/* -- help.c -- */
#include "x11vnc.h"
#include "xdamage.h"
#include "cursor.h"
/*
* text printed out under -help option
*/
void print_help(int mode);
void xopen_display_fail_message(char *disp);
void nopassword_warning_msg(int gotloc);
void print_help(int mode) {
#if !SKIP_HELP
char help[] =
"\n"
"x11vnc: allow VNC connections to real X11 displays. %s\n"
"\n"
"(type \"x11vnc -opts\" to just list the options.)\n"
"\n"
"Typical usage is:\n"
"\n"
" Run this command in a shell on the remote machine \"far-host\"\n"
" with X session you wish to view:\n"
"\n"
" x11vnc -display :0\n"
"\n"
" Then run this in another window on the machine you are sitting at:\n"
"\n"
" vncviewer far-host:0\n"
"\n"
"Once x11vnc establishes connections with the X11 server and starts listening\n"
"as a VNC server it will print out a string: PORT=XXXX where XXXX is typically\n"
"5900 (the default VNC server port). One would next run something like\n"
"this on the local machine: \"vncviewer hostname:N\" where \"hostname\" is\n"
"the name of the machine running x11vnc and N is XXXX - 5900, i.e. usually\n"
"\"vncviewer hostname:0\".\n"
"\n"
"By default x11vnc will not allow the screen to be shared and it will exit\n"
"as soon as the client disconnects. See -shared and -forever below to override\n"
"these protections. See the FAQ for details how to tunnel the VNC connection\n"
"through an encrypted channel such as ssh(1). In brief:\n"
"\n"
" ssh -L 5900:localhost:5900 far-host 'x11vnc -localhost -display :0'\n"
"\n"
" vncviewer -encodings 'copyrect tight zrle hextile' localhost:0\n"
"\n"
"Also, use of a VNC password (-rfbauth or -passwdfile) is strongly recommend.\n"
"\n"
"For additional info see: http://www.karlrunge.com/x11vnc/\n"
" and http://www.karlrunge.com/x11vnc/#faq\n"
"\n"
"\n"
"Rudimentary config file support: if the file $HOME/.x11vncrc exists then each\n"
"line in it is treated as a single command line option. Disable with -norc.\n"
"For each option name, the leading character \"-\" is not required. E.g. a\n"
"line that is either \"forever\" or \"-forever\" may be used and are equivalent.\n"
"Likewise \"wait 100\" or \"-wait 100\" are acceptable and equivalent lines.\n"
"The \"#\" character comments out to the end of the line in the usual way\n"
"(backslash it for a literal). Leading and trailing whitespace is trimmed off.\n"
"Lines may be continued with a \"\\\" as the last character of a line (it\n"
"becomes a space character).\n"
"\n"
"Options:\n"
"\n"
"-display disp X11 server display to connect to, usually :0. The X\n"
" server process must be running on same machine and\n"
" support MIT-SHM. Equivalent to setting the DISPLAY\n"
" environment variable to \"disp\".\n"
"-auth file Set the X authority file to be \"file\", equivalent to\n"
" setting the XAUTHORITY environment variable to \"file\"\n"
" before startup. Same as -xauth file. See Xsecurity(7),\n"
" xauth(1) man pages for more info.\n"
"\n"
"-id windowid Show the window corresponding to \"windowid\" not\n"
" the entire display. New windows like popup menus,\n"
" transient toplevels, etc, may not be seen or may be\n"
" clipped. Disabling SaveUnders or BackingStore in the\n"
" X server may help show them. x11vnc may crash if the\n"
" window is initially partially obscured, changes size,\n"
" is iconified, etc. Some steps are taken to avoid this\n"
" and the -xrandr mechanism is used to track resizes. Use\n"
" xwininfo(1) to get the window id, or use \"-id pick\"\n"
" to have x11vnc run xwininfo(1) for you and extract\n"
" the id. The -id option is useful for exporting very\n"
" simple applications (e.g. the current view on a webcam).\n"
"-sid windowid As -id, but instead of using the window directly it\n"
" shifts a root view to it: this shows SaveUnders menus,\n"
" etc, although they will be clipped if they extend beyond\n"
" the window.\n"
"-clip WxH+X+Y Only show the sub-region of the full display that\n"
" corresponds to the rectangle with size WxH and offset\n"
" +X+Y. The VNC display has size WxH (i.e. smaller than\n"
" the full display). This also works for -id/-sid mode\n"
" where the offset is relative to the upper left corner\n"
" of the selected window.\n"
"\n"
"-flashcmap In 8bpp indexed color, let the installed colormap flash\n"
" as the pointer moves from window to window (slow).\n"
" Also try the -8to24 option to avoid flash altogether.\n"
"-shiftcmap n Rare problem, but some 8bpp displays use less than 256\n"
" colorcells (e.g. 16-color grayscale, perhaps the other\n"
" bits are used for double buffering) *and* also need to\n"
" shift the pixels values away from 0, .., ncells. \"n\"\n"
" indicates the shift to be applied to the pixel values.\n"
" To see the pixel values set DEBUG_CMAP=1 to print out\n"
" a colormap histogram. Example: -shiftcmap 240\n"
"-notruecolor For 8bpp displays, force indexed color (i.e. a colormap)\n"
" even if it looks like 8bpp TrueColor (rare problem).\n"
"-visual n Experimental option: probably does not do what you\n"
" think. It simply *forces* the visual used for the\n"
" framebuffer; this may be a bad thing... (e.g. messes\n"
" up colors or cause a crash). It is useful for testing\n"
" and for some workarounds. n may be a decimal number,\n"
" or 0x hex. Run xdpyinfo(1) for the values. One may\n"
" also use \"TrueColor\", etc. see <X11/X.h> for a list.\n"
" If the string ends in \":m\" then for better or for\n"
" worse the visual depth is forced to be m.\n"
"\n"
"-overlay Handle multiple depth visuals on one screen, e.g. 8+24\n"
" and 24+8 overlay visuals (the 32 bits per pixel are\n"
" packed with 8 for PseudoColor and 24 for TrueColor).\n"
"\n"
" Currently -overlay only works on Solaris via\n"
" XReadScreen(3X11) and IRIX using XReadDisplay(3).\n"
" On Solaris there is a problem with image \"bleeding\"\n"
" around transient popup menus (but not for the menu\n"
" itself): a workaround is to disable SaveUnders\n"
" by passing the \"-su\" argument to Xsun (in\n"
" /etc/dt/config/Xservers).\n"
"\n"
" Use -overlay as a workaround for situations like these:\n"
" Some legacy applications require the default visual to\n"
" be 8bpp (8+24), or they will use 8bpp PseudoColor even\n"
" when the default visual is depth 24 TrueColor (24+8).\n"
" In these cases colors in some windows will be incorrect\n"
" in x11vnc unless -overlay is used. Another use of\n"
" -overlay is to enable showing the exact mouse cursor\n"
" shape (details below).\n"
"\n"
" Under -overlay, performance will be somewhat slower\n"
" due to the extra image transformations required.\n"
" For optimal performance do not use -overlay, but rather\n"
" configure the X server so that the default visual is\n"
" depth 24 TrueColor and try to have all apps use that\n"
" visual (e.g. some apps have -use24 or -visual options).\n"
"-overlay_nocursor Sets -overlay, but does not try to draw the exact mouse\n"
" cursor shape using the overlay mechanism.\n"
"\n"
"-8to24 [opts] Try this option if -overlay is not supported on your\n"
" OS, and you have a legacy 8bpp app that you want to\n"
" view on a multi-depth display with default depth 24\n"
" (and is 32 bpp) OR have a default depth 8 display with\n"
" depth 24 overlay windows for some apps. This option\n"
" may not work on all X servers and hardware (tested\n"
" on XFree86/Xorg mga driver and Xsun). The \"opts\"\n"
" string is not required and is described below.\n"
"\n"
" This mode enables a hack where x11vnc monitors windows\n"
" within 3 levels from the root window. If it finds\n"
" any that are 8bpp it extracts the indexed color\n"
" pixel values using XGetImage() and then applies a\n"
" transformation using the colormap(s) to create TrueColor\n"
" RGB values that it in turn inserts into bits 1-24 of\n"
" the framebuffer. This creates a depth 24 \"view\"\n"
" of the display that is then exported via VNC.\n"
"\n"
" Conversely, for default depth 8 displays, the depth\n"
" 24 regions are read by XGetImage() and everything is\n"
" transformed and inserted into a depth 24 TrueColor\n"
" framebuffer.\n"
"\n"
" Note that even if there are *no* depth 24 visuals or\n"
" windows (i.e. pure 8bpp), this mode is potentially\n"
" an improvement over -flashcmap because it avoids the\n"
" flashing and shows each window in the correct color.\n"
"\n"
" This method appear to work, but may still have bugs\n"
" and it does hog resources. If there are multiple 8bpp\n"
" windows using different colormaps, one may have to\n"
" iconify all but one for the colors to be correct.\n"
"\n"
" There may be painting errors for clipping and switching\n"
" between windows of depths 8 and 24. Heuristics are\n"
" applied to try to minimize the painting errors. One can\n"
" also press 3 Alt_L's in a row to refresh the screen\n"
" if the error does not repair itself. Also the option\n"
" -fixscreen 8=3.0 or -fixscreen V=3.0 may be used to\n"
" periodically refresh the screen at the cost of bandwidth\n"
" (every 3 sec for this example).\n"
"\n"
" The [opts] string can contain the following settings.\n"
" Multiple settings are separated by commas.\n"
"\n"
" For for some X servers with default depth 24 a\n"
" speedup may be achieved via the option \"nogetimage\".\n"
" This enables a scheme were XGetImage() is not used\n"
" to retrieve the 8bpp data. Instead, it assumes that\n"
" the 8bpp data is in bits 25-32 of the 32bit X pixels.\n"
" There is no reason the X server should put the data\n"
" there for our poll requests, but some do and so the\n"
" extra steps to retrieve it can be skipped. Tested with\n"
" mga driver with XFree86/Xorg. For the default depth\n"
" 8 case this option is ignored.\n"
"\n"
" To adjust how often XGetImage() is used to poll the\n"
" non-default visual regions for changes, use the option\n"
" \"poll=t\" where \"t\" is a floating point time.\n"
" (default: %.2f)\n"
"\n"
" Setting the option \"level2\" will limit the search\n"
" for non-default visual windows to two levels from the\n"
" root window. Do this on slow machines where you know\n"
" the window manager only imposes one extra window between\n"
" the app window and the root window.\n"
"\n"
" Also for very slow machines use \"cachewin=t\"\n"
" where t is a floating point amount of time to cache\n"
" XGetWindowAttributes results. E.g. cachewin=5.0.\n"
" This may lead to the windows being unnoticed for this\n"
" amount of time when deiconifying, painting errors, etc.\n"
"\n"
" While testing on a very old SS20 these options gave\n"
" tolerable response: -8to24 poll=0.2,cachewin=5.0. For\n"
" this machine -overlay is supported and gives better\n"
" response.\n"
"\n"
" Debugging for this mode can be enabled by setting \n"
" \"dbg=1\", \"dbg=2\", or \"dbg=3\".\n"
"\n"
"-scale fraction Scale the framebuffer by factor \"fraction\". Values\n"
" less than 1 shrink the fb, larger ones expand it. Note:\n"
" image may not be sharp and response may be slower.\n"
" If \"fraction\" contains a decimal point \".\" it\n"
" is taken as a floating point number, alternatively\n"
" the notation \"m/n\" may be used to denote fractions\n"
" exactly, e.g. -scale 2/3\n"
"\n"
" Scaling Options: can be added after \"fraction\" via\n"
" \":\", to supply multiple \":\" options use commas.\n"
" If you just want a quick, rough scaling without\n"
" blending, append \":nb\" to \"fraction\" (e.g. -scale\n"
" 1/3:nb). No blending is the default for 8bpp indexed\n"
" color, to force blending for this case use \":fb\".\n"
"\n"
" To disable -scrollcopyrect and -wirecopyrect under\n"
" -scale use \":nocr\". If you need to to enable them use\n"
" \":cr\" or specify them explicitly on the command line.\n"
" If a slow link is detected, \":nocr\" may be applied\n"
" automatically. Default: %s\n"
"\n"
" More esoteric options: for compatibility with vncviewers\n"
" the scaled width is adjusted to be a multiple of 4:\n"
" to disable this use \":n4\". \":in\" use interpolation\n"
" scheme even when shrinking, \":pad\" pad scaled width\n"
" and height to be multiples of scaling denominator\n"
" (e.g. 3 for 2/3).\n"
"\n"
"-scale_cursor frac By default if -scale is supplied the cursor shape is\n"
" scaled by the same factor. Depending on your usage,\n"
" you may want to scale the cursor independently of the\n"
" screen or not at all. If you specify -scale_cursor\n"
" the cursor will be scaled by that factor. When using\n"
" -scale mode to keep the cursor at its \"natural\" size\n"
" use \"-scale_cursor 1\". Most of the \":\" scaling\n"
" options apply here as well.\n"
"\n"
"-viewonly All VNC clients can only watch (default %s).\n"
"-shared VNC display is shared, i.e. more than one viewer can\n"
" connect at the same time (default %s).\n"
"-once Exit after the first successfully connected viewer\n"
" disconnects, opposite of -forever. This is the Default.\n"
"-forever Keep listening for more connections rather than exiting\n"
" as soon as the first client(s) disconnect. Same as -many\n"
"-loop Create an outer loop restarting the x11vnc process\n"
" whenever it terminates. -bg and -inetd are ignored in\n"
" this mode. Useful for continuing even if the X server\n"
" terminates and restarts (you will need permission to\n"
" reconnect of course). Use, e.g., -loop100 to sleep\n"
" 100 millisecs between restarts, etc. Default is 2000ms\n"
" (i.e. 2 secs) Use, e.g. -loop300,5 to sleep 300 ms\n"
" and only loop 5 times.\n"
"-timeout n Exit unless a client connects within the first n seconds\n"
" after startup.\n"
"-inetd Launched by inetd(1): stdio instead of listening socket.\n"
" Note: if you are not redirecting stderr to a log file\n"
" (via shell 2> or -o option) you MUST also specify the -q\n"
" option, otherwise the stderr goes to the viewer which\n"
" will cause it to abort. Specifying both -inetd and -q\n"
" and no -o will automatically close the stderr.\n"
"-nofilexfer Disable the TightVNC file transfer extension. (same as\n"
" -disablefiletransfer). Note that when the -viewonly\n"
" option is supplied all file transfers are disabled.\n"
" Also clients that log in viewonly cannot transfer files.\n"
" However, if the remote control mechanism is used to\n"
" change the global or per-client viewonly state the\n"
" filetransfer permissions will NOT change.\n"
"-http Instead of using -httpdir (see below) to specify\n"
" where the Java vncviewer applet is, have x11vnc try\n"
" to *guess* where the directory is by looking relative\n"
" to the program location and in standard locations\n"
" (/usr/local/share/x11vnc/classes, etc).\n"
"-connect string For use with \"vncviewer -listen\" reverse connections.\n"
" If \"string\" has the form \"host\" or \"host:port\"\n"
" the connection is made once at startup. Use commas\n"
" for a list of host's and host:port's.\n"
"\n"
" Note that unlike most vnc servers, x11vnc will require a\n"
" password for reverse as well as for forward connections.\n"
" (provided password auth has been enabled, -rfbauth, etc)\n"
" If you do not want to require a password for reverse\n"
" connections set X11VNC_REVERSE_CONNECTION_NO_AUTH=1 in\n"
" your environment before starting x11vnc.\n"
"\n"
" If \"string\" contains \"/\" it is instead interpreted\n"
" as a file to periodically check for new hosts.\n"
" The first line is read and then the file is truncated.\n"
" Be careful for this usage mode if x11vnc is running as\n"
" root (e.g. via gdm(1), etc).\n"
"\n"
"-vncconnect Monitor the VNC_CONNECT X property set by the standard\n"
"-novncconnect VNC program vncconnect(1). When the property is\n"
" set to \"host\" or \"host:port\" establish a reverse\n"
" connection. Using xprop(1) instead of vncconnect may\n"
" work (see the FAQ). The -remote control mechanism uses\n"
" X11VNC_REMOTE channel, and this option disables/enables\n"
" it as well. Default: %s\n"
"\n"
"-allow host1[,host2..] Only allow client connections from hosts matching\n"
" the comma separated list of hostnames or IP addresses.\n"
" Can also be a numerical IP prefix, e.g. \"192.168.100.\"\n"
" to match a simple subnet, for more control build\n"
" libvncserver with libwrap support (See the FAQ). If the\n"
" list contains a \"/\" it instead is a interpreted as a\n"
" file containing addresses or prefixes that is re-read\n"
" each time a new client connects. Lines can be commented\n"
" out with the \"#\" character in the usual way.\n"
"-localhost Same as \"-allow 127.0.0.1\".\n"
"\n"
" Note: if you want to restrict which network interface\n"
" x11vnc listens on, see the -listen option below.\n"
" E.g. \"-listen localhost\" or \"-listen 192.168.3.21\".\n"
" As a special case, the option \"-localhost\" implies\n"
" \"-listen localhost\".\n"
"\n"
" For non-localhost -listen usage, if you use the remote\n"
" control mechanism (-R) to change the -listen interface\n"
" you may need to manually adjust the -allow list (and\n"
" vice versa) to avoid situations where no connections\n"
" (or too many) are allowed.\n"
"\n"
"-nolookup Do not use gethostbyname() or gethostbyaddr() to look up\n"
" host names or IP numbers. Use this if name resolution\n"
" is incorrectly set up and leads to long pauses as name\n"
" lookups time out, etc.\n"
"\n"
"-input string Fine tuning of allowed user input. If \"string\" does\n"
" not contain a comma \",\" the tuning applies only to\n"
" normal clients. Otherwise the part before \",\" is for\n"
