x11vnc: -unixpw_cmd, -passwfile cmd:/custom:, -sslnofail, -ultrafilexfer

dea53c22 · runge · 52ed38f6 · dea53c22 · dea53c22 · dea53c22
Commit dea53c22 authored Sep 21, 2006 by runge
16 changed files
--- a/x11vnc/ChangeLog
+++ b/x11vnc/ChangeLog
+2006-09-20  Karl Runge <runge@karlrunge.com>
+	* x11vnc: -unixpw_cmd, -passwfile cmd:/custom:, -sslnofail,
+	  -ultrafilexfer
 2006-09-17  Karl Runge <runge@karlrunge.com>
 	* x11vnc: move some info printout to -v, -verbose mode.  Add 
 	  -connect_or_exit option.  Have -rfbport 0 lead to no TCP

--- a/x11vnc/README
+++ b/x11vnc/README
--- a/x11vnc/connections.c
+++ b/x11vnc/connections.c
@@ -10,6 +10,7 @@
 #include "rates.h"
 #include "screen.h"
 #include "unixpw.h"
+#include "user.h"
 #include "scan.h"
 #include "sslcmds.h"
 #include "sslhelper.h"
@@ -49,10 +50,10 @@ void send_client_info(char *str);
 void adjust_grabs(int grab, int quiet);
 void check_new_clients(void);
 int accept_client(rfbClientPtr client);
+int run_user_command(char *cmd, rfbClientPtr client, char *mode, char *input,
+    int len, FILE *output);
 static rfbClientPtr *client_match(char *str);
-static int run_user_command(char *cmd, rfbClientPtr client, char *mode);
 static void free_client_data(rfbClientPtr client);
 static int check_access(char *addr);
 static void ugly_geom(char *p, int *x, int *y);
@@ -365,12 +366,16 @@ int cmd_ok(char *cmd) {
 * utility to run a user supplied command setting some RFB_ env vars.
 * used by, e.g., accept_client() and client_gone()
 */
-static int run_user_command(char *cmd, rfbClientPtr client, char *mode) {
+int run_user_command(char *cmd, rfbClientPtr client, char *mode, char *input,
+   int len, FILE *output) {
 	char *old_display = NULL;
 	char *addr = client->host;
 	char str[100];
 	int rc, ok;
-	ClientData *cd = (ClientData *) client->clientData;
+	ClientData *cd = NULL;
+	if (client != NULL) {
+		cd = (ClientData *) client->clientData;
+	}
 	if (addr == NULL || addr[0] == '\0') {
 		addr = "unknown-host";
@@ -492,6 +497,15 @@ static int run_user_command(char *cmd, rfbClientPtr client, char *mode) {
 	if (!strcmp(mode, "gone") && cmd_ok("gone")) {
 		ok = 1;
 	}
+	if (!strcmp(mode, "cmd_verify") && cmd_ok("unixpw")) {
+		ok = 1;
+	}
+	if (!strcmp(mode, "read_passwds") && cmd_ok("passwdfile")) {
+		ok = 1;
+	}
+	if (!strcmp(mode, "custom_passwd") && cmd_ok("custom_passwd")) {
+		ok = 1;
+	}
 	if (no_external_cmds || !ok) {
 		rfbLogEnable(1);
 		rfbLog("cannot run external commands in -nocmds mode:\n");
@@ -502,6 +516,32 @@ static int run_user_command(char *cmd, rfbClientPtr client, char *mode) {
 	rfbLog("running command:\n");
 	rfbLog("  %s\n", cmd);
+	if (output != NULL) {
+		FILE *ph = popen(cmd, "r");
+		char line[1024];
+		if (ph == NULL) {
+			rfbLog("popen(%s) failed", cmd);
+			rfbLogPerror("popen");
+			clean_up_exit(1);
+		}
+		while (fgets(line, 1024, ph) != NULL) {
+			if (0) fprintf(stderr, "line: %s", line);
+			fprintf(output, "%s", line);
+		}
+		rc = pclose(ph);
+		goto got_rc;
+	} else if (input != NULL) {
+		FILE *ph = popen(cmd, "w");
+		if (ph == NULL) {
+			rfbLog("popen(%s) failed", cmd);
+			rfbLogPerror("popen");
+			clean_up_exit(1);
+		}
+		write(fileno(ph), input, len);
+		rc = pclose(ph);
+		goto got_rc;
+	}
 #if LIBVNCSERVER_HAVE_FORK
 	{
 		pid_t pid, pidw;
@@ -549,6 +589,7 @@ static int run_user_command(char *cmd, rfbClientPtr client, char *mode) {
 	/* this will still have port 5900 open */
 	rc = system(cmd);
 #endif
+	got_rc:
 	if (rc >= 256) {
 		rc = rc/256;
@@ -671,7 +712,7 @@ void client_gone(rfbClientPtr client) {
 			free(userhost);
 		} else {
 			rfbLog("client_gone: using cmd: %s\n", client->host);
-			run_user_command(gone_cmd, client, "gone");
+			run_user_command(gone_cmd, client, "gone", NULL,0,NULL);
 		}
 	}
@@ -1412,7 +1453,7 @@ int accept_client(rfbClientPtr client) {
 		int rc;
 		rfbLog("accept_client: using cmd for: %s\n", addr);
-		rc = run_user_command(cmd, client, "accept");
+		rc = run_user_command(cmd, client, "accept", NULL, 0, NULL);
 		if (action) {
 			int result;
@@ -1952,6 +1993,8 @@ enum rfbNewClientAction new_client(rfbClientPtr client) {
 	last_event = last_input = time(NULL);
+	latest_client = client;
