
int
sleep
=
0
;
if
(
!
got_passwd
&&
!
got_rfbauth
&&
!
got_passwdfile
&&
!
nopw
)
{
if
(
SHOW_NO_PASSWORD_WARNING
&&
!
nopw
)
{
sleep
=
3
;
sleep
=
2
;
}
}
do_gui
(
gui_str
,
sleep
);
do_gui
(
gui_str
,
sleep
);
}
}
...
@@ -2132,8 +2168,7 @@ int main(int argc, char* argv[]) {
...
@@ -2132,8 +2168,7 @@ int main(int argc, char* argv[]) {
exit
(
1
);
exit
(
1
);
}
}
if
(
!
got_passwd
&&
!
got_rfbauth
&&
(
!
got_passwdfile
||
!
passwd_list
)
if
(
SHOW_NO_PASSWORD_WARNING
)
{
&&
!
query_cmd
&&
!
remote_cmd
&&
!
unixpw
)
{
char
message
[]
=
"-rfbauth, -passwdfile, -passwd password, "
char
message
[]
=
"-rfbauth, -passwdfile, -passwd password, "
"or -unixpw required."
;
"or -unixpw required."
;
if
(
!
nopw
)
{
if
(
!
nopw
)
{
...
@@ -2834,8 +2869,7 @@ int main(int argc, char* argv[]) {
...
@@ -2834,8 +2869,7 @@ int main(int argc, char* argv[]) {
}
}
if
(
!
quiet
)
{
if
(
!
quiet
)
{
rfbLog
(
"screen setup finished.
\n
"
);
rfbLog
(
"screen setup finished.
\n
"
);
if
(
!
got_passwd
&&
!
got_rfbauth
&&
!
got_passwdfile
&&
!
unixpw
if
(
SHOW_NO_PASSWORD_WARNING
&&
!
nopw
)
{
&&
!
nopw
)
{
rfbLog
(
"
\n
"
);
rfbLog
(
"
\n
"
);
rfbLog
(
"WARNING: You are running x11vnc WITHOUT"
rfbLog
(
"WARNING: You are running x11vnc WITHOUT"
" a password. See
\n
"
);
" a password. See
\n
"
);
...
...
x11vnc/x11vnc_defs.c
View file @
c997e901
...
@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
...
@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
int
xdamage_base_event_type
=
0
;
int
xdamage_base_event_type
=
0
;
/* date +'lastmod: %Y-%m-%d' */
/* date +'lastmod: %Y-%m-%d' */
char
lastmod
[]
=
"0.8.1 lastmod: 2006-03-0
4
"
;
char
lastmod
[]
=
"0.8.1 lastmod: 2006-03-0
6
"
;
/* X display info */
/* X display info */
...
...
x11vnc/xevents.c
View file @
c997e901
...
@@ -18,6 +18,7 @@ int grab_buster = 0;
...
@@ -18,6 +18,7 @@ int grab_buster = 0;
int
sync_tod_delay
=
3
;
int
sync_tod_delay
=
3
;
void
initialize_vnc_connect_prop
(
void
);
void
initialize_vnc_connect_prop
(
void
);
void
initialize_x11vnc_remote_prop
(
void
);
void
spawn_grab_buster
(
void
);
void
spawn_grab_buster
(
void
);
void
sync_tod_with_servertime
(
void
);
void
sync_tod_with_servertime
(
void
);
void
check_keycode_state
(
void
);
void
check_keycode_state
(
void
);
...
@@ -39,10 +40,16 @@ void initialize_vnc_connect_prop(void) {
...