" normal clients and the part after for view-only clients.\n"
" \"K\" is for Keystroke input, \"M\" for Mouse-motion\n"
" input, \"B\" for Button-click input, and \"C\" is for\n"
" Clipboard input. Their presence in the string enables\n"
" that type of input. E.g. \"-input M\" means normal\n"
" users can only move the mouse and \"-input KMBC,M\"\n"
" lets normal users do anything and enables view-only\n"
" users to move the mouse. This option is ignored when\n"
" a global -viewonly is in effect (all input is discarded\n"
" in that case).\n"
"\n"
"-viewpasswd string Supply a 2nd password for view-only logins. The -passwd\n"
" (full-access) password must also be supplied.\n"
"\n"
"-passwdfile filename Specify the libvncserver password via the first line\n"
" of the file \"filename\" (instead of via -passwd on\n"
" the command line where others might see it via ps(1)).\n"
" See below for how to supply multiple passwords.\n"
"\n"
" If the filename is prefixed with \"rm:\" it will be\n"
" removed after being read. Perhaps this is useful in\n"
" limiting the readability of the file. In general,\n"
" the password file should not be readable by untrusted\n"
" users (BTW: neither should the VNC -rfbauth file:\n"
" it is NOT encrypted).\n"
"\n"
" If the filename is prefixed with \"read:\" it will\n"
" periodically be checked for changes and reread.\n"
"\n"
" Note that only the first 8 characters of a password\n"
" are used.\n"
"\n"
" If multiple non-blank lines exist in the file they are\n"
" all taken as valid passwords. Blank lines are ignored.\n"
" Password lines may be \"commented out\" (ignored) if\n"
" they begin with the charactor \"#\" or the line contains\n"
" the string \"__SKIP__\". Lines may be annotated by use\n"
" of the \"__COMM__\" string: from it to the end of the\n"
" line is ignored. An empty password may be specified\n"
" via the \"__EMPTY__\" string on a line by itself (note\n"
" your viewer might not accept empty passwords).\n"
"\n"
" If the string \"__BEGIN_VIEWONLY__\" appears on a\n"
" line by itself, the remaining passwords are used for\n"
" viewonly access. For compatibility, as a special case\n"
" if the file contains only two password lines the 2nd\n"
" one is automatically taken as the viewonly password.\n"
" Otherwise the \"__BEGIN_VIEWONLY__\" token must be\n"
" used to have viewonly passwords. (tip: make the 3rd\n"
" and last line be \"__BEGIN_VIEWONLY__\" to have 2\n"
" full-access passwords)\n"
"\n"
"-unixpw [list] Use Unix username and password authentication. x11vnc\n"
" uses the su(1) program to verify the user's password.\n"
" [list] is an optional comma separated list of allowed\n"
" Unix usernames. See below for per-user options that\n"
" can be applied.\n"
"\n"
" A familiar \"login:\" and \"Password:\" dialog is\n"
" presented to the user on a black screen inside the\n"
" vncviewer. The connection is dropped if the user fails\n"
" to supply the correct password in 3 tries or does not\n"
" send one before a 25 second timeout. Existing clients\n"
" are view-only during this period.\n"
"\n"
" Since the detailed behavior of su(1) can vary from\n"
" OS to OS and for local configurations, test the mode\n"
" carefully on your systems before using it in production.\n"
" Test different combinations of valid/invalid usernames\n"
" and valid/invalid passwords to see if it behaves as\n"
" expected. x11vnc will attempt to be conservative and\n"
" reject a login if anything abnormal occurs.\n"
"\n"
" On FreeBSD and the other BSD's by default it is\n"
" impossible for the user running x11vnc to validate\n"
" his *own* password via su(1) (evidently commenting out\n"
" the pam_self.so entry in /etc/pam.d/su eliminates this\n"
" problem). So the x11vnc login will always *fail* for\n"
" this case (even when the correct password is supplied).\n"
"\n"
" A possible workaround for this would be to start\n"
" x11vnc as root with the \"-users +nobody\" option to\n"
" immediately switch to user nobody. Another source of\n"
" problems are PAM modules that prompt for extra info,\n"
" e.g. password aging modules. These logins will fail\n"
" as well even when the correct password is supplied.\n"
"\n"
" **IMPORTANT**: to prevent the Unix password being sent\n"
" in *clear text* over the network, one of two schemes\n"
" will be enforced: 1) the -ssl builtin SSL mode, or 2)\n"
" require both -localhost and -stunnel be enabled.\n"
"\n"
" Method 1) ensures the traffic is encrypted between\n"
" viewer and server. A PEM file will be required, see the\n"
" discussion under -ssl below (under some circumstances\n"
" a temporary one can be automatically generated).\n"
"\n"
" Method 2) requires the viewer connection to appear\n"
" to come from the same machine x11vnc is running on\n"
" (e.g. from a ssh -L port redirection). And that the\n"
" -stunnel SSL mode be used for encryption over the\n"
" network.(see the description of -stunnel below).\n"
"\n"
" Note: as a convenience, if you ssh(1) in and start\n"
" x11vnc it will check if the environment variable\n"
" SSH_CONNECTION is set and appears reasonable. If it\n"
" does, then the -ssl or -stunnel requirement will be\n"
" dropped since it is assumed you are using ssh for the\n"
" encrypted tunnelling. -localhost is still enforced.\n"
" Use -ssl or -stunnel to force SSL usage even if\n"
" SSH_CONNECTION is set.\n"
"\n"
" To override the above restrictions you can set\n"
" environment variables before starting x11vnc:\n"
"\n"
" Set UNIXPW_DISABLE_SSL=1 to disable requiring either\n"
" -ssl or -stunnel. Evidently you will be using a\n"
" different method to encrypt the data between the\n"
" vncviewer and x11vnc: perhaps ssh(1) or an IPSEC VPN.\n"
"\n"
" Note that use of -localhost with ssh(1) is roughly\n"
" the same as requiring a Unix user login (since a Unix\n"
" password or the user's public key authentication is\n"
" used by sshd on the machine where x11vnc runs and only\n"
" local connections from that machine are accepted)\n"
"\n"
" Set UNIXPW_DISABLE_LOCALHOST=1 to disable the -localhost\n"
" requirement in Method 2). One should never do this\n"
" (i.e. allow the Unix passwords to be sniffed on the\n"
" network).\n"
"\n"
" Regarding reverse connections (e.g. -R connect:host\n"
" and -connect host), when the -localhost constraint is\n"
" in effect then reverse connections can only be used\n"
" to connect to the same machine x11vnc is running on\n"
" (default port 5500). Please use a ssh or stunnel port\n"
" redirection to the viewer machine to tunnel the reverse\n"
" connection over an encrypted channel. Note that in -ssl\n"
" mode reverse connection are disabled (see below).\n"
"\n"
" In -inetd mode the Method 1) will be enforced (not\n"
" Method 2). With -ssl in effect reverse connections\n"
" are disabled. If you override this via env. var, be\n"
" sure to also use encryption from the viewer to inetd.\n"
" Tip: you can also have your own stunnel spawn x11vnc\n"
" in -inetd mode (thereby bypassing inetd). See the FAQ\n"
" for details.\n"
"\n"
" The user names in the comma separated [list] can have\n"
" per-user options after a \":\", e.g. \"fred:opts\"\n"
" where \"opts\" is a \"+\" separated list of\n"
" \"viewonly\", \"fullaccess\", \"input=XXXX\", or\n"
" \"deny\", e.g. \"karl,fred:viewonly,boss:input=M\".\n"
" For \"input=\" it is the K,M,B,C described under -input.\n"
"\n"
" If a user in the list is \"*\" that means those\n"
" options apply to all users. It also means all users\n"
" are allowed to log in after supplying a valid password.\n"
" Use \"deny\" to explicitly deny some users if you use\n"
" \"*\" to set a global option.\n"
"\n"
" There are also some utilities for testing password\n"
" if [list] starts with the \"%\" character. See the\n"
" quick_pw() function in the source for details.\n"
"\n"
"-unixpw_nis [list] As -unixpw above, however do not use su(1) but rather\n"
" use the traditional getpwnam(3) + crypt(3) method to\n"
" verify passwords instead. This requires that the\n"
" encrypted passwords be readable. Passwords stored\n"
" in /etc/shadow will be inaccessible unless x11vnc\n"
" is run as root.\n"
"\n"
" This is called \"NIS\" mode simply because in most\n"
" NIS setups the user encrypted passwords are accessible\n"
" (e.g. \"ypcat passwd\"). NIS is not required for this\n"
" mode to work (only that getpwnam(3) return the encrypted\n"
" password is required), but it is unlikely it will work\n"
" for any other modern environment. All of the -unixpw\n"
" options and contraints apply.\n"
"\n"
"-ssl [pem] Use the openssl library (www.openssl.org) to provide a\n"
" built-in encrypted SSL tunnel between VNC viewers and\n"
" x11vnc. This requires libssl support to be compiled\n"
" into x11vnc at build time. If x11vnc is not built\n"
" with libssl support it will exit immediately when -ssl\n"
" is prescribed.\n"
"\n"
" [pem] is optional, use \"-ssl /path/to/mycert.pem\"\n"
" to specify a PEM certificate file to use to identify\n"
" and provide a key for this server. See openssl(1) for\n"
" more info about PEMs and the -sslGenCert option below.\n"
"\n"
" The connecting VNC viewer SSL tunnel can optionally\n"
" authenticate this server if they have the public\n"
" key part of the certificate (or a common certificate\n"
" authority, CA, is a more sophisicated way to verify\n"
" this server's cert, see -sslGenCA below). This is\n"
" used to prevent man-in-the-middle attacks. Otherwise,\n"
" if the VNC viewer accepts this server's key without\n"
" verification, at least the traffic is protected\n"
" from passive sniffing on the network (but NOT from\n"
" man-in-the-middle attacks).\n"
"\n"
" If [pem] is not supplied and the openssl(1) utility\n"
" command exists in PATH, then a temporary, self-signed\n"
" certificate will be generated for this session (this\n"
" may take 5-30 seconds on slow machines). If openssl(1)\n"
" cannot be used to generate a temporary certificate\n"
" x11vnc exits immediately.\n"
"\n"
" If successful in using openssl(1) to generate a\n"
" temporary certificate, the public part of it will be\n"
" displayed to stderr (e.g. one could copy it to the\n"
" client-side to provide authentication of the server to\n"
" VNC viewers.) See following paragraphs for how to save\n"
" keys to reuse when x11vnc is restarted.\n"
"\n"
" Set the env. var. X11VNC_SHOW_TMP_PEM=1 to have x11vnc\n"
" print out the entire certificate, including the PRIVATE\n"
" KEY part, to stderr. One could reuse this cert if saved\n"
" in a [pem] file. Similarly, set X11VNC_KEEP_TMP_PEM=1\n"
" to not delete the temporary PEM file: the file name\n"
" will be printed to stderr (so one could move it to\n"
" a safe place for reuse). You will be prompted for a\n"
" passphrase for the private key.\n"
"\n"
" If [pem] is \"SAVE\" then the certificate will be saved\n"
" to the file ~/.vnc/certs/server.pem, or if that file\n"
" exists it will be used directly. Similarly, if [pem]\n"
" is \"SAVE_PROMPT\" the server.pem certificate will be\n"
" made based on your answers to its prompts for info such\n"
" as OrganizationalName, CommonName, etc.\n"
"\n"
" Use \"SAVE-<string>\" and \"SAVE_PROMPT-<string>\"\n"
" to refer to the file ~/.vnc/certs/server-<string>.pem\n"
" instead. E.g. \"SAVE-charlie\" will store to the file\n"
" ~/.vnc/certs/server-charlie.pem\n"
"\n"
" See -ssldir below to use a directory besides the\n"
" default ~/.vnc/certs\n"
"\n"
" Example: x11vnc -ssl SAVE -display :0 ...\n"
"\n"
" Reverse connections are disabled in -ssl mode because\n"
" there is no way to ensure that data channel will\n"
" be encrypted. Set X11VNC_SSL_ALLOW_REVERSE=1 to\n"
" override this.\n"
"\n"
" Your VNC viewer will also need to be able to connect\n"
" via SSL. See the discussion below under -stunnel and\n"
" the FAQ (ssl_vncviewer script) for how this might be\n"
" achieved. E.g. on Unix it is easy to write a shell\n"
" script that starts up stunnel and then vncviewer.\n"
" Also in the x11vnc source a SSL enabled Java VNC Viewer\n"
" applet is provided in the classes/ssl directory.\n"
"\n"
"-ssldir [dir] Use [dir] as an alternate ssl certificate and key\n"
" management toplevel directory. The default is\n"
" ~/.vnc/certs\n"
"\n"
" This directory is used to store server and other\n"
" certificates and keys and also other materials. E.g. in\n"
" the simplest case, \"-ssl SAVE\" will store the x11vnc\n"
" server cert in [dir]/server.pem\n"
"\n"
" Use of alternate directories via -ssldir allows you to\n"
" manage multiple VNC Certificate Authority (CA) keys.\n"
" Another use is if ~/.vnc/cert is on an NFS share you\n"
" might want your certificates and keys to be on a local\n"
" filesystem to prevent network snooping (for example\n"
" -ssldir /var/lib/x11vnc-certs).\n"
"\n"
" -ssldir affects nearly all of the other -ssl* options,\n"
" e.g. -ssl SAVE, -sslGenCert, etc..\n"
"\n"
"-sslverify [path] For either of the -ssl or -stunnel modes, use [path]\n"
" to provide certificates to authenticate incoming VNC\n"
" *Client* connections (normally only the server is\n"
" authenticated in SSL.) This can be used as a method\n"
" to replace standard password authentication of clients.\n"
"\n"
" If [path] is a directory it contains the client (or CA)\n"
" certificates in separate files. If [path] is a file,\n"
" it contains multiple certificates. See special tokens\n"
" below. These correspond to the \"CApath = dir\" and\n"
" \"CAfile = file\" stunnel options. See the stunnel(8)\n"
" manpage for details.\n"
"\n"
" Examples:\n"
" x11vnc -ssl -sslverify ~/my.pem\n"
" x11vnc -ssl -sslverify ~/my_pem_dir/\n"
"\n"
" Note that if [path] is a directory, it must contain\n"
" the certs in separate files named like <HASH>.0, where\n"
" the value of <HASH> is found by running the command\n"
" \"openssl x509 -hash -noout -in file.crt\". Evidently\n"
" one uses <HASH>.1 if there is a collision...\n"
"\n"
" The the key-management utility \"-sslCertInfo HASHON\"\n"
" and \"-sslCertInfo HASHOFF\" will create/delete these\n"
" hashes for you automatically (via symlink) in the HASH\n"
" subdirs it manages. Then you can point -sslverify to\n"
" the HASH subdir.\n"
"\n"
" Special tokens: in -ssl mode, if [path] is not a file or\n"
" a directory, it is taken as a comma separated list of\n"
" tokens that are interpreted as follows:\n"
"\n"
" If a token is \"CA\" that means load the CA/cacert.pem\n"
" file from the ssl directory. If a token is \"clients\"\n"
" then all the files clients/*.crt in the ssl directory\n"
" are loaded. Otherwise the file clients/token.crt\n"
" is attempted to be loaded. As a kludge, use a token\n"
" like ../server-foo to load a server cert if you find\n"
" that necessary.\n"
" \n"
" Use -ssldir to use a directory different from the\n"
" ~/.vnc/certs default.\n"
" \n"
" Note that if the \"CA\" cert is loaded you do not need\n"
" to load any of the certs that have been signed by it.\n"
" You will need to load any additional self-signed certs\n"
" however.\n"
" \n"
" Examples:\n"
" x11vnc -ssl -sslverify CA\n"
" x11vnc -ssl -sslverify self:fred,self:jim\n"
" x11vnc -ssl -sslverify CA,clients\n"
" \n"
" Usually \"-sslverify CA\" is the most effective.\n"
" See the -sslGenCA and -sslGenCert options below for\n"
" how to set up and manage the CA framework.\n"
" \n"
"\n"
"\n"
" NOTE: the following utilities, -sslGenCA, -sslGenCert,\n"
" -sslEncKey, and -sslCertInfo are provided for\n"
" completeness, but for casual usage they are overkill.\n"
"\n"
" They provide VNC Certificate Authority (CA) key creation\n"
" and server / client key generation and signing. So they\n"
" provide a basic Public Key management framework for\n"
" VNC-ing with x11vnc. (note that they require openssl(1)\n"
" be installed on the system)\n"
"\n"
" However, the simplest usage mode (where x11vnc\n"
" automatically generates its own, self-signed, temporary\n"
" key and the VNC viewers always accept it, e.g. accepting\n"
" via a dialog box) is probably safe enough for most\n"
" scenarios. CA management is not needed.\n"
"\n"
" To protect against Man-In-The-Middle attacks the\n"
" simplest mode can be improved by using \"-ssl SAVE\"\n"
" to have x11vnc create a longer term self-signed\n"
" certificate, and then (safely) copy the corresponding\n"
" public key cert to the desired client machines (care\n"
" must be taken the private key part is not stolen;\n"
" you will be prompted for a passphrase).\n"
"\n"
" So keep in mind no CA key creation or management\n"
" (-sslGenCA and -sslGenCert) is needed for either of\n"
" the above two common usage modes.\n"
"\n"
" One might want to use -sslGenCA and -sslGenCert\n"
" if you had a large number of VNC client and server\n"
" workstations. That way the administrator could generate\n"
" a single CA key with -sslGenCA and distribute its\n"
" certificate part to all of the workstations.\n"
"\n"
" Next, he could create signed VNC server keys\n"
" (-sslGenCert server ...) for each workstation or user\n"
" that then x11vnc would use to authenticate itself to\n"
" any VNC client that has the CA cert.\n"
"\n"
" Optionally, the admin could also make it so the\n"
" VNC clients themselves are authenticated to x11vnc\n"
" (-sslGenCert client ...) For this -sslverify would be\n"
" pointed to the CA cert (and/or self-signed certs).\n"