 	if (inetd) {
 		/* 
 		 * Set this so we exit as soon as connection closes,
@@ -2025,6 +2068,22 @@ if (0) fprintf(stderr, "SET ssl_helper_pid: %d\n", openssl_last_helper_pid);
 		return(RFB_CLIENT_REFUSE);
 	}
+	if (passwdfile) {
+		if (strstr(passwdfile, "read:") == passwdfile ||
+		    strstr(passwdfile, "cmd:") == passwdfile) {
+			if (read_passwds(passwdfile)) {
+				install_passwds();
+			} else {
+				rfbLog("problem reading: %s\n", passwdfile);
+				clean_up_exit(1);
+			}
+		} else if (strstr(passwdfile, "custom:") == passwdfile) {
+			if (screen) {
+				screen->passwordCheck = custom_passwd_check;
+			}
+		}
+	}
 	cd->uid = clients_served;
@@ -2340,7 +2399,7 @@ void check_new_clients(void) {
 			}
 			if (run_after_accept) {
 				run_user_command(afteraccept_cmd, cl,
-				    "afteraccept");
+				    "afteraccept", NULL, 0, NULL);
 			}
 		}
 	}

--- a/x11vnc/connections.h
+++ b/x11vnc/connections.h
@@ -32,5 +32,7 @@ extern void send_client_info(char *str);
 extern void adjust_grabs(int grab, int quiet);
 extern void check_new_clients(void);
 extern int accept_client(rfbClientPtr client);
+extern int run_user_command(char *cmd, rfbClientPtr client, char *mode, char *input,
+    int len, FILE *output);
 #endif /* _X11VNC_CONNECTIONS_H */
--- a/x11vnc/help.c
+++ b/x11vnc/help.c
@@ -315,10 +315,11 @@ void print_help(int mode) {
 "                       change the global or per-client viewonly state the\n"
 "                       filetransfer permissions will NOT change.\n"
 "\n"
-"                       Note, to *enable* UltraVNC filetransfer (currently\n"
+"-ultrafilexfer         Note, to *enable* UltraVNC filetransfer (currently\n"
 "                       disabled by default, this may change...) and to get it\n"
 "                       to work you probably need to supply these libvncserver\n"
 "                       options: \"-rfbversion 3.6 -permitfiletransfer\"\n"
+"                       \"-ultrafilexfer\" is an alias for this combination.\n"
 "\n"
 "-http                  Instead of using -httpdir (see below) to specify\n"
 "                       where the Java vncviewer applet is, have x11vnc try\n"
@@ -434,20 +435,59 @@ void print_help(int mode) {
 "-passwdfile filename   Specify the libvncserver password via the first line\n"
 "                       of the file \"filename\" (instead of via -passwd on\n"
 "                       the command line where others might see it via ps(1)).\n"
-"                       See below for how to supply multiple passwords.\n"
+"\n"
+"                       See the descriptions below for how to supply multiple\n"
+"                       passwords, view-only passwords, to specify external\n"
+"                       programs for the authentication, and other features.\n"
 "\n"
 "                       If the filename is prefixed with \"rm:\" it will be\n"
 "                       removed after being read.  Perhaps this is useful in\n"
-"                       limiting the readability of the file.  In general,\n"
+"                       limiting the readability of the file.  In general, the\n"
-"                       the password file should not be readable by untrusted\n"
+"                       password file should not be readable by untrusted users\n"
-"                       users (BTW: neither should the VNC -rfbauth file:\n"
+"                       (BTW: neither should the VNC -rfbauth file: it is NOT\n"
-"                       it is NOT encrypted, only obscured).\n"
+"                       encrypted, only obscured with a fixed key).\n"
 "\n"
 "                       If the filename is prefixed with \"read:\" it will\n"
-"                       periodically be checked for changes and reread.\n"
+"                       periodically be checked for changes and reread.  It it\n"
-"\n"
+"                       guaranteed to be reread just when a new client connects\n"
-"                       Note that only the first 8 characters of a password\n"
+"                       so that the latest passwords will be used.\n"
-"                       are used.\n"
+"\n"
+"                       If \"filename\" is prefixed with \"cmd:\" then the\n"
+"                       string after the \":\" is run as an external command:\n"
+"                       the output of the command will be interpreted as if it\n"
+"                       were read from a password file (see below).  If the\n"
+"                       command does not exit with 0, then x11vnc terminates\n"
+"                       immediately.  To specify more than 1000 passwords this\n"
+"                       way set X11VNC_MAX_PASSWDS before starting x11vnc.\n"
+"                       The environment variables are set as in -accept.\n"
+"\n"
+"                       Note that due to the VNC protocol only the first 8\n"
+"                       characters of a password are used (DES key).\n"
+"\n"
+"                       If \"filename\" is prefixed with \"custom:\" then a\n"
+"                       custom password checker is supplied as an external\n"
+"                       command following the \":\". The command will be run\n"
+"                       when a client authenticates.  If the command exits with\n"
+"                       0 the client is accepted, otherwise it is rejected.\n"
+"                       The environment variables are set as in -accept.\n"
+"\n"
+"                       The standard input to the custom command will be a\n"
+"                       decimal digit \"len\" followed by a newline. \"len\"\n"
+"                       specifies the challenge size and is usually 16 (the\n"
+"                       VNC spec).  Then follows len bytes which is the random\n"
+"                       challenge string that was sent to the client. This is\n"
+"                       then followed by len more bytes holding the client's\n"
+"                       response (i.e. the challenge string encrypted via DES\n"
+"                       with the user password in the standard situation).\n"
+"\n"
+"                       The \"custom:\" scheme can be useful to implement\n"
+"                       dynamic passwords or to implement methods where longer\n"
+"                       passwords and/or different encryption algorithms\n"
+"                       are used.  The latter will require customizing the VNC\n"
+"                       client as well.  One could create an MD5SUM based scheme\n"
+"                       for example.\n"
+"\n"
+"                       File format for -passwdfile:\n"
 "\n"
 "                       If multiple non-blank lines exist in the file they are\n"
 "                       all taken as valid passwords.  Blank lines are ignored.\n"
@@ -611,6 +651,17 @@ void print_help(int mode) {
 "                       to use -users unixpw= to switch the process user after\n"
 "                       the user logs in.\n"
 "\n"
+"-unixpw_cmd str        As -unixpw above, however do not use su(1) but rather\n"
+"                       run the externally supplied command \"str\".  The first\n"
+"                       line of its stdin will the username and the second line\n"
+"                       the received password.  If the command exits with status\n"
+"                       0 (success) the VNC client will be accepted.  It will be\n"
+"                       rejected for any other return status.  Dynamic passwords\n"
+"                       and non-unix passwords can be implemented this way by\n"
+"                       providing your own custom helper program.  Note that\n"
+"                       under unixpw mode the remote viewer is given 3 tries\n"
+"                       to enter the correct password.\n"
+"\n"
 #endif
 "-display WAIT:...      A special usage mode for the normal -display option.\n"
 "                       Useful with -unixpw, but can be used independently\n"
@@ -792,6 +843,11 @@ void print_help(int mode) {
 "                       Set to zero to poll forever.  Set to a negative value\n"
 "                       to use the builtin setting.\n"
 "\n"
+"-sslnofail             Exit at the first SSL connection failure. Useful when\n"
+"                       scripting SSL connections (e.g. x11vnc is started via\n"
+"                       ssh) and you do not want x11vnc waiting around for more\n"
+"                       connections, tying up ports, etc.\n"
+"\n"
 "-ssldir [dir]          Use [dir] as an alternate ssl certificate and key\n"
 "                       management toplevel directory.  The default is\n"
 "                       ~/.vnc/certs\n"
@@ -3340,7 +3396,7 @@ void print_help(int mode) {
 "\n"
 "                        stunnel, ssl, unixpw, WAIT, id, accept, afteraccept,\n"
 "                        gone, pipeinput, v4l-info, rawfb-setup, dt, gui,\n"
-"                        storepasswd, crash.\n"
+"                        storepasswd, passwdfile, custom_passwd, crash.\n"
 "\n"
 "                       See each option's help to learn the associated external\n"
 "                       command.  Note that the -nocmds option takes precedence\n"

--- a/x11vnc/options.c
+++ b/x11vnc/options.c
@@ -19,11 +19,13 @@ char *passwdfile = NULL;	/* -passwdfile */
 int unixpw = 0;			/* -unixpw */
 int unixpw_nis = 0;		/* -unixpw_nis */
 char *unixpw_list = NULL;
+char *unixpw_cmd = NULL;
 int use_stunnel = 0;		/* -stunnel */
 int stunnel_port = 0;
 char *stunnel_pem = NULL;
 int use_openssl = 0;
 int http_ssl = 0;
+int ssl_no_fail = 0;
 char *openssl_pem = NULL;
 char *ssl_certs_dir = NULL;
 int https_port_num = -1;

--- a/x11vnc/options.h
+++ b/x11vnc/options.h
@@ -19,11 +19,13 @@ extern char *passwdfile;
 extern int unixpw;
 extern int unixpw_nis;
 extern char *unixpw_list;
+extern char *unixpw_cmd;
 extern int use_stunnel;
 extern int stunnel_port;
 extern char *stunnel_pem;
 extern int use_openssl;
 extern int http_ssl;
+extern int ssl_no_fail;
 extern char *openssl_pem;
 extern char *ssl_certs_dir;
 extern int https_port_num;

--- a/x11vnc/sslhelper.c
+++ b/x11vnc/sslhelper.c
@@ -1326,6 +1326,9 @@ void accept_openssl(int mode) {
 		if (sock < 0)  {
 			rfbLog("SSL: accept_openssl: accept connection failed\n");
 			rfbLogPerror("accept");
+			if (ssl_no_fail) {
+				clean_up_exit(1);
+			}
 			return;
 		}
 		listen = openssl_sock;
@@ -1335,6 +1338,9 @@ void accept_openssl(int mode) {
 		if (sock < 0)  {
 			rfbLog("SSL: accept_openssl: accept connection failed\n");
 			rfbLogPerror("accept");
+			if (ssl_no_fail) {
+				clean_up_exit(1);
+			}
 			return;
 		}
 		listen = https_sock;
@@ -1357,7 +1363,7 @@ void accept_openssl(int mode) {
 	if (! cport) {
 		rfbLog("SSL: accept_openssl: could not find open port.\n");
 		close(sock);
-		if (mode == OPENSSL_INETD) {
+		if (mode == OPENSSL_INETD || ssl_no_fail) {
 			clean_up_exit(1);
 		}
 		return;
@@ -1370,7 +1376,7 @@ void accept_openssl(int mode) {
 		rfbLog("SSL: accept_openssl: could not listen on port %d.\n",
 		    cport);
 		close(sock);
-		if (mode == OPENSSL_INETD) {
+		if (mode == OPENSSL_INETD || ssl_no_fail) {
 			clean_up_exit(1);
 		}
 		return;
@@ -1416,7 +1422,7 @@ void accept_openssl(int mode) {
 		rfbLogPerror("fork");
 		close(sock);
 		close(csock);
-		if (mode == OPENSSL_INETD) {
+		if (mode == OPENSSL_INETD || ssl_no_fail) {
 			clean_up_exit(1);
 		}
 		return;
@@ -1721,7 +1727,7 @@ if (db) fprintf(stderr, "iface: %s\n", iface);
 		kill(pid, SIGTERM);
 		waitpid(pid, &status, WNOHANG); 
-		if (mode == OPENSSL_INETD) {
+		if (mode == OPENSSL_INETD || ssl_no_fail) {
 			clean_up_exit(1);
 		}
 		return;
@@ -1787,7 +1793,7 @@ if (db) fprintf(stderr, "iface: %s\n", iface);
 		}
 		kill(pid, SIGTERM);
 		waitpid(pid, &status, WNOHANG); 
-		if (mode == OPENSSL_INETD) {
+		if (mode == OPENSSL_INETD || ssl_no_fail) {
 			clean_up_exit(1);
 		}
 		return;
@@ -1820,7 +1826,7 @@ if (db) fprintf(stderr, "iface: %s\n", iface);
 		kill(pid, SIGTERM);
 		waitpid(pid, &status, WNOHANG); 
-		if (mode == OPENSSL_INETD) {
+		if (mode == OPENSSL_INETD || ssl_no_fail) {
 			clean_up_exit(1);
 		}
 		return;

--- a/x11vnc/unixpw.c
+++ b/x11vnc/unixpw.c
@@ -63,6 +63,7 @@ void unixpw_deny(void);
 void unixpw_msg(char *msg, int delay);
 int su_verify(char *user, char *pass, char *cmd, char *rbuf, int *rbuf_size);
 int crypt_verify(char *user, char *pass);
+int cmd_verify(char *user, char *pass);
 static int white(void);
 static int text_x(void);
@@ -408,6 +409,51 @@ int crypt_verify(char *user, char *pass) {
 #endif	/* UNIXPW_CRYPT */
 }
+int cmd_verify(char *user, char *pass) {
+	int i, len, rc;
+	char *str;
+	if (! user || ! pass) {
+		return 0;
+	}
+	if (! unixpw_cmd || *unixpw_cmd == '\0') {
+		return 0;
+	}
+	if (unixpw_client) {
+		ClientData *cd = (ClientData *) unixpw_client->clientData;
+		if (cd) {
+			cd->username = strdup(user);
+		}
+	}
+	len = strlen(user) + 1 + strlen(pass) + 1 + 1;
+	str = (char *) malloc(len);
+	if (! str) {
+		return 0;
+	}
+	str[0] = '\0';
+	strcat(str, user);
+	strcat(str, "\n");
+	strcat(str, pass);
+	if (!strchr(pass, '\n')) {
+		strcat(str, "\n");
+	}
+	rc = run_user_command(unixpw_cmd, unixpw_client, "cmd_verify",
+	    str, strlen(str), NULL);
+	for (i=0; i < len; i++) {
+		str[i] = '\0';
+	}
+	free(str);
+	if (rc == 0) {
+		return 1;
+	} else {
+		return 0;
+	}
+}
 int su_verify(char *user, char *pass, char *cmd, char *rbuf, int *rbuf_size) {
 #ifndef UNIXPW_SU
 	return 0;
@@ -849,6 +895,7 @@ static void unixpw_verify(char *user, char *pass) {
 	char log[] = "login: ";
 	char *colon = NULL;
 	ClientData *cd = NULL;
+	int ok;
 if (db) fprintf(stderr, "unixpw_verify: '%s' '%s'\n", user, db > 1 ? pass : "********");
 	rfbLog("unixpw_verify: %s\n", user);
@@ -871,30 +918,43 @@ if (db) fprintf(stderr, "unixpw_verify: '%s' '%s'\n", user, db > 1 ? pass : "***
 		}
 	}
-	if (unixpw_nis) {
+	ok = 0;
+	if (unixpw_cmd) {
+		if (cmd_verify(user, pass)) {
+			rfbLog("unixpw_verify: cmd_verify login for '%s'"
+			    " succeeded.\n", user);
+			ok = 1;
+		} else {
+			rfbLog("unixpw_verify: crypt_verify login for '%s'"
+			    " failed.\n", user);
+			usleep(3000*1000);
+			ok = 0;
+		}
+	} else if (unixpw_nis) {
 		if (crypt_verify(user, pass)) {
 			rfbLog("unixpw_verify: crypt_verify login for '%s'"
 			    " succeeded.\n", user);
-			unixpw_accept(user);
+			ok = 1;
-			if (keep_unixpw) {
-				keep_unixpw_user = strdup(user);
-				keep_unixpw_pass = strdup(pass);
-				if (colon) {
-					keep_unixpw_opts = strdup(colon+1);
 		} else {
-					keep_unixpw_opts = strdup("");
+			rfbLog("unixpw_verify: crypt_verify login for '%s'"
-				}
+			    " failed.\n", user);
-			}
-			if (colon) *colon = ':';
-			return;
-		}
-		rfbLog("unixpw_verify: crypt_verify login for '%s' failed.\n",
-		    user);
 			usleep(3000*1000);
+			ok = 0;
+		}
 	} else {
 		if (su_verify(user, pass, NULL, NULL, NULL)) {
 			rfbLog("unixpw_verify: su_verify login for '%s'"
 			    " succeeded.\n", user);
+			ok = 1;
+		} else {
+			rfbLog("unixpw_verify: su_verify login for '%s'"
+			    " failed.\n", user);
+			/* use su(1)'s sleep */
+			ok = 0;
+		}
+	}
+	if (ok) {
 		unixpw_accept(user);
 		if (keep_unixpw) {
 			keep_unixpw_user = strdup(user);
@@ -908,9 +968,6 @@ if (db) fprintf(stderr, "unixpw_verify: '%s' '%s'\n", user, db > 1 ? pass : "***
 		if (colon) *colon = ':';
 		return;
 	}
-		rfbLog("unixpw_verify: su_verify login for '%s' failed.\n",
-		    user);
-	}
 	if (colon) *colon = ':';
 	if (tries < 2) {

--- a/x11vnc/unixpw.h
+++ b/x11vnc/unixpw.h
@@ -10,6 +10,7 @@ extern void unixpw_deny(void);
 extern void unixpw_msg(char *msg, int delay);
 extern int su_verify(char *user, char *pass, char *cmd, char *rbuf, int *rbuf_size);
 extern int crypt_verify(char *user, char *pass);
+extern int cmd_verify(char *user, char *pass);
 extern int unixpw_in_progress;
 extern int unixpw_denied;

--- a/x11vnc/user.c
+++ b/x11vnc/user.c
@@ -19,9 +19,9 @@ void lurk_loop(char *str);
 int switch_user(char *user, int fb_mode);
 int read_passwds(char *passfile);
 void install_passwds(void);
-void check_new_passwds(void);
+void check_new_passwds(int force);
 int wait_for_client(int *argc, char** argv, int http);
+rfbBool custom_passwd_check(rfbClientPtr cl, const char *response, int len);
 static void switch_user_task_dummy(void);
 static void switch_user_task_solid_bg(void);
@@ -722,16 +722,21 @@ int read_passwds(char *passfile) {
 	char line[1024];
 	char *filename;
 	char **old_passwd_list = passwd_list;
-	int remove = 0;
+	int linecount = 0, i, remove = 0, read_mode = 0, begin_vo = -1;
-	int read_mode = 0;
-	int begin_vo = -1;
 	struct stat sbuf;
-	int linecount = 0, i, max;
+	static int max = -1;
-	FILE *in;
+	FILE *in = NULL;
 	static time_t last_read = 0;
 	static int read_cnt = 0;
 	int db_passwd = 0;
+	if (max < 0) {
+		max = 1000;
+		if (getenv("X11VNC_MAX_PASSWDS")) {
+			max = atoi(getenv("X11VNC_MAX_PASSWDS"));
+		}
+	}
 	filename = passfile;
 	if (strstr(filename, "rm:") == filename) {
 		filename += strlen("rm:");
@@ -741,18 +746,37 @@ int read_passwds(char *passfile) {
 		read_mode = 1;
 		if (stat(filename, &sbuf) == 0) {
 			if (sbuf.st_mtime <= last_read) {
-				return 0;
+				return 1;
 			}
 			last_read = sbuf.st_mtime;
 		}
+	} else if (strstr(filename, "cmd:") == filename) {
+		int rc;
+		filename += strlen("cmd:");
+		read_mode = 1;
+		in = tmpfile();
+		if (in == NULL) {
+			rfbLog("run_user_command tmpfile() failed: %s\n",
+			    filename);
+			clean_up_exit(1);
+		}
+		rc = run_user_command(filename, latest_client, "read_passwds",
+		    NULL, 0, in);
+		if (rc != 0) {
+			rfbLog("run_user_command command failed: %s\n",
+			    filename);
+			clean_up_exit(1);
+		}
+		rewind(in);
+	} else if (strstr(filename, "custom:") == filename) {
+		return 1;
 	}
-	if (stat(filename, &sbuf) == 0) {
+	if (in == NULL && stat(filename, &sbuf) == 0) {
 		/* (poor...) upper bound to number of lines */
 		max = (int) sbuf.st_size;
 		last_read = sbuf.st_mtime;
-	} else {
-		max = 64;
 	}
 	/* create 1 more than max to have it be the ending NULL */
@@ -761,7 +785,9 @@ int read_passwds(char *passfile) {
 		passwd_list[i] = NULL;
 	}
+	if (in == NULL) {
 		in = fopen(filename, "r");
+	}
 	if (in == NULL) {
 		rfbLog("cannot open passwdfile: %s\n", passfile);
 		rfbLogPerror("fopen");
@@ -827,6 +853,7 @@ int read_passwds(char *passfile) {
 		}
 		if (linecount >= max) {
+			rfbLog("read_passwds: hit max passwd: %d\n", max);
 			break;
 		}
 	}
@@ -927,7 +954,7 @@ void install_passwds(void) {
 	}
 }
-void check_new_passwds(void) {
+void check_new_passwds(int force) {
 	static time_t last_check = 0;
 	time_t now;
@@ -939,6 +966,10 @@ void check_new_passwds(void) {
 	}
 	if (unixpw_in_progress) return;
+	if (force) {
+		last_check = 0;
+	}
 	now = time(NULL);
 	if (now > last_check + 1) {
 		if (read_passwds(passwdfile)) {
@@ -948,6 +979,44 @@ void check_new_passwds(void) {
 	}
 }
+rfbBool custom_passwd_check(rfbClientPtr cl, const char *response, int len) {
+	char *input, *q, *cmd;
+	char num[16];
+	int j, i, n, rc;
+	rfbLog("custom_passwd_check: len=%d\n", len);
+	if (!passwdfile || strstr(passwdfile, "custom:") != passwdfile) {
+		return FALSE;
+	}
+	cmd = passwdfile + strlen("custom:");
+	sprintf(num, "%d\n", len);
+	input = (char *) malloc(2 * len + 16 + 1);
+	input[0] = '\0';
+	strcat(input, num);
+	n = strlen(num);
+	j = n;
+	for (i=0; i < len; i++) {
+		input[j] = cl->authChallenge[i];
+		j++;
+	}
+	for (i=0; i < len; i++) {
+		input[j] = response[i];
+		j++;
+	}
+	rc = run_user_command(cmd, cl, "custom_passwd", input, n+2*len, NULL);
+	free(input);
+	if (rc == 0) {
+		return TRUE;
+	} else {
+		return FALSE;
+	}
+}
 static void handle_one_http_request(void) {
 	rfbLog("handle_one_http_request: begin.\n");

--- a/x11vnc/user.h
+++ b/x11vnc/user.h
@@ -8,7 +8,8 @@ extern void lurk_loop(char *str);
 extern int switch_user(char *, int);
 extern int read_passwds(char *passfile);
 extern void install_passwds(void);
-extern void check_new_passwds(void);
+extern void check_new_passwds(int force);
 extern int wait_for_client(int *argc, char** argv, int http);
+extern rfbBool custom_passwd_check(rfbClientPtr cl, const char *response, int len);
 #endif /* _X11VNC_USER_H */
--- a/x11vnc/x11vnc.1
+++ b/x11vnc/x11vnc.1
@@ -2,7 +2,7 @@
 .TH X11VNC "1" "September 2006" "x11vnc " "User Commands"
 .SH NAME
 x11vnc - allow VNC connections to real X11 displays
-         version: 0.8.3, lastmod: 2006-09-17
+         version: 0.8.3, lastmod: 2006-09-20
 .SH SYNOPSIS
 .B x11vnc
 [OPTION]...
@@ -373,11 +373,14 @@ Also clients that log in viewonly cannot transfer files.
 However, if the remote control mechanism is used to
 change the global or per-client viewonly state the
 filetransfer permissions will NOT change.
+.PP
+\fB-ultrafilexfer\fR
 .IP
 Note, to *enable* UltraVNC filetransfer (currently
 disabled by default, this may change...) and to get it
 to work you probably need to supply these libvncserver
 options: "\fB-rfbversion\fR \fI3.6 \fB-permitfiletransfer\fR"\fR
+"\fB-ultrafilexfer\fR" is an alias for this combination.
 .PP
 \fB-http\fR
 .IP
@@ -533,20 +536,59 @@ of the file \fIfilename\fR (instead of via \fB-passwd\fR on
 the command line where others might see it via 
 .IR ps (1)
 ).
-See below for how to supply multiple passwords.
+.IP
+See the descriptions below for how to supply multiple
+passwords, view-only passwords, to specify external
+programs for the authentication, and other features.
 .IP
 If the filename is prefixed with "rm:" it will be
 removed after being read.  Perhaps this is useful in
-limiting the readability of the file.  In general,
+limiting the readability of the file.  In general, the
-the password file should not be readable by untrusted
+password file should not be readable by untrusted users
-users (BTW: neither should the VNC \fB-rfbauth\fR file:
+(BTW: neither should the VNC \fB-rfbauth\fR file: it is NOT
-it is NOT encrypted, only obscured).
+encrypted, only obscured with a fixed key).
 .IP
 If the filename is prefixed with "read:" it will
-periodically be checked for changes and reread.
+periodically be checked for changes and reread.  It it
-.IP
+guaranteed to be reread just when a new client connects
-Note that only the first 8 characters of a password
+so that the latest passwords will be used.
-are used.
+.IP
+If \fIfilename\fR is prefixed with "cmd:" then the
+string after the ":" is run as an external command:
+the output of the command will be interpreted as if it
+were read from a password file (see below).  If the
+command does not exit with 0, then x11vnc terminates
+immediately.  To specify more than 1000 passwords this
+way set X11VNC_MAX_PASSWDS before starting x11vnc.
+The environment variables are set as in \fB-accept.\fR
+.IP
+Note that due to the VNC protocol only the first 8
+characters of a password are used (DES key).
+.IP
+If \fIfilename\fR is prefixed with "custom:" then a
+custom password checker is supplied as an external
+command following the ":". The command will be run
+when a client authenticates.  If the command exits with
+0 the client is accepted, otherwise it is rejected.
+The environment variables are set as in \fB-accept.\fR
+.IP
+The standard input to the custom command will be a
+decimal digit "len" followed by a newline. "len"
+specifies the challenge size and is usually 16 (the
+VNC spec).  Then follows len bytes which is the random
+challenge string that was sent to the client. This is
+then followed by len more bytes holding the client's
+response (i.e. the challenge string encrypted via DES
+with the user password in the standard situation).
+.IP
+The "custom:" scheme can be useful to implement
+dynamic passwords or to implement methods where longer
+passwords and/or different encryption algorithms
+are used.  The latter will require customizing the VNC
+client as well.  One could create an MD5SUM based scheme
+for example.
+.IP
+File format for \fB-passwdfile:\fR
 .IP
 If multiple non-blank lines exist in the file they are
 all taken as valid passwords.  Blank lines are ignored.
@@ -733,6 +775,21 @@ in /etc/shadow can then be authenticated.  You may want
 to use \fB-users\fR unixpw= to switch the process user after
 the user logs in.
 .PP
+\fB-unixpw_cmd\fR \fIstr\fR
+.IP
+As \fB-unixpw\fR above, however do not use 
+.IR su (1)
+but rather
+run the externally supplied command \fIstr\fR.  The first
+line of its stdin will the username and the second line
+the received password.  If the command exits with status
+0 (success) the VNC client will be accepted.  It will be
+rejected for any other return status.  Dynamic passwords
+and non-unix passwords can be implemented this way by
+providing your own custom helper program.  Note that
+under unixpw mode the remote viewer is given 3 tries
+to enter the correct password.
+.PP
 \fB-display\fR \fIWAIT:...\fR
 .IP
 A special usage mode for the normal \fB-display\fR option.
@@ -926,6 +983,13 @@ timeout (25s for about the first minute, 43200s later).
 Set to zero to poll forever.  Set to a negative value
 to use the builtin setting.
 .PP
+\fB-sslnofail\fR
+.IP
+Exit at the first SSL connection failure. Useful when
+scripting SSL connections (e.g. x11vnc is started via
+ssh) and you do not want x11vnc waiting around for more
+connections, tying up ports, etc.
+.PP
 \fB-ssldir\fR \fI[dir]\fR
 .IP
 Use [dir] as an alternate ssl certificate and key
@@ -4073,7 +4137,7 @@ associated options is:
 .IP
 stunnel, ssl, unixpw, WAIT, id, accept, afteraccept,
 gone, pipeinput, v4l-info, rawfb-setup, dt, gui,
-storepasswd, crash.
+storepasswd, passwdfile, custom_passwd, crash.
 .IP
 See each option's help to learn the associated external
 command.  Note that the \fB-nocmds\fR option takes precedence

--- a/x11vnc/x11vnc.c
+++ b/x11vnc/x11vnc.c
@@ -569,7 +569,7 @@ static void watch_loop(void) {
 			check_xdamage_state();
 			check_xrecord_reset(0);
 			check_add_keysyms();
-			check_new_passwds();
+			check_new_passwds(0);
 			if (started_as_root) {
 				check_switched_user();
 			}
@@ -1049,7 +1049,15 @@ static void quick_pw(char *str) {
 	}
 	*q = '\0';
 	if (db) fprintf(stderr, "'%s' '%s'\n", p, q+1);
-	if (unixpw_nis) {
+	if (unixpw_cmd) {
+		if (cmd_verify(p, q+1)) {
+			fprintf(stdout, "Y %s\n", p);
+			exit(0);
+		} else {
+			fprintf(stdout, "N %s\n", p);
+			exit(1);
+		}
+	} else if (unixpw_nis) {
 		if (crypt_verify(p, q+1)) {
 			fprintf(stdout, "Y %s\n", p);
 			exit(0);
@@ -1707,6 +1715,16 @@ int main(int argc, char* argv[]) {
 			passwdfile = strdup(argv[++i]);
 			got_passwdfile = 1;
 #ifndef NO_SSL_OR_UNIXPW
+		} else if (!strcmp(arg, "-unixpw_cmd")
+		    || !strcmp(arg, "-unixpw_cmd_unsafe")) {
+			CHECK_ARGC
+			unixpw_cmd = strdup(argv[++i]);
+			unixpw = 1;
+			if (strstr(arg, "_unsafe")) {
+				/* hidden option for testing. */
+				set_env("UNIXPW_DISABLE_SSL", "1");
+				set_env("UNIXPW_DISABLE_LOCALHOST", "1");
+			}
 		} else if (strstr(arg, "-unixpw") == arg) {
 			unixpw = 1;
 			if (strstr(arg, "-unixpw_nis")) {
@@ -1741,6 +1759,8 @@ int main(int argc, char* argv[]) {
 		} else if (!strcmp(arg, "-ssltimeout")) {
 			CHECK_ARGC
 			ssl_timeout_secs = atoi(argv[++i]);
+		} else if (!strcmp(arg, "-sslnofail")) {
+			ssl_no_fail = 1;
 		} else if (!strcmp(arg, "-ssldir")) {
 			CHECK_ARGC
 			ssl_certs_dir = strdup(argv[++i]);
@@ -2367,7 +2387,14 @@ int main(int argc, char* argv[]) {
 				listen_str = strdup(argv[i+1]);
 			}
 			/* otherwise copy it for libvncserver use below. */
-			if (argc_vnc < argc_vnc_max) {
+			if (!strcmp(arg, "-ultrafilexfer") ||
+			    !strcmp(arg, "-ultravncfilexfer")) {
+				if (argc_vnc + 2 < argc_vnc_max) {
+					argv_vnc[argc_vnc++] = strdup("-rfbversion");
+					argv_vnc[argc_vnc++] = strdup("3.6");
+					argv_vnc[argc_vnc++] = strdup("-permitfiletransfer");
+				}
+			} else if (argc_vnc < argc_vnc_max) {
 				argv_vnc[argc_vnc++] = strdup(arg);
 			} else {
 				rfbLog("too many arguments.\n");
@@ -2573,13 +2600,25 @@ int main(int argc, char* argv[]) {
 		}
 	} else if (passwdfile) {
 		/* read passwd(s) from file */
-		if (read_passwds(passwdfile)) {
+		if (strstr(passwdfile, "cmd:") == passwdfile ||
+		    strstr(passwdfile, "custom:") == passwdfile) {
+			char tstr[100], *q;
+			sprintf(tstr, "%f", dnow());
+			if ((q = strrchr(tstr, '.')) == NULL) {
+				q = tstr;
+			} else {
+				q++;
+			}
+			/* never used under cmd:, used to force auth */
+			argv_vnc[argc_vnc++] = strdup("-passwd");
+			argv_vnc[argc_vnc++] = strdup(q);
+		} else if (read_passwds(passwdfile)) {
 			argv_vnc[argc_vnc++] = strdup("-passwd");
 			argv_vnc[argc_vnc++] = strdup(passwd_list[0]);
+		}
 		got_passwd = 1;
 		pw_loc = 100;	/* just for pw_loc check below */
 	}
-	}
 	if (vpw_loc > 0) {
 		int i;
 		for (i=vpw_loc; i <= vpw_loc+1; i++) {

--- a/x11vnc/x11vnc.h
+++ b/x11vnc/x11vnc.h
@@ -454,6 +454,7 @@ extern int hack_val;
 /* last client to move pointer */
 extern rfbClientPtr last_pointer_client;
+extern rfbClientPtr latest_client;
 extern int client_count;
 extern int clients_served;

--- a/x11vnc/x11vnc_defs.c
+++ b/x11vnc/x11vnc_defs.c
@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
 int xdamage_base_event_type = 0;
 /*               date +'lastmod: %Y-%m-%d' */
-char lastmod[] = "0.8.3 lastmod: 2006-09-17";
+char lastmod[] = "0.8.3 lastmod: 2006-09-20";
 /* X display info */
@@ -127,6 +127,7 @@ int hack_val = 0;
 /* last client to move pointer */
 rfbClientPtr last_pointer_client = NULL;
+rfbClientPtr latest_client = NULL;
 int client_count = 0;
 int clients_served = 0;