diff options
Diffstat (limited to 'x11vnc/misc/desktop.cgi')
| -rwxr-xr-x | x11vnc/misc/desktop.cgi | 560 |
1 files changed, 461 insertions, 99 deletions
diff --git a/x11vnc/misc/desktop.cgi b/x11vnc/misc/desktop.cgi index c2f9cc9..f656146 100755 --- a/x11vnc/misc/desktop.cgi +++ b/x11vnc/misc/desktop.cgi @@ -1,37 +1,188 @@ #!/usr/bin/perl # -# desktop.cgi +########################################################################## +# desktop.cgi: +# +# This is an example CGI script to provide multi-user web access to +# x11vnc desktops. The user desktop sessions run in 'Xvfb' displays +# that are created automatically. +# +# This script should/must be served by an HTTPS (i.e. SSL) webserver, +# otherwise the unix and vnc passwords would be sent over the network +# unencrypted (see below to disable if you really want to.) +# +# The Java VNC Viewer applet connections are encrypted by SSL as well. +# +# You can use this script to provide unix users desktops available on +# demand via any Java enabled web browser. One could also use this for +# a special-purpose 'single application' service running in a minimal +# window manager. +# +# One example of a special-purpose application would be a scientific +# data visualization tool running on a server where the data is housed. +# To do this set $x11vnc_extra_opts = '-env FD_PROG=/path/to/app/launcher' +# where the program launches your special purpose application. A very +# simple example: '-env FD_PROG=/usr/bin/xclock' +# +# +# Depending on where you place this script, the user accesses the service +# with the URL: +# +# https://your.webserver.net/cgi-bin/desktop.cgi +# +# Then they login with their unix username and password to get their +# own desktop session. +# +# If the user has an existing desktop it is connected to directly, +# otherwise a new session is created inside an Xvfb display and then +# connected to by VNC. +# +# It is possible to do port redirection to other machines running SSL +# enabled VNC servers (see below.) This script does not start the VNC +# servers on the other machines, although with some extra rigging you +# should be able to do that as well. +# +# You can customize the login procedure to whatever you want by modifying +# this script, or by using ideas in this script write your own PHP, +# (for example), script. +# +########################################################################## +# Overriding default settings: +# +# If you want to override any settings in this script and do not +# want to edit this script create the assignments in a file named +# 'desktop.cgi.conf' in the same directory as desktop.cgi. It will be +# sourced after the defaults are set. The format of desktop.cgi.conf +# is simply perl statements that make the assignments. +# +# For example, if you put something like this in desktop.cgi.conf: +# +# $x11vnc = '/usr/local/bin/x11vnc'; +# +# that will set the path to the x11vnc binary to that location. Look at +# the settings below for the other variables that you can modify, for +# example one could set $allowed_users_file. +# +########################################################################## +# x11vnc: # -# An example cgi script to provide multi-user web access to x11vnc -# desktops. This script should/must be served by an HTTPS webserver, -# otherwise the unix and vnc passwords are sent over the network -# unencrypted (see below to disable) +# You need to install x11vnc or otherwise have it available. It is +# REQUIRED that you use x11vnc 0.9.10 or later. It won't work with +# earlier versions. See below the $x11vnc parameter that you can set +# to the full path to x11vnc. +# +########################################################################## +# Xvfb: # # Note that the x11vnc -create virtual desktop service used below requires -# that you install the 'Xvfb' program. +# that you install the 'Xvfb' program. On debian this is currently done +# via 'apt-get install xvfb'. +# +# If you are having trouble getting 'x11vnc -create' to work with this +# script (it can be tricky), try it manually and/or see the x11vnc FAQ +# links below. +# +########################################################################## +# Apache httpd: +# +# You should put this script in, say, a cgi-bin directory. Enable cgi +# scripts in your apache (or other httpd) config. For example, we have +# these lines (not commented): +# +# In httpd.conf: # -# You should put this script in, say, a cgi-bin directory. +# ScriptAlias /cgi-bin/ "/dist/apache/2.0/cgi-bin/" +# +# <Directory "/dist/apache/2.0/cgi-bin"> +# AllowOverride None +# Options None +# Order allow,deny +# Allow from all +# </Directory> +# +# and in ssl.conf: +# +# <Directory "/dist/apache/2.0/cgi-bin"> +# SSLOptions +StdEnvVars +# </Directory> +# +# Do not be confused by the non-standard /dist/apache/2.0 apache +# installation location that we happen to use. Yours will be different. +# +# You can test that you have CGI scripts working properly with the +# 'test-cgi' and 'printenv' scripts apache provides. +# +# Copy this file (desktop.cgi) to /dist/apache/2.0/cgi-bin and then run +# 'chmod 755 ...' on it to make it executable. +# +########################################################################## +# Applet Jar files served by apache: # # You will *also* need to copy the x11vnc classes/ssl/UltraViewerSSL.jar -# file to the document root: /UltraViewerSSL.jar (or change the html -# at bottom.) +# file to the httpd DocumentRoot to be accessible by: /UltraViewerSSL.jar +# in a URL (or change $applet_jar below or the html in $applet_html if +# you want to use a different location.) +# +# This location is relative to the apache DocumentRoot 'htdocs' directory. +# For our (non-standard location installation) that meant we copied the +# file to: +# +# /dist/apache/2.0/htdocs/UltraViewerSSL.jar +# +# (your DocumentRoot directory will be different.) +# +# The VncViewer.jar (tightvnc) will also work, but you need to change +# the $applet_jar below. You can get these jar files from the x11vnc +# tarball from: +# +# http://www.karlrunge.com/x11vnc/#downloading +# +# This script requires x11vnc 0.9.10 or later. # -# Each x11vnc server created for a login will listen on its own port (see -# below for port selection schemes.) Your firewall must let in these ports. -# It is difficult and not as reliable to do all of this through a single port; -# however, see the fixed port scheme find_free_port = 'fixed:5900' below. +# Note that the usage mode for this script is a different from regular +# 'x11vnc -http ...' usage where x11vnc acts as a mini web server and +# serves its own applet jars. We don't use that mode for this script. +# Apache (httpd) serves the jars. # -# Note there are two SSL certificates involved that the user may be +# +########################################################################## +# Notes and Information: +# +# Each x11vnc server created for a user login will listen on its own port +# (see below for port selection schemes.) Your firewall must let in *ALL* +# of these ports (e.g. a port range, see below for the syntax.) +# +# It is also possible, although not as reliable, to do all of this through +# a single port, see the fixed port scheme $find_free_port = 'fixed:5910' +# below. This single port mode must be different from apache's port +# (usually 443 for https) and must also be allowed in by your firewall. +# +# Note: The fixed port scheme is DISABLED by default. +# +# It is also possible to have this script act as a vnc redirector to SSL +# enabled VNC servers running on *other* machines inside your firewall +# (presumably the users' desktops) See the $enable_port_redirection +# setting below. The user provides 'username@host:port' instead of just +# 'username' when she logs in. This script doesn't start VNC servers +# on those other machines, the servers must be running there already. +# (If you want this script to start them you will need to add it +# yourself.) It is possible to provide a host:port allow list to limit +# which internal machines and ports can be redirected to. This is the +# $port_redirection_allowed_hosts parameter. +# +# Note: The vnc redirector scheme is DISABLED by default. +# +# Note there are *two* SSL certificates involved that the user may be # asked to inspect: apache's SSL cert and x11vnc's SSL cert. This may -# confuse the user. +# confuse naive users. You may want to use the same cert for both. # # This script provides one example on how to provide the service. You can -# customize to meet your needs, e.g. switch to php, newer modules, -# different authentication, SQL database, etc. If you plan to use it -# in production, please examine all security aspects of it carefully; -# read the comments in the script for more info. +# customize it to meet your needs, e.g. switch to php, newer cgi modules, +# different authentication, SQL database for user authentication, etc, +# etc. If you plan to use it in production, please examine all security +# aspects of it carefully; read the comments in the script for more info. # -# More information and background: +# More information and background and troubleshooting: # # http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb # http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers @@ -39,6 +190,10 @@ # http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal # http://www.karlrunge.com/x11vnc/faq.html#faq-unix-passwords # http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin +# +# +# Please also read the comments below for changing specific settings. +# You can modify them in this script or by override file 'desktop.cgi.conf' #------------------------------------------------------------------------- @@ -64,31 +219,58 @@ use strict; use IO::Socket::INET; +########################################################################## +# Path to the x11vnc program: +# +my $x11vnc = '/usr/bin/x11vnc'; + + +########################################################################## +# You can set some extra x11vnc cmdline options here: +# +my $x11vnc_extra_opts = ''; + + +########################################################################## +# Override the default x11vnc viewer connection timeout of 75 seconds: +# +my $x11vnc_timeout = ''; + + +########################################################################## # TCP Ports: # # Set find_free_port to 1 (or the other modes described below) to -# autoselect a free port to use. The default is to use a fixed port -# based on the userid. +# autoselect a free port to use. The default is to use a port based on +# the userid number (7000 + uid). # my $find_free_port = 0; -# + # Or specify a port range: # #$find_free_port = '7000-8000'; # # Or indicate to use a kludge to try to do everything through a SINGLE # port. To try to avoid contention on the port, simultaneous instances -# of this script attempt to 'take turns' using it. +# of this script attempt to 'take turns' using it the single port. +# +#$find_free_port = 'fixed:5910'; + +# This is the starting port for 7000 + uid and also $find_free_port = 1 +# autoselection: # -#$find_free_port = 'fixed:5900'; +my $starting_port = 7000; +########################################################################## # Port redirection mode: # -# This is to allow port redirection mode: username@host:port If username -# is valid, there will be a port redirection to internal machine +# This is to enable port redirection mode: username@host:port. If +# username is valid, there will be a port redirection to internal machine # host:port. Presumably there is already an SSL enabled and password -# protected VNC server running there. We don't start that server. +# protected VNC server running there. We don't start that VNC server. +# (You might be able to figure out a way to do this yourself.) +# # See the next setting for an allowed hosts file. The default for port # redirection is off. # @@ -108,23 +290,60 @@ my $enable_port_redirection = 0; my $port_redirection_allowed_hosts = ''; +########################################################################## +# Allowed users: +# +# To limit which users can use this service, set the following to a file +# that contains the allowed user names one per line. Lines starting with +# the '#' character are skipped. +# +my $allowed_users_file = ''; + + +########################################################################## +# Denied users: +# +# As with $allowed_users_file, but to deny certain users. Applied after +# any $allowed_users_file check and overrides the result. +# +my $denied_users_file = ''; + + +########################################################################## +# trustUrlVncCert applet parameter: +# # Set to 0 to have the java applet html set the parameter -# trustUrlVncCert=no, i.e. the applet will not automatically accept an -# SSL cert already accepted by an HTTPS URL. See print_applet_html() -# below for more info. +# trustUrlVncCert=no, i.e. the applet will not automatically accept +# an SSL cert already accepted by an HTTPS URL. See $applet_html and +# print_applet_html() below for more info. # my $trustUrlVncCert = 1; +########################################################################## +# One-time VNC password fifo: +# +# For extra security against local untrusted users a fifo is used +# to copy the one-time VNC password to the user's VNC password file +# ~user/x11vnc.pw. If that fifo transfer technique causes problems, +# you can set this value to 1 to disable the security feature: +# +my $disable_vnc_passwd_fifo_safety = 0; + + +########################################################################## # Comment this out if you don't want PATH modified: # -$ENV{PATH} = "/usr/bin:bin:$ENV{PATH}"; +$ENV{PATH} = "/usr/bin:/bin:$ENV{PATH}"; +########################################################################## # For the next two settings, note that most users will be confused that # geometry and session are ignored when they are returning to their # existing desktop session (x11vnc FINDDISPLAY action.) + +########################################################################## # Used below if user did not specify preferred geometry and color depth: # my $default_geometry = '1024x768x24'; @@ -139,6 +358,7 @@ my $session_types = ''; #$session_types = 'gnome kde xfce lxde wmaker enlightenment mwm twm failsafe'; +########################################################################## # Set this to 1 to enable user setting a unique tag for each one # of his desktops and so can have multiple ones simultaneously and # select which one he wants. For now we just hack this onto geometry @@ -148,37 +368,125 @@ my $session_types = ''; my $enable_unique_tags = 0; my $unique_tag = ''; -# You can set some extra x11vnc cmdline options here: + +########################################################################## +# String of HTML for the login form: # -my $x11vnc_extra_opts = ''; +# Feel free to customize to your taste, _USERNAME_ and _GEOMETRY_ are +# expanded to that of the request. +# +my $login_str = <<"END"; +<title>x11vnc web access</title> +<h3>x11vnc web access</h3> +<form action="$ENV{REQUEST_URI}" method="post"> + <table border="0"> + <tr><td colspan=2><h2>Login</h2></td></tr> + <tr><td>Username:</td><td> + <input type="text" name="username" maxlength="40" value="_USERNAME_"> + </td></tr> + <tr><td>Password:</td><td> + <input type="password" name="password" maxlength="50"> + </td></tr> + <tr><td>Geometry:</td><td> + <input type="text" name="geometry" maxlength="40" value="_GEOMETRY_"> + </td></tr> + <!-- session --> + <tr><td colspan="2" align="right"> + <input type="submit" name="submit" value="Login"> + </td></tr> + </table> +</form> +END -# Path to x11vnc program: +########################################################################## +# String of HTML returned to web browser to launch applet: # -my $x11vnc = '/usr/bin/x11vnc'; +# Feel free to customize to your taste, _UID_, _VNC_PORT_, _WIDTH_, +# _HEIGHT_, _PASS_, _TRUST_UVC_, _APPLET_JAR_, and _APPLET_CLASS_ are +# expanded to the appropriate values before sending out to the browser. +# +my $applet_html = <<"END"; +<html> +<TITLE> +x11vnc desktop (_UID_/_VNC_PORT_) +</TITLE> +<APPLET CODE=_APPLET_CLASS_ ARCHIVE=_APPLET_JAR_ WIDTH=_WIDTH_ HEIGHT=_HEIGHT_> +<param name=PORT value=_VNC_PORT_> +<param name=VNCSERVERPORT value=_VNC_PORT_> +<param name=PASSWORD value=_PASS_> +<param name=trustUrlVncCert value=_TRUST_UVC_> +<param name="Open New Window" value=yes> +<param name="Offer Relogin" value=no> +<param name="ignoreMSLogonCheck" value=yes> +<param name="delayAuthPanel" value=yes> +<!-- extra --> +</APPLET> +<br> +<a href="$ENV{REQUEST_URI}">Login page</a><br> +<a href=http://www.karlrunge.com/x11vnc>x11vnc website</a> +</html> +END -if (`uname -n` =~ /haystack/) { - # for my testing: - if (-f "/home/runge/dtcgi.test") { - eval `cat /home/runge/dtcgi.test`; - } + +########################################################################## +# These java applet strings are expanded into the above $applet_html. +# Note that $applet_jar is relative to your apache DocumentRoot (htdocs) +# not the filesystem root. +# +my $applet_jar = '/UltraViewerSSL.jar'; +my $applet_class = 'VncViewer.class'; + +# These make the applet panel smaller because we use 'Open New Window' +# anyway (set to 'W' or 'H' to use actual session geometry values): +# +my $applet_width = '400'; +my $applet_height = '300'; + +# To customize ALL of the HTML printed out you may need to redefine +# the bye() subtroutine in your desktop.cgi.conf file. + + +########################################################################## +# Override any of the above settings by setting them in a file named +# 'desktop.cgi.conf'. It is sourced here. +# +# You can override any variable set above by supplying perl code +# in $0.conf that sets it to the desired value. +# +# Some examples you could put in $0.conf: +# +# $x11vnc = '/usr/local/bin/x11vnc'; +# $x11vnc_extra_opts = '-env FD_PROG=/usr/bin/xclock'; +# $x11vnc_extra_opts = '-ssl /usr/local/etc/dtcgi.pem'; +# $find_free_port = 'fixed:5999'; +# $enable_port_redirection = 1; +# $allowed_users_file = '/usr/local/etc/dtcgi.allowed'; +# +if (-f "$0.conf") { + eval `cat "$0.conf"`; } -# http header: +########################################################################## +# END OF MAIN USER SETTINGS. +# Only power users should change anything below. +########################################################################## + +# Print http header reply: # print STDOUT "Content-Type: text/html\r\n\r\n"; # Require HTTPS so that unix and vnc passwords are not sent in clear text -# (perhaps it is too late...) Disable HTTPS at your own risk. +# (perhaps it is too late...) Disable HTTPS here at your own risk. # if ($ENV{HTTPS} !~ /^on$/i) { bye("HTTPS must be used (to encrypt passwords)"); } -# Read request: +# Read URL request: # my $request; if ($ENV{'REQUEST_METHOD'} eq "POST") { @@ -192,7 +500,8 @@ if ($ENV{'REQUEST_METHOD'} eq "POST") { my %request = url_decode(split(/[&=]/, $request)); -# Experiment for FD_TAG x11vnc feature for multiple desktops: +# Experiment for FD_TAG x11vnc feature for multiple desktops for a +# single user: # # we hide it in geometry:tag for now: # @@ -212,30 +521,28 @@ if (!exists $request{session} || $request{session} =~ /^\s*$/) { } -# String for the login form: +# Expand _USERNAME_ and _GEOMETRY_ in the login string HTML: # -my $login_str = <<"END"; -<title>x11vnc web access</title> -<h3>x11vnc web access</h3> -<form action="$ENV{REQUEST_URI}" method="post"> - <table border="0"> - <tr><td colspan=2><h2>Login</h2></td></tr> - <tr><td>Username:</td><td> - <input type="text" name="username" maxlength="40" value="$request{username}"> - </td></tr> - <tr><td>Password:</td><td> - <input type="password" name="password" maxlength="50"> - </td></tr> - <tr><td>Geometry:</td><td> - <input type="text" name="geometry" maxlength="40" value="$request{geometry}"> - </td></tr> - <!-- session --> - <tr><td colspan="2" align="right"> - <input type="submit" name="submit" value="Login"> - </td></tr> - </table> -</form> -END +$login_str =~ s/_USERNAME_/$request{username}/g; +$login_str =~ s/_GEOMETRY_/$request{geometry}/g; + + +# Check x11vnc version for installers of this script who do not know +# how to read and follow instructions: +# +my $version = (split(' ', `$x11vnc -version`))[1]; +$version =~ s/\D*$//; + +my ($major, $minor, $micro) = split(/\./, $version); +if ($major !~ /^\d+$/ || $minor !~ /^\d+$/) { + bye("The x11vnc program is not installed correctly."); +} +$micro = 0 unless $micro; +my $level = $major * 100 * 100 + $minor * 100 + $micro; +my $needed = 0 * 100 * 100 + 9 * 100 + 10; +if ($level < $needed) { + bye("x11vnc version 0.9.10 or later is required. (Found version $version)"); +} # Set up user selected desktop session list, if enabled: @@ -301,6 +608,49 @@ if ($enable_port_redirection) { } } +# If there is an $allowed_users_file, check username against it: +# +if ($allowed_users_file ne '') { + if (! open(USERS, "<$allowed_users_file")) { + bye("Internal Error #0"); + } + my $ok = 0; + while (<USERS>) { + chomp; + $_ =~ s/^\s*//; + $_ =~ s/\s*$//; + next if /^#/; + if ($username eq $_) { + $ok = 1; + } + } + close USERS; + if (! $ok) { + bye("Denied Username.<p>$login_str"); + } +} + +# If there is a $denied_users_file, check username against it: +# +if ($denied_users_file ne '') { + if (! open(USERS, "<$denied_users_file")) { + bye("Internal Error #0"); + } + my $ok = 1; + while (<USERS>) { + chomp; + $_ =~ s/^\s*//; + $_ =~ s/\s*$//; + next if /^#/; + if ($username eq $_) { + $ok = 0; + } + } + close USERS; + if (! $ok) { + bye("Denied Username.<p>$login_str"); + } +} # Require username to be alphanumeric + '-' + '_': # (one may want to add '.' as well) @@ -321,6 +671,7 @@ if ($? != 0 || $uid !~ /^\d+$/) { # Use x11vnc trick to check if the unix password is valid: +# (requires x11vnc 0.9.10 or later.) # if (!open(X11VNC, "| $x11vnc -unixpw \%stdin > /dev/null")) { bye("Internal Error #1"); @@ -346,7 +697,7 @@ my $fixed_port = 0; if (! $find_free_port) { # Fixed port based on userid (we assume it is free): # - $vnc_port = 7000 + $uid; + $vnc_port = $starting_port + $uid; } elsif ($find_free_port =~ /^fixed:(\d+)$/) { # @@ -391,7 +742,7 @@ for (my $i = 0; $i < 8; $i++) { # Use x11vnc trick to switch to user and store vnc pass in the passwdfile. # Result is $pass is placed in user's $HOME/x11vnc.pw # -# (This is actually difficult to do without untrusted local users being +# (This is actually difficult to do without untrusted LOCAL users being # able to see the pass as well, see copy_password_to_user() for details # on how we try to avoid this.) # @@ -430,6 +781,7 @@ if (!open(TMP, ">$tmpfile")) { # and -sslonly disables VeNCrypt SSL connections. # Some settings: +# (change these if you encounter timing problems, etc.) # my $timeout = 75; my $extra = ''; @@ -438,6 +790,8 @@ if ($fixed_port) { $timeout = 45; $extra .= " -loopbg100,1"; } +$timeout = $x11vnc_timeout if $x11vnc_timeout ne ''; + if ($session_types ne '') { # settings for session selection case: if (exists $sessions{$session}) { @@ -474,7 +828,7 @@ if ($? == 0) { unlink $md5; } -# write x11vnc command to the tmp file: +# Write x11vnc command to the tmp file: # print TMP <<"END"; #!/bin/sh @@ -497,6 +851,7 @@ close TMP; $ENV{UNIXPW_CMD} = "/bin/sh $tmpfile"; # For the fixed port scheme we try to cooperate via lock file: +# (disabled by default.) # my $rmlock = ''; # @@ -593,8 +948,8 @@ sub initialize_random { # the end. # sub auto_select_port { - my $pmin = 7000; # default range. - my $pmax = 8000; + my $pmin = $starting_port; # default range 7000-8000. + my $pmax = $starting_port + 1000; if ($find_free_port =~ /^(\d+)-(\d+)$/) { # user supplied a range: @@ -647,7 +1002,7 @@ sub auto_select_port { # the user command is run in its own tty. # # The best way would be a sudo action or a special setuid program for -# copying. So consider using that and thereby simplify this function. +# copying. So consider doing that and thereby simplify this function. # # Short of a special program doing this, we use a fifo so ONLY ONE # process can read the password. If the untrusted local user reads it, @@ -685,6 +1040,12 @@ sub copy_password_to_user { bye("Internal Error #7"); } + # disable fifo safety if requested: + # + if ($disable_vnc_passwd_fifo_safety) { + $use_fifo = ''; + } + # Make the fifo: # if ($use_fifo) { @@ -756,7 +1117,6 @@ sub copy_password_to_user { } close X11VNC; # note we ignore return value. fsleep(0.5); - #print STDERR `ls -l $fifo ~$username/x11vnc.pw`; unlink $fifo; # Done! @@ -854,33 +1214,32 @@ sub lock_fixed_port { # sub print_applet_html { my ($W, $H, $D) = split(/x/, $geometry); - $W = 640; # make it smaller since we 'Open New Window' below anyway. - $H = 480; + + # make it smaller since we 'Open New Window' below anyway. + if ($applet_width ne 'W') { + $W = $applet_width; + } + if ($applet_height ne 'H') { + $H = $applet_height; + } + my $tUVC = ($trustUrlVncCert ? 'yes' : 'no'); - my $str = <<"END"; -<html> -<TITLE> -x11vnc desktop ($uid/$vnc_port) -</TITLE> -<APPLET CODE=VncViewer.class ARCHIVE=/UltraViewerSSL.jar WIDTH=$W HEIGHT=$H> -<param name=PORT value=$vnc_port> -<param name=VNCSERVERPORT value=$vnc_port> -<param name=PASSWORD value=$pass> -<param name=trustUrlVncCert value=$tUVC> -<param name="Open New Window" value=yes> -<param name="Offer Relogin" value=no> -<param name="ignoreMSLogonCheck" value=yes> -<param name="delayAuthPanel" value=yes> -<!-- extra --> -</APPLET> -<br> -<a href="$ENV{REQUEST_URI}">Login page</a><br> -<a href=http://www.karlrunge.com/x11vnc>x11vnc website</a> -</html> -END + + # see $applet_html set in defaults section for more info: + # + my $str = $applet_html; + + $str =~ s/_UID_/$uid/g; + $str =~ s/_VNC_PORT_/$vnc_port/g; + $str =~ s/_WIDTH_/$W/g; + $str =~ s/_HEIGHT_/$H/g; + $str =~ s/_PASS_/$pass/g; + $str =~ s/_APPLET_JAR_/$applet_jar/g; + $str =~ s/_APPLET_CLASS_/$applet_class/g; + $str =~ s/_TRUST_UVC_/$tUVC/g; if ($enable_port_redirection && $redirect_host ne '') { - $str =~ s/name=PASSWORD value=.*>/name=NOT_USED value=yes>/; + $str =~ s/name=PASSWORD value=.*>/name=NOT_USED value=yes>/i; #$str =~ s/<!-- extra -->/<!-- extra -->\n<param name="ignoreProxy" value=yes>/; } @@ -1025,6 +1384,9 @@ sub check_redirect_host { # Much of this code is borrowed from 'connect_switch': # +# (it only applies to the vnc redirector $enable_port_redirection mode +# which is off by default.) +# sub handle_conn { close STDIN; close STDOUT; |