"\n"
" x11vnc will be able to use all of these cert and\n"
" key files. On the VNC client side, they will need to\n"
" be \"imported\" somehow. Web browsers have \"Manage\n"
" Certificates\" actions as does the Java applet plugin\n"
" Control Panel. stunnel can also use these files (see\n"
" the ssl_vncviewer example script in the FAQ.)\n"
"\n"
"-sslGenCA [dir] Generate your own Certificate Authority private key,\n"
" certificate, and other files in directory [dir].\n"
"\n"
" If [dir] is not supplied, a -ssldir setting is used,\n"
" or otherwise ~/.vnc/certs is used.\n"
"\n"
" This command also creates directories where server and\n"
" client certs and keys will be stored. The openssl(1)\n"
" program must be installed on the system and available\n"
" in PATH.\n"
"\n"
" After the CA files and directories are created the\n"
" command exits; the VNC server is not run.\n"
"\n"
" You will be prompted for information to put into the CA\n"
" certificate. The info does not have to be accurate just\n"
" as long as clients accept the cert for VNC connections.\n"
" You will also need to supply a passphrase of at least\n"
" 4 characters for the CA private key.\n"
"\n"
" Once you have generated the CA you can distribute\n"
" its certificate part, [dir]/CA/cacert.pem, to other\n"
" workstations where VNC viewers will be run. One will\n"
" need to \"import\" this certicate in the applications,\n"
" e.g. Web browser, Java applet plugin, stunnel, etc.\n"
" Next, you can create and sign keys using the CA with\n"
" the -sslGenCert option below.\n"
"\n"
" Examples:\n"
" x11vnc -sslGenCA\n"
" x11vnc -sslGenCA ~/myCAdir\n"
" x11vnc -ssldir ~/myCAdir -sslGenCA\n"
"\n"
" (the last two lines are equivalent)\n"
"\n"
"-sslGenCert type name Generate a VNC server or client certificate and private\n"
" key pair signed by the CA created previously with\n"
" -sslGenCA. The openssl(1) program must be installed\n"
" on the system and available in PATH.\n"
"\n"
" After the Certificate is generated the command exits;\n"
" the VNC server is not run.\n"
"\n"
" The type of key to be generated is the string \"type\".\n"
" It is either \"server\" (i.e. for use by x11vnc) or\n"
" \"client\" (for a VNC viewer). Note that typically\n"
" only \"server\" is used: the VNC clients authenticate\n"
" themselves by a non-public-key method (e.g. VNC or\n"
" unix password). \"type\" is required.\n"
"\n"
" An arbitrary default name you want to associate with\n"
" the key is supplied by the \"name\" string. You can\n"
" change it at the various prompts when creating the key.\n"
" \"name\" is optional.\n"
"\n"
" If name is left blank for clients keys then \"nobody\"\n"
" is used. If left blank for server keys, then the\n"
" primary server key: \"server.pem\" is created (this\n"
" is the saved one referenced by \"-ssl SAVE\" when the\n"
" server is started)\n"
"\n"
" If \"name\" begins with the string \"self:\" then\n"
" a self-signed certificate is created instead of one\n"
" signed by your CA key.\n"
"\n"
" If \"name\" begins with the string \"req:\" then only a\n"
" key (.key) and a certificate signing *request* (.req)\n"
" are generated. You can then send the .req file to\n"
" an external CA (even a professional one, e.g. Thawte)\n"
" and then combine the .key and the received cert into\n"
" the .pem file with the same basename.\n"
"\n"
" The distinction between \"server\" and \"client\" is\n"
" simply the choice of output filenames and sub-directory.\n"
" This makes it so the -ssl SAVE-name option can easily\n"
" pick up the x11vnc PEM file this option generates.\n"
" And similarly makes it easy for the -sslverify option\n"
" to pick up your client certs.\n"
"\n"
" There is nothing special about the filename or directory\n"
" location of either the \"server\" and \"client\" certs.\n"
" You can rename the files or move them to wherever\n"
" you like.\n"
"\n"
" Precede this option with -ssldir [dir] to use a\n"
" directory other than the default ~/.vnc/certs You will\n"
" need to run -sslGenCA on that directory first before\n"
" doing any -sslGenCert key creation.\n"
"\n"
" Note you cannot recreate a cert with exactly the same\n"
" distiguished name (DN) as an existing one. To do so,\n"
" you will need to edit the [dir]/CA/index.txt file to\n"
" delete the line.\n"
"\n"
" Similar to -sslGenCA, you will be prompted to fill\n"
" in some information that will be recorded in the\n"
" certificate when it is created. Tip: if you know\n"
" the fully-quailified hostname other people will be\n"
" connecting to you can use that as the CommonName \"CN\"\n"
" to avoid some applications (e.g. web browsers and java\n"
" plugin) complaining it does not match the hostname.\n"
"\n"
" You will also need to supply the CA private key\n"
" passphrase to unlock the private key created from\n"
" -sslGenCA. This private key is used to sign the server\n"
" or client certicate.\n"
"\n"
" The \"server\" certs can be used by x11vnc directly by\n"
" pointing to them via the -ssl [pem] option. The default\n"
" file will be ~/.vnc/certs/server.pem. This one would\n"
" be used by simply typing -ssl SAVE. The pem file\n"
" contains both the certificate and the private key.\n"
" server.crt file contains the cert only.\n"
"\n"
" The \"client\" cert + private key file will need\n"
" to be copied and imported into the VNC viewer\n"
" side applications (Web browser, Java plugin,\n"
" stunnel, etc.) Once that is done you can delete the\n"
" \"client\" private key file on this machine since\n"
" it is only needed on the VNC viewer side. The,\n"
" e.g. ~/.vnc/certs/clients/<name>.pem contains both\n"
" the cert and private key. The <name>.crt contains the\n"
" certificate only.\n"
"\n"
" NOTE: It is very important to know one should always\n"
" generate new keys with a passphrase. Otherwise if an\n"
" untrusted user steals the key file he could use it to\n"
" masquerade as the x11vnc server (or VNC viewer client).\n"
" You will be prompted whether to encrypt the key with\n"
" a passphrase or not. It is recommended that you do.\n"
" One inconvenience to a passphrase is that it must\n"
" be suppled every time x11vnc or the client app is\n"
" started up.\n"
"\n"
" Examples:\n"
"\n"
" x11vnc -sslGenCert server\n"
" x11vnc -ssl SAVE -display :0 ...\n"
"\n"
" and then on viewer using ssl_vncviewer stunnel wrapper\n"
" (see the FAQ):\n"
" ssl_vncviewer -verify ./cacert.crt hostname:0\n"
"\n"
" (this assumes the cacert.crt cert from -sslGenCA\n"
" was safely copied to the VNC viewer machine where\n"
" ssl_vncviewer is run)\n"
"\n"
" Example using a name:\n"
"\n"
" x11vnc -sslGenCert server charlie\n"
" x11vnc -ssl SAVE-charlie -display :0 ...\n"
"\n"
" Example for a client certificate (rarely used):\n"
"\n"
" x11vnc -sslGenCert client roger\n"
" scp ~/.vnc/certs/clients/roger.pem somehost:.\n"
" rm ~/.vnc/certs/clients/roger.pem\n"
"\n"
" x11vnc is then started with the the option -sslverify\n"
" ~/.vnc/certs/clients/roger.crt (or simply -sslverify\n"
" roger), and on the viewer user on somehost could do\n"
" for example:\n"
"\n"
" ssl_vncviewer -mycert ./roger.pem hostname:0\n"
"\n"
"-sslEncKey [pem] Utility to encrypt an existing PEM file with a\n"
" passphrase you supply when prompted. For that key to be\n"
" used (e.g. by x11vnc) the passphrase must be supplied\n"
" each time.\n"
"\n"
" The \"SAVE\" notation described under -ssl applies as\n"
" well. (precede this option with -ssldir [dir] to refer\n"
" a directory besides the default ~/.vnc/certs)\n"
"\n"
" The openssl(1) program must be installed on the system\n"
" and available in PATH. After the Key file is encrypted\n"
" the command exits; the VNC server is not run.\n"
"\n"
" Examples:\n"
" x11vnc -sslEncKey /path/to/foo.pem\n"
" x11vnc -sslEncKey SAVE\n"
" x11vnc -sslEncKey SAVE-charlie\n"
"\n"
"-sslCertInfo [pem] Prints out information about an existing PEM file.\n"
" In addition the public certificate is also printed.\n"
" The openssl(1) program must be in PATH. Basically the\n"
" command \"openssl x509 -text\" is run on the pem.\n"
"\n"
" The \"SAVE\" notation described under -ssl applies\n"
" as well.\n"
"\n"
" Using \"LIST\" will give a list of all certs being\n"
" managed (in the ~/.vnc/certs dir, use -ssldir to refer\n"
" to another dir). \"ALL\" will print out the info for\n"
" every managed key (this can be very long). Giving a\n"
" client or server cert shortname will also try a lookup\n"
" (e.g. -sslCertInfo charlie). Use \"LISTL\" or \"LL\"\n"
" for a long (ls -l style) listing.\n"
"\n"
" Using \"HASHON\" will create subdirs [dir]/HASH and\n"
" [dir]/HASH with OpenSSL hash filenames (e.g. 0d5fbbf1.0)\n"
" symlinks pointing up to the corresponding *.crt file.\n"
" ([dir] is ~/.vnc/certs or one given by -ssldir.)\n"
" This is a useful way for other OpenSSL applications\n"
" (e.g. stunnel) to access all of the certs without\n"
" having to concatenate them. x11vnc will not use them\n"
" unless you specifically reference them. \"HASHOFF\"\n"
" removes these HASH subdirs.\n"
"\n"
" The LIST, LISTL, LL, ALL, HASHON, HASHOFF words can\n"
" also be lowercase, e.g. \"list\".\n"
"\n"
"-sslDelCert [pem] Prompts you to delete all .crt .pem .key .req files\n"
" associated with [pem]. \"SAVE\" and lookups as in\n"
" -sslCertInfo apply as well.\n"
"\n"
"\n"
"-stunnel [pem] Use the stunnel(8) (www.stunnel.org) to provide an\n"
" encrypted SSL tunnel between viewers and x11vnc.\n"
"\n"
" This external tunnel method was implemented prior to the\n"
" integrated -ssl encryption described above. It still\n"
" works well. This requires stunnel to be installed\n"
" on the system and available via PATH (n.b. stunnel is\n"
" often installed in sbin directories). Version 4.x of\n"
" stunnel is assumed (but see -stunnel3 below.)\n"
"\n"
" [pem] is optional, use \"-stunnel /path/to/stunnel.pem\"\n"
" to specify a PEM certificate file to pass to stunnel.\n"
" Whether one is needed or not depends on your stunnel\n"
" configuration. stunnel often generates one at install\n"
" time. See the stunnel documentation for details.\n"
"\n"
" stunnel is started up as a child process of x11vnc and\n"
" any SSL connections stunnel receives are decrypted and\n"
" sent to x11vnc over a local socket. The strings\n"
" \"The SSL VNC desktop is ...\" and \"SSLPORT=...\"\n"
" are printed out at startup to indicate this.\n"
"\n"
" The -localhost option is enforced by default\n"
" to avoid people routing around the SSL channel.\n"
" Set STUNNEL_DISABLE_LOCALHOST=1 before starting x11vnc\n"
" to disable the requirement.\n"
"\n"
" Your VNC viewer will also need to be able to connect via\n"
" SSL. Unfortunately not too many do this. UltraVNC has\n"
" an encryption plugin but it does not seem to be SSL.\n"
"\n"
" Also, in the x11vnc distribution, a patched TightVNC\n"
" Java applet is provided in classes/ssl that does SSL\n"
" connections (only).\n"
"\n"
" It is also not too difficult to set up an stunnel or\n"
" other SSL tunnel on the viewer side. A simple example\n"
" on Unix using stunnel 3.x is:\n"
"\n"
" %% stunnel -c -d localhost:5901 -r remotehost:5900\n"
" %% vncviewer localhost:1\n"
"\n"
" For Windows, stunnel has been ported to it and there\n"
" are probably other such tools available. See the FAQ\n"
" for more examples.\n"
"\n"
"-stunnel3 [pem] Use version 3.x stunnel command line syntax instead of\n"
" version 4.x\n"
"\n"
"-https [port] Choose a separate HTTPS port (-ssl mode only).\n"
"\n"
" In -ssl mode, it turns out you can use the\n"
" single VNC port (e.g. 5900) for both VNC and HTTPS\n"
" connections. (HTTPS is used to retrieve a SSL-aware\n"
" VncViewer.jar applet that is provided with x11vnc).\n"
" Since both use SSL the implementation was extended to\n"
" detect if HTTP traffic (i.e. GET) is taking place and\n"
" handle it accordingly. The URL would be, e.g.:\n"
"\n"
" https://mymachine.org:5900/\n"
"\n"
" This is convenient for firewalls, etc, because only one\n"
" port needs to be allowed in. However, this heuristic\n"
" adds a few seconds delay to each connection and can be\n"
" unreliable (especially if the user takes much time to\n"
" ponder the Certificate dialogs in his browser, Java VM,\n"
" or VNC Viewer applet. That's right 3 separate \"Are\n"
" you sure you want to connect\" dialogs!)\n"
"\n"
" So use the -https option to provide a separate, more\n"
" reliable HTTPS port that x11vnc will listen on. If\n"
" [port] is not provided (or is 0), one is autoselected.\n"
" The URL to use is printed out at startup.\n"
"\n"
" The SSL Java applet directory is specified via the\n"
" -httpdir option. If not supplied it will try to guess\n"
" the directory as though the -http option was supplied.\n"
"\n"
"-usepw If no other password method was supplied on the command\n"
" line, first look for ~/.vnc/passwd and if found use it\n"
" with -rfbauth; next, look for ~/.vnc/passwdfile and\n"
" use it with -passwdfile; otherwise, prompt the user\n"
" for a password to create ~/.vnc/passwd and use it with\n"
" the -rfbauth option. If none of these succeed x11vnc\n"
" exits immediately.\n"
"\n"
" Note: -unixpw currently does not count as a password\n"
" method by this option.\n"
"\n"
"-storepasswd pass file Store password \"pass\" as the VNC password in the\n"
" file \"file\". Once the password is stored the\n"
" program exits. Use the password via \"-rfbauth file\"\n"
"\n"
" If called with no arguments, \"x11vnc -storepasswd\",\n"
" the user is prompted for a password and it is stored\n"
" in the file ~/.vnc/passwd. Called with one argument,\n"
" that will be the file to store the prompted password in.\n"
"\n"
"-nopw Disable the big warning message when you use x11vnc\n"
" without some sort of password.\n"
"\n"
"-accept string Run a command (possibly to prompt the user at the\n"
" X11 display) to decide whether an incoming client\n"
" should be allowed to connect or not. \"string\" is\n"
" an external command run via system(3) or some special\n"
" cases described below. Be sure to quote \"string\"\n"
" if it contains spaces, shell characters, etc. If the\n"
" external command returns 0 the client is accepted,\n"
" otherwise the client is rejected. See below for an\n"
" extension to accept a client view-only.\n"
"\n"
" If x11vnc is running as root (say from inetd(1) or from\n"
" display managers xdm(1), gdm(1), etc), think about the\n"
" security implications carefully before supplying this\n"
" option (likewise for the -gone option).\n"
"\n"
" Environment: The RFB_CLIENT_IP environment variable will\n"
" be set to the incoming client IP number and the port\n"
" in RFB_CLIENT_PORT (or -1 if unavailable). Similarly,\n"
" RFB_SERVER_IP and RFB_SERVER_PORT (the x11vnc side\n"
" of the connection), are set to allow identification\n"
" of the tcp virtual circuit. The x11vnc process\n"
" id will be in RFB_X11VNC_PID, a client id number in\n"
" RFB_CLIENT_ID, and the number of other connected clients\n"
" in RFB_CLIENT_COUNT. RFB_MODE will be \"accept\".\n"
" RFB_STATE will be PROTOCOL_VERSION, SECURITY_TYPE,\n"
" AUTHENTICATION, INITIALISATION, NORMAL, or UNKNOWN\n"
" indicating up to which state the client has acheived.\n"
" RFB_LOGIN_VIEWONLY will be 0, 1, or -1 (unknown).\n"
" RFB_USERNAME, RFB_LOGIN_TIME, and RFB_CURRENT_TIME may\n"
" also be set.\n"
"\n"
" If \"string\" is \"popup\" then a builtin popup window\n"
" is used. The popup will time out after 120 seconds,\n"
" use \"popup:N\" to modify the timeout to N seconds\n"
" (use 0 for no timeout).\n"
"\n"
" If \"string\" is \"xmessage\" then an xmessage(1)\n"
" invocation is used for the command. xmessage must be\n"
" installed on the machine for this to work.\n"
"\n"
" Both \"popup\" and \"xmessage\" will present an option\n"
" for accepting the client \"View-Only\" (the client\n"
" can only watch). This option will not be presented if\n"
" -viewonly has been specified, in which case the entire\n"
" display is view only.\n"
"\n"
" If the user supplied command is prefixed with something\n"
" like \"yes:0,no:*,view:3 mycommand ...\" then this\n"
" associates the numerical command return code with\n"
" the actions: accept, reject, and accept-view-only,\n"
" respectively. Use \"*\" instead of a number to indicate\n"
" the default action (in case the command returns an\n"
" unexpected value). E.g. \"no:*\" is a good choice.\n"
"\n"
" Note that x11vnc blocks while the external command\n"
" or popup is running (other clients may see no updates\n"
" during this period). So a person sitting a the physical\n"
" display is needed to respond to an popup prompt. (use\n"
" a 2nd x11vnc if you lock yourself out).\n"
"\n"
" More -accept tricks: use \"popupmouse\" to only allow\n"
" mouse clicks in the builtin popup to be recognized.\n"
" Similarly use \"popupkey\" to only recognize\n"
" keystroke responses. These are to help avoid the\n"
" user accidentally accepting a client by typing or\n"
" clicking. All 3 of the popup keywords can be followed\n"
" by +N+M to supply a position for the popup window.\n"
" The default is to center the popup window.\n"
"-afteraccept string As -accept, except to run a user supplied command after\n"
" a client has been accepted and authenticated. RFB_MODE\n"
" will be set to \"afteraccept\" and the other RFB_*\n"
" variables are as in -accept. Unlike -accept, the\n"
" command return code is not interpreted by x11vnc.\n"
" Example: -afteraccept 'killall xlock &'\n"
"-gone string As -accept, except to run a user supplied command when\n"
" a client goes away (disconnects). RFB_MODE will be\n"
" set to \"gone\" and the other RFB_* variables are as\n"
" in -accept. The \"popup\" actions apply as well.\n"
" Unlike -accept, the command return code is not\n"
" interpreted by x11vnc. Example: -gone 'xlock &'\n"
"\n"
"-users list If x11vnc is started as root (say from inetd(1) or from\n"
" display managers xdm(1), gdm(1), etc), then as soon\n"
" as possible after connections to the X display are\n"
" established try to switch to one of the users in the\n"
" comma separated \"list\". If x11vnc is not running as\n"
" root this option is ignored.\n"
" \n"
" Why use this option? In general it is not needed since\n"
" x11vnc is already connected to the X display and can\n"
" perform its primary functions. The option was added\n"
" to make some of the *external* utility commands x11vnc\n"
" occasionally runs work properly. In particular under\n"
" GNOME and KDE to implement the \"-solid color\" feature\n"
" external commands (gconftool-2 and dcop) must be run\n"
" as the user owning the desktop session. Since this\n"
" option switches userid it also affects the userid used\n"
" to run the processes for the -accept and -gone options.\n"
" It also affects the ability to read files for options\n"
" such as -connect, -allow, and -remap. Note that the\n"
" -connect file is also sometimes written to.\n"
" \n"
" So be careful with this option since in many situations\n"
" its use can decrease security.\n"
" \n"
" The switch to a user will only take place if the\n"
" display can still be successfully opened as that user\n"
" (this is primarily to try to guess the actual owner\n"
" of the session). Example: \"-users fred,wilma,betty\".\n"
" Note that a malicious user \"barney\" by quickly using\n"
" \"xhost +\" when logging in may get x11vnc to switch\n"
" to user \"fred\". What happens next?\n"
" \n"
" Under display managers it may be a long time before\n"
" the switch succeeds (i.e. a user logs in). To make\n"
" it switch immediately regardless if the display\n"
" can be reopened prefix the username with the \"+\"\n"
" character. E.g. \"-users +bob\" or \"-users +nobody\".\n"
" The latter (i.e. switching immediately to user\n"
" \"nobody\") is probably the only use of this option\n"
" that increases security.\n"
" \n"
" To immediately switch to a user *before* connections\n"
" to the X display are made or any files opened use the\n"
" \"=\" character: \"-users =bob\". That user needs to\n"
" be able to open the X display of course.\n"
" \n"
" The special user \"guess=\" means to examine the utmpx\n"
" database (see who(1)) looking for a user attached to\n"
" the display number (from DISPLAY or -display option)\n"
" and try him/her. To limit the list of guesses, use:\n"
" \"-users guess=bob,betty\".\n"
" \n"
" Even more sinister is the special user \"lurk=\" that\n"
" means to try to guess the DISPLAY from the utmpx login\n"
" database as well. So it \"lurks\" waiting for anyone\n"
" to log into an X session and then connects to it.\n"
" Specify a list of users after the = to limit which\n"
" users will be tried. To enable a different searching\n"
" mode, if the first user in the list is something like\n"
" \":0\" or \":0-2\" that indicates a range of DISPLAY\n"
" numbers that will be tried (regardless of whether\n"
" they are in the utmpx database) for all users that\n"
" are logged in. Examples: \"-users lurk=\" and also\n"
" \"-users lurk=:0-1,bob,mary\"\n"
" \n"
" Be especially careful using the \"guess=\" and \"lurk=\"\n"
" modes. They are not recommended for use on machines\n"
" with untrustworthy local users.\n"
" \n"
"-noshm Do not use the MIT-SHM extension for the polling.\n"
" Remote displays can be polled this way: be careful this\n"
" can use large amounts of network bandwidth. This is\n"
" also of use if the local machine has a limited number\n"
" of shm segments and -onetile is not sufficient.\n"
"-flipbyteorder Sometimes needed if remotely polled host has different\n"
" endianness. Ignored unless -noshm is set.\n"
"-onetile Do not use the new copy_tiles() framebuffer mechanism,\n"
" just use 1 shm tile for polling. Limits shm segments\n"
" used to 3.\n"
"\n"
"-solid [color] To improve performance, when VNC clients are connected\n"
" try to change the desktop background to a solid color.\n"
" The [color] is optional: the default color is \"cyan4\".\n"
" For a different one specify the X color (rgb.txt name,\n"
" e.g. \"darkblue\" or numerical \"#RRGGBB\").\n"
"\n"
" Currently this option only works on GNOME, KDE, CDE,\n"
" and classic X (i.e. with the background image on the\n"
" root window). The \"gconftool-2\" and \"dcop\" external\n"
" commands are run for GNOME and KDE respectively.\n"
" Other desktops won't work, e.g. Xfce (send us the\n"
" corresponding commands if you find them). If x11vnc is\n"
" running as root (inetd(1) or gdm(1)), the -users option\n"
" may be needed for GNOME and KDE. If x11vnc guesses\n"
" your desktop incorrectly, you can force it by prefixing\n"
" color with \"gnome:\", \"kde:\", \"cde:\" or \"root:\".\n"
"-blackout string Black out rectangles on the screen. \"string\" is a\n"
" comma separated list of WxH+X+Y type geometries for\n"
" each rectangle. If one of the items on the list is the\n"
" string \"noptr\" the mouse pointer will not be allowed\n"
" to go into a blacked out region.\n"
"-xinerama If your screen is composed of multiple monitors\n"
"-noxinerama glued together via XINERAMA, and that screen is\n"
" not a rectangle this option will try to guess the\n"
" areas to black out (if your system has libXinerama).\n"
" default: %s\n"
"\n"
" In general, we have noticed on XINERAMA displays you\n"
" may need to use the \"-xwarppointer\" option if the mouse\n"
" pointer misbehaves.\n"
"\n"
"-xtrap Use the DEC-XTRAP extension for keystroke and mouse\n"
" input insertion. For use on legacy systems, e.g. X11R5,\n"
" running an incomplete or missing XTEST extension.\n"
" By default DEC-XTRAP will be used if XTEST server grab\n"
" control is missing, use -xtrap to do the keystroke and\n"
" mouse insertion via DEC-XTRAP as well.\n"
"\n"
"-xrandr [mode] If the display supports the XRANDR (X Resize, Rotate\n"
" and Reflection) extension, and you expect XRANDR events\n"
" to occur to the display while x11vnc is running, this\n"
" options indicates x11vnc should try to respond to\n"
" them (as opposed to simply crashing by assuming the\n"
" old screen size). See the xrandr(1) manpage and run\n"
" 'xrandr -q' for more info. [mode] is optional and\n"
" described below.\n"
"\n"
" Since watching for XRANDR events and trapping errors\n"
" increases polling overhead, only use this option if\n"
" XRANDR changes are expected. For example on a rotatable\n"
" screen PDA or laptop, or using a XRANDR-aware Desktop\n"
" where you resize often. It is best to be viewing with a\n"
" vncviewer that supports the NewFBSize encoding, since it\n"
" knows how to react to screen size changes. Otherwise,\n"
" libvncserver tries to do so something reasonable for\n"
" viewers that cannot do this (portions of the screen\n"
" may be clipped, unused, etc).\n"
"\n"
" \"mode\" defaults to \"resize\", which means create a\n"
" new, resized, framebuffer and hope all viewers can cope\n"
" with the change. \"newfbsize\" means first disconnect\n"
" all viewers that do not support the NewFBSize VNC\n"
" encoding, and then resize the framebuffer. \"exit\"\n"
" means disconnect all viewer clients, and then terminate\n"
" x11vnc.\n"
"-padgeom WxH Whenever a new vncviewer connects, the framebuffer is\n"
" replaced with a fake, solid black one of geometry WxH.\n"
" Shortly afterwards the framebuffer is replaced with the\n"
" real one. This is intended for use with vncviewers\n"
" that do not support NewFBSize and one wants to make\n"
" sure the initial viewer geometry will be big enough\n"
" to handle all subsequent resizes (e.g. under -xrandr,\n"
" -remote id:windowid, rescaling, etc.)\n"
"\n"
"-o logfile Write stderr messages to file \"logfile\" instead of\n"
" to the terminal. Same as \"-logfile file\". To append\n"
" to the file use \"-oa file\" or \"-logappend file\".\n"
"-flag file Write the \"PORT=NNNN\" (e.g. PORT=5900) string to\n"
" \"file\" in addition to stdout. This option could be\n"
" useful by wrapper script to detect when x11vnc is ready.\n"
"\n"
"-rc filename Use \"filename\" instead of $HOME/.x11vncrc for rc file.\n"
"-norc Do not process any .x11vncrc file for options.\n"
"\n"
"-h, -help Print this help text.\n"
"-?, -opts Only list the x11vnc options.\n"
"-V, -version Print program version and last modification date.\n"
"\n"
"-dbg Instead of exiting after cleaning up, run a simple\n"
" \"debug crash shell\" when fatal errors are trapped.\n"
"\n"
"-q Be quiet by printing less informational output to\n"
" stderr. Same as -quiet.\n"
"-bg Go into the background after screen setup. Messages to\n"
" stderr are lost unless -o logfile is used. Something\n"
" like this could be useful in a script:\n"
" port=`ssh $host \"x11vnc -display :0 -bg\" | grep PORT`\n"
" port=`echo \"$port\" | sed -e 's/PORT=//'`\n"
" port=`expr $port - 5900`\n"
" vncviewer $host:$port\n"
"\n"
"-modtweak Option -modtweak automatically tries to adjust the AltGr\n"
"-nomodtweak and Shift modifiers for differing language keyboards\n"
" between client and host. Otherwise, only a single key\n"
" press/release of a Keycode is simulated (i.e. ignoring\n"
" the state of the modifiers: this usually works for\n"
" identical keyboards). Also useful in resolving cases\n"
" where a Keysym is bound to multiple keys (e.g. \"<\" + \">\"\n"
" and \",\" + \"<\" keys). Default: %s\n"
"-xkb When in modtweak mode, use the XKEYBOARD extension (if\n"
"-noxkb the X display supports it) to do the modifier tweaking.\n"
" This is powerful and should be tried if there are still\n"
" keymapping problems when using -modtweak by itself.\n"
" The default is to check whether some common keysyms,\n"
" e.g. !, @, [, are only accessible via -xkb mode and if\n"
" so then automatically enable the mode. To disable this\n"
" automatic detection use -noxkb.\n"
"-skip_keycodes string Ignore the comma separated list of decimal keycodes.\n"
" Perhaps these are keycodes not on your keyboard but\n"
" your X server thinks exist. Currently only applies\n"
" to -xkb mode. Use this option to help x11vnc in the\n"
" reverse problem it tries to solve: Keysym -> Keycode(s)\n"
" when ambiguities exist (more than one Keycode per\n"
" Keysym). Run 'xmodmap -pk' to see your keymapping.\n"
" Example: \"-skip_keycodes 94,114\"\n"
"-sloppy_keys Experimental option that tries to correct some\n"
" \"sloppy\" key behavior. E.g. if at the viewer you\n"
" press Shift+Key but then release the Shift before\n"
" Key that could give rise to extra unwanted characters\n"
" (usually only between keyboards of different languages).\n"
" Only use this option if you observe problems with\n"
" some keystrokes.\n"
"-skip_dups Some VNC viewers send impossible repeated key events,\n"
"-noskip_dups e.g. key-down, key-down, key-up, key-up all for the same\n"
" key, or 20 downs in a row for the same modifier key!\n"
" Setting -skip_dups means to skip these duplicates and\n"
" just process the first event. Note: some VNC viewers\n"
" assume they can send down's without the corresponding\n"
" up's and so you should not set this option for\n"
" these viewers (symptom: some keys do not autorepeat)\n"
" Default: %s\n"
"-add_keysyms If a Keysym is received from a VNC viewer and that\n"
"-noadd_keysyms Keysym does not exist in the X server, then add the\n"
" Keysym to the X server's keyboard mapping on an unused\n"
" key. Added Keysyms will be removed periodically and\n"
" also when x11vnc exits. Default: %s\n"
#if 0
"-xkbcompat Ignore the XKEYBOARD extension. Use as a workaround for\n"
" some keyboard mapping problems. E.g. if you are using\n"
" an international keyboard (AltGr or ISO_Level3_Shift),\n"
" and the OS or keyboard where the VNC viewer is run\n"
" is not identical to that of the X server, and you are\n"
" having problems typing some keys. Implies -nobell.\n"
#endif
"-clear_mods At startup and exit clear the modifier keys by sending\n"
" KeyRelease for each one. The Lock modifiers are skipped.\n"
" Used to clear the state if the display was accidentally\n"
" left with any pressed down.\n"
"-clear_keys As -clear_mods, except try to release any pressed key.\n"
" Note that this option and -clear_mods can interfere\n"
" with a person typing at the physical keyboard.\n"
"-remap string Read Keysym remappings from file named \"string\".\n"
" Format is one pair of Keysyms per line (can be name\n"
" or hex value) separated by a space. If no file named\n"
" \"string\" exists, it is instead interpreted as this\n"
" form: key1-key2,key3-key4,... See <X11/keysymdef.h>\n"
" header file for a list of Keysym names, or use xev(1).\n"
" To map a key to a button click, use the fake Keysyms\n"
" \"Button1\", ..., etc. E.g: \"-remap Super_R-Button2\"\n"
" (useful for pasting on a laptop)\n"
"\n"
" Dead keys: \"dead\" (or silent, mute) keys are keys that\n"
" do not produce a character but must be followed by a 2nd\n"
" keystroke. This is often used for accenting characters,\n"
" e.g. to put \"`\" on top of \"a\" by pressing the dead\n"
" key and then \"a\". Note that this interpretation\n"
" is not part of core X11, it is up to the toolkit or\n"
" application to decide how to react to the sequence.\n"
" The X11 names for these keysyms are \"dead_grave\",\n"
" \"dead_acute\", etc. However some VNC viewers send the\n"
" keysyms \"grave\", \"acute\" instead thereby disabling\n"
" the accenting. To work around this -remap can be used.\n"
" For example \"-remap grave-dead_grave,acute-dead_acute\"\n"
" As a convenience, \"-remap DEAD\" applies these remaps:\n"
"\n"
" g grave-dead_grave\n"
" a acute-dead_acute\n"
" c asciicircum-dead_circumflex\n"
" t asciitilde-dead_tilde\n"
" m macron-dead_macron\n"
" b breve-dead_breve\n"
" D abovedot-dead_abovedot\n"
" d diaeresis-dead_diaeresis\n"
" o degree-dead_abovering\n"
" A doubleacute-dead_doubleacute\n"
" r caron-dead_caron\n"
" e cedilla-dead_cedilla\n"
"\n"
" If you just want a subset use the first letter\n"
" label, e.g. \"-remap DEAD=ga\" to get the first two.\n"
" Additional remaps may also be supplied via commas,\n"
" e.g. \"-remap DEAD=ga,Super_R-Button2\". Finally,\n"
" \"DEAD=missing\" means to apply all of the above as\n"
" long as the left hand member is not already in the\n"
" X11 keymap.\n"
"\n"
"-norepeat Option -norepeat disables X server key auto repeat when\n"
"-repeat VNC clients are connected and VNC keyboard input is\n"
" not idle for more than 5 minutes. This works around a\n"
" repeating keystrokes bug (triggered by long processing\n"
" delays between key down and key up client events: either\n"
" from large screen changes or high latency).\n"
" Default: %s\n"
"\n"
" Note: your VNC viewer side will likely do autorepeating,\n"
" so this is no loss unless someone is simultaneously at\n"
" the real X display.\n"
"\n"
" Use \"-norepeat N\" to set how many times norepeat will\n"
" be reset if something else (e.g. X session manager)\n"
" undoes it. The default is 2. Use a negative value\n"
" for unlimited resets.\n"
"\n"
"-nofb Ignore video framebuffer: only process keyboard and\n"
" pointer. Intended for use with Win2VNC and x2vnc\n"
" dual-monitor setups.\n"
"-nobell Do not watch for XBell events. (no beeps will be heard)\n"
" Note: XBell monitoring requires the XKEYBOARD extension.\n"
"-nosel Do not manage exchange of X selection/cutbuffer between\n"
" VNC viewers and the X server at all.\n"
"-noprimary Do not poll the PRIMARY selection for changes to send\n"
" back to clients. (PRIMARY is still set on received\n"
" changes, however).\n"
"-nosetprimary Do not set the PRIMARY selection for changes received\n"
" from VNC clients.\n"
"-noclipboard Do not poll the CLIPBOARD selection for changes to send\n"
" back to clients. (CLIPBOARD is still set on received\n"
" changes, however).\n"
"-nosetclipboard Do not set the CLIPBOARD selection for changes\n"
" received from VNC clients.\n"
"-seldir string If direction string is \"send\", only send the selection\n"
" to viewers, and if it is \"recv\" only receive it from\n"
" viewers. To work around apps setting the selection\n"
" too frequently and messing up the other end. You can\n"
" actually supply a comma separated list of directions,\n"
" including \"debug\" to turn on debugging output.\n"
"\n"
"-cursor [mode] Sets how the pointer cursor shape (little icon at the\n"
"-nocursor mouse pointer) should be handled. The \"mode\" string\n"
" is optional and is described below. The default\n"
" is to show some sort of cursor shape(s). How this\n"
" is done depends on the VNC viewer and the X server.\n"
" Use -nocursor to disable cursor shapes completely.\n"
"\n"
" Some VNC viewers support the TightVNC CursorPosUpdates\n"
" and CursorShapeUpdates extensions (cuts down on\n"
" network traffic by not having to send the cursor image\n"
" every time the pointer is moved), in which case these\n"
" extensions are used (see -nocursorshape and -nocursorpos\n"
" below to disable). For other viewers the cursor shape\n"
" is written directly to the framebuffer every time the\n"
" pointer is moved or changed and gets sent along with\n"
" the other framebuffer updates. In this case, there\n"
" will be some lag between the vnc viewer pointer and\n"
" the remote cursor position.\n"
"\n"
" If the X display supports retrieving the cursor shape\n"
" information from the X server, then the default is\n"
" to use that mode. On Solaris this can be done with\n"
" the SUN_OVL extension using -overlay (see also the\n"
" -overlay_nocursor option). A similar overlay scheme\n"
" is used on IRIX. Xorg (e.g. Linux) and recent Solaris\n"
" Xsun servers support the XFIXES extension to retrieve\n"
" the exact cursor shape from the X server. If XFIXES\n"
" is present it is preferred over Overlay and is used by\n"
" default (see -noxfixes below). This can be disabled\n"
" with -nocursor, and also some values of the \"mode\"\n"
" option below.\n"
" \n"
" Note that under XFIXES cursors with transparency (alpha\n"
" channel) will usually not be exactly represented and one\n"
" may find Overlay preferable. See also the -alphacut\n"
" and -alphafrac options below as fudge factors to try\n"
" to improve the situation for cursors with transparency\n"
" for a given theme.\n"
"\n"
" The \"mode\" string can be used to fine-tune the\n"
" displaying of cursor shapes. It can be used the\n"
" following ways:\n"
"\n"
" \"-cursor arrow\" - just show the standard arrow\n"
" nothing more or nothing less.\n"
"\n"
" \"-cursor none\" - same as \"-nocursor\"\n"
"\n"
" \"-cursor X\" - when the cursor appears to be on the\n"
" root window, draw the familiar X shape. Some desktops\n"
" such as GNOME cover up the root window completely,\n"
" and so this will not work, try \"X1\", etc, to try to\n"
" shift the tree depth. On high latency links or slow\n"
" machines there will be a time lag between expected and\n"
" the actual cursor shape.\n"
"\n"
" \"-cursor some\" - like \"X\" but use additional\n"
" heuristics to try to guess if the window should have\n"
" a windowmanager-like resizer cursor or a text input\n"
" I-beam cursor. This is a complete hack, but may be\n"
" useful in some situations because it provides a little\n"
" more feedback about the cursor shape.\n"
"\n"
" \"-cursor most\" - try to show as many cursors as\n"
" possible. Often this will only be the same as \"some\"\n"
" unless the display has overlay visuals or XFIXES\n"
" extensions available. On Solaris and IRIX if XFIXES\n"
" is not available, -overlay mode will be attempted.\n"
"\n"
"-arrow n Choose an alternate \"arrow\" cursor from a set of\n"
" some common ones. n can be 1 to %d. Default is: %d\n"
" Ignored when in XFIXES cursor-grabbing mode.\n"
"\n"
"-noxfixes Do not use the XFIXES extension to draw the exact cursor\n"
" shape even if it is available.\n"
"-alphacut n When using the XFIXES extension for the cursor shape,\n"
" cursors with transparency will not usually be displayed\n"
" exactly (but opaque ones will). This option sets n as\n"
" a cutoff for cursors that have transparency (\"alpha\n"
" channel\" with values ranging from 0 to 255) Any cursor\n"
" pixel with alpha value less than n becomes completely\n"
" transparent. Otherwise the pixel is completely opaque.\n"
" Default %d\n"
" \n"
"-alphafrac fraction With the threshold in -alphacut some cursors will become\n"
" almost completely transparent because their alpha values\n"
" are not high enough. For those cursors adjust the\n"
" alpha threshold until fraction of the non-zero alpha\n"
" channel pixels become opaque. Default %.2f\n"
"-alpharemove By default, XFIXES cursors pixels with transparency have\n"
" the alpha factor multiplied into the RGB color values\n"
" (i.e. that corresponding to blending the cursor with a\n"
" black background). Specify this option to remove the\n"
" alpha factor. (useful for light colored semi-transparent\n"
" cursors).\n"
"-noalphablend In XFIXES mode do not send cursor alpha channel data\n"
" to libvncserver. The default is to send it. The\n"
" alphablend effect will only be visible in -nocursorshape\n"
" mode or for clients with cursorshapeupdates turned\n"
" off. (However there is a hack for 32bpp with depth 24,\n"
" it uses the extra 8 bits to store cursor transparency\n"
" for use with a hacked vncviewer that applies the\n"
" transparency locally. See the FAQ for more info).\n"
"\n"
"-nocursorshape Do not use the TightVNC CursorShapeUpdates extension\n"
" even if clients support it. See -cursor above.\n"
"-cursorpos Option -cursorpos enables sending the X cursor position\n"
"-nocursorpos back to all vnc clients that support the TightVNC\n"
" CursorPosUpdates extension. Other clients will be able\n"
" to see the pointer motions. Default: %s\n"
"-xwarppointer Move the pointer with XWarpPointer(3X) instead of\n"
" the XTEST extension. Use this as a workaround\n"
" if the pointer motion behaves incorrectly, e.g.\n"
" on touchscreens or other non-standard setups.\n"
" Also sometimes needed on XINERAMA displays.\n"
"\n"
"-buttonmap string String to remap mouse buttons. Format: IJK-LMN, this\n"
" maps buttons I -> L, etc., e.g. -buttonmap 13-31\n"
"\n"
" Button presses can also be mapped to keystrokes: replace\n"
" a button digit on the right of the dash with :<sym>:\n"
" or :<sym1>+<sym2>: etc. for multiple keys. For example,\n"
" if the viewing machine has a mouse-wheel (buttons 4 5)\n"
" but the x11vnc side does not, these will do scrolls:\n"
" -buttonmap 12345-123:Prior::Next:\n"
" -buttonmap 12345-123:Up+Up+Up::Down+Down+Down:\n"
"\n"
" See <X11/keysymdef.h> header file for a list of Keysyms,\n"
" or use the xev(1) program. Note: mapping of button\n"
" clicks to Keysyms may not work if -modtweak or -xkb is\n"
" needed for the Keysym.\n"
"\n"
" If you include a modifier like \"Shift_L\" the\n"
" modifier's up/down state is toggled, e.g. to send\n"
" \"The\" use :Shift_L+t+Shift_L+h+e: (the 1st one is\n"
" shift down and the 2nd one is shift up). (note: the\n"
" initial state of the modifier is ignored and not reset)\n"
" To include button events use \"Button1\", ... etc.\n"
"\n"
"-nodragging Do not update the display during mouse dragging events\n"
" (mouse button held down). Greatly improves response on\n"
" slow setups, but you lose all visual feedback for drags,\n"
" text selection, and some menu traversals. It overrides\n"
" any -pointer_mode setting.\n"
"\n"
"-wireframe [str] Try to detect window moves or resizes when a mouse\n"
"-nowireframe button is held down and show a wireframe instead of\n"
" the full opaque window. This is based completely on\n"
" heuristics and may not always work: it depends on your\n"
" window manager and even how you move things around.\n"
" See -pointer_mode below for discussion of the \"bogging\n"
" down\" problem this tries to avoid.\n"
" Default: %s\n"
"\n"
" Shorter aliases: -wf [str] and -nowf\n"
"\n"
" The value \"str\" is optional and, of course, is\n"
" packed with many tunable parameters for this scheme:\n"
"\n"
" Format: shade,linewidth,percent,T+B+L+R,mod,t1+t2+t3+t4\n"
" Default: %s\n"
"\n"
" If you leave nothing between commas: \",,\" the default\n"
" value is used. If you don't specify enough commas,\n"
" the trailing parameters are set to their defaults.\n"
"\n"
" \"shade\" indicate the \"color\" for the wireframe,\n"
" usually a greyscale: 0-255, however for 16 and 32bpp you\n"
" can specify an rgb.txt X color (e.g. \"dodgerblue\") or\n"
" a value > 255 is treated as RGB (e.g. red is 0xff0000).\n"
" \"linewidth\" sets the width of the wireframe in pixels.\n"
" \"percent\" indicates to not apply the wireframe scheme\n"
" to windows with area less than this percent of the\n"
" full screen.\n"
"\n"
" \"T+B+L+R\" indicates four integers for how close in\n"
" pixels the pointer has to be from the Top, Bottom, Left,\n"
" or Right edges of the window to consider wireframing.\n"
" This is a speedup to quickly exclude a window from being\n"
" wireframed: set them all to zero to not try the speedup\n"
" (scrolling and selecting text will likely be slower).\n"
"\n"
" \"mod\" specifies if a button down event in the\n"
" interior of the window with a modifier key (Alt, Shift,\n"
" etc.) down should indicate a wireframe opportunity.\n"
" It can be \"0\" or \"none\" to skip it, \"1\" or \"all\"\n"
" to apply it to any modifier, or \"Shift\", \"Alt\",\n"
" \"Control\", \"Meta\", \"Super\", or \"Hyper\" to only\n"
" apply for that type of modifier key.\n"
"\n"
" \"t1+t2+t3+t4\" specify four floating point times in\n"
" seconds: t1 is how long to wait for the pointer to move,\n"
" t2 is how long to wait for the window to start moving\n"
" or being resized (for some window managers this can be\n"
" rather long), t3 is how long to keep a wireframe moving\n"
" before repainting the window. t4 is the minimum time\n"
" between sending wireframe \"animations\". If a slow\n"
" link is detected, these values may be automatically\n"
" changed to something better for a slow link.\n"
"\n"
"-wirecopyrect mode Since the -wireframe mechanism evidently tracks moving\n"
"-nowirecopyrect windows accurately, a speedup can be obtained by\n"
" telling the VNC viewers to locally copy the translated\n"
" window region. This is the VNC CopyRect encoding:\n"
" the framebuffer update doesn't need to send the actual\n"
" new image data.\n"
"\n"
" Shorter aliases: -wcr [mode] and -nowcr\n"
"\n"
" \"mode\" can be \"never\" (same as -nowirecopyrect)\n"
" to never try the copyrect, \"top\" means only do it if\n"
" the window was not covered by any other windows, and\n"
" \"always\" means to translate the orginally unobscured\n"
" region (this may look odd as the remaining pieces come\n"
" in, but helps on a slow link). Default: \"%s\"\n"
"\n"
" Note: there can be painting errors or slow response\n"
" when using -scale so you may want to disable CopyRect\n"
" in this case \"-wirecopyrect never\" on the command\n"
" line or by remote-control. Or you can also use the\n"
" \"-scale xxx:nocr\" scale option.\n"
"\n"
"-debug_wireframe Turn on debugging info printout for the wireframe\n"
" heuristics. \"-dwf\" is an alias. Specify multiple\n"
" times for more output.\n"
"\n"
"-scrollcopyrect mode Like -wirecopyrect, but use heuristics to try to guess\n"
"-noscrollcopyrect if a window has scrolled its contents (either vertically\n"
" or horizontally). This requires the RECORD X extension\n"
" to \"snoop\" on X applications (currently for certain\n"
" XCopyArea and XConfigureWindow X protocol requests).\n"
" Examples: Hitting <Return> in a terminal window when the\n"
" cursor was at the bottom, the text scrolls up one line.\n"
" Hitting <Down> arrow in a web browser window, the web\n"
" page scrolls up a small amount. Or scrolling with a\n"
" scrollbar or mouse wheel.\n"
"\n"
" Shorter aliases: -scr [mode] and -noscr\n"
"\n"
" This scheme will not always detect scrolls, but when\n"
" it does there is a nice speedup from using the VNC\n"
" CopyRect encoding (see -wirecopyrect). The speedup\n"
" is both in reduced network traffic and reduced X\n"
" framebuffer polling/copying. On the other hand, it may\n"
" induce undesired transients (e.g. a terminal cursor\n"
" being scrolled up when it should not be) or other\n"
" painting errors (window tearing, bunching-up, etc).\n"
" These are automatically repaired in a short period\n"
" of time. If this is unacceptable disable the feature\n"
" with -noscrollcopyrect.\n"
"\n"
" Screen clearing kludges: for testing at least, there\n"
" are some \"magic key sequences\" (must be done in less\n"
" than 1 second) to aid repairing painting errors that\n"
" may be seen when using this mode:\n"
"\n"
" 3 Alt_L's in a row: resend whole screen,\n"
" 4 Alt_L's in a row: reread and resend whole screen,\n"
" 3 Super_L's in a row: mark whole screen for polling,\n"
" 4 Super_L's in a row: reset RECORD context,\n"
" 5 Super_L's in a row: try to push a black screen\n"
"\n"
" note: Alt_L is the Left \"Alt\" key (a single key)\n"
" Super_L is the Left \"Super\" key (Windows flag).\n"
" Both of these are modifier keys, and so should not\n"
" generate characters when pressed by themselves. Also,\n"
" your VNC viewer may have its own refresh hot-key\n"
" or button.\n"
"\n"
" \"mode\" can be \"never\" (same as -noscrollcopyrect)\n"
" to never try the copyrect, \"keys\" means to try it\n"
" in response to keystrokes only, \"mouse\" means to\n"
" try it in response to mouse events only, \"always\"\n"
" means to do both. Default: \"%s\"\n"
"\n"
" Note: there can be painting errors or slow response\n"
" when using -scale so you may want to disable CopyRect\n"
" in this case \"-scrollcopyrect never\" on the command\n"
" line or by remote-control. Or you can also use the\n"
" \"-scale xxx:nocr\" scale option.\n"
"\n"
"-scr_area n Set the minimum area in pixels for a rectangle\n"
" to be considered for the -scrollcopyrect detection\n"
" scheme. This is to avoid wasting the effort on small\n"
" rectangles that would be quickly updated the normal way.\n"
" E.g. suppose an app updated the position of its skinny\n"
" scrollbar first and then shifted the large panel\n"
" it controlled. We want to be sure to skip the small\n"
" scrollbar and get the large panel. Default: %d\n"
"\n"
"-scr_skip list Skip scroll detection for applications matching\n"
" the comma separated list of strings in \"list\".\n"
" Some applications implement their scrolling in\n"
" strange ways where the XCopyArea, etc, also applies\n"
" to invisible portions of the window: if we CopyRect\n"
" those areas it looks awful during the scroll and\n"
" there may be painting errors left after the scroll.\n"
" Soffice.bin is the worst known offender.\n"
"\n"
" Use \"##\" to denote the start of the application class\n"
" (e.g. \"##XTerm\") and \"++\" to denote the start\n"
" of the application instance name (e.g. \"++xterm\").\n"
" The string your list is matched against is of the form\n"
" \"^^WM_NAME##Class++Instance<same-for-any-subwindows>\"\n"
" The \"xlsclients -la\" command will provide this info.\n"
"\n"
" If a pattern is prefixed with \"KEY:\" it only applies\n"
" to Keystroke generated scrolls (e.g. Up arrow). If it\n"
" is prefixed with \"MOUSE:\" it only applies to Mouse\n"
" induced scrolls (e.g. dragging on a scrollbar).\n"
" Default: %s\n"
"\n"
"-scr_inc list Opposite of -scr_skip: this list is consulted first\n"
" and if there is a match the window will be monitored\n"
" via RECORD for scrolls irrespective of -scr_skip.\n"
" Use -scr_skip '*' to skip anything that does not match\n"
" your -scr_inc. Use -scr_inc '*' to include everything.\n"
"\n"
"-scr_keys list For keystroke scroll detection, only apply the RECORD\n"
" heuristics to the comma separated list of keysyms in\n"
" \"list\". You may find the RECORD overhead for every\n"
" one of your keystrokes disrupts typing too much, but you\n"
" don't want to turn it off completely with \"-scr mouse\"\n"
" and -scr_parms does not work or is too confusing.\n"
"\n"
" The listed keysyms can be numeric or the keysym\n"
" names in the <X11/keysymdef.h> header file or from the\n"
" xev(1) program. Example: \"-scr_keys Up,Down,Return\".\n"
" One probably wants to have application specific lists\n"
" (e.g. for terminals, etc) but that is too icky to think\n"
" about for now...\n"
"\n"
" If \"list\" begins with the \"-\" character the list\n"
" is taken as an exclude list: all keysyms except those\n"
" list will be considered. The special string \"builtin\"\n"
" expands to an internal list of keysyms that are likely\n"
" to cause scrolls. BTW, by default modifier keys,\n"
" Shift_L, Control_R, etc, are skipped since they almost\n"
" never induce scrolling by themselves.\n"
"\n"
"-scr_term list Yet another cosmetic kludge. Apply shell/terminal\n"
" heuristics to applications matching comma separated\n"
" list (same as for -scr_skip/-scr_inc). For example an\n"
" annoying transient under scroll detection is if you\n"
" hit Enter in a terminal shell with full text window,\n"
" the solid text cursor block will be scrolled up.\n"
" So for a short time there are two (or more) block\n"
" cursors on the screen. There are similar scenarios,\n"
" (e.g. an output line is duplicated).\n"
" \n"
" These transients are induced by the approximation of\n"
" scroll detection (e.g. it detects the scroll, but not\n"
" the fact that the block cursor was cleared just before\n"
" the scroll). In nearly all cases these transient errors\n"
" are repaired when the true X framebuffer is consulted\n"
" by the normal polling. But they are distracting, so\n"
" what this option provides is extra \"padding\" near the\n"
" bottom of the terminal window: a few extra lines near\n"
" the bottom will not be scrolled, but rather updated\n"
" from the actual X framebuffer. This usually reduces\n"
" the annoying artifacts. Use \"none\" to disable.\n"
" Default: \"%s\"\n"
"\n"
"-scr_keyrepeat lo-hi If a key is held down (or otherwise repeats rapidly) and\n"
" this induces a rapid sequence of scrolls (e.g. holding\n"
" down an Arrow key) the \"scrollcopyrect\" detection\n"
" and overhead may not be able to keep up. A time per\n"
" single scroll estimate is performed and if that estimate\n"
" predicts a sustainable scrollrate of keys per second\n"
" between \"lo\" and \"hi\" then repeated keys will be\n"
" DISCARDED to maintain the scrollrate. For example your\n"
" key autorepeat may be 25 keys/sec, but for a large\n"
" window or slow link only 8 scrolls per second can be\n"
" sustained, then roughly 2 out of every 3 repeated keys\n"
" will be discarded during this period. Default: \"%s\"\n"
"\n"
"-scr_parms string Set various parameters for the scrollcopyrect mode.\n"
" The format is similar to that for -wireframe and packed\n"
" with lots of parameters:\n"
"\n"
" Format: T+B+L+R,t1+t2+t3,s1+s2+s3+s4+s5\n"
" Default: %s\n"
"\n"
" If you leave nothing between commas: \",,\" the default\n"
" value is used. If you don't specify enough commas,\n"
" the trailing parameters are set to their defaults.\n"
"\n"
" \"T+B+L+R\" indicates four integers for how close in\n"
" pixels the pointer has to be from the Top, Bottom, Left,\n"
" or Right edges of the window to consider scrollcopyrect.\n"
" If -wireframe overlaps it takes precedence. This is a\n"
" speedup to quickly exclude a window from being watched\n"
" for scrollcopyrect: set them all to zero to not try\n"
" the speedup (things like selecting text will likely\n"
" be slower).\n"
"\n"
" \"t1+t2+t3\" specify three floating point times in\n"
" seconds that apply to scrollcopyrect detection with\n"
" *Keystroke* input: t1 is how long to wait after a key\n"
" is pressed for the first scroll, t2 is how long to keep\n"
" looking after a Keystroke scroll for more scrolls.\n"
" t3 is how frequently to try to update surrounding\n"
" scrollbars outside of the scrolling area (0.0 to\n"
" disable)\n"
"\n"
" \"s1+s2+s3+s4+s5\" specify five floating point times\n"
" in seconds that apply to scrollcopyrect detection with\n"
" *Mouse* input: s1 is how long to wait after a mouse\n"
" button is pressed for the first scroll, s2 is how long\n"
" to keep waiting for additional scrolls after the first\n"
" Mouse scroll was detected. s3 is how frequently to\n"
" try to update surrounding scrollbars outside of the\n"
" scrolling area (0.0 to disable). s4 is how long to\n"
" buffer pointer motion (to try to get fewer, bigger\n"
" mouse scrolls). s5 is the maximum time to spend just\n"
" updating the scroll window without updating the rest\n"
" of the screen.\n"
"\n"
"-fixscreen string Periodically \"repair\" the screen based on settings\n"
" in \"string\". Hopefully you won't need this option,\n"
" it is intended for cases when the -scrollcopyrect or\n"
" -wirecopyrect features leave too many painting errors,\n"
" but it can be used for any scenario. This option\n"
" periodically performs costly operations and so\n"
" interactive response may be reduced when it is on.\n"
" You can use 3 Alt_L's (the Left \"Alt\" key) taps in\n"
" a row (as described under -scrollcopyrect) instead to\n"
" manually request a screen repaint when it is needed.\n"
"\n"
" \"string\" is a comma separated list of one or more of\n"
" the following: \"V=t\", \"C=t\", \"X=t\", and \"8=t\".\n"
" In these \"t\" stands for a time in seconds (it is\n"
" a floating point even though one should usually use\n"
" values > 2 to avoid wasting resources). V sets how\n"
" frequently the entire screen should be sent to viewers\n"
" (it is like the 3 Alt_L's). C sets how long to wait\n"
" after a CopyRect to repaint the full screen. X sets\n"
" how frequently to reread the full X11 framebuffer from\n"
" the X server and push it out to connected viewers.\n"
" Use of X should be rare, please report a bug if you\n"
" find you need it. 8= applies only for -8to24 mode: it\n"
" sets how often the non-default visual regions of the\n"
" screen (e.g. 8bpp windows) are refreshed. Examples:\n"
" -fixscreen V=10 -fixscreen C=10\n"
"\n"
"-debug_scroll Turn on debugging info printout for the scroll\n"
" heuristics. \"-ds\" is an alias. Specify it multiple\n"
" times for more output.\n"
"\n"
"-noxrecord Disable any use of the RECORD extension. This is\n"
" currently used by the -scrollcopyrect scheme and to\n"
" monitor X server grabs.\n"
"\n"
"-grab_buster Some of the use of the RECORD extension can leave a\n"
"-nograb_buster tiny window for XGrabServer deadlock. This is only if\n"
" the whole-server grabbing application expects mouse or\n"
" keyboard input before releasing the grab. It is usually\n"
" a window manager that does this. x11vnc takes care to\n"
" avoid the the problem, but if caught x11vnc will freeze.\n"
" Without -grab_buster, the only solution is to go the\n"
" physical display and give it some input to satisfy the\n"
" grabbing app. Or manually kill and restart the window\n"
" manager if that is feasible. With -grab_buster, x11vnc\n"
" will fork a helper thread and if x11vnc appears to be\n"
" stuck in a grab after a period of time (20-30 sec) then\n"
" it will inject some user input: button clicks, Escape,\n"
" mouse motion, etc to try to break the grab. If you\n"
" experience a lot of grab deadlock, please report a bug.\n"
"\n"
"-debug_grabs Turn on debugging info printout with respect to\n"
" XGrabServer() deadlock for -scrollcopyrect mode.\n"
"\n"
"-debug_sel Turn on debugging info printout with respect to\n"
" PRIMARY, CLIPBOARD, and CUTBUFFER0 selections.\n"
"\n"
"-pointer_mode n Various pointer motion update schemes. \"-pm\" is\n"
" an alias. The problem is pointer motion can cause\n"
" rapid changes on the screen: consider the rapid\n"
" changes when you drag a large window around opaquely.\n"
" Neither x11vnc's screen polling and vnc compression\n"
" routines nor the bandwidth to the vncviewers can keep\n"
" up these rapid screen changes: everything will bog down\n"
" when dragging or scrolling. So a scheme has to be used\n"
" to \"eat\" much of that pointer input before re-polling\n"
" the screen and sending out framebuffer updates. The\n"
" mode number \"n\" can be 0 to %d and selects one of\n"
" the schemes desribed below.\n"
"\n"
" Note that the -wireframe and -scrollcopyrect modes\n"
" complement -pointer_mode by detecting (and improving)\n"
" certain periods of \"rapid screen change\".\n"
"\n"
" n=0: does the same as -nodragging. (all screen polling\n"
" is suspended if a mouse button is pressed.)\n"
"\n"
" n=1: was the original scheme used to about Jan 2004:\n"
" it basically just skips -input_skip keyboard or pointer\n"
" events before repolling the screen.\n"
"\n"
" n=2 is an improved scheme: by watching the current rate\n"
" of input events it tries to detect if it should try to\n"
" \"eat\" additional pointer events before continuing.\n"
"\n"
" n=3 is basically a dynamic -nodragging mode: it detects\n"
" when the mouse motion has paused and then refreshes\n"
" the display.\n"
"\n"
" n=4 attempts to measures network rates and latency,\n"
" the video card read rate, and how many tiles have been\n"
" changed on the screen. From this, it aggressively tries\n"
" to push screen \"frames\" when it decides it has enough\n"
" resources to do so. NOT FINISHED.\n"
"\n"
" The default n is %d. Note that modes 2, 3, 4 will skip\n"
" -input_skip keyboard events (but it will not count\n"
" pointer events). Also note that these modes are not\n"
" available in -threads mode which has its own pointer\n"
" event handling mechanism.\n"
"\n"
" To try out the different pointer modes to see which\n"
" one gives the best response for your usage, it is\n"
" convenient to use the remote control function, for\n"
" example \"x11vnc -R pm:4\" or the tcl/tk gui (Tuning ->\n"
" pointer_mode -> n).\n"
"\n"
"-input_skip n For the pointer handling when non-threaded: try to\n"
" read n user input events before scanning display. n < 0\n"
" means to act as though there is always user input.\n"
" Default: %d\n"
"\n"
"-speeds rd,bw,lat x11vnc tries to estimate some speed parameters that\n"
" are used to optimize scheduling (e.g. -pointer_mode\n"
" 4, -wireframe, -scrollcopyrect) and other things.\n"
" Use the -speeds option to set these manually.\n"
" The triple \"rd,bw,lat\" corresponds to video h/w\n"
" read rate in MB/sec, network bandwidth to clients in\n"
" KB/sec, and network latency to clients in milliseconds,\n"
" respectively. If a value is left blank, e.g. \"-speeds\n"
" ,100,15\", then the internal scheme is used to estimate\n"
" the empty value(s).\n"
"\n"
" Typical PC video cards have read rates of 5-10 MB/sec.\n"
" If the framebuffer is in main memory instead of video\n"
" h/w (e.g. SunRay, shadowfb, dummy driver, Xvfb), the\n"
" read rate may be much faster. \"x11perf -getimage500\"\n"
" can be used to get a lower bound (remember to factor\n"
" in the bytes per pixel). It is up to you to estimate\n"
" the network bandwith and latency to clients. For the\n"
" latency the ping(1) command can be used.\n"
"\n"
" For convenience there are some aliases provided,\n"
" e.g. \"-speeds modem\". The aliases are: \"modem\" for\n"
" 6,4,200; \"dsl\" for 6,100,50; and \"lan\" for 6,5000,1\n"
"\n"
"-wmdt string For some features, e.g. -wireframe and -scrollcopyrect,\n"
" x11vnc has to work around issues for certain window\n"
" managers or desktops (currently kde and xfce).\n"
" By default it tries to guess which one, but it can\n"
" guess incorrectly. Use this option to indicate which\n"
" wm/dt. \"string\" can be \"gnome\", \"kde\", \"cde\",\n"
" \"xfce\", or \"root\" (classic X wm). Anything else\n"
" is interpreted as \"root\".\n"
"\n"
"-debug_pointer Print debugging output for every pointer event.\n"
"-debug_keyboard Print debugging output for every keyboard event.\n"
" Same as -dp and -dk, respectively. Use multiple\n"
" times for more output.\n"
"\n"
"-defer time Time in ms to wait for updates before sending to client\n"
" (deferUpdateTime) Default: %d\n"
"-wait time Time in ms to pause between screen polls. Used to cut\n"
" down on load. Default: %d\n"
"-wait_ui factor Factor by which to cut the -wait time if there\n"
" has been recent user input (pointer or keyboard).\n"
" Improves response, but increases the load whenever you\n"
" are moving the mouse or typing. Default: %.2f\n"
"-nowait_bog Do not detect if the screen polling is \"bogging down\"\n"
" and sleep more. Some activities with no user input can\n"
" slow things down a lot: consider a large terminal window\n"
" with a long build running in it continously streaming\n"
" text output. By default x11vnc will try to detect this\n"
" (3 screen polls in a row each longer than 0.25 sec with\n"
" no user input), and sleep up to 1.5 secs to let things\n"
" \"catch up\". Use this option to disable that detection.\n"
"-slow_fb time Floating point time in seconds delay all screen polling.\n"
" For special purpose usage where a low frame rate is\n"
" acceptable and desirable, but you want the user input\n"
" processed at the normal rate so you cannot use -wait.\n"
"-readtimeout n Set libvncserver rfbMaxClientWait to n seconds. On\n"
" slow links that take a long time to paint the first\n"
" screen libvncserver may hit the timeout and drop the\n"
" connection. Default: %d seconds.\n"
"-nap Monitor activity and if it is low take longer naps\n"
"-nonap between screen polls to really cut down load when idle.\n"
" Default: %s\n"
"-sb time Time in seconds after NO activity (e.g. screen blank)\n"
" to really throttle down the screen polls (i.e. sleep\n"
" for about 1.5 secs). Use 0 to disable. Default: %d\n"
"\n"
"-nofbpm If the system supports the FBPM (Frame Buffer Power\n"
"-fbpm Management) extension (i.e. some Sun systems), then\n"
" prevent the video h/w from going into a reduced power\n"
" state when VNC clients are connected.\n"
"\n"
" FBPM capable video h/w save energy when the workstation\n"
" is idle by going into low power states (similar to DPMS\n"
" for monitors). This interferes with x11vnc's polling\n"
" of the framebuffer data.\n"
"\n"
" \"-nofbpm\" means prevent FBPM low power states whenever\n"
" VNC clients are connected, while \"-fbpm\" means to not\n"
" monitor the FBPM state at all. See the xset(1) manpage\n"
" for details. -nofbpm is basically the same as running\n"
" \"xset fbpm force on\" periodically. Default: %s\n"
"\n"
"-noxdamage Do not use the X DAMAGE extension to detect framebuffer\n"
" changes even if it is available. Use -xdamage if your\n"
" default is to have it off.\n"
"\n"
" x11vnc's use of the DAMAGE extension: 1) significantly\n"
" reduces the load when the screen is not changing much,\n"
" and 2) detects changed areas (small ones by default)\n"
" more quickly.\n"
"\n"
" Currently the DAMAGE extension is overly conservative\n"
" and often reports large areas (e.g. a whole terminal\n"
" or browser window) as damaged even though the actual\n"
" changed region is much smaller (sometimes just a few\n"
" pixels). So heuristics were introduced to skip large\n"
" areas and use the damage rectangles only as \"hints\"\n"
" for the traditional scanline polling. The following\n"
" tuning parameters are introduced to adjust this\n"
" behavior:\n"
"\n"
"-xd_area A Set the largest DAMAGE rectangle area \"A\" (in\n"
" pixels: width * height) to trust as truly damaged:\n"
" the rectangle will be copied from the framebuffer\n"
" (slow) no matter what. Set to zero to trust *all*\n"
" rectangles. Default: %d\n"
"-xd_mem f Set how long DAMAGE rectangles should be \"remembered\",\n"
" \"f\" is a floating point number and is in units of the\n"
" scanline repeat cycle time (%d iterations). The default\n"
" (%.1f) should give no painting problems. Increase it if\n"
" there are problems or decrease it to live on the edge\n"
" (perhaps useful on a slow machine).\n"
"\n"
"-sigpipe string Broken pipe (SIGPIPE) handling. \"string\" can be\n"
" \"ignore\" or \"exit\". For \"ignore\" libvncserver\n"
" will handle the abrupt loss of a client and continue,\n"
" for \"exit\" x11vnc will cleanup and exit at the 1st\n"
" broken connection. Default: \"ignore\". This option\n"
" is obsolete.\n"
"-threads Whether or not to use the threaded libvncserver\n"
"-nothreads algorithm [rfbRunEventLoop] if libpthread is available\n"
" Default: %s\n"
"\n"
"-fs f If the fraction of changed tiles in a poll is greater\n"
" than f, the whole screen is updated. Default: %.2f\n"
"-gaps n Heuristic to fill in gaps in rows or cols of n or\n"
" less tiles. Used to improve text paging. Default: %d\n"
"-grow n Heuristic to grow islands of changed tiles n or wider\n"
" by checking the tile near the boundary. Default: %d\n"
"-fuzz n Tolerance in pixels to mark a tiles edges as changed.\n"
" Default: %d\n"
"-debug_tiles Print debugging output for tiles, fb updates, etc.\n"
"\n"
"-snapfb Instead of polling the X display framebuffer (fb) for\n"
" changes, periodically copy all of X display fb into main\n"
" memory and examine that copy for changes. Under some\n"
" circumstances this will improve interactive response,\n"
" or at least make things look smoother, but in others\n"
" (most!) it will make the response worse. If the video\n"
" h/w fb is such that reading small tiles is very slow\n"
" this mode could help. To keep the \"framerate\" up\n"
" the screen size x bpp cannot be too large. Note that\n"
" this mode is very wasteful of memory I/O resources\n"
" (it makes full screen copies even if nothing changes).\n"
" It may be of use in video capture-like applications,\n"
" or where window tearing is a problem.\n"
"\n"
"-rawfb string Experimental option, instead of polling X, poll the\n"
" memory object specified in \"string\". For shared\n"
" memory segments it is of the form: \"shm:N@WxHxB\"\n"
" which specifies a shmid N and framebuffer Width, Height,\n"
" and Bits per pixel. To memory map mmap(2) a file use:\n"
" \"map:/path/to/a/file@WxHxB\". If there is trouble\n"
" with mmap, use \"file:/...\" for slower lseek(2)\n"
" based reading. If you do not supply a type \"map\"\n"
" is assumed if the file exists.\n"
"\n"
" If string is \"setup:cmd\", then the command \"cmd\"\n"
" is run and the first line from it is read and used\n"
" as \"string\". This allows initializing the device,\n"
" determining WxHxB, etc. These are often done as root\n"
" so take care.\n"
"\n"
" Optional suffixes are \":R/G/B\" and \"+O\" to specify\n"
" red, green, and blue masks and an offset into the\n"
" memory object. If the masks are not provided x11vnc\n"
" guesses them based on the bpp.\n"
"\n"
" Examples:\n"
" -rawfb shm:210337933@800x600x32:ff/ff00/ff0000\n"
" -rawfb map:/dev/fb0@1024x768x32\n"
" -rawfb map:/tmp/Xvfb_screen0@640x480x8+3232\n"
" -rawfb file:/tmp/my.pnm@250x200x24+37\n"
"\n"
" (see ipcs(1) and fbset(1) for the first two examples)\n"
"\n"
" All user input is discarded by default (but see the\n"
" -pipeinput option). Most of the X11 (screen, keyboard,\n"
" mouse) options do not make sense and many will cause\n"
" this mode to crash, so please think twice before\n"
" setting/changing them.\n"
"\n"
" If you don't want x11vnc to close the X DISPLAY in\n"
" rawfb mode, then capitalize the prefix, SHM:, MAP:,\n"
" FILE: Keeping the display open enables the default\n"
" remote-control channel, which could be useful. Also,\n"
" if you also specify -noviewonly, then the mouse and\n"
" keyboard input are STILL sent to the X display, this\n"
" usage should be very rare, i.e. doing something strange\n"
" with /dev/fb0.\n"
"\n"
"-pipeinput cmd Another experimental option: it lets you supply an\n"
" external command in \"cmd\" that x11vnc will pipe\n"
" all of the user input events to in a simple format.\n"
" In -pipeinput mode by default x11vnc will not process\n"
" any of the user input events. If you prefix \"cmd\"\n"
" with \"tee:\" it will both send them to the pipe\n"
" command and process them. For a description of the\n"
" format run \"-pipeinput tee:/bin/cat\". Another prefix\n"
" is \"reopen\" which means to reopen pipe if it exits.\n"
" Separate multiple prefixes with commas.\n"
"\n"
" In combination with -rawfb one might be able to\n"
" do amusing things (e.g. control non-X devices).\n"
" To facilitate this, if -rawfb is in effect then the\n"
" value is stored in X11VNC_RAWFB_STR for the pipe command\n"
" to use if it wants. Do 'env | grep X11VNC' for more.\n"
"\n"
"-gui [gui-opts] Start up a simple tcl/tk gui based on the the remote\n"
" control options -remote/-query described below.\n"
" Requires the \"wish\" program to be installed on the\n"
" machine. \"gui-opts\" is not required: the default\n"
" is to start up both the full gui and x11vnc with the\n"
" gui showing up on the X display in the environment\n"
" variable DISPLAY.\n"
"\n"
" \"gui-opts\" can be a comma separated list of items.\n"
" Currently there are these types of items: 1) a gui\n"
" mode, a 2) gui \"simplicity\", 3) the X display the\n"
" gui should display on, 4) a \"tray\" or \"icon\" mode,\n"
" and 5) a gui geometry.\n"
"\n"
" 1) The gui mode can be \"start\", \"conn\", or \"wait\"\n"
" \"start\" is the default mode above and is not required.\n"
" \"conn\" means do not automatically start up x11vnc,\n"
" but instead just try to connect to an existing x11vnc\n"
" process. \"wait\" means just start the gui and nothing\n"
" else (you will later instruct the gui to start x11vnc\n"
" or connect to an existing one.)\n"
"\n"
" 2) The gui simplicity is off by default (a power-user\n"
" gui with all options is presented) To start with\n"
" something less daunting supply the string \"simple\"\n"
" (\"ez\" is an alias for this). Once the gui is\n"
" started you can toggle between the two with \"Misc ->\n"
" simple_gui\".\n"
"\n"
" 3) Note the possible confusion regarding the potentially\n"
" two different X displays: x11vnc polls one, but you\n"
" may want the gui to appear on another. For example, if\n"
" you ssh in and x11vnc is not running yet you may want\n"
" the gui to come back to you via your ssh redirected X\n"
" display (e.g. localhost:10).\n"
"\n"
" If you do not specify a gui X display in \"gui-opts\"\n"
" then the DISPLAY environment variable and -display\n"
" option are tried (in that order). Regarding the x11vnc\n"
" X display the gui will try to communication with, it\n"
" first tries -display and then DISPLAY. For example,\n"
" \"x11vnc -display :0 -gui otherhost:0\", will remote\n"
" control an x11vnc polling :0 and display the gui on\n"
" otherhost:0 The \"tray/icon\" mode below reverses this\n"
" preference, preferring to display on the x11vnc display.\n"
"\n"
" 4) When \"tray\" or \"icon\" is specified, the gui\n"
" presents itself as a small icon with behavior typical\n"
" of a \"system tray\" or \"dock applet\". The color\n"
" of the icon indicates status (connected clients) and\n"
" there is also a balloon status. Clicking on the icon\n"
" gives a menu from which properties, etc, can be set and\n"
" the full gui is available under \"Advanced\". To be\n"
" fully functional, the gui mode should be \"start\"\n"
" (the default).\n"
"\n"
" For \"icon\" the gui just a small standalone window.\n"
" For \"tray\" it will attempt to embed itself in the\n"
" \"system tray\" if possible. If \"=setpass\" is appended then\n"
" at startup the X11 user will be prompted to set the\n"
" VNC session password. If =<hexnumber> is appended\n"
" that icon will attempt to embed itself in the window\n"
" given by hexnumber. Use =noadvanced to disable the\n"
" full gui. (To supply more than one, use \"+\" sign).\n"
" E.g. -gui tray=setpass and -gui icon=0x3600028\n"
"\n"
" Other modes: \"full\", the default and need not be\n"
" specified. \"-gui none\", do not show a gui, useful\n"
" to override a ~/.x11vncrc setting, etc.\n"
"\n"
" 5) When \"geom=+X+Y\" is specified, that geometry\n"
" is passed to the gui toplevel. This is the icon in\n"
" icon/tray mode, or the full gui otherwise. You can\n"
" also specify width and height, i.e. WxH+X+Y, but it\n"
" is not recommended. In \"tray\" mode the geometry is\n"
" ignored unless the system tray manager does not seem\n"
" to be running. One could imagine using something like\n"
" \"-gui tray,geom=+4000+4000\" with a display manager\n"
" to keep the gui invisible until someone logs in...\n"
"\n"
" More icon tricks, \"icon=minimal\" gives an icon just\n"
" with the VNC display number. You can also set the font\n"
" with \"iconfont=...\". The following could be useful:\n"
" \"-gui icon=minimal,iconfont=5x8,geom=24x10+0-0\"\n"
"\n"
" General examples of the -gui option: \"x11vnc -gui\",\n"
" \"x11vnc -gui ez\" \"x11vnc -gui localhost:10\",\n"
" \"x11vnc -gui conn,host:0\", \"x11vnc -gui tray,ez\"\n"
" \"x11vnc -gui tray=setpass\"\n"
"\n"
" If you do not intend to start x11vnc from the gui\n"
" (i.e. just remote control an existing one), then the\n"
" gui process can run on a different machine from the\n"
" x11vnc server as long as X permissions, etc. permit\n"
" communication between the two.\n"
"\n"
"-remote command Remotely control some aspects of an already running\n"
" x11vnc server. \"-R\" and \"-r\" are aliases for\n"
" \"-remote\". After the remote control command is\n"
" sent to the running server the 'x11vnc -remote ...'\n"
" command exits. You can often use the -query command\n"
" (see below) to see if the x11vnc server processed your\n"
" -remote command.\n"
"\n"
" The default communication channel is that of X\n"
" properties (specifically X11VNC_REMOTE), and so this\n"
" command must be run with correct settings for DISPLAY\n"
" and possibly XAUTHORITY to connect to the X server\n"
" and set the property. Alternatively, use the -display\n"
" and -auth options to set them to the correct values.\n"
" The running server cannot use the -novncconnect option\n"
" because that disables the communication channel.\n"
" See below for alternate channels.\n"
"\n"
" For example: 'x11vnc -remote stop' (which is the same as\n"
" 'x11vnc -R stop') will close down the x11vnc server.\n"
" 'x11vnc -R shared' will enable shared connections, and\n"
" 'x11vnc -R scale:3/4' will rescale the desktop.\n"
"\n"
" The following -remote/-R commands are supported:\n"
"\n"
" stop terminate the server, same as \"quit\"\n"
" \"exit\" or \"shutdown\".\n"
" ping see if the x11vnc server responds.\n"
" Return is: ans=ping:<xdisplay>\n"
" blacken try to push a black fb update to all\n"
" clients (due to timings a client\n"
" could miss it). Same as \"zero\", also\n"
" \"zero:x1,y1,x2,y2\" for a rectangle.\n"
" refresh send the entire fb to all clients.\n"
" reset recreate the fb, polling memory, etc.\n"
/* ext. cmd. */
" id:windowid set -id window to \"windowid\". empty\n"
" or \"root\" to go back to root window\n"
" sid:windowid set -sid window to \"windowid\"\n"
" waitmapped wait until subwin is mapped.\n"
" nowaitmapped do not wait until subwin is mapped.\n"
" clip:WxH+X+Y set -clip mode to \"WxH+X+Y\"\n"
" flashcmap enable -flashcmap mode.\n"
" noflashcmap disable -flashcmap mode.\n"
" shiftcmap:n set -shiftcmap to n.\n"
" notruecolor enable -notruecolor mode.\n"
" truecolor disable -notruecolor mode.\n"
" overlay enable -overlay mode (if applicable).\n"
" nooverlay disable -overlay mode.\n"
" overlay_cursor in -overlay mode, enable cursor drawing.\n"
" overlay_nocursor disable cursor drawing. same as\n"
" nooverlay_cursor.\n"
" 8to24 enable -8to24 mode (if applicable).\n"
" no8to24 disable -8to24 mode.\n"
" 8to24_opts:str set the -8to24 opts to \"str\".\n"
" visual:vis set -visual to \"vis\"\n"
" scale:frac set -scale to \"frac\"\n"
" scale_cursor:f set -scale_cursor to \"f\"\n"
" viewonly enable -viewonly mode.\n"
/* access view,share,forever */
" noviewonly disable -viewonly mode.\n"
" shared enable -shared mode.\n"
" noshared disable -shared mode.\n"
" forever enable -forever mode.\n"
" noforever disable -forever mode.\n"
" timeout:n reset -timeout to n, if there are\n"
" currently no clients, exit unless one\n"
" connects in the next n secs.\n"
" filexfer enable filetransfer for new clients.\n"
" nofilexfer disable filetransfer for new clients.\n"
/* access */
" http enable http client connections.\n"
" nohttp disable http client connections.\n"
" deny deny any new connections, same as \"lock\"\n"
" nodeny allow new connections, same as \"unlock\"\n"
/* access, filename */
" connect:host do reverse connection to host, \"host\"\n"
" may be a comma separated list of hosts\n"
" or host:ports. See -connect. Passwords\n"
" required as with fwd connections.\n"
" See X11VNC_REVERSE_CONNECTION_NO_AUTH=1\n"
" disconnect:host disconnect any clients from \"host\"\n"
" same as \"close:host\". Use host\n"
" \"all\" to close all current clients.\n"
" If you know the client internal hex ID,\n"
" e.g. 0x3 (returned by \"-query clients\"\n"
" and RFB_CLIENT_ID) you can use that too.\n"
/* access */
" allowonce:host For the next connection only, allow\n"
" connection from \"host\".\n"
/* access */
" allow:hostlist set -allow list to (comma separated)\n"
" \"hostlist\". See -allow and -localhost.\n"
" Do not use with -allow /path/to/file\n"
" Use \"+host\" to add a single host, and\n"
" use \"-host\" to delete a single host\n"
" localhost enable -localhost mode\n"
" nolocalhost disable -localhost mode\n"
" listen:str set -listen to str, empty to disable.\n"
" nolookup enable -nolookup mode.\n"
" lookup disable -nolookup mode.\n"
" input:str set -input to \"str\", empty to disable.\n"
" client_input:str set the K, M, B -input on a per-client\n"
" basis. select which client as for\n"
" disconnect, e.g. client_input:host:MB\n"
" or client_input:0x2:K\n"
/* ext. cmd. */
" accept:cmd set -accept \"cmd\" (empty to disable).\n"
" afteraccept:cmd set -afteraccept (empty to disable).\n"
" gone:cmd set -gone \"cmd\" (empty to disable).\n"
" noshm enable -noshm mode.\n"
" shm disable -noshm mode (i.e. use shm).\n"
" flipbyteorder enable -flipbyteorder mode, you may need\n"
" to set noshm for this to do something.\n"
" noflipbyteorder disable -flipbyteorder mode.\n"
" onetile enable -onetile mode. (you may need to\n"
" set shm for this to do something)\n"
" noonetile disable -onetile mode.\n"
/* ext. cmd. */
" solid enable -solid mode\n"
" nosolid disable -solid mode.\n"
" solid_color:color set -solid color (and apply it).\n"
" blackout:str set -blackout \"str\" (empty to disable).\n"
" See -blackout for the form of \"str\"\n"
" (basically: WxH+X+Y,...)\n"
" Use \"+WxH+X+Y\" to append a single\n"
" rectangle use \"-WxH+X+Y\" to delete one\n"
" xinerama enable -xinerama mode. (if applicable)\n"
" noxinerama disable -xinerama mode.\n"
" xtrap enable -xtrap input mode(if applicable)\n"
" noxtrap disable -xtrap input mode.\n"
" xrandr enable -xrandr mode. (if applicable)\n"
" noxrandr disable -xrandr mode.\n"
" xrandr_mode:mode set the -xrandr mode to \"mode\".\n"
" padgeom:WxH set -padgeom to WxH (empty to disable)\n"
" If WxH is \"force\" or \"do\" the padded\n"
" geometry fb is immediately applied.\n"
" quiet enable -quiet mode.\n"
" noquiet disable -quiet mode.\n"
" modtweak enable -modtweak mode.\n"
" nomodtweak enable -nomodtweak mode.\n"
" xkb enable -xkb modtweak mode.\n"
" noxkb disable -xkb modtweak mode.\n"
" skip_keycodes:str enable -xkb -skip_keycodes \"str\".\n"
" sloppy_keys enable -sloppy_keys mode.\n"
" nosloppy_keys disable -sloppy_keys mode.\n"
" skip_dups enable -skip_dups mode.\n"
" noskip_dups disable -skip_dups mode.\n"
" add_keysyms enable -add_keysyms mode.\n"
" noadd_keysyms stop adding keysyms. those added will\n"
" still be removed at exit.\n"
" clear_mods enable -clear_mods mode and clear them.\n"
" noclear_mods disable -clear_mods mode.\n"
" clear_keys enable -clear_keys mode and clear them.\n"
" noclear_keys disable -clear_keys mode.\n"
/* filename */
" remap:str set -remap \"str\" (empty to disable).\n"
" See -remap for the form of \"str\"\n"
" (basically: key1-key2,key3-key4,...)\n"
" Use \"+key1-key2\" to append a single\n"
" keymapping, use \"-key1-key2\" to delete.\n"
" norepeat enable -norepeat mode.\n"
" repeat disable -norepeat mode.\n"
" nofb enable -nofb mode.\n"
" fb disable -nofb mode.\n"
" bell enable bell (if supported).\n"
" nobell disable bell.\n"
" nosel enable -nosel mode.\n"
" sel disable -nosel mode.\n"
" noprimary enable -noprimary mode.\n"
" primary disable -noprimary mode.\n"
" nosetprimary enable -nosetprimary mode.\n"
" setprimary disable -nosetprimary mode.\n"
" noclipboard enable -noclipboard mode.\n"
" clipboard disable -noclipboard mode.\n"
" nosetclipboard enable -nosetclipboard mode.\n"
" setclipboard disable -nosetclipboard mode.\n"
" seldir:str set -seldir to \"str\"\n"
" cursor:mode enable -cursor \"mode\".\n"
" show_cursor enable showing a cursor.\n"
" noshow_cursor disable showing a cursor. (same as\n"
" \"nocursor\")\n"
" arrow:n set -arrow to alternate n.\n"
" xfixes enable xfixes cursor shape mode.\n"
" noxfixes disable xfixes cursor shape mode.\n"
" alphacut:n set -alphacut to n.\n"
" alphafrac:f set -alphafrac to f.\n"
" alpharemove enable -alpharemove mode.\n"
" noalpharemove disable -alpharemove mode.\n"
" alphablend disable -noalphablend mode.\n"
" noalphablend enable -noalphablend mode.\n"
" cursorshape disable -nocursorshape mode.\n"
" nocursorshape enable -nocursorshape mode.\n"
" cursorpos disable -nocursorpos mode.\n"
" nocursorpos enable -nocursorpos mode.\n"
" xwarp enable -xwarppointer mode.\n"
" noxwarp disable -xwarppointer mode.\n"
" buttonmap:str set -buttonmap \"str\", empty to disable\n"
" dragging disable -nodragging mode.\n"
" nodragging enable -nodragging mode.\n"
" wireframe enable -wireframe mode. same as \"wf\"\n"
" nowireframe disable -wireframe mode. same as \"nowf\"\n"
" wireframe:str enable -wireframe mode string.\n"
" wireframe_mode:str enable -wireframe mode string.\n"
" wirecopyrect:str set -wirecopyrect string. same as \"wcr:\"\n"
" scrollcopyrect:str set -scrollcopyrect string. same \"scr\"\n"
" noscrollcopyrect disable -scrollcopyrect mode. \"noscr\"\n"
" scr_area:n set -scr_area to n\n"
" scr_skip:list set -scr_skip to \"list\"\n"
" scr_inc:list set -scr_inc to \"list\"\n"
" scr_keys:list set -scr_keys to \"list\"\n"
" scr_term:list set -scr_term to \"list\"\n"
" scr_keyrepeat:str set -scr_keyrepeat to \"str\"\n"
" scr_parms:str set -scr_parms parameters.\n"
" fixscreen:str set -fixscreen to \"str\".\n"
" noxrecord disable all use of RECORD extension.\n"
" xrecord enable use of RECORD extension.\n"
" reset_record reset RECORD extension (if avail.)\n"
" pointer_mode:n set -pointer_mode to n. same as \"pm\"\n"
" input_skip:n set -input_skip to n.\n"
" speeds:str set -speeds to str.\n"
" wmdt:str set -wmdt to str.\n"
" debug_pointer enable -debug_pointer, same as \"dp\"\n"
" nodebug_pointer disable -debug_pointer, same as \"nodp\"\n"
" debug_keyboard enable -debug_keyboard, same as \"dk\"\n"
" nodebug_keyboard disable -debug_keyboard, same as \"nodk\"\n"
" defer:n set -defer to n ms,same as deferupdate:n\n"
" wait:n set -wait to n ms.\n"
" wait_ui:f set -wait_ui factor to f.\n"
" wait_bog disable -nowait_bog mode.\n"
" nowait_bog enable -nowait_bog mode.\n"
" slow_fb:f set -slow_fb to f seconds.\n"
" readtimeout:n set read timeout to n seconds.\n"
" nap enable -nap mode.\n"
" nonap disable -nap mode.\n"
" sb:n set -sb to n s, same as screen_blank:n\n"
" fbpm disable -nofbpm mode.\n"
" nofbpm enable -nofbpm mode.\n"
" xdamage enable xdamage polling hints.\n"
" noxdamage disable xdamage polling hints.\n"
" xd_area:A set -xd_area max pixel area to \"A\"\n"
" xd_mem:f set -xd_mem remembrance to \"f\"\n"
" fs:frac set -fs fraction to \"frac\", e.g. 0.5\n"
" gaps:n set -gaps to n.\n"
" grow:n set -grow to n.\n"
" fuzz:n set -fuzz to n.\n"
" snapfb enable -snapfb mode.\n"
" nosnapfb disable -snapfb mode.\n"
" rawfb:str set -rawfb mode to \"str\".\n"
" progressive:n set libvncserver -progressive slice\n"
" height parameter to n.\n"
" desktop:str set -desktop name to str for new clients.\n"
" rfbport:n set -rfbport to n.\n"
/* access */
" httpport:n set -httpport to n.\n"
" httpdir:dir set -httpdir to dir (and enable http).\n"
" enablehttpproxy enable -enablehttpproxy mode.\n"
" noenablehttpproxy disable -enablehttpproxy mode.\n"
" alwaysshared enable -alwaysshared mode.\n"
" noalwaysshared disable -alwaysshared mode.\n"
" (may interfere with other options)\n"
" nevershared enable -nevershared mode.\n"
" nonevershared disable -nevershared mode.\n"
" (may interfere with other options)\n"
" dontdisconnect enable -dontdisconnect mode.\n"
" nodontdisconnect disable -dontdisconnect mode.\n"
" (may interfere with other options)\n"
" debug_xevents enable debugging X events.\n"
" nodebug_xevents disable debugging X events.\n"
" debug_xdamage enable debugging X DAMAGE mechanism.\n"
" nodebug_xdamage disable debugging X DAMAGE mechanism.\n"
" debug_wireframe enable debugging wireframe mechanism.\n"
" nodebug_wireframe disable debugging wireframe mechanism.\n"
" debug_scroll enable debugging scrollcopy mechanism.\n"
" nodebug_scroll disable debugging scrollcopy mechanism.\n"
" debug_tiles enable -debug_tiles\n"
" nodebug_tiles disable -debug_tiles\n"
" debug_grabs enable -debug_grabs\n"
" nodebug_grabs disable -debug_grabs\n"
" debug_sel enable -debug_sel\n"
" nodebug_sel disable -debug_sel\n"
" dbg enable -dbg crash shell\n"
" nodbg disable -dbg crash shell\n"
"\n"
" noremote disable the -remote command processing,\n"
" it cannot be turned back on.\n"
"\n"
" The vncconnect(1) command from standard VNC\n"
" distributions may also be used if string is prefixed\n"
" with \"cmd=\" E.g. 'vncconnect cmd=stop'. Under some\n"
" circumstances xprop(1) can used if it supports -set\n"
" (see the FAQ).\n"
"\n"
" If \"-connect /path/to/file\" has been supplied to the\n"
" running x11vnc server then that file can be used as a\n"
" communication channel (this is the only way to remote\n"
" control one of many x11vnc's polling the same X display)\n"
" Simply run: 'x11vnc -connect /path/to/file -remote ...'\n"
" or you can directly write to the file via something\n"
" like: \"echo cmd=stop > /path/to/file\", etc.\n"
"\n"
"-query variable Like -remote, except just query the value of\n"
" \"variable\". \"-Q\" is an alias for \"-query\".\n"
" Multiple queries can be done by separating variables\n"
" by commas, e.g. -query var1,var2. The results come\n"
" back in the form ans=var1:value1,ans=var2:value2,...\n"
" to the standard output. If a variable is read-only,\n"
" it comes back with prefix \"aro=\" instead of \"ans=\".\n"
"\n"
" Some -remote commands are pure actions that do not make\n"
" sense as variables, e.g. \"stop\" or \"disconnect\", in\n"
" these cases the value returned is \"N/A\". To direct a\n"
" query straight to the X11VNC_REMOTE property or connect\n"
" file use \"qry=...\" instead of \"cmd=...\"\n"
"\n"
" Here is the current list of \"variables\" that can\n"
" be supplied to the -query command. This includes the\n"
" \"N/A\" ones that return no useful info. For variables\n"
" names that do not correspond to an x11vnc option or\n"
" remote command, we hope the name makes it obvious what\n"
" the returned value corresponds to (hint: the ext_*\n"
" variables correspond to the presence of X extensions):\n"
"\n"
" ans= stop quit exit shutdown ping blacken zero\n"
" refresh reset close disconnect id sid waitmapped\n"
" nowaitmapped clip flashcmap noflashcmap shiftcmap\n"
" truecolor notruecolor overlay nooverlay overlay_cursor\n"
" overlay_yescursor nooverlay_nocursor nooverlay_cursor\n"
" nooverlay_yescursor overlay_nocursor 8to24 no8to24\n"
" 8to24_opts visual scale scale_cursor viewonly noviewonly\n"
" shared noshared forever noforever once timeout filexfer\n"
" nofilexfer deny lock nodeny unlock connect allowonce\n"
" allow localhost nolocalhost listen lookup nolookup\n"
" accept afteraccept gone shm noshm flipbyteorder\n"
" noflipbyteorder onetile noonetile solid_color\n"
" solid nosolid blackout xinerama noxinerama xtrap\n"
" noxtrap xrandr noxrandr xrandr_mode padgeom quiet q\n"
" noquiet modtweak nomodtweak xkb noxkb skip_keycodes\n"
" sloppy_keys nosloppy_keys skip_dups noskip_dups\n"
" add_keysyms noadd_keysyms clear_mods noclear_mods\n"
" clear_keys noclear_keys remap repeat norepeat fb nofb\n"
" bell nobell sel nosel primary noprimary setprimary\n"
" nosetprimary clipboard noclipboard setclipboard\n"
" nosetclipboard seldir cursorshape nocursorshape\n"
" cursorpos nocursorpos cursor show_cursor noshow_cursor\n"
" nocursor arrow xfixes noxfixes xdamage noxdamage\n"
" xd_area xd_mem alphacut alphafrac alpharemove\n"
" noalpharemove alphablend noalphablend xwarppointer\n"
" xwarp noxwarppointer noxwarp buttonmap dragging\n"
" nodragging wireframe_mode wireframe wf nowireframe\n"
" nowf wirecopyrect wcr nowirecopyrect nowcr scr_area\n"
" scr_skip scr_inc scr_keys scr_term scr_keyrepeat\n"
" scr_parms scrollcopyrect scr noscrollcopyrect noscr\n"
" fixscreen noxrecord xrecord reset_record pointer_mode\n"
" pm input_skip input client_input speeds wmdt\n"
" debug_pointer dp nodebug_pointer nodp debug_keyboard\n"
" dk nodebug_keyboard nodk deferupdate defer wait_ui\n"
" wait_bog nowait_bog slow_fb wait readtimeout nap nonap\n"
" sb screen_blank fbpm nofbpm fs gaps grow fuzz snapfb\n"
" nosnapfb rawfb progressive rfbport http nohttp httpport\n"
" httpdir enablehttpproxy noenablehttpproxy alwaysshared\n"
" noalwaysshared nevershared noalwaysshared dontdisconnect\n"
" nodontdisconnect desktop debug_xevents nodebug_xevents\n"
" debug_xevents debug_xdamage nodebug_xdamage\n"
" debug_xdamage debug_wireframe nodebug_wireframe\n"
" debug_wireframe debug_scroll nodebug_scroll debug_scroll\n"
" debug_tiles dbt nodebug_tiles nodbt debug_tiles\n"
" debug_grabs nodebug_grabs debug_sel nodebug_sel dbg\n"
" nodbg noremote\n"
"\n"
" aro= noop display vncdisplay desktopname guess_desktop\n"
" http_url auth xauth users rootshift clipshift\n"
" scale_str scaled_x scaled_y scale_numer scale_denom\n"
" scale_fac scaling_blend scaling_nomult4 scaling_pad\n"
" scaling_interpolate inetd privremote unsafe safer nocmds\n"
" passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem\n"
" sslverify stunnel stunnel_pem https usepw using_shm\n"
" logfile o flag rc norc h help V version lastmod bg\n"
" sigpipe threads readrate netrate netlatency pipeinput\n"
" clients client_count pid ext_xtest ext_xtrap ext_xrecord\n"
" ext_xkb ext_xshm ext_xinerama ext_overlay ext_xfixes\n"
" ext_xdamage ext_xrandr rootwin num_buttons button_mask\n"
" mouse_x mouse_y bpp depth indexed_color dpy_x dpy_y\n"
" wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y\n"
" rfbauth passwd viewpasswd\n"
"\n"
"-QD variable Just like -query variable, but returns the default\n"
" value for that parameter (no running x11vnc server\n"
" is consulted)\n"
"\n"
"-sync By default -remote commands are run asynchronously, that\n"
" is, the request is posted and the program immediately\n"
" exits. Use -sync to have the program wait for an\n"
" acknowledgement from the x11vnc server that command was\n"
" processed (somehow). On the other hand -query requests\n"
" are always processed synchronously because they have\n"
" to wait for the answer.\n"
"\n"
" Also note that if both -remote and -query requests are\n"
" supplied on the command line, the -remote is processed\n"
" first (synchronously: no need for -sync), and then\n"
" the -query request is processed in the normal way.\n"
" This allows for a reliable way to see if the -remote\n"
" command was processed by querying for any new settings.\n"
" Note however that there is timeout of a few seconds so\n"
" if the x11vnc takes longer than that to process the\n"
" requests the requestor will think that a failure has\n"
" taken place.\n"
"\n"
"-noremote Do not process any remote control commands or queries.\n"
"-yesremote Do process remote control commands or queries.\n"
" Default: %s\n"
"\n"
" A note about security wrt remote control commands.\n"
" If someone can connect to the X display and change\n"
" the property X11VNC_REMOTE, then they can remotely\n"
" control x11vnc. Normally access to the X display is\n"
" protected. Note that if they can modify X11VNC_REMOTE\n"
" on the X server, they have enough permissions to also\n"
" run their own x11vnc and thus have complete control\n"
" of the desktop. If the \"-connect /path/to/file\"\n"
" channel is being used, obviously anyone who can write\n"
" to /path/to/file can remotely control x11vnc. So be\n"
" sure to protect the X display and that file's write\n"
" permissions. See -privremote below.\n"
"\n"
" If you are paranoid and do not think -noremote is\n"
" enough, to disable the X11VNC_REMOTE property channel\n"
" completely use -novncconnect, or use the -safer option\n"
" that shuts many things off.\n"
"\n"
"-unsafe A few remote commands are disabled by default\n"
" (currently: id:pick, accept:<cmd>, gone:<cmd>, and\n"
" rawfb:setup:<cmd>) because they are associated with\n"
" running external programs. If you specify -unsafe, then\n"
" these remote-control commands are allowed. Note that\n"
" you can still specify these parameters on the command\n"
" line, they just cannot be invoked via remote-control.\n"
"-safer Equivalent to: -novncconnect -noremote and prohibiting\n"
" -gui and the -connect file. Shuts off communcation\n"
" channels.\n"
"-privremote Perform some sanity checks and disable remote-control\n"
" commands if it appears that the X DISPLAY and/or\n"
" connectfile can be accessed by other users. Once\n"
" remote-control is disabled it cannot be turned back on.\n"
"-nocmds No external commands (e.g. system(3), popen(3), exec(3))\n"
" will be run.\n"
"\n"
"-deny_all For use with -remote nodeny: start out denying all\n"
" incoming clients until \"-remote nodeny\" is used to\n"
" let them in.\n"
"%s\n"
"\n"
"These options are passed to libvncserver:\n"
"\n"
;
/* have both our help and rfbUsage to stdout for more(1), etc. */
dup2(1, 2);
/* register extension(s) to get their help output */
#ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER
rfbRegisterTightVNCFileTransferExtension();
#endif
if (mode == 1) {
char *p;
int l = 0;
fprintf(stderr, "x11vnc: allow VNC connections to real "
"X11 displays. %s\n\nx11vnc options:\n", lastmod);
p = strtok(help, "\n");
while (p) {
int w = 23;
char tmp[100];
if (p[0] == '-') {
strncpy(tmp, p, w);
fprintf(stderr, " %s", tmp);
l++;
if (l % 3 == 0) {
fprintf(stderr, "\n");
}
}
p = strtok(NULL, "\n");
}
fprintf(stderr, "\n\nlibvncserver options:\n");
rfbUsage();
fprintf(stderr, "\n");
exit(1);
}
fprintf(stderr, help, lastmod,
POLL_8TO24_DELAY,
scaling_copyrect ? ":cr":":nocr",
view_only ? "on":"off",
shared ? "on":"off",
vnc_connect ? "-vncconnect":"-novncconnect",
xinerama ? "-xinerama":"-noxinerama",
use_modifier_tweak ? "-modtweak":"-nomodtweak",
skip_duplicate_key_events ? "-skip_dups":"-noskip_dups",
add_keysyms ? "-add_keysyms":"-noadd_keysyms",
no_autorepeat ? "-norepeat":"-repeat",
alt_arrow_max, alt_arrow,
alpha_threshold,
alpha_frac,
cursor_pos_updates ? "-cursorpos":"-nocursorpos",
wireframe ? "-wireframe":"-nowireframe",
WIREFRAME_PARMS,
wireframe_copyrect_default,
scroll_copyrect_default,
scrollcopyrect_min_area,
scroll_skip_str0 ? scroll_skip_str0 : "(empty)",
scroll_term_str0,
max_keyrepeat_str0,
SCROLL_COPYRECT_PARMS,
pointer_mode_max, pointer_mode,
ui_skip,
defer_update,
waitms,
wait_ui,
rfbMaxClientWait/1000,
take_naps ? "take naps":"no naps",
screen_blank,
watch_fbpm ? "-nofbpm":"-fbpm",
xdamage_max_area, NSCAN, xdamage_memory,
use_threads ? "-threads":"-nothreads",
fs_frac,
gaps_fill,
grow_fill,
tile_fuzz,
accept_remote_cmds ? "-yesremote":"-noremote",
""
);
rfbUsage();
#endif
exit(1);
}
void xopen_display_fail_message(char *disp) {
fprintf(stderr, "\n");
fprintf(stderr, "*** x11vnc was unable to open the X DISPLAY: \"%s\","
" it cannot continue.\n", disp);
fprintf(stderr, "*** There may be \"Xlib:\" error messages above"
" with details about the failure.\n");
fprintf(stderr, "\n");
fprintf(stderr, "Some tips and guidelines:\n");
fprintf(stderr, "\n");
fprintf(stderr, " * An X server (the one you wish to view) must"
" be running before x11vnc is\n");
fprintf(stderr, " started: x11vnc does not start the X server.\n");
fprintf(stderr, "\n");
fprintf(stderr, " * You must use -display <disp>, -OR- set and"
" export your DISPLAY\n");
fprintf(stderr, " environment variable to refer to the display of"
" the desired X server.\n");
fprintf(stderr, " - Usually the display is simply \":0\" (in fact"
" x11vnc uses this if you forget\n");
fprintf(stderr, " to specify it), but in some multi-user"
" situations it could be \":1\", \":2\",\n");
fprintf(stderr, " or even \":137\". Ask your administrator"
" or a guru if you are having\n");
fprintf(stderr, " difficulty determining what your X DISPLAY is.\n");
fprintf(stderr, "\n");
fprintf(stderr, " * Next, you need to have sufficient permissions"
" (Xauthority) \n");
fprintf(stderr, " to connect to the X DISPLAY. Here are some"
" Tips:\n");
fprintf(stderr, "\n");
fprintf(stderr, " - Often, you just need to run x11vnc as the user"
" logged into the X session.\n");
fprintf(stderr, " So make sure to be that user when you type"
" x11vnc.\n");
fprintf(stderr, " - Being root is usually not enough because the"
" incorrect MIT-MAGIC-COOKIE\n");
fprintf(stderr, " file will be accessed. The cookie file contains"
" the secret key that\n");
fprintf(stderr, " allows x11vnc to connect to the desired"
" X DISPLAY.\n");
fprintf(stderr, " - You can explicity indicate which MIT-MAGIC-COOKIE"
" file should be used\n");
fprintf(stderr, " by the -auth option, e.g.:\n");
fprintf(stderr, " x11vnc -auth /home/someuser/.Xauthority"
" -display :0\n");
fprintf(stderr, " x11vnc -auth /tmp/.gdmzndVlR"
" -display :0\n");
fprintf(stderr, " you must have read permission for the auth file.\n");
fprintf(stderr, "\n");
fprintf(stderr, " - If NO ONE is logged into an X session yet, but"
" there is a greeter login\n");
fprintf(stderr, " program like \"gdm\", \"kdm\", \"xdm\", or"
" \"dtlogin\" running, you will need\n");
fprintf(stderr, " to find and use the raw display manager"
" MIT-MAGIC-COOKIE file.\n");
fprintf(stderr, " Some examples for various display managers:\n");
fprintf(stderr, "\n");
fprintf(stderr, " gdm: -auth /var/gdm/:0.Xauth\n");
fprintf(stderr, " kdm: -auth /var/lib/kdm/A:0-crWk72\n");
fprintf(stderr, " xdm: -auth /var/lib/xdm/authdir/authfiles/A:0-XQvaJk\n");
fprintf(stderr, " dtlogin: -auth /var/dt/A:0-UgaaXa\n");
fprintf(stderr, "\n");
fprintf(stderr, " Only root will have read permission for the"
" file, and so x11vnc must be run\n");
fprintf(stderr, " as root. The random characters in the filenames"
" will of course change,\n");
fprintf(stderr, " and the directory the cookie file resides in may"
" also be system dependent.\n");
fprintf(stderr, " Sometimes the command \"ps wwaux | grep auth\""
" can reveal the file location.\n");
fprintf(stderr, "\n");
fprintf(stderr, "See also: http://www.karlrunge.com/x11vnc/#faq\n");
}
void nopassword_warning_msg(int gotloc) {
char str1[] =
"###############################################################\n"
"#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#\n"
"#@ @#\n"
"#@ ** WARNING ** WARNING ** WARNING ** WARNING ** @#\n"
"#@ @#\n"
"#@ YOU ARE RUNNING X11VNC WITHOUT A PASSWORD!! @#\n"
"#@ @#\n"
"#@ This means anyone with network access to this computer @#\n"
"#@ will be able to easily view and control your desktop. @#\n"
"#@ @#\n"
"#@ >>> If you did not mean to do this Press CTRL-C now!! <<< @#\n"
"#@ @#\n"
"#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#\n"
;
char str2[] =
"#@ @#\n"
"#@ You can create an x11vnc password file by running: @#\n"
"#@ @#\n"
"#@ x11vnc -storepasswd password /path/to/passfile @#\n"
"#@ @#\n"
"#@ and then starting x11vnc via: @#\n"
"#@ @#\n"
"#@ x11vnc -rfbauth /path/to/passfile @#\n"
"#@ @#\n"
"#@ an existing ~/.vnc/passwd file will work too. @#\n"
"#@ @#\n"
"#@ Running \"x11vnc -storepasswd\" with no arguments @#\n"
"#@ will prompt for a passwd to store in ~/.vnc/passwd. @#\n"
"#@ @#\n"
"#@ You can also use the -passwdfile or -passwd options. @#\n"
"#@ (note -passwd is unsafe if local users are not trusted) @#\n"
"#@ @#\n"
"#@ Make sure any -rfbauth and -passwdfile password files @#\n"
"#@ cannot be read by untrusted users. @#\n"
"#@ @#\n"
"#@ Use x11vnc -usepw to automatically use your @#\n"
"#@ ~/.vnc/passwd or ~/.vnc/passwdfile password files. @#\n"
"#@ (and prompt you to create ~/.vnc/passwd if neither @#\n"
"#@ file exists.) @#\n"
"#@ @#\n"
"#@ @#\n"
"#@ Even with a password, the subsequent VNC traffic is @#\n"
"#@ sent in the clear. Consider tunnelling via ssh(1): @#\n"
"#@ @#\n"
"#@ http://www.karlrunge.com/x11vnc/#tunnelling @#\n"
"#@ @#\n"
"#@ Or using the x11vnc SSL options: -ssl and -stunnel @#\n"
"#@ @#\n"
"#@ Please Read the documention for more info about @#\n"
"#@ passwords, security, and encryption. @#\n"
"#@ @#\n"
"#@ http://www.karlrunge.com/x11vnc/#faq-passwd @#\n"
;
char str3[] =
"#@ @#\n"
"#@ You are using the -localhost option and that is a good @#\n"
"#@ thing!! Especially if you ssh(1) into this machine and @#\n"
"#@ use port redirection. Nevertheless, without a password @#\n"
"#@ other users could possibly do redirection as well to @#\n"
"#@ gain access to your desktop. @#\n"
;
char str4[] =
"#@ @#\n"
"#@ To disable this warning use the -nopw option, or put @#\n"
"#@ the setting in your ~/.x11vncrc file. @#\n"
"#@ @#\n"
"#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#\n"
"###############################################################\n"
;
char str5[] =
"###############################################################\n\n"
;
if (inetd) {
return;
}
fprintf(stderr, "%s", str1);
fflush(stderr);
#if !PASSWD_REQUIRED
usleep(2500 * 1000);
#endif
if (!quiet) {
fprintf(stderr, "%s", str2);
if (gotloc) {
fprintf(stderr, "%s", str3);
}
fprintf(stderr, "%s", str4);
} else {
fprintf(stderr, "%s", str5);
}
fflush(stderr);
#if !PASSWD_REQUIRED
usleep(500 * 1000);
#endif
}