Commit e1c733ee authored by runge's avatar runge

Sync with SSVNC 1.0.15

parent 69a63b28
......@@ -118,9 +118,15 @@ The enhanced TightVNC viewer features are:
(-popupfix option).
- Improvements to the Popup menu, all of these can now be changed
dynamically via the menu: ViewOnly, CursorShape updates, X11
Cursor, Cursor Alphablending, Toggle Tight/ZRLE, Toggle JPEG,
FullColor/16bpp/8bpp (256/64/8 colors).
dynamically via the menu: ViewOnly, Toggle Bell, CursorShape
updates, X11 Cursor, Cursor Alphablending, Toggle Tight/ZRLE,
Toggle JPEG, FullColor/16bpp/8bpp (256/64/8 colors), Greyscale
for low color modes.
- Support for UltraVNC extensions: Single Window, Disable
Server-side Input, 1/n Server side scaling, Text Chat (shell
terminal UI). Both UltraVNC and x11vnc servers support these
extensions
- Run vncviewer -help for all options.
......@@ -149,7 +155,7 @@ Unix and Mac OS X:
Unpack the archive:
% gzip -dc ssvnc-1.0.14.tar.gz | tar xvf -
% gzip -dc ssvnc-1.0.15.tar.gz | tar xvf -
Run the GUI:
......@@ -159,7 +165,7 @@ Unix and Mac OS X:
On MacOSX you could also click on the SSVNC app in the Finder.
The smaller file "ssvnc_no_windows-1.0.14.tar.gz"
The smaller file "ssvnc_no_windows-1.0.15.tar.gz"
could have been used as well.
On MacOSX there is also a SSVNC.app directory icon you can click on
......@@ -170,7 +176,7 @@ Windows:
Unzip, using WinZip or a similar utility, the zip file:
ssvnc-1.0.14.zip
ssvnc-1.0.15.zip
Run the GUI, e.g.:
......@@ -182,7 +188,7 @@ Windows:
select Open, and then OK to launch it.
The smaller file "ssvnc_windows_only-1.0.14.zip"
The smaller file "ssvnc_windows_only-1.0.15.zip"
could have been used as well.
You can make a Windows shortcut to this program if you want to.
......
......@@ -112,7 +112,9 @@ VNCVIEWERCMD=${VNCVIEWERCMD:-vncviewer}
# Same for STUNNEL, e.g. set it to /path/to/stunnel or stunnel4, etc.
#
#set -xv
if [ "X$SS_DEBUG" != "X" ]; then
set -xv
fi
PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH
......@@ -146,6 +148,10 @@ showcert=""
reverse=""
if [ "X$1" = "X-viewerflavor" ]; then
if echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then
echo "unknown"
exit 0
fi
if echo "$VNCVIEWERCMD" | grep -i chicken.of > /dev/null; then
echo "cotvnc"
exit 0
......@@ -167,6 +173,12 @@ if [ "X$1" = "X-viewerflavor" ]; then
exit 0
fi
if [ "X$SS_VNCVIEWER_NO_MAXCONN" != "X" ]; then
STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
elif echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then
STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
fi
# grab our cmdline options:
while [ "X$1" != "X" ]
do
......@@ -215,10 +227,6 @@ else
fi
if [ "X$reverse" != "X" ]; then
ssh_sleep=1800
if [ "X$use_ssh" = "X1" ]; then
VNCVIEWER_LISTEN_LOCALHOST=1
export VNCVIEWER_LISTEN_LOCALHOST
fi
if [ "X$proxy" != "X" ]; then
if [ "X$use_ssh" = "X" -a "X$use_sshssl" = "X" ]; then
echo ""
......@@ -256,6 +264,15 @@ if echo "$orig" | grep '^vnc://' > /dev/null; then
direct_connect=1
elif echo "$orig" | grep '^vncs://' > /dev/null; then
orig=`echo "$orig" | sed -e 's,vncs://,,'`
elif echo "$orig" | grep '^vncssl://' > /dev/null; then
orig=`echo "$orig" | sed -e 's,vncssl://,,'`
elif echo "$orig" | grep '^vncssh://' > /dev/null; then
orig=`echo "$orig" | sed -e 's,vncssh://,,'`
use_ssh=1
fi
if [ "X$reverse" != "X" -a "X$direct_connect" = "X" ]; then
VNCVIEWER_LISTEN_LOCALHOST=1
export VNCVIEWER_LISTEN_LOCALHOST
fi
# play around with host:display port:
......@@ -264,6 +281,8 @@ if echo "$orig" | grep ':' > /dev/null; then
else
if [ "X$reverse" = "X" ]; then
orig="$orig:0"
elif [ "X$orig" = "X" ]; then
orig=":0"
fi
fi
......@@ -295,11 +314,32 @@ fi
date_sec=`date +%S`
if echo "$VNCVIEWERCMD" | grep '^sleep[ ][ ]*[0-9][0-9]*' > /dev/null; then
if [ "X$SS_VNCVIEWER_LISTEN_PORT" = "X" ]; then
p=`echo "$VNCVIEWERCMD" | awk '{print $3}'`
if [ "X$p" != "X" ]; then
SS_VNCVIEWER_LISTEN_PORT=$p
fi
fi
p2=`echo "$VNCVIEWERCMD" | awk '{print $2}'`
VNCVIEWERCMD="eval sleep $p2; echo Local "
elif echo "$VNCVIEWERCMD" | grep '^xmessage[ ][ ]*[0-9][0-9]*' > /dev/null; then
if [ "X$SS_VNCVIEWER_LISTEN_PORT" = "X" ]; then
p=`echo "$VNCVIEWERCMD" | awk '{print $2}'`
SS_VNCVIEWER_LISTEN_PORT=$p
fi
fi
findfree() {
try0=$1
try=$try0
use0=""
if [ "X$SS_VNCVIEWER_LISTEN_PORT" != "X" ]; then
echo "$SS_VNCVIEWER_LISTEN_PORT"
return
fi
while [ $try -lt 6000 ]
do
if [ "X$inuse" = "X" ]; then
......@@ -763,10 +803,10 @@ if [ "X$direct_connect" != "X" ]; then
echo ""
echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
echo ""
echo "$VNCVIEWERCMD" "$@" -listen $N
echo "$VNCVIEWERCMD" "$@" -listen $disp
trap "final" 0 2 15
echo ""
$VNCVIEWERCMD "$@" -listen $N
$VNCVIEWERCMD "$@" -listen $disp
fi
exit $?
fi
......
......@@ -3,7 +3,7 @@
exec wish "$0" "$@"
#
# Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com>
# Copyright (c) 2006-2007 by Karl J. Runge <runge@karlrunge.com>
#
# ssvnc.tcl: gui wrapper to the programs in this
# package. Also sets up service port forwarding.
......@@ -270,14 +270,30 @@ proc help {} {
4) Pressing the "Load" button or pressing Ctrl-L or Clicking the Right
mouse button on the main GUI will invoke the Load Profile dialog.
5) If you want to do a Direct VNC connection, with *NO* SSL or SSH
encryption, use the "vnc://" prefix, e.g. vnc://far-away.east:0
5) If you want to do a Direct VNC connection, WITH *NO* SSL OR SSH
ENCRYPTION, use the "vnc://" prefix, e.g. vnc://far-away.east:0
This also works for reverse connections (see below).
Sorry we do not make this easy to figure out how to do (e.g. a
button on the main panel), but the goal of SSVNC is secure
connections!
6) Reverse VNC connections are possible as well. Go to Options and
select "Reverse VNC connection". In the 'VNC Host:Display' entry
box put in the number (e.g. "0" or ":0") that corresponds to the
Listening display (0 -> port 5500). See the Options Help for more
info.
7) On Unix to have SSVNC act as a general STUNNEL redirector (i.e. no
VNC), put the the desired host:port in VNC Host:Display (use a
negative port value if it is to be less than 200), then go to
Options -> Advanced -> Change VNC Viewer. Change the "viewer"
command to be "xmessage OK" or "xmessage <port>" (or sleep) where
port is the desired local listening port. Then click Connect.
If you didn't set the local port look for it in the terminal output.
On Windows set it to "NOTEPAD" or similar; you can't control
the port though. It is usually 5930.
}
.h.f.t insert end $msg
......@@ -476,12 +492,14 @@ set msg {
over using a different port.
In reverse connections mode be careful to protect the listening
vncviewer from direct connections (neither SSL nor SSH)
VNC Viewer from direct connections (neither SSL nor SSH)
connecting directly to its listening port thereby bypassing
the tunnel. This can be done by a host-level firewall that only
lets in, say, port 5500. Or for SSH reverse connections allows
no 5500+n ports in. For SSH reverse connections the Unix viewers
supplied in the SSVNC package will only listen on localhost.
the tunnel. This can be done by a host-level firewall that
only lets in, say, port 5500 (the default one ":0" for stunnel
to listen on). Or for SSH reverse connections allow NO 5500+n
ports in. For reverse connections, the Unix enhanced tightvnc
viewers supplied in the SSVNC package will only listen on
localhost so these precautions are not needed.
Note that for SSL connections use of "Proxy/Gateway" does not
make sense: the remote side cannot initiate its reverse connection
......@@ -556,7 +574,7 @@ set msg {
proc help_fetch_cert {} {
toplev .fh
scroll_text_dismiss .fh.f 85 37
scroll_text_dismiss .fh.f 85 35
center_win .fh
wm resizable .fh 1 0
......@@ -849,6 +867,7 @@ proc set_defaults {} {
set vncauth_passwd ""
ssl_ssh_adjust ssl
listen_adjust
}
proc do_viewer_windows {n} {
......@@ -929,6 +948,11 @@ proc do_viewer_windows {n} {
incr did_listening_message
global listening_name
set ln $listening_name
if {$ln == ""} {
set ln "this-computer:$n"
}
set msg "
About to start the Listening VNC Viewer.
......@@ -938,13 +962,14 @@ proc do_viewer_windows {n} {
The VNC server should then Reverse connect to:
$listening_name
$ln
To stop the Viewer: right click on the VNC Icon in the taskbar
To stop the Viewer: right click on the VNC Icon in the tray
and select 'Close listening daemon' (or similar).
You will then return to this GUI.
Click OK now to start the Listening VNC Viewer.
"
global use_ssh use_sshssl
if {$use_ssh || $use_sshssl} {
......@@ -957,7 +982,7 @@ proc do_viewer_windows {n} {
set wll_done 0
eval text .wll.t -width 60 -height 18 $help_font
eval text .wll.t -width 60 -height 19 $help_font
button .wll.d -text "OK" -command {destroy .wll; set wll_done 1}
pack .wll.t .wll.d -side top -fill x
......@@ -973,7 +998,11 @@ proc do_viewer_windows {n} {
vwait wll_done
}
} else {
append cmd " localhost:$n"
if [regexp {^[0-9][0-9]*$} $n] {
append cmd " localhost:$n"
} else {
append cmd " $n"
}
}
mesg $cmd
......@@ -2178,6 +2207,10 @@ proc direct_connect_msg {} {
}
if {$msg != ""} {
set msg "Direct connect via vnc://hostname\nThe following options will be disabled:\n\n$msg"
global is_windows
if {0 && $is_windows} {
set msg "Direct connect mode: vnc://host:disp is not supported on Windows."