@@ -39,10 +40,16 @@ void initialize_vnc_connect_prop(void) {
vnc_connect_prop
=
XInternAtom
(
dpy
,
"VNC_CONNECT"
,
False
);
vnc_connect_prop
=
XInternAtom
(
dpy
,
"VNC_CONNECT"
,
False
);
}
}
void
initialize_x11vnc_remote_prop
(
void
)
{
x11vnc_remote_str
[
0
]
=
'\0'
;
x11vnc_remote_prop
=
XInternAtom
(
dpy
,
"X11VNC_REMOTE"
,
False
);
}
static
void
initialize_xevents
(
void
)
{
static
void
initialize_xevents
(
void
)
{
static
int
did_xselect_input
=
0
;
static
int
did_xselect_input
=
0
;
static
int
did_xcreate_simple_window
=
0
;
static
int
did_xcreate_simple_window
=
0
;
static
int
did_vnc_connect_prop
=
0
;
static
int
did_vnc_connect_prop
=
0
;
static
int
did_x11vnc_remote_prop
=
0
;
static
int
did_xfixes
=
0
;
static
int
did_xfixes
=
0
;
static
int
did_xdamage
=
0
;
static
int
did_xdamage
=
0
;
static
int
did_xrandr
=
0
;
static
int
did_xrandr
=
0
;
...
@@ -75,6 +82,14 @@ static void initialize_xevents(void) {
...
@@ -75,6 +82,14 @@ static void initialize_xevents(void) {
initialize_vnc_connect_prop
();
initialize_vnc_connect_prop
();
did_vnc_connect_prop
=
1
;
did_vnc_connect_prop
=
1
;
}
}
if
(
vnc_connect
&&
!
did_x11vnc_remote_prop
)
{
initialize_x11vnc_remote_prop
();
did_x11vnc_remote_prop
=
1
;
}
if
(
run_gui_pid
>
0
)
{
kill
(
run_gui_pid
,
SIGUSR1
);
run_gui_pid
=
0
;
}
if
(
xfixes_present
&&
use_xfixes
&&
!
did_xfixes
)
{
if
(
xfixes_present
&&
use_xfixes
&&
!
did_xfixes
)
{
initialize_xfixes
();
initialize_xfixes
();
did_xfixes
=
1
;
did_xfixes
=
1
;
...
@@ -744,11 +759,16 @@ void check_xevents(void) {
...
@@ -744,11 +759,16 @@ void check_xevents(void) {
set_cutbuffer
=
0
;
set_cutbuffer
=
0
;
}
else
if
(
vnc_connect
&&
vnc_connect_prop
!=
None
}
else
if
(
vnc_connect
&&
vnc_connect_prop
!=
None
&&
xev
.
xproperty
.
atom
==
vnc_connect_prop
)
{
&&
xev
.
xproperty
.
atom
==
vnc_connect_prop
)
{
/*
/*
* Go retrieve VNC_CONNECT string.
* Go retrieve VNC_CONNECT string.
*/
*/
read_vnc_connect_prop
();
read_vnc_connect_prop
(
0
);
}
else
if
(
vnc_connect
&&
x11vnc_remote_prop
!=
None
&&
xev
.
xproperty
.
atom
==
x11vnc_remote_prop
)
{
/*
* Go retrieve X11VNC_REMOTE string.
*/
read_x11vnc_remote_prop
(
0
);
}
}
}
}
}
}
...
...
x11vnc/xevents.h
View file @
c997e901
...
@@ -7,6 +7,7 @@ extern int grab_buster;
...
@@ -7,6 +7,7 @@ extern int grab_buster;
extern
int
sync_tod_delay
;
extern
int
sync_tod_delay
;
extern
void
initialize_vnc_connect_prop
(
void
);
extern
void
initialize_vnc_connect_prop
(
void
);
extern
void
initialize_x11vnc_remote_prop
(
void
);
extern
void
spawn_grab_buster
(
void
);
extern
void
spawn_grab_buster
(
void
);
extern
void
sync_tod_with_servertime
(
void
);
extern
void
sync_tod_with_servertime
(
void
);
extern
void
check_keycode_state
(
void
);
extern
void
check_keycode_state
(
void
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment