diff options
author | runge <runge@karlrunge.com> | 2009-11-18 18:25:36 -0500 |
---|---|---|
committer | runge <runge@karlrunge.com> | 2009-11-18 18:25:36 -0500 |
commit | 09f63f0395fe103fd1442b2b012b98f2cda2dcd3 (patch) | |
tree | d38a54ba7dc61a229cdf2b83acf21d86eb672cde /x11vnc | |
parent | 49cdfb4c1f25b371474f3a355e205471daa08640 (diff) | |
download | libvncserver-09f63f0395fe103fd1442b2b012b98f2cda2dcd3.zip libvncserver-09f63f0395fe103fd1442b2b012b98f2cda2dcd3.tar.gz |
x11vnc: -findauth, -auth guess, & etc.
Diffstat (limited to 'x11vnc')
-rw-r--r-- | x11vnc/ChangeLog | 18 | ||||
-rw-r--r-- | x11vnc/README | 1174 | ||||
-rw-r--r-- | x11vnc/cleanup.c | 1 | ||||
-rw-r--r-- | x11vnc/connections.c | 48 | ||||
-rw-r--r-- | x11vnc/cursor.c | 5 | ||||
-rw-r--r-- | x11vnc/cursor.h | 1 | ||||
-rw-r--r-- | x11vnc/enc.h | 599 | ||||
-rw-r--r-- | x11vnc/help.c | 59 | ||||
-rw-r--r-- | x11vnc/remote.c | 6 | ||||
-rw-r--r-- | x11vnc/screen.c | 102 | ||||
-rw-r--r-- | x11vnc/selection.c | 2 | ||||
-rw-r--r-- | x11vnc/solid.c | 97 | ||||
-rw-r--r-- | x11vnc/ssltools.h | 29 | ||||
-rwxr-xr-x | x11vnc/tkx11vnc | 119 | ||||
-rw-r--r-- | x11vnc/tkx11vnc.h | 119 | ||||
-rw-r--r-- | x11vnc/unixpw.c | 11 | ||||
-rw-r--r-- | x11vnc/user.c | 6 | ||||
-rw-r--r-- | x11vnc/x11vnc.1 | 64 | ||||
-rw-r--r-- | x11vnc/x11vnc.c | 132 | ||||
-rw-r--r-- | x11vnc/x11vnc.h | 3 | ||||
-rw-r--r-- | x11vnc/x11vnc_defs.c | 5 | ||||
-rw-r--r-- | x11vnc/xevents.c | 220 | ||||
-rw-r--r-- | x11vnc/xevents.h | 1 |
23 files changed, 2106 insertions, 715 deletions
diff --git a/x11vnc/ChangeLog b/x11vnc/ChangeLog index 3154d37..188fec3 100644 --- a/x11vnc/ChangeLog +++ b/x11vnc/ChangeLog @@ -1,3 +1,21 @@ +2009-11-18 Karl Runge <runge@karlrunge.com> + * x11vnc: use -timeout setting for reverse connections too. + Delay calling xfixes at the beginning of 1st connection to avoid + display manager Xorg server crash. Delay selwin creation at the + begin 1st connection to avoid being killed by display manager. + Options -findauth and '-auth guess'. Export icon_mode query. + Do not open X display in -rawfb mode unless asked. Bugfix for + -sid/-id handling window offscreen or bigger than display. + Search for windows with _DBUS_SESSION_BUS_PID to decide which + dbus_launch is ours. Fix missing displays in FIND_DISPLAY + script. Add X11VNC_SKIP_DISPLAY_NEGATE. Improvements to + 'x11vnc Properties' gui dialog and connecting with x11vnc via + socket (client list.) X11VNC_SYSTEM_GREETER1 for previous text + font size. Fix bug with unixpw and vencrypt plain login. + Have fast fb read rate keep waitms and defer the same. + More heuristics to check try if GDM is still running (window + names gdm-*) + 2009-10-17 Karl Runge <runge@karlrunge.com> * x11vnc: support for -solid option in xfce desktop. List -Q guess_dbus query. Implement -showrfbauth option. diff --git a/x11vnc/README b/x11vnc/README index 700f3e0..2863b32 100644 --- a/x11vnc/README +++ b/x11vnc/README @@ -2,7 +2,7 @@ Copyright (C) 2002-2009 Karl J. Runge <runge@karlrunge.com> All rights reserved. -x11vnc README file Date: Sat Oct 17 22:21:49 EDT 2009 +x11vnc README file Date: Wed Nov 18 11:52:45 EST 2009 The following information is taken from these URLs: @@ -28,55 +28,55 @@ x11vnc: a VNC server for real X displays mouse) with any VNC viewer. In this way it plays the role for Unix/X11 that WinVNC plays for Windows. - It has built-in [7]SSL/TLS encryption and RSA authentication, - including VeNCrypt; UNIX [8]account and password login support; - server-side [9]scaling; [10]single port HTTPS/HTTP and VNC; + It has built-in [7]SSL/TLS encryption and 2048 bit RSA authentication, + including VeNCrypt support; UNIX [8]account and password login + support; server-side [9]scaling; [10]single port HTTPS/HTTP+VNC; [11]Zeroconf service advertising; and TightVNC and UltraVNC [12]file-transfer. It has also been extended to work with non-X - devices: [13]webcams and TV tuner capture devices, [14]embedded Linux - systems such as Qtopia Core, and natively on [15]Mac OS X Aqua/Quartz. - More features are described [16]here. + devices: natively on [13]Mac OS X Aqua/Quartz, [14]webcams and TV + tuner capture devices, and [15]embedded Linux systems such as Qtopia + Core. More features are described [16]here. It also provides an encrypted [17]Terminal Services mode ([18]-create, [19]-svc, or [20]-xdmsvc options) based on Unix usernames and Unix passwords where the user does not need to memorize his VNC - display/port number. Normally a virtual X session (Xvfb) is created, - but it also works with X sessions on physical hardware. See also the - [21]tsvnc terminal services mode of the SSVNC viewer. + display/port number. Normally a virtual X session (Xvfb) is created + for each user, but it also works with X sessions on physical hardware. + See the [21]tsvnc terminal services mode of the SSVNC viewer that + takes advantage of this mode. I wrote x11vnc back in 2002 because x0rfbserver was basically impossible to build on Solaris and had poor performance. The primary x0rfbserver build problems centered around esoteric C++ toolkits. x11vnc is written in plain C and needs only standard libraries and so - should work on nearly all Unixes. I also created some enhancements to - improve the interactive response, added many features, etc. + should work on nearly all Unixes, even very old ones. I also created + enhancements to improve the interactive response, added many features, + and etc. This page including the [22]FAQ contains much information [23][*]; solutions to many problems; and interesting applications, but nevertheless please feel free to [24]contact me if you have problems - or questions (and if I save you time by giving you some of my time, - please consider a [25]paypal donation.) Please check the [26]FAQ - first; I realize this page is massive, but you can often use your - browser's find-in-page action using a keyword to find the answer to - your problem or question. + or questions (and if I save you time or expense by giving you some of + my time, please consider a [25]PayPal Donation.) + + Do check the [26]FAQ and this page first; I realize the pages are + massive, but you can often use your browser's find-in-page search + action using a keyword to find the answer to your problem or question. Please help [27]beta test the new performance speedup feature using - [28]viewer-side pixel caching "ncache". Let me know how it goes; - thanks. + [28]viewer-side pixel caching "ncache". SSVNC: An x11vnc side-project provides an [29]Enhanced TightVNC Viewer package (SSVNC) for Unix, Windows, and Mac OS X with automatic - SSL and/or SSH tunnelling support, SSL Certificate creation, saved - connection profiles, and built-in Proxy support. And for the Unix - viewer: NewFBSize, ZRLE, Viewer-side Scaling, cursor alphablending, - and low color modes. Also on Unix the UltraVNC File Transfer, Text - Chat, Single Window, Server Input, and 1/n Scaling extensions are - supported along with UltraVNC DSM encryption. This bundle could be - placed on, say, a USB memory stick for SSL/SSH VNC viewing from nearly - any networked computer. Please help test out some recently added - features: automatic service tunnelling via SSH for: CUPS and SMB - Printing, ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem - mounting; Port Knocking; and the sshvnc/tsvnc modes. + SSL and/or SSH tunnelling support, SSL Certificate creation, Saved + connection profiles, Zeroconf, VeNCrypt, and built-in Proxy support. + Added features for the TightVNC Unix viewer: NewFBSize, ZRLE encoding, + Viewer-side Scaling, cursor alphablending, low color modes, and + enhanced popup menu; UltraVNC extensions support for: File Transfer, + Text Chat, Single Window, Server Input, and 1/n Scaling extensions, + and UltraVNC DSM encryption. The SSVNC bundle could be placed on, say, + a USB memory stick for SSL/SSH VNC viewing from nearly any networked + computer. _________________________________________________________________ @@ -133,9 +133,9 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick So the standard Xvnc/vncserver program is very useful, I use it for things like: - * Desktop conferencing with other users (e.g. codereviews.) - * Long running apps/tasks I want to be able to view from many - places. + * Desktop conferencing with other users (e.g. code reviews.) + * Long running apps/tasks I want to be able to view from many places + (e.g. from home and work.) * Motif, GNOME, and similar applications that would yield very poor performance over a high latency link. @@ -901,61 +901,76 @@ make Here are some features that will appear in the 0.9.9 release: - * The FINDDISPLAY and FINDCREATEDISPLAY modes (i.e. "[122]-display - WAIT:cmd=...", [123]-find, [124]-create) now work correctly for - the user-supplied login program scheme "[125]-unixpw_cmd ...", as - long as the login program supports running commands specified in - the environment variable "RFB_UNIXPW_CMD_RUN" as the logged-in - user. The mode "[126]-unixpw_nis ..." has also been made more - consistent. - * The [127]-unixpw_system_greeter option, when used in combined - unixpw and XDMCP FINDCREATEDISPLAY mode (e.g. [128]-xdmsvc), + * The [122]-unixpw_system_greeter option, when used in combined + unixpw and XDMCP FINDCREATEDISPLAY mode (e.g. [123]-xdmsvc), enables the user to press Escape to jump directly to the XDM/GDM/KDM login greeter screen. This way the user avoids entering his unix password twice at X session creation time. Also, the unixpw login panel now has a short help displayed if the user presses 'F1'. - * The [129]-stunnel option (like [130]-ssl but uses stunnel as an - external helper program) now works with the [131]-ssl "SAVE" and - "TMP" special certificate names. The [132]-sslverify and - [133]-sslCRL options now work correctly in [134]-stunnel mode. - Single port HTTPS connections are also supported for this mode. * x11vnc now tries to be a little bit more aggressive in keeping up with VNC client's framebuffer update requests. Some broken VNC clients like Eggplant and JollysFastVNC continuously spray these requests at VNC servers (regardless of whether they have received any updates or not.) Under some circumstances this could lead to - x11vnc falling behind. The [135]-extra_fbur option allows one to + x11vnc falling behind. The [124]-extra_fbur option allows one to fine tune the setting. Additionally, one may also dial down - delays: e.g. "[136]-defer 5" and "[137]-wait 5" (or to 1 or even - 0) or [138]-nonap or [139]-allinput to keep up with these VNC + delays: e.g. "[125]-defer 5" and "[126]-wait 5" (or to 1 or even + 0) or [127]-nonap or [128]-allinput to keep up with these VNC clients at the expense of increased system load. + * Heuristics are applied to try to determine if the X display is + currently in a Display Manager Greeter Login panel (e.g. GDM) If + so, x11vnc's creation of any windows and use of XFIXES are + delayed. This is to try to avoid x11vnc being killed after the + user logs in if the GDM KillInitClients=true is in effect. So one + does not need to set KillInitClients=false. Note that in recent + GDM the KillInitClients option has been removed. Also delayed is + the use of the XFIXES cursor fetching functionality; this avoids + an Xorg bug that causes Xorg to crash right after the user logs + in. + * A new option [129]-findauth runs the FINDDISPLAY script that + applies heuristics that try to determine the XAUTHORITY file. The + use of '[130]-auth guess' will use the XAUTHORITY that -findauth + reveals. This can be handy in with the lastest GDM where the + ability to store cookies in ~/.Xauthority has been removed. + * The FINDDISPLAY and FINDCREATEDISPLAY modes (i.e. "[131]-display + WAIT:cmd=...", [132]-find, [133]-create) now work correctly for + the user-supplied login program scheme "[134]-unixpw_cmd ...", as + long as the login program supports running commands specified in + the environment variable "RFB_UNIXPW_CMD_RUN" as the logged-in + user. The mode "[135]-unixpw_nis ..." has also been made more + consistent. + * The [136]-stunnel option (like [137]-ssl but uses stunnel as an + external helper program) now works with the [138]-ssl "SAVE" and + "TMP" special certificate names. The [139]-sslverify and + [140]-sslCRL options now work correctly in [141]-stunnel mode. + Single port HTTPS connections are also supported for this mode. + * The remote control command [142]-R can be used to instruct x11vnc + to resend its most recent copy of the Clipboard, Primary, or + Cutbuffer selections: "x11vnc -R resend_clipboard", "x11vnc -R + resend_primary", and "x11vnc -R resend_cutbuffer". + * The fonts in the GUI ([143]-gui) can now by set via environment + variables, e.g. -env X11VNC_FONT_BOLD='Helvetica -16 bold' and + -env X11VNC_FONT_FIXED='Courier -14'. * The XDAMAGE mechanism is now automatically disabled for a period of time if a game or screensaver generates too many XDAMAGE rectangles per second. This avoids the X11 event queue from soaking up too much memory. - * The fonts in the GUI ([140]-gui) can now by set via environment - variables, e.g. -env X11VNC_FONT_BOLD='Helvetica -16 bold' and - -env X11VNC_FONT_FIXED='Courier -14'. - * The remote control command [141]-R can be used to instruct x11vnc - to resend its most recent copy of the Clipboard, Primary, or - Cutbuffer selections: "x11vnc -R resend_clipboard", "x11vnc -R - resend_primary", and "x11vnc -R resend_cutbuffer". * There is an experimental workaround: "-env X11VNC_WATCH_DX_DY=1" that tries to avoid problems with poorly constructed menu themes that place the initial position of the mouse cursor inside a menu - item's active zone. More information [142]can be found here. + item's active zone. More information [144]can be found here. Here are some features that appeared in the 0.9.8 release: - * Stability improvements to [143]-threads mode. Running x11vnc this + * Stability improvements to [145]-threads mode. Running x11vnc this way is more reliable now. Threaded operation sometimes gives better interactive response and faster updates: try it out. The threaded mode now supports multiple VNC viewers using the same VNC encoding. The threaded mode can also yield a performance enhancement in the many client case (e.g. class-room broadcast.) We have tested with 30 to 50 simultaneous clients. See also - [144]-reflect. + [146]-reflect. For simultaneous clients: the ZRLE encoding is thread safe on all platforms, and the Tight and Zlib encodings are currently only thread safe on Linux where thread local storage, __thread, is @@ -964,12 +979,12 @@ make connected client, all encodings are safe on all platforms. Note that some features (e.g. scroll detection and -ncache) may be disabled or run with reduced functionality in -threads mode. - * Automatically tries to work around an [145]Xorg server bug + * Automatically tries to work around an [147]Xorg server bug involving infinitely repeating keys when turning off key - repeating. Use [146]-repeat if the automatic workaround fails. + repeating. Use [148]-repeat if the automatic workaround fails. * Improved reliability of the Single Port SSL VNC and HTTPS java viewer applet delivery mechanism. - * The [147]-clip mode works under [148]-rawfb. + * The [149]-clip mode works under [150]-rawfb. Here are some features that appeared in the 0.9.7 release: @@ -979,38 +994,38 @@ make case the special file /dev/vcsa2 is used to retrieve vt2's current text. Text and colors are shown, but no graphics. * Support for less than 8 bits per pixel framebuffers (e.g. 4 or 1 - bpp) in the [149]-rawfb mode. + bpp) in the [151]-rawfb mode. * The SSL enabled UltraVNC Java viewer applet now has a [Home] entry in the "drives" drop down menu. This menu can be configured with the ftpDropDown applet parameter. All of the applet parameters are documented in classes/ssl/README. - * Experimental support for [150]VirtualGL's [151]TurboVNC (an + * Experimental support for [152]VirtualGL's [153]TurboVNC (an enhanced TightVNC for fast LAN high framerate usage.) * The CUPS Terminal Services helper mode has been improved. - * Improvements to the [152]-ncache_cr that allows smooth opaque + * Improvements to the [154]-ncache_cr that allows smooth opaque window motions using the 'copyrect' encoding when using - [153]-ncache mode. - * The [154]-rmflag option enables a way to indicate to other + [155]-ncache mode. + * The [156]-rmflag option enables a way to indicate to other processes x11vnc has exited. * Reverse connections using anonymous Diffie Hellman SSL encryption now work. Here are some features that appeared in the 0.9.6 release: - * Support for [155]VeNCrypt SSL/TLS encrypted connections. It is - enabled by default in the [156]-ssl mode. VNC Viewers like - vinagre, gvncviewer/gtk-vnc, the vencrypt package, and others - support this encryption mode. It can also be used with the - [157]-unixpw option to enable Unix username and password + * Support for [157]VeNCrypt SSL/TLS encrypted connections. It is + enabled by default in the [158]-ssl mode. VNC Viewers like + vinagre, gvncviewer/gtk-vnc, the vencrypt package, [159]SSVNC, and + others support this encryption mode. It can also be used with the + [160]-unixpw option to enable Unix username and password authentication (VeNCrypt's "*Plain" modes.) A similar but older VNC security type "ANONTLS" (used by vino) is supported as well. - See the [158]-vencrypt and [159]-anontls options for additional + See the [161]-vencrypt and [162]-anontls options for additional control. The difference between x11vnc's normal -ssl mode and VeNCrypt is that the former wraps the entire VNC connection in SSL (like HTTPS does for HTTP, i.e. "vncs://") while VeNCrypt switches on the SSL/TLS at a certain point during the VNC handshake. Use - [160]-sslonly to disable both VeNCrypt and ANONTLS (vino.) - * The "[161]-ssl ANON" option enables Anonymous Diffie-Hellman (ADH) + [163]-sslonly to disable both VeNCrypt and ANONTLS (vino.) + * The "[164]-ssl ANON" option enables Anonymous Diffie-Hellman (ADH) key exchange for x11vnc's normal SSL/TLS operation. Note that Anonymous Diffie-Hellman uses encryption for privacy, but provides no authentication and so is susceptible to Man-In-The-Middle @@ -1018,17 +1033,17 @@ make SAVE", etc. and have the VNC viewer verify the cert.) The ANONTLS mode (vino) only supports ADH. VeNCrypt mode supports both ADH and regular X509 SSL certificates modes. For these ADH is enabled by - default. See [162]-vencrypt and [163]-anontls for how to disable + default. See [165]-vencrypt and [166]-anontls for how to disable ADH. * For x11vnc's SSL/TLS modes, one can now specify a Certificate - Revocation List (CRL) with the [164]-sslCRL option. This will only + Revocation List (CRL) with the [167]-sslCRL option. This will only be useful for wide deployments: say a company-wide x11vnc SSL access deployment using a central Certificate Authority (CA) via - [165]-sslGenCA and [166]-sslGenCert. This way if a user has his + [168]-sslGenCA and [169]-sslGenCert. This way if a user has his laptop lost or stolen, you only have to revoke his key instead of creating a new Certificate Authority and redeploying new keys to all users. - * The default SSL/TLS mode, "[167]-ssl" (no pem file parameter + * The default SSL/TLS mode, "[170]-ssl" (no pem file parameter supplied), is now the same as "-ssl SAVE" and will save the generated self-signed cert in "~/.vnc/certs/server.pem". Previously "-ssl" would create a temporary self-signed cert that @@ -1038,45 +1053,45 @@ make same x11vnc server. Use "-ssl TMP" to regain the previous behavior. Use "-ssl SAVE_NOPROMPT" to avoid being prompted about using passphrase when the certificate is created. - * The option [168]-http_oneport enables single-port HTTP connections + * The option [171]-http_oneport enables single-port HTTP connections via the Java VNC Viewer. So, for example, the web browser URL "http://myhost.org:5900" works the same as "http://myhost.org:5800", but with the convenience of only involving one port instead of two. This works for both unencrypted - connections and for SSH tunnels (see [169]-httpsredir if the + connections and for SSH tunnels (see [172]-httpsredir if the tunnel port differs.) Note that HTTPS single-port operation in - [170]-ssl SSL encrypted mode has been available since x11vnc + [173]-ssl SSL encrypted mode has been available since x11vnc version 0.8.3. - * For the [171]-avahi/[172]-zeroconf Service Advertizing mode, if + * For the [174]-avahi/[175]-zeroconf Service Advertizing mode, if x11vnc was not compiled with the avahi-client library, then an external helper program, either avahi-publish(1) (on Unix) or dns-sd(1) (on Mac OS X), is used instead. - * The "[173]-rfbport PROMPT" option will prompt the user via the GUI + * The "[176]-rfbport PROMPT" option will prompt the user via the GUI to select the VNC port (e.g. 5901) to listen on, and a few other basic settings. This enables a handy GUI mode for naive users: x11vnc -gui tray=setpass -rfbport PROMPT -logfile $HOME/.x11vnc.log.%VNCDISP LAY suitable for putting in a launcher or menu, e.g. - [174]x11vnc.desktop. The [175]-logfile expansion is new too. In + [177]x11vnc.desktop. The [178]-logfile expansion is new too. In the GUI, the tray=setpass Properties panel has been improved. - * The [176]-solid solid background color option now works for the + * The [179]-solid solid background color option now works for the Mac OS X console. - * The [177]-reopen option instructs x11vnc to try to reopen the X + * The [180]-reopen option instructs x11vnc to try to reopen the X display if it is prematurely closed by, say, the display manager - (e.g. [178]GDM.) + (e.g. [181]GDM.) Here are some features that appeared in the 0.9.5 release: - * Symmetric key [179]encryption ciphers. ARC4, AES-128, AES-256, + * Symmetric key [182]encryption ciphers. ARC4, AES-128, AES-256, blowfish, and 3des are supported. Salt and initialization vector seeding is provided. These compliment the more widely used SSL and - SSH encryption access methods. [180]SSVNC also supports these + SSH encryption access methods. [183]SSVNC also supports these encryption modes. * Scaling differently along the X- and Y-directions. E.g. - "[181]-scale 1280x1024" or "-scale 0.8x0.75" Also, - "[182]-geometry WxH" is an alias for "-scale WxH" + "[184]-scale 1280x1024" or "-scale 0.8x0.75" Also, + "[185]-geometry WxH" is an alias for "-scale WxH" * By having SSVNC version 1.0.21 or later available in your $PATH, - the [183]-chatwindow option allows a UltraVNC Text Chat window to + the [186]-chatwindow option allows a UltraVNC Text Chat window to appear on the local X11 console/display (this way the remote viewer can chat with the person at the physical display; e.g. helpdesk mode.) This also works on the Mac OS X console if the @@ -1088,46 +1103,46 @@ LAY Here are some features that appeared in the 0.9.4 release: - * Improvements to the [184]-find and [185]-create X session finding + * Improvements to the [187]-find and [188]-create X session finding or creating modes: new desktop types and service redirection options. Personal cupsd daemon and SSH port redirection helper for - use with [186]SSVNC's Terminal Services feature. - * Reverse VNC connections via [187]-connect work in the [188]-find, - [189]-create and related [190]-display WAIT:... modes. + use with [189]SSVNC's Terminal Services feature. + * Reverse VNC connections via [190]-connect work in the [191]-find, + [192]-create and related [193]-display WAIT:... modes. * Reverse VNC connections (either normal or SSL) can use a Web Proxy or a SOCKS proxy, or a SSH connection, or even a CGI URL to make - the outgoing connection. See: [191]-proxy. Forward connections can - also use: [192]-ssh. - * Reverse VNC connections via the [193]UltraVNC repeater proxy + the outgoing connection. See: [194]-proxy. Forward connections can + also use: [195]-ssh. + * Reverse VNC connections via the [196]UltraVNC repeater proxy (either normal or SSL) are supported. Use either the - "[194]-connect repeater=ID:NNNN+host:port" or "[195]-connect - repeater://host:port+ID:NNNN" notation. The [196]SSVNC VNC viewer + "[197]-connect repeater=ID:NNNN+host:port" or "[198]-connect + repeater://host:port+ID:NNNN" notation. The [199]SSVNC VNC viewer also supports the UltraVNC repeater. * Support for indexed colormaps (PseudoColor) with depths other than 8 (from 1 to 16 now work) for non-standard hardware. Option - "[197]-advertise_truecolor" to handle some workaround in this + "[200]-advertise_truecolor" to handle some workaround in this mode. * Support for the ZYWRLE encoding, this is the RealVNC ZRLE encoding extended to do motion video and photo regions more efficiently by way of a Wavelet based transformation. - * The [198]-finddpy and [199]-listdpy utilities help to debug and - configure the [200]-find, [201]-create, and [202]-display WAIT:... + * The [201]-finddpy and [202]-listdpy utilities help to debug and + configure the [203]-find, [204]-create, and [205]-display WAIT:... modes. * Some automatic detection of screen resizes are handled even if the - [203]-xrandr option is not supplied. - * The [204]-autoport options gives more control over the VNC port + [206]-xrandr option is not supplied. + * The [207]-autoport options gives more control over the VNC port x11vnc chooses. - * The [205]-ping secs can be used to help keep idle connections + * The [208]-ping secs can be used to help keep idle connections alive. * Pasting of the selection/clipboard into remote applications (e.g. Java) has been improved. * Fixed a bug if a client disconnects during the 'speed-estimation' phase. * To unset Caps_Lock, Num_Lock and raise all keys in the X server - use [206]-clear_all. + use [209]-clear_all. * Usage with dvorak keyboards has been improved. See also: - [207]-xkb. - * The [208]Java Viewer applet source code is now included in the + [210]-xkb. + * The [211]Java Viewer applet source code is now included in the x11vnc-0.9.*.tar.gz tarball. This means you can now build the Java viewer applet jar files from source. If you stopped shipping the Java viewer applet jar files due to lack of source code, you can @@ -1135,7 +1150,7 @@ LAY Here are some features that appeared in the 0.9.3 release: - * [209]Viewer-side pixmap caching. A large area of pixels (at least + * [212]Viewer-side pixmap caching. A large area of pixels (at least 2-3 times as big as the framebuffer itself; the bigger the better... default is 10X) is placed below the framebuffer to act as a buffer/cache area for pixel data. The VNC CopyRect encoding @@ -1143,7 +1158,7 @@ LAY Until we start modifying viewers you will be able to see the cache area if you scroll down (this makes it easier to debug!) For testing the default is "-ncache 10". The unix Enhanced TightVNC - Viewer [210]ssvnc has a nice [211]-ycrop option to help hide the + Viewer [213]ssvnc has a nice [214]-ycrop option to help hide the pixel cache area from view. @@ -1156,14 +1171,14 @@ LAY * If UltraVNC file transfer or chat is detected, then VNC clients are "pinged" more often to prevent these side channels from becoming serviced too infrequently. - * In [212]-unixpw mode in the username and password dialog no text + * In [215]-unixpw mode in the username and password dialog no text will be echoed if the first character sent is "Escape". This enables a convenience feature in SSVNC to send the username and password automatically. Here are some features that appeared in the 0.9.1 release: - * The [213]UltraVNC Java viewer has been enhanced to support SSL (as + * The [216]UltraVNC Java viewer has been enhanced to support SSL (as the TightVNC viewer had been previously.) The UltraVNC Java supports ultravnc filetransfer, and so can be used as a VNC viewer on Unix that supports ultravnc filetransfer. It is in the @@ -1174,12 +1189,12 @@ LAY Some other bugs in the UltraVNC Java viewer were fixed and a few improvements to the UI made. * A new Unix username login mode for VNC Viewers authenticated via a - Client SSL Certificate: "[214]-users sslpeer=". The emailAddress + Client SSL Certificate: "[217]-users sslpeer=". The emailAddress subject field is inspected for username@hostname and then acts as though "-users +username" has been supplied. This way the Unix username is identified by (i.e. simply extracted from) the Client - SSL Certificate. This could be useful with [215]-find, - [216]-create and [217]-svc modes if you are also have set up and + SSL Certificate. This could be useful with [218]-find, + [219]-create and [220]-svc modes if you are also have set up and use VNC Client SSL Certificate authentication. * For external display finding/creating programs (e.g. WAIT:cmd=...) if the VNC Viewer is authenticated via a Client SSL Certificate, @@ -1188,41 +1203,41 @@ LAY Here are some features that appeared in the 0.9 release: - * [218]VNC Service advertising via mDNS / ZeroConf / BonJour with - the [219]Avahi client library. Enable via "[220]-avahi" or - "[221]-zeroconf". + * [221]VNC Service advertising via mDNS / ZeroConf / BonJour with + the [222]Avahi client library. Enable via "[223]-avahi" or + "[224]-zeroconf". * Implementations of UltraVNC's TextChat, SingleWindow, and - ServerInput extensions (requires ultravnc viewer or [222]ssvnc + ServerInput extensions (requires ultravnc viewer or [225]ssvnc Unix viewer.) They toggle the selection of a single window - ([223]-id), and disable (friendly) user input and viewing (monitor + ([226]-id), and disable (friendly) user input and viewing (monitor blank) at the VNC server. - * Short aliases "[224]-find", "[225]-create", "[226]-svc", and - "[227]-xdmsvc" for commonly used FINDCREATEDISPLAY usage modes. + * Short aliases "[227]-find", "[228]-create", "[229]-svc", and + "[230]-xdmsvc" for commonly used FINDCREATEDISPLAY usage modes. * Reverse VNC connections (viewer listening) now work in SSL - ([228]-ssl) mode. + ([231]-ssl) mode. * New options to control the Monitor power state and keyboard/mouse - grabbing: [229]-forcedpms, [230]-clientdpms, [231]-noserverdpms, - and [232]-grabalways. + grabbing: [232]-forcedpms, [233]-clientdpms, [234]-noserverdpms, + and [235]-grabalways. * A simple way to emulate inetd(8) to some degree via the - "[233]-loopbg" option. - * Monitor the accuracy of XDAMAGE and apply "[234]-noxdamage" if it - is not working well. OpenGL applications like like [235]beryl and + "[236]-loopbg" option. + * Monitor the accuracy of XDAMAGE and apply "[237]-noxdamage" if it + is not working well. OpenGL applications like like [238]beryl and MythTv have been shown to make XDAMAGE not work properly. * For Java SSL connections involving a router/firewall port - redirection, an option [236]-httpsredir to spare the user from + redirection, an option [239]-httpsredir to spare the user from needing to include &PORT=NNN in the browser URL. Here are some features that appeared in the 0.8.4 release: - * Native [237]Mac OS X Aqua/Quartz support. (i.e. OSXvnc + * Native [240]Mac OS X Aqua/Quartz support. (i.e. OSXvnc alternative; some activities are faster) - * A [238]new login mode: "-display WAIT:cmd=FINDCREATEDISPLAY + * A [241]new login mode: "-display WAIT:cmd=FINDCREATEDISPLAY -unixpw ..." that will Create a new X session (either virtual or real and with or without a display manager, e.g. kdm) for the user if it cannot find the user's X session display via the FINDDISPLAY - method. See the [239]-svc and the [240]-xdmsvc aliases. - * x11vnc can act as a VNC [241]reflector/repeater using the - "[242]-reflect host:N" option. Instead of polling an X display, + method. See the [242]-svc and the [243]-xdmsvc aliases. + * x11vnc can act as a VNC [244]reflector/repeater using the + "[245]-reflect host:N" option. Instead of polling an X display, the remote VNC Server host:N is connected to and re-exported via VNC. This is intended for use in broadcasting a display to many (e.g. > 16; classroom or large demo) VNC viewers where bandwidth @@ -1230,16 +1245,16 @@ LAY number of repeaters. * Wireframe copyrect detection for local user activity (e.g. someone sitting at the physical display moving windows) Use - [243]-nowireframelocal to disable. - * The "[244]-N" option couples the VNC Display number to the X + [246]-nowireframelocal to disable. + * The "[247]-N" option couples the VNC Display number to the X Display number. E.g. if your X DISPLAY is :2 then the VNC display will be :2 (i.e. using port 5902.) If that port is taken x11vnc will exit. - * Option [245]-nodpms to avoid problems with programs like KDE's + * Option [248]-nodpms to avoid problems with programs like KDE's kdesktop_lock that keep restarting the screen saver every few seconds. * To automatically fix the common mouse motion problem on XINERAMA - (multi-headed) displays, the [246]-xwarppointer option is enabled + (multi-headed) displays, the [249]-xwarppointer option is enabled by default when XINERAMA is active. If you have a Mac please try out the native Mac OS X support, build @@ -1249,62 +1264,62 @@ LAY Here are some features that appeared in the 0.8.3 release: - * The [247]-ssl option provides SSL encryption and authentication - natively via the [248]www.openssl.org library. One can use from a + * The [250]-ssl option provides SSL encryption and authentication + natively via the [251]www.openssl.org library. One can use from a simple self-signed certificate server certificate up to full CA and client certificate authentication schemes. - * Similar to -ssl, the [249]-stunnel option starts up a SSL tunnel + * Similar to -ssl, the [252]-stunnel option starts up a SSL tunnel server stunnel (that must be installed separately on the system: - [250]www.stunnel.org [251]stunnel.mirt.net ) to allow only + [253]www.stunnel.org [254]stunnel.mirt.net ) to allow only encrypted SSL connections from the network. - * The [252]-sslverify option allows for authenticating VNC clients + * The [255]-sslverify option allows for authenticating VNC clients via their certificates in either -ssl or -stunnel modes. * Certificate creation and management tools are provide in the - [253]-sslGenCert, [254]-sslGenCA, and [255]related options. + [256]-sslGenCert, [257]-sslGenCA, and [258]related options. * An SSL enabled Java applet VNC Viewer applet is provided by x11vnc in classes/ssl/VncViewer.jar. In addition to normal HTTP, the applet may be loaded into the web browser via HTTPS (HTTP over SSL.) (one can use the VNC port, e.g. https://host:5900/, or also - the separate [256]-https port option.) A wrapper shell script - [257]ss_vncviewer is also provided that sets up a stunnel - client-side tunnel on Unix systems. See [258]Enhanced TightVNC + the separate [259]-https port option.) A wrapper shell script + [260]ss_vncviewer is also provided that sets up a stunnel + client-side tunnel on Unix systems. See [261]Enhanced TightVNC Viewer (SSVNC) for other SSL/SSH viewer possibilities. - * The [259]-unixpw option supports Unix username and password - authentication (a simpler variant is the [260]-unixpw_nis option + * The [262]-unixpw option supports Unix username and password + authentication (a simpler variant is the [263]-unixpw_nis option that works in environments where the encrypted passwords are - readable, e.g. NIS.) The [261]-ssl or [262]-localhost + - [263]-stunnel options are enforced in this mode to prevent + readable, e.g. NIS.) The [264]-ssl or [265]-localhost + + [266]-stunnel options are enforced in this mode to prevent password sniffing. As a convenience, these requirements are lifted if a SSH tunnel can be deduced (but -localhost still applies.) - * Coupling [264]-unixpw with "[265]-display WAIT:cmd=FINDDISPLAY" or + * Coupling [267]-unixpw with "[268]-display WAIT:cmd=FINDDISPLAY" or "-display WAIT:cmd=FINDCREATEDISPLAY" provides a way to allow a user to login with their UNIX password and have their display - connected to [266]automatically. See the [267]-svc and the - [268]-xdmsvc aliases. - * Hooks are provided in the [269]-unixpw_cmd and "[270]-passwdfile + connected to [269]automatically. See the [270]-svc and the + [271]-xdmsvc aliases. + * Hooks are provided in the [272]-unixpw_cmd and "[273]-passwdfile cmd:,custom:..." options to allow you to supply your own authentication and password lookup programs. * x11vnc can be configured and built to not depend on X11 libraries - "./configure --without-x" for [271]-rawfb only operation (e.g. + "./configure --without-x" for [274]-rawfb only operation (e.g. embedded linux console devices.) - * The [272]-rotate option enables you to rotate or reflect the + * The [275]-rotate option enables you to rotate or reflect the screen before exporting via VNC. This is intended for use on handhelds and other devices where the rotation orientation is not "natural". - * The "[273]-ultrafilexfer" alias is provided and improved UltraVNC + * The "[276]-ultrafilexfer" alias is provided and improved UltraVNC filetransfer rates have been achieved. - * Under the "[274]-connect_or_exit host" option x11vnc will exit + * Under the "[277]-connect_or_exit host" option x11vnc will exit immediately unless the reverse connection to host succeeds. The "-rfbport 0" option disables TCP listening for connections (useful for this mode.) - * The "[275]-rawfb rand" and "-rawfb none" options are useful for + * The "[278]-rawfb rand" and "-rawfb none" options are useful for testing automation scripts, etc., without requiring a full desktop. - * Reduced spewing of information at startup, use "[276]-verbose" + * Reduced spewing of information at startup, use "[279]-verbose" (also "-v") to turn it back on for debugging or if you are going to send me a problem report. - Here are some [277]Previous Release Notes + Here are some [280]Previous Release Notes _________________________________________________________________ Some Notes: @@ -1331,13 +1346,13 @@ LAY protocol.) I suggest using xsetroot, dtstyle or similar utility to set a solid background while using x11vnc. You can turn the pretty background image back on when you are using the display directly. - Update: As of Feb/2005 x11vnc has the [278]-solid [color] option that + Update: As of Feb/2005 x11vnc has the [281]-solid [color] option that works on recent GNOME, KDE, and CDE and also on classic X (background image is on the root window.) Update: As of Oct/2007 x11vnc has the - [279]-ncache option that does a reasonable job caching the background + [282]-ncache option that does a reasonable job caching the background (and other) pixmap data on the viewer side. - I also find the [280]TightVNC encoding gives the best response for my + I also find the [283]TightVNC encoding gives the best response for my usage (Unix <-> Unix over cable modem.) One needs a tightvnc-aware vncviewer to take advantage of this encoding. @@ -1349,17 +1364,17 @@ LAY is X11's default listening port.) Had port 5900 been taken by some other application, x11vnc would have next tried 5901. That would mean the viewer command above should be changed to vncviewer - far-away.east:1. You can force the port with the "[281]-rfbport NNNN" + far-away.east:1. You can force the port with the "[284]-rfbport NNNN" option where NNNN is the desired port number. If that port is already - taken, x11vnc will exit immediately. The "[282]-N" option will try to + taken, x11vnc will exit immediately. The "[285]-N" option will try to match the VNC display number to the X display. (also see the "SunRay Gotcha" note below) Options: x11vnc has (far too) many features that may be activated - via its [283]command line options. Useful options are, e.g., -scale to + via its [286]command line options. Useful options are, e.g., -scale to do server-side scaling, and -rfbauth passwd-file to use VNC password protection (the vncpasswd or storepasswd programs, or the x11vnc - [284]-storepasswd option can be used to create the password file.) + [287]-storepasswd option can be used to create the password file.) Algorithm: How does x11vnc do it? Rather brute-forcedly: it continuously polls the X11 framebuffer for changes using @@ -1387,7 +1402,7 @@ LAY first testing out the programs. You get an interesting recursive/feedback effect where vncviewer images keep popping up each one contained in the previous one and slightly shifted a bit by the - window manager decorations. There will be an [285]even more + window manager decorations. There will be an [288]even more interesting effect if -scale is used. Also, if the XKEYBOARD is supported and the XBell "beeps" once, you get an infinite loop of beeps going off. Although all of this is mildly exciting it is not @@ -1397,8 +1412,8 @@ LAY Sun Ray Notes: - You can run x11vnc on your (connected or disconnected) [286]SunRay - session. Here are some [287]notes on SunRay usage with x11vnc. + You can run x11vnc on your (connected or disconnected) [289]SunRay + session. Here are some [290]notes on SunRay usage with x11vnc. _________________________________________________________________ @@ -1410,7 +1425,7 @@ LAY than you normally do to minimize the effects (e.g. do fullpage paging rather than line-by-line scrolling, and move windows in a single, quick motion.) Recent work has provided the - [288]-scrollcopyrect and [289]-wireframe speedups using the + [291]-scrollcopyrect and [292]-wireframe speedups using the CopyRect VNC encoding and other things, but they only speed up some activities, not all. * A rate limiting factor for x11vnc performance is that graphics @@ -1469,18 +1484,18 @@ LAY but we mention it because it may be of use for special purpose applications. You may need to use the "-cc 4" option to force Xvfb to use a TrueColor visual instead of DirectColor. See also the - description of the [290]-create option that does all of this + description of the [293]-create option that does all of this automatically for you. Also, a faster and more accurate way is to use the "dummy" XFree86/Xorg device driver (or our Xdummy wrapper script.) See - [291]this FAQ for details. + [294]this FAQ for details. * Somewhat surprisingly, the X11 mouse (cursor) shape is write-only and cannot be queried from the X server. So traditionally in x11vnc the cursor shape stays fixed at an arrow. (see the "-cursor - X" and "-cursor some" [292]options, however, for a partial hack + X" and "-cursor some" [295]options, however, for a partial hack for the root window, etc.) However, on Solaris using the SUN_OVL overlay extension, x11vnc can show the correct mouse cursor when - the [293]-overlay option is also supplied. A similar thing is done + the [296]-overlay option is also supplied. A similar thing is done on IRIX as well when -overlay is supplied. More generally, as of Dec/2004 x11vnc supports the new XFIXES extension (in Xorg and Solaris 10) to query the X server for the @@ -1488,18 +1503,18 @@ LAY with transparency (alpha channel) need to approximated to solid RGB values (some cursors look worse than others.) * Audio from applications is of course not redirected (separate - redirectors do exist, e.g. esd, see [294]the FAQ on this below.) + redirectors do exist, e.g. esd, see [297]the FAQ on this below.) The XBell() "beeps" will work if the X server supports the XKEYBOARD extension. (Note that on Solaris XKEYBOARD is disabled by default. Passing +kb to Xsun enables it.) - * The scroll detection algorithm for the [295]-scrollcopyrect option + * The scroll detection algorithm for the [298]-scrollcopyrect option can give choppy or bunched up transient output and occasionally painting errors. * Using -threads can expose some bugs/crashes in libvncserver. - Please feel free to [296]contact me if you have any questions, + Please feel free to [299]contact me if you have any questions, problems, or comments about x11vnc, etc. - Also, some people ask if they can make a donation, see [297]this link + Also, some people ask if they can make a donation, see [300]this link for that. References @@ -1516,9 +1531,9 @@ References 10. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers 11. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi 12. http://www.karlrunge.com/x11vnc/faq.html#faq-filexfer - 13. http://www.karlrunge.com/x11vnc/faq.html#faq-video - 14. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded - 15. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx + 13. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx + 14. http://www.karlrunge.com/x11vnc/faq.html#faq-video + 15. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded 16. http://www.karlrunge.com/x11vnc/index.html#beta-test 17. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay 18. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create @@ -1625,182 +1640,185 @@ References 119. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext 120. http://www.karlrunge.com/x11vnc/ssvnc.html 121. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-enc - 122. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 123. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 124. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 125. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd - 126. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis - 127. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_system_greeter - 128. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 129. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 130. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 131. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 132. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 133. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL - 134. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 135. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-extra_fbur - 136. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer - 137. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait - 138. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nonap - 139. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allinput - 140. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui - 141. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote - 142. http://ubuntuforums.org/showthread.php?t=1223490 - 143. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads - 144. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect - 145. http://bugs.freedesktop.org/show_bug.cgi?id=21454 - 146. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-repeat - 147. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip - 148. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 149. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 150. http://www.virtualgl.org/ - 151. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc - 152. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_cr - 153. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache - 154. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rmflag - 155. http://sourceforge.net/projects/vencrypt/ - 156. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 157. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 158. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt - 159. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls - 160. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslonly - 161. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 162. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt - 163. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls - 164. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL - 165. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA - 166. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert - 167. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 168. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http_oneport - 169. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir + 122. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_system_greeter + 123. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 124. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-extra_fbur + 125. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer + 126. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait + 127. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nonap + 128. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allinput + 129. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-findauth + 130. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth + 131. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 132. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 133. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 134. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd + 135. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis + 136. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 137. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 138. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 139. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 140. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL + 141. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 142. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote + 143. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui + 144. http://ubuntuforums.org/showthread.php?t=1223490 + 145. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads + 146. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect + 147. http://bugs.freedesktop.org/show_bug.cgi?id=21454 + 148. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-repeat + 149. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip + 150. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 151. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 152. http://www.virtualgl.org/ + 153. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc + 154. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_cr + 155. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache + 156. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rmflag + 157. http://sourceforge.net/projects/vencrypt/ + 158. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 159. http://www.karlrunge.com/x11vnc/ssvnc.html + 160. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 161. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt + 162. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls + 163. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslonly + 164. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 165. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt + 166. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls + 167. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL + 168. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA + 169. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert 170. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 171. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi - 172. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf - 173. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport - 174. http://www.karlrunge.com/x11vnc/x11vnc.desktop - 175. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-o - 176. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid - 177. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen - 178. http://www.karlrunge.com/x11vnc/faq.html#infaq_gdm - 179. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-enc - 180. http://www.karlrunge.com/x11vnc/ssvnc.html - 181. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale - 182. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-geometry - 183. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-chatwindow - 184. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 185. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 186. http://www.karlrunge.com/x11vnc/ssvnc.html - 187. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect - 188. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 189. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 190. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 191. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy - 192. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssh - 193. http://www.uvnc.com/addons/repeater.html - 194. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect - 195. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 196. http://www.karlrunge.com/x11vnc/ssvnc.html - 197. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-advertise_truecolor - 198. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-finddpy - 199. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-listdpy - 200. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 201. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 202. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 203. http://www.karlrunge.com/x11vnc/faq.html#faq-xrandr - 204. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-autoport - 205. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ping - 206. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all - 207. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb - 208. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 209. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching - 210. http://www.karlrunge.com/x11vnc/ssvnc.html - 211. http://www.karlrunge.com/x11vnc/ssvnc.html#ycrop - 212. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 213. http://www.ultravnc.com/ - 214. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 215. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 216. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 217. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 218. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi - 219. http://www.avahi.org/ - 220. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi - 221. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf - 222. http://www.karlrunge.com/x11vnc/ssvnc.html - 223. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 224. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 225. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 226. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 227. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 228. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 229. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forcedpms - 230. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clientdpms - 231. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms - 232. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabalways - 233. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 234. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage - 235. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl - 236. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir - 237. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx - 238. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 239. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 240. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 241. http://www.karlrunge.com/x11vnc/faq.html#faq-reflect - 242. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect - 243. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nowireframelocal - 244. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N - 245. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms - 246. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer - 247. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 248. http://www.openssl.org/ - 249. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 250. http://www.stunnel.org/ - 251. http://stunnel.mirt.net/ - 252. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 253. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert - 254. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA - 255. http://www.karlrunge.com/x11vnc/ssl.html - 256. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https - 257. http://www.karlrunge.com/x11vnc/faq.html#infaq_ss_vncviewer - 258. http://www.karlrunge.com/x11vnc/ssvnc.html - 259. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 260. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis - 261. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 262. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 263. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 264. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 265. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 266. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin - 267. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 268. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 269. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd - 270. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 271. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 272. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate - 273. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer - 274. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit - 275. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 276. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-v, - 277. http://www.karlrunge.com/x11vnc/prevrels.html - 278. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid - 279. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache - 280. http://www.tightvnc.com/ - 281. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport - 282. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N - 283. http://www.karlrunge.com/x11vnc/x11vnc_opts.html - 284. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd - 285. http://www.karlrunge.com/x11vnc/recurse_x11vnc.jpg - 286. http://www.sun.com/sunray/index.html - 287. http://www.karlrunge.com/x11vnc/sunray.html - 288. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 289. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 290. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 291. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb - 292. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor - 293. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay - 294. http://www.karlrunge.com/x11vnc/faq.html#faq-sound - 295. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 296. mailto:xvml@karlrunge.com - 297. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks + 171. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http_oneport + 172. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir + 173. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 174. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi + 175. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf + 176. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport + 177. http://www.karlrunge.com/x11vnc/x11vnc.desktop + 178. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-o + 179. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid + 180. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen + 181. http://www.karlrunge.com/x11vnc/faq.html#infaq_gdm + 182. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-enc + 183. http://www.karlrunge.com/x11vnc/ssvnc.html + 184. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale + 185. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-geometry + 186. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-chatwindow + 187. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 188. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 189. http://www.karlrunge.com/x11vnc/ssvnc.html + 190. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect + 191. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 192. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 193. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 194. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy + 195. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssh + 196. http://www.uvnc.com/addons/repeater.html + 197. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect + 198. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect + 199. http://www.karlrunge.com/x11vnc/ssvnc.html + 200. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-advertise_truecolor + 201. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-finddpy + 202. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-listdpy + 203. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 204. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 205. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 206. http://www.karlrunge.com/x11vnc/faq.html#faq-xrandr + 207. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-autoport + 208. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ping + 209. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all + 210. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb + 211. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers + 212. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching + 213. http://www.karlrunge.com/x11vnc/ssvnc.html + 214. http://www.karlrunge.com/x11vnc/ssvnc.html#ycrop + 215. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 216. http://www.ultravnc.com/ + 217. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users + 218. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 219. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 220. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 221. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi + 222. http://www.avahi.org/ + 223. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi + 224. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf + 225. http://www.karlrunge.com/x11vnc/ssvnc.html + 226. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 227. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 228. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 229. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 230. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 231. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 232. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forcedpms + 233. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clientdpms + 234. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms + 235. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabalways + 236. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop + 237. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage + 238. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl + 239. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir + 240. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx + 241. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 242. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 243. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 244. http://www.karlrunge.com/x11vnc/faq.html#faq-reflect + 245. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect + 246. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nowireframelocal + 247. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N + 248. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms + 249. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer + 250. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 251. http://www.openssl.org/ + 252. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 253. http://www.stunnel.org/ + 254. http://stunnel.mirt.net/ + 255. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 256. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert + 257. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA + 258. http://www.karlrunge.com/x11vnc/ssl.html + 259. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https + 260. http://www.karlrunge.com/x11vnc/faq.html#infaq_ss_vncviewer + 261. http://www.karlrunge.com/x11vnc/ssvnc.html + 262. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 263. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis + 264. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 265. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 266. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 267. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 268. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 269. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin + 270. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 271. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 272. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd + 273. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 274. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 275. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate + 276. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer + 277. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit + 278. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 279. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-v, + 280. http://www.karlrunge.com/x11vnc/prevrels.html + 281. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid + 282. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache + 283. http://www.tightvnc.com/ + 284. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport + 285. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N + 286. http://www.karlrunge.com/x11vnc/x11vnc_opts.html + 287. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd + 288. http://www.karlrunge.com/x11vnc/recurse_x11vnc.jpg + 289. http://www.sun.com/sunray/index.html + 290. http://www.karlrunge.com/x11vnc/sunray.html + 291. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect + 292. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 293. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 294. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb + 295. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor + 296. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay + 297. http://www.karlrunge.com/x11vnc/faq.html#faq-sound + 298. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect + 299. mailto:xvml@karlrunge.com + 300. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks ======================================================================= http://www.karlrunge.com/x11vnc/faq.html: @@ -2276,7 +2294,7 @@ http://www.karlrunge.com/x11vnc/faq.html: [130]Q-128: Does x11vnc work with IPv6? - [131]Q-129: Thanks for your program and for your help! Can I make a + [131]Q-129: Thanks for your program or for your help! Can I make a donation? _________________________________________________________________ @@ -4873,15 +4891,31 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg (or /etc/gdm/gdm.conf, etc.) avoids this. Otherwise, just restart x11vnc and then reconnect your viewer. Other display managers (kdm, etc) may also have a similar problem. One user reports having to alter - "gdm.conf-custom" as well. Update Nov/2008: See also the [395]-reopen - option for another possible workaround. + "gdm.conf-custom" as well. Note: Solaris: For dtlogin in addition to the above sort of trick (BTW, the auth file should be in /var/dt), you'll also need to add something like Dtlogin*grabServer:False to the Xconfig file (/etc/dt/config/Xconfig or /usr/dt/config/Xconfig on Solaris, see - [396]the example at the end of this FAQ.) Then restart dtlogin, e.g.: + [395]the example at the end of this FAQ.) Then restart dtlogin, e.g.: /etc/init.d/dtlogin stop; /etc/init.d/dtlogin start or reboot. + + Update Nov/2008: Regarding GDM KillInitClients: see the [396]-reopen + option for another possible workaround. + + Update Oct/2009: Regarding GDM KillInitClients: starting with x11vnc + 0.9.9 it will try to apply heuristics to detect if a window manager is + not running (i.e. whether the Display Manager Greeter Login panel is + still up.) If it thinks the display manager login is still up it will + delay creating windows or using XFIXES. The former is what GDM uses to + kill the initial clients, use of the latter can cause a different + problem: an Xorg server crash. So with 0.9.9 and later it should all + work without needing to set KillInitClients=false (which is a good + because recent GDM, v2.24, has removed this option) or use -noxfixes. + To disable the heuristics and delaying set X11VNC_AVOID_WINDOWS=never; + to set the delay time explicitly use, e.g., X11VNC_AVOID_WINDOWS=120 + (delays for 120 seconds after the VNC connection; you have that long + to log in.) _________________________________________________________________ Continuously: Have x11vnc reattach each time the X server is @@ -4903,17 +4937,20 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg XDM /etc/X11/xdm/Xsetup (or sometimes xdm/Xsetup_0) CDE /etc/dt/config/Xsetup - although the exact location can depend on operating system and - distribution. See the documentation for your display manager: gdm(1), - kdm(1), xdm(1), dtlogin(1) for additional details. There may also be - display number specific scripts: e.g. Xsetup_0 vs. Xsetup, you need to - watch out for. + although the exact location can be operating system, distribution, and + time dependent. See the documentation for your display manager: + gdm(1), kdm(1), xdm(1), dtlogin(1) for additional details. There may + also be display number specific scripts: e.g. Xsetup_0 vs. Xsetup, you + need to watch out for. Note: GDM: The above (in 'One time only') gdm setting of KillInitClients=false in /etc/X11/gdm/gdm.conf (or /etc/gdm/gdm.conf, etc.) for GDM is needed here as well. Other display managers (KDM, etc) may also have a similar problem. + Also see the Update Oct/2009 above where x11vnc 0.9.9 and later + automatically avoids being killed. + Note: DtLogin: The above (in 'One time only') Dtlogin*grabServer:False step for Solaris will be needed for dtlogin here as well. @@ -9049,7 +9086,7 @@ or: Contributions: - Q-129: Thanks for your program and for your help! Can I make a + Q-129: Thanks for your program or for your help! Can I make a donation? Please do (any amount is appreciated; very few have donated) and thank @@ -9453,8 +9490,8 @@ References 392. http://club.mandriva.com/xwiki/bin/view/KB/XwinXset 393. http://www.karlrunge.com/x11vnc/index.html#firewalls 394. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 395. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen - 396. http://www.karlrunge.com/x11vnc/faq.html#infaq_dtlogin_solaris + 395. http://www.karlrunge.com/x11vnc/faq.html#infaq_dtlogin_solaris + 396. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen 397. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost 398. http://www.karlrunge.com/x11vnc/index.html#tunnelling 399. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost @@ -11666,6 +11703,7 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) [ssvnc.gif] [ssvnc_windows.gif] [ssvnc_macosx.gif] [3]. [4]. + The Enhanced TightVNC Viewer, SSVNC, adds encryption security to VNC connections. @@ -11689,11 +11727,11 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) GUI as an enhanced replacement for the xvncviewer, xtightvncviewer, etc., viewers. - SSVNC also supports the [6]VeNCrypt SSL/TLS and Vino/ANONTLS - extensions to VNC on Unix, Mac OS X, and Windows. Via the provided - SSVNC VeNCrypt bridge, VeNCrypt and ANONTLS encryption also works with - any third party VNC Viewer (e.g. RealVNC, TightVNC, UltraVNC, etc...) - you select via 'Change VNC Viewer'. + In addition to normal SSL, SSVNC also supports the [6]VeNCrypt SSL/TLS + and Vino/ANONTLS encryption extensions to VNC on Unix, Mac OS X, and + Windows. Via the provided SSVNC VeNCrypt bridge, VeNCrypt and ANONTLS + encryption also works with any third party VNC Viewer (e.g. RealVNC, + TightVNC, UltraVNC, etc...) you select via 'Change VNC Viewer'. The short name for this project is "ssvnc" for SSL/SSH VNC Viewer. This is the name of the command to start it. @@ -11702,9 +11740,9 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) simplified [8]Terminal-Services mode (tsvnc) for use with x11vnc on the remote side. - It is also possible (although not recommended) to disable all - encryption: -noenc cmdline option; Ctrl-E toggle; or Vnc:// host - prefix; see the online Help for details. + It is also possible (although not recommended) to disable encryption: + -noenc cmdline option; Ctrl-E toggle; or Vnc:// host prefix; see the + online Help for details. The tool has many additional features; see the descriptions below. @@ -11733,14 +11771,16 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) _________________________________________________________________ - Wrappers and a tcl/tk GUI were written and patches were created for - the TightVNC 1.3.9 vnc_unixsrc tree to add these features: + Feature List: + + Wrapper scripts and a tcl/tk GUI were written to create these features + for Unix, Mac OS X, and Windows: * SSL support for connections using the bundled stunnel program. * Automatic SSH connections from the GUI (system ssh is used on Unix and MacOS X; bundled plink is used on Windows) * Ability to Save and Load VNC profiles for different hosts. * You can also use your own VNC Viewer, e.g. UltraVNC or RealVNC, - with the SSVNC encryption GUI front-end if you like. + with the SSVNC encryption GUI front-end if you prefer. * Create or Import SSL Certificates and Private Keys. * Reverse (viewer listening) VNC connections via SSL and SSH. * VeNCrypt SSL/TLS VNC encryption support (used by [13]VeNCrypt, @@ -11776,8 +11816,9 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) * Simplified mode launched by command "[18]tsvnc" that provides a VNC "Terminal Services" mode (uses x11vnc on the remote side). - [19]Unix TightVNC Viewer improvements (these only apply to the Unix - VNC viewer, including Mac OS X): + Patches to TightVNC 1.3.9 vnc_unixsrc tree were created for [19]Unix + TightVNC Viewer improvements (these only apply to the Unix VNC viewer, + including MacOSX XQuartz): * rfbNewFBSize VNC support (dynamic screen resizing) * Client-side Scaling of the Desktop in the viewer. * ZRLE VNC encoding support (RealVNC's encoding) @@ -11802,7 +11843,7 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) * Support for UltraVNC [24]Single Click operation. (both unencrypted: SC I, and SSL encrypted: SC III) * Support for UltraVNC [25]DSM Encryption Plugin symmetric - encryption mode. (ARC4, AESV2, and MSRC4) + encryption mode. (ARC4, AESV2, MSRC4, and SecureVNC) * Support for UltraVNC [26]MS-Logon authentication (NOTE: the UltraVNC MS-Logon key exchange implementation is very weak; an eavesdropper on the network can recover your Windows password @@ -11873,7 +11914,10 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) Alternatively, on Unix you can use the [30]conventional source tarball. - Here is the Quick Start info from the README for how to do that: + _________________________________________________________________ + + Here is the Quick Start info from the README for how to setup and use + SSVNC: Quick Start: ----------- @@ -11883,7 +11927,7 @@ Unix and Mac OS X: Unpack the archive: - % gzip -dc ssvnc-1.0.23.tar.gz | tar xvf - + % gzip -dc ssvnc-1.0.24.tar.gz | tar xvf - Run the GUI: @@ -11891,7 +11935,7 @@ Unix and Mac OS X: % ./ssvnc/MacOSX/ssvnc (for Mac OS X) - The smaller file "ssvnc_no_windows-1.0.23.tar.gz" + The smaller file "ssvnc_no_windows-1.0.24.tar.gz" could have been used as well. On MacOSX you could also click on the SSVNC app icon in the Finder. @@ -11937,8 +11981,8 @@ Unix/MacOSX Install: For the conventional source tarball it will compile and install, e.g.: - gzip -dc ssvnc-1.0.23.src.tar.gz | tar xvf - - cd ssvnc-1.0.23 + gzip -dc ssvnc-1.0.24.src.tar.gz | tar xvf - + cd ssvnc-1.0.24 make config make all make PREFIX=/my/install/dir install @@ -11951,7 +11995,7 @@ Windows: Unzip, using WinZip or a similar utility, the zip file: - ssvnc-1.0.23.zip + ssvnc-1.0.24.zip Run the GUI, e.g.: @@ -11963,7 +12007,7 @@ Windows: select Open, and then OK to launch it. - The smaller file "ssvnc_windows_only-1.0.23.zip" + The smaller file "ssvnc_windows_only-1.0.24.zip" could have been used as well. You can make a Windows shortcut to this program if you want to. @@ -12182,7 +12226,7 @@ Usage: ./vncviewer [<OPTIONS>] [<HOST>][:<DISPLAY#>] -noraiseonbeep -passwd <PASSWD-FILENAME> (standard VNC authentication) -user <USERNAME> (Unix login authentication) - -encodings <ENCODING-LIST> (e.g. "tight copyrect") + -encodings <ENCODING-LIST> (e.g. "tight,copyrect") -bgr233 -owncmap -truecolour @@ -12303,6 +12347,30 @@ Enhanced TightVNC viewer (SSVNC) options: -rawlocal Prefer raw encoding for localhost, default is no, i.e. assumes you have a SSH tunnel instead. + -notty Try to avoid using the terminal for interactive + responses: use windows for messages and prompting + instead. Messages will also be printed to terminal. + + -sendclipboard Send the X CLIPBOARD selection (i.e. Ctrl+C, + Ctrl+V) instead of the X PRIMARY selection (mouse + select and middle button paste.) + + -sendalways Whenever the mouse enters the VNC viewer main + window, send the selection to the VNC server even if + it has not changed. This is like the Xt resource + translation SelectionToVNC(always) + + -recvtext str When cut text is received from the VNC server, + ssvncviewer will set both the X PRIMARY and the + X CLIPBOARD local selections. To control which + is set, specify 'str' as 'primary', 'clipboard', + or 'both' (the default.) + + -graball Grab the entire X server when in fullscreen mode, + needed by some old window managers like fvwm2. + + -popupfix Warp the popup back to the pointer position, + needed by some old window managers like fvwm2. -sendclipboard Send the X CLIPBOARD selection (i.e. Ctrl+C, Ctrl+V) instead of the X PRIMARY selection (mouse select and middle button paste.) @@ -12500,7 +12568,8 @@ r Cursor Shape: ~ -nocursorshape X11 Cursor: ~ -x11cursor Cursor Alphablend: ~ -alpha - Toggle Tight/ZRLE: ~ -encodings ... + Toggle Tight/Hextile: ~ -encodings hextile... + Toggle Tight/ZRLE: ~ -encodings zrle... Toggle ZRLE/ZYWRLE: ~ -encodings zywrle... Quality Level ~ -quality (both Tight and ZYWRLE) Compress Level ~ -compresslevel @@ -12590,25 +12659,25 @@ r "ssvnc_unix_only" (or "ssvnc_no_windows" to recompile). On Mac OS X? Use "ssvnc_no_windows". On Windows? Use "ssvnc_windows_only". - [47]ssvnc_windows_only-1.0.23.zip Windows Binaries Only. No source incl + [47]ssvnc_windows_only-1.0.24.zip Windows Binaries Only. No source incl uded (~6MB) - [48]ssvnc_no_windows-1.0.23.tar.gz Unix and Mac OS X Only. No Windows bin + [48]ssvnc_no_windows-1.0.24.tar.gz Unix and Mac OS X Only. No Windows bin aries. Source included. (~9MB) - [49]ssvnc_unix_only-1.0.23.tar.gz Unix Binaries Only. No source incl + [49]ssvnc_unix_only-1.0.24.tar.gz Unix Binaries Only. No source incl uded. (~6.5MB) - [50]ssvnc_unix_minimal-1.0.23.tar.gz Unix Minimal. You must supply your ow + [50]ssvnc_unix_minimal-1.0.24.tar.gz Unix Minimal. You must supply your ow n vncviewer and stunnel. (~0.1MB) - [51]ssvnc-1.0.23.tar.gz All Unix, Mac OS X, and Windows binari + [51]ssvnc-1.0.24.tar.gz All Unix, Mac OS X, and Windows binari es and source TGZ. (~15MB) - [52]ssvnc-1.0.23.zip All Unix, Mac OS X, and Windows binari + [52]ssvnc-1.0.24.zip All Unix, Mac OS X, and Windows binari es and source ZIP. (~15MB) - [53]ssvnc_all-1.0.23.zip All Unix, Mac OS X, and Windows binari + [53]ssvnc_all-1.0.24.zip All Unix, Mac OS X, and Windows binari es and source AND full archives in the zip dir. (~18MB) Here is a conventional source tarball: - [54]ssvnc-1.0.23.src.tar.gz Conventional Source for SSVNC GUI and + [54]ssvnc-1.0.24.src.tar.gz Conventional Source for SSVNC GUI and Unix VNCviewer (~0.4MB) it will be of use to those who do not want the SSVNC @@ -12626,18 +12695,19 @@ Unix VNCviewer (~0.4MB) "ssvnc_all", you may need to run the "./build.unix" script in the top directory to recompile for your operating system. - Here are the corresponding 1.0.24 development bundles: + Here are the corresponding 1.0.25 development bundles (Please help + testing them): - [56]ssvnc_windows_only-1.0.24.zip - [57]ssvnc_no_windows-1.0.24.tar.gz - [58]ssvnc_unix_only-1.0.24.tar.gz - [59]ssvnc_unix_minimal-1.0.24.tar.gz + [56]ssvnc_windows_only-1.0.25.zip + [57]ssvnc_no_windows-1.0.25.tar.gz + [58]ssvnc_unix_only-1.0.25.tar.gz + [59]ssvnc_unix_minimal-1.0.25.tar.gz - [60]ssvnc-1.0.24.tar.gz - [61]ssvnc-1.0.24.zip - [62]ssvnc_all-1.0.24.zip + [60]ssvnc-1.0.25.tar.gz + [61]ssvnc-1.0.25.zip + [62]ssvnc_all-1.0.25.zip - [63]ssvnc-1.0.24.src.tar.gz Conventional Source for SSVNC GUI and + [63]ssvnc-1.0.25.src.tar.gz Conventional Source for SSVNC GUI and Unix VNCviewer (~0.4MB) @@ -12657,6 +12727,7 @@ Unix VNCviewer (~0.4MB) [68]Release 1.0.21 at Sourceforge.net [69]Release 1.0.22 at Sourceforge.net [70]Release 1.0.23 at Sourceforge.net + [71]Release 1.0.24 at Sourceforge.net Please help test the UltraVNC File Transfer support in the native Unix @@ -12699,16 +12770,16 @@ Unix VNCviewer (~0.4MB) redistribute the above because of cryptographic software they contain or for other reasons. Please check out your situation and information at the following and related sites: - [71]http://www.stunnel.org - [72]http://stunnel.mirt.net - [73]http://www.openssl.org - [74]http://www.chiark.greenend.org.uk/~sgtatham/putty/ - [75]http://www.tightvnc.com - [76]http://www.realvnc.com - [77]http://sourceforge.net/projects/cotvnc/ + [72]http://www.stunnel.org + [73]http://stunnel.mirt.net + [74]http://www.openssl.org + [75]http://www.chiark.greenend.org.uk/~sgtatham/putty/ + [76]http://www.tightvnc.com + [77]http://www.realvnc.com + [78]http://sourceforge.net/projects/cotvnc/ _________________________________________________________________ - README: Here is the toplevel [78]README from the bundle. + README: Here is the toplevel [79]README from the bundle. References @@ -12758,38 +12829,39 @@ References 44. http://www.karlrunge.com/x11vnc/faq.html#faq-cups 45. http://www.karlrunge.com/x11vnc/faq.html#faq-sound 46. http://sourceforge.net/projects/ssvnc - 47. http://downloads.sourceforge.net/ssvnc/ssvnc_windows_only-1.0.23.zip?use_mirror= - 48. http://downloads.sourceforge.net/ssvnc/ssvnc_no_windows-1.0.23.tar.gz?use_mirror= - 49. http://downloads.sourceforge.net/ssvnc/ssvnc_unix_only-1.0.23.tar.gz?use_mirror= - 50. http://downloads.sourceforge.net/ssvnc/ssvnc_unix_minimal-1.0.23.tar.gz?use_mirror= - 51. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.23.tar.gz - 52. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.23.zip - 53. http://downloads.sourceforge.net/ssvnc/ssvnc_all-1.0.23.zip?use_mirror= - 54. http://downloads.sourceforge.net/ssvnc/ssvnc-1.0.23.src.tar.gz?use_mirror= + 47. http://downloads.sourceforge.net/ssvnc/ssvnc_windows_only-1.0.24.zip?use_mirror= + 48. http://downloads.sourceforge.net/ssvnc/ssvnc_no_windows-1.0.24.tar.gz?use_mirror= + 49. http://downloads.sourceforge.net/ssvnc/ssvnc_unix_only-1.0.24.tar.gz?use_mirror= + 50. http://downloads.sourceforge.net/ssvnc/ssvnc_unix_minimal-1.0.24.tar.gz?use_mirror= + 51. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.24.tar.gz + 52. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.24.zip + 53. http://downloads.sourceforge.net/ssvnc/ssvnc_all-1.0.24.zip?use_mirror= + 54. http://downloads.sourceforge.net/ssvnc/ssvnc-1.0.24.src.tar.gz?use_mirror= 55. http://www.karlrunge.com/x11vnc/etv/README.src.txt - 56. http://ssvnc.sourceforge.net/dev/ssvnc_windows_only-1.0.24.zip - 57. http://ssvnc.sourceforge.net/dev/ssvnc_no_windows-1.0.24.tar.gz - 58. http://ssvnc.sourceforge.net/dev/ssvnc_unix_only-1.0.24.tar.gz - 59. http://ssvnc.sourceforge.net/dev/ssvnc_unix_minimal-1.0.24.tar.gz - 60. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.24.tar.gz - 61. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.24.zip - 62. http://ssvnc.sourceforge.net/dev/ssvnc_all-1.0.24.zip - 63. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.24.src.tar.gz + 56. http://ssvnc.sourceforge.net/dev/ssvnc_windows_only-1.0.25.zip + 57. http://ssvnc.sourceforge.net/dev/ssvnc_no_windows-1.0.25.tar.gz + 58. http://ssvnc.sourceforge.net/dev/ssvnc_unix_only-1.0.25.tar.gz + 59. http://ssvnc.sourceforge.net/dev/ssvnc_unix_minimal-1.0.25.tar.gz + 60. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.25.tar.gz + 61. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.25.zip + 62. http://ssvnc.sourceforge.net/dev/ssvnc_all-1.0.25.zip + 63. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.25.src.tar.gz 64. http://www.karlrunge.com/x11vnc/etv/ssvnc 65. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=636282 66. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=636337 67. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=636338 68. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=640923 69. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=652804 - 70. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=691389 - 71. http://www.stunnel.org/ - 72. http://stunnel.mirt.net/ - 73. http://www.openssl.org/ - 74. http://www.chiark.greenend.org.uk/~sgtatham/putty/ - 75. http://www.tightvnc.com/ - 76. http://www.realvnc.com/ - 77. http://sourceforge.net/projects/cotvnc/ - 78. http://www.karlrunge.com/x11vnc/README.ssvnc.html + 70. http://sourceforge.net/projects/ssvnc/files/ssvnc/1.0.23/ + 71. http://sourceforge.net/projects/ssvnc/files/ssvnc/1.0.24/ + 72. http://www.stunnel.org/ + 73. http://stunnel.mirt.net/ + 74. http://www.openssl.org/ + 75. http://www.chiark.greenend.org.uk/~sgtatham/putty/ + 76. http://www.tightvnc.com/ + 77. http://www.realvnc.com/ + 78. http://sourceforge.net/projects/cotvnc/ + 79. http://www.karlrunge.com/x11vnc/README.ssvnc.html ======================================================================= http://www.karlrunge.com/x11vnc/x11vnc_opts.html: @@ -12802,7 +12874,7 @@ x11vnc: a VNC server for real X displays Here are all of x11vnc command line options: % x11vnc -opts (see below for -help long descriptions) -x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-10-15 +x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-11-18 x11vnc options: -display disp -auth file -N @@ -12824,77 +12896,78 @@ x11vnc options: -grabalways -viewpasswd string -passwdfile filename -showrfbauth filename -unixpw [list] -unixpw_nis [list] -unixpw_cmd cmd -find -finddpy - -listdpy -create -xdummy - -xvnc -xvnc_redirect -svc - -svc_xdummy -svc_xvnc -xdmsvc - -sshxdmsvc -unixpw_system_greeter -redirect port - -display WAIT:... -vencrypt mode -anontls mode - -sslonly -dhparams file -nossl - -ssl [pem] -ssltimeout n -sslnofail - -ssldir [dir] -sslverify [path] -sslCRL path - -sslGenCA [dir] -sslGenCert type name -sslEncKey [pem] - -sslCertInfo [pem] -sslDelCert [pem] -stunnel [pem] - -stunnel3 [pem] -enc cipher:keyfile -https [port] - -httpsredir [port] -http_oneport -ssh user@host:disp - -usepw -storepasswd pass file -nopw - -accept string -afteraccept string -gone string - -users list -noshm -flipbyteorder - -onetile -solid [color] -blackout string - -xinerama -noxinerama -xtrap - -xrandr [mode] -rotate string -padgeom WxH - -o logfile -flag file -rmflag file - -rc filename -norc -env VAR=VALUE - -prog /path/to/x11vnc -h, -help -?, -opts - -V, -version -license -dbg - -q, -quiet -v, -verbose -bg - -modtweak -nomodtweak -xkb - -noxkb -capslock -skip_lockkeys - -noskip_lockkeys -skip_keycodes string -sloppy_keys - -skip_dups -noskip_dups -add_keysyms - -noadd_keysyms -clear_mods -clear_keys - -clear_all -remap string -norepeat - -repeat -nofb -nobell - -nosel -noprimary -nosetprimary - -noclipboard -nosetclipboard -seldir string - -cursor [mode] -nocursor -cursor_drag - -arrow n -noxfixes -alphacut n - -alphafrac fraction -alpharemove -noalphablend - -nocursorshape -cursorpos -nocursorpos - -xwarppointer -noxwarppointer -buttonmap string - -nodragging -ncache n -ncache_cr - -ncache_no_moveraise -ncache_no_dtchange -ncache_no_rootpixmap - -ncache_keep_anims -ncache_old_wm -ncache_pad n - -debug_ncache -wireframe [str] -nowireframe - -nowireframelocal -wirecopyrect mode -nowirecopyrect - -debug_wireframe -scrollcopyrect mode -noscrollcopyrect - -scr_area n -scr_skip list -scr_inc list - -scr_keys list -scr_term list -scr_keyrepeat lo-hi - -scr_parms string -fixscreen string -debug_scroll - -noxrecord -grab_buster -nograb_buster - -debug_grabs -debug_sel -pointer_mode n - -input_skip n -allinput -speeds rd,bw,lat - -wmdt string -debug_pointer -debug_keyboard - -defer time -wait time -extra_fbur n - -wait_ui factor -setdefer n -nowait_bog - -slow_fb time -xrefresh time -nap - -nonap -sb time -readtimeout n - -ping n -nofbpm -fbpm - -nodpms -dpms -forcedpms - -clientdpms -noserverdpms -noultraext - -chatwindow -noxdamage -xd_area A - -xd_mem f -sigpipe string -threads - -nothreads -fs f -gaps n - -grow n -fuzz n -debug_tiles - -snapfb -rawfb string -freqtab file - -pipeinput cmd -macnodim -macnosleep - -macnosaver -macnowait -macwheel n - -macnoswap -macnoresize -maciconanim n - -macmenu -macuskbd -gui [gui-opts] - -remote command -query variable -QD variable - -sync -query_retries str -remote_prefix str - -noremote -yesremote -unsafe - -safer -privremote -nocmds - -allowedcmds list -deny_all + -listdpy -findauth [disp] -create + -xdummy -xvnc -xvnc_redirect + -svc -svc_xdummy -svc_xvnc + -xdmsvc -sshxdmsvc -unixpw_system_greeter + -redirect port -display WAIT:... -vencrypt mode + -anontls mode -sslonly -dhparams file + -nossl -ssl [pem] -ssltimeout n + -sslnofail -ssldir [dir] -sslverify [path] + -sslCRL path -sslGenCA [dir] -sslGenCert type name + -sslEncKey [pem] -sslCertInfo [pem] -sslDelCert [pem] + -stunnel [pem] -stunnel3 [pem] -enc cipher:keyfile + -https [port] -httpsredir [port] -http_oneport + -ssh user@host:disp -usepw -storepasswd pass file + -nopw -accept string -afteraccept string + -gone string -users list -noshm + -flipbyteorder -onetile -solid [color] + -blackout string -xinerama -noxinerama + -xtrap -xrandr [mode] -rotate string + -padgeom WxH -o logfile -flag file + -rmflag file -rc filename -norc + -env VAR=VALUE -prog /path/to/x11vnc -h, -help + -?, -opts -V, -version -license + -dbg -q, -quiet -v, -verbose + -bg -modtweak -nomodtweak + -xkb -noxkb -capslock + -skip_lockkeys -noskip_lockkeys -skip_keycodes string + -sloppy_keys -skip_dups -noskip_dups + -add_keysyms -noadd_keysyms -clear_mods + -clear_keys -clear_all -remap string + -norepeat -repeat -nofb + -nobell -nosel -noprimary + -nosetprimary -noclipboard -nosetclipboard + -seldir string -cursor [mode] -nocursor + -cursor_drag -arrow n -noxfixes + -alphacut n -alphafrac fraction -alpharemove + -noalphablend -nocursorshape -cursorpos + -nocursorpos -xwarppointer -noxwarppointer + -buttonmap string -nodragging -ncache n + -ncache_cr -ncache_no_moveraise -ncache_no_dtchange + -ncache_no_rootpixmap -ncache_keep_anims -ncache_old_wm + -ncache_pad n -debug_ncache -wireframe [str] + -nowireframe -nowireframelocal -wirecopyrect mode + -nowirecopyrect -debug_wireframe -scrollcopyrect mode + -noscrollcopyrect -scr_area n -scr_skip list + -scr_inc list -scr_keys list -scr_term list + -scr_keyrepeat lo-hi -scr_parms string -fixscreen string + -debug_scroll -noxrecord -grab_buster + -nograb_buster -debug_grabs -debug_sel + -pointer_mode n -input_skip n -allinput + -speeds rd,bw,lat -wmdt string -debug_pointer + -debug_keyboard -defer time -wait time + -extra_fbur n -wait_ui factor -setdefer n + -nowait_bog -slow_fb time -xrefresh time + -nap -nonap -sb time + -readtimeout n -ping n -nofbpm + -fbpm -nodpms -dpms + -forcedpms -clientdpms -noserverdpms + -noultraext -chatwindow -noxdamage + -xd_area A -xd_mem f -sigpipe string + -threads -nothreads -fs f + -gaps n -grow n -fuzz n + -debug_tiles -snapfb -rawfb string + -freqtab file -pipeinput cmd -macnodim + -macnosleep -macnosaver -macnowait + -macwheel n -macnoswap -macnoresize + -maciconanim n -macmenu -macuskbd + -gui [gui-opts] -remote command -query variable + -QD variable -sync -query_retries str + -remote_prefix str -noremote -yesremote + -unsafe -safer -privremote + -nocmds -allowedcmds list -deny_all + libvncserver options: -rfbport port TCP port for RFB protocol @@ -12928,7 +13001,7 @@ libvncserver-tight-extension options: % x11vnc -help -x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-10-15 +x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-11-18 (type "x11vnc -opts" to just list the options.) @@ -12992,6 +13065,10 @@ Options: before startup. Same as -xauth file. See Xsecurity(7), xauth(1) man pages for more info. + Use '-auth guess' to have x11vnc use its -findauth + mechanism (described below) to try to guess the + XAUTHORITY filename and use it. + -N If the X display is :N, try to set the VNC display to also be :N This just sets the -rfbport option to 5900+N The program will exit immediately if that port is not @@ -13015,6 +13092,14 @@ Options: X session. Note: the reopened state may be unstable. Set X11VNC_REOPEN_DISPLAY=n to reopen n times. + Update: as of 0.9.9, x11vnc tries to automatically avoid + being killed by the display manager by delaying creating + windows or using XFIXES. So you shouldn't need to use + KillInitClients=false as long as you log in quickly + enough (within 45 seconds of connecting.) You can + disable this by setting X11VNC_AVOID_WINDOWS=never. + You can also set it to the number of seconds to delay. + -reflect host:N Instead of connecting to and polling an X display, connect to the remote VNC server host:N and be a reflector/repeater for it. This is useful for trying @@ -13291,6 +13376,18 @@ Options: -timeout n Exit unless a client connects within the first n seconds after startup. + If there have been no connection attempts after n + seconds x11vnc exits immediately. If a client is + trying to connect but has not progressed to the normal + operating state, x11vnc gives it a few more seconds + to finish and exits if it does not make it to the + normal state. + + For reverse connections via -connect or -connect_or_exit + a timeout of n seconds will be set for all reverse + connects. If the connect timeout alarm goes off, + x11vnc will exit immediately. + -sleepin n At startup sleep n seconds before proceeding (e.g. to allow redirs and listening clients to start up) @@ -13893,6 +13990,18 @@ Options: (i.e. all the X displays on the local machine that you have access rights to). +-findauth [disp] Apply the -find/-finddpy heuristics to try to guess the + XAUTHORITY file for DISPLAY 'disp'. If 'disp' is not + supplied, then the value in the -display earlier in + the cmdline is used; failing that $DISPLAY is used; + and failing that ":0" is used. + + If nothing is printed out, that means no XAUTHORITY was + found for 'disp'. If "XAUTHORITY=" is printed out, + that means use the default (i.e. do not set XAUTHORITY). + If "XAUTHORITY=/path/to/file" is printed out, then + use that file. + -create First try to find the user's display using FINDDISPLAY, if that doesn't succeed create an X session via the FINDCREATEDISPLAY method. This is an alias for @@ -13974,6 +14083,10 @@ Options: in before the user hits Escape. The username is ignored but the colon options are not. + The default message is 2 lines in a small font, set + the env. var. X11VNC_SYSTEM_GREETER1=true for a 1 line + message in a larger font. + If the user pressed Escape the FINDCREATEDISPLAY command will be run with the env. var. X11VNC_XDM_ONLY=1. @@ -15461,6 +15574,8 @@ t force it by prefixing color with "gnome:", "kde:", "cde:", "xfce:", or "root:". + Update: -solid no longer works on KDE4. + This mode works in a limited way on the Mac OS X Console with one color ('kelp') using the screensaver writing to the background. Look in "~/Library/Screen Savers" @@ -15913,6 +16028,15 @@ t -noxfixes Do not use the XFIXES extension to draw the exact cursor shape even if it is available. + + Note: To work around a crash in Xorg 1.5 and later + some people needed to use -noxfixes. The Xorg crash + occurred right after a Display Manager (e.g. GDM) login. + Starting with x11vnc 0.9.9 it tries to automatically + avoid using XFIXES until it is sure a window manager + is running. See the -reopen option for more info and + how to use X11VNC_AVOID_WINDOWS=never to disable it. + -alphacut n When using the XFIXES extension for the cursor shape, cursors with transparency will not usually be displayed exactly (but opaque ones will). This option sets n as @@ -17963,9 +18087,9 @@ n macnoresize macresize nomacnoresize maciconanim macmenu macnomenu nomacmenu macuskbd nomacuskbd noremote - aro= noop display vncdisplay autoport loop loopbg - desktopname guess_desktop guess_dbus http_url - auth xauth users rootshift clipshift scale_str + aro= noop display vncdisplay icon_mode autoport + loop loopbg desktopname guess_desktop guess_dbus + http_url auth xauth users rootshift clipshift scale_str scaled_x scaled_y scale_numer scale_denom scale_fac_x scale_fac_y scaling_blend scaling_nomult4 scaling_pad scaling_interpolate inetd privremote unsafe safer @@ -18082,7 +18206,7 @@ n stunnel, ssl, unixpw, WAIT, zeroconf, id, accept, afteraccept, gone, pipeinput, v4l-info, rawfb-setup, dt, gui, ssh, storepasswd, passwdfile, custom_passwd, - crash. + findauth, crash. See each option's help to learn the associated external command. Note that the -nocmds option takes precedence diff --git a/x11vnc/cleanup.c b/x11vnc/cleanup.c index 7d57d90..5d2339d 100644 --- a/x11vnc/cleanup.c +++ b/x11vnc/cleanup.c @@ -332,6 +332,7 @@ static int XIOerr(Display *d) { rfbLog("*** XIO error: Note the reopened state may be unstable.\n"); usleep (3000 * 1000); dpy = XOpenDisplay_wr(dstr); + last_open_xdisplay = time(NULL); if (dpy) { rfbLog("*** XIO error: Reopened display '%s' successfully.\n", dstr); if (db) rfbLog("*** XIO error: '%s' 0x%x\n", dstr, dpy); diff --git a/x11vnc/connections.c b/x11vnc/connections.c index 942b715..9f8431a 100644 --- a/x11vnc/connections.c +++ b/x11vnc/connections.c @@ -127,7 +127,8 @@ int all_clients_initialized(void) { while( (cl = rfbClientIteratorNext(iter)) ) { if (cl->state != RFB_NORMAL) { ok = 0; - break; + } else { + client_normal_count++; } } rfbReleaseClientIterator(iter); @@ -2352,6 +2353,20 @@ char *get_repeater_string(char *str, int *len) { return prestring; } +#ifndef USE_TIMEOUT_INTERRUPT +#define USE_TIMEOUT_INTERRUPT 0 +#endif + +static void reverse_connect_timeout (int sig) { + rfbLog("sig: %d, reverse_connect_timeout.\n", sig); +#if USE_TIMEOUT_INTERRUPT + rfbLog("reverse_connect_timeout proceeding assuming connect(2) interrupt.\n"); +#else + clean_up_exit(0); +#endif +} + + /* * Do a reverse connect for a single "host" or "host:port" */ @@ -2362,6 +2377,7 @@ static int do_reverse_connect(char *str_in) { char *prestring = NULL; int prestring_len = 0; int rport = 5500, len = strlen(str); + int set_alarm = 0; if (len < 1) { return 0; @@ -2432,7 +2448,19 @@ static int do_reverse_connect(char *str_in) { /* XXX use header */ #define OPENSSL_REVERSE 4 openssl_init(1); + + if (first_conn_timeout > 0) { + set_alarm = 1; + signal(SIGALRM, reverse_connect_timeout); +#if USE_TIMEOUT_INTERRUPT + siginterrupt(SIGALRM, 1); +#endif + rfbLog("reverse_connect: using alarm() timeout of %d seconds.\n", first_conn_timeout); + alarm(first_conn_timeout); + } accept_openssl(OPENSSL_REVERSE, vncsock); + if (set_alarm) {alarm(0); signal(SIGALRM, SIG_DFL);} + openssl_init(0); free(host); return 1; @@ -2467,8 +2495,19 @@ static int do_reverse_connect(char *str_in) { } } + if (first_conn_timeout > 0) { + set_alarm = 1; + signal(SIGALRM, reverse_connect_timeout); +#if USE_TIMEOUT_INTERRUPT + siginterrupt(SIGALRM, 1); +#endif + rfbLog("reverse_connect: using alarm() timeout of %d seconds.\n", first_conn_timeout); + alarm(first_conn_timeout); + } + if (connect_proxy != NULL) { int sock = proxy_connect(host, rport); + if (set_alarm) {alarm(0); signal(SIGALRM, SIG_DFL);} if (sock >= 0) { if (prestring != NULL) { write(sock, prestring, prestring_len); @@ -2480,6 +2519,7 @@ static int do_reverse_connect(char *str_in) { } } else if (prestring != NULL) { int sock = rfbConnectToTcpAddr(host, rport); + if (set_alarm) {alarm(0); signal(SIGALRM, SIG_DFL);} if (sock >= 0) { write(sock, prestring, prestring_len); free(prestring); @@ -2489,6 +2529,7 @@ static int do_reverse_connect(char *str_in) { } } else { cl = rfbReverseConnection(screen, host, rport); + if (set_alarm) {alarm(0); signal(SIGALRM, SIG_DFL);} if (cl != NULL && use_threads) { cl->onHold = FALSE; rfbStartOnHoldClient(cl); @@ -3227,7 +3268,7 @@ char *wininfo(Window win, int show_children) { children = (Window *) calloc(2 * sizeof(Window), 1); children[0] = win; } - for (n=0; n < nchildren; n++) { + for (n=0; n < (int) nchildren; n++) { char tmp[32]; char *str = "Invalid"; Window w = children[n]; @@ -3239,7 +3280,7 @@ char *wininfo(Window win, int show_children) { str = tmp; } } - if (strlen(get_str) + 1 + strlen(str) >= size) { + if ((int) (strlen(get_str) + 1 + strlen(str)) >= size) { break; } if (n > 0) { @@ -3523,7 +3564,6 @@ enum rfbNewClientAction new_client(rfbClientPtr client) { clients_served++; - if (use_openssl || use_stunnel) { if (! ssl_initialized) { rfbLog("denying additional client: %s ssl not setup" diff --git a/x11vnc/cursor.c b/x11vnc/cursor.c index 2409872..7ac0302 100644 --- a/x11vnc/cursor.c +++ b/x11vnc/cursor.c @@ -41,6 +41,7 @@ so, delete this exception statement from your version. #include "macosx.h" int xfixes_present = 0; +int xfixes_first_initialized = 0; int use_xfixes = 1; int got_xfixes_cursor_notify = 0; int cursor_changes = 0; @@ -984,6 +985,7 @@ static void tree_descend_cursor(int *depth, Window *w, win_str_info_t *winfo) { void initialize_xfixes(void) { #if LIBVNCSERVER_HAVE_LIBXFIXES if (xfixes_present) { + xfixes_first_initialized = 1; X_LOCK; if (use_xfixes) { XFixesSelectCursorInput(dpy, rootwin, @@ -1319,6 +1321,9 @@ static int get_exact_cursor(int init) { if (last_idx) { which = last_idx; } + if (! xfixes_first_initialized) { + return which; + } if (! got_xfixes_cursor_notify && xfixes_base_event_type) { /* try again for XFixesCursorNotify event */ diff --git a/x11vnc/cursor.h b/x11vnc/cursor.h index 5fb75c7..22e8621 100644 --- a/x11vnc/cursor.h +++ b/x11vnc/cursor.h @@ -36,6 +36,7 @@ so, delete this exception statement from your version. /* -- cursor.h -- */ extern int xfixes_present; +extern int xfixes_first_initialized; extern int use_xfixes; extern int got_xfixes_cursor_notify; extern int cursor_changes; diff --git a/x11vnc/enc.h b/x11vnc/enc.h index 26e3c01..4c43b8d 100644 --- a/x11vnc/enc.h +++ b/x11vnc/enc.h @@ -36,7 +36,7 @@ so, delete this exception statement from your version. /* -- enc.h -- */ #if 0 -:r /home/runge/ultraSC/rc4/ultravnc_dsm_helper.c +:r /home/runge/uvnc/ultraSC/rc4/ultravnc_dsm_helper.c #endif /* @@ -100,14 +100,29 @@ static char *usage = "\n" "usage: ultravnc_dsm_helper cipher keyfile listenport remotehost:port\n" "\n" - "e.g.: ultravnc_dsm_helper arc4 ./arc4.key 5901 snoopy.com:5900\n" + "e.g.: ultravnc_dsm_helper arc4 ./arc4.key 5901 snoopy.net:5900\n" "\n" " cipher: specify 'msrc4', 'msrc4_sc', 'arc4', 'aesv2',\n" - " 'aes-cfb', 'aes256', 'blowfish', or '3des'.\n" + " 'aes-cfb', 'aes256', 'blowfish', '3des',\n" + " 'securevnc'.\n" "\n" " 'msrc4_sc' enables a workaround for UVNC SC -plugin use.\n" + " (it might not be required in SC circa 2009 and later; try 'msrc4'.)\n" "\n" - " use '.' to have it try to guess the cipher from the keyfile name.\n" + " use 'securevnc' for SecureVNCPlugin (RSA key exchange). 'keyfile' is\n" + " used as a server RSA keystore in this mode. If 'keyfile' does not\n" + " exist the user is prompted whether to save the key or not (a MD5\n" + " hash of it is shown) If 'keyfile' already exists the server key\n" + " must match its contents or the connection is dropped.\n" + "\n" + " HOWEVER, if 'keyfile' ends in the string 'ClientAuth.pkey', then the\n" + " normal SecureVNCPlugin client key authentication is performed.\n" + " If you want to do both have 'keyfile' end with 'ClientAuth.pkey.rsa'\n" + " that file will be used for the RSA keystore, and the '.rsa' will be\n" + " trimmed off and the remaining name used as the Client Auth file.\n" + "\n" + " use '.' to have it try to guess the cipher from the keyfile name,\n" + " e.g. 'arc4.key' implies arc4, 'rc4.key' implies msrc4, etc.\n" "\n" " use 'rev:arc4', etc. to reverse the roles of encrypter and decrypter.\n" " (i.e. if you want to use it for a vnc server, not vnc viewer)\n" @@ -119,8 +134,9 @@ static char *usage = " use 'noultra:rev:...' if both are to be supplied.\n" "\n" " keyfile: file holding the key (16 bytes for arc4 and aesv2, 87 for msrc4)\n" - " E.g. dd if=/dev/random of=./my.key bs=16 count=1\n" - " keyfile can also be pw=<string> to use \"string\" for the key.\n" + " E.g. dd if=/dev/random of=./my.key bs=16 count=1\n" + " keyfile can also be pw=<string> to use \"string\" for the key.\n" + " Or for 'securevnc' the RSA keystore and/or ClientAuth file.\n" "\n" " listenport: port to listen for incoming connection on. (use 0 to connect\n" " to stdio, use a negative value to force localhost)\n" @@ -182,6 +198,8 @@ static char *prog = "ultravnc_dsm_helper"; #if ENC_HAVE_OPENSSL #include <openssl/evp.h> #include <openssl/rand.h> +#include <openssl/rsa.h> +#include <openssl/err.h> static const EVP_CIPHER *Cipher; static const EVP_MD *Digest; #endif @@ -229,6 +247,18 @@ static pid_t parent, child; # define PRINT_LOOP_DBG3 #endif +/* SecureVNCPlugin from: http://adamwalling.com/SecureVNC/ */ +#define SECUREVNC_RSA_PUBKEY_SIZE 270 +#define SECUREVNC_ENCRYPTED_KEY_SIZE 256 +#define SECUREVNC_SIGNATURE_SIZE 256 +#define SECUREVNC_KEY_SIZE 16 +#define SECUREVNC_RESERVED_SIZE 4 +#define SECUREVNC_RC4_DROP_BYTES 3072 +#define SECUREVNC_RAND_KEY_SOURCE 1024 +static int securevnc = 0; +static int securevnc_arc4 = 0; +static char *securevnc_file = NULL; + static void enc_connections(int, char*, int); #if !ENC_HAVE_OPENSSL @@ -261,7 +291,7 @@ extern void enc_do(char *ciph, char *keyfile, char *lport, char *rhp) { struct stat sb; char *q, *p, *connect_host; char tmp[16]; - int fd, len, listen_port, connect_port, mbits; + int fd, len = 0, listen_port, connect_port, mbits; q = ciph; @@ -303,6 +333,10 @@ extern void enc_do(char *ciph, char *keyfile, char *lport, char *rhp) { } else if (strstr(q, "3des") == q) { Cipher = EVP_des_ede3_cfb(); cipher = "3des"; + } else if (strstr(q, "securevnc") == q) { + Cipher = EVP_aes_128_ofb(); cipher = "securevnc"; + securevnc = 1; + } else if (strstr(q, ".") == q) { /* otherwise, try to guess cipher from key filename: */ if (strstr(keyfile, "arc4.key")) { @@ -326,6 +360,10 @@ extern void enc_do(char *ciph, char *keyfile, char *lport, char *rhp) { } else if (strstr(keyfile, "3des.key")) { Cipher = EVP_des_ede3_cfb(); cipher = "3des"; + } else if (strstr(keyfile, "securevnc.")) { + Cipher = EVP_aes_128_ofb(); cipher = "securevnc"; + securevnc = 1; + } else { fprintf(stderr, "cannot figure out cipher, supply 'msrc4', 'arc4', or 'aesv2' ...\n"); exit(1); @@ -336,7 +374,11 @@ extern void enc_do(char *ciph, char *keyfile, char *lport, char *rhp) { } /* set the default message digest (md5) */ - Digest = EVP_md5(); + if (!securevnc) { + Digest = EVP_md5(); + } else { + Digest = EVP_sha1(); + } /* * Look for user specified salt and IV sizes at the end @@ -406,6 +448,15 @@ extern void enc_do(char *ciph, char *keyfile, char *lport, char *rhp) { /* check for and read in the key file */ memset(keydata, 0, sizeof(keydata)); + + if (securevnc) { + /* note the keyfile for rsa verification later */ + if (keyfile != NULL && strcasecmp(keyfile, "none")) { + securevnc_file = keyfile; + } + goto readed_in; + } + if (stat(keyfile, &sb) != 0) { if (strstr(keyfile, "pw=") == keyfile) { /* user specified key/password on cmdline */ @@ -498,12 +549,13 @@ static void enc_xfer(int sock_fr, int sock_to, int encrypt) { unsigned char E_keystr[EVP_MAX_KEY_LENGTH]; unsigned char D_keystr[EVP_MAX_KEY_LENGTH]; EVP_CIPHER_CTX E_ctx, D_ctx; - EVP_CIPHER_CTX *ctx; + EVP_CIPHER_CTX *ctx = NULL; unsigned char buf[BSIZE], out[BSIZE]; unsigned char *psrc = NULL, *keystr; unsigned char salt[SALT+1]; - unsigned char ivec[EVP_MAX_IV_LENGTH]; + unsigned char ivec_real[EVP_MAX_IV_LENGTH]; + unsigned char *ivec = ivec_real; int i, cnt, len, m, n = 0, vb = 0, first = 1; int whoops = 1; /* for the msrc4 problem */ @@ -513,7 +565,7 @@ static void enc_xfer(int sock_fr, int sock_to, int encrypt) { memset(buf, 0, BSIZE); memset(out, 0, BSIZE); memset(salt, 0, sizeof(salt)); - memset(ivec, 0, sizeof(ivec)); + memset(ivec_real, 0, sizeof(ivec_real)); memset(E_keystr, 0, sizeof(E_keystr)); memset(D_keystr, 0, sizeof(D_keystr)); @@ -538,7 +590,22 @@ static void enc_xfer(int sock_fr, int sock_to, int encrypt) { encstr = encrypt ? "encrypt" : "decrypt"; /* string for messages */ encsym = encrypt ? "+" : "-"; + /* use the encryption/decryption context variables below */ if (encrypt) { + ctx = &E_ctx; + keystr = E_keystr; + } else { + ctx = &D_ctx; + keystr = D_keystr; + } + + if (securevnc) { + first = 0; /* no need for salt+iv on first time */ + salt_size = 0; /* we want no salt */ + n = 0; /* nothing read */ + ivec_size = 0; /* we want no IV. */ + ivec = NULL; + } else if (encrypt) { /* encrypter initializes the salt and initialization vector */ /* @@ -558,10 +625,6 @@ static void enc_xfer(int sock_fr, int sock_to, int encrypt) { ENC_PT_DBG(buf, n); - /* use the encryption context variables below */ - ctx = &E_ctx; - keystr = E_keystr; - } else { /* decrypter needs to read salt + iv from the wire: */ @@ -615,10 +678,6 @@ static void enc_xfer(int sock_fr, int sock_to, int encrypt) { } } } - - /* use the decryption context variables below */ - ctx = &D_ctx; - keystr = D_keystr; } /* debug output */ @@ -644,8 +703,10 @@ static void enc_xfer(int sock_fr, int sock_to, int encrypt) { (unsigned char *) keydata, NULL, encrypt); } } else { - /* XXX might not be correct */ + /* XXX might not be correct, just exit. */ + fprintf(stderr, "%s: %s - Not sure about msrc4 && !whoops case, exiting.\n", prog, encstr); exit(1); + EVP_BytesToKey(Cipher, Digest, NULL, (unsigned char *) keydata, keydata_len, 1, keystr, ivec); EVP_CIPHER_CTX_init(ctx); @@ -654,10 +715,12 @@ static void enc_xfer(int sock_fr, int sock_to, int encrypt) { } } else { - unsigned char *in_salt; + unsigned char *in_salt = NULL; /* check salt and IV source and size. */ - if (salt_size <= 0) { + if (securevnc) { + in_salt = NULL; + } else if (salt_size <= 0) { /* let salt_size = 0 mean keep it out of the MD5 */ fprintf(stderr, "%s: %s - WARNING: no salt\n", prog, encstr); @@ -665,7 +728,8 @@ static void enc_xfer(int sock_fr, int sock_to, int encrypt) { } else { in_salt = salt; } - if (ivec_size < Cipher->iv_len) { + + if (ivec_size < Cipher->iv_len && !securevnc) { fprintf(stderr, "%s: %s - WARNING: short IV %d < %d\n", prog, encstr, ivec_size, Cipher->iv_len); } @@ -697,6 +761,9 @@ static void enc_xfer(int sock_fr, int sock_to, int encrypt) { * Ultra DSM compatibility mode. Note that this * clobbers the ivec we set up above! Under * noultra we overwrite ivec only if ivec_size=0. + * + * SecureVNC also goes through here. in_salt and ivec are NULL. + * And ivec is NULL below in the EVP_CipherInit_ex() call. */ EVP_BytesToKey(Cipher, Digest, in_salt, (unsigned char *) keydata, keydata_len, 1, keystr, ivec); @@ -710,13 +777,21 @@ static void enc_xfer(int sock_fr, int sock_to, int encrypt) { /* set the cipher & initialize */ /* - * XXX N.B.: DSM plugin had encrypt=1 for both - * (i.e. perfectly symmetric) + * XXX N.B.: DSM plugin implementation had encrypt=1 + * for both (i.e. perfectly symmetric) */ EVP_CipherInit_ex(ctx, Cipher, NULL, keystr, ivec, encrypt); } + if (securevnc && securevnc_arc4) { + /* need to discard initial 3072 bytes */ + unsigned char buf1[SECUREVNC_RC4_DROP_BYTES]; + unsigned char buf2[SECUREVNC_RC4_DROP_BYTES]; + int cnt = 0; + EVP_CipherUpdate(ctx, buf1, &cnt, buf2, SECUREVNC_RC4_DROP_BYTES); + } + /* debug output */ PRINT_KEYSTR_AND_FRIENDS; @@ -825,6 +900,474 @@ static void enc_xfer(int sock_fr, int sock_to, int encrypt) { } } +static int securevnc_server_rsa_save_dialog(char *file, char *md5str, unsigned char* rsabuf) { + /* since we are likely running in the background, use this kludge by running tk */ + FILE *p; + char str[2], *q = file, *cmd = getenv("WISH") ? getenv("WISH") : "wish"; + int rc; + + memset(str, 0, sizeof(str)); + + p = popen(cmd, "w"); + if (p == NULL) { + fprintf(stderr, "checkserver_rsa: could not run: %s\n", cmd); + return 0; + } + + /* start piping tk/tcl code to it: */ + fprintf(p, "wm withdraw .\n"); + fprintf(p, "set x [expr [winfo screenwidth .]/2]\n"); + fprintf(p, "set y [expr [winfo screenheight .]/2]\n"); + fprintf(p, "wm geometry . +$x+$y; update\n"); + fprintf(p, "catch {option add *Dialog.msg.font {helvetica -14 bold}}\n"); + fprintf(p, "catch {option add *Dialog.msg.wrapLength 6i}\n"); + fprintf(p, "set ans [tk_messageBox -title \"Save and Trust UltraVNC RSA Key?\" -icon question "); + fprintf(p, "-type yesno -message \"Save and Trust UltraVNC SecureVNCPlugin RSA Key\\n\\n"); + fprintf(p, "With MD5 sum: %s\\n\\n", md5str); + fprintf(p, "In file: "); + while (*q != '\0') { + /* sanitize user supplied string: */ + str[0] = *q; + if (strpbrk(str, "[](){}`'\"$&*|<>") == NULL) { + fprintf(p, "%s", str); + } + q++; + } + fprintf(p, " ?\"]\n"); + fprintf(p, "if { $ans == \"yes\" } {destroy .; exit 0} else {destroy .; exit 1}\n"); + rc = pclose(p); + if (rc == 0) { + fprintf(stderr, "checkserver_rsa: query returned: %d. saving it.\n", rc); + p = fopen(file, "w"); + if (p == NULL) { + fprintf(stderr, "checkserver_rsa: could not open %s\n", file); + return 0; + } + write(fileno(p), rsabuf, SECUREVNC_RSA_PUBKEY_SIZE); + fclose(p); + return 2; + } else { + fprintf(stderr, "checkserver_rsa: query returned: %d. NOT saving it.\n", rc); + return -1; + } +} + +static char *rsa_md5_sum(unsigned char* rsabuf) { + EVP_MD_CTX md; + char digest[EVP_MAX_MD_SIZE], tmp[16]; + char md5str[EVP_MAX_MD_SIZE * 8]; + unsigned int i, size = 0; + + EVP_DigestInit(&md, EVP_md5()); + EVP_DigestUpdate(&md, rsabuf, SECUREVNC_RSA_PUBKEY_SIZE); + EVP_DigestFinal(&md, (unsigned char *)digest, &size); + + memset(md5str, 0, sizeof(md5str)); + for (i=0; i < size; i++) { + unsigned char uc = (unsigned char) digest[i]; + sprintf(tmp, "%02x", (int) uc); + strcat(md5str, tmp); + } + return strdup(md5str); +} + +static int securevnc_check_server_rsa(char *file, unsigned char *rsabuf) { + struct stat sb; + unsigned char filebuf[SECUREVNC_RSA_PUBKEY_SIZE]; + char *md5str = rsa_md5_sum(rsabuf); + + if (!file) { + return 0; + } + + memset(filebuf, 0, sizeof(filebuf)); + if (stat(file, &sb) == 0) { + int n, fd, i, ok = 1; + + if (sb.st_size != SECUREVNC_RSA_PUBKEY_SIZE) { + fprintf(stderr, "checkserver_rsa: file is wrong size: %d != %d '%s'\n", + (int) sb.st_size, SECUREVNC_RSA_PUBKEY_SIZE, file); + return 0; + } + + fd = open(file, O_RDONLY); + if (fd < 0) { + fprintf(stderr, "checkserver_rsa: could not open: '%s'\n", file); + return 0; + } + + n = (int) read(fd, filebuf, SECUREVNC_RSA_PUBKEY_SIZE); + close(fd); + if (n != SECUREVNC_RSA_PUBKEY_SIZE) { + fprintf(stderr, "checkserver_rsa: could not read all of file: %d != %d '%s'\n", + n, SECUREVNC_RSA_PUBKEY_SIZE, file); + return 0; + } + + for (i=0; i < SECUREVNC_RSA_PUBKEY_SIZE; i++) { + if (filebuf[i] != rsabuf[i]) { + ok = 0; + } + } + if (!ok) { + char *str1 = rsa_md5_sum(rsabuf); + char *str2 = rsa_md5_sum(filebuf); + fprintf(stderr, "checkserver_rsa: rsa keystore contents differ for '%s'\n", file); + fprintf(stderr, "checkserver_rsa: MD5 sum of server key: %s\n", str1); + fprintf(stderr, "checkserver_rsa: MD5 sum of keystore: %s\n", str2); + } + return ok; + } else { + + fprintf(stderr, "checkserver_rsa: rsa keystore file does not exist: '%s'\n", file); + fprintf(stderr, "checkserver_rsa: asking user if we should store rsa key in it.\n\n"); + fprintf(stderr, "checkserver_rsa: RSA key has MD5 sum: %s\n\n", md5str); + + return securevnc_server_rsa_save_dialog(file, md5str, rsabuf); + } +} + +static RSA *load_client_auth(char *file) { + struct stat sb; + int fd, n; + char *contents; + RSA *rsa; + + if (!file) { + return NULL; + } + if (stat(file, &sb) != 0) { + return NULL; + } + + fd = open(file, O_RDONLY); + if (fd < 0) { + fprintf(stderr, "load_client_auth: could not open: '%s'\n", file); + return NULL; + } + + contents = (char *) malloc(sb.st_size); + n = (int) read(fd, contents, sb.st_size); + close(fd); + + if (n != sb.st_size) { + fprintf(stderr, "load_client_auth: could not read all of: '%s'\n", file); + free(contents); + return NULL; + } + + rsa = d2i_RSAPrivateKey(NULL, (const unsigned char **) ((void *) &contents), sb.st_size); + if (!rsa) { + fprintf(stderr, "load_client_auth: d2i_RSAPrivateKey failed for: '%s'\n", file); + return NULL; + } + + if (RSA_check_key(rsa) != 1) { + fprintf(stderr, "load_client_auth: rsa key invalid: '%s'\n", file); + return NULL; + } + + return rsa; +} + +static void sslexit(char *msg) { + fprintf(stderr, "%s: %s\n", msg, ERR_error_string(ERR_get_error(), NULL)); + exit(1); +} + +static void securevnc_setup(int conn1, int conn2) { + RSA *rsa = NULL; + EVP_CIPHER_CTX init_ctx; + unsigned char keystr[EVP_MAX_KEY_LENGTH]; + unsigned char *rsabuf, *rsasav; + unsigned char *encrypted_keybuf; + unsigned char *initkey; + unsigned int server_flags = 0; + unsigned char one = 1, zero = 0, sig = 16; + unsigned char b1, b2, b3, b4; + unsigned char buf[BSIZE], to_viewer[BSIZE]; + int to_viewer_len = 0; + int n = 0, len, rc; + int server = reverse ? conn1 : conn2; + int viewer = reverse ? conn2 : conn1; + char *client_auth = NULL; + int client_auth_req = 0; + int keystore_verified = 0; + + ERR_load_crypto_strings(); + + /* alloc and read from server the 270 comprising the rsa public key: */ + rsabuf = (unsigned char *) calloc(SECUREVNC_RSA_PUBKEY_SIZE, 1); + rsasav = (unsigned char *) calloc(SECUREVNC_RSA_PUBKEY_SIZE, 1); + len = 0; + while (len < SECUREVNC_RSA_PUBKEY_SIZE) { + n = read(server, rsabuf + len, SECUREVNC_RSA_PUBKEY_SIZE - len); + if (n == 0 || (n < 0 && errno != EINTR)) { + fprintf(stderr, "securevnc_setup: fail read rsabuf: n=%d len=%d\n", n, len); + exit(1); + } + len += n; + } + if (len != SECUREVNC_RSA_PUBKEY_SIZE) { + fprintf(stderr, "securevnc_setup: fail final read rsabuf: n=%d len=%d\n", n, len); + exit(1); + } + fprintf(stderr, "securevnc_setup: rsa data read len: %d\n", len); + memcpy(rsasav, rsabuf, SECUREVNC_RSA_PUBKEY_SIZE); + + fprintf(stderr, "securevnc_setup: RSA key has MD5 sum: %s\n", rsa_md5_sum(rsabuf)); + fprintf(stderr, "securevnc_setup:\n"); + fprintf(stderr, "securevnc_setup: One way to print out the SecureVNC Server key MD5 sum is:\n\n"); + fprintf(stderr, "openssl rsa -inform DER -outform DER -pubout -in ./Server_SecureVNC.pkey | dd bs=1 skip=24 | md5sum\n\n"); + if (securevnc_file == NULL) { + fprintf(stderr, "securevnc_setup:\n"); + fprintf(stderr, "securevnc_setup: ** WARNING: ULTRAVNC SERVER RSA KEY NOT VERIFIED. **\n"); + fprintf(stderr, "securevnc_setup: ** WARNING: A MAN-IN-THE-MIDDLE ATTACK IS POSSIBLE. **\n"); + fprintf(stderr, "securevnc_setup:\n"); + } else { + char *q = strrchr(securevnc_file, 'C'); + int skip = 0; + if (q) { + if (!strcmp(q, "ClientAuth.pkey")) { + client_auth = strdup(securevnc_file); + skip = 1; + } else if (!strcmp(q, "ClientAuth.pkey.rsa")) { + client_auth = strdup(securevnc_file); + q = strrchr(client_auth, '.'); + *q = '\0'; + } + } + if (!skip) { + rc = securevnc_check_server_rsa(securevnc_file, rsabuf); + } + if (skip) { + ; + } else if (rc == 0) { + fprintf(stderr, "securevnc_setup:\n"); + fprintf(stderr, "securevnc_setup: VERIFY_ERROR: SERVER RSA KEY DID NOT MATCH:\n"); + fprintf(stderr, "securevnc_setup: %s\n", securevnc_file); + fprintf(stderr, "securevnc_setup:\n"); + exit(1); + } else if (rc == -1) { + fprintf(stderr, "securevnc_setup: User cancelled the save and hence the connection.\n"); + fprintf(stderr, "securevnc_setup: %s\n", securevnc_file); + exit(1); + } else if (rc == 1) { + fprintf(stderr, "securevnc_setup: VERIFY SUCCESS: server rsa key matches the contents of:\n"); + fprintf(stderr, "securevnc_setup: %s\n", securevnc_file); + keystore_verified = 1; + } else if (rc == 2) { + fprintf(stderr, "securevnc_setup: Server rsa key stored in:\n"); + fprintf(stderr, "securevnc_setup: %s\n", securevnc_file); + keystore_verified = 2; + } + } + + /* + * read in the server flags. Note that SecureVNCPlugin sends these + * in little endian and not network order!! + */ + read(server, (char *) &b1, 1); + read(server, (char *) &b2, 1); + read(server, (char *) &b3, 1); + read(server, (char *) &b4, 1); + + server_flags = 0; + server_flags |= ((unsigned int) b4) << 24; + server_flags |= ((unsigned int) b3) << 16; + server_flags |= ((unsigned int) b2) << 8; + server_flags |= ((unsigned int) b1) << 0; + fprintf(stderr, "securevnc_setup: server_flags: 0x%08x\n", server_flags); + + /* check for arc4 usage: */ + if (server_flags & 0x1) { + fprintf(stderr, "securevnc_setup: server uses AES cipher.\n"); + } else { + fprintf(stderr, "securevnc_setup: server uses ARC4 cipher.\n"); + securevnc_arc4 = 1; + Cipher = EVP_rc4(); + } + + /* check for client auth signature requirement: */ + if (server_flags & (sig << 24)) { + fprintf(stderr, "securevnc_setup: server requires Client Auth signature.\n"); + client_auth_req = 1; + if (!client_auth) { + fprintf(stderr, "securevnc_setup: However, NO *ClientAuth.pkey keyfile was supplied on our\n"); + fprintf(stderr, "securevnc_setup: command line. Exiting.\n"); + exit(1); + } + } + + /* + * The first packet 'RFB 003.006' is obscured with key + * that is a sha1 hash of public key. So make this tmp key now: + * + */ + initkey = (unsigned char *) calloc(SECUREVNC_KEY_SIZE, 1); + EVP_BytesToKey(EVP_rc4(), EVP_sha1(), NULL, rsabuf, SECUREVNC_RSA_PUBKEY_SIZE, 1, initkey, NULL); + + /* expand the transported rsabuf into an rsa object */ + rsa = d2i_RSAPublicKey(NULL, (const unsigned char **) &rsabuf, SECUREVNC_RSA_PUBKEY_SIZE); + if (rsa == NULL) { + sslexit("securevnc_setup: failed to create rsa"); + } + + /* + * Back to the work involving the tmp obscuring key: + */ + EVP_CIPHER_CTX_init(&init_ctx); + rc = EVP_CipherInit_ex(&init_ctx, EVP_rc4(), NULL, initkey, NULL, 1); + if (rc == 0) { + sslexit("securevnc_setup: EVP_CipherInit_ex(init_ctx) failed"); + } + + /* for the first obscured packet, read what we can... */ + n = read(server, (char *) buf, BSIZE); + fprintf(stderr, "securevnc_setup: data read: %d\n", n); + if (n < 0) { + exit(1); + } + fprintf(stderr, "securevnc_setup: initial data[%d]: ", n); + + /* decode with the tmp key */ + if (n > 0) { + memset(to_viewer, 0, sizeof(to_viewer)); + if (EVP_CipherUpdate(&init_ctx, to_viewer, &len, buf, n) == 0) { + sslexit("securevnc_setup: EVP_CipherUpdate(init_ctx) failed"); + exit(1); + } + to_viewer_len = len; + } + EVP_CIPHER_CTX_cleanup(&init_ctx); + free(initkey); + + /* print what we would send to the viewer (sent below): */ + write(2, to_viewer, 12); /* and first 12 bytes 'RFB ...' as message */ + + /* now create the random session key: */ + encrypted_keybuf = (unsigned char*) calloc(RSA_size(rsa), 1); + + fprintf(stderr, "securevnc_setup: creating random session key: %d/%d\n", + SECUREVNC_KEY_SIZE, SECUREVNC_RAND_KEY_SOURCE); + keydata_len = SECUREVNC_RAND_KEY_SOURCE; + + rc = RAND_bytes((unsigned char *)keydata, SECUREVNC_RAND_KEY_SOURCE); + if (rc <= 0) { + fprintf(stderr, "securevnc_setup: RAND_bytes() failed: %s\n", ERR_error_string(ERR_get_error(), NULL)); + rc = RAND_pseudo_bytes((unsigned char *)keydata, SECUREVNC_RAND_KEY_SOURCE); + fprintf(stderr, "securevnc_setup: RAND_pseudo_bytes() rc=%d\n", rc); + if (getenv("RANDSTR")) { + char *s = getenv("RANDSTR"); + fprintf(stderr, "securevnc_setup: seeding with RANDSTR len=%d\n", strlen(s)); + RAND_add(s, strlen(s), strlen(s)); + } + } + + /* N.B. this will be repeated in enc_xfer() setup. */ + EVP_BytesToKey(Cipher, Digest, NULL, (unsigned char *) keydata, keydata_len, 1, keystr, NULL); + + /* encrypt the session key with the server's public rsa key: */ + n = RSA_public_encrypt(SECUREVNC_KEY_SIZE, keystr, encrypted_keybuf, rsa, RSA_PKCS1_PADDING); + if (n == -1) { + sslexit("securevnc_setup: RSA_public_encrypt() failed"); + exit(1); + } + fprintf(stderr, "securevnc_setup: encrypted session key size: %d. sending to server.\n", n); + + /* send it to the server: */ + write(server, encrypted_keybuf, n); + free(encrypted_keybuf); + + /* + * Reply back with flags indicating cipher (same as one sent to + * us) and we do not want client-side auth. + * + * We send it out on the wire in little endian order: + */ + if (securevnc_arc4) { + write(server, (char *)&zero, 1); + } else { + write(server, (char *)&one, 1); + } + write(server, (char *)&zero, 1); + write(server, (char *)&zero, 1); + if (client_auth_req) { + write(server, (char *)&sig, 1); + } else { + write(server, (char *)&zero, 1); + } + + if (client_auth_req && client_auth) { + RSA *client_rsa = load_client_auth(client_auth); + EVP_MD_CTX dctx; + unsigned char digest[EVP_MAX_MD_SIZE], *signature; + unsigned int ndig = 0, nsig = 0; + + if (0) { + /* for testing only, use the wrong RSA key: */ + client_rsa = RSA_generate_key(2048, 0x10001, NULL, NULL); + } + + if (client_rsa == NULL) { + fprintf(stderr, "securevnc_setup: problem reading rsa key from '%s'\n", client_auth); + exit(1); + } + + EVP_DigestInit(&dctx, EVP_sha1()); + EVP_DigestUpdate(&dctx, keystr, SECUREVNC_KEY_SIZE); + /* + * Without something like the following MITM is still possible. + * This is because the MITM knows keystr and can use it with + * the server connection as well, and then he just forwards our + * signed digest. The additional information below would be the + * MITM's rsa public key, and so the real VNC server will notice + * the difference. And MITM can't sign keystr+server_rsa.pub since + * he doesn't have Viewer_ClientAuth.pkey. + */ + if (0) { + EVP_DigestUpdate(&dctx, rsasav, SECUREVNC_RSA_PUBKEY_SIZE); + if (!keystore_verified) { + fprintf(stderr, "securevnc_setup:\n"); + fprintf(stderr, "securevnc_setup: Warning: even *WITH* Client Authentication in SecureVNC,\n"); + fprintf(stderr, "securevnc_setup: an attacker may be able to trick you into connecting to his\n"); + fprintf(stderr, "securevnc_setup: fake VNC server and supplying VNC or Windows passwords, etc.\n"); + fprintf(stderr, "securevnc_setup: To increase security manually verify the Server RSA key's MD5\n"); + fprintf(stderr, "securevnc_setup: checksum and then have SSVNC save the key in its keystore to\n"); + fprintf(stderr, "securevnc_setup: be used to verify the server in subsequent connections.\n"); + fprintf(stderr, "securevnc_setup:\n"); + } + } else { + if (!keystore_verified) { + fprintf(stderr, "securevnc_setup:\n"); + fprintf(stderr, "securevnc_setup: WARNING: THE FIRST VERSION OF THE SECUREVNC PROTOCOL IS\n"); + fprintf(stderr, "securevnc_setup: WARNING: BEING USED. *EVEN* WITH CLIENT AUTHENTICATION IT\n"); + fprintf(stderr, "securevnc_setup: WARNING: IS SUSCEPTIBLE TO A MAN-IN-THE-MIDDLE ATTACK.\n"); + fprintf(stderr, "securevnc_setup: To increase security manually verify the Server RSA key's MD5\n"); + fprintf(stderr, "securevnc_setup: checksum and then have SSVNC save the key in its keystore to\n"); + fprintf(stderr, "securevnc_setup: be used to verify the server in subsequent connections.\n"); + fprintf(stderr, "securevnc_setup:\n"); + } + } + EVP_DigestFinal(&dctx, (unsigned char *)digest, &ndig); + + signature = (unsigned char *) calloc(RSA_size(client_rsa), 1); + RSA_sign(NID_sha1, digest, ndig, signature, &nsig, client_rsa); + + fprintf(stderr, "securevnc_setup: sending ClientAuth.pkey signed data: %d\n", nsig); + write(server, signature, nsig); + free(signature); + + RSA_free(client_rsa); + } + + fprintf(stderr, "securevnc_setup: done.\n"); + + /* now send the 'RFB ...' to the viewer */ + if (to_viewer_len > 0) { + write(viewer, to_viewer, to_viewer_len); + } +} /* * Listens on incoming port for a client, then connects to remote server. * Then forks into two processes one is the encrypter the other the @@ -931,6 +1474,10 @@ static void enc_connections(int listen_port, char *connect_host, int connect_por use_input_fds: + if (securevnc) { + securevnc_setup(conn1, conn2); + } + /* fork into two processes; one for each direction: */ parent = getpid(); @@ -960,7 +1507,7 @@ extern int main (int argc, char *argv[]) { char *kf, *q; if (argc < 4) { - fprintf(stderr, "%s\n", usage); + fprintf(stdout, "%s\n", usage); exit(1); } diff --git a/x11vnc/help.c b/x11vnc/help.c index fadcf32..4b81efe 100644 --- a/x11vnc/help.c +++ b/x11vnc/help.c @@ -114,6 +114,10 @@ void print_help(int mode) { " before startup. Same as -xauth file. See Xsecurity(7),\n" " xauth(1) man pages for more info.\n" "\n" +" Use '-auth guess' to have x11vnc use its -findauth\n" +" mechanism (described below) to try to guess the\n" +" XAUTHORITY filename and use it.\n" +"\n" "-N If the X display is :N, try to set the VNC display to\n" " also be :N This just sets the -rfbport option to 5900+N\n" " The program will exit immediately if that port is not\n" @@ -137,6 +141,14 @@ void print_help(int mode) { " X session. Note: the reopened state may be unstable.\n" " Set X11VNC_REOPEN_DISPLAY=n to reopen n times.\n" "\n" +" Update: as of 0.9.9, x11vnc tries to automatically avoid\n" +" being killed by the display manager by delaying creating\n" +" windows or using XFIXES. So you shouldn't need to use\n" +" KillInitClients=false as long as you log in quickly\n" +" enough (within 45 seconds of connecting.) You can\n" +" disable this by setting X11VNC_AVOID_WINDOWS=never.\n" +" You can also set it to the number of seconds to delay.\n" +"\n" "-reflect host:N Instead of connecting to and polling an X display,\n" " connect to the remote VNC server host:N and be a\n" " reflector/repeater for it. This is useful for trying\n" @@ -413,6 +425,18 @@ void print_help(int mode) { "-timeout n Exit unless a client connects within the first n seconds\n" " after startup.\n" "\n" +" If there have been no connection attempts after n\n" +" seconds x11vnc exits immediately. If a client is\n" +" trying to connect but has not progressed to the normal\n" +" operating state, x11vnc gives it a few more seconds\n" +" to finish and exits if it does not make it to the\n" +" normal state.\n" +"\n" +" For reverse connections via -connect or -connect_or_exit\n" +" a timeout of n seconds will be set for all reverse\n" +" connects. If the connect timeout alarm goes off,\n" +" x11vnc will exit immediately.\n" +"\n" "-sleepin n At startup sleep n seconds before proceeding (e.g. to\n" " allow redirs and listening clients to start up)\n" "\n" @@ -1025,6 +1049,18 @@ void print_help(int mode) { " (i.e. all the X displays on the local machine that you\n" " have access rights to).\n" "\n" +"-findauth [disp] Apply the -find/-finddpy heuristics to try to guess the\n" +" XAUTHORITY file for DISPLAY 'disp'. If 'disp' is not\n" +" supplied, then the value in the -display earlier in\n" +" the cmdline is used; failing that $DISPLAY is used;\n" +" and failing that \":0\" is used.\n" +"\n" +" If nothing is printed out, that means no XAUTHORITY was\n" +" found for 'disp'. If \"XAUTHORITY=\" is printed out,\n" +" that means use the default (i.e. do not set XAUTHORITY).\n" +" If \"XAUTHORITY=/path/to/file\" is printed out, then\n" +" use that file.\n" +"\n" "-create First try to find the user's display using FINDDISPLAY,\n" " if that doesn't succeed create an X session via the\n" " FINDCREATEDISPLAY method. This is an alias for\n" @@ -1106,6 +1142,10 @@ void print_help(int mode) { " in before the user hits Escape. The username is ignored\n" " but the colon options are not.\n" "\n" +" The default message is 2 lines in a small font, set\n" +" the env. var. X11VNC_SYSTEM_GREETER1=true for a 1 line\n" +" message in a larger font.\n" +"\n" " If the user pressed Escape the FINDCREATEDISPLAY command\n" " will be run with the env. var. X11VNC_XDM_ONLY=1.\n" "\n" @@ -2592,6 +2632,8 @@ void print_help(int mode) { " force it by prefixing color with \"gnome:\", \"kde:\",\n" " \"cde:\", \"xfce:\", or \"root:\".\n" "\n" +" Update: -solid no longer works on KDE4.\n" +"\n" " This mode works in a limited way on the Mac OS X Console\n" " with one color ('kelp') using the screensaver writing\n" " to the background. Look in \"~/Library/Screen Savers\"\n" @@ -3043,6 +3085,15 @@ void print_help(int mode) { "\n" "-noxfixes Do not use the XFIXES extension to draw the exact cursor\n" " shape even if it is available.\n" +"\n" +" Note: To work around a crash in Xorg 1.5 and later\n" +" some people needed to use -noxfixes. The Xorg crash\n" +" occurred right after a Display Manager (e.g. GDM) login.\n" +" Starting with x11vnc 0.9.9 it tries to automatically\n" +" avoid using XFIXES until it is sure a window manager\n" +" is running. See the -reopen option for more info and\n" +" how to use X11VNC_AVOID_WINDOWS=never to disable it.\n" +"\n" "-alphacut n When using the XFIXES extension for the cursor shape,\n" " cursors with transparency will not usually be displayed\n" " exactly (but opaque ones will). This option sets n as\n" @@ -5099,9 +5150,9 @@ void print_help(int mode) { " macnoresize macresize nomacnoresize maciconanim macmenu\n" " macnomenu nomacmenu macuskbd nomacuskbd noremote\n" "\n" -" aro= noop display vncdisplay autoport loop loopbg\n" -" desktopname guess_desktop guess_dbus http_url\n" -" auth xauth users rootshift clipshift scale_str\n" +" aro= noop display vncdisplay icon_mode autoport\n" +" loop loopbg desktopname guess_desktop guess_dbus\n" +" http_url auth xauth users rootshift clipshift scale_str\n" " scaled_x scaled_y scale_numer scale_denom scale_fac_x\n" " scale_fac_y scaling_blend scaling_nomult4 scaling_pad\n" " scaling_interpolate inetd privremote unsafe safer\n" @@ -5218,7 +5269,7 @@ void print_help(int mode) { " stunnel, ssl, unixpw, WAIT, zeroconf, id, accept,\n" " afteraccept, gone, pipeinput, v4l-info, rawfb-setup,\n" " dt, gui, ssh, storepasswd, passwdfile, custom_passwd,\n" -" crash.\n" +" findauth, crash.\n" "\n" " See each option's help to learn the associated external\n" " command. Note that the -nocmds option takes precedence\n" diff --git a/x11vnc/remote.c b/x11vnc/remote.c index 3c6b42d..6d4e48a 100644 --- a/x11vnc/remote.c +++ b/x11vnc/remote.c @@ -787,7 +787,7 @@ char *process_remote_cmd(char *cmd, int stringonly) { while (fgets(tmp, 1024, f) != NULL) { char *c = strchr(tmp, '#'); if (c) *c = '\0'; - if (strlen(p) + strlen(tmp) > sbuf.st_size) { + if (strlen(p) + strlen(tmp) > (size_t) sbuf.st_size) { break; } strcat(p, tmp); @@ -5548,6 +5548,10 @@ char *process_remote_cmd(char *cmd, int stringonly) { NONUL(vnc_desktop_name)); goto qry; } + if (!strcmp(p, "icon_mode")) { + snprintf(buf, bufn, "aro=%s:%d", p, icon_mode); + goto qry; + } if (!strcmp(p, "autoport")) { snprintf(buf, bufn, "aro=%s:%d", p, auto_port); goto qry; diff --git a/x11vnc/screen.c b/x11vnc/screen.c index 6a9a5fe..66dd3f5 100644 --- a/x11vnc/screen.c +++ b/x11vnc/screen.c @@ -649,6 +649,7 @@ void set_raw_fb_params(int restore) { if (! dpy && raw_fb_orig_dpy) { dpy = XOpenDisplay_wr(raw_fb_orig_dpy); + last_open_xdisplay = time(NULL); if (dpy) { if (! quiet) rfbLog("reopened DISPLAY: %s\n", raw_fb_orig_dpy); @@ -1366,7 +1367,7 @@ void linux_dev_fb_msg(char* q) { #define RAWFB_SHM 3 XImage *initialize_raw_fb(int reset) { - char *str, *q; + char *str, *rstr, *q; int w, h, b, shmid = 0; unsigned long rm = 0, gm = 0, bm = 0, tm; static XImage ximage_struct; /* n.b.: not (XImage *) */ @@ -1453,22 +1454,32 @@ if (db) fprintf(stderr, "initialize_raw_fb reset\n"); return NULL; } + if (raw_fb_str[0] == '+') { + rstr = strdup(raw_fb_str+1); + closedpy = 0; + if (! window) { + window = rootwin; + } + } else { + rstr = strdup(raw_fb_str); + } + /* testing aliases */ - if (!strcasecmp(raw_fb_str, "NULL") || !strcasecmp(raw_fb_str, "ZERO") - || !strcasecmp(raw_fb_str, "NONE")) { - raw_fb_str = strdup("map:/dev/zero@640x480x32"); - } else if (!strcasecmp(raw_fb_str, "NULLBIG") || !strcasecmp(raw_fb_str, "NONEBIG")) { - raw_fb_str = strdup("map:/dev/zero@1024x768x32"); - } - if (!strcasecmp(raw_fb_str, "RAND")) { - raw_fb_str = strdup("file:/dev/urandom@128x128x16"); - } else if (!strcasecmp(raw_fb_str, "RANDBIG")) { - raw_fb_str = strdup("file:/dev/urandom@640x480x16"); - } else if (!strcasecmp(raw_fb_str, "RANDHUGE")) { - raw_fb_str = strdup("file:/dev/urandom@1024x768x16"); - } - if (strstr(raw_fb_str, "solid=") == raw_fb_str) { - char *n = raw_fb_str + strlen("solid="); + if (!strcasecmp(rstr, "NULL") || !strcasecmp(rstr, "ZERO") + || !strcasecmp(rstr, "NONE")) { + rstr = strdup("map:/dev/zero@640x480x32"); + } else if (!strcasecmp(rstr, "NULLBIG") || !strcasecmp(rstr, "NONEBIG")) { + rstr = strdup("map:/dev/zero@1024x768x32"); + } + if (!strcasecmp(rstr, "RAND")) { + rstr = strdup("file:/dev/urandom@128x128x16"); + } else if (!strcasecmp(rstr, "RANDBIG")) { + rstr = strdup("file:/dev/urandom@640x480x16"); + } else if (!strcasecmp(rstr, "RANDHUGE")) { + rstr = strdup("file:/dev/urandom@1024x768x16"); + } + if (strstr(rstr, "solid=") == rstr) { + char *n = rstr + strlen("solid="); char tmp[] = "/tmp/solid.XXXXXX"; char str[100]; unsigned int vals[1024], val; @@ -1495,8 +1506,8 @@ if (db) fprintf(stderr, "initialize_raw_fb reset\n"); fd = open(tmp, O_WRONLY); unlink_me = strdup(tmp); sprintf(str, "map:%s@%dx%dx32", tmp, w, h); - raw_fb_str = strdup(str); - } else if (strstr(raw_fb_str, "swirl") == raw_fb_str) { + rstr = strdup(str); + } else if (strstr(rstr, "swirl") == rstr) { char tmp[] = "/tmp/solid.XXXXXX"; char str[100]; unsigned int val[1024]; @@ -1517,11 +1528,11 @@ if (db) fprintf(stderr, "initialize_raw_fb reset\n"); fd = open(tmp, O_WRONLY); unlink_me = strdup(tmp); sprintf(str, "map:%s@%dx%dx32", tmp, w, h); - raw_fb_str = strdup(str); + rstr = strdup(str); } - if ( (q = strstr(raw_fb_str, "setup:")) == raw_fb_str) { + if ( (q = strstr(rstr, "setup:")) == rstr) { FILE *pipe; char line[1024], *t; @@ -1563,16 +1574,7 @@ if (db) fprintf(stderr, "initialize_raw_fb reset\n"); rfbLog("setup command returned: %s\n", str); } else { - str = strdup(raw_fb_str); - } - if (str[0] == '+') { - char *t = strdup(str+1); - free(str); - str = t; - closedpy = 0; - if (! window) { - window = rootwin; - } + str = strdup(rstr); } raw_fb_shm = 0; @@ -2368,17 +2370,26 @@ if (0) fprintf(stderr, "DefaultDepth: %d visial_id: %d\n", depth, (int) visual_ again: if (subwin) { - int shift = 0; + int shift = 0, resize = 0; int subwin_x, subwin_y; int disp_x = DisplayWidth(dpy, scr); int disp_y = DisplayHeight(dpy, scr); Window twin; /* subwins can be a dicey if they are changing size... */ trapped_xerror = 0; - old_handler = XSetErrorHandler(trap_xerror); + old_handler = XSetErrorHandler(trap_xerror); /* reset in if(subwin) block below */ XTranslateCoordinates(dpy, window, rootwin, 0, 0, &subwin_x, &subwin_y, &twin); + if (wdpy_x > disp_x) { + resize = 1; + dpy_x = wdpy_x = disp_x - 4; + } + if (wdpy_y > disp_y) { + resize = 1; + dpy_y = wdpy_y = disp_y - 4; + } + if (subwin_x + wdpy_x > disp_x) { shift = 1; subwin_x = disp_x - wdpy_x - 3; @@ -2396,12 +2407,17 @@ if (0) fprintf(stderr, "DefaultDepth: %d visial_id: %d\n", depth, (int) visual_ subwin_y = 1; } + if (resize) { + XResizeWindow(dpy, window, wdpy_x, wdpy_y); + } if (shift) { XMoveWindow(dpy, window, subwin_x, subwin_y); + off_x = subwin_x; + off_y = subwin_y; } XMapRaised(dpy, window); XRaiseWindow(dpy, window); - XFlush_wr(dpy); + XSync(dpy, False); } try++; @@ -4131,15 +4147,25 @@ void watch_loop(void) { } } - if (! screen || ! screen->clientHead) { - /* waiting for a client */ - if (first_conn_timeout) { + if (first_conn_timeout) { + int t = first_conn_timeout; + if (!clients_served) { if (time(NULL) - start > first_conn_timeout) { - rfbLog("No client after %d secs.\n", - first_conn_timeout); + rfbLog("No client after %d secs.\n", t); shut_down = 1; } + } else { + if (!client_normal_count) { + if (time(NULL) - start > t + 3) { + rfbLog("No valid client after %d secs.\n", t + 3); + shut_down = 1; + } + } } + } + + if (! screen || ! screen->clientHead) { + /* waiting for a client */ usleep(200 * 1000); continue; } diff --git a/x11vnc/selection.c b/x11vnc/selection.c index 0df29eb..9d96cd9 100644 --- a/x11vnc/selection.c +++ b/x11vnc/selection.c @@ -49,7 +49,7 @@ int own_clipboard = 0; /* whether we currently own CLIPBOARD or not */ int set_clipboard = 1; int set_cutbuffer = 0; /* to avoid bouncing the CutText right back */ int sel_waittime = 15; /* some seconds to skip before first send */ -Window selwin; /* special window for our selection */ +Window selwin = None; /* special window for our selection */ Atom clipboard_atom = None; /* diff --git a/x11vnc/solid.c b/x11vnc/solid.c index 916566a..a171b89 100644 --- a/x11vnc/solid.c +++ b/x11vnc/solid.c @@ -565,8 +565,9 @@ char *dbus_session(void) { return ""; #else { - Atom dbus_prop; + Atom dbus_prop, dbus_pid; Window r, w, *children; + int sbest = -1; unsigned int ui; int rc, i; @@ -574,6 +575,7 @@ char *dbus_session(void) { X_LOCK; dbus_prop = XInternAtom(dpy, "_DBUS_SESSION_BUS_ADDRESS", True); + dbus_pid = XInternAtom(dpy, "_DBUS_SESSION_BUS_PID", True); X_UNLOCK; if (dbus_prop == None) { return ""; @@ -596,16 +598,43 @@ char *dbus_session(void) { if (!rc || children == NULL || ui == 0) { return ""; } - for (i=0; i < ui; i++) { + for (i=0; i < (int) ui; i++) { + int pid = -1; + X_LOCK; memset(tmp, 0, sizeof(tmp)); get_prop(tmp, sizeof(tmp)-1, dbus_prop, children[i]); + if (dbus_pid != None) { + Atom atype; + int aformat; + unsigned long nitems, bafter; + unsigned char *prop; + if (XGetWindowProperty(dpy, children[i], dbus_pid, + 0, 1, False, XA_CARDINAL, &atype, &aformat, + &nitems, &bafter, &prop) == Success + && atype == XA_CARDINAL) { + pid = *((int *) prop); + XFree_wr(prop); + } + } X_UNLOCK; - if (strcmp(tmp, "")) { - if (!strchr(tmp, '\'')) { + if (strcmp(tmp, "") && !strchr(tmp, '\'')) { + int score = 0; + if (1 < pid && pid < 10000000) { + struct stat sb; + char procfile[32]; + + sprintf(procfile, "/proc/%d", pid); + if (stat(procfile, &sb) == 0) { + score += 10000000; + } + score += pid; + } + if (getenv("X11VNC_DBUS_DEBUG")) fprintf(stderr, "win: 0x%lx pid: %8d score: %8d str: %s\n", children[i], pid, score, tmp); + if (score > sbest) { sprintf(_dbus_str, "env DBUS_SESSION_BUS_ADDRESS='%s'", tmp); - break; + sbest = score; } } } @@ -757,10 +786,10 @@ static void solid_xfce(char *color) { if (! color) { if (! orig_image_show) { - orig_image_show = strdup("true"); + orig_image_show = "true"; } if (! orig_color_style) { - orig_color_style = strdup("0"); + orig_color_style = "0"; } if (strstr(orig_image_show, "'") != NULL) { rfbLog("invalid image show: %s\n", orig_image_show); @@ -770,51 +799,65 @@ static void solid_xfce(char *color) { rfbLog("invalid color style: %s\n", orig_color_style); return; } - cmd = (char *) malloc(strlen(set_image_show) - 2 + strlen(orig_image_show) + strlen(dbus) + 1); - sprintf(cmd, set_image_show, dbus, orig_image_show); - dt_cmd(cmd); - free(cmd); - cmd = (char *) malloc(strlen(set_color_style) - 2 + strlen(orig_color_style) + strlen(dbus) + 1); - sprintf(cmd, set_color_style, dbus, orig_color_style); - dt_cmd(cmd); - free(cmd); + if (orig_image_show[0] != '\0') { + cmd = (char *) malloc(strlen(set_image_show) - 2 + strlen(orig_image_show) + strlen(dbus) + 1); + sprintf(cmd, set_image_show, dbus, orig_image_show); + dt_cmd(cmd); + free(cmd); + } + if (orig_color_style[0] != '\0') { + cmd = (char *) malloc(strlen(set_color_style) - 2 + strlen(orig_color_style) + strlen(dbus) + 1); + sprintf(cmd, set_color_style, dbus, orig_color_style); + dt_cmd(cmd); + free(cmd); + } return; } if (! orig_image_show) { char *q; + orig_image_show = ""; if (cmd_ok("dt")) { cmd = (char *) malloc(strlen(get_image_show) + strlen(dbus) + 1); sprintf(cmd, get_image_show, dbus); orig_image_show = strdup(cmd_output(cmd)); + if ((q = strrchr(orig_image_show, '\n')) != NULL) { + *q = '\0'; + } + fprintf(stderr, "get_image_show returned: '%s'\n\n", orig_image_show); free(cmd); - } - if (*orig_image_show == '\0') { - orig_image_show = strdup("true"); - } - if ((q = strchr(orig_image_show, '\n')) != NULL) { - *q = '\0'; + if (strcasecmp(orig_image_show, "false") && strcasecmp(orig_image_show, "true")) { + fprintf(stderr, "unrecognized image_show, disabling.\n"); + free(orig_image_show); + orig_image_show = ""; + } } } if (! orig_color_style) { char *q; + orig_color_style = ""; if (cmd_ok("dt")) { cmd = (char *) malloc(strlen(get_color_style) + strlen(dbus) + 1); sprintf(cmd, get_color_style, dbus); orig_color_style = strdup(cmd_output(cmd)); + if ((q = strrchr(orig_color_style, '\n')) != NULL) { + *q = '\0'; + } + fprintf(stderr, "get_color_style returned: '%s'\n\n", orig_color_style); free(cmd); - } - if (*orig_color_style == '\0') { - orig_color_style = strdup("0"); - } - if ((q = strchr(orig_color_style, '\n')) != NULL) { - *q = '\0'; + if (strlen(orig_color_style) > 1 || !isdigit((unsigned char) (*orig_color_style))) { + fprintf(stderr, "unrecognized color_style, disabling.\n"); + free(orig_color_style); + orig_color_style = ""; + } } } + if (strstr(color, "'") != NULL) { rfbLog("invalid color: %s\n", color); return; } + cmd = (char *) malloc(strlen(set_color_style) + strlen("0") + strlen(dbus) + 1); sprintf(cmd, set_color_style, dbus, "0"); dt_cmd(cmd); diff --git a/x11vnc/ssltools.h b/x11vnc/ssltools.h index 6635bdf..a454772 100644 --- a/x11vnc/ssltools.h +++ b/x11vnc/ssltools.h @@ -802,6 +802,9 @@ char find_display[] = " showxauth=\"\"\n" " shift\n" "fi\n" +"if [ \"X$FIND_DISPLAY_NO_SHOW_XAUTH\" != \"X\" ]; then\n" +" showxauth=\"\"\n" +"fi\n" "\n" "# -f means use this xauthority file:\n" "if [ \"X$1\" = \"X-f\" ]; then\n" @@ -946,6 +949,9 @@ char find_display[] = "\n" "skip_display() {\n" " dtry=$1\n" +" dtry1=`echo \"$dtry\" | sed -e 's/^://'`\n" +" dtry2=`echo \"$dtry\" | sed -e 's/\\.[0-9][0-9]*$//'`\n" +"\n" " if [ \"X$X11VNC_SKIP_DISPLAY\" = \"X\" ]; then\n" " # no skip list, return display:\n" " echo \"$dtry\"\n" @@ -987,15 +993,26 @@ char find_display[] = " else\n" " skip=\":$skip\"\n" " fi\n" -" if echo \"$skip\" | grep \":$dtry\\>\" > /dev/null; then\n" +" if echo \"$skip\" | grep \":$dtry1\\>\" > /dev/null; then\n" +" mat=1\n" +" break\n" +" elif echo \"$skip\" | grep \":$dtry2\\>\" > /dev/null; then\n" " mat=1\n" " break\n" " fi\n" " done\n" -" if [ \"X$mat\" = \"X1\" ]; then\n" -" echo \"\"\n" +" if [ \"X$X11VNC_SKIP_DISPLAY_NEGATE\" = \"X\" ]; then\n" +" if [ \"X$mat\" = \"X1\" ]; then\n" +" echo \"\"\n" +" else\n" +" echo \"$dtry\"\n" +" fi\n" " else\n" -" echo \"$dtry\"\n" +" if [ \"X$mat\" = \"X1\" ]; then\n" +" echo \"$dtry\"\n" +" else\n" +" echo \"\"\n" +" fi\n" " fi\n" " fi\n" "}\n" @@ -1327,7 +1344,9 @@ char find_display[] = "# append ,VT=n if applicable:\n" "dpy2=`prdpy \"$display\"`\n" "\n" -"echo \"DISPLAY=$dpy2\"\n" +"if [ \"X$FIND_DISPLAY_NO_SHOW_DISPLAY\" = \"X\" ]; then\n" +" echo \"DISPLAY=$dpy2\"\n" +"fi\n" "if [ \"X$FIND_DISPLAY_XAUTHORITY_PATH\" != \"X\" ]; then\n" " # caller wants XAUTHORITY printed out too.\n" " if [ \"X$xauth_use\" != \"X\" -a -f \"$xauth_use\" ]; then\n" diff --git a/x11vnc/tkx11vnc b/x11vnc/tkx11vnc index d34bf94..9806f84 100755 --- a/x11vnc/tkx11vnc +++ b/x11vnc/tkx11vnc @@ -2721,6 +2721,7 @@ proc copy_default_vars {} { proc update_menu_vars {{query ""}} { global all_settings menu_var query_result_list + global x11vnc_icon_mode set debug [in_debug_mode] @@ -2734,6 +2735,14 @@ proc update_menu_vars {{query ""}} { foreach piece $query_result_list { #puts stderr "UMV: $piece" + if [regexp {icon_mode:0} $piece] { + set x11vnc_icon_mode 0 + #puts stderr "x11vnc_icon_mode: $x11vnc_icon_mode" + } + if [regexp {icon_mode:1} $piece] { + set x11vnc_icon_mode 1 + #puts stderr "x11vnc_icon_mode: $x11vnc_icon_mode" + } if {[regexp {^([^:][^:]*):(.*)$} $piece m0 item val]} { if {[info exists menu_var($item)]} { set old $menu_var($item) @@ -4319,7 +4328,7 @@ proc props_apply {} { } proc props_advanced {} { - global icon_mode icon_win props_win full_win + global icon_mode props_win full_win global props_advanced_first if ![info exists props_advanced_first] { @@ -4337,6 +4346,7 @@ proc props_advanced {} { set w $full_win wm minsize $w [winfo width $w] [winfo height $w] } + push_new_value "remote-cmd" "remote-cmd" "Q:clients" 1 } proc do_props {} { @@ -4475,17 +4485,20 @@ proc do_props {} { } set props_buttons [list] - set w .props - catch {destroy $w} - toplevel $w - wm title $w "x11vnc Properties" + set wp .props + set w $wp + catch {destroy $wp} + toplevel $wp + wm title $wp "x11vnc Properties" + frame $w.lf + set w $w.lf set b1 "$w.buttons1" frame $b1 - button $b1.ok -text OK -command "if {\[props_apply\]} {destroy $w}" -font $bfont - button $b1.cancel -text Cancel -command "destroy $w" -font $bfont + button $b1.ok -text OK -command "if {\[props_apply\]} {destroy $wp}" -font $bfont + button $b1.cancel -text Cancel -command "destroy $wp" -font $bfont button $b1.apply -text Apply -command "props_apply" -font $bfont - bind $w <KeyPress-Escape> "destroy $w" + bind $w <KeyPress-Escape> "destroy $wp" pack $b1.ok $b1.cancel $b1.apply -side left -expand 0 lappend props_buttons $b1.apply $b1.cancel $b1.ok @@ -4494,7 +4507,7 @@ proc do_props {} { frame $b2 button $b2.advanced -text " Advanced ... " \ - -command "destroy $w; props_advanced" -font $bfont + -command "destroy $wp; props_advanced" -font $bfont if {! $icon_noadvanced} { lappend props_buttons $b2.advanced pack $b2.advanced -side left -expand 0 @@ -4516,6 +4529,17 @@ proc do_props {} { entry $pw.e -show "*" -textvariable props_passwd -font $bfont pack $pw.e -fill x -expand 1 -padx 1m -pady $pady -side top + global x11vnc_icon_mode + if {! $x11vnc_icon_mode} { + catch { $pw.e configure -state disabled} + if {! $have_labelframes} { + catch { $pw.l configure -state disabled} + } + } else { + lappend props_buttons $pw.e + } + + set vp "$w.viewpw" if {$have_labelframes} { labelframe $vp -text "ViewOnly Password" -font $bfont @@ -4528,8 +4552,14 @@ proc do_props {} { entry $vp.e -show "*" -textvariable props_viewpasswd -font $bfont pack $vp.e -fill x -expand 1 -padx 1m -pady $pady -side top - - lappend props_buttons $vp.e + if {! $x11vnc_icon_mode} { + catch { $vp.e configure -state disabled} + if {! $have_labelframes} { + catch { $vp.l configure -state disabled} + } + } else { + lappend props_buttons $vp.e + } if {! $icon_mode_at_startup} { $vp.e configure -state disabled @@ -4542,8 +4572,6 @@ proc do_props {} { catch {$pw configure -foreground grey60} } - lappend props_buttons $pw.e - set sb "$w.solid" frame $sb checkbutton $sb.button -text "Solid Background Color" \ @@ -4604,17 +4632,21 @@ proc do_props {} { set show_props_instructions 1 } - wm withdraw $w + wm withdraw .props + + set wl $w + + pack $wl -side left if {$msg != ""} { set tw [textwidth $msg] set th [textheight $msg] set th [expr $th - 1] - set ms "$w.msg" + set ms ".props.msg" text $ms -font $ffont -relief ridge -width $tw -height $th $ms insert 1.0 $msg - set si "$w.instructions" + set si "$wl.instructions" frame $si checkbutton $si.button -text "Show Instructions" \ -variable show_props_instructions -anchor w -font $bfont \ @@ -4624,15 +4656,17 @@ proc do_props {} { pack $si -side bottom -fill x -pady 0m -padx $px if {$show_props_instructions} { - pack $ms -side bottom -fill x -pady $pady -padx $px + pack $ms -side left -fill both } update } + lappend props_buttons $ac.button $cf.button $vo.button $sh.button $zc.button $jv.button $sb.button + set w .props update wm resizable $w 1 0 center_win $w @@ -4647,7 +4681,7 @@ proc do_props {} { proc toggle_instructions {ms pady px} { global show_props_instructions if {$show_props_instructions} { - pack $ms -side bottom -fill x -pady $pady -padx $px + pack $ms -side left -fill both } else { pack forget $ms } @@ -4898,6 +4932,13 @@ proc show_client_balloon {} { if {$client_balloon == ""} { set client_balloon $noinfo } + if {! [info exists icon_win]} { + return + } elseif {$icon_win == ""} { + return + } elseif {! [winfo exists $icon_win]} { + return + } set x [expr [winfo rootx $icon_win] + ([winfo width $icon_win]/2)] set y [expr [winfo rooty $icon_win] + [winfo height $icon_win] + 4] @@ -4946,10 +4987,11 @@ proc kill_client_balloon {} { proc icon_win_cfg {clients} { global icon_win client_tail client_sock client_info_read - if {![info exists icon_win]} { + if {! [info exists icon_win]} { return - } - if {$icon_win == ""} { + } elseif {$icon_win == ""} { + return + } elseif {! [winfo exists $icon_win]} { return } if {$clients > 0} { @@ -5109,6 +5151,14 @@ proc set_icon_label {} { global icon_win set lab [get_icon_label] + + if {! [info exists icon_win]} { + return + } elseif {$icon_win == ""} { + return + } elseif {! [winfo exists $icon_win]} { + return + } if {[info exists icon_win]} { $icon_win configure -text $lab @@ -6276,6 +6326,18 @@ proc run_remote_cmd_via_sock {opts} { if {$db} {puts stderr "run_remote_cmd_via_sock: \"$res\""} set res [string trim $res] + if [regexp {=clients:} $res] { + regsub {^.*=clients:} $res "" cres + regsub {,aro=.*$} $cres "" cres + regsub {,ans=.*$} $cres "" cres + if {$cres == "none"} { + set cres "" + } + update_clients_menu $cres + set client_str $cres + set_client_balloon $cres + } + if [regexp {^clients:} $res] { regsub {^clients:} $res "" tmp if {$tmp == "none"} { @@ -6663,7 +6725,6 @@ proc setup_client_sock {{enable 1}} { } proc setup_tray_embed {} { - global icon_win update set w [winfo width .] set h [winfo height .] @@ -6754,7 +6815,6 @@ proc restart_everything {gui_mode} { } proc undo_tray_embed {} { - global icon_win set wid [winfo id .] push_new_value "remote-cmd" "remote-cmd" "trayunembed:$wid" 0 } @@ -6782,7 +6842,7 @@ global bfont ffont sfont snfont old_labels have_labelframes global connected_to_x11vnc global cache_all_query_vars global last_query_all_time query_all_freq client_tail client_sock client_info_read -global icon_mode icon_mode_at_startup +global icon_mode icon_mode_at_startup x11vnc_icon_mode global tray_embed tray_running icon_setpasswd icon_embed_id global icon_noadvanced icon_minimal global make_gui_count text_area_str @@ -7052,6 +7112,7 @@ if {[info exists env(X11VNC_SIMPLE_GUI)]} { } set icon_mode 0 +set x11vnc_icon_mode 0 set tray_embed 0 set tray_running 0 @@ -7159,11 +7220,11 @@ proc check_setpasswd {} { set do_props_msg "" if {$icon_setpasswd} { set m "\n" - set m " Note the x11vnc icon in the system tray \n" + set m "${m} Note the x11vnc icon in the system tray.\n" set m "${m} This panel is its 'Properties' dialog.\n" set m "${m}\n" set m "${m} To specify a Session Password and to\n" - set m "${m} allow VNC clients to connect, follow\n" + set m "${m} allow VNC viewers to connect, follow\n" set m "${m} these steps:\n" set m "${m}\n" set m "${m} Enter a passwd in the Password field\n" @@ -7173,9 +7234,12 @@ proc check_setpasswd {} { set m "${m} Set 'Accept Connections' and then Press \n" set m "${m} 'Apply' to allow incoming connections.\n" set m "${m}\n" + set m "${m} No Viewer can connect until you do this.\n" + set m "${m}\n" set m "${m} The passwords are only for this x11vnc\n" set m "${m} session and are not saved. Run x11vnc\n" - set m "${m} manually for more control.\n" + set m "${m} manually for more control (e.g. -rfbauth \n" + set m "${m} for a saved password.)\n" set m "${m}\n" set m "${m} See 'Help' for details on each option.\n" @@ -7237,6 +7301,7 @@ if {$icon_mode} { dtime G old_balloon check_setpasswd + push_new_value "remote-cmd" "remote-cmd" "Q:clients" 1 } else { make_gui "full" dtime G diff --git a/x11vnc/tkx11vnc.h b/x11vnc/tkx11vnc.h index 8180fe2..54400a7 100644 --- a/x11vnc/tkx11vnc.h +++ b/x11vnc/tkx11vnc.h @@ -2732,6 +2732,7 @@ char gui_code[] = ""; "\n" "proc update_menu_vars {{query \"\"}} {\n" " global all_settings menu_var query_result_list\n" +" global x11vnc_icon_mode\n" "\n" " set debug [in_debug_mode]\n" "\n" @@ -2745,6 +2746,14 @@ char gui_code[] = ""; "\n" " foreach piece $query_result_list {\n" "#puts stderr \"UMV: $piece\"\n" +" if [regexp {icon_mode:0} $piece] {\n" +" set x11vnc_icon_mode 0\n" +" #puts stderr \"x11vnc_icon_mode: $x11vnc_icon_mode\"\n" +" }\n" +" if [regexp {icon_mode:1} $piece] {\n" +" set x11vnc_icon_mode 1\n" +" #puts stderr \"x11vnc_icon_mode: $x11vnc_icon_mode\"\n" +" }\n" " if {[regexp {^([^:][^:]*):(.*)$} $piece m0 item val]} {\n" " if {[info exists menu_var($item)]} {\n" " set old $menu_var($item)\n" @@ -4330,7 +4339,7 @@ char gui_code[] = ""; "}\n" "\n" "proc props_advanced {} {\n" -" global icon_mode icon_win props_win full_win\n" +" global icon_mode props_win full_win\n" " global props_advanced_first\n" "\n" " if ![info exists props_advanced_first] {\n" @@ -4348,6 +4357,7 @@ char gui_code[] = ""; " set w $full_win\n" " wm minsize $w [winfo width $w] [winfo height $w]\n" " }\n" +" push_new_value \"remote-cmd\" \"remote-cmd\" \"Q:clients\" 1\n" "}\n" "\n" "proc do_props {} {\n" @@ -4486,17 +4496,20 @@ char gui_code[] = ""; " }\n" " set props_buttons [list]\n" "\n" -" set w .props\n" -" catch {destroy $w}\n" -" toplevel $w\n" -" wm title $w \"x11vnc Properties\"\n" +" set wp .props\n" +" set w $wp\n" +" catch {destroy $wp}\n" +" toplevel $wp\n" +" wm title $wp \"x11vnc Properties\"\n" +" frame $w.lf\n" +" set w $w.lf\n" " set b1 \"$w.buttons1\"\n" " frame $b1\n" -" button $b1.ok -text OK -command \"if {\\[props_apply\\]} {destroy $w}\" -font $bfont\n" -" button $b1.cancel -text Cancel -command \"destroy $w\" -font $bfont\n" +" button $b1.ok -text OK -command \"if {\\[props_apply\\]} {destroy $wp}\" -font $bfont\n" +" button $b1.cancel -text Cancel -command \"destroy $wp\" -font $bfont\n" " button $b1.apply -text Apply -command \"props_apply\" -font $bfont\n" "\n" -" bind $w <KeyPress-Escape> \"destroy $w\"\n" +" bind $w <KeyPress-Escape> \"destroy $wp\"\n" "\n" " pack $b1.ok $b1.cancel $b1.apply -side left -expand 0\n" " lappend props_buttons $b1.apply $b1.cancel $b1.ok\n" @@ -4505,7 +4518,7 @@ char gui_code[] = ""; " frame $b2\n" "\n" " button $b2.advanced -text \" Advanced ... \" \\\n" -" -command \"destroy $w; props_advanced\" -font $bfont\n" +" -command \"destroy $wp; props_advanced\" -font $bfont\n" " if {! $icon_noadvanced} {\n" " lappend props_buttons $b2.advanced\n" " pack $b2.advanced -side left -expand 0\n" @@ -4527,6 +4540,17 @@ char gui_code[] = ""; " entry $pw.e -show \"*\" -textvariable props_passwd -font $bfont\n" " pack $pw.e -fill x -expand 1 -padx 1m -pady $pady -side top\n" "\n" +" global x11vnc_icon_mode\n" +" if {! $x11vnc_icon_mode} {\n" +" catch { $pw.e configure -state disabled}\n" +" if {! $have_labelframes} {\n" +" catch { $pw.l configure -state disabled}\n" +" }\n" +" } else {\n" +" lappend props_buttons $pw.e\n" +" }\n" +"\n" +"\n" " set vp \"$w.viewpw\"\n" " if {$have_labelframes} {\n" " labelframe $vp -text \"ViewOnly Password\" -font $bfont\n" @@ -4539,8 +4563,14 @@ char gui_code[] = ""; " entry $vp.e -show \"*\" -textvariable props_viewpasswd -font $bfont\n" " pack $vp.e -fill x -expand 1 -padx 1m -pady $pady -side top\n" "\n" -"\n" -" lappend props_buttons $vp.e\n" +" if {! $x11vnc_icon_mode} {\n" +" catch { $vp.e configure -state disabled}\n" +" if {! $have_labelframes} {\n" +" catch { $vp.l configure -state disabled}\n" +" }\n" +" } else {\n" +" lappend props_buttons $vp.e\n" +" }\n" "\n" " if {! $icon_mode_at_startup} {\n" " $vp.e configure -state disabled\n" @@ -4553,8 +4583,6 @@ char gui_code[] = ""; " catch {$pw configure -foreground grey60}\n" " }\n" "\n" -" lappend props_buttons $pw.e\n" -"\n" " set sb \"$w.solid\"\n" " frame $sb\n" " checkbutton $sb.button -text \"Solid Background Color\" \\\n" @@ -4615,17 +4643,21 @@ char gui_code[] = ""; " set show_props_instructions 1\n" " }\n" "\n" -" wm withdraw $w\n" +" wm withdraw .props\n" +"\n" +" set wl $w\n" +"\n" +" pack $wl -side left\n" "\n" " if {$msg != \"\"} {\n" " set tw [textwidth $msg]\n" " set th [textheight $msg]\n" " set th [expr $th - 1]\n" -" set ms \"$w.msg\"\n" +" set ms \".props.msg\"\n" " text $ms -font $ffont -relief ridge -width $tw -height $th\n" " $ms insert 1.0 $msg\n" "\n" -" set si \"$w.instructions\"\n" +" set si \"$wl.instructions\"\n" " frame $si\n" " checkbutton $si.button -text \"Show Instructions\" \\\n" " -variable show_props_instructions -anchor w -font $bfont \\\n" @@ -4635,15 +4667,17 @@ char gui_code[] = ""; " pack $si -side bottom -fill x -pady 0m -padx $px\n" "\n" " if {$show_props_instructions} {\n" -" pack $ms -side bottom -fill x -pady $pady -padx $px\n" +" pack $ms -side left -fill both\n" " }\n" "\n" " update\n" " }\n" "\n" +"\n" " lappend props_buttons $ac.button $cf.button $vo.button $sh.button $zc.button $jv.button $sb.button\n" "\n" " \n" +" set w .props\n" " update\n" " wm resizable $w 1 0\n" " center_win $w\n" @@ -4658,7 +4692,7 @@ char gui_code[] = ""; "proc toggle_instructions {ms pady px} {\n" " global show_props_instructions\n" " if {$show_props_instructions} {\n" -" pack $ms -side bottom -fill x -pady $pady -padx $px\n" +" pack $ms -side left -fill both\n" " } else {\n" " pack forget $ms\n" " }\n" @@ -4909,6 +4943,13 @@ char gui_code[] = ""; " if {$client_balloon == \"\"} {\n" " set client_balloon $noinfo\n" " }\n" +" if {! [info exists icon_win]} {\n" +" return\n" +" } elseif {$icon_win == \"\"} {\n" +" return\n" +" } elseif {! [winfo exists $icon_win]} {\n" +" return\n" +" }\n" "\n" " set x [expr [winfo rootx $icon_win] + ([winfo width $icon_win]/2)]\n" " set y [expr [winfo rooty $icon_win] + [winfo height $icon_win] + 4]\n" @@ -4957,10 +4998,11 @@ char gui_code[] = ""; "proc icon_win_cfg {clients} {\n" " global icon_win client_tail client_sock client_info_read\n" "\n" -" if {![info exists icon_win]} {\n" +" if {! [info exists icon_win]} {\n" " return\n" -" }\n" -" if {$icon_win == \"\"} {\n" +" } elseif {$icon_win == \"\"} {\n" +" return\n" +" } elseif {! [winfo exists $icon_win]} {\n" " return\n" " }\n" " if {$clients > 0} {\n" @@ -5120,6 +5162,14 @@ char gui_code[] = ""; " global icon_win\n" "\n" " set lab [get_icon_label]\n" +"\n" +" if {! [info exists icon_win]} {\n" +" return\n" +" } elseif {$icon_win == \"\"} {\n" +" return\n" +" } elseif {! [winfo exists $icon_win]} {\n" +" return\n" +" }\n" " \n" " if {[info exists icon_win]} {\n" " $icon_win configure -text $lab\n" @@ -6287,6 +6337,18 @@ char gui_code[] = ""; " if {$db} {puts stderr \"run_remote_cmd_via_sock: \\\"$res\\\"\"}\n" " set res [string trim $res]\n" "\n" +" if [regexp {=clients:} $res] {\n" +" regsub {^.*=clients:} $res \"\" cres\n" +" regsub {,aro=.*$} $cres \"\" cres\n" +" regsub {,ans=.*$} $cres \"\" cres\n" +" if {$cres == \"none\"} {\n" +" set cres \"\"\n" +" }\n" +" update_clients_menu $cres\n" +" set client_str $cres\n" +" set_client_balloon $cres\n" +" }\n" +"\n" " if [regexp {^clients:} $res] {\n" " regsub {^clients:} $res \"\" tmp\n" " if {$tmp == \"none\"} {\n" @@ -6674,7 +6736,6 @@ char gui_code[] = ""; "}\n" "\n" "proc setup_tray_embed {} {\n" -" global icon_win\n" " update\n" " set w [winfo width .]\n" " set h [winfo height .]\n" @@ -6765,7 +6826,6 @@ char gui_code[] = ""; "}\n" "\n" "proc undo_tray_embed {} {\n" -" global icon_win\n" " set wid [winfo id .] \n" " push_new_value \"remote-cmd\" \"remote-cmd\" \"trayunembed:$wid\" 0\n" "}\n" @@ -6793,7 +6853,7 @@ char gui_code[] = ""; "global connected_to_x11vnc\n" "global cache_all_query_vars\n" "global last_query_all_time query_all_freq client_tail client_sock client_info_read\n" -"global icon_mode icon_mode_at_startup\n" +"global icon_mode icon_mode_at_startup x11vnc_icon_mode\n" "global tray_embed tray_running icon_setpasswd icon_embed_id\n" "global icon_noadvanced icon_minimal\n" "global make_gui_count text_area_str\n" @@ -7063,6 +7123,7 @@ char gui_code[] = ""; "}\n" "\n" "set icon_mode 0\n" +"set x11vnc_icon_mode 0\n" "set tray_embed 0\n" "set tray_running 0\n" "\n" @@ -7170,11 +7231,11 @@ char gui_code[] = ""; " set do_props_msg \"\"\n" " if {$icon_setpasswd} {\n" " set m \"\\n\"\n" -" set m \" Note the x11vnc icon in the system tray \\n\" \n" +" set m \"${m} Note the x11vnc icon in the system tray.\\n\" \n" " set m \"${m} This panel is its 'Properties' dialog.\\n\" \n" " set m \"${m}\\n\" \n" " set m \"${m} To specify a Session Password and to\\n\" \n" -" set m \"${m} allow VNC clients to connect, follow\\n\" \n" +" set m \"${m} allow VNC viewers to connect, follow\\n\" \n" " set m \"${m} these steps:\\n\" \n" " set m \"${m}\\n\" \n" " set m \"${m} Enter a passwd in the Password field\\n\" \n" @@ -7184,9 +7245,12 @@ char gui_code[] = ""; " set m \"${m} Set 'Accept Connections' and then Press \\n\" \n" " set m \"${m} 'Apply' to allow incoming connections.\\n\" \n" " set m \"${m}\\n\" \n" +" set m \"${m} No Viewer can connect until you do this.\\n\" \n" +" set m \"${m}\\n\" \n" " set m \"${m} The passwords are only for this x11vnc\\n\" \n" " set m \"${m} session and are not saved. Run x11vnc\\n\" \n" -" set m \"${m} manually for more control.\\n\" \n" +" set m \"${m} manually for more control (e.g. -rfbauth \\n\" \n" +" set m \"${m} for a saved password.)\\n\" \n" " set m \"${m}\\n\" \n" " set m \"${m} See 'Help' for details on each option.\\n\" \n" "\n" @@ -7248,6 +7312,7 @@ char gui_code[] = ""; " dtime G\n" " old_balloon\n" " check_setpasswd\n" +" push_new_value \"remote-cmd\" \"remote-cmd\" \"Q:clients\" 1\n" "} else {\n" " make_gui \"full\"\n" " dtime G\n" diff --git a/x11vnc/unixpw.c b/x11vnc/unixpw.c index 3f26319..950f3b0 100644 --- a/x11vnc/unixpw.c +++ b/x11vnc/unixpw.c @@ -468,10 +468,17 @@ void unixpw_screen(int init) { if (unixpw_system_greeter) { unixpw_system_greeter_active = 0; if (use_dpy && strstr(use_dpy, "xdmcp")) { - char moo[] = "Press 'Escape' for System Greeter"; + if (getenv("X11VNC_SYSTEM_GREETER1")) { + char moo[] = "Press 'Escape' for System Greeter"; + rfbDrawString(pscreen, &default8x16Font, x-90, y-30, moo, white_pixel()); + } else { + char moo1[] = "Press 'Escape' for New Session via System Greeter,"; + char moo2[] = "or otherwise login here for Existing Session: "; + rfbDrawString(pscreen, &default6x13Font, x-110, y-38, moo1, white_pixel()); + rfbDrawString(pscreen, &default6x13Font, x-110, y-25, moo2, white_pixel()); + } set_env("X11VNC_XDM_ONLY", "0"); unixpw_system_greeter_active = 1; - rfbDrawString(pscreen, &default8x16Font, x-90, y-30, moo, white_pixel()); } } diff --git a/x11vnc/user.c b/x11vnc/user.c index 363d02e..d70ce0d 100644 --- a/x11vnc/user.c +++ b/x11vnc/user.c @@ -1590,7 +1590,7 @@ static void loop_for_connect(int did_client_connect) { if (screen && screen->clientHead) { int i; if (unixpw) { - if (! unixpw_in_progress) { + if (! unixpw_in_progress && !vencrypt_enable_plain_login) { rfbLog("unixpw but no unixpw_in_progress\n"); clean_up_exit(1); } @@ -1648,7 +1648,7 @@ static void loop_for_connect(int did_client_connect) { static void do_unixpw_loop(void) { if (unixpw) { - if (! unixpw_in_progress) { + if (! unixpw_in_progress && !vencrypt_enable_plain_login) { rfbLog("unixpw but no unixpw_in_progress\n"); clean_up_exit(1); } @@ -2785,7 +2785,9 @@ int wait_for_client(int *argc, char** argv, int http) { if (db) fprintf(stderr, "args %d %s\n", i, argv[i]); } if (!quiet && !strstr(use_dpy, "FINDDISPLAY-run")) { + rfbLog("\n"); rfbLog("wait_for_client: %s\n", use_dpy); + rfbLog("\n"); } str = strdup(use_dpy); diff --git a/x11vnc/x11vnc.1 b/x11vnc/x11vnc.1 index 893c9a6..e7fc81b 100644 --- a/x11vnc/x11vnc.1 +++ b/x11vnc/x11vnc.1 @@ -1,8 +1,8 @@ .\" This file was automatically generated from x11vnc -help output. -.TH X11VNC "1" "October 2009" "x11vnc " "User Commands" +.TH X11VNC "1" "November 2009" "x11vnc " "User Commands" .SH NAME x11vnc - allow VNC connections to real X11 displays - version: 0.9.9, lastmod: 2009-10-15 + version: 0.9.9, lastmod: 2009-11-18 .SH SYNOPSIS .B x11vnc [OPTION]... @@ -76,6 +76,10 @@ before startup. Same as \fB-xauth\fR file. See , .IR xauth (1) man pages for more info. +.IP +Use '-auth guess' to have x11vnc use its \fB-findauth\fR +mechanism (described below) to try to guess the +XAUTHORITY filename and use it. .PP \fB-N\fR .IP @@ -107,6 +111,14 @@ for display managers like GDM (KillInitClients option) that kill x11vnc just after the user logs into the X session. Note: the reopened state may be unstable. Set X11VNC_REOPEN_DISPLAY=n to reopen n times. +.IP +Update: as of 0.9.9, x11vnc tries to automatically avoid +being killed by the display manager by delaying creating +windows or using XFIXES. So you shouldn't need to use +KillInitClients=false as long as you log in quickly +enough (within 45 seconds of connecting.) You can +disable this by setting X11VNC_AVOID_WINDOWS=never. +You can also set it to the number of seconds to delay. .PP \fB-reflect\fR \fIhost:N\fR .IP @@ -444,6 +456,18 @@ mode. This usage could use useful: \fB-svc\fR \fB-bg\fR \fB-loopbg\fR .IP Exit unless a client connects within the first n seconds after startup. +.IP +If there have been no connection attempts after n +seconds x11vnc exits immediately. If a client is +trying to connect but has not progressed to the normal +operating state, x11vnc gives it a few more seconds +to finish and exits if it does not make it to the +normal state. +.IP +For reverse connections via \fB-connect\fR or \fB-connect_or_exit\fR +a timeout of n seconds will be set for all reverse +connects. If the connect timeout alarm goes off, +x11vnc will exit immediately. .PP \fB-sleepin\fR \fIn\fR .IP @@ -1149,6 +1173,20 @@ Have the FINDDISPLAY program list all of your displays (i.e. all the X displays on the local machine that you have access rights to). .PP +\fB-findauth\fR \fI[disp]\fR +.IP +Apply the \fB-find/-finddpy\fR heuristics to try to guess the +XAUTHORITY file for DISPLAY 'disp'. If 'disp' is not +supplied, then the value in the \fB-display\fR earlier in +the cmdline is used; failing that $DISPLAY is used; +and failing that ":0" is used. +.IP +If nothing is printed out, that means no XAUTHORITY was +found for 'disp'. If "XAUTHORITY=" is printed out, +that means use the default (i.e. do not set XAUTHORITY). +If "XAUTHORITY=/path/to/file" is printed out, then +use that file. +.PP \fB-create\fR .IP First try to find the user's display using FINDDISPLAY, @@ -1253,6 +1291,10 @@ WAIT: are also applied in this mode if they are typed in before the user hits Escape. The username is ignored but the colon options are not. .IP +The default message is 2 lines in a small font, set +the env. var. X11VNC_SYSTEM_GREETER1=true for a 1 line +message in a larger font. +.IP If the user pressed Escape the FINDCREATEDISPLAY command will be run with the env. var. X11VNC_XDM_ONLY=1. .IP @@ -2878,6 +2920,8 @@ If x11vnc guesses your desktop incorrectly, you can force it by prefixing color with "gnome:", "kde:", "cde:", "xfce:", or "root:". .IP +Update: \fB-solid\fR no longer works on KDE4. +.IP This mode works in a limited way on the Mac OS X Console with one color ('kelp') using the screensaver writing to the background. Look in "~/Library/Screen Savers" @@ -3447,6 +3491,14 @@ Ignored when in XFIXES cursor-grabbing mode. .IP Do not use the XFIXES extension to draw the exact cursor shape even if it is available. +.IP +Note: To work around a crash in Xorg 1.5 and later +some people needed to use \fB-noxfixes.\fR The Xorg crash +occurred right after a Display Manager (e.g. GDM) login. +Starting with x11vnc 0.9.9 it tries to automatically +avoid using XFIXES until it is sure a window manager +is running. See the \fB-reopen\fR option for more info and +how to use X11VNC_AVOID_WINDOWS=never to disable it. .PP \fB-alphacut\fR \fIn\fR .IP @@ -6052,9 +6104,9 @@ nomacnowait macwheel macnoswap macswap nomacnoswap macnoresize macresize nomacnoresize maciconanim macmenu macnomenu nomacmenu macuskbd nomacuskbd noremote .IP -aro= noop display vncdisplay autoport loop loopbg -desktopname guess_desktop guess_dbus http_url -auth xauth users rootshift clipshift scale_str +aro= noop display vncdisplay icon_mode autoport +loop loopbg desktopname guess_desktop guess_dbus +http_url auth xauth users rootshift clipshift scale_str scaled_x scaled_y scale_numer scale_denom scale_fac_x scale_fac_y scaling_blend scaling_nomult4 scaling_pad scaling_interpolate inetd privremote unsafe safer @@ -6201,7 +6253,7 @@ associated options is: stunnel, ssl, unixpw, WAIT, zeroconf, id, accept, afteraccept, gone, pipeinput, v4l-info, rawfb-setup, dt, gui, ssh, storepasswd, passwdfile, custom_passwd, -crash. +findauth, crash. .IP See each option's help to learn the associated external command. Note that the \fB-nocmds\fR option takes precedence diff --git a/x11vnc/x11vnc.c b/x11vnc/x11vnc.c index c02f813..70cef69 100644 --- a/x11vnc/x11vnc.c +++ b/x11vnc/x11vnc.c @@ -1907,6 +1907,62 @@ static void do_sleepin(char *sleep) { } } +static void check_guess_auth_file(void) { + if (!strcasecmp(auth_file, "guess")) { + char line[4096], *cmd, *q, *disp = use_dpy ? use_dpy: ""; + FILE *p; + int n; + if (!program_name) { + rfbLog("-auth guess: no program_name found.\n"); + clean_up_exit(1); + } + if (strpbrk(program_name, " \t\r\n")) { + rfbLog("-auth guess: whitespace in program_name '%s'\n", program_name); + clean_up_exit(1); + } + if (no_external_cmds || !cmd_ok("findauth")) { + rfbLog("-auth guess: cannot run external commands in -nocmds mode:\n"); + clean_up_exit(1); + } + + cmd = (char *)malloc(100 + strlen(program_name) + strlen(disp)); + sprintf(cmd, "%s -findauth %s", program_name, disp); + p = popen(cmd, "r"); + if (!p) { + rfbLog("-auth guess: could not run cmd '%s'\n", cmd); + clean_up_exit(1); + } + memset(line, 0, sizeof(line)); + n = fread(line, 1, sizeof(line), p); + pclose(p); + q = strrchr(line, '\n'); + if (q) *q = '\0'; + if (!strcmp(disp, "")) { + disp = getenv("DISPLAY"); + if (!disp) { + disp = "unset"; + } + } + if (!strcmp(line, "")) { + rfbLog("-auth guess: failed for display='%s'\n", disp); + clean_up_exit(1); + } else if (strstr(line, "XAUTHORITY=") != line) { + rfbLog("-auth guess: failed. '%s' for display='%s'\n", line, disp); + clean_up_exit(1); + } else if (!strcmp(line, "XAUTHORITY=")) { + rfbLog("-auth guess: using default XAUTHORITY for display='%s'\n", disp); + q = getenv("XAUTHORITY"); + if (q) { + *(q-2) = '_'; /* yow */ + } + auth_file = NULL; + } else { + rfbLog("-auth guess: using '%s' for disp='%s'\n", line, disp); + auth_file = strdup(line + strlen("XAUTHORITY=")); + } + } +} + extern int dragum(void); extern int is_decimal(char *); @@ -1947,8 +2003,10 @@ int main(int argc, char* argv[]) { dtime0(&x11vnc_start); + if (!getuid() || !geteuid()) { started_as_root = 1; + rfbLog("getuid: %d geteuid: %d\n", getuid(), geteuid()); /* check for '-users =bob' */ immediate_switch_user(argc, argv); @@ -2091,6 +2149,27 @@ int main(int argc, char* argv[]) { exit(0); continue; } + if (!strcmp(arg, "-findauth")) { + int ic = 0; + if (use_dpy != NULL) { + set_env("DISPLAY", use_dpy); + } + use_dpy = strdup("WAIT:cmd=FINDDISPLAY-run"); + if (argc > i+1) { + set_env("X11VNC_SKIP_DISPLAY", argv[i+1]); + } else if (getenv("DISPLAY")) { + set_env("X11VNC_SKIP_DISPLAY", getenv("DISPLAY")); + } else { + set_env("X11VNC_SKIP_DISPLAY", ":0"); + } + set_env("X11VNC_SKIP_DISPLAY_NEGATE", "1"); + set_env("FIND_DISPLAY_XAUTHORITY_PATH", "1"); + set_env("FIND_DISPLAY_NO_SHOW_XAUTH", "1"); + set_env("FIND_DISPLAY_NO_SHOW_DISPLAY", "1"); + wait_for_client(&ic, NULL, 0); + exit(0); + continue; + } if (!strcmp(arg, "-create")) { use_dpy = strdup("WAIT:cmd=FINDCREATEDISPLAY-Xvfb"); continue; @@ -4635,10 +4714,14 @@ int main(int argc, char* argv[]) { CLIENT_INIT; /* open the X display: */ + if (auth_file) { - set_env("XAUTHORITY", auth_file); -if (0) fprintf(stderr, "XA: %s\n", getenv("XAUTHORITY")); + check_guess_auth_file(); + if (auth_file != NULL) { + set_env("XAUTHORITY", auth_file); + } } + #if LIBVNCSERVER_HAVE_XKEYBOARD /* * Disable XKEYBOARD before calling XOpenDisplay() @@ -4724,7 +4807,7 @@ if (0) fprintf(stderr, "XA: %s\n", getenv("XAUTHORITY")); ; } else #endif - if (use_dpy) { + if (use_dpy && strcmp(use_dpy, "")) { dpy = XOpenDisplay_wr(use_dpy); #ifdef MACOSX } else if (!subwin && getenv("DISPLAY") @@ -4733,11 +4816,36 @@ if (0) fprintf(stderr, "XA: %s\n", getenv("XAUTHORITY")); rfbLog("MacOSX: Ignoring $DISPLAY '%s'\n", getenv("DISPLAY")); rfbLog("MacOSX: Use -display $DISPLAY to force it.\n"); #endif + } else if (raw_fb_str != NULL && raw_fb_str[0] != '+' && !got_noviewonly) { + rfbLog("Not opening DISPLAY in -rawfb mode (force via -rawfb +str)\n"); + dpy = NULL; /* don't open it. */ } else if ( (use_dpy = getenv("DISPLAY")) ) { + if (strstr(use_dpy, "localhost") == use_dpy) { + rfbLog("\n"); + rfbLog("WARNING: DISPLAY starts with localhost: '%s'\n", use_dpy); + rfbLog("WARNING: Is this an SSH X11 port forwarding? You most\n"); + rfbLog("WARNING: likely don't want x11vnc to use that DISPLAY.\n"); + rfbLog("WARNING: You probably should supply something\n"); + rfbLog("WARNING: like: -display :0 to access the physical\n"); + rfbLog("WARNING: X display on the machine where x11vnc is running.\n"); + rfbLog("\n"); + usleep(500 * 1000); + } else if (using_shm && use_dpy[0] != ':') { + rfbLog("\n"); + rfbLog("WARNING: DISPLAY might not be local: '%s'\n", use_dpy); + rfbLog("WARNING: Is this the DISPLAY of another machine? Usually,\n"); + rfbLog("WARNING: x11vnc is run on the same machine with the\n"); + rfbLog("WARNING: physical X display to be exported by VNC. If\n"); + rfbLog("WARNING: that is what you really meant, supply something\n"); + rfbLog("WARNING: like: -display :0 on the x11vnc command line.\n"); + rfbLog("\n"); + usleep(250 * 1000); + } dpy = XOpenDisplay_wr(use_dpy); } else { dpy = XOpenDisplay_wr(""); } + last_open_xdisplay = time(NULL); if (terminal_services_daemon != NULL) { terminal_services(terminal_services_daemon); @@ -4751,8 +4859,7 @@ if (0) fprintf(stderr, "XA: %s\n", getenv("XAUTHORITY")); #endif if (! dpy && raw_fb_str) { - rfbLog("continuing without X display in -rawfb mode, " - "hold on tight..\n"); + rfbLog("Continuing without X display in -rawfb mode.\n"); goto raw_fb_pass_go_and_collect_200_dollars; } @@ -4771,6 +4878,7 @@ if (0) fprintf(stderr, "XA: %s\n", getenv("XAUTHORITY")); fprintf(stderr, "\n"); use_dpy = ":0"; dpy = XOpenDisplay_wr(use_dpy); + last_open_xdisplay = time(NULL); if (dpy) { rfbLog("*** XOpenDisplay of \":0\" successful.\n"); } @@ -4805,6 +4913,10 @@ if (0) fprintf(stderr, "XA: %s\n", getenv("XAUTHORITY")); if (dpy) { Window w = XCreateSimpleWindow(dpy, rootwin, 0, 0, 1, 1, 0, 0, 0); if (! quiet) rfbLog("rootwin: 0x%lx reswin: 0x%lx dpy: 0x%x\n", rootwin, w, dpy); + if (w != None) { + XDestroyWindow(dpy, w); + } + XSync(dpy, False); } #endif @@ -5403,6 +5515,10 @@ if (0) fprintf(stderr, "XA: %s\n", getenv("XAUTHORITY")); if (speeds_read_rate_measured > 80) { /* framebuffer read is fast at > 80 MB/sec */ + int same = 0; + if (waitms == defer_update) { + same = 1; + } if (! got_waitms) { waitms /= 2; if (waitms < 5) { @@ -5414,7 +5530,11 @@ if (0) fprintf(stderr, "XA: %s\n", getenv("XAUTHORITY")); } if (! got_deferupdate && ! got_defer) { if (defer_update > 10) { - defer_update = 10; + if (same) { + defer_update = waitms; + } else { + defer_update = 10; + } if (screen) { screen->deferUpdateTime = defer_update; } diff --git a/x11vnc/x11vnc.h b/x11vnc/x11vnc.h index 805d889..8e208ea 100644 --- a/x11vnc/x11vnc.h +++ b/x11vnc/x11vnc.h @@ -520,7 +520,7 @@ extern unsigned char *tile_has_diff, *tile_tried, *tile_copied; extern unsigned char *tile_has_xdamage_diff, *tile_row_has_xdamage_diff; /* times of recent events */ -extern time_t last_event, last_input, last_client; +extern time_t last_event, last_input, last_client, last_open_xdisplay; extern time_t last_keyboard_input, last_pointer_input; extern time_t last_local_input; /* macosx */ extern time_t last_fb_bytes_sent; @@ -558,6 +558,7 @@ extern char *terminal_services_daemon; extern int client_count; extern int clients_served; +extern int client_normal_count; /* more transient kludge variables: */ extern int cursor_x, cursor_y; /* x and y from the viewer(s) */ diff --git a/x11vnc/x11vnc_defs.c b/x11vnc/x11vnc_defs.c index cf08747..ea3d904 100644 --- a/x11vnc/x11vnc_defs.c +++ b/x11vnc/x11vnc_defs.c @@ -47,7 +47,7 @@ int xtrap_base_event_type = 0; int xdamage_base_event_type = 0; /* date +'lastmod: %Y-%m-%d' */ -char lastmod[] = "0.9.9 lastmod: 2009-10-15"; +char lastmod[] = "0.9.9 lastmod: 2009-11-18"; /* X display info */ @@ -157,7 +157,7 @@ unsigned char *tile_has_diff = NULL, *tile_tried = NULL, *tile_copied = NULL; unsigned char *tile_has_xdamage_diff = NULL, *tile_row_has_xdamage_diff = NULL; /* times of recent events */ -time_t last_event = 0, last_input = 0, last_client = 0; +time_t last_event = 0, last_input = 0, last_client = 0, last_open_xdisplay = 0; time_t last_local_input = 0; time_t last_keyboard_input = 0, last_pointer_input = 0; time_t last_fb_bytes_sent = 0; @@ -195,6 +195,7 @@ char *terminal_services_daemon = NULL; int client_count = 0; int clients_served = 0; +int client_normal_count = 0; /* more transient kludge variables: */ int cursor_x = 0, cursor_y = 0; /* x and y from the viewer(s) */ diff --git a/x11vnc/xevents.c b/x11vnc/xevents.c index c1389ad..d7ce8fe 100644 --- a/x11vnc/xevents.c +++ b/x11vnc/xevents.c @@ -77,6 +77,7 @@ void set_text_chat(rfbClientPtr cl, int l, char *t); int get_keyboard_led_state_hook(rfbScreenInfoPtr s); int get_file_transfer_permitted(rfbClientPtr cl); void get_prop(char *str, int len, Atom prop, Window w); +int guess_dm_gone(int t1, int t2); static void initialize_xevents(int reset); static void print_xevent_bases(void); @@ -119,6 +120,189 @@ void initialize_clipboard_atom(void) { #endif /* NO_X11 */ } +/* + we observed these strings: + + 6 gdm_string: Gnome-power-manager + 6 gdm_string: Gnome-session + 6 gdm_string: Gnome-settings-daemon + 6 gdm_string: Login Window + 6 gdm_string: Notify-osd + 6 gdm_string: Panel + 12 gdm_string: Metacity + 12 gdm_string: gnome-power-manager + 12 gdm_string: gnome-session + 12 gdm_string: gnome-settings-daemon + 12 gdm_string: notify-osd + 18 gdm_string: Gdm-simple-greeter + 24 gdm_string: metacity + 36 gdm_string: gdm-simple-greeter + */ + +static int gdm_string(char *str) { + if (str == NULL) { + return 0; + } + if (str[0] == '\0') { + return 0; + } + if (0) fprintf(stderr, "gdm_string: %s\n", str); + if (strstr(str, "gdm-") == str || strstr(str, "Gdm-") == str) { + if (strstr(str, "-greeter") != NULL) { + return 1; + } + } + return 0; +} + +static int gdm_still_running(void) { +#if NO_X11 + return 0; +#else + Window r, parent; + Window *winlist; + unsigned int nc; + int rc, i; + static XClassHint *classhint = NULL; + XErrorHandler old_handler; + int saw_gdm_name = 0; + + /* some times a window can go away before we get to it */ + trapped_xerror = 0; + old_handler = XSetErrorHandler(trap_xerror); + + if (! classhint) { + classhint = XAllocClassHint(); + } + + /* we are xlocked. */ + rc = XQueryTree_wr(dpy, DefaultRootWindow(dpy), &r, &parent, &winlist, &nc); + if (!rc || winlist == NULL || nc == 0) { + nc = 0; + } + for (i=0; i < (int) nc; i++) { + char *name = NULL; + Window w = winlist[i]; + if (XFetchName(dpy, w, &name) && name != NULL) { + saw_gdm_name += gdm_string(name); + XFree_wr(name); + } + classhint->res_name = NULL; + classhint->res_class = NULL; + if (XGetClassHint(dpy, w, classhint)) { + name = classhint->res_name; + if (name != NULL) { + saw_gdm_name += gdm_string(name); + XFree_wr(name); + } + name = classhint->res_class; + if (name != NULL) { + saw_gdm_name += gdm_string(name); + XFree_wr(name); + } + } + if (saw_gdm_name > 0) { + break; + } + } + if (winlist != NULL) { + XFree_wr(winlist); + } + + XSync(dpy, False); + XSetErrorHandler(old_handler); + trapped_xerror = 0; + + return saw_gdm_name; +#endif +} + +static int wm_running(void) { + char *s = getenv("DEBUG_WM_RUNNING"); + RAWFB_RET(0) +#if NO_X11 + return 0; +#else + /* + * Unfortunately with recent GDM (v2.28), they run gnome-session, + * dbus-launch, and metacity for the Login greeter! So the simple + * XInternAtom checks below no longer work. + */ + if (gdm_still_running()) { + return 0; + } + + /* we are xlocked. */ + if (XInternAtom(dpy, "_NET_SUPPORTED", True) != None) { + if (s) rfbLog("wm is running (_NET_SUPPORTED).\n"); + return 1; + } + if (XInternAtom(dpy, "_WIN_PROTOCOLS", True) != None) { + if (s) rfbLog("wm is running (_WIN_PROTOCOLS).\n"); + return 1; + } + if (XInternAtom(dpy, "_XROOTPMAP_ID", True) != None) { + if (s) rfbLog("wm is running (_XROOTPMAP_ID).\n"); + return 1; + } + if (XInternAtom(dpy, "_MIT_PRIORITY_COLORS", True) != None) { + if (s) rfbLog("wm is running (_MIT_PRIORITY_COLORS).\n"); + return 1; + } + if (s) rfbLog("wm is not running.\n"); + return 0; +#endif /* NO_X11 */ + +} + +int guess_dm_gone(int t1, int t2) { + int wait = t2; + char *avoid = getenv("X11VNC_AVOID_WINDOWS"); + time_t tcheck = last_client; + + if (last_open_xdisplay > last_client) { + /* better time for -display WAIT:... */ + tcheck = last_open_xdisplay; + } + + if (avoid && !strcmp(avoid, "never")) { + return 1; + } + if (!screen || !screen->clientHead) { + return 0; + } + if (avoid) { + int n = atoi(avoid); + if (n > 1) { + wait = n; + } else { + wait = 90; + } + } else { + static time_t saw_wm = 0; + + wait = t2; + + X_LOCK; + if (wm_running()) { + if (saw_wm == 0) { + saw_wm = time(NULL); + } else if (time(NULL) <= saw_wm + 2) { + /* try to wait a few seconds after transition */ + ; + } else { + wait = t1; + } + } + X_UNLOCK; + } + /* we assume they've logged in OK after wait seconds... */ + if (time(NULL) <= tcheck + wait) { + return 0; + } + return 1; +} + static void initialize_xevents(int reset) { #if NO_X11 RAWFB_RET_VOID @@ -162,11 +346,17 @@ static void initialize_xevents(int reset) { if (watch_selection && !did_xcreate_simple_window) { /* create fake window for our selection ownership, etc */ - X_LOCK; - selwin = XCreateSimpleWindow(dpy, rootwin, 0, 0, 1, 1, 0, 0, 0); - X_UNLOCK; - did_xcreate_simple_window = 1; - if (0) rfbLog("selwin: 0x%lx\n", selwin); + /* + * We try to delay creating selwin until we are past + * any GDM, (or other KillInitClients=true) manager. + */ + if (guess_dm_gone(5, 45)) { + X_LOCK; + selwin = XCreateSimpleWindow(dpy, rootwin, 3, 2, 1, 1, 0, 0, 0); + X_UNLOCK; + did_xcreate_simple_window = 1; + if (! quiet) rfbLog("created selwin: 0x%lx\n", selwin); + } } if ((xrandr || xrandr_maybe) && !did_xrandr) { @@ -190,8 +380,16 @@ static void initialize_xevents(int reset) { did_clipboard_atom = 1; } if (xfixes_present && use_xfixes && !did_xfixes) { - initialize_xfixes(); - did_xfixes = 1; + /* + * We try to delay creating initializing xfixes until + * we are past the display manager, due to Xorg bug: + * http://bugs.freedesktop.org/show_bug.cgi?id=18451 + */ + if (guess_dm_gone(5, 45)) { + initialize_xfixes(); + did_xfixes = 1; + if (! quiet) rfbLog("called initialize_xfixes()\n"); + } } if (xdamage_present && !did_xdamage) { initialize_xdamage(); @@ -1182,7 +1380,7 @@ void check_xevents(int reset) { } #endif #if LIBVNCSERVER_HAVE_LIBXFIXES - if (xfixes_present && use_xfixes && xfixes_base_event_type) { + if (xfixes_present && use_xfixes && xfixes_first_initialized && xfixes_base_event_type) { if (XCheckTypedEvent(dpy, xfixes_base_event_type + XFixesCursorNotify, &xev)) { got_xfixes_cursor_notify++; @@ -1260,7 +1458,7 @@ void check_xevents(int reset) { req = "CLIPBOARD"; } if (which != 0 && ! own && have_clients && - XGetSelectionOwner(dpy, atom) != None) { + XGetSelectionOwner(dpy, atom) != None && selwin != None) { XConvertSelection(dpy, atom, XA_STRING, XA_STRING, selwin, CurrentTime); if (debug_sel) { @@ -1501,7 +1699,7 @@ void xcut_receive(char *text, int len, rfbClientPtr cl) { X_LOCK; /* associate this text with PRIMARY (and SECONDARY...) */ - if (set_primary && ! own_primary) { + if (set_primary && ! own_primary && selwin != None) { own_primary = 1; /* we need to grab the PRIMARY selection */ XSetSelectionOwner(dpy, XA_PRIMARY, selwin, CurrentTime); @@ -1511,7 +1709,7 @@ void xcut_receive(char *text, int len, rfbClientPtr cl) { } } - if (set_clipboard && ! own_clipboard && clipboard_atom != None) { + if (set_clipboard && ! own_clipboard && clipboard_atom != None && selwin != None) { own_clipboard = 1; /* we need to grab the CLIPBOARD selection */ XSetSelectionOwner(dpy, clipboard_atom, selwin, CurrentTime); diff --git a/x11vnc/xevents.h b/x11vnc/xevents.h index ed57b1e..e603873 100644 --- a/x11vnc/xevents.h +++ b/x11vnc/xevents.h @@ -60,6 +60,7 @@ extern void set_text_chat(rfbClientPtr cl, int l, char *t); extern int get_keyboard_led_state_hook(rfbScreenInfoPtr s); extern int get_file_transfer_permitted(rfbClientPtr cl); extern void get_prop(char *str, int len, Atom prop, Window w); +extern int guess_dm_gone(int t1, int t2); #endif /* _X11VNC_XEVENTS_H */ |