}
raise .
tk_messageBox -type ok -icon info -message $msg
}
......@@ -2297,6 +2330,9 @@ proc fetch_cert_unix {hp} {
}
proc fetch_cert_windows {hp} {
regsub {^vnc.*://} $hp "" hp
set hpnew [get_ssh_hp $hp]
set proxy [get_ssh_proxy $hp]
......@@ -3048,6 +3084,22 @@ proc launch {{hp ""}} {
}
##############################################################
if [regexp {vnc://} $hp] {
direct_connect_msg
regsub {vnc://} $hp "" hp
direct_connect_windows $hp
return
} elseif [regexp {vncs://} $hp] {
set use_ssl 1
regsub {vncs://} $hp "" hp
} elseif [regexp {vncssl://} $hp] {
set use_ssl 1
regsub {vncssl://} $hp "" hp
} elseif [regexp {vncssh://} $hp] {
set use_ssh 1
regsub {vncssh://} $hp "" hp
}
check_ssh_needed
if {! $use_ssh} {
......@@ -3366,6 +3418,120 @@ proc launch {{hp ""}} {
}
}
proc direct_connect_windows {{hp ""}} {
global tcl_platform is_windows
global env use_listen
set proxy [get_ssh_proxy $hp]
set did_port_knock 0
global listening_name
set listening_name ""
set list [split $hp ":"]
set host [lindex $list 0]
if {$host == ""} {
set host "localhost"
}
if [regexp {^.*@} $host match] {
catch {raise .; update}
mesg "Trimming \"$match\" from hostname"
after 1000
regsub {^.*@} $host "" host
}
set disp [lindex $list 1]
set disp [string trim $disp]
regsub { .*$} $disp "" disp
if {[regexp {^-[0-9][0-9]*$} $disp]} {
;
} elseif {$disp == "" || ! [regexp {^[0-9][0-9]*$} $disp]} {
set disp 0
}
if {$disp < 0} {
set port [expr "- $disp"]
} elseif {$disp < 200} {
if {$use_listen} {
set port [expr "$disp + 5500"]
} else {
set port [expr "$disp + 5900"]
}
} else {
set port $disp
}
if {$proxy != ""} {
if [regexp {@} $proxy] {
bell
catch {raise .; update}
mesg "WARNING: SSL proxy contains \"@\" sign"
after 2000
}
set n2 45
set env(SSVNC_PROXY) $proxy
set env(SSVNC_LISTEN) [expr "$n2 + 5900"]
set env(SSVNC_DEST) "$host:$port"
set port [expr $n2 + 5900]
set host "localhost"
}
set fail 0
if {! $did_port_knock} {
if {! [do_port_knock $host start]} {
set fail 1
}
set did_port_knock 1
}
if {$fail} {
return
}
set proxy_pid ""
if {$proxy != ""} {
mesg "Starting TCP helper on port $port ..."
after 600
set proxy_pid [exec "connect_br.exe" &]
unset -nocomplain env(SSVNC_PROXY)
unset -nocomplain env(SSVNC_LISTEN)
unset -nocomplain env(SSVNC_DEST)
}
catch {destroy .o}
catch {destroy .oa}
wm withdraw .
if {$use_listen} {
set n $port
if {$n >= 5500} {
set n [expr $n - 5500]
}
do_viewer_windows "$n"
} else {
if {$port >= 5900} {
set port [expr $port - 5900]
}
do_viewer_windows "$host:$port"
}
wm deiconify .
mesg "Disconnected from $hp."
global port_knocking_list
if [regexp {FINISH} $port_knocking_list] {
do_port_knock $host finish
}
mesg "Disconnected from $hp."
}
proc get_idir_certs {str} {
global is_windows env
set idir ""
......@@ -4599,7 +4765,7 @@ proc load_include {include dir} {
}
}
proc load_profile {{parent "."}} {
proc load_profile {{parent "."} {infile ""}} {
global profdone
global vncdisplay
......@@ -4607,8 +4773,12 @@ proc load_profile {{parent "."}} {
set dir [get_profiles_dir]
set file [tk_getOpenFile -parent $parent -defaultextension ".vnc" \
-initialdir $dir -title "Load VNC Profile"]
if {$infile != ""} {
set file $infile
} else {
set file [tk_getOpenFile -parent $parent -defaultextension \
".vnc" -initialdir $dir -title "Load VNC Profile"]
}
if {$file == ""} {
set profdone 1
return
......@@ -6637,7 +6807,7 @@ proc change_vncviewer_dialog {} {
wm title .chviewer "Change VNC Viewer"
global help_font
eval text .chviewer.t -width 90 -height 24 $help_font
eval text .chviewer.t -width 90 -height 29 $help_font
apply_bg .chviewer.t
set msg {
......@@ -6662,6 +6832,12 @@ proc change_vncviewer_dialog {} {
Since the command line options differ between them greatly, if you know it
is of the RealVNC 4.x flavor, indicate on the check box. Otherwise we guess.
To have SSVNC act as a general STUNNEL redirector (no VNC) set the viewer to
be "xmessage OK" or "xmessage <port>" or "sleep n" or "sleep n <port>" (or
"NOTEPAD" on Windows). The default listen port is 5930. The destination is
set in "VNC Host:Display" (for a remote port less then 200 use the negative
of the port value).
}
.chviewer.t insert end $msg
......@@ -7625,8 +7801,9 @@ proc set_options {} {
incr i
checkbutton .o.b$i -anchor w -variable use_listen -text \
"Reverse VNC Connection (-listen)" -command {listen_adjust}
"Reverse VNC Connection (-listen)" -command {listen_adjust; if {$vncdisplay == ""} {set vncdisplay ":0"}}
#if {$is_windows} {.o.b$i configure -state disabled}
if {$darwin_cotvnc} {.o.b$i configure -state disabled}
incr i
checkbutton .o.b$i -anchor w -variable use_viewonly -text \
......@@ -7868,6 +8045,7 @@ label .f2.l -width $wl -anchor w -text "Proxy/Gateway:" -relief ridge
entry .f2.e -width $we -textvariable vncproxy
pack .f2.l -side left
pack .f2.e -side left -expand 1 -fill x
bind .f2.e <Return> launch
frame .f3
label .f3.l -width $wl -anchor w -text "Remote SSH Command:" -relief ridge
......@@ -7876,6 +8054,7 @@ pack .f3.l -side left
pack .f3.e -side left -expand 1 -fill x
.f3.l configure -state disabled
.f3.e configure -state disabled
bind .f3.e <Return> launch
set remote_ssh_cmd_list {.f3.e .f3.l}
......@@ -7941,3 +8120,31 @@ bind .l <ButtonPress> {set button_gui_top 1}
bind .f0.l <ButtonPress> {set button_gui_top 1}
update
if {$argc > 0} {
set item [lindex $argv 0]
if {$item != ""} {
if [file exists $item] {
load_profile . $item
} else {
set ok 0
set dir [get_profiles_dir]
set try "$dir/$item"
foreach try [list $dir/$item $dir/$item.vnc] {
if [file exists $try] {
load_profile . $try
set ok 1
break;
}
}
if {! $ok && [regexp {:} $item]} {
global vncdisplay
set vncdisplay $item
update
after 750
launch
}
}
}
}
......@@ -6,6 +6,9 @@
# to manually start up stunnel using it.
# (e.g. /path/to/stunnel stunnel-server.conf)
#
# NOTE: You MUST specify a cert = PEM file line for server mode.
# SSVNC or x11vnc can be used to create one if you like.
#
# This is just an example and is not used by the tools in this package.
# It is here in case you wanted to see how to add SSL support to any
# VNC server you have.
......@@ -18,7 +21,8 @@ RNDoverwrite = yes
# CApath = /path/to/.../crt-dir
# CAfile = /path/to/.../foo.crt
# verify = 2
# My server cert could go here:
#
# The server cert goes here (**IT MUST BE SPECIFIED IN SERVER MODE**):
# cert = /path/to/.../my.pem
#
[vnc]
......
#!/bin/sh
rm -rf ./src/tmp/* || exit 1
vers=1.0.14
vers=1.0.15
cd .. || exit 1
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment