diff -Nru x11vnc-0.9.8/AUTHORS x11vnc-0.9.9/AUTHORS --- x11vnc-0.9.8/AUTHORS 2009-05-21 15:15:11.000000000 +0100 +++ x11vnc-0.9.9/AUTHORS 2009-11-17 04:29:07.000000000 +0000 @@ -31,7 +31,8 @@ Alberto Lusiani, Malvina Mazin, Dave Stuart, Rohit Kumar, Donald Dugger, Steven Carr, Uwe Völker, Charles Coffing, Guillaume Rousse, Alessandro Praduroux, Brad Hards, Timo Ketola, Christian Ehrlicher, -Noriaki Yamazaki, and Ben Klopfenstein. +Noriaki Yamazaki, Ben Klopfenstein, Vic Lee, Christian Beier, +and Alexander Dorokhine. Probably I forgot quite a few people sending a patch here and there, which really made a difference. Without those, some obscure bugs still would diff -Nru x11vnc-0.9.8/classes/Makefile.in x11vnc-0.9.9/classes/Makefile.in --- x11vnc-0.9.8/classes/Makefile.in 2009-06-19 15:44:19.000000000 +0100 +++ x11vnc-0.9.9/classes/Makefile.in 2009-12-21 05:02:59.000000000 +0000 @@ -33,6 +33,8 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ subdir = classes DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -163,10 +165,18 @@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ +build = @build@ build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ datadir = @datadir@ exec_prefix = @exec_prefix@ +host = @host@ host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ diff -Nru x11vnc-0.9.8/classes/ssl/Makefile.in x11vnc-0.9.9/classes/ssl/Makefile.in --- x11vnc-0.9.8/classes/ssl/Makefile.in 2009-06-19 15:44:19.000000000 +0100 +++ x11vnc-0.9.9/classes/ssl/Makefile.in 2009-12-21 05:02:59.000000000 +0000 @@ -34,6 +34,8 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ subdir = classes/ssl DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -158,10 +160,18 @@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ +build = @build@ build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ datadir = @datadir@ exec_prefix = @exec_prefix@ +host = @host@ host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ Binary files /tmp/tYodrGW71U/x11vnc-0.9.8/classes/ssl/SignedUltraViewerSSL.jar and /tmp/E6UdLSsuDS/x11vnc-0.9.9/classes/ssl/SignedUltraViewerSSL.jar differ Binary files /tmp/tYodrGW71U/x11vnc-0.9.8/classes/ssl/SignedVncViewer.jar and /tmp/E6UdLSsuDS/x11vnc-0.9.9/classes/ssl/SignedVncViewer.jar differ Binary files /tmp/tYodrGW71U/x11vnc-0.9.8/classes/ssl/src/keystore0 and /tmp/E6UdLSsuDS/x11vnc-0.9.9/classes/ssl/src/keystore0 differ diff -Nru x11vnc-0.9.8/classes/ssl/src/tight/SSLSocketToMe.java x11vnc-0.9.9/classes/ssl/src/tight/SSLSocketToMe.java --- x11vnc-0.9.8/classes/ssl/src/tight/SSLSocketToMe.java 2009-06-19 15:23:50.000000000 +0100 +++ x11vnc-0.9.9/classes/ssl/src/tight/SSLSocketToMe.java 2009-08-13 14:16:42.000000000 +0100 @@ -6,7 +6,8 @@ * * This is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. + * the Free Software Foundation; version 2 of the License, or + * (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff -Nru x11vnc-0.9.8/classes/ssl/src/ultra/SSLSocketToMe.java x11vnc-0.9.9/classes/ssl/src/ultra/SSLSocketToMe.java --- x11vnc-0.9.8/classes/ssl/src/ultra/SSLSocketToMe.java 2009-06-19 15:23:50.000000000 +0100 +++ x11vnc-0.9.9/classes/ssl/src/ultra/SSLSocketToMe.java 2009-08-13 14:16:42.000000000 +0100 @@ -6,7 +6,8 @@ * * This is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. + * the Free Software Foundation; version 2 of the License, or + * (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff -Nru x11vnc-0.9.8/classes/ssl/ss_vncviewer x11vnc-0.9.9/classes/ssl/ss_vncviewer --- x11vnc-0.9.8/classes/ssl/ss_vncviewer 2009-05-31 22:49:56.000000000 +0100 +++ x11vnc-0.9.9/classes/ssl/ss_vncviewer 2009-11-18 04:34:33.000000000 +0000 @@ -3,8 +3,24 @@ # ss_vncviewer: wrapper for vncviewer to use an stunnel SSL tunnel # or an SSH tunnel. # -# Copyright (c) 2006-2008 by Karl J. Runge +# Copyright (c) 2006-2009 by Karl J. Runge # +# ss_vncviewer is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or (at +# your option) any later version. +# +# ss_vncviewer is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with ss_vncviewer; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA +# or see . +# +# # You must have stunnel(8) installed on the system and in your PATH # (however, see the -ssh option below, in which case you will need ssh(1) # installed) Note: stunnel is usually installed in an "sbin" subdirectory. @@ -129,7 +145,7 @@ # # turn on verbose debugging output -if [ "X$SS_DEBUG" != "X" ]; then +if [ "X$SS_DEBUG" != "X" -a "X$SS_DEBUG" != "X0" ]; then set -xv fi @@ -141,6 +157,7 @@ fi # work out which stunnel to use (debian installs as stunnel4) +stunnel_set_here="" if [ "X$STUNNEL" = "X" ]; then check_stunnel=1 if [ "X$SSVNC_BASEDIRNAME" != "X" ]; then @@ -161,6 +178,7 @@ STUNNEL=stunnel fi fi + stunnel_set_here=1 fi help() { @@ -217,10 +235,12 @@ str=`$VNCVIEWERCMD -h 2>&1 | head -n 5` if echo "$str" | grep -i 'TightVNC.viewer' > /dev/null; then echo "tightvnc" - elif echo "$str" | grep -i 'RealVNC.Ltd' > /dev/null; then - echo "realvnc4" elif echo "$str" | grep -i 'VNC viewer version 3' > /dev/null; then echo "realvnc3" + elif echo "$str" | grep -i 'VNC viewer .*Edition 4' > /dev/null; then + echo "realvnc4" + elif echo "$str" | grep -i 'RealVNC.Ltd' > /dev/null; then + echo "realvnc4" else echo "unknown" fi @@ -287,6 +307,8 @@ ;; "-ssvnc_encodings") shift; VNCVIEWER_ENCODINGS="$1"; export VNCVIEWER_ENCODINGS ;; + "-ssvnc_extra_opts") shift; VNCVIEWERCMD_EXTRA_OPTS="$1"; export VNCVIEWERCMD_EXTRA_OPTS + ;; "-rfbversion") shift; VNCVIEWER_RFBVERSION="$1"; export VNCVIEWER_RFBVERSION ;; "-nobell") VNCVIEWER_NOBELL=1; export VNCVIEWER_NOBELL @@ -438,7 +460,12 @@ vtmp=`mytmp "$vtmp"` SSVNC_PREDIGESTED_HANDSHAKE="$vtmp" export SSVNC_PREDIGESTED_HANDSHAKE - #echo "SSVNC_PREDIGESTED_HANDSHAKE=$SSVNC_PREDIGESTED_HANDSHAKE" + if [ "X$SSVNC_USE_OURS" = "X" ]; then + NEED_VENCRYPT_VIEWER_BRIDGE=1 + fi +fi +if [ "X$SSVNC_USE_OURS" = "X" ]; then + VNCVIEWERCMD_EXTRA_OPTS="" fi @@ -654,6 +681,9 @@ if [ "X$tail_pid" != "X" ]; then kill -TERM $tail_pid fi + if [ "X$tail_pid2" != "X" ]; then + kill -TERM $tail_pid2 + fi } if [ "X$reverse" = "X" ]; then @@ -687,6 +717,12 @@ VNCVIEWERCMD="$VNCIPCMD" fi +if echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then + : +elif [ "X$VNCVIEWERCMD_EXTRA_OPTS" != "X" ]; then + VNCVIEWERCMD="$VNCVIEWERCMD $VNCVIEWERCMD_EXTRA_OPTS" +fi + # trick for the undocumented rsh://host:port method. rsh_setup() { if echo "$ssh_host" | grep '@' > /dev/null; then @@ -719,24 +755,56 @@ fi } +check_perl() { + if type "$1" > /dev/null 2>&1; then + : + elif [ ! -x "$1" ]; then + echo "" + echo "*******************************************************" + echo "** Problem finding the Perl command '$1': **" + echo "" + type "perl" + echo "" + echo "** Perhaps you need to install the Perl package. **" + echo "*******************************************************" + echo "" + sleep 5 + fi +} + # this is the PPROXY tool. used only here for now... pcode() { tf=$1 PPROXY_PROXY=$proxy; export PPROXY_PROXY PPROXY_DEST="$host:$port"; export PPROXY_DEST + check_perl /usr/bin/perl + cod='#!/usr/bin/perl -# A hack to glue stunnel to a Web proxy or SOCKS for client connections. +# A hack to glue stunnel to a Web or SOCKS proxy, UltraVNC repeater for +# client connections. +# Also acts as a VeNCrypt bridge (by redirecting to stunnel.) use IO::Socket::INET; -if (exists $ENV{PPROXY_SLEEP}) { +if (exists $ENV{PPROXY_SLEEP} && $ENV{PPROXY_SLEEP} > 0) { print STDERR "PPROXY_PID: $$\n"; sleep $ENV{PPROXY_SLEEP}; } -foreach my $var (qw(PPROXY_PROXY PPROXY_SOCKS PPROXY_DEST PPROXY_LISTEN - PPROXY_REVERSE PPROXY_REPEATER PPROXY_REMOVE PPROXY_KILLPID PPROXY_SLEEP)) { +foreach my $var (qw( + PPROXY_DEST + PPROXY_KILLPID + PPROXY_LISTEN + PPROXY_PROXY + PPROXY_REMOVE + PPROXY_REPEATER + PPROXY_REVERSE + PPROXY_SLEEP + PPROXY_SOCKS + PPROXY_VENCRYPT + PPROXY_VENCRYPT_VIEWER_BRIDGE + )) { if (0 || $ENV{SS_DEBUG} || $ENV{SSVNC_VENCRYPT_DEBUG}) { print STDERR "$var: $ENV{$var}\n"; } @@ -779,14 +847,14 @@ return $t; } -sub append_handshake { - my $str = shift; - if ($handshake_file) { - if (open(HSF, ">>$handshake_file")) { - print HSF $str; - close HSF; - } - } +my $listen_handle = ""; +my $sock = ""; +my $parent = $$; + +if ($ENV{PPROXY_VENCRYPT_VIEWER_BRIDGE}) { + my ($from, $to) = split(/,/, $ENV{PPROXY_VENCRYPT_VIEWER_BRIDGE}); + do_vencrypt_viewer_bridge($from, $to); + exit 0; } my ($first, $second, $third) = split(/,/, $ENV{PPROXY_PROXY}, 3); @@ -807,7 +875,7 @@ print STDERR "\n"; -print STDERR "PPROXY v0.2: a tool for Web proxies and SOCKS connections.\n"; +print STDERR "PPROXY v0.3: a tool for Web, SOCKS, and UltraVNC proxies and VeNCrypt bridging.\n"; print STDERR "proxy_host: $proxy_host\n"; print STDERR "proxy_port: $proxy_port\n"; print STDERR "proxy_connect: $connect\n"; @@ -822,7 +890,12 @@ print STDERR "\n"; } -my $listen_handle = ""; +sub pdie { + my $msg = shift; + kill_proxy_pids(); + die "$msg"; +} + if ($ENV{PPROXY_REVERSE} ne "") { my ($rhost, $rport) = split(/:/, $ENV{PPROXY_REVERSE}); $rport = 5900 unless $rport; @@ -832,39 +905,57 @@ Proto => "tcp" ); if (! $listen_handle) { - die "pproxy: $! -- PPROXY_REVERSE\n"; + pdie "pproxy: $! -- PPROXY_REVERSE\n"; } print STDERR "PPROXY_REVERSE: connected to $rhost $rport\n"; } elsif ($ENV{PPROXY_LISTEN} ne "") { my $listen_sock = ""; - if ($ENV{PPROXY_LISTEN} =~ /^INADDR_ANY:(.*)/) { - my $p = $1; - $listen_sock = IO::Socket::INET->new( - Listen => 2, - LocalPort => $p, - Proto => "tcp" - ); - } else { - $listen_sock = IO::Socket::INET->new( - Listen => 2, - LocalAddr => "127.0.0.1", - LocalPort => $ENV{PPROXY_LISTEN}, - Proto => "tcp" - ); + my $maxtry = 12; + my $sleep = 5; + my $p2 = ""; + for (my $i=0; $i < $maxtry; $i++) { + if ($ENV{PPROXY_LISTEN} =~ /^INADDR_ANY:(.*)/) { + my $p = $1; + $p2 = "*:$p"; + $listen_sock = IO::Socket::INET->new( + Listen => 2, + LocalPort => $p, + Proto => "tcp" + ); + } else { + $p2 = "localhost:$ENV{PPROXY_LISTEN}"; + $listen_sock = IO::Socket::INET->new( + Listen => 2, + LocalAddr => "127.0.0.1", + LocalPort => $ENV{PPROXY_LISTEN}, + Proto => "tcp" + ); + } + if (! $listen_sock) { + if ($i < $maxtry - 1) { + warn "pproxy: $!\n"; + warn "Could not listen on port $p2, retrying in $sleep seconds... (Ctrl-C to quit)\n"; + sleep $sleep; + } + } else { + last; + } } if (! $listen_sock) { - die "pproxy: $! -- PPROXY_LISTEN\n"; + pdie "pproxy: $! -- PPROXY_LISTEN\n"; } + print STDERR "pproxy: listening on $p2\n"; my $ip; ($listen_handle, $ip) = $listen_sock->accept(); + my $err = $!; + close $listen_sock; if (! $listen_handle) { - die "pproxy: $!\n"; + pdie "pproxy: $err\n"; } - close $listen_sock; } -my $sock = IO::Socket::INET->new( +$sock = IO::Socket::INET->new( PeerAddr => $proxy_host, PeerPort => $proxy_port, Proto => "tcp" @@ -873,13 +964,13 @@ if (! $sock) { my $err = $!; unlink($0) if $ENV{PPROXY_REMOVE}; - die "pproxy: $err\n"; + pdie "pproxy: $err\n"; } unlink($0) if $ENV{PPROXY_REMOVE}; if ($ENV{PPROXY_PROXY} =~ /^vencrypt:/ && $ENV{PPROXY_LISTEN} =~ /^INADDR_ANY:/) { - print STDERR "PPROXY: vencrypt+reverse: swapping listen socket with connect socket.\n"; + print STDERR "\nPPROXY: vencrypt+reverse: swapping listen socket with connect socket.\n"; my $tmp_swap = $sock; $sock = $listen_handle; $listen_handle = $tmp_swap; @@ -906,58 +997,123 @@ connection($connect, 1); } -$parent = $$; -$child = fork; -if (! defined $child) { +sub kill_proxy_pids() { + if ($ENV{PPROXY_VENCRYPT_VIEWER_BRIDGE}) { + return; + } if ($ENV{PPROXY_KILLPID}) { foreach my $p (split(/,/, $ENV{PPROXY_KILLPID})) { if ($p =~ /^(\+|-)/) { $p = $parent + $p; } + print STDERR "kill TERM, $p (PPROXY_KILLPID)\n"; kill "TERM", $p; } } - exit 1; } -if ($child) { - print STDERR "pproxy parent\[$$] STDIN -> socket\n"; - if ($listen_handle) { - xfer($listen_handle, $sock); - } else { - xfer(STDIN, $sock); +sub xfer { + my($in, $out) = @_; + $RIN = $WIN = $EIN = ""; + $ROUT = ""; + vec($RIN, fileno($in), 1) = 1; + vec($WIN, fileno($in), 1) = 1; + $EIN = $RIN | $WIN; + + while (1) { + my $nf = 0; + while (! $nf) { + $nf = select($ROUT=$RIN, undef, undef, undef); + } + my $len = sysread($in, $buf, 8192); + if (! defined($len)) { + next if $! =~ /^Interrupted/; + print STDERR "pproxy[$$]: $!\n"; + last; + } elsif ($len == 0) { + print STDERR "pproxy[$$]: Input is EOF.\n"; + last; + } + my $offset = 0; + my $quit = 0; + while ($len) { + my $written = syswrite($out, $buf, $len, $offset); + if (! defined $written) { + print STDERR "pproxy[$$]: Output is EOF. $!\n"; + $quit = 1; + last; + } + $len -= $written; + $offset += $written; + } + last if $quit; } - select(undef, undef, undef, 0.25); - if (kill 0, $child) { - select(undef, undef, undef, 1.5); - print STDERR "pproxy\[$$]: kill TERM $child\n"; - kill "TERM", $child; + close($out); + close($in); + print STDERR "pproxy[$$]: finished xfer.\n"; +} + +sub handler { + print STDERR "pproxy[$$]: got SIGTERM.\n"; + close $listen_handle if $listen_handle; + close $sock if $sock; + exit; +} + +sub xfer_both { + $child = fork; + + if (! defined $child) { + kill_proxy_pids(); + exit 1; } -} else { - print STDERR "pproxy child \[$$] socket -> STDOUT\n"; - if ($listen_handle) { - xfer($sock, $listen_handle); + + $SIG{TERM} = "handler"; + + if ($child) { + if ($listen_handle) { + print STDERR "pproxy parent[$$] listen_handle -> socket\n"; + xfer($listen_handle, $sock); + } else { + print STDERR "pproxy parent[$$] STDIN -> socket\n"; + xfer(STDIN, $sock); + } + select(undef, undef, undef, 0.25); + if (kill 0, $child) { + select(undef, undef, undef, 0.9); + if (kill 0, $child) { + print STDERR "pproxy[$$]: kill TERM child $child\n"; + kill "TERM", $child; + } else { + print STDERR "pproxy[$$]: child $child gone.\n"; + } + } } else { - xfer($sock, STDOUT); - } - select(undef, undef, undef, 0.25); - if (kill 0, $parent) { - select(undef, undef, undef, 1.5); - print STDERR "pproxy\[$$]: kill TERM $parent\n"; - kill "TERM", $parent; - } -} -if ($ENV{PPROXY_KILLPID} ne "") { - if ($ENV{PPROXY_KILLPID}) { - foreach my $p (split(/,/, $ENV{PPROXY_KILLPID})) { - if ($p =~ /^(\+|-)/) { - $p = $parent + $p; + select(undef, undef, undef, 0.05); + if ($listen_handle) { + print STDERR "pproxy child [$$] socket -> listen_handle\n\n"; + xfer($sock, $listen_handle); + } else { + print STDERR "pproxy child [$$] socket -> STDOUT\n\n"; + xfer($sock, STDOUT); + } + select(undef, undef, undef, 0.25); + if (kill 0, $parent) { + select(undef, undef, undef, 0.8); + if (kill 0, $parent) { + print STDERR "pproxy[$$]: kill TERM parent $parent\n"; + kill "TERM", $parent; + } else { + print STDERR "pproxy[$$]: parent $parent gone.\n"; } - print STDERR "kill TERM, $p (PPROXY_KILLPID)\n"; - kill "TERM", $p; } } + + kill_proxy_pids(); } + +xfer_both(); + exit; sub url_parse { @@ -1186,13 +1342,14 @@ sub vdie { append_handshake("done\n"); close $sock; + kill_proxy_pids(); exit(1); } sub anontls_handshake { my ($vmode, $db) = @_; - print STDERR "PPROXY: Doing ANONTLS Handshake\n"; + print STDERR "\nPPROXY: Doing ANONTLS Handshake\n"; my $psec = pack("C", $rfbSecTypeAnonTls); syswrite($sock, $psec, 1); @@ -1204,7 +1361,7 @@ my ($vmode, $db) = @_; - print STDERR "PPROXY: Doing VeNCrypt Handshake\n"; + print STDERR "\nPPROXY: Doing VeNCrypt Handshake\n"; my $psec = pack("C", $rfbSecTypeVencrypt); @@ -1397,44 +1554,407 @@ } } -sub xfer { - my($in, $out) = @_; - $RIN = $WIN = $EIN = ""; - $ROUT = ""; - vec($RIN, fileno($in), 1) = 1; - vec($WIN, fileno($in), 1) = 1; - $EIN = $RIN | $WIN; - - while (1) { - my $nf = 0; - while (! $nf) { - $nf = select($ROUT=$RIN, undef, undef, undef); +sub append_handshake { + my $str = shift; + if ($handshake_file) { + if (open(HSF, ">>$handshake_file")) { + print HSF $str; + close HSF; } - my $len = sysread($in, $buf, 8192); - if (! defined($len)) { - next if $! =~ /^Interrupted/; - print STDERR "pproxy\[$$]: $!\n"; - last; - } elsif ($len == 0) { - print STDERR "pproxy\[$$]: Input is EOF.\n"; + } +} + +sub do_vencrypt_viewer_bridge { + my ($listen, $connect) = @_; + print STDERR "\npproxy: starting vencrypt_viewer_bridge[$$]: $listen \-> $connect\n"; + my $db = 0; + my $backwards = 0; + if ($listen < 0) { + $backwards = 1; + $listen = -$listen; + } + if ($handshake_file eq "") { + die "pproxy: vencrypt_viewer_bridge[$$]: no SSVNC_PREDIGESTED_HANDSHAKE\n"; + } + my $listen_sock; + my $maxtry = 12; + my $sleep = 5; + for (my $i=0; $i < $maxtry; $i++) { + $listen_sock = IO::Socket::INET->new( + Listen => 2, + LocalAddr => "127.0.0.1", + LocalPort => $listen, + Proto => "tcp" + ); + if (! $listen_sock) { + if ($i < $maxtry - 1) { + warn "pproxy: vencrypt_viewer_bridge[$$]: $!\n"; + warn "Could not listen on port $listen, retrying in $sleep seconds... (Ctrl-C to quit)\n"; + sleep $sleep; + } + } else { last; } - my $offset = 0; - my $quit = 0; - while ($len) { - my $written = syswrite($out, $buf, $len, $offset); - if (! defined $written) { - print STDERR "pproxy\[$$]: Output is EOF. $!\n"; - $quit = 1; + } + if (! $listen_sock) { + die "pproxy: vencrypt_viewer_bridge[$$]: $!\n"; + } + print STDERR "pproxy: vencrypt_viewer_bridge[$$]: listening on port $listen\n\n"; + my ($viewer_sock, $ip) = $listen_sock->accept(); + my $err = $!; + close $listen_sock; + if (! $viewer_sock) { + die "pproxy: vencrypt_viewer_bridge[$$]: $err\n"; + } + print STDERR "vencrypt_viewer_bridge[$$]: viewer_sock $viewer_sock\n" if $db; + + print STDERR "pproxy: vencrypt_viewer_bridge[$$]: connecting to 127.0.0.1:$connect\n"; + my $server_sock = IO::Socket::INET->new( + PeerAddr => "127.0.0.1", + PeerPort => $connect, + Proto => "tcp" + ); + print STDERR "vencrypt_viewer_bridge[$$]: server_sock $server_sock\n" if $db; + if (! $server_sock) { + my $err = $!; + die "pproxy: vencrypt_viewer_bridge[$$]: $err\n"; + } + + if ($backwards) { + print STDERR "vencrypt_viewer_bridge[$$]: reversing roles of viewer and server.\n"; + my $t = $viewer_sock; + $viewer_sock = $server_sock; + $server_sock = $t; + } + + my %hs = (); + my $dt = 0.2; + my $slept = 0.0; + while ($slept < 20.0) { + select(undef, undef, undef, $dt); + $slept += $dt; + if (-f $handshake_file && open(HSF, "<$handshake_file")) { + my $done = 0; + %hs = (); + my $str = ""; + while () { + print STDERR "vencrypt_viewer_bridge[$$]: $_" if $ENV{VENCRYPT_VIEWER_BRIDGE_DEBUG}; + $str .= "vencrypt_viewer_bridge[$$]: $_"; + chomp; + if ($_ eq "done") { + $done = 1; + } else { + my ($k, $v) = split(/=/, $_, 2); + if ($k ne "" && $v ne "") { + $hs{$k} = $v; + } + } + } + close HSF; + if ($done) { + print STDERR "\n" . $str; last; } - $len -= $written; - $offset += $written; } - last if $quit; } - close($in); - close($out); + if (! exists $hs{server}) { + $hs{server} = "RFB 003.008"; + } + if (! exists $hs{sectype}) { + unlink($handshake_file); + die "pproxy: vencrypt_viewer_bridge[$$]: no sectype.\n"; + } + syswrite($viewer_sock, "$hs{server}\n", length($hs{server}) + 1); + my $viewer_rfb = ""; + for (my $i = 0; $i < 12; $i++) { + my $c; + sysread($viewer_sock, $c, 1); + $viewer_rfb .= $c; + print STDERR $c; + } + my $viewer_major = 3; + my $viewer_minor = 8; + if ($viewer_rfb =~ /RFB (\d+)\.(\d+)/) { + $viewer_major = $1; + $viewer_minor = $2; + } + my $u0 = pack("C", 0); + my $u1 = pack("C", 1); + my $u2 = pack("C", 2); + if ($hs{sectype} == $rfbSecTypeAnonTls) { + unlink($handshake_file); + print STDERR "\npproxy: vencrypt_viewer_bridge[$$]: rfbSecTypeAnonTls\n"; + if ($viewer_major > 3 || $viewer_minor >= 7) { + ; # setup ok, proceed to xfer. + } else { + print STDERR "pproxy: vencrypt_viewer_bridge[$$]: faking RFB version 3.3 to viewer.\n"; + my $n; + sysread($server_sock, $n, 1); + $n = unpack("C", $n); + if ($n == 0) { + die "pproxy: vencrypt_viewer_bridge[$$]: nsectypes == $n.\n"; + } + my %types; + for (my $i = 0; $i < $n; $i++) { + my $t; + sysread($server_sock, $t, 1); + $t = unpack("C", $t); + $types{$t} = 1; + } + my $use = 1; # None + if (exists $types{1}) { + $use = 1; # None + } elsif (exists $types{2}) { + $use = 2; # VncAuth + } else { + die "pproxy: vencrypt_viewer_bridge[$$]: no valid sectypes" . join(",", keys %types) . "\n"; + } + + # send 4 bytes sectype to viewer: + # (note this should be MSB, network byte order...) + my $up = pack("C", $use); + syswrite($viewer_sock, $u0, 1); + syswrite($viewer_sock, $u0, 1); + syswrite($viewer_sock, $u0, 1); + syswrite($viewer_sock, $up, 1); + # and tell server the one we selected: + syswrite($server_sock, $up, 1); + if ($use == 1) { + # even None has security result, so read it here and discard it. + my $sr = ""; + sysread($server_sock, $sr, 4); + } + } + } elsif ($hs{sectype} == $rfbSecTypeVencrypt) { + print STDERR "\npproxy: vencrypt_viewer_bridge[$$]: rfbSecTypeVencrypt\n"; + if (! exists $hs{subtype}) { + unlink($handshake_file); + die "pproxy: vencrypt_viewer_bridge[$$]: no subtype.\n"; + } + my $fake_type = "None"; + my $plain = 0; + my $sub_type = $hs{subtype}; + if ($sub_type == $rfbVencryptTlsNone) { + $fake_type = "None"; + } elsif ($sub_type == $rfbVencryptTlsVnc) { + $fake_type = "VncAuth"; + } elsif ($sub_type == $rfbVencryptTlsPlain) { + $fake_type = "None"; + $plain = 1; + } elsif ($sub_type == $rfbVencryptX509None) { + $fake_type = "None"; + } elsif ($sub_type == $rfbVencryptX509Vnc) { + $fake_type = "VncAuth"; + } elsif ($sub_type == $rfbVencryptX509Plain) { + $fake_type = "None"; + $plain = 1; + } + if ($plain) { + if (!open(W, ">$handshake_file")) { + unlink($handshake_file); + die "pproxy: vencrypt_viewer_bridge[$$]: $handshake_file $!\n"; + } + print W <<"END"; + + proc print_out {} { + global user pass env + + if [info exists env(SSVNC_UP_DEBUG)] { + toplevel .b + button .b.b -text "user=\$user pass=\$pass" -command {destroy .b} + pack .b.b + update + tkwait window .b + } + + if [info exists env(SSVNC_UP_FILE)] { + set fh "" + catch {set fh [open \$env(SSVNC_UP_FILE) w]} + if {\$fh != ""} { + puts \$fh user=\$user\\npass=\$pass + flush \$fh + close \$fh + return + } + } + puts stdout user=\$user\\npass=\$pass + flush stdout + } + + proc center_win {w} { + update + set W [winfo screenwidth \$w] + set W [expr \$W + 1] + wm geometry \$w +\$W+0 + update + set x [expr [winfo screenwidth \$w]/2 - [winfo width \$w]/2] + set y [expr [winfo screenheight \$w]/2 - [winfo height \$w]/2] + + wm geometry \$w +\$x+\$y + wm deiconify \$w + update + } + + wm withdraw . + + global env + set up {} + if [info exists env(SSVNC_UNIXPW)] { + set rm 0 + set up \$env(SSVNC_UNIXPW) + if [regexp {^rm:} \$up] { + set rm 1 + regsub {^rm:} \$up {} up + } + if [file exists \$up] { + set fh "" + set f \$up + catch {set fh [open \$up r]} + if {\$fh != ""} { + gets \$fh u + gets \$fh p + close \$fh + set up "\$u@\$p" + } + if {\$rm} { + catch {file delete \$f} + } + } + } elseif [info exists env(SSVNC_VENCRYPT_USERPASS)] { + set up \$env(SSVNC_VENCRYPT_USERPASS) + } + #puts stderr up=\$up + if {\$up != ""} { + if [regexp {@} \$up] { + global user pass + set user \$up + set pass \$up + regsub {@.*\$} \$user "" user + regsub {^[^@]*@} \$pass "" pass + print_out + exit + } + } + + wm title . {VeNCrypt Viewer Bridge User/Pass} + + set user {} + set pass {} + + label .l -text {SSVNC VeNCrypt Viewer Bridge} + + frame .f0 + frame .f0.fL + label .f0.fL.la -text {Username: } + label .f0.fL.lb -text {Password: } + + pack .f0.fL.la .f0.fL.lb -side top + + frame .f0.fR + entry .f0.fR.ea -width 24 -textvariable user + entry .f0.fR.eb -width 24 -textvariable pass -show * + + pack .f0.fR.ea .f0.fR.eb -side top -fill x + + pack .f0.fL -side left + pack .f0.fR -side right -expand 1 -fill x + + button .no -text Cancel -command {destroy .} + button .ok -text Done -command {print_out; destroy .} + + center_win . + pack .l .f0 .no .ok -side top -fill x + update + wm deiconify . + + bind .f0.fR.ea {focus .f0.fR.eb} + bind .f0.fR.eb {print_out; destroy .} + focus .f0.fR.ea + + wm resizable . 1 0 + wm minsize . [winfo reqwidth .] [winfo reqheight .] +END + close W; + + #system("cat $handshake_file"); + my $w = "wish"; + if ($ENV{WISH}) { + $w = $ENV{WISH}; + } + print STDERR "pproxy: vencrypt_viewer_bridge[$$]: prompt VencryptPlain user and passwd.\n"; + my $res = ""; + if (`uname` =~ /Darwin/) { + my $mtmp = `mktemp /tmp/hsup.XXXXXX`; + chomp $mtmp; + system("env SSVNC_UP_FILE=$mtmp $w $handshake_file"); + $res = `cat $mtmp`; + unlink $mtmp; + } else { + $res = `$w $handshake_file`; + } + my $user = ""; + my $pass = ""; + if ($res =~ /user=(\S*)/) { + $user = $1; + } + if ($res =~ /pass=(\S*)/) { + $pass = $1; + } + print STDERR "pproxy: vencrypt_viewer_bridge[$$]: sending VencryptPlain user and passwd.\n"; + my $ulen = pack("C", length($user)); + my $plen = pack("C", length($pass)); + # (note this should be MSB, network byte order...) + syswrite($server_sock, $u0, 1); + syswrite($server_sock, $u0, 1); + syswrite($server_sock, $u0, 1); + syswrite($server_sock, $ulen, 1); + syswrite($server_sock, $u0, 1); + syswrite($server_sock, $u0, 1); + syswrite($server_sock, $u0, 1); + syswrite($server_sock, $plen, 1); + syswrite($server_sock, $user, length($user)); + syswrite($server_sock, $pass, length($pass)); + } + unlink($handshake_file); + + my $ft = 0; + if ($fake_type eq "None") { + $ft = 1; + } elsif ($fake_type eq "VncAuth") { + $ft = 2; + } else { + die "pproxy: vencrypt_viewer_bridge[$$]: unknown fake type: $fake_type\n"; + } + my $fp = pack("C", $ft); + if ($viewer_major > 3 || $viewer_minor >= 7) { + syswrite($viewer_sock, $u1, 1); + syswrite($viewer_sock, $fp, 1); + my $cr; + sysread($viewer_sock, $cr, 1); + $cr = unpack("C", $cr); + if ($cr != $ft) { + die "pproxy: vencrypt_viewer_bridge[$$]: client selected wrong type: $cr / $ft\n"; + } + } else { + print STDERR "pproxy: vencrypt_viewer_bridge[$$]: faking RFB version 3.3 to viewer.\n"; + # send 4 bytes sect type to viewer: + # (note this should be MSB, network byte order...) + syswrite($viewer_sock, $u0, 1); + syswrite($viewer_sock, $u0, 1); + syswrite($viewer_sock, $u0, 1); + syswrite($viewer_sock, $fp, 1); + if ($ft == 1) { + # even None has security result, so read it here and discard it. + my $sr = ""; + sysread($server_sock, $sr, 4); + } + } + } + + $listen_handle = $viewer_sock; + $sock = $server_sock; + + xfer_both(); } ' # ' @@ -1520,11 +2040,33 @@ } Kecho() { - if [ "X$USER" = "Xrunge" ]; then + NO_KECHO=1 + if [ "X$USER" = "Xrunge" -a "X$NO_KECHO" = "X" ]; then echo "dbg: $*" fi } +NHAFL_warning() { + echo "" + echo "** Warning: For the proxy: $proxy" + echo "** Warning: the ssh(1) option: $ssh_NHAFL" + echo "** Warning: will be used to avoid frequent 'ssh key has changed for localhost'" + echo "** Warning: dialogs and connection failures (for example, ssh will exit asking" + echo "** Warning: you to manually remove a key from ~/.ssh/known_hosts.)" + echo "** Warning: " + echo "** Warning: This decreases security: a Man-In-The-Middle attack is possible." + echo "** Warning: You can set the SSVNC_SSH_LOCALHOST_AUTH=1 env. var. to disable" + echo "** Warning: using the NoHostAuthenticationForLocalhost ssh option." + echo "** Warning: " + echo "** Warning: A better solution is to configure (in the SSVNC GUI) the setting:" + echo "** Warning: 'Options -> Advanced -> Private SSH KnownHosts file' (or set" + echo "** Warning: SSVNC_KNOWN_HOSTS_FILE directly) to a per-connection known hosts" + echo "** Warning: file. This yields a both secure and convenient solution." + echo "" +} + +# handle ssh case: +# if [ "X$use_ssh" = "X1" ]; then # # USING SSH @@ -1532,9 +2074,47 @@ ssh_port="22" ssh_host="$host" vnc_host="$localhost" + ssh_UKHF="" + localhost_extra="" # let user override ssh via $SSH ssh=${SSH:-"ssh -x"} + sshword=`echo "$ssh" | awk '{print $1}'` + if [ "X$sshword" != "X" ]; then + if [ -x "$sshword" ]; then + : + elif type "$sshword" > /dev/null 2>&1; then + : + else + echo "" + echo "*********************************************************" + echo "** Problem finding the SSH command '$sshword': **" + echo "" + type "$sshword" + echo "" + echo "** Perhaps you need to install the SSH client package. **" + echo "*********************************************************" + echo "" + sleep 5 + fi + fi + + ssh_NHAFL="-o NoHostAuthenticationForLocalhost=yes" + if [ "X$SSVNC_SSH_LOCALHOST_AUTH" = "X1" ]; then + ssh_NHAFL="" + fi + if [ "X$SSVNC_KNOWN_HOSTS_FILE" != "X" ]; then + ssh_NHAFL="" + + ssh_UKHF="-o UserKnownHostsFile=$SSVNC_KNOWN_HOSTS_FILE" + ssh_args="$ssh_args $ssh_UKHF" + if [ ! -f "$SSVNC_KNOWN_HOSTS_FILE" ]; then + touch "$SSVNC_KNOWN_HOSTS_FILE" >/dev/null 2>&1 + fi + chmod 600 "$SSVNC_KNOWN_HOSTS_FILE" >/dev/null 2>&1 + fi + did_ssh_NHAFL="" + if [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" ]; then SSVNC_LIM_ACCEPT_PRELOAD="$SSVNC_BASEDIR/$SSVNC_UNAME/$SSVNC_LIM_ACCEPT_PRELOAD" fi @@ -1553,6 +2133,29 @@ SSVNC_LIM_ACCEPT_PRELOAD="" fi + ssh_vencrypt_proxy="" + # We handle vencrypt for SSH+SSL mode. + if echo "$proxy" | grep 'vencrypt://' > /dev/null; then + proxynew="" + for part in `echo "$proxy" | tr ',' ' '` + do + if echo "$part" | egrep -i '^vencrypt://' > /dev/null; then + ssh_vencrypt_proxy=$part + else + if [ "X$proxynew" = "X" ]; then + proxynew="$part" + else + proxynew="$proxynew,$part" + fi + fi + done + proxy=$proxynew + fi + Kecho ssh_vencrypt_proxy=$ssh_vencrypt_proxy + + # note that user must supply http:// for web proxy in SSH and SSH+SSL. + # No xxxx:// implies ssh server+port. + # if echo "$proxy" | egrep '(http|https|socks|socks4|socks5)://' > /dev/null; then # Handle Web or SOCKS proxy(ies) for the initial connect. Kecho host=$host @@ -1638,11 +2241,16 @@ port=$port_save host=$host_save - nd=`findfree 6700` + nd=`findfree 6600` PPROXY_LISTEN=$nd; export PPROXY_LISTEN $ptmp & - sleep 2 - ssh_args="$ssh_args -o NoHostAuthenticationForLocalhost=yes" + sleep 1 + if [ "X$ssh_NHAFL" != "X" -a "X$did_ssh_NHAFL" != "X1" ]; then + NHAFL_warning + ssh_args="$ssh_args $ssh_NHAFL" + did_ssh_NHAFL=1 + fi + sleep 1 if [ "X$sproxy1" = "X" ]; then u="" if echo "$host" | grep '@' > /dev/null; then @@ -1653,6 +2261,7 @@ else proxy="${sproxy1_user}$localhost:$nd" fi + localhost_extra=".2" if [ "X$sproxy_rest" != "X" ]; then proxy="$proxy,$sproxy_rest" fi @@ -1684,12 +2293,21 @@ ssh_port2="22" fi proxport=`findfree 3500` + if [ "X$ssh_NHAFL" != "X" -a "X$did_ssh_NHAFL" != "X1" ]; then + NHAFL_warning + did_ssh_NHAFL=1 + sleep 1 + fi echo echo "Running 1st ssh proxy:" - echo "$ssh -f -x $ssh_port1 $targ -e none -o NoHostAuthenticationForLocalhost=yes -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 \"sleep 30\"" + ukhf="" + if [ "X$ssh_UKHF" != "X" ]; then + ukhf="$ssh_UKHF$localhost_extra" + fi + echo "$ssh -f -x $ssh_port1 $targ -e none $ssh_NHAFL $ukhf -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 \"sleep 30\"" echo "" - $ssh -f -x $ssh_port1 $targ -e none -o NoHostAuthenticationForLocalhost=yes -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 "sleep 30" - ssh_args="$ssh_args -o NoHostAuthenticationForLocalhost=yes" + $ssh -f -x $ssh_port1 $targ -e none $ssh_NHAFL $ukhf -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 "sleep 30" + ssh_args="$ssh_args $ssh_NHAFL" sleep 1 stty sane proxy="${ssh_user2}$localhost:$proxport" @@ -1764,6 +2382,8 @@ elif [ "X$getport" != "X" ]; then tport=/tmp/ss_vncviewer_tport${RANDOM}.$$ tport=`mytmp "$tport"` + tport2=/tmp/ss_vncviewer_tport2${RANDOM}.$$ + tport2=`mytmp "$tport2"` if [ "X$rsh" != "X1" ]; then if echo "$ssh_cmd" | grep "sudo " > /dev/null; then @@ -1777,10 +2397,12 @@ fi echo "$ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host \"$info\"" echo "" - $ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd" > $tport + $ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd" > $tport 2> $tport2 if [ "X$teeport" = "X1" ]; then - tail -f $tport 1>&2 & + tail -f $tport 1>&2 & tail_pid=$! + tail -f $tport2 1>&2 & + tail_pid2=$! fi rc=$? else @@ -1809,11 +2431,11 @@ while [ $i -lt $imax ]; do #echo $sleepit eval $sleepit - PORT=`grep "^PORT=" $tport | head -n 1 | sed -e 's/PORT=//' -e 's/\r//g'` + PORT=`grep "^PORT=" $tport | tr '\r' ' ' | head -n 1 | sed -e 's/PORT=//' -e 's/\r//g' -e 's/ *$//'` if echo "$PORT" | grep '^[0-9][0-9]*$' > /dev/null; then break fi - vnss=`sed -e 's/\r//g' $tport | egrep -i '^(New.* desktop is|A VNC server is already running).*:[0-9[0-9]*$' | head -n 1 | awk '{print $NF}'` + vnss=`sed -e 's/\r//g' $tport $tport2 | egrep -i '^(New.* desktop is|A VNC server is already running).*:[0-9[0-9]*$' | head -n 1 | awk '{print $NF}'` if [ "X$vnss" != "X" ]; then PORT=`echo "$vnss" | awk -F: '{print $2}'` if echo "$PORT" | grep '^[0-9][0-9]*$' > /dev/null; then @@ -1822,14 +2444,16 @@ fi fi if echo "$PORT" | grep '^[0-9][0-9]*$' > /dev/null; then + vnss=`sed -e 's/\r//g' $tport | egrep -i '^(New.* desktop is|A VNC server is already running).*:[0-9[0-9]*$' | head -n 1` + echo "vncserver string: $vnss" 1>&2 break fi fi i=`expr $i + 1` done - echo "PORT=$PORT" 1>&2 - rm -f $tport + echo "found: PORT='$PORT'" 1>&2 + rm -f $tport $tport2 if [ "X$rsh" = "X1" ]; then rsh_viewer "$@" exit $? @@ -1955,6 +2579,33 @@ else proxy="" fi + if [ "X$ssh_vencrypt_proxy" != "X" ]; then + ssh_vencrypt_proxy="vencrypt://$host:$port" + if [ "X$proxy" = "X" ]; then + proxy=$ssh_vencrypt_proxy + else + proxy="$proxy,$ssh_vencrypt_proxy" + fi + Kecho "proxy_now=$proxy" + unset PPROXY_LISTEN + fi + fi +fi + +if [ "X$stunnel_set_here" = "X1" -a "X$showcert" = "X" ]; then + if type $STUNNEL > /dev/null 2>&1; then + : + else + echo "" + echo "***************************************************************" + echo "** Problem finding the Stunnel command '$STUNNEL': **" + echo "" + type $STUNNEL + echo "" + echo "** Perhaps you need to install the stunnel/stunnel4 package. **" + echo "***************************************************************" + echo "" + sleep 5 fi fi @@ -1968,6 +2619,9 @@ verify="$verify verify = 2" fi +if [ "X$SSVNC_STUNNEL_VERIFY3" != "X" ]; then + verify=`echo "$verify" | sed -e 's/verify = 2/verify = 3/'` +fi if [ "X$mycert" != "X" ]; then cert="cert = $mycert" fi @@ -1997,7 +2651,6 @@ PPROXY_LISTEN=$nd export PPROXY_LISTEN if [ "X$reverse" = "X" ]; then - #$ptmp 2>/dev/null & $ptmp & fi sleep 2 @@ -2016,6 +2669,8 @@ connect="connect = $host:$port" fi +# handle showcert case: +# if [ "X$showcert" = "X1" ]; then if [ "X$proxy" != "X" ]; then PPROXY_LISTEN=$use @@ -2026,6 +2681,23 @@ $ptmp 2>/dev/null & fi sleep 1 + more_sleep=1 + if uname | grep Linux > /dev/null; then + if netstat -ant | grep LISTEN | grep "127.0.0.1:$use" > /dev/null; then + more_sleep="" + fi + elif uname | grep SunOS > /dev/null; then + if netstat -an -f inet -P tcp | grep LISTEN | grep "127.0.0.1.$use" > /dev/null; then + more_sleep="" + fi + elif uname | egrep -i 'bsd|darwin' > /dev/null; then + if netstat -ant -f inet | grep LISTEN | grep "127.0.0.1.$use" > /dev/null; then + more_sleep="" + fi + fi + if [ "X$more_sleep" = "X1" ]; then + sleep 1 + fi host="$localhost" port="$use" fi @@ -2033,8 +2705,30 @@ if [ "X$ciphers" != "X" ]; then cipher_args=`echo "$ciphers" | sed -e 's/ciphers=/-cipher /'` fi + if type openssl > /dev/null 2>&1; then + : + else + echo "" + echo "********************************************************" + echo "** Problem finding the OpenSSL command 'openssl': **" + echo "" + type openssl 2>&1 + echo "" + echo "** Perhaps you need to install the 'openssl' package. **" + echo "********************************************************" + echo "" + fi #echo "openssl s_client $cipher_args -connect $host:$port" if [ "X$reverse" = "X" ]; then + host $host >/dev/null 2>&1 + host $host >/dev/null 2>&1 + timeout=15 + if [ "X$SSVNC_FETCH_TIMEOUT" != "X" ]; then + timeout=$SSVNC_FETCH_TIMEOUT + fi + if type pkill >/dev/null 2>&1; then + (sleep $timeout; if kill -0 $$; then pkill -TERM -f "openssl.*s_client.*$host.*$port"; fi) >/dev/null 2>&1 & + fi openssl s_client $cipher_args -prexit -connect $host:$port 2>&1 < /dev/null rc=$? else @@ -2052,6 +2746,9 @@ #echo "openssl s_server $cipher_args $cert_args -accept $port -verify 2 > $tmp_out 2> $tmp_err" 1>&2 + # assume we have perl: + check_perl perl + perl -e " \$p = open(O, \"|openssl s_server $cipher_args $cert_args -accept $port -verify 2 1>$tmp_out 2> $tmp_err\"); exit 1 unless \$p; @@ -2094,9 +2791,15 @@ if [ "X$SSVNC_PREDIGESTED_HANDSHAKE" != "X" ]; then rm -f $SSVNC_PREDIGESTED_HANDSHAKE fi - exit $rc + if [ "X$SSVNC_SHOWCERT_EXIT_0" = "X1" ]; then + exit 0 + else + exit $rc + fi fi +# handle direct connect case: +# if [ "X$direct_connect" != "X" ]; then if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then SSVNC_NO_ENC_WARN=1 @@ -2113,7 +2816,7 @@ : else echo "" - echo "** NOTE: THERE WILL BE NO SSL OR SSH ENCRYPTION **" + echo "** WARNING: THERE WILL BE NO SSL OR SSH ENCRYPTION **" echo "" fi fi @@ -2334,6 +3037,14 @@ echo "" cat "$tmp_cfg" | uniq echo "" +if egrep -i '^[ ]*(CApath|CAfile) =' "$tmp_cfg" > /dev/null ; then + : +else + echo "** WARNING: THE STUNNEL CONFIG HAS NO SERVER CERTIFICATE SPECIFIED **" + echo "** WARNING: (the CApath or CAfile stunnel option) THE VNC SERVER WILL **" + echo "** WARNING: NOT BE AUTHENTICATED. A MAN-IN-THE-MIDDLE ATTACK IS POSSIBLE **" + echo "" +fi sleep 1 if [ "X$stunnel_exec" = "X" ]; then @@ -2376,8 +3087,16 @@ echo "sleep $SSVNC_EXTRA_SLEEP" sleep $SSVNC_EXTRA_SLEEP fi -echo "Running viewer:" + if [ "X$reverse" = "X" ]; then + if [ "X$NEED_VENCRYPT_VIEWER_BRIDGE" = "X1" -a "X$ptmp" != "X" ] ; then + port1=`expr 5900 + $N` # stunnel port + port2=`findfree 5970` # bridge port (viewer connects to it.) + N=`expr $port2 - 5900` + env PPROXY_REMOVE=0 PPROXY_SLEEP=0 PPROXY_VENCRYPT_VIEWER_BRIDGE="$port2,$port1" $ptmp & + sleep 1 + fi + echo "Running viewer:" vnc_hp=$localhost:$N if [ "X$stunnel_exec" != "X" ]; then vnc_hp="exec=$STUNNEL $tmp_cfg" @@ -2394,19 +3113,16 @@ fi fi else + echo "Running viewer:" echo "" echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode." echo "" + trap "final" 0 2 15 N2=$N - if [ "X$VNCVIEWER_IS_REALVNC4" = "X1" ]; then - N2=`echo "$N2" | sed -e 's/://g'` - if [ $N2 -le 200 ]; then - N2=`expr $N2 + 5500` - fi + N2_trim=`echo "$N2" | sed -e 's/://g'` + if [ $N2_trim -le 200 ]; then + N2_trim=`expr $N2_trim + 5500` fi - echo "$VNCVIEWERCMD" "$@" -listen $N2 - trap "final" 0 2 15 - echo "" if [ "X$proxy" != "X" ]; then if echo "$proxy" | grep -i '^vencrypt:' > /dev/null; then pstunnel=`echo "$proxy" | awk -F: '{print $2}'` @@ -2416,13 +3132,30 @@ PPROXY_DEST="$localhost:$pstunnel"; export PPROXY_DEST STUNNEL_ONCE=1; export STUNNEL_ONCE STUNNEL_MAX_CLIENTS=1; export STUNNEL_MAX_CLIENTS + if [ "X$NEED_VENCRYPT_VIEWER_BRIDGE" = "X1" -a "X$ptmp" != "X" ] ; then + port1=`expr 5500 + $N2` + port2=`findfree 5580` + N2=`expr $port2 - 5500` + N2_trim=`echo "$N2" | sed -e 's/://g'` + if [ $N2_trim -le 200 ]; then + N2_trim=`expr $N2_trim + 5500` + fi + env PPROXY_REMOVE=0 PPROXY_SLEEP=0 PPROXY_VENCRYPT_VIEWER_BRIDGE="-$port1,$port2" $ptmp & + sleep 1 + fi else PPROXY_REVERSE="$localhost:$port"; export PPROXY_REVERSE PPROXY_SLEEP=1; export PPROXY_SLEEP; fi PPROXY_KILLPID=+1; export PPROXY_KILLPID; $ptmp & + # Important to have no extra pids generated between here and VNCVIEWERCMD + fi + if [ "X$VNCVIEWER_IS_REALVNC4" = "X1" ]; then + N2=$N2_trim fi + echo "$VNCVIEWERCMD" "$@" -listen $N2 + echo "" $VNCVIEWERCMD "$@" -listen $N2 fi diff -Nru x11vnc-0.9.8/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch x11vnc-0.9.9/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch --- x11vnc-0.9.8/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch 2009-06-19 15:34:25.000000000 +0100 +++ x11vnc-0.9.9/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch 2009-12-05 01:11:35.000000000 +0000 @@ -73,8 +73,8 @@ serverMajor = (b[4] - '0') * 100 + (b[5] - '0') * 10 + (b[6] - '0'); diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSLSocketToMe.java --- vnc_javasrc.orig/SSLSocketToMe.java 1969-12-31 19:00:00.000000000 -0500 -+++ vnc_javasrc/SSLSocketToMe.java 2009-06-19 10:23:50.000000000 -0400 -@@ -0,0 +1,1726 @@ ++++ vnc_javasrc/SSLSocketToMe.java 2009-08-13 09:16:42.000000000 -0400 +@@ -0,0 +1,1727 @@ +/* + * SSLSocketToMe.java: add SSL encryption to Java VNC Viewer. + * @@ -83,7 +83,8 @@ + * + * This is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; version 2 of the License. ++ * the Free Software Foundation; version 2 of the License, or ++ * (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of Binary files /tmp/tYodrGW71U/x11vnc-0.9.8/classes/ssl/UltraViewerSSL.jar and /tmp/E6UdLSsuDS/x11vnc-0.9.9/classes/ssl/UltraViewerSSL.jar differ Binary files /tmp/tYodrGW71U/x11vnc-0.9.8/classes/ssl/VncViewer.jar and /tmp/E6UdLSsuDS/x11vnc-0.9.9/classes/ssl/VncViewer.jar differ Binary files /tmp/tYodrGW71U/x11vnc-0.9.8/classes/VncViewer.jar and /tmp/E6UdLSsuDS/x11vnc-0.9.9/classes/VncViewer.jar differ diff -Nru x11vnc-0.9.8/compile x11vnc-0.9.9/compile --- x11vnc-0.9.8/compile 2009-06-19 15:42:44.000000000 +0100 +++ x11vnc-0.9.9/compile 2010-01-04 05:24:11.000000000 +0000 @@ -1,7 +1,7 @@ #! /bin/sh # Wrapper for compilers which do not understand `-c -o'. -scriptversion=2005-02-03.08 +scriptversion=2005-05-14.22 # Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc. # Written by Tom Tromey . @@ -18,7 +18,7 @@ # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a diff -Nru x11vnc-0.9.8/configure x11vnc-0.9.9/configure --- x11vnc-0.9.8/configure 2009-06-19 15:44:21.000000000 +0100 +++ x11vnc-0.9.9/configure 2009-12-21 05:03:01.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.59 for x11vnc 0.9.8. +# Generated by GNU Autoconf 2.59 for x11vnc 0.9.9. # # Report bugs to . # @@ -269,8 +269,8 @@ # Identity of this package. PACKAGE_NAME='x11vnc' PACKAGE_TARNAME='x11vnc' -PACKAGE_VERSION='0.9.8' -PACKAGE_STRING='x11vnc 0.9.8' +PACKAGE_VERSION='0.9.9' +PACKAGE_STRING='x11vnc 0.9.9' PACKAGE_BUGREPORT='http://sourceforge.net/projects/libvncserver' # Factoring default headers for most tests. @@ -310,7 +310,7 @@ # include #endif" -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE RANLIB ac_ct_RANLIB AR with_ffmpeg WITH_FFMPEG_TRUE WITH_FFMPEG_FALSE HAVE_MP3LAME_TRUE HAVE_MP3LAME_FALSE CPP EGREP X_CFLAGS X_PRE_LIBS X_LIBS X_EXTRA_LIBS HAVE_X_TRUE HAVE_X_FALSE CRYPT_LIBS SSL_LIBS AVAHI_CFLAGS AVAHI_LIBS SYSTEM_LIBVNCSERVER_CFLAGS SYSTEM_LIBVNCSERVER_LIBS HAVE_SYSTEM_LIBVNCSERVER_TRUE HAVE_SYSTEM_LIBVNCSERVER_FALSE HAVE_LIBPTHREAD_TRUE HAVE_LIBPTHREAD_FALSE WITH_TIGHTVNC_FILETRANSFER_TRUE WITH_TIGHTVNC_FILETRANSFER_FALSE HAVE_LIBZ_TRUE HAVE_LIBZ_FALSE HAVE_LIBJPEG_TRUE HAVE_LIBJPEG_FALSE HAVE_LIBSDL_TRUE HAVE_LIBSDL_FALSE SDL_CFLAGS SDL_LIBS MINGW_TRUE MINGW_FALSE WSOCKLIB LIBOBJS CYGIPC_TRUE CYGIPC_FALSE LINUX_TRUE LINUX_FALSE OSX_TRUE OSX_FALSE HAVE_RPM_TRUE HAVE_RPM_FALSE WITH_X11VNC_TRUE WITH_X11VNC_FALSE RPMSOURCEDIR LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE RANLIB ac_ct_RANLIB AR with_ffmpeg WITH_FFMPEG_TRUE WITH_FFMPEG_FALSE HAVE_MP3LAME_TRUE HAVE_MP3LAME_FALSE CPP EGREP X_CFLAGS X_PRE_LIBS X_LIBS X_EXTRA_LIBS HAVE_X_TRUE HAVE_X_FALSE CRYPT_LIBS SSL_LIBS AVAHI_CFLAGS AVAHI_LIBS SYSTEM_LIBVNCSERVER_CFLAGS SYSTEM_LIBVNCSERVER_LIBS HAVE_SYSTEM_LIBVNCSERVER_TRUE HAVE_SYSTEM_LIBVNCSERVER_FALSE HAVE_LIBPTHREAD_TRUE HAVE_LIBPTHREAD_FALSE WITH_TIGHTVNC_FILETRANSFER_TRUE WITH_TIGHTVNC_FILETRANSFER_FALSE HAVE_LIBZ_TRUE HAVE_LIBZ_FALSE HAVE_LIBJPEG_TRUE HAVE_LIBJPEG_FALSE HAVE_LIBSDL_TRUE HAVE_LIBSDL_FALSE SDL_CFLAGS SDL_LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os MINGW_TRUE MINGW_FALSE WSOCKLIB LIBOBJS CYGIPC_TRUE CYGIPC_FALSE LINUX_TRUE LINUX_FALSE OSX_TRUE OSX_FALSE HAVE_RPM_TRUE HAVE_RPM_FALSE WITH_X11VNC_TRUE WITH_X11VNC_FALSE RPMSOURCEDIR LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -779,7 +779,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures x11vnc 0.9.8 to adapt to many kinds of systems. +\`configure' configures x11vnc 0.9.9 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -840,12 +840,16 @@ X features: --x-includes=DIR X include files are in DIR --x-libraries=DIR X library files are in DIR + +System types: + --build=BUILD configure for building on BUILD [guessed] + --host=HOST cross-compile to build programs to run on HOST [BUILD] _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of x11vnc 0.9.8:";; + short | recursive ) echo "Configuration of x11vnc 0.9.9:";; esac cat <<\_ACEOF @@ -891,6 +895,9 @@ --without-zlib disable support for deflate --with-zlib=DIR use zlib include/library files in DIR --without-pthread disable support for libpthread + --with-sdl-config=FILE + Use the given path to sdl-config when determining + SDL configuration; defaults to "sdl-config" Some influential environment variables: CC C compiler command @@ -1000,7 +1007,7 @@ test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -x11vnc configure 0.9.8 +x11vnc configure 0.9.9 generated by GNU Autoconf 2.59 Copyright (C) 2003 Free Software Foundation, Inc. @@ -1014,7 +1021,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by x11vnc $as_me 0.9.8, which was +It was created by x11vnc $as_me 0.9.9, which was generated by GNU Autoconf 2.59. Invocation command line was $ $0 $@ @@ -1657,7 +1664,7 @@ # Define the identity of the package. PACKAGE=x11vnc - VERSION=0.9.8 + VERSION=0.9.9 cat >>confdefs.h <<_ACEOF @@ -8980,11 +8987,24 @@ fi + +SDLCONFIG="sdl-config" + +# Check whether --with-sdl-config or --without-sdl-config was given. +if test "${with_sdl_config+set}" = set; then + withval="$with_sdl_config" + + if test "$withval" != "yes" -a "$withval" != ""; then + SDLCONFIG=$withval + fi + +fi; + if test -z "$with_sdl"; then - if sdl-config --version >/dev/null 2>&1; then + if $SDLCONFIG --version >/dev/null 2>&1; then with_sdl=yes - SDL_CFLAGS=`sdl-config --cflags` - SDL_LIBS=`sdl-config --libs` + SDL_CFLAGS=`$SDLCONFIG --cflags` + SDL_LIBS=`$SDLCONFIG --libs` else with_sdl=no fi @@ -9002,7 +9022,62 @@ -MINGW=`uname -s | grep MINGW 2>/dev/null` + +# Make sure we can run config.sub. +$ac_config_sub sun4 >/dev/null 2>&1 || + { { echo "$as_me:$LINENO: error: cannot run $ac_config_sub" >&5 +echo "$as_me: error: cannot run $ac_config_sub" >&2;} + { (exit 1); exit 1; }; } + +echo "$as_me:$LINENO: checking build system type" >&5 +echo $ECHO_N "checking build system type... $ECHO_C" >&6 +if test "${ac_cv_build+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_build_alias=$build_alias +test -z "$ac_cv_build_alias" && + ac_cv_build_alias=`$ac_config_guess` +test -z "$ac_cv_build_alias" && + { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5 +echo "$as_me: error: cannot guess build type; you must specify one" >&2;} + { (exit 1); exit 1; }; } +ac_cv_build=`$ac_config_sub $ac_cv_build_alias` || + { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_build_alias failed" >&5 +echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed" >&2;} + { (exit 1); exit 1; }; } + +fi +echo "$as_me:$LINENO: result: $ac_cv_build" >&5 +echo "${ECHO_T}$ac_cv_build" >&6 +build=$ac_cv_build +build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` + + +echo "$as_me:$LINENO: checking host system type" >&5 +echo $ECHO_N "checking host system type... $ECHO_C" >&6 +if test "${ac_cv_host+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_host_alias=$host_alias +test -z "$ac_cv_host_alias" && + ac_cv_host_alias=$ac_cv_build_alias +ac_cv_host=`$ac_config_sub $ac_cv_host_alias` || + { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_host_alias failed" >&5 +echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;} + { (exit 1); exit 1; }; } + +fi +echo "$as_me:$LINENO: result: $ac_cv_host" >&5 +echo "${ECHO_T}$ac_cv_host" >&6 +host=$ac_cv_host +host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` + + +MINGW=`echo $host_os | grep mingw32 2>/dev/null` if test ! -z "$MINGW" ; then @@ -13910,7 +13985,7 @@ } >&5 cat >&5 <<_CSEOF -This file was extended by x11vnc $as_me 0.9.8, which was +This file was extended by x11vnc $as_me 0.9.9, which was generated by GNU Autoconf 2.59. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -13973,7 +14048,7 @@ cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -x11vnc config.status 0.9.8 +x11vnc config.status 0.9.9 configured by $0, generated by GNU Autoconf 2.59, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" @@ -14255,6 +14330,14 @@ s,@HAVE_LIBSDL_FALSE@,$HAVE_LIBSDL_FALSE,;t t s,@SDL_CFLAGS@,$SDL_CFLAGS,;t t s,@SDL_LIBS@,$SDL_LIBS,;t t +s,@build@,$build,;t t +s,@build_cpu@,$build_cpu,;t t +s,@build_vendor@,$build_vendor,;t t +s,@build_os@,$build_os,;t t +s,@host@,$host,;t t +s,@host_cpu@,$host_cpu,;t t +s,@host_vendor@,$host_vendor,;t t +s,@host_os@,$host_os,;t t s,@MINGW_TRUE@,$MINGW_TRUE,;t t s,@MINGW_FALSE@,$MINGW_FALSE,;t t s,@WSOCKLIB@,$WSOCKLIB,;t t diff -Nru x11vnc-0.9.8/configure.ac x11vnc-0.9.9/configure.ac --- x11vnc-0.9.8/configure.ac 2009-06-19 15:44:12.000000000 +0100 +++ x11vnc-0.9.9/configure.ac 2009-12-21 05:02:53.000000000 +0000 @@ -1,6 +1,6 @@ # Process this file with autoconf to produce a configure script. -AC_INIT(x11vnc, 0.9.8, http://sourceforge.net/projects/libvncserver) -AM_INIT_AUTOMAKE(x11vnc, 0.9.8) +AC_INIT(x11vnc, 0.9.9, http://sourceforge.net/projects/libvncserver) +AM_INIT_AUTOMAKE(x11vnc, 0.9.9) AM_CONFIG_HEADER(rfbconfig.h) AX_PREFIX_CONFIG_H([rfb/rfbconfig.h]) @@ -647,11 +647,23 @@ AM_CONDITIONAL(HAVE_LIBZ, test ! -z "$HAVE_ZLIB_H") AM_CONDITIONAL(HAVE_LIBJPEG, test ! -z "$HAVE_JPEGLIB_H") + +SDLCONFIG="sdl-config" +AC_ARG_WITH(sdl-config, +[[ --with-sdl-config=FILE + Use the given path to sdl-config when determining + SDL configuration; defaults to "sdl-config"]], +[ + if test "$withval" != "yes" -a "$withval" != ""; then + SDLCONFIG=$withval + fi +]) + if test -z "$with_sdl"; then - if sdl-config --version >/dev/null 2>&1; then + if $SDLCONFIG --version >/dev/null 2>&1; then with_sdl=yes - SDL_CFLAGS=`sdl-config --cflags` - SDL_LIBS=`sdl-config --libs` + SDL_CFLAGS=`$SDLCONFIG --cflags` + SDL_LIBS=`$SDLCONFIG --libs` else with_sdl=no fi @@ -660,7 +672,9 @@ AC_SUBST(SDL_CFLAGS) AC_SUBST(SDL_LIBS) -MINGW=`uname -s | grep MINGW 2>/dev/null` + +AC_CANONICAL_HOST +MINGW=`echo $host_os | grep mingw32 2>/dev/null` AM_CONDITIONAL(MINGW, test ! -z "$MINGW" ) if test ! -z "$MINGW"; then WSOCKLIB="-lws2_32" diff -Nru x11vnc-0.9.8/debian/changelog x11vnc-0.9.9/debian/changelog --- x11vnc-0.9.8/debian/changelog 2010-01-04 05:24:11.000000000 +0000 +++ x11vnc-0.9.9/debian/changelog 2010-01-04 05:24:11.000000000 +0000 @@ -1,3 +1,11 @@ +x11vnc (0.9.9-0~kamalmostafa~ppa1~lucid) lucid; urgency=low + + * New upstream release + - Removed build-dep libvncserver-dev (now internal to this package). + - Updated autoconf. + + -- Kamal Mostafa Sun, 03 Jan 2010 20:53:30 -0800 + x11vnc (0.9.8-2) unstable; urgency=low * Updated debian/copyright: diff -Nru x11vnc-0.9.8/debian/control x11vnc-0.9.9/debian/control --- x11vnc-0.9.8/debian/control 2010-01-04 05:24:11.000000000 +0000 +++ x11vnc-0.9.9/debian/control 2010-01-04 05:24:11.000000000 +0000 @@ -1,9 +1,10 @@ Source: x11vnc Section: x11 Priority: optional -Maintainer: Fathi Boudra +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Fathi Boudra Build-Depends: debhelper (>= 7.3), automake, libtool, default-jdk, - libavahi-client-dev, libssl-dev, libvncserver-dev (>= 0.9.7), + libavahi-client-dev, libssl-dev, libxdamage-dev, libxext-dev, libxfixes-dev, libxinerama-dev, libxrandr-dev, libxss-dev, libxtrap-dev, libxtst-dev Standards-Version: 3.8.2 diff -Nru x11vnc-0.9.8/INSTALL x11vnc-0.9.9/INSTALL --- x11vnc-0.9.8/INSTALL 2009-04-21 01:35:25.000000000 +0100 +++ x11vnc-0.9.9/INSTALL 2010-01-04 05:24:11.000000000 +0000 @@ -1,27 +1,43 @@ +Installation Instructions +************************* + +Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005 Free +Software Foundation, Inc. + +This file is free documentation; the Free Software Foundation gives +unlimited permission to copy, distribute and modify it. + Basic Installation ================== - These are generic installation instructions. +These are generic installation instructions. The `configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses those values to create a `Makefile' in each directory of the package. It may also create one or more `.h' files containing system-dependent definitions. Finally, it creates a shell script `config.status' that -you can run in the future to recreate the current configuration, a file -`config.cache' that saves the results of its tests to speed up -reconfiguring, and a file `config.log' containing compiler output -(useful mainly for debugging `configure'). +you can run in the future to recreate the current configuration, and a +file `config.log' containing compiler output (useful mainly for +debugging `configure'). + + It can also use an optional file (typically called `config.cache' +and enabled with `--cache-file=config.cache' or simply `-C') that saves +the results of its tests to speed up reconfiguring. (Caching is +disabled by default to prevent problems with accidental use of stale +cache files.) If you need to do unusual things to compile the package, please try to figure out how `configure' could check whether to do them, and mail diffs or instructions to the address given in the `README' so they can -be considered for the next release. If at some point `config.cache' -contains results you don't want to keep, you may remove or edit it. - - The file `configure.in' is used to create `configure' by a program -called `autoconf'. You only need `configure.in' if you want to change -it or regenerate `configure' using a newer version of `autoconf'. +be considered for the next release. If you are using the cache, and at +some point `config.cache' contains results you don't want to keep, you +may remove or edit it. + + The file `configure.ac' (or `configure.in') is used to create +`configure' by a program called `autoconf'. You only need +`configure.ac' if you want to change it or regenerate `configure' using +a newer version of `autoconf'. The simplest way to compile this package is: @@ -54,20 +70,22 @@ Compilers and Options ===================== - Some systems require unusual options for compilation or linking that -the `configure' script does not know about. You can give `configure' -initial values for variables by setting them in the environment. Using -a Bourne-compatible shell, you can do that on the command line like -this: - CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure +Some systems require unusual options for compilation or linking that the +`configure' script does not know about. Run `./configure --help' for +details on some of the pertinent environment variables. + + You can give `configure' initial values for configuration parameters +by setting variables in the command line or in the environment. Here +is an example: + + ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix -Or on systems that have the `env' program, you can do it like this: - env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure + *Note Defining Variables::, for more details. Compiling For Multiple Architectures ==================================== - You can compile the package for more than one kind of computer at the +You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their own directory. To do this, you must use a version of `make' that supports the `VPATH' variable, such as GNU `make'. `cd' to the @@ -75,28 +93,28 @@ the `configure' script. `configure' automatically checks for the source code in the directory that `configure' is in and in `..'. - If you have to use a `make' that does not supports the `VPATH' -variable, you have to compile the package for one architecture at a time -in the source code directory. After you have installed the package for -one architecture, use `make distclean' before reconfiguring for another -architecture. + If you have to use a `make' that does not support the `VPATH' +variable, you have to compile the package for one architecture at a +time in the source code directory. After you have installed the +package for one architecture, use `make distclean' before reconfiguring +for another architecture. Installation Names ================== - By default, `make install' will install the package's files in -`/usr/local/bin', `/usr/local/man', etc. You can specify an -installation prefix other than `/usr/local' by giving `configure' the -option `--prefix=PATH'. +By default, `make install' installs the package's commands under +`/usr/local/bin', include files under `/usr/local/include', etc. You +can specify an installation prefix other than `/usr/local' by giving +`configure' the option `--prefix=PREFIX'. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you -give `configure' the option `--exec-prefix=PATH', the package will use -PATH as the prefix for installing programs and libraries. -Documentation and other data files will still use the regular prefix. +pass the option `--exec-prefix=PREFIX' to `configure', the package uses +PREFIX as the prefix for installing programs and libraries. +Documentation and other data files still use the regular prefix. In addition, if you use an unusual directory layout you can give -options like `--bindir=PATH' to specify different values for particular +options like `--bindir=DIR' to specify different values for particular kinds of files. Run `configure --help' for a list of the directories you can set and what kinds of files go in them. @@ -107,7 +125,7 @@ Optional Features ================= - Some packages pay attention to `--enable-FEATURE' options to +Some packages pay attention to `--enable-FEATURE' options to `configure', where FEATURE indicates an optional part of the package. They may also pay attention to `--with-PACKAGE' options, where PACKAGE is something like `gnu-as' or `x' (for the X Window System). The @@ -122,48 +140,86 @@ Specifying the System Type ========================== - There may be some features `configure' can not figure out -automatically, but needs to determine by the type of host the package -will run on. Usually `configure' can figure that out, but if it prints -a message saying it can not guess the host type, give it the -`--host=TYPE' option. TYPE can either be a short name for the system -type, such as `sun4', or a canonical name with three fields: +There may be some features `configure' cannot figure out automatically, +but needs to determine by the type of machine the package will run on. +Usually, assuming the package is built to be run on the _same_ +architectures, `configure' can figure that out, but if it prints a +message saying it cannot guess the machine type, give it the +`--build=TYPE' option. TYPE can either be a short name for the system +type, such as `sun4', or a canonical name which has the form: + CPU-COMPANY-SYSTEM -See the file `config.sub' for the possible values of each field. If +where SYSTEM can have one of these forms: + + OS KERNEL-OS + + See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't -need to know the host type. +need to know the machine type. - If you are building compiler tools for cross-compiling, you can also -use the `--target=TYPE' option to select the type of system they will -produce code for and the `--build=TYPE' option to select the type of -system on which you are compiling the package. + If you are _building_ compiler tools for cross-compiling, you should +use the option `--target=TYPE' to select the type of system they will +produce code for. + + If you want to _use_ a cross compiler, that generates code for a +platform different from the build platform, you should specify the +"host" platform (i.e., that on which the generated programs will +eventually be run) with `--host=TYPE'. Sharing Defaults ================ - If you want to set default values for `configure' scripts to share, -you can create a site shell script called `config.site' that gives -default values for variables like `CC', `cache_file', and `prefix'. +If you want to set default values for `configure' scripts to share, you +can create a site shell script called `config.site' that gives default +values for variables like `CC', `cache_file', and `prefix'. `configure' looks for `PREFIX/share/config.site' if it exists, then `PREFIX/etc/config.site' if it exists. Or, you can set the `CONFIG_SITE' environment variable to the location of the site script. A warning: not all `configure' scripts look for a site script. -Operation Controls +Defining Variables ================== - `configure' recognizes the following options to control how it -operates. +Variables not defined in a site shell script can be set in the +environment passed to `configure'. However, some packages may run +configure again during the build, and the customized values of these +variables may be lost. In order to avoid this problem, you should set +them in the `configure' command line, using `VAR=value'. For example: -`--cache-file=FILE' - Use and save the results of the tests in FILE instead of - `./config.cache'. Set FILE to `/dev/null' to disable caching, for - debugging `configure'. + ./configure CC=/usr/local2/bin/gcc + +causes the specified `gcc' to be used as the C compiler (unless it is +overridden in the site shell script). Here is a another example: + + /bin/bash ./configure CONFIG_SHELL=/bin/bash + +Here the `CONFIG_SHELL=/bin/bash' operand causes subsequent +configuration-related scripts to be executed by `/bin/bash'. + +`configure' Invocation +====================== + +`configure' recognizes the following options to control how it operates. `--help' +`-h' Print a summary of the options to `configure', and exit. +`--version' +`-V' + Print the version of Autoconf used to generate the `configure' + script, and exit. + +`--cache-file=FILE' + Enable the cache: use and save the results of the tests in FILE, + traditionally `config.cache'. FILE defaults to `/dev/null' to + disable caching. + +`--config-cache' +`-C' + Alias for `--cache-file=config.cache'. + `--quiet' `--silent' `-q' @@ -175,8 +231,6 @@ Look for the package's source code in directory DIR. Usually `configure' can determine that directory automatically. -`--version' - Print the version of Autoconf used to generate the `configure' - script, and exit. +`configure' also accepts some other, not widely useful, options. Run +`configure --help' for more details. -`configure' also accepts some other, not widely useful, options. diff -Nru x11vnc-0.9.8/libvncclient/listen.c x11vnc-0.9.9/libvncclient/listen.c --- x11vnc-0.9.8/libvncclient/listen.c 2009-04-21 01:35:25.000000000 +0100 +++ x11vnc-0.9.9/libvncclient/listen.c 2009-11-18 23:18:12.000000000 +0000 @@ -27,6 +27,7 @@ #include #include #ifdef __MINGW32__ +#define close closesocket #include #else #include @@ -75,7 +76,7 @@ FD_SET(listenSocket, &fds); - select(FD_SETSIZE, &fds, NULL, NULL, NULL); + select(listenSocket+1, &fds, NULL, NULL, NULL); if (FD_ISSET(listenSocket, &fds)) { client->sock = AcceptTcpConnection(listenSocket); @@ -108,3 +109,63 @@ } + +/* + * listenForIncomingConnectionsNoFork() - listen for incoming connections + * from servers, but DON'T fork, instead just wait timeout microseconds. + * If timeout is negative, block indefinitly. + * Returns 1 on success (there was an incoming connection on the listen socket + * and we accepted it successfully), -1 on error, 0 on timeout. + */ + +int +listenForIncomingConnectionsNoFork(rfbClient* client, int timeout) +{ + fd_set fds; + struct timeval to; + int r; + + to.tv_sec= timeout / 1000000; + to.tv_usec= timeout % 1000000; + + client->listenSpecified = TRUE; + + if (client->listenSock < 0) + { + client->listenSock = ListenAtTcpPort(client->listenPort); + + if (client->listenSock < 0) + return -1; + + rfbClientLog("%s -listennofork: Listening on port %d\n", + client->programName,client->listenPort); + rfbClientLog("%s -listennofork: Command line errors are not reported until " + "a connection comes in.\n", client->programName); + } + + FD_ZERO(&fds); + + FD_SET(client->listenSock, &fds); + + if (timeout < 0) + r = select(client->listenSock+1, &fds, NULL, NULL, NULL); + else + r = select(client->listenSock+1, &fds, NULL, NULL, &to); + + if (r > 0) + { + client->sock = AcceptTcpConnection(client->listenSock); + if (client->sock < 0) + return -1; + if (!SetNonBlocking(client->sock)) + return -1; + + close(client->listenSock); + return r; + } + + /* r is now either 0 (timeout) or -1 (error) */ + return r; +} + + diff -Nru x11vnc-0.9.8/libvncclient/Makefile.in x11vnc-0.9.9/libvncclient/Makefile.in --- x11vnc-0.9.8/libvncclient/Makefile.in 2009-06-19 15:44:19.000000000 +0100 +++ x11vnc-0.9.9/libvncclient/Makefile.in 2009-12-21 05:03:00.000000000 +0000 @@ -37,6 +37,8 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ subdir = libvncclient DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in @@ -168,10 +170,18 @@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ +build = @build@ build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ datadir = @datadir@ exec_prefix = @exec_prefix@ +host = @host@ host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ diff -Nru x11vnc-0.9.8/libvncclient/rfbproto.c x11vnc-0.9.9/libvncclient/rfbproto.c --- x11vnc-0.9.8/libvncclient/rfbproto.c 2009-05-21 15:15:11.000000000 +0100 +++ x11vnc-0.9.9/libvncclient/rfbproto.c 2009-12-07 14:26:57.000000000 +0000 @@ -74,7 +74,7 @@ time(&log_clock); strftime(buf, 255, "%d/%m/%Y %X ", localtime(&log_clock)); - fprintf(stderr,buf); + fprintf(stderr, "%s", buf); vfprintf(stderr, format, args); fflush(stderr); @@ -344,14 +344,16 @@ SetServer2Client(client, rfbTextChat); } +#ifndef WIN32 static rfbBool IsUnixSocket(const char *name) { struct stat sb; - if(stat(name, &sb) && (sb.st_mode & S_IFMT) == S_IFSOCK) + if(stat(name, &sb) == 0 && (sb.st_mode & S_IFMT) == S_IFSOCK) return TRUE; return FALSE; } +#endif /* * ConnectToRFBServer. @@ -385,7 +387,7 @@ fclose(rec->file); return FALSE; } - client->sock = 0; + client->sock = -1; return TRUE; } @@ -511,8 +513,11 @@ } /* we do not support > RFB3.8 */ - if (major==3 && minor>8) + if ((major==3 && minor>8) || major>3) + { + client->major=3; client->minor=8; + } rfbClientLog("VNC server supports protocol version %d.%d (viewer %d.%d)\n", major, minor, rfbProtocolMajorVersion, rfbProtocolMinorVersion); @@ -528,7 +533,8 @@ uint8_t count=0; uint8_t loop=0; uint8_t flag=0; - uint8_t tAuth=0; + uint8_t tAuth[256]; + char buf1[500],buf2[10]; if (!ReadFromRFBServer(client, (char *)&count, 1)) return FALSE; @@ -546,23 +552,42 @@ free(reason); return FALSE; } + if (count>sizeof(tAuth)) + { + rfbClientLog("%d security types are too many; maximum is %d\n", count, sizeof(tAuth)); + return FALSE; + } rfbClientLog("We have %d security types to read\n", count); + authScheme=0; /* now, we have a list of available security types to read ( uint8_t[] ) */ for (loop=0;loop=sizeof(buf1)-1) break; + snprintf(buf2, sizeof(buf2), (loop>0 ? ", %d" : "%d"), (int)tAuth[loop]); + strncat(buf1, buf2, sizeof(buf1)-strlen(buf1)-1); + } + rfbClientLog("Unknown authentication scheme from VNC server: %s\n", + buf1); + return FALSE; + } } else { @@ -1741,6 +1766,7 @@ /* avoid name clashes with LibVNCServer */ #define rfbEncryptBytes rfbClientEncryptBytes +#define rfbEncryptBytes2 rfbClientEncryptBytes2 #define rfbDes rfbClientDes #define rfbDesKey rfbClientDesKey #define rfbUseKey rfbClientUseKey diff -Nru x11vnc-0.9.8/libvncclient/sockets.c x11vnc-0.9.9/libvncclient/sockets.c --- x11vnc-0.9.8/libvncclient/sockets.c 2009-05-21 15:15:11.000000000 +0100 +++ x11vnc-0.9.9/libvncclient/sockets.c 2009-10-07 21:21:23.000000000 +0100 @@ -30,6 +30,7 @@ #include #include #ifdef WIN32 +#undef SOCKET #include #define EWOULDBLOCK WSAEWOULDBLOCK #define close closesocket diff -Nru x11vnc-0.9.8/libvncclient/zrle.c x11vnc-0.9.9/libvncclient/zrle.c --- x11vnc-0.9.8/libvncclient/zrle.c 2009-04-21 01:35:25.000000000 +0100 +++ x11vnc-0.9.9/libvncclient/zrle.c 2009-11-17 04:29:07.000000000 +0000 @@ -239,8 +239,10 @@ uint8_t* buffer_copy = buffer; uint8_t* buffer_end = buffer+buffer_length; uint8_t type; +#if BPP!=8 uint8_t zywrle_level = (client->appData.qualityLevel & 0x80) ? 0 : (3 - client->appData.qualityLevel / 3); +#endif if(buffer_length<1) return -2; diff -Nru x11vnc-0.9.8/libvncserver/cursor.c x11vnc-0.9.9/libvncserver/cursor.c --- x11vnc-0.9.8/libvncserver/cursor.c 2009-04-21 01:35:25.000000000 +0100 +++ x11vnc-0.9.9/libvncserver/cursor.c 2009-12-02 01:36:20.000000000 +0000 @@ -410,7 +410,7 @@ for(i=0,bit=0x80;iwidth;i++,bit=(bit&1)?0x80:bit>>1) { if (interp) { int r = 0, g = 0, b = 0, grey; - char *p = cursor->richSource+j*width+i*bpp; + unsigned char *p = cursor->richSource+j*width+i*bpp; if (bpp == 1) { unsigned char* uc = (unsigned char*) p; SETRGB(uc); @@ -693,10 +693,13 @@ if(sraClipRect2(&x,&y,&x2,&y2,0,0,s->width,s->height)) { sraRegionPtr rect; rect = sraRgnCreateRect(x,y,x2,y2); - if(updateRegion) + if(updateRegion) { sraRgnOr(updateRegion,rect); - else + } else { + LOCK(cl->updateMutex); sraRgnOr(cl->modifiedRegion,rect); + UNLOCK(cl->updateMutex); + } sraRgnDestroy(rect); } } diff -Nru x11vnc-0.9.8/libvncserver/main.c x11vnc-0.9.9/libvncserver/main.c --- x11vnc-0.9.8/libvncserver/main.c 2009-04-21 01:02:50.000000000 +0100 +++ x11vnc-0.9.9/libvncserver/main.c 2009-10-07 21:21:56.000000000 +0100 @@ -242,7 +242,7 @@ time(&log_clock); strftime(buf, 255, "%d/%m/%Y %X ", localtime(&log_clock)); - fprintf(stderr,buf); + fprintf(stderr, "%s", buf); vfprintf(stderr, format, args); fflush(stderr); diff -Nru x11vnc-0.9.8/libvncserver/Makefile.in x11vnc-0.9.9/libvncserver/Makefile.in --- x11vnc-0.9.8/libvncserver/Makefile.in 2009-06-19 15:44:19.000000000 +0100 +++ x11vnc-0.9.9/libvncserver/Makefile.in 2009-12-21 05:03:00.000000000 +0000 @@ -37,6 +37,8 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ subdir = libvncserver DIST_COMMON = $(am__noinst_HEADERS_DIST) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in @@ -200,10 +202,18 @@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ +build = @build@ build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ datadir = @datadir@ exec_prefix = @exec_prefix@ +host = @host@ host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ includedir = $(prefix)/include/rfb infodir = @infodir@ install_sh = @install_sh@ diff -Nru x11vnc-0.9.8/libvncserver/rfbserver.c x11vnc-0.9.9/libvncserver/rfbserver.c --- x11vnc-0.9.8/libvncserver/rfbserver.c 2009-04-20 23:05:59.000000000 +0100 +++ x11vnc-0.9.9/libvncserver/rfbserver.c 2009-11-17 04:20:22.000000000 +0000 @@ -485,7 +485,7 @@ if (cl->next) cl->next->prev = cl->prev; - if(cl->sock>0) + if(cl->sock>=0) close(cl->sock); if (cl->scaledScreen!=NULL) diff -Nru x11vnc-0.9.8/libvncserver/sockets.c x11vnc-0.9.9/libvncserver/sockets.c --- x11vnc-0.9.8/libvncserver/sockets.c 2009-04-21 01:35:25.000000000 +0100 +++ x11vnc-0.9.9/libvncserver/sockets.c 2009-12-02 01:36:59.000000000 +0000 @@ -638,7 +638,7 @@ closesocket(sock); return -1; } - if (listen(sock, 5) < 0) { + if (listen(sock, 32) < 0) { closesocket(sock); return -1; } diff -Nru x11vnc-0.9.8/libvncserver/tightvnc-filetransfer/rfbtightserver.c x11vnc-0.9.9/libvncserver/tightvnc-filetransfer/rfbtightserver.c --- x11vnc-0.9.8/libvncserver/tightvnc-filetransfer/rfbtightserver.c 2009-04-21 01:14:01.000000000 +0100 +++ x11vnc-0.9.9/libvncserver/tightvnc-filetransfer/rfbtightserver.c 2009-11-17 04:22:53.000000000 +0000 @@ -355,7 +355,7 @@ rfbBool -rfbTightExtensionInit(rfbClientPtr cl, void** data) +rfbTightExtensionInit(rfbClientPtr cl, void* data) { rfbSendInteractionCaps(cl); diff -Nru x11vnc-0.9.8/libvncserver/translate.c x11vnc-0.9.9/libvncserver/translate.c --- x11vnc-0.9.8/libvncserver/translate.c 2009-04-21 01:35:25.000000000 +0100 +++ x11vnc-0.9.9/libvncserver/translate.c 2009-12-02 01:37:49.000000000 +0000 @@ -423,6 +423,7 @@ } if (cl->format.trueColour) { + LOCK(cl->updateMutex); (*rfbInitColourMapSingleTableFns [BPP2OFFSET(cl->format.bitsPerPixel)]) (&cl->translateLookupTable, &cl->screen->serverFormat, &cl->format,&cl->screen->colourMap); @@ -430,6 +431,7 @@ sraRgnDestroy(cl->modifiedRegion); cl->modifiedRegion = sraRgnCreateRect(0,0,cl->screen->width,cl->screen->height); + UNLOCK(cl->updateMutex); return TRUE; } diff -Nru x11vnc-0.9.8/libvncserver/vncauth.c x11vnc-0.9.9/libvncserver/vncauth.c --- x11vnc-0.9.8/libvncserver/vncauth.c 2009-04-21 01:35:25.000000000 +0100 +++ x11vnc-0.9.9/libvncserver/vncauth.c 2009-12-07 13:54:50.000000000 +0000 @@ -191,3 +191,18 @@ rfbDes(bytes+i, bytes+i); } } + +void +rfbEncryptBytes2(unsigned char *where, const int length, unsigned char *key) { + int i, j; + rfbDesKey(key, EN0); + for (i = 0; i< 8; i++) + where[i] ^= key[i]; + rfbDes(where, where); + for (i = 8; i < length; i += 8) { + for (j = 0; j < 8; j++) + where[i + j] ^= where[i + j - 8]; + rfbDes(where + i, where + i); + } +} + diff -Nru x11vnc-0.9.8/Makefile.in x11vnc-0.9.9/Makefile.in --- x11vnc-0.9.8/Makefile.in 2009-06-19 15:44:20.000000000 +0100 +++ x11vnc-0.9.9/Makefile.in 2009-12-21 05:03:01.000000000 +0000 @@ -34,13 +34,15 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : -subdir = . +build_triplet = @build@ +host_triplet = @host@ DIST_COMMON = README $(am__configure_deps) $(noinst_HEADERS) \ $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ $(srcdir)/rfbconfig.h.in $(srcdir)/x11vnc.spec.in \ $(top_srcdir)/configure AUTHORS COPYING ChangeLog INSTALL NEWS \ TODO compile config.guess config.sub depcomp install-sh \ ltmain.sh missing +subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \ $(top_srcdir)/configure.ac @@ -172,10 +174,18 @@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ +build = @build@ build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ datadir = @datadir@ exec_prefix = @exec_prefix@ +host = @host@ host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ #SUBDIRS=libvncserver libvncclient x11vnc classes #DIST_SUBDIRS=libvncserver libvncclient x11vnc classes diff -Nru x11vnc-0.9.8/README x11vnc-0.9.9/README --- x11vnc-0.9.8/README 2009-06-19 15:44:12.000000000 +0100 +++ x11vnc-0.9.9/README 2009-12-21 05:02:53.000000000 +0000 @@ -2,7 +2,7 @@ Copyright (C) 2002-2009 Karl J. Runge All rights reserved. -x11vnc README file Date: Fri Jun 19 10:41:53 EDT 2009 +x11vnc README file Date: Mon Dec 21 00:00:59 EST 2009 The following information is taken from these URLs: @@ -28,55 +28,55 @@ mouse) with any VNC viewer. In this way it plays the role for Unix/X11 that WinVNC plays for Windows. - It has built-in [7]SSL/TLS encryption and RSA authentication, - including VeNCrypt; UNIX [8]account and password login support; - server-side [9]scaling; [10]single port HTTPS/HTTP and VNC; + It has built-in [7]SSL/TLS encryption and 2048 bit RSA authentication, + including VeNCrypt support; UNIX [8]account and password login + support; server-side [9]scaling; [10]single port HTTPS/HTTP+VNC; [11]Zeroconf service advertising; and TightVNC and UltraVNC [12]file-transfer. It has also been extended to work with non-X - devices: [13]webcams and TV tuner capture devices, [14]embedded Linux - systems such as Qtopia Core, and natively on [15]Mac OS X Aqua/Quartz. - More features are described [16]here. + devices: natively on [13]Mac OS X Aqua/Quartz, [14]webcams and TV + tuner capture devices, and [15]embedded Linux systems such as Qtopia + Core. More features are described [16]here. It also provides an encrypted [17]Terminal Services mode ([18]-create, [19]-svc, or [20]-xdmsvc options) based on Unix usernames and Unix passwords where the user does not need to memorize his VNC - display/port number. Normally a virtual X session (Xvfb) is created, - but it also works with X sessions on physical hardware. See also the - [21]tsvnc terminal services mode of the SSVNC viewer. + display/port number. Normally a virtual X session (Xvfb) is created + for each user, but it also works with X sessions on physical hardware. + See the [21]tsvnc terminal services mode of the SSVNC viewer that + takes advantage of this mode. I wrote x11vnc back in 2002 because x0rfbserver was basically impossible to build on Solaris and had poor performance. The primary x0rfbserver build problems centered around esoteric C++ toolkits. x11vnc is written in plain C and needs only standard libraries and so - should work on nearly all Unixes. I also added some enhancements to - improve the interactive response, add many features, and etc. + should work on nearly all Unixes, even very old ones. I also created + enhancements to improve the interactive response, added many features, + and etc. This page including the [22]FAQ contains much information [23][*]; solutions to many problems; and interesting applications, but nevertheless please feel free to [24]contact me if you have problems - or questions (and if I save you time by giving you some of my time, - please consider a [25]paypal donation.) Please check the [26]FAQ - first; I realize this page is massive, but you can often use your - browser's find-in-page action using a keyword to find the answer to - your problem or question. + or questions (and if I save you time or expense by giving you some of + my time, please consider a [25]PayPal Donation.) + + Do check the [26]FAQ and this page first; I realize the pages are + massive, but you can often use your browser's find-in-page search + action using a keyword to find the answer to your problem or question. Please help [27]beta test the new performance speedup feature using - [28]viewer-side pixel caching "ncache". Let me know how it goes; - thanks. + [28]viewer-side pixel caching "ncache". SSVNC: An x11vnc side-project provides an [29]Enhanced TightVNC Viewer package (SSVNC) for Unix, Windows, and Mac OS X with automatic - SSL and/or SSH tunnelling support, SSL Certificate creation, saved - connection profiles, and built-in Proxy support. And for the Unix - viewer: NewFBSize, ZRLE, Viewer-side Scaling, cursor alphablending, - and low color modes. Also on Unix the UltraVNC File Transfer, Text - Chat, Single Window, Server Input, and 1/n Scaling extensions are - supported along with UltraVNC DSM encryption. This bundle could be - placed on, say, a USB memory stick for SSL/SSH VNC viewing from nearly - any networked computer. Please help test out some recently added - features: automatic service tunnelling via SSH for: CUPS and SMB - Printing, ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem - mounting; Port Knocking; and the sshvnc/tsvnc modes. + SSL and/or SSH tunnelling support, SSL Certificate creation, Saved + connection profiles, Zeroconf, VeNCrypt, and built-in Proxy support. + Added features for the TightVNC Unix viewer: NewFBSize, ZRLE encoding, + Viewer-side Scaling, cursor alphablending, low color modes, and + enhanced popup menu; UltraVNC extensions support for: File Transfer, + Text Chat, Single Window, Server Input, and 1/n Scaling extensions, + and UltraVNC DSM encryption. The SSVNC bundle could be placed on, say, + a USB memory stick for SSL/SSH VNC viewing from nearly any networked + computer. _________________________________________________________________ @@ -133,9 +133,9 @@ So the standard Xvnc/vncserver program is very useful, I use it for things like: - * Desktop conferencing with other users (e.g. codereviews.) - * Long running apps/tasks I want to be able to view from many - places. + * Desktop conferencing with other users (e.g. code reviews.) + * Long running apps/tasks I want to be able to view from many places + (e.g. from home and work.) * Motif, GNOME, and similar applications that would yield very poor performance over a high latency link. @@ -245,7 +245,7 @@ * Have x11vnc (0.9.3 or later) available to run on the remote host (i.e. in $PATH.) * Download and unpack a [55]SSVNC bundle (1.0.19 or later, e.g. - [56]ssvnc_no_windows-1.0.19.tar.gz) on the Viewer-side machine. + [56]ssvnc_no_windows-1.0.23.tar.gz) on the Viewer-side machine. * Start the SSVNC Terminal Services mode GUI: ./ssvnc/bin/tsvnc * Enter your remote username@hostname (e.g. fred@far-away.east) in the "VNC Terminal Server" entry. @@ -565,7 +565,7 @@ Tunnelling x11vnc via SSL/TLS: One can also encrypt the VNC traffic using an SSL/TLS tunnel such as - [85]stunnel (also [86]stunnel.mirt.net) or using the built-in + [85]stunnel.mirt.net (also [86]stunnel.org) or using the built-in (Mar/2006) [87]-ssl openssl mode. A SSL-enabled Java applet VNC Viewer is also provided in the x11vnc package (and https can be used to download it.) @@ -585,13 +585,13 @@ x11vnc is a contributed program to the [90]LibVNCServer project at SourceForge.net. I use libvncserver for all of the VNC aspects; I couldn't have done without it. The full source code may be found and - downloaded (either file-release tarball or CVS tree) from the above - link. As of Mar 2009, the [91]x11vnc-0.9.7.tar.gz source package is - released (recommended download). The [92]x11vnc 0.9.7 release notes. + downloaded (either file-release tarball or GIT tree) from the above + link. As of Jul 2009, the [91]x11vnc-0.9.8.tar.gz source package is + released (recommended download). The [92]x11vnc 0.9.8 release notes. The x11vnc package is the subset of the libvncserver package needed to build the x11vnc program. Also, you can get a copy of my latest, - bleeding edge [93]x11vnc-0.9.8.tar.gz tarball to build the most up to + bleeding edge [93]x11vnc-0.9.9.tar.gz tarball to build the most up to date one. Precompiled Binaries/Packages: See the [94]FAQ below for information @@ -629,13 +629,13 @@ them by default.) If your OS has libjpeg.so and libz.so in standard locations you can - build as follows (example given for the 0.9.7 release of x11vnc: + build as follows (example given for the 0.9.8 release of x11vnc: replace with the version you downloaded): (un-tar the x11vnc+libvncserver tarball) -# gzip -dc x11vnc-0.9.7.tar.gz | tar -xvf - +# gzip -dc x11vnc-0.9.8.tar.gz | tar -xvf - (cd to the source directory) -# cd x11vnc-0.9.7 +# cd x11vnc-0.9.8 (run configure and then run make) # ./configure @@ -842,6 +842,15 @@ also want to make sure that /usr/lpp/X11/include, etc is being picked up by the configure and make. + For a recent build on AIX 5.3 we needed to add these CFLAGS to be able + to build with gcc: + env CFLAGS='-maix64 -Xlinker -bbigtoc' ./configure ... + + we also built our own libjpeg and libz using -maix64. + + BTW, one way to run an Xvfb-like virtual X server for testing on AIX + is something like "/usr/bin/X11/X -force -vfb -ac :1". + Building on Mac OS X: There is now [112]native Mac OS X support for x11vnc by using the raw framebuffer feature. This mode does not use or @@ -877,13 +886,13 @@ I'd appreciate any additional testing very much. Thanks to those who suggested features and helped beta test x11vnc - 0.9.7 released in Mar 2009! + 0.9.8 released in Jul 2009! - Please help test and debug the 0.9.8 version for release sometime in - Summer 2009. + Please help test and debug the 0.9.9 version for release sometime in + 2009. - The version 0.9.8 beta tarball is kept here: - [114]x11vnc-0.9.8.tar.gz + The version 0.9.9 beta tarball is kept here: + [114]x11vnc-0.9.9.tar.gz There are also some Linux, Solaris, Mac OS X, and other OS test binaries [115]here. Please kick the tires and report bugs, performance @@ -900,15 +909,87 @@ Encryption Plugin' settings panel.) - Here are some features that will appear in the 0.9.8 release: - * Stability improvements to [122]-threads mode. Running x11vnc this + Here are some features that will appear in the 0.9.9 release: + * The [122]-unixpw_system_greeter option, when used in combined + unixpw and XDMCP FINDCREATEDISPLAY mode (e.g. [123]-xdmsvc), + enables the user to press Escape to jump directly to the + XDM/GDM/KDM login greeter screen. This way the user avoids + entering his unix password twice at X session creation time. Also, + the unixpw login panel now has a short help displayed if the user + presses 'F1'. + * x11vnc now tries to be a little bit more aggressive in keeping up + with VNC client's framebuffer update requests. Some broken VNC + clients like Eggplant and JollysFastVNC continuously spray these + requests at VNC servers (regardless of whether they have received + any updates or not.) Under some circumstances this could lead to + x11vnc falling behind. The [124]-extra_fbur option allows one to + fine tune the setting. Additionally, one may also dial down + delays: e.g. "[125]-defer 5" and "[126]-wait 5" (or to 1 or even + 0) or [127]-nonap or [128]-allinput to keep up with these VNC + clients at the expense of increased system load. + * Heuristics are applied to try to determine if the X display is + currently in a Display Manager Greeter Login panel (e.g. GDM) If + so, x11vnc's creation of any windows and use of XFIXES are + delayed. This is to try to avoid x11vnc being killed after the + user logs in if the GDM KillInitClients=true is in effect. So one + does not need to set KillInitClients=false. Note that in recent + GDM the KillInitClients option has been removed. Also delayed is + the use of the XFIXES cursor fetching functionality; this avoids + an Xorg bug that causes Xorg to crash right after the user logs + in. + * A new option [129]-findauth runs the FINDDISPLAY script that + applies heuristics that try to determine the XAUTHORITY file. The + use of '[130]-auth guess' will use the XAUTHORITY that -findauth + reveals. This can be handy in with the lastest GDM where the + ability to store cookies in ~/.Xauthority has been removed. If + x11vnc is running as root (e.g. inetd) and you add -env FD_XDM=1 + to the above -findauth or -auth guess command lines, it will find + the correct XAUTHORITY for the given display (this works for + XDM/GDM/KDM if the login greeter panel is up or if someone has + already logged into an X session.) + * The FINDDISPLAY and FINDCREATEDISPLAY modes (i.e. "[131]-display + WAIT:cmd=...", [132]-find, [133]-create) now work correctly for + the user-supplied login program scheme "[134]-unixpw_cmd ...", as + long as the login program supports running commands specified in + the environment variable "RFB_UNIXPW_CMD_RUN" as the logged-in + user. The mode "[135]-unixpw_nis ..." has also been made more + consistent. + * The [136]-stunnel option (like [137]-ssl but uses stunnel as an + external helper program) now works with the [138]-ssl "SAVE" and + "TMP" special certificate names. The [139]-sslverify and + [140]-sslCRL options now work correctly in [141]-stunnel mode. + Single port HTTPS connections are also supported for this mode. + * There is an experimental Application Sharing mode that improves + upon the -id/-sid single window sharing: [142]-appshare (run + "x11vnc -appshare -help" for more info.) It is still very + primitive and approximate, but at least it displays multiple + top-level windows. + * The remote control command [143]-R can be used to instruct x11vnc + to resend its most recent copy of the Clipboard, Primary, or + Cutbuffer selections: "x11vnc -R resend_clipboard", "x11vnc -R + resend_primary", and "x11vnc -R resend_cutbuffer". + * The fonts in the GUI ([144]-gui) can now by set via environment + variables, e.g. -env X11VNC_FONT_BOLD='Helvetica -16 bold' and + -env X11VNC_FONT_FIXED='Courier -14'. + * The XDAMAGE mechanism is now automatically disabled for a period + of time if a game or screensaver generates too many XDAMAGE + rectangles per second. This avoids the X11 event queue from + soaking up too much memory. + * There is an experimental workaround: "-env X11VNC_WATCH_DX_DY=1" + that tries to avoid problems with poorly constructed menu themes + that place the initial position of the mouse cursor inside a menu + item's active zone. More information [145]can be found here. + + + Here are some features that appeared in the 0.9.8 release: + * Stability improvements to [146]-threads mode. Running x11vnc this way is more reliable now. Threaded operation sometimes gives better interactive response and faster updates: try it out. The threaded mode now supports multiple VNC viewers using the same VNC encoding. The threaded mode can also yield a performance enhancement in the many client case (e.g. class-room broadcast.) We have tested with 30 to 50 simultaneous clients. See also - [123]-reflect. + [147]-reflect. For simultaneous clients: the ZRLE encoding is thread safe on all platforms, and the Tight and Zlib encodings are currently only thread safe on Linux where thread local storage, __thread, is @@ -917,12 +998,12 @@ connected client, all encodings are safe on all platforms. Note that some features (e.g. scroll detection and -ncache) may be disabled or run with reduced functionality in -threads mode. - * Automatically tries to work around an [124]Xorg server bug + * Automatically tries to work around an [148]Xorg server bug involving infinitely repeating keys when turning off key - repeating. Use [125]-repeat if the automatic workaround fails. + repeating. Use [149]-repeat if the automatic workaround fails. * Improved reliability of the Single Port SSL VNC and HTTPS java viewer applet delivery mechanism. - * The [126]-clip mode works under [127]-rawfb. + * The [150]-clip mode works under [151]-rawfb. Here are some features that appeared in the 0.9.7 release: @@ -932,38 +1013,38 @@ case the special file /dev/vcsa2 is used to retrieve vt2's current text. Text and colors are shown, but no graphics. * Support for less than 8 bits per pixel framebuffers (e.g. 4 or 1 - bpp) in the [128]-rawfb mode. + bpp) in the [152]-rawfb mode. * The SSL enabled UltraVNC Java viewer applet now has a [Home] entry in the "drives" drop down menu. This menu can be configured with the ftpDropDown applet parameter. All of the applet parameters are documented in classes/ssl/README. - * Experimental support for [129]VirtualGL's [130]TurboVNC (an + * Experimental support for [153]VirtualGL's [154]TurboVNC (an enhanced TightVNC for fast LAN high framerate usage.) * The CUPS Terminal Services helper mode has been improved. - * Improvements to the [131]-ncache_cr that allows smooth opaque + * Improvements to the [155]-ncache_cr that allows smooth opaque window motions using the 'copyrect' encoding when using - [132]-ncache mode. - * The [133]-rmflag option enables a way to indicate to other + [156]-ncache mode. + * The [157]-rmflag option enables a way to indicate to other processes x11vnc has exited. * Reverse connections using anonymous Diffie Hellman SSL encryption now work. Here are some features that appeared in the 0.9.6 release: - * Support for [134]VeNCrypt SSL/TLS encrypted connections. It is - enabled by default in the [135]-ssl mode. VNC Viewers like - vinagre, gvncviewer/gtk-vnc, the vencrypt package, and others - support this encryption mode. It can also be used with the - [136]-unixpw option to enable Unix username and password + * Support for [158]VeNCrypt SSL/TLS encrypted connections. It is + enabled by default in the [159]-ssl mode. VNC Viewers like + vinagre, gvncviewer/gtk-vnc, the vencrypt package, [160]SSVNC, and + others support this encryption mode. It can also be used with the + [161]-unixpw option to enable Unix username and password authentication (VeNCrypt's "*Plain" modes.) A similar but older VNC security type "ANONTLS" (used by vino) is supported as well. - See the [137]-vencrypt and [138]-anontls options for additional + See the [162]-vencrypt and [163]-anontls options for additional control. The difference between x11vnc's normal -ssl mode and VeNCrypt is that the former wraps the entire VNC connection in SSL (like HTTPS does for HTTP, i.e. "vncs://") while VeNCrypt switches on the SSL/TLS at a certain point during the VNC handshake. Use - [139]-sslonly to disable both VeNCrypt and ANONTLS (vino.) - * The "[140]-ssl ANON" option enables Anonymous Diffie-Hellman (ADH) + [164]-sslonly to disable both VeNCrypt and ANONTLS (vino.) + * The "[165]-ssl ANON" option enables Anonymous Diffie-Hellman (ADH) key exchange for x11vnc's normal SSL/TLS operation. Note that Anonymous Diffie-Hellman uses encryption for privacy, but provides no authentication and so is susceptible to Man-In-The-Middle @@ -971,17 +1052,17 @@ SAVE", etc. and have the VNC viewer verify the cert.) The ANONTLS mode (vino) only supports ADH. VeNCrypt mode supports both ADH and regular X509 SSL certificates modes. For these ADH is enabled by - default. See [141]-vencrypt and [142]-anontls for how to disable + default. See [166]-vencrypt and [167]-anontls for how to disable ADH. * For x11vnc's SSL/TLS modes, one can now specify a Certificate - Revocation List (CRL) with the [143]-sslCRL option. This will only + Revocation List (CRL) with the [168]-sslCRL option. This will only be useful for wide deployments: say a company-wide x11vnc SSL access deployment using a central Certificate Authority (CA) via - [144]-sslGenCA and [145]-sslGenCert. This way if a user has his + [169]-sslGenCA and [170]-sslGenCert. This way if a user has his laptop lost or stolen, you only have to revoke his key instead of creating a new Certificate Authority and redeploying new keys to all users. - * The default SSL/TLS mode, "[146]-ssl" (no pem file parameter + * The default SSL/TLS mode, "[171]-ssl" (no pem file parameter supplied), is now the same as "-ssl SAVE" and will save the generated self-signed cert in "~/.vnc/certs/server.pem". Previously "-ssl" would create a temporary self-signed cert that @@ -991,45 +1072,45 @@ same x11vnc server. Use "-ssl TMP" to regain the previous behavior. Use "-ssl SAVE_NOPROMPT" to avoid being prompted about using passphrase when the certificate is created. - * The option [147]-http_oneport enables single-port HTTP connections + * The option [172]-http_oneport enables single-port HTTP connections via the Java VNC Viewer. So, for example, the web browser URL "http://myhost.org:5900" works the same as "http://myhost.org:5800", but with the convenience of only involving one port instead of two. This works for both unencrypted - connections and for SSH tunnels (see [148]-httpsredir if the + connections and for SSH tunnels (see [173]-httpsredir if the tunnel port differs.) Note that HTTPS single-port operation in - [149]-ssl SSL encrypted mode has been available since x11vnc + [174]-ssl SSL encrypted mode has been available since x11vnc version 0.8.3. - * For the [150]-avahi/[151]-zeroconf Service Advertizing mode, if + * For the [175]-avahi/[176]-zeroconf Service Advertizing mode, if x11vnc was not compiled with the avahi-client library, then an external helper program, either avahi-publish(1) (on Unix) or dns-sd(1) (on Mac OS X), is used instead. - * The "[152]-rfbport PROMPT" option will prompt the user via the GUI + * The "[177]-rfbport PROMPT" option will prompt the user via the GUI to select the VNC port (e.g. 5901) to listen on, and a few other basic settings. This enables a handy GUI mode for naive users: x11vnc -gui tray=setpass -rfbport PROMPT -logfile $HOME/.x11vnc.log.%VNCDISP LAY suitable for putting in a launcher or menu, e.g. - [153]x11vnc.desktop. The [154]-logfile expansion is new too. In + [178]x11vnc.desktop. The [179]-logfile expansion is new too. In the GUI, the tray=setpass Properties panel has been improved. - * The [155]-solid solid background color option now works for the + * The [180]-solid solid background color option now works for the Mac OS X console. - * The [156]-reopen option instructs x11vnc to try to reopen the X + * The [181]-reopen option instructs x11vnc to try to reopen the X display if it is prematurely closed by, say, the display manager - (e.g. [157]GDM.) + (e.g. [182]GDM.) Here are some features that appeared in the 0.9.5 release: - * Symmetric key [158]encryption ciphers. ARC4, AES-128, AES-256, + * Symmetric key [183]encryption ciphers. ARC4, AES-128, AES-256, blowfish, and 3des are supported. Salt and initialization vector seeding is provided. These compliment the more widely used SSL and - SSH encryption access methods. [159]SSVNC also supports these + SSH encryption access methods. [184]SSVNC also supports these encryption modes. * Scaling differently along the X- and Y-directions. E.g. - "[160]-scale 1280x1024" or "-scale 0.8x0.75" Also, - "[161]-geometry WxH" is an alias for "-scale WxH" + "[185]-scale 1280x1024" or "-scale 0.8x0.75" Also, + "[186]-geometry WxH" is an alias for "-scale WxH" * By having SSVNC version 1.0.21 or later available in your $PATH, - the [162]-chatwindow option allows a UltraVNC Text Chat window to + the [187]-chatwindow option allows a UltraVNC Text Chat window to appear on the local X11 console/display (this way the remote viewer can chat with the person at the physical display; e.g. helpdesk mode.) This also works on the Mac OS X console if the @@ -1041,46 +1122,47 @@ Here are some features that appeared in the 0.9.4 release: - * Improvements to the [163]-find and [164]-create X session finding + * Improvements to the [188]-find and [189]-create X session finding or creating modes: new desktop types and service redirection options. Personal cupsd daemon and SSH port redirection helper for - use with [165]SSVNC's Terminal Services feature. - * Reverse VNC connections via [166]-connect work in the [167]-find, - [168]-create and related [169]-display WAIT:... modes. + use with [190]SSVNC's Terminal Services feature. + * Reverse VNC connections via [191]-connect work in the [192]-find, + [193]-create and related [194]-display WAIT:... modes. * Reverse VNC connections (either normal or SSL) can use a Web Proxy or a SOCKS proxy, or a SSH connection, or even a CGI URL to make - the outgoing connection. See: [170]-proxy. Forward connections can - also use: [171]-ssh. - * Reverse VNC connections via the [172]UltraVNC repeater proxy + the outgoing connection. See: [195]-proxy. Forward connections can + also use: [196]-ssh. + * Reverse VNC connections via the [197]UltraVNC repeater proxy (either normal or SSL) are supported. Use either the - "[173]-connect repeater=ID:NNNN+host:port" or "[174]-connect - repeater://host:port+ID:NNNN" notation. The [175]SSVNC VNC viewer - also supports the UltraVNC repeater. + "[198]-connect repeater=ID:NNNN+host:port" or "[199]-connect + repeater://host:port+ID:NNNN" notation. The [200]SSVNC VNC viewer + also supports the UltraVNC repeater. Also, a perl repeater + implemention is here: [201]ultravnc_repeater.pl * Support for indexed colormaps (PseudoColor) with depths other than 8 (from 1 to 16 now work) for non-standard hardware. Option - "[176]-advertise_truecolor" to handle some workaround in this + "[202]-advertise_truecolor" to handle some workaround in this mode. * Support for the ZYWRLE encoding, this is the RealVNC ZRLE encoding extended to do motion video and photo regions more efficiently by way of a Wavelet based transformation. - * The [177]-finddpy and [178]-listdpy utilities help to debug and - configure the [179]-find, [180]-create, and [181]-display WAIT:... + * The [203]-finddpy and [204]-listdpy utilities help to debug and + configure the [205]-find, [206]-create, and [207]-display WAIT:... modes. * Some automatic detection of screen resizes are handled even if the - [182]-xrandr option is not supplied. - * The [183]-autoport options gives more control over the VNC port + [208]-xrandr option is not supplied. + * The [209]-autoport options gives more control over the VNC port x11vnc chooses. - * The [184]-ping secs can be used to help keep idle connections + * The [210]-ping secs can be used to help keep idle connections alive. * Pasting of the selection/clipboard into remote applications (e.g. Java) has been improved. * Fixed a bug if a client disconnects during the 'speed-estimation' phase. * To unset Caps_Lock, Num_Lock and raise all keys in the X server - use [185]-clear_all. + use [211]-clear_all. * Usage with dvorak keyboards has been improved. See also: - [186]-xkb. - * The [187]Java Viewer applet source code is now included in the + [212]-xkb. + * The [213]Java Viewer applet source code is now included in the x11vnc-0.9.*.tar.gz tarball. This means you can now build the Java viewer applet jar files from source. If you stopped shipping the Java viewer applet jar files due to lack of source code, you can @@ -1088,7 +1170,7 @@ Here are some features that appeared in the 0.9.3 release: - * [188]Viewer-side pixmap caching. A large area of pixels (at least + * [214]Viewer-side pixmap caching. A large area of pixels (at least 2-3 times as big as the framebuffer itself; the bigger the better... default is 10X) is placed below the framebuffer to act as a buffer/cache area for pixel data. The VNC CopyRect encoding @@ -1096,7 +1178,7 @@ Until we start modifying viewers you will be able to see the cache area if you scroll down (this makes it easier to debug!) For testing the default is "-ncache 10". The unix Enhanced TightVNC - Viewer [189]ssvnc has a nice [190]-ycrop option to help hide the + Viewer [215]ssvnc has a nice [216]-ycrop option to help hide the pixel cache area from view. @@ -1109,14 +1191,14 @@ * If UltraVNC file transfer or chat is detected, then VNC clients are "pinged" more often to prevent these side channels from becoming serviced too infrequently. - * In [191]-unixpw mode in the username and password dialog no text + * In [217]-unixpw mode in the username and password dialog no text will be echoed if the first character sent is "Escape". This enables a convenience feature in SSVNC to send the username and password automatically. Here are some features that appeared in the 0.9.1 release: - * The [192]UltraVNC Java viewer has been enhanced to support SSL (as + * The [218]UltraVNC Java viewer has been enhanced to support SSL (as the TightVNC viewer had been previously.) The UltraVNC Java supports ultravnc filetransfer, and so can be used as a VNC viewer on Unix that supports ultravnc filetransfer. It is in the @@ -1127,12 +1209,12 @@ Some other bugs in the UltraVNC Java viewer were fixed and a few improvements to the UI made. * A new Unix username login mode for VNC Viewers authenticated via a - Client SSL Certificate: "[193]-users sslpeer=". The emailAddress + Client SSL Certificate: "[219]-users sslpeer=". The emailAddress subject field is inspected for username@hostname and then acts as though "-users +username" has been supplied. This way the Unix username is identified by (i.e. simply extracted from) the Client - SSL Certificate. This could be useful with [194]-find, - [195]-create and [196]-svc modes if you are also have set up and + SSL Certificate. This could be useful with [220]-find, + [221]-create and [222]-svc modes if you are also have set up and use VNC Client SSL Certificate authentication. * For external display finding/creating programs (e.g. WAIT:cmd=...) if the VNC Viewer is authenticated via a Client SSL Certificate, @@ -1141,41 +1223,41 @@ Here are some features that appeared in the 0.9 release: - * [197]VNC Service advertising via mDNS / ZeroConf / BonJour with - the [198]Avahi client library. Enable via "[199]-avahi" or - "[200]-zeroconf". + * [223]VNC Service advertising via mDNS / ZeroConf / BonJour with + the [224]Avahi client library. Enable via "[225]-avahi" or + "[226]-zeroconf". * Implementations of UltraVNC's TextChat, SingleWindow, and - ServerInput extensions (requires ultravnc viewer or [201]ssvnc + ServerInput extensions (requires ultravnc viewer or [227]ssvnc Unix viewer.) They toggle the selection of a single window - ([202]-id), and disable (friendly) user input and viewing (monitor + ([228]-id), and disable (friendly) user input and viewing (monitor blank) at the VNC server. - * Short aliases "[203]-find", "[204]-create", "[205]-svc", and - "[206]-xdmsvc" for commonly used FINDCREATEDISPLAY usage modes. + * Short aliases "[229]-find", "[230]-create", "[231]-svc", and + "[232]-xdmsvc" for commonly used FINDCREATEDISPLAY usage modes. * Reverse VNC connections (viewer listening) now work in SSL - ([207]-ssl) mode. + ([233]-ssl) mode. * New options to control the Monitor power state and keyboard/mouse - grabbing: [208]-forcedpms, [209]-clientdpms, [210]-noserverdpms, - and [211]-grabalways. + grabbing: [234]-forcedpms, [235]-clientdpms, [236]-noserverdpms, + and [237]-grabalways. * A simple way to emulate inetd(8) to some degree via the - "[212]-loopbg" option. - * Monitor the accuracy of XDAMAGE and apply "[213]-noxdamage" if it - is not working well. OpenGL applications like like [214]beryl and + "[238]-loopbg" option. + * Monitor the accuracy of XDAMAGE and apply "[239]-noxdamage" if it + is not working well. OpenGL applications like like [240]beryl and MythTv have been shown to make XDAMAGE not work properly. * For Java SSL connections involving a router/firewall port - redirection, an option [215]-httpsredir to spare the user from + redirection, an option [241]-httpsredir to spare the user from needing to include &PORT=NNN in the browser URL. Here are some features that appeared in the 0.8.4 release: - * Native [216]Mac OS X Aqua/Quartz support. (i.e. OSXvnc + * Native [242]Mac OS X Aqua/Quartz support. (i.e. OSXvnc alternative; some activities are faster) - * A [217]new login mode: "-display WAIT:cmd=FINDCREATEDISPLAY + * A [243]new login mode: "-display WAIT:cmd=FINDCREATEDISPLAY -unixpw ..." that will Create a new X session (either virtual or real and with or without a display manager, e.g. kdm) for the user if it cannot find the user's X session display via the FINDDISPLAY - method. See the [218]-svc and the [219]-xdmsvc aliases. - * x11vnc can act as a VNC [220]reflector/repeater using the - "[221]-reflect host:N" option. Instead of polling an X display, + method. See the [244]-svc and the [245]-xdmsvc aliases. + * x11vnc can act as a VNC [246]reflector/repeater using the + "[247]-reflect host:N" option. Instead of polling an X display, the remote VNC Server host:N is connected to and re-exported via VNC. This is intended for use in broadcasting a display to many (e.g. > 16; classroom or large demo) VNC viewers where bandwidth @@ -1183,16 +1265,16 @@ number of repeaters. * Wireframe copyrect detection for local user activity (e.g. someone sitting at the physical display moving windows) Use - [222]-nowireframelocal to disable. - * The "[223]-N" option couples the VNC Display number to the X + [248]-nowireframelocal to disable. + * The "[249]-N" option couples the VNC Display number to the X Display number. E.g. if your X DISPLAY is :2 then the VNC display will be :2 (i.e. using port 5902.) If that port is taken x11vnc will exit. - * Option [224]-nodpms to avoid problems with programs like KDE's + * Option [250]-nodpms to avoid problems with programs like KDE's kdesktop_lock that keep restarting the screen saver every few seconds. * To automatically fix the common mouse motion problem on XINERAMA - (multi-headed) displays, the [225]-xwarppointer option is enabled + (multi-headed) displays, the [251]-xwarppointer option is enabled by default when XINERAMA is active. If you have a Mac please try out the native Mac OS X support, build @@ -1202,62 +1284,62 @@ Here are some features that appeared in the 0.8.3 release: - * The [226]-ssl option provides SSL encryption and authentication - natively via the [227]www.openssl.org library. One can use from a + * The [252]-ssl option provides SSL encryption and authentication + natively via the [253]www.openssl.org library. One can use from a simple self-signed certificate server certificate up to full CA and client certificate authentication schemes. - * Similar to -ssl, the [228]-stunnel option starts up a SSL tunnel + * Similar to -ssl, the [254]-stunnel option starts up a SSL tunnel server stunnel (that must be installed separately on the system: - [229]www.stunnel.org [230]stunnel.mirt.net ) to allow only - encrypted SSL connections from the network. - * The [231]-sslverify option allows for authenticating VNC clients + [255]stunnel.mirt.net ) to allow only encrypted SSL connections + from the network. + * The [256]-sslverify option allows for authenticating VNC clients via their certificates in either -ssl or -stunnel modes. * Certificate creation and management tools are provide in the - [232]-sslGenCert, [233]-sslGenCA, and [234]related options. + [257]-sslGenCert, [258]-sslGenCA, and [259]related options. * An SSL enabled Java applet VNC Viewer applet is provided by x11vnc in classes/ssl/VncViewer.jar. In addition to normal HTTP, the applet may be loaded into the web browser via HTTPS (HTTP over SSL.) (one can use the VNC port, e.g. https://host:5900/, or also - the separate [235]-https port option.) A wrapper shell script - [236]ss_vncviewer is also provided that sets up a stunnel - client-side tunnel on Unix systems. See [237]Enhanced TightVNC + the separate [260]-https port option.) A wrapper shell script + [261]ss_vncviewer is also provided that sets up a stunnel + client-side tunnel on Unix systems. See [262]Enhanced TightVNC Viewer (SSVNC) for other SSL/SSH viewer possibilities. - * The [238]-unixpw option supports Unix username and password - authentication (a simpler variant is the [239]-unixpw_nis option + * The [263]-unixpw option supports Unix username and password + authentication (a simpler variant is the [264]-unixpw_nis option that works in environments where the encrypted passwords are - readable, e.g. NIS.) The [240]-ssl or [241]-localhost + - [242]-stunnel options are enforced in this mode to prevent + readable, e.g. NIS.) The [265]-ssl or [266]-localhost + + [267]-stunnel options are enforced in this mode to prevent password sniffing. As a convenience, these requirements are lifted if a SSH tunnel can be deduced (but -localhost still applies.) - * Coupling [243]-unixpw with "[244]-display WAIT:cmd=FINDDISPLAY" or + * Coupling [268]-unixpw with "[269]-display WAIT:cmd=FINDDISPLAY" or "-display WAIT:cmd=FINDCREATEDISPLAY" provides a way to allow a user to login with their UNIX password and have their display - connected to [245]automatically. See the [246]-svc and the - [247]-xdmsvc aliases. - * Hooks are provided in the [248]-unixpw_cmd and "[249]-passwdfile + connected to [270]automatically. See the [271]-svc and the + [272]-xdmsvc aliases. + * Hooks are provided in the [273]-unixpw_cmd and "[274]-passwdfile cmd:,custom:..." options to allow you to supply your own authentication and password lookup programs. * x11vnc can be configured and built to not depend on X11 libraries - "./configure --without-x" for [250]-rawfb only operation (e.g. + "./configure --without-x" for [275]-rawfb only operation (e.g. embedded linux console devices.) - * The [251]-rotate option enables you to rotate or reflect the + * The [276]-rotate option enables you to rotate or reflect the screen before exporting via VNC. This is intended for use on handhelds and other devices where the rotation orientation is not "natural". - * The "[252]-ultrafilexfer" alias is provided and improved UltraVNC + * The "[277]-ultrafilexfer" alias is provided and improved UltraVNC filetransfer rates have been achieved. - * Under the "[253]-connect_or_exit host" option x11vnc will exit + * Under the "[278]-connect_or_exit host" option x11vnc will exit immediately unless the reverse connection to host succeeds. The "-rfbport 0" option disables TCP listening for connections (useful for this mode.) - * The "[254]-rawfb rand" and "-rawfb none" options are useful for + * The "[279]-rawfb rand" and "-rawfb none" options are useful for testing automation scripts, etc., without requiring a full desktop. - * Reduced spewing of information at startup, use "[255]-verbose" + * Reduced spewing of information at startup, use "[280]-verbose" (also "-v") to turn it back on for debugging or if you are going to send me a problem report. - Here are some [256]Previous Release Notes + Here are some [281]Previous Release Notes _________________________________________________________________ Some Notes: @@ -1284,13 +1366,13 @@ protocol.) I suggest using xsetroot, dtstyle or similar utility to set a solid background while using x11vnc. You can turn the pretty background image back on when you are using the display directly. - Update: As of Feb/2005 x11vnc has the [257]-solid [color] option that + Update: As of Feb/2005 x11vnc has the [282]-solid [color] option that works on recent GNOME, KDE, and CDE and also on classic X (background image is on the root window.) Update: As of Oct/2007 x11vnc has the - [258]-ncache option that does a reasonable job caching the background + [283]-ncache option that does a reasonable job caching the background (and other) pixmap data on the viewer side. - I also find the [259]TightVNC encoding gives the best response for my + I also find the [284]TightVNC encoding gives the best response for my usage (Unix <-> Unix over cable modem.) One needs a tightvnc-aware vncviewer to take advantage of this encoding. @@ -1302,17 +1384,17 @@ is X11's default listening port.) Had port 5900 been taken by some other application, x11vnc would have next tried 5901. That would mean the viewer command above should be changed to vncviewer - far-away.east:1. You can force the port with the "[260]-rfbport NNNN" + far-away.east:1. You can force the port with the "[285]-rfbport NNNN" option where NNNN is the desired port number. If that port is already - taken, x11vnc will exit immediately. The "[261]-N" option will try to + taken, x11vnc will exit immediately. The "[286]-N" option will try to match the VNC display number to the X display. (also see the "SunRay Gotcha" note below) Options: x11vnc has (far too) many features that may be activated - via its [262]command line options. Useful options are, e.g., -scale to + via its [287]command line options. Useful options are, e.g., -scale to do server-side scaling, and -rfbauth passwd-file to use VNC password protection (the vncpasswd or storepasswd programs, or the x11vnc - [263]-storepasswd option can be used to create the password file.) + [288]-storepasswd option can be used to create the password file.) Algorithm: How does x11vnc do it? Rather brute-forcedly: it continuously polls the X11 framebuffer for changes using @@ -1340,7 +1422,7 @@ first testing out the programs. You get an interesting recursive/feedback effect where vncviewer images keep popping up each one contained in the previous one and slightly shifted a bit by the - window manager decorations. There will be an [264]even more + window manager decorations. There will be an [289]even more interesting effect if -scale is used. Also, if the XKEYBOARD is supported and the XBell "beeps" once, you get an infinite loop of beeps going off. Although all of this is mildly exciting it is not @@ -1350,8 +1432,8 @@ Sun Ray Notes: - You can run x11vnc on your (connected or disconnected) [265]SunRay - session. Here are some [266]notes on SunRay usage with x11vnc. + You can run x11vnc on your (connected or disconnected) [290]SunRay + session. Here are some [291]notes on SunRay usage with x11vnc. _________________________________________________________________ @@ -1363,7 +1445,7 @@ than you normally do to minimize the effects (e.g. do fullpage paging rather than line-by-line scrolling, and move windows in a single, quick motion.) Recent work has provided the - [267]-scrollcopyrect and [268]-wireframe speedups using the + [292]-scrollcopyrect and [293]-wireframe speedups using the CopyRect VNC encoding and other things, but they only speed up some activities, not all. * A rate limiting factor for x11vnc performance is that graphics @@ -1422,18 +1504,18 @@ but we mention it because it may be of use for special purpose applications. You may need to use the "-cc 4" option to force Xvfb to use a TrueColor visual instead of DirectColor. See also the - description of the [269]-create option that does all of this + description of the [294]-create option that does all of this automatically for you. Also, a faster and more accurate way is to use the "dummy" XFree86/Xorg device driver (or our Xdummy wrapper script.) See - [270]this FAQ for details. + [295]this FAQ for details. * Somewhat surprisingly, the X11 mouse (cursor) shape is write-only and cannot be queried from the X server. So traditionally in x11vnc the cursor shape stays fixed at an arrow. (see the "-cursor - X" and "-cursor some" [271]options, however, for a partial hack + X" and "-cursor some" [296]options, however, for a partial hack for the root window, etc.) However, on Solaris using the SUN_OVL overlay extension, x11vnc can show the correct mouse cursor when - the [272]-overlay option is also supplied. A similar thing is done + the [297]-overlay option is also supplied. A similar thing is done on IRIX as well when -overlay is supplied. More generally, as of Dec/2004 x11vnc supports the new XFIXES extension (in Xorg and Solaris 10) to query the X server for the @@ -1441,18 +1523,18 @@ with transparency (alpha channel) need to approximated to solid RGB values (some cursors look worse than others.) * Audio from applications is of course not redirected (separate - redirectors do exist, e.g. esd, see [273]the FAQ on this below.) + redirectors do exist, e.g. esd, see [298]the FAQ on this below.) The XBell() "beeps" will work if the X server supports the XKEYBOARD extension. (Note that on Solaris XKEYBOARD is disabled by default. Passing +kb to Xsun enables it.) - * The scroll detection algorithm for the [274]-scrollcopyrect option + * The scroll detection algorithm for the [299]-scrollcopyrect option can give choppy or bunched up transient output and occasionally painting errors. * Using -threads can expose some bugs/crashes in libvncserver. - Please feel free to [275]contact me if you have any questions, + Please feel free to [300]contact me if you have any questions, problems, or comments about x11vnc, etc. - Also, some people ask if they can make a donation, see [276]this link + Also, some people ask if they can make a donation, see [301]this link for that. References @@ -1469,9 +1551,9 @@ 10. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers 11. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi 12. http://www.karlrunge.com/x11vnc/faq.html#faq-filexfer - 13. http://www.karlrunge.com/x11vnc/faq.html#faq-video - 14. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded - 15. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx + 13. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx + 14. http://www.karlrunge.com/x11vnc/faq.html#faq-video + 15. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded 16. http://www.karlrunge.com/x11vnc/index.html#beta-test 17. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay 18. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create @@ -1512,7 +1594,7 @@ 53. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd 54. http://www.karlrunge.com/x11vnc/index.html#vnc_password_file 55. http://www.karlrunge.com/x11vnc/ssvnc.html#download - 56. http://downloads.sourceforge.net/ssvnc/ssvnc_no_windows-1.0.19.tar.gz?use_mirror + 56. http://downloads.sourceforge.net/ssvnc/ssvnc_no_windows-1.0.23.tar.gz?use_mirror 57. http://www.karlrunge.com/x11vnc/index.html#tunnelling 58. http://www.karlrunge.com/x11vnc/ssvnc.html#tsvnc 59. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect @@ -1541,15 +1623,15 @@ 82. http://www.karlrunge.com/x11vnc/ssvnc.html 83. http://www.karlrunge.com/x11vnc/faq.html#faq-allow-opt 84. http://www.karlrunge.com/x11vnc/faq.html#faq-tcp_wrappers - 85. http://www.stunnel.org/ - 86. http://stunnel.mirt.net/ + 85. http://stunnel.mirt.net/ + 86. http://www.stunnel.org/ 87. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl 88. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int 89. http://www.karlrunge.com/x11vnc/ssvnc.html 90. http://sourceforge.net/projects/libvncserver/ - 91. http://sourceforge.net/project/showfiles.php?group_id=32584&package_id=119006&release_id=672184 - 92. http://sourceforge.net/project/shownotes.php?release_id=672184&group_id=32584 - 93. http://x11vnc.sourceforge.net/dev/x11vnc-0.9.8.tar.gz + 91. http://sourceforge.net/project/showfiles.php?group_id=32584&package_id=119006&release_id=695585 + 92. http://sourceforge.net/project/shownotes.php?group_id=32584&release_id=695585 + 93. http://x11vnc.sourceforge.net/dev/x11vnc-0.9.9.tar.gz 94. http://www.karlrunge.com/x11vnc/faq.html#faq-binaries 95. http://www.tightvnc.com/download.html 96. http://www.realvnc.com/products/free/4.1/download.html @@ -1570,7 +1652,7 @@ 111. http://www.karlrunge.com/x11vnc/faq.html#faq-solaris251build 112. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx 113. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int - 114. http://x11vnc.sourceforge.net/dev/x11vnc-0.9.8.tar.gz + 114. http://x11vnc.sourceforge.net/dev/x11vnc-0.9.9.tar.gz 115. http://www.karlrunge.com/x11vnc/bins 116. mailto:xvml@karlrunge.com 117. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int @@ -1578,161 +1660,186 @@ 119. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext 120. http://www.karlrunge.com/x11vnc/ssvnc.html 121. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-enc - 122. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads - 123. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect - 124. http://bugs.freedesktop.org/show_bug.cgi?id=21454 - 125. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-repeat - 126. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip - 127. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 128. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 129. http://www.virtualgl.org/ - 130. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc - 131. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_cr - 132. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache - 133. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rmflag - 134. http://sourceforge.net/projects/vencrypt/ - 135. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 136. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 137. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt - 138. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls - 139. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslonly - 140. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 141. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt - 142. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls - 143. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL - 144. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA - 145. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert - 146. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 147. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http_oneport - 148. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir - 149. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 150. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi - 151. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf - 152. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport - 153. http://www.karlrunge.com/x11vnc/x11vnc.desktop - 154. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-o - 155. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid - 156. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen - 157. http://www.karlrunge.com/x11vnc/faq.html#infaq_gdm - 158. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-enc - 159. http://www.karlrunge.com/x11vnc/ssvnc.html - 160. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale - 161. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-geometry - 162. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-chatwindow - 163. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 164. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 165. http://www.karlrunge.com/x11vnc/ssvnc.html - 166. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect - 167. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 168. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 169. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 170. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy - 171. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssh - 172. http://www.uvnc.com/addons/repeater.html - 173. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect - 174. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 175. http://www.karlrunge.com/x11vnc/ssvnc.html - 176. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-advertise_truecolor - 177. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-finddpy - 178. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-listdpy - 179. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 180. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 181. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 182. http://www.karlrunge.com/x11vnc/faq.html#faq-xrandr - 183. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-autoport - 184. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ping - 185. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all - 186. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb - 187. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 188. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching - 189. http://www.karlrunge.com/x11vnc/ssvnc.html - 190. http://www.karlrunge.com/x11vnc/ssvnc.html#ycrop - 191. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 192. http://www.ultravnc.com/ - 193. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 194. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 195. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 196. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 197. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi - 198. http://www.avahi.org/ - 199. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi - 200. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf - 201. http://www.karlrunge.com/x11vnc/ssvnc.html - 202. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 203. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 204. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 205. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 206. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 207. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 208. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forcedpms - 209. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clientdpms - 210. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms - 211. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabalways - 212. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 213. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage - 214. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl - 215. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir - 216. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx - 217. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 218. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 219. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 220. http://www.karlrunge.com/x11vnc/faq.html#faq-reflect - 221. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect - 222. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nowireframelocal - 223. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N - 224. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms - 225. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer - 226. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 227. http://www.openssl.org/ - 228. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 229. http://www.stunnel.org/ - 230. http://stunnel.mirt.net/ - 231. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 232. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert - 233. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA - 234. http://www.karlrunge.com/x11vnc/ssl.html - 235. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https - 236. http://www.karlrunge.com/x11vnc/faq.html#infaq_ss_vncviewer - 237. http://www.karlrunge.com/x11vnc/ssvnc.html - 238. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 239. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis - 240. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 241. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 242. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 243. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 244. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 245. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin - 246. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 247. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 248. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd - 249. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 250. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 251. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate - 252. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer - 253. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit - 254. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 255. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-v, - 256. http://www.karlrunge.com/x11vnc/prevrels.html - 257. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid - 258. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache - 259. http://www.tightvnc.com/ - 260. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport - 261. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N - 262. http://www.karlrunge.com/x11vnc/x11vnc_opts.html - 263. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd - 264. http://www.karlrunge.com/x11vnc/recurse_x11vnc.jpg - 265. http://www.sun.com/sunray/index.html - 266. http://www.karlrunge.com/x11vnc/sunray.html - 267. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 268. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 269. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 270. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb - 271. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor - 272. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay - 273. http://www.karlrunge.com/x11vnc/faq.html#faq-sound - 274. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 275. mailto:xvml@karlrunge.com - 276. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks + 122. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_system_greeter + 123. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 124. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-extra_fbur + 125. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer + 126. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait + 127. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nonap + 128. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allinput + 129. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-findauth + 130. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth + 131. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 132. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 133. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 134. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd + 135. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis + 136. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 137. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 138. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 139. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 140. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL + 141. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 142. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-appshare + 143. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote + 144. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui + 145. http://ubuntuforums.org/showthread.php?t=1223490 + 146. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads + 147. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect + 148. http://bugs.freedesktop.org/show_bug.cgi?id=21454 + 149. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-repeat + 150. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip + 151. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 152. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 153. http://www.virtualgl.org/ + 154. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc + 155. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_cr + 156. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache + 157. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rmflag + 158. http://sourceforge.net/projects/vencrypt/ + 159. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 160. http://www.karlrunge.com/x11vnc/ssvnc.html + 161. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 162. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt + 163. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls + 164. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslonly + 165. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 166. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt + 167. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls + 168. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL + 169. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA + 170. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert + 171. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 172. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http_oneport + 173. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir + 174. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 175. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi + 176. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf + 177. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport + 178. http://www.karlrunge.com/x11vnc/x11vnc.desktop + 179. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-o + 180. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid + 181. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen + 182. http://www.karlrunge.com/x11vnc/faq.html#infaq_gdm + 183. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-enc + 184. http://www.karlrunge.com/x11vnc/ssvnc.html + 185. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale + 186. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-geometry + 187. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-chatwindow + 188. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 189. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 190. http://www.karlrunge.com/x11vnc/ssvnc.html + 191. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect + 192. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 193. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 194. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 195. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy + 196. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssh + 197. http://www.uvnc.com/addons/repeater.html + 198. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect + 199. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect + 200. http://www.karlrunge.com/x11vnc/ssvnc.html + 201. http://www.karlrunge.com/x11vnc/ultravnc_repeater.pl + 202. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-advertise_truecolor + 203. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-finddpy + 204. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-listdpy + 205. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 206. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 207. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 208. http://www.karlrunge.com/x11vnc/faq.html#faq-xrandr + 209. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-autoport + 210. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ping + 211. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all + 212. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb + 213. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers + 214. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching + 215. http://www.karlrunge.com/x11vnc/ssvnc.html + 216. http://www.karlrunge.com/x11vnc/ssvnc.html#ycrop + 217. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 218. http://www.ultravnc.com/ + 219. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users + 220. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 221. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 222. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 223. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi + 224. http://www.avahi.org/ + 225. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi + 226. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf + 227. http://www.karlrunge.com/x11vnc/ssvnc.html + 228. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 229. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 230. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 231. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 232. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 233. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 234. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forcedpms + 235. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clientdpms + 236. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms + 237. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabalways + 238. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop + 239. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage + 240. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl + 241. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir + 242. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx + 243. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 244. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 245. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 246. http://www.karlrunge.com/x11vnc/faq.html#faq-reflect + 247. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect + 248. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nowireframelocal + 249. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N + 250. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms + 251. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer + 252. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 253. http://www.openssl.org/ + 254. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 255. http://stunnel.mirt.net/ + 256. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 257. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert + 258. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA + 259. http://www.karlrunge.com/x11vnc/ssl.html + 260. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https + 261. http://www.karlrunge.com/x11vnc/faq.html#infaq_ss_vncviewer + 262. http://www.karlrunge.com/x11vnc/ssvnc.html + 263. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 264. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis + 265. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 266. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 267. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 268. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 269. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 270. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin + 271. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 272. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 273. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd + 274. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 275. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 276. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate + 277. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer + 278. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit + 279. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 280. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-v, + 281. http://www.karlrunge.com/x11vnc/prevrels.html + 282. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid + 283. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache + 284. http://www.tightvnc.com/ + 285. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport + 286. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N + 287. http://www.karlrunge.com/x11vnc/x11vnc_opts.html + 288. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd + 289. http://www.karlrunge.com/x11vnc/recurse_x11vnc.jpg + 290. http://www.sun.com/sunray/index.html + 291. http://www.karlrunge.com/x11vnc/sunray.html + 292. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect + 293. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 294. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 295. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb + 296. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor + 297. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay + 298. http://www.karlrunge.com/x11vnc/faq.html#faq-sound + 299. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect + 300. mailto:xvml@karlrunge.com + 301. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks ======================================================================= http://www.karlrunge.com/x11vnc/faq.html: @@ -1798,414 +1905,417 @@ [19]Q-17: When I start x11vnc on an Alpha Tru64 workstation the X server crashes! - [20]Q-18: Are there any build-time customizations possible, e.g. + [20]Q-18: When running x11vnc on an IBM AIX workstation after a few + minutes the VNC connection freezes. + + [21]Q-19: Are there any build-time customizations possible, e.g. change defaults, create a smaller binary, etc? [Win2VNC Related] - [21]Q-19: I have two separate machine displays in front of me, one + [22]Q-20: I have two separate machine displays in front of me, one Windows the other X11: can I use x11vnc in combination with Win2VNC in dual-screen mode to pass the keystrokes and mouse motions to the X11 display? - [22]Q-20: I am running Win2VNC on my Windows machine and "x11vnc + [23]Q-21: I am running Win2VNC on my Windows machine and "x11vnc -nofb" on Unix to pass keyboard and mouse to the Unix monitor. Whenever I start Win2VNC it quickly disconnects and x11vnc says: rfbProcessClientNormalMessage: read: Connection reset by peer - [23]Q-21: Can I run "x11vnc -nofb" on a Mac OS X machine to redirect + [24]Q-22: Can I run "x11vnc -nofb" on a Mac OS X machine to redirect mouse and keyboard input to it from Windows and X11 machines via Win2VNC and x2vnc, respectively? [Color Issues] - [24]Q-22: The X display I run x11vnc on is only 8 bits per pixel (bpp) + [25]Q-23: The X display I run x11vnc on is only 8 bits per pixel (bpp) PseudoColor (i.e. only 256 distinct colors.) The x11vnc colors may start out OK, but after a while they are incorrect in certain windows. - [25]Q-23: Color problems: Why are the colors for some windows + [26]Q-24: Color problems: Why are the colors for some windows incorrect in x11vnc? BTW, my X display has nice overlay/multi-depth visuals of different color depths: e.g. there are both depth 8 and 24 visuals available at the same time. - [26]Q-24: I am on a high color system (depth >= 24) but I seem to have + [27]Q-25: I am on a high color system (depth >= 24) but I seem to have colormap problems. They either flash or everything is very dark. - [27]Q-25: How do I figure out the window id to supply to the -id + [28]Q-26: How do I figure out the window id to supply to the -id windowid option? - [28]Q-26: Why don't menus or other transient windows come up when I am + [29]Q-27: Why don't menus or other transient windows come up when I am using the -id windowid option to view a single application window? - [29]Q-27: My X display is depth 24 at 24bpp (instead of the normal + [30]Q-28: My X display is depth 24 at 24bpp (instead of the normal depth 24 at 32bpp.) I'm having lots of color and visual problems with x11vnc and/or vncviewer. What's up? [Xterminals] - [30]Q-28: Can I use x11vnc to view and interact with an Xterminal + [31]Q-29: Can I use x11vnc to view and interact with an Xterminal (e.g. NCD) that is not running UNIX and so x11vnc cannot be run on it directly? - [31]Q-29: How do I get my X permissions (MIT-MAGIC-COOKIE file) + [32]Q-30: How do I get my X permissions (MIT-MAGIC-COOKIE file) correct for a Unix/Linux machine acting as an Xterminal? [Sun Rays] - [32]Q-30: I'm having trouble using x11vnc with my Sun Ray session. + [33]Q-31: I'm having trouble using x11vnc with my Sun Ray session. [Remote Control] - [33]Q-31: How do I stop x11vnc once it is running in the background? + [34]Q-32: How do I stop x11vnc once it is running in the background? - [34]Q-32: Can I change settings in x11vnc without having to restart + [35]Q-33: Can I change settings in x11vnc without having to restart it? Can I remote control it? [Security and Permissions] - [35]Q-33: How do I create a VNC password for use with x11vnc? + [36]Q-34: How do I create a VNC password for use with x11vnc? - [36]Q-34: Can I make it so -storepasswd doesn't show my password on + [37]Q-35: Can I make it so -storepasswd doesn't show my password on the screen? - [37]Q-35: Can I have two passwords for VNC viewers, one for full + [38]Q-36: Can I have two passwords for VNC viewers, one for full access and the other for view-only access to the display? - [38]Q-36: Can I have as many full-access and view-only passwords as I + [39]Q-37: Can I have as many full-access and view-only passwords as I like? - [39]Q-37: Does x11vnc support Unix usernames and passwords? Can I + [40]Q-38: Does x11vnc support Unix usernames and passwords? Can I further limit the set of Unix usernames who can connect to the VNC desktop? - [40]Q-38: Can I supply an external program to provide my own custom + [41]Q-39: Can I supply an external program to provide my own custom login method (e.g. Dynamic/One-time passwords or non-Unix (LDAP) usernames and passwords)? - [41]Q-39: Why does x11vnc exit as soon as the VNC viewer disconnects? + [42]Q-40: Why does x11vnc exit as soon as the VNC viewer disconnects? And why doesn't it allow more than one VNC viewer to connect at the same time? - [42]Q-40: Can I limit which machines incoming VNC clients can connect + [43]Q-41: Can I limit which machines incoming VNC clients can connect from? - [43]Q-41: How do I build x11vnc/libvncserver with libwrap + [44]Q-42: How do I build x11vnc/libvncserver with libwrap (tcp_wrappers) support? - [44]Q-42: Can I have x11vnc only listen on one network interface (e.g. + [45]Q-43: Can I have x11vnc only listen on one network interface (e.g. internal LAN) rather than having it listen on all network interfaces and relying on -allow to filter unwanted connections out? - [45]Q-43: Now that -localhost implies listening only on the loopback + [46]Q-44: Now that -localhost implies listening only on the loopback interface, how I can occasionally allow in a non-localhost via the -R allowonce remote control command? - [46]Q-44: Can I fine tune what types of user input are allowed? E.g. + [47]Q-45: Can I fine tune what types of user input are allowed? E.g. have some users just be able to move the mouse, but not click or type anything? - [47]Q-45: Can I prompt the user at the local X display whether the + [48]Q-46: Can I prompt the user at the local X display whether the incoming VNC client should be accepted or not? Can I decide to make some clients view-only? How about running an arbitrary program to make the decisions? - [48]Q-46: I start x11vnc as root because it is launched via inetd(8) + [49]Q-47: I start x11vnc as root because it is launched via inetd(8) or a display manager like gdm(1). Can I have x11vnc later switch to a different user? - [49]Q-47: I use a screen-lock when I leave my workstation (e.g. + [50]Q-48: I use a screen-lock when I leave my workstation (e.g. xscreensaver or xlock.) When I remotely access my workstation desktop via x11vnc I can unlock the desktop fine, but I am worried people will see my activities on the physical monitor. What can I do to prevent this, or at least make it more difficult? - [50]Q-48: Can I have x11vnc automatically lock the screen when I + [51]Q-49: Can I have x11vnc automatically lock the screen when I disconnect the VNC viewer? [Encrypted Connections] - [51]Q-49: How can I tunnel my connection to x11vnc via an encrypted + [52]Q-50: How can I tunnel my connection to x11vnc via an encrypted SSH channel between two Unix machines? - [52]Q-50: How can I tunnel my connection to x11vnc via an encrypted + [53]Q-51: How can I tunnel my connection to x11vnc via an encrypted SSH channel from Windows using an SSH client like Putty? - [53]Q-51: How can I tunnel my connection to x11vnc via an encrypted + [54]Q-52: How can I tunnel my connection to x11vnc via an encrypted SSL channel using an external tool like stunnel? - [54]Q-52: Does x11vnc have built-in SSL tunneling? + [55]Q-53: Does x11vnc have built-in SSL tunneling? - [55]Q-53: How do I use VNC Viewers with built-in SSL tunneling? + [56]Q-54: How do I use VNC Viewers with built-in SSL tunneling? - [56]Q-54: How do I use the Java applet VNC Viewer with built-in SSL + [57]Q-55: How do I use the Java applet VNC Viewer with built-in SSL tunneling when going through a Web Proxy? - [57]Q-55: Can Apache web server act as a gateway for users to connect + [58]Q-56: Can Apache web server act as a gateway for users to connect via SSL from the Internet with a Web browser to x11vnc running on their workstations behind a firewall? - [58]Q-56: Can I create and use my own SSL Certificate Authority (CA) + [59]Q-57: Can I create and use my own SSL Certificate Authority (CA) with x11vnc? [Display Managers and Services] - [59]Q-57: How can I run x11vnc as a "service" that is always + [60]Q-58: How can I run x11vnc as a "service" that is always available? - [60]Q-58: How can I use x11vnc to connect to an X login screen like + [61]Q-59: How can I use x11vnc to connect to an X login screen like xdm, GNOME gdm, KDE kdm, or CDE dtlogin? (i.e. nobody is logged into an X session yet.) - [61]Q-59: Can I run x11vnc out of inetd(8)? How about xinetd(8)? + [62]Q-60: Can I run x11vnc out of inetd(8)? How about xinetd(8)? - [62]Q-60: Can I have x11vnc advertise its VNC service and port via + [63]Q-61: Can I have x11vnc advertise its VNC service and port via mDNS / Zeroconf (e.g. Avahi) so VNC viewers on the local network can detect it automatically? - [63]Q-61: Can I have x11vnc allow a user to log in with her UNIX + [64]Q-62: Can I have x11vnc allow a user to log in with her UNIX username and password and then have it find her X session display on that machine and then connect to it? How about starting an X session if one cannot be found? - [64]Q-62: Can I have x11vnc restart itself after it terminates? + [65]Q-63: Can I have x11vnc restart itself after it terminates? - [65]Q-63: How do I make x11vnc work with the Java VNC viewer applet in + [66]Q-64: How do I make x11vnc work with the Java VNC viewer applet in a web browser? - [66]Q-64: Are reverse connections (i.e. the VNC server connecting to + [67]Q-65: Are reverse connections (i.e. the VNC server connecting to the VNC viewer) using "vncviewer -listen" and vncconnect(1) supported? - [67]Q-65: Can reverse connections be made to go through a Web or SOCKS + [68]Q-66: Can reverse connections be made to go through a Web or SOCKS proxy or SSH? - [68]Q-66: Can I use x11vnc as a replacement for Xvnc? (i.e. not for a + [69]Q-67: Can I use x11vnc as a replacement for Xvnc? (i.e. not for a real display, but for a virtual one I keep around.) - [69]Q-67: How can I use x11vnc on "headless" machines? Why might I + [70]Q-68: How can I use x11vnc on "headless" machines? Why might I want to? [Resource Usage and Performance] - [70]Q-68: I have lots of memory, but why does x11vnc fail with + [71]Q-69: I have lots of memory, but why does x11vnc fail with shmget: No space left on device or Minor opcode of failed request: 1 (X_ShmAttach)? - [71]Q-69: How can I make x11vnc use less system resources? + [72]Q-70: How can I make x11vnc use less system resources? - [72]Q-70: How can I make x11vnc use MORE system resources? + [73]Q-71: How can I make x11vnc use MORE system resources? - [73]Q-71: I use x11vnc over a slow link with high latency (e.g. dialup + [74]Q-72: I use x11vnc over a slow link with high latency (e.g. dialup modem or broadband), is there anything I can do to speed things up? - [74]Q-72: Does x11vnc support the X DAMAGE Xserver extension to find + [75]Q-73: Does x11vnc support the X DAMAGE Xserver extension to find modified regions of the screen quickly and efficiently? - [75]Q-73: My OpenGL application shows no screen updates unless I + [76]Q-74: My OpenGL application shows no screen updates unless I supply the -noxdamage option to x11vnc. - [76]Q-74: When I drag windows around with the mouse or scroll up and + [77]Q-75: When I drag windows around with the mouse or scroll up and down things really bog down (unless I do the drag in a single, quick motion.) Is there anything to do to improve things? - [77]Q-75: Why not do something like wireframe animations to avoid the + [78]Q-76: Why not do something like wireframe animations to avoid the windows "lurching" when being moved or resized? - [78]Q-76: Can x11vnc try to apply heuristics to detect when a window + [79]Q-77: Can x11vnc try to apply heuristics to detect when a window is scrolling its contents and use the CopyRect encoding for a speedup? - [79]Q-77: Can x11vnc do client-side caching of pixel data? I.e. so + [80]Q-78: Can x11vnc do client-side caching of pixel data? I.e. so when that pixel data is needed again it does not have to be retransmitted over the network. - [80]Q-78: Does x11vnc support TurboVNC? + [81]Q-79: Does x11vnc support TurboVNC? [Mouse Cursor Shapes] - [81]Q-79: Why isn't the mouse cursor shape (the little icon shape + [82]Q-80: Why isn't the mouse cursor shape (the little icon shape where the mouse pointer is) correct as I move from window to window? - [82]Q-80: When using XFIXES cursorshape mode, some of the cursors look + [83]Q-81: When using XFIXES cursorshape mode, some of the cursors look really bad with extra black borders around the cursor and other cruft. How can I improve their appearance? - [83]Q-81: In XFIXES mode, are there any hacks to handle cursor + [84]Q-82: In XFIXES mode, are there any hacks to handle cursor transparency ("alpha channel") exactly? [Mouse Pointer] - [84]Q-82: Why does the mouse arrow just stay in one corner in my + [85]Q-83: Why does the mouse arrow just stay in one corner in my vncviewer, whereas my cursor (that does move) is just a dot? - [85]Q-83: Can I take advantage of the TightVNC extension to the VNC + [86]Q-84: Can I take advantage of the TightVNC extension to the VNC protocol where Cursor Positions Updates are sent back to all connected clients (i.e. passive viewers can see the mouse cursor being moved around by another viewer)? - [86]Q-84: Is it possible to swap the mouse buttons (e.g. left-handed + [87]Q-85: Is it possible to swap the mouse buttons (e.g. left-handed operation), or arbitrarily remap them? How about mapping button clicks to keystrokes, e.g. to partially emulate Mouse wheel scrolling? [Keyboard Issues] - [87]Q-85: How can I get my AltGr and Shift modifiers to work between + [88]Q-86: How can I get my AltGr and Shift modifiers to work between keyboards for different languages? - [88]Q-86: When I try to type a "<" (i.e. less than) instead I get ">" + [89]Q-87: When I try to type a "<" (i.e. less than) instead I get ">" (i.e. greater than)! Strangely, typing ">" works OK!! - [89]Q-87: Extra Character Inserted, E.g.: When I try to type a "<" + [90]Q-88: Extra Character Inserted, E.g.: When I try to type a "<" (i.e. less than) instead I get "<," (i.e. an extra comma.) - [90]Q-88: I'm using an "international" keyboard (e.g. German "de", or + [91]Q-89: I'm using an "international" keyboard (e.g. German "de", or Danish "dk") and the -modtweak mode works well if the VNC viewer is run on a Unix/Linux machine with a similar keyboard. But if I run the VNC viewer on Unix/Linux with a different keyboard (e.g. "us") or Windows with any keyboard, I can't type some keys like: "@", "$", "<", ">", etc. How can I fix this? - [91]Q-89: When typing I sometimes get double, triple, or more of my + [92]Q-90: When typing I sometimes get double, triple, or more of my keystrokes repeated. I'm sure I only typed them once, what can I do? - [92]Q-90: The x11vnc -norepeat mode is in effect, but I still get + [93]Q-91: The x11vnc -norepeat mode is in effect, but I still get repeated keystrokes!! - [93]Q-91: After using x11vnc for a while, I find that I cannot type + [94]Q-92: After using x11vnc for a while, I find that I cannot type some (or any) characters or my mouse clicks and drags no longer have any effect, or they lead to strange effects. What happened? - [94]Q-92: The machine where I run x11vnc has an AltGr key, but the + [95]Q-93: The machine where I run x11vnc has an AltGr key, but the local machine where I run the VNC viewer does not. Is there a way I can map a local unused key to send an AltGr? How about a Compose key as well? - [95]Q-93: I have a Sun machine I run x11vnc on. Its Sun keyboard has + [96]Q-94: I have a Sun machine I run x11vnc on. Its Sun keyboard has just one Alt key labelled "Alt" and two Meta keys labelled with little diamonds. The machine where I run the VNC viewer only has Alt keys. How can I send a Meta keypress? (e.g. emacs needs this) - [96]Q-94: Running x11vnc on HP-UX I cannot type "#" I just get a "3" + [97]Q-95: Running x11vnc on HP-UX I cannot type "#" I just get a "3" instead. - [97]Q-95: Can I map a keystroke to a mouse button click on the remote + [98]Q-96: Can I map a keystroke to a mouse button click on the remote machine? - [98]Q-96: How can I get Caps_Lock to work between my VNC viewer and + [99]Q-97: How can I get Caps_Lock to work between my VNC viewer and x11vnc? [Screen Related Issues and Features] - [99]Q-97: The remote display is larger (in number of pixels) than the + [100]Q-98: The remote display is larger (in number of pixels) than the local display I am running the vncviewer on. I don't like the vncviewer scrollbars, what I can do? - [100]Q-98: Does x11vnc support server-side framebuffer scaling? (E.g. + [101]Q-99: Does x11vnc support server-side framebuffer scaling? (E.g. to make the desktop smaller.) - [101]Q-99: Does x11vnc work with Xinerama? (i.e. multiple monitors + [102]Q-100: Does x11vnc work with Xinerama? (i.e. multiple monitors joined together to form one big, single screen.) - [102]Q-100: Can I use x11vnc on a multi-headed display that is not + [103]Q-101: Can I use x11vnc on a multi-headed display that is not Xinerama (i.e. separate screens :0.0, :0.1, ... for each monitor)? - [103]Q-101: Can x11vnc show only a portion of the display? (E.g. for a + [104]Q-102: Can x11vnc show only a portion of the display? (E.g. for a special purpose application or a very large screen.) - [104]Q-102: Does x11vnc support the XRANDR (X Resize, Rotate and + [105]Q-103: Does x11vnc support the XRANDR (X Resize, Rotate and Reflection) extension? Whenever I rotate or resize the screen x11vnc just seems to crash. - [105]Q-103: Independent of any XRANDR, can I have x11vnc rotate and/or + [106]Q-104: Independent of any XRANDR, can I have x11vnc rotate and/or reflect the screen that the VNC viewers see? (e.g. for a handheld whose screen is rotated 90 degrees.) - [106]Q-104: Why is the view in my VNC viewer completely black? Or why + [107]Q-105: Why is the view in my VNC viewer completely black? Or why is everything flashing around randomly? - [107]Q-105: I use Linux Virtual Consoles (VC's) to implement 'Fast + [108]Q-106: I use Linux Virtual Terminals (VT's) to implement 'Fast User Switching' between users' sessions (e.g. Betty is on Ctrl-Alt-F7, Bobby is on Ctrl-Alt-F8, and Sid is on Ctrl-Alt-F1: they use those keystrokes to switch between their sessions.) How come the view in a VNC viewer connecting to x11vnc is either completely black or otherwise all messed up unless the X session x11vnc is attached to is - in the active VC? + in the active VT? - [108]Q-106: I am using x11vnc where my local machine has "popup/hidden + [109]Q-107: I am using x11vnc where my local machine has "popup/hidden taskbars" and the remote display where x11vnc runs also has "popup/hidden taskbars" and they interfere and fight with each other. What can I do? - [109]Q-107: Help! x11vnc and my KDE screensaver keep switching each + [110]Q-108: Help! x11vnc and my KDE screensaver keep switching each other on and off every few seconds. - [110]Q-108: I am running the beryl 3D window manager (or compiz, + [111]Q-109: I am running the beryl 3D window manager (or compiz, MythTv, Google Earth, or some other OpenGL app) and I do not get screen updates in x11vnc. - [111]Q-109: Can I use x11vnc to view my VMWare session remotely? + [112]Q-110: Can I use x11vnc to view my VMWare session remotely? [Exporting non-X11 devices via VNC] - [112]Q-110: Can non-X devices (e.g. a raw framebuffer) be viewed (and + [113]Q-111: Can non-X devices (e.g. a raw framebuffer) be viewed (and even controlled) via VNC with x11vnc? - [113]Q-111: Can I export the Linux Console (Virtual Terminals) via VNC + [114]Q-112: Can I export the Linux Console (Virtual Terminals) via VNC using x11vnc? - [114]Q-112: Can I export via VNC a Webcam or TV tuner framebuffer + [115]Q-113: Can I export via VNC a Webcam or TV tuner framebuffer using x11vnc? - [115]Q-113: Can I connect via VNC to a Qt-embedded/Qtopia application + [116]Q-114: Can I connect via VNC to a Qt-embedded/Qtopia application running on my handheld or PC using the Linux console framebuffer (i.e. not X11)? - [116]Q-114: Now that non-X11 devices can be exported via VNC using + [117]Q-115: Now that non-X11 devices can be exported via VNC using x11vnc, can I build it with no dependencies on X11 header files and libraries? - [117]Q-115: Does x11vnc support Mac OS X Aqua/Quartz displays natively + [118]Q-116: Does x11vnc support Mac OS X Aqua/Quartz displays natively (i.e. no X11 involved)? - [118]Q-116: Can x11vnc be used as a VNC reflector/repeater to improve + [119]Q-117: Can x11vnc be used as a VNC reflector/repeater to improve performance for the case of a large number of simultaneous VNC viewers (e.g. classroom broadcasting or a large demo)? - [119]Q-117: Can x11vnc be used during a Linux, Solaris, etc. system + [120]Q-118: Can x11vnc be used during a Linux, Solaris, etc. system Installation so the Installation can be done remotely? [Misc: Clipboard, File Transfer/Sharing, Printing, Sound, Beeps, Thanks, etc.] - [120]Q-118: Does the Clipboard/Selection get transferred between the + [121]Q-119: Does the Clipboard/Selection get transferred between the vncviewer and the X display? - [121]Q-119: Can I use x11vnc to record a Shock Wave Flash (or other + [122]Q-120: Can I use x11vnc to record a Shock Wave Flash (or other format) video of my desktop, e.g. to record a tutorial or demo? - [122]Q-120: Can I transfer files back and forth with x11vnc? + [123]Q-121: Can I transfer files back and forth with x11vnc? - [123]Q-121: Which UltraVNC extensions are supported? + [124]Q-122: Which UltraVNC extensions are supported? - [124]Q-122: Can x11vnc emulate UltraVNC's Single Click helpdesk mode + [125]Q-123: Can x11vnc emulate UltraVNC's Single Click helpdesk mode for Unix? I.e. something very simple for a naive user to initiate a reverse vnc connection from their Unix desktop to a helpdesk operator's VNC Viewer. - [125]Q-123: Can I (temporarily) mount my local (viewer-side) + [126]Q-124: Can I (temporarily) mount my local (viewer-side) Windows/Samba File share on the machine where x11vnc is running? - [126]Q-124: Can I redirect CUPS print jobs from the remote desktop + [127]Q-125: Can I redirect CUPS print jobs from the remote desktop where x11vnc is running to a printer on my local (viewer-side) machine? - [127]Q-125: How can I hear the sound (audio) from the remote + [128]Q-126: How can I hear the sound (audio) from the remote applications on the desktop I am viewing via x11vnc? - [128]Q-126: Why don't I hear the "Beeps" in my X session (e.g. when + [129]Q-127: Why don't I hear the "Beeps" in my X session (e.g. when typing tput bel in an xterm)? - [129]Q-127: Does x11vnc work with IPv6? + [130]Q-128: Does x11vnc work with IPv6? - [130]Q-128: Thanks for your program and for your help! Can I make a + [131]Q-129: Thanks for your program or for your help! Can I make a donation? _________________________________________________________________ @@ -2218,7 +2328,7 @@ For the former error, you need to specify the X display to connect to (it also needs to be on the same machine the x11vnc process is to run - on.) Set your DISPLAY environment variable (or use the [131]-display + on.) Set your DISPLAY environment variable (or use the [132]-display option) to specify it. Nearly always the correct value will be ":0" (in fact, x11vnc will now assume :0 if given no other information.) @@ -2235,9 +2345,9 @@ working when you try to start x11vnc via, say, a remote shell. How to Solve: See the xauth(1), Xsecurity(7), and xhost(1) man pages - or [132]this Howto for much info on X11 permissions. For example, you + or [133]this Howto for much info on X11 permissions. For example, you may need to set your XAUTHORITY environment variable (or use the - [133]-auth option) to point to the correct MIT-MAGIC-COOKIE file (e.g. + [134]-auth option) to point to the correct MIT-MAGIC-COOKIE file (e.g. /home/joe/.Xauthority or /var/gdm/:0.Xauth or /var/lib/kdm/A:0-crWk72K or /tmp/.gdmzndVlR, etc, etc.), or simply be sure you run x11vnc as the correct user (i.e. the user who is logged into the X session you @@ -2259,10 +2369,10 @@ x11vnc -display :0 -auth /var/gdm/:0.Xauth (this is for the display manager gdm and requires root permission to - read the gdm cookie file, see [134]this faq for other display manager + read the gdm cookie file, see [135]this faq for other display manager cookie file names.) - Note as of Feb/2007 you can also try the [135]-find option instead of + Note as of Feb/2007 you can also try the [136]-find option instead of "-display ..." and see if that finds your display and Xauthority. Less safe, but to avoid figuring out where the correct XAUTHORITY file @@ -2271,7 +2381,7 @@ (from the same machine.) The person could then type "xhost -localhost" after x11vnc has connected to go back to the default permissions. Also, for some situations the "-users lurk=" option may soon be of use - (please read the documentation on the [136]-users option.) + (please read the documentation on the [137]-users option.) To test out your X11 permissions from a remote shell, set DISPLAY and possibly XAUTHORITY (see your shell's man page, bash(1), tcsh(1), on @@ -2290,7 +2400,7 @@ properly.) Firewalls: Speaking of permissions, it should go without saying that - the host-level [137]firewall will need to be configured to allow + the host-level [138]firewall will need to be configured to allow connections in on a port. E.g. 5900 (default VNC port) or 22 (default SSH port for tunnelling VNC.) Most systems these days have firewalls turned on by default, so you will actively have to do something to @@ -2369,7 +2479,7 @@ the above list may be out of date. So only use the above lists as hints for the package names that are needed. - Have a look at [138]Misc. Build Problems for additional fixes. + Have a look at [139]Misc. Build Problems for additional fixes. Note: there is growing trend in Linux and other distros to slice up core X11 software into more and smaller packages. So be prepared for @@ -2387,7 +2497,7 @@ ii libssl0.9.8 0.9.8a-7ubuntu SSL shared libraries (in fact it should have installed both by default if it knew what it - was doing.) See [139]here too. + was doing.) See [140]here too. Q-3: I just built x11vnc successfully, but when I use it my keystrokes @@ -2461,7 +2571,7 @@ earlier and perhaps non-Solaris): First use the environment settings (CPPFLAGS, LDFLAGS, etc.) in the - above [140]Solaris build script to run the configure command. That + above [141]Solaris build script to run the configure command. That should succeed without failure. Then you have to hand edit the autogenerated rfb/rfbconfig.h file in the source tree, and just before the last #endif at the bottom of that file insert these workaround @@ -2487,7 +2597,7 @@ on other older OS (Solaris, Linux, ...) releases. Here are some notes for similar steps that need to be done to build on - [141]SunOS 4.x + [142]SunOS 4.x Please let us know if you had to use the above workaround (and whether it worked or not.) If there is enough demand we will try to push clean @@ -2497,33 +2607,32 @@ Q-5: Where can I get a precompiled x11vnc binary for my Operating System? - Hopefully the [142]build steps above and [143]FAQ provide enough info + Hopefully the [143]build steps above and [144]FAQ provide enough info for a painless compile for most environments. Please report problems with the x11vnc configure, make, etc. on your system (if your system is known to compile other GNU packages successfully.) There are precompiled x11vnc binaries built by other groups that are available at the following locations: - Slackware: (.tgz) [144]http://www.linuxpackages.net/ + Slackware: (.tgz) [145]http://www.linuxpackages.net/ - SuSE: (.rpm) [145]http:/software.opensuse.org/ Gentoo: (info) - [146]http://gentoo-wiki.com/ and [147]http://gentoo-portage.com/ - FreeBSD: (.tbz) [148]http://www.freebsd.org/ - [149]http://www.freshports.org/net/x11vnc NetBSD: (src) - [150]http://pkgsrc.se/x11/x11vnc OpenBSD: (.tgz) - [151]http://openports.se/ Arch Linux: (.tgz) - [152]http://www.archlinux.org/ Nokia 770 (.deb) - [153]http://mike.saunby.googlepages.com/x11vncfornokia7702 Sharp - Zaurus [154]http://www.focv.com/ Redhat/Fedora: (.rpm) - [155]http://packages.sw.be/x11vnc RPMforge - [156]http://dag.wieers.com/rpm/packages/x11vnc/ (N.B.: unmaintained - after 0.9.3) Debian: (.deb) [157]http://packages.debian.org/x11vnc - (N.B: often unmaintained; better to compile from source) Solaris: - (pkg) [158]http://www.sunfreeware.com/ (N.B: very old; better to - compile from source) + SuSE: (.rpm) [146]http:/software.opensuse.org/ Gentoo: (info) + [147]http://gentoo-wiki.com/ and [148]http://gentoo-portage.com/ + FreeBSD: (.tbz) [149]http://www.freebsd.org/ + [150]http://www.freshports.org/net/x11vnc NetBSD: (src) + [151]http://pkgsrc.se/x11/x11vnc OpenBSD: (.tgz) + [152]http://openports.se/ Arch Linux: (.tgz) + [153]http://www.archlinux.org/ Nokia 770 (.deb) + [154]http://mike.saunby.googlepages.com/x11vncfornokia7702 Sharp + Zaurus [155]http://www.focv.com/ Debian: (.deb) + [156]http://packages.debian.org/x11vnc Redhat/Fedora: (.rpm) + [157]http://packages.sw.be/x11vnc RPMforge + [158]http://dag.wieers.com/rpm/packages/x11vnc/ (N.B.: unmaintained + after 0.9.3) Solaris: (pkg) [159]http://www.sunfreeware.com/ (N.B: + very old; better to compile from source) If the above binaries don't work and building x11vnc on your OS fails - (and all else fails!) you can try one of [159]My Collection of x11vnc + (and all else fails!) you can try one of [160]My Collection of x11vnc Binaries for various OS's and x11vnc releases. As a general note, the x11vnc program is simple enough you don't @@ -2541,7 +2650,7 @@ If you use a standalone binary like this and also want x11vnc to serve up the Java VNC Viewer jar file (either SSL enabled or regular one), then you will need to extract the classes subdirectory from the source - tarball and point x11vnc to it via the [160]-httpdir option. E.g.: + tarball and point x11vnc to it via the [161]-httpdir option. E.g.: x11vnc -httpdir /path/to/x11vnc-0.8.3/classes/ssl ... @@ -2550,11 +2659,11 @@ To obtain VNC viewers for the viewing side (Windows, Mac OS, or Unix) try here: - * [161]http://www.tightvnc.com/download.html - * [162]http://www.realvnc.com/download-free.html - * [163]http://sourceforge.net/projects/cotvnc/ - * [164]http://www.ultravnc.com/ - * [165]Our Enhanced TightVNC Viewer (SSVNC) + * [162]http://www.tightvnc.com/download.html + * [163]http://www.realvnc.com/download-free.html + * [164]http://sourceforge.net/projects/cotvnc/ + * [165]http://www.ultravnc.com/ + * [166]Our Enhanced TightVNC Viewer (SSVNC) [ssvnc.gif] @@ -2564,7 +2673,7 @@ Run: x11vnc -opts to list just the option names or run: x11vnc -help for long descriptions about each option. The output is listed - [166]here as well. Yes, x11vnc does have a lot of options, doesn't + [167]here as well. Yes, x11vnc does have a lot of options, doesn't it... @@ -2596,10 +2705,10 @@ program is needed for operation. The gui is not particularly user-friendly, it just provides a point and click mode to set all the many x11vnc parameters and obtain help on them. It is also very useful - for testing. See the [167]-gui option for more info. Examples: "x11vnc + for testing. See the [168]-gui option for more info. Examples: "x11vnc ... -gui" and "x11vnc ... -gui other:0" in the latter case the gui is displayed on other:0, not the X display x11vnc is polling. There is - also a "[168]-gui tray" system tray mode. + also a "[169]-gui tray" system tray mode. [tkx11vnc.gif] @@ -2613,7 +2722,7 @@ smaller, simpler icon? As of Jul/2005 the gui can run in a more friendly small icon mode - "[169]-gui icon" or in the system tray: "[170]-gui tray". It has + "[170]-gui icon" or in the system tray: "[171]-gui tray". It has balloon status, a simple menu, and a Properities dialog. The full, complicated, gui is only available under "Advanced". Other improvements were added as well. Try "Misc -> simple_gui" for a gui @@ -2649,18 +2758,18 @@ PORT=59xx line to see which port it found, then subtract 5900 from it for the VNC display number to enter into the VNC Viewer(s). - The "[171]-N" option will try to match the VNC display number to the X + The "[172]-N" option will try to match the VNC display number to the X display (e.g. X11 DISPLAY of :5 (port 6005) will have VNC display :5 (port 5905).) - Also see the "[172]-autoport n" option to indicated at which value the + Also see the "[173]-autoport n" option to indicated at which value the auto probing should start at. Q-11: My Firewall/Router doesn't allow VNC Viewers to connect to x11vnc. - See the [173]Firewalls/Routers discussion. + See the [174]Firewalls/Routers discussion. Q-12: Is it possible for a VNC Viewer and a VNC Server to connect to @@ -2674,7 +2783,7 @@ In the following discussion, we will suppose port 5950 is being used on the relay machine as the VNC port for the rendezvous. - A way to rendezvous is to have the VNC Server start a [174]reverse + A way to rendezvous is to have the VNC Server start a [175]reverse connection to the relay machine: x11vnc -connect third-machine.net:5950 ... @@ -2687,17 +2796,19 @@ What software to run on third-machine? A TCP relay of some sort could be used... Try a google search on "tcp relay" or "ip relay". However, note that this isn't a simple redirection because it hooks up two - incoming connections. + incoming connections. You can look at our UltraVNC repeater + implementation [176]ultravnc_repeater.pl for ideas and possibly to + customize. Also, if you are not the admin of third-machine you'd have to convince the owner to allow you to install this software (and he would likely need to open his server's firewall to allow the port through.) - It is recommended that [175]SSL is used for encryption (e.g. - "[176]-ssl SAVE") when going over the internet. + It is recommended that [177]SSL is used for encryption (e.g. + "[178]-ssl SAVE") when going over the internet. We have a prototype for performing a rendezvous via a Web Server - acting as the relay machine. Download the [177]vncxfer CGI script and + acting as the relay machine. Download the [179]vncxfer CGI script and see the instructions at the top. Once that CGI script is set up on the website, both users go to, say, @@ -2727,7 +2838,7 @@ port requirement (e.g. use HTTP/CGI itself for the transfer... it is difficult to emulate a full-duplex TCP connection with them.) - See also the [178]Firewalls/Routers discussion and [179]Reverse + See also the [180]Firewalls/Routers discussion and [181]Reverse Connection Proxy discussion. @@ -2755,7 +2866,7 @@ vncviewer -encodings "copyrect tight zrle hextile" localhost:0 (we assume the old-style -encodings option needs to be used. See - [180]here for details.) + [182]here for details.) If the SSH machine has been configured (see sshd_config(5)) with the option GatewayPorts=yes, then the tunnel set up by the VNC Server will @@ -2765,16 +2876,16 @@ only runs: vncviewer third-machine.net:33 - In this case we recommend [181]SSL be used for encryption. + In this case we recommend [183]SSL be used for encryption. The creation of both tunnels can be automated. As of Oct/2007 the - [182]-ssh x11vnc option is available and so only this command needs to + [184]-ssh x11vnc option is available and so only this command needs to be run on the VNC Server side: x11vnc -ssh user@third-machine.net:33 ... (the SSH passphrase may need to be supplied.) - To automate on the VNC Viewer side, the user can use the [183]Enhanced + To automate on the VNC Viewer side, the user can use the [185]Enhanced TightVNC Viewer (SSVNC) by: * Clicking on 'Use SSH' * Entering user@third-machine.net:33 into 'VNC Host:Display' entry @@ -2791,11 +2902,11 @@ Q-13: Can I make x11vnc more quiet and also go into the background after starting up? - Use the [184]-q and [185]-bg options, respectively. (also: -quiet is + Use the [186]-q and [187]-bg options, respectively. (also: -quiet is an alias for -q) Note that under -bg the stderr messages will be lost unless you use - the "[186]-o logfile" option. + the "[188]-o logfile" option. Q-14: Sometimes when a VNC viewer dies abruptly, x11vnc also dies with @@ -2821,8 +2932,8 @@ Q-16: KDE's krdc VNC viewer cannot connect to x11vnc. - This has been fixed in x11vnc version 0.8.4. More info [187]here, - [188]here, and [189]here. + This has been fixed in x11vnc version 0.8.4. More info [189]here, + [190]here, and [191]here. Q-17: When I start x11vnc on an Alpha Tru64 workstation the X server @@ -2832,15 +2943,28 @@ able to crash it. The problem seems to be with the RECORD X extension and so a - workaround is to use the "[190]-noxrecord" x11vnc command line option. + workaround is to use the "[192]-noxrecord" x11vnc command line option. + + + Q-18: When running x11vnc on an IBM AIX workstation after a few + minutes the VNC connection freezes. + + One user reports when running x11vnc on AIX 5.3 in his CDE session + after a few minutes or seconds x11vnc will "freeze" (no more updates + being sent, etc.) The freezing appeared to be worse for versions later + than 0.9.2. + + The problem seems to be with the RECORD X extension on AIX and so a + workaround is to use the "[193]-noxrecord" x11vnc command line option. + The user found no freezes occurred when using that option. - Q-18: Are there any build-time customizations possible, e.g. change + Q-19: Are there any build-time customizations possible, e.g. change defaults, create a smaller binary, etc? There are some options. They are enabled by adding something like -Dxxxx=1 to the CPPFLAGS environment variable before running configure - (see the [191]build notes for general background.) + (see the [194]build notes for general background.) /* * Mar/2006 * Build-time customization via CPPFLAGS. @@ -2906,31 +3030,31 @@ [Win2VNC Related] - Q-19: I have two separate machine displays in front of me, one Windows + Q-20: I have two separate machine displays in front of me, one Windows the other X11: can I use x11vnc in combination with Win2VNC in dual-screen mode to pass the keystrokes and mouse motions to the X11 display? - Yes, for best response start up x11vnc with the "[192]-nofb" option + Yes, for best response start up x11vnc with the "[195]-nofb" option (disables framebuffer polling, and does other optimizations) on the secondary display (X11) machine. Then start up Win2VNC on the primary display (Windows) referring it to the secondary display. - This will also work X11 to X11 using [193]x2vnc, however you would + This will also work X11 to X11 using [196]x2vnc, however you would probably just want to avoid VNC and use x2x for that. For reference, here are some links to Win2VNC-like programs for multiple monitor setups: - * [194]Original Win2VNC - * [195]Enhanced Win2VNC (broken?) and [196]sourceforge link - * [197]x2vnc - * [198]x2x - * [199]zvnc (MorphOS) + * [197]Original Win2VNC + * [198]Enhanced Win2VNC (broken?) and [199]sourceforge link + * [200]x2vnc + * [201]x2x + * [202]zvnc (MorphOS) All of them will work with x11vnc (except x2x where it is not needed.) - Q-20: I am running Win2VNC on my Windows machine and "x11vnc -nofb" on + Q-21: I am running Win2VNC on my Windows machine and "x11vnc -nofb" on Unix to pass keyboard and mouse to the Unix monitor. Whenever I start Win2VNC it quickly disconnects and x11vnc says: rfbProcessClientNormalMessage: read: Connection reset by peer @@ -2945,7 +3069,7 @@ on your display to be depth 24 TrueColor? Sun machines often have 8+24 overlay/multi-depth visuals, and you can make the default visual depth 24 TrueColor (see fbconfig(1) and Xsun(1).) 2) As of Feb/2004 x11vnc - has the [200]-visual option to allow you to force the framebuffer + has the [203]-visual option to allow you to force the framebuffer visual to whatever you want (this usually messes up the colors unless you are very clever.) In this case, the option provides a convenient workaround for the Win2VNC bug: @@ -2955,22 +3079,22 @@ this. Since Win2VNC does not use the framebuffer data there should be no problems in doing this. - Q-21: Can I run "x11vnc -nofb" on a Mac OS X machine to redirect mouse + Q-22: Can I run "x11vnc -nofb" on a Mac OS X machine to redirect mouse and keyboard input to it from Windows and X11 machines via Win2VNC and x2vnc, respectively? - Yes, as of Nov/2006 [201]you can. There may be a trick or two you'll + Yes, as of Nov/2006 [204]you can. There may be a trick or two you'll need to do to get the Clipboard exchange between the machines to work. [Color Issues] - Q-22: The X display I run x11vnc on is only 8 bits per pixel (bpp) + Q-23: The X display I run x11vnc on is only 8 bits per pixel (bpp) PseudoColor (i.e. only 256 distinct colors.) The x11vnc colors may start out OK, but after a while they are incorrect in certain windows. - Use the [202]-flashcmap option to have x11vnc watch for changes in the + Use the [205]-flashcmap option to have x11vnc watch for changes in the colormap, and propagate those changes back to connected clients. This can be slow (since the whole screen must be updated over the network whenever the colormap changes.) This flashing colormap behavior often @@ -2979,30 +3103,30 @@ example of this. Consider reconfiguring the system to 16 bpp or depth 24 TrueColor if at all possible. - Also note the option [203]-8to24 (Jan/2006) can often remove the need + Also note the option [206]-8to24 (Jan/2006) can often remove the need for flashing the colormap. Everything is dynamically transformed to depth 24 at 32 bpp using the colormaps. There may be painting errors however (see the following FAQ for tips on reducing and correcting them.) - In some rare cases (SCO unixware) the [204]-notruecolor option has + In some rare cases (SCO unixware) the [207]-notruecolor option has corrected colors on 8bpp displays. The red, green, and blue masks were non-zero in 8bpp PseudoColor on an obscure setup, and this option corrected the problems. - Q-23: Color problems: Why are the colors for some windows incorrect in + Q-24: Color problems: Why are the colors for some windows incorrect in x11vnc? BTW, my X display has nice overlay/multi-depth visuals of different color depths: e.g. there are both depth 8 and 24 visuals available at the same time. - You may want to review the [205]previous question regarding 8 bpp + You may want to review the [208]previous question regarding 8 bpp PseudoColor. - On some hardware (Sun/SPARC and SGI), the [206]-overlay option + On some hardware (Sun/SPARC and SGI), the [209]-overlay option discussed a couple paragraphs down may solve this for you (you may want to skip to it directly.) On other hardware the less robust - [207]-8to24 option may help (also discussed below.) + [210]-8to24 option may help (also discussed below.) Run xdpyinfo(1) to see what the default visual is and what the depths of the other visuals are. Does the default visual have a depth of 8 @@ -3038,7 +3162,7 @@ The -overlay mode: Another option is if the system with overlay visuals is a Sun system running Solaris or SGI running IRIX you can - use the [208]-overlay x11vnc option (Aug/2004) to have x11vnc use the + use the [211]-overlay x11vnc option (Aug/2004) to have x11vnc use the Solaris XReadScreen(3X11) function to poll the "true view" of the whole screen at depth 24 TrueColor. XReadDisplay(3X11) is used on IRIX. This is useful for Legacy applications (older versions of @@ -3063,7 +3187,7 @@ Xsun, e.g. in your /etc/dt/config/Xservers file.) - The -8to24 mode: The [209]-8to24 x11vnc option (Jan/2006) is a kludge + The -8to24 mode: The [212]-8to24 x11vnc option (Jan/2006) is a kludge to try to dynamically rewrite the pixel values so that the 8bpp part of the screen is mapped onto depth 24 TrueColor. This is less robust than the -overlay mode because it is done by x11vnc outside of the X @@ -3077,11 +3201,11 @@ 32bpp view is exported via VNC. Even on pure 8bpp displays it can be used as an alternative to - [210]-flashcmap to avoid color flashing completely. + [213]-flashcmap to avoid color flashing completely. This scheme is approximate and can often lead to painting errors. You can manually correct most painting errors by pressing 3 Alt_L's in a - row, or by using something like: [211]-fixscreen V=3.0 to + row, or by using something like: [214]-fixscreen V=3.0 to automatically refresh the screen every 3 seconds. Also -fixscreen 8=3.0 has been added to just refresh the non-default visual parts of the screen. @@ -3094,27 +3218,28 @@ nogetimage can give a nice speedup if the default depth 24 X server supports hiding the 8bpp bits in bits 25-32 of the framebuffer data. On very slow machines -8to24 poll=0.2,cachewin=5.0 gives an useful - speedup. See the [212]-8to24 help description for information on + speedup. See the [215]-8to24 help description for information on tunable parameters, etc. Colors still not working correctly? Run xwininfo on the application with the incorrect colors to verify that the depth of its visual is different from the default visual depth (gotten from xdpyinfo.) One - possible workaround in this case is to use the [213]-id option to + possible workaround in this case is to use the [216]-id option to point x11vnc at the application window itself. If the application is complicated (lots of toplevel windows and popup menus) this may not be - acceptable, and may even crash x11vnc (but not the application.) + acceptable, and may even crash x11vnc (but not the application.) See + also [217]-appshare. It is theoretically possible to solve this problem in general (see xwd(1) for example), but it does not seem trivial or sufficiently fast - for x11vnc to be able to do so in real time. The [214]-8to24 method + for x11vnc to be able to do so in real time. The [218]-8to24 method does this approximately and is somewhat usable. Fortunately the - [215]-overlay option works for Solaris machines with overlay visuals + [219]-overlay option works for Solaris machines with overlay visuals where most of this problem occurs. - Q-24: I am on a high color system (depth >= 24) but I seem to have + Q-25: I am on a high color system (depth >= 24) but I seem to have colormap problems. They either flash or everything is very dark. This can happen if the default Visual (use xdpyinfo to list them) is @@ -3139,22 +3264,22 @@ can make xwud do this for example. - Q-25: How do I figure out the window id to supply to the -id windowid + Q-26: How do I figure out the window id to supply to the -id windowid option? Run the xwininfo program in a terminal. It will ask you to click on the desired application window. After clicking, it will print out much information, including the window id (e.g. 0x6000010.) Also, the visual and depth of the window printed out is often useful in - debugging x11vnc [216]color problems. + debugging x11vnc [220]color problems. - Also, as of Dec/2004 you can use "[217]-id pick" to have x11vnc run + Also, as of Dec/2004 you can use "[221]-id pick" to have x11vnc run xwininfo(1) for you and after you click the window it extracts the windowid. Besides "pick" there is also "id:root" to allow you to go back to root window when doing remote-control. - Q-26: Why don't menus or other transient windows come up when I am + Q-27: Why don't menus or other transient windows come up when I am using the -id windowid option to view a single application window? This is related to the behavior of the XGetImage(3X11) and @@ -3166,10 +3291,16 @@ you should be able to see these transient windows. If things are not working and you still want to do the single window - polling, try the [218]-sid windowid option ("shifted" windowid.) + polling, try the [222]-sid windowid option ("shifted" windowid.) + Update: as of Nov/2009 in the 0.9.9 x11vnc developement tarball, there + is an experimental Application Sharing mode that improves upon the + -id/-sid single window sharing: [223]-appshare (run "x11vnc -appshare + -help" for more info.) It is still very primitive and approximate, but + at least it displays multiple top-level windows. - Q-27: My X display is depth 24 at 24bpp (instead of the normal depth + + Q-28: My X display is depth 24 at 24bpp (instead of the normal depth 24 at 32bpp.) I'm having lots of color and visual problems with x11vnc and/or vncviewer. What's up? @@ -3202,7 +3333,7 @@ handle 24bpp from the server, so you may want to use those. They evidently request 32 bpp and libvncserver obliges. - Update: as of Apr/2006 you can use the [219]-24to32 option to have + Update: as of Apr/2006 you can use the [224]-24to32 option to have x11vnc dynamically transform the 24bpp pixel data to 32bpp. This extra transformation could slow things down further however. @@ -3212,14 +3343,14 @@ couldn't find suitable pixmap format" so evidently you cannot use 24bpp for the vncviewers to work on that X display. - Note, however, that the Unix viewer in the [220]Enhanced TightVNC + Note, however, that the Unix viewer in the [225]Enhanced TightVNC Viewer (SSVNC) project can handle 24bpp X displays. It does this by requesting a 16bpp pixel format (or 8bpp if the -bgr233 option has been supplied) from the VNC server, and translates that to 24bpp locally. [Xterminals] - Q-28: Can I use x11vnc to view and interact with an Xterminal (e.g. + Q-29: Can I use x11vnc to view and interact with an Xterminal (e.g. NCD) that is not running UNIX and so x11vnc cannot be run on it directly? @@ -3227,9 +3358,9 @@ since you will be polling the X display over the network as opposed to over the local hardware. To do this, run x11vnc on a UNIX machine as close as possible network-wise (e.g. same switch) to the Xterminal - machine. Use the [221]-display option to point the display to that of + machine. Use the [226]-display option to point the display to that of the Xterminal (you'll of course need basic X11 permission to do that) - and finally supply the [222]-noshm option (this enables the polling + and finally supply the [227]-noshm option (this enables the polling over the network.) If the Xterminal's X display is open to the network for connections, @@ -3242,10 +3373,10 @@ The response will likely be sluggish (maybe only one "frame" per second.) This mode is not recommended except for "quick checks" of hard to get to X servers. Use something like "-wait 150" to cut down - on the polling rate. You may also need [223]-flipbyteorder if the + on the polling rate. You may also need [228]-flipbyteorder if the colors get messed up due to endian byte order differences. - Q-29: How do I get my X permissions (MIT-MAGIC-COOKIE file) correct + Q-30: How do I get my X permissions (MIT-MAGIC-COOKIE file) correct for a Unix/Linux machine acting as an Xterminal? If the X display machine is a traditional Xterminal (where the X @@ -3266,7 +3397,7 @@ copied to the Xterminal. If $HOME/.Xauthority is exported via NFS (this is insecure of course, but has been going on for decades), then x11vnc can simply pick it up via NFS (you may need to use the - [224]-auth option to point to the correct file.) Other options include + [229]-auth option to point to the correct file.) Other options include copying the auth file using scp, or something like: central-server> xauth nextract - xterm123:0 | ssh xterm123 xauth nmerge - @@ -3278,7 +3409,7 @@ details. If the display name in the cookie file needs to be changed between the - two hosts, see [225]this note on the "xauth add ..." command. + two hosts, see [230]this note on the "xauth add ..." command. A less secure option is to run something like "xhost +127.0.0.1" while sitting at the Xterminal box to allow cookie-free local access for @@ -3292,7 +3423,7 @@ occasional app more efficiently locally on the Xterminal box (e.g. realplayer.) - Not recommended, but as a last resort, you could have x11vnc [226]poll + Not recommended, but as a last resort, you could have x11vnc [231]poll the Xterminal Display over the network. For this you would run a "x11vnc -noshm ..." process on the central-server (and hope the network admin doesn't get angry...) @@ -3319,36 +3450,36 @@ [Sun Rays] - Q-30: I'm having trouble using x11vnc with my Sun Ray session. + Q-31: I'm having trouble using x11vnc with my Sun Ray session. - The [227]Sun Ray technology is a bit like "VNC done in hardware" (the + The [232]Sun Ray technology is a bit like "VNC done in hardware" (the Sun Ray terminal device, DTU, playing the role of the vncviewer.) Completely independent of that, the SunRay user's session is still an X server that speaks the X11 protocol and so x11vnc simply talks to the X server part to export the SunRay desktop to any place in the world (i.e. not only to a Sun Ray terminal device), creating a sort of - "Soft Ray". Please see [228]this discussion of Sun Ray issues for + "Soft Ray". Please see [233]this discussion of Sun Ray issues for solutions to problems. - Also see the [229]Sun Ray Remote Control Toolkit that uses x11vnc. + Also see the [234]Sun Ray Remote Control Toolkit that uses x11vnc. [Remote Control] - Q-31: How do I stop x11vnc once it is running in the background? + Q-32: How do I stop x11vnc once it is running in the background? As of Dec/2004 there is a remote control feature. It can change a huge - number of parameters on the fly: see the [230]-remote and [231]-query + number of parameters on the fly: see the [235]-remote and [236]-query options. To shut down the running x11vnc server just type "x11vnc -R stop". To disconnect all clients do "x11vnc -R disconnect:all", etc. - If the [232]-forever option has not been supplied, x11vnc will + If the [237]-forever option has not been supplied, x11vnc will automatically exit after the first client disconnects. In general if you cannot use the remote control, then you will have to kill the x11vnc process This can be done via: "kill NNNNN" (where NNNNN is the x11vnc process id number found from ps(1)), or "pkill x11vnc", or "killall x11vnc" (Linux only.) - If you have not put x11vnc in the background via the [233]-bg option + If you have not put x11vnc in the background via the [238]-bg option or shell & operator, then simply press Ctrl-C in the shell where x11vnc is running to stop it. @@ -3358,16 +3489,16 @@ down state in the Xserver. Tapping the stuck key (either via a new x11vnc or at the physical console) will release it from the stuck state. If the keyboard seems to be acting strangely it is often fixed - by tapping Ctrl, Shift, and Alt. Alternatively, the [234]-clear_mods - option and [235]-clear_keys option can be used to release pressed keys - at startup and exit. The option [236]-clear_all will also try to unset + by tapping Ctrl, Shift, and Alt. Alternatively, the [239]-clear_mods + option and [240]-clear_keys option can be used to release pressed keys + at startup and exit. The option [241]-clear_all will also try to unset Caps_Lock, Num_Lock, etc. - Q-32: Can I change settings in x11vnc without having to restart it? + Q-33: Can I change settings in x11vnc without having to restart it? Can I remote control it? - Look at the [237]-remote (an alias is -R) and [238]-query (an alias is + Look at the [242]-remote (an alias is -R) and [243]-query (an alias is -Q) options added in Dec/2004. They allow nearly everything to be changed dynamically and settings to be queried. Examples: "x11vnc -R shared", "x11vnc -R forever", "x11vnc -R scale:3/4", "x11vnc -Q @@ -3378,8 +3509,8 @@ property) is used as the communication channel, so the X permissions and DISPLAY must be set up correctly for communication to be possible. - There is also a simple Tcl/Tk [239]gui based on this remote control - mechanism. See the [240]-gui option for more info. You will need to + There is also a simple Tcl/Tk [244]gui based on this remote control + mechanism. See the [245]-gui option for more info. You will need to have Tcl/Tk (i.e. /usr/bin/wish) installed for it to work. It can also run in the system tray: "-gui tray" or as a standalone small icon window: "-gui icon". Use "-gui tray=setpass" for a naive user "Share @@ -3387,7 +3518,7 @@ [Security and Permissions] - Q-33: How do I create a VNC password for use with x11vnc? + Q-34: How do I create a VNC password for use with x11vnc? You may already have one in $HOME/.vnc/passwd if you have used, say, the vncserver program from the regular RealVNC or TightVNC packages @@ -3395,12 +3526,12 @@ vncpasswd(1) program from those packages. As of Jun/2004 x11vnc supports the -storepasswd "pass" "file" - [241]option, which is the same functionality of storepasswd. Be sure + [246]option, which is the same functionality of storepasswd. Be sure to quote the "pass" if it contains shell meta characters, spaces, etc. Example: x11vnc -storepasswd 'sword*fish' $HOME/myvncpasswd - You then use the password via the x11vnc option: "[242]-rfbauth + You then use the password via the x11vnc option: "[247]-rfbauth $HOME/myvncpasswd" As of Jan/2006 if you do not supply any arguments: @@ -3412,11 +3543,11 @@ ~/.mypass", the password you are prompted for will be stored in that file. - x11vnc also has the [243]-passwdfile and -passwd/-viewpasswd plain + x11vnc also has the [248]-passwdfile and -passwd/-viewpasswd plain text (i.e. not obscured like the -rfbauth VNC passwords) password options. - You can use the [244]-usepw option to automatically use any password + You can use the [249]-usepw option to automatically use any password file you have in ~/.vnc/passwd or ~/.vnc/passwdfile (the latter is used with the -passwdfile option.) @@ -3428,7 +3559,7 @@ who do not know better. - Q-34: Can I make it so -storepasswd doesn't show my password on the + Q-35: Can I make it so -storepasswd doesn't show my password on the screen? You can use the vncpasswd program from RealVNC or TightVNC mentioned @@ -3445,17 +3576,17 @@ ~/.mypass" - Q-35: Can I have two passwords for VNC viewers, one for full access + Q-36: Can I have two passwords for VNC viewers, one for full access and the other for view-only access to the display? - Yes, as of May/2004 there is the [245]-viewpasswd option to supply the - view-only password. Note the full-access password option [246]-passwd + Yes, as of May/2004 there is the [250]-viewpasswd option to supply the + view-only password. Note the full-access password option [251]-passwd must be supplied at the same time. E.g.: -passwd sword -viewpasswd fish. To avoid specifying the passwords on the command line (where they could be observed via the ps(1) command by any user) you can use the - [247]-passwdfile option to specify a file containing plain text + [252]-passwdfile option to specify a file containing plain text passwords. Presumably this file is readable only by you, and ideally it is located on the machine x11vnc is run on (to avoid being snooped on over the network.) The first line of this file is the full-access @@ -3463,7 +3594,7 @@ it is taken as the view-only password. (use "__EMPTY__" to supply an empty one.) - View-only passwords currently do not work for the [248]-rfbauth + View-only passwords currently do not work for the [253]-rfbauth password option (standard VNC password storing mechanism.) FWIW, note that although the output (usually placed in $HOME/.vnc/passwd) by the vncpasswd or storepasswd programs (or from x11vnc -storepasswd) looks @@ -3473,10 +3604,10 @@ straight-forward to work out what to do from the VNC source code. - Q-36: Can I have as many full-access and view-only passwords as I + Q-37: Can I have as many full-access and view-only passwords as I like? - Yes, as of Jan/2006 in the libvncserver CVS the [249]-passwdfile + Yes, as of Jan/2006 in the libvncserver CVS the [254]-passwdfile option has been extended to handle as many passwords as you like. You put the view-only passwords after a line __BEGIN_VIEWONLY__. @@ -3484,9 +3615,9 @@ You can have x11vnc re-read the file dynamically when it is modified. - Q-37: Does x11vnc support Unix usernames and passwords? Can I further + Q-38: Does x11vnc support Unix usernames and passwords? Can I further limit the set of Unix usernames who can connect to the VNC desktop? - Update: as of Feb/2006 x11vnc has the [250]-unixpw option that does + Update: as of Feb/2006 x11vnc has the [255]-unixpw option that does this outside of the VNC protocol and libvncserver. The standard su(1) program is used to validate the user's password. A familiar "login:" and "Password:" dialog is presented to the user on a black screen @@ -3496,7 +3627,7 @@ A list of allowed Unix usernames may also be supplied along with per-user settings. - There is also the [251]-unixpw_nis option for non-shadow-password + There is also the [256]-unixpw_nis option for non-shadow-password (typically NIS environments, hence the name) systems where the traditional getpwnam() and crypt() functions are used instead of su(1). The encrypted user passwords must be accessible to the user @@ -3505,11 +3636,11 @@ shadow(5). Two settings are enforced in the -unixpw and -unixpw_nis modes to - provide extra security: the 1) [252]-localhost and 2) [253]-stunnel or - [254]-ssl options. Without these one might send the Unix username and + provide extra security: the 1) [257]-localhost and 2) [258]-stunnel or + [259]-ssl options. Without these one might send the Unix username and password data in clear text over the network which is a very bad idea. They can be relaxed if you want to provide encryption other than - stunnel or [255]-ssl (the constraint is automatically relaxed if + stunnel or [260]-ssl (the constraint is automatically relaxed if SSH_CONNECTION is set and indicates you have ssh-ed in, however the -localhost requirement is still enforced.) @@ -3528,13 +3659,13 @@ approximate at best. One approximate method involves starting x11vnc with the - [256]-localhost option. This basically requires the viewer user to log + [261]-localhost option. This basically requires the viewer user to log into the workstation where x11vnc is running via their Unix username and password, and then somehow set up a port redirection of his vncviewer connection to make it appear to emanate from the local machine. As discussed above, ssh is useful for this: "ssh -L 5900:localhost:5900 user@hostname ..." See the ssh wrapper scripts - mentioned [257]elsewhere on this page. [258]stunnel does this as well. + mentioned [262]elsewhere on this page. [263]stunnel does this as well. Of course a malicious user could allow other users to get in through his channel, but that is a problem with every method. Another thing to @@ -3545,7 +3676,7 @@ traditional way would be to further require a VNC password to supplied (-rfbauth, -passwd, etc) and only tell the people allowed in what the VNC password is. A scheme that avoids a second password involves using - the [259]-accept option that runs a program to examine the connection + the [264]-accept option that runs a program to examine the connection information to determine which user is connecting from the local machine. That may be difficult to do, but, for example, the program could use the ident service on the local machine (normally ident @@ -3577,11 +3708,11 @@ always be "root". - Q-38: Can I supply an external program to provide my own custom login + Q-39: Can I supply an external program to provide my own custom login method (e.g. Dynamic/One-time passwords or non-Unix (LDAP) usernames and passwords)? Yes, there are several possibilities. For background see the FAQ on - the [260]-accept where an external program may be run to decide if a + the [265]-accept where an external program may be run to decide if a VNC client should be allowed to try to connect and log in. If the program (or local user prompted by a popup) answers "yes", then -accept proceeds to the normal VNC and x11vnc authentication methods, @@ -3589,26 +3720,26 @@ To provide more direct coupling to the VNC client's username and/or supplied password the following options were added in Sep/2006: - * [261]-unixpw_cmd command - * [262]-passwdfile cmd:command - * [263]-passwdfile custom:command + * [266]-unixpw_cmd command + * [267]-passwdfile cmd:command + * [268]-passwdfile custom:command In each case "command" is an external command run by x11vnc. You supply it. For example, it may couple to your LDAP system or other servers you set up. - For [264]-unixpw_cmd the normal [265]-unixpw Login: and Password: + For [269]-unixpw_cmd the normal [270]-unixpw Login: and Password: prompts are supplied to the VNC viewer and the strings the client returns are then piped into "command" as the first two lines of its standard input. If the command returns success, i.e. exit(0), the VNC client is accepted, otherwise it is rejected. - For "[266]-passwdfile cmd:command" the command is run and it returns a - password list (like a password file, see the [267]-passwdfile + For "[271]-passwdfile cmd:command" the command is run and it returns a + password list (like a password file, see the [272]-passwdfile read:filename mode.) Perhaps a dynamic, one-time password is retrieved from a server this way. - For "[268]-passwdfile custom:command" one gets complete control over + For "[273]-passwdfile custom:command" one gets complete control over the VNC challenge-response dialog with the VNC client. x11vnc sends out a string of random bytes (16 by the VNC spec) and the client returns the same number of bytes in a way the server can verify only @@ -3622,33 +3753,33 @@ accepted, otherwise it is rejected. In all cases the "RFB_*" environment variables are set as under - [269]-accept. These variables can provide useful information for the + [274]-accept. These variables can provide useful information for the externally supplied program to use. - Q-39: Why does x11vnc exit as soon as the VNC viewer disconnects? And + Q-40: Why does x11vnc exit as soon as the VNC viewer disconnects? And why doesn't it allow more than one VNC viewer to connect at the same time? These defaults are simple safety measures to avoid someone unknowingly leaving his X11 desktop exposed (to the internet, say) for long - periods of time. Use the [270]-forever option (aka -many) to have + periods of time. Use the [275]-forever option (aka -many) to have x11vnc wait for more connections after the first client disconnects. - Use the [271]-shared option to have x11vnc allow multiple clients to + Use the [276]-shared option to have x11vnc allow multiple clients to connect simultaneously. - Recommended additional safety measures include using ssh ([272]see - above), stunnel, [273]-ssl, or a VPN to authenticate and encrypt the + Recommended additional safety measures include using ssh ([277]see + above), stunnel, [278]-ssl, or a VPN to authenticate and encrypt the viewer connections or to at least use the -rfbauth passwd-file - [274]option to use VNC password protection (or [275]-passwdfile) It is + [279]option to use VNC password protection (or [280]-passwdfile) It is up to YOU to apply these security measures, they will not be done for you automatically. - Q-40: Can I limit which machines incoming VNC clients can connect + Q-41: Can I limit which machines incoming VNC clients can connect from? - Yes, look at the [276]-allow and [277]-localhost options to limit + Yes, look at the [281]-allow and [282]-localhost options to limit connections by hostname or IP address. E.g. x11vnc -allow 192.168.0.1,192.168.0.2 @@ -3660,11 +3791,11 @@ Note that -localhost achieves the same thing as "-allow 127.0.0.1" For more control, build libvncserver with libwrap support - [278](tcp_wrappers) and then use /etc/hosts.allow See hosts_access(5) + [283](tcp_wrappers) and then use /etc/hosts.allow See hosts_access(5) for complete details. - Q-41: How do I build x11vnc/libvncserver with libwrap (tcp_wrappers) + Q-42: How do I build x11vnc/libvncserver with libwrap (tcp_wrappers) support? Here is one way to pass this information to the configure script: @@ -3680,43 +3811,43 @@ is "vnc", e.g.: vnc: 192.168.100.3 .example.com - Note that if you run x11vnc out of [279]inetd you do not need to build + Note that if you run x11vnc out of [284]inetd you do not need to build x11vnc with libwrap support because the /usr/sbin/tcpd reference in /etc/inetd.conf handles the tcp_wrappers stuff. - Q-42: Can I have x11vnc only listen on one network interface (e.g. + Q-43: Can I have x11vnc only listen on one network interface (e.g. internal LAN) rather than having it listen on all network interfaces and relying on -allow to filter unwanted connections out? - As of Mar/2005 there is the "[280]-listen ipaddr" option that enables + As of Mar/2005 there is the "[285]-listen ipaddr" option that enables this. For ipaddr either supply the desired network interface's IP address (or use a hostname that resolves to it) or use the string "localhost". For additional filtering simultaneously use the - "[281]-allow host1,..." option to allow only specific hosts in. + "[286]-allow host1,..." option to allow only specific hosts in. This option is useful if you want to insure that no one can even begin a dialog with x11vnc from untrusted network interfaces (e.g. ppp0.) - The option [282]-localhost now implies "-listen localhost" since that + The option [287]-localhost now implies "-listen localhost" since that is what most people expect it to do. - Q-43: Now that -localhost implies listening only on the loopback + Q-44: Now that -localhost implies listening only on the loopback interface, how I can occasionally allow in a non-localhost via the -R allowonce remote control command? - To do this specify "[283]-allow localhost". Unlike [284]-localhost + To do this specify "[288]-allow localhost". Unlike [289]-localhost this will leave x11vnc listening on all interfaces (but of course only allowing in local connections, e.g. ssh redirs.) Then you can later run "x11vnc -R allowonce:somehost" or use to gui to permit a one-shot connection from a remote host. - Q-44: Can I fine tune what types of user input are allowed? E.g. have + Q-45: Can I fine tune what types of user input are allowed? E.g. have some users just be able to move the mouse, but not click or type anything? - As of Feb/2005, the [285]-input option allows you to do this. "K", + As of Feb/2005, the [290]-input option allows you to do this. "K", "M", "B", "C", and "F" stand for Keystroke, Mouse-motion, Button-clicks, Clipboard, and File-Transfer, respectively. The setting: "-input M" makes attached viewers only able to move the @@ -3727,12 +3858,12 @@ remote control mechanism or the GUI. E.g. x11vnc -R input:hostname:M - Q-45: Can I prompt the user at the local X display whether the + Q-46: Can I prompt the user at the local X display whether the incoming VNC client should be accepted or not? Can I decide to make some clients view-only? How about running an arbitrary program to make the decisions? - Yes, look at the "[286]-accept command" option, it allows you to + Yes, look at the "[291]-accept command" option, it allows you to specify an external command that is run for each new client. (use quotes around the command if it contains spaces, etc.) If the external command returns 0 (success) the client is accepted, otherwise with any @@ -3753,7 +3884,7 @@ client press "y" or click mouse on the "Yes" button. To reject the client press "n" or click mouse on the "No" button. To accept the client View-only, press "v" or click mouse on the "View" button. If - the [287]-viewonly option has been supplied, the "View" action will + the [292]-viewonly option has been supplied, the "View" action will not be present: the whole display is view only in that case. The popup window times out after 120 seconds, to change this behavior @@ -3768,7 +3899,7 @@ program to prompt the user whether the client should be accepted or not. This requires that you have xmessage installed and available via PATH. In case it is not already on your system, the xmessage program - is available at [288]ftp://ftp.x.org/ + is available at [293]ftp://ftp.x.org/ (End of Built-in Popup Window:) To include view-only decisions for the external commands, prefix the @@ -3808,7 +3939,7 @@ fi exit 1 - Stefan Radman has written a nice dtksh script [289]dtVncPopup for use + Stefan Radman has written a nice dtksh script [294]dtVncPopup for use in CDE environments to do the same sort of thing. Information on how to use it is found at the top of the file. He encourages you to provide feedback to him to help improve the script. @@ -3817,23 +3948,23 @@ popup is being run, so attached clients will not receive screen updates, etc during this period. - To run a command when a client disconnects, use the "[290]-gone + To run a command when a client disconnects, use the "[295]-gone command" option. This is for the user's convenience only: the return code of the command is not interpreted by x11vnc. The same environment variables are set as in "-accept command" (except that RFB_MODE will be "gone".) - As of Jan/2006 the "[291]-afteraccept command" option will run the + As of Jan/2006 the "[296]-afteraccept command" option will run the command only after the VNC client has been accepted and authenticated. Like -gone the return code is not interpreted. RFB_MODE will be "afteraccept".) - Q-46: I start x11vnc as root because it is launched via inetd(8) or a + Q-47: I start x11vnc as root because it is launched via inetd(8) or a display manager like gdm(1). Can I have x11vnc later switch to a different user? - As of Feb/2005 x11vnc has the [292]-users option that allows things + As of Feb/2005 x11vnc has the [297]-users option that allows things like this. Please read the documentation on it (also in the x11vnc -help output) carefully for features and caveats. It's use can often decrease security unless care is taken. @@ -3845,7 +3976,7 @@ warranty ;-). - Q-47: I use a screen-lock when I leave my workstation (e.g. + Q-48: I use a screen-lock when I leave my workstation (e.g. xscreensaver or xlock.) When I remotely access my workstation desktop via x11vnc I can unlock the desktop fine, but I am worried people will see my activities on the physical monitor. What can I do to prevent @@ -3858,7 +3989,7 @@ In any event, as of Jun/2004 there is an experimental utility to make it more difficult for nosey people to see your x11vnc activities. The - source for it is [293]blockdpy.c The idea behind it is simple (but + source for it is [298]blockdpy.c The idea behind it is simple (but obviously not bulletproof): when a VNC client attaches to x11vnc put the display monitor in the DPMS "off" state, if the DPMS state ever changes immediately start up the screen-lock program. The x11vnc user @@ -3874,8 +4005,8 @@ bulletproof. A really robust solution would likely require X server and perhaps even video hardware support. - The blockdpy utility is launched by the [294]-accept option and told - to exit via the [295]-gone option (the vnc client user should + The blockdpy utility is launched by the [299]-accept option and told + to exit via the [300]-gone option (the vnc client user should obviously re-lock the screen before disconnecting!) Instructions can be found in the source code for the utility at the above link. Roughly it is something like this: @@ -3884,17 +4015,17 @@ but please read the top of the file. Update: As of Feb/2007 there is some builtin support for this: - [296]-forcedpms and [297]-clientdpms however, they are probably less + [301]-forcedpms and [302]-clientdpms however, they are probably less robust than the above blockdpy.c scheme, since if the person floods the physical machine with mouse or pointer input he can usually see flashes of the screen before the monitor is powered off again. See - also the [298]-grabkbd, [299]-grabptr, and [300]-grabalways options. + also the [303]-grabkbd, [304]-grabptr, and [305]-grabalways options. - Q-48: Can I have x11vnc automatically lock the screen when I + Q-49: Can I have x11vnc automatically lock the screen when I disconnect the VNC viewer? - Yes, a user mentions he uses the [301]-gone option under CDE to run a + Yes, a user mentions he uses the [306]-gone option under CDE to run a screen lock program: x11vnc -display :0 -forever -gone 'dtaction LockDisplay' @@ -3904,7 +4035,7 @@ x11vnc -display :0 -forever -gone 'xlock &' x11vnc -display :0 -forever -gone 'xlock -mode blank &' - Here is a scheme using the [302]-afteraccept option (in version 0.8) + Here is a scheme using the [307]-afteraccept option (in version 0.8) to unlock the screen after the first valid VNC login and to lock the screen after the last valid VNC login disconnects: x11vnc -display :0 -forever -shared -afteraccept ./myxlocker -gone ./myxlocke @@ -3942,24 +4073,24 @@ then use -gone "setpgrp xlock &", etc. [Encrypted Connections] - Q-49: How can I tunnel my connection to x11vnc via an encrypted SSH + Q-50: How can I tunnel my connection to x11vnc via an encrypted SSH channel between two Unix machines? - See the description earlier on this page on [303]how to tunnel VNC via + See the description earlier on this page on [308]how to tunnel VNC via SSH from Unix to Unix. A number of ways are described along with some issues you may encounter. Other secure encrypted methods exists, e.g. stunnel, IPSEC, various VPNs, etc. - See also the [304]Enhanced TightVNC Viewer (SSVNC) page where much of + See also the [309]Enhanced TightVNC Viewer (SSVNC) page where much of this is now automated. - Q-50: How can I tunnel my connection to x11vnc via an encrypted SSH + Q-51: How can I tunnel my connection to x11vnc via an encrypted SSH channel from Windows using an SSH client like Putty? - [305]Above we described how to tunnel VNC via SSH from Unix to Unix, + [310]Above we described how to tunnel VNC via SSH from Unix to Unix, you may want to review it. To do this from Windows using Putty it would go something like this: * In the Putty dialog window under 'Session' enter the hostname or @@ -3980,11 +4111,11 @@ :0 (plus other cmdline options) in the 'Remote command' Putty setting under 'Connections/SSH'. - See also the [306]Enhanced TightVNC Viewer (SSVNC) page where much of + See also the [311]Enhanced TightVNC Viewer (SSVNC) page where much of this is now automated via the Putty plink utility. - For extra protection feel free to run x11vnc with the [307]-localhost - and [308]-rfbauth/[309]-passwdfile options. + For extra protection feel free to run x11vnc with the [312]-localhost + and [313]-rfbauth/[314]-passwdfile options. If the machine you SSH into via Putty is not the same machine with the X display you wish to view (e.g. your company provides incoming SSH @@ -3992,21 +4123,21 @@ dialog setting to: 'Destination: otherhost:5900', Once logged in, you'll need to do a second login (ssh or rsh) to the workstation machine 'otherhost' and then start up x11vnc on it. This can also be - automated by [310]Chaining SSH's. + automated by [315]Chaining SSH's. - As discussed [311]above another option is to first start the VNC + As discussed [316]above another option is to first start the VNC viewer in "listen" mode, and then launch x11vnc with the - "[312]-connect localhost" option to establish the reverse connection. + "[317]-connect localhost" option to establish the reverse connection. In this case a Remote port redirection (not Local) is needed for port 5500 instead of 5900 (i.e. 'Source port: 5500' and 'Destination: localhost:5500' for a Remote connection.) - Q-51: How can I tunnel my connection to x11vnc via an encrypted SSL + Q-52: How can I tunnel my connection to x11vnc via an encrypted SSL channel using an external tool like stunnel? It is possible to use a "lighter weight" encryption setup than SSH or - IPSEC. SSL tunnels such as [313]stunnel (also [314]stunnel.mirt.net) + IPSEC. SSL tunnels such as [318]stunnel (also [319]stunnel.mirt.net) provide an encrypted channel without the need for Unix users, passwords, and key passphrases required for ssh (and at the other extreme SSL can also provide a complete signed certificate chain of @@ -4014,9 +4145,9 @@ and firewalls often let its port through, ssh is frequently the path of least resistance (it also nicely manages public keys for you.) - Update: As of Feb/2006 x11vnc has the options [315]-ssl, - [316]-stunnel, and [317]-sslverify to provide integrated SSL schemes. - They are discussed [318]in the Next FAQ (you probably want to skip to + Update: As of Feb/2006 x11vnc has the options [320]-ssl, + [321]-stunnel, and [322]-sslverify to provide integrated SSL schemes. + They are discussed [323]in the Next FAQ (you probably want to skip to it now.) We include these non-built-in method descriptions below for historical @@ -4024,7 +4155,7 @@ any VNC (or other type of) server. - Here are some basic examples using [319]stunnel but the general idea + Here are some basic examples using [324]stunnel but the general idea for any SSL tunnel utility is the same: * Start up x11vnc and constrain it to listen on localhost. * Then start up the SSL tunnel running on the same machine to @@ -4048,7 +4179,7 @@ The above two commands are run on host "far-away.east". The stunnel.pem is the self-signed PEM file certificate created when - stunnel is built. One can also create certificates [320]signed by + stunnel is built. One can also create certificates [325]signed by Certificate Authorities or self-signed if desired using the x11vnc utilities described there. @@ -4062,21 +4193,21 @@ Then point the viewer to the local tunnel on port 5902: vncviewer -encodings "copyrect tight zrle hextile" localhost:2 - That's it. Note that the [321]ss_vncviewer script can automate this - easily, and so can the [322]Enhanced TightVNC Viewer (SSVNC) package. + That's it. Note that the [326]ss_vncviewer script can automate this + easily, and so can the [327]Enhanced TightVNC Viewer (SSVNC) package. Be sure to use a VNC password because unlike ssh by default the encrypted SSL channel provides no authentication (only privacy.) With some extra configuration one could also set up certificates to provide authentication of either or both sides as well (and hence avoid man-in-the-middle attacks.) See the stunnel and openssl documentation - and also [323]the key management section for details. + and also [328]the key management section for details. stunnel has also been ported to Windows, and there are likely others to choose from for that OS. Much info for using it on Windows can be - found at the stunnel site and in this [324]article The article also + found at the stunnel site and in this [329]article The article also shows the detailed steps to set up all the authentication - certificates. (for both server and clients, see also the [325]x11vnc + certificates. (for both server and clients, see also the [330]x11vnc utilities that do this.) The default Windows client setup (no certs) is simpler and only 4 files are needed in a folder: stunnel.exe, stunnel.conf, libssl32.dll, libeay32.dll. We used an stunnel.conf @@ -4097,7 +4228,7 @@ As an aside, if you don't like the little "gap" of unencrypted TCP traffic (and a localhost listening socket) on the local machine between stunnel and x11vnc it can actually be closed by having stunnel - start up x11vnc in [326]-inetd mode: + start up x11vnc in [331]-inetd mode: stunnel -p /path/to/stunnel.pem -P none -d 5900 -l ./x11vnc_sh Where the script x11vnc_sh starts up x11vnc: @@ -4134,36 +4265,36 @@ SSL VNC Viewers: Regarding VNC viewers that "natively" do SSL unfortunately there do - not seem to be many. The [327]SingleClick UltraVNC Java Viewer is SSL - and is compatible with x11vnc's [328]-ssl option and stunnel.) + not seem to be many. The [332]SingleClick UltraVNC Java Viewer is SSL + and is compatible with x11vnc's [333]-ssl option and stunnel.) Commercial versions of VNC seem to have some SSL-like encryption built in, but we haven't tried those either and they probably wouldn't work since their (proprietary) SSL-like negotiation is likely embedded in the VNC protocol unlike our case where it is external. - Note: as of Mar/2006 libvncserver/x11vnc provides a [329]SSL-enabled - Java applet that can be served up via the [330]-httpdir or [331]-http - options when [332]-ssl is enabled. It will also be served via HTTPS + Note: as of Mar/2006 libvncserver/x11vnc provides a [334]SSL-enabled + Java applet that can be served up via the [335]-httpdir or [336]-http + options when [337]-ssl is enabled. It will also be served via HTTPS via either the VNC port (e.g. https://host:5900/) or a 2nd port via - the [333]-https option. + the [338]-https option. In general current SSL VNC solutions are not particularly "seemless". But it can be done, and with a wrapper script on the viewer side and - the [334]-stunnel or [335]-ssl option on the server side it works well - and is convenient. Here is a simple script [336]ss_vncviewer that + the [339]-stunnel or [340]-ssl option on the server side it works well + and is convenient. Here is a simple script [341]ss_vncviewer that automates running stunnel on the VNC viewer side on Unix a little more carefully than the commands printed above. (One could probably do a similar thing with a .BAT file on Windows in the stunnel folder.) - Update Jul/2006: we now provide an [337]Enhanced TightVNC Viewer + Update Jul/2006: we now provide an [342]Enhanced TightVNC Viewer (SSVNC) package that starts up STUNNEL automatically along with some other features. All binaries (stunnel, vncviewer, and some utilities) are provided in the package. It works on Unix, Mac OS X, and Windows. - Q-52: Does x11vnc have built-in SSL tunneling? + Q-53: Does x11vnc have built-in SSL tunneling? - You can read about non-built-in methods [338]in the Previous FAQ for + You can read about non-built-in methods [343]in the Previous FAQ for background. SSL tunnels provide an encrypted channel without the need for Unix @@ -4175,12 +4306,12 @@ Built-in SSL x11vnc options: - As of Feb/2006 the x11vnc [339]-ssl option automates the SSL tunnel - creation on the x11vnc server side. An [340]SSL-enabled Java Viewer + As of Feb/2006 the x11vnc [344]-ssl option automates the SSL tunnel + creation on the x11vnc server side. An [345]SSL-enabled Java Viewer applet is also provided that can be served via HTTP or HTTPS to automate SSL on the client side. - The [341]-ssl mode uses the [342]www.openssl.org library if available + The [346]-ssl mode uses the [347]www.openssl.org library if available at build time. The mode requires an SSL certificate and key (i.e. .pem file.) These @@ -4206,11 +4337,11 @@ "-ssl SAVE_NOPROMPT" to not be prompted. Use "-ssl TMP" to create a temporary self-signed cert that will be discarded when x11vnc exits. - Update: As of Nov/2008 x11vnc also supports the [343]VeNCrypt SSL/TLS + Update: As of Nov/2008 x11vnc also supports the [348]VeNCrypt SSL/TLS tunnel extension to the VNC protocol. The older ANONTLS method (vino) is also supported. This support is on by default when the -ssl option - is in use and can be fine-tuned using these options: [344]-vencrypt - and [345]-anontls. + is in use and can be fine-tuned using these options: [349]-vencrypt + and [350]-anontls. The normal x11vnc -ssl operation is somewhat like a URL method vncs://hostname if vnc://hostname indicates a standard unencrypted VNC @@ -4222,7 +4353,7 @@ SSL VNC Viewers:. Viewer-side will need to use SSL as well. See the - [346]next FAQ and [347]here for SSL enabled VNC Viewers, including + [351]next FAQ and [352]here for SSL enabled VNC Viewers, including SSVNC, to connect to the above x11vnc via SSL. @@ -4237,12 +4368,12 @@ is to encrypt the key with a passphrase (note however this requires supplying the passphrase each time x11vnc is started up.) - See the discussion on [348]x11vnc Key Management for some utilities + See the discussion on [353]x11vnc Key Management for some utilities provided for creating and managing certificates and keys and even for creating your own Certificate Authority (CA) for signing VNC server and client certificates. This may be done by importing the certificate into Web Browser or Java plugin keystores, or pointing stunnel to it. - The wrapper script [349]ss_vncviewer provides an example on unix (see + The wrapper script [354]ss_vncviewer provides an example on unix (see the -verify option.) Here are some notes on the simpler default (non-CA) operation. To have @@ -4256,7 +4387,7 @@ the possibility of copying the server.crt to machines where the VNC Viewer will be run to enable authenticating the x11vnc SSL VNC server to the clients. When authentication takes place this way (or via the - more sophisticated CA signing described [350]here), then + more sophisticated CA signing described [355]here), then Man-In-The-Middle-Attacks are prevented. Otherwise, the SSL encryption only provides protection against passive network traffic "sniffing" (i.e. you are not protected against M-I-T-M attacks.) Nowadays, most @@ -4288,11 +4419,11 @@ The older -stunnel option: Before the -ssl option there was a - convenience option [351]-stunnel that would start an external SSL + convenience option [356]-stunnel that would start an external SSL tunnel for you using stunnel. The -ssl method is the preferred way, but for historical reference we keep the -stunnel info here. - The [352]-stunnel mode requires the [353]www.stunnel.org command + The [357]-stunnel mode requires the [358]www.stunnel.org command stunnel(8) to be installed on the system. Some -stunnel examples: @@ -4316,15 +4447,15 @@ TMP".) - Q-53: How do I use VNC Viewers with built-in SSL tunneling? + Q-54: How do I use VNC Viewers with built-in SSL tunneling? Notes on using "native" VNC Viewers with SSL: There aren't any native VNC Viewers that do SSL (ask your VNC viewer developer to add the feature.) So a tunnel must be setup that you point the VNC Viewer to. This is often STUNNEL. You can do this - [354]manually, or use the [355]ss_vncviewer script on Unix, or our - [356]Enhanced TightVNC Viewer (SSVNC) package on Unix, Windows, or + [359]manually, or use the [360]ss_vncviewer script on Unix, or our + [361]Enhanced TightVNC Viewer (SSVNC) package on Unix, Windows, or MacOSX. See the next section for Java Web browser SSL VNC Viewers (you only need a Java-enabled Web browser for it to work.) @@ -4336,13 +4467,13 @@ The SSL enabled Java VNC Viewer (VncViewer.jar) in the x11vnc package supports only SSL based connections by default. As mentioned above the - [357]-httpdir can be used to specify the path to .../classes/ssl. A + [362]-httpdir can be used to specify the path to .../classes/ssl. A typical location might be /usr/local/share/x11vnc/classes/ssl. Or - [358]-http can be used to try to have it find the directory + [363]-http can be used to try to have it find the directory automatically. - Also note that the [359]SingleClick UltraVNC Java Viewer is compatible - with x11vnc's [360]-ssl SSL mode. (We tested it this way: "java -cp + Also note that the [364]SingleClick UltraVNC Java Viewer is compatible + with x11vnc's [365]-ssl SSL mode. (We tested it this way: "java -cp ./VncViewer.jar VncViewer HOST far-away.east PORT 5900 USESSL 1 TRUSTALL 1") @@ -4377,13 +4508,13 @@ If you are using a router/firewall with port-redirection, and you are redirecting ports other than the default ones (5800, 5900) listed - above [361]see here. + above [366]see here. The https service provided thru the actual VNC port (5900 in the above example) can occasionally be slow or unreliable (it has to read some input and try to guess if the connection is VNC or HTTP.) If it is unreliable for you and you still want to serve the Java applet via - https, use the [362]-https option to get an additional port dedicated + https, use the [367]-https option to get an additional port dedicated to https (its URL will also be printed in the output.) Another possibility is to add the GET applet parameter: @@ -4396,7 +4527,7 @@ You may also use "urlPrefix=somestring" to have /somestring prepended to /request.https.vnc.connection". Perhaps you are using a web server - [363]proxy scheme to enter a firewall or otherwise have rules applied + [368]proxy scheme to enter a firewall or otherwise have rules applied to the URL. If you need to have any slashes "/" in "somestring" use "_2F_" (a deficiency in libvncserver prevents using the more natural "%2F".) @@ -4489,12 +4620,12 @@ Then, if you plan to use them, enable "fancy stuff" like "-svc" or "-unixpw", etc, etc. Be sure to add a password either "-rfbauth" or "-unixpw" or both. If you need to have the web browser use a corporate - [364]Web Proxy (i.e. it cannot connect directly) work on that last. - Ditto for the [365]Apache portal. + [369]Web Proxy (i.e. it cannot connect directly) work on that last. + Ditto for the [370]Apache portal. Router/Firewall port redirs: If you are doing port redirection at - your [366]router to an internal machine running x11vnc AND the + your [371]router to an internal machine running x11vnc AND the internet facing port is different from the internal machine's VNC port, you will need to apply the PORT applet parameter to indicate to the applet the Internet facing port number (otherwise by default the @@ -4504,7 +4635,7 @@ So in this example the user configures his router to redirect connections to port 443 on his Internet side to, say, port 5900 on the - internal machine running x11vnc. See also the [367]-httpsredir option + internal machine running x11vnc. See also the [372]-httpsredir option that will try to automate this for you. To configure your router to do port redirection, see its instructions. @@ -4515,7 +4646,7 @@ or Unix system acting as your firewall/router, see its firewall configuration. - You can also use x11vnc options [368]-rfbport NNNNN and [369]-httpport + You can also use x11vnc options [373]-rfbport NNNNN and [374]-httpport NNNNN to match the ports that your firewall will be redirecting to the machine where x11vnc is run. @@ -4544,12 +4675,12 @@ NOT linger at. If you see in the x11vnc output a request for VncViewer.class instead of VncViewer.jar it is too late... you will need to completely restart the Web browser to get it to try for the - jar again. You can use the [370]-https option if you want a dedicated + jar again. You can use the [375]-https option if you want a dedicated port for HTTPS connections instead of sharing the VNC port. To see example x11vnc output for a successful https://host:5900/ - connection with the Java Applet see [371]This Page. And here is a - newer example [372]including the Java Console output. + connection with the Java Applet see [376]This Page. And here is a + newer example [377]including the Java Console output. All of the x11vnc Java Viewer applet parameters are described in the file classes/ssl/README @@ -4560,10 +4691,10 @@ If you want to use a native VNC Viewer with the SSL enabled x11vnc you will need to run an external SSL tunnel on the Viewer side. There do not seem to be any native SSL VNC Viewers outside of our x11vnc and - [373]SSVNC packages. The basic ideas of doing this were discussed - [374]for external tunnel utilities here. + [378]SSVNC packages. The basic ideas of doing this were discussed + [379]for external tunnel utilities here. - The [375]ss_vncviewer script provided with x11vnc and SSVNC can set up + The [380]ss_vncviewer script provided with x11vnc and SSVNC can set up the stunnel tunnel automatically on unix as long as the stunnel command is installed on the Viewer machine and available in PATH (and vncviewer too of course.) Note that on a Debian based system you will @@ -4597,20 +4728,20 @@ The fifth one shows that Web proxies can be used if that is the only way to get out of the firewall. If the "double proxy" situation arises - separate the two by commas. See [376]this page for more information on + separate the two by commas. See [381]this page for more information on how Web proxies come into play. - If one uses a Certificate Authority (CA) scheme described [377]here, + If one uses a Certificate Authority (CA) scheme described [382]here, the wrapper script would use the CA cert instead of the server cert: 3') ss_vncviewer -verify ./cacert.crt far-away.east:0 - Update Jul/2006: we now provide an [378]Enhanced TightVNC Viewer + Update Jul/2006: we now provide an [383]Enhanced TightVNC Viewer (SSVNC) package that starts up STUNNEL automatically along with some other features. All binaries (stunnel, vncviewer, and some utilities) are provided in the package. It works on Unix, Mac OS X, and Windows. - Q-54: How do I use the Java applet VNC Viewer with built-in SSL + Q-55: How do I use the Java applet VNC Viewer with built-in SSL tunneling when going through a Web Proxy? The SSL enabled Java VNC Viewer and firewall Proxies: @@ -4667,36 +4798,36 @@ https://yourmachine.com/proxy.vnc?PORT=443 this is cleaner because it avoids editing the file, but requires more - parameters in the URL. See also the [379]-httpsredir x11vnc option - that will try to automate this for you. To use the GET [380]trick + parameters in the URL. See also the [384]-httpsredir x11vnc option + that will try to automate this for you. To use the GET [385]trick discussed above, do: https://yourmachine.com/proxy.vnc?GET=1&PORT=443 All of the x11vnc Java Viewer applet parameters are described in the file classes/ssl/README - Here is an example of Java Console and x11vnc output for the [381]Web + Here is an example of Java Console and x11vnc output for the [386]Web proxy case. - Note that both the [382]ss_vncviewer stunnel Unix wrapper script and - [383]Enhanced TightVNC Viewer (SSVNC) can use Web proxies as well even + Note that both the [387]ss_vncviewer stunnel Unix wrapper script and + [388]Enhanced TightVNC Viewer (SSVNC) can use Web proxies as well even though they do not involve a Web browser. - Q-55: Can Apache web server act as a gateway for users to connect via + Q-56: Can Apache web server act as a gateway for users to connect via SSL from the Internet with a Web browser to x11vnc running on their workstations behind a firewall? Yes. You will need to configure apache to forward these connections. - It is discussed [384]here. This provides a clean alternative to the + It is discussed [389]here. This provides a clean alternative to the traditional method where the user uses SSH to log in through the gateway to create the encrypted port redirection to x11vnc running on her desktop. - Q-56: Can I create and use my own SSL Certificate Authority (CA) with + Q-57: Can I create and use my own SSL Certificate Authority (CA) with x11vnc? - Yes, see [385]this page for how to do this and the utility commands + Yes, see [390]this page for how to do this and the utility commands x11vnc provides to create and manage many types of certificates and private keys. @@ -4704,7 +4835,7 @@ [Display Managers and Services] - Q-57: How can I run x11vnc as a "service" that is always available? + Q-58: How can I run x11vnc as a "service" that is always available? There are a number of ways to do this. The primary thing you need to decide is whether you want x11vnc to connect to the X session on the @@ -4715,14 +4846,14 @@ need to have sufficient permissions to connect to the X display. Here are some ideas: - * Use the description under "Continuously" in the [386]FAQ on x11vnc + * Use the description under "Continuously" in the [391]FAQ on x11vnc and Display Managers - * Use the description in the [387]FAQ on x11vnc and inetd(8) - * Use the description in the [388]FAQ on Unix user logins and + * Use the description in the [392]FAQ on x11vnc and inetd(8) + * Use the description in the [393]FAQ on Unix user logins and inetd(8) * Start x11vnc from your $HOME/.xsession (or $HOME/.xinitrc or autostart script or ...) - * Although less reliable, see the [389]x11vnc_loop rc.local hack + * Although less reliable, see the [394]x11vnc_loop rc.local hack below. The display manager scheme will not be specific to which user has the @@ -4744,9 +4875,9 @@ X startup scripts (traditionally .xsession/.xinitrc) may have to be in a different directory or have a different basename. One user recommends the description under 'Running Scripts Automatically' at - [390]this link. + [395]this link. - Firewalls: note all methods will require the host-level [391]firewall + Firewalls: note all methods will require the host-level [396]firewall to be configured to allow connections in on a port. E.g. 5900 (default VNC port) or 22 (default SSH port for tunnelling VNC.) Most systems these days have firewalls turned on by default, so you will actively @@ -4755,7 +4886,7 @@ (Yast, Firestarter, etc.) - Q-58: How can I use x11vnc to connect to an X login screen like xdm, + Q-59: How can I use x11vnc to connect to an X login screen like xdm, GNOME gdm, KDE kdm, or CDE dtlogin? (i.e. nobody is logged into an X session yet.) _________________________________________________________________ @@ -4768,7 +4899,7 @@ while running x11vnc as root, e.g. for the gnome display manager, gdm: x11vnc -auth /var/gdm/:0.Xauth -display :0 - (the [392]-auth option sets the XAUTHORITY variable for you.) + (the [397]-auth option sets the XAUTHORITY variable for you.) There will be a similar thing for xdm using however a different auth directory path (perhaps something like @@ -4790,15 +4921,31 @@ (or /etc/gdm/gdm.conf, etc.) avoids this. Otherwise, just restart x11vnc and then reconnect your viewer. Other display managers (kdm, etc) may also have a similar problem. One user reports having to alter - "gdm.conf-custom" as well. Update Nov/2008: See also the [393]-reopen - option for another possible workaround. + "gdm.conf-custom" as well. Note: Solaris: For dtlogin in addition to the above sort of trick (BTW, the auth file should be in /var/dt), you'll also need to add something like Dtlogin*grabServer:False to the Xconfig file (/etc/dt/config/Xconfig or /usr/dt/config/Xconfig on Solaris, see - [394]the example at the end of this FAQ.) Then restart dtlogin, e.g.: + [398]the example at the end of this FAQ.) Then restart dtlogin, e.g.: /etc/init.d/dtlogin stop; /etc/init.d/dtlogin start or reboot. + + Update Nov/2008: Regarding GDM KillInitClients: see the [399]-reopen + option for another possible workaround. + + Update Oct/2009: Regarding GDM KillInitClients: starting with x11vnc + 0.9.9 it will try to apply heuristics to detect if a window manager is + not running (i.e. whether the Display Manager Greeter Login panel is + still up.) If it thinks the display manager login is still up it will + delay creating windows or using XFIXES. The former is what GDM uses to + kill the initial clients, use of the latter can cause a different + problem: an Xorg server crash. So with 0.9.9 and later it should all + work without needing to set KillInitClients=false (which is a good + because recent GDM, v2.24, has removed this option) or use -noxfixes. + To disable the heuristics and delaying set X11VNC_AVOID_WINDOWS=never; + to set the delay time explicitly use, e.g., X11VNC_AVOID_WINDOWS=120 + (delays for 120 seconds after the VNC connection; you have that long + to log in.) _________________________________________________________________ Continuously: Have x11vnc reattach each time the X server is @@ -4810,7 +4957,7 @@ Please consider the security implications of this! The VNC display for the X session always accessible (but hopefully password protected.) - Add [395]-localhost if you only plan to access via a [396]SSH tunnel. + Add [400]-localhost if you only plan to access via a [401]SSH tunnel. The name of the display manager startup script file depends on desktop used and seem to be: @@ -4820,17 +4967,20 @@ XDM /etc/X11/xdm/Xsetup (or sometimes xdm/Xsetup_0) CDE /etc/dt/config/Xsetup - although the exact location can depend on operating system and - distribution. See the documentation for your display manager: gdm(1), - kdm(1), xdm(1), dtlogin(1) for additional details. There may also be - display number specific scripts: e.g. Xsetup_0 vs. Xsetup, you need to - watch out for. + although the exact location can be operating system, distribution, and + time dependent. See the documentation for your display manager: + gdm(1), kdm(1), xdm(1), dtlogin(1) for additional details. There may + also be display number specific scripts: e.g. Xsetup_0 vs. Xsetup, you + need to watch out for. Note: GDM: The above (in 'One time only') gdm setting of KillInitClients=false in /etc/X11/gdm/gdm.conf (or /etc/gdm/gdm.conf, etc.) for GDM is needed here as well. Other display managers (KDM, etc) may also have a similar problem. + Also see the Update Oct/2009 above where x11vnc 0.9.9 and later + automatically avoids being killed. + Note: DtLogin: The above (in 'One time only') Dtlogin*grabServer:False step for Solaris will be needed for dtlogin here as well. @@ -4841,7 +4991,7 @@ -forever -bg where you should customize the exact command to your needs (e.g. - [397]-localhost for SSH tunnel-only access; [398]-ssl SAVE for SSL + [402]-localhost for SSH tunnel-only access; [403]-ssl SAVE for SSL access; etc.) Happy, happy, joy, joy: Note that we do not need to specify -display @@ -4849,7 +4999,7 @@ and XAUTHORITY environment variables for the Xsetup script!!! You may also want to force the VNC port with something like "-rfbport - 5900" (or [399]-N) to avoid autoselecting one if 5900 is already + 5900" (or [404]-N) to avoid autoselecting one if 5900 is already taken. _________________________________________________________________ @@ -4865,7 +5015,7 @@ Then restart: /usr/sbin/gdm-restart (or reboot.) The KillInitClients=false setting is important: without it x11vnc will be - killed immediately after the user logs in. Here are [400]full details + killed immediately after the user logs in. Here are [405]full details on how to configure gdm _________________________________________________________________ @@ -4907,16 +5057,16 @@ If you do not want to deal with any display manager startup scripts, here is a kludgey script that can be run manually or out of a boot - file like rc.local: [401]x11vnc_loop It will need some local + file like rc.local: [406]x11vnc_loop It will need some local customization before running. Because the XAUTHORITY auth file must be guessed by this script, use of the display manager script method - described above is greatly preferred. There is also the [402]-loop + described above is greatly preferred. There is also the [407]-loop option that does something similar. If the machine is a traditional Xterminal you may want to read - [403]this FAQ. + [408]this FAQ. - Firewalls: note all methods will require the host-level [404]firewall + Firewalls: note all methods will require the host-level [409]firewall to be configured to allow connections in on a port. E.g. 5900 (default VNC port) or 22 (default SSH port for tunnelling VNC.) Most systems these days have firewalls turned on by default, so you will actively @@ -4925,14 +5075,14 @@ (Yast, Firestarter, etc.) - Q-59: Can I run x11vnc out of inetd(8)? How about xinetd(8)? + Q-60: Can I run x11vnc out of inetd(8)? How about xinetd(8)? Yes, perhaps a line something like this in /etc/inetd.conf will do it for you: 5900 stream tcp nowait root /usr/sbin/tcpd /usr/local/bin/x11vnc_sh - where the shell script /usr/local/bin/x11vnc_sh uses the [405]-inetd + where the shell script /usr/local/bin/x11vnc_sh uses the [410]-inetd option and looks something like (you'll need to customize to your settings.) #!/bin/sh @@ -4945,7 +5095,7 @@ and that confuses it greatly, causing it to abort.) If you do not use a wrapper script as above but rather call x11vnc directly in /etc/inetd.conf and do not redirect stderr to a file, then you must - specify the -q (aka [406]-quiet) option: "/usr/local/bin/x11vnc -q + specify the -q (aka [411]-quiet) option: "/usr/local/bin/x11vnc -q -inetd ...". When you supply both -q and -inet and no "-o logfile" then stderr will automatically be closed (to prevent, e.g. library stderr messages leaking out to the viewer.) The recommended practice @@ -4953,12 +5103,12 @@ script with "2>logfile" redirection because the errors and warnings printed out are very useful in troubleshooting problems. - Note also the need to set XAUTHORITY via [407]-auth to point to the + Note also the need to set XAUTHORITY via [412]-auth to point to the MIT-COOKIE auth file to get permission to connect to the X display (setting and exporting the XAUTHORITY variable accomplishes the same thing.) See the x11vnc_loop file in the previous question for more ideas on what that auth file may be, etc. The scheme described in the - [408]FAQ on Unix user logins and inetd(8) works around the XAUTHORITY + [413]FAQ on Unix user logins and inetd(8) works around the XAUTHORITY issue nicely. Note: On Solaris you cannot have the bare number 5900 in @@ -5038,14 +5188,14 @@ exec /usr/local/bin/x11vnc -inetd -o /var/log/x11vnc.log -find -env FD_XDM=1 - Q-60: Can I have x11vnc advertise its VNC service and port via mDNS / + Q-61: Can I have x11vnc advertise its VNC service and port via mDNS / Zeroconf (e.g. Avahi) so VNC viewers on the local network can detect it automatically? Yes, as of Feb/2007 x11vnc supports mDNS / Zeroconf advertising of its - service via the Avahi client library. Use the option [409]-avahi (same - as [410]-mdns or [411]-zeroconf) to enable it. Depending on your setup - you may need to install [412]Avahi (including the development/build + service via the Avahi client library. Use the option [414]-avahi (same + as [415]-mdns or [416]-zeroconf) to enable it. Depending on your setup + you may need to install [417]Avahi (including the development/build packages), enable the server: avahi-daemon and avahi-dnsconfd, and possibly open up UDP port 5353 on your firewall. @@ -5069,52 +5219,52 @@ other distros/OS's... - Q-61: Can I have x11vnc allow a user to log in with her UNIX username + Q-62: Can I have x11vnc allow a user to log in with her UNIX username and password and then have it find her X session display on that machine and then connect to it? How about starting an X session if one cannot be found? - The easiest way to do this is via [413]inetd(8) using the [414]-unixpw - and [415]-display WAIT options. The reason inetd(8) makes this easier + The easiest way to do this is via [418]inetd(8) using the [419]-unixpw + and [420]-display WAIT options. The reason inetd(8) makes this easier is that it starts a new x11vnc process for each new user connection. Otherwise a wrapper would have to listen for connections and spawn new - x11vnc's (see [416]this example and also the [417]-loopbg option.) + x11vnc's (see [421]this example and also the [422]-loopbg option.) Also with inetd(8) users always connect to a fixed VNC display, say hostname:0, and do not need to memorize a special VNC display number just for their personal use, etc. - Update: Use the [418]-find, [419]-create, [420]-svc, and [421]-xdmsvc + Update: Use the [423]-find, [424]-create, [425]-svc, and [426]-xdmsvc options that are shorthand for common FINDCREATEDISPLAY usage modes (e.g. terminal services) described below. (i.e. just use "-svc" instead of "-display WAIT:cmd=FINDCREATEDISPLAY-Xvfb -unixpw -users unixpw= -ssl SAVE") - The [422]-display WAIT option makes x11vnc wait until a VNC viewer is + The [427]-display WAIT option makes x11vnc wait until a VNC viewer is connected before attaching to the X display. Additionally it can be used to run an external command that returns the DISPLAY and XAUTHORITY data. We provide some useful builtin ones (FINDDISPLAY and FINDCREATEDISPLAY below), but in principle one could supply "-display WAIT:cmd=/path/to/find_display" where the script find_display might - look something like [423]this. + look something like [428]this. A default script somewhat like the above is used under "-display - WAIT:cmd=FINDDISPLAY" (same as [424]-find) (use + WAIT:cmd=FINDDISPLAY" (same as [429]-find) (use "WAIT:cmd=FINDDISPLAY-print" to print out the gnarly script.) The format for any such command is that it returns DISPLAY=:disp as the first line and any remaining lines are either XAUTHORITY=file or raw xauth data (the above example does the latter.) If applicable (-unixpw mode), the program is run as the Unix user name who logged in. - On Linux if the virtual terminal is known the program should append - ",VT=n" to the DISPLAY line; a chvt n will be attempted automatically. - Or if you only know the X server process ID and suspect a chvt will be - needed append ",XPID=n". + On Linux if the virtual terminal is known the program appends ",VT=n" + to the DISPLAY line; a chvt n will be attempted automatically. Or if + only X server process ID is known it appends ",XPID=n" (a chvt will be + attempted by x11vnc.) - Tip: Note that the [425]-find option is an alias for "-display + Tip: Note that the [430]-find option is an alias for "-display WAIT:cmd=FINDDISPLAY". Use it! - The [426]-unixpw option allows [427]UNIX password logins. It + The [431]-unixpw option allows [432]UNIX password logins. It conveniently knows the Unix username whose X display should be found. Here are a couple /etc/inetd.conf examples for this: 5900 stream tcp nowait nobody /usr/sbin/tcpd /usr/local/bin/x11vnc -inetd @@ -5128,16 +5278,16 @@ Note the very long lines have been split. An alternative is to use a wrapper script, e.g. /usr/local/bin/x11vnc.sh that has all of the - options. (see also the [428]-svc alias.) + options. (see also the [433]-svc alias.) In the first one x11vnc is run as user "nobody" and stays user nobody during the whole session. The permissions of the log files and certs directory will need to be set up to allow "nobody" to use them. In the second one x11vnc is run as root and switches to the user that - logs in due to the "[429]-users unixpw=" option. + logs in due to the "[434]-users unixpw=" option. - Note that [430]SSL is required for this mode because otherwise the + Note that [435]SSL is required for this mode because otherwise the Unix password would be passed in clear text over the network. In general -unixpw is not required for this sort of scheme, but it is convenient because it determines exactly who the Unix user is whose @@ -5145,17 +5295,17 @@ to use some method to work out DISPLAY, XAUTHORITY, etc (perhaps you use multiple inetd ports and hardwire usernames for different ports.) - If you really want to disable the SSL or SSH [431]-localhost + If you really want to disable the SSL or SSH [436]-localhost constraints (this is not recommended unless you really know what you are doing: Unix passwords sent in clear text is a very bad idea...) - read the [432]-unixpw documentation. + read the [437]-unixpw documentation. A inetd(8) scheme for a fixed user that doesn't use SSL or unix passwds could be: /usr/local/bin/x11vnc -inetd -users =fred -find -rfbauth /home/fred/.vnc/passwd -o /var/log/x11vnc.log - The "[433]-users =fred" option will cause x11vnc to switch to user + The "[438]-users =fred" option will cause x11vnc to switch to user fred and then find his X display. @@ -5164,29 +5314,31 @@ FINDDISPLAY method it will create an X server session for the user (i.e. desktop/terminal server.) This is the only time x11vnc actually tries to start up an X server. By default it will only try to start up - virtual (non-hardware) X servers: first [434]Xdummy and if that is not + virtual (non-hardware) X servers: first [439]Xdummy and if that is not available then Xvfb. Note that Xdummy requires root permission and only works on Linux whereas Xvfb works just about everywhere. So an inetd(8) example might look like: 5900 stream tcp nowait root /usr/sbin/tcpd /usr/local/bin/x11vnc -inetd \ - -o /var/log/x11vnc.log -http -ssl SAVE -unixpw -users unixpw= \ - -display WAIT:cmd=FINDCREATEDISPLAY -prog /usr/local/bin/x11vnc + -o /var/log/x11vnc.log -http -prog /usr/local/bin/x11vnc \ + -ssl SAVE -unixpw -users unixpw= -display WAIT:cmd=FINDCREATEDISPLAY Where the very long lines have been split. This will allow direct SSL - (e.g. [435]ss_vncviewer) access and also Java Web browers access via: + (e.g. [440]ss_vncviewer) access and also Java Web browers access via: https://hostname:5900/. - Tip: Note that the [436]-create option is an alias for "-display + Tip: Note that the [441]-create option is an alias for "-display WAIT:cmd=FINDCREATEDISPLAY-Xvfb". - Tip: Note that [437]-svc is a short hand for the long "-ssl SAVE + Tip: Note that [442]-svc is a short hand for the long "-ssl SAVE -unixpw -users unixpw= -display WAIT:cmd=FINDCREATEDISPLAY" part. Unlike -create, this alias also sets up SSL encryption and Unix - password login. + password login. The above example then simplifies to: +5900 stream tcp nowait root /usr/sbin/tcpd /usr/local/bin/x11vnc -inetd \ + -o /var/log/x11vnc.log -http -prog /usr/local/bin/x11vnc -svc Tip: In addition to the usual unixpw parameters, the user can specify - after his username (following a ":" see [438]-display WAIT for + after his username (following a ":" see [443]-display WAIT for details) for FINDCREATEDISPLAY they can add "geom=WxH" or "geom=WxHxD" to specify the width, height, and optionally the color depth. E.g. "fred:geom=800x600" at the login: prompt. Also if the env. var @@ -5212,18 +5364,22 @@ wait = no user = root server = /usr/local/bin/x11vnc - server_args = -inetd -o /var/log/x11vnc.log -http -ssl SAVE -unixpw - -users unixpw= -display WAIT:cmd=FINDCREATEDISPLAY -prog /usr/local/bin/x11vnc + server_args = -inetd -o /var/log/x11vnc.log -http -prog /usr/local/ +bin/x11vnc -ssl SAVE -unixpw -users unixpw= -display WAIT:cmd=FINDCREATEDISPLAY disable = no } + Or more simply the server_args becomes: + server_args = -inetd -o /var/log/x11vnc.log -http -prog /usr/local/ +bin/x11vnc -svc + To print out the script in this case use "-display WAIT:cmd=FINDCREATEDISPLAY-print". To change the preference of Xservers and which to try list them, e.g.: "-display WAIT:cmd=FINDCREATEDISPLAY-X,Xvfb,Xdummy". The "X" one means to try to start up a real, hardware X server, e.g. startx(1) (if there is already a real X server running this may only work on Linux and the - chvt program may [439]need to be run to switch to the correct Linux + chvt program may [444]need to be run to switch to the correct Linux virtual terminal.) x11vnc will try to run chvt automatically if it can determine which VT should be switched to. @@ -5250,7 +5406,7 @@ will also typically block UDP (port 177 for XDMCP) by default effectively limiting the UDP connections to localhost. - Tip: Note that [440]-xdmsvc is a short hand for the long "-ssl SAVE + Tip: Note that [445]-xdmsvc is a short hand for the long "-ssl SAVE -unixpw -users unixpw= -display WAIT:cmd=FINDCREATEDISPLAY-Xvfb.xdmcp" part. E.g.: service x11vnc @@ -5314,26 +5470,26 @@ (e.g. :0) and it switches based on username. - Q-62: Can I have x11vnc restart itself after it terminates? + Q-63: Can I have x11vnc restart itself after it terminates? One could do this in a shell script, but now there is an option - [441]-loop that makes it easier. Of course when x11vnc restarts it + [446]-loop that makes it easier. Of course when x11vnc restarts it needs to have permissions to connect to the (potentially new) X display. This mode could be useful if the X server restarts often. Use e.g. "-loop5000" to sleep 5000 ms between restarts. Also "-loop2000,5" to sleep 2000 ms and only restart 5 times. - One can also use the [442]-loopbg to emulate inetd(8) to some degree, + One can also use the [447]-loopbg to emulate inetd(8) to some degree, where each connected process runs in the background. It could be - combined, say, with the [443]-svc option to provide simple terminal + combined, say, with the [448]-svc option to provide simple terminal services without using inetd(8). - Q-63: How do I make x11vnc work with the Java VNC viewer applet in a + Q-64: How do I make x11vnc work with the Java VNC viewer applet in a web browser? To have x11vnc serve up a Java VNC viewer applet to any web browsers - that connect to it, run x11vnc with this [444]option: + that connect to it, run x11vnc with this [449]option: -httpdir /path/to/the/java/classes/dir (this directory will contain the files index.vnc and, for example, @@ -5352,7 +5508,7 @@ then you can connect to that URL with any Java enabled browser. Feel free to customize the default index.vnc file in the classes directory. - As of May/2005 the [445]-http option will try to guess where the Java + As of May/2005 the [450]-http option will try to guess where the Java classes jar file is by looking in expected locations and ones relative to the x11vnc binary. @@ -5361,7 +5517,7 @@ either the java or appletviewer commands to run the program. java -cp ./VncViewer.jar VncViewer HOST far-away.east PORT 5900 - Proxies: See the [446]discussion here if the web browser must use a + Proxies: See the [451]discussion here if the web browser must use a web proxy to connect to the internet. It is tricky to get Java applets to work in this case: a signed applet must be used so it can connect to the proxy and ask for the redirection to the VNC server. One way to @@ -5371,13 +5527,13 @@ in the URL or the file. - Q-64: Are reverse connections (i.e. the VNC server connecting to the + Q-65: Are reverse connections (i.e. the VNC server connecting to the VNC viewer) using "vncviewer -listen" and vncconnect(1) supported? As of Mar/2004 x11vnc supports reverse connections. On Unix one starts the VNC viewer in listen mode: "vncviewer -listen" (see your documentation for Windows, etc), and then starts up x11vnc with the - [447]-connect option. To connect immediately at x11vnc startup time + [452]-connect option. To connect immediately at x11vnc startup time use the "-connect host:port" option (use commas for a list of hosts to connect to.) The ":port" is optional (default is VNC listening port is 5500.) @@ -5386,11 +5542,11 @@ file is checked periodically (about once a second) for new hosts to connect to. - The [448]-remote control option (aka -R) can also be used to do this + The [453]-remote control option (aka -R) can also be used to do this during an active x11vnc session, e.g.: x11vnc -display :0 -R connect:hostname.domain - Use the "[449]-connect_or_exit" option to have x11vnc exit if the + Use the "[454]-connect_or_exit" option to have x11vnc exit if the reverse connection fails. Also, note the "-rfbport 0" option disables TCP listening for connections (potentially useful for reverse connection mode, assuming you do not want any "forward" connections.) @@ -5403,7 +5559,7 @@ X11VNC_REVERSE_CONNECTION_NO_AUTH=1" to x11vnc. Vncconnect command: To use the vncconnect(1) program (from the core - VNC package at www.realvnc.com) specify the [450]-vncconnect option to + VNC package at www.realvnc.com) specify the [455]-vncconnect option to x11vnc (Note: as of Dec/2004 -vncconnect is now the default.) vncconnect(1) must be pointed to the same X11 DISPLAY as x11vnc (since it uses X properties to communicate with x11vnc.) If you do not have @@ -5418,11 +5574,11 @@ xprop -root -f VNC_CONNECT 8s -set VNC_CONNECT "$1" - Q-65: Can reverse connections be made to go through a Web or SOCKS + Q-66: Can reverse connections be made to go through a Web or SOCKS proxy or SSH? Yes, as of Oct/2007 x11vnc supports reverse connections through - proxies: use the "[451]-proxy host:port" option. The default is to + proxies: use the "[456]-proxy host:port" option. The default is to assume the proxy is a Web proxy. Note that most Web proxies only allow proxy destination connections to ports 443 (HTTPS) and 563 (SNEWS) and so this might not be too useful unless the proxy has been modified @@ -5442,11 +5598,11 @@ connections. An experimental mode is "-proxy http://host:port/..." where the URL - (e.g. a CGI script) is retrieved via the GET method. See [452]-proxy + (e.g. a CGI script) is retrieved via the GET method. See [457]-proxy for more info. Another experimental mode is "-proxy ssh://user@host" in which case a - SSH tunnel is used for the proxying. See [453]-proxy for more info. + SSH tunnel is used for the proxying. See [458]-proxy for more info. Up to 3 proxies may be chained together by listing them by commas e.g.: "-proxy http://host1:port1,socks5://host2:port2" in case one @@ -5454,7 +5610,7 @@ listening viewer. - Q-66: Can I use x11vnc as a replacement for Xvnc? (i.e. not for a real + Q-67: Can I use x11vnc as a replacement for Xvnc? (i.e. not for a real display, but for a virtual one I keep around.) You can, but you would not be doing this for performance reasons (for @@ -5469,10 +5625,10 @@ Driver in XFree86/Xorg (see below.) In either case, one can view this desktop both remotely and also - [454]locally using vncviewer. Make sure vncviewer's "-encodings raw" + [459]locally using vncviewer. Make sure vncviewer's "-encodings raw" is in effect for local viewing (compression seems to slow things down locally.) For local viewing you set up a "bare" window manager that - just starts up vncviewer and nothing else ([455]See how below.) + just starts up vncviewer and nothing else ([460]See how below.) Here is one way to start up Xvfb: xinit -- /usr/X11R6/bin/Xvfb :1 -cc 4 -screen 0 1024x768x16 @@ -5492,19 +5648,19 @@ "screen scrape" it very efficiently (more than, say, 100X faster than normal video hardware.) - Update Nov/2006: See the [456]FINDCREATEDISPLAY discussion of the - "[457]-display WAIT:cmd=FINDDISPLAY" option where virtual (Xvfb or + Update Nov/2006: See the [461]FINDCREATEDISPLAY discussion of the + "[462]-display WAIT:cmd=FINDDISPLAY" option where virtual (Xvfb or Xdummy, or even real ones by changing an option) X servers are started automatically for new users connecting. This provides a "desktop service" for the machine. You either get your real X session or your virtual (Xvfb/Xdummy) one whenever you connect to the machine - (inetd(8) is a nice way to provide this service.) The [458]-find, - [459]-create, [460]-svc, and [461]-xdmsvc aliases can also come in + (inetd(8) is a nice way to provide this service.) The [463]-find, + [464]-create, [465]-svc, and [466]-xdmsvc aliases can also come in handy here. There are some annoyances WRT Xvfb however. The default keyboard mapping seems to be very poor. One should run x11vnc with - [462]-add_keysyms option to have keysyms added automatically. Also, to + [467]-add_keysyms option to have keysyms added automatically. Also, to add the Shift_R and Control_R modifiers something like this is needed: #!/bin/sh xmodmap -e "keycode any = Shift_R" @@ -5516,7 +5672,7 @@ xmodmap -e "keycode any = Meta_L" xmodmap -e "add Mod1 = Alt_L Alt_R Meta_L" - (note: these are applied automatically in the [463]FINDCREATEDISPLAY + (note: these are applied automatically in the [468]FINDCREATEDISPLAY mode of x11vnc.) Perhaps the Xvfb options -xkbdb or -xkbmap could be used to get a better default keyboard mapping... @@ -5531,11 +5687,11 @@ The main drawback to this method (besides requiring extra configuration and possibly root permission) is that it also does the - Linux Virtual Console/Terminal (VC/VT) [464]switching even though it + Linux Virtual Console/Terminal (VC/VT) [469]switching even though it does not need to (since it doesn't use a real framebuffer.) There are some "dual headed" (actually multi-headed/multi-user) patches to the X server that turn off the VT usage in the X server. Update: As of - Jul/2005 we have an LD_PRELOAD script [465]Xdummy that allows you to + Jul/2005 we have an LD_PRELOAD script [470]Xdummy that allows you to use a stock (i.e. unpatched) Xorg or XFree86 server with the "dummy" driver and not have any VT switching problems! Currently Xdummy needs to be run as root, but with some luck that may be relaxed in the @@ -5563,7 +5719,7 @@ vncviewer -geometry +0+0 -encodings raw -passwd $HOME/.vnc/passwd localhost:5 The display numbers (VNC and X) will likely be different (you could - also try [466]-find), and you may not need the -passwd. Recent RealVNC + also try [471]-find), and you may not need the -passwd. Recent RealVNC viewers might be this: #!/bin/sh x11vnc -display :5 -rfbport 5905 -bg @@ -5579,10 +5735,10 @@ For the general replacement of Xvnc by Xvfb+x11vnc, one user describes - a similar setup he created [467]here. + a similar setup he created [472]here. - Q-67: How can I use x11vnc on "headless" machines? Why might I want + Q-68: How can I use x11vnc on "headless" machines? Why might I want to? An interesting application of x11vnc is to let it export displays of @@ -5594,7 +5750,7 @@ An X server can be started on the headless machine (sometimes this requires configuring the X server to not fail if it cannot detect a keyboard or mouse, see the next paragraph.) Then you can export that X - display via x11vnc (e.g. see [468]this FAQ) and access it from + display via x11vnc (e.g. see [473]this FAQ) and access it from anywhere on the network via a VNC viewer. Some tips on getting X servers to start on machines without keyboard @@ -5618,15 +5774,15 @@ cards as it can hold to provide multiple simultaneous access or testing on different kinds of video hardware. - See also the [469]FINDCREATEDISPLAY discussion of the "[470]-display + See also the [474]FINDCREATEDISPLAY discussion of the "[475]-display WAIT:cmd=FINDDISPLAY" option where virtual Xvfb or Xdummy, or real X servers are started automatically for new users connecting. The - [471]-find, [472]-create, [473]-svc, and [474]-xdmsvc aliases can also + [476]-find, [477]-create, [478]-svc, and [479]-xdmsvc aliases can also come in handy here. [Resource Usage and Performance] - Q-68: I have lots of memory, but why does x11vnc fail with shmget: + Q-69: I have lots of memory, but why does x11vnc fail with shmget: No space left on device or Minor opcode of failed request: 1 (X_ShmAttach)? @@ -5644,7 +5800,7 @@ 19/03/2004 10:10:58 error creating tile-row shm for len=4 19/03/2004 10:10:58 reverting to single_copytile mode - Here is a shell script [475]shm_clear to list and prompt for removal + Here is a shell script [480]shm_clear to list and prompt for removal of your unattached shm segments (attached ones are skipped.) I use it while debugging x11vnc (I use "shm_clear -y" to assume "yes" for each prompt.) If x11vnc is regularly not cleaning up its shm segments, @@ -5678,49 +5834,49 @@ in /etc/system. See the next paragraph for more workarounds. To minimize the number of shm segments used by x11vnc try using the - [476]-onetile option (corresponds to only 3 shm segments used, and + [481]-onetile option (corresponds to only 3 shm segments used, and adding -fs 1.0 knocks it down to 2.) If you are having much trouble with shm segments, consider disabling shm completely via the - [477]-noshm option. Performance will be somewhat degraded but when + [482]-noshm option. Performance will be somewhat degraded but when done over local machine sockets it should be acceptable (see an - [478]earlier question discussing -noshm.) + [483]earlier question discussing -noshm.) - Q-69: How can I make x11vnc use less system resources? + Q-70: How can I make x11vnc use less system resources? - The [479]-nap (now on by default; use -nonap to disable) and - "[480]-wait n" (where n is the sleep between polls in milliseconds, + The [484]-nap (now on by default; use -nonap to disable) and + "[485]-wait n" (where n is the sleep between polls in milliseconds, the default is 30 or so) option are good places to start. In addition, - something like "[481]-sb 15" will cause x11vnc to go into a deep-sleep + something like "[486]-sb 15" will cause x11vnc to go into a deep-sleep mode after 15 seconds of no activity (instead of the default 60.) Reducing the X server bits per pixel depth (e.g. to 16bpp or even 8bpp) will further decrease memory I/O and network I/O. The ShadowFB X server setting will make x11vnc's screen polling less severe. Using - the [482]-onetile option will use less memory and use fewer shared - memory slots (add [483]-fs 1.0 for one less slot.) + the [487]-onetile option will use less memory and use fewer shared + memory slots (add [488]-fs 1.0 for one less slot.) - Q-70: How can I make x11vnc use MORE system resources? + Q-71: How can I make x11vnc use MORE system resources? - You can try [484]-threads (note this mode can be unstable and/or + You can try [489]-threads (note this mode can be unstable and/or crash; and as of May/2008 is strongly discouraged, see the option description) or dial down the wait time (e.g. -wait 1) and possibly - dial down [485]-defer as well. Note that if you try to increase the + dial down [490]-defer as well. Note that if you try to increase the "frame rate" too much you can bog down the server end with the extra work it needs to do compressing the framebuffer data, etc. That said, it is possible to "stream" video via x11vnc if the video window is small enough. E.g. a 256x192 xawtv TV capture window (using - the x11vnc [486]-id option) can be streamed over a LAN or wireless at + the x11vnc [491]-id option) can be streamed over a LAN or wireless at a reasonable frame rate. If the graphics card's framebuffer read rate - is [487]faster than normal then the video window size and frame rate - can be much higher. The use of [488]TurboVNC and/or TurboJPEG can make + is [492]faster than normal then the video window size and frame rate + can be much higher. The use of [493]TurboVNC and/or TurboJPEG can make the frame rate somewhat higher still (but most of this hinges on the graphics card's read rate.) - Q-71: I use x11vnc over a slow link with high latency (e.g. dialup + Q-72: I use x11vnc over a slow link with high latency (e.g. dialup modem or broadband), is there anything I can do to speed things up? Some things you might want to experiment with (many of which will help @@ -5732,7 +5888,7 @@ * Use a smaller desktop size (e.g. 1024x768 instead of 1280x1024) * Make sure the desktop background is a solid color (the background is resent every time it is re-exposed.) Consider using the - [489]-solid [color] option to try to do this automatically. + [494]-solid [color] option to try to do this automatically. * Configure your window manager or desktop "theme" to not use fancy images, shading, and gradients for the window decorations, etc. Disable window animations, etc. Maybe your desktop has a "low @@ -5741,9 +5897,9 @@ -> Use Smooth Scrolling (deselect it.) * Avoid small scrolls of large windows using the Arrow keys or scrollbar. Try to use PageUp/PageDown instead. (not so much of a - problem in x11vnc 0.7.2 if [490]-scrollcopyrect is active and + problem in x11vnc 0.7.2 if [495]-scrollcopyrect is active and detecting scrolls for the application.) - * If the [491]-wireframe option is not available (earlier than + * If the [496]-wireframe option is not available (earlier than x11vnc 0.7.2 or you have disabled it via -nowireframe) then Disable Opaque Moves and Resizes in the window manager/desktop. * However if -wireframe is active (on by default in x11vnc 0.7.2) @@ -5766,7 +5922,7 @@ noticed. VNC viewer parameters: - * Use a [492]TightVNC enabled viewer! (Actually, RealVNC 4.x viewer + * Use a [497]TightVNC enabled viewer! (Actually, RealVNC 4.x viewer with ZRLE encoding is not too bad either; some claim it is faster.) * Make sure the tight (or zrle) encoding is being used (look at @@ -5774,7 +5930,7 @@ * Request 8 bits per pixel using -bgr233 (up to 4X speedup over depth 24 TrueColor (32bpp), but colors will be off) * RealVNC 4.x viewer has some extremely low color modes (only 64 and - even 8 colors.) [493]SSVNC does too. The colors are poor, but it + even 8 colors.) [498]SSVNC does too. The colors are poor, but it is usually noticeably faster than bgr233 (256 colors.) * Try increasing the TightVNC -compresslevel (compresses more on server side before sending, but uses more CPU) @@ -5788,37 +5944,39 @@ file. x11vnc parameters: - * Make sure the [494]-wireframe option is active (it should be on by + * Make sure the [499]-wireframe option is active (it should be on by default) and you have Opaque Moves/Resizes Enabled in the window manager. - * Make sure the [495]-scrollcopyrect option is active (it should be + * Make sure the [500]-scrollcopyrect option is active (it should be on by default.) This detects scrolls in many (but not all) applications an applies the CopyRect encoding for a big speedup. * Enforce a solid background when VNC viewers are connected via - [496]-solid - * Specify [497]-speeds modem to force the wireframe and + [501]-solid + * Try x11vnc's client-side caching [502]client-side caching scheme: + [503]-ncache + * Specify [504]-speeds modem to force the wireframe and scrollcopyrect heuristic parameters (and any future ones) to those of a dialup modem connection (or supply the rd,bw,lat numerical values that characterize your link.) * If wireframe and scrollcopyrect aren't working, try using the more - drastic [498]-nodragging (no screen updates when dragging mouse, + drastic [505]-nodragging (no screen updates when dragging mouse, but sometimes you miss visual feedback) - * Set [499]-fs 1.0 (disables fullscreen updates) - * Try increasing [500]-wait or [501]-defer (reduces the maximum + * Set [506]-fs 1.0 (disables fullscreen updates) + * Try increasing [507]-wait or [508]-defer (reduces the maximum "frame rate", but won't help much for large screen changes) - * Try the [502]-progressive pixelheight mode with the block + * Try the [509]-progressive pixelheight mode with the block pixelheight 100 or so (delays sending vertical blocks since they may change while viewer is receiving earlier ones) - * If you just want to watch one (simple) window use [503]-id (cuts - down extraneous polling and updates, but can be buggy or - insufficient) - * Set [504]-nosel (disables all clipboard selection exchange) - * Use [505]-nocursor and [506]-nocursorpos (repainting the remote + * If you just want to watch one (simple) window use [510]-id or + [511]-appshare (cuts down extraneous polling and updates, but can + be buggy or insufficient) + * Set [512]-nosel (disables all clipboard selection exchange) + * Use [513]-nocursor and [514]-nocursorpos (repainting the remote cursor position and shape takes resources and round trips) * On very slow links (e.g. <= 28.8) you may need to increase the - [507]-readtimeout n setting if it sometimes takes more than 20sec + [515]-readtimeout n setting if it sometimes takes more than 20sec to paint the full screen, etc. - * Do not use [508]-fixscreen to automatically refresh the whole + * Do not use [516]-fixscreen to automatically refresh the whole screen, tap three Alt_L's then the screen has painting errors (rare problem.) @@ -5869,7 +6027,7 @@ * TBD. - Q-72: Does x11vnc support the X DAMAGE Xserver extension to find + Q-73: Does x11vnc support the X DAMAGE Xserver extension to find modified regions of the screen quickly and efficiently? Yes, as of Mar/2005 x11vnc will use the X DAMAGE extension by default @@ -5887,7 +6045,7 @@ Note that the DAMAGE extension does not speed up the actual reading of pixels from the video card framebuffer memory, by, say, mirroring them - in main memory. So reading the fb is still painfully [509]slow (e.g. + in main memory. So reading the fb is still painfully [517]slow (e.g. 5MB/sec), and so even using X DAMAGE when large changes occur on the screen the bulk of the time is still spent retrieving them. Not ideal, but use of the ShadowFB XFree86/Xorg option speeds up the reading @@ -5905,45 +6063,45 @@ DAMAGE rectangles to contain real damage. The larger rectangles are only used as hints to focus the traditional scanline polling (i.e. if a scanline doesn't intersect a recent DAMAGE rectangle, the scan is - skipped.) You can use the "[510]-xd_area A" option to adjust the size + skipped.) You can use the "[518]-xd_area A" option to adjust the size of the trusted DAMAGE rectangles. The default is 20000 pixels (e.g. a 140x140 square, etc.) Use "-xd_area 0" to disable the cutoff and trust all DAMAGE rectangles. - The option "[511]-xd_mem f" may also be of use in tuning the - algorithm. To disable using DAMAGE entirely use "[512]-noxdamage". + The option "[519]-xd_mem f" may also be of use in tuning the + algorithm. To disable using DAMAGE entirely use "[520]-noxdamage". - Q-73: My OpenGL application shows no screen updates unless I supply + Q-74: My OpenGL application shows no screen updates unless I supply the -noxdamage option to x11vnc. One user reports in his environment (MythTV using the NVIDIA OpenGL drivers) he gets no updates after the initial screen is drawn unless - he uses the "[513]-noxdamage" option. + he uses the "[521]-noxdamage" option. This seems to be a bug in the X DAMAGE implementation of that driver. You may have to use -noxdamage as well. A way to autodetect this will be tried, probably the best it will do is automatically stop using X DAMAGE. - A developer for [514]MiniMyth reports that the 'alphapulse' tag of the + A developer for [522]MiniMyth reports that the 'alphapulse' tag of the theme G.A.N.T. can also cause problems, and should be avoided when using VNC. - Update: see [515]this FAQ too. + Update: see [523]this FAQ too. - Q-74: When I drag windows around with the mouse or scroll up and down + Q-75: When I drag windows around with the mouse or scroll up and down things really bog down (unless I do the drag in a single, quick motion.) Is there anything to do to improve things? - This problem is primarily due to [516]slow hardware read rates from + This problem is primarily due to [524]slow hardware read rates from video cards: as you scroll or move a large window around the screen changes are much too rapid for x11vnc to keep up them (it can usually only read the video card at about 5-10 MB/sec, so it can take a good fraction of a second to read the changes induce from moving a large window, if this to be done a number of times in succession the window or scroll appears to "lurch" forward.) See the description in the - [517]-pointer_mode option for more info. The next bottleneck is + [525]-pointer_mode option for more info. The next bottleneck is compressing all of these changes and sending them out to connected viewers, however the VNC protocol is pretty much self-adapting with respect to that (updates are only packaged and sent when viewers ask @@ -5953,27 +6111,27 @@ default should now be much better than before and dragging small windows around should no longer be a huge pain. If for some reason these changes make matters worse, you can go back to the old way via - the "[518]-pointer_mode 1" option. + the "[526]-pointer_mode 1" option. - Also added was the [519]-nodragging option that disables all screen + Also added was the [527]-nodragging option that disables all screen updates while dragging with the mouse (i.e. mouse motion with a button held down.) This gives the snappiest response, but might be undesired in some circumstances when you want to see the visual feedback while dragging (e.g. menu traversal or text selection.) - As of Dec/2004 the [520]-pointer_mode n option was introduced. n=1 is + As of Dec/2004 the [528]-pointer_mode n option was introduced. n=1 is the original mode, n=2 an improvement, etc.. See the -pointer_mode n help for more info. - Also, in some circumstances the [521]-threads option can improve + Also, in some circumstances the [529]-threads option can improve response considerably. Be forewarned that if more than one vncviewer is connected at the same time then libvncserver may not be thread safe (try to get the viewers to use different VNC encodings, e.g. tight and ZRLE.) This option can be unstable and so as of Feb/2008 it is disabled by default. Set env. X11VNC_THREADED=1 to re-enable. - As of Apr/2005 two new options (see the [522]wireframe FAQ and - [523]scrollcopyrect FAQ below) provide schemes to sweep this problem + As of Apr/2005 two new options (see the [530]wireframe FAQ and + [531]scrollcopyrect FAQ below) provide schemes to sweep this problem under the rug for window moves or resizes and for some (but not all) window scrolls. These are the preferred way of avoiding the "lurching" problem, contact me if they are not working. Note on SuSE and some @@ -5986,7 +6144,7 @@ EndSection - Q-75: Why not do something like wireframe animations to avoid the + Q-76: Why not do something like wireframe animations to avoid the windows "lurching" when being moved or resized? Nice idea for a hack! As of Apr/2005 x11vnc by default will apply @@ -5997,8 +6155,8 @@ the window move/resize stops, it returns to normal processing: you should only see the window appear in the new position. This spares you from interacting with a "lurching" window between all of the - intermediate steps. BTW the lurching is due to [524]slow video card - read rates (see [525]here too.) A displacement, even a small one, of a + intermediate steps. BTW the lurching is due to [532]slow video card + read rates (see [533]here too.) A displacement, even a small one, of a large window requires a non-negligible amount of time, a good fraction of a second, to read in from the hardware framebuffer. @@ -6006,7 +6164,7 @@ for -wireframe to do any good. The mode is currently on by default because most people are afflicted - with the problem. It can be disabled with the [526]-nowireframe option + with the problem. It can be disabled with the [534]-nowireframe option (aka -nowf.) Why might one want to turn off the wireframing? Since x11vnc is merely guessing when windows are being moved/resized, it may guess poorly for your window-manager or desktop, or even for the way @@ -6052,13 +6210,13 @@ * Maximum time to show a wireframe animation. * Minimum time between sending wireframe outlines. - See the [527]"-wireframe tweaks" option for more details. On a slow + See the [535]"-wireframe tweaks" option for more details. On a slow link, e.g. dialup modem, the parameters may be automatically adjusted for better response. CopyRect encoding: In addition to the above there is the - [528]"-wirecopyrect mode" option. It is also on by default. This + [536]"-wirecopyrect mode" option. It is also on by default. This instructs x11vnc to not only show the wireframe animation, but to also instruct all connected VNC viewers to locally translate the window image data from the original position to the new position on the @@ -6089,7 +6247,7 @@ -nowirecopyrect if this or other painting errors are unacceptable. - Q-76: Can x11vnc try to apply heuristics to detect when a window is + Q-77: Can x11vnc try to apply heuristics to detect when a window is scrolling its contents and use the CopyRect encoding for a speedup? Another nice idea for a hack! As of May/2005 x11vnc will by default @@ -6106,7 +6264,7 @@ requiring the image data to be transmitted over the network. For fast links the speedup is primarily due to x11vnc not having to read the scrolled framebuffer data from the X server (recall that reading from - the hardware framebuffer is [529]slow.) + the hardware framebuffer is [537]slow.) To do this x11vnc uses the RECORD X extension to snoop the X11 protocol between the X client with the focus window and the X server. @@ -6133,10 +6291,10 @@ the X server display: if one falls too far behind it could become a mess... - The initial implementation of [530]-scrollcopyrect option is useful in + The initial implementation of [538]-scrollcopyrect option is useful in that it detects many scrolls and thus gives a much nicer working - environment (especially when combined with the [531]-wireframe - [532]-wirecopyrect [533]options, which are also on by default; and if + environment (especially when combined with the [539]-wireframe + [540]-wirecopyrect [541]options, which are also on by default; and if you are willing to enable the ShadowFB things are very fast.) The fact that there aren't long delays or lurches during scrolling is the primary improvement. @@ -6169,10 +6327,10 @@ One can tap the Alt_L key (Left "Alt" key) 3 times in a row to signal x11vnc to refresh the screen to all viewers. Your VNC-viewer may have its own screen refresh hot-key or button. See - also: [534]-fixscreen + also: [542]-fixscreen * Some applications, notably OpenOffice, do XCopyArea scrolls in weird ways that assume ancestor window clipping is taking place. - See the [535]-scr_skip option for ways to tweak this on a + See the [543]-scr_skip option for ways to tweak this on a per-application basis. * Selecting text while dragging the mouse may be slower, especially if the Button-down event happens near the window's edge. This is @@ -6189,7 +6347,7 @@ because it fails to detect scrolls in it. Sometimes clicking inside the application window or selecting some text in it to force the focus helps. - * When using the [536]-scale option there will be a quick CopyRect + * When using the [544]-scale option there will be a quick CopyRect scroll, but it needs to be followed by a slower "cleanup" update. This is because for a fixed finite screen resolution (e.g. 75 dpi) scaling and copyrect-ing are not exactly independent. Scaling @@ -6202,7 +6360,7 @@ If you find the -scrollcopyrect behavior too approximate or distracting you can go back to the standard polling-only update method - with the [537]-noscrollcopyrect (or -noscr for short.) If you find + with the [545]-noscrollcopyrect (or -noscr for short.) If you find some extremely bad and repeatable behavior for -scrollcopyrect please report a bug. @@ -6223,13 +6381,13 @@ errors. - Q-77: Can x11vnc do client-side caching of pixel data? I.e. so when + Q-78: Can x11vnc do client-side caching of pixel data? I.e. so when that pixel data is needed again it does not have to be retransmitted over the network. - As of Dec/2006 in the [538]0.9 development tarball there is an + As of Dec/2006 in the [546]0.9 development tarball there is an experimental client-side caching implementation enabled by the - "[539]-ncache n" option. In fact, during the test period it was on by + "[547]-ncache n" option. In fact, during the test period it was on by default with n set to 10. To disable it use "-noncache". It is a simple scheme where a (very large) lower portion of the @@ -6256,7 +6414,7 @@ there is a bug: you can scroll down in your viewer and see a strange "history" of windows on your desktop. This is working as intended. One will need to try to adjust the size of his VNC Viewer window so the - cache area cannot be seen. [540]SSVNC (see below) can do this + cache area cannot be seen. [548]SSVNC (see below) can do this automatically. At some point LibVNCServer may implement a "rfbFBCrop" pseudoencoding @@ -6266,7 +6424,7 @@ rendering...) The Enhanced TightVNC Viewer (SSVNC) Unix viewer has a nice - [541]-ycrop option to help hide the pixel cache area from view. It + [549]-ycrop option to help hide the pixel cache area from view. It will turn on automatically if the framebuffer appears to be very tall (height more than twice the width), or you can supply the actual value for the height. If the screen is resized by scaling, etc, the ycrop @@ -6297,7 +6455,7 @@ an additional factor of 2 in memory use. However, even in the smallest usage mode with n equal 2 and - [542]-ncache_no_rootpixmap set (this requires only 2X additional + [550]-ncache_no_rootpixmap set (this requires only 2X additional framebuffer memory) there is still a noticable improvement for many activities, although it is not as dramatic as with, say n equal 12 and rootpixmap (desktop background) caching enabled. @@ -6308,7 +6466,7 @@ be tuned to use less, or the VNC community will extend the protocol to allow caching and replaying of compressed blobs of data. - Another option to experiment with is "[543]-ncache_cr". By specifying + Another option to experiment with is "[551]-ncache_cr". By specifying it, x11vnc will try to do smooth opaque window moves instead of its wireframe. This can give a very nice effect (note: on Unix the realvnc viewer seems to be smoother than the tightvnc viewer), but can lead to @@ -6361,28 +6519,28 @@ improving VNC performance by client side caching. - Q-78: Does x11vnc support TurboVNC? + Q-79: Does x11vnc support TurboVNC? As of Feb/2009 (development tarball) there is an experimental kludge to let you build x11vnc using TurboVNC's modified TightVNC encoding. - [544]TurboVNC is part of the [545]VirtualGL project. It does two main + [552]TurboVNC is part of the [553]VirtualGL project. It does two main things to speed up the TightVNC encoding: * It eliminates bottlenecks, overheads, wait-times in the TightVNC encoding implementation and instead only worries about sending very well (and quickly) compressed JPEG data. * A fast proprietary JPEG implemention is used (Intel IPP on x86) - instead of the usual libjpeg implementation. [546]TurboJPEG is an + instead of the usual libjpeg implementation. [554]TurboJPEG is an interface library, libturbojpeg, provided by the project that achieves this. TurboVNC works very well over LAN and evidently fast Broadband too. When using it with x11vnc in such a situation you may want to dial - down the delays, e.g. "[547]-wait 5" and "[548]-defer 5" (or even a + down the delays, e.g. "[555]-wait 5" and "[556]-defer 5" (or even a smaller setting) to poll and pump things out more quickly. See the instructions in "x11vnc/misc/turbovnc/README" for how to build x11vnc with TurboVNC support. You will also need to download the - [549]TurboJPEG software. + [557]TurboJPEG software. In brief, the steps look like this: cd x11vnc-x.y.z/x11vnc/misc/turbovnc @@ -6394,22 +6552,22 @@ where you replace "/DIR" with the directory containing libturbojpeg.so you downloaded separately. If it works out well enough TurboVNC support will be integrated into x11vnc and more of its tuning features - will be implemented. Support for TurboVNC in [550]SSVNC viewer has + will be implemented. Support for TurboVNC in [558]SSVNC viewer has been added as an experiment as well. If you try either one, let us know how it went. There also may be some Linux.i686 and Darwin.i386 x11vnc binaries with - TurboVNC support in the [551]misc. bins directory. For other platforms + TurboVNC support in the [559]misc. bins directory. For other platforms you will need to compile yourself. On relatively cheap and old hardware (Althon64 X2 5000+ / GeForce - 6200) x11vnc and [552]SSVNC, both TurboVNC enabled, were able to + 6200) x11vnc and [560]SSVNC, both TurboVNC enabled, were able to sustain 13.5 frames/sec (fps) and 15 Megapixels/sec using the VirtualGL supplied OpenGL benchmark program glxspheres. VirtualGL on - higher-end hardware can sustain [553]20-30 fps with the glxspheres + higher-end hardware can sustain [561]20-30 fps with the glxspheres benchmark. - Potential Slowdown: As we describe [554]elsewhere, unless you use + Potential Slowdown: As we describe [562]elsewhere, unless you use x11vnc with an X server using, say, NVidia proprietary drivers (or a virtual X server like Xvfb or Xdummy, or in ShadowFB mode), then the read rate from the graphics card can be rather slow (e.g. 10 MB/sec) @@ -6434,7 +6592,7 @@ [Mouse Cursor Shapes] - Q-79: Why isn't the mouse cursor shape (the little icon shape where + Q-80: Why isn't the mouse cursor shape (the little icon shape where the mouse pointer is) correct as I move from window to window? On X servers supporting XFIXES or Solaris/IRIX Overlay extensions it @@ -6449,23 +6607,23 @@ this is because the cursor shape is often downloaded to the graphics hardware (video card), but I could be mistaken. - A simple kludge is provided by the "[555]-cursor X" option that + A simple kludge is provided by the "[563]-cursor X" option that changes the cursor when the mouse is on the root background (or any window has the same cursor as the root background.) Note that desktops like GNOME or KDE often cover up the root background, so this won't - work for those cases. Also see the "[556]-cursor some" option for + work for those cases. Also see the "[564]-cursor some" option for additional kludges. Note that as of Aug/2004 on Solaris using the SUN_OVL overlay extension and IRIX, x11vnc can show the correct mouse cursor when the - [557]-overlay option is supplied. See [558]this FAQ for more info. + [565]-overlay option is supplied. See [566]this FAQ for more info. Also as of Dec/2004 XFIXES X extension support has been added to allow exact extraction of the mouse cursor shape. XFIXES fixes the problem of the cursor-shape being write-only: x11vnc can now query the X server for the current shape and send it back to the connected viewers. XFIXES is available on recent Linux Xorg based distros and - [559]Solaris 10. + [567]Solaris 10. The only XFIXES issue is the handling of alpha channel transparency in cursors. If a cursor has any translucency then in general it must be @@ -6473,10 +6631,10 @@ situations where the cursor transparency can also handled exactly: when the VNC Viewer requires the cursor shape be drawn into the VNC framebuffer or if you apply a patch to your VNC Viewer to extract - hidden alpha channel data under 32bpp. [560]Details can be found here. + hidden alpha channel data under 32bpp. [568]Details can be found here. - Q-80: When using XFIXES cursorshape mode, some of the cursors look + Q-81: When using XFIXES cursorshape mode, some of the cursors look really bad with extra black borders around the cursor and other cruft. How can I improve their appearance? @@ -6506,17 +6664,17 @@ for most cursor themes and you don't have to worry about it. In case it still looks bad for your cursor theme, there are (of - course!) some tunable parameters. The "[561]-alphacut n" option lets + course!) some tunable parameters. The "[569]-alphacut n" option lets you set the threshold "n" (between 0 and 255): cursor pixels with alpha values below n will be considered completely transparent while values equal to or above n will be completely opaque. The default is - 240. The "[562]-alphafrac f" option tries to correct individual + 240. The "[570]-alphafrac f" option tries to correct individual cursors that did not fare well with the default -alphacut value: if a cursor has less than fraction f (between 0.0 and 1.0) of its pixels selected by the default -alphacut, the threshold is lowered until f of its pixels are selected. The default fraction is 0.33. - Finally, there is an option [563]-alpharemove that is useful for + Finally, there is an option [571]-alpharemove that is useful for themes where many cursors are light colored (e.g. "whiteglass".) XFIXES returns the cursor data with the RGB values pre-multiplied by the alpha value. If the white cursors look too grey, specify @@ -6534,7 +6692,7 @@ heavily on redglass) look fine with the apparent default of alphacut:255. - Q-81: In XFIXES mode, are there any hacks to handle cursor + Q-82: In XFIXES mode, are there any hacks to handle cursor transparency ("alpha channel") exactly? As of Jan/2005 libvncserver has been modified to allow an alpha @@ -6542,10 +6700,10 @@ alpha channel data to libvncserver. However, this data will only be used for VNC clients that do not support the CursorShapeUpdates VNC extension (or have disabled it.) It can be disabled for all clients - with the [564]-nocursorshape x11vnc option. In this case the cursor is + with the [572]-nocursorshape x11vnc option. In this case the cursor is drawn, correctly blended with the background, into the VNC framebuffer before being sent out to the client. So the alpha blending is done on - the x11vnc side. Use the [565]-noalphablend option to disable this + the x11vnc side. Use the [573]-noalphablend option to disable this behavior (always approximate transparent cursors with opaque RGB values.) @@ -6569,17 +6727,17 @@ example on how to change the Windows TightVNC viewer to achieve the same thing (send me the patch if you get that working.) - This patch is applied to the [566]Enhanced TightVNC Viewer (SSVNC) + This patch is applied to the [574]Enhanced TightVNC Viewer (SSVNC) package we provide. [Mouse Pointer] - Q-82: Why does the mouse arrow just stay in one corner in my + Q-83: Why does the mouse arrow just stay in one corner in my vncviewer, whereas my cursor (that does move) is just a dot? - This default takes advantage of a [567]tightvnc extension + This default takes advantage of a [575]tightvnc extension (CursorShapeUpdates) that allows specifying a cursor image shape for - the local VNC viewer. You may disable it with the [568]-nocursor + the local VNC viewer. You may disable it with the [576]-nocursor option to x11vnc if your viewer does not have this extension. Note: as of Aug/2004 this should be fixed: the default for @@ -6588,22 +6746,22 @@ can also be disabled via -nocursor. - Q-83: Can I take advantage of the TightVNC extension to the VNC + Q-84: Can I take advantage of the TightVNC extension to the VNC protocol where Cursor Positions Updates are sent back to all connected clients (i.e. passive viewers can see the mouse cursor being moved around by another viewer)? - Use the [569]-cursorpos option when starting x11vnc. A VNC viewer must + Use the [577]-cursorpos option when starting x11vnc. A VNC viewer must support the Cursor Positions Updates for the user to see the mouse motions (the TightVNC viewers support this.) As of Aug/2004 -cursorpos - is the default. See also [570]-nocursorpos and [571]-nocursorshape. + is the default. See also [578]-nocursorpos and [579]-nocursorshape. - Q-84: Is it possible to swap the mouse buttons (e.g. left-handed + Q-85: Is it possible to swap the mouse buttons (e.g. left-handed operation), or arbitrarily remap them? How about mapping button clicks to keystrokes, e.g. to partially emulate Mouse wheel scrolling? - You can remap the mouse buttons via something like: [572]-buttonmap + You can remap the mouse buttons via something like: [580]-buttonmap 13-31 (or perhaps 12-21.) Also, note that xmodmap(1) lets you directly adjust the X server's button mappings, but in some circumstances it might be more desirable to have x11vnc do it. @@ -6611,7 +6769,7 @@ One user had an X server with only one mouse button(!) and was able to map all of the VNC client mouse buttons to it via: -buttonmap 123-111. - Note that the [573]-debug_pointer option prints out much info for + Note that the [581]-debug_pointer option prints out much info for every mouse/pointer event and is handy in solving problems. To map mouse button clicks to keystrokes you can use the alternate @@ -6633,7 +6791,7 @@ Exactly what keystroke "scrolling" events they should be bound to depends on one's taste. If this method is too approximate, one could - consider not using [574]-buttonmap but rather configuring the X server + consider not using [582]-buttonmap but rather configuring the X server to think it has a mouse with 5 buttons even though the physical mouse does not. (e.g. 'Option "ZAxisMapping" "4 5"'.) @@ -6660,10 +6818,10 @@ "click" usually gives a multi-line scroll.) [Keyboard Issues] - Q-85: How can I get my AltGr and Shift modifiers to work between + Q-86: How can I get my AltGr and Shift modifiers to work between keyboards for different languages? - The option [575]-modtweak should help here. It is a mode that monitors + The option [583]-modtweak should help here. It is a mode that monitors the state of the Shift and AltGr Modifiers and tries to deduce the correct keycode to send, possibly by sending fake modifier key presses and releases in addition to the actual keystroke. @@ -6672,25 +6830,25 @@ to get the old behavior.) This was done because it was noticed on newer XFree86 setups even on bland "us" keyboards like "pc104 us" XFree86 included a "ghost" key with both "<" and ">" it. This key does - not exist on the keyboard (see [576]this FAQ for more info.) Without + not exist on the keyboard (see [584]this FAQ for more info.) Without -modtweak there was then an ambiguity in the reverse map keysym => keycode, making it so the "<" symbol could not be typed. - Also see the [577]FAQ about the -xkb option for a more powerful method + Also see the [585]FAQ about the -xkb option for a more powerful method of modifier tweaking for use on X servers with the XKEYBOARD extension. When trying to resolve keyboard mapping problems, note that the - [578]-debug_keyboard option prints out much info for every keystroke + [586]-debug_keyboard option prints out much info for every keystroke and so can be useful debugging things. Note that one user had a strange setup and none of the above helped. - His solution was to disable all of the above and use [579]-nomodtweak. + His solution was to disable all of the above and use [587]-nomodtweak. This is the simplest form of keystroke insertion and it actually solved the problem. Try it if the other options don't help. - Q-86: When I try to type a "<" (i.e. less than) instead I get ">" + Q-87: When I try to type a "<" (i.e. less than) instead I get ">" (i.e. greater than)! Strangely, typing ">" works OK!! Does your keyboard have a single key with both "<" and ">" on it? Even @@ -6698,9 +6856,9 @@ (e.g. pc105 in the XF86Config file when it should be something else, say pc104.) - Short Cut: Try the [580]-xkb or [581]-sloppy_keys options and see if + Short Cut: Try the [588]-xkb or [589]-sloppy_keys options and see if that helps the situation. The discussion below is a bit outdated (e.g. - [582]-modtweak is now the default) but it is useful reference for + [590]-modtweak is now the default) but it is useful reference for various tricks and so is kept. @@ -6743,25 +6901,25 @@ -remap less-comma These are convenient in that they do not modify the actual X server - settings. The former ([583]-modtweak) is a mode that monitors the + settings. The former ([591]-modtweak) is a mode that monitors the state of the Shift and AltGr modifiers and tries to deduce the correct keycode sequence to send. Since Jul/2004 -modtweak is now the default. - The latter ([584]-remap less-comma) is an immediate remapping of the + The latter ([592]-remap less-comma) is an immediate remapping of the keysym less to the keysym comma when it comes in from a client (so when Shift is down the comma press will yield "<".) - See also the [585]FAQ about the -xkb option as a possible workaround + See also the [593]FAQ about the -xkb option as a possible workaround using the XKEYBOARD extension. - Note that the [586]-debug_keyboard option prints out much info for + Note that the [594]-debug_keyboard option prints out much info for every keystroke to aid debugging keyboard problems. - Q-87: Extra Character Inserted, E.g.: When I try to type a "<" (i.e. + Q-88: Extra Character Inserted, E.g.: When I try to type a "<" (i.e. less than) instead I get "<," (i.e. an extra comma.) This is likely because you press "Shift" then "<" but then released - the Shift key before releasing the "<". Because of a [587]keymapping + the Shift key before releasing the "<". Because of a [595]keymapping ambiguity the last event "< up" is interpreted as "," because that key unshifted is the comma. @@ -6769,16 +6927,16 @@ characters: in general it can happen whenever the Shift key is released early. - This should not happen in [588]-xkb mode, because it works hard to + This should not happen in [596]-xkb mode, because it works hard to resolve the ambiguities. If you do not want to use -xkb, try the - option [589]-sloppy_keys to attempt a similar type of algorithm. + option [597]-sloppy_keys to attempt a similar type of algorithm. One user had this problem for Italian and German keyboards with the key containing ":" and "." When he typed ":" he would get an extra "." inserted after the ":". The solution was -sloppy_keys. - Q-88: I'm using an "international" keyboard (e.g. German "de", or + Q-89: I'm using an "international" keyboard (e.g. German "de", or Danish "dk") and the -modtweak mode works well if the VNC viewer is run on a Unix/Linux machine with a similar keyboard. But if I run the VNC viewer on Unix/Linux with a different keyboard (e.g. "us") or @@ -6799,7 +6957,7 @@ In both cases no AltGr is sent to the VNC server, but we know AltGr is needed on the physical international keyboard to type a "@". - This all worked fine with x11vnc running with the [590]-modtweak + This all worked fine with x11vnc running with the [598]-modtweak option (it figures out how to adjust the Modifier keys (Shift or AltGr) to get the "@".) However it fails under recent versions of XFree86 (and the X.org fork.) These run the XKEYBOARD extension by @@ -6816,7 +6974,7 @@ * there is a new option -xkb to use the XKEYBOARD extension API to do the Modifier key tweaking. - The [591]-xkb option seems to fix all of the missing keys: "@", "<", + The [599]-xkb option seems to fix all of the missing keys: "@", "<", ">", etc.: it is recommended that you try it if you have this sort of problem. Let us know if there are any remaining problems (see the next paragraph for some known problems.) If you specify the -debug_keyboard @@ -6824,7 +6982,7 @@ debugging output (send it along with any problems you report.) Update: as of Jun/2005 x11vnc will try to automatically enable - [592]-xkb if it appears that would be beneficial (e.g. if it sees any + [600]-xkb if it appears that would be beneficial (e.g. if it sees any of "@", "<", ">", "[" and similar keys are mapped in a way that needs the -xkb to access them.) To disable this automatic check use -noxkb. @@ -6839,7 +6997,7 @@ was attached to keycode 93 (no physical key generates this keycode) while ISO_Level3_Shift was attached to keycode 113. The keycode skipping option was used to disable the ghost key: - [593]-skip_keycodes 93 + [601]-skip_keycodes 93 * In implementing -xkb we noticed that some characters were still not getting through, e.g. "~" and "^". This is not really an XKEYBOARD problem. What was happening was the VNC viewer was @@ -6857,16 +7015,16 @@ What to do? In general the VNC protocol has not really solved this problem: what should be done if the VNC viewer sends a keysym not recognized by the VNC server side? Workarounds can possibly be - created using the [594]-remap x11vnc option: + created using the [602]-remap x11vnc option: -remap asciitilde-dead_tilde,asciicircum-dead_circumflex etc. Use -remap filename if the list is long. Please send us your workarounds for this problem on your keyboard. Perhaps we can have x11vnc adjust automatically at some point. Also see the - [595]-add_keysyms option in the next paragraph. - Update: for convenience "[596]-remap DEAD" does many of these + [603]-add_keysyms option in the next paragraph. + Update: for convenience "[604]-remap DEAD" does many of these mappings at once. - * To complement the above workaround using the [597]-remap, an - option [598]-add_keysyms was added. This option instructs x11vnc + * To complement the above workaround using the [605]-remap, an + option [606]-add_keysyms was added. This option instructs x11vnc to bind any unknown Keysyms coming in from VNC viewers to unused Keycodes in the X server. This modifies the global state of the X server. When x11vnc exits it removes the extra keymappings it @@ -6877,7 +7035,7 @@ disable. - Q-89: When typing I sometimes get double, triple, or more of my + Q-90: When typing I sometimes get double, triple, or more of my keystrokes repeated. I'm sure I only typed them once, what can I do? This may be due to an interplay between your X server's key autorepeat @@ -6885,7 +7043,7 @@ Short answer: disable key autorepeating by running the command "xset r off" on the Xserver where x11vnc is run (restore via "xset r on") or - use the new (Jul/2004) [599]-norepeat x11vnc option. You will still + use the new (Jul/2004) [607]-norepeat x11vnc option. You will still have autorepeating because that is taken care of on your VNC viewer side. @@ -6909,18 +7067,18 @@ off", does the problem go away? The workaround is to manually apply "xset r off" and "xset r on" as - needed, or to use the [600]-norepeat (which has since Dec/2004 been + needed, or to use the [608]-norepeat (which has since Dec/2004 been made the default.) Note that with X server autorepeat turned off the VNC viewer side of the connection will (nearly always) do its own autorepeating so there is no big loss here, unless someone is also working at the physical display and misses his autorepeating. - Q-90: The x11vnc -norepeat mode is in effect, but I still get repeated + Q-91: The x11vnc -norepeat mode is in effect, but I still get repeated keystrokes!! Are you using x11vnc to log in to an X session via display manager? - (as described in [601]this FAQ) If so, x11vnc is starting before your + (as described in [609]this FAQ) If so, x11vnc is starting before your session and it disables autorepeat when you connect, but then after you log in your session startup (GNOME, KDE, ...) could be resetting the autorepeat to be on. Or it could be something inside your desktop @@ -6940,7 +7098,7 @@ should figure out how to disable that somehow. - Q-91: After using x11vnc for a while, I find that I cannot type some + Q-92: After using x11vnc for a while, I find that I cannot type some (or any) characters or my mouse clicks and drags no longer have any effect, or they lead to strange effects. What happened? @@ -6981,11 +7139,11 @@ desktop manages these "warps". If the viewer is not notified it cannot know it needs to release the modifiers. - You can also use the [602]-clear_mods option to try to clear all of + You can also use the [610]-clear_mods option to try to clear all of the modifier keys at x11vnc startup. You will still have to be careful that you do not leave the modifier key pressed down during your session. It is difficult to prevent this problem from occurring (short - of using [603]-remap to prevent sending all of the problem modifier + of using [611]-remap to prevent sending all of the problem modifier keys, which would make the destkop pretty unusable.) During a session these x11vnc remote control commands can also help: @@ -6998,16 +7156,16 @@ Num_Lock down. When these are locked on the remote side it can sometimes lead to strange desktop behavior (e.g. cannot drag or click on windows.) As above you may not notice this because the lock isn't - down on the local (Viewer) side. See [604]this FAQ on lock keys - problem. These options may help avoid the problem: [605]-skip_lockkeys - and [606]-capslock. See also [607]-clear_all. + down on the local (Viewer) side. See [612]this FAQ on lock keys + problem. These options may help avoid the problem: [613]-skip_lockkeys + and [614]-capslock. See also [615]-clear_all. - Q-92: The machine where I run x11vnc has an AltGr key, but the local + Q-93: The machine where I run x11vnc has an AltGr key, but the local machine where I run the VNC viewer does not. Is there a way I can map a local unused key to send an AltGr? How about a Compose key as well? - Something like "[608]-remap Super_R-Mode_switch" x11vnc option may + Something like "[616]-remap Super_R-Mode_switch" x11vnc option may work. Note that Super_R is the "Right Windoze(tm) Flaggie" key; you may want to choose another. The -debug_keyboard option comes in handy in finding keysym names (so does xev(1).) @@ -7018,7 +7176,7 @@ specify remappings from a file. - Q-93: I have a Sun machine I run x11vnc on. Its Sun keyboard has just + Q-94: I have a Sun machine I run x11vnc on. Its Sun keyboard has just one Alt key labelled "Alt" and two Meta keys labelled with little diamonds. The machine where I run the VNC viewer only has Alt keys. How can I send a Meta keypress? (e.g. emacs needs this) @@ -7030,13 +7188,13 @@ Since xmodmap(1) modifies the X server mappings you may not want to do this (because it affects local work on that machine.) Something like - the [609]-remap Alt_L-Meta_L to x11vnc may be sufficient for ones + the [617]-remap Alt_L-Meta_L to x11vnc may be sufficient for ones needs, and does not modify the X server environment. Note that you cannot send Alt_L in this case, maybe -remap Super_L-Meta_L would be a better choice if the Super_L key is typically unused in Unix. - Q-94: Running x11vnc on HP-UX I cannot type "#" I just get a "3" + Q-95: Running x11vnc on HP-UX I cannot type "#" I just get a "3" instead. One user reports this problem on HP-UX Rel_B.11.23. The problem was @@ -7050,7 +7208,7 @@ and similar triple mappings (with two in the AltGr/Mode_switch group) of a keysum to a single keycode. - Use the [610]-nomodtweak option as a workaround. You can also use + Use the [618]-nomodtweak option as a workaround. You can also use xmodmap to correct these mappings in the server, e.g.: xmodmap -e "keycode 47 = 3 numbersign" @@ -7059,12 +7217,12 @@ handle these mappings better. - Q-95: Can I map a keystroke to a mouse button click on the remote + Q-96: Can I map a keystroke to a mouse button click on the remote machine? This can be done directly in some X servers using AccessX and Pointer_EnableKeys, but is a bit awkward. It may be more convenient to - have x11vnc do the remapping. This can be done via the [611]-remap + have x11vnc do the remapping. This can be done via the [619]-remap option using the fake "keysyms" Button1, Button2, etc. as the "to" keys (i.e. the ones after the "-") @@ -7073,7 +7231,7 @@ button "paste" because (using XFree86/Xorg Emulate3Buttons) you have to click both buttons on the touch pad at the same time. This remapping: - [612]-remap Super_R-Button2 + [620]-remap Super_R-Button2 maps the Super_R "flag" key press to the Button2 click, thereby making X pasting a bit easier. @@ -7082,7 +7240,7 @@ are generated immediately on the x11vnc side. When the key is released (i.e. goes up) no events are generated. - Q-96: How can I get Caps_Lock to work between my VNC viewer and + Q-97: How can I get Caps_Lock to work between my VNC viewer and x11vnc? This is a little tricky because it is possible to get the Caps_Lock @@ -7092,13 +7250,13 @@ Caps_Lock in the viewer your local machine goes into the Caps_Lock on state and sends keysym "A" say when you press "a". x11vnc will then fake things up so that Shift is held down to generate "A". The - [613]-skip_lockkeys option should help to accomplish this. For finer - grain control use something like: "[614]-remap Caps_Lock-None". + [621]-skip_lockkeys option should help to accomplish this. For finer + grain control use something like: "[622]-remap Caps_Lock-None". - Also try the [615]-nomodtweak and [616]-capslock options. + Also try the [623]-nomodtweak and [624]-capslock options. Another useful option that turns off any Lock keys on the remote side - at startup and end is the [617]-clear_all option. During a session you + at startup and end is the [625]-clear_all option. During a session you can run these remote control commands to modify the Lock keys: x11vnc -R clear_locks x11vnc -R clear_all @@ -7108,7 +7266,7 @@ etc.) [Screen Related Issues and Features] - Q-97: The remote display is larger (in number of pixels) than the + Q-98: The remote display is larger (in number of pixels) than the local display I am running the vncviewer on. I don't like the vncviewer scrollbars, what I can do? @@ -7127,15 +7285,15 @@ There may also be scaling viewers out there (e.g. TightVNC or UltraVNC on Windows) that automatically shrink or expand the remote framebuffer to fit the local display. Especially for hand-held devices. See also - [618]the next FAQ on x11vnc scaling. + [626]the next FAQ on x11vnc scaling. - Q-98: Does x11vnc support server-side framebuffer scaling? (E.g. to + Q-99: Does x11vnc support server-side framebuffer scaling? (E.g. to make the desktop smaller.) As of Jun/2004 x11vnc provides basic server-side scaling. It is a global scaling of the desktop, not a per-client setting. To enable it - use the "[619]-scale fraction" option. "fraction" can either be a + use the "[627]-scale fraction" option. "fraction" can either be a floating point number (e.g. -scale 0.75) or the alternative m/n fraction notation (e.g. -scale 3/4.) Note that if fraction is greater than one the display is magnified. @@ -7160,7 +7318,7 @@ One can also use the ":nb" with an integer scale factor (say "-scale 2:nb") to use x11vnc as a screen magnifier for vision impaired - [620]applications. Since with integer scale factors the framebuffers + [628]applications. Since with integer scale factors the framebuffers become huge and scaling operations time consuming, be sure to use ":nb" for the fastest response. @@ -7186,7 +7344,7 @@ If one desires per-client scaling for something like 1:1 from a workstation and 1:2 from a smaller device (e.g. handheld), currently the only option is to run two (or more) x11vnc processes with - different scalings listening on separate ports ([621]-rfbport option, + different scalings listening on separate ports ([629]-rfbport option, etc.) Update: As of May/2006 x11vnc also supports the UltraVNC server-side @@ -7196,8 +7354,8 @@ "-rfbversion 3.6" for this to be recognized by UltraVNC viewers. BTW, whenever you run two or more x11vnc's on the same X display and - use the [622]GUI, then to avoid all of the x11vnc's simultaneously - answering the gui you will need to use something like [623]"-connect + use the [630]GUI, then to avoid all of the x11vnc's simultaneously + answering the gui you will need to use something like [631]"-connect file1 -gui ..." with different connect files for each x11vnc you want to control via the gui (or remote-control.) The "-connect file1" usage gives separate communication channels between a x11vnc process and the @@ -7206,12 +7364,12 @@ Update: As of Mar/2005 x11vnc now scales the mouse cursor with the same scale factor as the screen. If you don't want that, use the - [624]"-scale_cursor frac" option to set the cursor scaling to a + [632]"-scale_cursor frac" option to set the cursor scaling to a different factor (e.g. use "-scale_cursor 1" to keep the cursor at its natural unscaled size.) - Q-99: Does x11vnc work with Xinerama? (i.e. multiple monitors joined + Q-100: Does x11vnc work with Xinerama? (i.e. multiple monitors joined together to form one big, single screen.) Yes, it should generally work because it simply polls the big @@ -7234,26 +7392,26 @@ screen is not rectangular (e.g. 1280x1024 and 1024x768 monitors joined together), then there will be "non-existent" areas on the screen. The X server will return "garbage" image data for these areas and so they - may be distracting to the viewer. The [625]-blackout x11vnc option + may be distracting to the viewer. The [633]-blackout x11vnc option allows you to blacken-out rectangles by manually specifying their WxH+X+Y geometries. If your system has the libXinerama library, the - [626]-xinerama x11vnc option can be used to have it automatically + [634]-xinerama x11vnc option can be used to have it automatically determine the rectangles to be blackened out. (Note on 8bpp PseudoColor displays the fill color may not be black.) Update: - [627]-xinerama is now on by default. + [635]-xinerama is now on by default. Some users have reported that the mouse does not behave properly for their Xinerama display: i.e. the mouse cannot be moved to all regions - of the large display. If this happens try using the [628]-xwarppointer + of the large display. If this happens try using the [636]-xwarppointer option. This instructs x11vnc to fake mouse pointer motions using the XWarpPointer function instead of the XTestFakeMotionEvent XTEST function. (This may be due to a bug in the X server for XTEST when - Xinerama is enabled.) Update: As of Dec/2006 [629]-xwarppointer will + Xinerama is enabled.) Update: As of Dec/2006 [637]-xwarppointer will be applied automatically if Xinerama is detected. To disable use: -noxwarppointer - Q-100: Can I use x11vnc on a multi-headed display that is not Xinerama + Q-101: Can I use x11vnc on a multi-headed display that is not Xinerama (i.e. separate screens :0.0, :0.1, ... for each monitor)? You can, but it is a little bit awkward: you must start separate @@ -7271,32 +7429,32 @@ Note: if you are running on Solaris 8 or earlier you can easily hit up against the maximum of 6 shm segments per process (for Xsun in this case) from running multiple x11vnc processes. You should modify - /etc/system as mentioned in another [630]FAQ to increase the limit. It - is probably also a good idea to run with the [631]-onetile option in + /etc/system as mentioned in another [638]FAQ to increase the limit. It + is probably also a good idea to run with the [639]-onetile option in this case (to limit each x11vnc to 3 shm segments), or even - [632]-noshm to use no shm segments. + [640]-noshm to use no shm segments. - Q-101: Can x11vnc show only a portion of the display? (E.g. for a + Q-102: Can x11vnc show only a portion of the display? (E.g. for a special purpose application or a very large screen.) - As of Mar/2005 x11vnc has the "[633]-clip WxH+X+Y" option to select a + As of Mar/2005 x11vnc has the "[641]-clip WxH+X+Y" option to select a rectangle of width W, height H and offset (X, Y). Thus the VNC screen will be the clipped sub-region of the display and be only WxH in size. - One user used -clip to split up a large [634]Xinerama screen into two + One user used -clip to split up a large [642]Xinerama screen into two more managable smaller screens. This also works to view a sub-region of a single application window if - the [635]-id or [636]-sid options are used. The offset is measured + the [643]-id or [644]-sid options are used. The offset is measured from the upper left corner of the selected window. - Q-102: Does x11vnc support the XRANDR (X Resize, Rotate and + Q-103: Does x11vnc support the XRANDR (X Resize, Rotate and Reflection) extension? Whenever I rotate or resize the screen x11vnc just seems to crash. As of Dec/2004 x11vnc supports XRANDR. You enable it with the - [637]-xrandr option to make x11vnc monitor XRANDR events and also trap + [645]-xrandr option to make x11vnc monitor XRANDR events and also trap X server errors if the screen change occurred in the middle of an X call like XGetImage. Once it traps the screen change it will create a new framebuffer using the new screen. @@ -7306,9 +7464,9 @@ then the viewer will automatically resize. Otherwise, the new framebuffer is fit as best as possible into the original viewer size (portions of the screen may be clipped, unused, etc.) For these - viewers you can try the [638]-padgeom option to make the region big + viewers you can try the [646]-padgeom option to make the region big enough to hold all resizes and rotations. We have fixed this problem - for the TightVNC Viewer on Unix: [639]SSVNC + for the TightVNC Viewer on Unix: [647]SSVNC If you specify "-xrandr newfbsize" then vnc viewers that do not support NewFBSize will be disconnected before the resize. If you @@ -7316,36 +7474,36 @@ terminate. - Q-103: Independent of any XRANDR, can I have x11vnc rotate and/or + Q-104: Independent of any XRANDR, can I have x11vnc rotate and/or reflect the screen that the VNC viewers see? (e.g. for a handheld whose screen is rotated 90 degrees.) - As of Jul/2006 there is the [640]-rotate option allow this. E.g's: + As of Jul/2006 there is the [648]-rotate option allow this. E.g's: "-rotate +90", "-rotate -90", "-rotate x", etc. - Q-104: Why is the view in my VNC viewer completely black? Or why is + Q-105: Why is the view in my VNC viewer completely black? Or why is everything flashing around randomly? See the next FAQ for a possible explanation. - Q-105: I use Linux Virtual Consoles (VC's) to implement 'Fast User + Q-106: I use Linux Virtual Terminals (VT's) to implement 'Fast User Switching' between users' sessions (e.g. Betty is on Ctrl-Alt-F7, Bobby is on Ctrl-Alt-F8, and Sid is on Ctrl-Alt-F1: they use those keystrokes to switch between their sessions.) How come the view in a VNC viewer connecting to x11vnc is either completely black or otherwise all messed up unless the X session x11vnc is attached to is - in the active VC? + in the active VT? This seems to have to do with how applications (the X server processes - in this case) must "play nicely" if they are not on the active VC - (sometimes called VT for virtual terminal.) That is, they should not + in this case) must "play nicely" if they are not on the active VT + (sometimes called VC for virtual console.) That is, they should not read from the keyboard or mouse or manage the video display unless - they have the active VC. Given that it appears the XGetImage() call + they have the active VT. Given that it appears the XGetImage() call must ultimately retrieve the framebuffer data from the video hardware itself, it would make sense x11vnc's polling wouldn't work unless the - X session had active control of the VC. + X session had active control of the VT. There does not seem to be an easy way to work around this. Even xwd(1) doesn't work in this case (try it.) Something would need to be done at @@ -7354,12 +7512,12 @@ memory) does not appear to fix the problem. If no one is sitting at the workstation and you just want to remotely - switch the VC over to the one associated with your X session (so + switch the VT over to the one associated with your X session (so x11vnc can poll it correctly), one can use the chvt(1) command, e.g. - "chvt 7" for VC #7. + "chvt 7" for VT #7. - Q-106: I am using x11vnc where my local machine has "popup/hidden + Q-107: I am using x11vnc where my local machine has "popup/hidden taskbars" and the remote display where x11vnc runs also has "popup/hidden taskbars" and they interfere and fight with each other. What can I do? @@ -7374,7 +7532,7 @@ click on the task bar panel, and uncheck "enable auto-hide" from the panel properties dialog box. This will make the panel always visible. - Q-107: Help! x11vnc and my KDE screensaver keep switching each other + Q-108: Help! x11vnc and my KDE screensaver keep switching each other on and off every few seconds. This is a new (Jul/2006) problem seen, say, on the version of KDE that @@ -7385,13 +7543,13 @@ This may be a bug in kdesktop_lock. For now the only workaround is to disable the screensaver. You can try using another one such as - straight xscreensaver (see the instructions [641]here for how to + straight xscreensaver (see the instructions [649]here for how to disable kdesktop_lock.) If you have more info on this or see it outside of KDE please let us know. Update: It appears this is due to kdesktop_lock enabling the screen saver when the Monitor is in DPMS low-power state (e.g. standby, - suspend, or off.) In Nov/2006 the x11vnc [642]-nodpms option was added + suspend, or off.) In Nov/2006 the x11vnc [650]-nodpms option was added as a workaround. Normally it is a good thing that the monitor powers down (since x11vnc can still poll the framebuffer in this state), but if you experience the kdesktop_lock problem you can specify the @@ -7401,22 +7559,22 @@ disable the screensaver.) Feel free to file a bug against kdesktop_lock with KDE. - Q-108: I am running the beryl 3D window manager (or compiz, MythTv, + Q-109: I am running the beryl 3D window manager (or compiz, MythTv, Google Earth, or some other OpenGL app) and I do not get screen updates in x11vnc. This appears to be because the 3D OpenGL/GLX hardware screen updates do not get reported via the XDAMAGE mechanism. So this is a bug in - [643]beryl/compiz or XDAMAGE/Xorg or the (possibly 3rd party) video + [651]beryl/compiz or XDAMAGE/Xorg or the (possibly 3rd party) video card driver. - As a workaround apply the [644]-noxdamage option. As of Feb/2007 + As a workaround apply the [652]-noxdamage option. As of Feb/2007 x11vnc will try to autodetect the problem and disable XDAMAGE if is appears to be missing a lot of updates. But if you know you are using - beryl you might as well always supply -noxdamage. Thanks to [645]this + beryl you might as well always supply -noxdamage. Thanks to [653]this user who reported the problem and discovered the workaround. - A developer for [646]MiniMyth reports that the 'alphapulse' tag of the + A developer for [654]MiniMyth reports that the 'alphapulse' tag of the theme G.A.N.T. can also cause problems, and should be avoided when using VNC. @@ -7425,7 +7583,7 @@ responsiveness (especially for typing) and also leads to unnecessary CPU and memory I/O load due to the extra polling. - Q-109: Can I use x11vnc to view my VMWare session remotely? + Q-110: Can I use x11vnc to view my VMWare session remotely? Yes, since VMWare usually runs as an X application you can view it via x11vnc in the normal way. @@ -7436,9 +7594,9 @@ * Fullscreen mode The way VMWare does Fullscreen mode on Linux is to display the Guest - desktop in a separate Virtual Console (e.g. VC 8) (see [647]this FAQ - on VC's for background.) Unfortunately, this Fullscreen VC is not an X - server. So x11vnc cannot access it (however, [648]see this discussion + desktop in a separate Virtual Terminal (e.g. VT 8) (see [655]this FAQ + on VT's for background.) Unfortunately, this Fullscreen VT is not an X + server. So x11vnc cannot access it (however, [656]see this discussion of -rawfb for a possible workaround.) x11vnc works fine with "Normal X application window" and "Quick-Switch mode" because these use X. @@ -7446,7 +7604,7 @@ x11vnc access does work. One user reports he left his machine with VMWare in the Fullscreen - mode, and even though his X session wasn't in the active VC, he could + mode, and even though his X session wasn't in the active VT, he could still connect x11vnc to the X session and pass the keystrokes Ctrl-Alt (typing "blind") to the VMWare X app. This induced VMWare to switch out of Fullscreen into Normal X mode and he could continue working in @@ -7459,14 +7617,14 @@ improve response. One can also cut the display depth (e.g. to 16bpp) in this 2nd X session to improve video performance. This 2nd X session emulates Fullscreen mode to some degree and can be viewed via x11vnc - as long as the VMWare X session [649]is in the active VC. + as long as the VMWare X session [657]is in the active VT. Also note that with a little bit of playing with "xwininfo -all -children" output one can extract the (non-toplevel) window-id of the of the Guest desktop only when VMWare is running as a normal X application. Then one can export just the guest desktop (i.e. without - the VMWare menu buttons) by use of the [650]-id windowid option. The - caveats are the X session VMWare is in must be in the active VC and + the VMWare menu buttons) by use of the [658]-id windowid option. The + caveats are the X session VMWare is in must be in the active VT and the window must be fully visible, so this mode is not terribly convenient, but could be useful in some circumstances (e.g. running VMWare on a very powerful server machine in a server room that happens @@ -7477,14 +7635,14 @@ [Exporting non-X11 devices via VNC] - Q-110: Can non-X devices (e.g. a raw framebuffer) be viewed (and even + Q-111: Can non-X devices (e.g. a raw framebuffer) be viewed (and even controlled) via VNC with x11vnc? As of Apr/2005 there is support for this. Two options were added: - "[651]-rawfb string" (to indicate the raw frame buffer device, file, - etc. and its parameters) and "[652]-pipeinput command" (to provide an + "[659]-rawfb string" (to indicate the raw frame buffer device, file, + etc. and its parameters) and "[660]-pipeinput command" (to provide an external program that will inject or otherwise process mouse and - keystroke input.) Some useful [653]-pipeinput schemes, VID, CONSOLE, + keystroke input.) Some useful [661]-pipeinput schemes, VID, CONSOLE, and UINPUT, have since been built into x11vnc for convenience. This non-X mode for x11vnc is somewhat experimental because it is so @@ -7524,9 +7682,9 @@ access method.) Only use file if map isn't working. BTW, "mmap" is an alias for "map" and if you do not supply a type and the file exists, map is assumed (see the -help output and below for some exceptions to - this.) The "snap:" setting applies the [654]-snapfb option with + this.) The "snap:" setting applies the [662]-snapfb option with "file:" type reading (this is useful for exporting webcams or TV tuner - video; see [655]the next FAQ for more info.) + video; see [663]the next FAQ for more info.) Also, if the string is of the form "setup:cmd" then cmd is run and the first line of its output retrieved and used as the rawfb string. This @@ -7553,10 +7711,10 @@ viewable.) In general some guessing may be required, especially for the bpp. Update: in "-rawfb console" mode x11vnc will use the linuxfb API to try to guess (it is still not always accurate.) Also try - "-rawfb vtN" for the N-th Linux text console (aka virtual terminal.) - If the number of Bytes Per Line is not WxHxB/8 (i.e. the framebuffer - lines are padded) you can specify this information after WxHxB via - "-BPL", e.g. @800x600x16-2048 + "-rawfb vtN" (on x11vnc 0.9.7 and later) for the N-th Linux text + console (aka virtual terminal.) If the number of Bytes Per Line is not + WxHxB/8 (i.e. the framebuffer lines are padded) you can specify this + information after WxHxB via "-BPL", e.g. @800x600x16-2048 Based on the bpp x11vnc will try to guess the red, green, and blue masks (these indicate which bits correspond to each color.) It if gets @@ -7571,7 +7729,7 @@ screen to either shm or a mapped file. The format of these is XWD and so the initial header should be skipped. BTW, since XWD is not strictly RGB the view will only be approximate, but usable. Of course - for the case of Xvfb x11vnc can poll it much better via the [656]X + for the case of Xvfb x11vnc can poll it much better via the [664]X API, but you get the idea. By default in -rawfb mode x11vnc will actually close any X display it @@ -7602,13 +7760,13 @@ tty1-tty6), or X graphical display (usually starting at tty7.) In addition to the text console other graphical ones may be viewed and interacted with as well, e.g. DirectFB or SVGAlib apps, VMWare non-X - fullscreen, or [657]Qt-embedded apps (PDAs/Handhelds.) By default the + fullscreen, or [665]Qt-embedded apps (PDAs/Handhelds.) By default the pipeinput mechanisms UINPUT and CONSOLE (keystrokes only) are automatically attempted in this mode under "-rawfb console". The Video4Linux Capture device, /dev/video0, etc is either a Webcam or a TV capture device and needs to have its driver enabled in the - kernel. See [658]this FAQ for details. If specified via "-rawfb Video" + kernel. See [666]this FAQ for details. If specified via "-rawfb Video" then the pipeinput method "VID" is applied (it lets you change video parameters dynamically via keystrokes.) @@ -7616,10 +7774,10 @@ also useful in testing. - All of the above [659]-rawfb options are just for viewing the raw + All of the above [667]-rawfb options are just for viewing the raw framebuffer (although some of the aliases do imply keystroke and mouse pipeinput methods.) That may be enough for certain applications of - this feature (e.g. suppose a [660]video camera mapped its framebuffer + this feature (e.g. suppose a [668]video camera mapped its framebuffer into memory and you just wanted to look at it via VNC.) To handle the pointer and keyboard input from the viewer users the "-pipeinput cmd" option was added to indicate a helper program to @@ -7657,14 +7815,14 @@ keystrokes into the Linux console (e.g. the virtual consoles: /dev/tty1, /dev/tty2, etc) in x11vnc/misc/vcinject.pl. It is based on the vncterm/LinuxVNC.c program also in the libvncserver CVS. So to - view and interact with VC #2 (assuming it is the [661]active VC) one + view and interact with VT #2 (assuming it is the [669]active VT) one can run something like: x11vnc -rawfb map:/dev/fb0@1024x768x16 -pipeinput './vcinject.pl 2' This assumes your Linux framebuffer device (/dev/fb0) is properly configured. See fbset(8) and other documentation. Try "file:/dev/fb0@WxHxB" as a last resort. Starting with x11vnc 0.8.1, - the above VC injection is built in, as well as WxHxB determination. + the above VT injection is built in, as well as WxHxB determination. Just use something like: x11vnc -rawfb console @@ -7712,7 +7870,7 @@ better to use the more accurate and faster LinuxVNC program. The advantage x11vnc -rawfb might have is that it can allow interaction with a non-text application, e.g. one based on SVGAlib or - [662]Qt-embedded Also, for example the [663]VMWare Fullscreen mode is + [670]Qt-embedded Also, for example the [671]VMWare Fullscreen mode is actually viewable under -rawfb and can be interacted with if uinput is enabled. @@ -7729,7 +7887,7 @@ program that passes the framebuffer to libvncserver. - Q-111: Can I export the Linux Console (Virtual Terminals) via VNC + Q-112: Can I export the Linux Console (Virtual Terminals) via VNC using x11vnc? Yes, you may need to be root to access the devices that make up the @@ -7759,7 +7917,8 @@ Another mode is specific to the Linux text Virtual Terminals, it shows their text and colors (but no graphics) regardless of whether it is - the active VT or not. Enable this mode like this: + the active VT or not. It is available on x11vnc 0.9.7 and later. + Enable this mode like this: x11vnc -rawfb vt x11vnc -rawfb vt2 @@ -7773,12 +7932,12 @@ startx (or similar, e.g. gdm) in the virtual terminal. A 2nd x11vnc could be used to see if the X server is now working correctly. - Q-112: Can I export via VNC a Webcam or TV tuner framebuffer using + Q-113: Can I export via VNC a Webcam or TV tuner framebuffer using x11vnc? - Yes, this is possible to some degree with the [664]-rawfb option. + Yes, this is possible to some degree with the [672]-rawfb option. There is no X11 involved: snapshots from the video capture device are - used for the screen image data. See the [665]previous FAQ on -rawfb + used for the screen image data. See the [673]previous FAQ on -rawfb for background. For best results, use x11vnc version 0.8.1 or later. Roughly, one would do something like this: @@ -7790,7 +7949,7 @@ snapshot to a file that you point -rawfb to; ask me if it is not clear what to do.) - The "snap:" enforces [666]-snapfb mode which appears to be necessary. + The "snap:" enforces [674]-snapfb mode which appears to be necessary. The read pointer for video capture devices cannot be repositioned (which would be needed for scanline polling), but you can read a full frame of data from the device. @@ -7812,7 +7971,7 @@ Many video4linux drivers tend to set the framebuffer to be 24bpp (as opposed to 32bpp.) Since this can cause problems with VNC viewers, - etc, the [667]-24to32 option will be automatically imposed when in + etc, the [675]-24to32 option will be automatically imposed when in 24bpp. Note that by its very nature, video capture involves rapid change in @@ -7820,7 +7979,7 @@ wavering in brightness is always happening. This can lead to much network bandwidth consumption for the VNC traffic and also local CPU and I/O resource usage. You may want to experiment with "dialing down" - the framerate via the [668]-wait, [669]-slow_fb, or [670]-defer + the framerate via the [676]-wait, [677]-slow_fb, or [678]-defer options. Decreasing the window size and bpp also helps. @@ -7909,16 +8068,16 @@ format to HI240, RGB565, RGB24, RGB32, RGB555, and GREY respectively. See -rawfb video for details. - See also the [671]-freqtab option to supply your own xawtv channel to + See also the [679]-freqtab option to supply your own xawtv channel to frequency mappings for your country (only ntsc-cable-us is built into x11vnc.) - Q-113: Can I connect via VNC to a Qt-embedded/Qtopia application + Q-114: Can I connect via VNC to a Qt-embedded/Qtopia application running on my handheld or PC using the Linux console framebuffer (i.e. not X11)? - Yes, the basic method for this is the [672]-rawfb scheme where the + Yes, the basic method for this is the [680]-rawfb scheme where the Linux console framebuffer (usually /dev/fb0) is polled and the uinput driver is used to inject keystrokes and mouse input. Often you will just have to type: @@ -7931,7 +8090,7 @@ x11vnc -rawfb /dev/fb0@640x480x16 Also, to force usage of the uinput injection method use "-pipeinput - UINPUT". See the [673]-pipeinput description for tunable parameters, + UINPUT". See the [681]-pipeinput description for tunable parameters, etc. One problem with the x11vnc uinput scheme is that it cannot guess the @@ -7947,7 +8106,7 @@ Even with the correct acceleration setting there is still some drift (probably because of the mouse threshold where the acceleration kicks in) and so x11vnc needs to reposition the cursor from 0,0 about 5 - times a second. See the [674]-pipeinput UINPUT option for tuning + times a second. See the [682]-pipeinput UINPUT option for tuning parameters that can be set (there are some experimental thresh=N tuning parameters as well) @@ -7979,10 +8138,10 @@ not work. - Q-114: Now that non-X11 devices can be exported via VNC using x11vnc, + Q-115: Now that non-X11 devices can be exported via VNC using x11vnc, can I build it with no dependencies on X11 header files and libraries? - Yes, as of Jul/2006 x11vnc enables building for [675]-rawfb only + Yes, as of Jul/2006 x11vnc enables building for [683]-rawfb only support. Just do something like when building: ./configure --without-x (plus any other flags) make @@ -7993,16 +8152,16 @@ know what you did. - Q-115: Does x11vnc support Mac OS X Aqua/Quartz displays natively + Q-116: Does x11vnc support Mac OS X Aqua/Quartz displays natively (i.e. no X11 involved)? Yes, since Nov/2006 in the development tree (x11vnc-0.8.4 tarball) there is support for native Mac OS X Aqua/Quartz displays using the - [676]-rawfb mechanism described above. The mouse and keyboard input is + [684]-rawfb mechanism described above. The mouse and keyboard input is achieved via Mac OS X API's. - So you can use x11vnc as an alternative to [677]OSXvnc (aka Vine - Server), or [678]Apple Remote Desktop (ARD). Perhaps there is some + So you can use x11vnc as an alternative to [685]OSXvnc (aka Vine + Server), or [686]Apple Remote Desktop (ARD). Perhaps there is some x11vnc feature you'd like to use on Mac OS X, etc. For a number of activities (e.g. window drags) it seems to be faster than OSXvnc. @@ -8012,7 +8171,7 @@ (XDarwin) running on Mac OS X (people often install this software to display remote X11 apps on their Mac OS X system, or use some old favorites locally such as xterm.) However in this case x11vnc will - only work reasonably in single window [679]-id windowid mode (and the + only work reasonably in single window [687]-id windowid mode (and the window may need to have mouse focus.) If you do not have the DISPLAY env. variable set, x11vnc will assume @@ -8030,9 +8189,9 @@ ./configure --without-x make - Win2VNC/x2vnc: One handy use is to use the [680]-nofb mode to + Win2VNC/x2vnc: One handy use is to use the [688]-nofb mode to redirect mouse and keyboard input to a nearby Mac (i.e. one to the - side of your desk) via [681]x2vnc or Win2VNC. See [682]this FAQ for + side of your desk) via [689]x2vnc or Win2VNC. See [690]this FAQ for more info. Options: Here are the Mac OS X specific x11vnc options: @@ -8102,17 +8261,17 @@ command for you.) Then once you are connected via VNC, iconify the Terminal windows (you can't delete them since that will kill x11vnc.) - Q-116: Can x11vnc be used as a VNC reflector/repeater to improve + Q-117: Can x11vnc be used as a VNC reflector/repeater to improve performance for the case of a large number of simultaneous VNC viewers (e.g. classroom broadcasting or a large demo)? - Yes, as of Feb/2007 there is the "[683]-reflect host:N" option to + Yes, as of Feb/2007 there is the "[691]-reflect host:N" option to connect to the VNC server "host:N" (either another x11vnc or any other VNC server) and re-export it. VNC viewers then connect to the x11vnc(s) running -reflect. The -reflect option is the same as: "-rawfb vnc:host:N". See the - [684]-rawfb description under "VNC HOST" for more details. + [692]-rawfb description under "VNC HOST" for more details. You can replace "host:N" with "listen" or "listen:port" for reverse connections. @@ -8173,18 +8332,18 @@ re-exports via VNC to its clients C.) However, CopyRect and CursorShape encodings are preserved in the reflection and that helps. Dragging windows with the mouse can be a problem (especially if S is - not doing wireframing somehow, consider [685]-nodragging if the + not doing wireframing somehow, consider [693]-nodragging if the problem is severe) For a really fast reflector/repeater it would have to be implemented from scratch with performance in mind. See these other projects: - [686]http://sourceforge.net/projects/vnc-reflector/, - [687]http://www.tightvnc.com/projector/ (closed source?), + [694]http://sourceforge.net/projects/vnc-reflector/, + [695]http://www.tightvnc.com/projector/ (closed source?), Automation via Reverse Connections: Instead of having the R's connect directly to S and then the C's connect directly to the R they should use, some convenience can be achieved by using reverse - connections (the x11vnc "[688]"-connect host1,host2,..." option.) + connections (the x11vnc "[696]"-connect host1,host2,..." option.) Suppose all the clients "C" are started up in Listen mode: client1> vncviewer -listen client2> vncviewer -listen @@ -8211,7 +8370,7 @@ us know what you did. A really nice thing would be some sort of auto-discovery of your repeater, etc... - Q-117: Can x11vnc be used during a Linux, Solaris, etc. system + Q-118: Can x11vnc be used during a Linux, Solaris, etc. system Installation so the Installation can be done remotely? This can be done, but it doesn't always work because it depends on how @@ -8243,7 +8402,7 @@ If the Solaris install is an older X-based one, there will be a menu for you to get a terminal window. From that window you might be able to retrieve x11vnc.static via wget, scp, or ftp. Remember to do "chmod - 755 ./x11vnc.static" and then find the -auth file as in [689]this FAQ. + 755 ./x11vnc.static" and then find the -auth file as in [697]this FAQ. If it is a Linux install that uses an X server (e.g. SuSE and probably Fedora), then you can often get a shell by pressing Ctrl-Alt-F2 or @@ -8252,7 +8411,7 @@ wget http://192.168.0.22/x11vnc.static chmod 755 ./x11vnc.static - Find the name of the auth file as in [690]this FAQ. (maybe run "ps + Find the name of the auth file as in [698]this FAQ. (maybe run "ps wwwwaux | grep auth".) Then run it like this: ./x11vnc.static -forever -nopw -display :0 -auth /tmp/wherever/the/authfile @@ -8261,7 +8420,7 @@ the display being :1, etc. If there is a firewall blocking incoming connections during the - install, use the [691]"-connect hostname" option option for a reverse + install, use the [699]"-connect hostname" option option for a reverse connection to the hostname running the VNC viewer in listen mode. Debian based installs are either console-text or console-framebuffer @@ -8304,36 +8463,73 @@ [Misc: Clipboard, File Transfer/Sharing, Printing, Sound, Beeps, Thanks, etc.] - Q-118: Does the Clipboard/Selection get transferred between the + Q-119: Does the Clipboard/Selection get transferred between the vncviewer and the X display? - As of Jan/2004 x11vnc supports the "CutText" part of the rfb protocol. - Furthermore, x11vnc is able to hold the PRIMARY and CLIPBOARD - selection (Xvnc does not seem to do this.) If you don't want the - Clipboard/Selection exchanged use the [692]-nosel option. If you don't - want the PRIMARY selection to be polled for changes use the - [693]-noprimary option. (with a similar thing for CLIPBOARD.) You can - also fine-tune it a bit with the [694]-seldir dir option and also - [695]-input. + As of Jan/2004 x11vnc supports the "CutText" part of the RFB (aka VNC) + protocol. When text is selected/copied in the X session that x11vnc is + polling it will be sent to connected VNC viewers. And when CutText is + received from a VNC viewer then x11vnc will set the X11 selections + PRIMARY, CLIPBOARD, and CUTBUFFER0 to it. x11vnc is able to hold the + PRIMARY and CLIPBOARD selections (Xvnc does not seem to do this.) + + The X11 selections can be confusing, especially to those coming from + Windows or MacOSX where there is just a single 'Clipboard'. The X11 + CLIPBOARD selection is a lot like that of Windows and MacOSX, e.g. + highlighted text is sent to the clipboard when the user activates + "Edit -> Copy" or presses "Control+C" (and pasting it via "Edit -> + Paste" or "Control+V".) The X11 PRIMARY selection has been described + as 'for power users' or 'an Easter Egg'. As soon as text is + highlighted it is set to the PRIMARY selection and so it is + immediately ready for pasting, usually via the Middle Mouse Button or + "Shift+Insert". See [700]this jwz link for more information. + + x11vnc's default behavior is to watch both CLIPBOARD and PRIMARY and + whenever one of them changes, it sends the new text to connected + viewers. Note that since the RFB protocol only has a single "CutText" + then both selections are "merged" to some degree (and this can lead to + confusing results.) One user was confused why x11vnc was "forgetting" + his CLIPBOARD selection and the reason was he also changed PRIMARY + some time after he copied text to the clipboard. Usually an app will + set PRIMARY as soon as any text is highlighted so it easy to see how + CLIPBOARD was forgotten. Use the -noprimary described below as a + workaround. Similarly, by default when x11vnc receives CutText it sets + both CLIPBOARD and PRIMARY to it (this is probably less confusing, but + could possibly lead to some failure modes as well.) + + You may not like these defaults. Here are ways to change the behavior: + * If you don't want the Clipboard/Selection exchanged at all use the + [701]-nosel option. + * If you want changes in PRIMARY to be ignored use the + [702]-noprimary option. + * If you want changes in CLIPBOARD to be ignored use the + [703]-noclipboard option. + * If you don't want x11vnc to set PRIMARY to the "CutText" received + from viewers use the [704]-nosetprimary option. + * If you don't want x11vnc to set CLIPBOARD to the "CutText" + received from viewers use the [705]-nosetclipboard option. + + You can also fine-tune it a bit with the [706]-seldir dir option and + also [707]-input. You may need to watch out for desktop utilities such as KDE's "Klipper" that do odd things with the selection, clipboard, and cutbuffers. - Q-119: Can I use x11vnc to record a Shock Wave Flash (or other format) + Q-120: Can I use x11vnc to record a Shock Wave Flash (or other format) video of my desktop, e.g. to record a tutorial or demo? Yes, it is possible with a number of tools that record VNC and transform it to swf format or others. One such popular tool is - [696]pyvnc2swf. There are a number of [697]tutorials (broken link?) on + [708]pyvnc2swf. There are a number of [709]tutorials (broken link?) on how to do this. Another option is to use the vnc2mpg that comes in the LibVNCServer package. An important thing to remember when doing this is that tuning parameters should be applied to x11vnc to speed up its polling for this sort of application, e.g. "-wait 10 -defer 10". - Q-120: Can I transfer files back and forth with x11vnc? + Q-121: Can I transfer files back and forth with x11vnc? As of Oct/2005 and May/2006 x11vnc enables, respectively, the TightVNC and UltraVNC file transfer implementations that were added to @@ -8341,11 +8537,11 @@ (and Windows viewers only support filetransfer it appears... but they do work to some degree under Wine on Linux.) - The [698]SSVNC Unix VNC viewer supports UltraVNC file transfer by use + The [710]SSVNC Unix VNC viewer supports UltraVNC file transfer by use of a Java helper program. TightVNC file transfer is off by default, if you want to enable it use - the [699]-tightfilexfer option. + the [711]-tightfilexfer option. UltraVNC file transfer is off by default, to enable it use something like "-rfbversion 3.6 -permitfiletransfer" @@ -8368,7 +8564,7 @@ IMPORTANT: please understand if -ultrafilexfer or -tightfilexfer is specified and you run x11vnc as root for, say, inetd or display manager (gdm, kdm, ...) access and you do not have it switch users via - the [700]-users option, then VNC Viewers that connect are able to do + the [712]-users option, then VNC Viewers that connect are able to do filetransfer reads and writes as *root*. The UltraVNC and TightVNC settings can be toggled on and off inside @@ -8381,13 +8577,13 @@ control you will probably be foiled by the "-rfbversion 3.6" issue. - Q-121: Which UltraVNC extensions are supported? + Q-122: Which UltraVNC extensions are supported? Some of them are supported. To get UltraVNC Viewers to attempt to use these extensions you will need to supply this option to x11vnc: -rfbversion 3.6 - Or use [701]-ultrafilexfer which is an alias for the above option and + Or use [713]-ultrafilexfer which is an alias for the above option and "-permitfiletransfer". UltraVNC evidently treats any other RFB version number as non-UltraVNC. @@ -8399,30 +8595,31 @@ * 1/n Server Scaling * rfbEncodingUltra compression encoding - The [702]SSVNC Unix VNC viewer supports these UltraVNC extensions. + The [714]SSVNC Unix VNC viewer supports these UltraVNC extensions. - To disable SingleWindow and ServerInput use [703]-noultraext (the + To disable SingleWindow and ServerInput use [715]-noultraext (the others are managed by LibVNCServer.) See this option too: - [704]-noserverdpms. + [716]-noserverdpms. - Also, the [705]UltraVNC repeater proxy is supported for use with - reverse connections: "[706]-connect repeater://host:port+ID:NNNN". Use + Also, the [717]UltraVNC repeater proxy is supported for use with + reverse connections: "[718]-connect repeater://host:port+ID:NNNN". Use it for both plaintext and SSL connections. This mode can send any string before switching to the VNC protocol, and so could be used with - other proxy/gateway tools. + other proxy/gateway tools. Also, a perl repeater implemention is here: + [719]ultravnc_repeater.pl - Q-122: Can x11vnc emulate UltraVNC's Single Click helpdesk mode for + Q-123: Can x11vnc emulate UltraVNC's Single Click helpdesk mode for Unix? I.e. something very simple for a naive user to initiate a reverse vnc connection from their Unix desktop to a helpdesk operator's VNC Viewer. - Yes, UltraVNC's [707]Single Click (SC) mode can be emulated fairly + Yes, UltraVNC's [720]Single Click (SC) mode can be emulated fairly well on Unix. We use the term "helpdesk" below, but it could be any sort of remote assistance you want to set up, e.g. something for Unix-using friends - or family to use. This includes [708]Mac OS X. + or family to use. This includes [721]Mac OS X. Assume you create a helpdesk directory "hd" on your website: http://www.mysite.com/hd (any website that you can upload files to @@ -8478,7 +8675,7 @@ So I guess this is about 3-4 clicks (start a terminal and paste) and pressing "Enter" instead of "single click"... - See [709]this page for some variations on this method, e.g. how to add + See [722]this page for some variations on this method, e.g. how to add a password, SSL Certificates, etc. @@ -8490,11 +8687,11 @@ A bit of obscurity security could be put in with a -passwd, -rfbauth options, etc. (note that x11vnc will require a password even for - reverse connections.) More info [710]here. + reverse connections.) More info [723]here. Firewalls: If the helpdesk (you) with the vncviewer is behind a - NAT/Firewall/Router the [711]router will have to be configured to + NAT/Firewall/Router the [724]router will have to be configured to redirect a port (i.e. 5500 or maybe different one if you like) to the vncviewer machine. If the vncviewer machine also has its own host-level firewall, you will have to open up the port there as well. @@ -8504,7 +8701,7 @@ configuring a router to do a port redirection (i.e. on your side, the HelpDesk.) To avoid modifying either firewall/router, one would need some public (IP address reachable on the internet) redirection/proxy - service. Perhaps such a thing exists. [712]http://sc.uvnc.com provides + service. Perhaps such a thing exists. [725]http://sc.uvnc.com provides this service for their UltraVNC Single Click users. @@ -8540,7 +8737,7 @@ As of Apr/2007 x11vnc supports reverse connections in SSL and so we can do this. On the Helpdesk side (Viewer) you will need STUNNEL or - better use the [713]Enhanced TightVNC Viewer (SSVNC) package we + better use the [726]Enhanced TightVNC Viewer (SSVNC) package we provide that automates all of the SSL for you. To do this create a file named "vncs" in the website "hd" directory @@ -8570,11 +8767,11 @@ with the hostnames or IP addresses customized to your case. - The only change from the "vnc" above is the addition of the [714]-ssl + The only change from the "vnc" above is the addition of the [727]-ssl option to x11vnc. This will create a temporary SSL cert: openssl(1) will need to be installed on the user's end. A fixed SSL cert file could be used to avoid this (and provide some authentication; more - info [715]here.) + info [728]here.) The naive user will be doing this: wget -qO - http://www.mysite.com/hd/vncs | sh - @@ -8583,7 +8780,7 @@ But before that, the helpdesk operator needs to have "vncviewer -listen" running as before, however he needs an SSL tunnel at his end. - The easiest way to do this is use [716]Enhanced TightVNC Viewer + The easiest way to do this is use [729]Enhanced TightVNC Viewer (SSVNC). Start it, and select Options -> 'Reverse VNC Connection (-listen)'. Then UN-select 'Verify All Certs' (this can be enabled later if you want; you'll need the x11vnc SSL certificate), and click @@ -8613,7 +8810,7 @@ answer the prompts with whatever you want; you can take the default for all of them if you like. The openssl(1) package must be installed. - See [717]this link and [718]this one too for more info on SSL certs. + See [730]this link and [731]this one too for more info on SSL certs. This creates $HOME/.vnc/certs/server-self:mystunnel.pem, then you would change the "stunnel.cfg" to look something like: foreground = yes @@ -8634,7 +8831,7 @@ then all bets are off!. More SSL variations and info about certificates can be found - [719]here. + [732]here. OpenSSL libssl.so.0.9.7 problems: @@ -8644,16 +8841,16 @@ distros are currently a bit of a mess regarding which version of libssl is installed. - You will find the [720]details here. + You will find the [733]details here. - Q-123: Can I (temporarily) mount my local (viewer-side) Windows/Samba + Q-124: Can I (temporarily) mount my local (viewer-side) Windows/Samba File share on the machine where x11vnc is running? You will have to use an external network redirection for this. Filesystem mounting is not part of the VNC protocol. - We show a simple [721]Samba example here. + We show a simple [734]Samba example here. First you will need a tunnel to redirect the SMB requests from the remote machine to the one you sitting at. We use an ssh tunnel: @@ -8693,17 +8890,17 @@ far-away> smbumount /home/fred/smb-haystack-pub At some point we hope to fold some automation for SMB ssh redir setup - into the [722]Enhanced TightVNC Viewer (SSVNC) package we provide (as + into the [735]Enhanced TightVNC Viewer (SSVNC) package we provide (as of Sep 2006 it is there for testing.) - Q-124: Can I redirect CUPS print jobs from the remote desktop where + Q-125: Can I redirect CUPS print jobs from the remote desktop where x11vnc is running to a printer on my local (viewer-side) machine? You will have to use an external network redirection for this. Printing is not part of the VNC protocol. - We show a simple Unix to Unix [723]CUPS example here. Non-CUPS port + We show a simple Unix to Unix [736]CUPS example here. Non-CUPS port redirections (e.g. LPD) should also be possible, but may be a bit more tricky. If you are viewing on Windows SMB and don't have a local cups server it may be trickier still (see below.) @@ -8785,11 +8982,11 @@ "localhost". At some point we hope to fold some automation for CUPS ssh redir setup - into the [724]Enhanced TightVNC Viewer (SSVNC) package we provide (as + into the [737]Enhanced TightVNC Viewer (SSVNC) package we provide (as of Sep 2006 it is there for testing.) - Q-125: How can I hear the sound (audio) from the remote applications + Q-126: How can I hear the sound (audio) from the remote applications on the desktop I am viewing via x11vnc? You will have to use an external network audio mechanism for this. @@ -8886,11 +9083,11 @@ the applications will fail to run because LD_PRELOAD will point to libraries of the wrong wordsize. * At some point we hope to fold some automation for esd or artsd ssh - redir setup into the [725]Enhanced TightVNC Viewer (SSVNC) package + redir setup into the [738]Enhanced TightVNC Viewer (SSVNC) package we provide (as of Sep/2006 it is there for testing.) - Q-126: Why don't I hear the "Beeps" in my X session (e.g. when typing + Q-127: Why don't I hear the "Beeps" in my X session (e.g. when typing tput bel in an xterm)? As of Dec/2003 "Beep" XBell events are tracked by default. The X @@ -8898,14 +9095,14 @@ in Solaris, see Xserver(1) for how to turn it on via +kb), and so you won't hear them if the extension is not present. - If you don't want to hear the beeps use the [726]-nobell option. If + If you don't want to hear the beeps use the [739]-nobell option. If you want to hear the audio from the remote applications, consider - trying a [727]redirector such as esd. + trying a [740]redirector such as esd. - Q-127: Does x11vnc work with IPv6? + Q-128: Does x11vnc work with IPv6? - Currently the only way to do this is via [728]inetd. You configure + Currently the only way to do this is via [741]inetd. You configure x11vnc to be run from inetd or xinetd and instruct it to listen on an IPv6 address. For xinetd the setting "flags = IPv6" will be needed. @@ -8914,7 +9111,7 @@ connection.) Some sort of ipv4-to-ipv6 redirector tool (perhaps even a perl script) could be useful to avoid this. - Also note that not all VNC Viewers are [729]IPv6 enabled, so a + Also note that not all VNC Viewers are [742]IPv6 enabled, so a redirector could even be needed on the client side. @@ -8922,7 +9119,7 @@ Contributions: - Q-128: Thanks for your program and for your help! Can I make a + Q-129: Thanks for your program or for your help! Can I make a donation? Please do (any amount is appreciated; very few have donated) and thank @@ -8951,716 +9148,729 @@ 17. http://www.karlrunge.com/x11vnc/faq.html#faq-tight139 18. http://www.karlrunge.com/x11vnc/faq.html#faq-krdcprob 19. http://www.karlrunge.com/x11vnc/faq.html#faq-tru64-crash - 20. http://www.karlrunge.com/x11vnc/faq.html#faq-build-customizations - 21. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc - 22. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc-8bpp - 23. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx-nofb - 24. http://www.karlrunge.com/x11vnc/faq.html#faq-8bpp - 25. http://www.karlrunge.com/x11vnc/faq.html#faq-overlays - 26. http://www.karlrunge.com/x11vnc/faq.html#faq-directcolor - 27. http://www.karlrunge.com/x11vnc/faq.html#faq-windowid - 28. http://www.karlrunge.com/x11vnc/faq.html#faq-transients-id - 29. http://www.karlrunge.com/x11vnc/faq.html#faq-24bpp - 30. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm - 31. http://www.karlrunge.com/x11vnc/faq.html#faq-xterminal-xauth - 32. http://www.karlrunge.com/x11vnc/faq.html#faq-sunrays - 33. http://www.karlrunge.com/x11vnc/faq.html#faq-stop-bg - 34. http://www.karlrunge.com/x11vnc/faq.html#faq-remote_control - 35. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd - 36. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd-noecho - 37. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile - 38. http://www.karlrunge.com/x11vnc/faq.html#faq-multipasswd - 39. http://www.karlrunge.com/x11vnc/faq.html#faq-unix-passwords - 40. http://www.karlrunge.com/x11vnc/faq.html#faq-custom-passwords - 41. http://www.karlrunge.com/x11vnc/faq.html#faq-forever-shared - 42. http://www.karlrunge.com/x11vnc/faq.html#faq-allow-opt - 43. http://www.karlrunge.com/x11vnc/faq.html#faq-tcp_wrappers - 44. http://www.karlrunge.com/x11vnc/faq.html#faq-listen-interface - 45. http://www.karlrunge.com/x11vnc/faq.html#faq-listen-localhost - 46. http://www.karlrunge.com/x11vnc/faq.html#faq-input-opt - 47. http://www.karlrunge.com/x11vnc/faq.html#faq-accept-opt - 48. http://www.karlrunge.com/x11vnc/faq.html#faq-users-opt - 49. http://www.karlrunge.com/x11vnc/faq.html#faq-blockdpy - 50. http://www.karlrunge.com/x11vnc/faq.html#faq-gone-lock - 51. http://www.karlrunge.com/x11vnc/faq.html#faq-ssh-unix - 52. http://www.karlrunge.com/x11vnc/faq.html#faq-ssh-putty - 53. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext - 54. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int - 55. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 56. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy - 57. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal - 58. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-ca - 59. http://www.karlrunge.com/x11vnc/faq.html#faq-service - 60. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager - 61. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 62. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi - 63. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin - 64. http://www.karlrunge.com/x11vnc/faq.html#faq-loop - 65. http://www.karlrunge.com/x11vnc/faq.html#faq-java-http - 66. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect - 67. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect-proxy - 68. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb - 69. http://www.karlrunge.com/x11vnc/faq.html#faq-headless - 70. http://www.karlrunge.com/x11vnc/faq.html#faq-solshm - 71. http://www.karlrunge.com/x11vnc/faq.html#faq-less-resource - 72. http://www.karlrunge.com/x11vnc/faq.html#faq-more-resource - 73. http://www.karlrunge.com/x11vnc/faq.html#faq-slow-link - 74. http://www.karlrunge.com/x11vnc/faq.html#faq-xdamage - 75. http://www.karlrunge.com/x11vnc/faq.html#faq-xdamage-opengl - 76. http://www.karlrunge.com/x11vnc/faq.html#faq-pointer-mode - 77. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe - 78. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollcopyrect - 79. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching - 80. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc - 81. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-shape - 82. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha - 83. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks - 84. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-arrow - 85. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-positions - 86. http://www.karlrunge.com/x11vnc/faq.html#faq-buttonmap-opt - 87. http://www.karlrunge.com/x11vnc/faq.html#faq-altgr - 88. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless - 89. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless-sloppy - 90. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak - 91. http://www.karlrunge.com/x11vnc/faq.html#faq-repeated-keys - 92. http://www.karlrunge.com/x11vnc/faq.html#faq-repeated-keys-still - 93. http://www.karlrunge.com/x11vnc/faq.html#faq-mod-stuck-down - 94. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-opt - 95. http://www.karlrunge.com/x11vnc/faq.html#faq-sun-alt-meta - 96. http://www.karlrunge.com/x11vnc/faq.html#faq-hpux-multi-key - 97. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-button-click - 98. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-capslock - 99. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollbars - 100. http://www.karlrunge.com/x11vnc/faq.html#faq-scaling - 101. http://www.karlrunge.com/x11vnc/faq.html#faq-xinerama - 102. http://www.karlrunge.com/x11vnc/faq.html#faq-multi-screen - 103. http://www.karlrunge.com/x11vnc/faq.html#faq-clip-screen - 104. http://www.karlrunge.com/x11vnc/faq.html#faq-xrandr - 105. http://www.karlrunge.com/x11vnc/faq.html#faq-rotate - 106. http://www.karlrunge.com/x11vnc/faq.html#faq-black-screen - 107. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 108. http://www.karlrunge.com/x11vnc/faq.html#faq-hidden-taskbars - 109. http://www.karlrunge.com/x11vnc/faq.html#faq-kde-screensaver - 110. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl - 111. http://www.karlrunge.com/x11vnc/faq.html#faq-vmware - 112. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb - 113. http://www.karlrunge.com/x11vnc/faq.html#faq-linux-vt - 114. http://www.karlrunge.com/x11vnc/faq.html#faq-video - 115. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded - 116. http://www.karlrunge.com/x11vnc/faq.html#faq-no-x11 - 117. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx - 118. http://www.karlrunge.com/x11vnc/faq.html#faq-reflect - 119. http://www.karlrunge.com/x11vnc/faq.html#faq-os-install - 120. http://www.karlrunge.com/x11vnc/faq.html#faq-clipboard - 121. http://www.karlrunge.com/x11vnc/faq.html#faq-record-swf - 122. http://www.karlrunge.com/x11vnc/faq.html#faq-filexfer - 123. http://www.karlrunge.com/x11vnc/faq.html#faq-ultravnc - 124. http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick - 125. http://www.karlrunge.com/x11vnc/faq.html#faq-smb-shares - 126. http://www.karlrunge.com/x11vnc/faq.html#faq-cups - 127. http://www.karlrunge.com/x11vnc/faq.html#faq-sound - 128. http://www.karlrunge.com/x11vnc/faq.html#faq-beeps - 129. http://www.karlrunge.com/x11vnc/faq.html#faq-ipv6 - 130. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks - 131. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display - 132. http://www.tldp.org/HOWTO/Remote-X-Apps.html - 133. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 134. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager - 135. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 136. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 137. http://www.karlrunge.com/x11vnc/index.html#firewalls - 138. http://www.karlrunge.com/x11vnc/miscbuild.html - 139. http://www.karlrunge.com/x11vnc/faq.html#infaq_libssl-problems - 140. http://www.karlrunge.com/x11vnc/index.html#solarisbuilding - 141. http://www.karlrunge.com/x11vnc/x11vnc_sunos4.html - 142. http://www.karlrunge.com/x11vnc/index.html#building - 143. http://www.karlrunge.com/x11vnc/faq.html#faq-build - 144. http://www.linuxpackages.net/search_view.php?by=name&name=x11vnc - 145. http://software.opensuse.org/search?baseproject=openSUSE%3A11.1&p=1&q=x11vnc - 146. http://gentoo-wiki.com/HOWTO_Use_VNC_to_connect_to_existing_X_Sessions - 147. http://gentoo-portage.com/x11-misc/x11vnc - 148. http://www.freebsd.org/cgi/ports.cgi?query=x11vnc&stype=all - 149. http://www.freshports.org/net/x11vnc - 150. http://pkgsrc.se/x11/x11vnc - 151. http://openports.se/x11/x11vnc - 152. http://www.archlinux.org/packages/search/?q=x11vnc - 153. http://mike.saunby.googlepages.com/ - 154. http://www.focv.com/ipkg/ - 155. http://packages.sw.be/x11vnc/ - 156. http://dag.wieers.com/rpm/packages/x11vnc/ - 157. http://packages.debian.org/x11vnc - 158. http://www.sunfreeware.com/ - 159. http://www.karlrunge.com/x11vnc/bins - 160. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir - 161. http://www.tightvnc.com/download.html - 162. http://www.realvnc.com/products/free/4.1/download.html - 163. http://sourceforge.net/projects/cotvnc/ - 164. http://www.ultravnc.com/ - 165. http://www.karlrunge.com/x11vnc/ssvnc.html - 166. http://www.karlrunge.com/x11vnc/x11vnc_opts.html - 167. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui - 168. http://www.karlrunge.com/x11vnc/faq.html#faq-gui-tray - 169. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui + 20. http://www.karlrunge.com/x11vnc/faq.html#faq-aix-freeze + 21. http://www.karlrunge.com/x11vnc/faq.html#faq-build-customizations + 22. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc + 23. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc-8bpp + 24. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx-nofb + 25. http://www.karlrunge.com/x11vnc/faq.html#faq-8bpp + 26. http://www.karlrunge.com/x11vnc/faq.html#faq-overlays + 27. http://www.karlrunge.com/x11vnc/faq.html#faq-directcolor + 28. http://www.karlrunge.com/x11vnc/faq.html#faq-windowid + 29. http://www.karlrunge.com/x11vnc/faq.html#faq-transients-id + 30. http://www.karlrunge.com/x11vnc/faq.html#faq-24bpp + 31. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm + 32. http://www.karlrunge.com/x11vnc/faq.html#faq-xterminal-xauth + 33. http://www.karlrunge.com/x11vnc/faq.html#faq-sunrays + 34. http://www.karlrunge.com/x11vnc/faq.html#faq-stop-bg + 35. http://www.karlrunge.com/x11vnc/faq.html#faq-remote_control + 36. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd + 37. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd-noecho + 38. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile + 39. http://www.karlrunge.com/x11vnc/faq.html#faq-multipasswd + 40. http://www.karlrunge.com/x11vnc/faq.html#faq-unix-passwords + 41. http://www.karlrunge.com/x11vnc/faq.html#faq-custom-passwords + 42. http://www.karlrunge.com/x11vnc/faq.html#faq-forever-shared + 43. http://www.karlrunge.com/x11vnc/faq.html#faq-allow-opt + 44. http://www.karlrunge.com/x11vnc/faq.html#faq-tcp_wrappers + 45. http://www.karlrunge.com/x11vnc/faq.html#faq-listen-interface + 46. http://www.karlrunge.com/x11vnc/faq.html#faq-listen-localhost + 47. http://www.karlrunge.com/x11vnc/faq.html#faq-input-opt + 48. http://www.karlrunge.com/x11vnc/faq.html#faq-accept-opt + 49. http://www.karlrunge.com/x11vnc/faq.html#faq-users-opt + 50. http://www.karlrunge.com/x11vnc/faq.html#faq-blockdpy + 51. http://www.karlrunge.com/x11vnc/faq.html#faq-gone-lock + 52. http://www.karlrunge.com/x11vnc/faq.html#faq-ssh-unix + 53. http://www.karlrunge.com/x11vnc/faq.html#faq-ssh-putty + 54. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext + 55. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int + 56. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers + 57. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy + 58. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal + 59. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-ca + 60. http://www.karlrunge.com/x11vnc/faq.html#faq-service + 61. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager + 62. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd + 63. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi + 64. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin + 65. http://www.karlrunge.com/x11vnc/faq.html#faq-loop + 66. http://www.karlrunge.com/x11vnc/faq.html#faq-java-http + 67. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect + 68. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect-proxy + 69. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb + 70. http://www.karlrunge.com/x11vnc/faq.html#faq-headless + 71. http://www.karlrunge.com/x11vnc/faq.html#faq-solshm + 72. http://www.karlrunge.com/x11vnc/faq.html#faq-less-resource + 73. http://www.karlrunge.com/x11vnc/faq.html#faq-more-resource + 74. http://www.karlrunge.com/x11vnc/faq.html#faq-slow-link + 75. http://www.karlrunge.com/x11vnc/faq.html#faq-xdamage + 76. http://www.karlrunge.com/x11vnc/faq.html#faq-xdamage-opengl + 77. http://www.karlrunge.com/x11vnc/faq.html#faq-pointer-mode + 78. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe + 79. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollcopyrect + 80. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching + 81. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc + 82. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-shape + 83. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha + 84. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks + 85. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-arrow + 86. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-positions + 87. http://www.karlrunge.com/x11vnc/faq.html#faq-buttonmap-opt + 88. http://www.karlrunge.com/x11vnc/faq.html#faq-altgr + 89. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless + 90. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless-sloppy + 91. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak + 92. http://www.karlrunge.com/x11vnc/faq.html#faq-repeated-keys + 93. http://www.karlrunge.com/x11vnc/faq.html#faq-repeated-keys-still + 94. http://www.karlrunge.com/x11vnc/faq.html#faq-mod-stuck-down + 95. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-opt + 96. http://www.karlrunge.com/x11vnc/faq.html#faq-sun-alt-meta + 97. http://www.karlrunge.com/x11vnc/faq.html#faq-hpux-multi-key + 98. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-button-click + 99. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-capslock + 100. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollbars + 101. http://www.karlrunge.com/x11vnc/faq.html#faq-scaling + 102. http://www.karlrunge.com/x11vnc/faq.html#faq-xinerama + 103. http://www.karlrunge.com/x11vnc/faq.html#faq-multi-screen + 104. http://www.karlrunge.com/x11vnc/faq.html#faq-clip-screen + 105. http://www.karlrunge.com/x11vnc/faq.html#faq-xrandr + 106. http://www.karlrunge.com/x11vnc/faq.html#faq-rotate + 107. http://www.karlrunge.com/x11vnc/faq.html#faq-black-screen + 108. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc + 109. http://www.karlrunge.com/x11vnc/faq.html#faq-hidden-taskbars + 110. http://www.karlrunge.com/x11vnc/faq.html#faq-kde-screensaver + 111. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl + 112. http://www.karlrunge.com/x11vnc/faq.html#faq-vmware + 113. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb + 114. http://www.karlrunge.com/x11vnc/faq.html#faq-linux-vt + 115. http://www.karlrunge.com/x11vnc/faq.html#faq-video + 116. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded + 117. http://www.karlrunge.com/x11vnc/faq.html#faq-no-x11 + 118. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx + 119. http://www.karlrunge.com/x11vnc/faq.html#faq-reflect + 120. http://www.karlrunge.com/x11vnc/faq.html#faq-os-install + 121. http://www.karlrunge.com/x11vnc/faq.html#faq-clipboard + 122. http://www.karlrunge.com/x11vnc/faq.html#faq-record-swf + 123. http://www.karlrunge.com/x11vnc/faq.html#faq-filexfer + 124. http://www.karlrunge.com/x11vnc/faq.html#faq-ultravnc + 125. http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick + 126. http://www.karlrunge.com/x11vnc/faq.html#faq-smb-shares + 127. http://www.karlrunge.com/x11vnc/faq.html#faq-cups + 128. http://www.karlrunge.com/x11vnc/faq.html#faq-sound + 129. http://www.karlrunge.com/x11vnc/faq.html#faq-beeps + 130. http://www.karlrunge.com/x11vnc/faq.html#faq-ipv6 + 131. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks + 132. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display + 133. http://www.tldp.org/HOWTO/Remote-X-Apps.html + 134. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth + 135. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager + 136. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 137. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users + 138. http://www.karlrunge.com/x11vnc/index.html#firewalls + 139. http://www.karlrunge.com/x11vnc/miscbuild.html + 140. http://www.karlrunge.com/x11vnc/faq.html#infaq_libssl-problems + 141. http://www.karlrunge.com/x11vnc/index.html#solarisbuilding + 142. http://www.karlrunge.com/x11vnc/x11vnc_sunos4.html + 143. http://www.karlrunge.com/x11vnc/index.html#building + 144. http://www.karlrunge.com/x11vnc/faq.html#faq-build + 145. http://www.linuxpackages.net/search_view.php?by=name&name=x11vnc + 146. http://software.opensuse.org/search?baseproject=openSUSE%3A11.1&p=1&q=x11vnc + 147. http://gentoo-wiki.com/HOWTO_Use_VNC_to_connect_to_existing_X_Sessions + 148. http://gentoo-portage.com/x11-misc/x11vnc + 149. http://www.freebsd.org/cgi/ports.cgi?query=x11vnc&stype=all + 150. http://www.freshports.org/net/x11vnc + 151. http://pkgsrc.se/x11/x11vnc + 152. http://openports.se/x11/x11vnc + 153. http://www.archlinux.org/packages/search/?q=x11vnc + 154. http://mike.saunby.googlepages.com/ + 155. http://www.focv.com/ipkg/ + 156. http://packages.debian.org/x11vnc + 157. http://packages.sw.be/x11vnc/ + 158. http://dag.wieers.com/rpm/packages/x11vnc/ + 159. http://www.sunfreeware.com/ + 160. http://www.karlrunge.com/x11vnc/bins + 161. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir + 162. http://www.tightvnc.com/download.html + 163. http://www.realvnc.com/products/free/4.1/download.html + 164. http://sourceforge.net/projects/cotvnc/ + 165. http://www.ultravnc.com/ + 166. http://www.karlrunge.com/x11vnc/ssvnc.html + 167. http://www.karlrunge.com/x11vnc/x11vnc_opts.html + 168. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui + 169. http://www.karlrunge.com/x11vnc/faq.html#faq-gui-tray 170. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui - 171. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N - 172. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-autoport - 173. http://www.karlrunge.com/x11vnc/index.html#firewalls - 174. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect - 175. http://www.karlrunge.com/x11vnc/index.html#ssl-tunnel - 176. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 177. http://www.karlrunge.com/x11vnc/vncxfer - 178. http://www.karlrunge.com/x11vnc/index.html#firewalls - 179. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect-proxy - 180. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 181. http://www.karlrunge.com/x11vnc/index.html#ssl-tunnel - 182. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssh - 183. http://www.karlrunge.com/x11vnc/ssvnc.html - 184. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-q, - 185. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-bg - 186. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-o - 187. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=389750 - 188. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399408 - 189. http://bugs.kde.org/show_bug.cgi?id=136924 - 190. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxrecord - 191. http://www.karlrunge.com/x11vnc/index.html#solarisbuilding - 192. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nofb - 193. http://fredrik.hubbe.net/x2vnc.html - 194. http://www.hubbe.net/~hubbe/win2vnc.html - 195. http://www.deboer.gmxhome.de/ - 196. http://sourceforge.net/projects/win2vnc/ - 197. http://fredrik.hubbe.net/x2vnc.html - 198. http://freshmeat.net/projects/x2x/ - 199. http://zapek.com/?page_id=26 - 200. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-visual - 201. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx - 202. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-flashcmap - 203. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 - 204. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-notruecolor - 205. http://www.karlrunge.com/x11vnc/faq.html#faq-8bpp - 206. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay - 207. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 - 208. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay - 209. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 - 210. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-flashcmap - 211. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen + 171. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui + 172. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N + 173. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-autoport + 174. http://www.karlrunge.com/x11vnc/index.html#firewalls + 175. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect + 176. http://www.karlrunge.com/x11vnc/ultravnc_repeater.pl + 177. http://www.karlrunge.com/x11vnc/index.html#ssl-tunnel + 178. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 179. http://www.karlrunge.com/x11vnc/vncxfer + 180. http://www.karlrunge.com/x11vnc/index.html#firewalls + 181. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect-proxy + 182. http://www.karlrunge.com/x11vnc/index.html#tunnelling + 183. http://www.karlrunge.com/x11vnc/index.html#ssl-tunnel + 184. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssh + 185. http://www.karlrunge.com/x11vnc/ssvnc.html + 186. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-q, + 187. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-bg + 188. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-o + 189. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=389750 + 190. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399408 + 191. http://bugs.kde.org/show_bug.cgi?id=136924 + 192. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxrecord + 193. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxrecord + 194. http://www.karlrunge.com/x11vnc/index.html#solarisbuilding + 195. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nofb + 196. http://fredrik.hubbe.net/x2vnc.html + 197. http://www.hubbe.net/~hubbe/win2vnc.html + 198. http://www.deboer.gmxhome.de/ + 199. http://sourceforge.net/projects/win2vnc/ + 200. http://fredrik.hubbe.net/x2vnc.html + 201. http://freshmeat.net/projects/x2x/ + 202. http://zapek.com/?page_id=26 + 203. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-visual + 204. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx + 205. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-flashcmap + 206. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 + 207. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-notruecolor + 208. http://www.karlrunge.com/x11vnc/faq.html#faq-8bpp + 209. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay + 210. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 + 211. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay 212. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 - 213. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 214. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 - 215. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay - 216. http://www.karlrunge.com/x11vnc/faq.html#faq-overlays - 217. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 218. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sid - 219. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-24to32 - 220. http://www.karlrunge.com/x11vnc/ssvnc.html - 221. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display - 222. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm - 223. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-flipbyteorder - 224. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 225. http://www.karlrunge.com/x11vnc/faq.html#infaq_xauth_pain - 226. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm - 227. http://www.sun.com/sunray/index.html - 228. http://www.karlrunge.com/x11vnc/sunray.html - 229. http://wiki.sun-rays.org/index.php/Remote_Control_Toolkit - 230. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote - 231. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-query - 232. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forever - 233. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-bg - 234. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_mods - 235. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_keys - 236. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all - 237. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote - 238. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-query - 239. http://www.karlrunge.com/x11vnc/faq.html#faq-config-file - 240. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui - 241. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-storepasswd - 242. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth - 243. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile - 244. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-usepw - 245. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-viewpasswd - 246. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwd - 247. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 248. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth - 249. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 250. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 251. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis - 252. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 253. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 254. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 255. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 256. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 257. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 258. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext - 259. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept - 260. http://www.karlrunge.com/x11vnc/faq.html#faq-accept-opt - 261. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd - 262. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 263. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 264. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd - 265. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 266. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 213. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-flashcmap + 214. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen + 215. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 + 216. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 217. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-appshare + 218. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 + 219. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay + 220. http://www.karlrunge.com/x11vnc/faq.html#faq-overlays + 221. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 222. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sid + 223. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-appshare + 224. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-24to32 + 225. http://www.karlrunge.com/x11vnc/ssvnc.html + 226. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display + 227. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm + 228. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-flipbyteorder + 229. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth + 230. http://www.karlrunge.com/x11vnc/faq.html#infaq_xauth_pain + 231. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm + 232. http://www.sun.com/sunray/index.html + 233. http://www.karlrunge.com/x11vnc/sunray.html + 234. http://wiki.sun-rays.org/index.php/Remote_Control_Toolkit + 235. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote + 236. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-query + 237. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forever + 238. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-bg + 239. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_mods + 240. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_keys + 241. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all + 242. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote + 243. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-query + 244. http://www.karlrunge.com/x11vnc/faq.html#faq-config-file + 245. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui + 246. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-storepasswd + 247. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth + 248. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile + 249. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-usepw + 250. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-viewpasswd + 251. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwd + 252. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 253. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth + 254. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 255. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 256. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis + 257. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 258. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 259. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 260. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 261. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 262. http://www.karlrunge.com/x11vnc/index.html#tunnelling + 263. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext + 264. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept + 265. http://www.karlrunge.com/x11vnc/faq.html#faq-accept-opt + 266. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd 267. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile 268. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 269. http://www.karlrunge.com/x11vnc/faq.html#faq-accept-opt - 270. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forever - 271. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-shared - 272. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 273. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 274. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd - 275. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile - 276. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allow - 277. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 278. http://www.karlrunge.com/x11vnc/faq.html#faq-tcp_wrappers - 279. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 280. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-listen + 269. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd + 270. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 271. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 272. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 273. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 274. http://www.karlrunge.com/x11vnc/faq.html#faq-accept-opt + 275. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forever + 276. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-shared + 277. http://www.karlrunge.com/x11vnc/index.html#tunnelling + 278. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 279. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd + 280. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile 281. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allow 282. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 283. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allow - 284. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 285. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-input - 286. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept - 287. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-viewonly - 288. ftp://ftp.x.org/ - 289. http://www.karlrunge.com/x11vnc/dtVncPopup - 290. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone - 291. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-afteraccept - 292. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 293. http://www.karlrunge.com/x11vnc/blockdpy.c - 294. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept + 283. http://www.karlrunge.com/x11vnc/faq.html#faq-tcp_wrappers + 284. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd + 285. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-listen + 286. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allow + 287. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 288. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allow + 289. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 290. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-input + 291. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept + 292. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-viewonly + 293. ftp://ftp.x.org/ + 294. http://www.karlrunge.com/x11vnc/dtVncPopup 295. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone - 296. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forcedpms - 297. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clientdpms - 298. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabkbd - 299. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabptr - 300. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabptr - 301. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone - 302. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-afteraccept - 303. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 304. http://www.karlrunge.com/x11vnc/ssvnc.html - 305. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 306. http://www.karlrunge.com/x11vnc/ssvnc.html - 307. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 308. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth - 309. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 310. http://www.karlrunge.com/x11vnc/chainingssh.html#gateway_double_ssh - 311. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 312. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 313. http://www.stunnel.org/ - 314. http://stunnel.mirt.net/ - 315. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 316. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 317. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 318. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int - 319. http://www.stunnel.org/ - 320. http://www.karlrunge.com/x11vnc/ssl.html - 321. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 322. http://www.karlrunge.com/x11vnc/ssvnc.html - 323. http://www.karlrunge.com/x11vnc/ssl.html - 324. http://www.securityfocus.com/infocus/1677 + 296. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-afteraccept + 297. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users + 298. http://www.karlrunge.com/x11vnc/blockdpy.c + 299. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept + 300. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone + 301. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forcedpms + 302. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clientdpms + 303. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabkbd + 304. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabptr + 305. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabptr + 306. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone + 307. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-afteraccept + 308. http://www.karlrunge.com/x11vnc/index.html#tunnelling + 309. http://www.karlrunge.com/x11vnc/ssvnc.html + 310. http://www.karlrunge.com/x11vnc/index.html#tunnelling + 311. http://www.karlrunge.com/x11vnc/ssvnc.html + 312. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 313. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth + 314. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 315. http://www.karlrunge.com/x11vnc/chainingssh.html#gateway_double_ssh + 316. http://www.karlrunge.com/x11vnc/index.html#tunnelling + 317. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect + 318. http://www.stunnel.org/ + 319. http://stunnel.mirt.net/ + 320. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 321. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 322. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 323. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int + 324. http://www.stunnel.org/ 325. http://www.karlrunge.com/x11vnc/ssl.html - 326. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-inetd - 327. http://sc.uvnc.com/javaviewer/index.html - 328. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 329. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 330. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir - 331. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http - 332. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 333. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https - 334. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 335. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 336. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 337. http://www.karlrunge.com/x11vnc/ssvnc.html - 338. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext - 339. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 340. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 341. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 342. http://www.openssl.org/ - 343. http://sourceforge.net/projects/vencrypt/ - 344. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt - 345. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls - 346. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 347. http://www.karlrunge.com/x11vnc/faq.html#infaq_ssl-vnc-viewers - 348. http://www.karlrunge.com/x11vnc/ssl.html - 349. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 350. http://www.karlrunge.com/x11vnc/ssl.html - 351. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 352. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 353. http://www.stunnel.org/ - 354. http://www.karlrunge.com/x11vnc/faq.html#infaq_viewer-side-stunnel - 355. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 356. http://www.karlrunge.com/x11vnc/ssvnc.html - 357. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir - 358. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http - 359. http://sc.uvnc.com/javaviewer/index.html - 360. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 361. http://www.karlrunge.com/x11vnc/faq.html#infaq_ssl-router-redir - 362. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https - 363. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal - 364. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy - 365. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal - 366. http://www.karlrunge.com/x11vnc/index.html#firewalls - 367. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir - 368. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport - 369. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpport - 370. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https - 371. http://www.karlrunge.com/x11vnc/ssl-output.html - 372. http://www.karlrunge.com/x11vnc/java_console_direct.html - 373. http://www.karlrunge.com/x11vnc/ssvnc.html - 374. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext - 375. http://www.karlrunge.com/x11vnc/ss_vncviewer - 376. http://www.karlrunge.com/x11vnc/ssl-portal.html - 377. http://www.karlrunge.com/x11vnc/ssl.html + 326. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer + 327. http://www.karlrunge.com/x11vnc/ssvnc.html + 328. http://www.karlrunge.com/x11vnc/ssl.html + 329. http://www.securityfocus.com/infocus/1677 + 330. http://www.karlrunge.com/x11vnc/ssl.html + 331. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-inetd + 332. http://sc.uvnc.com/javaviewer/index.html + 333. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 334. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers + 335. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir + 336. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http + 337. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 338. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https + 339. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 340. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 341. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer + 342. http://www.karlrunge.com/x11vnc/ssvnc.html + 343. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext + 344. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 345. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers + 346. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 347. http://www.openssl.org/ + 348. http://sourceforge.net/projects/vencrypt/ + 349. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt + 350. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls + 351. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers + 352. http://www.karlrunge.com/x11vnc/faq.html#infaq_ssl-vnc-viewers + 353. http://www.karlrunge.com/x11vnc/ssl.html + 354. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer + 355. http://www.karlrunge.com/x11vnc/ssl.html + 356. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 357. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 358. http://www.stunnel.org/ + 359. http://www.karlrunge.com/x11vnc/faq.html#infaq_viewer-side-stunnel + 360. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer + 361. http://www.karlrunge.com/x11vnc/ssvnc.html + 362. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir + 363. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http + 364. http://sc.uvnc.com/javaviewer/index.html + 365. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 366. http://www.karlrunge.com/x11vnc/faq.html#infaq_ssl-router-redir + 367. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https + 368. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal + 369. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy + 370. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal + 371. http://www.karlrunge.com/x11vnc/index.html#firewalls + 372. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir + 373. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport + 374. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpport + 375. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https + 376. http://www.karlrunge.com/x11vnc/ssl-output.html + 377. http://www.karlrunge.com/x11vnc/java_console_direct.html 378. http://www.karlrunge.com/x11vnc/ssvnc.html - 379. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir - 380. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 381. http://www.karlrunge.com/x11vnc/java_console_proxy.html - 382. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer + 379. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext + 380. http://www.karlrunge.com/x11vnc/ss_vncviewer + 381. http://www.karlrunge.com/x11vnc/ssl-portal.html + 382. http://www.karlrunge.com/x11vnc/ssl.html 383. http://www.karlrunge.com/x11vnc/ssvnc.html - 384. http://www.karlrunge.com/x11vnc/ssl-portal.html - 385. http://www.karlrunge.com/x11vnc/ssl.html - 386. http://www.karlrunge.com/x11vnc/faq.html#infaq_display-manager-continuously - 387. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 388. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin - 389. http://www.karlrunge.com/x11vnc/faq.html#infaq_x11vnc_loop - 390. http://club.mandriva.com/xwiki/bin/view/KB/XwinXset - 391. http://www.karlrunge.com/x11vnc/index.html#firewalls - 392. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 393. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen - 394. http://www.karlrunge.com/x11vnc/faq.html#infaq_dtlogin_solaris - 395. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 396. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 397. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 398. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 399. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N - 400. http://www.jirka.org/gdm-documentation/x241.html - 401. http://www.karlrunge.com/x11vnc/x11vnc_loop - 402. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 403. http://www.karlrunge.com/x11vnc/faq.html#faq-xterminal-xauth - 404. http://www.karlrunge.com/x11vnc/index.html#firewalls - 405. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-inetd - 406. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-q, - 407. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 408. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin - 409. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi - 410. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-mdns - 411. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf - 412. http://www.avahi.org/ - 413. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 414. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 415. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 416. http://www.karlrunge.com/x11vnc/faq.html#infaq_stunnel-inetd - 417. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 418. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 419. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 420. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 421. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 422. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 423. http://www.karlrunge.com/x11vnc/find_display.html - 424. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 425. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 426. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 427. http://www.karlrunge.com/x11vnc/faq.html#faq-unix-passwords - 428. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 429. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 430. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int - 431. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 432. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 433. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 434. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb - 435. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 436. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 437. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 438. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 439. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 440. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 441. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 442. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 443. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 444. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir - 445. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http - 446. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy - 447. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 448. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote - 449. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit - 450. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vncconnect - 451. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy - 452. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy - 453. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy - 454. http://www.karlrunge.com/x11vnc/faq.html#infaq_localaccess - 455. http://www.karlrunge.com/x11vnc/faq.html#infaq_localaccess - 456. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 457. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 458. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 459. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 460. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 461. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 462. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms - 463. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 464. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 465. http://www.karlrunge.com/x11vnc/Xdummy - 466. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 467. http://www.karlrunge.com/x11vnc/xdm_one_shot.html - 468. http://www.karlrunge.com/x11vnc/faq.html#infaq_display-manager-continuously - 469. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 470. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 384. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir + 385. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers + 386. http://www.karlrunge.com/x11vnc/java_console_proxy.html + 387. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer + 388. http://www.karlrunge.com/x11vnc/ssvnc.html + 389. http://www.karlrunge.com/x11vnc/ssl-portal.html + 390. http://www.karlrunge.com/x11vnc/ssl.html + 391. http://www.karlrunge.com/x11vnc/faq.html#infaq_display-manager-continuously + 392. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd + 393. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin + 394. http://www.karlrunge.com/x11vnc/faq.html#infaq_x11vnc_loop + 395. http://club.mandriva.com/xwiki/bin/view/KB/XwinXset + 396. http://www.karlrunge.com/x11vnc/index.html#firewalls + 397. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth + 398. http://www.karlrunge.com/x11vnc/faq.html#infaq_dtlogin_solaris + 399. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen + 400. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 401. http://www.karlrunge.com/x11vnc/index.html#tunnelling + 402. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 403. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 404. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N + 405. http://www.jirka.org/gdm-documentation/x241.html + 406. http://www.karlrunge.com/x11vnc/x11vnc_loop + 407. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop + 408. http://www.karlrunge.com/x11vnc/faq.html#faq-xterminal-xauth + 409. http://www.karlrunge.com/x11vnc/index.html#firewalls + 410. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-inetd + 411. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-q, + 412. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth + 413. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin + 414. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi + 415. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-mdns + 416. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf + 417. http://www.avahi.org/ + 418. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd + 419. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 420. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 421. http://www.karlrunge.com/x11vnc/faq.html#infaq_stunnel-inetd + 422. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop + 423. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 424. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 425. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 426. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 427. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 428. http://www.karlrunge.com/x11vnc/find_display.html + 429. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 430. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 431. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 432. http://www.karlrunge.com/x11vnc/faq.html#faq-unix-passwords + 433. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 434. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users + 435. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int + 436. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 437. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 438. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users + 439. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb + 440. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer + 441. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 442. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 443. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 444. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc + 445. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 446. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop + 447. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop + 448. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 449. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir + 450. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http + 451. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy + 452. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect + 453. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote + 454. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit + 455. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vncconnect + 456. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy + 457. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy + 458. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy + 459. http://www.karlrunge.com/x11vnc/faq.html#infaq_localaccess + 460. http://www.karlrunge.com/x11vnc/faq.html#infaq_localaccess + 461. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 462. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 463. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 464. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 465. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 466. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 467. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms + 468. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 469. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc + 470. http://www.karlrunge.com/x11vnc/Xdummy 471. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 472. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 473. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 474. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 475. http://www.karlrunge.com/x11vnc/shm_clear - 476. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile - 477. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm - 478. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm - 479. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nap - 480. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait - 481. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sb - 482. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile - 483. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs - 484. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads - 485. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer - 486. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 487. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 488. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc - 489. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid - 490. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 491. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 492. http://www.tightvnc.com/ - 493. http://www.karlrunge.com/x11vnc/ssvnc.html - 494. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 472. http://www.karlrunge.com/x11vnc/xdm_one_shot.html + 473. http://www.karlrunge.com/x11vnc/faq.html#infaq_display-manager-continuously + 474. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 475. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 476. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 477. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 478. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 479. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 480. http://www.karlrunge.com/x11vnc/shm_clear + 481. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile + 482. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm + 483. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm + 484. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nap + 485. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait + 486. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sb + 487. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile + 488. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs + 489. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads + 490. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer + 491. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 492. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow + 493. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc + 494. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid 495. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 496. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid - 497. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-speeds - 498. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging - 499. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs - 500. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait - 501. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer - 502. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-progressive - 503. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 504. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel - 505. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor - 506. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos - 507. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-readtimeout - 508. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen - 509. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 510. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_area - 511. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_mem - 512. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage - 513. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage - 514. http://minimyth.org/ - 515. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl - 516. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 517. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode - 518. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode - 519. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging - 520. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode - 521. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads - 522. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe - 523. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollcopyrect - 524. http://www.karlrunge.com/x11vnc/faq.html#faq-pointer-mode - 525. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 526. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 527. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 528. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 529. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 530. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 531. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 532. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wirecopyrect - 533. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe - 534. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen - 535. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scr_skip - 536. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale - 537. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 538. http://www.karlrunge.com/x11vnc/index.html#beta-test - 539. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache - 540. http://www.karlrunge.com/x11vnc/ssvnc.html - 541. http://www.karlrunge.com/x11vnc/ssvnc.html#ycrop - 542. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_no_rootpixmap - 543. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_cr - 544. http://www.virtualgl.org/About/TurboVNC - 545. http://www.virtualgl.org/ - 546. http://sourceforge.net/project/showfiles.php?group_id=117509&package_id=166100 - 547. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait - 548. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer - 549. http://sourceforge.net/project/showfiles.php?group_id=117509&package_id=166100 - 550. http://www.karlrunge.com/x11vnc/ssvnc.html - 551. http://www.karlrunge.com/x11vnc/bins - 552. http://www.karlrunge.com/x11vnc/ssvnc.html - 553. http://www.virtualgl.org/About/Reports - 554. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 555. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor - 556. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor - 557. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay - 558. http://www.karlrunge.com/x11vnc/faq.html#infaq_the-overlay-mode - 559. http://www.karlrunge.com/x11vnc/index.html#solaris10-build - 560. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks - 561. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphacut - 562. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphafrac - 563. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alpharemove - 564. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape - 565. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noalphablend - 566. http://www.karlrunge.com/x11vnc/ssvnc.html - 567. http://www.tightvnc.com/ - 568. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor - 569. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursorpos - 570. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos - 571. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape - 572. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap - 573. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_pointer - 574. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap - 575. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak - 576. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless - 577. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak - 578. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard - 579. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak - 580. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb - 581. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys - 582. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak + 496. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 497. http://www.tightvnc.com/ + 498. http://www.karlrunge.com/x11vnc/ssvnc.html + 499. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 500. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect + 501. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid + 502. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching + 503. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache + 504. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-speeds + 505. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging + 506. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs + 507. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait + 508. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer + 509. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-progressive + 510. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 511. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-appshare + 512. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel + 513. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor + 514. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos + 515. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-readtimeout + 516. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen + 517. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow + 518. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_area + 519. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_mem + 520. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage + 521. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage + 522. http://minimyth.org/ + 523. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl + 524. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow + 525. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode + 526. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode + 527. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging + 528. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode + 529. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads + 530. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe + 531. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollcopyrect + 532. http://www.karlrunge.com/x11vnc/faq.html#faq-pointer-mode + 533. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow + 534. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 535. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 536. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 537. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow + 538. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect + 539. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 540. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wirecopyrect + 541. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe + 542. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen + 543. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scr_skip + 544. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale + 545. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect + 546. http://www.karlrunge.com/x11vnc/index.html#beta-test + 547. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache + 548. http://www.karlrunge.com/x11vnc/ssvnc.html + 549. http://www.karlrunge.com/x11vnc/ssvnc.html#ycrop + 550. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_no_rootpixmap + 551. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_cr + 552. http://www.virtualgl.org/About/TurboVNC + 553. http://www.virtualgl.org/ + 554. http://sourceforge.net/project/showfiles.php?group_id=117509&package_id=166100 + 555. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait + 556. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer + 557. http://sourceforge.net/project/showfiles.php?group_id=117509&package_id=166100 + 558. http://www.karlrunge.com/x11vnc/ssvnc.html + 559. http://www.karlrunge.com/x11vnc/bins + 560. http://www.karlrunge.com/x11vnc/ssvnc.html + 561. http://www.virtualgl.org/About/Reports + 562. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow + 563. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor + 564. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor + 565. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay + 566. http://www.karlrunge.com/x11vnc/faq.html#infaq_the-overlay-mode + 567. http://www.karlrunge.com/x11vnc/index.html#solaris10-build + 568. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks + 569. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphacut + 570. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphafrac + 571. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alpharemove + 572. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape + 573. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noalphablend + 574. http://www.karlrunge.com/x11vnc/ssvnc.html + 575. http://www.tightvnc.com/ + 576. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor + 577. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursorpos + 578. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos + 579. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape + 580. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap + 581. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_pointer + 582. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap 583. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak - 584. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 584. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless 585. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak 586. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard - 587. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless + 587. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak 588. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb 589. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys 590. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak - 591. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb - 592. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb - 593. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_keycodes - 594. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 595. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms - 596. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 597. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 598. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms - 599. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat - 600. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat - 601. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager - 602. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_mods - 603. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 604. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-capslock - 605. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_lockkeys - 606. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock - 607. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all - 608. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 609. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 610. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak + 591. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak + 592. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 593. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak + 594. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard + 595. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless + 596. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb + 597. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys + 598. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak + 599. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb + 600. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb + 601. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_keycodes + 602. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 603. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms + 604. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 605. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 606. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms + 607. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat + 608. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat + 609. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager + 610. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_mods 611. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 612. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 612. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-capslock 613. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_lockkeys - 614. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 615. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak - 616. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock - 617. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all - 618. http://www.karlrunge.com/x11vnc/faq.html#faq-scaling - 619. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale - 620. http://people.pwf.cam.ac.uk/ssb22/setup/vnc-magnification.html - 621. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport - 622. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui - 623. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 624. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale_cursor - 625. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-blackout - 626. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama - 627. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama - 628. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer - 629. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer - 630. http://www.karlrunge.com/x11vnc/faq.html#faq-solshm - 631. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile - 632. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm - 633. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip - 634. http://www.karlrunge.com/x11vnc/faq.html#faq-xinerama - 635. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 636. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 637. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xrandr - 638. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-padgeom - 639. http://www.karlrunge.com/x11vnc/ssvnc.html - 640. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate - 641. http://www.jwz.org/xscreensaver/man1.html - 642. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms - 643. http://www.beryl-project.org/ - 644. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage - 645. http://www.dslinux.org/blogs/pepsiman/?p=73 - 646. http://minimyth.org/ - 647. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 648. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb - 649. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 650. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 651. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 652. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput - 653. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput - 654. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb - 655. http://www.karlrunge.com/x11vnc/faq.html#faq-video - 656. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb - 657. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded - 658. http://www.karlrunge.com/x11vnc/faq.html#faq-video + 614. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock + 615. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all + 616. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 617. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 618. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak + 619. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 620. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 621. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_lockkeys + 622. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 623. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak + 624. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock + 625. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all + 626. http://www.karlrunge.com/x11vnc/faq.html#faq-scaling + 627. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale + 628. http://people.pwf.cam.ac.uk/ssb22/setup/vnc-magnification.html + 629. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport + 630. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui + 631. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect + 632. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale_cursor + 633. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-blackout + 634. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama + 635. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama + 636. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer + 637. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer + 638. http://www.karlrunge.com/x11vnc/faq.html#faq-solshm + 639. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile + 640. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm + 641. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip + 642. http://www.karlrunge.com/x11vnc/faq.html#faq-xinerama + 643. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 644. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 645. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xrandr + 646. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-padgeom + 647. http://www.karlrunge.com/x11vnc/ssvnc.html + 648. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate + 649. http://www.jwz.org/xscreensaver/man1.html + 650. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms + 651. http://www.beryl-project.org/ + 652. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage + 653. http://www.dslinux.org/blogs/pepsiman/?p=73 + 654. http://minimyth.org/ + 655. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc + 656. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb + 657. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc + 658. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id 659. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 660. http://www.karlrunge.com/x11vnc/faq.html#faq-video - 661. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 662. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded - 663. http://www.karlrunge.com/x11vnc/faq.html#faq-vmware - 664. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 665. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb - 666. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb - 667. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-24to32 - 668. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait - 669. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-slow_fb - 670. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer - 671. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-freqtab - 672. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb - 673. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput - 674. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput - 675. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 676. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 677. http://www.testplant.com/products/vine_server/OS_X - 678. http://www.apple.com/remotedesktop/ - 679. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 680. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 681. http://fredrik.hubbe.net/x2vnc.html - 682. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc - 683. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect + 660. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput + 661. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput + 662. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb + 663. http://www.karlrunge.com/x11vnc/faq.html#faq-video + 664. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb + 665. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded + 666. http://www.karlrunge.com/x11vnc/faq.html#faq-video + 667. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 668. http://www.karlrunge.com/x11vnc/faq.html#faq-video + 669. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc + 670. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded + 671. http://www.karlrunge.com/x11vnc/faq.html#faq-vmware + 672. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 673. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb + 674. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb + 675. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-24to32 + 676. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait + 677. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-slow_fb + 678. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer + 679. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-freqtab + 680. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb + 681. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput + 682. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput + 683. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb 684. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 685. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging - 686. http://sourceforge.net/projects/vnc-reflector/ - 687. http://www.tightvnc.com/projector/ - 688. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 689. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager - 690. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager - 691. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 692. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel - 693. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noprimary - 694. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-seldir - 695. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-input - 696. http://www.unixuser.org/~euske/vnc2swf/ - 697. http://wolphination.com/linux/2006/06/30/how-to-record-videos-of-your-desktop/ - 698. http://www.karlrunge.com/x11vnc/ssvnc.html - 699. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-tightfilexfer - 700. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 701. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer - 702. http://www.karlrunge.com/x11vnc/ssvnc.html - 703. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noultraext - 704. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms - 705. http://www.uvnc.com/addons/repeater.html - 706. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 707. http://www.uvnc.com/addons/singleclick.html - 708. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx - 709. http://www.karlrunge.com/x11vnc/single-click.html - 710. http://www.karlrunge.com/x11vnc/single-click.html - 711. http://www.karlrunge.com/x11vnc/index.html#firewalls - 712. http://sc.uvnc.com/ - 713. http://www.karlrunge.com/x11vnc/ssvnc.html - 714. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 715. http://www.karlrunge.com/x11vnc/single-click.html - 716. http://www.karlrunge.com/x11vnc/ssvnc.html - 717. http://www.karlrunge.com/x11vnc/single-click.html - 718. http://www.karlrunge.com/x11vnc/ssl.html - 719. http://www.karlrunge.com/x11vnc/single-click.html - 720. http://www.karlrunge.com/x11vnc/single-click.html#libssl-problems - 721. http://www.samba.org/ - 722. http://www.karlrunge.com/x11vnc/ssvnc.html - 723. http://www.cups.org/ - 724. http://www.karlrunge.com/x11vnc/ssvnc.html - 725. http://www.karlrunge.com/x11vnc/ssvnc.html - 726. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell - 727. http://www.karlrunge.com/x11vnc/faq.html#faq-sound - 728. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 729. http://jungla.dit.upm.es/~acosta/paginas/vncIPv6.html + 685. http://www.testplant.com/products/vine_server/OS_X + 686. http://www.apple.com/remotedesktop/ + 687. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 688. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nofb + 689. http://fredrik.hubbe.net/x2vnc.html + 690. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc + 691. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect + 692. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 693. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging + 694. http://sourceforge.net/projects/vnc-reflector/ + 695. http://www.tightvnc.com/projector/ + 696. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect + 697. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager + 698. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager + 699. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect + 700. http://www.jwz.org/doc/x-cut-and-paste.html + 701. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel + 702. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noprimary + 703. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noclipboard + 704. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosetprimary + 705. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosetclipboard + 706. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-seldir + 707. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-input + 708. http://www.unixuser.org/~euske/vnc2swf/ + 709. http://wolphination.com/linux/2006/06/30/how-to-record-videos-of-your-desktop/ + 710. http://www.karlrunge.com/x11vnc/ssvnc.html + 711. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-tightfilexfer + 712. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users + 713. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer + 714. http://www.karlrunge.com/x11vnc/ssvnc.html + 715. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noultraext + 716. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms + 717. http://www.uvnc.com/addons/repeater.html + 718. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect + 719. http://www.karlrunge.com/x11vnc/ultravnc_repeater.pl + 720. http://www.uvnc.com/addons/singleclick.html + 721. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx + 722. http://www.karlrunge.com/x11vnc/single-click.html + 723. http://www.karlrunge.com/x11vnc/single-click.html + 724. http://www.karlrunge.com/x11vnc/index.html#firewalls + 725. http://sc.uvnc.com/ + 726. http://www.karlrunge.com/x11vnc/ssvnc.html + 727. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 728. http://www.karlrunge.com/x11vnc/single-click.html + 729. http://www.karlrunge.com/x11vnc/ssvnc.html + 730. http://www.karlrunge.com/x11vnc/single-click.html + 731. http://www.karlrunge.com/x11vnc/ssl.html + 732. http://www.karlrunge.com/x11vnc/single-click.html + 733. http://www.karlrunge.com/x11vnc/single-click.html#libssl-problems + 734. http://www.samba.org/ + 735. http://www.karlrunge.com/x11vnc/ssvnc.html + 736. http://www.cups.org/ + 737. http://www.karlrunge.com/x11vnc/ssvnc.html + 738. http://www.karlrunge.com/x11vnc/ssvnc.html + 739. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell + 740. http://www.karlrunge.com/x11vnc/faq.html#faq-sound + 741. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd + 742. http://jungla.dit.upm.es/~acosta/paginas/vncIPv6.html ======================================================================= http://www.karlrunge.com/x11vnc/chainingssh.html: @@ -10217,6 +10427,11 @@ far-away.east:0" where ./x11vnc.crt is the copied certificate x11vnc printed out. + As fourth example, our [5]SSVNC enhanced tightvnc viewer can also use + these certificate files for server authentication. You can load them + via the SSVNC 'Certs...' dialog and set 'ServerCert' to the + certificate file you safely copied there. + Note that in principle the copying of the certificate to the client machine(s) itself could be altered in a Man-In-The-Middle attack! You can't win. It is unlikely the attacker could predict how you were @@ -10247,7 +10462,7 @@ server. The ".pem" file contains both the certificate and the private key and should be kept secret. (If you don't like the default location ~/.vnc/certs, e.g. it is on an NFS share and you are worried about - local network sniffing, use the [5]-ssldir dir option to point to a + local network sniffing, use the [6]-ssldir dir option to point to a different directory.) So the next time you run "x11vnc -ssl SAVE ..." it will read the @@ -10312,7 +10527,7 @@ clients will run. * One or more x11vnc server certs and keys are generated. * The x11vnc server cert is signed with the CA private key. - * x11vnc is run using the server key. (e.g. "[6]-ssl SAVE") + * x11vnc is run using the server key. (e.g. "[7]-ssl SAVE") * VNC clients (viewers) can now authenticate the x11vnc server because they have the CA certificate. @@ -10336,7 +10551,7 @@ * The VNC client certs+keys are safely distributed to the corresponding client machines. * x11vnc is told to verify clients by using the CA cert. (e.g. - "[7]-sslverify CA") + "[8]-sslverify CA") * When VNC clients (viewers) connect, they must authenticate themselves to x11vnc by using their client key. @@ -10346,19 +10561,19 @@ no need to keep the client key on the CA machine that generated and signed it. You can keep the client certs if you like because they are public, and they could also be used let in only a subset of all the - clients. (see [8]-sslverify) + clients. (see [9]-sslverify) _________________________________________________________________ How to do the above CA steps with x11vnc: Some utility commands are provided to ease the cert+key creation, - signing, and management: [9]-sslGenCA, [10]-sslGenCert, - [11]-sslDelCert, [12]-sslEncKey, [13]-sslCertInfo. They basically run + signing, and management: [10]-sslGenCA, [11]-sslGenCert, + [12]-sslDelCert, [13]-sslEncKey, [14]-sslCertInfo. They basically run the openssl(1) command for you to manage the certs/keys. It is required that openssl(1) is installed on the machine and available in PATH. All commands can be pointed to an alternate toplevel certificate - directory via the [14]-ssldir option if you don't want to use the + directory via the [15]-ssldir option if you don't want to use the default ~/.vnc/certs. 1) To generate your Certificate Authority (CA) cert and key run this: @@ -10370,7 +10585,7 @@ ~/.vnc/certs/CA/cacert.pem (the CA public certificate) ~/.vnc/certs/CA/private/cakey.pem (the CA private key) - If you want to use a different directory use [15]-ssldir It must + If you want to use a different directory use [16]-ssldir It must supplied with all subsequent SSL utility options to point them to the correct directory. @@ -10389,7 +10604,7 @@ 3) Start up x11vnc using this server key: x11vnc -ssl SAVE -display :0 ... - (SAVE corresponds to server.pem, see [16]-sslGenCert server somename + (SAVE corresponds to server.pem, see [17]-sslGenCert server somename info on creating additional server keys, server-somename.crt ...) 4) Next, safely copy the CA certificate to the VNC viewer (client) @@ -10428,9 +10643,14 @@ (then point the VNC viewer to localhost:1). Here is an example for the Unix stunnel wrapper script - [17]ss_vncviewer: + [18]ss_vncviewer: ss_vncviewer -verify ./cacert.pem far-away.east:0 + Our [19]SSVNC enhanced tightvnc viewer can also use the certificate + file for server authentication. You can load it via the SSVNC + 'Certs...' dialog and set 'ServerCert' to the cacert.pem file you + safely copied there. + _________________________________________________________________ Tricks for server keys: @@ -10460,7 +10680,8 @@ You don't have to use your own CA cert+key you can use a third party's. Perhaps you have a company-wide CA or you can even have your x11vnc certificate signed by a professional CA (e.g. www.thawte.com or - www.verisign.com). + www.verisign.com or perhaps the free certificate service + www.startcom.org or www.cacert.org). The advantage to doing this is that the VNC client machines will already have the CA certificates installed and you don't have to @@ -10535,19 +10756,19 @@ Where client.crt would be an individual client certificate; client-hash-dir a directory of file names based on md5 hashes of the - certs (see [18]-sslverify); and certs.txt signifies a single file full + certs (see [20]-sslverify); and certs.txt signifies a single file full of client certificates. Finally, connect with your VNC viewer using the key. Here is an - example for the Unix stunnel wrapper script [19]ss_vncviewer: using + example for the Unix stunnel wrapper script [21]ss_vncviewer: using client authentication (and the standard server authentication with the CA cert): ss_vncviewer -mycert ./dilbert.pem -verify ./cacert.pem far-away.east:0 - Our [20]SSVNC enhanced tightvnc viewer can also use these openssl .pem + Our [22]SSVNC enhanced tightvnc viewer can also use these openssl .pem files (you can load them via Certs... -> MyCert dialog). - It is also possible to use [21]-sslverify on a per-client key basis, + It is also possible to use [23]-sslverify on a per-client key basis, and also using self-signed client keys (x11vnc -sslGenCert client self:dilbert) @@ -10569,9 +10790,9 @@ sufficient and can be read by Mozilla/Firefox and Java... If you have trouble getting your Java Runtime to import and use the - cert+key, there is a workaround for the [22]SSL-enabled Java applet. + cert+key, there is a workaround for the [24]SSL-enabled Java applet. On the Web browser URL that retrieves the VNC applet, simply add a - "/?oneTimeKey=..." applet parameter (see [23]ssl-portal for more + "/?oneTimeKey=..." applet parameter (see [25]ssl-portal for more details on applet parameters; you don't need to do the full portal setup though). The value of the oneTimeKey will be the very long string that is output of the onetimekey program found in the @@ -10582,14 +10803,14 @@ HTTPS site via password. A cgi program then makes a one time key for the logged in user to use: it is passed back over HTTPS as the applet parameter in the URL and so cannot be sniffed. x11vnc is run to use - that key via [24]-sslverify. + that key via [26]-sslverify. Update: as of Apr 2007 in the 0.9.1 x11vnc tarball there is a new - option setting "[25]-users sslpeer=" that will do a switch user much - like [26]-unixpw does, but this time using the emailAddress field of + option setting "[27]-users sslpeer=" that will do a switch user much + like [28]-unixpw does, but this time using the emailAddress field of the Certificate subject of the verified Client. This mode requires - [27]-sslverify turned on to verify the clients via SSL. This mode can - be useful in situations using [28]-create or [29]-svc where a new X + [29]-sslverify turned on to verify the clients via SSL. This mode can + be useful in situations using [30]-create or [31]-svc where a new X server needs to be started up as the authenticated user (but unlike in -unixpw mode, the unix username is not obviously known). @@ -10597,7 +10818,7 @@ Additional utlities: - You can get information about your keys via [30]-sslCertInfo. These + You can get information about your keys via [32]-sslCertInfo. These lists all your keys: x11vnc -sslCertInfo list x11vnc -sslCertInfo ll @@ -10626,9 +10847,9 @@ More info: - See also this [31]article for some some general info and examples + See also this [33]article for some some general info and examples using stunnel and openssl on Windows with VNC. Also - [32]http://www.stunnel.org/faq/certs.html + [34]http://www.stunnel.org/faq/certs.html References @@ -10636,34 +10857,36 @@ 2. http://stunnel.mirt.net/ 3. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext 4. http://www.karlrunge.com/x11vnc/ss_vncviewer - 5. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssldir - 6. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 7. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 5. http://www.karlrunge.com/x11vnc/ssvnc.html + 6. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssldir + 7. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl 8. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 9. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA - 10. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert - 11. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslDelCert - 12. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslEncKey - 13. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCertInfo - 14. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssldir + 9. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 10. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA + 11. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert + 12. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslDelCert + 13. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslEncKey + 14. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCertInfo 15. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssldir 16. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssldir - 17. http://www.karlrunge.com/x11vnc/ss_vncviewer - 18. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 19. http://www.karlrunge.com/x11vnc/ss_vncviewer - 20. http://www.karlrunge.com/x11vnc/ssvnc.html - 21. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 22. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 23. http://www.karlrunge.com/x11vnc/ssl-portal.html - 24. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 25. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 26. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 27. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 28. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 29. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 30. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCertInfo - 31. http://www.securityfocus.com/infocus/1677 - 32. http://www.stunnel.org/faq/certs.html + 17. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssldir + 18. http://www.karlrunge.com/x11vnc/ss_vncviewer + 19. http://www.karlrunge.com/x11vnc/ssvnc.html + 20. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 21. http://www.karlrunge.com/x11vnc/ss_vncviewer + 22. http://www.karlrunge.com/x11vnc/ssvnc.html + 23. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 24. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers + 25. http://www.karlrunge.com/x11vnc/ssl-portal.html + 26. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 27. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users + 28. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 29. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 30. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 31. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 32. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCertInfo + 33. http://www.securityfocus.com/infocus/1677 + 34. http://www.stunnel.org/faq/certs.html ======================================================================= http://www.karlrunge.com/x11vnc/ssl-portal.html: @@ -10671,7 +10894,8 @@ _________________________________________________________________ - Using Apache as an SSL Gateway to x11vnc servers inside a firewall: + Using Apache as an SSL Gateway to multiple x11vnc servers inside a + firewall: Background: @@ -10712,10 +10936,10 @@ with its -proxy option. Simpler Solutions: This apache solution may be too much for you. It is - mainly intended for automatically redirecting to multiple workstations + mainly intended for automatically redirecting to MULTIPLE workstations inside the firewall. If you only have one inside machine that you want to access, the method described here is overly complicated. See - [3]below for some simpler (non-SSH) encrypted setups. + [3]below for some simpler (and still non-SSH) encrypted setups. There are numerous ways to achieve this with Apache. We present one of the simplest ones here. @@ -10927,7 +11151,7 @@ that is able to interact with the internal proxy for the VNC connection. See [10]this FAQ for more info on how this works. Note: sometimes with the Proxy case if you see 'Bad Gateway' error you will - have to wait 10 or so seconds and then his reload. This seems to be + have to wait 10 or so seconds and then hit reload. This seems to be due to having to wait for a Connection Keepalive to terminate... For completeness, the "trust" cases that skip a VNC certificate dialog @@ -11519,6 +11743,7 @@ [ssvnc.gif] [ssvnc_windows.gif] [ssvnc_macosx.gif] [3]. [4]. + The Enhanced TightVNC Viewer, SSVNC, adds encryption security to VNC connections. @@ -11542,8 +11767,11 @@ GUI as an enhanced replacement for the xvncviewer, xtightvncviewer, etc., viewers. - SSVNC also supports the [6]VeNCrypt SSL/TLS extension to VNC (Unix and - Mac OS X only.) + In addition to normal SSL, SSVNC also supports the [6]VeNCrypt SSL/TLS + and Vino/ANONTLS encryption extensions to VNC on Unix, Mac OS X, and + Windows. Via the provided SSVNC VeNCrypt bridge, VeNCrypt and ANONTLS + encryption also works with any third party VNC Viewer (e.g. RealVNC, + TightVNC, UltraVNC, etc...) you select via 'Change VNC Viewer'. The short name for this project is "ssvnc" for SSL/SSH VNC Viewer. This is the name of the command to start it. @@ -11552,9 +11780,9 @@ simplified [8]Terminal-Services mode (tsvnc) for use with x11vnc on the remote side. - It is also possible (although not recommended) to disable all - encryption: -noenc cmdline option; Ctrl-E toggle; or Vnc:// host - prefix; see the online Help for details. + It is also possible (although not recommended) to disable encryption: + -noenc cmdline option; Ctrl-E toggle; or Vnc:// host prefix; see the + online Help for details. The tool has many additional features; see the descriptions below. @@ -11583,20 +11811,29 @@ _________________________________________________________________ - Wrappers and a tcl/tk GUI were written and patches were created for - the TightVNC 1.3.9 vnc_unixsrc tree to add these features: + Feature List: + + Wrapper scripts and a tcl/tk GUI were written to create these features + for Unix, Mac OS X, and Windows: * SSL support for connections using the bundled stunnel program. * Automatic SSH connections from the GUI (system ssh is used on Unix and MacOS X; bundled plink is used on Windows) * Ability to Save and Load VNC profiles for different hosts. + * You can also use your own VNC Viewer, e.g. UltraVNC or RealVNC, + with the SSVNC encryption GUI front-end if you prefer. * Create or Import SSL Certificates and Private Keys. * Reverse (viewer listening) VNC connections via SSL and SSH. - * Support for Web [13]Proxies, SOCKS Proxies, and the [14]UltraVNC + * VeNCrypt SSL/TLS VNC encryption support (used by [13]VeNCrypt, + QEMU, ggi, libvirt/virt-manager/xen, vinagre/gvncviewer/gtk-vnc) + * ANONTLS SSL/TLS VNC encryption support (used by Vino) + * VeNCrypt and ANONTLS are also enabled for any 3rd party VNC Viewer + (e.g. RealVNC, TightVNC, UltraVNC ...) on Unix, MacOSX, and + Windows via the provided SSVNC VeNCrypt Viewer Bridge tool (use + 'Change VNC Viewer' to select the one you want.) + * Support for Web [14]Proxies, SOCKS Proxies, and the [15]UltraVNC repeater proxy (e.g. repeater://host:port+ID:1234). Multiple proxies may be chained together (3 max). * Support for SSH Gateway connections and non-standard SSH ports. - * You can also use your own VNC Viewer, e.g. UltraVNC or RealVNC, - with the SSVNC encryption GUI front-end if you like. * Automatic Service tunnelling via SSH for CUPS and SMB Printing, ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem mounting. * Sets up any additional SSH port redirections that you want. @@ -11610,33 +11847,31 @@ * Support for native MacOS X usage with bundled Chicken of the VNC viewer (the Unix X11 viewer is also provided for MacOS X, and is better IMHO. It is now the default on MacOS X.) - * [15]Dynamic VNC Server Port determination and redirection (using + * [16]Dynamic VNC Server Port determination and redirection (using ssh's builtin SOCKS proxy, ssh -D) for servers like x11vnc that print out PORT= at startup. * Unix Username and Password entry for use with "x11vnc -unixpw" type login dialogs. - * Simplified mode launched by command "[16]sshvnc" that is SSH Only. - * Simplified mode launched by command "[17]tsvnc" that provides a + * Simplified mode launched by command "[17]sshvnc" that is SSH Only. + * Simplified mode launched by command "[18]tsvnc" that provides a VNC "Terminal Services" mode (uses x11vnc on the remote side). - [18]Unix TightVNC Viewer improvements (these only apply to the Unix - VNC viewer, including Mac OS X): + Patches to TightVNC 1.3.9 vnc_unixsrc tree were created for [19]Unix + TightVNC Viewer improvements (these only apply to the Unix VNC viewer, + including MacOSX XQuartz): * rfbNewFBSize VNC support (dynamic screen resizing) * Client-side Scaling of the Desktop in the viewer. * ZRLE VNC encoding support (RealVNC's encoding) * Support for the ZYWRLE encoding, a wavelet based extension to ZRLE to improve compression of motion video and photo regions. - * [19]TurboVNC support ([20]VirtualGL's modified TightVNC encoding; + * [20]TurboVNC support ([21]VirtualGL's modified TightVNC encoding; requires TurboJPEG library) * Pipelined Updates of the framebuffer as in TurboVNC (asks for the next update before the current one has finished downloading; this gives some speedup on high latency connections.) - * Cursor [21]alphablending with x11vnc at 32bpp (-alpha option) + * Cursor [22]alphablending with x11vnc at 32bpp (-alpha option) * Option "-unixpw ..." for use with "x11vnc -unixpw" type login dialogs. - * VeNCrypt SSL/TLS VNC encryption support (used by [22]VeNCrypt, - QEMU, ggi, libvirt/virt-manager/xen, vinagre/gvncviewer/gtk-vnc) - * ANONTLS SSL/TLS VNC encryption support (used by vino) * Support for UltraVNC extensions: 1/n Server side scaling, Text Chat, Single Window, Disable Server-side Input. Both UltraVNC and x11vnc servers support these extensions. @@ -11648,12 +11883,12 @@ * Support for UltraVNC [24]Single Click operation. (both unencrypted: SC I, and SSL encrypted: SC III) * Support for UltraVNC [25]DSM Encryption Plugin symmetric - encryption mode. (ARC4, AESV2, and MSRC4) + encryption mode. (ARC4, AESV2, MSRC4, and SecureVNC) * Support for UltraVNC [26]MS-Logon authentication (NOTE: the UltraVNC MS-Logon key exchange implementation is very weak; an eavesdropper on the network can recover your Windows password - easily; you need to use an additional encrypted tunnel with - MS-Logon.) + easily in a few seconds; you need to use an additional encrypted + tunnel with MS-Logon.) * Support for symmetric encryption (including blowfish and 3des ciphers) to Non-UltraVNC Servers. Any server using the same encryption method will work, [27]e.g.: x11vnc -enc @@ -11666,6 +11901,10 @@ * Local Port Protections for STUNNEL and SSH: avoid having for long periods of time a listening port on the the local (VNC viewer) side that redirects to the remote side. + * Reverse (viewer listening) VNC connections can show a Popup dialog + asking whether to accept the connection or not (-acceptpopup.) The + extra info provided by UltraVNC Single Click reverse connections + is also supported (-acceptpopupsc) * Extremely low color modes: 64 and 8 colors in 8bpp (-use64/-bgr222, -use8/-bgr111) * Medium color mode: 16bpp mode on a 32bpp Viewer display @@ -11715,7 +11954,10 @@ Alternatively, on Unix you can use the [30]conventional source tarball. - Here is the Quick Start info from the README for how to do that: + _________________________________________________________________ + + Here is the Quick Start info from the README for how to setup and use + SSVNC: Quick Start: ----------- @@ -11725,7 +11967,7 @@ Unpack the archive: - % gzip -dc ssvnc-1.0.22.tar.gz | tar xvf - + % gzip -dc ssvnc-1.0.24.tar.gz | tar xvf - Run the GUI: @@ -11733,7 +11975,7 @@ % ./ssvnc/MacOSX/ssvnc (for Mac OS X) - The smaller file "ssvnc_no_windows-1.0.22.tar.gz" + The smaller file "ssvnc_no_windows-1.0.24.tar.gz" could have been used as well. On MacOSX you could also click on the SSVNC app icon in the Finder. @@ -11779,8 +12021,8 @@ For the conventional source tarball it will compile and install, e.g.: - gzip -dc ssvnc-1.0.22.src.tar.gz | tar xvf - - cd ssvnc-1.0.22 + gzip -dc ssvnc-1.0.24.src.tar.gz | tar xvf - + cd ssvnc-1.0.24 make config make all make PREFIX=/my/install/dir install @@ -11793,7 +12035,7 @@ Unzip, using WinZip or a similar utility, the zip file: - ssvnc-1.0.22.zip + ssvnc-1.0.24.zip Run the GUI, e.g.: @@ -11805,7 +12047,7 @@ select Open, and then OK to launch it. - The smaller file "ssvnc_windows_only-1.0.22.zip" + The smaller file "ssvnc_windows_only-1.0.24.zip" could have been used as well. You can make a Windows shortcut to this program if you want to. @@ -12024,7 +12266,7 @@ -noraiseonbeep -passwd (standard VNC authentication) -user (Unix login authentication) - -encodings (e.g. "tight copyrect") + -encodings (e.g. "tight,copyrect") -bgr233 -owncmap -truecolour @@ -12076,6 +12318,16 @@ the network to put (many) desktops on your screen over a long window of time. Use -multilisten for no limit. + -acceptpopup In -listen (reverse connection listening) mode when + a reverse VNC connection comes in show a popup asking + whether to Accept or Reject the connection. The IP + address of the connecting host is shown. Same as + setting the env. var. SSVNC_ACCEPT_POPUP=1. + + -acceptpopupsc As in -acceptpopup except assume UltraVNC Single + Click (SC) server. Retrieve User and ComputerName + info from UltraVNC Server and display in the Popup. + -use64 In -bgr233 mode, use 64 colors instead of 256. -bgr222 Same as -use64. @@ -12135,6 +12387,30 @@ -rawlocal Prefer raw encoding for localhost, default is no, i.e. assumes you have a SSH tunnel instead. + -notty Try to avoid using the terminal for interactive + responses: use windows for messages and prompting + instead. Messages will also be printed to terminal. + + -sendclipboard Send the X CLIPBOARD selection (i.e. Ctrl+C, + Ctrl+V) instead of the X PRIMARY selection (mouse + select and middle button paste.) + + -sendalways Whenever the mouse enters the VNC viewer main + window, send the selection to the VNC server even if + it has not changed. This is like the Xt resource + translation SelectionToVNC(always) + + -recvtext str When cut text is received from the VNC server, + ssvncviewer will set both the X PRIMARY and the + X CLIPBOARD local selections. To control which + is set, specify 'str' as 'primary', 'clipboard', + or 'both' (the default.) + + -graball Grab the entire X server when in fullscreen mode, + needed by some old window managers like fvwm2. + + -popupfix Warp the popup back to the pointer position, + needed by some old window managers like fvwm2. -sendclipboard Send the X CLIPBOARD selection (i.e. Ctrl+C, Ctrl+V) instead of the X PRIMARY selection (mouse select and middle button paste.) @@ -12245,9 +12521,9 @@ IMPORTANT NOTE: The UltraVNC MS-Logon Diffie-Hellman exchange is very weak and can be brute forced to recover - your username and password in a few hours or seconds of CPU - time. To be safe, be sure to use an additional encrypted - tunnel (e.g. SSL or SSH) for the entire VNC session. + your username and password in a few seconds of CPU time. + To be safe, be sure to use an additional encrypted tunnel + (e.g. SSL or SSH) for the entire VNC session. -chatonly Try to be a client that only does UltraVNC text chat. This mode is used by x11vnc to present a chat window on the @@ -12332,7 +12608,8 @@ Cursor Shape: ~ -nocursorshape X11 Cursor: ~ -x11cursor Cursor Alphablend: ~ -alpha - Toggle Tight/ZRLE: ~ -encodings ... + Toggle Tight/Hextile: ~ -encodings hextile... + Toggle Tight/ZRLE: ~ -encodings zrle... Toggle ZRLE/ZYWRLE: ~ -encodings zywrle... Quality Level ~ -quality (both Tight and ZYWRLE) Compress Level ~ -compresslevel @@ -12422,25 +12699,25 @@ "ssvnc_unix_only" (or "ssvnc_no_windows" to recompile). On Mac OS X? Use "ssvnc_no_windows". On Windows? Use "ssvnc_windows_only". - [47]ssvnc_windows_only-1.0.22.zip Windows Binaries Only. No source incl + [47]ssvnc_windows_only-1.0.24.zip Windows Binaries Only. No source incl uded (~6MB) - [48]ssvnc_no_windows-1.0.22.tar.gz Unix and Mac OS X Only. No Windows bin + [48]ssvnc_no_windows-1.0.24.tar.gz Unix and Mac OS X Only. No Windows bin aries. Source included. (~9MB) - [49]ssvnc_unix_only-1.0.22.tar.gz Unix Binaries Only. No source incl + [49]ssvnc_unix_only-1.0.24.tar.gz Unix Binaries Only. No source incl uded. (~6.5MB) - [50]ssvnc_unix_minimal-1.0.22.tar.gz Unix Minimal. You must supply your ow + [50]ssvnc_unix_minimal-1.0.24.tar.gz Unix Minimal. You must supply your ow n vncviewer and stunnel. (~0.1MB) - [51]ssvnc-1.0.22.tar.gz All Unix, Mac OS X, and Windows binari + [51]ssvnc-1.0.24.tar.gz All Unix, Mac OS X, and Windows binari es and source TGZ. (~15MB) - [52]ssvnc-1.0.22.zip All Unix, Mac OS X, and Windows binari + [52]ssvnc-1.0.24.zip All Unix, Mac OS X, and Windows binari es and source ZIP. (~15MB) - [53]ssvnc_all-1.0.22.zip All Unix, Mac OS X, and Windows binari + [53]ssvnc_all-1.0.24.zip All Unix, Mac OS X, and Windows binari es and source AND full archives in the zip dir. (~18MB) Here is a conventional source tarball: - [54]ssvnc-1.0.22.src.tar.gz Conventional Source for SSVNC GUI and + [54]ssvnc-1.0.24.src.tar.gz Conventional Source for SSVNC GUI and Unix VNCviewer (~0.4MB) it will be of use to those who do not want the SSVNC @@ -12458,18 +12735,19 @@ "ssvnc_all", you may need to run the "./build.unix" script in the top directory to recompile for your operating system. - Here are the corresponding 1.0.23 development bundles: + Here are the corresponding 1.0.25 development bundles (Please help + testing them): - [56]ssvnc_windows_only-1.0.23.zip - [57]ssvnc_no_windows-1.0.23.tar.gz - [58]ssvnc_unix_only-1.0.23.tar.gz - [59]ssvnc_unix_minimal-1.0.23.tar.gz - - [60]ssvnc-1.0.23.tar.gz - [61]ssvnc-1.0.23.zip - [62]ssvnc_all-1.0.23.zip + [56]ssvnc_windows_only-1.0.25.zip + [57]ssvnc_no_windows-1.0.25.tar.gz + [58]ssvnc_unix_only-1.0.25.tar.gz + [59]ssvnc_unix_minimal-1.0.25.tar.gz + + [60]ssvnc-1.0.25.tar.gz + [61]ssvnc-1.0.25.zip + [62]ssvnc_all-1.0.25.zip - [63]ssvnc-1.0.23.src.tar.gz Conventional Source for SSVNC GUI and + [63]ssvnc-1.0.25.src.tar.gz Conventional Source for SSVNC GUI and Unix VNCviewer (~0.4MB) @@ -12488,6 +12766,8 @@ [67]Release 1.0.20 at Sourceforge.net [68]Release 1.0.21 at Sourceforge.net [69]Release 1.0.22 at Sourceforge.net + [70]Release 1.0.23 at Sourceforge.net + [71]Release 1.0.24 at Sourceforge.net Please help test the UltraVNC File Transfer support in the native Unix @@ -12530,16 +12810,16 @@ redistribute the above because of cryptographic software they contain or for other reasons. Please check out your situation and information at the following and related sites: - [70]http://www.stunnel.org - [71]http://stunnel.mirt.net - [72]http://www.openssl.org - [73]http://www.chiark.greenend.org.uk/~sgtatham/putty/ - [74]http://www.tightvnc.com - [75]http://www.realvnc.com - [76]http://sourceforge.net/projects/cotvnc/ + [72]http://www.stunnel.org + [73]http://stunnel.mirt.net + [74]http://www.openssl.org + [75]http://www.chiark.greenend.org.uk/~sgtatham/putty/ + [76]http://www.tightvnc.com + [77]http://www.realvnc.com + [78]http://sourceforge.net/projects/cotvnc/ _________________________________________________________________ - README: Here is the toplevel [77]README from the bundle. + README: Here is the toplevel [79]README from the bundle. References @@ -12555,16 +12835,16 @@ 10. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#source 11. http://www.debian.org/security/2008/dsa-1571 12. http://www.karlrunge.com/x11vnc/ssvnc_untrusted_local_users.html - 13. http://www.karlrunge.com/x11vnc/ssvnc-proxies.html - 14. http://www.uvnc.com/addons/repeater.html - 15. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#dynamic-port - 16. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#sshvnc - 17. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#tsvnc - 18. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#unix-patches - 19. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc - 20. http://www.virtualgl.org/ - 21. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks - 22. http://sourceforge.net/projects/vencrypt/ + 13. http://sourceforge.net/projects/vencrypt/ + 14. http://www.karlrunge.com/x11vnc/ssvnc-proxies.html + 15. http://www.uvnc.com/addons/repeater.html + 16. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#dynamic-port + 17. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#sshvnc + 18. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#tsvnc + 19. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#unix-patches + 20. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc + 21. http://www.virtualgl.org/ + 22. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks 23. http://www.uvnc.com/addons/repeater.html 24. http://www.uvnc.com/addons/singleclick.html 25. http://www.uvnc.com/features/encryption.html @@ -12589,37 +12869,39 @@ 44. http://www.karlrunge.com/x11vnc/faq.html#faq-cups 45. http://www.karlrunge.com/x11vnc/faq.html#faq-sound 46. http://sourceforge.net/projects/ssvnc - 47. http://downloads.sourceforge.net/ssvnc/ssvnc_windows_only-1.0.22.zip?use_mirror= - 48. http://downloads.sourceforge.net/ssvnc/ssvnc_no_windows-1.0.22.tar.gz?use_mirror= - 49. http://downloads.sourceforge.net/ssvnc/ssvnc_unix_only-1.0.22.tar.gz?use_mirror= - 50. http://downloads.sourceforge.net/ssvnc/ssvnc_unix_minimal-1.0.22.tar.gz?use_mirror= - 51. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.22.tar.gz - 52. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.22.zip - 53. http://downloads.sourceforge.net/ssvnc/ssvnc_all-1.0.22.zip?use_mirror= - 54. http://downloads.sourceforge.net/ssvnc/ssvnc-1.0.22.src.tar.gz?use_mirror= + 47. http://downloads.sourceforge.net/ssvnc/ssvnc_windows_only-1.0.24.zip?use_mirror= + 48. http://downloads.sourceforge.net/ssvnc/ssvnc_no_windows-1.0.24.tar.gz?use_mirror= + 49. http://downloads.sourceforge.net/ssvnc/ssvnc_unix_only-1.0.24.tar.gz?use_mirror= + 50. http://downloads.sourceforge.net/ssvnc/ssvnc_unix_minimal-1.0.24.tar.gz?use_mirror= + 51. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.24.tar.gz + 52. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.24.zip + 53. http://downloads.sourceforge.net/ssvnc/ssvnc_all-1.0.24.zip?use_mirror= + 54. http://downloads.sourceforge.net/ssvnc/ssvnc-1.0.24.src.tar.gz?use_mirror= 55. http://www.karlrunge.com/x11vnc/etv/README.src.txt - 56. http://ssvnc.sourceforge.net/dev/ssvnc_windows_only-1.0.23.zip - 57. http://ssvnc.sourceforge.net/dev/ssvnc_no_windows-1.0.23.tar.gz - 58. http://ssvnc.sourceforge.net/dev/ssvnc_unix_only-1.0.23.tar.gz - 59. http://ssvnc.sourceforge.net/dev/ssvnc_unix_minimal-1.0.23.tar.gz - 60. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.23.tar.gz - 61. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.23.zip - 62. http://ssvnc.sourceforge.net/dev/ssvnc_all-1.0.23.zip - 63. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.23.src.tar.gz + 56. http://ssvnc.sourceforge.net/dev/ssvnc_windows_only-1.0.25.zip + 57. http://ssvnc.sourceforge.net/dev/ssvnc_no_windows-1.0.25.tar.gz + 58. http://ssvnc.sourceforge.net/dev/ssvnc_unix_only-1.0.25.tar.gz + 59. http://ssvnc.sourceforge.net/dev/ssvnc_unix_minimal-1.0.25.tar.gz + 60. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.25.tar.gz + 61. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.25.zip + 62. http://ssvnc.sourceforge.net/dev/ssvnc_all-1.0.25.zip + 63. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.25.src.tar.gz 64. http://www.karlrunge.com/x11vnc/etv/ssvnc 65. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=636282 66. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=636337 67. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=636338 68. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=640923 69. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=652804 - 70. http://www.stunnel.org/ - 71. http://stunnel.mirt.net/ - 72. http://www.openssl.org/ - 73. http://www.chiark.greenend.org.uk/~sgtatham/putty/ - 74. http://www.tightvnc.com/ - 75. http://www.realvnc.com/ - 76. http://sourceforge.net/projects/cotvnc/ - 77. http://www.karlrunge.com/x11vnc/README.ssvnc.html + 70. http://sourceforge.net/projects/ssvnc/files/ssvnc/1.0.23/ + 71. http://sourceforge.net/projects/ssvnc/files/ssvnc/1.0.24/ + 72. http://www.stunnel.org/ + 73. http://stunnel.mirt.net/ + 74. http://www.openssl.org/ + 75. http://www.chiark.greenend.org.uk/~sgtatham/putty/ + 76. http://www.tightvnc.com/ + 77. http://www.realvnc.com/ + 78. http://sourceforge.net/projects/cotvnc/ + 79. http://www.karlrunge.com/x11vnc/README.ssvnc.html ======================================================================= http://www.karlrunge.com/x11vnc/x11vnc_opts.html: @@ -12632,98 +12914,100 @@ Here are all of x11vnc command line options: % x11vnc -opts (see below for -help long descriptions) -x11vnc: allow VNC connections to real X11 displays. 0.9.8 lastmod: 2009-06-14 +x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-21 x11vnc options: -display disp -auth file -N -autoport n -rfbport str -reopen -reflect host:N -id windowid -sid windowid - -clip WxH+X+Y -flashcmap -shiftcmap n - -notruecolor -advertise_truecolor -visual n - -overlay -overlay_nocursor -8to24 [opts] - -24to32 -scale fraction -geometry WxH - -scale_cursor frac -viewonly -shared - -once -forever -loop - -timeout n -sleepin n -inetd - -tightfilexfer -ultrafilexfer -http - -http_ssl -avahi -mdns - -zeroconf -connect string -connect_or_exit str - -proxy string -vncconnect -novncconnect - -allow host1[,host2..] -localhost -nolookup - -input string -grabkbd -grabptr - -grabalways -viewpasswd string -passwdfile filename - -unixpw [list] -unixpw_nis [list] -unixpw_cmd cmd - -find -finddpy -listdpy + -appshare -clip WxH+X+Y -flashcmap + -shiftcmap n -notruecolor -advertise_truecolor + -visual n -overlay -overlay_nocursor + -8to24 [opts] -24to32 -scale fraction + -geometry WxH -scale_cursor frac -viewonly + -shared -once -forever + -loop -timeout n -sleepin n + -inetd -tightfilexfer -ultrafilexfer + -http -http_ssl -avahi + -mdns -zeroconf -connect string + -connect_or_exit str -proxy string -vncconnect + -novncconnect -allow host1[,host2..] -localhost + -nolookup -input string -grabkbd + -grabptr -grabalways -viewpasswd string + -passwdfile filename -showrfbauth filename -unixpw [list] + -unixpw_nis [list] -unixpw_cmd cmd -find + -finddpy -listdpy -findauth [disp] -create -xdummy -xvnc -xvnc_redirect -svc -svc_xdummy -svc_xvnc -xdmsvc -sshxdmsvc - -redirect port -display WAIT:... -vencrypt mode - -anontls mode -sslonly -dhparams file - -nossl -ssl [pem] -ssltimeout n - -sslnofail -ssldir [dir] -sslverify [path] - -sslCRL path -sslGenCA [dir] -sslGenCert type name - -sslEncKey [pem] -sslCertInfo [pem] -sslDelCert [pem] - -stunnel [pem] -stunnel3 [pem] -enc cipher:keyfile - -https [port] -httpsredir [port] -http_oneport - -ssh user@host:disp -usepw -storepasswd pass file - -nopw -accept string -afteraccept string - -gone string -users list -noshm - -flipbyteorder -onetile -solid [color] - -blackout string -xinerama -noxinerama - -xtrap -xrandr [mode] -rotate string - -padgeom WxH -o logfile -flag file - -rmflag file -rc filename -norc - -env VAR=VALUE -prog /path/to/x11vnc -h, -help - -?, -opts -V, -version -license - -dbg -q, -quiet -v, -verbose - -bg -modtweak -nomodtweak - -xkb -noxkb -capslock - -skip_lockkeys -noskip_lockkeys -skip_keycodes string - -sloppy_keys -skip_dups -noskip_dups - -add_keysyms -noadd_keysyms -clear_mods - -clear_keys -clear_all -remap string - -norepeat -repeat -nofb - -nobell -nosel -noprimary - -nosetprimary -noclipboard -nosetclipboard - -seldir string -cursor [mode] -nocursor - -cursor_drag -arrow n -noxfixes - -alphacut n -alphafrac fraction -alpharemove - -noalphablend -nocursorshape -cursorpos - -nocursorpos -xwarppointer -noxwarppointer - -buttonmap string -nodragging -ncache n - -ncache_cr -ncache_no_moveraise -ncache_no_dtchange - -ncache_no_rootpixmap -ncache_keep_anims -ncache_old_wm - -ncache_pad n -debug_ncache -wireframe [str] - -nowireframe -nowireframelocal -wirecopyrect mode - -nowirecopyrect -debug_wireframe -scrollcopyrect mode - -noscrollcopyrect -scr_area n -scr_skip list - -scr_inc list -scr_keys list -scr_term list - -scr_keyrepeat lo-hi -scr_parms string -fixscreen string - -debug_scroll -noxrecord -grab_buster - -nograb_buster -debug_grabs -debug_sel - -pointer_mode n -input_skip n -allinput - -speeds rd,bw,lat -wmdt string -debug_pointer - -debug_keyboard -defer time -wait time - -wait_ui factor -setdefer n -nowait_bog - -slow_fb time -xrefresh time -nap - -nonap -sb time -readtimeout n - -ping n -nofbpm -fbpm - -nodpms -dpms -forcedpms - -clientdpms -noserverdpms -noultraext - -chatwindow -noxdamage -xd_area A - -xd_mem f -sigpipe string -threads - -nothreads -fs f -gaps n - -grow n -fuzz n -debug_tiles - -snapfb -rawfb string -freqtab file - -pipeinput cmd -macnodim -macnosleep - -macnosaver -macnowait -macwheel n - -macnoswap -macnoresize -maciconanim n - -macmenu -macuskbd -gui [gui-opts] - -remote command -query variable -QD variable - -sync -noremote -yesremote - -unsafe -safer -privremote - -nocmds -allowedcmds list -deny_all - + -unixpw_system_greeter -redirect port -display WAIT:... + -vencrypt mode -anontls mode -sslonly + -dhparams file -nossl -ssl [pem] + -ssltimeout n -sslnofail -ssldir [dir] + -sslverify [path] -sslCRL path -sslGenCA [dir] + -sslGenCert type name -sslEncKey [pem] -sslCertInfo [pem] + -sslDelCert [pem] -stunnel [pem] -stunnel3 [pem] + -enc cipher:keyfile -https [port] -httpsredir [port] + -http_oneport -ssh user@host:disp -usepw + -storepasswd pass file -nopw -accept string + -afteraccept string -gone string -users list + -noshm -flipbyteorder -onetile + -solid [color] -blackout string -xinerama + -noxinerama -xtrap -xrandr [mode] + -rotate string -padgeom WxH -o logfile + -flag file -rmflag file -rc filename + -norc -env VAR=VALUE -prog /path/to/x11vnc + -h, -help -?, -opts -V, -version + -license -dbg -q, -quiet + -v, -verbose -bg -modtweak + -nomodtweak -xkb -noxkb + -capslock -skip_lockkeys -noskip_lockkeys + -skip_keycodes string -sloppy_keys -skip_dups + -noskip_dups -add_keysyms -noadd_keysyms + -clear_mods -clear_keys -clear_all + -remap string -norepeat -repeat + -nofb -nobell -nosel + -noprimary -nosetprimary -noclipboard + -nosetclipboard -seldir string -cursor [mode] + -nocursor -cursor_drag -arrow n + -noxfixes -alphacut n -alphafrac fraction + -alpharemove -noalphablend -nocursorshape + -cursorpos -nocursorpos -xwarppointer + -noxwarppointer -buttonmap string -nodragging + -ncache n -ncache_cr -ncache_no_moveraise + -ncache_no_dtchange -ncache_no_rootpixmap -ncache_keep_anims + -ncache_old_wm -ncache_pad n -debug_ncache + -wireframe [str] -nowireframe -nowireframelocal + -wirecopyrect mode -nowirecopyrect -debug_wireframe + -scrollcopyrect mode -noscrollcopyrect -scr_area n + -scr_skip list -scr_inc list -scr_keys list + -scr_term list -scr_keyrepeat lo-hi -scr_parms string + -fixscreen string -debug_scroll -noxrecord + -grab_buster -nograb_buster -debug_grabs + -debug_sel -pointer_mode n -input_skip n + -allinput -speeds rd,bw,lat -wmdt string + -debug_pointer -debug_keyboard -defer time + -wait time -extra_fbur n -wait_ui factor + -setdefer n -nowait_bog -slow_fb time + -xrefresh time -nap -nonap + -sb time -readtimeout n -ping n + -nofbpm -fbpm -nodpms + -dpms -forcedpms -clientdpms + -noserverdpms -noultraext -chatwindow + -noxdamage -xd_area A -xd_mem f + -sigpipe string -threads -nothreads + -fs f -gaps n -grow n + -fuzz n -debug_tiles -snapfb + -rawfb string -freqtab file -pipeinput cmd + -macnodim -macnosleep -macnosaver + -macnowait -macwheel n -macnoswap + -macnoresize -maciconanim n -macmenu + -macuskbd -gui [gui-opts] -remote command + -query variable -QD variable -sync + -query_retries str -remote_prefix str -noremote + -yesremote -unsafe -safer + -privremote -nocmds -allowedcmds list + -deny_all libvncserver options: -rfbport port TCP port for RFB protocol @@ -12757,7 +13041,7 @@ % x11vnc -help -x11vnc: allow VNC connections to real X11 displays. 0.9.8 lastmod: 2009-06-14 +x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-21 (type "x11vnc -opts" to just list the options.) @@ -12821,6 +13105,17 @@ before startup. Same as -xauth file. See Xsecurity(7), xauth(1) man pages for more info. + Use '-auth guess' to have x11vnc use its -findauth + mechanism (described below) to try to guess the + XAUTHORITY filename and use it. + + XDM/GDM/KDM: if you are running x11vnc as root and want + to find the XAUTHORITY before anyone has logged into an + X session yet, use: x11vnc -env FD_XDM=1 -auth guess ... + (This will also find the XAUTHORITY if a user is already + logged into the X session.) When running as root, + FD_XDM=1 will be tried if the initial -auth guess fails. + -N If the X display is :N, try to set the VNC display to also be :N This just sets the -rfbport option to 5900+N The program will exit immediately if that port is not @@ -12842,7 +13137,18 @@ for display managers like GDM (KillInitClients option) that kill x11vnc just after the user logs into the X session. Note: the reopened state may be unstable. - Set X11VNC_REOPEN_DISPLAY=n to reopen n times. + Set X11VNC_REOPEN_DISPLAY=n to reopen n times and + set X11VNC_REOPEN_SLEEP_MAX to the number of seconds, + default 10, to keep trying to reopen the display (once + per second.) + + Update: as of 0.9.9, x11vnc tries to automatically avoid + being killed by the display manager by delaying creating + windows or using XFIXES. So you shouldn't need to use + KillInitClients=false as long as you log in quickly + enough (within 45 seconds of connecting.) You can + disable this by setting X11VNC_AVOID_WINDOWS=never. + You can also set it to the number of seconds to delay. -reflect host:N Instead of connecting to and polling an X display, connect to the remote VNC server host:N and be a @@ -12871,6 +13177,14 @@ shifts a root view to it: this shows SaveUnders menus, etc, although they will be clipped if they extend beyond the window. + +-appshare Simple application sharing based on the -id/-sid + mechanism. Every new toplevel window that the + application creates induces a new viewer window via + a reverse connection. The -id/-sid and -connect + options are required. Run 'x11vnc -appshare -help' + for more info. + -clip WxH+X+Y Only show the sub-region of the full display that corresponds to the rectangle geometry with size WxH and offset +X+Y. The VNC display has size WxH (i.e. smaller @@ -12975,10 +13289,10 @@ an improvement over -flashcmap because it avoids the flashing and shows each window in the correct color. - This method appear to work, but may still have bugs - and it does hog resources. If there are multiple 8bpp - windows using different colormaps, one may have to - iconify all but one for the colors to be correct. + This method works OK, but may still have bugs and it + does hog resources. If there are multiple 8bpp windows + using different colormaps, one may have to iconify all + but one for the colors to be correct. There may be painting errors for clipping and switching between windows of depths 8 and 24. Heuristics are @@ -13042,8 +13356,8 @@ is needed for the latter, feel free to ask). -scale fraction Scale the framebuffer by factor "fraction". Values - less than 1 shrink the fb, larger ones expand it. Note: - image may not be sharp and response may be slower. + less than 1 shrink the fb, larger ones expand it. Note: + the image may not be sharp and response may be slower. If "fraction" contains a decimal point "." it is taken as a floating point number, alternatively the notation "m/n" may be used to denote fractions @@ -13120,6 +13434,18 @@ -timeout n Exit unless a client connects within the first n seconds after startup. + If there have been no connection attempts after n + seconds x11vnc exits immediately. If a client is + trying to connect but has not progressed to the normal + operating state, x11vnc gives it a few more seconds + to finish and exits if it does not make it to the + normal state. + + For reverse connections via -connect or -connect_or_exit + a timeout of n seconds will be set for all reverse + connects. If the connect timeout alarm goes off, + x11vnc will exit immediately. + -sleepin n At startup sleep n seconds before proceeding (e.g. to allow redirs and listening clients to start up) @@ -13214,8 +13540,7 @@ Repeater mode: Some services provide an intermediate "vnc repeater": http://www.uvnc.com/addons/repeater.html (and also http://koti.mbnet.fi/jtko/ for linux port) - that acts as a proxy / gateway. Modes like these requir -e + that acts as a proxy/gateway. Modes like these require an initial string to be sent for the reverse connection before the VNC protocol is started. Here are the ways to do this: @@ -13324,6 +13649,15 @@ X11VNC_REMOTE channel, and this option disables/enables it as well. Default: -vncconnect + To use different names for these X11 properties (e.g. to + have separate communication channels for multiple + x11vnc's on the same display) set the VNC_CONNECT or + X11VNC_REMOTE env. vars. to the string you want, for + example: -env X11VNC_REMOTE=X11VNC_REMOTE_12345 + Both sides of the channel must use the same unique name. + The same can be done for the internal X11VNC_TICKER + property (heartbeat and timestamp) if desired. + -allow host1[,host2..] Only allow client connections from hosts matching the comma separated list of hostnames or IP addresses. Can also be a numerical IP prefix, e.g. "192.168.100." @@ -13479,19 +13813,22 @@ and last line be "__BEGIN_VIEWONLY__" to have 2 full-access passwords) +-showrfbauth filename Print to the screen the obscured VNC password kept in + the rfbauth file "filename" and then exit. + -unixpw [list] Use Unix username and password authentication. x11vnc - uses the su(1) program to verify the user's password. - [list] is an optional comma separated list of allowed - Unix usernames. If the [list] string begins with the - character "!" then the entire list is taken as an - exclude list. See below for per-user options that can - be applied. + will use the su(1) program to verify the user's + password. [list] is an optional comma separated list + of allowed Unix usernames. If the [list] string begins + with the character "!" then the entire list is taken + as an exclude list. See below for per-user options + that can be applied. A familiar "login:" and "Password:" dialog is presented to the user on a black screen inside the vncviewer. The connection is dropped if the user fails to supply the correct password in 3 tries or does not - send one before a 25 second timeout. Existing clients + send one before a 45 second timeout. Existing clients are view-only during this period. If the first character received is "Escape" then the @@ -13501,8 +13838,9 @@ Since the detailed behavior of su(1) can vary from OS to OS and for local configurations, test the mode - carefully. x11vnc will attempt to be conservative and - reject a login if anything abnormal occurs. + before deployment to make sure it is working properly. + x11vnc will attempt to be conservative and reject a + login if anything abnormal occurs. One case to note: FreeBSD and the other BSD's by default it is impossible for the user running x11vnc to @@ -13535,7 +13873,7 @@ to come from the same machine x11vnc is running on (e.g. from a ssh -L port redirection). And that the -stunnel SSL mode be used for encryption over the - network.(see the description of -stunnel below). + network. (see the description of -stunnel below). Note: as a convenience, if you ssh(1) in and start x11vnc it will check if the environment variable @@ -13550,20 +13888,24 @@ environment variables before starting x11vnc: Set UNIXPW_DISABLE_SSL=1 to disable requiring either - -ssl or -stunnel. Evidently you will be using a - different method to encrypt the data between the - vncviewer and x11vnc: perhaps ssh(1) or an IPSEC VPN. - - Note that use of -localhost with ssh(1) is roughly - the same as requiring a Unix user login (since a Unix - password or the user's public key authentication is - used by sshd on the machine where x11vnc runs and only - local connections from that machine are accepted). + -ssl or -stunnel (as under SSH_CONNECTION.) Evidently + you will be using a different method to encrypt the + data between the vncviewer and x11vnc: perhaps ssh(1) + or an IPSEC VPN. -localhost is still enforced (however, + see the next paragraph.) Set UNIXPW_DISABLE_LOCALHOST=1 to disable the -localhost - requirement in Method 2). One should never do this + requirement in -unixpw modes. One should never do this (i.e. allow the Unix passwords to be sniffed on the - network). + network.) This also disables the localhost requirement + for reverse connections (see below.) + + Note that use of -localhost with ssh(1) (and no -unixpw) + is roughly the same as requiring a Unix user login + (since a Unix password or the user's public key + authentication is used by sshd on the machine where + x11vnc runs and only local connections from that machine + are accepted). Regarding reverse connections (e.g. -R connect:host and -connect host), when the -localhost constraint is @@ -13581,7 +13923,7 @@ in -inetd mode (thereby bypassing inetd). See the FAQ for details. - The user names in the comma separated [list] can have + The user names in the comma separated [list] may have per-user options after a ":", e.g. "fred:opts" where "opts" is a "+" separated list of "viewonly", "fullaccess", "input=XXXX", or @@ -13589,13 +13931,13 @@ For "input=" it is the K,M,B,C described under -input. If an item in the list is "*" that means those - options apply to all users. It also means all users + options apply to all users. It ALSO implies all users are allowed to log in after supplying a valid password. Use "deny" to explicitly deny some users if you use - "*" to set a global option. If [list] begins with - the "!" character then "*" is ignored for checking - if the user is allowed, but the any value of options - associated with it does apply as normal. + "*" to set a global option. If [list] begins with the + "!" character then "*" is ignored for checking if + the user is allowed, but the option values associated + with it do apply as normal. There are also some utilities for testing password if [list] starts with the "%" character. See the @@ -13620,32 +13962,89 @@ NIS is not required for this mode to work (only that getpwnam(3) return the encrypted password is required), - but it is unlikely it will work for any most modern - environments unless x11vnc is run as root to be able - to access /etc/shadow (note running as root is often - done when running x11vnc from inetd and xdm/gdm/kdm). + but it is unlikely it will work (as an ordinary user) + for most modern environments unless NIS is available. + On the other hand, when x11vnc is run as root it will + be able to to access /etc/shadow even if NIS is not + available (note running as root is often done when + running x11vnc from inetd and xdm/gdm/kdm). Looked at another way, if you do not want to use the - su(1) method provided by -unixpw, you can run x11vnc - as root and use -unixpw_nis. Any users with passwords - in /etc/shadow can then be authenticated. You may want - to use -users unixpw= to switch the process user after - the user logs in. + su(1) method provided by -unixpw (i.e. su_verify()), you + can run x11vnc as root and use -unixpw_nis. Any users + with passwords in /etc/shadow can then be authenticated. + + In -unixpw_nis mode, under no circumstances is x11vnc's + user password verifying function based on su called + (i.e. the function su_verify() that runs /bin/su + in a pseudoterminal to verify passwords.) However, + if -unixpw_nis is used in conjunction with the -find + and -create -display WAIT:... modes then, if x11vnc is + running as root, /bin/su may be called externally to + run the find or create commands. -unixpw_cmd cmd As -unixpw above, however do not use su(1) but rather run the externally supplied command "cmd". The first - line of its stdin will the username and the second line - the received password. If the command exits with status - 0 (success) the VNC client will be accepted. It will be - rejected for any other return status. - - Dynamic passwords and non-unix passwords can be - implemented this way by providing your own custom helper - program. Note that under unixpw mode the remote viewer - is given 3 tries to enter the correct password. - - If a list of allowed users is needed use -unixpw [list] - in addition to this option. + line of its stdin will be the username and the second + line the received password. If the command exits + with status 0 (success) the VNC user will be accepted. + It will be rejected for any other return status. + + Dynamic passwords and non-unix passwords, e.g. LDAP, + can be implemented this way by providing your own custom + helper program. Note that the remote viewer is given 3 + tries to enter the correct password, and so the program + may be called in a row that many (or more) times. + + If a list of allowed users is needed to limit who can + log in, use -unixpw [list] in addition to this option. + + In FINDDISPLAY and FINDCREATEDISPLAY modes the "cmd" + will also be run with the RFB_UNIXPW_CMD_RUN env. var. + non-empty and set to the corresponding display + find/create command. The first two lines of input are + the username and passwd as in the normal case described + above. To support FINDDISPLAY and FINDCREATEDISPLAY, + "cmd" should run the requested command as the user + (and most likely refusing to run it if the password is + not correct.) Here is an example script (note it has + a hardwired bogus password "abc"!) + + #!/bin/sh + # Example x11vnc -unixpw_cmd script. + # Read the first two lines of stdin (user and passwd) + read user + read pass + + debug=0 + if [ $debug = 1 ]; then + echo "user: $user" 1>&2 + echo "pass: $pass" 1>&2 + env | egrep -i 'rfb|vnc' 1>&2 + fi + + # Check if the password is valid. + # (A real example would use ldap lookup, etc!) + if [ "X$pass" != "Xabc" ]; then + exit 1 # incorrect password + fi + + if [ "X$RFB_UNIXPW_CMD_RUN" = "X" ]; then + exit 0 # correct password + else + # Run the requested command (finddisplay) + if [ $debug = 1 ]; then + echo "run: $RFB_UNIXPW_CMD_RUN" 1>&2 + fi + exec /bin/su - "$user" -c "$RFB_UNIXPW_CMD_RUN" + fi + + In -unixpw_cmd mode, under no circumstances is x11vnc's + user password verifying function based on su called + (i.e. the function su_verify() that runs /bin/su in a + pseudoterminal to verify passwords.) It is up to the + supplied unixpw_cmd to do user switching if desired + and if it has the permissions to do so. -find Find the user's display using FINDDISPLAY. This is an alias for "-display WAIT:cmd=FINDDISPLAY". @@ -13662,6 +14061,25 @@ (i.e. all the X displays on the local machine that you have access rights to). +-findauth [disp] Apply the -find/-finddpy heuristics to try to guess + the XAUTHORITY file for DISPLAY 'disp'. If 'disp' + is not supplied, then the value in the -display on + the cmdline is used; failing that $DISPLAY is used; + and failing that ":0" is used. + + If nothing is printed out, that means no XAUTHORITY was + found for 'disp'; i.e. failure. If "XAUTHORITY=" + is printed out, that means use the default (i.e. do + not set XAUTHORITY). If "XAUTHORITY=/path/to/file" + is printed out, then use that file. + + XDM/GDM/KDM: if you are running x11vnc as root and want + to find the XAUTHORITY before anyone has logged into an + X session yet, use: x11vnc -env FD_XDM=1 -findauth ... + (This will also find the XAUTHORITY if a user is already + logged into the X session.) When running as root, + FD_XDM=1 will be tried if the initial -findauth fails. + -create First try to find the user's display using FINDDISPLAY, if that doesn't succeed create an X session via the FINDCREATEDISPLAY method. This is an alias for @@ -13692,6 +14110,10 @@ under -display WAIT:... for more details about XDM, etc configuration. + Remember to enable XDMCP in the xdm-config, gdm.conf, + or kdmrc configuration file. See -display WAIT: for + more info. + -sshxdmsvc Display manager Terminal services mode based on SSH. Alias for -display WAIT:cmd=FINDCREATEDISPLAY-Xvfb.xdmcp -localhost. @@ -13704,6 +14126,52 @@ under -display WAIT:... for more details about XDM, etc configuration. + Remember to enable XDMCP in the xdm-config, gdm.conf, + or kdmrc configuration file. See -display WAIT: for + more info. + +-unixpw_system_greeter Present a "Press 'Escape' for System Greeter" option + to the connecting VNC client in combined -unixpw + and xdmcp FINDCREATEDISPLAY modes (e.g. -xdmsvc). + + Normally in a -unixpw mode the VNC client must + supply a valid username and password to gain access. + However, if -unixpw_system_greeter is supplied AND + the FINDCREATEDISPLAY command matches 'xdmcp', then + the user has the option to press Escape and then get a + XDM/GDM/KDM login/greeter panel instead. They will then + supply a username and password directly to the greeter. + + Otherwise, in xdmcp FINDCREATEDISPLAY mode the user + must supply his username and password TWICE. First to + the initial unixpw login dialog, and second to the + subsequent XDM/GDM/KDM greeter. Note that if the user + re-connects and supplies his username and password in + the unixpw dialog the xdmcp greeter is skipped and + he is connected directly to his existing X session. + So the -unixpw_system_greeter option avoids the extra + password at X session creation time. + + Example: x11vnc -xdmsvc -unixpw_system_greeter + See -unixpw and -display WAIT:... for more info. + + The special options after a colon at the end of the + username (e.g. user:solid) described under -display + WAIT: are also applied in this mode if they are typed + in before the user hits Escape. The username is ignored + but the colon options are not. + + The default message is 2 lines in a small font, set + the env. var. X11VNC_SYSTEM_GREETER1=true for a 1 line + message in a larger font. + + If the user pressed Escape the FINDCREATEDISPLAY command + will be run with the env. var. X11VNC_XDM_ONLY=1. + + Remember to enable XDMCP in the xdm-config, gdm.conf, + or kdmrc configuration file. See -display WAIT: for + more info. + -redirect port As in FINDCREATEDISPLAY-Xvnc.redirect mode except redirect immediately (i.e. without X session finding or creation) to a VNC server listening on port. You @@ -13762,19 +14230,26 @@ xauth extract - $DISPLAY" - In the case of -unixpw (but not -unixpw_nis), then the - cmd= command is run as the user who just authenticated - via the login and password prompt. + In the case of -unixpw (and -unixpw_nis only if x11vnc + is running as root), then the cmd= command is run + as the user who just authenticated via the login and + password prompt. + + In the case of -unixpw_cmd, the commands will also be + run as the logged-in user, as long as the user-supplied + helper program supports RFB_UNIXPW_CMD_RUN (see the + -unixpw_cmd option.) Also in the case of -unixpw, the user logging in can place a colon at the end of her username and supply a few options: scale=, scale_cursor= (or sc=), solid - (or so), id=, clear_mods (or cm), clear_keys (or ck), - repeat, speeds= (or sp=), readtimeout= (or rd=), - rotate= (or ro=), or noncache (or nc), all separated by - commas if there is more than one. After the user logs - in successfully, these options will be applied to the - VNC screen. For example, + (or so), id=, clear_mods (or cm), clear_keys (or + ck), clear_all (or ca), repeat, speeds= (or sp=), + readtimeout= (or rd=), viewonly (or vo), nodisplay= + (or nd=), rotate= (or ro=), or noncache (or nc), + all separated by commas if there is more than one. + After the user logs in successfully, these options will + be applied to the VNC screen. For example, login: fred:scale=3/4,sc=1,repeat Password: ... @@ -13786,6 +14261,9 @@ your long "login:" line press the Up arrow once (before typing anything else). + In the login panel, press F1 to get a list of the + available options that you can add after the username. + Another option is "geom=WxH" or "geom=WxHxD" (or ge=). This only has an effect in FINDCREATEDISPLAY mode when a virtual X server such as Xvfb is going @@ -13797,6 +14275,12 @@ (same as "xterm") to have the created display use that mode for the user session. + Specify "tag=..." to set the unique FD_TAG desktop + session tag described below. Note: this option will + be ignored if the FD_TAG env. var. is already set or + if the viewer-side supplied value is not completely + composed of alphanumeric or '_' or '-' characters. + To disable the option setting set the environment variable X11VNC_NO_UNIXPW_OPTS=1 before starting x11vnc. To set any other options, the user can use the gui @@ -13842,6 +14326,12 @@ for how to disable this for dtgreet on Solaris and possibly for other greeters. + In -find/cmd=FINDDISPLAY mode, if you set FD_XDM=1, + e.g. 'x11vnc -env FD_XDM=1 -find ...' and x11vnc is + running as root (e.g. inetd) then it will try to find + the XAUTHORITY file of a running XDM/GDM/KDM login + greeter (i.e. no user has logged into an X session yet.) + As another special case, WAIT:cmd=HTTPONCE will allow x11vnc to service one http request and then exit. This is usually done in -inetd mode to run on, say, @@ -13861,7 +14351,9 @@ ignore in the finding process. The ":" is optional. Ranges n-m e.g. 0-20 can also be supplied. This string can also be set by the connecting user via "nd=" - using "+" instead of "," + using "+" instead of "," If "nd=all" or you set + X11VNC_SKIP_DISPLAY=all then all display finding fails + as if you set X11VNC_FINDDISPLAY_ALWAYS_FAILS=1 (below.) Automatic Creation of User X Sessions: @@ -13877,8 +14369,8 @@ It will start looking for an open display number at :20 Override via X11VNC_CREATE_STARTING_DISPLAY_NUMBER=n - By default FINDCREATEDISPLAY will try Xdummy and then - Xvfb: + By default FINDCREATEDISPLAY will try Xvfb and then + Xdummy: The Xdummy wrapper is part of the x11vnc source code (x11vnc/misc/Xdummy) It should be available in PATH and @@ -13917,6 +14409,8 @@ If for some reason you do not want x11vnc to ever try to find an existing display set the env. var X11VNC_FINDDISPLAY_ALWAYS_FAILS=1 (also -env ...) + This is the same as setting X11VNC_SKIP_DISPLAY=all or + supplying "nd=all" after "username:" Use WAIT:cmd=FINDCREATEDISPLAY-print to print out the script that is used for this. @@ -13945,12 +14439,15 @@ be the full path to the session/windowmanager program. More FD tricks: FD_CUPS=port or FD_CUPS=host:port - will set the cups printing environment. Similarly - for FD_ESD=port or FD_ESD=host:port for esddsp sound - redirection. FD_XDUMMY_NOROOT means the Xdummy server - does not need to be started as root (e.g. it will sudo - automatically). Set FD_EXTRA to a command to be run - a few seconds after the X server starts up. + will set the cups printing environment. Similarly for + FD_ESD=port or FD_ESD=host:port for esddsp sound + redirection. FD_XDUMMY_NOROOT means the Xdummy + server does not need to be started as root (e.g. it + will sudo automatically). Set FD_EXTRA to a command + to be run a few seconds after the X server starts up. + Set FD_TAG to be a unique name for the session, it is + set as an X property, that makes FINDDISPLAY only find + sessions with that tag value. If you want the FINDCREATEDISPLAY session to contact an XDMCP login manager (xdm/gdm/kdm) on the same machine, @@ -14030,8 +14527,9 @@ Otherwise in -unixpw mode the normal login panel is provided. - You *MUST* supply the -ssl option for VeNCrypt to be - active. This option only fine-tunes its operation. + You *MUST* supply the -ssl option for VeNCrypt to + be active. The -vencrypt option only fine-tunes its + operation. -anontls mode The ANONTLS extension to the VNC protocol allows encrypted SSL/TLS connections. If the -ssl mode is @@ -14066,8 +14564,9 @@ Long example: -anontls newdh:plain:support - You *MUST* supply the -ssl option for ANONTLS to be - active. This option only fine-tunes its operation. + You *MUST* supply the -ssl option for ANONTLS to + be active. The -anontls option only fine-tunes its + operation. -sslonly Same as: "-vencrypt never -anontls never" i.e. it disables the VeNCrypt and ANONTLS encryption methods @@ -14091,16 +14590,17 @@ -ssl [pem] Use the openssl library (www.openssl.org) to provide a built-in encrypted SSL/TLS tunnel between VNC viewers - and x11vnc. This requires libssl support to be compiled - into x11vnc at build time. If x11vnc is not built - with libssl support it will exit immediately when -ssl - is prescribed. + and x11vnc. This requires libssl support to be + compiled into x11vnc at build time. If x11vnc is not + built with libssl support it will exit immediately when + -ssl is prescribed. See the -stunnel option below for + an alternative. The VNC Viewer-side needs to support SSL/TLS as well. See this URL and also the discussion below for ideas on how to enable SSL support for the viewer: http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tun - nel-viewers x11vnc provides an SSL enabled Java + nel-viewers . x11vnc provides an SSL enabled Java viewer applet in the classes/ssl directory (-http or -httpdir options.) The SSVNC viewer package supports SSL tunnels too. @@ -14185,11 +14685,16 @@ Thus only passive network sniffing attacks are avoided: the "ANON" method is susceptible to Man-In-The-Middle attacks. "ANON" is not recommended; instead use - a SSL PEM you created or the defaut "SAVE" method. + a SSL PEM you created or the default "SAVE" method. See -ssldir below to use a directory besides the default ~/.vnc/certs + If your x11vnc binary was not compiled with OpenSSL + library support, use of the -ssl option will induce an + immediate failure and exit. For such binaries, consider + using the -stunnel option for SSL encrypted connections. + Misc Info: In temporary cert creation mode "TMP", set the env. var. X11VNC_SHOW_TMP_PEM=1 to have x11vnc print out the entire certificate, including the PRIVATE KEY @@ -14203,7 +14708,7 @@ Set to zero to poll forever. Set to a negative value to use the builtin setting. - Note that this value does not apply to the *initial* ssl + Note that this value does NOT apply to the *initial* ssl init connection. The default timeout for that is 20sec. Use -env SSL_INIT_TIMEOUT=n to modify it. @@ -14292,7 +14797,7 @@ NOTE: the following utilities, -sslGenCA, -sslGenCert, - -sslEncKey, and -sslCertInfo are provided for + -sslEncKey, -sslCertInfo, and -sslCRL are provided for completeness, but for casual usage they are overkill. They provide VNC Certificate Authority (CA) key creation @@ -14343,8 +14848,9 @@ the ss_vncviewer example script in the FAQ and SSVNC.) -sslCRL path Set the Certificate Revocation Lists (CRL) to "path". + This setting applies for both -ssl and -stunnel modes. - If path is a file, the file contains one more more CRLs + If path is a file, the file contains one or more CRLs in PEM format. If path is a directory, it contains hash named files of CRLs in the usual OpenSSL manner. See the OpenSSL and stunnel(8) documentation for @@ -14356,6 +14862,10 @@ The -sslCRL setting will be ignored when -sslverify is not specified. + Note that if a CRL's expiration date has passed, all + SSL connections will fail regardless of if they are + related to the subject of the CRL or not. + Only rarely will one's x11vnc -ssl infrastructure be so large that this option would be useful (since normally maintaining the contents of the -sslverify file or @@ -14467,11 +14977,13 @@ Similar to -sslGenCA, you will be prompted to fill in some information that will be recorded in the - certificate when it is created. Tip: if you know - the fully-qualified hostname other people will be - connecting to you can use that as the CommonName "CN" - to avoid some applications (e.g. web browsers and java - plugin) complaining it does not match the hostname. + certificate when it is created. + + Tip: if you know the fully-qualified hostname other + people will be connecting to, you can use that as the + CommonName "CN" to avoid some applications (e.g. web + browsers and java plugin) complaining that it does not + match the hostname. You will also need to supply the CA private key passphrase to unlock the private key created from @@ -14495,14 +15007,14 @@ the cert and private key. The .crt contains the certificate only. - NOTE: It is very important to know one should always + NOTE: It is very important to know one should generate new keys with a passphrase. Otherwise if an untrusted user steals the key file he could use it to masquerade as the x11vnc server (or VNC viewer client). You will be prompted whether to encrypt the key with a passphrase or not. It is recommended that you do. One inconvenience to a passphrase is that it must - be suppled every time x11vnc or the client app is + be typed in EVERY time x11vnc or the client app is started up. Examples: @@ -14598,16 +15110,30 @@ This external tunnel method was implemented prior to the integrated -ssl encryption described above. It still - works well. This requires stunnel to be installed - on the system and available via PATH (n.b. stunnel is - often installed in sbin directories). Version 4.x of - stunnel is assumed (but see -stunnel3 below.) + works well and avoids the requirement of linking with + the OpenSSL libraries. This mode requires stunnel + to be installed on the system and available via PATH + (n.b. stunnel is often installed in sbin directories). + Version 4.x of stunnel is assumed (but see -stunnel3 + below.) [pem] is optional, use "-stunnel /path/to/stunnel.pem" to specify a PEM certificate file to pass to stunnel. - Whether one is needed or not depends on your stunnel - configuration. stunnel often generates one at install - time. See the stunnel documentation for details. + See the -ssl option for more info on certificate files. + + Whether or not your stunnel has its own certificate + depends on your stunnel configuration; stunnel often + generates one at install time. See your stunnel + documentation for details. In any event, if you want to + use this certificate you must supply the full path to it + as [pem]. Note: the file may only be readable by root. + + [pem] may also be the special strings "TMP", "SAVE", + and "SAVE..." as described in the -ssl option. + If [pem] is not supplied, "SAVE" is assumed. + + Note that the VeNCrypt, ANONTLS, and "ANON" modes + are not supported in -stunnel mode. stunnel is started up as a child process of x11vnc and any SSL connections stunnel receives are decrypted and @@ -14615,22 +15141,37 @@ "The SSL VNC desktop is ..." and "SSLPORT=..." are printed out at startup to indicate this. - The -localhost option is enforced by default - to avoid people routing around the SSL channel. - Set STUNNEL_DISABLE_LOCALHOST=1 before starting x11vnc - to disable the requirement. - - Your VNC viewer will also need to be able to connect via - SSL. Unfortunately not too many do this. UltraVNC has - an encryption plugin but it does not seem to be SSL. - - Also, in the x11vnc distribution, a patched TightVNC - Java applet is provided in classes/ssl that does SSL - connections (only). - - It is also not too difficult to set up an stunnel or - other SSL tunnel on the viewer side. A simple example - on Unix using stunnel 3.x is: + The -localhost option is enforced by default to avoid + people routing around the SSL channel. Use -env + STUNNEL_DISABLE_LOCALHOST=1 to disable this security + requirement. + + Set -env STUNNEL_DEBUG=1 for more debugging printout. + + Your VNC viewer will also need to be able to connect + via SSL. Unfortunately not too many do this. See the + information about SSL viewers under the -ssl option. + + Also, in the x11vnc distribution, patched TightVNC + and UltraVNC Java applet jar files are provided in + the classes/ssl directory that do SSL connections. + Enable serving them with the -http, -http_ssl, -https, + or -httpdir (see the option descriptions for more info.) + + Note that for the Java viewer applet usage the + "?PORT=xxxx" in the various URLs printed at startup + will need to be supplied to the web browser to connect + properly. + + Currently the automatic "single port" HTTPS mode of + -ssl is not fully supported in -stunnel mode. However, + it can be emulated via: + + % x11vnc -stunnel -http_ssl -http_oneport ... + + In general, it is also not too difficult to set up + an stunnel or other SSL tunnel on the viewer side. + A simple example on Unix using stunnel 3.x is: % stunnel -c -d localhost:5901 -r remotehost:5900 % vncviewer localhost:1 @@ -14640,7 +15181,8 @@ and SSVNC for more examples. -stunnel3 [pem] Use version 3.x stunnel command line syntax instead of - version 4.x + version 4.x. The -http/-httpdir Java applet serving + is currently not available in this mode. -enc cipher:keyfile Use symmetric encryption with cipher "cipher" and secret key data in "keyfile". If keyfile is @@ -14659,7 +15201,7 @@ Note that this mode will NOT work with the UltraVNC DSM plugins because they alter the RFB protocol in addition to tunnelling with the symmetric cipher (an unfortunate - choice of implementation). + choice of implementation...) cipher can be one of: arc4, aesv2, aes-cfb, blowfish, aes256, or 3des. See the OpenSSL documentation for @@ -14732,9 +15274,9 @@ For both ways of using the viewer, you can specify the salt,ivec sizes (in GUI or, e.g. arc4@8,16). --https [port] Use a special, separate HTTPS port (-ssl mode only) - for HTTPS Java viewer applet downloading. I.e. not 5900 - and not 5800 (the defaults.) +-https [port] Use a special, separate HTTPS port (-ssl and + -stunnel modes only) for HTTPS Java viewer applet + downloading. I.e. not 5900 and not 5800 (the defaults.) BACKGROUND: In -ssl mode, it turns out you can use the single VNC port (e.g. 5900) for both VNC and HTTPS @@ -14754,6 +15296,8 @@ or VNC Viewer applet. That's right 3 separate "Are you sure you want to connect?" dialogs!) + END OF BACKGROUND. + USAGE: So use the -https option to provide a separate, more reliable HTTPS port that x11vnc will listen on. If [port] is not provided (or is 0), one is autoselected. @@ -14787,7 +15331,23 @@ to include the PORT= in the browser URL, simply supply "-httpsredir" to x11vnc. --http_oneport For un-encrypted connections mode (i.e. no -ssl, + This option does not work in -stunnel mode. + + More tricks: set the env var X11VNC_EXTRA_HTTPS_PARAMS + to be extra URL parameters to use. This way you do + not need to specify extra PARAMS in the index.vnc file. + E.g. x11vnc -env X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' ... + + If you do not want to expose the non-SSL HTTP port to + the network (i.e. you just want the single VNC/HTTPS + port, e.g. 5900, open for connections) then specify the + option -env X11VNC_HTTP_LISTEN_LOCALHOST=1 This way + the connection to the libvncserver httpd server will + only be available on localhost (note that in -ssl mode, + HTTPS requests are redirected from SSL to the non-SSL + libvncserver HTTP server.) + +-http_oneport For UN-encrypted connections mode (i.e. no -ssl, -stunnel, or -enc options), allow the Java VNC Viewer applet to be downloaded thru the VNC port via HTTP. @@ -14817,6 +15377,10 @@ mode when using an SSH tunnel as well as for router port redirections. + Note that the -env X11VNC_HTTP_LISTEN_LOCALHOST=1 + option described above under -httpsredir applies for + the libvncserver httpd server in all cases (ssl or not.) + -ssh user@host:disp Create a remote listening port on machine "host" via a SSH tunnel using the -R rport:localhost:lport method. lport will be the local x11vnc listening port, @@ -15105,15 +15669,20 @@ e.g. "darkblue" or numerical "#RRGGBB"). Currently this option only works on GNOME, KDE, CDE, - and classic X (i.e. with the background image on the - root window). The "gconftool-2" and "dcop" external - commands are run for GNOME and KDE respectively. - Other desktops won't work, e.g. Xfce (send us the - corresponding commands if you find them). If x11vnc is - running as root (inetd(8) or gdm(1)), the -users option - may be needed for GNOME and KDE. If x11vnc guesses - your desktop incorrectly, you can force it by prefixing - color with "gnome:", "kde:", "cde:" or "root:". + XFCE, and classic X (i.e. with the background image + on the root window). The "gconftool-2", "dcop" + and "xfconf-query" external commands are run for + GNOME, KDE, and XFCE respectively. This also works + on native MacOSX. (There is no color selection for + MacOSX or XFCE.) Other desktops won't work, (send + us the corresponding commands if you find them). + If x11vnc is running as root (inetd(8) or gdm(1)), + the -users option may be needed for GNOME, KDE, XFCE. + If x11vnc guesses your desktop incorrectly, you can + force it by prefixing color with "gnome:", "kde:", + "cde:", "xfce:", or "root:". + + Update: -solid no longer works on KDE4. This mode works in a limited way on the Mac OS X Console with one color ('kelp') using the screensaver writing @@ -15260,7 +15829,13 @@ "debug crash shell" when fatal errors are trapped. -q, -quiet Be quiet by printing less informational output to - stderr. + stderr. (use -noquiet to undo an earlier -quiet.) + + The -quiet option does not eliminate all informational + output, it only reduces it. It is ignored in most + auxiliary usage modes, e.g. -storepasswd. To eliminate + all output use: 2>/dev/null 1>&2, etc. + -v, -verbose Print out more information to stderr. -bg Go into the background after screen setup. Messages to @@ -15567,6 +16142,15 @@ -noxfixes Do not use the XFIXES extension to draw the exact cursor shape even if it is available. + + Note: To work around a crash in Xorg 1.5 and later + some people needed to use -noxfixes. The Xorg crash + occurred right after a Display Manager (e.g. GDM) login. + Starting with x11vnc 0.9.9 it tries to automatically + avoid using XFIXES until it is sure a window manager + is running. See the -reopen option for more info and + how to use X11VNC_AVOID_WINDOWS=never to disable it. + -alphacut n When using the XFIXES extension for the cursor shape, cursors with transparency will not usually be displayed exactly (but opaque ones will). This option sets n as @@ -15637,6 +16221,12 @@ -buttonmap currently does not work on MacOSX console or in -rawfb mode. + Workaround: use -buttonmap IJ...-LM...=n to limit the + number of mouse buttons to n, e.g. 123-123=3. This will + prevent x11vnc from crashing if the X server reports + there are 5 buttons (4/5 scroll wheel), but there are + only really 3. + -nodragging Do not update the display during mouse dragging events (mouse button held down). Greatly improves response on slow setups, but you lose all visual feedback for drags, @@ -15647,7 +16237,7 @@ (an integer) times that of the full display is allocated below the actual framebuffer to cache screen contents for rapid retrieval. So a W x H frambuffer is expanded - to a W x (n+1)*H one. Use 0 to disable. Default: XXX. + to a W x (n+1)*H one. Use 0 to disable. The "n" is actually optional, the default is 10. @@ -15655,13 +16245,17 @@ abbreviate "-ncache" with "-nc". Also, "-nonc" is the same as "-ncache 0" - This is an experimental option, currently implemented - in an awkward way in that in the VNC Viewer you can - see the cache contents if you scroll down, etc. So you + This is an experimental option, currently implemented in + an awkward way in that in the VNC Viewer you can see the + pixel cache contents if you scroll down, etc. So you will have to set things up so you can't see that region. If this method is successful, the changes required for clients to do this less awkwardly will be investigated. + The SSVNC viewer does a good job at automatically hiding + the pixel cache region. Or use SSVNC's -ycrop option + to explicitly hide the region. + Note that this mode consumes a huge amount of memory, both on the x11vnc server side and on the VNC Viewer side. If n=2 then the amount of RAM used is roughly @@ -16171,10 +16765,21 @@ Same as -dp and -dk, respectively. Use multiple times for more output. --defer time Time in ms to wait for updates before sending to client +-defer time Time in ms to delay sending updates to connected clients (deferUpdateTime) Default: 20 + -wait time Time in ms to pause between screen polls. Used to cut down on load. Default: 20 + +-extra_fbur n Perform extra FrameBufferUpdateRequests checks to + try to be in better sync with the client's requests. + What this does is perform extra polls of the client + socket at critical times (before '-defer' and '-wait' + calls.) The default is n=1. Set to a larger number to + insert more checks or set to n=0 to disable. A downside + of these extra calls is that more mouse input may be + processed than desired. + -wait_ui factor Factor by which to cut the -wait time if there has been recent user input (pointer or keyboard). Improves response, but increases the load whenever you @@ -16208,12 +16813,12 @@ Default: take naps -sb time Time in seconds after NO activity (e.g. screen blank) to really throttle down the screen polls (i.e. sleep - for about 1.5 secs). Use 0 to disable. Default: 20 + for about 1.5 secs). Use 0 to disable. Default: 60 -readtimeout n Set libvncserver rfbMaxClientWait to n seconds. On slow links that take a long time to paint the first screen libvncserver may hit the timeout and drop the - connection. Default: 60 seconds. + connection. Default: 20 seconds. -ping n Send a 1x1 framebuffer update to all clients every n seconds (e.g. to try to keep a network connection alive) @@ -16357,10 +16962,7 @@ for output) are created to handle each new client. Default: -nothreads. - NOTE: The -threads mode may be disabled due to its - unstable behavior. If it is disabled, a warning is - printed out. Stability has been improved in version - 0.9.8 and so the feature has been re-enabled. + Thread stability is much improved in version 0.9.8. Multiple clients in threaded mode should be stable for the ZRLE encoding on all platforms. The Tight and @@ -16368,9 +16970,15 @@ multiple clients. Compile with -DTLS=__thread if your OS and compiler and linker support it. + For resizes (randr, etc.) set this env. var. to the numb +er + of milliseconds to sleep: X11VNC_THREADS_NEW_FB_SLEEP + at various places in the do_new_fb() action. This is to + let various activities settle. Default is about 500ms. + Multiple clients in threaded mode could yield better - performance for 'class-room' broadcasting usage. - See also the -reflect option. + performance for 'class-room' broadcasting usage; also in + -appshare broadcast mode. See also the -reflect option. -fs f If the fraction of changed tiles in a poll is greater than f, the whole screen is updated. Default: 0.75 @@ -16986,6 +17594,28 @@ x11vnc server as long as X permissions, etc. permit communication between the two. + FONTS: On some systems the tk fonts can be too small, + jagged, or otherwise unreadable. There are 4 env vars + you can set to be the tk font you prefer: + + X11VNC_FONT_BOLD main font for menus and buttons. + X11VNC_FONT_FIXED font for fixed width text. + + X11VNC_FONT_BOLD_SMALL tray icon font. + X11VNC_FONT_REG_SMALL tray icon menu font. + + The last two only apply for the tray icon mode. + + Here are some examples: + + -env X11VNC_FONT_BOLD='Helvetica -16 bold' + -env X11VNC_FONT_FIXED='Courier -14' + -env X11VNC_FONT_REG_SMALL='Helvetica -12' + + You can put the lines like the above (without the + quotes) in your ~/.x11vncrc file to avoid having to + specify them on the x11vnc command line. + -remote command Remotely control some aspects of an already running x11vnc server. "-R" and "-r" are aliases for "-remote". After the remote control command is @@ -17009,12 +17639,34 @@ 'x11vnc -R shared' will enable shared connections, and 'x11vnc -R scale:3/4' will rescale the desktop. + To use a different name for the X11 property (e.g. to + have separate communication channels for multiple + x11vnc's on the same display) set the X11VNC_REMOTE + environment variable to the string you want, for + example: -env X11VNC_REMOTE=X11VNC_REMOTE_12345 + Both sides of the channel must use the same unique name. + + To run a bunch of commands in a sequence use something + like: x11vnc -R 'script:firstcmd;secondcmd;...' + + Use x11vnc -R script:file=/path/to/file to read commands + from a file (can be multi-line and use the comment '#' + character in the normal way. The ';' separator must + still be used to separate each command.) + + To not try to contact another x11vnc process and instead + just run the command (or query) directly, prefix the + command with the string "DIRECT:" + The following -remote/-R commands are supported: stop terminate the server, same as "quit" "exit" or "shutdown". ping see if the x11vnc server responds. - Return is: ans=ping: + return is: ans=ping: + ping:mystring as above, but use your own unique string +. + return is: ans=ping:mystring: blacken try to push a black fb update to all clients (due to timings a client could miss it). Same as "zero", also @@ -17024,6 +17676,12 @@ id:windowid set -id window to "windowid". empty or "root" to go back to root window sid:windowid set -sid window to "windowid" + id_cmd:cmd cmds: raise, lower, map, unmap, iconify, + move:dXdY, resize:dWdH, geom:WxH+X+Y. dX + dY, dW, and dH must have a leading "+" + or "-" e.g.: move:-30+10 resize:+20+35 + also: wm_delete, wm_name:string and + icon_name:string. Also id_cmd:win=N:cmd waitmapped wait until subwin is mapped. nowaitmapped do not wait until subwin is mapped. clip:WxH+X+Y set -clip mode to "WxH+X+Y" @@ -17103,6 +17761,7 @@ nograbptr disable -grabptr mode. grabalways enable -grabalways mode. nograbalways disable -grabalways mode. + grablocal:n set -grablocal to n. client_input:str set the K, M, B -input on a per-client basis. select which client as for disconnect, e.g. client_input:host:MB @@ -17185,6 +17844,9 @@ nosetclipboard enable -nosetclipboard mode. setclipboard disable -nosetclipboard mode. seldir:str set -seldir to "str" + resend_cutbuffer resend the most recent CUTBUFFER0 copy + resend_clipboard resend the most recent CLIPBOARD copy + resend_primary resend the most recent PRIMARY copy cursor:mode enable -cursor "mode". show_cursor enable showing a cursor. noshow_cursor disable showing a cursor. (same as @@ -17259,8 +17921,26 @@ nodebug_pointer disable -debug_pointer, same as "nodp" debug_keyboard enable -debug_keyboard, same as "dk" nodebug_keyboard disable -debug_keyboard, same as "nodk" + keycode:n inject keystroke 'keycode' (xmodmap -pk) + keycode:n,down inject 'keycode' (down=0,1) + keysym:str inject keystroke 'keysym' (number/name) + keysym:str,down inject 'keysym' (down=0,1) + ptr:x,y,mask inject pointer event x, y, button-mask + fakebuttonevent:button,down direct XTestFakeButtonEvent. + sleep:t sleep floating point time t. + get_xprop:p get X property named 'p'. + set_xprop:p:val set X property named 'p' to 'val'. + p -> id=NNN:p for hex/dec window id. + wininfo:id get info about X window id. use 'root' + for root window, use +id for children. + grab_state get state of pointer and keyboard grab. + pointer_pos print XQueryPointer x,y cursor position. + mouse_x print x11vnc's idea of cursor position. + mouse_y print x11vnc's idea of cursor position. + noop do nothing. defer:n set -defer to n ms,same as deferupdate:n wait:n set -wait to n ms. + extra_fbur:n set -extra_fbur to n. wait_ui:f set -wait_ui factor to f. setdefer:n set -setdefer to -2,-1,0,1, or 2. wait_bog disable -nowait_bog mode. @@ -17299,6 +17979,7 @@ nosnapfb disable -snapfb mode. rawfb:str set -rawfb mode to "str". uinput_accel:f set uinput_accel to f. + uinput_thresh:n set uinput_thresh to n. uinput_reset:n set uinput_reset to n ms. uinput_always:n set uinput_always to 1/0. progressive:n set libvncserver -progressive slice @@ -17317,7 +17998,9 @@ macresize disable -macnoresize mode. maciconanim:n set -maciconanim to n. macmenu enable -macmenu mode. - macnomenu disable -macnmenu mode. + macnomenu disable -macmenu mode. + macuskbd enable -macuskbd mode. + macnouskbd disable -macuskbd mode. httpport:n set -httpport to n. httpdir:dir set -httpdir to dir (and enable http). enablehttpproxy enable -enablehttpproxy mode. @@ -17353,6 +18036,100 @@ noremote disable the -remote command processing, it cannot be turned back on. + bcx_xattach:str This remote control command is for + use with the BARCO xattach program or the x2x program. + Both of these programs are for 'pointer and keyboard' + sharing between separate X displays. In general the + two displays are usually nearby, e.g. on the same desk, + and this allows the user to share a single pointer and + keyboard between them. The user moves the mouse to + an edge and then the mouse pointer appears to 'jump' + to the other display screen. Thus it emulates what a + single X server would do for two screens (e.g. :0.0 and + :0.1) The illusion of a single Xserver with multiple + screens is achieved by forwarding events to the 2nd + one via the XTEST extension. + + What the x11vnc bcx_xattach command does is to perform + some pointer movements to try to INDUCE xattach/x2x + to 'jump' to the other display. In what follows the + 'master' display refers to the one that when it has + 'focus' it is basically doing nothing besides watching + for the mouse to go over an edge. The 'slave' + display refers to the one to which the mouse and + keyboard is redirected to once an edge in the master + has been crossed. Note that the x11vnc executing the + bcx_xattach command MUST be the one connected to the + *master* display. + + Also note that when input is being redirected (via + XTEST) from the master display to the slave display, + the master display's pointer and keyboard are *grabbed* + by xattach/x2x. x11vnc can use this info to verify that + the master/slave mode change has taken place correctly. + If you specify the "ifneeded" option (see below) + and the initial grab state is that of the desired + final state, then no pointer movements are injected + and "DONE,GRAB_OK" is returned. + + "str" must contain one of "up", "down", "left", + or "right" to indicate the direction of the 'jump'. + "str" must also contain one of "master_to_slave" + or "slave_to_master" to indicate the type of mode + change induced by the jump. Use "M2S" and "S2M" + as shorter aliases. + + "str" may be a "+" separated list of additional + tuning options. The "shift=n" option indicates an + offset shift position away from (0,0) (default 20). + "final=x+y" specifies the final position of the cursor + at the end of the normal move sequence; default 30+30. + "extra_move=x+y" means to do one more pointer move + after "final" to x+y. "dt=n" sets the sleep time + in milliseconds between pointer moves (default: 40ms) + "retry=n" specifies the maximum number of retries if + the grab state change fails. "ifneeded" means to not + apply the pointer movements if the initial grab state is + that of the desired final state. "nograbcheck" means + to not check if the grab state changed as expected and + only apply the pointer movements (default is to check + the grab states.) + + If you do not specify "up", etc., to bcx_xattach + nothing will be attempted and the command returns + the string FAIL,NO_DIRECTION_SPECIFIED. If you do + not specify "master_to_slave" or "M2S", etc., to + bcx_xattach nothing will be attempted and the command + returns the string FAIL,NO_MODE_CHANGE_SPECIFIED. + + Otherwise, the returned string will contain "DONE". + It will be "DONE,GRAB_OK" if the grab state changed + as expected (or if "ifneeded" was supplied and + the initial grab state was already the desired + one.) If the initial grab state was incorrect, + but the final grab state was correct then it is + "DONE,GRAB_FAIL_INIT". If the initial grab state + was correct, but the final grab state was incorrect + then it is "DONE,GRAB_FAIL_FINAL". If both are + incorrect it will be "DONE,GRAB_FAIL". Under grab + failure the string will be followed by ":p1,k1-p2,k2" + where p1,k1 indicates the initial pointer and keyboard + grab states and p2,k2 the final ones. If GRAB_FAIL or + GRAB_FAIL_FINAL occurs, the action will be retried up + to 3 times; trying to reset the state and sleeping a + bit between each try. Set retry=n to adjust the number + of retries, zero to disable retries. + + Examples: + -R bcx_xattach:down+M2S + -R bcx_xattach:up+S2M + -R bcx_xattach:up+S2M+nograbcheck+dt=30 + -R bcx_xattach:down+M2S+extra_move=100+100 + + or use -Q instead of -R to retrieve the result text. + + End of the bcx_xattach:str description. + The vncconnect(1) command from standard VNC distributions may also be used if string is prefixed with "cmd=" E.g. 'vncconnect cmd=stop'. Under some @@ -17381,8 +18158,9 @@ query straight to the X11VNC_REMOTE property or connect file use "qry=..." instead of "cmd=..." - ans= stop quit exit shutdown ping blacken zero - refresh reset close disconnect id sid waitmapped + ans= stop quit exit shutdown ping resend_cutbuffer + resend_clipboard resend_primary blacken zero refresh + reset close disconnect id_cmd id sid waitmapped nowaitmapped clip flashcmap noflashcmap shiftcmap truecolor notruecolor overlay nooverlay overlay_cursor overlay_yescursor nooverlay_nocursor nooverlay_cursor @@ -17392,7 +18170,7 @@ once timeout tightfilexfer notightfilexfer ultrafilexfer noultrafilexfer rfbversion deny lock nodeny unlock avahi mdns zeroconf noavahi nomdns nozeroconf connect - proxy allowonce allow localhost nolocalhost listen + proxy allowonce allow localhost nolocalhost listen lookup nolookup accept afteraccept gone shm noshm flipbyteorder noflipbyteorder onetile noonetile solid_color solid nosolid blackout xinerama noxinerama @@ -17402,10 +18180,10 @@ sloppy_keys nosloppy_keys skip_dups noskip_dups add_keysyms noadd_keysyms clear_mods noclear_mods clear_keys noclear_keys clear_all clear_locks keystate - remap repeat norepeat fb nofb bell nobell sel nosel - primary noprimary setprimary nosetprimary clipboard - noclipboard setclipboard nosetclipboard seldir - cursorshape nocursorshape cursorpos nocursorpos + remap repeat norepeat fb nofb bell nobell sendbell + sel nosel primary noprimary setprimary nosetprimary + clipboard noclipboard setclipboard nosetclipboard + seldir cursorshape nocursorshape cursorpos nocursorpos cursor_drag nocursor_drag cursor show_cursor noshow_cursor nocursor arrow xfixes noxfixes xdamage noxdamage xd_area xd_mem alphacut alphafrac alpharemove @@ -17421,16 +18199,18 @@ nowireframe nowf wireframelocal wfl nowireframelocal nowfl wirecopyrect wcr nowirecopyrect nowcr scr_area scr_skip scr_inc scr_keys scr_term scr_keyrepeat - scr_parms scrollcopyrect scr noscrollcopyrect noscr - fixscreen noxrecord xrecord reset_record pointer_mode pm - input_skip allinput noallinput input grabkbd nograbkbd - grabptr nograbptr grabalways nograbalways grablocal - client_input ssltimeout speeds wmdt debug_pointer dp - nodebug_pointer nodp debug_keyboard dk nodebug_keyboard - nodk keycode deferupdate defer setdefer wait_ui - wait_bog nowait_bog slow_fb xrefresh wait readtimeout - nap nonap sb screen_blank fbpm nofbpm dpms nodpms - clientdpms noclientdpms forcedpms noforcedpms + scr_parms scrollcopyrect scr noscrollcopyrect + noscr fixscreen noxrecord xrecord reset_record + pointer_mode pm input_skip allinput noallinput input + grabkbd nograbkbd grabptr nograbptr grabalways + nograbalways grablocal client_input ssltimeout + speeds wmdt debug_pointer dp nodebug_pointer nodp + debug_keyboard dk nodebug_keyboard nodk keycode keysym + ptr fakebuttonevent sleep get_xprop set_xprop wininfo + bcx_xattach deferupdate defer setdefer extra_fbur + wait_ui wait_bog nowait_bog slow_fb xrefresh wait + readtimeout nap nonap sb screen_blank fbpm nofbpm dpms + nodpms clientdpms noclientdpms forcedpms noforcedpms noserverdpms serverdpms noultraext ultraext chatwindow nochatwindow chaton chatoff fs gaps grow fuzz snapfb nosnapfb rawfb uinput_accel uinput_thresh uinput_reset @@ -17448,21 +18228,23 @@ macnoresize macresize nomacnoresize maciconanim macmenu macnomenu nomacmenu macuskbd nomacuskbd noremote - aro= noop display vncdisplay desktopname guess_desktop + aro= noop display vncdisplay icon_mode autoport + loop loopbg desktopname guess_desktop guess_dbus http_url auth xauth users rootshift clipshift scale_str scaled_x scaled_y scale_numer scale_denom scale_fac_x scale_fac_y scaling_blend scaling_nomult4 scaling_pad scaling_interpolate inetd privremote unsafe safer nocmds passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem sslverify stunnel stunnel_pem https httpsredir - usepw using_shm logfile o flag rc norc h help V version - lastmod bg sigpipe threads readrate netrate netlatency - pipeinput clients client_count pid ext_xtest ext_xtrap - ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay - ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons - button_mask mouse_x mouse_y bpp depth indexed_color - dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y - coff_x coff_y rfbauth passwd viewpasswd + usepw using_shm logfile o flag rmflag rc norc h help + V version lastmod bg sigpipe threads readrate netrate + netlatency pipeinput clients client_count pid ext_xtest + ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama + ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin + num_buttons button_mask mouse_x mouse_y grab_state + pointer_pos bpp depth indexed_color dpy_x dpy_y wdpy_x + wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y rfbauth + passwd viewpasswd -QD variable Just like -query variable, but returns the default value for that parameter (no running x11vnc server @@ -17482,10 +18264,47 @@ the -query request is processed in the normal way. This allows for a reliable way to see if the -remote command was processed by querying for any new settings. - Note however that there is timeout of a few seconds so - if the x11vnc takes longer than that to process the - requests the requester will think that a failure has - taken place. + Note however that there is timeout of a few seconds + (see the next paragraph) so if the x11vnc takes longer + than that to process the requests the requester will + think that a failure has taken place. + + The default is to wait 3.5 seconds. Or if cmd=stop + only 1.0 seconds. If cmd matches 'script:' then it + will wait up to 10.0 seconds. Set X11VNC_SYNC_TIMEOUT + to the number of seconds you want it to wait. + +-query_retries str If a query fails to get a response from an x11vnc + server, retry up to n times. "str" is specified as + n[:t][/match] Optionally the delay between tries may + be specified by "t" a floating point time (default + 0.5 seconds.) Note: the response is not checked for + validity or whether it corresponds to the query sent. + The query "ping:mystring" may be used to help uniquely + identify the query. Optionally, a matching string after + a "/" will be used to check the result text. Up to + n retries will take place until the matching string is + found in the output text. If the match string is never + found the program's exit code is 1; if the match is + found it exits with 0. Note that there may be stdout + printed for each retry (i.e. multiple lines printed + out to stdout.) + Example: -query_retries 4:1.5/grab_state + +-remote_prefix str Enable a remote-control communication channel for + connected VNC clients. str is a non-empty string. If a + VNC client sends rfbCutText having the prefix "str" + then the part after it is processed as though it were + sent via 'x11vnc -remote ...'. If it begins with + neither 'cmd=' nor 'qry=' then 'qry=' is assumed. + Any corresponding output text for that remote control + command is sent back to all client as rfbCutText. + The returned output is also prefixed with "str". + Example: -remote_prefix DO_THIS: + + Note that enabling -remote_prefix allows the remote + VNC viewers to run x11vnc -remote commands. Do not + use this option if they are not to be trusted. -noremote Do not process any remote control commands or queries. -yesremote Do process remote control commands or queries. @@ -17532,7 +18351,7 @@ stunnel, ssl, unixpw, WAIT, zeroconf, id, accept, afteraccept, gone, pipeinput, v4l-info, rawfb-setup, dt, gui, ssh, storepasswd, passwdfile, custom_passwd, - crash. + findauth, crash. See each option's help to learn the associated external command. Note that the -nocmds option takes precedence diff -Nru x11vnc-0.9.8/rfb/rfbclient.h x11vnc-0.9.9/rfb/rfbclient.h --- x11vnc-0.9.8/rfb/rfbclient.h 2009-05-21 15:15:11.000000000 +0100 +++ x11vnc-0.9.9/rfb/rfbclient.h 2009-12-07 14:46:15.000000000 +0000 @@ -150,6 +150,9 @@ rfbPixelFormat format; rfbServerInitMsg si; + /* listen.c */ + int listenSock; + /* sockets.c */ #define RFB_BUF_SIZE 8192 char buf[RFB_BUF_SIZE]; diff -Nru x11vnc-0.9.8/rfb/rfbconfig.h x11vnc-0.9.9/rfb/rfbconfig.h --- x11vnc-0.9.8/rfb/rfbconfig.h 2009-06-19 15:44:32.000000000 +0100 +++ x11vnc-0.9.9/rfb/rfbconfig.h 2009-12-21 05:03:12.000000000 +0000 @@ -511,7 +511,7 @@ /* Define to the full name and version of this package. */ #ifndef LIBVNCSERVER_PACKAGE_STRING -#define LIBVNCSERVER_PACKAGE_STRING "x11vnc 0.9.8" +#define LIBVNCSERVER_PACKAGE_STRING "x11vnc 0.9.9" #endif /* Define to the one symbol short name of this package. */ @@ -521,7 +521,7 @@ /* Define to the version of this package. */ #ifndef LIBVNCSERVER_PACKAGE_VERSION -#define LIBVNCSERVER_PACKAGE_VERSION "0.9.8" +#define LIBVNCSERVER_PACKAGE_VERSION "0.9.9" #endif /* The number of bytes in type char */ @@ -551,7 +551,7 @@ /* Version number of package */ #ifndef LIBVNCSERVER_VERSION -#define LIBVNCSERVER_VERSION "0.9.8" +#define LIBVNCSERVER_VERSION "0.9.9" #endif /* Disable TightVNCFileTransfer protocol */ diff -Nru x11vnc-0.9.8/rfb/rfb.h x11vnc-0.9.9/rfb/rfb.h --- x11vnc-0.9.8/rfb/rfb.h 2009-05-18 16:34:16.000000000 +0100 +++ x11vnc-0.9.9/rfb/rfb.h 2009-10-07 21:21:23.000000000 +0100 @@ -44,6 +44,7 @@ #endif #ifdef __MINGW32__ +#undef SOCKET #include #endif diff -Nru x11vnc-0.9.8/rfb/rfbint.h x11vnc-0.9.9/rfb/rfbint.h --- x11vnc-0.9.8/rfb/rfbint.h 2009-06-19 15:44:28.000000000 +0100 +++ x11vnc-0.9.9/rfb/rfbint.h 2009-12-21 05:03:08.000000000 +0000 @@ -1,7 +1,7 @@ #ifndef _RFB_RFBINT_H #define _RFB_RFBINT_H 1 #ifndef _GENERATED_STDINT_H -#define _GENERATED_STDINT_H "x11vnc 0.9.8" +#define _GENERATED_STDINT_H "x11vnc 0.9.9" /* generated using a gnu compiler version gcc (GCC) 3.3.5 (Debian 1:3.3.5-8) Copyright (C) 2003 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ #include diff -Nru x11vnc-0.9.8/rfb/rfbproto.h x11vnc-0.9.9/rfb/rfbproto.h --- x11vnc-0.9.8/rfb/rfbproto.h 2009-04-21 01:35:25.000000000 +0100 +++ x11vnc-0.9.9/rfb/rfbproto.h 2009-11-17 04:28:32.000000000 +0000 @@ -264,6 +264,18 @@ #define rfbTight 16 #define rfbUltra 17 #define rfbTLS 18 +#define rfbVeNCrypt 19 +#define rfbMSLogon 0xfffffffa + +#define rfbVeNCryptPlain 256 +#define rfbVeNCryptTLSNone 257 +#define rfbVeNCryptTLSVNC 258 +#define rfbVeNCryptTLSPlain 259 +#define rfbVeNCryptX509None 260 +#define rfbVeNCryptX509VNC 261 +#define rfbVeNCryptX509Plain 262 +#define rfbVeNCryptX509SASL 263 +#define rfbVeNCryptTLSSASL 264 /* * rfbConnFailed: For some reason the connection failed (e.g. the server diff -Nru x11vnc-0.9.8/x11vnc/appshare.c x11vnc-0.9.9/x11vnc/appshare.c --- x11vnc-0.9.8/x11vnc/appshare.c 1970-01-01 01:00:00.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/appshare.c 2009-12-21 04:58:10.000000000 +0000 @@ -0,0 +1,2116 @@ +/* + Copyright (C) 2002-2009 Karl J. Runge + All rights reserved. + +This file is part of x11vnc. + +x11vnc is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +x11vnc is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with x11vnc; if not, write to the Free Software +Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA +or see . + +In addition, as a special exception, Karl J. Runge +gives permission to link the code of its release of x11vnc with the +OpenSSL project's "OpenSSL" library (or with modified versions of it +that use the same license as the "OpenSSL" library), and distribute +the linked executables. You must obey the GNU General Public License +in all respects for all of the code used other than "OpenSSL". If you +modify this file, you may extend this exception to your version of the +file, but you are not obligated to do so. If you do not wish to do +so, delete this exception statement from your version. +*/ + +/* -- appshare.c -- */ + +#include "x11vnc.h" + +extern int pick_windowid(unsigned long *num); +extern char *get_xprop(char *prop, Window win); +extern int set_xprop(char *prop, Window win, char *value); +extern void set_env(char *name, char *value); +extern double dnow(void); + +static char *usage = +"\n" +" x11vnc -appshare: an experiment in application sharing via x11vnc.\n" +"\n" +" Usage: x11vnc -appshare -id windowid -connect viewer_host:0\n" +" x11vnc -appshare -id pick -connect viewer_host:0\n" +"\n" +" Both the -connect option and the -id (or -sid) option are required.\n" +" (However see the -control option below that can replace -connect.)\n" +"\n" +" The VNC viewer at viewer_host MUST be in 'listen' mode. This is because\n" +" a new VNC connection (and viewer window) is established for each new\n" +" toplevel window that the application creates. For example:\n" +"\n" +" vncviewer -listen 0\n" +"\n" +" The '-connect viewer_host:0' indicates the listening viewer to connect to.\n" +"\n" +" No password should be used, otherwise it will need to be typed for each\n" +" new window (or one could use vncviewer -passwd file if the viewer supports\n" +" that.) For security an SSH tunnel can be used:\n" +"\n" +" ssh -R 5500:localhost:5500 user@server_host\n" +"\n" +" (then use -connect localhost:0)\n" +"\n" +" The -id/-sid option is as in x11vnc(1). It is either a numerical window\n" +" id or the string 'pick' which will ask the user to click on an app window.\n" +" To track more than one application at the same time, list their window ids\n" +" separated by commas (see also the 'add_app' command below.)\n" +"\n" +" Additional options:\n" +"\n" +" -h, -help Print this help.\n" +" -debug Print debugging output (same as X11VNC_APPSHARE_DEBUG=1)\n" +" -showmenus Create a new viewer window even if a new window is\n" +" completely inside of an existing one. Default is to\n" +" try to not show them in a new viewer window.\n" +" -noexit Do not exit if the main app (windowid/pick) window\n" +" goes away. Default is to exit.\n" +" -display dpy X DISPLAY to use.\n" +" -trackdir dir Set tracking directory to 'dir'. x11vnc -appshare does\n" +" better if it can communicate with the x11vnc's via a\n" +" file channel. By default a dir in /tmp is used, -trackdir\n" +" specifies another directory, or use 'none' to disable.\n" +" -args 'string' Pass options 'string' to x11vnc (e.g. -scale 3/4,\n" +" -viewonly, -wait, -once, etc.)\n" +" -env VAR=VAL Set environment variables on cmdline as in x11vnc.\n" +"\n" +" -control file This is a file that one edits to manage the appshare\n" +" mode. It replaces -connect. Lines beginning with '#'\n" +" are ignored. Initially start off with all of the\n" +" desired clients in the file, one per line. If you add\n" +" a new client-line, that client is connected to. If you\n" +" delete (or comment out) a client-line, that client is\n" +" disconnected (for this to work, do not disable trackdir.)\n" +"\n" +" You can also put cmd= lines in the control file to perform\n" +" different actions. These are supported:\n" +"\n" +" cmd=quit Disconnect all clients and exit.\n" +" cmd=restart Restart all of the x11vnc's.\n" +" cmd=noop Do nothing (e.g. ping)\n" +" cmd=x11vnc Run ps(1) looking for x11vnc's\n" +" cmd=help Print out help text.\n" +" cmd=add_window:win Add a window to be watched.\n" +" cmd=del_window:win Delete a window.\n" +" cmd=add_app:win Add an application to be watched.\n" +" cmd=del_app:win Delete an application.\n" +" cmd=add_client:host Add client ('internal' mode only)\n" +" cmd=del_client:host Del client ('internal' mode only)\n" +" cmd=list_windows List all tracked windows.\n" +" cmd=list_apps List all tracked applications.\n" +" cmd=list_clients List all connected clients.\n" +" cmd=list_all List all three.\n" +" cmd=print_logs Print out the x11vnc logfiles.\n" +" cmd=debug:n Set -debug to n (0 or 1).\n" +" cmd=showmenus:n Set -showmenus to n (0 or 1).\n" +" cmd=noexit:n Set -noexit to n (0 or 1).\n" +"\n" +" See the '-command internal' mode described below for a way\n" +" that tracks connected clients internally (not in a file.)\n" +"\n" +" In '-shell' mode (see below) you can type in the above\n" +" without the leading 'cmd='.\n" +"\n" +" For 'add_window' and 'del_window' the 'win' can be a\n" +" numerical window id or 'pick'. Same for 'add_app'. Be\n" +" sure to remove or comment out the add/del line quickly\n" +" (e.g. before picking) or it will be re-run the next time\n" +" the file is processed.\n" +"\n" +" If a file with the same name as the control file but\n" +" ending with suffix '.cmd' is found, then commands in it\n" +" (cmd=...) are processed and then the file is truncated.\n" +" This allows 'one time' command actions to be run. Any\n" +" client hostnames in the '.cmd' file are ignored. Also\n" +" see below for the X11VNC_APPSHARE_COMMAND X property\n" +" which is similar to '.cmd'\n" +"\n" +" -control internal Manage connected clients internally, see below.\n" +" -control shell Same as: -shell -control internal\n" +"\n" +" -delay secs Maximum timeout delay before re-checking the control file.\n" +" It can be a fraction, e.g. -delay 0.25 Default 0.5\n" +"\n" +" -shell Simple command line for '-control internal' mode (see the\n" +" details of this mode below.) Enter '?' for command list.\n" +"\n" +" To stop x11vnc -appshare press Ctrl-C, or (if -noexit not supplied) delete\n" +" the initial app window or exit the application. Or cmd=quit in -control mode.\n" +"\n" +#if 0 +" If you want your setup to survive periods of time where there are no clients\n" +" connected you will need to supply -args '-forever' otherwise the x11vnc's\n" +" will exit when the last client disconnects. Howerver, _starting_ with no\n" +" clients (e.g. empty control file) will work without -args '-forever'.\n" +"\n" +#endif +" In addition to the '.cmd' file channel, for faster response you can set\n" +" X11VNC_APPSHARE_COMMAND X property on the root window to the string that\n" +" would go into the '.cmd' file. For example:\n" +"\n" +" xprop -root -f X11VNC_APPSHARE_COMMAND 8s -set X11VNC_APPSHARE_COMMAND cmd=quit\n" +"\n" +" The property value will be set to 'DONE' after the command(s) is processed.\n" +"\n" +" If -control file is specified as 'internal' then no control file is used\n" +" and client tracking is done internally. You must add and delete clients\n" +" with the cmd=add_client: and cmd=del_client: commands.\n" +" Note that '-control internal' is required for '-shell' mode. Using\n" +" '-control shell' implies internal mode and -shell.\n" +"\n" +" Limitations:\n" +"\n" +" This is a quick lash-up, many things will not work properly.\n" +"\n" +" The main idea is to provide simple application sharing for two or more\n" +" parties to collaborate without needing to share the entire desktop. It\n" +" provides an improvement over -id/-sid that only shows a single window.\n" +"\n" +" Only reverse connections can be done. (Note: one can specify multiple\n" +" viewing hosts via: -connect host1,host2,host3 or add/remove them\n" +" dynamically as described above.)\n" +"\n" +" If a new window obscures an old one, you will see some or all of the\n" +" new window in the old one. The hope is this is a popup dialog or menu\n" +" that will go away soon. Otherwise a user at the physical display will\n" +" need to move it. (See also the SSVNC viewer features described below.) \n" +"\n" +" The viewer side cannot resize or make windows move on the physical\n" +" display. Again, a user at the physical display may need to help, or\n" +" use the SSVNC viewer (see Tip below.)\n" +"\n" +" Tip: If the application has its own 'resize corner', then dragging\n" +" it may successfully resize the application window.\n" +" Tip: Some desktop environments enable moving a window via, say,\n" +" Alt+Left-Button-Drag. One may be able to move a window this way.\n" +" Also, e.g., Alt+Right-Button-Drag may resize a window.\n" +" Tip: Clicking on part of an obscured window may raise it to the top.\n" +" Also, e.g., Alt+Middle-Button may toggle Raise/Lower.\n" +"\n" +" Tip: The SSVNC 1.0.25 unix and macosx vncviewer has 'EscapeKeys' hot\n" +" keys that will move, resize, raise, and lower the window via the\n" +" x11vnc -remote_prefix X11VNC_APPSHARE_CMD: feature. So in the\n" +" viewer while holding down Shift_L+Super_L+Alt_L the arrow keys\n" +" move the window, PageUp/PageDn/Home/End resize it, and - and +\n" +" raise and lower it. Key 'M' or Button1 moves the remote window\n" +" to the +X+Y of the viewer window. Key 'D' or Button3 deletes\n" +" the remote window.\n" +"\n" +" You can run the SSVNC vncviewer with options '-escape default',\n" +" '-multilisten' and '-env VNCVIEWER_MIN_TITLE=1'; or just run\n" +" with option '-appshare' to enable these and automatic placement.\n" +"\n" +" If any part of a window goes off of the display screen, then x11vnc\n" +" may be unable to poll it (without crashing), and so the window will\n" +" stop updating until the window is completely on-screen again.\n" +"\n" +" The (stock) vnc viewer does not know where to best position each new\n" +" viewer window; it likely centers each one (including when resized.)\n" +" Note: The SSVNC viewer in '-appshare' mode places them correctly.\n" +"\n" +" Deleting a viewer window does not delete the real window.\n" +" Note: The SSVNC viewer Shift+EscapeKeys+Button3 deletes it.\n" +"\n" +" Sometimes new window detection fails.\n" +"\n" +" Sometimes menu/popup detection fails.\n" +"\n" +" Sometimes the contents of a menu/popup window have blacked-out regions.\n" +" Try -sid or -showmenus as a workaround.\n" +"\n" +" If the application starts up a new application (a different process)\n" +" that new application will not be tracked (but, unfortunately, it may\n" +" cover up existing windows that are being tracked.) See cmd=add_window\n" +" and cmd=add_app described above.\n" +"\n" +; + +#include +#include +#include + +#define WMAX 192 +#define CMAX 128 +#define AMAX 32 + +static Window root = None; +static Window watch[WMAX]; +static Window apps[WMAX]; +static int state[WMAX]; +static char *clients[CMAX]; +static XWindowAttributes attr; +static char *ticker_atom_str = "X11VNC_APPSHARE_TICKER"; +static Atom ticker_atom = None; +static char *cmd_atom_str = "X11VNC_APPSHARE_COMMAND"; +static Atom cmd_atom = None; +static char *connect_to = NULL; +static char *x11vnc_args = ""; +static char *id_opt = "-id"; +static int skip_menus = 1; +static int exit_no_app_win = 1; +static int shell = 0; +static int tree_depth = 3; +static char *prompt = "appshare> "; +static char *x11vnc = "x11vnc"; +static char *control = NULL; +static char *trackdir = "unset"; +static char *trackpre = "/tmp/x11vnc-appshare-trackdir-tmp"; +static char *tracktmp = NULL; +static char unique_tag[100]; +static int use_forever = 1; +static int last_event_type = 0; +static pid_t helper_pid = 0; +static pid_t parent_pid = 0; +static double helper_delay = 0.5; +static int appshare_debug = 0; +static double start_time = 0.0; + +static void get_wm_name(Window win, char **name); +static int win_attr(Window win); +static int get_xy(Window win, int *x, int *y); +static Window check_inside(Window win); +static int ours(Window win); +static void destroy_win(Window win); +static int same_app(Window win, Window app); + +static void ff(void) { + fflush(stdout); + fflush(stderr); +} + +static int find_win(Window win) { + int i; + for (i=0; i < WMAX; i++) { + if (watch[i] == win) { + return i; + } + } + return -1; +} + +static int find_app(Window app) { + int i; + for (i=0; i < AMAX; i++) { + if (apps[i] == app) { + return i; + } + } + return -1; +} + +static int find_client(char *cl) { + int i; + for (i=0; i < CMAX; i++) { + if (cl == NULL) { + if (clients[i] == NULL) { + return i; + } + continue; + } + if (clients[i] == NULL) { + continue; + } + if (!strcmp(clients[i], cl)) { + return i; + } + } + return -1; +} + +static int trackdir_pid(Window win) { + FILE *f; + int ln = 0, pid = 0; + char line[1024]; + + if (!trackdir) { + return 0; + } + sprintf(tracktmp, "%s/0x%lx.log", trackdir, win); + f = fopen(tracktmp, "r"); + if (!f) { + return 0; + } + while (fgets(line, sizeof(line), f) != NULL) { + if (ln++ > 30) { + break; + } + if (strstr(line, "x11vnc version:")) { + char *q = strstr(line, "pid:"); + if (q) { + int p; + if (sscanf(q, "pid: %d", &p) == 1) { + if (p > 0) { + pid = p; + break; + } + } + } + } + } + fclose(f); + return pid; +} + +static void trackdir_cleanup(Window win) { + char *suffix[] = {"log", "connect", NULL}; + int i=0; + if (!trackdir) { + return; + } + while (suffix[i] != NULL) { + sprintf(tracktmp, "%s/0x%lx.%s", trackdir, win, suffix[i]); + if (appshare_debug && !strcmp(suffix[i], "log")) { + fprintf(stderr, "keeping: %s\n", tracktmp); + ff(); + } else { + if (appshare_debug) { + fprintf(stderr, "removing: %s\n", tracktmp); + ff(); + } + unlink(tracktmp); + } + i++; + } +} + +static void launch(Window win) { + char *cmd, *tmp, *connto, *name; + int len, timeo = 30, uf = use_forever; + int w = 0, h = 0, x = 0, y = 0; + + if (win_attr(win)) { + /* maybe switch to debug only. */ + w = attr.width; + h = attr.height; + get_xy(win, &x, &y); + } + + get_wm_name(win, &name); + + if (strstr(x11vnc_args, "-once")) { + uf = 0; + } + + if (control) { + int i = 0; + len = 0; + for (i=0; i < CMAX; i++) { + if (clients[i] != NULL) { + len += strlen(clients[i]) + 2; + } + } + connto = (char *) calloc(len, 1); + for (i=0; i < CMAX; i++) { + if (clients[i] != NULL) { + if (connto[0] != '\0') { + strcat(connto, ","); + } + strcat(connto, clients[i]); + } + } + } else { + connto = strdup(connect_to); + } + if (!strcmp(connto, "")) { + timeo = 0; + } + if (uf) { + timeo = 0; + } + + len = 1000 + strlen(x11vnc) + strlen(connto) + strlen(x11vnc_args) + + 3 * (trackdir ? strlen(trackdir) : 100); + + cmd = (char *) calloc(len, 1); + tmp = (char *) calloc(len, 1); + + sprintf(cmd, "%s %s 0x%lx -bg -quiet %s -nopw -rfbport 0 " + "-timeout %d -noxdamage -noxinerama -norc -repeat -speeds dsl " + "-env X11VNC_AVOID_WINDOWS=never -env X11VNC_APPSHARE_ACTIVE=1 " + "-env X11VNC_NO_CHECK_PM=1 -env %s -novncconnect -shared -nonap " + "-remote_prefix X11VNC_APPSHARE_CMD:", + x11vnc, id_opt, win, use_forever ? "-forever" : "-once", timeo, unique_tag); + + if (trackdir) { + FILE *f; + sprintf(tracktmp, " -noquiet -o %s/0x%lx.log", trackdir, win); + strcat(cmd, tracktmp); + sprintf(tracktmp, "%s/0x%lx.connect", trackdir, win); + f = fopen(tracktmp, "w"); + if (f) { + fprintf(f, "%s", connto); + fclose(f); + sprintf(tmp, " -connect_or_exit '%s'", tracktmp); + strcat(cmd, tmp); + } else { + sprintf(tmp, " -connect_or_exit '%s'", connto); + strcat(cmd, tmp); + } + } else { + if (!strcmp(connto, "")) { + sprintf(tmp, " -connect '%s'", connto); + } else { + sprintf(tmp, " -connect_or_exit '%s'", connto); + } + strcat(cmd, tmp); + } + if (uf) { + char *q = strstr(cmd, "-connect_or_exit"); + if (q) q = strstr(q, "_or_exit"); + if (q) { + unsigned int i; + for (i=0; i < strlen("_or_exit"); i++) { + *q = ' '; + q++; + } + } + } + + strcat(cmd, " "); + strcat(cmd, x11vnc_args); + + fprintf(stdout, "launching: x11vnc for window 0x%08lx %dx%d+%d+%d \"%s\"\n", + win, w, h, x, y, name); + + if (appshare_debug) { + fprintf(stderr, "\nrunning: %s\n\n", cmd); + } + ff(); + + system(cmd); + + free(cmd); + free(tmp); + free(connto); + free(name); +} + +static void stop(Window win) { + char *cmd; + int pid = -1; + int f = find_win(win); + if (f < 0 || win == None) { + return; + } + if (state[f] == 0) { + return; + } + if (trackdir) { + pid = trackdir_pid(win); + if (pid > 0) { + if (appshare_debug) {fprintf(stderr, + "sending SIGTERM to: %d\n", pid); ff();} + kill((pid_t) pid, SIGTERM); + } + } + + cmd = (char *) malloc(1000 + strlen(x11vnc)); + sprintf(cmd, "pkill -TERM -f '%s %s 0x%lx -bg'", x11vnc, id_opt, win); + if (appshare_debug) { + fprintf(stdout, "stopping: 0x%08lx - %s\n", win, cmd); + } else { + fprintf(stdout, "stopping: x11vnc for window 0x%08lx " + "(pid: %d)\n", win, pid); + } + ff(); + system(cmd); + + sprintf(cmd, "(sleep 0.25 2>/dev/null || sleep 1; pkill -KILL -f '%s " + "%s 0x%lx -bg') &", x11vnc, id_opt, win); + system(cmd); + + if (trackdir) { + trackdir_cleanup(win); + } + + free(cmd); +} + +static void kill_helper_pid(void) { + int status; + if (helper_pid <= 0) { + return; + } + fprintf(stderr, "stopping: helper_pid: %d\n", (int) helper_pid); + kill(helper_pid, SIGTERM); + usleep(50 * 1000); + kill(helper_pid, SIGKILL); + usleep(25 * 1000); +#if LIBVNCSERVER_HAVE_SYS_WAIT_H && LIBVNCSERVER_HAVE_WAITPID + waitpid(helper_pid, &status, WNOHANG); +#endif +} + +static void be_helper_pid(char *dpy_str) { + int cnt = 0; + int ms = (int) (1000 * helper_delay); + double last_check = 0.0; + + if (ms < 50) ms = 50; + + dpy = XOpenDisplay(dpy_str); + ticker_atom = XInternAtom(dpy, ticker_atom_str, False); + + while (1) { + char tmp[32]; + sprintf(tmp, "HELPER_CNT_%08d", cnt++); + XChangeProperty(dpy, DefaultRootWindow(dpy), ticker_atom, XA_STRING, 8, + PropModeReplace, (unsigned char *) tmp, strlen(tmp)); + XFlush(dpy); + usleep(ms*1000); + if (parent_pid > 0) { + if(dnow() > last_check + 1.0) { + last_check = dnow(); + if (kill(parent_pid, 0) != 0) { + fprintf(stderr, "be_helper_pid: parent %d is gone.\n", (int) parent_pid); + break; + } + } + } + } + exit(0); +} + +static void print_logs(void) { + if (trackdir) { + DIR *dir = opendir(trackdir); + if (dir) { + struct dirent *dp; + while ( (dp = readdir(dir)) != NULL) { + FILE *f; + char *name = dp->d_name; + if (!strcmp(name, ".") || !strcmp(name, "..")) { + continue; + } + if (strstr(name, "0x") != name) { + continue; + } + if (strstr(name, ".log") == NULL) { + continue; + } + sprintf(tracktmp, "%s/%s", trackdir, name); + f = fopen(tracktmp, "r"); + if (f) { + char line[1024]; + fprintf(stderr, "===== x11vnc log %s =====\n", tracktmp); + while (fgets(line, sizeof(line), f) != NULL) { + fprintf(stderr, "%s", line); + } + fprintf(stderr, "\n"); + ff(); + fclose(f); + } + } + closedir(dir); + } + } +} + +static void appshare_cleanup(int s) { + int i; + if (s) {} + + if (use_forever) { + /* launch this backup in case they kill -9 us before we terminate everything */ + char cmd[1000]; + sprintf(cmd, "(sleep 3; pkill -TERM -f '%s') &", unique_tag); + if (appshare_debug) fprintf(stderr, "%s\n", cmd); + system(cmd); + } + + for (i=0; i < WMAX; i++) { + if (watch[i] != None) { + stop(watch[i]); + } + } + + if (trackdir) { + DIR *dir = opendir(trackdir); + if (dir) { + struct dirent *dp; + while ( (dp = readdir(dir)) != NULL) { + char *name = dp->d_name; + if (!strcmp(name, ".") || !strcmp(name, "..")) { + continue; + } + if (strstr(name, "0x") != name) { + fprintf(stderr, "skipping: %s\n", name); + continue; + } + if (!appshare_debug) { + fprintf(stderr, "removing: %s\n", name); + sprintf(tracktmp, "%s/%s", trackdir, name); + unlink(tracktmp); + } else { + if (appshare_debug) fprintf(stderr, "keeping: %s\n", name); + } + } + closedir(dir); + } + if (!appshare_debug) { + if (strstr(trackdir, trackpre) == trackdir) { + if (appshare_debug) fprintf(stderr, "removing: %s\n", trackdir); + rmdir(trackdir); + } + } + ff(); + } + + kill_helper_pid(); + +#if !NO_X11 + XCloseDisplay(dpy); +#endif + fprintf(stdout, "done.\n"); + ff(); + exit(0); +} + +static int trap_xerror(Display *d, XErrorEvent *error) { + if (d || error) {} + return 0; +} + +#if 0 +typedef struct { + int x, y; /* location of window */ + int width, height; /* width and height of window */ + int border_width; /* border width of window */ + int depth; /* depth of window */ + Visual *visual; /* the associated visual structure */ + Window root; /* root of screen containing window */ + int class; /* InputOutput, InputOnly*/ + int bit_gravity; /* one of bit gravity values */ + int win_gravity; /* one of the window gravity values */ + int backing_store; /* NotUseful, WhenMapped, Always */ + unsigned long backing_planes;/* planes to be preserved if possible */ + unsigned long backing_pixel;/* value to be used when restoring planes */ + Bool save_under; /* boolean, should bits under be saved? */ + Colormap colormap; /* color map to be associated with window */ + Bool map_installed; /* boolean, is color map currently installed*/ + int map_state; /* IsUnmapped, IsUnviewable, IsViewable */ + long all_event_masks; /* set of events all people have interest in*/ + long your_event_mask; /* my event mask */ + long do_not_propagate_mask; /* set of events that should not propagate */ + Bool override_redirect; /* boolean value for override-redirect */ + Screen *screen; /* back pointer to correct screen */ +} XWindowAttributes; +#endif + +static void get_wm_name(Window win, char **name) { + int ok; + +#if !NO_X11 + XErrorHandler old_handler = XSetErrorHandler(trap_xerror); + ok = XFetchName(dpy, win, name); + XSetErrorHandler(old_handler); +#endif + + if (!ok || *name == NULL) { + *name = strdup("unknown"); + } +} + +static int win_attr(Window win) { + int ok = 0; +#if !NO_X11 + XErrorHandler old_handler = XSetErrorHandler(trap_xerror); + ok = XGetWindowAttributes(dpy, win, &attr); + XSetErrorHandler(old_handler); +#endif + + if (ok) { + return 1; + } else { + return 0; + } +} + +static void win_select(Window win, int ignore) { +#if !NO_X11 + XErrorHandler old_handler = XSetErrorHandler(trap_xerror); + if (ignore) { + XSelectInput(dpy, win, 0); + } else { + XSelectInput(dpy, win, SubstructureNotifyMask); + } + XSync(dpy, False); + XSetErrorHandler(old_handler); +#endif +} + +static Window get_parent(Window win) { + int ok; + Window r, parent = None, *list = NULL; + unsigned int nchild; + +#if !NO_X11 + XErrorHandler old_handler = XSetErrorHandler(trap_xerror); + ok = XQueryTree(dpy, win, &r, &parent, &list, &nchild); + XSetErrorHandler(old_handler); + + if (!ok) { + return None; + } + if (list) { + XFree(list); + } +#endif + return parent; +} + +static int get_xy(Window win, int *x, int *y) { + Window cr; + Bool rc = False; +#if !NO_X11 + XErrorHandler old_handler = XSetErrorHandler(trap_xerror); + + rc = XTranslateCoordinates(dpy, win, root, 0, 0, x, y, &cr); + XSetErrorHandler(old_handler); +#endif + + if (!rc) { + return 0; + } else { + return 1; + } +} + +static Window check_inside(Window win) { + int i, nwin = 0; + int w, h, x, y; + int Ws[WMAX], Hs[WMAX], Xs[WMAX], Ys[WMAX]; + Window wins[WMAX]; + + if (!win_attr(win)) { + return None; + } + + /* store them first to give the win app more time to settle. */ + for (i=0; i < WMAX; i++) { + int X, Y; + Window wchk = watch[i]; + if (wchk == None) { + continue; + } + if (state[i] == 0) { + continue; + } + if (!win_attr(wchk)) { + continue; + } + if (!get_xy(wchk, &X, &Y)) { + continue; + } + + Xs[nwin] = X; + Ys[nwin] = Y; + Ws[nwin] = attr.width; + Hs[nwin] = attr.height; + wins[nwin] = wchk; + nwin++; + } + + if (nwin == 0) { + return None; + } + + if (!win_attr(win)) { + return None; + } + w = attr.width; + h = attr.height; + + get_xy(win, &x, &y); + if (!get_xy(win, &x, &y)) { + return None; + } + + for (i=0; i < nwin; i++) { + int X, Y, W, H; + Window wchk = wins[i]; + X = Xs[i]; + Y = Ys[i]; + W = Ws[i]; + H = Hs[i]; + + if (appshare_debug) fprintf(stderr, "check inside: 0x%lx %dx%d+%d+%d %dx%d+%d+%d\n", wchk, w, h, x, y, W, H, X, Y); + + if (X <= x && Y <= y) { + if (x + w <= X + W && y + h < Y + H) { + return wchk; + } + } + } + + return None; +} + +static void add_win(Window win) { + int idx = find_win(win); + int free = find_win(None); + if (idx >= 0) { + if (appshare_debug) {fprintf(stderr, "already watching window: 0x%lx\n", win); ff();} + return; + } + if (free < 0) { + fprintf(stderr, "ran out of slots for window: 0x%lx\n", win); ff(); + return; + } + + if (appshare_debug) {fprintf(stderr, "watching: 0x%lx at %d\n", win, free); ff();} + + watch[free] = win; + state[free] = 0; + + win_select(win, 0); +} + +static void delete_win(Window win) { + int i; + for (i=0; i < WMAX; i++) { + if (watch[i] == win) { + watch[i] = None; + state[i] = 0; + if (appshare_debug) {fprintf(stderr, "deleting: 0x%lx at %d\n", win, i); ff();} + } + } +} + +static void recurse_search(int level, int level_max, Window top, Window app, int *nw) { + Window w, r, parent, *list = NULL; + unsigned int nchild; + int ok; + + if (appshare_debug > 1) { + fprintf(stderr, "level: %d level_max: %d top: 0x%lx app: 0x%lx\n", level, level_max, top, app); + } + if (level >= level_max) { + return; + } + + ok = XQueryTree(dpy, top, &r, &parent, &list, &nchild); + if (ok) { + int i; + for (i=0; i < (int) nchild; i++) { + w = list[i]; + if (w == None || find_win(w) >= 0) { + continue; + } + if (ours(w) && w != app) { + if (appshare_debug) fprintf(stderr, "add level %d 0x%lx %d/%d\n", + level, w, i, nchild); + add_win(w); + (*nw)++; + } + } + for (i=0; i < (int) nchild; i++) { + w = list[i]; + if (w == None || ours(w)) { + continue; + } + recurse_search(level+1, level_max, w, app, nw); + } + } + if (list) { + XFree(list); + } +} + +static void add_app(Window app) { + int i, nw = 0, free = -1; + XErrorHandler old_handler; + +#if !NO_X11 + i = find_app(app); + if (i >= 0) { + fprintf(stderr, "already tracking app: 0x%lx\n", app); + return; + } + for (i=0; i < AMAX; i++) { + if (same_app(apps[i], app)) { + fprintf(stderr, "already tracking app: 0x%lx via 0x%lx\n", app, apps[i]); + return; + } + } + free = find_app(None); + if (free < 0) { + fprintf(stderr, "ran out of app slots.\n"); + return; + } + apps[free] = app; + + add_win(app); + + old_handler = XSetErrorHandler(trap_xerror); + recurse_search(0, tree_depth, root, app, &nw); + XSetErrorHandler(old_handler); +#endif + fprintf(stderr, "tracking %d windows related to app window 0x%lx\n", nw, app); +} + +static void del_app(Window app) { + int i; + for (i=0; i < WMAX; i++) { + Window win = watch[i]; + if (win != None) { + if (same_app(app, win)) { + destroy_win(win); + } + } + } + for (i=0; i < AMAX; i++) { + Window app2 = apps[i]; + if (app2 != None) { + if (same_app(app, app2)) { + apps[i] = None; + } + } + } +} + +static void wait_until_empty(char *file) { + double t = 0.0, dt = 0.05; + while (t < 1.0) { + struct stat sb; + if (stat(file, &sb) != 0) { + return; + } + if (sb.st_size == 0) { + return; + } + t += dt; + usleep( (int) (dt * 1000 * 1000) ); + } +} + +static void client(char *client, int add) { + DIR *dir; + struct dirent *dp; + + if (!client) { + return; + } + if (!trackdir) { + fprintf(stderr, "no trackdir, cannot %s client: %s\n", + add ? "add" : "disconnect", client); + ff(); + return; + } + fprintf(stdout, "%s client: %s\n", add ? "adding " : "deleting", client); + + dir = opendir(trackdir); + if (!dir) { + fprintf(stderr, "could not opendir trackdir: %s\n", trackdir); + return; + } + while ( (dp = readdir(dir)) != NULL) { + char *name = dp->d_name; + if (!strcmp(name, ".") || !strcmp(name, "..")) { + continue; + } + if (strstr(name, "0x") != name) { + continue; + } + if (strstr(name, ".connect")) { + FILE *f; + char *tmp; + Window twin; + + if (scan_hexdec(name, &twin)) { + int f = find_win(twin); + if (appshare_debug) { + fprintf(stderr, "twin: 0x%lx name=%s f=%d\n", twin, name, f); + ff(); + } + if (f < 0) { + continue; + } + } + + tmp = (char *) calloc(100 + strlen(client), 1); + sprintf(tracktmp, "%s/%s", trackdir, name); + if (add) { + sprintf(tmp, "%s\n", client); + } else { + sprintf(tmp, "cmd=close:%s\n", client); + } + wait_until_empty(tracktmp); + f = fopen(tracktmp, "w"); + if (f) { + if (appshare_debug) { + fprintf(stderr, "%s client: %s + %s", + add ? "add" : "disconnect", tracktmp, tmp); + ff(); + } + fprintf(f, "%s", tmp); + fclose(f); + } + free(tmp); + } + } + closedir(dir); +} + +static void mapped(Window win) { + int f; + if (win == None) { + return; + } + f = find_win(win); + if (f < 0) { + if (win_attr(win)) { + if (get_parent(win) == root) { + /* XXX more cases? */ + add_win(win); + } + } + } +} + +static void unmapped(Window win) { + int f = find_win(win); + if (f < 0 || win == None) { + return; + } + stop(win); + state[f] = 0; +} + +static void destroy_win(Window win) { + stop(win); + delete_win(win); +} + +static Window parse_win(char *str) { + Window win = None; + if (!str) { + return None; + } + if (!strcmp(str, "pick") || !strcmp(str, "p")) { + static double last_pick = 0.0; + if (dnow() < start_time + 15) { + ; + } else if (dnow() < last_pick + 2) { + return None; + } else { + last_pick = dnow(); + } + if (!pick_windowid(&win)) { + fprintf(stderr, "parse_win: bad window pick.\n"); + win = None; + } + if (win == root) { + fprintf(stderr, "parse_win: ignoring pick of rootwin 0x%lx.\n", win); + win = None; + } + ff(); + } else if (!scan_hexdec(str, &win)) { + win = None; + } + return win; +} + +static void add_or_del_app(char *str, int add) { + Window win = parse_win(str); + + if (win != None) { + if (add) { + add_app(win); + } else { + del_app(win); + } + } else if (!strcmp(str, "all")) { + if (!add) { + int i; + for (i=0; i < AMAX; i++) { + if (apps[i] != None) { + del_app(apps[i]); + } + } + } + } +} + +static void add_or_del_win(char *str, int add) { + Window win = parse_win(str); + + if (win != None) { + int f = find_win(win); + if (add) { + if (f < 0 && win_attr(win)) { + add_win(win); + } + } else { + if (f >= 0) { + destroy_win(win); + } + } + } else if (!strcmp(str, "all")) { + if (!add) { + int i; + for (i=0; i < WMAX; i++) { + if (watch[i] != None) { + destroy_win(watch[i]); + } + } + } + } +} + +static void add_or_del_client(char *str, int add) { + int i; + + if (!str) { + return; + } + if (strcmp(control, "internal")) { + return; + } + if (add) { + int idx = find_client(str); + int free = find_client(NULL); + + if (idx >=0) { + fprintf(stderr, "already tracking client: %s in slot %d\n", str, idx); + ff(); + return; + } + if (free < 0) { + static int cnt = 0; + if (cnt++ < 10) { + fprintf(stderr, "ran out of client slots.\n"); + ff(); + } + return; + } + clients[free] = strdup(str); + client(str, 1); + } else { + if (str[0] == '#' || str[0] == '%') { + if (sscanf(str+1, "%d", &i) == 1) { + i--; + if (0 <= i && i < CMAX) { + if (clients[i] != NULL) { + client(clients[i], 0); + free(clients[i]); + clients[i] = NULL; + return; + } + } + } + } else if (!strcmp(str, "all")) { + for (i=0; i < CMAX; i++) { + if (clients[i] == NULL) { + continue; + } + client(clients[i], 0); + free(clients[i]); + clients[i] = NULL; + } + return; + } + + i = find_client(str); + if (i >= 0) { + free(clients[i]); + clients[i] = NULL; + client(str, 0); + } + } +} + +static void restart_x11vnc(void) { + int i, n = 0; + Window win, active[WMAX]; + for (i=0; i < WMAX; i++) { + win = watch[i]; + if (win == None) { + continue; + } + if (state[i]) { + active[n++] = win; + stop(win); + } + } + if (n) { + usleep(1500 * 1000); + } + for (i=0; i < n; i++) { + win = active[i]; + launch(win); + } +} + +static unsigned long cmask = 0x3fc00000; /* 00111111110000000000000000000000 */ + +static void init_cmask(void) { + /* dependent on the X server implementation; XmuClientWindow better? */ + /* xc/programs/Xserver/include/resource.h */ + int didit = 0, res_cnt = 29, client_bits = 8; + + if (getenv("X11VNC_APPSHARE_CLIENT_MASK")) { + unsigned long cr; + if (sscanf(getenv("X11VNC_APPSHARE_CLIENT_MASK"), "0x%lx", &cr) == 1) { + cmask = cr; + didit = 1; + } + } else if (getenv("X11VNC_APPSHARE_CLIENT_BITS")) { + int cr = atoi(getenv("X11VNC_APPSHARE_CLIENT_BITS")); + if (cr > 0) { + client_bits = cr; + } + } + if (!didit) { + cmask = (((1 << client_bits) - 1) << (res_cnt-client_bits)); + } + fprintf(stderr, "client_mask: 0x%08lx\n", cmask); +} + +static int same_app(Window win, Window app) { + if ( (win & cmask) == (app & cmask) ) { + return 1; + } else { + return 0; + } +} + +static int ours(Window win) { + int i; + for (i=0; i < AMAX; i++) { + if (apps[i] != None) { + if (same_app(win, apps[i])) { + return 1; + } + } + } + return 0; +} + +static void list_clients(void) { + int i, n = 0; + for (i=0; i < CMAX; i++) { + if (clients[i] == NULL) { + continue; + } + fprintf(stdout, "client[%02d] %s\n", ++n, clients[i]); + } + fprintf(stdout, "total clients: %d\n", n); + ff(); +} + +static void list_windows(void) { + int i, n = 0; + for (i=0; i < WMAX; i++) { + char *name; + Window win = watch[i]; + if (win == None) { + continue; + } + get_wm_name(win, &name); + fprintf(stdout, "window[%02d] 0x%08lx state: %d slot: %03d \"%s\"\n", + ++n, win, state[i], i, name); + free(name); + } + fprintf(stdout, "total windows: %d\n", n); + ff(); +} + +static void list_apps(void) { + int i, n = 0; + for (i=0; i < AMAX; i++) { + char *name; + Window win = apps[i]; + if (win == None) { + continue; + } + get_wm_name(win, &name); + fprintf(stdout, "app[%02d] 0x%08lx state: %d slot: %03d \"%s\"\n", + ++n, win, state[i], i, name); + free(name); + } + fprintf(stdout, "total apps: %d\n", n); + ff(); +} + +static int process_control(char *file, int check_clients) { + int i, nnew = 0, seen[CMAX]; + char line[1024], *new[CMAX]; + FILE *f; + + f = fopen(file, "r"); + if (!f) { + return 1; + } + if (check_clients) { + for (i=0; i < CMAX; i++) { + seen[i] = 0; + } + } + while (fgets(line, sizeof(line), f) != NULL) { + char *q = strchr(line, '\n'); + if (q) *q = '\0'; + + if (appshare_debug) { + fprintf(stderr, "check_control: %s\n", line); + ff(); + } + + q = lblanks(line); + if (q[0] == '#') { + continue; + } + if (!strcmp(q, "")) { + continue; + } + if (strstr(q, "cmd=") == q) { + char *cmd = q + strlen("cmd="); + if (!strcmp(cmd, "quit")) { + if (strcmp(control, file) && strstr(file, ".cmd")) { + FILE *f2 = fopen(file, "w"); + if (f2) fclose(f2); + } + appshare_cleanup(0); + } else if (!strcmp(cmd, "wait")) { + return 0; + } else if (strstr(cmd, "bcast:") == cmd) { + ; + } else if (strstr(cmd, "del_window:") == cmd) { + add_or_del_win(cmd + strlen("del_window:"), 0); + } else if (strstr(cmd, "add_window:") == cmd) { + add_or_del_win(cmd + strlen("add_window:"), 1); + } else if (strstr(cmd, "del:") == cmd) { + add_or_del_win(cmd + strlen("del:"), 0); + } else if (strstr(cmd, "add:") == cmd) { + add_or_del_win(cmd + strlen("add:"), 1); + } else if (strstr(cmd, "del_client:") == cmd) { + add_or_del_client(cmd + strlen("del_client:"), 0); + } else if (strstr(cmd, "add_client:") == cmd) { + add_or_del_client(cmd + strlen("add_client:"), 1); + } else if (strstr(cmd, "-") == cmd) { + add_or_del_client(cmd + strlen("-"), 0); + } else if (strstr(cmd, "+") == cmd) { + add_or_del_client(cmd + strlen("+"), 1); + } else if (strstr(cmd, "del_app:") == cmd) { + add_or_del_app(cmd + strlen("del_app:"), 0); + } else if (strstr(cmd, "add_app:") == cmd) { + add_or_del_app(cmd + strlen("add_app:"), 1); + } else if (strstr(cmd, "debug:") == cmd) { + appshare_debug = atoi(cmd + strlen("debug:")); + } else if (strstr(cmd, "showmenus:") == cmd) { + skip_menus = atoi(cmd + strlen("showmenus:")); + skip_menus = !(skip_menus); + } else if (strstr(cmd, "noexit:") == cmd) { + exit_no_app_win = atoi(cmd + strlen("noexit:")); + exit_no_app_win = !(exit_no_app_win); + } else if (strstr(cmd, "use_forever:") == cmd) { + use_forever = atoi(cmd + strlen("use_forever:")); + } else if (strstr(cmd, "tree_depth:") == cmd) { + tree_depth = atoi(cmd + strlen("tree_depth:")); + } else if (strstr(cmd, "x11vnc_args:") == cmd) { + x11vnc_args = strdup(cmd + strlen("x11vnc_args:")); + } else if (strstr(cmd, "env:") == cmd) { + putenv(cmd + strlen("env:")); + } else if (strstr(cmd, "noop") == cmd) { + ; + } else if (!strcmp(cmd, "restart")) { + restart_x11vnc(); + } else if (!strcmp(cmd, "list_clients") || !strcmp(cmd, "lc")) { + list_clients(); + } else if (!strcmp(cmd, "list_windows") || !strcmp(cmd, "lw")) { + list_windows(); + } else if (!strcmp(cmd, "list_apps") || !strcmp(cmd, "la")) { + list_apps(); + } else if (!strcmp(cmd, "list_all") || !strcmp(cmd, "ls")) { + list_windows(); + fprintf(stderr, "\n"); + list_apps(); + fprintf(stderr, "\n"); + list_clients(); + } else if (!strcmp(cmd, "print_logs") || !strcmp(cmd, "pl")) { + print_logs(); + } else if (!strcmp(cmd, "?") || !strcmp(cmd, "h") || !strcmp(cmd, "help")) { + fprintf(stderr, "available commands:\n"); + fprintf(stderr, "\n"); + fprintf(stderr, " quit restart noop x11vnc help ? ! !!\n"); + fprintf(stderr, "\n"); + fprintf(stderr, " add_window:win (add:win, add:pick)\n"); + fprintf(stderr, " del_window:win (del:win, del:pick, del:all)\n"); + fprintf(stderr, " add_app:win (add_app:pick)\n"); + fprintf(stderr, " del_app:win (del_app:pick, del_app:all)\n"); + fprintf(stderr, " add_client:host (+host)\n"); + fprintf(stderr, " del_client:host (-host, -all)\n"); + fprintf(stderr, "\n"); + fprintf(stderr, " list_windows (lw)\n"); + fprintf(stderr, " list_apps (la)\n"); + fprintf(stderr, " list_clients (lc)\n"); + fprintf(stderr, " list_all (ls)\n"); + fprintf(stderr, " print_logs (pl)\n"); + fprintf(stderr, "\n"); + fprintf(stderr, " debug:n showmenus:n noexit:n\n"); + } else { + fprintf(stderr, "unrecognized %s\n", q); + } + continue; + } + if (check_clients) { + int idx = find_client(q); + if (idx >= 0) { + seen[idx] = 1; + } else { + new[nnew++] = strdup(q); + } + } + } + fclose(f); + + if (check_clients) { + for (i=0; i < CMAX; i++) { + if (clients[i] == NULL) { + continue; + } + if (!seen[i]) { + client(clients[i], 0); + free(clients[i]); + clients[i] = NULL; + } + } + for (i=0; i < nnew; i++) { + int free = find_client(NULL); + if (free < 0) { + static int cnt = 0; + if (cnt++ < 10) { + fprintf(stderr, "ran out of client slots.\n"); + ff(); + break; + } + continue; + } + clients[free] = new[i]; + client(new[i], 1); + } + } + return 1; +} + +static int check_control(void) { + static int last_size = -1; + static time_t last_mtime = 0; + struct stat sb; + char *control_cmd; + + if (!control) { + return 1; + } + + if (!strcmp(control, "internal")) { + return 1; + } + + control_cmd = (char *)malloc(strlen(control) + strlen(".cmd") + 1); + sprintf(control_cmd, "%s.cmd", control); + if (stat(control_cmd, &sb) == 0) { + FILE *f; + if (sb.st_size > 0) { + process_control(control_cmd, 0); + } + f = fopen(control_cmd, "w"); + if (f) { + fclose(f); + } + } + free(control_cmd); + + if (stat(control, &sb) != 0) { + return 1; + } + if (last_size == (int) sb.st_size && last_mtime == sb.st_mtime) { + return 1; + } + last_size = (int) sb.st_size; + last_mtime = sb.st_mtime; + + return process_control(control, 1); +} + +static void update(void) { + int i, app_ok = 0; + if (last_event_type != PropertyNotify) { + if (appshare_debug) fprintf(stderr, "\nupdate ...\n"); + } else if (appshare_debug > 1) { + fprintf(stderr, "update ... propertynotify\n"); + } + if (!check_control()) { + return; + } + for (i=0; i < WMAX; i++) { + Window win = watch[i]; + if (win == None) { + continue; + } + if (!win_attr(win)) { + destroy_win(win); + continue; + } + if (find_app(win) >= 0) { + app_ok++; + } + if (state[i] == 0) { + if (attr.map_state == IsViewable) { + if (skip_menus) { + Window inside = check_inside(win); + if (inside != None) { + if (appshare_debug) {fprintf(stderr, "skip_menus: window 0x%lx is inside of 0x%lx, not tracking it.\n", win, inside); ff();} + delete_win(win); + continue; + } + } + launch(win); + state[i] = 1; + } + } else if (state[i] == 1) { + if (attr.map_state != IsViewable) { + stop(win); + state[i] = 0; + } + } + } + if (exit_no_app_win && !app_ok) { + for (i=0; i < AMAX; i++) { + if (apps[i] != None) { + fprintf(stdout, "main application window is gone: 0x%lx\n", apps[i]); + } + } + ff(); + appshare_cleanup(0); + } + if (last_event_type != PropertyNotify) { + if (appshare_debug) {fprintf(stderr, "update done.\n"); ff();} + } +} + +static void exiter(char *msg, int rc) { + fprintf(stderr, "%s", msg); + ff(); + kill_helper_pid(); + exit(rc); +} + +static void set_trackdir(void) { + char tmp[256]; + struct stat sb; + if (!strcmp(trackdir, "none")) { + trackdir = NULL; + return; + } + if (!strcmp(trackdir, "unset")) { + int fd; + sprintf(tmp, "%s.XXXXXX", trackpre); + fd = mkstemp(tmp); + if (fd < 0) { + strcat(tmp, ": failed to create file.\n"); + exiter(tmp, 1); + } + /* XXX race */ + close(fd); + unlink(tmp); + if (mkdir(tmp, 0700) != 0) { + strcat(tmp, ": failed to create dir.\n"); + exiter(tmp, 1); + } + trackdir = strdup(tmp); + } + if (stat(trackdir, &sb) != 0) { + if (mkdir(trackdir, 0700) != 0) { + exiter("could not make trackdir.\n", 1); + } + } else if (! S_ISDIR(sb.st_mode)) { + exiter("trackdir not a directory.\n", 1); + } + tracktmp = (char *) calloc(1000 + strlen(trackdir), 1); +} + +static void process_string(char *str) { + FILE *f; + char *file; + if (trackdir) { + sprintf(tracktmp, "%s/0xprop.cmd", trackdir); + file = strdup(tracktmp); + } else { + char tmp[] = "/tmp/x11vnc-appshare.cmd.XXXXXX"; + int fd = mkstemp(tmp); + if (fd < 0) { + return; + } + file = strdup(tmp); + close(fd); + } + f = fopen(file, "w"); + if (f) { + fprintf(f, "%s", str); + fclose(f); + process_control(file, 0); + } + unlink(file); + free(file); +} + +static void handle_shell(void) { + struct timeval tv; + static char lastline[1000]; + static int first = 1; + fd_set rfds; + int fd0 = fileno(stdin); + + if (first) { + memset(lastline, 0, sizeof(lastline)); + first = 0; + } + + FD_ZERO(&rfds); + FD_SET(fd0, &rfds); + tv.tv_sec = 0; + tv.tv_usec = 0; + select(fd0+1, &rfds, NULL, NULL, &tv); + if (FD_ISSET(fd0, &rfds)) { + char line[1000], line2[1010]; + if (fgets(line, sizeof(line), stdin) != NULL) { + char *str = lblanks(line); + char *q = strrchr(str, '\n'); + if (q) *q = '\0'; + if (strcmp(str, "")) { + if (!strcmp(str, "!!")) { + sprintf(line, "%s", lastline); + fprintf(stderr, "%s\n", line); + str = line; + } + if (strstr(str, "!") == str) { + system(str+1); + } else if (!strcmp(str, "x11vnc") || !strcmp(str, "ps")) { + char *cmd = "ps -elf | egrep 'PID|x11vnc' | grep -v egrep"; + fprintf(stderr, "%s\n", cmd); + system(cmd); + } else { + sprintf(line2, "cmd=%s", str); + process_string(line2); + } + sprintf(lastline, "%s", str); + } + } + fprintf(stderr, "\n%s", prompt); ff(); + } +} + +static void handle_prop_cmd(void) { + char *value, *str, *done = "DONE"; + + if (cmd_atom == None) { + return; + } + + value = get_xprop(cmd_atom_str, root); + if (value == NULL) { + return; + } + + str = lblanks(value); + if (!strcmp(str, done)) { + free(value); + return; + } + if (strstr(str, "cmd=quit") == str || strstr(str, "\ncmd=quit")) { + set_xprop(cmd_atom_str, root, done); + appshare_cleanup(0); + } + + process_string(str); + + free(value); + set_xprop(cmd_atom_str, root, done); +} + +#define PREFIX if(appshare_debug) fprintf(stderr, " %8.2f 0x%08lx : ", dnow() - start, ev.xany.window); + +static void monitor(void) { +#if !NO_X11 + XEvent ev; + double start = dnow(); + int got_prop_cmd = 0; + + if (shell) { + update(); + fprintf(stderr, "\n\n"); + process_string("cmd=help"); + fprintf(stderr, "\n%s", prompt); ff(); + } + + while (1) { + int t; + + if (XEventsQueued(dpy, QueuedAlready) == 0) { + update(); + if (got_prop_cmd) { + handle_prop_cmd(); + } + got_prop_cmd = 0; + if (shell) { + handle_shell(); + } + } + + XNextEvent(dpy, &ev); + + last_event_type = ev.type; + + switch (ev.type) { + case Expose: + PREFIX + if(appshare_debug) fprintf(stderr, "Expose %04dx%04d+%04d+%04d\n", ev.xexpose.width, ev.xexpose.height, ev.xexpose.x, ev.xexpose.y); + break; + case ConfigureNotify: +#if 0 + PREFIX + if(appshare_debug) fprintf(stderr, "ConfigureNotify %04dx%04d+%04d+%04d above: 0x%lx\n", ev.xconfigure.width, ev.xconfigure.height, ev.xconfigure.x, ev.xconfigure.y, ev.xconfigure.above); +#endif + break; + case VisibilityNotify: + PREFIX + if (appshare_debug) { + fprintf(stderr, "VisibilityNotify: "); + t = ev.xvisibility.state; + if (t == VisibilityFullyObscured) fprintf(stderr, "VisibilityFullyObscured\n"); + if (t == VisibilityPartiallyObscured) fprintf(stderr, "VisibilityPartiallyObscured\n"); + if (t == VisibilityUnobscured) fprintf(stderr, "VisibilityUnobscured\n"); + } + break; + case MapNotify: + PREFIX + if(appshare_debug) fprintf(stderr, "MapNotify win: 0x%lx\n", ev.xmap.window); + if (ours(ev.xmap.window)) { + mapped(ev.xmap.window); + } + break; + case UnmapNotify: + PREFIX + if(appshare_debug) fprintf(stderr, "UnmapNotify win: 0x%lx\n", ev.xmap.window); + if (ours(ev.xmap.window)) { + unmapped(ev.xmap.window); + } + break; + case MapRequest: + PREFIX + if(appshare_debug) fprintf(stderr, "MapRequest\n"); + break; + case CreateNotify: + PREFIX + if(appshare_debug) fprintf(stderr, "CreateNotify parent: 0x%lx win: 0x%lx\n", ev.xcreatewindow.parent, ev.xcreatewindow.window); + if (ev.xcreatewindow.parent == root && ours(ev.xcreatewindow.window)) { + if (find_win(ev.xcreatewindow.window) >= 0) { + destroy_win(ev.xcreatewindow.window); + } + add_win(ev.xcreatewindow.window); + } + break; + case DestroyNotify: + PREFIX + if(appshare_debug) fprintf(stderr, "DestroyNotify win: 0x%lx\n", ev.xdestroywindow.window); + if (ours(ev.xdestroywindow.window)) { + destroy_win(ev.xdestroywindow.window); + } + break; + case ConfigureRequest: + PREFIX + if(appshare_debug) fprintf(stderr, "ConfigureRequest\n"); + break; + case CirculateRequest: +#if 0 + PREFIX + if(appshare_debug) fprintf(stderr, "CirculateRequest parent: 0x%lx win: 0x%lx\n", ev.xcirculaterequest.parent, ev.xcirculaterequest.window); +#endif + break; + case CirculateNotify: +#if 0 + PREFIX + if(appshare_debug) fprintf(stderr, "CirculateNotify\n"); +#endif + break; + case PropertyNotify: +#if 0 + PREFIX + if(appshare_debug) fprintf(stderr, "PropertyNotify\n"); +#endif + if (cmd_atom != None && ev.xproperty.atom == cmd_atom) { + got_prop_cmd++; + } + break; + case ReparentNotify: + PREFIX + if(appshare_debug) fprintf(stderr, "ReparentNotify parent: 0x%lx win: 0x%lx\n", ev.xreparent.parent, ev.xreparent.window); + if (ours(ev.xreparent.window)) { + if (ours(ev.xreparent.parent)) { + destroy_win(ev.xreparent.window); + } else if (ev.xreparent.parent == root) { + /* ??? */ + } + } + break; + default: + PREFIX + if(appshare_debug) fprintf(stderr, "Unknown: %d\n", ev.type); + break; + } + } +#endif +} + +int appshare_main(int argc, char *argv[]) { + int i; + char *app_str = NULL; + char *dpy_str = NULL; + long xselectinput = 0; +#if NO_X11 + exiter("not compiled with X11\n", 1); +#else + for (i=0; i < WMAX; i++) { + watch[i] = None; + state[i] = 0; + } + for (i=0; i < AMAX; i++) { + apps[i] = None; + } + for (i=0; i < CMAX; i++) { + clients[i] = NULL; + } + + x11vnc = strdup(argv[0]); + + for (i=1; i < argc; i++) { + int end = (i == argc-1) ? 1 : 0; + char *s = argv[i]; + if (strstr(s, "--") == s) { + s++; + } + + if (!strcmp(s, "-h") || !strcmp(s, "-help")) { + fprintf(stdout, "%s", usage); + exit(0); + } else if (!strcmp(s, "-id")) { + id_opt = "-id"; + if (end) exiter("no -id value supplied\n", 1); + app_str = strdup(argv[++i]); + } else if (!strcmp(s, "-sid")) { + id_opt = "-sid"; + if (end) exiter("no -sid value supplied\n", 1); + app_str = strdup(argv[++i]); + } else if (!strcmp(s, "-connect") || !strcmp(s, "-connect_or_exit")) { + if (end) exiter("no -connect value supplied\n", 1); + connect_to = strdup(argv[++i]); + } else if (!strcmp(s, "-control")) { + if (end) exiter("no -control value supplied\n", 1); + control = strdup(argv[++i]); + if (!strcmp(control, "shell")) { + free(control); + control = strdup("internal"); + shell = 1; + } + } else if (!strcmp(s, "-trackdir")) { + if (end) exiter("no -trackdir value supplied\n", 1); + trackdir = strdup(argv[++i]); + } else if (!strcmp(s, "-display")) { + if (end) exiter("no -display value supplied\n", 1); + dpy_str = strdup(argv[++i]); + set_env("DISPLAY", dpy_str); + } else if (!strcmp(s, "-delay")) { + if (end) exiter("no -delay value supplied\n", 1); + helper_delay = atof(argv[++i]); + } else if (!strcmp(s, "-args")) { + if (end) exiter("no -args value supplied\n", 1); + x11vnc_args = strdup(argv[++i]); + } else if (!strcmp(s, "-env")) { + if (end) exiter("no -env value supplied\n", 1); + putenv(argv[++i]); + } else if (!strcmp(s, "-debug")) { + appshare_debug++; + } else if (!strcmp(s, "-showmenus")) { + skip_menus = 0; + } else if (!strcmp(s, "-noexit")) { + exit_no_app_win = 0; + } else if (!strcmp(s, "-shell")) { + shell = 1; + } else if (!strcmp(s, "-nocmds") || !strcmp(s, "-safer")) { + fprintf(stderr, "ignoring %s in -appshare mode.\n", s); + } else if (!strcmp(s, "-appshare")) { + ; + } else { + fprintf(stderr, "unrecognized 'x11vnc -appshare' option: %s\n", s); + exiter("", 1); + } + } + + if (getenv("X11VNC_APPSHARE_DEBUG")) { + appshare_debug = atoi(getenv("X11VNC_APPSHARE_DEBUG")); + } + + /* let user override name for multiple instances: */ + if (getenv("X11VNC_APPSHARE_COMMAND_PROPNAME")) { + cmd_atom_str = strdup(getenv("X11VNC_APPSHARE_COMMAND_PROPNAME")); + } + if (getenv("X11VNC_APPSHARE_TICKER_PROPNAME")) { + ticker_atom_str = strdup(getenv("X11VNC_APPSHARE_TICKER_PROPNAME")); + } + + if (shell) { + if (!control || strcmp(control, "internal")) { + exiter("mode -shell requires '-control internal'\n", 1); + } + } + + if (connect_to == NULL && control != NULL) { + struct stat sb; + if (stat(control, &sb) == 0) { + int len = 100 + sb.st_size; + FILE *f = fopen(control, "r"); + + if (f) { + char *line = (char *) malloc(len); + connect_to = (char *) calloc(2 * len, 1); + while (fgets(line, len, f) != NULL) { + char *q = strchr(line, '\n'); + if (q) *q = '\0'; + q = lblanks(line); + if (q[0] == '#') { + continue; + } + if (connect_to[0] != '\0') { + strcat(connect_to, ","); + } + strcat(connect_to, q); + } + fclose(f); + } + fprintf(stderr, "set -connect to: %s\n", connect_to); + } + } + if (0 && connect_to == NULL && control == NULL) { + exiter("no -connect host or -control file specified.\n", 1); + } + + if (control) { + pid_t pid; + parent_pid = getpid(); + pid = fork(); + if (pid == (pid_t) -1) { + ; + } else if (pid == 0) { + be_helper_pid(dpy_str); + exit(0); + } else { + helper_pid = pid; + } + } + + dpy = XOpenDisplay(dpy_str); + if (!dpy) { + exiter("cannot open display\n", 1); + } + + root = DefaultRootWindow(dpy); + + xselectinput = SubstructureNotifyMask; + if (helper_pid > 0) { + ticker_atom = XInternAtom(dpy, ticker_atom_str, False); + xselectinput |= PropertyChangeMask; + } + XSelectInput(dpy, root, xselectinput); + + cmd_atom = XInternAtom(dpy, cmd_atom_str, False); + + init_cmask(); + + sprintf(unique_tag, "X11VNC_APPSHARE_TAG=%d-tag", getpid()); + + start_time = dnow(); + + if (app_str == NULL) { + exiter("no -id/-sid window specified.\n", 1); + } else { + char *p, *str = strdup(app_str); + char *alist[AMAX]; + int i, n = 0; + + p = strtok(str, ","); + while (p) { + if (n >= AMAX) { + fprintf(stderr, "ran out of app slots: %s\n", app_str); + exiter("", 1); + } + alist[n++] = strdup(p); + p = strtok(NULL, ","); + } + free(str); + + for (i=0; i < n; i++) { + Window app = None; + p = alist[i]; + app = parse_win(p); + free(p); + + if (app != None) { + if (!ours(app)) { + add_app(app); + } + } + } + } + + set_trackdir(); + + signal(SIGINT, appshare_cleanup); + signal(SIGTERM, appshare_cleanup); + + rfbLogEnable(0); + + if (connect_to) { + char *p, *str = strdup(connect_to); + int n = 0; + p = strtok(str, ","); + while (p) { + clients[n++] = strdup(p); + p = strtok(NULL, ","); + } + free(str); + } else { + connect_to = strdup(""); + } + + for (i=0; i < AMAX; i++) { + if (apps[i] == None) { + continue; + } + fprintf(stdout, "Using app win: 0x%08lx root: 0x%08lx\n", apps[i], root); + } + fprintf(stdout, "\n"); + + monitor(); + + appshare_cleanup(0); + +#endif + return 0; +} + diff -Nru x11vnc-0.9.8/x11vnc/ChangeLog x11vnc-0.9.9/x11vnc/ChangeLog --- x11vnc-0.9.8/x11vnc/ChangeLog 2009-06-19 03:28:29.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/ChangeLog 2009-12-19 20:54:21.000000000 +0000 @@ -1,3 +1,104 @@ +2009-12-18 Karl Runge + * x11vnc: fix keycode and other remote control actions under + DIRECT: with an extra XFlush and other safety measures. + fflush(stderr) much in su_verify. Make the -unixpw env. vars + UNIXPW_DISABLE_SSL and UNIXPW_DISABLE_LOCALHOST work correctly. + Make -loopbg actually imply -bg. Add tag=... to unixpw opts + to set FD_TAG. Prefer Xvfb over Xdummy. Reduce wait time + for https. Add 'Login succeeded' output to unixpw panel. + +2009-12-15 Karl Runge + * x11vnc: X11VNC_REMOTE, X11VNC_TICKER, and VNC_CONNECT properties + names can be changed via env. vars (e.g. for multiple + x11vnc instances.) The -quiet option documented better. + Add fakebuttonevent remote control action. Improve child + test for connecting to port 113. Add connect_switch and + ultravnc_repeater.pl to CVS. Report X server number of mouse + buttons. Change find_display script to check for stale pids + in /tmp/.XNN-lock. If root under find_display, try FD_XDM + if previous failed to find auth. Print error reasons for + -storepasswd failures. + +2009-12-06 Karl Runge + * x11vnc: findauth/-auth guess works with FD_XDM=1 for root + finding dm's xauthority. Work around for GDM's recent + 'xhost SI:localuser:root' usage. X11VNC_REOPEN_SLEEP_MAX + for longer lived -reopen-ing. X11VNC_EXTRA_HTTPS_PARAMS for + additional URL parameters, X11VNC_HTTP_LISTEN_LOCALHOST=1 to + force libvncserver http to listen on localhost. + +2009-12-04 Karl Runge + * classes/ssl: update binaries; new signing key; ss_vncviewer. + * x11vnc: add more wish possibilities for -gui. Declare crypt() + on all platforms (disable with -DDO_NOT_DECLARE_CRYPT.) + +2009-12-02 Karl Runge + * x11vnc: -appshare mode for sharing an application windows of the + entire desktop. map port + 5500 in reverse connect. Add id_cmd + remote control functions for id (and other) windows. Allow zero + port in SSL reverse connections. Adjust delays between multiple + reverse connections; X11VNC_REVERSE_SLEEP_MAX env var. Add some + missing mutex locks; add INPUT_LOCK and threads_drop_input. + More safety in -threads mode for new framebuffer change. Fix + some stderr leaking in -inetd mode. + +2009-11-18 Karl Runge + * x11vnc: use -timeout setting for reverse connections too. + Delay calling xfixes at the beginning of 1st connection to avoid + display manager Xorg server crash. Delay selwin creation at the + begin 1st connection to avoid being killed by display manager. + Options -findauth and '-auth guess'. Export icon_mode query. + Do not open X display in -rawfb mode unless asked. Bugfix for + -sid/-id handling window offscreen or bigger than display. + Search for windows with _DBUS_SESSION_BUS_PID to decide which + dbus_launch is ours. Fix missing displays in FIND_DISPLAY + script. Add X11VNC_SKIP_DISPLAY_NEGATE. Improvements to + 'x11vnc Properties' gui dialog and connecting with x11vnc via + socket (client list.) X11VNC_SYSTEM_GREETER1 for previous text + font size. Fix bug with unixpw and vencrypt plain login. + Have fast fb read rate keep waitms and defer the same. + More heuristics to check try if GDM is still running (window + names gdm-*) + +2009-10-17 Karl Runge + * x11vnc: support for -solid option in xfce desktop. + List -Q guess_dbus query. Implement -showrfbauth option. + Workaround for inane X_ShmAttach incompatibility in Xorg. + +2009-10-08 Karl Runge + * x11vnc: bcx_xattach/x2x desktop switching facility. + More remote control features: grab_state, ping:mystring, + grablocal, resend_cutbuffer, resend_clipboard, resend_primary, + keycode, keysym, ptr, sleep, get_xprop, set_xprop, wininfo, + pointer_pos, mouse_xy, noop, guess_dbus Add DIRECT: for + remote control w/o server. X11VNC_NO_CHECK_PM for more + quiet DIRECT: usage. Options -query_retries, -remote_prefix, + and X11VNC_SYNC_TIMEOUT for remote control. Add scripting + to remote control. ping clients during in unixpw login. + Option -unixpw_system_greeter as shortcut to XDM/GDM/etc panel. + Add clear_all, viewonly, nodisplay, to unixpw username:opts. + F1 help for options (including smaller console font). + Document FD_TAG. Eat multiple property change events in one + sitting (also PROP_DBG=1). Support more -ssl features (special + cert names, single port, client certs, etc.) in -stunnel + external SSL helper mode. Reorganize openssl code to allow + integration with stunnel features if not compiled with openssl. + X11VNC_HTTPS_VS_VNC_TIMEOUT Fix dbus session address for -solid + in gnome. Use dbus-launch in -create mode if available. + X11VNC_SKIP_DISPLAY=all in -find/-create mode. let noxauth + unset XAUTHORITY for use with su - $USER. CREATE_DISPLAY_EXEC + debugging. Add x_terminal_emulator to -create cmd search. + Option -extra_fbur to tune fb update requests tracking; make + default tracking more aggressive. RATE_VERB/CHECK_RATE env. for + fbur rate. Env. vars to set Tk gui fonts. Catch closed + socket reads/writes. Try to detect 'crazy' xdamage insertion, + e.g. from some xscreensavers (needs work.). Don't switch + on server autorepeat if any keys are pressed down to work + around Xorg server and/or gnome bug. If PATH is empty, set + it to minimal one. Fix bug with -bg and -dp/-dk printout if + logfile present. + * classes/ssl: license statement. + 2009-06-18 Karl Runge * classes/ssl: java viewer now handles auth-basic proxy logins. * misc/enhanced_tightvnc_viewer: update ssvnc. diff -Nru x11vnc-0.9.8/x11vnc/cleanup.c x11vnc-0.9.9/x11vnc/cleanup.c --- x11vnc-0.9.8/x11vnc/cleanup.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/cleanup.c 2009-12-21 04:58:10.000000000 +0000 @@ -276,6 +276,13 @@ return 0; } +/* Are silly Xorg people removing X_ShmAttach from XShm.h? */ +/* INDEED! What stupid, myopic morons... */ +/* Maintenance Monkeys busy typing at their keyboards... */ +#ifndef X_ShmAttach +#define X_ShmAttach 1 +#endif + static int Xerror(Display *d, XErrorEvent *error) { X_UNLOCK; @@ -318,13 +325,24 @@ #if !NO_X11 if (reopen < rmax && getenv("X11VNC_REOPEN_DISPLAY")) { int db = getenv("X11VNC_REOPEN_DEBUG") ? 1 : 0; + int sleepmax = 10, i; Display *save_dpy = dpy; - char *dstr = DisplayString(save_dpy); + char *dstr = strdup(DisplayString(save_dpy)); reopen++; + if (getenv("X11VNC_REOPEN_SLEEP_MAX")) { + sleepmax = atoi(getenv("X11VNC_REOPEN_SLEEP_MAX")); + } rfbLog("*** XIO error: Trying to reopen[%d/%d] display '%s'\n", reopen, rmax, dstr); rfbLog("*** XIO error: Note the reopened state may be unstable.\n"); - usleep (3000 * 1000); - dpy = XOpenDisplay_wr(dstr); + for (i=0; i < sleepmax; i++) { + usleep (1000 * 1000); + dpy = XOpenDisplay_wr(dstr); + rfbLog("dpy[%d/%d]: %p\n", i+1, sleepmax, dpy); + if (dpy) { + break; + } + } + last_open_xdisplay = time(NULL); if (dpy) { rfbLog("*** XIO error: Reopened display '%s' successfully.\n", dstr); if (db) rfbLog("*** XIO error: '%s' 0x%x\n", dstr, dpy); @@ -345,6 +363,7 @@ do_new_fb(1); if (db) rfbLog("*** XIO error: check_xevents\n"); check_xevents(1); + /* sadly, we can never return... */ if (db) rfbLog("*** XIO error: watch_loop\n"); watch_loop(); diff -Nru x11vnc-0.9.8/x11vnc/connections.c x11vnc-0.9.9/x11vnc/connections.c --- x11vnc-0.9.8/x11vnc/connections.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/connections.c 2009-12-21 04:58:10.000000000 +0000 @@ -48,9 +48,12 @@ #include "sslhelper.h" #include "xwrappers.h" #include "xevents.h" +#include "win_utils.h" #include "macosx.h" #include "macosxCG.h" #include "userinput.h" +#include "pointer.h" +#include "xrandr.h" /* * routines for handling incoming, outgoing, etc connections @@ -93,6 +96,11 @@ int len, FILE *output); int check_access(char *addr); void client_set_net(rfbClientPtr client); +char *get_xprop(char *prop, Window win); +int set_xprop(char *prop, Window win, char *value); +char *bcx_xattach(char *str, int *pg_init, int *kg_init); +void grab_state(int *ptr_grabbed, int *kbd_grabbed); +char *wininfo(Window win, int show_children); static rfbClientPtr *client_match(char *str); static void free_client_data(rfbClientPtr client); @@ -120,7 +128,8 @@ while( (cl = rfbClientIteratorNext(iter)) ) { if (cl->state != RFB_NORMAL) { ok = 0; - break; + } else { + client_normal_count++; } } rfbReleaseClientIterator(iter); @@ -249,10 +258,10 @@ i = 0; iter = rfbGetClientIterator(screen); while( (cl = rfbClientIteratorNext(iter)) ) { + ClientData *cd = (ClientData *) cl->clientData; if (strstr(str, "0x") == str) { unsigned int in; int id; - ClientData *cd = (ClientData *) cl->clientData; if (! cd) { continue; } @@ -269,25 +278,52 @@ cl_list[i++] = cl; } } else { - char *rstr = str; + int port = -1; + char *rstr = strdup(str); + char *q = strrchr(rstr, ':'); + if (q) { + port = atoi(q+1); + *q = '\0'; + if (port == 0 && q[1] != '0') { + port = -1; + } else if (port < 0) { + port = -port; + } else if (port < 200) { + port = 5500 + port; + } + } if (! dotted_ip(str)) { - rstr = host2ip(str); + char *orig = rstr; + rstr = host2ip(rstr); + free(orig); if (rstr == NULL || *rstr == '\0') { if (host_warn++) { continue; } - rfbLog("skipping bad lookup: \"%s\"\n", - str); + rfbLog("skipping bad lookup: \"%s\"\n", str); continue; } - rfbLog("lookup: %s -> %s\n", str, rstr); + rfbLog("lookup: %s -> %s port=%d\n", str, rstr, port); } if (!strcmp(rstr, cl->host)) { - cl_list[i++] = cl; - } - if (rstr != str) { - free(rstr); + int ok = 1; + if (port > 0) { + if (cd != NULL && cd->client_port > 0) { + if (cd->client_port != port) { + ok = 0; + } + } else { + int cport = get_remote_port(cl->sock); + if (cport != port) { + ok = 0; + } + } + } + if (ok) { + cl_list[i++] = cl; + } } + free(rstr); } if (i >= n - 1) { break; @@ -574,18 +610,57 @@ close_exec_fds(); if (output != NULL) { - FILE *ph = popen(cmd, "r"); + FILE *ph; char line[1024]; + char *cmd2 = NULL; + char tmp[] = "/tmp/x11vnc-tmp.XXXXXX"; + int deltmp = 0; + + if (input != NULL) { + int tmp_fd = mkstemp(tmp); + if (tmp_fd < 0) { + rfbLog("mkstemp failed on: %s\n", tmp); + clean_up_exit(1); + } + write(tmp_fd, input, len); + close(tmp_fd); + deltmp = 1; + cmd2 = (char *) malloc(100 + strlen(tmp) + strlen(cmd)); + sprintf(cmd2, "/bin/cat %s | %s", tmp, cmd); + + ph = popen(cmd2, "r"); + } else { + ph = popen(cmd, "r"); + } if (ph == NULL) { rfbLog("popen(%s) failed", cmd); rfbLogPerror("popen"); clean_up_exit(1); } - while (fgets(line, 1024, ph) != NULL) { + memset(line, 0, sizeof(line)); + while (fgets(line, sizeof(line), ph) != NULL) { + int j, k = -1; if (0) fprintf(stderr, "line: %s", line); - fprintf(output, "%s", line); + /* take care to handle embedded nulls */ + for (j=0; j < (int) sizeof(line); j++) { + if (line[j] != '\0') { + k = j; + } + } + if (k >= 0) { + write(fileno(output), line, k+1); + } + memset(line, 0, sizeof(line)); } + rc = pclose(ph); + + if (cmd2 != NULL) { + free(cmd2); + } + if (deltmp) { + unlink(tmp); + } goto got_rc; } else if (input != NULL) { FILE *ph = popen(cmd, "w"); @@ -719,6 +794,7 @@ if (unixpw_in_progress && unixpw_client) { if (client == unixpw_client) { unixpw_in_progress = 0; + /* mutex */ screen->permitFileTransfer = unixpw_file_xfer_save; if ((tightfilexfer = unixpw_tightvnc_xfer_save)) { #ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER @@ -789,7 +865,7 @@ free(userhost); } else { rfbLog("client_gone: using cmd: %s\n", client->host); - run_user_command(gone_cmd, client, "gone", NULL,0,NULL); + run_user_command(gone_cmd, client, "gone", NULL, 0, NULL); } } @@ -1623,14 +1699,20 @@ FILE *in; char line[VNC_CONNECT_MAX], host[VNC_CONNECT_MAX]; static int first_warn = 1, truncate_ok = 1; - static time_t last_time = 0; - time_t now = time(NULL); - - if (last_time == 0) { - last_time = now; + static double last_time = 0.0, delay = 0.5; + double now = dnow(); + struct stat sbuf; + + if (last_time == 0.0) { + if (!getenv("X11VNC_APPSHARE_ACTIVE")) { + /* skip first */ + last_time = now; + } else { + delay = 0.25; + } } - if (now - last_time < 1) { - /* check only once a second */ + if (now - last_time < delay) { + /* check only about once a second */ return; } last_time = now; @@ -1644,6 +1726,13 @@ } } + if (stat(file, &sbuf) == 0) { + /* skip empty file directly */ + if (sbuf.st_size == 0) { + return; + } + } + in = fopen(file, "r"); if (in == NULL) { if (first_warn) { @@ -2306,6 +2395,20 @@ return prestring; } +#ifndef USE_TIMEOUT_INTERRUPT +#define USE_TIMEOUT_INTERRUPT 0 +#endif + +static void reverse_connect_timeout (int sig) { + rfbLog("sig: %d, reverse_connect_timeout.\n", sig); +#if USE_TIMEOUT_INTERRUPT + rfbLog("reverse_connect_timeout proceeding assuming connect(2) interrupt.\n"); +#else + clean_up_exit(0); +#endif +} + + /* * Do a reverse connect for a single "host" or "host:port" */ @@ -2316,6 +2419,7 @@ char *prestring = NULL; int prestring_len = 0; int rport = 5500, len = strlen(str); + int set_alarm = 0; if (len < 1) { return 0; @@ -2386,7 +2490,19 @@ /* XXX use header */ #define OPENSSL_REVERSE 4 openssl_init(1); + + if (first_conn_timeout > 0) { + set_alarm = 1; + signal(SIGALRM, reverse_connect_timeout); +#if USE_TIMEOUT_INTERRUPT + siginterrupt(SIGALRM, 1); +#endif + rfbLog("reverse_connect: using alarm() timeout of %d seconds.\n", first_conn_timeout); + alarm(first_conn_timeout); + } accept_openssl(OPENSSL_REVERSE, vncsock); + if (set_alarm) {alarm(0); signal(SIGALRM, SIG_DFL);} + openssl_init(0); free(host); return 1; @@ -2421,8 +2537,19 @@ } } + if (first_conn_timeout > 0) { + set_alarm = 1; + signal(SIGALRM, reverse_connect_timeout); +#if USE_TIMEOUT_INTERRUPT + siginterrupt(SIGALRM, 1); +#endif + rfbLog("reverse_connect: using alarm() timeout of %d seconds.\n", first_conn_timeout); + alarm(first_conn_timeout); + } + if (connect_proxy != NULL) { int sock = proxy_connect(host, rport); + if (set_alarm) {alarm(0); signal(SIGALRM, SIG_DFL);} if (sock >= 0) { if (prestring != NULL) { write(sock, prestring, prestring_len); @@ -2434,6 +2561,7 @@ } } else if (prestring != NULL) { int sock = rfbConnectToTcpAddr(host, rport); + if (set_alarm) {alarm(0); signal(SIGALRM, SIG_DFL);} if (sock >= 0) { write(sock, prestring, prestring_len); free(prestring); @@ -2443,6 +2571,7 @@ } } else { cl = rfbReverseConnection(screen, host, rport); + if (set_alarm) {alarm(0); signal(SIGALRM, SIG_DFL);} if (cl != NULL && use_threads) { cl->onHold = FALSE; rfbStartOnHoldClient(cl); @@ -2480,6 +2609,12 @@ int nclients0 = client_count; int lcnt, j; char **list; + int do_appshare = 0; + + if (!getenv("X11VNC_REVERSE_USE_OLD_SLEEP")) { + sleep_min = 500; + sleep_max = 2500; + } if (unixpw_in_progress) return; @@ -2495,19 +2630,56 @@ } free(tmp); + if (subwin && getenv("X11VNC_APPSHARE_ACTIVE")) { + do_appshare = 1; + sleep_between_host = 0; /* too agressive??? */ + } + if (getenv("X11VNC_REVERSE_SLEEP_BETWEEN_HOST")) { + sleep_between_host = atoi(getenv("X11VNC_REVERSE_SLEEP_BETWEEN_HOST")); + } + + if (do_appshare) { + if (screen && dpy) { + char *s = choose_title(DisplayString(dpy)); + + /* mutex */ + screen->desktopName = s; + if (rfb_desktop_name) { + free(rfb_desktop_name); + } + rfb_desktop_name = strdup(s); + } + } + for (j = 0; j < lcnt; j++) { p = list[j]; if ((n = do_reverse_connect(p)) != 0) { + int i; progress_client(); - rfbPE(-1); + for (i=0; i < 3; i++) { + rfbPE(-1); + } } cnt += n; if (list[j+1] != NULL) { t = 0; while (t < sleep_between_host) { + double t1, t2; + int i; + t1 = dnow(); + for (i=0; i < 8; i++) { + rfbPE(-1); + if (do_appshare && t == 0) { + rfbPE(-1); + } + } + t2 = dnow(); + t += (int) (1000 * (t2 - t1)); + if (t >= sleep_between_host) { + break; + } usleep(dt * 1000); - rfbPE(-1); t += dt; } } @@ -2529,6 +2701,9 @@ } clean_up_exit(0); } + if (xrandr || xrandr_maybe) { + check_xrandr_event("reverse_connect1"); + } return; } @@ -2536,6 +2711,8 @@ * XXX: we need to process some of the initial handshaking * events, otherwise the client can get messed up (why??) * so we send rfbProcessEvents() all over the place. + * + * How much is this still needed? */ n = cnt; @@ -2545,17 +2722,42 @@ t = sleep_max - sleep_min; tot = sleep_min + ((n-1) * t) / (n_max-1); + if (do_appshare) { + tot /= 3; + if (tot < dt) { + tot = dt; + } + tot = 0; /* too agressive??? */ + } + + if (getenv("X11VNC_REVERSE_SLEEP_MAX")) { + tot = atoi(getenv("X11VNC_REVERSE_SLEEP_MAX")); + } + t = 0; while (t < tot) { - rfbPE(-1); - rfbPE(-1); + int i; + double t1, t2; + t1 = dnow(); + for (i=0; i < 8; i++) { + rfbPE(-1); + if (t == 0) rfbPE(-1); + } + t2 = dnow(); + t += (int) (1000 * (t2 - t1)); + if (t >= tot) { + break; + } usleep(dt * 1000); t += dt; } if (connect_or_exit) { if (client_count <= nclients0) { for (t = 0; t < 10; t++) { - rfbPE(-1); + int i; + for (i=0; i < 3; i++) { + rfbPE(-1); + } usleep(100 * 1000); } } @@ -2569,6 +2771,9 @@ clean_up_exit(0); } } + if (xrandr || xrandr_maybe) { + check_xrandr_event("reverse_connect2"); + } } /* @@ -2578,6 +2783,7 @@ void set_vnc_connect_prop(char *str) { RAWFB_RET_VOID #if !NO_X11 + if (vnc_connect_prop == None) return; XChangeProperty(dpy, rootwin, vnc_connect_prop, XA_STRING, 8, PropModeReplace, (unsigned char *)str, strlen(str)); #else @@ -2588,6 +2794,7 @@ void set_x11vnc_remote_prop(char *str) { RAWFB_RET_VOID #if !NO_X11 + if (x11vnc_remote_prop == None) return; XChangeProperty(dpy, rootwin, x11vnc_remote_prop, XA_STRING, 8, PropModeReplace, (unsigned char *)str, strlen(str)); #else @@ -2717,6 +2924,508 @@ #endif /* NO_X11 */ } +void grab_state(int *ptr_grabbed, int *kbd_grabbed) { + int rcp, rck; + double t0, t1; + double ta, tb, tc; + *ptr_grabbed = -1; + *kbd_grabbed = -1; + + if (!dpy) { + return; + } + *ptr_grabbed = 0; + *kbd_grabbed = 0; + +#if !NO_X11 + X_LOCK; + + XSync(dpy, False); + + ta = t0 = dnow(); + + rcp = XGrabPointer(dpy, window, False, 0, GrabModeAsync, GrabModeAsync, None, None, CurrentTime); + XUngrabPointer(dpy, CurrentTime); + + tb = dnow(); + + rck = XGrabKeyboard(dpy, window, False, GrabModeAsync, GrabModeAsync, CurrentTime); + XUngrabKeyboard(dpy, CurrentTime); + + tc = dnow(); + + XSync(dpy, False); + + t1 = dnow(); + + X_UNLOCK; + if (rcp == AlreadyGrabbed || rcp == GrabFrozen) { + *ptr_grabbed = 1; + } + if (rck == AlreadyGrabbed || rck == GrabFrozen) { + *kbd_grabbed = 1; + } + rfbLog("grab_state: checked %d,%d in %.6f sec (%.6f %.6f)\n", + *ptr_grabbed, *kbd_grabbed, t1-t0, tb-ta, tc-tb); +#endif +} + +static void pmove(int x, int y) { + if (x < 0 || y < 0) { + rfbLog("pmove: skipping negative x or y: %d %d\n", x, y); + return; + } + rfbLog("pmove: x y: %d %d\n", x, y); + pointer(0, x, y, NULL); + X_LOCK; + XFlush_wr(dpy); + X_UNLOCK; +} + + +char *bcx_xattach(char *str, int *pg_init, int *kg_init) { + int grab_check = 1; + int shift = 20; + int final_x = 30, final_y = 30; + int extra_x = -1, extra_y = -1; + int t1, t2, dt = 40 * 1000; + int ifneeded = 0; + char *dir = "none", *flip = "none", *q; + int pg1, kg1, pg2, kg2; + char _bcx_res[128]; + + /* str:[up,down,left,right]+nograbcheck+shift=n+final=x+y+extra_move=x+y+[master_to_slave,slave_to_master,M2S,S2M]+dt=n+retry=n+ifneeded */ + + if (strstr(str, "up")) { + dir = "up"; + } else if (strstr(str, "down")) { + dir = "down"; + } else if (strstr(str, "left")) { + dir = "left"; + } else if (strstr(str, "right")) { + dir = "right"; + } else { + return strdup("FAIL,NO_DIRECTION_SPECIFIED"); + } + + if (strstr(str, "master_to_slave") || strstr(str, "M2S")) { + flip = "M2S"; + } else if (strstr(str, "slave_to_master") || strstr(str, "S2M")) { + flip = "S2M"; + } else { + return strdup("FAIL,NO_MODE_CHANGE_SPECIFIED"); + } + + if (strstr(str, "nograbcheck")) { + grab_check = 0; + } + if (strstr(str, "ifneeded")) { + ifneeded = 1; + } + q = strstr(str, "shift="); + if (q && sscanf(q, "shift=%d", &t1) == 1) { + shift = t1; + } + q = strstr(str, "final="); + if (q && sscanf(q, "final=%d+%d", &t1, &t2) == 2) { + final_x = t1; + final_y = t2; + } + q = strstr(str, "extra_move="); + if (q && sscanf(q, "extra_move=%d+%d", &t1, &t2) == 2) { + extra_x = t1; + extra_y = t2; + } + q = strstr(str, "dt="); + if (q && sscanf(q, "dt=%d", &t1) == 1) { + dt = t1 * 1000; + } + + if (grab_check) { + int read_init = 0; + + if (*pg_init >=0 && *kg_init >=0) { + pg1 = *pg_init; + kg1 = *kg_init; + read_init = 1; + } else { + grab_state(&pg1, &kg1); + read_init = 0; + } + + if (!strcmp(flip, "M2S")) { + if (ifneeded && pg1 == 1 && kg1 == 1) { + rfbLog("bcx_xattach: M2S grab state is already what we want, skipping moves: %d,%d\n", pg1, kg1); + return strdup("DONE,GRAB_OK"); + } + } else if (!strcmp(flip, "S2M")) { + if (ifneeded && pg1 == 0 && kg1 == 0) { + rfbLog("bcx_xattach: S2M grab state is already what we want, skipping moves: %d,%d\n", pg1, kg1); + return strdup("DONE,GRAB_OK"); + } + } + + if (read_init) { + ; + } else if (!strcmp(flip, "M2S")) { + if (pg1 != 0 || kg1 != 0) { + rfbLog("bcx_xattach: M2S init grab state incorrect: %d,%d\n", pg1, kg1); + usleep(2*dt); + grab_state(&pg1, &kg1); + rfbLog("bcx_xattach: slept and retried, grab is now: %d,%d\n", pg1, kg1); + } + } else if (!strcmp(flip, "S2M")) { + if (pg1 != 1 || kg1 != 1) { + rfbLog("bcx_xattach: S2M init grab state incorrect: %d,%d\n", pg1, kg1); + usleep(2*dt); + grab_state(&pg1, &kg1); + rfbLog("bcx_xattach: slept and retried, grab is now: %d,%d\n", pg1, kg1); + } + } + if (!read_init) { + *pg_init = pg1; + *kg_init = kg1; + } + } + + /* + * A guide for BARCO xattach: + * + * For -cursor_rule 'b(0):%:t(1),t(1):%:b(0)' + * down+M2S up+S2M + * For -cursor_rule 'r(0):%:l(1),l(1):%:r(0)' + * right+M2S left+S2M + * + * For -cursor_rule 't(0):%:b(1),b(1):%:t(0)' + * up+M2S down+S2M + * For -cursor_rule 'l(0):%:r(1),r(1):%:l(0)' + * left+M2S right+S2M + * For -cursor_rule 'l(0):%:r(1),r(1):%:l(0),r(0):%:l(1),l(1):%:r(0)' + * left+M2S right+S2M (we used to do both 'right') + */ + + if (!strcmp(flip, "M2S")) { + if (!strcmp(dir, "up")) { + pmove(shift, 0); /* go to top edge */ + usleep(dt); + pmove(shift+1, 0); /* move 1 for MotionNotify */ + } else if (!strcmp(dir, "down")) { + pmove(shift, dpy_y-1); /* go to bottom edge */ + usleep(dt); + pmove(shift+1, dpy_y-1); /* move 1 for MotionNotify */ + } else if (!strcmp(dir, "left")) { + pmove(0, shift); /* go to left edge */ + usleep(dt); + pmove(0, shift+1); /* move 1 for MotionNotify */ + } else if (!strcmp(dir, "right")) { + pmove(dpy_x-1, shift); /* go to right edge */ + usleep(dt); + pmove(dpy_x-1, shift+1); /* move 1 for Motion Notify */ + } + } else if (!strcmp(flip, "S2M")) { + int dts = dt/2; + if (!strcmp(dir, "up")) { + pmove(shift, 2); /* Approach top edge in 3 moves. 1st move */ + usleep(dts); + pmove(shift, 1); /* 2nd move */ + usleep(dts); + pmove(shift, 0); /* 3rd move */ + usleep(dts); + pmove(shift+1, 0); /* move 1 for MotionNotify */ + usleep(dts); + pmove(shift+1, dpy_y-2); /* go to height-2 for extra pixel (slave y now == 0?) */ + usleep(dts); + pmove(shift, dpy_y-2); /* move 1 for MotionNotify */ + usleep(dts); + pmove(shift, 1); /* go to 1 to be sure slave y == 0 */ + usleep(dts); + pmove(shift+1, 1); /* move 1 for MotionNotify */ + } else if (!strcmp(dir, "down")) { + pmove(shift, dpy_y-3); /* Approach bottom edge in 3 moves. 1st move */ + usleep(dts); + pmove(shift, dpy_y-2); /* 2nd move */ + usleep(dts); + pmove(shift, dpy_y-1); /* 3rd move */ + usleep(dts); + pmove(shift+1, dpy_y-1); /* move 1 for MotionNotify */ + usleep(dts); + pmove(shift+1, 1); /* go to 1 for extra pixel (slave y now == dpy_y-1?) */ + usleep(dts); + pmove(shift, 1); /* move 1 for MotionNotify */ + usleep(dts); + pmove(shift, dpy_y-2); /* go to dpy_y-2 to be sure slave y == dpy_y-1 */ + usleep(dts); + pmove(shift+1, dpy_y-2); /* move 1 for MotionNotify */ + } else if (!strcmp(dir, "left")) { + pmove(2, shift); /* Approach left edge in 3 moves. 1st move */ + usleep(dts); + pmove(1, shift); /* 2nd move */ + usleep(dts); + pmove(0, shift); /* 3rd move */ + usleep(dts); + pmove(0, shift+1); /* move 1 for MotionNotify */ + usleep(dts); + pmove(dpy_x-2, shift+1); /* go to width-2 for extra pixel (slave x now == 0?) */ + usleep(dts); + pmove(dpy_x-2, shift); /* move 1 for MotionNotify */ + usleep(dts); + pmove(1, shift); /* go to 1 to be sure slave x == 0 */ + usleep(dts); + pmove(1, shift+1); /* move 1 for MotionNotify */ + } else if (!strcmp(dir, "right")) { + pmove(dpy_x-3, shift); /* Approach right edge in 3 moves. 1st move */ + usleep(dts); + pmove(dpy_x-2, shift); /* 2nd move */ + usleep(dts); + pmove(dpy_x-1, shift); /* 3rd move */ + usleep(dts); + pmove(dpy_x-1, shift+1); /* move 1 for MotionNotify */ + usleep(dts); + pmove(1, shift+1); /* go to 1 to extra pixel (slave x now == dpy_x-1?) */ + usleep(dts); + pmove(1, shift); /* move 1 for MotionNotify */ + usleep(dts); + pmove(dpy_x-2, shift); /* go to dpy_x-2 to be sure slave x == dpy_x-1 */ + usleep(dts); + pmove(dpy_x-2, shift+1); /* move 1 for MotionNotify */ + } + } + + usleep(dt); + pmove(final_x, final_y); + usleep(dt); + + if (extra_x >= 0 && extra_y >= 0) { + pmove(extra_x, extra_y); + usleep(dt); + } + + strcpy(_bcx_res, "DONE"); + + if (grab_check) { + char st[64]; + + usleep(3*dt); + grab_state(&pg2, &kg2); + + if (!strcmp(flip, "M2S")) { + if (pg2 != 1 || kg2 != 1) { + rfbLog("bcx_xattach: M2S fini grab state incorrect: %d,%d\n", pg2, kg2); + usleep(2*dt); + grab_state(&pg2, &kg2); + rfbLog("bcx_xattach: slept and retried, grab is now: %d,%d\n", pg2, kg2); + } + } else if (!strcmp(flip, "S2M")) { + if (pg2 != 0 || kg2 != 0) { + rfbLog("bcx_xattach: S2M fini grab state incorrect: %d,%d\n", pg2, kg2); + usleep(2*dt); + grab_state(&pg2, &kg2); + rfbLog("bcx_xattach: slept and retried, grab is now: %d,%d\n", pg2, kg2); + } + } + + sprintf(st, ":%d,%d-%d,%d", pg1, kg1, pg2, kg2); + + if (getenv("GRAB_CHECK_LOOP")) { + int i, n = atoi(getenv("GRAB_CHECK_LOOP")); + rfbLog("grab st: %s\n", st); + for (i=0; i < n; i++) { + usleep(dt); + grab_state(&pg2, &kg2); + sprintf(st, ":%d,%d-%d,%d", pg1, kg1, pg2, kg2); + rfbLog("grab st: %s\n", st); + } + } + + if (!strcmp(flip, "M2S")) { + if (pg1 == 0 && kg1 == 0 && pg2 == 1 && kg2 == 1) { + strcat(_bcx_res, ",GRAB_OK"); + } else { + rfbLog("bcx_xattach: M2S grab state incorrect: %d,%d -> %d,%d\n", pg1, kg1, pg2, kg2); + strcat(_bcx_res, ",GRAB_FAIL"); + if (pg2 == 1 && kg2 == 1) { + strcat(_bcx_res, "_INIT"); + } else if (pg1 == 0 && kg1 == 0) { + strcat(_bcx_res, "_FINAL"); + } + strcat(_bcx_res, st); + } + } else if (!strcmp(flip, "S2M")) { + if (pg1 == 1 && kg1 == 1 && pg2 == 0 && kg2 == 0) { + strcat(_bcx_res, ",GRAB_OK"); + } else { + rfbLog("bcx_xattach: S2M grab state incorrect: %d,%d -> %d,%d\n", pg1, kg1, pg2, kg2); + strcat(_bcx_res, ",GRAB_FAIL"); + if (pg2 == 0 && kg2 == 0) { + strcat(_bcx_res, "_INIT"); + } else if (pg1 == 1 && kg1 == 1) { + strcat(_bcx_res, "_FINAL"); + } + strcat(_bcx_res, st); + } + } + } + return strdup(_bcx_res); +} + +int set_xprop(char *prop, Window win, char *value) { + int rc = -1; +#if !NO_X11 + Atom aprop; + + RAWFB_RET(rc) + + if (!prop || !value) { + return rc; + } + if (win == None) { + win = rootwin; + } + aprop = XInternAtom(dpy, prop, False); + if (aprop == None) { + return rc; + } + rc = XChangeProperty(dpy, win, aprop, XA_STRING, 8, + PropModeReplace, (unsigned char *)value, strlen(value)); + return rc; +#else + RAWFB_RET(rc) + if (!prop || !win || !value) {} + return rc; +#endif /* NO_X11 */ +} + +char *get_xprop(char *prop, Window win) { +#if NO_X11 + RAWFB_RET(NULL) + if (!prop || !win) {} + return NULL; +#else + Atom type, aprop; + int format, slen, dlen; + unsigned long nitems = 0, bytes_after = 0; + unsigned char* data = NULL; + char get_str[VNC_CONNECT_MAX+1]; + + RAWFB_RET(NULL) + + if (prop == NULL || !strcmp(prop, "")) { + return NULL; + } + if (win == None) { + win = rootwin; + } + aprop = XInternAtom(dpy, prop, True); + if (aprop == None) { + return NULL; + } + + get_str[0] = '\0'; + slen = 0; + + /* read the property value into get_str: */ + do { + if (XGetWindowProperty(dpy, win, aprop, nitems/4, + VNC_CONNECT_MAX/16, False, AnyPropertyType, &type, + &format, &nitems, &bytes_after, &data) == Success) { + + dlen = nitems * (format/8); + if (slen + dlen > VNC_CONNECT_MAX) { + /* too big */ + rfbLog("get_xprop: warning: truncating large '%s'" + " string > %d bytes.\n", prop, VNC_CONNECT_MAX); + XFree_wr(data); + break; + } + memcpy(get_str+slen, data, dlen); + slen += dlen; + get_str[slen] = '\0'; + XFree_wr(data); + } + } while (bytes_after > 0); + + get_str[VNC_CONNECT_MAX] = '\0'; + rfbLog("get_prop: read: '%s' = '%s'\n", prop, get_str); + + return strdup(get_str); +#endif /* NO_X11 */ +} + +static char _win_fmt[1000]; + +static char *win_fmt(Window win, XWindowAttributes a) { + memset(_win_fmt, 0, sizeof(_win_fmt)); + sprintf(_win_fmt, "0x%lx:%dx%dx%d+%d+%d-map:%d-bw:%d-cl:%d-vis:%d-bs:%d/%d", + win, a.width, a.height, a.depth, a.x, a.y, a.map_state, a.border_width, a.class, + (int) ((a.visual)->visualid), a.backing_store, a.save_under); + return _win_fmt; +} + +char *wininfo(Window win, int show_children) { +#if NO_X11 + RAWFB_RET(NULL) + if (!win || !show_children) {} + return NULL; +#else + XWindowAttributes attr; + int n, size = X11VNC_REMOTE_MAX; + char get_str[X11VNC_REMOTE_MAX+1]; + unsigned int nchildren; + Window rr, pr, *children; + + RAWFB_RET(NULL) + + if (win == None) { + return strdup("None"); + } + + X_LOCK; + if (!valid_window(win, &attr, 1)) { + X_UNLOCK; + return strdup("Invalid"); + } + get_str[0] = '\0'; + + if (show_children) { + XQueryTree_wr(dpy, win, &rr, &pr, &children, &nchildren); + } else { + nchildren = 1; + children = (Window *) calloc(2 * sizeof(Window), 1); + children[0] = win; + } + for (n=0; n < (int) nchildren; n++) { + char tmp[32]; + char *str = "Invalid"; + Window w = children[n]; + if (valid_window(w, &attr, 1)) { + if (!show_children) { + str = win_fmt(w, attr); + } else { + sprintf(tmp, "0x%lx", w); + str = tmp; + } + } + if ((int) (strlen(get_str) + 1 + strlen(str)) >= size) { + break; + } + if (n > 0) { + strcat(get_str, ","); + } + strcat(get_str, str); + } + get_str[size] = '\0'; + if (!show_children) { + free(children); + } else if (nchildren) { + XFree_wr(children); + } + rfbLog("wininfo computed: %s\n", get_str); + X_UNLOCK; + + return strdup(get_str); +#endif /* NO_X11 */ +} + /* * check if client_connect has been set, if so make the reverse connections. */ @@ -2888,6 +3597,7 @@ if (client) {} if (turn_off_truecolor) { rfbLog("turning off truecolor advertising.\n"); + /* mutex */ screen->serverFormat.trueColour = FALSE; screen->displayHook = NULL; screen->serverFormat.redShift = 0; @@ -2980,7 +3690,6 @@ clients_served++; - if (use_openssl || use_stunnel) { if (! ssl_initialized) { rfbLog("denying additional client: %s ssl not setup" @@ -3043,6 +3752,8 @@ return(RFB_CLIENT_REFUSE); } + /* We will RFB_CLIENT_ACCEPT or RFB_CLIENT_ON_HOLD from here on. */ + if (passwdfile) { if (strstr(passwdfile, "read:") == passwdfile || strstr(passwdfile, "cmd:") == passwdfile) { @@ -3054,6 +3765,7 @@ } } else if (strstr(passwdfile, "custom:") == passwdfile) { if (screen) { + /* mutex */ screen->passwordCheck = custom_passwd_check; } } @@ -3098,8 +3810,9 @@ cd->cmp_bytes_sent = 0; cd->raw_bytes_sent = 0; - rfbLog("incr accepted_client for %s:%d.\n", client->host, get_remote_port(client->sock)); accepted_client++; + rfbLog("incr accepted_client=%d for %s:%d sock=%d\n", accepted_client, + client->host, get_remote_port(client->sock), client->sock); last_client = time(NULL); if (ncache) { @@ -3135,6 +3848,7 @@ rfbSetTranslateFunction(client); + /* mutex */ screen->serverFormat.trueColour = TRUE; screen->serverFormat.redShift = rs; screen->serverFormat.greenShift = gs; @@ -3165,7 +3879,7 @@ unixpw_login_viewonly = 1; client->viewOnly = FALSE; } - unixpw_last_try_time = time(NULL); + unixpw_last_try_time = time(NULL) + 10; unixpw_screen(1); unixpw_keystroke(0, 0, 1); @@ -3364,11 +4078,16 @@ int run_after_accept = 0; if (unixpw_in_progress) { + static double lping = 0.0; + if (lping < dnow() + 5) { + mark_rect_as_modified(0, 0, 1, 1, 1); + lping = dnow(); + } if (unixpw_client && unixpw_client->viewOnly) { unixpw_login_viewonly = 1; unixpw_client->viewOnly = FALSE; } - if (time(NULL) > unixpw_last_try_time + 25) { + if (time(NULL) > unixpw_last_try_time + 45) { rfbLog("unixpw_deny: timed out waiting for reply.\n"); unixpw_deny(); } diff -Nru x11vnc-0.9.8/x11vnc/connections.h x11vnc-0.9.9/x11vnc/connections.h --- x11vnc-0.9.8/x11vnc/connections.h 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/connections.h 2009-12-21 04:58:10.000000000 +0000 @@ -72,5 +72,10 @@ int len, FILE *output); extern int check_access(char *addr); extern void client_set_net(rfbClientPtr client); +extern char *get_xprop(char *prop, Window win); +extern int set_xprop(char *prop, Window win, char *value); +extern char *bcx_xattach(char *str, int *pg_init, int *kg_init); +extern void grab_state(int *ptr_grabbed, int *kbd_grabbed); +extern char *wininfo(Window win, int show_children); #endif /* _X11VNC_CONNECTIONS_H */ diff -Nru x11vnc-0.9.8/x11vnc/cursor.c x11vnc-0.9.9/x11vnc/cursor.c --- x11vnc-0.9.8/x11vnc/cursor.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/cursor.c 2009-12-21 04:58:10.000000000 +0000 @@ -41,6 +41,7 @@ #include "macosx.h" int xfixes_present = 0; +int xfixes_first_initialized = 0; int use_xfixes = 1; int got_xfixes_cursor_notify = 0; int cursor_changes = 0; @@ -575,7 +576,9 @@ return; } if (! show_cursor) { + LOCK(screen->cursorMutex); screen->cursor = NULL; + UNLOCK(screen->cursorMutex); } else { got_xfixes_cursor_notify++; set_rfb_cursor(get_which_cursor()); @@ -590,7 +593,7 @@ int w_in = 0, h_in = 0; static int first = 1; - if (verbose) { + if (verbose || use_threads) { rfbLog("setting up %d cursors...\n", CURS_MAX); } @@ -602,8 +605,8 @@ first = 0; if (screen) { - screen->cursor = NULL; LOCK(screen->cursorMutex); + screen->cursor = NULL; } for (i=0; icursorMutex); screen->cursor = NULL; + UNLOCK(screen->cursorMutex); set_cursor_was_changed(screen); } } @@ -1651,9 +1659,11 @@ return; } iter = rfbGetClientIterator(s); + LOCK(screen->cursorMutex); while( (cl = rfbClientIteratorNext(iter)) ) { cl->cursorWasChanged = TRUE; } + UNLOCK(screen->cursorMutex); rfbReleaseClientIterator(iter); } diff -Nru x11vnc-0.9.8/x11vnc/cursor.h x11vnc-0.9.9/x11vnc/cursor.h --- x11vnc-0.9.8/x11vnc/cursor.h 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/cursor.h 2009-12-21 04:58:10.000000000 +0000 @@ -36,6 +36,7 @@ /* -- cursor.h -- */ extern int xfixes_present; +extern int xfixes_first_initialized; extern int use_xfixes; extern int got_xfixes_cursor_notify; extern int cursor_changes; diff -Nru x11vnc-0.9.8/x11vnc/enc.h x11vnc-0.9.9/x11vnc/enc.h --- x11vnc-0.9.8/x11vnc/enc.h 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/enc.h 2009-12-21 04:58:10.000000000 +0000 @@ -36,7 +36,7 @@ /* -- enc.h -- */ #if 0 -:r /home/runge/ultraSC/rc4/ultravnc_dsm_helper.c +:r /home/runge/uvnc/ultraSC/rc4/ultravnc_dsm_helper.c #endif /* @@ -71,7 +71,8 @@ * * This is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. + * the Free Software Foundation; version 2 of the License, or (at + * your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -83,8 +84,8 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, * USA or see . * - * In addition, as a special exception, Karl J. Runge - * gives permission to link the code of its release of x11vnc with the + * In addition, as a special exception, Karl J. Runge gives permission + * to link the code of its release of ultravnc_dsm_helper with the * OpenSSL project's "OpenSSL" library (or with modified versions of it * that use the same license as the "OpenSSL" library), and distribute * the linked executables. You must obey the GNU General Public License @@ -99,14 +100,29 @@ "\n" "usage: ultravnc_dsm_helper cipher keyfile listenport remotehost:port\n" "\n" - "e.g.: ultravnc_dsm_helper arc4 ./arc4.key 5901 snoopy.com:5900\n" + "e.g.: ultravnc_dsm_helper arc4 ./arc4.key 5901 snoopy.net:5900\n" "\n" " cipher: specify 'msrc4', 'msrc4_sc', 'arc4', 'aesv2',\n" - " 'aes-cfb', 'aes256', 'blowfish', or '3des'.\n" + " 'aes-cfb', 'aes256', 'blowfish', '3des',\n" + " 'securevnc'.\n" "\n" " 'msrc4_sc' enables a workaround for UVNC SC -plugin use.\n" + " (it might not be required in SC circa 2009 and later; try 'msrc4'.)\n" "\n" - " use '.' to have it try to guess the cipher from the keyfile name.\n" + " use 'securevnc' for SecureVNCPlugin (RSA key exchange). 'keyfile' is\n" + " used as a server RSA keystore in this mode. If 'keyfile' does not\n" + " exist the user is prompted whether to save the key or not (a MD5\n" + " hash of it is shown) If 'keyfile' already exists the server key\n" + " must match its contents or the connection is dropped.\n" + "\n" + " HOWEVER, if 'keyfile' ends in the string 'ClientAuth.pkey', then the\n" + " normal SecureVNCPlugin client key authentication is performed.\n" + " If you want to do both have 'keyfile' end with 'ClientAuth.pkey.rsa'\n" + " that file will be used for the RSA keystore, and the '.rsa' will be\n" + " trimmed off and the remaining name used as the Client Auth file.\n" + "\n" + " use '.' to have it try to guess the cipher from the keyfile name,\n" + " e.g. 'arc4.key' implies arc4, 'rc4.key' implies msrc4, etc.\n" "\n" " use 'rev:arc4', etc. to reverse the roles of encrypter and decrypter.\n" " (i.e. if you want to use it for a vnc server, not vnc viewer)\n" @@ -118,8 +134,9 @@ " use 'noultra:rev:...' if both are to be supplied.\n" "\n" " keyfile: file holding the key (16 bytes for arc4 and aesv2, 87 for msrc4)\n" - " E.g. dd if=/dev/random of=./my.key bs=16 count=1\n" - " keyfile can also be pw= to use \"string\" for the key.\n" + " E.g. dd if=/dev/random of=./my.key bs=16 count=1\n" + " keyfile can also be pw= to use \"string\" for the key.\n" + " Or for 'securevnc' the RSA keystore and/or ClientAuth file.\n" "\n" " listenport: port to listen for incoming connection on. (use 0 to connect\n" " to stdio, use a negative value to force localhost)\n" @@ -181,6 +198,8 @@ #if ENC_HAVE_OPENSSL #include #include +#include +#include static const EVP_CIPHER *Cipher; static const EVP_MD *Digest; #endif @@ -228,6 +247,18 @@ # define PRINT_LOOP_DBG3 #endif +/* SecureVNCPlugin from: http://adamwalling.com/SecureVNC/ */ +#define SECUREVNC_RSA_PUBKEY_SIZE 270 +#define SECUREVNC_ENCRYPTED_KEY_SIZE 256 +#define SECUREVNC_SIGNATURE_SIZE 256 +#define SECUREVNC_KEY_SIZE 16 +#define SECUREVNC_RESERVED_SIZE 4 +#define SECUREVNC_RC4_DROP_BYTES 3072 +#define SECUREVNC_RAND_KEY_SOURCE 1024 +static int securevnc = 0; +static int securevnc_arc4 = 0; +static char *securevnc_file = NULL; + static void enc_connections(int, char*, int); #if !ENC_HAVE_OPENSSL @@ -260,7 +291,7 @@ struct stat sb; char *q, *p, *connect_host; char tmp[16]; - int fd, len, listen_port, connect_port, mbits; + int fd, len = 0, listen_port, connect_port, mbits; q = ciph; @@ -302,6 +333,10 @@ } else if (strstr(q, "3des") == q) { Cipher = EVP_des_ede3_cfb(); cipher = "3des"; + } else if (strstr(q, "securevnc") == q) { + Cipher = EVP_aes_128_ofb(); cipher = "securevnc"; + securevnc = 1; + } else if (strstr(q, ".") == q) { /* otherwise, try to guess cipher from key filename: */ if (strstr(keyfile, "arc4.key")) { @@ -325,6 +360,10 @@ } else if (strstr(keyfile, "3des.key")) { Cipher = EVP_des_ede3_cfb(); cipher = "3des"; + } else if (strstr(keyfile, "securevnc.")) { + Cipher = EVP_aes_128_ofb(); cipher = "securevnc"; + securevnc = 1; + } else { fprintf(stderr, "cannot figure out cipher, supply 'msrc4', 'arc4', or 'aesv2' ...\n"); exit(1); @@ -335,7 +374,11 @@ } /* set the default message digest (md5) */ - Digest = EVP_md5(); + if (!securevnc) { + Digest = EVP_md5(); + } else { + Digest = EVP_sha1(); + } /* * Look for user specified salt and IV sizes at the end @@ -405,6 +448,15 @@ /* check for and read in the key file */ memset(keydata, 0, sizeof(keydata)); + + if (securevnc) { + /* note the keyfile for rsa verification later */ + if (keyfile != NULL && strcasecmp(keyfile, "none")) { + securevnc_file = keyfile; + } + goto readed_in; + } + if (stat(keyfile, &sb) != 0) { if (strstr(keyfile, "pw=") == keyfile) { /* user specified key/password on cmdline */ @@ -497,12 +549,13 @@ unsigned char E_keystr[EVP_MAX_KEY_LENGTH]; unsigned char D_keystr[EVP_MAX_KEY_LENGTH]; EVP_CIPHER_CTX E_ctx, D_ctx; - EVP_CIPHER_CTX *ctx; + EVP_CIPHER_CTX *ctx = NULL; unsigned char buf[BSIZE], out[BSIZE]; unsigned char *psrc = NULL, *keystr; unsigned char salt[SALT+1]; - unsigned char ivec[EVP_MAX_IV_LENGTH]; + unsigned char ivec_real[EVP_MAX_IV_LENGTH]; + unsigned char *ivec = ivec_real; int i, cnt, len, m, n = 0, vb = 0, first = 1; int whoops = 1; /* for the msrc4 problem */ @@ -512,7 +565,7 @@ memset(buf, 0, BSIZE); memset(out, 0, BSIZE); memset(salt, 0, sizeof(salt)); - memset(ivec, 0, sizeof(ivec)); + memset(ivec_real, 0, sizeof(ivec_real)); memset(E_keystr, 0, sizeof(E_keystr)); memset(D_keystr, 0, sizeof(D_keystr)); @@ -537,7 +590,22 @@ encstr = encrypt ? "encrypt" : "decrypt"; /* string for messages */ encsym = encrypt ? "+" : "-"; + /* use the encryption/decryption context variables below */ if (encrypt) { + ctx = &E_ctx; + keystr = E_keystr; + } else { + ctx = &D_ctx; + keystr = D_keystr; + } + + if (securevnc) { + first = 0; /* no need for salt+iv on first time */ + salt_size = 0; /* we want no salt */ + n = 0; /* nothing read */ + ivec_size = 0; /* we want no IV. */ + ivec = NULL; + } else if (encrypt) { /* encrypter initializes the salt and initialization vector */ /* @@ -557,10 +625,6 @@ ENC_PT_DBG(buf, n); - /* use the encryption context variables below */ - ctx = &E_ctx; - keystr = E_keystr; - } else { /* decrypter needs to read salt + iv from the wire: */ @@ -614,10 +678,6 @@ } } } - - /* use the decryption context variables below */ - ctx = &D_ctx; - keystr = D_keystr; } /* debug output */ @@ -643,8 +703,10 @@ (unsigned char *) keydata, NULL, encrypt); } } else { - /* XXX might not be correct */ + /* XXX might not be correct, just exit. */ + fprintf(stderr, "%s: %s - Not sure about msrc4 && !whoops case, exiting.\n", prog, encstr); exit(1); + EVP_BytesToKey(Cipher, Digest, NULL, (unsigned char *) keydata, keydata_len, 1, keystr, ivec); EVP_CIPHER_CTX_init(ctx); @@ -653,10 +715,12 @@ } } else { - unsigned char *in_salt; + unsigned char *in_salt = NULL; /* check salt and IV source and size. */ - if (salt_size <= 0) { + if (securevnc) { + in_salt = NULL; + } else if (salt_size <= 0) { /* let salt_size = 0 mean keep it out of the MD5 */ fprintf(stderr, "%s: %s - WARNING: no salt\n", prog, encstr); @@ -664,7 +728,8 @@ } else { in_salt = salt; } - if (ivec_size < Cipher->iv_len) { + + if (ivec_size < Cipher->iv_len && !securevnc) { fprintf(stderr, "%s: %s - WARNING: short IV %d < %d\n", prog, encstr, ivec_size, Cipher->iv_len); } @@ -696,6 +761,9 @@ * Ultra DSM compatibility mode. Note that this * clobbers the ivec we set up above! Under * noultra we overwrite ivec only if ivec_size=0. + * + * SecureVNC also goes through here. in_salt and ivec are NULL. + * And ivec is NULL below in the EVP_CipherInit_ex() call. */ EVP_BytesToKey(Cipher, Digest, in_salt, (unsigned char *) keydata, keydata_len, 1, keystr, ivec); @@ -709,13 +777,21 @@ /* set the cipher & initialize */ /* - * XXX N.B.: DSM plugin had encrypt=1 for both - * (i.e. perfectly symmetric) + * XXX N.B.: DSM plugin implementation had encrypt=1 + * for both (i.e. perfectly symmetric) */ EVP_CipherInit_ex(ctx, Cipher, NULL, keystr, ivec, encrypt); } + if (securevnc && securevnc_arc4) { + /* need to discard initial 3072 bytes */ + unsigned char buf1[SECUREVNC_RC4_DROP_BYTES]; + unsigned char buf2[SECUREVNC_RC4_DROP_BYTES]; + int cnt = 0; + EVP_CipherUpdate(ctx, buf1, &cnt, buf2, SECUREVNC_RC4_DROP_BYTES); + } + /* debug output */ PRINT_KEYSTR_AND_FRIENDS; @@ -824,6 +900,474 @@ } } +static int securevnc_server_rsa_save_dialog(char *file, char *md5str, unsigned char* rsabuf) { + /* since we are likely running in the background, use this kludge by running tk */ + FILE *p; + char str[2], *q = file, *cmd = getenv("WISH") ? getenv("WISH") : "wish"; + int rc; + + memset(str, 0, sizeof(str)); + + p = popen(cmd, "w"); + if (p == NULL) { + fprintf(stderr, "checkserver_rsa: could not run: %s\n", cmd); + return 0; + } + + /* start piping tk/tcl code to it: */ + fprintf(p, "wm withdraw .\n"); + fprintf(p, "set x [expr [winfo screenwidth .]/2]\n"); + fprintf(p, "set y [expr [winfo screenheight .]/2]\n"); + fprintf(p, "wm geometry . +$x+$y; update\n"); + fprintf(p, "catch {option add *Dialog.msg.font {helvetica -14 bold}}\n"); + fprintf(p, "catch {option add *Dialog.msg.wrapLength 6i}\n"); + fprintf(p, "set ans [tk_messageBox -title \"Save and Trust UltraVNC RSA Key?\" -icon question "); + fprintf(p, "-type yesno -message \"Save and Trust UltraVNC SecureVNCPlugin RSA Key\\n\\n"); + fprintf(p, "With MD5 sum: %s\\n\\n", md5str); + fprintf(p, "In file: "); + while (*q != '\0') { + /* sanitize user supplied string: */ + str[0] = *q; + if (strpbrk(str, "[](){}`'\"$&*|<>") == NULL) { + fprintf(p, "%s", str); + } + q++; + } + fprintf(p, " ?\"]\n"); + fprintf(p, "if { $ans == \"yes\" } {destroy .; exit 0} else {destroy .; exit 1}\n"); + rc = pclose(p); + if (rc == 0) { + fprintf(stderr, "checkserver_rsa: query returned: %d. saving it.\n", rc); + p = fopen(file, "w"); + if (p == NULL) { + fprintf(stderr, "checkserver_rsa: could not open %s\n", file); + return 0; + } + write(fileno(p), rsabuf, SECUREVNC_RSA_PUBKEY_SIZE); + fclose(p); + return 2; + } else { + fprintf(stderr, "checkserver_rsa: query returned: %d. NOT saving it.\n", rc); + return -1; + } +} + +static char *rsa_md5_sum(unsigned char* rsabuf) { + EVP_MD_CTX md; + char digest[EVP_MAX_MD_SIZE], tmp[16]; + char md5str[EVP_MAX_MD_SIZE * 8]; + unsigned int i, size = 0; + + EVP_DigestInit(&md, EVP_md5()); + EVP_DigestUpdate(&md, rsabuf, SECUREVNC_RSA_PUBKEY_SIZE); + EVP_DigestFinal(&md, (unsigned char *)digest, &size); + + memset(md5str, 0, sizeof(md5str)); + for (i=0; i < size; i++) { + unsigned char uc = (unsigned char) digest[i]; + sprintf(tmp, "%02x", (int) uc); + strcat(md5str, tmp); + } + return strdup(md5str); +} + +static int securevnc_check_server_rsa(char *file, unsigned char *rsabuf) { + struct stat sb; + unsigned char filebuf[SECUREVNC_RSA_PUBKEY_SIZE]; + char *md5str = rsa_md5_sum(rsabuf); + + if (!file) { + return 0; + } + + memset(filebuf, 0, sizeof(filebuf)); + if (stat(file, &sb) == 0) { + int n, fd, i, ok = 1; + + if (sb.st_size != SECUREVNC_RSA_PUBKEY_SIZE) { + fprintf(stderr, "checkserver_rsa: file is wrong size: %d != %d '%s'\n", + (int) sb.st_size, SECUREVNC_RSA_PUBKEY_SIZE, file); + return 0; + } + + fd = open(file, O_RDONLY); + if (fd < 0) { + fprintf(stderr, "checkserver_rsa: could not open: '%s'\n", file); + return 0; + } + + n = (int) read(fd, filebuf, SECUREVNC_RSA_PUBKEY_SIZE); + close(fd); + if (n != SECUREVNC_RSA_PUBKEY_SIZE) { + fprintf(stderr, "checkserver_rsa: could not read all of file: %d != %d '%s'\n", + n, SECUREVNC_RSA_PUBKEY_SIZE, file); + return 0; + } + + for (i=0; i < SECUREVNC_RSA_PUBKEY_SIZE; i++) { + if (filebuf[i] != rsabuf[i]) { + ok = 0; + } + } + if (!ok) { + char *str1 = rsa_md5_sum(rsabuf); + char *str2 = rsa_md5_sum(filebuf); + fprintf(stderr, "checkserver_rsa: rsa keystore contents differ for '%s'\n", file); + fprintf(stderr, "checkserver_rsa: MD5 sum of server key: %s\n", str1); + fprintf(stderr, "checkserver_rsa: MD5 sum of keystore: %s\n", str2); + } + return ok; + } else { + + fprintf(stderr, "checkserver_rsa: rsa keystore file does not exist: '%s'\n", file); + fprintf(stderr, "checkserver_rsa: asking user if we should store rsa key in it.\n\n"); + fprintf(stderr, "checkserver_rsa: RSA key has MD5 sum: %s\n\n", md5str); + + return securevnc_server_rsa_save_dialog(file, md5str, rsabuf); + } +} + +static RSA *load_client_auth(char *file) { + struct stat sb; + int fd, n; + char *contents; + RSA *rsa; + + if (!file) { + return NULL; + } + if (stat(file, &sb) != 0) { + return NULL; + } + + fd = open(file, O_RDONLY); + if (fd < 0) { + fprintf(stderr, "load_client_auth: could not open: '%s'\n", file); + return NULL; + } + + contents = (char *) malloc(sb.st_size); + n = (int) read(fd, contents, sb.st_size); + close(fd); + + if (n != sb.st_size) { + fprintf(stderr, "load_client_auth: could not read all of: '%s'\n", file); + free(contents); + return NULL; + } + + rsa = d2i_RSAPrivateKey(NULL, (const unsigned char **) ((void *) &contents), sb.st_size); + if (!rsa) { + fprintf(stderr, "load_client_auth: d2i_RSAPrivateKey failed for: '%s'\n", file); + return NULL; + } + + if (RSA_check_key(rsa) != 1) { + fprintf(stderr, "load_client_auth: rsa key invalid: '%s'\n", file); + return NULL; + } + + return rsa; +} + +static void sslexit(char *msg) { + fprintf(stderr, "%s: %s\n", msg, ERR_error_string(ERR_get_error(), NULL)); + exit(1); +} + +static void securevnc_setup(int conn1, int conn2) { + RSA *rsa = NULL; + EVP_CIPHER_CTX init_ctx; + unsigned char keystr[EVP_MAX_KEY_LENGTH]; + unsigned char *rsabuf, *rsasav; + unsigned char *encrypted_keybuf; + unsigned char *initkey; + unsigned int server_flags = 0; + unsigned char one = 1, zero = 0, sig = 16; + unsigned char b1, b2, b3, b4; + unsigned char buf[BSIZE], to_viewer[BSIZE]; + int to_viewer_len = 0; + int n = 0, len, rc; + int server = reverse ? conn1 : conn2; + int viewer = reverse ? conn2 : conn1; + char *client_auth = NULL; + int client_auth_req = 0; + int keystore_verified = 0; + + ERR_load_crypto_strings(); + + /* alloc and read from server the 270 comprising the rsa public key: */ + rsabuf = (unsigned char *) calloc(SECUREVNC_RSA_PUBKEY_SIZE, 1); + rsasav = (unsigned char *) calloc(SECUREVNC_RSA_PUBKEY_SIZE, 1); + len = 0; + while (len < SECUREVNC_RSA_PUBKEY_SIZE) { + n = read(server, rsabuf + len, SECUREVNC_RSA_PUBKEY_SIZE - len); + if (n == 0 || (n < 0 && errno != EINTR)) { + fprintf(stderr, "securevnc_setup: fail read rsabuf: n=%d len=%d\n", n, len); + exit(1); + } + len += n; + } + if (len != SECUREVNC_RSA_PUBKEY_SIZE) { + fprintf(stderr, "securevnc_setup: fail final read rsabuf: n=%d len=%d\n", n, len); + exit(1); + } + fprintf(stderr, "securevnc_setup: rsa data read len: %d\n", len); + memcpy(rsasav, rsabuf, SECUREVNC_RSA_PUBKEY_SIZE); + + fprintf(stderr, "securevnc_setup: RSA key has MD5 sum: %s\n", rsa_md5_sum(rsabuf)); + fprintf(stderr, "securevnc_setup:\n"); + fprintf(stderr, "securevnc_setup: One way to print out the SecureVNC Server key MD5 sum is:\n\n"); + fprintf(stderr, "openssl rsa -inform DER -outform DER -pubout -in ./Server_SecureVNC.pkey | dd bs=1 skip=24 | md5sum\n\n"); + if (securevnc_file == NULL) { + fprintf(stderr, "securevnc_setup:\n"); + fprintf(stderr, "securevnc_setup: ** WARNING: ULTRAVNC SERVER RSA KEY NOT VERIFIED. **\n"); + fprintf(stderr, "securevnc_setup: ** WARNING: A MAN-IN-THE-MIDDLE ATTACK IS POSSIBLE. **\n"); + fprintf(stderr, "securevnc_setup:\n"); + } else { + char *q = strrchr(securevnc_file, 'C'); + int skip = 0; + if (q) { + if (!strcmp(q, "ClientAuth.pkey")) { + client_auth = strdup(securevnc_file); + skip = 1; + } else if (!strcmp(q, "ClientAuth.pkey.rsa")) { + client_auth = strdup(securevnc_file); + q = strrchr(client_auth, '.'); + *q = '\0'; + } + } + if (!skip) { + rc = securevnc_check_server_rsa(securevnc_file, rsabuf); + } + if (skip) { + ; + } else if (rc == 0) { + fprintf(stderr, "securevnc_setup:\n"); + fprintf(stderr, "securevnc_setup: VERIFY_ERROR: SERVER RSA KEY DID NOT MATCH:\n"); + fprintf(stderr, "securevnc_setup: %s\n", securevnc_file); + fprintf(stderr, "securevnc_setup:\n"); + exit(1); + } else if (rc == -1) { + fprintf(stderr, "securevnc_setup: User cancelled the save and hence the connection.\n"); + fprintf(stderr, "securevnc_setup: %s\n", securevnc_file); + exit(1); + } else if (rc == 1) { + fprintf(stderr, "securevnc_setup: VERIFY SUCCESS: server rsa key matches the contents of:\n"); + fprintf(stderr, "securevnc_setup: %s\n", securevnc_file); + keystore_verified = 1; + } else if (rc == 2) { + fprintf(stderr, "securevnc_setup: Server rsa key stored in:\n"); + fprintf(stderr, "securevnc_setup: %s\n", securevnc_file); + keystore_verified = 2; + } + } + + /* + * read in the server flags. Note that SecureVNCPlugin sends these + * in little endian and not network order!! + */ + read(server, (char *) &b1, 1); + read(server, (char *) &b2, 1); + read(server, (char *) &b3, 1); + read(server, (char *) &b4, 1); + + server_flags = 0; + server_flags |= ((unsigned int) b4) << 24; + server_flags |= ((unsigned int) b3) << 16; + server_flags |= ((unsigned int) b2) << 8; + server_flags |= ((unsigned int) b1) << 0; + fprintf(stderr, "securevnc_setup: server_flags: 0x%08x\n", server_flags); + + /* check for arc4 usage: */ + if (server_flags & 0x1) { + fprintf(stderr, "securevnc_setup: server uses AES cipher.\n"); + } else { + fprintf(stderr, "securevnc_setup: server uses ARC4 cipher.\n"); + securevnc_arc4 = 1; + Cipher = EVP_rc4(); + } + + /* check for client auth signature requirement: */ + if (server_flags & (sig << 24)) { + fprintf(stderr, "securevnc_setup: server requires Client Auth signature.\n"); + client_auth_req = 1; + if (!client_auth) { + fprintf(stderr, "securevnc_setup: However, NO *ClientAuth.pkey keyfile was supplied on our\n"); + fprintf(stderr, "securevnc_setup: command line. Exiting.\n"); + exit(1); + } + } + + /* + * The first packet 'RFB 003.006' is obscured with key + * that is a sha1 hash of public key. So make this tmp key now: + * + */ + initkey = (unsigned char *) calloc(SECUREVNC_KEY_SIZE, 1); + EVP_BytesToKey(EVP_rc4(), EVP_sha1(), NULL, rsabuf, SECUREVNC_RSA_PUBKEY_SIZE, 1, initkey, NULL); + + /* expand the transported rsabuf into an rsa object */ + rsa = d2i_RSAPublicKey(NULL, (const unsigned char **) &rsabuf, SECUREVNC_RSA_PUBKEY_SIZE); + if (rsa == NULL) { + sslexit("securevnc_setup: failed to create rsa"); + } + + /* + * Back to the work involving the tmp obscuring key: + */ + EVP_CIPHER_CTX_init(&init_ctx); + rc = EVP_CipherInit_ex(&init_ctx, EVP_rc4(), NULL, initkey, NULL, 1); + if (rc == 0) { + sslexit("securevnc_setup: EVP_CipherInit_ex(init_ctx) failed"); + } + + /* for the first obscured packet, read what we can... */ + n = read(server, (char *) buf, BSIZE); + fprintf(stderr, "securevnc_setup: data read: %d\n", n); + if (n < 0) { + exit(1); + } + fprintf(stderr, "securevnc_setup: initial data[%d]: ", n); + + /* decode with the tmp key */ + if (n > 0) { + memset(to_viewer, 0, sizeof(to_viewer)); + if (EVP_CipherUpdate(&init_ctx, to_viewer, &len, buf, n) == 0) { + sslexit("securevnc_setup: EVP_CipherUpdate(init_ctx) failed"); + exit(1); + } + to_viewer_len = len; + } + EVP_CIPHER_CTX_cleanup(&init_ctx); + free(initkey); + + /* print what we would send to the viewer (sent below): */ + write(2, to_viewer, 12); /* and first 12 bytes 'RFB ...' as message */ + + /* now create the random session key: */ + encrypted_keybuf = (unsigned char*) calloc(RSA_size(rsa), 1); + + fprintf(stderr, "securevnc_setup: creating random session key: %d/%d\n", + SECUREVNC_KEY_SIZE, SECUREVNC_RAND_KEY_SOURCE); + keydata_len = SECUREVNC_RAND_KEY_SOURCE; + + rc = RAND_bytes((unsigned char *)keydata, SECUREVNC_RAND_KEY_SOURCE); + if (rc <= 0) { + fprintf(stderr, "securevnc_setup: RAND_bytes() failed: %s\n", ERR_error_string(ERR_get_error(), NULL)); + rc = RAND_pseudo_bytes((unsigned char *)keydata, SECUREVNC_RAND_KEY_SOURCE); + fprintf(stderr, "securevnc_setup: RAND_pseudo_bytes() rc=%d\n", rc); + if (getenv("RANDSTR")) { + char *s = getenv("RANDSTR"); + fprintf(stderr, "securevnc_setup: seeding with RANDSTR len=%d\n", strlen(s)); + RAND_add(s, strlen(s), strlen(s)); + } + } + + /* N.B. this will be repeated in enc_xfer() setup. */ + EVP_BytesToKey(Cipher, Digest, NULL, (unsigned char *) keydata, keydata_len, 1, keystr, NULL); + + /* encrypt the session key with the server's public rsa key: */ + n = RSA_public_encrypt(SECUREVNC_KEY_SIZE, keystr, encrypted_keybuf, rsa, RSA_PKCS1_PADDING); + if (n == -1) { + sslexit("securevnc_setup: RSA_public_encrypt() failed"); + exit(1); + } + fprintf(stderr, "securevnc_setup: encrypted session key size: %d. sending to server.\n", n); + + /* send it to the server: */ + write(server, encrypted_keybuf, n); + free(encrypted_keybuf); + + /* + * Reply back with flags indicating cipher (same as one sent to + * us) and we do not want client-side auth. + * + * We send it out on the wire in little endian order: + */ + if (securevnc_arc4) { + write(server, (char *)&zero, 1); + } else { + write(server, (char *)&one, 1); + } + write(server, (char *)&zero, 1); + write(server, (char *)&zero, 1); + if (client_auth_req) { + write(server, (char *)&sig, 1); + } else { + write(server, (char *)&zero, 1); + } + + if (client_auth_req && client_auth) { + RSA *client_rsa = load_client_auth(client_auth); + EVP_MD_CTX dctx; + unsigned char digest[EVP_MAX_MD_SIZE], *signature; + unsigned int ndig = 0, nsig = 0; + + if (0) { + /* for testing only, use the wrong RSA key: */ + client_rsa = RSA_generate_key(2048, 0x10001, NULL, NULL); + } + + if (client_rsa == NULL) { + fprintf(stderr, "securevnc_setup: problem reading rsa key from '%s'\n", client_auth); + exit(1); + } + + EVP_DigestInit(&dctx, EVP_sha1()); + EVP_DigestUpdate(&dctx, keystr, SECUREVNC_KEY_SIZE); + /* + * Without something like the following MITM is still possible. + * This is because the MITM knows keystr and can use it with + * the server connection as well, and then he just forwards our + * signed digest. The additional information below would be the + * MITM's rsa public key, and so the real VNC server will notice + * the difference. And MITM can't sign keystr+server_rsa.pub since + * he doesn't have Viewer_ClientAuth.pkey. + */ + if (0) { + EVP_DigestUpdate(&dctx, rsasav, SECUREVNC_RSA_PUBKEY_SIZE); + if (!keystore_verified) { + fprintf(stderr, "securevnc_setup:\n"); + fprintf(stderr, "securevnc_setup: Warning: even *WITH* Client Authentication in SecureVNC,\n"); + fprintf(stderr, "securevnc_setup: an attacker may be able to trick you into connecting to his\n"); + fprintf(stderr, "securevnc_setup: fake VNC server and supplying VNC or Windows passwords, etc.\n"); + fprintf(stderr, "securevnc_setup: To increase security manually verify the Server RSA key's MD5\n"); + fprintf(stderr, "securevnc_setup: checksum and then have SSVNC save the key in its keystore to\n"); + fprintf(stderr, "securevnc_setup: be used to verify the server in subsequent connections.\n"); + fprintf(stderr, "securevnc_setup:\n"); + } + } else { + if (!keystore_verified) { + fprintf(stderr, "securevnc_setup:\n"); + fprintf(stderr, "securevnc_setup: WARNING: THE FIRST VERSION OF THE SECUREVNC PROTOCOL IS\n"); + fprintf(stderr, "securevnc_setup: WARNING: BEING USED. *EVEN* WITH CLIENT AUTHENTICATION IT\n"); + fprintf(stderr, "securevnc_setup: WARNING: IS SUSCEPTIBLE TO A MAN-IN-THE-MIDDLE ATTACK.\n"); + fprintf(stderr, "securevnc_setup: To increase security manually verify the Server RSA key's MD5\n"); + fprintf(stderr, "securevnc_setup: checksum and then have SSVNC save the key in its keystore to\n"); + fprintf(stderr, "securevnc_setup: be used to verify the server in subsequent connections.\n"); + fprintf(stderr, "securevnc_setup:\n"); + } + } + EVP_DigestFinal(&dctx, (unsigned char *)digest, &ndig); + + signature = (unsigned char *) calloc(RSA_size(client_rsa), 1); + RSA_sign(NID_sha1, digest, ndig, signature, &nsig, client_rsa); + + fprintf(stderr, "securevnc_setup: sending ClientAuth.pkey signed data: %d\n", nsig); + write(server, signature, nsig); + free(signature); + + RSA_free(client_rsa); + } + + fprintf(stderr, "securevnc_setup: done.\n"); + + /* now send the 'RFB ...' to the viewer */ + if (to_viewer_len > 0) { + write(viewer, to_viewer, to_viewer_len); + } +} /* * Listens on incoming port for a client, then connects to remote server. * Then forks into two processes one is the encrypter the other the @@ -930,6 +1474,10 @@ use_input_fds: + if (securevnc) { + securevnc_setup(conn1, conn2); + } + /* fork into two processes; one for each direction: */ parent = getpid(); @@ -959,7 +1507,7 @@ char *kf, *q; if (argc < 4) { - fprintf(stderr, "%s\n", usage); + fprintf(stdout, "%s\n", usage); exit(1); } diff -Nru x11vnc-0.9.8/x11vnc/gui.c x11vnc-0.9.9/x11vnc/gui.c --- x11vnc-0.9.8/x11vnc/gui.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/gui.c 2009-12-21 04:58:10.000000000 +0000 @@ -261,9 +261,11 @@ if (0) sig = 0; } +/* Most of the following mess is for wish on Solaris: */ + static char *extra_path = ":/usr/local/bin:/usr/bin/X11:/usr/sfw/bin" - ":/usr/X11R6/bin:/usr/openwin/bin:/usr/dt/bin"; -static char *wishes[] = {"wish8.4", "wish", "wish8.3", "wish8.5", "wish8.0", NULL}; + ":/usr/X11R6/bin:/usr/openwin/bin:/usr/dt/bin:/opt/sfw/bin"; +static char *wishes[] = {"wish8.4", "wish", "wish8.3", "wish8.5", "wish8.6", "wish8.7", "wishx", "wish8.0", NULL}; static void run_gui(char *gui_xdisplay, int connect_to_x11vnc, int start_x11vnc, int simple_gui, pid_t parent, char *gui_opts) { @@ -440,6 +442,15 @@ if (!wish) { wish = strdup("wish"); } + if (getenv("WISH")) { + char *w = getenv("WISH"); + if (strcmp(w, "")) { + wish = strdup(w); + } + } + if (getenv("DEBUG_WISH")) { + fprintf(stderr, "wish: %s\n", wish); + } set_env("PATH", full_path); set_env("DISPLAY", gui_xdisplay); set_env("X11VNC_PROG", program_name); diff -Nru x11vnc-0.9.8/x11vnc/help.c x11vnc-0.9.9/x11vnc/help.c --- x11vnc-0.9.8/x11vnc/help.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/help.c 2009-12-21 04:58:10.000000000 +0000 @@ -114,6 +114,17 @@ " before startup. Same as -xauth file. See Xsecurity(7),\n" " xauth(1) man pages for more info.\n" "\n" +" Use '-auth guess' to have x11vnc use its -findauth\n" +" mechanism (described below) to try to guess the\n" +" XAUTHORITY filename and use it.\n" +"\n" +" XDM/GDM/KDM: if you are running x11vnc as root and want\n" +" to find the XAUTHORITY before anyone has logged into an\n" +" X session yet, use: x11vnc -env FD_XDM=1 -auth guess ...\n" +" (This will also find the XAUTHORITY if a user is already\n" +" logged into the X session.) When running as root,\n" +" FD_XDM=1 will be tried if the initial -auth guess fails.\n" +"\n" "-N If the X display is :N, try to set the VNC display to\n" " also be :N This just sets the -rfbport option to 5900+N\n" " The program will exit immediately if that port is not\n" @@ -135,7 +146,18 @@ " for display managers like GDM (KillInitClients option)\n" " that kill x11vnc just after the user logs into the\n" " X session. Note: the reopened state may be unstable.\n" -" Set X11VNC_REOPEN_DISPLAY=n to reopen n times.\n" +" Set X11VNC_REOPEN_DISPLAY=n to reopen n times and\n" +" set X11VNC_REOPEN_SLEEP_MAX to the number of seconds,\n" +" default 10, to keep trying to reopen the display (once\n" +" per second.)\n" +"\n" +" Update: as of 0.9.9, x11vnc tries to automatically avoid\n" +" being killed by the display manager by delaying creating\n" +" windows or using XFIXES. So you shouldn't need to use\n" +" KillInitClients=false as long as you log in quickly\n" +" enough (within 45 seconds of connecting.) You can\n" +" disable this by setting X11VNC_AVOID_WINDOWS=never.\n" +" You can also set it to the number of seconds to delay.\n" "\n" "-reflect host:N Instead of connecting to and polling an X display,\n" " connect to the remote VNC server host:N and be a\n" @@ -164,6 +186,21 @@ " shifts a root view to it: this shows SaveUnders menus,\n" " etc, although they will be clipped if they extend beyond\n" " the window.\n" +"\n" +"-appshare Simple application sharing based on the -id/-sid\n" +" mechanism. Every new toplevel window that the\n" +" application creates induces a new viewer window via\n" +" a reverse connection. The -id/-sid and -connect\n" +" options are required. Run 'x11vnc -appshare -help'\n" +" for more info.\n" +"\n" +#if 0 +"-freeze_when_obscured Probably only of use in -appshare mode: if the -id/-sid\n" +" window is partially or fully obscured by other windows,\n" +" stop checking for framebuffer updates. Mouse and\n" +" keyboard events are still processed and injected.\n" +"\n" +#endif "-clip WxH+X+Y Only show the sub-region of the full display that\n" " corresponds to the rectangle geometry with size WxH and\n" " offset +X+Y. The VNC display has size WxH (i.e. smaller\n" @@ -268,10 +305,10 @@ " an improvement over -flashcmap because it avoids the\n" " flashing and shows each window in the correct color.\n" "\n" -" This method appear to work, but may still have bugs\n" -" and it does hog resources. If there are multiple 8bpp\n" -" windows using different colormaps, one may have to\n" -" iconify all but one for the colors to be correct.\n" +" This method works OK, but may still have bugs and it\n" +" does hog resources. If there are multiple 8bpp windows\n" +" using different colormaps, one may have to iconify all\n" +" but one for the colors to be correct.\n" "\n" " There may be painting errors for clipping and switching\n" " between windows of depths 8 and 24. Heuristics are\n" @@ -335,8 +372,8 @@ " is needed for the latter, feel free to ask).\n" "\n" "-scale fraction Scale the framebuffer by factor \"fraction\". Values\n" -" less than 1 shrink the fb, larger ones expand it. Note:\n" -" image may not be sharp and response may be slower.\n" +" less than 1 shrink the fb, larger ones expand it. Note:\n" +" the image may not be sharp and response may be slower.\n" " If \"fraction\" contains a decimal point \".\" it\n" " is taken as a floating point number, alternatively\n" " the notation \"m/n\" may be used to denote fractions\n" @@ -413,6 +450,18 @@ "-timeout n Exit unless a client connects within the first n seconds\n" " after startup.\n" "\n" +" If there have been no connection attempts after n\n" +" seconds x11vnc exits immediately. If a client is\n" +" trying to connect but has not progressed to the normal\n" +" operating state, x11vnc gives it a few more seconds\n" +" to finish and exits if it does not make it to the\n" +" normal state.\n" +"\n" +" For reverse connections via -connect or -connect_or_exit\n" +" a timeout of n seconds will be set for all reverse\n" +" connects. If the connect timeout alarm goes off,\n" +" x11vnc will exit immediately.\n" +"\n" "-sleepin n At startup sleep n seconds before proceeding (e.g. to\n" " allow redirs and listening clients to start up)\n" "\n" @@ -507,7 +556,7 @@ " Repeater mode: Some services provide an intermediate\n" " \"vnc repeater\": http://www.uvnc.com/addons/repeater.html\n" " (and also http://koti.mbnet.fi/jtko/ for linux port)\n" -" that acts as a proxy / gateway. Modes like these require\n" +" that acts as a proxy/gateway. Modes like these require\n" " an initial string to be sent for the reverse connection\n" " before the VNC protocol is started. Here are the ways\n" " to do this:\n" @@ -616,6 +665,15 @@ " X11VNC_REMOTE channel, and this option disables/enables\n" " it as well. Default: %s\n" "\n" +" To use different names for these X11 properties (e.g. to\n" +" have separate communication channels for multiple\n" +" x11vnc's on the same display) set the VNC_CONNECT or\n" +" X11VNC_REMOTE env. vars. to the string you want, for\n" +" example: -env X11VNC_REMOTE=X11VNC_REMOTE_12345\n" +" Both sides of the channel must use the same unique name.\n" +" The same can be done for the internal X11VNC_TICKER\n" +" property (heartbeat and timestamp) if desired.\n" +"\n" "-allow host1[,host2..] Only allow client connections from hosts matching\n" " the comma separated list of hostnames or IP addresses.\n" " Can also be a numerical IP prefix, e.g. \"192.168.100.\"\n" @@ -781,19 +839,22 @@ " and last line be \"__BEGIN_VIEWONLY__\" to have 2\n" " full-access passwords)\n" "\n" +"-showrfbauth filename Print to the screen the obscured VNC password kept in\n" +" the rfbauth file \"filename\" and then exit.\n" +"\n" "-unixpw [list] Use Unix username and password authentication. x11vnc\n" -" uses the su(1) program to verify the user's password.\n" -" [list] is an optional comma separated list of allowed\n" -" Unix usernames. If the [list] string begins with the\n" -" character \"!\" then the entire list is taken as an\n" -" exclude list. See below for per-user options that can\n" -" be applied.\n" +" will use the su(1) program to verify the user's\n" +" password. [list] is an optional comma separated list\n" +" of allowed Unix usernames. If the [list] string begins\n" +" with the character \"!\" then the entire list is taken\n" +" as an exclude list. See below for per-user options\n" +" that can be applied.\n" "\n" " A familiar \"login:\" and \"Password:\" dialog is\n" " presented to the user on a black screen inside the\n" " vncviewer. The connection is dropped if the user fails\n" " to supply the correct password in 3 tries or does not\n" -" send one before a 25 second timeout. Existing clients\n" +" send one before a 45 second timeout. Existing clients\n" " are view-only during this period.\n" "\n" " If the first character received is \"Escape\" then the\n" @@ -803,8 +864,9 @@ "\n" " Since the detailed behavior of su(1) can vary from\n" " OS to OS and for local configurations, test the mode\n" -" carefully. x11vnc will attempt to be conservative and\n" -" reject a login if anything abnormal occurs.\n" +" before deployment to make sure it is working properly.\n" +" x11vnc will attempt to be conservative and reject a\n" +" login if anything abnormal occurs.\n" "\n" " One case to note: FreeBSD and the other BSD's by\n" " default it is impossible for the user running x11vnc to\n" @@ -837,7 +899,7 @@ " to come from the same machine x11vnc is running on\n" " (e.g. from a ssh -L port redirection). And that the\n" " -stunnel SSL mode be used for encryption over the\n" -" network.(see the description of -stunnel below).\n" +" network. (see the description of -stunnel below).\n" "\n" " Note: as a convenience, if you ssh(1) in and start\n" " x11vnc it will check if the environment variable\n" @@ -852,20 +914,24 @@ " environment variables before starting x11vnc:\n" "\n" " Set UNIXPW_DISABLE_SSL=1 to disable requiring either\n" -" -ssl or -stunnel. Evidently you will be using a\n" -" different method to encrypt the data between the\n" -" vncviewer and x11vnc: perhaps ssh(1) or an IPSEC VPN.\n" -"\n" -" Note that use of -localhost with ssh(1) is roughly\n" -" the same as requiring a Unix user login (since a Unix\n" -" password or the user's public key authentication is\n" -" used by sshd on the machine where x11vnc runs and only\n" -" local connections from that machine are accepted).\n" +" -ssl or -stunnel (as under SSH_CONNECTION.) Evidently\n" +" you will be using a different method to encrypt the\n" +" data between the vncviewer and x11vnc: perhaps ssh(1)\n" +" or an IPSEC VPN. -localhost is still enforced (however,\n" +" see the next paragraph.)\n" "\n" " Set UNIXPW_DISABLE_LOCALHOST=1 to disable the -localhost\n" -" requirement in Method 2). One should never do this\n" +" requirement in -unixpw modes. One should never do this\n" " (i.e. allow the Unix passwords to be sniffed on the\n" -" network).\n" +" network.) This also disables the localhost requirement\n" +" for reverse connections (see below.)\n" +"\n" +" Note that use of -localhost with ssh(1) (and no -unixpw)\n" +" is roughly the same as requiring a Unix user login\n" +" (since a Unix password or the user's public key\n" +" authentication is used by sshd on the machine where\n" +" x11vnc runs and only local connections from that machine\n" +" are accepted).\n" "\n" " Regarding reverse connections (e.g. -R connect:host\n" " and -connect host), when the -localhost constraint is\n" @@ -883,7 +949,7 @@ " in -inetd mode (thereby bypassing inetd). See the FAQ\n" " for details.\n" "\n" -" The user names in the comma separated [list] can have\n" +" The user names in the comma separated [list] may have\n" " per-user options after a \":\", e.g. \"fred:opts\"\n" " where \"opts\" is a \"+\" separated list of\n" " \"viewonly\", \"fullaccess\", \"input=XXXX\", or\n" @@ -891,13 +957,13 @@ " For \"input=\" it is the K,M,B,C described under -input.\n" "\n" " If an item in the list is \"*\" that means those\n" -" options apply to all users. It also means all users\n" +" options apply to all users. It ALSO implies all users\n" " are allowed to log in after supplying a valid password.\n" " Use \"deny\" to explicitly deny some users if you use\n" -" \"*\" to set a global option. If [list] begins with\n" -" the \"!\" character then \"*\" is ignored for checking\n" -" if the user is allowed, but the any value of options\n" -" associated with it does apply as normal.\n" +" \"*\" to set a global option. If [list] begins with the\n" +" \"!\" character then \"*\" is ignored for checking if\n" +" the user is allowed, but the option values associated\n" +" with it do apply as normal.\n" "\n" " There are also some utilities for testing password\n" " if [list] starts with the \"%%\" character. See the\n" @@ -922,32 +988,89 @@ "\n" " NIS is not required for this mode to work (only that\n" " getpwnam(3) return the encrypted password is required),\n" -" but it is unlikely it will work for any most modern\n" -" environments unless x11vnc is run as root to be able\n" -" to access /etc/shadow (note running as root is often\n" -" done when running x11vnc from inetd and xdm/gdm/kdm).\n" +" but it is unlikely it will work (as an ordinary user)\n" +" for most modern environments unless NIS is available.\n" +" On the other hand, when x11vnc is run as root it will\n" +" be able to to access /etc/shadow even if NIS is not\n" +" available (note running as root is often done when\n" +" running x11vnc from inetd and xdm/gdm/kdm).\n" "\n" " Looked at another way, if you do not want to use the\n" -" su(1) method provided by -unixpw, you can run x11vnc\n" -" as root and use -unixpw_nis. Any users with passwords\n" -" in /etc/shadow can then be authenticated. You may want\n" -" to use -users unixpw= to switch the process user after\n" -" the user logs in.\n" +" su(1) method provided by -unixpw (i.e. su_verify()), you\n" +" can run x11vnc as root and use -unixpw_nis. Any users\n" +" with passwords in /etc/shadow can then be authenticated.\n" +"\n" +" In -unixpw_nis mode, under no circumstances is x11vnc's\n" +" user password verifying function based on su called\n" +" (i.e. the function su_verify() that runs /bin/su\n" +" in a pseudoterminal to verify passwords.) However,\n" +" if -unixpw_nis is used in conjunction with the -find\n" +" and -create -display WAIT:... modes then, if x11vnc is\n" +" running as root, /bin/su may be called externally to\n" +" run the find or create commands.\n" "\n" "-unixpw_cmd cmd As -unixpw above, however do not use su(1) but rather\n" " run the externally supplied command \"cmd\". The first\n" -" line of its stdin will the username and the second line\n" -" the received password. If the command exits with status\n" -" 0 (success) the VNC client will be accepted. It will be\n" -" rejected for any other return status.\n" -"\n" -" Dynamic passwords and non-unix passwords can be\n" -" implemented this way by providing your own custom helper\n" -" program. Note that under unixpw mode the remote viewer\n" -" is given 3 tries to enter the correct password.\n" -"\n" -" If a list of allowed users is needed use -unixpw [list]\n" -" in addition to this option.\n" +" line of its stdin will be the username and the second\n" +" line the received password. If the command exits\n" +" with status 0 (success) the VNC user will be accepted.\n" +" It will be rejected for any other return status.\n" +"\n" +" Dynamic passwords and non-unix passwords, e.g. LDAP,\n" +" can be implemented this way by providing your own custom\n" +" helper program. Note that the remote viewer is given 3\n" +" tries to enter the correct password, and so the program\n" +" may be called in a row that many (or more) times.\n" +"\n" +" If a list of allowed users is needed to limit who can\n" +" log in, use -unixpw [list] in addition to this option.\n" +"\n" +" In FINDDISPLAY and FINDCREATEDISPLAY modes the \"cmd\"\n" +" will also be run with the RFB_UNIXPW_CMD_RUN env. var.\n" +" non-empty and set to the corresponding display\n" +" find/create command. The first two lines of input are\n" +" the username and passwd as in the normal case described\n" +" above. To support FINDDISPLAY and FINDCREATEDISPLAY,\n" +" \"cmd\" should run the requested command as the user\n" +" (and most likely refusing to run it if the password is\n" +" not correct.) Here is an example script (note it has\n" +" a hardwired bogus password \"abc\"!)\n" +"\n" +" #!/bin/sh\n" +" # Example x11vnc -unixpw_cmd script.\n" +" # Read the first two lines of stdin (user and passwd)\n" +" read user\n" +" read pass\n" +" \n" +" debug=0\n" +" if [ $debug = 1 ]; then\n" +" echo \"user: $user\" 1>&2\n" +" echo \"pass: $pass\" 1>&2\n" +" env | egrep -i 'rfb|vnc' 1>&2\n" +" fi\n" +" \n" +" # Check if the password is valid.\n" +" # (A real example would use ldap lookup, etc!)\n" +" if [ \"X$pass\" != \"Xabc\" ]; then\n" +" exit 1 # incorrect password\n" +" fi\n" +" \n" +" if [ \"X$RFB_UNIXPW_CMD_RUN\" = \"X\" ]; then\n" +" exit 0 # correct password\n" +" else\n" +" # Run the requested command (finddisplay)\n" +" if [ $debug = 1 ]; then\n" +" echo \"run: $RFB_UNIXPW_CMD_RUN\" 1>&2\n" +" fi\n" +" exec /bin/su - \"$user\" -c \"$RFB_UNIXPW_CMD_RUN\"\n" +" fi\n" +"\n" +" In -unixpw_cmd mode, under no circumstances is x11vnc's\n" +" user password verifying function based on su called\n" +" (i.e. the function su_verify() that runs /bin/su in a\n" +" pseudoterminal to verify passwords.) It is up to the\n" +" supplied unixpw_cmd to do user switching if desired\n" +" and if it has the permissions to do so.\n" "\n" "-find Find the user's display using FINDDISPLAY. This is an\n" " alias for \"-display WAIT:cmd=FINDDISPLAY\".\n" @@ -964,6 +1087,25 @@ " (i.e. all the X displays on the local machine that you\n" " have access rights to).\n" "\n" +"-findauth [disp] Apply the -find/-finddpy heuristics to try to guess\n" +" the XAUTHORITY file for DISPLAY 'disp'. If 'disp'\n" +" is not supplied, then the value in the -display on\n" +" the cmdline is used; failing that $DISPLAY is used;\n" +" and failing that \":0\" is used.\n" +"\n" +" If nothing is printed out, that means no XAUTHORITY was\n" +" found for 'disp'; i.e. failure. If \"XAUTHORITY=\"\n" +" is printed out, that means use the default (i.e. do\n" +" not set XAUTHORITY). If \"XAUTHORITY=/path/to/file\"\n" +" is printed out, then use that file.\n" +"\n" +" XDM/GDM/KDM: if you are running x11vnc as root and want\n" +" to find the XAUTHORITY before anyone has logged into an\n" +" X session yet, use: x11vnc -env FD_XDM=1 -findauth ...\n" +" (This will also find the XAUTHORITY if a user is already\n" +" logged into the X session.) When running as root,\n" +" FD_XDM=1 will be tried if the initial -findauth fails.\n" +"\n" "-create First try to find the user's display using FINDDISPLAY,\n" " if that doesn't succeed create an X session via the\n" " FINDCREATEDISPLAY method. This is an alias for\n" @@ -994,6 +1136,10 @@ " under -display WAIT:... for more details about XDM,\n" " etc configuration.\n" "\n" +" Remember to enable XDMCP in the xdm-config, gdm.conf,\n" +" or kdmrc configuration file. See -display WAIT: for\n" +" more info.\n" +"\n" "-sshxdmsvc Display manager Terminal services mode based on SSH.\n" " Alias for -display WAIT:cmd=FINDCREATEDISPLAY-Xvfb.xdmcp\n" " -localhost.\n" @@ -1006,6 +1152,52 @@ " under -display WAIT:... for more details about XDM,\n" " etc configuration.\n" "\n" +" Remember to enable XDMCP in the xdm-config, gdm.conf,\n" +" or kdmrc configuration file. See -display WAIT: for\n" +" more info.\n" +"\n" +"-unixpw_system_greeter Present a \"Press 'Escape' for System Greeter\" option\n" +" to the connecting VNC client in combined -unixpw\n" +" and xdmcp FINDCREATEDISPLAY modes (e.g. -xdmsvc).\n" +"\n" +" Normally in a -unixpw mode the VNC client must\n" +" supply a valid username and password to gain access.\n" +" However, if -unixpw_system_greeter is supplied AND\n" +" the FINDCREATEDISPLAY command matches 'xdmcp', then\n" +" the user has the option to press Escape and then get a\n" +" XDM/GDM/KDM login/greeter panel instead. They will then\n" +" supply a username and password directly to the greeter.\n" +"\n" +" Otherwise, in xdmcp FINDCREATEDISPLAY mode the user\n" +" must supply his username and password TWICE. First to\n" +" the initial unixpw login dialog, and second to the\n" +" subsequent XDM/GDM/KDM greeter. Note that if the user\n" +" re-connects and supplies his username and password in\n" +" the unixpw dialog the xdmcp greeter is skipped and\n" +" he is connected directly to his existing X session.\n" +" So the -unixpw_system_greeter option avoids the extra\n" +" password at X session creation time.\n" +"\n" +" Example: x11vnc -xdmsvc -unixpw_system_greeter\n" +" See -unixpw and -display WAIT:... for more info.\n" +"\n" +" The special options after a colon at the end of the\n" +" username (e.g. user:solid) described under -display\n" +" WAIT: are also applied in this mode if they are typed\n" +" in before the user hits Escape. The username is ignored\n" +" but the colon options are not.\n" +"\n" +" The default message is 2 lines in a small font, set\n" +" the env. var. X11VNC_SYSTEM_GREETER1=true for a 1 line\n" +" message in a larger font.\n" +"\n" +" If the user pressed Escape the FINDCREATEDISPLAY command\n" +" will be run with the env. var. X11VNC_XDM_ONLY=1.\n" +"\n" +" Remember to enable XDMCP in the xdm-config, gdm.conf,\n" +" or kdmrc configuration file. See -display WAIT: for\n" +" more info.\n" +"\n" "-redirect port As in FINDCREATEDISPLAY-Xvnc.redirect mode except\n" " redirect immediately (i.e. without X session finding\n" " or creation) to a VNC server listening on port. You\n" @@ -1064,19 +1256,26 @@ "\n" " xauth extract - $DISPLAY\"\n" "\n" -" In the case of -unixpw (but not -unixpw_nis), then the\n" -" cmd= command is run as the user who just authenticated\n" -" via the login and password prompt.\n" +" In the case of -unixpw (and -unixpw_nis only if x11vnc\n" +" is running as root), then the cmd= command is run\n" +" as the user who just authenticated via the login and\n" +" password prompt.\n" +"\n" +" In the case of -unixpw_cmd, the commands will also be\n" +" run as the logged-in user, as long as the user-supplied\n" +" helper program supports RFB_UNIXPW_CMD_RUN (see the\n" +" -unixpw_cmd option.)\n" "\n" " Also in the case of -unixpw, the user logging in can\n" " place a colon at the end of her username and supply\n" " a few options: scale=, scale_cursor= (or sc=), solid\n" -" (or so), id=, clear_mods (or cm), clear_keys (or ck),\n" -" repeat, speeds= (or sp=), readtimeout= (or rd=),\n" -" rotate= (or ro=), or noncache (or nc), all separated by\n" -" commas if there is more than one. After the user logs\n" -" in successfully, these options will be applied to the\n" -" VNC screen. For example,\n" +" (or so), id=, clear_mods (or cm), clear_keys (or\n" +" ck), clear_all (or ca), repeat, speeds= (or sp=),\n" +" readtimeout= (or rd=), viewonly (or vo), nodisplay=\n" +" (or nd=), rotate= (or ro=), or noncache (or nc),\n" +" all separated by commas if there is more than one.\n" +" After the user logs in successfully, these options will\n" +" be applied to the VNC screen. For example,\n" "\n" " login: fred:scale=3/4,sc=1,repeat\n" " Password: ...\n" @@ -1088,6 +1287,9 @@ " your long \"login:\" line press the Up arrow once\n" " (before typing anything else).\n" "\n" +" In the login panel, press F1 to get a list of the\n" +" available options that you can add after the username.\n" +"\n" " Another option is \"geom=WxH\" or \"geom=WxHxD\" (or\n" " ge=). This only has an effect in FINDCREATEDISPLAY\n" " mode when a virtual X server such as Xvfb is going\n" @@ -1099,6 +1301,12 @@ " (same as \"xterm\") to have the created display use\n" " that mode for the user session.\n" "\n" +" Specify \"tag=...\" to set the unique FD_TAG desktop\n" +" session tag described below. Note: this option will\n" +" be ignored if the FD_TAG env. var. is already set or\n" +" if the viewer-side supplied value is not completely\n" +" composed of alphanumeric or '_' or '-' characters.\n" +"\n" " To disable the option setting set the environment\n" " variable X11VNC_NO_UNIXPW_OPTS=1 before starting x11vnc.\n" " To set any other options, the user can use the gui\n" @@ -1144,6 +1352,12 @@ " for how to disable this for dtgreet on Solaris and\n" " possibly for other greeters.\n" "\n" +" In -find/cmd=FINDDISPLAY mode, if you set FD_XDM=1,\n" +" e.g. 'x11vnc -env FD_XDM=1 -find ...' and x11vnc is\n" +" running as root (e.g. inetd) then it will try to find\n" +" the XAUTHORITY file of a running XDM/GDM/KDM login\n" +" greeter (i.e. no user has logged into an X session yet.)\n" +"\n" " As another special case, WAIT:cmd=HTTPONCE will allow\n" " x11vnc to service one http request and then exit.\n" " This is usually done in -inetd mode to run on, say,\n" @@ -1162,7 +1376,9 @@ " ignore in the finding process. The \":\" is optional.\n" " Ranges n-m e.g. 0-20 can also be supplied. This string\n" " can also be set by the connecting user via \"nd=\"\n" -" using \"+\" instead of \",\"\n" +" using \"+\" instead of \",\" If \"nd=all\" or you set\n" +" X11VNC_SKIP_DISPLAY=all then all display finding fails\n" +" as if you set X11VNC_FINDDISPLAY_ALWAYS_FAILS=1 (below.)\n" "\n" " Automatic Creation of User X Sessions:\n" "\n" @@ -1178,8 +1394,8 @@ " It will start looking for an open display number at :20\n" " Override via X11VNC_CREATE_STARTING_DISPLAY_NUMBER=n\n" "\n" -" By default FINDCREATEDISPLAY will try Xdummy and then\n" -" Xvfb:\n" +" By default FINDCREATEDISPLAY will try Xvfb and then\n" +" Xdummy:\n" "\n" " The Xdummy wrapper is part of the x11vnc source code\n" " (x11vnc/misc/Xdummy) It should be available in PATH and\n" @@ -1218,6 +1434,8 @@ " If for some reason you do not want x11vnc to ever\n" " try to find an existing display set the env. var\n" " X11VNC_FINDDISPLAY_ALWAYS_FAILS=1 (also -env ...)\n" +" This is the same as setting X11VNC_SKIP_DISPLAY=all or\n" +" supplying \"nd=all\" after \"username:\"\n" "\n" " Use WAIT:cmd=FINDCREATEDISPLAY-print to print out the\n" " script that is used for this.\n" @@ -1246,12 +1464,15 @@ " be the full path to the session/windowmanager program.\n" "\n" " More FD tricks: FD_CUPS=port or FD_CUPS=host:port\n" -" will set the cups printing environment. Similarly\n" -" for FD_ESD=port or FD_ESD=host:port for esddsp sound\n" -" redirection. FD_XDUMMY_NOROOT means the Xdummy server\n" -" does not need to be started as root (e.g. it will sudo\n" -" automatically). Set FD_EXTRA to a command to be run\n" -" a few seconds after the X server starts up.\n" +" will set the cups printing environment. Similarly for\n" +" FD_ESD=port or FD_ESD=host:port for esddsp sound\n" +" redirection. FD_XDUMMY_NOROOT means the Xdummy\n" +" server does not need to be started as root (e.g. it\n" +" will sudo automatically). Set FD_EXTRA to a command\n" +" to be run a few seconds after the X server starts up.\n" +" Set FD_TAG to be a unique name for the session, it is\n" +" set as an X property, that makes FINDDISPLAY only find\n" +" sessions with that tag value.\n" "\n" " If you want the FINDCREATEDISPLAY session to contact an\n" " XDMCP login manager (xdm/gdm/kdm) on the same machine,\n" @@ -1331,8 +1552,9 @@ " Otherwise in -unixpw mode the normal login panel is\n" " provided.\n" "\n" -" You *MUST* supply the -ssl option for VeNCrypt to be\n" -" active. This option only fine-tunes its operation.\n" +" You *MUST* supply the -ssl option for VeNCrypt to\n" +" be active. The -vencrypt option only fine-tunes its\n" +" operation.\n" "\n" "-anontls mode The ANONTLS extension to the VNC protocol allows\n" " encrypted SSL/TLS connections. If the -ssl mode is\n" @@ -1367,8 +1589,9 @@ "\n" " Long example: -anontls newdh:plain:support\n" "\n" -" You *MUST* supply the -ssl option for ANONTLS to be\n" -" active. This option only fine-tunes its operation.\n" +" You *MUST* supply the -ssl option for ANONTLS to\n" +" be active. The -anontls option only fine-tunes its\n" +" operation.\n" "\n" "-sslonly Same as: \"-vencrypt never -anontls never\" i.e. it\n" " disables the VeNCrypt and ANONTLS encryption methods\n" @@ -1392,16 +1615,17 @@ "\n" "-ssl [pem] Use the openssl library (www.openssl.org) to provide a\n" " built-in encrypted SSL/TLS tunnel between VNC viewers\n" -" and x11vnc. This requires libssl support to be compiled\n" -" into x11vnc at build time. If x11vnc is not built\n" -" with libssl support it will exit immediately when -ssl\n" -" is prescribed.\n" +" and x11vnc. This requires libssl support to be\n" +" compiled into x11vnc at build time. If x11vnc is not\n" +" built with libssl support it will exit immediately when\n" +" -ssl is prescribed. See the -stunnel option below for\n" +" an alternative.\n" "\n" " The VNC Viewer-side needs to support SSL/TLS as well.\n" " See this URL and also the discussion below for\n" " ideas on how to enable SSL support for the viewer:\n" " http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tun\n" -" nel-viewers x11vnc provides an SSL enabled Java\n" +" nel-viewers . x11vnc provides an SSL enabled Java\n" " viewer applet in the classes/ssl directory (-http or\n" " -httpdir options.) The SSVNC viewer package supports\n" " SSL tunnels too.\n" @@ -1486,11 +1710,16 @@ " Thus only passive network sniffing attacks are avoided:\n" " the \"ANON\" method is susceptible to Man-In-The-Middle\n" " attacks. \"ANON\" is not recommended; instead use\n" -" a SSL PEM you created or the defaut \"SAVE\" method.\n" +" a SSL PEM you created or the default \"SAVE\" method.\n" "\n" " See -ssldir below to use a directory besides the\n" " default ~/.vnc/certs\n" "\n" +" If your x11vnc binary was not compiled with OpenSSL\n" +" library support, use of the -ssl option will induce an\n" +" immediate failure and exit. For such binaries, consider\n" +" using the -stunnel option for SSL encrypted connections.\n" +"\n" " Misc Info: In temporary cert creation mode \"TMP\", set\n" " the env. var. X11VNC_SHOW_TMP_PEM=1 to have x11vnc print\n" " out the entire certificate, including the PRIVATE KEY\n" @@ -1504,7 +1733,7 @@ " Set to zero to poll forever. Set to a negative value\n" " to use the builtin setting.\n" "\n" -" Note that this value does not apply to the *initial* ssl\n" +" Note that this value does NOT apply to the *initial* ssl\n" " init connection. The default timeout for that is 20sec.\n" " Use -env SSL_INIT_TIMEOUT=n to modify it.\n" "\n" @@ -1593,7 +1822,7 @@ "\n" "\n" " NOTE: the following utilities, -sslGenCA, -sslGenCert,\n" -" -sslEncKey, and -sslCertInfo are provided for\n" +" -sslEncKey, -sslCertInfo, and -sslCRL are provided for\n" " completeness, but for casual usage they are overkill.\n" "\n" " They provide VNC Certificate Authority (CA) key creation\n" @@ -1644,8 +1873,9 @@ " the ss_vncviewer example script in the FAQ and SSVNC.)\n" "\n" "-sslCRL path Set the Certificate Revocation Lists (CRL) to \"path\".\n" +" This setting applies for both -ssl and -stunnel modes.\n" "\n" -" If path is a file, the file contains one more more CRLs\n" +" If path is a file, the file contains one or more CRLs\n" " in PEM format. If path is a directory, it contains\n" " hash named files of CRLs in the usual OpenSSL manner.\n" " See the OpenSSL and stunnel(8) documentation for\n" @@ -1657,6 +1887,10 @@ " The -sslCRL setting will be ignored when -sslverify is\n" " not specified.\n" "\n" +" Note that if a CRL's expiration date has passed, all\n" +" SSL connections will fail regardless of if they are\n" +" related to the subject of the CRL or not.\n" +"\n" " Only rarely will one's x11vnc -ssl infrastructure be so\n" " large that this option would be useful (since normally\n" " maintaining the contents of the -sslverify file or\n" @@ -1768,11 +2002,13 @@ "\n" " Similar to -sslGenCA, you will be prompted to fill\n" " in some information that will be recorded in the\n" -" certificate when it is created. Tip: if you know\n" -" the fully-qualified hostname other people will be\n" -" connecting to you can use that as the CommonName \"CN\"\n" -" to avoid some applications (e.g. web browsers and java\n" -" plugin) complaining it does not match the hostname.\n" +" certificate when it is created.\n" +"\n" +" Tip: if you know the fully-qualified hostname other\n" +" people will be connecting to, you can use that as the\n" +" CommonName \"CN\" to avoid some applications (e.g. web\n" +" browsers and java plugin) complaining that it does not\n" +" match the hostname.\n" "\n" " You will also need to supply the CA private key\n" " passphrase to unlock the private key created from\n" @@ -1796,14 +2032,14 @@ " the cert and private key. The .crt contains the\n" " certificate only.\n" "\n" -" NOTE: It is very important to know one should always\n" +" NOTE: It is very important to know one should\n" " generate new keys with a passphrase. Otherwise if an\n" " untrusted user steals the key file he could use it to\n" " masquerade as the x11vnc server (or VNC viewer client).\n" " You will be prompted whether to encrypt the key with\n" " a passphrase or not. It is recommended that you do.\n" " One inconvenience to a passphrase is that it must\n" -" be suppled every time x11vnc or the client app is\n" +" be typed in EVERY time x11vnc or the client app is\n" " started up.\n" "\n" " Examples:\n" @@ -1900,16 +2136,30 @@ "\n" " This external tunnel method was implemented prior to the\n" " integrated -ssl encryption described above. It still\n" -" works well. This requires stunnel to be installed\n" -" on the system and available via PATH (n.b. stunnel is\n" -" often installed in sbin directories). Version 4.x of\n" -" stunnel is assumed (but see -stunnel3 below.)\n" +" works well and avoids the requirement of linking with\n" +" the OpenSSL libraries. This mode requires stunnel\n" +" to be installed on the system and available via PATH\n" +" (n.b. stunnel is often installed in sbin directories).\n" +" Version 4.x of stunnel is assumed (but see -stunnel3\n" +" below.)\n" "\n" " [pem] is optional, use \"-stunnel /path/to/stunnel.pem\"\n" " to specify a PEM certificate file to pass to stunnel.\n" -" Whether one is needed or not depends on your stunnel\n" -" configuration. stunnel often generates one at install\n" -" time. See the stunnel documentation for details.\n" +" See the -ssl option for more info on certificate files.\n" +"\n" +" Whether or not your stunnel has its own certificate\n" +" depends on your stunnel configuration; stunnel often\n" +" generates one at install time. See your stunnel\n" +" documentation for details. In any event, if you want to\n" +" use this certificate you must supply the full path to it\n" +" as [pem]. Note: the file may only be readable by root.\n" +"\n" +" [pem] may also be the special strings \"TMP\", \"SAVE\",\n" +" and \"SAVE...\" as described in the -ssl option.\n" +" If [pem] is not supplied, \"SAVE\" is assumed.\n" +"\n" +" Note that the VeNCrypt, ANONTLS, and \"ANON\" modes\n" +" are not supported in -stunnel mode.\n" "\n" " stunnel is started up as a child process of x11vnc and\n" " any SSL connections stunnel receives are decrypted and\n" @@ -1917,22 +2167,37 @@ " \"The SSL VNC desktop is ...\" and \"SSLPORT=...\"\n" " are printed out at startup to indicate this.\n" "\n" -" The -localhost option is enforced by default\n" -" to avoid people routing around the SSL channel.\n" -" Set STUNNEL_DISABLE_LOCALHOST=1 before starting x11vnc\n" -" to disable the requirement.\n" -"\n" -" Your VNC viewer will also need to be able to connect via\n" -" SSL. Unfortunately not too many do this. UltraVNC has\n" -" an encryption plugin but it does not seem to be SSL.\n" -"\n" -" Also, in the x11vnc distribution, a patched TightVNC\n" -" Java applet is provided in classes/ssl that does SSL\n" -" connections (only).\n" -"\n" -" It is also not too difficult to set up an stunnel or\n" -" other SSL tunnel on the viewer side. A simple example\n" -" on Unix using stunnel 3.x is:\n" +" The -localhost option is enforced by default to avoid\n" +" people routing around the SSL channel. Use -env\n" +" STUNNEL_DISABLE_LOCALHOST=1 to disable this security\n" +" requirement.\n" +"\n" +" Set -env STUNNEL_DEBUG=1 for more debugging printout.\n" +"\n" +" Your VNC viewer will also need to be able to connect\n" +" via SSL. Unfortunately not too many do this. See the\n" +" information about SSL viewers under the -ssl option.\n" +"\n" +" Also, in the x11vnc distribution, patched TightVNC\n" +" and UltraVNC Java applet jar files are provided in\n" +" the classes/ssl directory that do SSL connections.\n" +" Enable serving them with the -http, -http_ssl, -https,\n" +" or -httpdir (see the option descriptions for more info.)\n" +"\n" +" Note that for the Java viewer applet usage the\n" +" \"?PORT=xxxx\" in the various URLs printed at startup\n" +" will need to be supplied to the web browser to connect\n" +" properly.\n" +"\n" +" Currently the automatic \"single port\" HTTPS mode of\n" +" -ssl is not fully supported in -stunnel mode. However,\n" +" it can be emulated via:\n" +"\n" +" %% x11vnc -stunnel -http_ssl -http_oneport ...\n" +"\n" +" In general, it is also not too difficult to set up\n" +" an stunnel or other SSL tunnel on the viewer side.\n" +" A simple example on Unix using stunnel 3.x is:\n" "\n" " %% stunnel -c -d localhost:5901 -r remotehost:5900\n" " %% vncviewer localhost:1\n" @@ -1942,7 +2207,8 @@ " and SSVNC for more examples.\n" "\n" "-stunnel3 [pem] Use version 3.x stunnel command line syntax instead of\n" -" version 4.x\n" +" version 4.x. The -http/-httpdir Java applet serving\n" +" is currently not available in this mode.\n" "\n" "-enc cipher:keyfile Use symmetric encryption with cipher \"cipher\"\n" " and secret key data in \"keyfile\". If keyfile is\n" @@ -1961,7 +2227,7 @@ " Note that this mode will NOT work with the UltraVNC DSM\n" " plugins because they alter the RFB protocol in addition\n" " to tunnelling with the symmetric cipher (an unfortunate\n" -" choice of implementation).\n" +" choice of implementation...)\n" "\n" " cipher can be one of: arc4, aesv2, aes-cfb, blowfish,\n" " aes256, or 3des. See the OpenSSL documentation for\n" @@ -2034,9 +2300,9 @@ " For both ways of using the viewer, you can specify the\n" " salt,ivec sizes (in GUI or, e.g. arc4@8,16).\n" "\n" -"-https [port] Use a special, separate HTTPS port (-ssl mode only)\n" -" for HTTPS Java viewer applet downloading. I.e. not 5900\n" -" and not 5800 (the defaults.)\n" +"-https [port] Use a special, separate HTTPS port (-ssl and\n" +" -stunnel modes only) for HTTPS Java viewer applet\n" +" downloading. I.e. not 5900 and not 5800 (the defaults.)\n" "\n" " BACKGROUND: In -ssl mode, it turns out you can use the\n" " single VNC port (e.g. 5900) for both VNC and HTTPS\n" @@ -2056,6 +2322,8 @@ " or VNC Viewer applet. That's right 3 separate \"Are\n" " you sure you want to connect?\" dialogs!)\n" "\n" +" END OF BACKGROUND.\n" +"\n" " USAGE: So use the -https option to provide a separate,\n" " more reliable HTTPS port that x11vnc will listen on. If\n" " [port] is not provided (or is 0), one is autoselected.\n" @@ -2089,7 +2357,23 @@ " to include the PORT= in the browser URL, simply supply\n" " \"-httpsredir\" to x11vnc.\n" "\n" -"-http_oneport For un-encrypted connections mode (i.e. no -ssl,\n" +" This option does not work in -stunnel mode.\n" +"\n" +" More tricks: set the env var X11VNC_EXTRA_HTTPS_PARAMS\n" +" to be extra URL parameters to use. This way you do\n" +" not need to specify extra PARAMS in the index.vnc file.\n" +" E.g. x11vnc -env X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' ...\n" +"\n" +" If you do not want to expose the non-SSL HTTP port to\n" +" the network (i.e. you just want the single VNC/HTTPS\n" +" port, e.g. 5900, open for connections) then specify the\n" +" option -env X11VNC_HTTP_LISTEN_LOCALHOST=1 This way\n" +" the connection to the libvncserver httpd server will\n" +" only be available on localhost (note that in -ssl mode,\n" +" HTTPS requests are redirected from SSL to the non-SSL\n" +" libvncserver HTTP server.)\n" +"\n" +"-http_oneport For UN-encrypted connections mode (i.e. no -ssl,\n" " -stunnel, or -enc options), allow the Java VNC Viewer\n" " applet to be downloaded thru the VNC port via HTTP.\n" "\n" @@ -2119,6 +2403,10 @@ " mode when using an SSH tunnel as well as for router\n" " port redirections.\n" "\n" +" Note that the -env X11VNC_HTTP_LISTEN_LOCALHOST=1\n" +" option described above under -httpsredir applies for\n" +" the libvncserver httpd server in all cases (ssl or not.)\n" +"\n" "-ssh user@host:disp Create a remote listening port on machine \"host\"\n" " via a SSH tunnel using the -R rport:localhost:lport\n" " method. lport will be the local x11vnc listening port,\n" @@ -2406,15 +2694,20 @@ " e.g. \"darkblue\" or numerical \"#RRGGBB\").\n" "\n" " Currently this option only works on GNOME, KDE, CDE,\n" -" and classic X (i.e. with the background image on the\n" -" root window). The \"gconftool-2\" and \"dcop\" external\n" -" commands are run for GNOME and KDE respectively.\n" -" Other desktops won't work, e.g. Xfce (send us the\n" -" corresponding commands if you find them). If x11vnc is\n" -" running as root (inetd(8) or gdm(1)), the -users option\n" -" may be needed for GNOME and KDE. If x11vnc guesses\n" -" your desktop incorrectly, you can force it by prefixing\n" -" color with \"gnome:\", \"kde:\", \"cde:\" or \"root:\".\n" +" XFCE, and classic X (i.e. with the background image\n" +" on the root window). The \"gconftool-2\", \"dcop\"\n" +" and \"xfconf-query\" external commands are run for\n" +" GNOME, KDE, and XFCE respectively. This also works\n" +" on native MacOSX. (There is no color selection for\n" +" MacOSX or XFCE.) Other desktops won't work, (send\n" +" us the corresponding commands if you find them).\n" +" If x11vnc is running as root (inetd(8) or gdm(1)),\n" +" the -users option may be needed for GNOME, KDE, XFCE.\n" +" If x11vnc guesses your desktop incorrectly, you can\n" +" force it by prefixing color with \"gnome:\", \"kde:\",\n" +" \"cde:\", \"xfce:\", or \"root:\".\n" +"\n" +" Update: -solid no longer works on KDE4.\n" "\n" " This mode works in a limited way on the Mac OS X Console\n" " with one color ('kelp') using the screensaver writing\n" @@ -2561,7 +2854,13 @@ " \"debug crash shell\" when fatal errors are trapped.\n" "\n" "-q, -quiet Be quiet by printing less informational output to\n" -" stderr.\n" +" stderr. (use -noquiet to undo an earlier -quiet.)\n" +"\n" +" The -quiet option does not eliminate all informational\n" +" output, it only reduces it. It is ignored in most\n" +" auxiliary usage modes, e.g. -storepasswd. To eliminate\n" +" all output use: 2>/dev/null 1>&2, etc.\n" +"\n" "-v, -verbose Print out more information to stderr.\n" "\n" "-bg Go into the background after screen setup. Messages to\n" @@ -2867,6 +3166,15 @@ "\n" "-noxfixes Do not use the XFIXES extension to draw the exact cursor\n" " shape even if it is available.\n" +"\n" +" Note: To work around a crash in Xorg 1.5 and later\n" +" some people needed to use -noxfixes. The Xorg crash\n" +" occurred right after a Display Manager (e.g. GDM) login.\n" +" Starting with x11vnc 0.9.9 it tries to automatically\n" +" avoid using XFIXES until it is sure a window manager\n" +" is running. See the -reopen option for more info and\n" +" how to use X11VNC_AVOID_WINDOWS=never to disable it.\n" +"\n" "-alphacut n When using the XFIXES extension for the cursor shape,\n" " cursors with transparency will not usually be displayed\n" " exactly (but opaque ones will). This option sets n as\n" @@ -2937,6 +3245,12 @@ " -buttonmap currently does not work on MacOSX console\n" " or in -rawfb mode.\n" "\n" +" Workaround: use -buttonmap IJ...-LM...=n to limit the\n" +" number of mouse buttons to n, e.g. 123-123=3. This will\n" +" prevent x11vnc from crashing if the X server reports\n" +" there are 5 buttons (4/5 scroll wheel), but there are\n" +" only really 3.\n" +"\n" "-nodragging Do not update the display during mouse dragging events\n" " (mouse button held down). Greatly improves response on\n" " slow setups, but you lose all visual feedback for drags,\n" @@ -2948,7 +3262,7 @@ " (an integer) times that of the full display is allocated\n" " below the actual framebuffer to cache screen contents\n" " for rapid retrieval. So a W x H frambuffer is expanded\n" -" to a W x (n+1)*H one. Use 0 to disable. Default: XXX.\n" +" to a W x (n+1)*H one. Use 0 to disable.\n" "\n" " The \"n\" is actually optional, the default is 10.\n" "\n" @@ -2956,13 +3270,17 @@ " abbreviate \"-ncache\" with \"-nc\". Also, \"-nonc\"\n" " is the same as \"-ncache 0\"\n" "\n" -" This is an experimental option, currently implemented\n" -" in an awkward way in that in the VNC Viewer you can\n" -" see the cache contents if you scroll down, etc. So you\n" +" This is an experimental option, currently implemented in\n" +" an awkward way in that in the VNC Viewer you can see the\n" +" pixel cache contents if you scroll down, etc. So you\n" " will have to set things up so you can't see that region.\n" " If this method is successful, the changes required for\n" " clients to do this less awkwardly will be investigated.\n" "\n" +" The SSVNC viewer does a good job at automatically hiding\n" +" the pixel cache region. Or use SSVNC's -ycrop option\n" +" to explicitly hide the region.\n" +"\n" " Note that this mode consumes a huge amount of memory,\n" " both on the x11vnc server side and on the VNC Viewer\n" " side. If n=2 then the amount of RAM used is roughly\n" @@ -3473,10 +3791,21 @@ " Same as -dp and -dk, respectively. Use multiple\n" " times for more output.\n" "\n" -"-defer time Time in ms to wait for updates before sending to client\n" +"-defer time Time in ms to delay sending updates to connected clients\n" " (deferUpdateTime) Default: %d\n" +"\n" "-wait time Time in ms to pause between screen polls. Used to cut\n" " down on load. Default: %d\n" +"\n" +"-extra_fbur n Perform extra FrameBufferUpdateRequests checks to\n" +" try to be in better sync with the client's requests.\n" +" What this does is perform extra polls of the client\n" +" socket at critical times (before '-defer' and '-wait'\n" +" calls.) The default is n=1. Set to a larger number to\n" +" insert more checks or set to n=0 to disable. A downside\n" +" of these extra calls is that more mouse input may be\n" +" processed than desired.\n" +"\n" "-wait_ui factor Factor by which to cut the -wait time if there\n" " has been recent user input (pointer or keyboard).\n" " Improves response, but increases the load whenever you\n" @@ -3658,10 +3987,7 @@ " for output) are created to handle each new client.\n" " Default: %s.\n" "\n" -" NOTE: The -threads mode may be disabled due to its\n" -" unstable behavior. If it is disabled, a warning is\n" -" printed out. Stability has been improved in version\n" -" 0.9.8 and so the feature has been re-enabled.\n" +" Thread stability is much improved in version 0.9.8.\n" "\n" " Multiple clients in threaded mode should be stable\n" " for the ZRLE encoding on all platforms. The Tight and\n" @@ -3669,9 +3995,14 @@ " multiple clients. Compile with -DTLS=__thread if your\n" " OS and compiler and linker support it.\n" "\n" +" For resizes (randr, etc.) set this env. var. to the number\n" +" of milliseconds to sleep: X11VNC_THREADS_NEW_FB_SLEEP\n" +" at various places in the do_new_fb() action. This is to\n" +" let various activities settle. Default is about 500ms.\n" +"\n" " Multiple clients in threaded mode could yield better\n" -" performance for 'class-room' broadcasting usage.\n" -" See also the -reflect option.\n" +" performance for 'class-room' broadcasting usage; also in\n" +" -appshare broadcast mode. See also the -reflect option.\n" "\n" "-fs f If the fraction of changed tiles in a poll is greater\n" " than f, the whole screen is updated. Default: %.2f\n" @@ -4286,6 +4617,28 @@ " x11vnc server as long as X permissions, etc. permit\n" " communication between the two.\n" "\n" +" FONTS: On some systems the tk fonts can be too small,\n" +" jagged, or otherwise unreadable. There are 4 env vars\n" +" you can set to be the tk font you prefer:\n" +"\n" +" X11VNC_FONT_BOLD main font for menus and buttons.\n" +" X11VNC_FONT_FIXED font for fixed width text.\n" +"\n" +" X11VNC_FONT_BOLD_SMALL tray icon font.\n" +" X11VNC_FONT_REG_SMALL tray icon menu font.\n" +"\n" +" The last two only apply for the tray icon mode.\n" +"\n" +" Here are some examples:\n" +"\n" +" -env X11VNC_FONT_BOLD='Helvetica -16 bold'\n" +" -env X11VNC_FONT_FIXED='Courier -14'\n" +" -env X11VNC_FONT_REG_SMALL='Helvetica -12'\n" +"\n" +" You can put the lines like the above (without the\n" +" quotes) in your ~/.x11vncrc file to avoid having to\n" +" specify them on the x11vnc command line.\n" +"\n" "-remote command Remotely control some aspects of an already running\n" " x11vnc server. \"-R\" and \"-r\" are aliases for\n" " \"-remote\". After the remote control command is\n" @@ -4309,12 +4662,33 @@ " 'x11vnc -R shared' will enable shared connections, and\n" " 'x11vnc -R scale:3/4' will rescale the desktop.\n" "\n" +" To use a different name for the X11 property (e.g. to\n" +" have separate communication channels for multiple\n" +" x11vnc's on the same display) set the X11VNC_REMOTE\n" +" environment variable to the string you want, for\n" +" example: -env X11VNC_REMOTE=X11VNC_REMOTE_12345\n" +" Both sides of the channel must use the same unique name.\n" +"\n" +" To run a bunch of commands in a sequence use something\n" +" like: x11vnc -R 'script:firstcmd;secondcmd;...'\n" +"\n" +" Use x11vnc -R script:file=/path/to/file to read commands\n" +" from a file (can be multi-line and use the comment '#'\n" +" character in the normal way. The ';' separator must\n" +" still be used to separate each command.)\n" +"\n" +" To not try to contact another x11vnc process and instead\n" +" just run the command (or query) directly, prefix the\n" +" command with the string \"DIRECT:\"\n" +"\n" " The following -remote/-R commands are supported:\n" "\n" " stop terminate the server, same as \"quit\"\n" " \"exit\" or \"shutdown\".\n" " ping see if the x11vnc server responds.\n" -" Return is: ans=ping:\n" +" return is: ans=ping:\n" +" ping:mystring as above, but use your own unique string.\n" +" return is: ans=ping:mystring:\n" " blacken try to push a black fb update to all\n" " clients (due to timings a client\n" " could miss it). Same as \"zero\", also\n" @@ -4325,6 +4699,12 @@ " id:windowid set -id window to \"windowid\". empty\n" " or \"root\" to go back to root window\n" " sid:windowid set -sid window to \"windowid\"\n" +" id_cmd:cmd cmds: raise, lower, map, unmap, iconify,\n" +" move:dXdY, resize:dWdH, geom:WxH+X+Y. dX\n" +" dY, dW, and dH must have a leading \"+\"\n" +" or \"-\" e.g.: move:-30+10 resize:+20+35\n" +" also: wm_delete, wm_name:string and\n" +" icon_name:string. Also id_cmd:win=N:cmd\n" " waitmapped wait until subwin is mapped.\n" " nowaitmapped do not wait until subwin is mapped.\n" " clip:WxH+X+Y set -clip mode to \"WxH+X+Y\"\n" @@ -4409,6 +4789,7 @@ " nograbptr disable -grabptr mode.\n" " grabalways enable -grabalways mode.\n" " nograbalways disable -grabalways mode.\n" +" grablocal:n set -grablocal to n.\n" " client_input:str set the K, M, B -input on a per-client\n" " basis. select which client as for\n" " disconnect, e.g. client_input:host:MB\n" @@ -4494,6 +4875,9 @@ " nosetclipboard enable -nosetclipboard mode.\n" " setclipboard disable -nosetclipboard mode.\n" " seldir:str set -seldir to \"str\"\n" +" resend_cutbuffer resend the most recent CUTBUFFER0 copy\n" +" resend_clipboard resend the most recent CLIPBOARD copy\n" +" resend_primary resend the most recent PRIMARY copy\n" " cursor:mode enable -cursor \"mode\".\n" " show_cursor enable showing a cursor.\n" " noshow_cursor disable showing a cursor. (same as\n" @@ -4566,8 +4950,26 @@ " nodebug_pointer disable -debug_pointer, same as \"nodp\"\n" " debug_keyboard enable -debug_keyboard, same as \"dk\"\n" " nodebug_keyboard disable -debug_keyboard, same as \"nodk\"\n" +" keycode:n inject keystroke 'keycode' (xmodmap -pk)\n" +" keycode:n,down inject 'keycode' (down=0,1)\n" +" keysym:str inject keystroke 'keysym' (number/name)\n" +" keysym:str,down inject 'keysym' (down=0,1)\n" +" ptr:x,y,mask inject pointer event x, y, button-mask\n" +" fakebuttonevent:button,down direct XTestFakeButtonEvent.\n" +" sleep:t sleep floating point time t.\n" +" get_xprop:p get X property named 'p'.\n" +" set_xprop:p:val set X property named 'p' to 'val'.\n" +" p -> id=NNN:p for hex/dec window id.\n" +" wininfo:id get info about X window id. use 'root'\n" +" for root window, use +id for children.\n" +" grab_state get state of pointer and keyboard grab.\n" +" pointer_pos print XQueryPointer x,y cursor position.\n" +" mouse_x print x11vnc's idea of cursor position.\n" +" mouse_y print x11vnc's idea of cursor position.\n" +" noop do nothing.\n" " defer:n set -defer to n ms,same as deferupdate:n\n" " wait:n set -wait to n ms.\n" +" extra_fbur:n set -extra_fbur to n.\n" " wait_ui:f set -wait_ui factor to f.\n" " setdefer:n set -setdefer to -2,-1,0,1, or 2.\n" " wait_bog disable -nowait_bog mode.\n" @@ -4606,6 +5008,7 @@ " nosnapfb disable -snapfb mode.\n" " rawfb:str set -rawfb mode to \"str\".\n" " uinput_accel:f set uinput_accel to f.\n" +" uinput_thresh:n set uinput_thresh to n.\n" " uinput_reset:n set uinput_reset to n ms.\n" " uinput_always:n set uinput_always to 1/0.\n" " progressive:n set libvncserver -progressive slice\n" @@ -4623,7 +5026,9 @@ " macresize disable -macnoresize mode.\n" " maciconanim:n set -maciconanim to n.\n" " macmenu enable -macmenu mode.\n" -" macnomenu disable -macnmenu mode.\n" +" macnomenu disable -macmenu mode.\n" +" macuskbd enable -macuskbd mode.\n" +" macnouskbd disable -macuskbd mode.\n" /* access */ " httpport:n set -httpport to n.\n" " httpdir:dir set -httpdir to dir (and enable http).\n" @@ -4660,6 +5065,100 @@ " noremote disable the -remote command processing,\n" " it cannot be turned back on.\n" "\n" +" bcx_xattach:str This remote control command is for\n" +" use with the BARCO xattach program or the x2x program.\n" +" Both of these programs are for 'pointer and keyboard'\n" +" sharing between separate X displays. In general the\n" +" two displays are usually nearby, e.g. on the same desk,\n" +" and this allows the user to share a single pointer and\n" +" keyboard between them. The user moves the mouse to\n" +" an edge and then the mouse pointer appears to 'jump'\n" +" to the other display screen. Thus it emulates what a\n" +" single X server would do for two screens (e.g. :0.0 and\n" +" :0.1) The illusion of a single Xserver with multiple\n" +" screens is achieved by forwarding events to the 2nd\n" +" one via the XTEST extension.\n" +"\n" +" What the x11vnc bcx_xattach command does is to perform\n" +" some pointer movements to try to INDUCE xattach/x2x\n" +" to 'jump' to the other display. In what follows the\n" +" 'master' display refers to the one that when it has\n" +" 'focus' it is basically doing nothing besides watching\n" +" for the mouse to go over an edge. The 'slave'\n" +" display refers to the one to which the mouse and\n" +" keyboard is redirected to once an edge in the master\n" +" has been crossed. Note that the x11vnc executing the\n" +" bcx_xattach command MUST be the one connected to the\n" +" *master* display.\n" +"\n" +" Also note that when input is being redirected (via\n" +" XTEST) from the master display to the slave display,\n" +" the master display's pointer and keyboard are *grabbed*\n" +" by xattach/x2x. x11vnc can use this info to verify that\n" +" the master/slave mode change has taken place correctly.\n" +" If you specify the \"ifneeded\" option (see below)\n" +" and the initial grab state is that of the desired\n" +" final state, then no pointer movements are injected\n" +" and \"DONE,GRAB_OK\" is returned.\n" +"\n" +" \"str\" must contain one of \"up\", \"down\", \"left\",\n" +" or \"right\" to indicate the direction of the 'jump'.\n" +" \"str\" must also contain one of \"master_to_slave\"\n" +" or \"slave_to_master\" to indicate the type of mode\n" +" change induced by the jump. Use \"M2S\" and \"S2M\"\n" +" as shorter aliases.\n" +"\n" +" \"str\" may be a \"+\" separated list of additional\n" +" tuning options. The \"shift=n\" option indicates an\n" +" offset shift position away from (0,0) (default 20).\n" +" \"final=x+y\" specifies the final position of the cursor\n" +" at the end of the normal move sequence; default 30+30.\n" +" \"extra_move=x+y\" means to do one more pointer move\n" +" after \"final\" to x+y. \"dt=n\" sets the sleep time\n" +" in milliseconds between pointer moves (default: 40ms)\n" +" \"retry=n\" specifies the maximum number of retries if\n" +" the grab state change fails. \"ifneeded\" means to not\n" +" apply the pointer movements if the initial grab state is\n" +" that of the desired final state. \"nograbcheck\" means\n" +" to not check if the grab state changed as expected and\n" +" only apply the pointer movements (default is to check\n" +" the grab states.)\n" +"\n" +" If you do not specify \"up\", etc., to bcx_xattach\n" +" nothing will be attempted and the command returns\n" +" the string FAIL,NO_DIRECTION_SPECIFIED. If you do\n" +" not specify \"master_to_slave\" or \"M2S\", etc., to\n" +" bcx_xattach nothing will be attempted and the command\n" +" returns the string FAIL,NO_MODE_CHANGE_SPECIFIED.\n" +"\n" +" Otherwise, the returned string will contain \"DONE\".\n" +" It will be \"DONE,GRAB_OK\" if the grab state changed\n" +" as expected (or if \"ifneeded\" was supplied and\n" +" the initial grab state was already the desired\n" +" one.) If the initial grab state was incorrect,\n" +" but the final grab state was correct then it is\n" +" \"DONE,GRAB_FAIL_INIT\". If the initial grab state\n" +" was correct, but the final grab state was incorrect\n" +" then it is \"DONE,GRAB_FAIL_FINAL\". If both are\n" +" incorrect it will be \"DONE,GRAB_FAIL\". Under grab\n" +" failure the string will be followed by \":p1,k1-p2,k2\"\n" +" where p1,k1 indicates the initial pointer and keyboard\n" +" grab states and p2,k2 the final ones. If GRAB_FAIL or\n" +" GRAB_FAIL_FINAL occurs, the action will be retried up\n" +" to 3 times; trying to reset the state and sleeping a\n" +" bit between each try. Set retry=n to adjust the number\n" +" of retries, zero to disable retries.\n" +"\n" +" Examples:\n" +" -R bcx_xattach:down+M2S\n" +" -R bcx_xattach:up+S2M\n" +" -R bcx_xattach:up+S2M+nograbcheck+dt=30\n" +" -R bcx_xattach:down+M2S+extra_move=100+100\n" +"\n" +" or use -Q instead of -R to retrieve the result text.\n" +"\n" +" End of the bcx_xattach:str description.\n" +"\n" " The vncconnect(1) command from standard VNC\n" " distributions may also be used if string is prefixed\n" " with \"cmd=\" E.g. 'vncconnect cmd=stop'. Under some\n" @@ -4688,8 +5187,9 @@ " query straight to the X11VNC_REMOTE property or connect\n" " file use \"qry=...\" instead of \"cmd=...\"\n" "\n" -" ans= stop quit exit shutdown ping blacken zero\n" -" refresh reset close disconnect id sid waitmapped\n" +" ans= stop quit exit shutdown ping resend_cutbuffer\n" +" resend_clipboard resend_primary blacken zero refresh\n" +" reset close disconnect id_cmd id sid waitmapped\n" " nowaitmapped clip flashcmap noflashcmap shiftcmap\n" " truecolor notruecolor overlay nooverlay overlay_cursor\n" " overlay_yescursor nooverlay_nocursor nooverlay_cursor\n" @@ -4699,7 +5199,7 @@ " once timeout tightfilexfer notightfilexfer ultrafilexfer\n" " noultrafilexfer rfbversion deny lock nodeny unlock\n" " avahi mdns zeroconf noavahi nomdns nozeroconf connect\n" -" proxy allowonce allow localhost nolocalhost listen\n" +" proxy allowonce allow localhost nolocalhost listen\n" " lookup nolookup accept afteraccept gone shm noshm\n" " flipbyteorder noflipbyteorder onetile noonetile\n" " solid_color solid nosolid blackout xinerama noxinerama\n" @@ -4709,10 +5209,10 @@ " sloppy_keys nosloppy_keys skip_dups noskip_dups\n" " add_keysyms noadd_keysyms clear_mods noclear_mods\n" " clear_keys noclear_keys clear_all clear_locks keystate\n" -" remap repeat norepeat fb nofb bell nobell sel nosel\n" -" primary noprimary setprimary nosetprimary clipboard\n" -" noclipboard setclipboard nosetclipboard seldir\n" -" cursorshape nocursorshape cursorpos nocursorpos\n" +" remap repeat norepeat fb nofb bell nobell sendbell\n" +" sel nosel primary noprimary setprimary nosetprimary\n" +" clipboard noclipboard setclipboard nosetclipboard\n" +" seldir cursorshape nocursorshape cursorpos nocursorpos\n" " cursor_drag nocursor_drag cursor show_cursor\n" " noshow_cursor nocursor arrow xfixes noxfixes xdamage\n" " noxdamage xd_area xd_mem alphacut alphafrac alpharemove\n" @@ -4728,16 +5228,18 @@ " nowireframe nowf wireframelocal wfl nowireframelocal\n" " nowfl wirecopyrect wcr nowirecopyrect nowcr scr_area\n" " scr_skip scr_inc scr_keys scr_term scr_keyrepeat\n" -" scr_parms scrollcopyrect scr noscrollcopyrect noscr\n" -" fixscreen noxrecord xrecord reset_record pointer_mode pm\n" -" input_skip allinput noallinput input grabkbd nograbkbd\n" -" grabptr nograbptr grabalways nograbalways grablocal\n" -" client_input ssltimeout speeds wmdt debug_pointer dp\n" -" nodebug_pointer nodp debug_keyboard dk nodebug_keyboard\n" -" nodk keycode deferupdate defer setdefer wait_ui\n" -" wait_bog nowait_bog slow_fb xrefresh wait readtimeout\n" -" nap nonap sb screen_blank fbpm nofbpm dpms nodpms\n" -" clientdpms noclientdpms forcedpms noforcedpms\n" +" scr_parms scrollcopyrect scr noscrollcopyrect\n" +" noscr fixscreen noxrecord xrecord reset_record\n" +" pointer_mode pm input_skip allinput noallinput input\n" +" grabkbd nograbkbd grabptr nograbptr grabalways\n" +" nograbalways grablocal client_input ssltimeout\n" +" speeds wmdt debug_pointer dp nodebug_pointer nodp\n" +" debug_keyboard dk nodebug_keyboard nodk keycode keysym\n" +" ptr fakebuttonevent sleep get_xprop set_xprop wininfo\n" +" bcx_xattach deferupdate defer setdefer extra_fbur\n" +" wait_ui wait_bog nowait_bog slow_fb xrefresh wait\n" +" readtimeout nap nonap sb screen_blank fbpm nofbpm dpms\n" +" nodpms clientdpms noclientdpms forcedpms noforcedpms\n" " noserverdpms serverdpms noultraext ultraext chatwindow\n" " nochatwindow chaton chatoff fs gaps grow fuzz snapfb\n" " nosnapfb rawfb uinput_accel uinput_thresh uinput_reset\n" @@ -4755,21 +5257,23 @@ " macnoresize macresize nomacnoresize maciconanim macmenu\n" " macnomenu nomacmenu macuskbd nomacuskbd noremote\n" "\n" -" aro= noop display vncdisplay desktopname guess_desktop\n" +" aro= noop display vncdisplay icon_mode autoport\n" +" loop loopbg desktopname guess_desktop guess_dbus\n" " http_url auth xauth users rootshift clipshift scale_str\n" " scaled_x scaled_y scale_numer scale_denom scale_fac_x\n" " scale_fac_y scaling_blend scaling_nomult4 scaling_pad\n" " scaling_interpolate inetd privremote unsafe safer\n" " nocmds passwdfile unixpw unixpw_nis unixpw_list ssl\n" " ssl_pem sslverify stunnel stunnel_pem https httpsredir\n" -" usepw using_shm logfile o flag rc norc h help V version\n" -" lastmod bg sigpipe threads readrate netrate netlatency\n" -" pipeinput clients client_count pid ext_xtest ext_xtrap\n" -" ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay\n" -" ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons\n" -" button_mask mouse_x mouse_y bpp depth indexed_color\n" -" dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y\n" -" coff_x coff_y rfbauth passwd viewpasswd\n" +" usepw using_shm logfile o flag rmflag rc norc h help\n" +" V version lastmod bg sigpipe threads readrate netrate\n" +" netlatency pipeinput clients client_count pid ext_xtest\n" +" ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama\n" +" ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin\n" +" num_buttons button_mask mouse_x mouse_y grab_state\n" +" pointer_pos bpp depth indexed_color dpy_x dpy_y wdpy_x\n" +" wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y rfbauth\n" +" passwd viewpasswd\n" "\n" "-QD variable Just like -query variable, but returns the default\n" " value for that parameter (no running x11vnc server\n" @@ -4789,10 +5293,47 @@ " the -query request is processed in the normal way.\n" " This allows for a reliable way to see if the -remote\n" " command was processed by querying for any new settings.\n" -" Note however that there is timeout of a few seconds so\n" -" if the x11vnc takes longer than that to process the\n" -" requests the requester will think that a failure has\n" -" taken place.\n" +" Note however that there is timeout of a few seconds\n" +" (see the next paragraph) so if the x11vnc takes longer\n" +" than that to process the requests the requester will\n" +" think that a failure has taken place.\n" +"\n" +" The default is to wait 3.5 seconds. Or if cmd=stop\n" +" only 1.0 seconds. If cmd matches 'script:' then it\n" +" will wait up to 10.0 seconds. Set X11VNC_SYNC_TIMEOUT\n" +" to the number of seconds you want it to wait.\n" +"\n" +"-query_retries str If a query fails to get a response from an x11vnc\n" +" server, retry up to n times. \"str\" is specified as\n" +" n[:t][/match] Optionally the delay between tries may\n" +" be specified by \"t\" a floating point time (default\n" +" 0.5 seconds.) Note: the response is not checked for\n" +" validity or whether it corresponds to the query sent.\n" +" The query \"ping:mystring\" may be used to help uniquely\n" +" identify the query. Optionally, a matching string after\n" +" a \"/\" will be used to check the result text. Up to\n" +" n retries will take place until the matching string is\n" +" found in the output text. If the match string is never\n" +" found the program's exit code is 1; if the match is\n" +" found it exits with 0. Note that there may be stdout\n" +" printed for each retry (i.e. multiple lines printed\n" +" out to stdout.)\n" +" Example: -query_retries 4:1.5/grab_state\n" +"\n" +"-remote_prefix str Enable a remote-control communication channel for\n" +" connected VNC clients. str is a non-empty string. If a\n" +" VNC client sends rfbCutText having the prefix \"str\"\n" +" then the part after it is processed as though it were\n" +" sent via 'x11vnc -remote ...'. If it begins with\n" +" neither 'cmd=' nor 'qry=' then 'qry=' is assumed.\n" +" Any corresponding output text for that remote control\n" +" command is sent back to all client as rfbCutText.\n" +" The returned output is also prefixed with \"str\".\n" +" Example: -remote_prefix DO_THIS:\n" +"\n" +" Note that enabling -remote_prefix allows the remote\n" +" VNC viewers to run x11vnc -remote commands. Do not\n" +" use this option if they are not to be trusted.\n" "\n" "-noremote Do not process any remote control commands or queries.\n" "-yesremote Do process remote control commands or queries.\n" @@ -4839,7 +5380,7 @@ " stunnel, ssl, unixpw, WAIT, zeroconf, id, accept,\n" " afteraccept, gone, pipeinput, v4l-info, rawfb-setup,\n" " dt, gui, ssh, storepasswd, passwdfile, custom_passwd,\n" -" crash.\n" +" findauth, crash.\n" "\n" " See each option's help to learn the associated external\n" " command. Note that the -nocmds option takes precedence\n" @@ -4872,6 +5413,7 @@ int w = 23; char tmp[100]; if (p[0] == '-') { + memset(tmp, 0, sizeof(tmp)); strncpy(tmp, p, w); fprintf(stderr, " %s", tmp); l++; @@ -4917,8 +5459,8 @@ waitms, wait_ui, take_naps ? "take naps":"no naps", - rfbMaxClientWait/1000, screen_blank, + rfbMaxClientWait/1000, watch_fbpm ? "-nofbpm":"-fbpm", watch_dpms ? "-nodpms":"-dpms", xdamage_max_area, NSCAN, xdamage_memory, diff -Nru x11vnc-0.9.8/x11vnc/inet.c x11vnc-0.9.9/x11vnc/inet.c --- x11vnc-0.9.8/x11vnc/inet.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/inet.c 2009-12-21 04:58:10.000000000 +0000 @@ -212,6 +212,7 @@ char msg[128]; int n, sock, ok = 0; int block = 0; + int refused = 0; /* * need to check to see if the operation will block for @@ -221,14 +222,24 @@ { pid_t pid, pidw; int rc; if ((pid = fork()) > 0) { - usleep(100 * 1000); /* 0.1 sec */ + usleep(100 * 1000); /* 0.1 sec for quick success or refusal */ pidw = waitpid(pid, &rc, WNOHANG); if (pidw <= 0) { - usleep(1000 * 1000); /* 1.0 sec */ + usleep(1500 * 1000); /* 1.5 sec */ pidw = waitpid(pid, &rc, WNOHANG); if (pidw <= 0) { + int rc2; + rfbLog("ident_username: set block=1 (hung)\n"); block = 1; kill(pid, SIGTERM); + usleep(100 * 1000); + waitpid(pid, &rc2, WNOHANG); + } + } + if (pidw > 0 && !block) { + if (WIFEXITED(rc) && WEXITSTATUS(rc) == 1) { + rfbLog("ident_username: set refused=1 (exit)\n"); + refused = 1; } } } else if (pid == -1) { @@ -249,10 +260,10 @@ } } #endif - if (block) { + if (block || refused) { ; } else if ((sock = rfbConnectToTcpAddr(client->host, 113)) < 0) { - rfbLog("could not connect to ident: %s:%d\n", + rfbLog("ident_username: could not connect to ident: %s:%d\n", client->host, 113); } else { int ret; diff -Nru x11vnc-0.9.8/x11vnc/keyboard.c x11vnc-0.9.9/x11vnc/keyboard.c --- x11vnc-0.9.8/x11vnc/keyboard.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/keyboard.c 2009-12-21 04:58:10.000000000 +0000 @@ -2045,7 +2045,7 @@ * why nothing needs to be done with the modifier, see below. * * sentmods[] is the corresponding keycode to use - * to acheive the needmods[] requirement for the bit. + * to achieve the needmods[] requirement for the bit. */ for (i=0; i<8; i++) { @@ -2780,6 +2780,11 @@ input->files = 0; if (! client) { + input->keystroke = 1; + input->motion = 1; + input->button = 1; + input->clipboard = 1; + input->files = 1; return; } @@ -3051,6 +3056,10 @@ static double max_keyrepeat_last_time = 0.0; static double max_keyrepeat_always = -1.0; + if (threads_drop_input) { + return; + } + dtime0(&tnow); got_keyboard_calls++; @@ -3120,6 +3129,8 @@ } } + INPUT_LOCK; + last_down = down; last_keysym = keysym; last_keyboard_time = tnow; @@ -3210,6 +3221,7 @@ if (db) rfbLog("--- scroll keyrate skipping 0x%lx %s " "%.4f %.4f\n", keysym, down ? "down":"up ", tnow - x11vnc_start, tnow - max_keyrepeat_last_time); + INPUT_UNLOCK; return; } } @@ -3232,6 +3244,7 @@ tnow - x11vnc_start, tnow - max_keyrepeat_last_time); max_keyrepeat_last_keysym = keysym; skipped_last_down = 1; + INPUT_UNLOCK; return; } else { if (db) rfbLog("--- scroll keyrate KEEPING 0x%lx %s " @@ -3262,15 +3275,18 @@ got_user_input++; got_keyboard_input++; } + INPUT_UNLOCK; return; } } if (view_only) { + INPUT_UNLOCK; return; } get_allowed_input(client, &input); if (! input.keystroke) { + INPUT_UNLOCK; return; } @@ -3322,6 +3338,7 @@ char *b, bstr[32]; if (! down) { + INPUT_UNLOCK; return; /* nothing to send */ } if (debug_keyboard) { @@ -3355,6 +3372,7 @@ } XFlush_wr(dpy); X_UNLOCK; + INPUT_UNLOCK; return; } @@ -3363,6 +3381,7 @@ X_LOCK; XFlush_wr(dpy); X_UNLOCK; + INPUT_UNLOCK; return; } @@ -3389,6 +3408,7 @@ } X_UNLOCK; + INPUT_UNLOCK; } diff -Nru x11vnc-0.9.8/x11vnc/Makefile.am x11vnc-0.9.9/x11vnc/Makefile.am --- x11vnc-0.9.8/x11vnc/Makefile.am 2009-06-19 15:44:12.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/Makefile.am 2009-12-21 05:02:53.000000000 +0000 @@ -23,7 +23,7 @@ endif bin_PROGRAMS=x11vnc -x11vnc_SOURCES = 8to24.c avahi.c cleanup.c connections.c cursor.c gui.c help.c inet.c keyboard.c linuxfb.c macosx.c macosxCG.c macosxCGP.c macosxCGS.c options.c pm.c pointer.c rates.c remote.c scan.c screen.c selection.c solid.c sslcmds.c sslhelper.c uinput.c unixpw.c user.c userinput.c util.c v4l.c win_utils.c x11vnc.c x11vnc_defs.c xdamage.c xevents.c xinerama.c xkb_bell.c xrandr.c xrecord.c xwrappers.c 8to24.h allowed_input_t.h avahi.h blackout_t.h cleanup.h connections.h cursor.h enc.h enums.h gui.h help.h inet.h keyboard.h linuxfb.h macosx.h macosxCG.h macosxCGP.h macosxCGS.h nox11.h nox11_funcs.h options.h params.h pm.h pointer.h rates.h remote.h scan.h screen.h scrollevent_t.h selection.h solid.h sslcmds.h sslhelper.h ssltools.h tkx11vnc.h uinput.h unixpw.h user.h userinput.h util.h v4l.h win_utils.h winattr_t.h x11vnc.h xdamage.h xevents.h xinerama.h xkb_bell.h xrandr.h xrecord.h xwrappers.h +x11vnc_SOURCES = 8to24.c appshare.c avahi.c cleanup.c connections.c cursor.c gui.c help.c inet.c keyboard.c linuxfb.c macosx.c macosxCG.c macosxCGP.c macosxCGS.c options.c pm.c pointer.c rates.c remote.c scan.c screen.c selection.c solid.c sslcmds.c sslhelper.c uinput.c unixpw.c user.c userinput.c util.c v4l.c win_utils.c x11vnc.c x11vnc_defs.c xdamage.c xevents.c xinerama.c xkb_bell.c xrandr.c xrecord.c xwrappers.c 8to24.h allowed_input_t.h avahi.h blackout_t.h cleanup.h connections.h cursor.h enc.h enums.h gui.h help.h inet.h keyboard.h linuxfb.h macosx.h macosxCG.h macosxCGP.h macosxCGS.h nox11.h nox11_funcs.h options.h params.h pm.h pointer.h rates.h remote.h scan.h screen.h scrollevent_t.h selection.h solid.h sslcmds.h sslhelper.h ssltools.h tkx11vnc.h uinput.h unixpw.h user.h userinput.h util.h v4l.h win_utils.h winattr_t.h x11vnc.h xdamage.h xevents.h xinerama.h xkb_bell.h xrandr.h xrecord.h xwrappers.h if HAVE_SYSTEM_LIBVNCSERVER INCLUDES_LIBVNCSERVER = @SYSTEM_LIBVNCSERVER_CFLAGS@ diff -Nru x11vnc-0.9.8/x11vnc/Makefile.in x11vnc-0.9.9/x11vnc/Makefile.in --- x11vnc-0.9.8/x11vnc/Makefile.in 2009-06-19 15:44:20.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/Makefile.in 2009-12-21 05:03:00.000000000 +0000 @@ -37,6 +37,8 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ bin_PROGRAMS = x11vnc$(EXEEXT) subdir = x11vnc DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ @@ -53,27 +55,27 @@ "$(DESTDIR)$(desktopdir)" binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(bin_PROGRAMS) -am_x11vnc_OBJECTS = x11vnc-8to24.$(OBJEXT) x11vnc-avahi.$(OBJEXT) \ - x11vnc-cleanup.$(OBJEXT) x11vnc-connections.$(OBJEXT) \ - x11vnc-cursor.$(OBJEXT) x11vnc-gui.$(OBJEXT) \ - x11vnc-help.$(OBJEXT) x11vnc-inet.$(OBJEXT) \ - x11vnc-keyboard.$(OBJEXT) x11vnc-linuxfb.$(OBJEXT) \ - x11vnc-macosx.$(OBJEXT) x11vnc-macosxCG.$(OBJEXT) \ - x11vnc-macosxCGP.$(OBJEXT) x11vnc-macosxCGS.$(OBJEXT) \ - x11vnc-options.$(OBJEXT) x11vnc-pm.$(OBJEXT) \ - x11vnc-pointer.$(OBJEXT) x11vnc-rates.$(OBJEXT) \ - x11vnc-remote.$(OBJEXT) x11vnc-scan.$(OBJEXT) \ - x11vnc-screen.$(OBJEXT) x11vnc-selection.$(OBJEXT) \ - x11vnc-solid.$(OBJEXT) x11vnc-sslcmds.$(OBJEXT) \ - x11vnc-sslhelper.$(OBJEXT) x11vnc-uinput.$(OBJEXT) \ - x11vnc-unixpw.$(OBJEXT) x11vnc-user.$(OBJEXT) \ - x11vnc-userinput.$(OBJEXT) x11vnc-util.$(OBJEXT) \ - x11vnc-v4l.$(OBJEXT) x11vnc-win_utils.$(OBJEXT) \ - x11vnc-x11vnc.$(OBJEXT) x11vnc-x11vnc_defs.$(OBJEXT) \ - x11vnc-xdamage.$(OBJEXT) x11vnc-xevents.$(OBJEXT) \ - x11vnc-xinerama.$(OBJEXT) x11vnc-xkb_bell.$(OBJEXT) \ - x11vnc-xrandr.$(OBJEXT) x11vnc-xrecord.$(OBJEXT) \ - x11vnc-xwrappers.$(OBJEXT) +am_x11vnc_OBJECTS = x11vnc-8to24.$(OBJEXT) x11vnc-appshare.$(OBJEXT) \ + x11vnc-avahi.$(OBJEXT) x11vnc-cleanup.$(OBJEXT) \ + x11vnc-connections.$(OBJEXT) x11vnc-cursor.$(OBJEXT) \ + x11vnc-gui.$(OBJEXT) x11vnc-help.$(OBJEXT) \ + x11vnc-inet.$(OBJEXT) x11vnc-keyboard.$(OBJEXT) \ + x11vnc-linuxfb.$(OBJEXT) x11vnc-macosx.$(OBJEXT) \ + x11vnc-macosxCG.$(OBJEXT) x11vnc-macosxCGP.$(OBJEXT) \ + x11vnc-macosxCGS.$(OBJEXT) x11vnc-options.$(OBJEXT) \ + x11vnc-pm.$(OBJEXT) x11vnc-pointer.$(OBJEXT) \ + x11vnc-rates.$(OBJEXT) x11vnc-remote.$(OBJEXT) \ + x11vnc-scan.$(OBJEXT) x11vnc-screen.$(OBJEXT) \ + x11vnc-selection.$(OBJEXT) x11vnc-solid.$(OBJEXT) \ + x11vnc-sslcmds.$(OBJEXT) x11vnc-sslhelper.$(OBJEXT) \ + x11vnc-uinput.$(OBJEXT) x11vnc-unixpw.$(OBJEXT) \ + x11vnc-user.$(OBJEXT) x11vnc-userinput.$(OBJEXT) \ + x11vnc-util.$(OBJEXT) x11vnc-v4l.$(OBJEXT) \ + x11vnc-win_utils.$(OBJEXT) x11vnc-x11vnc.$(OBJEXT) \ + x11vnc-x11vnc_defs.$(OBJEXT) x11vnc-xdamage.$(OBJEXT) \ + x11vnc-xevents.$(OBJEXT) x11vnc-xinerama.$(OBJEXT) \ + x11vnc-xkb_bell.$(OBJEXT) x11vnc-xrandr.$(OBJEXT) \ + x11vnc-xrecord.$(OBJEXT) x11vnc-xwrappers.$(OBJEXT) x11vnc_OBJECTS = $(am_x11vnc_OBJECTS) @HAVE_SYSTEM_LIBVNCSERVER_FALSE@am__DEPENDENCIES_1 = ../libvncserver/libvncserver.a \ @HAVE_SYSTEM_LIBVNCSERVER_FALSE@ ../libvncclient/libvncclient.a @@ -207,10 +209,18 @@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ +build = @build@ build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ datadir = @datadir@ exec_prefix = @exec_prefix@ +host = @host@ host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ @@ -238,7 +248,7 @@ man_MANS = x11vnc.1 EXTRA_DIST = ChangeLog README tkx11vnc $(man_MANS) $(desktop_DATA) @CYGIPC_TRUE@LD_CYGIPC = -lcygipc -x11vnc_SOURCES = 8to24.c avahi.c cleanup.c connections.c cursor.c gui.c help.c inet.c keyboard.c linuxfb.c macosx.c macosxCG.c macosxCGP.c macosxCGS.c options.c pm.c pointer.c rates.c remote.c scan.c screen.c selection.c solid.c sslcmds.c sslhelper.c uinput.c unixpw.c user.c userinput.c util.c v4l.c win_utils.c x11vnc.c x11vnc_defs.c xdamage.c xevents.c xinerama.c xkb_bell.c xrandr.c xrecord.c xwrappers.c 8to24.h allowed_input_t.h avahi.h blackout_t.h cleanup.h connections.h cursor.h enc.h enums.h gui.h help.h inet.h keyboard.h linuxfb.h macosx.h macosxCG.h macosxCGP.h macosxCGS.h nox11.h nox11_funcs.h options.h params.h pm.h pointer.h rates.h remote.h scan.h screen.h scrollevent_t.h selection.h solid.h sslcmds.h sslhelper.h ssltools.h tkx11vnc.h uinput.h unixpw.h user.h userinput.h util.h v4l.h win_utils.h winattr_t.h x11vnc.h xdamage.h xevents.h xinerama.h xkb_bell.h xrandr.h xrecord.h xwrappers.h +x11vnc_SOURCES = 8to24.c appshare.c avahi.c cleanup.c connections.c cursor.c gui.c help.c inet.c keyboard.c linuxfb.c macosx.c macosxCG.c macosxCGP.c macosxCGS.c options.c pm.c pointer.c rates.c remote.c scan.c screen.c selection.c solid.c sslcmds.c sslhelper.c uinput.c unixpw.c user.c userinput.c util.c v4l.c win_utils.c x11vnc.c x11vnc_defs.c xdamage.c xevents.c xinerama.c xkb_bell.c xrandr.c xrecord.c xwrappers.c 8to24.h allowed_input_t.h avahi.h blackout_t.h cleanup.h connections.h cursor.h enc.h enums.h gui.h help.h inet.h keyboard.h linuxfb.h macosx.h macosxCG.h macosxCGP.h macosxCGS.h nox11.h nox11_funcs.h options.h params.h pm.h pointer.h rates.h remote.h scan.h screen.h scrollevent_t.h selection.h solid.h sslcmds.h sslhelper.h ssltools.h tkx11vnc.h uinput.h unixpw.h user.h userinput.h util.h v4l.h win_utils.h winattr_t.h x11vnc.h xdamage.h xevents.h xinerama.h xkb_bell.h xrandr.h xrecord.h xwrappers.h @HAVE_SYSTEM_LIBVNCSERVER_FALSE@INCLUDES_LIBVNCSERVER = @HAVE_SYSTEM_LIBVNCSERVER_TRUE@INCLUDES_LIBVNCSERVER = @SYSTEM_LIBVNCSERVER_CFLAGS@ INCLUDES = -I$(top_srcdir) $(INCLUDES_LIBVNCSERVER) @X_CFLAGS@ \ @@ -311,6 +321,7 @@ -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x11vnc-8to24.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x11vnc-appshare.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x11vnc-avahi.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x11vnc-cleanup.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x11vnc-connections.Po@am__quote@ @@ -380,6 +391,20 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(x11vnc_CFLAGS) $(CFLAGS) -c -o x11vnc-8to24.obj `if test -f '8to24.c'; then $(CYGPATH_W) '8to24.c'; else $(CYGPATH_W) '$(srcdir)/8to24.c'; fi` +x11vnc-appshare.o: appshare.c +@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(x11vnc_CFLAGS) $(CFLAGS) -MT x11vnc-appshare.o -MD -MP -MF "$(DEPDIR)/x11vnc-appshare.Tpo" -c -o x11vnc-appshare.o `test -f 'appshare.c' || echo '$(srcdir)/'`appshare.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/x11vnc-appshare.Tpo" "$(DEPDIR)/x11vnc-appshare.Po"; else rm -f "$(DEPDIR)/x11vnc-appshare.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='appshare.c' object='x11vnc-appshare.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(x11vnc_CFLAGS) $(CFLAGS) -c -o x11vnc-appshare.o `test -f 'appshare.c' || echo '$(srcdir)/'`appshare.c + +x11vnc-appshare.obj: appshare.c +@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(x11vnc_CFLAGS) $(CFLAGS) -MT x11vnc-appshare.obj -MD -MP -MF "$(DEPDIR)/x11vnc-appshare.Tpo" -c -o x11vnc-appshare.obj `if test -f 'appshare.c'; then $(CYGPATH_W) 'appshare.c'; else $(CYGPATH_W) '$(srcdir)/appshare.c'; fi`; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/x11vnc-appshare.Tpo" "$(DEPDIR)/x11vnc-appshare.Po"; else rm -f "$(DEPDIR)/x11vnc-appshare.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='appshare.c' object='x11vnc-appshare.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(x11vnc_CFLAGS) $(CFLAGS) -c -o x11vnc-appshare.obj `if test -f 'appshare.c'; then $(CYGPATH_W) 'appshare.c'; else $(CYGPATH_W) '$(srcdir)/appshare.c'; fi` + x11vnc-avahi.o: avahi.c @am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(x11vnc_CFLAGS) $(CFLAGS) -MT x11vnc-avahi.o -MD -MP -MF "$(DEPDIR)/x11vnc-avahi.Tpo" -c -o x11vnc-avahi.o `test -f 'avahi.c' || echo '$(srcdir)/'`avahi.c; \ @am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/x11vnc-avahi.Tpo" "$(DEPDIR)/x11vnc-avahi.Po"; else rm -f "$(DEPDIR)/x11vnc-avahi.Tpo"; exit 1; fi diff -Nru x11vnc-0.9.8/x11vnc/misc/connect_switch x11vnc-0.9.9/x11vnc/misc/connect_switch --- x11vnc-0.9.8/x11vnc/misc/connect_switch 1970-01-01 01:00:00.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/misc/connect_switch 2009-11-18 04:34:38.000000000 +0000 @@ -0,0 +1,422 @@ +#!/usr/bin/perl +# +# Copyright (c) 2006-2009 by Karl J. Runge +# +# connect_switch is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or (at +# your option) any later version. +# +# connect_switch is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with connect_switch; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA +# or see . +# +# +# connect_switch: +# +# A kludge script that sits between web clients and a mod_ssl (https) +# enabled apache webserver. +# +# If an incoming web client connection makes a proxy CONNECT request +# it is handled directly by this script (apache is not involved). +# Otherwise, all other connections are forwarded to the apache webserver. +# +# This can be useful for VNC redirection using an existing https (port +# 443) webserver, thereby not requiring a 2nd (non-https) port open on +# the firewall for the CONNECT requests. +# +# It does not seem possible (to me) to achieve this entirely within apache +# because the CONNECT request appears to be forwarded encrypted to +# the remote host and so the SSL dies immediately. +# +# Note: There is no need to use this script for a non-ssl apache webserver +# port because mod_proxy works fine for doing the switching all inside +# apache (see ProxyRequests and AllowCONNECT parameters). +# +# Apache configuration: +# +# The mod_ssl configuration is often in a file named ssl.conf. In the +# simplest case you change something like this: +# +# From: +# +# Listen 443 +# +# +# ... +# +# +# To: +# +# Listen 127.0.0.1:443 +# +# +# ... +# +# +# (i.e. just change the Listen directive). +# +# If you have mod_ssl listening on a different internal port, you do +# not need to specify the localhost Listen address. +# +# It is probably a good idea to set $listen_host below to the known +# IP address you want the service to listen on (to avoid localhost where +# apache is listening). + + +############################################################################ +# The defaults for hosts and ports (you can override them below if needed): +# +# Look below for these environment variables that let you set the various +# parameters without needing to edit this script: +# +# CONNECT_SWITCH_LISTEN +# CONNECT_SWITCH_HTTPD +# CONNECT_SWITCH_ALLOWED +# CONNECT_SWITCH_ALLOW_FILE +# CONNECT_SWITCH_VERBOSE +# CONNECT_SWITCH_APPLY_VNC_OFFSET +# CONNECT_SWITCH_VNC_OFFSET + +my $hostname = `hostname`; +chomp $hostname; + +my $listen_host = $hostname; +my $listen_port = 443; + +if (exists $ENV{CONNECT_SWITCH_LISTEN}) { + # E.g. CONNECT_SWITCH_LISTEN=192.168.0.32:443 + ($listen_host, $listen_port) = split(/:/, $ENV{CONNECT_SWITCH_LISTEN}); +} + +my $httpd_host = 'localhost'; +my $httpd_port = 443; + +if (exists $ENV{CONNECT_SWITCH_HTTPD}) { + # E.g. CONNECT_SWITCH_HTTPD=127.0.0.1:443 + ($httpd_host, $httpd_port) = split(/:/, $ENV{CONNECT_SWITCH_HTTPD}); +} + +############################################################################ +# You can/should override the host/port settings here: +# +#$listen_host = '23.45.67.89'; # set to your interface IP number. +#$listen_port = 555; # and/or nonstandard port. +#$httpd_host = 'somehost'; # maybe you redir https to another machine. +#$httpd_port = 666; # and/or nonstandard port. + +# You must set the allowed host:port CONNECT redirection list. +# Only these host:port pairs will be redirected to. +# +my @allowed = qw( + machine1:5915 + machine2:5900 +); + +if (exists $ENV{CONNECT_SWITCH_ALLOWED}) { + # + # E.g. CONNECT_SWITCH_ALLOWED=machine1:5915,machine2:5900 + # + @allowed = split(/,/, $ENV{CONNECT_SWITCH_ALLOWED}); +} + +# Or you could also use an external "allow file". +# They get added to the @allowed list. +# The file is re-read for each new connection. +# +# Format of $allow_file: +# +# host1 vncdisp +# host2 vncdisp +# +# where, e.g. vncdisp = 15 => port 5915, say +# +# joesbox 15 +# fredsbox 15 +# rupert 1 + +my $allow_file = '/dist/apache/2.0/conf/vnc.hosts'; +$allow_file = ''; + +if (exists $ENV{CONNECT_SWITCH_ALLOW_FILE}) { + # E.g. CONNECT_SWITCH_ALLOW_FILE=/usr/local/etc/allow.txt + $allow_file = $ENV{CONNECT_SWITCH_ALLOW_FILE}; +} + +# Set to 1 to re-map to vnc port, e.g. 'hostname 15' to 'hostname 5915' +# i.e. assume a port 0 <= port < 200 is actually a VNC display +# and add 5900 to it. Set to 0 to not do the mapping. +# Note that negative ports, e.g. 'joesbox -22' go directly to -port. +# +my $apply_vnc_offset = 1; +my $vnc_offset = 5900; + +if (exists $ENV{CONNECT_SWITCH_APPLY_VNC_OFFSET}) { + # E.g. CONNECT_SWITCH_APPLY_VNC_OFFSET=0 + $apply_vnc_offset = $ENV{CONNECT_SWITCH_APPLY_VNC_OFFSET}; +} +if (exists $ENV{CONNECT_SWITCH_VNC_OFFSET}) { + # E.g. CONNECT_SWITCH_VNC_OFFSET=6000 + $vnc_offset = $ENV{CONNECT_SWITCH_VNC_OFFSET}; +} + +# Set to 1 for more debugging output: +# +my $verbose = 0; + +if (exists $ENV{CONNECT_SWITCH_VERBOSE}) { + # E.g. CONNECT_SWITCH_VERBOSE=1 + $verbose = $ENV{CONNECT_SWITCH_VERBOSE}; +} + +############################################################################ +# No need for any changes below here. + +use IO::Socket::INET; +use strict; +use warnings; + +my $killpid = 1; + +setpgrp(0, 0); + +my $listen_sock = IO::Socket::INET->new( + Listen => 10, + LocalAddr => $listen_host, + LocalPort => $listen_port, + Proto => "tcp" +); + +if (! $listen_sock) { + die "connect_switch: $!\n"; +} + +my $current_fh1 = ''; +my $current_fh2 = ''; + +my $conn = 0; + +while (1) { + $conn++; + print STDERR "listening for connection: $conn\n" if $verbose; + my ($client, $ip) = $listen_sock->accept(); + if (! $client) { + fsleep(0.5); + next; + } + print STDERR "conn: $conn -- ", $client->peerhost(), "\n" if $verbose; + + my $pid = fork(); + if (! defined $pid) { + die "connect_switch: $!\n"; + } elsif ($pid) { + wait; + next; + } else { + close $listen_sock; + if (fork) { + exit 0; + } + setpgrp(0, 0); + handle_conn($client); + } +} + +exit 0; + +sub handle_conn { + my $client = shift; + + my $start = time(); + + my @allow = @allowed; + + if ($allow_file && -f $allow_file) { + if (open(ALLOW, "<$allow_file")) { + while () { + next if /^\s*#/; + next if /^\s*$/; + chomp; + my ($host, $dpy) = split(' ', $_); + next if ! defined $host; + next if ! defined $dpy; + if ($dpy < 0) { + $dpy = -$dpy; + } elsif ($apply_vnc_offset) { + $dpy += $vnc_offset if $dpy < 200; + } + push @allow, "$host:$dpy"; + } + close(ALLOW); + } else { + warn "$allow_file: $!\n"; + } + } + + my $str = ''; + my $N = 0; + my $isconn = 1; + for (my $i = 0; $i < 7; $i++) { + my $b; + sysread($client, $b, 1); + $str .= $b; + $N++; + print STDERR "read: '$str'\n" if $verbose; + my $cstr = substr('CONNECT', 0, $i+1); + if ($str ne $cstr) { + $isconn = 0; + last; + } + } + + my $sock = ''; + if ($isconn) { + while ($str !~ /\r\n\r\n/) { + my $b; + sysread($client, $b, 1); + $str .= $b; + } + print STDERR "read: $str\n" if $verbose; + + my $ok = 0; + my $hostport = ''; + my $http_vers = '1.0'; + if ($str =~ /^CONNECT\s+(\S+)\s+HTTP\/(\S+)/) { + $hostport = $1; + $http_vers = $2; + foreach my $hp (@allow) { + if ($hp eq $hostport) { + $ok = 1; + last; + } + } + } + if (! $ok) { + close $client; + exit 0; + } + + my ($host, $port) = split(/:/, $hostport); + + print STDERR "connecting to: $host:$port\n" if $verbose; + + $sock = IO::Socket::INET->new( + PeerAddr => $host, + PeerPort => $port, + Proto => "tcp" + ); + my $msg; + if ($sock) { + $msg = "HTTP/$http_vers 200 Connection Established\r\n" + . "Proxy-agent: connect_switch v0.2\r\n\r\n"; + } else { + $msg = "HTTP/$http_vers 502 Bad Gateway\r\n" + . "Connection: close\r\n\r\n"; + } + syswrite($client, $msg, length($msg)); + $str = ''; + } else { + print STDERR "connecting to: $httpd_host:$httpd_port\n" + if $verbose; + $sock = IO::Socket::INET->new( + PeerAddr => $httpd_host, + PeerPort => $httpd_port, + Proto => "tcp" + ); + } + + if (! $sock) { + close $client; + die "connect_switch: $!\n"; + } + + $current_fh1 = $client; + $current_fh2 = $sock; + + $SIG{TERM} = sub {print STDERR "got sigterm\[$$]\n" if $verbose; close $current_fh1; close $current_fh2; exit 0}; + + my $parent = $$; + if (my $child = fork()) { + xfer($sock, $client, 'S->C'); + if ($killpid) { + fsleep(0.5); + kill 'TERM', $child; + } + } else { + if ($str ne '' && $N > 0) { + syswrite($sock, $str, $N); + } + xfer($client, $sock, 'C->S'); + if ($killpid) { + fsleep(0.75); + kill 'TERM', $parent; + } + } + if ($verbose) { + my $dt = time() - $start; + print STDERR "dt\[$$]: $dt\n"; + } + exit 0; +} + +sub xfer { + my($in, $out, $lab) = @_; + my ($RIN, $WIN, $EIN, $ROUT); + $RIN = $WIN = $EIN = ""; + $ROUT = ""; + vec($RIN, fileno($in), 1) = 1; + vec($WIN, fileno($in), 1) = 1; + $EIN = $RIN | $WIN; + my $buf; + + while (1) { + my $nf = 0; + while (! $nf) { + $nf = select($ROUT=$RIN, undef, undef, undef); + } + my $len = sysread($in, $buf, 8192); + if (! defined($len)) { + next if $! =~ /^Interrupted/; + print STDERR "connect_switch\[$lab/$conn/$$]: $!\n"; + last; + } elsif ($len == 0) { + print STDERR "connect_switch\[$lab/$conn/$$]: " + . "Input is EOF.\n"; + last; + } + + if (0) { + # verbose debugging of data: + syswrite(STDERR , "\n$lab: ", 6); + syswrite(STDERR , $buf, $len); + } + + my $offset = 0; + my $quit = 0; + while ($len) { + my $written = syswrite($out, $buf, $len, $offset); + if (! defined $written) { + print STDERR "connect_switch\[$lab/$conn/$$]: " + . "Output is EOF. $!\n"; + $quit = 1; + last; + } + $len -= $written; + $offset += $written; + } + last if $quit; + } + close($in); + close($out); +} + +sub fsleep { + my ($time) = @_; + select(undef, undef, undef, $time) if $time; +} diff -Nru x11vnc-0.9.8/x11vnc/misc/Makefile.am x11vnc-0.9.9/x11vnc/misc/Makefile.am --- x11vnc-0.9.8/x11vnc/misc/Makefile.am 2009-04-21 01:35:25.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/misc/Makefile.am 2009-12-14 23:17:52.000000000 +0000 @@ -1,3 +1,3 @@ SUBDIRS = turbovnc DIST_SUBDIRS = turbovnc -EXTRA_DIST=README blockdpy.c dtVncPopup rx11vnc rx11vnc.pl shm_clear ranfb.pl slide.pl vcinject.pl x11vnc_loop Xdummy +EXTRA_DIST=README blockdpy.c dtVncPopup rx11vnc rx11vnc.pl shm_clear ranfb.pl slide.pl vcinject.pl x11vnc_loop Xdummy ultravnc_repeater.pl connect_switch diff -Nru x11vnc-0.9.8/x11vnc/misc/Makefile.in x11vnc-0.9.9/x11vnc/misc/Makefile.in --- x11vnc-0.9.8/x11vnc/misc/Makefile.in 2009-06-19 15:44:20.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/misc/Makefile.in 2009-12-21 05:03:00.000000000 +0000 @@ -33,6 +33,8 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ subdir = x11vnc/misc DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -153,10 +155,18 @@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ +build = @build@ build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ datadir = @datadir@ exec_prefix = @exec_prefix@ +host = @host@ host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ @@ -175,7 +185,7 @@ with_ffmpeg = @with_ffmpeg@ SUBDIRS = turbovnc DIST_SUBDIRS = turbovnc -EXTRA_DIST = README blockdpy.c dtVncPopup rx11vnc rx11vnc.pl shm_clear ranfb.pl slide.pl vcinject.pl x11vnc_loop Xdummy +EXTRA_DIST = README blockdpy.c dtVncPopup rx11vnc rx11vnc.pl shm_clear ranfb.pl slide.pl vcinject.pl x11vnc_loop Xdummy ultravnc_repeater.pl connect_switch all: all-recursive .SUFFIXES: diff -Nru x11vnc-0.9.8/x11vnc/misc/turbovnc/Makefile.in x11vnc-0.9.9/x11vnc/misc/turbovnc/Makefile.in --- x11vnc-0.9.8/x11vnc/misc/turbovnc/Makefile.in 2009-06-19 15:44:20.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/misc/turbovnc/Makefile.in 2009-12-21 05:03:01.000000000 +0000 @@ -40,6 +40,8 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ subdir = x11vnc/misc/turbovnc DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -152,10 +154,18 @@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ +build = @build@ build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ datadir = @datadir@ exec_prefix = @exec_prefix@ +host = @host@ host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ diff -Nru x11vnc-0.9.8/x11vnc/misc/ultravnc_repeater.pl x11vnc-0.9.9/x11vnc/misc/ultravnc_repeater.pl --- x11vnc-0.9.8/x11vnc/misc/ultravnc_repeater.pl 1970-01-01 01:00:00.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/misc/ultravnc_repeater.pl 2009-12-14 22:00:51.000000000 +0000 @@ -0,0 +1,424 @@ +#!/usr/bin/env perl +# +# Copyright (c) 2009 by Karl J. Runge +# +# ultravnc_repeater.pl is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or (at +# your option) any later version. +# +# ultravnc_repeater.pl is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with ultravnc_repeater.pl; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA +# or see . +# + +my $usage = ' +ultravnc_repeater.pl: + perl script implementing the ultravnc repeater + proxy protocol. + +protocol: Listen on one port for vnc clients (default 5900.) + Listen on one port for vnc servers (default 5500.) + Read 250 bytes from connecting vnc client or server. + Accept ID: from clients and servers, connect them + together once both are present. + The string "RFB 000.000\n" is sent to the client (the client + must understand this means send ID:... or host:port.) + Also accept : from clients and make the + connection to the vnc server immediately. + Note there is no authentication or security WRT ID names or + identities; it us up to the client and server to manage that + and whether to encrypt the session, etc. + +usage: ultravnc_repeater.pl [-r] [client_port [server_port]] + +Use -r to refuse new server/client connections with an existing +server/client ID. The default is to close the previous one. + +Examples: + + ultravnc_repeater.pl -r + ultravnc_repeater.pl 5901 + ultravnc_repeater.pl 5901 5501 + +'; + +use warnings; +use strict; + +use IO::Socket::INET; +use IO::Select; + +my $prog = 'ultravnc_repeater.pl'; +my %ID; + +my $refuse = 0; +my $init_timeout = 3; + +if (@ARGV && $ARGV[0] =~ /-h/) { + print $usage; + exit 0; +} +if (@ARGV && $ARGV[0] eq '-r') { + $refuse = 1; + shift; +} + +my $client_port = shift; +my $server_port = shift; + +$client_port = 5900 unless $client_port; +$server_port = 5500 unless $server_port; + + +my $repeater_bufsize = 250; +$repeater_bufsize = $ENV{BUFSIZE} if exists $ENV{BUFSIZE}; + +my ($RIN, $WIN, $EIN, $ROUT); + +my $client_listen = IO::Socket::INET->new( + Listen => 10, + LocalPort => $client_port, + Proto => "tcp" +); +if (! $client_listen) { + cleanup(); + die "$prog: error: client listen on port $client_port: $!\n"; +} + +my $server_listen = IO::Socket::INET->new( + Listen => 10, + LocalPort => $server_port, + Proto => "tcp" +); +if (! $server_listen) { + cleanup(); + die "$prog: error: server listen on port $server_port: $!\n"; +} + +my $select = new IO::Select(); +if (! select) { + cleanup(); + die "$prog: select $!\n"; +} + +$select->add($client_listen); +$select->add($server_listen); + +$SIG{INT} = sub {cleanup(); exit;}; +$SIG{TERM} = sub {cleanup(); exit;}; + +my $SOCK1 = ''; +my $SOCK2 = ''; +my $CURR = ''; + +print "watching for connections on ports $server_port/server and $client_port/client\n"; + +select(STDERR); $| = 1; +select(STDOUT); $| = 1; + +my $alarm_sock = ''; +my $got_alarm = 0; +sub alarm_handler { + print "$prog: got sig alarm.\n"; + if ($alarm_sock ne '') { + close $alarm_sock; + } + $alarm_sock = ''; + $got_alarm = 1; +} + +while (my @ready = $select->can_read()) { + foreach my $fh (@ready) { + if ($fh == $client_listen) { + print "new vnc client connecting at ", scalar(localtime), "\n"; + } elsif ($fh == $server_listen) { + print "new vnc server connecting at ", scalar(localtime), "\n"; + } + my $sock = $fh->accept(); + if (! $sock) { + print "$prog: accept $!\n"; + next; + } + + if ($fh == $client_listen) { + my $str = "RFB 000.000\n"; + my $len = length $str; + my $n = syswrite($sock, $str, $len, 0); + if ($n != $len) { + print "$prog: bad $str write: $n != $len $!\n"; + close $sock; + } + } + + my $buf = ''; + my $size = $repeater_bufsize; + $size = 1024 unless $size; + + $SIG{ALRM} = "alarm_handler"; + $alarm_sock = $sock; + $got_alarm = 0; + alarm($init_timeout); + my $n = sysread($sock, $buf, $size); + alarm(0); + + if ($got_alarm) { + print "$prog: read timed out: $!\n"; + } elsif (! defined $n) { + print "$prog: read error: $!\n"; + } elsif ($repeater_bufsize > 0 && $n != $size) { + print "$prog: short read $n != $size $!\n"; + close $sock; + } elsif ($fh == $client_listen) { + do_new_client($sock, $buf); + } elsif ($fh == $server_listen) { + do_new_server($sock, $buf); + } + } +} + +sub do_new_client { + my ($sock, $buf) = @_; + + if ($buf =~ /^ID:(\w+)/) { + my $id = $1; + if (exists $ID{$id}) { + if ($ID{$id}{client}) { + print "refusing extra vnc client for ID:$id\n"; + close $sock; + return; + if ($refuse) { + print "refusing extra vnc client for ID:$id\n"; + close $sock; + return; + } else { + print "closing and deleting previous vnc client with ID:$id\n"; + close $ID{$id}{sock}; + + print "storing new vnc client with ID:$id\n"; + $ID{$id}{client} = 1; + $ID{$id}{sock} = $sock; + } + } else { + print "hooking up new vnc client with existing vnc server for ID:$id\n"; + my $sock2 = $ID{$id}{sock}; + delete $ID{$id}; + hookup($sock, $sock2, "ID:$id"); + } + } else { + print "storing new vnc client with ID:$id\n"; + $ID{$id}{client} = 1; + $ID{$id}{sock} = $sock; + } + } else { + my $str = sprintf("%s", $buf); + my $host = ''; + my $port = ''; + if ($str =~ /^(.+):(\d+)/) { + $host = $1; + $port = $2; + } else { + $host = $str; + $port = 5900; + } + if ($port < 0) { + my $pnew = -$port; + print "resetting port from $port to $pnew\n"; + $port = $pnew; + } elsif ($port < 200) { + my $pnew = $port + 5900; + print "resetting port from $port to $pnew\n"; + $port = $pnew; + } + print "making vnc client connection directly to vnc server $host:$port\n"; + my $sock2 = IO::Socket::INET->new( + PeerAddr => $host, + PeerPort => $port, + Proto => "tcp" + ); + if (!$sock2) { + print "failed to connect to $host:$port\n"; + close $sock; + return; + } + hookup($sock, $sock2, "$host:$port"); + } +} + +sub do_new_server { + my ($sock, $buf) = @_; + + if ($buf =~ /^ID:(\w+)/) { + my $id = $1; + my $store = 1; + if (exists $ID{$id}) { + if (! $ID{$id}{client}) { + if ($refuse) { + print "refusing extra vnc server for ID:$id\n"; + close $sock; + return; + } else { + print "closing and deleting previous vnc server with ID:$id\n"; + close $ID{$id}{sock}; + + print "storing new vnc server with ID:$id\n"; + $ID{$id}{client} = 0; + $ID{$id}{sock} = $sock; + } + } else { + print "hooking up new vnc server with existing vnc client for ID:$id\n"; + my $sock2 = $ID{$id}{sock}; + delete $ID{$id}; + hookup($sock, $sock2, "ID:$id"); + } + } else { + print "storing new vnc server with ID:$id\n"; + $ID{$id}{client} = 0; + $ID{$id}{sock} = $sock; + } + } else { + print "invalid ID:NNNNN string for vnc server: $buf\n"; + close $sock; + return; + } +} + +sub handler { + print STDERR "$prog\[$$/$CURR]: got SIGTERM.\n"; + close $SOCK1 if $SOCK1; + close $SOCK2 if $SOCK2; + exit; +} + +sub hookup { + my ($sock1, $sock2, $tag) = @_; + + my $worker = fork(); + + if (! defined $worker) { + print "failed to fork worker: $!\n"; + close $sock1; + close $sock2; + return; + } elsif ($worker) { + close $sock1; + close $sock2; + wait; + } else { + cleanup(); + if (fork) { + exit 0; + } + setpgrp(0, 0); + $SOCK1 = $sock1; + $SOCK2 = $sock2; + $CURR = $tag; + $SIG{TERM} = "handler"; + $SIG{INT} = "handler"; + xfer_both($sock1, $sock2); + exit 0; + } +} + +sub xfer { + my ($in, $out) = @_; + + $RIN = $WIN = $EIN = ""; + $ROUT = ""; + vec($RIN, fileno($in), 1) = 1; + vec($WIN, fileno($in), 1) = 1; + $EIN = $RIN | $WIN; + + my $buf; + + while (1) { + my $nf = 0; + while (! $nf) { + $nf = select($ROUT=$RIN, undef, undef, undef); + } + my $len = sysread($in, $buf, 8192); + if (! defined($len)) { + next if $! =~ /^Interrupted/; + print STDERR "$prog\[$$/$CURR]: $!\n"; + last; + } elsif ($len == 0) { + print STDERR "$prog\[$$/$CURR]: Input is EOF.\n"; + last; + } + my $offset = 0; + my $quit = 0; + while ($len) { + my $written = syswrite($out, $buf, $len, $offset); + if (! defined $written) { + print STDERR "$prog\[$$/$CURR]: Output is EOF. $!\n"; + $quit = 1; + last; + } + $len -= $written; + $offset += $written; + } + last if $quit; + } + close($out); + close($in); + print STDERR "$prog\[$$/$CURR]: finished xfer.\n"; +} + +sub xfer_both { + my ($sock1, $sock2) = @_; + + my $parent = $$; + + my $child = fork(); + + if (! defined $child) { + print STDERR "$prog\[$$/$CURR] failed to fork: $!\n"; + return; + } + + $SIG{TERM} = "handler"; + $SIG{INT} = "handler"; + + if ($child) { + print STDERR "$prog parent[$$/$CURR] 1 -> 2\n"; + xfer($sock1, $sock2); + select(undef, undef, undef, 0.25); + if (kill 0, $child) { + select(undef, undef, undef, 0.9); + if (kill 0, $child) { + print STDERR "$prog\[$$/$CURR]: kill TERM child $child\n"; + kill "TERM", $child; + } else { + print STDERR "$prog\[$$/$CURR]: child $child gone.\n"; + } + } + } else { + select(undef, undef, undef, 0.05); + print STDERR "$prog child [$$/$CURR] 2 -> 1\n"; + xfer($sock2, $sock1); + select(undef, undef, undef, 0.25); + if (kill 0, $parent) { + select(undef, undef, undef, 0.8); + if (kill 0, $parent) { + print STDERR "$prog\[$$/$CURR]: kill TERM parent $parent\n"; + kill "TERM", $parent; + } else { + print STDERR "$prog\[$$/$CURR]: parent $parent gone.\n"; + } + } + } +} + +sub cleanup { + close $client_listen if defined $client_listen; + close $server_listen if defined $server_listen; + foreach my $id (keys %ID) { + close $ID{$id}{sock}; + } +} diff -Nru x11vnc-0.9.8/x11vnc/options.c x11vnc-0.9.9/x11vnc/options.c --- x11vnc-0.9.8/x11vnc/options.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/options.c 2009-12-21 04:58:10.000000000 +0000 @@ -55,6 +55,8 @@ int unixpw_nis = 0; /* -unixpw_nis */ char *unixpw_list = NULL; char *unixpw_cmd = NULL; +int unixpw_system_greeter = 0; +int unixpw_system_greeter_active = 0; int use_stunnel = 0; /* -stunnel */ int stunnel_port = 0; char *stunnel_pem = NULL; @@ -70,6 +72,8 @@ int anontls_mode = ANONTLS_SUPPORT; int create_fresh_dhparams = 0; char *dhparams_file = NULL; +int http_try_it = 0; +int stunnel_http_port = 0; int https_port_num = -1; int https_port_redir = 0; char *ssl_verify = NULL; @@ -107,11 +111,14 @@ int connect_once = 0; #endif int got_connect_once = 0; +int got_findauth = 0; int deny_all = 0; /* global locking of new clients */ #ifndef REMOTE_DEFAULT #define REMOTE_DEFAULT 1 #endif int accept_remote_cmds = REMOTE_DEFAULT; /* -noremote */ +char *remote_prefix = NULL; +int remote_direct = 0; int query_default = 0; int safe_remote_only = 1; /* -unsafe */ int priv_remote = 0; /* -privremote */ @@ -200,6 +207,8 @@ unsigned long subwin = 0x0; /* -id, -sid */ int subwin_wait_mapped = 0; +int freeze_when_obscured = 0; +int subwin_obscured = 0; int debug_xevents = 0; /* -R debug_xevents:1 */ int debug_xdamage = 0; /* -R debug_xdamage:1 or 2 ... */ @@ -402,6 +411,7 @@ double slow_fb = 0.0; double xrefresh = 0.0; int wait_bog = 1; +int extra_fbur = 1; int defer_update = 20; /* deferUpdateTime ms to wait before sends. */ int set_defer = 1; int got_defer = 0; @@ -465,6 +475,7 @@ /* threaded vs. non-threaded (default) */ int use_threads = 0; int started_rfbRunEventLoop = 0; +int threads_drop_input = 0; /* info about command line opts */ int got_noxwarppointer = 0; diff -Nru x11vnc-0.9.8/x11vnc/options.h x11vnc-0.9.9/x11vnc/options.h --- x11vnc-0.9.8/x11vnc/options.h 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/options.h 2009-12-21 04:58:10.000000000 +0000 @@ -55,6 +55,8 @@ extern int unixpw_nis; extern char *unixpw_list; extern char *unixpw_cmd; +extern int unixpw_system_greeter; +extern int unixpw_system_greeter_active; extern int use_stunnel; extern int stunnel_port; extern char *stunnel_pem; @@ -70,6 +72,8 @@ extern int anontls_mode; extern int create_fresh_dhparams; extern char *dhparams_file; +extern int http_try_it; +extern int stunnel_http_port; extern int https_port_num; extern int https_port_redir; extern char *ssl_verify; @@ -98,8 +102,11 @@ extern int shared; extern int connect_once; extern int got_connect_once; +extern int got_findauth; extern int deny_all; extern int accept_remote_cmds; +extern char *remote_prefix; +extern int remote_direct; extern int query_default; extern int safe_remote_only; extern int priv_remote; @@ -172,6 +179,8 @@ extern unsigned long subwin; extern int subwin_wait_mapped; +extern int freeze_when_obscured; +extern int subwin_obscured; extern int debug_xevents; extern int debug_xdamage; @@ -307,6 +316,7 @@ extern double slow_fb; extern double xrefresh; extern int wait_bog; +extern int extra_fbur; extern int defer_update; extern int set_defer; extern int got_defer; @@ -360,6 +370,7 @@ extern int use_threads; extern int started_rfbRunEventLoop; +extern int threads_drop_input; extern int got_noxwarppointer; extern int got_rfbport; diff -Nru x11vnc-0.9.8/x11vnc/params.h x11vnc-0.9.9/x11vnc/params.h --- x11vnc-0.9.8/x11vnc/params.h 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/params.h 2009-12-21 04:58:10.000000000 +0000 @@ -63,8 +63,8 @@ #define FB_REQ 0x4 #define VNC_CONNECT_MAX 16384 -#define X11VNC_REMOTE_MAX 16384 -#define PROP_MAX (131072L) +#define X11VNC_REMOTE_MAX 65536 +#define PROP_MAX (262144L) #define MAXN 256 diff -Nru x11vnc-0.9.8/x11vnc/pm.c x11vnc-0.9.9/x11vnc/pm.c --- x11vnc-0.9.8/x11vnc/pm.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/pm.c 2009-12-21 04:58:10.000000000 +0000 @@ -49,6 +49,16 @@ #endif void check_pm(void) { + static int skip = -1; + if (skip < 0) { + skip = 0; + if (getenv("X11VNC_NO_CHECK_PM")) { + skip = 1; + } + } + if (skip) { + return; + } check_fbpm(); check_dpms(); /* someday dpms activities? */ diff -Nru x11vnc-0.9.8/x11vnc/pointer.c x11vnc-0.9.9/x11vnc/pointer.c --- x11vnc-0.9.8/x11vnc/pointer.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/pointer.c 2009-12-21 04:58:10.000000000 +0000 @@ -76,9 +76,6 @@ int up; } prtremap_t; -#ifdef LIBVNCSERVER_HAVE_LIBPTHREAD -MUTEX(pointerMutex); -#endif #define MAX_BUTTON_EVENTS 50 static prtremap_t pointer_map[MAX_BUTTONS+1][MAX_BUTTON_EVENTS]; @@ -268,9 +265,11 @@ X_LOCK; num_buttons = XGetPointerMapping(dpy, map, MAX_BUTTONS); X_UNLOCK; + rfbLog("The X server says there are %d mouse buttons.\n", num_buttons); #endif } else { num_buttons = 5; + rfbLog("Manually set num_buttons to: %d\n", num_buttons); } if (num_buttons < 0) { @@ -343,11 +342,22 @@ return; #else int rc; + static int watch_dx_dy = -1; RAWFB_RET_VOID + if (watch_dx_dy == -1) { + if (getenv("X11VNC_WATCH_DX_DY")) { + watch_dx_dy = 1; + } else { + watch_dx_dy = 0; + } + } + X_LOCK; - if (use_xwarppointer) { + if (watch_dx_dy && cursor_x == x && cursor_y == y) { + ; + } else if (use_xwarppointer) { /* * off_x and off_y not needed with XWarpPointer since * window is used: @@ -663,6 +673,10 @@ int sent = 0, buffer_it = 0; double now; + if (threads_drop_input) { + return; + } + if (mask >= 0) { got_pointer_calls++; } @@ -710,6 +724,8 @@ y = nfix(y, dpy_y); } + INPUT_LOCK; + if ((pipeinput_fh != NULL || pipeinput_int) && mask >= 0) { pipe_pointer(mask, x, y, client); /* MACOSX here. */ if (! pipeinput_tee) { @@ -728,11 +744,13 @@ if (!view_only && (input.motion || input.button)) { last_rfb_ptr_injected = dnow(); } + INPUT_UNLOCK; return; } } if (view_only) { + INPUT_UNLOCK; return; } @@ -744,6 +762,7 @@ * to flush the event queue; there is no real pointer event. */ if (! input.motion && ! input.button) { + INPUT_UNLOCK; return; } @@ -775,6 +794,7 @@ blackr[b].x1, blackr[b].y1, blackr[b].x2, blackr[b].y2); } + INPUT_UNLOCK; return; } } @@ -789,18 +809,12 @@ if ((use_threads && pointer_mode != 1) || pointer_flush_delay > 0.0) { # define NEV 32 /* storage for the event queue */ - static int mutex_init = 0; static int nevents = 0; static int ev[NEV][3]; int i; /* timer things */ static double dt = 0.0, tmr = 0.0, maxwait = 0.4; - if (! mutex_init) { - INIT_MUTEX(pointerMutex); - mutex_init = 1; - } - if (pointer_flush_delay > 0.0) { maxwait = pointer_flush_delay; } @@ -810,7 +824,7 @@ } } - LOCK(pointerMutex); + POINTER_LOCK; /* * If the framebuffer is being copied in another thread @@ -845,11 +859,12 @@ ev[i][1] = -1; ev[i][2] = -1; } - UNLOCK(pointerMutex); if (debug_pointer) { rfbLog("pointer(): deferring event %d" " %.4f\n", i, tmr - x11vnc_start); } + POINTER_UNLOCK; + INPUT_UNLOCK; return; } } @@ -901,13 +916,14 @@ dt = 0.0; dtime0(&tmr); - UNLOCK(pointerMutex); + POINTER_UNLOCK; } if (mask < 0) { /* -1 just means flush the event queue */ if (debug_pointer) { rfbLog("pointer(): flush only. %.4f\n", dnowx()); } + INPUT_UNLOCK; return; } @@ -944,6 +960,7 @@ XFlush_wr(dpy); X_UNLOCK; } + INPUT_UNLOCK; } void initialize_pipeinput(void) { diff -Nru x11vnc-0.9.8/x11vnc/README x11vnc-0.9.9/x11vnc/README --- x11vnc-0.9.8/x11vnc/README 2009-06-19 15:42:02.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/README 2009-12-21 05:01:09.000000000 +0000 @@ -2,7 +2,7 @@ Copyright (C) 2002-2009 Karl J. Runge All rights reserved. -x11vnc README file Date: Fri Jun 19 10:41:53 EDT 2009 +x11vnc README file Date: Mon Dec 21 00:00:59 EST 2009 The following information is taken from these URLs: @@ -28,55 +28,55 @@ mouse) with any VNC viewer. In this way it plays the role for Unix/X11 that WinVNC plays for Windows. - It has built-in [7]SSL/TLS encryption and RSA authentication, - including VeNCrypt; UNIX [8]account and password login support; - server-side [9]scaling; [10]single port HTTPS/HTTP and VNC; + It has built-in [7]SSL/TLS encryption and 2048 bit RSA authentication, + including VeNCrypt support; UNIX [8]account and password login + support; server-side [9]scaling; [10]single port HTTPS/HTTP+VNC; [11]Zeroconf service advertising; and TightVNC and UltraVNC [12]file-transfer. It has also been extended to work with non-X - devices: [13]webcams and TV tuner capture devices, [14]embedded Linux - systems such as Qtopia Core, and natively on [15]Mac OS X Aqua/Quartz. - More features are described [16]here. + devices: natively on [13]Mac OS X Aqua/Quartz, [14]webcams and TV + tuner capture devices, and [15]embedded Linux systems such as Qtopia + Core. More features are described [16]here. It also provides an encrypted [17]Terminal Services mode ([18]-create, [19]-svc, or [20]-xdmsvc options) based on Unix usernames and Unix passwords where the user does not need to memorize his VNC - display/port number. Normally a virtual X session (Xvfb) is created, - but it also works with X sessions on physical hardware. See also the - [21]tsvnc terminal services mode of the SSVNC viewer. + display/port number. Normally a virtual X session (Xvfb) is created + for each user, but it also works with X sessions on physical hardware. + See the [21]tsvnc terminal services mode of the SSVNC viewer that + takes advantage of this mode. I wrote x11vnc back in 2002 because x0rfbserver was basically impossible to build on Solaris and had poor performance. The primary x0rfbserver build problems centered around esoteric C++ toolkits. x11vnc is written in plain C and needs only standard libraries and so - should work on nearly all Unixes. I also added some enhancements to - improve the interactive response, add many features, and etc. + should work on nearly all Unixes, even very old ones. I also created + enhancements to improve the interactive response, added many features, + and etc. This page including the [22]FAQ contains much information [23][*]; solutions to many problems; and interesting applications, but nevertheless please feel free to [24]contact me if you have problems - or questions (and if I save you time by giving you some of my time, - please consider a [25]paypal donation.) Please check the [26]FAQ - first; I realize this page is massive, but you can often use your - browser's find-in-page action using a keyword to find the answer to - your problem or question. + or questions (and if I save you time or expense by giving you some of + my time, please consider a [25]PayPal Donation.) + + Do check the [26]FAQ and this page first; I realize the pages are + massive, but you can often use your browser's find-in-page search + action using a keyword to find the answer to your problem or question. Please help [27]beta test the new performance speedup feature using - [28]viewer-side pixel caching "ncache". Let me know how it goes; - thanks. + [28]viewer-side pixel caching "ncache". SSVNC: An x11vnc side-project provides an [29]Enhanced TightVNC Viewer package (SSVNC) for Unix, Windows, and Mac OS X with automatic - SSL and/or SSH tunnelling support, SSL Certificate creation, saved - connection profiles, and built-in Proxy support. And for the Unix - viewer: NewFBSize, ZRLE, Viewer-side Scaling, cursor alphablending, - and low color modes. Also on Unix the UltraVNC File Transfer, Text - Chat, Single Window, Server Input, and 1/n Scaling extensions are - supported along with UltraVNC DSM encryption. This bundle could be - placed on, say, a USB memory stick for SSL/SSH VNC viewing from nearly - any networked computer. Please help test out some recently added - features: automatic service tunnelling via SSH for: CUPS and SMB - Printing, ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem - mounting; Port Knocking; and the sshvnc/tsvnc modes. + SSL and/or SSH tunnelling support, SSL Certificate creation, Saved + connection profiles, Zeroconf, VeNCrypt, and built-in Proxy support. + Added features for the TightVNC Unix viewer: NewFBSize, ZRLE encoding, + Viewer-side Scaling, cursor alphablending, low color modes, and + enhanced popup menu; UltraVNC extensions support for: File Transfer, + Text Chat, Single Window, Server Input, and 1/n Scaling extensions, + and UltraVNC DSM encryption. The SSVNC bundle could be placed on, say, + a USB memory stick for SSL/SSH VNC viewing from nearly any networked + computer. _________________________________________________________________ @@ -133,9 +133,9 @@ So the standard Xvnc/vncserver program is very useful, I use it for things like: - * Desktop conferencing with other users (e.g. codereviews.) - * Long running apps/tasks I want to be able to view from many - places. + * Desktop conferencing with other users (e.g. code reviews.) + * Long running apps/tasks I want to be able to view from many places + (e.g. from home and work.) * Motif, GNOME, and similar applications that would yield very poor performance over a high latency link. @@ -245,7 +245,7 @@ * Have x11vnc (0.9.3 or later) available to run on the remote host (i.e. in $PATH.) * Download and unpack a [55]SSVNC bundle (1.0.19 or later, e.g. - [56]ssvnc_no_windows-1.0.19.tar.gz) on the Viewer-side machine. + [56]ssvnc_no_windows-1.0.23.tar.gz) on the Viewer-side machine. * Start the SSVNC Terminal Services mode GUI: ./ssvnc/bin/tsvnc * Enter your remote username@hostname (e.g. fred@far-away.east) in the "VNC Terminal Server" entry. @@ -565,7 +565,7 @@ Tunnelling x11vnc via SSL/TLS: One can also encrypt the VNC traffic using an SSL/TLS tunnel such as - [85]stunnel (also [86]stunnel.mirt.net) or using the built-in + [85]stunnel.mirt.net (also [86]stunnel.org) or using the built-in (Mar/2006) [87]-ssl openssl mode. A SSL-enabled Java applet VNC Viewer is also provided in the x11vnc package (and https can be used to download it.) @@ -585,13 +585,13 @@ x11vnc is a contributed program to the [90]LibVNCServer project at SourceForge.net. I use libvncserver for all of the VNC aspects; I couldn't have done without it. The full source code may be found and - downloaded (either file-release tarball or CVS tree) from the above - link. As of Mar 2009, the [91]x11vnc-0.9.7.tar.gz source package is - released (recommended download). The [92]x11vnc 0.9.7 release notes. + downloaded (either file-release tarball or GIT tree) from the above + link. As of Jul 2009, the [91]x11vnc-0.9.8.tar.gz source package is + released (recommended download). The [92]x11vnc 0.9.8 release notes. The x11vnc package is the subset of the libvncserver package needed to build the x11vnc program. Also, you can get a copy of my latest, - bleeding edge [93]x11vnc-0.9.8.tar.gz tarball to build the most up to + bleeding edge [93]x11vnc-0.9.9.tar.gz tarball to build the most up to date one. Precompiled Binaries/Packages: See the [94]FAQ below for information @@ -629,13 +629,13 @@ them by default.) If your OS has libjpeg.so and libz.so in standard locations you can - build as follows (example given for the 0.9.7 release of x11vnc: + build as follows (example given for the 0.9.8 release of x11vnc: replace with the version you downloaded): (un-tar the x11vnc+libvncserver tarball) -# gzip -dc x11vnc-0.9.7.tar.gz | tar -xvf - +# gzip -dc x11vnc-0.9.8.tar.gz | tar -xvf - (cd to the source directory) -# cd x11vnc-0.9.7 +# cd x11vnc-0.9.8 (run configure and then run make) # ./configure @@ -842,6 +842,15 @@ also want to make sure that /usr/lpp/X11/include, etc is being picked up by the configure and make. + For a recent build on AIX 5.3 we needed to add these CFLAGS to be able + to build with gcc: + env CFLAGS='-maix64 -Xlinker -bbigtoc' ./configure ... + + we also built our own libjpeg and libz using -maix64. + + BTW, one way to run an Xvfb-like virtual X server for testing on AIX + is something like "/usr/bin/X11/X -force -vfb -ac :1". + Building on Mac OS X: There is now [112]native Mac OS X support for x11vnc by using the raw framebuffer feature. This mode does not use or @@ -877,13 +886,13 @@ I'd appreciate any additional testing very much. Thanks to those who suggested features and helped beta test x11vnc - 0.9.7 released in Mar 2009! + 0.9.8 released in Jul 2009! - Please help test and debug the 0.9.8 version for release sometime in - Summer 2009. + Please help test and debug the 0.9.9 version for release sometime in + 2009. - The version 0.9.8 beta tarball is kept here: - [114]x11vnc-0.9.8.tar.gz + The version 0.9.9 beta tarball is kept here: + [114]x11vnc-0.9.9.tar.gz There are also some Linux, Solaris, Mac OS X, and other OS test binaries [115]here. Please kick the tires and report bugs, performance @@ -900,15 +909,87 @@ Encryption Plugin' settings panel.) - Here are some features that will appear in the 0.9.8 release: - * Stability improvements to [122]-threads mode. Running x11vnc this + Here are some features that will appear in the 0.9.9 release: + * The [122]-unixpw_system_greeter option, when used in combined + unixpw and XDMCP FINDCREATEDISPLAY mode (e.g. [123]-xdmsvc), + enables the user to press Escape to jump directly to the + XDM/GDM/KDM login greeter screen. This way the user avoids + entering his unix password twice at X session creation time. Also, + the unixpw login panel now has a short help displayed if the user + presses 'F1'. + * x11vnc now tries to be a little bit more aggressive in keeping up + with VNC client's framebuffer update requests. Some broken VNC + clients like Eggplant and JollysFastVNC continuously spray these + requests at VNC servers (regardless of whether they have received + any updates or not.) Under some circumstances this could lead to + x11vnc falling behind. The [124]-extra_fbur option allows one to + fine tune the setting. Additionally, one may also dial down + delays: e.g. "[125]-defer 5" and "[126]-wait 5" (or to 1 or even + 0) or [127]-nonap or [128]-allinput to keep up with these VNC + clients at the expense of increased system load. + * Heuristics are applied to try to determine if the X display is + currently in a Display Manager Greeter Login panel (e.g. GDM) If + so, x11vnc's creation of any windows and use of XFIXES are + delayed. This is to try to avoid x11vnc being killed after the + user logs in if the GDM KillInitClients=true is in effect. So one + does not need to set KillInitClients=false. Note that in recent + GDM the KillInitClients option has been removed. Also delayed is + the use of the XFIXES cursor fetching functionality; this avoids + an Xorg bug that causes Xorg to crash right after the user logs + in. + * A new option [129]-findauth runs the FINDDISPLAY script that + applies heuristics that try to determine the XAUTHORITY file. The + use of '[130]-auth guess' will use the XAUTHORITY that -findauth + reveals. This can be handy in with the lastest GDM where the + ability to store cookies in ~/.Xauthority has been removed. If + x11vnc is running as root (e.g. inetd) and you add -env FD_XDM=1 + to the above -findauth or -auth guess command lines, it will find + the correct XAUTHORITY for the given display (this works for + XDM/GDM/KDM if the login greeter panel is up or if someone has + already logged into an X session.) + * The FINDDISPLAY and FINDCREATEDISPLAY modes (i.e. "[131]-display + WAIT:cmd=...", [132]-find, [133]-create) now work correctly for + the user-supplied login program scheme "[134]-unixpw_cmd ...", as + long as the login program supports running commands specified in + the environment variable "RFB_UNIXPW_CMD_RUN" as the logged-in + user. The mode "[135]-unixpw_nis ..." has also been made more + consistent. + * The [136]-stunnel option (like [137]-ssl but uses stunnel as an + external helper program) now works with the [138]-ssl "SAVE" and + "TMP" special certificate names. The [139]-sslverify and + [140]-sslCRL options now work correctly in [141]-stunnel mode. + Single port HTTPS connections are also supported for this mode. + * There is an experimental Application Sharing mode that improves + upon the -id/-sid single window sharing: [142]-appshare (run + "x11vnc -appshare -help" for more info.) It is still very + primitive and approximate, but at least it displays multiple + top-level windows. + * The remote control command [143]-R can be used to instruct x11vnc + to resend its most recent copy of the Clipboard, Primary, or + Cutbuffer selections: "x11vnc -R resend_clipboard", "x11vnc -R + resend_primary", and "x11vnc -R resend_cutbuffer". + * The fonts in the GUI ([144]-gui) can now by set via environment + variables, e.g. -env X11VNC_FONT_BOLD='Helvetica -16 bold' and + -env X11VNC_FONT_FIXED='Courier -14'. + * The XDAMAGE mechanism is now automatically disabled for a period + of time if a game or screensaver generates too many XDAMAGE + rectangles per second. This avoids the X11 event queue from + soaking up too much memory. + * There is an experimental workaround: "-env X11VNC_WATCH_DX_DY=1" + that tries to avoid problems with poorly constructed menu themes + that place the initial position of the mouse cursor inside a menu + item's active zone. More information [145]can be found here. + + + Here are some features that appeared in the 0.9.8 release: + * Stability improvements to [146]-threads mode. Running x11vnc this way is more reliable now. Threaded operation sometimes gives better interactive response and faster updates: try it out. The threaded mode now supports multiple VNC viewers using the same VNC encoding. The threaded mode can also yield a performance enhancement in the many client case (e.g. class-room broadcast.) We have tested with 30 to 50 simultaneous clients. See also - [123]-reflect. + [147]-reflect. For simultaneous clients: the ZRLE encoding is thread safe on all platforms, and the Tight and Zlib encodings are currently only thread safe on Linux where thread local storage, __thread, is @@ -917,12 +998,12 @@ connected client, all encodings are safe on all platforms. Note that some features (e.g. scroll detection and -ncache) may be disabled or run with reduced functionality in -threads mode. - * Automatically tries to work around an [124]Xorg server bug + * Automatically tries to work around an [148]Xorg server bug involving infinitely repeating keys when turning off key - repeating. Use [125]-repeat if the automatic workaround fails. + repeating. Use [149]-repeat if the automatic workaround fails. * Improved reliability of the Single Port SSL VNC and HTTPS java viewer applet delivery mechanism. - * The [126]-clip mode works under [127]-rawfb. + * The [150]-clip mode works under [151]-rawfb. Here are some features that appeared in the 0.9.7 release: @@ -932,38 +1013,38 @@ case the special file /dev/vcsa2 is used to retrieve vt2's current text. Text and colors are shown, but no graphics. * Support for less than 8 bits per pixel framebuffers (e.g. 4 or 1 - bpp) in the [128]-rawfb mode. + bpp) in the [152]-rawfb mode. * The SSL enabled UltraVNC Java viewer applet now has a [Home] entry in the "drives" drop down menu. This menu can be configured with the ftpDropDown applet parameter. All of the applet parameters are documented in classes/ssl/README. - * Experimental support for [129]VirtualGL's [130]TurboVNC (an + * Experimental support for [153]VirtualGL's [154]TurboVNC (an enhanced TightVNC for fast LAN high framerate usage.) * The CUPS Terminal Services helper mode has been improved. - * Improvements to the [131]-ncache_cr that allows smooth opaque + * Improvements to the [155]-ncache_cr that allows smooth opaque window motions using the 'copyrect' encoding when using - [132]-ncache mode. - * The [133]-rmflag option enables a way to indicate to other + [156]-ncache mode. + * The [157]-rmflag option enables a way to indicate to other processes x11vnc has exited. * Reverse connections using anonymous Diffie Hellman SSL encryption now work. Here are some features that appeared in the 0.9.6 release: - * Support for [134]VeNCrypt SSL/TLS encrypted connections. It is - enabled by default in the [135]-ssl mode. VNC Viewers like - vinagre, gvncviewer/gtk-vnc, the vencrypt package, and others - support this encryption mode. It can also be used with the - [136]-unixpw option to enable Unix username and password + * Support for [158]VeNCrypt SSL/TLS encrypted connections. It is + enabled by default in the [159]-ssl mode. VNC Viewers like + vinagre, gvncviewer/gtk-vnc, the vencrypt package, [160]SSVNC, and + others support this encryption mode. It can also be used with the + [161]-unixpw option to enable Unix username and password authentication (VeNCrypt's "*Plain" modes.) A similar but older VNC security type "ANONTLS" (used by vino) is supported as well. - See the [137]-vencrypt and [138]-anontls options for additional + See the [162]-vencrypt and [163]-anontls options for additional control. The difference between x11vnc's normal -ssl mode and VeNCrypt is that the former wraps the entire VNC connection in SSL (like HTTPS does for HTTP, i.e. "vncs://") while VeNCrypt switches on the SSL/TLS at a certain point during the VNC handshake. Use - [139]-sslonly to disable both VeNCrypt and ANONTLS (vino.) - * The "[140]-ssl ANON" option enables Anonymous Diffie-Hellman (ADH) + [164]-sslonly to disable both VeNCrypt and ANONTLS (vino.) + * The "[165]-ssl ANON" option enables Anonymous Diffie-Hellman (ADH) key exchange for x11vnc's normal SSL/TLS operation. Note that Anonymous Diffie-Hellman uses encryption for privacy, but provides no authentication and so is susceptible to Man-In-The-Middle @@ -971,17 +1052,17 @@ SAVE", etc. and have the VNC viewer verify the cert.) The ANONTLS mode (vino) only supports ADH. VeNCrypt mode supports both ADH and regular X509 SSL certificates modes. For these ADH is enabled by - default. See [141]-vencrypt and [142]-anontls for how to disable + default. See [166]-vencrypt and [167]-anontls for how to disable ADH. * For x11vnc's SSL/TLS modes, one can now specify a Certificate - Revocation List (CRL) with the [143]-sslCRL option. This will only + Revocation List (CRL) with the [168]-sslCRL option. This will only be useful for wide deployments: say a company-wide x11vnc SSL access deployment using a central Certificate Authority (CA) via - [144]-sslGenCA and [145]-sslGenCert. This way if a user has his + [169]-sslGenCA and [170]-sslGenCert. This way if a user has his laptop lost or stolen, you only have to revoke his key instead of creating a new Certificate Authority and redeploying new keys to all users. - * The default SSL/TLS mode, "[146]-ssl" (no pem file parameter + * The default SSL/TLS mode, "[171]-ssl" (no pem file parameter supplied), is now the same as "-ssl SAVE" and will save the generated self-signed cert in "~/.vnc/certs/server.pem". Previously "-ssl" would create a temporary self-signed cert that @@ -991,45 +1072,45 @@ same x11vnc server. Use "-ssl TMP" to regain the previous behavior. Use "-ssl SAVE_NOPROMPT" to avoid being prompted about using passphrase when the certificate is created. - * The option [147]-http_oneport enables single-port HTTP connections + * The option [172]-http_oneport enables single-port HTTP connections via the Java VNC Viewer. So, for example, the web browser URL "http://myhost.org:5900" works the same as "http://myhost.org:5800", but with the convenience of only involving one port instead of two. This works for both unencrypted - connections and for SSH tunnels (see [148]-httpsredir if the + connections and for SSH tunnels (see [173]-httpsredir if the tunnel port differs.) Note that HTTPS single-port operation in - [149]-ssl SSL encrypted mode has been available since x11vnc + [174]-ssl SSL encrypted mode has been available since x11vnc version 0.8.3. - * For the [150]-avahi/[151]-zeroconf Service Advertizing mode, if + * For the [175]-avahi/[176]-zeroconf Service Advertizing mode, if x11vnc was not compiled with the avahi-client library, then an external helper program, either avahi-publish(1) (on Unix) or dns-sd(1) (on Mac OS X), is used instead. - * The "[152]-rfbport PROMPT" option will prompt the user via the GUI + * The "[177]-rfbport PROMPT" option will prompt the user via the GUI to select the VNC port (e.g. 5901) to listen on, and a few other basic settings. This enables a handy GUI mode for naive users: x11vnc -gui tray=setpass -rfbport PROMPT -logfile $HOME/.x11vnc.log.%VNCDISP LAY suitable for putting in a launcher or menu, e.g. - [153]x11vnc.desktop. The [154]-logfile expansion is new too. In + [178]x11vnc.desktop. The [179]-logfile expansion is new too. In the GUI, the tray=setpass Properties panel has been improved. - * The [155]-solid solid background color option now works for the + * The [180]-solid solid background color option now works for the Mac OS X console. - * The [156]-reopen option instructs x11vnc to try to reopen the X + * The [181]-reopen option instructs x11vnc to try to reopen the X display if it is prematurely closed by, say, the display manager - (e.g. [157]GDM.) + (e.g. [182]GDM.) Here are some features that appeared in the 0.9.5 release: - * Symmetric key [158]encryption ciphers. ARC4, AES-128, AES-256, + * Symmetric key [183]encryption ciphers. ARC4, AES-128, AES-256, blowfish, and 3des are supported. Salt and initialization vector seeding is provided. These compliment the more widely used SSL and - SSH encryption access methods. [159]SSVNC also supports these + SSH encryption access methods. [184]SSVNC also supports these encryption modes. * Scaling differently along the X- and Y-directions. E.g. - "[160]-scale 1280x1024" or "-scale 0.8x0.75" Also, - "[161]-geometry WxH" is an alias for "-scale WxH" + "[185]-scale 1280x1024" or "-scale 0.8x0.75" Also, + "[186]-geometry WxH" is an alias for "-scale WxH" * By having SSVNC version 1.0.21 or later available in your $PATH, - the [162]-chatwindow option allows a UltraVNC Text Chat window to + the [187]-chatwindow option allows a UltraVNC Text Chat window to appear on the local X11 console/display (this way the remote viewer can chat with the person at the physical display; e.g. helpdesk mode.) This also works on the Mac OS X console if the @@ -1041,46 +1122,47 @@ Here are some features that appeared in the 0.9.4 release: - * Improvements to the [163]-find and [164]-create X session finding + * Improvements to the [188]-find and [189]-create X session finding or creating modes: new desktop types and service redirection options. Personal cupsd daemon and SSH port redirection helper for - use with [165]SSVNC's Terminal Services feature. - * Reverse VNC connections via [166]-connect work in the [167]-find, - [168]-create and related [169]-display WAIT:... modes. + use with [190]SSVNC's Terminal Services feature. + * Reverse VNC connections via [191]-connect work in the [192]-find, + [193]-create and related [194]-display WAIT:... modes. * Reverse VNC connections (either normal or SSL) can use a Web Proxy or a SOCKS proxy, or a SSH connection, or even a CGI URL to make - the outgoing connection. See: [170]-proxy. Forward connections can - also use: [171]-ssh. - * Reverse VNC connections via the [172]UltraVNC repeater proxy + the outgoing connection. See: [195]-proxy. Forward connections can + also use: [196]-ssh. + * Reverse VNC connections via the [197]UltraVNC repeater proxy (either normal or SSL) are supported. Use either the - "[173]-connect repeater=ID:NNNN+host:port" or "[174]-connect - repeater://host:port+ID:NNNN" notation. The [175]SSVNC VNC viewer - also supports the UltraVNC repeater. + "[198]-connect repeater=ID:NNNN+host:port" or "[199]-connect + repeater://host:port+ID:NNNN" notation. The [200]SSVNC VNC viewer + also supports the UltraVNC repeater. Also, a perl repeater + implemention is here: [201]ultravnc_repeater.pl * Support for indexed colormaps (PseudoColor) with depths other than 8 (from 1 to 16 now work) for non-standard hardware. Option - "[176]-advertise_truecolor" to handle some workaround in this + "[202]-advertise_truecolor" to handle some workaround in this mode. * Support for the ZYWRLE encoding, this is the RealVNC ZRLE encoding extended to do motion video and photo regions more efficiently by way of a Wavelet based transformation. - * The [177]-finddpy and [178]-listdpy utilities help to debug and - configure the [179]-find, [180]-create, and [181]-display WAIT:... + * The [203]-finddpy and [204]-listdpy utilities help to debug and + configure the [205]-find, [206]-create, and [207]-display WAIT:... modes. * Some automatic detection of screen resizes are handled even if the - [182]-xrandr option is not supplied. - * The [183]-autoport options gives more control over the VNC port + [208]-xrandr option is not supplied. + * The [209]-autoport options gives more control over the VNC port x11vnc chooses. - * The [184]-ping secs can be used to help keep idle connections + * The [210]-ping secs can be used to help keep idle connections alive. * Pasting of the selection/clipboard into remote applications (e.g. Java) has been improved. * Fixed a bug if a client disconnects during the 'speed-estimation' phase. * To unset Caps_Lock, Num_Lock and raise all keys in the X server - use [185]-clear_all. + use [211]-clear_all. * Usage with dvorak keyboards has been improved. See also: - [186]-xkb. - * The [187]Java Viewer applet source code is now included in the + [212]-xkb. + * The [213]Java Viewer applet source code is now included in the x11vnc-0.9.*.tar.gz tarball. This means you can now build the Java viewer applet jar files from source. If you stopped shipping the Java viewer applet jar files due to lack of source code, you can @@ -1088,7 +1170,7 @@ Here are some features that appeared in the 0.9.3 release: - * [188]Viewer-side pixmap caching. A large area of pixels (at least + * [214]Viewer-side pixmap caching. A large area of pixels (at least 2-3 times as big as the framebuffer itself; the bigger the better... default is 10X) is placed below the framebuffer to act as a buffer/cache area for pixel data. The VNC CopyRect encoding @@ -1096,7 +1178,7 @@ Until we start modifying viewers you will be able to see the cache area if you scroll down (this makes it easier to debug!) For testing the default is "-ncache 10". The unix Enhanced TightVNC - Viewer [189]ssvnc has a nice [190]-ycrop option to help hide the + Viewer [215]ssvnc has a nice [216]-ycrop option to help hide the pixel cache area from view. @@ -1109,14 +1191,14 @@ * If UltraVNC file transfer or chat is detected, then VNC clients are "pinged" more often to prevent these side channels from becoming serviced too infrequently. - * In [191]-unixpw mode in the username and password dialog no text + * In [217]-unixpw mode in the username and password dialog no text will be echoed if the first character sent is "Escape". This enables a convenience feature in SSVNC to send the username and password automatically. Here are some features that appeared in the 0.9.1 release: - * The [192]UltraVNC Java viewer has been enhanced to support SSL (as + * The [218]UltraVNC Java viewer has been enhanced to support SSL (as the TightVNC viewer had been previously.) The UltraVNC Java supports ultravnc filetransfer, and so can be used as a VNC viewer on Unix that supports ultravnc filetransfer. It is in the @@ -1127,12 +1209,12 @@ Some other bugs in the UltraVNC Java viewer were fixed and a few improvements to the UI made. * A new Unix username login mode for VNC Viewers authenticated via a - Client SSL Certificate: "[193]-users sslpeer=". The emailAddress + Client SSL Certificate: "[219]-users sslpeer=". The emailAddress subject field is inspected for username@hostname and then acts as though "-users +username" has been supplied. This way the Unix username is identified by (i.e. simply extracted from) the Client - SSL Certificate. This could be useful with [194]-find, - [195]-create and [196]-svc modes if you are also have set up and + SSL Certificate. This could be useful with [220]-find, + [221]-create and [222]-svc modes if you are also have set up and use VNC Client SSL Certificate authentication. * For external display finding/creating programs (e.g. WAIT:cmd=...) if the VNC Viewer is authenticated via a Client SSL Certificate, @@ -1141,41 +1223,41 @@ Here are some features that appeared in the 0.9 release: - * [197]VNC Service advertising via mDNS / ZeroConf / BonJour with - the [198]Avahi client library. Enable via "[199]-avahi" or - "[200]-zeroconf". + * [223]VNC Service advertising via mDNS / ZeroConf / BonJour with + the [224]Avahi client library. Enable via "[225]-avahi" or + "[226]-zeroconf". * Implementations of UltraVNC's TextChat, SingleWindow, and - ServerInput extensions (requires ultravnc viewer or [201]ssvnc + ServerInput extensions (requires ultravnc viewer or [227]ssvnc Unix viewer.) They toggle the selection of a single window - ([202]-id), and disable (friendly) user input and viewing (monitor + ([228]-id), and disable (friendly) user input and viewing (monitor blank) at the VNC server. - * Short aliases "[203]-find", "[204]-create", "[205]-svc", and - "[206]-xdmsvc" for commonly used FINDCREATEDISPLAY usage modes. + * Short aliases "[229]-find", "[230]-create", "[231]-svc", and + "[232]-xdmsvc" for commonly used FINDCREATEDISPLAY usage modes. * Reverse VNC connections (viewer listening) now work in SSL - ([207]-ssl) mode. + ([233]-ssl) mode. * New options to control the Monitor power state and keyboard/mouse - grabbing: [208]-forcedpms, [209]-clientdpms, [210]-noserverdpms, - and [211]-grabalways. + grabbing: [234]-forcedpms, [235]-clientdpms, [236]-noserverdpms, + and [237]-grabalways. * A simple way to emulate inetd(8) to some degree via the - "[212]-loopbg" option. - * Monitor the accuracy of XDAMAGE and apply "[213]-noxdamage" if it - is not working well. OpenGL applications like like [214]beryl and + "[238]-loopbg" option. + * Monitor the accuracy of XDAMAGE and apply "[239]-noxdamage" if it + is not working well. OpenGL applications like like [240]beryl and MythTv have been shown to make XDAMAGE not work properly. * For Java SSL connections involving a router/firewall port - redirection, an option [215]-httpsredir to spare the user from + redirection, an option [241]-httpsredir to spare the user from needing to include &PORT=NNN in the browser URL. Here are some features that appeared in the 0.8.4 release: - * Native [216]Mac OS X Aqua/Quartz support. (i.e. OSXvnc + * Native [242]Mac OS X Aqua/Quartz support. (i.e. OSXvnc alternative; some activities are faster) - * A [217]new login mode: "-display WAIT:cmd=FINDCREATEDISPLAY + * A [243]new login mode: "-display WAIT:cmd=FINDCREATEDISPLAY -unixpw ..." that will Create a new X session (either virtual or real and with or without a display manager, e.g. kdm) for the user if it cannot find the user's X session display via the FINDDISPLAY - method. See the [218]-svc and the [219]-xdmsvc aliases. - * x11vnc can act as a VNC [220]reflector/repeater using the - "[221]-reflect host:N" option. Instead of polling an X display, + method. See the [244]-svc and the [245]-xdmsvc aliases. + * x11vnc can act as a VNC [246]reflector/repeater using the + "[247]-reflect host:N" option. Instead of polling an X display, the remote VNC Server host:N is connected to and re-exported via VNC. This is intended for use in broadcasting a display to many (e.g. > 16; classroom or large demo) VNC viewers where bandwidth @@ -1183,16 +1265,16 @@ number of repeaters. * Wireframe copyrect detection for local user activity (e.g. someone sitting at the physical display moving windows) Use - [222]-nowireframelocal to disable. - * The "[223]-N" option couples the VNC Display number to the X + [248]-nowireframelocal to disable. + * The "[249]-N" option couples the VNC Display number to the X Display number. E.g. if your X DISPLAY is :2 then the VNC display will be :2 (i.e. using port 5902.) If that port is taken x11vnc will exit. - * Option [224]-nodpms to avoid problems with programs like KDE's + * Option [250]-nodpms to avoid problems with programs like KDE's kdesktop_lock that keep restarting the screen saver every few seconds. * To automatically fix the common mouse motion problem on XINERAMA - (multi-headed) displays, the [225]-xwarppointer option is enabled + (multi-headed) displays, the [251]-xwarppointer option is enabled by default when XINERAMA is active. If you have a Mac please try out the native Mac OS X support, build @@ -1202,62 +1284,62 @@ Here are some features that appeared in the 0.8.3 release: - * The [226]-ssl option provides SSL encryption and authentication - natively via the [227]www.openssl.org library. One can use from a + * The [252]-ssl option provides SSL encryption and authentication + natively via the [253]www.openssl.org library. One can use from a simple self-signed certificate server certificate up to full CA and client certificate authentication schemes. - * Similar to -ssl, the [228]-stunnel option starts up a SSL tunnel + * Similar to -ssl, the [254]-stunnel option starts up a SSL tunnel server stunnel (that must be installed separately on the system: - [229]www.stunnel.org [230]stunnel.mirt.net ) to allow only - encrypted SSL connections from the network. - * The [231]-sslverify option allows for authenticating VNC clients + [255]stunnel.mirt.net ) to allow only encrypted SSL connections + from the network. + * The [256]-sslverify option allows for authenticating VNC clients via their certificates in either -ssl or -stunnel modes. * Certificate creation and management tools are provide in the - [232]-sslGenCert, [233]-sslGenCA, and [234]related options. + [257]-sslGenCert, [258]-sslGenCA, and [259]related options. * An SSL enabled Java applet VNC Viewer applet is provided by x11vnc in classes/ssl/VncViewer.jar. In addition to normal HTTP, the applet may be loaded into the web browser via HTTPS (HTTP over SSL.) (one can use the VNC port, e.g. https://host:5900/, or also - the separate [235]-https port option.) A wrapper shell script - [236]ss_vncviewer is also provided that sets up a stunnel - client-side tunnel on Unix systems. See [237]Enhanced TightVNC + the separate [260]-https port option.) A wrapper shell script + [261]ss_vncviewer is also provided that sets up a stunnel + client-side tunnel on Unix systems. See [262]Enhanced TightVNC Viewer (SSVNC) for other SSL/SSH viewer possibilities. - * The [238]-unixpw option supports Unix username and password - authentication (a simpler variant is the [239]-unixpw_nis option + * The [263]-unixpw option supports Unix username and password + authentication (a simpler variant is the [264]-unixpw_nis option that works in environments where the encrypted passwords are - readable, e.g. NIS.) The [240]-ssl or [241]-localhost + - [242]-stunnel options are enforced in this mode to prevent + readable, e.g. NIS.) The [265]-ssl or [266]-localhost + + [267]-stunnel options are enforced in this mode to prevent password sniffing. As a convenience, these requirements are lifted if a SSH tunnel can be deduced (but -localhost still applies.) - * Coupling [243]-unixpw with "[244]-display WAIT:cmd=FINDDISPLAY" or + * Coupling [268]-unixpw with "[269]-display WAIT:cmd=FINDDISPLAY" or "-display WAIT:cmd=FINDCREATEDISPLAY" provides a way to allow a user to login with their UNIX password and have their display - connected to [245]automatically. See the [246]-svc and the - [247]-xdmsvc aliases. - * Hooks are provided in the [248]-unixpw_cmd and "[249]-passwdfile + connected to [270]automatically. See the [271]-svc and the + [272]-xdmsvc aliases. + * Hooks are provided in the [273]-unixpw_cmd and "[274]-passwdfile cmd:,custom:..." options to allow you to supply your own authentication and password lookup programs. * x11vnc can be configured and built to not depend on X11 libraries - "./configure --without-x" for [250]-rawfb only operation (e.g. + "./configure --without-x" for [275]-rawfb only operation (e.g. embedded linux console devices.) - * The [251]-rotate option enables you to rotate or reflect the + * The [276]-rotate option enables you to rotate or reflect the screen before exporting via VNC. This is intended for use on handhelds and other devices where the rotation orientation is not "natural". - * The "[252]-ultrafilexfer" alias is provided and improved UltraVNC + * The "[277]-ultrafilexfer" alias is provided and improved UltraVNC filetransfer rates have been achieved. - * Under the "[253]-connect_or_exit host" option x11vnc will exit + * Under the "[278]-connect_or_exit host" option x11vnc will exit immediately unless the reverse connection to host succeeds. The "-rfbport 0" option disables TCP listening for connections (useful for this mode.) - * The "[254]-rawfb rand" and "-rawfb none" options are useful for + * The "[279]-rawfb rand" and "-rawfb none" options are useful for testing automation scripts, etc., without requiring a full desktop. - * Reduced spewing of information at startup, use "[255]-verbose" + * Reduced spewing of information at startup, use "[280]-verbose" (also "-v") to turn it back on for debugging or if you are going to send me a problem report. - Here are some [256]Previous Release Notes + Here are some [281]Previous Release Notes _________________________________________________________________ Some Notes: @@ -1284,13 +1366,13 @@ protocol.) I suggest using xsetroot, dtstyle or similar utility to set a solid background while using x11vnc. You can turn the pretty background image back on when you are using the display directly. - Update: As of Feb/2005 x11vnc has the [257]-solid [color] option that + Update: As of Feb/2005 x11vnc has the [282]-solid [color] option that works on recent GNOME, KDE, and CDE and also on classic X (background image is on the root window.) Update: As of Oct/2007 x11vnc has the - [258]-ncache option that does a reasonable job caching the background + [283]-ncache option that does a reasonable job caching the background (and other) pixmap data on the viewer side. - I also find the [259]TightVNC encoding gives the best response for my + I also find the [284]TightVNC encoding gives the best response for my usage (Unix <-> Unix over cable modem.) One needs a tightvnc-aware vncviewer to take advantage of this encoding. @@ -1302,17 +1384,17 @@ is X11's default listening port.) Had port 5900 been taken by some other application, x11vnc would have next tried 5901. That would mean the viewer command above should be changed to vncviewer - far-away.east:1. You can force the port with the "[260]-rfbport NNNN" + far-away.east:1. You can force the port with the "[285]-rfbport NNNN" option where NNNN is the desired port number. If that port is already - taken, x11vnc will exit immediately. The "[261]-N" option will try to + taken, x11vnc will exit immediately. The "[286]-N" option will try to match the VNC display number to the X display. (also see the "SunRay Gotcha" note below) Options: x11vnc has (far too) many features that may be activated - via its [262]command line options. Useful options are, e.g., -scale to + via its [287]command line options. Useful options are, e.g., -scale to do server-side scaling, and -rfbauth passwd-file to use VNC password protection (the vncpasswd or storepasswd programs, or the x11vnc - [263]-storepasswd option can be used to create the password file.) + [288]-storepasswd option can be used to create the password file.) Algorithm: How does x11vnc do it? Rather brute-forcedly: it continuously polls the X11 framebuffer for changes using @@ -1340,7 +1422,7 @@ first testing out the programs. You get an interesting recursive/feedback effect where vncviewer images keep popping up each one contained in the previous one and slightly shifted a bit by the - window manager decorations. There will be an [264]even more + window manager decorations. There will be an [289]even more interesting effect if -scale is used. Also, if the XKEYBOARD is supported and the XBell "beeps" once, you get an infinite loop of beeps going off. Although all of this is mildly exciting it is not @@ -1350,8 +1432,8 @@ Sun Ray Notes: - You can run x11vnc on your (connected or disconnected) [265]SunRay - session. Here are some [266]notes on SunRay usage with x11vnc. + You can run x11vnc on your (connected or disconnected) [290]SunRay + session. Here are some [291]notes on SunRay usage with x11vnc. _________________________________________________________________ @@ -1363,7 +1445,7 @@ than you normally do to minimize the effects (e.g. do fullpage paging rather than line-by-line scrolling, and move windows in a single, quick motion.) Recent work has provided the - [267]-scrollcopyrect and [268]-wireframe speedups using the + [292]-scrollcopyrect and [293]-wireframe speedups using the CopyRect VNC encoding and other things, but they only speed up some activities, not all. * A rate limiting factor for x11vnc performance is that graphics @@ -1422,18 +1504,18 @@ but we mention it because it may be of use for special purpose applications. You may need to use the "-cc 4" option to force Xvfb to use a TrueColor visual instead of DirectColor. See also the - description of the [269]-create option that does all of this + description of the [294]-create option that does all of this automatically for you. Also, a faster and more accurate way is to use the "dummy" XFree86/Xorg device driver (or our Xdummy wrapper script.) See - [270]this FAQ for details. + [295]this FAQ for details. * Somewhat surprisingly, the X11 mouse (cursor) shape is write-only and cannot be queried from the X server. So traditionally in x11vnc the cursor shape stays fixed at an arrow. (see the "-cursor - X" and "-cursor some" [271]options, however, for a partial hack + X" and "-cursor some" [296]options, however, for a partial hack for the root window, etc.) However, on Solaris using the SUN_OVL overlay extension, x11vnc can show the correct mouse cursor when - the [272]-overlay option is also supplied. A similar thing is done + the [297]-overlay option is also supplied. A similar thing is done on IRIX as well when -overlay is supplied. More generally, as of Dec/2004 x11vnc supports the new XFIXES extension (in Xorg and Solaris 10) to query the X server for the @@ -1441,18 +1523,18 @@ with transparency (alpha channel) need to approximated to solid RGB values (some cursors look worse than others.) * Audio from applications is of course not redirected (separate - redirectors do exist, e.g. esd, see [273]the FAQ on this below.) + redirectors do exist, e.g. esd, see [298]the FAQ on this below.) The XBell() "beeps" will work if the X server supports the XKEYBOARD extension. (Note that on Solaris XKEYBOARD is disabled by default. Passing +kb to Xsun enables it.) - * The scroll detection algorithm for the [274]-scrollcopyrect option + * The scroll detection algorithm for the [299]-scrollcopyrect option can give choppy or bunched up transient output and occasionally painting errors. * Using -threads can expose some bugs/crashes in libvncserver. - Please feel free to [275]contact me if you have any questions, + Please feel free to [300]contact me if you have any questions, problems, or comments about x11vnc, etc. - Also, some people ask if they can make a donation, see [276]this link + Also, some people ask if they can make a donation, see [301]this link for that. References @@ -1469,9 +1551,9 @@ 10. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers 11. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi 12. http://www.karlrunge.com/x11vnc/faq.html#faq-filexfer - 13. http://www.karlrunge.com/x11vnc/faq.html#faq-video - 14. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded - 15. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx + 13. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx + 14. http://www.karlrunge.com/x11vnc/faq.html#faq-video + 15. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded 16. http://www.karlrunge.com/x11vnc/index.html#beta-test 17. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay 18. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create @@ -1512,7 +1594,7 @@ 53. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd 54. http://www.karlrunge.com/x11vnc/index.html#vnc_password_file 55. http://www.karlrunge.com/x11vnc/ssvnc.html#download - 56. http://downloads.sourceforge.net/ssvnc/ssvnc_no_windows-1.0.19.tar.gz?use_mirror + 56. http://downloads.sourceforge.net/ssvnc/ssvnc_no_windows-1.0.23.tar.gz?use_mirror 57. http://www.karlrunge.com/x11vnc/index.html#tunnelling 58. http://www.karlrunge.com/x11vnc/ssvnc.html#tsvnc 59. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect @@ -1541,15 +1623,15 @@ 82. http://www.karlrunge.com/x11vnc/ssvnc.html 83. http://www.karlrunge.com/x11vnc/faq.html#faq-allow-opt 84. http://www.karlrunge.com/x11vnc/faq.html#faq-tcp_wrappers - 85. http://www.stunnel.org/ - 86. http://stunnel.mirt.net/ + 85. http://stunnel.mirt.net/ + 86. http://www.stunnel.org/ 87. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl 88. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int 89. http://www.karlrunge.com/x11vnc/ssvnc.html 90. http://sourceforge.net/projects/libvncserver/ - 91. http://sourceforge.net/project/showfiles.php?group_id=32584&package_id=119006&release_id=672184 - 92. http://sourceforge.net/project/shownotes.php?release_id=672184&group_id=32584 - 93. http://x11vnc.sourceforge.net/dev/x11vnc-0.9.8.tar.gz + 91. http://sourceforge.net/project/showfiles.php?group_id=32584&package_id=119006&release_id=695585 + 92. http://sourceforge.net/project/shownotes.php?group_id=32584&release_id=695585 + 93. http://x11vnc.sourceforge.net/dev/x11vnc-0.9.9.tar.gz 94. http://www.karlrunge.com/x11vnc/faq.html#faq-binaries 95. http://www.tightvnc.com/download.html 96. http://www.realvnc.com/products/free/4.1/download.html @@ -1570,7 +1652,7 @@ 111. http://www.karlrunge.com/x11vnc/faq.html#faq-solaris251build 112. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx 113. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int - 114. http://x11vnc.sourceforge.net/dev/x11vnc-0.9.8.tar.gz + 114. http://x11vnc.sourceforge.net/dev/x11vnc-0.9.9.tar.gz 115. http://www.karlrunge.com/x11vnc/bins 116. mailto:xvml@karlrunge.com 117. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int @@ -1578,161 +1660,186 @@ 119. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext 120. http://www.karlrunge.com/x11vnc/ssvnc.html 121. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-enc - 122. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads - 123. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect - 124. http://bugs.freedesktop.org/show_bug.cgi?id=21454 - 125. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-repeat - 126. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip - 127. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 128. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 129. http://www.virtualgl.org/ - 130. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc - 131. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_cr - 132. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache - 133. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rmflag - 134. http://sourceforge.net/projects/vencrypt/ - 135. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 136. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 137. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt - 138. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls - 139. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslonly - 140. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 141. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt - 142. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls - 143. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL - 144. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA - 145. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert - 146. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 147. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http_oneport - 148. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir - 149. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 150. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi - 151. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf - 152. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport - 153. http://www.karlrunge.com/x11vnc/x11vnc.desktop - 154. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-o - 155. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid - 156. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen - 157. http://www.karlrunge.com/x11vnc/faq.html#infaq_gdm - 158. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-enc - 159. http://www.karlrunge.com/x11vnc/ssvnc.html - 160. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale - 161. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-geometry - 162. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-chatwindow - 163. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 164. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 165. http://www.karlrunge.com/x11vnc/ssvnc.html - 166. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect - 167. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 168. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 169. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 170. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy - 171. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssh - 172. http://www.uvnc.com/addons/repeater.html - 173. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect - 174. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 175. http://www.karlrunge.com/x11vnc/ssvnc.html - 176. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-advertise_truecolor - 177. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-finddpy - 178. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-listdpy - 179. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 180. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 181. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 182. http://www.karlrunge.com/x11vnc/faq.html#faq-xrandr - 183. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-autoport - 184. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ping - 185. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all - 186. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb - 187. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 188. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching - 189. http://www.karlrunge.com/x11vnc/ssvnc.html - 190. http://www.karlrunge.com/x11vnc/ssvnc.html#ycrop - 191. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 192. http://www.ultravnc.com/ - 193. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 194. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 195. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 196. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 197. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi - 198. http://www.avahi.org/ - 199. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi - 200. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf - 201. http://www.karlrunge.com/x11vnc/ssvnc.html - 202. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 203. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 204. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 205. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 206. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 207. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 208. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forcedpms - 209. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clientdpms - 210. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms - 211. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabalways - 212. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 213. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage - 214. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl - 215. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir - 216. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx - 217. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 218. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 219. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 220. http://www.karlrunge.com/x11vnc/faq.html#faq-reflect - 221. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect - 222. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nowireframelocal - 223. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N - 224. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms - 225. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer - 226. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 227. http://www.openssl.org/ - 228. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 229. http://www.stunnel.org/ - 230. http://stunnel.mirt.net/ - 231. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 232. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert - 233. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA - 234. http://www.karlrunge.com/x11vnc/ssl.html - 235. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https - 236. http://www.karlrunge.com/x11vnc/faq.html#infaq_ss_vncviewer - 237. http://www.karlrunge.com/x11vnc/ssvnc.html - 238. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 239. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis - 240. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 241. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 242. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 243. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 244. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 245. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin - 246. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 247. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 248. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd - 249. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 250. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 251. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate - 252. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer - 253. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit - 254. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 255. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-v, - 256. http://www.karlrunge.com/x11vnc/prevrels.html - 257. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid - 258. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache - 259. http://www.tightvnc.com/ - 260. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport - 261. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N - 262. http://www.karlrunge.com/x11vnc/x11vnc_opts.html - 263. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd - 264. http://www.karlrunge.com/x11vnc/recurse_x11vnc.jpg - 265. http://www.sun.com/sunray/index.html - 266. http://www.karlrunge.com/x11vnc/sunray.html - 267. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 268. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 269. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 270. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb - 271. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor - 272. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay - 273. http://www.karlrunge.com/x11vnc/faq.html#faq-sound - 274. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 275. mailto:xvml@karlrunge.com - 276. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks + 122. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_system_greeter + 123. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 124. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-extra_fbur + 125. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer + 126. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait + 127. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nonap + 128. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allinput + 129. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-findauth + 130. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth + 131. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 132. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 133. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 134. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd + 135. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis + 136. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 137. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 138. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 139. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 140. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL + 141. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 142. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-appshare + 143. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote + 144. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui + 145. http://ubuntuforums.org/showthread.php?t=1223490 + 146. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads + 147. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect + 148. http://bugs.freedesktop.org/show_bug.cgi?id=21454 + 149. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-repeat + 150. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip + 151. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 152. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 153. http://www.virtualgl.org/ + 154. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc + 155. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_cr + 156. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache + 157. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rmflag + 158. http://sourceforge.net/projects/vencrypt/ + 159. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 160. http://www.karlrunge.com/x11vnc/ssvnc.html + 161. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 162. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt + 163. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls + 164. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslonly + 165. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 166. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt + 167. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls + 168. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL + 169. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA + 170. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert + 171. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 172. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http_oneport + 173. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir + 174. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 175. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi + 176. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf + 177. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport + 178. http://www.karlrunge.com/x11vnc/x11vnc.desktop + 179. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-o + 180. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid + 181. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen + 182. http://www.karlrunge.com/x11vnc/faq.html#infaq_gdm + 183. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-enc + 184. http://www.karlrunge.com/x11vnc/ssvnc.html + 185. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale + 186. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-geometry + 187. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-chatwindow + 188. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 189. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 190. http://www.karlrunge.com/x11vnc/ssvnc.html + 191. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect + 192. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 193. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 194. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 195. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy + 196. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssh + 197. http://www.uvnc.com/addons/repeater.html + 198. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect + 199. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect + 200. http://www.karlrunge.com/x11vnc/ssvnc.html + 201. http://www.karlrunge.com/x11vnc/ultravnc_repeater.pl + 202. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-advertise_truecolor + 203. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-finddpy + 204. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-listdpy + 205. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 206. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 207. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 208. http://www.karlrunge.com/x11vnc/faq.html#faq-xrandr + 209. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-autoport + 210. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ping + 211. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all + 212. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb + 213. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers + 214. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching + 215. http://www.karlrunge.com/x11vnc/ssvnc.html + 216. http://www.karlrunge.com/x11vnc/ssvnc.html#ycrop + 217. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 218. http://www.ultravnc.com/ + 219. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users + 220. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 221. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 222. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 223. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi + 224. http://www.avahi.org/ + 225. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi + 226. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf + 227. http://www.karlrunge.com/x11vnc/ssvnc.html + 228. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 229. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 230. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 231. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 232. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 233. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 234. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forcedpms + 235. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clientdpms + 236. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms + 237. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabalways + 238. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop + 239. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage + 240. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl + 241. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir + 242. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx + 243. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 244. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 245. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 246. http://www.karlrunge.com/x11vnc/faq.html#faq-reflect + 247. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect + 248. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nowireframelocal + 249. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N + 250. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms + 251. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer + 252. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 253. http://www.openssl.org/ + 254. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 255. http://stunnel.mirt.net/ + 256. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 257. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert + 258. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA + 259. http://www.karlrunge.com/x11vnc/ssl.html + 260. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https + 261. http://www.karlrunge.com/x11vnc/faq.html#infaq_ss_vncviewer + 262. http://www.karlrunge.com/x11vnc/ssvnc.html + 263. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 264. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis + 265. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 266. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 267. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 268. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 269. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 270. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin + 271. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 272. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 273. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd + 274. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 275. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 276. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate + 277. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer + 278. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit + 279. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 280. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-v, + 281. http://www.karlrunge.com/x11vnc/prevrels.html + 282. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid + 283. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache + 284. http://www.tightvnc.com/ + 285. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport + 286. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N + 287. http://www.karlrunge.com/x11vnc/x11vnc_opts.html + 288. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd + 289. http://www.karlrunge.com/x11vnc/recurse_x11vnc.jpg + 290. http://www.sun.com/sunray/index.html + 291. http://www.karlrunge.com/x11vnc/sunray.html + 292. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect + 293. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 294. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 295. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb + 296. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor + 297. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay + 298. http://www.karlrunge.com/x11vnc/faq.html#faq-sound + 299. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect + 300. mailto:xvml@karlrunge.com + 301. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks ======================================================================= http://www.karlrunge.com/x11vnc/faq.html: @@ -1798,414 +1905,417 @@ [19]Q-17: When I start x11vnc on an Alpha Tru64 workstation the X server crashes! - [20]Q-18: Are there any build-time customizations possible, e.g. + [20]Q-18: When running x11vnc on an IBM AIX workstation after a few + minutes the VNC connection freezes. + + [21]Q-19: Are there any build-time customizations possible, e.g. change defaults, create a smaller binary, etc? [Win2VNC Related] - [21]Q-19: I have two separate machine displays in front of me, one + [22]Q-20: I have two separate machine displays in front of me, one Windows the other X11: can I use x11vnc in combination with Win2VNC in dual-screen mode to pass the keystrokes and mouse motions to the X11 display? - [22]Q-20: I am running Win2VNC on my Windows machine and "x11vnc + [23]Q-21: I am running Win2VNC on my Windows machine and "x11vnc -nofb" on Unix to pass keyboard and mouse to the Unix monitor. Whenever I start Win2VNC it quickly disconnects and x11vnc says: rfbProcessClientNormalMessage: read: Connection reset by peer - [23]Q-21: Can I run "x11vnc -nofb" on a Mac OS X machine to redirect + [24]Q-22: Can I run "x11vnc -nofb" on a Mac OS X machine to redirect mouse and keyboard input to it from Windows and X11 machines via Win2VNC and x2vnc, respectively? [Color Issues] - [24]Q-22: The X display I run x11vnc on is only 8 bits per pixel (bpp) + [25]Q-23: The X display I run x11vnc on is only 8 bits per pixel (bpp) PseudoColor (i.e. only 256 distinct colors.) The x11vnc colors may start out OK, but after a while they are incorrect in certain windows. - [25]Q-23: Color problems: Why are the colors for some windows + [26]Q-24: Color problems: Why are the colors for some windows incorrect in x11vnc? BTW, my X display has nice overlay/multi-depth visuals of different color depths: e.g. there are both depth 8 and 24 visuals available at the same time. - [26]Q-24: I am on a high color system (depth >= 24) but I seem to have + [27]Q-25: I am on a high color system (depth >= 24) but I seem to have colormap problems. They either flash or everything is very dark. - [27]Q-25: How do I figure out the window id to supply to the -id + [28]Q-26: How do I figure out the window id to supply to the -id windowid option? - [28]Q-26: Why don't menus or other transient windows come up when I am + [29]Q-27: Why don't menus or other transient windows come up when I am using the -id windowid option to view a single application window? - [29]Q-27: My X display is depth 24 at 24bpp (instead of the normal + [30]Q-28: My X display is depth 24 at 24bpp (instead of the normal depth 24 at 32bpp.) I'm having lots of color and visual problems with x11vnc and/or vncviewer. What's up? [Xterminals] - [30]Q-28: Can I use x11vnc to view and interact with an Xterminal + [31]Q-29: Can I use x11vnc to view and interact with an Xterminal (e.g. NCD) that is not running UNIX and so x11vnc cannot be run on it directly? - [31]Q-29: How do I get my X permissions (MIT-MAGIC-COOKIE file) + [32]Q-30: How do I get my X permissions (MIT-MAGIC-COOKIE file) correct for a Unix/Linux machine acting as an Xterminal? [Sun Rays] - [32]Q-30: I'm having trouble using x11vnc with my Sun Ray session. + [33]Q-31: I'm having trouble using x11vnc with my Sun Ray session. [Remote Control] - [33]Q-31: How do I stop x11vnc once it is running in the background? + [34]Q-32: How do I stop x11vnc once it is running in the background? - [34]Q-32: Can I change settings in x11vnc without having to restart + [35]Q-33: Can I change settings in x11vnc without having to restart it? Can I remote control it? [Security and Permissions] - [35]Q-33: How do I create a VNC password for use with x11vnc? + [36]Q-34: How do I create a VNC password for use with x11vnc? - [36]Q-34: Can I make it so -storepasswd doesn't show my password on + [37]Q-35: Can I make it so -storepasswd doesn't show my password on the screen? - [37]Q-35: Can I have two passwords for VNC viewers, one for full + [38]Q-36: Can I have two passwords for VNC viewers, one for full access and the other for view-only access to the display? - [38]Q-36: Can I have as many full-access and view-only passwords as I + [39]Q-37: Can I have as many full-access and view-only passwords as I like? - [39]Q-37: Does x11vnc support Unix usernames and passwords? Can I + [40]Q-38: Does x11vnc support Unix usernames and passwords? Can I further limit the set of Unix usernames who can connect to the VNC desktop? - [40]Q-38: Can I supply an external program to provide my own custom + [41]Q-39: Can I supply an external program to provide my own custom login method (e.g. Dynamic/One-time passwords or non-Unix (LDAP) usernames and passwords)? - [41]Q-39: Why does x11vnc exit as soon as the VNC viewer disconnects? + [42]Q-40: Why does x11vnc exit as soon as the VNC viewer disconnects? And why doesn't it allow more than one VNC viewer to connect at the same time? - [42]Q-40: Can I limit which machines incoming VNC clients can connect + [43]Q-41: Can I limit which machines incoming VNC clients can connect from? - [43]Q-41: How do I build x11vnc/libvncserver with libwrap + [44]Q-42: How do I build x11vnc/libvncserver with libwrap (tcp_wrappers) support? - [44]Q-42: Can I have x11vnc only listen on one network interface (e.g. + [45]Q-43: Can I have x11vnc only listen on one network interface (e.g. internal LAN) rather than having it listen on all network interfaces and relying on -allow to filter unwanted connections out? - [45]Q-43: Now that -localhost implies listening only on the loopback + [46]Q-44: Now that -localhost implies listening only on the loopback interface, how I can occasionally allow in a non-localhost via the -R allowonce remote control command? - [46]Q-44: Can I fine tune what types of user input are allowed? E.g. + [47]Q-45: Can I fine tune what types of user input are allowed? E.g. have some users just be able to move the mouse, but not click or type anything? - [47]Q-45: Can I prompt the user at the local X display whether the + [48]Q-46: Can I prompt the user at the local X display whether the incoming VNC client should be accepted or not? Can I decide to make some clients view-only? How about running an arbitrary program to make the decisions? - [48]Q-46: I start x11vnc as root because it is launched via inetd(8) + [49]Q-47: I start x11vnc as root because it is launched via inetd(8) or a display manager like gdm(1). Can I have x11vnc later switch to a different user? - [49]Q-47: I use a screen-lock when I leave my workstation (e.g. + [50]Q-48: I use a screen-lock when I leave my workstation (e.g. xscreensaver or xlock.) When I remotely access my workstation desktop via x11vnc I can unlock the desktop fine, but I am worried people will see my activities on the physical monitor. What can I do to prevent this, or at least make it more difficult? - [50]Q-48: Can I have x11vnc automatically lock the screen when I + [51]Q-49: Can I have x11vnc automatically lock the screen when I disconnect the VNC viewer? [Encrypted Connections] - [51]Q-49: How can I tunnel my connection to x11vnc via an encrypted + [52]Q-50: How can I tunnel my connection to x11vnc via an encrypted SSH channel between two Unix machines? - [52]Q-50: How can I tunnel my connection to x11vnc via an encrypted + [53]Q-51: How can I tunnel my connection to x11vnc via an encrypted SSH channel from Windows using an SSH client like Putty? - [53]Q-51: How can I tunnel my connection to x11vnc via an encrypted + [54]Q-52: How can I tunnel my connection to x11vnc via an encrypted SSL channel using an external tool like stunnel? - [54]Q-52: Does x11vnc have built-in SSL tunneling? + [55]Q-53: Does x11vnc have built-in SSL tunneling? - [55]Q-53: How do I use VNC Viewers with built-in SSL tunneling? + [56]Q-54: How do I use VNC Viewers with built-in SSL tunneling? - [56]Q-54: How do I use the Java applet VNC Viewer with built-in SSL + [57]Q-55: How do I use the Java applet VNC Viewer with built-in SSL tunneling when going through a Web Proxy? - [57]Q-55: Can Apache web server act as a gateway for users to connect + [58]Q-56: Can Apache web server act as a gateway for users to connect via SSL from the Internet with a Web browser to x11vnc running on their workstations behind a firewall? - [58]Q-56: Can I create and use my own SSL Certificate Authority (CA) + [59]Q-57: Can I create and use my own SSL Certificate Authority (CA) with x11vnc? [Display Managers and Services] - [59]Q-57: How can I run x11vnc as a "service" that is always + [60]Q-58: How can I run x11vnc as a "service" that is always available? - [60]Q-58: How can I use x11vnc to connect to an X login screen like + [61]Q-59: How can I use x11vnc to connect to an X login screen like xdm, GNOME gdm, KDE kdm, or CDE dtlogin? (i.e. nobody is logged into an X session yet.) - [61]Q-59: Can I run x11vnc out of inetd(8)? How about xinetd(8)? + [62]Q-60: Can I run x11vnc out of inetd(8)? How about xinetd(8)? - [62]Q-60: Can I have x11vnc advertise its VNC service and port via + [63]Q-61: Can I have x11vnc advertise its VNC service and port via mDNS / Zeroconf (e.g. Avahi) so VNC viewers on the local network can detect it automatically? - [63]Q-61: Can I have x11vnc allow a user to log in with her UNIX + [64]Q-62: Can I have x11vnc allow a user to log in with her UNIX username and password and then have it find her X session display on that machine and then connect to it? How about starting an X session if one cannot be found? - [64]Q-62: Can I have x11vnc restart itself after it terminates? + [65]Q-63: Can I have x11vnc restart itself after it terminates? - [65]Q-63: How do I make x11vnc work with the Java VNC viewer applet in + [66]Q-64: How do I make x11vnc work with the Java VNC viewer applet in a web browser? - [66]Q-64: Are reverse connections (i.e. the VNC server connecting to + [67]Q-65: Are reverse connections (i.e. the VNC server connecting to the VNC viewer) using "vncviewer -listen" and vncconnect(1) supported? - [67]Q-65: Can reverse connections be made to go through a Web or SOCKS + [68]Q-66: Can reverse connections be made to go through a Web or SOCKS proxy or SSH? - [68]Q-66: Can I use x11vnc as a replacement for Xvnc? (i.e. not for a + [69]Q-67: Can I use x11vnc as a replacement for Xvnc? (i.e. not for a real display, but for a virtual one I keep around.) - [69]Q-67: How can I use x11vnc on "headless" machines? Why might I + [70]Q-68: How can I use x11vnc on "headless" machines? Why might I want to? [Resource Usage and Performance] - [70]Q-68: I have lots of memory, but why does x11vnc fail with + [71]Q-69: I have lots of memory, but why does x11vnc fail with shmget: No space left on device or Minor opcode of failed request: 1 (X_ShmAttach)? - [71]Q-69: How can I make x11vnc use less system resources? + [72]Q-70: How can I make x11vnc use less system resources? - [72]Q-70: How can I make x11vnc use MORE system resources? + [73]Q-71: How can I make x11vnc use MORE system resources? - [73]Q-71: I use x11vnc over a slow link with high latency (e.g. dialup + [74]Q-72: I use x11vnc over a slow link with high latency (e.g. dialup modem or broadband), is there anything I can do to speed things up? - [74]Q-72: Does x11vnc support the X DAMAGE Xserver extension to find + [75]Q-73: Does x11vnc support the X DAMAGE Xserver extension to find modified regions of the screen quickly and efficiently? - [75]Q-73: My OpenGL application shows no screen updates unless I + [76]Q-74: My OpenGL application shows no screen updates unless I supply the -noxdamage option to x11vnc. - [76]Q-74: When I drag windows around with the mouse or scroll up and + [77]Q-75: When I drag windows around with the mouse or scroll up and down things really bog down (unless I do the drag in a single, quick motion.) Is there anything to do to improve things? - [77]Q-75: Why not do something like wireframe animations to avoid the + [78]Q-76: Why not do something like wireframe animations to avoid the windows "lurching" when being moved or resized? - [78]Q-76: Can x11vnc try to apply heuristics to detect when a window + [79]Q-77: Can x11vnc try to apply heuristics to detect when a window is scrolling its contents and use the CopyRect encoding for a speedup? - [79]Q-77: Can x11vnc do client-side caching of pixel data? I.e. so + [80]Q-78: Can x11vnc do client-side caching of pixel data? I.e. so when that pixel data is needed again it does not have to be retransmitted over the network. - [80]Q-78: Does x11vnc support TurboVNC? + [81]Q-79: Does x11vnc support TurboVNC? [Mouse Cursor Shapes] - [81]Q-79: Why isn't the mouse cursor shape (the little icon shape + [82]Q-80: Why isn't the mouse cursor shape (the little icon shape where the mouse pointer is) correct as I move from window to window? - [82]Q-80: When using XFIXES cursorshape mode, some of the cursors look + [83]Q-81: When using XFIXES cursorshape mode, some of the cursors look really bad with extra black borders around the cursor and other cruft. How can I improve their appearance? - [83]Q-81: In XFIXES mode, are there any hacks to handle cursor + [84]Q-82: In XFIXES mode, are there any hacks to handle cursor transparency ("alpha channel") exactly? [Mouse Pointer] - [84]Q-82: Why does the mouse arrow just stay in one corner in my + [85]Q-83: Why does the mouse arrow just stay in one corner in my vncviewer, whereas my cursor (that does move) is just a dot? - [85]Q-83: Can I take advantage of the TightVNC extension to the VNC + [86]Q-84: Can I take advantage of the TightVNC extension to the VNC protocol where Cursor Positions Updates are sent back to all connected clients (i.e. passive viewers can see the mouse cursor being moved around by another viewer)? - [86]Q-84: Is it possible to swap the mouse buttons (e.g. left-handed + [87]Q-85: Is it possible to swap the mouse buttons (e.g. left-handed operation), or arbitrarily remap them? How about mapping button clicks to keystrokes, e.g. to partially emulate Mouse wheel scrolling? [Keyboard Issues] - [87]Q-85: How can I get my AltGr and Shift modifiers to work between + [88]Q-86: How can I get my AltGr and Shift modifiers to work between keyboards for different languages? - [88]Q-86: When I try to type a "<" (i.e. less than) instead I get ">" + [89]Q-87: When I try to type a "<" (i.e. less than) instead I get ">" (i.e. greater than)! Strangely, typing ">" works OK!! - [89]Q-87: Extra Character Inserted, E.g.: When I try to type a "<" + [90]Q-88: Extra Character Inserted, E.g.: When I try to type a "<" (i.e. less than) instead I get "<," (i.e. an extra comma.) - [90]Q-88: I'm using an "international" keyboard (e.g. German "de", or + [91]Q-89: I'm using an "international" keyboard (e.g. German "de", or Danish "dk") and the -modtweak mode works well if the VNC viewer is run on a Unix/Linux machine with a similar keyboard. But if I run the VNC viewer on Unix/Linux with a different keyboard (e.g. "us") or Windows with any keyboard, I can't type some keys like: "@", "$", "<", ">", etc. How can I fix this? - [91]Q-89: When typing I sometimes get double, triple, or more of my + [92]Q-90: When typing I sometimes get double, triple, or more of my keystrokes repeated. I'm sure I only typed them once, what can I do? - [92]Q-90: The x11vnc -norepeat mode is in effect, but I still get + [93]Q-91: The x11vnc -norepeat mode is in effect, but I still get repeated keystrokes!! - [93]Q-91: After using x11vnc for a while, I find that I cannot type + [94]Q-92: After using x11vnc for a while, I find that I cannot type some (or any) characters or my mouse clicks and drags no longer have any effect, or they lead to strange effects. What happened? - [94]Q-92: The machine where I run x11vnc has an AltGr key, but the + [95]Q-93: The machine where I run x11vnc has an AltGr key, but the local machine where I run the VNC viewer does not. Is there a way I can map a local unused key to send an AltGr? How about a Compose key as well? - [95]Q-93: I have a Sun machine I run x11vnc on. Its Sun keyboard has + [96]Q-94: I have a Sun machine I run x11vnc on. Its Sun keyboard has just one Alt key labelled "Alt" and two Meta keys labelled with little diamonds. The machine where I run the VNC viewer only has Alt keys. How can I send a Meta keypress? (e.g. emacs needs this) - [96]Q-94: Running x11vnc on HP-UX I cannot type "#" I just get a "3" + [97]Q-95: Running x11vnc on HP-UX I cannot type "#" I just get a "3" instead. - [97]Q-95: Can I map a keystroke to a mouse button click on the remote + [98]Q-96: Can I map a keystroke to a mouse button click on the remote machine? - [98]Q-96: How can I get Caps_Lock to work between my VNC viewer and + [99]Q-97: How can I get Caps_Lock to work between my VNC viewer and x11vnc? [Screen Related Issues and Features] - [99]Q-97: The remote display is larger (in number of pixels) than the + [100]Q-98: The remote display is larger (in number of pixels) than the local display I am running the vncviewer on. I don't like the vncviewer scrollbars, what I can do? - [100]Q-98: Does x11vnc support server-side framebuffer scaling? (E.g. + [101]Q-99: Does x11vnc support server-side framebuffer scaling? (E.g. to make the desktop smaller.) - [101]Q-99: Does x11vnc work with Xinerama? (i.e. multiple monitors + [102]Q-100: Does x11vnc work with Xinerama? (i.e. multiple monitors joined together to form one big, single screen.) - [102]Q-100: Can I use x11vnc on a multi-headed display that is not + [103]Q-101: Can I use x11vnc on a multi-headed display that is not Xinerama (i.e. separate screens :0.0, :0.1, ... for each monitor)? - [103]Q-101: Can x11vnc show only a portion of the display? (E.g. for a + [104]Q-102: Can x11vnc show only a portion of the display? (E.g. for a special purpose application or a very large screen.) - [104]Q-102: Does x11vnc support the XRANDR (X Resize, Rotate and + [105]Q-103: Does x11vnc support the XRANDR (X Resize, Rotate and Reflection) extension? Whenever I rotate or resize the screen x11vnc just seems to crash. - [105]Q-103: Independent of any XRANDR, can I have x11vnc rotate and/or + [106]Q-104: Independent of any XRANDR, can I have x11vnc rotate and/or reflect the screen that the VNC viewers see? (e.g. for a handheld whose screen is rotated 90 degrees.) - [106]Q-104: Why is the view in my VNC viewer completely black? Or why + [107]Q-105: Why is the view in my VNC viewer completely black? Or why is everything flashing around randomly? - [107]Q-105: I use Linux Virtual Consoles (VC's) to implement 'Fast + [108]Q-106: I use Linux Virtual Terminals (VT's) to implement 'Fast User Switching' between users' sessions (e.g. Betty is on Ctrl-Alt-F7, Bobby is on Ctrl-Alt-F8, and Sid is on Ctrl-Alt-F1: they use those keystrokes to switch between their sessions.) How come the view in a VNC viewer connecting to x11vnc is either completely black or otherwise all messed up unless the X session x11vnc is attached to is - in the active VC? + in the active VT? - [108]Q-106: I am using x11vnc where my local machine has "popup/hidden + [109]Q-107: I am using x11vnc where my local machine has "popup/hidden taskbars" and the remote display where x11vnc runs also has "popup/hidden taskbars" and they interfere and fight with each other. What can I do? - [109]Q-107: Help! x11vnc and my KDE screensaver keep switching each + [110]Q-108: Help! x11vnc and my KDE screensaver keep switching each other on and off every few seconds. - [110]Q-108: I am running the beryl 3D window manager (or compiz, + [111]Q-109: I am running the beryl 3D window manager (or compiz, MythTv, Google Earth, or some other OpenGL app) and I do not get screen updates in x11vnc. - [111]Q-109: Can I use x11vnc to view my VMWare session remotely? + [112]Q-110: Can I use x11vnc to view my VMWare session remotely? [Exporting non-X11 devices via VNC] - [112]Q-110: Can non-X devices (e.g. a raw framebuffer) be viewed (and + [113]Q-111: Can non-X devices (e.g. a raw framebuffer) be viewed (and even controlled) via VNC with x11vnc? - [113]Q-111: Can I export the Linux Console (Virtual Terminals) via VNC + [114]Q-112: Can I export the Linux Console (Virtual Terminals) via VNC using x11vnc? - [114]Q-112: Can I export via VNC a Webcam or TV tuner framebuffer + [115]Q-113: Can I export via VNC a Webcam or TV tuner framebuffer using x11vnc? - [115]Q-113: Can I connect via VNC to a Qt-embedded/Qtopia application + [116]Q-114: Can I connect via VNC to a Qt-embedded/Qtopia application running on my handheld or PC using the Linux console framebuffer (i.e. not X11)? - [116]Q-114: Now that non-X11 devices can be exported via VNC using + [117]Q-115: Now that non-X11 devices can be exported via VNC using x11vnc, can I build it with no dependencies on X11 header files and libraries? - [117]Q-115: Does x11vnc support Mac OS X Aqua/Quartz displays natively + [118]Q-116: Does x11vnc support Mac OS X Aqua/Quartz displays natively (i.e. no X11 involved)? - [118]Q-116: Can x11vnc be used as a VNC reflector/repeater to improve + [119]Q-117: Can x11vnc be used as a VNC reflector/repeater to improve performance for the case of a large number of simultaneous VNC viewers (e.g. classroom broadcasting or a large demo)? - [119]Q-117: Can x11vnc be used during a Linux, Solaris, etc. system + [120]Q-118: Can x11vnc be used during a Linux, Solaris, etc. system Installation so the Installation can be done remotely? [Misc: Clipboard, File Transfer/Sharing, Printing, Sound, Beeps, Thanks, etc.] - [120]Q-118: Does the Clipboard/Selection get transferred between the + [121]Q-119: Does the Clipboard/Selection get transferred between the vncviewer and the X display? - [121]Q-119: Can I use x11vnc to record a Shock Wave Flash (or other + [122]Q-120: Can I use x11vnc to record a Shock Wave Flash (or other format) video of my desktop, e.g. to record a tutorial or demo? - [122]Q-120: Can I transfer files back and forth with x11vnc? + [123]Q-121: Can I transfer files back and forth with x11vnc? - [123]Q-121: Which UltraVNC extensions are supported? + [124]Q-122: Which UltraVNC extensions are supported? - [124]Q-122: Can x11vnc emulate UltraVNC's Single Click helpdesk mode + [125]Q-123: Can x11vnc emulate UltraVNC's Single Click helpdesk mode for Unix? I.e. something very simple for a naive user to initiate a reverse vnc connection from their Unix desktop to a helpdesk operator's VNC Viewer. - [125]Q-123: Can I (temporarily) mount my local (viewer-side) + [126]Q-124: Can I (temporarily) mount my local (viewer-side) Windows/Samba File share on the machine where x11vnc is running? - [126]Q-124: Can I redirect CUPS print jobs from the remote desktop + [127]Q-125: Can I redirect CUPS print jobs from the remote desktop where x11vnc is running to a printer on my local (viewer-side) machine? - [127]Q-125: How can I hear the sound (audio) from the remote + [128]Q-126: How can I hear the sound (audio) from the remote applications on the desktop I am viewing via x11vnc? - [128]Q-126: Why don't I hear the "Beeps" in my X session (e.g. when + [129]Q-127: Why don't I hear the "Beeps" in my X session (e.g. when typing tput bel in an xterm)? - [129]Q-127: Does x11vnc work with IPv6? + [130]Q-128: Does x11vnc work with IPv6? - [130]Q-128: Thanks for your program and for your help! Can I make a + [131]Q-129: Thanks for your program or for your help! Can I make a donation? _________________________________________________________________ @@ -2218,7 +2328,7 @@ For the former error, you need to specify the X display to connect to (it also needs to be on the same machine the x11vnc process is to run - on.) Set your DISPLAY environment variable (or use the [131]-display + on.) Set your DISPLAY environment variable (or use the [132]-display option) to specify it. Nearly always the correct value will be ":0" (in fact, x11vnc will now assume :0 if given no other information.) @@ -2235,9 +2345,9 @@ working when you try to start x11vnc via, say, a remote shell. How to Solve: See the xauth(1), Xsecurity(7), and xhost(1) man pages - or [132]this Howto for much info on X11 permissions. For example, you + or [133]this Howto for much info on X11 permissions. For example, you may need to set your XAUTHORITY environment variable (or use the - [133]-auth option) to point to the correct MIT-MAGIC-COOKIE file (e.g. + [134]-auth option) to point to the correct MIT-MAGIC-COOKIE file (e.g. /home/joe/.Xauthority or /var/gdm/:0.Xauth or /var/lib/kdm/A:0-crWk72K or /tmp/.gdmzndVlR, etc, etc.), or simply be sure you run x11vnc as the correct user (i.e. the user who is logged into the X session you @@ -2259,10 +2369,10 @@ x11vnc -display :0 -auth /var/gdm/:0.Xauth (this is for the display manager gdm and requires root permission to - read the gdm cookie file, see [134]this faq for other display manager + read the gdm cookie file, see [135]this faq for other display manager cookie file names.) - Note as of Feb/2007 you can also try the [135]-find option instead of + Note as of Feb/2007 you can also try the [136]-find option instead of "-display ..." and see if that finds your display and Xauthority. Less safe, but to avoid figuring out where the correct XAUTHORITY file @@ -2271,7 +2381,7 @@ (from the same machine.) The person could then type "xhost -localhost" after x11vnc has connected to go back to the default permissions. Also, for some situations the "-users lurk=" option may soon be of use - (please read the documentation on the [136]-users option.) + (please read the documentation on the [137]-users option.) To test out your X11 permissions from a remote shell, set DISPLAY and possibly XAUTHORITY (see your shell's man page, bash(1), tcsh(1), on @@ -2290,7 +2400,7 @@ properly.) Firewalls: Speaking of permissions, it should go without saying that - the host-level [137]firewall will need to be configured to allow + the host-level [138]firewall will need to be configured to allow connections in on a port. E.g. 5900 (default VNC port) or 22 (default SSH port for tunnelling VNC.) Most systems these days have firewalls turned on by default, so you will actively have to do something to @@ -2369,7 +2479,7 @@ the above list may be out of date. So only use the above lists as hints for the package names that are needed. - Have a look at [138]Misc. Build Problems for additional fixes. + Have a look at [139]Misc. Build Problems for additional fixes. Note: there is growing trend in Linux and other distros to slice up core X11 software into more and smaller packages. So be prepared for @@ -2387,7 +2497,7 @@ ii libssl0.9.8 0.9.8a-7ubuntu SSL shared libraries (in fact it should have installed both by default if it knew what it - was doing.) See [139]here too. + was doing.) See [140]here too. Q-3: I just built x11vnc successfully, but when I use it my keystrokes @@ -2461,7 +2571,7 @@ earlier and perhaps non-Solaris): First use the environment settings (CPPFLAGS, LDFLAGS, etc.) in the - above [140]Solaris build script to run the configure command. That + above [141]Solaris build script to run the configure command. That should succeed without failure. Then you have to hand edit the autogenerated rfb/rfbconfig.h file in the source tree, and just before the last #endif at the bottom of that file insert these workaround @@ -2487,7 +2597,7 @@ on other older OS (Solaris, Linux, ...) releases. Here are some notes for similar steps that need to be done to build on - [141]SunOS 4.x + [142]SunOS 4.x Please let us know if you had to use the above workaround (and whether it worked or not.) If there is enough demand we will try to push clean @@ -2497,33 +2607,32 @@ Q-5: Where can I get a precompiled x11vnc binary for my Operating System? - Hopefully the [142]build steps above and [143]FAQ provide enough info + Hopefully the [143]build steps above and [144]FAQ provide enough info for a painless compile for most environments. Please report problems with the x11vnc configure, make, etc. on your system (if your system is known to compile other GNU packages successfully.) There are precompiled x11vnc binaries built by other groups that are available at the following locations: - Slackware: (.tgz) [144]http://www.linuxpackages.net/ + Slackware: (.tgz) [145]http://www.linuxpackages.net/ - SuSE: (.rpm) [145]http:/software.opensuse.org/ Gentoo: (info) - [146]http://gentoo-wiki.com/ and [147]http://gentoo-portage.com/ - FreeBSD: (.tbz) [148]http://www.freebsd.org/ - [149]http://www.freshports.org/net/x11vnc NetBSD: (src) - [150]http://pkgsrc.se/x11/x11vnc OpenBSD: (.tgz) - [151]http://openports.se/ Arch Linux: (.tgz) - [152]http://www.archlinux.org/ Nokia 770 (.deb) - [153]http://mike.saunby.googlepages.com/x11vncfornokia7702 Sharp - Zaurus [154]http://www.focv.com/ Redhat/Fedora: (.rpm) - [155]http://packages.sw.be/x11vnc RPMforge - [156]http://dag.wieers.com/rpm/packages/x11vnc/ (N.B.: unmaintained - after 0.9.3) Debian: (.deb) [157]http://packages.debian.org/x11vnc - (N.B: often unmaintained; better to compile from source) Solaris: - (pkg) [158]http://www.sunfreeware.com/ (N.B: very old; better to - compile from source) + SuSE: (.rpm) [146]http:/software.opensuse.org/ Gentoo: (info) + [147]http://gentoo-wiki.com/ and [148]http://gentoo-portage.com/ + FreeBSD: (.tbz) [149]http://www.freebsd.org/ + [150]http://www.freshports.org/net/x11vnc NetBSD: (src) + [151]http://pkgsrc.se/x11/x11vnc OpenBSD: (.tgz) + [152]http://openports.se/ Arch Linux: (.tgz) + [153]http://www.archlinux.org/ Nokia 770 (.deb) + [154]http://mike.saunby.googlepages.com/x11vncfornokia7702 Sharp + Zaurus [155]http://www.focv.com/ Debian: (.deb) + [156]http://packages.debian.org/x11vnc Redhat/Fedora: (.rpm) + [157]http://packages.sw.be/x11vnc RPMforge + [158]http://dag.wieers.com/rpm/packages/x11vnc/ (N.B.: unmaintained + after 0.9.3) Solaris: (pkg) [159]http://www.sunfreeware.com/ (N.B: + very old; better to compile from source) If the above binaries don't work and building x11vnc on your OS fails - (and all else fails!) you can try one of [159]My Collection of x11vnc + (and all else fails!) you can try one of [160]My Collection of x11vnc Binaries for various OS's and x11vnc releases. As a general note, the x11vnc program is simple enough you don't @@ -2541,7 +2650,7 @@ If you use a standalone binary like this and also want x11vnc to serve up the Java VNC Viewer jar file (either SSL enabled or regular one), then you will need to extract the classes subdirectory from the source - tarball and point x11vnc to it via the [160]-httpdir option. E.g.: + tarball and point x11vnc to it via the [161]-httpdir option. E.g.: x11vnc -httpdir /path/to/x11vnc-0.8.3/classes/ssl ... @@ -2550,11 +2659,11 @@ To obtain VNC viewers for the viewing side (Windows, Mac OS, or Unix) try here: - * [161]http://www.tightvnc.com/download.html - * [162]http://www.realvnc.com/download-free.html - * [163]http://sourceforge.net/projects/cotvnc/ - * [164]http://www.ultravnc.com/ - * [165]Our Enhanced TightVNC Viewer (SSVNC) + * [162]http://www.tightvnc.com/download.html + * [163]http://www.realvnc.com/download-free.html + * [164]http://sourceforge.net/projects/cotvnc/ + * [165]http://www.ultravnc.com/ + * [166]Our Enhanced TightVNC Viewer (SSVNC) [ssvnc.gif] @@ -2564,7 +2673,7 @@ Run: x11vnc -opts to list just the option names or run: x11vnc -help for long descriptions about each option. The output is listed - [166]here as well. Yes, x11vnc does have a lot of options, doesn't + [167]here as well. Yes, x11vnc does have a lot of options, doesn't it... @@ -2596,10 +2705,10 @@ program is needed for operation. The gui is not particularly user-friendly, it just provides a point and click mode to set all the many x11vnc parameters and obtain help on them. It is also very useful - for testing. See the [167]-gui option for more info. Examples: "x11vnc + for testing. See the [168]-gui option for more info. Examples: "x11vnc ... -gui" and "x11vnc ... -gui other:0" in the latter case the gui is displayed on other:0, not the X display x11vnc is polling. There is - also a "[168]-gui tray" system tray mode. + also a "[169]-gui tray" system tray mode. [tkx11vnc.gif] @@ -2613,7 +2722,7 @@ smaller, simpler icon? As of Jul/2005 the gui can run in a more friendly small icon mode - "[169]-gui icon" or in the system tray: "[170]-gui tray". It has + "[170]-gui icon" or in the system tray: "[171]-gui tray". It has balloon status, a simple menu, and a Properities dialog. The full, complicated, gui is only available under "Advanced". Other improvements were added as well. Try "Misc -> simple_gui" for a gui @@ -2649,18 +2758,18 @@ PORT=59xx line to see which port it found, then subtract 5900 from it for the VNC display number to enter into the VNC Viewer(s). - The "[171]-N" option will try to match the VNC display number to the X + The "[172]-N" option will try to match the VNC display number to the X display (e.g. X11 DISPLAY of :5 (port 6005) will have VNC display :5 (port 5905).) - Also see the "[172]-autoport n" option to indicated at which value the + Also see the "[173]-autoport n" option to indicated at which value the auto probing should start at. Q-11: My Firewall/Router doesn't allow VNC Viewers to connect to x11vnc. - See the [173]Firewalls/Routers discussion. + See the [174]Firewalls/Routers discussion. Q-12: Is it possible for a VNC Viewer and a VNC Server to connect to @@ -2674,7 +2783,7 @@ In the following discussion, we will suppose port 5950 is being used on the relay machine as the VNC port for the rendezvous. - A way to rendezvous is to have the VNC Server start a [174]reverse + A way to rendezvous is to have the VNC Server start a [175]reverse connection to the relay machine: x11vnc -connect third-machine.net:5950 ... @@ -2687,17 +2796,19 @@ What software to run on third-machine? A TCP relay of some sort could be used... Try a google search on "tcp relay" or "ip relay". However, note that this isn't a simple redirection because it hooks up two - incoming connections. + incoming connections. You can look at our UltraVNC repeater + implementation [176]ultravnc_repeater.pl for ideas and possibly to + customize. Also, if you are not the admin of third-machine you'd have to convince the owner to allow you to install this software (and he would likely need to open his server's firewall to allow the port through.) - It is recommended that [175]SSL is used for encryption (e.g. - "[176]-ssl SAVE") when going over the internet. + It is recommended that [177]SSL is used for encryption (e.g. + "[178]-ssl SAVE") when going over the internet. We have a prototype for performing a rendezvous via a Web Server - acting as the relay machine. Download the [177]vncxfer CGI script and + acting as the relay machine. Download the [179]vncxfer CGI script and see the instructions at the top. Once that CGI script is set up on the website, both users go to, say, @@ -2727,7 +2838,7 @@ port requirement (e.g. use HTTP/CGI itself for the transfer... it is difficult to emulate a full-duplex TCP connection with them.) - See also the [178]Firewalls/Routers discussion and [179]Reverse + See also the [180]Firewalls/Routers discussion and [181]Reverse Connection Proxy discussion. @@ -2755,7 +2866,7 @@ vncviewer -encodings "copyrect tight zrle hextile" localhost:0 (we assume the old-style -encodings option needs to be used. See - [180]here for details.) + [182]here for details.) If the SSH machine has been configured (see sshd_config(5)) with the option GatewayPorts=yes, then the tunnel set up by the VNC Server will @@ -2765,16 +2876,16 @@ only runs: vncviewer third-machine.net:33 - In this case we recommend [181]SSL be used for encryption. + In this case we recommend [183]SSL be used for encryption. The creation of both tunnels can be automated. As of Oct/2007 the - [182]-ssh x11vnc option is available and so only this command needs to + [184]-ssh x11vnc option is available and so only this command needs to be run on the VNC Server side: x11vnc -ssh user@third-machine.net:33 ... (the SSH passphrase may need to be supplied.) - To automate on the VNC Viewer side, the user can use the [183]Enhanced + To automate on the VNC Viewer side, the user can use the [185]Enhanced TightVNC Viewer (SSVNC) by: * Clicking on 'Use SSH' * Entering user@third-machine.net:33 into 'VNC Host:Display' entry @@ -2791,11 +2902,11 @@ Q-13: Can I make x11vnc more quiet and also go into the background after starting up? - Use the [184]-q and [185]-bg options, respectively. (also: -quiet is + Use the [186]-q and [187]-bg options, respectively. (also: -quiet is an alias for -q) Note that under -bg the stderr messages will be lost unless you use - the "[186]-o logfile" option. + the "[188]-o logfile" option. Q-14: Sometimes when a VNC viewer dies abruptly, x11vnc also dies with @@ -2821,8 +2932,8 @@ Q-16: KDE's krdc VNC viewer cannot connect to x11vnc. - This has been fixed in x11vnc version 0.8.4. More info [187]here, - [188]here, and [189]here. + This has been fixed in x11vnc version 0.8.4. More info [189]here, + [190]here, and [191]here. Q-17: When I start x11vnc on an Alpha Tru64 workstation the X server @@ -2832,15 +2943,28 @@ able to crash it. The problem seems to be with the RECORD X extension and so a - workaround is to use the "[190]-noxrecord" x11vnc command line option. + workaround is to use the "[192]-noxrecord" x11vnc command line option. + + + Q-18: When running x11vnc on an IBM AIX workstation after a few + minutes the VNC connection freezes. + + One user reports when running x11vnc on AIX 5.3 in his CDE session + after a few minutes or seconds x11vnc will "freeze" (no more updates + being sent, etc.) The freezing appeared to be worse for versions later + than 0.9.2. + + The problem seems to be with the RECORD X extension on AIX and so a + workaround is to use the "[193]-noxrecord" x11vnc command line option. + The user found no freezes occurred when using that option. - Q-18: Are there any build-time customizations possible, e.g. change + Q-19: Are there any build-time customizations possible, e.g. change defaults, create a smaller binary, etc? There are some options. They are enabled by adding something like -Dxxxx=1 to the CPPFLAGS environment variable before running configure - (see the [191]build notes for general background.) + (see the [194]build notes for general background.) /* * Mar/2006 * Build-time customization via CPPFLAGS. @@ -2906,31 +3030,31 @@ [Win2VNC Related] - Q-19: I have two separate machine displays in front of me, one Windows + Q-20: I have two separate machine displays in front of me, one Windows the other X11: can I use x11vnc in combination with Win2VNC in dual-screen mode to pass the keystrokes and mouse motions to the X11 display? - Yes, for best response start up x11vnc with the "[192]-nofb" option + Yes, for best response start up x11vnc with the "[195]-nofb" option (disables framebuffer polling, and does other optimizations) on the secondary display (X11) machine. Then start up Win2VNC on the primary display (Windows) referring it to the secondary display. - This will also work X11 to X11 using [193]x2vnc, however you would + This will also work X11 to X11 using [196]x2vnc, however you would probably just want to avoid VNC and use x2x for that. For reference, here are some links to Win2VNC-like programs for multiple monitor setups: - * [194]Original Win2VNC - * [195]Enhanced Win2VNC (broken?) and [196]sourceforge link - * [197]x2vnc - * [198]x2x - * [199]zvnc (MorphOS) + * [197]Original Win2VNC + * [198]Enhanced Win2VNC (broken?) and [199]sourceforge link + * [200]x2vnc + * [201]x2x + * [202]zvnc (MorphOS) All of them will work with x11vnc (except x2x where it is not needed.) - Q-20: I am running Win2VNC on my Windows machine and "x11vnc -nofb" on + Q-21: I am running Win2VNC on my Windows machine and "x11vnc -nofb" on Unix to pass keyboard and mouse to the Unix monitor. Whenever I start Win2VNC it quickly disconnects and x11vnc says: rfbProcessClientNormalMessage: read: Connection reset by peer @@ -2945,7 +3069,7 @@ on your display to be depth 24 TrueColor? Sun machines often have 8+24 overlay/multi-depth visuals, and you can make the default visual depth 24 TrueColor (see fbconfig(1) and Xsun(1).) 2) As of Feb/2004 x11vnc - has the [200]-visual option to allow you to force the framebuffer + has the [203]-visual option to allow you to force the framebuffer visual to whatever you want (this usually messes up the colors unless you are very clever.) In this case, the option provides a convenient workaround for the Win2VNC bug: @@ -2955,22 +3079,22 @@ this. Since Win2VNC does not use the framebuffer data there should be no problems in doing this. - Q-21: Can I run "x11vnc -nofb" on a Mac OS X machine to redirect mouse + Q-22: Can I run "x11vnc -nofb" on a Mac OS X machine to redirect mouse and keyboard input to it from Windows and X11 machines via Win2VNC and x2vnc, respectively? - Yes, as of Nov/2006 [201]you can. There may be a trick or two you'll + Yes, as of Nov/2006 [204]you can. There may be a trick or two you'll need to do to get the Clipboard exchange between the machines to work. [Color Issues] - Q-22: The X display I run x11vnc on is only 8 bits per pixel (bpp) + Q-23: The X display I run x11vnc on is only 8 bits per pixel (bpp) PseudoColor (i.e. only 256 distinct colors.) The x11vnc colors may start out OK, but after a while they are incorrect in certain windows. - Use the [202]-flashcmap option to have x11vnc watch for changes in the + Use the [205]-flashcmap option to have x11vnc watch for changes in the colormap, and propagate those changes back to connected clients. This can be slow (since the whole screen must be updated over the network whenever the colormap changes.) This flashing colormap behavior often @@ -2979,30 +3103,30 @@ example of this. Consider reconfiguring the system to 16 bpp or depth 24 TrueColor if at all possible. - Also note the option [203]-8to24 (Jan/2006) can often remove the need + Also note the option [206]-8to24 (Jan/2006) can often remove the need for flashing the colormap. Everything is dynamically transformed to depth 24 at 32 bpp using the colormaps. There may be painting errors however (see the following FAQ for tips on reducing and correcting them.) - In some rare cases (SCO unixware) the [204]-notruecolor option has + In some rare cases (SCO unixware) the [207]-notruecolor option has corrected colors on 8bpp displays. The red, green, and blue masks were non-zero in 8bpp PseudoColor on an obscure setup, and this option corrected the problems. - Q-23: Color problems: Why are the colors for some windows incorrect in + Q-24: Color problems: Why are the colors for some windows incorrect in x11vnc? BTW, my X display has nice overlay/multi-depth visuals of different color depths: e.g. there are both depth 8 and 24 visuals available at the same time. - You may want to review the [205]previous question regarding 8 bpp + You may want to review the [208]previous question regarding 8 bpp PseudoColor. - On some hardware (Sun/SPARC and SGI), the [206]-overlay option + On some hardware (Sun/SPARC and SGI), the [209]-overlay option discussed a couple paragraphs down may solve this for you (you may want to skip to it directly.) On other hardware the less robust - [207]-8to24 option may help (also discussed below.) + [210]-8to24 option may help (also discussed below.) Run xdpyinfo(1) to see what the default visual is and what the depths of the other visuals are. Does the default visual have a depth of 8 @@ -3038,7 +3162,7 @@ The -overlay mode: Another option is if the system with overlay visuals is a Sun system running Solaris or SGI running IRIX you can - use the [208]-overlay x11vnc option (Aug/2004) to have x11vnc use the + use the [211]-overlay x11vnc option (Aug/2004) to have x11vnc use the Solaris XReadScreen(3X11) function to poll the "true view" of the whole screen at depth 24 TrueColor. XReadDisplay(3X11) is used on IRIX. This is useful for Legacy applications (older versions of @@ -3063,7 +3187,7 @@ Xsun, e.g. in your /etc/dt/config/Xservers file.) - The -8to24 mode: The [209]-8to24 x11vnc option (Jan/2006) is a kludge + The -8to24 mode: The [212]-8to24 x11vnc option (Jan/2006) is a kludge to try to dynamically rewrite the pixel values so that the 8bpp part of the screen is mapped onto depth 24 TrueColor. This is less robust than the -overlay mode because it is done by x11vnc outside of the X @@ -3077,11 +3201,11 @@ 32bpp view is exported via VNC. Even on pure 8bpp displays it can be used as an alternative to - [210]-flashcmap to avoid color flashing completely. + [213]-flashcmap to avoid color flashing completely. This scheme is approximate and can often lead to painting errors. You can manually correct most painting errors by pressing 3 Alt_L's in a - row, or by using something like: [211]-fixscreen V=3.0 to + row, or by using something like: [214]-fixscreen V=3.0 to automatically refresh the screen every 3 seconds. Also -fixscreen 8=3.0 has been added to just refresh the non-default visual parts of the screen. @@ -3094,27 +3218,28 @@ nogetimage can give a nice speedup if the default depth 24 X server supports hiding the 8bpp bits in bits 25-32 of the framebuffer data. On very slow machines -8to24 poll=0.2,cachewin=5.0 gives an useful - speedup. See the [212]-8to24 help description for information on + speedup. See the [215]-8to24 help description for information on tunable parameters, etc. Colors still not working correctly? Run xwininfo on the application with the incorrect colors to verify that the depth of its visual is different from the default visual depth (gotten from xdpyinfo.) One - possible workaround in this case is to use the [213]-id option to + possible workaround in this case is to use the [216]-id option to point x11vnc at the application window itself. If the application is complicated (lots of toplevel windows and popup menus) this may not be - acceptable, and may even crash x11vnc (but not the application.) + acceptable, and may even crash x11vnc (but not the application.) See + also [217]-appshare. It is theoretically possible to solve this problem in general (see xwd(1) for example), but it does not seem trivial or sufficiently fast - for x11vnc to be able to do so in real time. The [214]-8to24 method + for x11vnc to be able to do so in real time. The [218]-8to24 method does this approximately and is somewhat usable. Fortunately the - [215]-overlay option works for Solaris machines with overlay visuals + [219]-overlay option works for Solaris machines with overlay visuals where most of this problem occurs. - Q-24: I am on a high color system (depth >= 24) but I seem to have + Q-25: I am on a high color system (depth >= 24) but I seem to have colormap problems. They either flash or everything is very dark. This can happen if the default Visual (use xdpyinfo to list them) is @@ -3139,22 +3264,22 @@ can make xwud do this for example. - Q-25: How do I figure out the window id to supply to the -id windowid + Q-26: How do I figure out the window id to supply to the -id windowid option? Run the xwininfo program in a terminal. It will ask you to click on the desired application window. After clicking, it will print out much information, including the window id (e.g. 0x6000010.) Also, the visual and depth of the window printed out is often useful in - debugging x11vnc [216]color problems. + debugging x11vnc [220]color problems. - Also, as of Dec/2004 you can use "[217]-id pick" to have x11vnc run + Also, as of Dec/2004 you can use "[221]-id pick" to have x11vnc run xwininfo(1) for you and after you click the window it extracts the windowid. Besides "pick" there is also "id:root" to allow you to go back to root window when doing remote-control. - Q-26: Why don't menus or other transient windows come up when I am + Q-27: Why don't menus or other transient windows come up when I am using the -id windowid option to view a single application window? This is related to the behavior of the XGetImage(3X11) and @@ -3166,10 +3291,16 @@ you should be able to see these transient windows. If things are not working and you still want to do the single window - polling, try the [218]-sid windowid option ("shifted" windowid.) + polling, try the [222]-sid windowid option ("shifted" windowid.) + Update: as of Nov/2009 in the 0.9.9 x11vnc developement tarball, there + is an experimental Application Sharing mode that improves upon the + -id/-sid single window sharing: [223]-appshare (run "x11vnc -appshare + -help" for more info.) It is still very primitive and approximate, but + at least it displays multiple top-level windows. - Q-27: My X display is depth 24 at 24bpp (instead of the normal depth + + Q-28: My X display is depth 24 at 24bpp (instead of the normal depth 24 at 32bpp.) I'm having lots of color and visual problems with x11vnc and/or vncviewer. What's up? @@ -3202,7 +3333,7 @@ handle 24bpp from the server, so you may want to use those. They evidently request 32 bpp and libvncserver obliges. - Update: as of Apr/2006 you can use the [219]-24to32 option to have + Update: as of Apr/2006 you can use the [224]-24to32 option to have x11vnc dynamically transform the 24bpp pixel data to 32bpp. This extra transformation could slow things down further however. @@ -3212,14 +3343,14 @@ couldn't find suitable pixmap format" so evidently you cannot use 24bpp for the vncviewers to work on that X display. - Note, however, that the Unix viewer in the [220]Enhanced TightVNC + Note, however, that the Unix viewer in the [225]Enhanced TightVNC Viewer (SSVNC) project can handle 24bpp X displays. It does this by requesting a 16bpp pixel format (or 8bpp if the -bgr233 option has been supplied) from the VNC server, and translates that to 24bpp locally. [Xterminals] - Q-28: Can I use x11vnc to view and interact with an Xterminal (e.g. + Q-29: Can I use x11vnc to view and interact with an Xterminal (e.g. NCD) that is not running UNIX and so x11vnc cannot be run on it directly? @@ -3227,9 +3358,9 @@ since you will be polling the X display over the network as opposed to over the local hardware. To do this, run x11vnc on a UNIX machine as close as possible network-wise (e.g. same switch) to the Xterminal - machine. Use the [221]-display option to point the display to that of + machine. Use the [226]-display option to point the display to that of the Xterminal (you'll of course need basic X11 permission to do that) - and finally supply the [222]-noshm option (this enables the polling + and finally supply the [227]-noshm option (this enables the polling over the network.) If the Xterminal's X display is open to the network for connections, @@ -3242,10 +3373,10 @@ The response will likely be sluggish (maybe only one "frame" per second.) This mode is not recommended except for "quick checks" of hard to get to X servers. Use something like "-wait 150" to cut down - on the polling rate. You may also need [223]-flipbyteorder if the + on the polling rate. You may also need [228]-flipbyteorder if the colors get messed up due to endian byte order differences. - Q-29: How do I get my X permissions (MIT-MAGIC-COOKIE file) correct + Q-30: How do I get my X permissions (MIT-MAGIC-COOKIE file) correct for a Unix/Linux machine acting as an Xterminal? If the X display machine is a traditional Xterminal (where the X @@ -3266,7 +3397,7 @@ copied to the Xterminal. If $HOME/.Xauthority is exported via NFS (this is insecure of course, but has been going on for decades), then x11vnc can simply pick it up via NFS (you may need to use the - [224]-auth option to point to the correct file.) Other options include + [229]-auth option to point to the correct file.) Other options include copying the auth file using scp, or something like: central-server> xauth nextract - xterm123:0 | ssh xterm123 xauth nmerge - @@ -3278,7 +3409,7 @@ details. If the display name in the cookie file needs to be changed between the - two hosts, see [225]this note on the "xauth add ..." command. + two hosts, see [230]this note on the "xauth add ..." command. A less secure option is to run something like "xhost +127.0.0.1" while sitting at the Xterminal box to allow cookie-free local access for @@ -3292,7 +3423,7 @@ occasional app more efficiently locally on the Xterminal box (e.g. realplayer.) - Not recommended, but as a last resort, you could have x11vnc [226]poll + Not recommended, but as a last resort, you could have x11vnc [231]poll the Xterminal Display over the network. For this you would run a "x11vnc -noshm ..." process on the central-server (and hope the network admin doesn't get angry...) @@ -3319,36 +3450,36 @@ [Sun Rays] - Q-30: I'm having trouble using x11vnc with my Sun Ray session. + Q-31: I'm having trouble using x11vnc with my Sun Ray session. - The [227]Sun Ray technology is a bit like "VNC done in hardware" (the + The [232]Sun Ray technology is a bit like "VNC done in hardware" (the Sun Ray terminal device, DTU, playing the role of the vncviewer.) Completely independent of that, the SunRay user's session is still an X server that speaks the X11 protocol and so x11vnc simply talks to the X server part to export the SunRay desktop to any place in the world (i.e. not only to a Sun Ray terminal device), creating a sort of - "Soft Ray". Please see [228]this discussion of Sun Ray issues for + "Soft Ray". Please see [233]this discussion of Sun Ray issues for solutions to problems. - Also see the [229]Sun Ray Remote Control Toolkit that uses x11vnc. + Also see the [234]Sun Ray Remote Control Toolkit that uses x11vnc. [Remote Control] - Q-31: How do I stop x11vnc once it is running in the background? + Q-32: How do I stop x11vnc once it is running in the background? As of Dec/2004 there is a remote control feature. It can change a huge - number of parameters on the fly: see the [230]-remote and [231]-query + number of parameters on the fly: see the [235]-remote and [236]-query options. To shut down the running x11vnc server just type "x11vnc -R stop". To disconnect all clients do "x11vnc -R disconnect:all", etc. - If the [232]-forever option has not been supplied, x11vnc will + If the [237]-forever option has not been supplied, x11vnc will automatically exit after the first client disconnects. In general if you cannot use the remote control, then you will have to kill the x11vnc process This can be done via: "kill NNNNN" (where NNNNN is the x11vnc process id number found from ps(1)), or "pkill x11vnc", or "killall x11vnc" (Linux only.) - If you have not put x11vnc in the background via the [233]-bg option + If you have not put x11vnc in the background via the [238]-bg option or shell & operator, then simply press Ctrl-C in the shell where x11vnc is running to stop it. @@ -3358,16 +3489,16 @@ down state in the Xserver. Tapping the stuck key (either via a new x11vnc or at the physical console) will release it from the stuck state. If the keyboard seems to be acting strangely it is often fixed - by tapping Ctrl, Shift, and Alt. Alternatively, the [234]-clear_mods - option and [235]-clear_keys option can be used to release pressed keys - at startup and exit. The option [236]-clear_all will also try to unset + by tapping Ctrl, Shift, and Alt. Alternatively, the [239]-clear_mods + option and [240]-clear_keys option can be used to release pressed keys + at startup and exit. The option [241]-clear_all will also try to unset Caps_Lock, Num_Lock, etc. - Q-32: Can I change settings in x11vnc without having to restart it? + Q-33: Can I change settings in x11vnc without having to restart it? Can I remote control it? - Look at the [237]-remote (an alias is -R) and [238]-query (an alias is + Look at the [242]-remote (an alias is -R) and [243]-query (an alias is -Q) options added in Dec/2004. They allow nearly everything to be changed dynamically and settings to be queried. Examples: "x11vnc -R shared", "x11vnc -R forever", "x11vnc -R scale:3/4", "x11vnc -Q @@ -3378,8 +3509,8 @@ property) is used as the communication channel, so the X permissions and DISPLAY must be set up correctly for communication to be possible. - There is also a simple Tcl/Tk [239]gui based on this remote control - mechanism. See the [240]-gui option for more info. You will need to + There is also a simple Tcl/Tk [244]gui based on this remote control + mechanism. See the [245]-gui option for more info. You will need to have Tcl/Tk (i.e. /usr/bin/wish) installed for it to work. It can also run in the system tray: "-gui tray" or as a standalone small icon window: "-gui icon". Use "-gui tray=setpass" for a naive user "Share @@ -3387,7 +3518,7 @@ [Security and Permissions] - Q-33: How do I create a VNC password for use with x11vnc? + Q-34: How do I create a VNC password for use with x11vnc? You may already have one in $HOME/.vnc/passwd if you have used, say, the vncserver program from the regular RealVNC or TightVNC packages @@ -3395,12 +3526,12 @@ vncpasswd(1) program from those packages. As of Jun/2004 x11vnc supports the -storepasswd "pass" "file" - [241]option, which is the same functionality of storepasswd. Be sure + [246]option, which is the same functionality of storepasswd. Be sure to quote the "pass" if it contains shell meta characters, spaces, etc. Example: x11vnc -storepasswd 'sword*fish' $HOME/myvncpasswd - You then use the password via the x11vnc option: "[242]-rfbauth + You then use the password via the x11vnc option: "[247]-rfbauth $HOME/myvncpasswd" As of Jan/2006 if you do not supply any arguments: @@ -3412,11 +3543,11 @@ ~/.mypass", the password you are prompted for will be stored in that file. - x11vnc also has the [243]-passwdfile and -passwd/-viewpasswd plain + x11vnc also has the [248]-passwdfile and -passwd/-viewpasswd plain text (i.e. not obscured like the -rfbauth VNC passwords) password options. - You can use the [244]-usepw option to automatically use any password + You can use the [249]-usepw option to automatically use any password file you have in ~/.vnc/passwd or ~/.vnc/passwdfile (the latter is used with the -passwdfile option.) @@ -3428,7 +3559,7 @@ who do not know better. - Q-34: Can I make it so -storepasswd doesn't show my password on the + Q-35: Can I make it so -storepasswd doesn't show my password on the screen? You can use the vncpasswd program from RealVNC or TightVNC mentioned @@ -3445,17 +3576,17 @@ ~/.mypass" - Q-35: Can I have two passwords for VNC viewers, one for full access + Q-36: Can I have two passwords for VNC viewers, one for full access and the other for view-only access to the display? - Yes, as of May/2004 there is the [245]-viewpasswd option to supply the - view-only password. Note the full-access password option [246]-passwd + Yes, as of May/2004 there is the [250]-viewpasswd option to supply the + view-only password. Note the full-access password option [251]-passwd must be supplied at the same time. E.g.: -passwd sword -viewpasswd fish. To avoid specifying the passwords on the command line (where they could be observed via the ps(1) command by any user) you can use the - [247]-passwdfile option to specify a file containing plain text + [252]-passwdfile option to specify a file containing plain text passwords. Presumably this file is readable only by you, and ideally it is located on the machine x11vnc is run on (to avoid being snooped on over the network.) The first line of this file is the full-access @@ -3463,7 +3594,7 @@ it is taken as the view-only password. (use "__EMPTY__" to supply an empty one.) - View-only passwords currently do not work for the [248]-rfbauth + View-only passwords currently do not work for the [253]-rfbauth password option (standard VNC password storing mechanism.) FWIW, note that although the output (usually placed in $HOME/.vnc/passwd) by the vncpasswd or storepasswd programs (or from x11vnc -storepasswd) looks @@ -3473,10 +3604,10 @@ straight-forward to work out what to do from the VNC source code. - Q-36: Can I have as many full-access and view-only passwords as I + Q-37: Can I have as many full-access and view-only passwords as I like? - Yes, as of Jan/2006 in the libvncserver CVS the [249]-passwdfile + Yes, as of Jan/2006 in the libvncserver CVS the [254]-passwdfile option has been extended to handle as many passwords as you like. You put the view-only passwords after a line __BEGIN_VIEWONLY__. @@ -3484,9 +3615,9 @@ You can have x11vnc re-read the file dynamically when it is modified. - Q-37: Does x11vnc support Unix usernames and passwords? Can I further + Q-38: Does x11vnc support Unix usernames and passwords? Can I further limit the set of Unix usernames who can connect to the VNC desktop? - Update: as of Feb/2006 x11vnc has the [250]-unixpw option that does + Update: as of Feb/2006 x11vnc has the [255]-unixpw option that does this outside of the VNC protocol and libvncserver. The standard su(1) program is used to validate the user's password. A familiar "login:" and "Password:" dialog is presented to the user on a black screen @@ -3496,7 +3627,7 @@ A list of allowed Unix usernames may also be supplied along with per-user settings. - There is also the [251]-unixpw_nis option for non-shadow-password + There is also the [256]-unixpw_nis option for non-shadow-password (typically NIS environments, hence the name) systems where the traditional getpwnam() and crypt() functions are used instead of su(1). The encrypted user passwords must be accessible to the user @@ -3505,11 +3636,11 @@ shadow(5). Two settings are enforced in the -unixpw and -unixpw_nis modes to - provide extra security: the 1) [252]-localhost and 2) [253]-stunnel or - [254]-ssl options. Without these one might send the Unix username and + provide extra security: the 1) [257]-localhost and 2) [258]-stunnel or + [259]-ssl options. Without these one might send the Unix username and password data in clear text over the network which is a very bad idea. They can be relaxed if you want to provide encryption other than - stunnel or [255]-ssl (the constraint is automatically relaxed if + stunnel or [260]-ssl (the constraint is automatically relaxed if SSH_CONNECTION is set and indicates you have ssh-ed in, however the -localhost requirement is still enforced.) @@ -3528,13 +3659,13 @@ approximate at best. One approximate method involves starting x11vnc with the - [256]-localhost option. This basically requires the viewer user to log + [261]-localhost option. This basically requires the viewer user to log into the workstation where x11vnc is running via their Unix username and password, and then somehow set up a port redirection of his vncviewer connection to make it appear to emanate from the local machine. As discussed above, ssh is useful for this: "ssh -L 5900:localhost:5900 user@hostname ..." See the ssh wrapper scripts - mentioned [257]elsewhere on this page. [258]stunnel does this as well. + mentioned [262]elsewhere on this page. [263]stunnel does this as well. Of course a malicious user could allow other users to get in through his channel, but that is a problem with every method. Another thing to @@ -3545,7 +3676,7 @@ traditional way would be to further require a VNC password to supplied (-rfbauth, -passwd, etc) and only tell the people allowed in what the VNC password is. A scheme that avoids a second password involves using - the [259]-accept option that runs a program to examine the connection + the [264]-accept option that runs a program to examine the connection information to determine which user is connecting from the local machine. That may be difficult to do, but, for example, the program could use the ident service on the local machine (normally ident @@ -3577,11 +3708,11 @@ always be "root". - Q-38: Can I supply an external program to provide my own custom login + Q-39: Can I supply an external program to provide my own custom login method (e.g. Dynamic/One-time passwords or non-Unix (LDAP) usernames and passwords)? Yes, there are several possibilities. For background see the FAQ on - the [260]-accept where an external program may be run to decide if a + the [265]-accept where an external program may be run to decide if a VNC client should be allowed to try to connect and log in. If the program (or local user prompted by a popup) answers "yes", then -accept proceeds to the normal VNC and x11vnc authentication methods, @@ -3589,26 +3720,26 @@ To provide more direct coupling to the VNC client's username and/or supplied password the following options were added in Sep/2006: - * [261]-unixpw_cmd command - * [262]-passwdfile cmd:command - * [263]-passwdfile custom:command + * [266]-unixpw_cmd command + * [267]-passwdfile cmd:command + * [268]-passwdfile custom:command In each case "command" is an external command run by x11vnc. You supply it. For example, it may couple to your LDAP system or other servers you set up. - For [264]-unixpw_cmd the normal [265]-unixpw Login: and Password: + For [269]-unixpw_cmd the normal [270]-unixpw Login: and Password: prompts are supplied to the VNC viewer and the strings the client returns are then piped into "command" as the first two lines of its standard input. If the command returns success, i.e. exit(0), the VNC client is accepted, otherwise it is rejected. - For "[266]-passwdfile cmd:command" the command is run and it returns a - password list (like a password file, see the [267]-passwdfile + For "[271]-passwdfile cmd:command" the command is run and it returns a + password list (like a password file, see the [272]-passwdfile read:filename mode.) Perhaps a dynamic, one-time password is retrieved from a server this way. - For "[268]-passwdfile custom:command" one gets complete control over + For "[273]-passwdfile custom:command" one gets complete control over the VNC challenge-response dialog with the VNC client. x11vnc sends out a string of random bytes (16 by the VNC spec) and the client returns the same number of bytes in a way the server can verify only @@ -3622,33 +3753,33 @@ accepted, otherwise it is rejected. In all cases the "RFB_*" environment variables are set as under - [269]-accept. These variables can provide useful information for the + [274]-accept. These variables can provide useful information for the externally supplied program to use. - Q-39: Why does x11vnc exit as soon as the VNC viewer disconnects? And + Q-40: Why does x11vnc exit as soon as the VNC viewer disconnects? And why doesn't it allow more than one VNC viewer to connect at the same time? These defaults are simple safety measures to avoid someone unknowingly leaving his X11 desktop exposed (to the internet, say) for long - periods of time. Use the [270]-forever option (aka -many) to have + periods of time. Use the [275]-forever option (aka -many) to have x11vnc wait for more connections after the first client disconnects. - Use the [271]-shared option to have x11vnc allow multiple clients to + Use the [276]-shared option to have x11vnc allow multiple clients to connect simultaneously. - Recommended additional safety measures include using ssh ([272]see - above), stunnel, [273]-ssl, or a VPN to authenticate and encrypt the + Recommended additional safety measures include using ssh ([277]see + above), stunnel, [278]-ssl, or a VPN to authenticate and encrypt the viewer connections or to at least use the -rfbauth passwd-file - [274]option to use VNC password protection (or [275]-passwdfile) It is + [279]option to use VNC password protection (or [280]-passwdfile) It is up to YOU to apply these security measures, they will not be done for you automatically. - Q-40: Can I limit which machines incoming VNC clients can connect + Q-41: Can I limit which machines incoming VNC clients can connect from? - Yes, look at the [276]-allow and [277]-localhost options to limit + Yes, look at the [281]-allow and [282]-localhost options to limit connections by hostname or IP address. E.g. x11vnc -allow 192.168.0.1,192.168.0.2 @@ -3660,11 +3791,11 @@ Note that -localhost achieves the same thing as "-allow 127.0.0.1" For more control, build libvncserver with libwrap support - [278](tcp_wrappers) and then use /etc/hosts.allow See hosts_access(5) + [283](tcp_wrappers) and then use /etc/hosts.allow See hosts_access(5) for complete details. - Q-41: How do I build x11vnc/libvncserver with libwrap (tcp_wrappers) + Q-42: How do I build x11vnc/libvncserver with libwrap (tcp_wrappers) support? Here is one way to pass this information to the configure script: @@ -3680,43 +3811,43 @@ is "vnc", e.g.: vnc: 192.168.100.3 .example.com - Note that if you run x11vnc out of [279]inetd you do not need to build + Note that if you run x11vnc out of [284]inetd you do not need to build x11vnc with libwrap support because the /usr/sbin/tcpd reference in /etc/inetd.conf handles the tcp_wrappers stuff. - Q-42: Can I have x11vnc only listen on one network interface (e.g. + Q-43: Can I have x11vnc only listen on one network interface (e.g. internal LAN) rather than having it listen on all network interfaces and relying on -allow to filter unwanted connections out? - As of Mar/2005 there is the "[280]-listen ipaddr" option that enables + As of Mar/2005 there is the "[285]-listen ipaddr" option that enables this. For ipaddr either supply the desired network interface's IP address (or use a hostname that resolves to it) or use the string "localhost". For additional filtering simultaneously use the - "[281]-allow host1,..." option to allow only specific hosts in. + "[286]-allow host1,..." option to allow only specific hosts in. This option is useful if you want to insure that no one can even begin a dialog with x11vnc from untrusted network interfaces (e.g. ppp0.) - The option [282]-localhost now implies "-listen localhost" since that + The option [287]-localhost now implies "-listen localhost" since that is what most people expect it to do. - Q-43: Now that -localhost implies listening only on the loopback + Q-44: Now that -localhost implies listening only on the loopback interface, how I can occasionally allow in a non-localhost via the -R allowonce remote control command? - To do this specify "[283]-allow localhost". Unlike [284]-localhost + To do this specify "[288]-allow localhost". Unlike [289]-localhost this will leave x11vnc listening on all interfaces (but of course only allowing in local connections, e.g. ssh redirs.) Then you can later run "x11vnc -R allowonce:somehost" or use to gui to permit a one-shot connection from a remote host. - Q-44: Can I fine tune what types of user input are allowed? E.g. have + Q-45: Can I fine tune what types of user input are allowed? E.g. have some users just be able to move the mouse, but not click or type anything? - As of Feb/2005, the [285]-input option allows you to do this. "K", + As of Feb/2005, the [290]-input option allows you to do this. "K", "M", "B", "C", and "F" stand for Keystroke, Mouse-motion, Button-clicks, Clipboard, and File-Transfer, respectively. The setting: "-input M" makes attached viewers only able to move the @@ -3727,12 +3858,12 @@ remote control mechanism or the GUI. E.g. x11vnc -R input:hostname:M - Q-45: Can I prompt the user at the local X display whether the + Q-46: Can I prompt the user at the local X display whether the incoming VNC client should be accepted or not? Can I decide to make some clients view-only? How about running an arbitrary program to make the decisions? - Yes, look at the "[286]-accept command" option, it allows you to + Yes, look at the "[291]-accept command" option, it allows you to specify an external command that is run for each new client. (use quotes around the command if it contains spaces, etc.) If the external command returns 0 (success) the client is accepted, otherwise with any @@ -3753,7 +3884,7 @@ client press "y" or click mouse on the "Yes" button. To reject the client press "n" or click mouse on the "No" button. To accept the client View-only, press "v" or click mouse on the "View" button. If - the [287]-viewonly option has been supplied, the "View" action will + the [292]-viewonly option has been supplied, the "View" action will not be present: the whole display is view only in that case. The popup window times out after 120 seconds, to change this behavior @@ -3768,7 +3899,7 @@ program to prompt the user whether the client should be accepted or not. This requires that you have xmessage installed and available via PATH. In case it is not already on your system, the xmessage program - is available at [288]ftp://ftp.x.org/ + is available at [293]ftp://ftp.x.org/ (End of Built-in Popup Window:) To include view-only decisions for the external commands, prefix the @@ -3808,7 +3939,7 @@ fi exit 1 - Stefan Radman has written a nice dtksh script [289]dtVncPopup for use + Stefan Radman has written a nice dtksh script [294]dtVncPopup for use in CDE environments to do the same sort of thing. Information on how to use it is found at the top of the file. He encourages you to provide feedback to him to help improve the script. @@ -3817,23 +3948,23 @@ popup is being run, so attached clients will not receive screen updates, etc during this period. - To run a command when a client disconnects, use the "[290]-gone + To run a command when a client disconnects, use the "[295]-gone command" option. This is for the user's convenience only: the return code of the command is not interpreted by x11vnc. The same environment variables are set as in "-accept command" (except that RFB_MODE will be "gone".) - As of Jan/2006 the "[291]-afteraccept command" option will run the + As of Jan/2006 the "[296]-afteraccept command" option will run the command only after the VNC client has been accepted and authenticated. Like -gone the return code is not interpreted. RFB_MODE will be "afteraccept".) - Q-46: I start x11vnc as root because it is launched via inetd(8) or a + Q-47: I start x11vnc as root because it is launched via inetd(8) or a display manager like gdm(1). Can I have x11vnc later switch to a different user? - As of Feb/2005 x11vnc has the [292]-users option that allows things + As of Feb/2005 x11vnc has the [297]-users option that allows things like this. Please read the documentation on it (also in the x11vnc -help output) carefully for features and caveats. It's use can often decrease security unless care is taken. @@ -3845,7 +3976,7 @@ warranty ;-). - Q-47: I use a screen-lock when I leave my workstation (e.g. + Q-48: I use a screen-lock when I leave my workstation (e.g. xscreensaver or xlock.) When I remotely access my workstation desktop via x11vnc I can unlock the desktop fine, but I am worried people will see my activities on the physical monitor. What can I do to prevent @@ -3858,7 +3989,7 @@ In any event, as of Jun/2004 there is an experimental utility to make it more difficult for nosey people to see your x11vnc activities. The - source for it is [293]blockdpy.c The idea behind it is simple (but + source for it is [298]blockdpy.c The idea behind it is simple (but obviously not bulletproof): when a VNC client attaches to x11vnc put the display monitor in the DPMS "off" state, if the DPMS state ever changes immediately start up the screen-lock program. The x11vnc user @@ -3874,8 +4005,8 @@ bulletproof. A really robust solution would likely require X server and perhaps even video hardware support. - The blockdpy utility is launched by the [294]-accept option and told - to exit via the [295]-gone option (the vnc client user should + The blockdpy utility is launched by the [299]-accept option and told + to exit via the [300]-gone option (the vnc client user should obviously re-lock the screen before disconnecting!) Instructions can be found in the source code for the utility at the above link. Roughly it is something like this: @@ -3884,17 +4015,17 @@ but please read the top of the file. Update: As of Feb/2007 there is some builtin support for this: - [296]-forcedpms and [297]-clientdpms however, they are probably less + [301]-forcedpms and [302]-clientdpms however, they are probably less robust than the above blockdpy.c scheme, since if the person floods the physical machine with mouse or pointer input he can usually see flashes of the screen before the monitor is powered off again. See - also the [298]-grabkbd, [299]-grabptr, and [300]-grabalways options. + also the [303]-grabkbd, [304]-grabptr, and [305]-grabalways options. - Q-48: Can I have x11vnc automatically lock the screen when I + Q-49: Can I have x11vnc automatically lock the screen when I disconnect the VNC viewer? - Yes, a user mentions he uses the [301]-gone option under CDE to run a + Yes, a user mentions he uses the [306]-gone option under CDE to run a screen lock program: x11vnc -display :0 -forever -gone 'dtaction LockDisplay' @@ -3904,7 +4035,7 @@ x11vnc -display :0 -forever -gone 'xlock &' x11vnc -display :0 -forever -gone 'xlock -mode blank &' - Here is a scheme using the [302]-afteraccept option (in version 0.8) + Here is a scheme using the [307]-afteraccept option (in version 0.8) to unlock the screen after the first valid VNC login and to lock the screen after the last valid VNC login disconnects: x11vnc -display :0 -forever -shared -afteraccept ./myxlocker -gone ./myxlocke @@ -3942,24 +4073,24 @@ then use -gone "setpgrp xlock &", etc. [Encrypted Connections] - Q-49: How can I tunnel my connection to x11vnc via an encrypted SSH + Q-50: How can I tunnel my connection to x11vnc via an encrypted SSH channel between two Unix machines? - See the description earlier on this page on [303]how to tunnel VNC via + See the description earlier on this page on [308]how to tunnel VNC via SSH from Unix to Unix. A number of ways are described along with some issues you may encounter. Other secure encrypted methods exists, e.g. stunnel, IPSEC, various VPNs, etc. - See also the [304]Enhanced TightVNC Viewer (SSVNC) page where much of + See also the [309]Enhanced TightVNC Viewer (SSVNC) page where much of this is now automated. - Q-50: How can I tunnel my connection to x11vnc via an encrypted SSH + Q-51: How can I tunnel my connection to x11vnc via an encrypted SSH channel from Windows using an SSH client like Putty? - [305]Above we described how to tunnel VNC via SSH from Unix to Unix, + [310]Above we described how to tunnel VNC via SSH from Unix to Unix, you may want to review it. To do this from Windows using Putty it would go something like this: * In the Putty dialog window under 'Session' enter the hostname or @@ -3980,11 +4111,11 @@ :0 (plus other cmdline options) in the 'Remote command' Putty setting under 'Connections/SSH'. - See also the [306]Enhanced TightVNC Viewer (SSVNC) page where much of + See also the [311]Enhanced TightVNC Viewer (SSVNC) page where much of this is now automated via the Putty plink utility. - For extra protection feel free to run x11vnc with the [307]-localhost - and [308]-rfbauth/[309]-passwdfile options. + For extra protection feel free to run x11vnc with the [312]-localhost + and [313]-rfbauth/[314]-passwdfile options. If the machine you SSH into via Putty is not the same machine with the X display you wish to view (e.g. your company provides incoming SSH @@ -3992,21 +4123,21 @@ dialog setting to: 'Destination: otherhost:5900', Once logged in, you'll need to do a second login (ssh or rsh) to the workstation machine 'otherhost' and then start up x11vnc on it. This can also be - automated by [310]Chaining SSH's. + automated by [315]Chaining SSH's. - As discussed [311]above another option is to first start the VNC + As discussed [316]above another option is to first start the VNC viewer in "listen" mode, and then launch x11vnc with the - "[312]-connect localhost" option to establish the reverse connection. + "[317]-connect localhost" option to establish the reverse connection. In this case a Remote port redirection (not Local) is needed for port 5500 instead of 5900 (i.e. 'Source port: 5500' and 'Destination: localhost:5500' for a Remote connection.) - Q-51: How can I tunnel my connection to x11vnc via an encrypted SSL + Q-52: How can I tunnel my connection to x11vnc via an encrypted SSL channel using an external tool like stunnel? It is possible to use a "lighter weight" encryption setup than SSH or - IPSEC. SSL tunnels such as [313]stunnel (also [314]stunnel.mirt.net) + IPSEC. SSL tunnels such as [318]stunnel (also [319]stunnel.mirt.net) provide an encrypted channel without the need for Unix users, passwords, and key passphrases required for ssh (and at the other extreme SSL can also provide a complete signed certificate chain of @@ -4014,9 +4145,9 @@ and firewalls often let its port through, ssh is frequently the path of least resistance (it also nicely manages public keys for you.) - Update: As of Feb/2006 x11vnc has the options [315]-ssl, - [316]-stunnel, and [317]-sslverify to provide integrated SSL schemes. - They are discussed [318]in the Next FAQ (you probably want to skip to + Update: As of Feb/2006 x11vnc has the options [320]-ssl, + [321]-stunnel, and [322]-sslverify to provide integrated SSL schemes. + They are discussed [323]in the Next FAQ (you probably want to skip to it now.) We include these non-built-in method descriptions below for historical @@ -4024,7 +4155,7 @@ any VNC (or other type of) server. - Here are some basic examples using [319]stunnel but the general idea + Here are some basic examples using [324]stunnel but the general idea for any SSL tunnel utility is the same: * Start up x11vnc and constrain it to listen on localhost. * Then start up the SSL tunnel running on the same machine to @@ -4048,7 +4179,7 @@ The above two commands are run on host "far-away.east". The stunnel.pem is the self-signed PEM file certificate created when - stunnel is built. One can also create certificates [320]signed by + stunnel is built. One can also create certificates [325]signed by Certificate Authorities or self-signed if desired using the x11vnc utilities described there. @@ -4062,21 +4193,21 @@ Then point the viewer to the local tunnel on port 5902: vncviewer -encodings "copyrect tight zrle hextile" localhost:2 - That's it. Note that the [321]ss_vncviewer script can automate this - easily, and so can the [322]Enhanced TightVNC Viewer (SSVNC) package. + That's it. Note that the [326]ss_vncviewer script can automate this + easily, and so can the [327]Enhanced TightVNC Viewer (SSVNC) package. Be sure to use a VNC password because unlike ssh by default the encrypted SSL channel provides no authentication (only privacy.) With some extra configuration one could also set up certificates to provide authentication of either or both sides as well (and hence avoid man-in-the-middle attacks.) See the stunnel and openssl documentation - and also [323]the key management section for details. + and also [328]the key management section for details. stunnel has also been ported to Windows, and there are likely others to choose from for that OS. Much info for using it on Windows can be - found at the stunnel site and in this [324]article The article also + found at the stunnel site and in this [329]article The article also shows the detailed steps to set up all the authentication - certificates. (for both server and clients, see also the [325]x11vnc + certificates. (for both server and clients, see also the [330]x11vnc utilities that do this.) The default Windows client setup (no certs) is simpler and only 4 files are needed in a folder: stunnel.exe, stunnel.conf, libssl32.dll, libeay32.dll. We used an stunnel.conf @@ -4097,7 +4228,7 @@ As an aside, if you don't like the little "gap" of unencrypted TCP traffic (and a localhost listening socket) on the local machine between stunnel and x11vnc it can actually be closed by having stunnel - start up x11vnc in [326]-inetd mode: + start up x11vnc in [331]-inetd mode: stunnel -p /path/to/stunnel.pem -P none -d 5900 -l ./x11vnc_sh Where the script x11vnc_sh starts up x11vnc: @@ -4134,36 +4265,36 @@ SSL VNC Viewers: Regarding VNC viewers that "natively" do SSL unfortunately there do - not seem to be many. The [327]SingleClick UltraVNC Java Viewer is SSL - and is compatible with x11vnc's [328]-ssl option and stunnel.) + not seem to be many. The [332]SingleClick UltraVNC Java Viewer is SSL + and is compatible with x11vnc's [333]-ssl option and stunnel.) Commercial versions of VNC seem to have some SSL-like encryption built in, but we haven't tried those either and they probably wouldn't work since their (proprietary) SSL-like negotiation is likely embedded in the VNC protocol unlike our case where it is external. - Note: as of Mar/2006 libvncserver/x11vnc provides a [329]SSL-enabled - Java applet that can be served up via the [330]-httpdir or [331]-http - options when [332]-ssl is enabled. It will also be served via HTTPS + Note: as of Mar/2006 libvncserver/x11vnc provides a [334]SSL-enabled + Java applet that can be served up via the [335]-httpdir or [336]-http + options when [337]-ssl is enabled. It will also be served via HTTPS via either the VNC port (e.g. https://host:5900/) or a 2nd port via - the [333]-https option. + the [338]-https option. In general current SSL VNC solutions are not particularly "seemless". But it can be done, and with a wrapper script on the viewer side and - the [334]-stunnel or [335]-ssl option on the server side it works well - and is convenient. Here is a simple script [336]ss_vncviewer that + the [339]-stunnel or [340]-ssl option on the server side it works well + and is convenient. Here is a simple script [341]ss_vncviewer that automates running stunnel on the VNC viewer side on Unix a little more carefully than the commands printed above. (One could probably do a similar thing with a .BAT file on Windows in the stunnel folder.) - Update Jul/2006: we now provide an [337]Enhanced TightVNC Viewer + Update Jul/2006: we now provide an [342]Enhanced TightVNC Viewer (SSVNC) package that starts up STUNNEL automatically along with some other features. All binaries (stunnel, vncviewer, and some utilities) are provided in the package. It works on Unix, Mac OS X, and Windows. - Q-52: Does x11vnc have built-in SSL tunneling? + Q-53: Does x11vnc have built-in SSL tunneling? - You can read about non-built-in methods [338]in the Previous FAQ for + You can read about non-built-in methods [343]in the Previous FAQ for background. SSL tunnels provide an encrypted channel without the need for Unix @@ -4175,12 +4306,12 @@ Built-in SSL x11vnc options: - As of Feb/2006 the x11vnc [339]-ssl option automates the SSL tunnel - creation on the x11vnc server side. An [340]SSL-enabled Java Viewer + As of Feb/2006 the x11vnc [344]-ssl option automates the SSL tunnel + creation on the x11vnc server side. An [345]SSL-enabled Java Viewer applet is also provided that can be served via HTTP or HTTPS to automate SSL on the client side. - The [341]-ssl mode uses the [342]www.openssl.org library if available + The [346]-ssl mode uses the [347]www.openssl.org library if available at build time. The mode requires an SSL certificate and key (i.e. .pem file.) These @@ -4206,11 +4337,11 @@ "-ssl SAVE_NOPROMPT" to not be prompted. Use "-ssl TMP" to create a temporary self-signed cert that will be discarded when x11vnc exits. - Update: As of Nov/2008 x11vnc also supports the [343]VeNCrypt SSL/TLS + Update: As of Nov/2008 x11vnc also supports the [348]VeNCrypt SSL/TLS tunnel extension to the VNC protocol. The older ANONTLS method (vino) is also supported. This support is on by default when the -ssl option - is in use and can be fine-tuned using these options: [344]-vencrypt - and [345]-anontls. + is in use and can be fine-tuned using these options: [349]-vencrypt + and [350]-anontls. The normal x11vnc -ssl operation is somewhat like a URL method vncs://hostname if vnc://hostname indicates a standard unencrypted VNC @@ -4222,7 +4353,7 @@ SSL VNC Viewers:. Viewer-side will need to use SSL as well. See the - [346]next FAQ and [347]here for SSL enabled VNC Viewers, including + [351]next FAQ and [352]here for SSL enabled VNC Viewers, including SSVNC, to connect to the above x11vnc via SSL. @@ -4237,12 +4368,12 @@ is to encrypt the key with a passphrase (note however this requires supplying the passphrase each time x11vnc is started up.) - See the discussion on [348]x11vnc Key Management for some utilities + See the discussion on [353]x11vnc Key Management for some utilities provided for creating and managing certificates and keys and even for creating your own Certificate Authority (CA) for signing VNC server and client certificates. This may be done by importing the certificate into Web Browser or Java plugin keystores, or pointing stunnel to it. - The wrapper script [349]ss_vncviewer provides an example on unix (see + The wrapper script [354]ss_vncviewer provides an example on unix (see the -verify option.) Here are some notes on the simpler default (non-CA) operation. To have @@ -4256,7 +4387,7 @@ the possibility of copying the server.crt to machines where the VNC Viewer will be run to enable authenticating the x11vnc SSL VNC server to the clients. When authentication takes place this way (or via the - more sophisticated CA signing described [350]here), then + more sophisticated CA signing described [355]here), then Man-In-The-Middle-Attacks are prevented. Otherwise, the SSL encryption only provides protection against passive network traffic "sniffing" (i.e. you are not protected against M-I-T-M attacks.) Nowadays, most @@ -4288,11 +4419,11 @@ The older -stunnel option: Before the -ssl option there was a - convenience option [351]-stunnel that would start an external SSL + convenience option [356]-stunnel that would start an external SSL tunnel for you using stunnel. The -ssl method is the preferred way, but for historical reference we keep the -stunnel info here. - The [352]-stunnel mode requires the [353]www.stunnel.org command + The [357]-stunnel mode requires the [358]www.stunnel.org command stunnel(8) to be installed on the system. Some -stunnel examples: @@ -4316,15 +4447,15 @@ TMP".) - Q-53: How do I use VNC Viewers with built-in SSL tunneling? + Q-54: How do I use VNC Viewers with built-in SSL tunneling? Notes on using "native" VNC Viewers with SSL: There aren't any native VNC Viewers that do SSL (ask your VNC viewer developer to add the feature.) So a tunnel must be setup that you point the VNC Viewer to. This is often STUNNEL. You can do this - [354]manually, or use the [355]ss_vncviewer script on Unix, or our - [356]Enhanced TightVNC Viewer (SSVNC) package on Unix, Windows, or + [359]manually, or use the [360]ss_vncviewer script on Unix, or our + [361]Enhanced TightVNC Viewer (SSVNC) package on Unix, Windows, or MacOSX. See the next section for Java Web browser SSL VNC Viewers (you only need a Java-enabled Web browser for it to work.) @@ -4336,13 +4467,13 @@ The SSL enabled Java VNC Viewer (VncViewer.jar) in the x11vnc package supports only SSL based connections by default. As mentioned above the - [357]-httpdir can be used to specify the path to .../classes/ssl. A + [362]-httpdir can be used to specify the path to .../classes/ssl. A typical location might be /usr/local/share/x11vnc/classes/ssl. Or - [358]-http can be used to try to have it find the directory + [363]-http can be used to try to have it find the directory automatically. - Also note that the [359]SingleClick UltraVNC Java Viewer is compatible - with x11vnc's [360]-ssl SSL mode. (We tested it this way: "java -cp + Also note that the [364]SingleClick UltraVNC Java Viewer is compatible + with x11vnc's [365]-ssl SSL mode. (We tested it this way: "java -cp ./VncViewer.jar VncViewer HOST far-away.east PORT 5900 USESSL 1 TRUSTALL 1") @@ -4377,13 +4508,13 @@ If you are using a router/firewall with port-redirection, and you are redirecting ports other than the default ones (5800, 5900) listed - above [361]see here. + above [366]see here. The https service provided thru the actual VNC port (5900 in the above example) can occasionally be slow or unreliable (it has to read some input and try to guess if the connection is VNC or HTTP.) If it is unreliable for you and you still want to serve the Java applet via - https, use the [362]-https option to get an additional port dedicated + https, use the [367]-https option to get an additional port dedicated to https (its URL will also be printed in the output.) Another possibility is to add the GET applet parameter: @@ -4396,7 +4527,7 @@ You may also use "urlPrefix=somestring" to have /somestring prepended to /request.https.vnc.connection". Perhaps you are using a web server - [363]proxy scheme to enter a firewall or otherwise have rules applied + [368]proxy scheme to enter a firewall or otherwise have rules applied to the URL. If you need to have any slashes "/" in "somestring" use "_2F_" (a deficiency in libvncserver prevents using the more natural "%2F".) @@ -4489,12 +4620,12 @@ Then, if you plan to use them, enable "fancy stuff" like "-svc" or "-unixpw", etc, etc. Be sure to add a password either "-rfbauth" or "-unixpw" or both. If you need to have the web browser use a corporate - [364]Web Proxy (i.e. it cannot connect directly) work on that last. - Ditto for the [365]Apache portal. + [369]Web Proxy (i.e. it cannot connect directly) work on that last. + Ditto for the [370]Apache portal. Router/Firewall port redirs: If you are doing port redirection at - your [366]router to an internal machine running x11vnc AND the + your [371]router to an internal machine running x11vnc AND the internet facing port is different from the internal machine's VNC port, you will need to apply the PORT applet parameter to indicate to the applet the Internet facing port number (otherwise by default the @@ -4504,7 +4635,7 @@ So in this example the user configures his router to redirect connections to port 443 on his Internet side to, say, port 5900 on the - internal machine running x11vnc. See also the [367]-httpsredir option + internal machine running x11vnc. See also the [372]-httpsredir option that will try to automate this for you. To configure your router to do port redirection, see its instructions. @@ -4515,7 +4646,7 @@ or Unix system acting as your firewall/router, see its firewall configuration. - You can also use x11vnc options [368]-rfbport NNNNN and [369]-httpport + You can also use x11vnc options [373]-rfbport NNNNN and [374]-httpport NNNNN to match the ports that your firewall will be redirecting to the machine where x11vnc is run. @@ -4544,12 +4675,12 @@ NOT linger at. If you see in the x11vnc output a request for VncViewer.class instead of VncViewer.jar it is too late... you will need to completely restart the Web browser to get it to try for the - jar again. You can use the [370]-https option if you want a dedicated + jar again. You can use the [375]-https option if you want a dedicated port for HTTPS connections instead of sharing the VNC port. To see example x11vnc output for a successful https://host:5900/ - connection with the Java Applet see [371]This Page. And here is a - newer example [372]including the Java Console output. + connection with the Java Applet see [376]This Page. And here is a + newer example [377]including the Java Console output. All of the x11vnc Java Viewer applet parameters are described in the file classes/ssl/README @@ -4560,10 +4691,10 @@ If you want to use a native VNC Viewer with the SSL enabled x11vnc you will need to run an external SSL tunnel on the Viewer side. There do not seem to be any native SSL VNC Viewers outside of our x11vnc and - [373]SSVNC packages. The basic ideas of doing this were discussed - [374]for external tunnel utilities here. + [378]SSVNC packages. The basic ideas of doing this were discussed + [379]for external tunnel utilities here. - The [375]ss_vncviewer script provided with x11vnc and SSVNC can set up + The [380]ss_vncviewer script provided with x11vnc and SSVNC can set up the stunnel tunnel automatically on unix as long as the stunnel command is installed on the Viewer machine and available in PATH (and vncviewer too of course.) Note that on a Debian based system you will @@ -4597,20 +4728,20 @@ The fifth one shows that Web proxies can be used if that is the only way to get out of the firewall. If the "double proxy" situation arises - separate the two by commas. See [376]this page for more information on + separate the two by commas. See [381]this page for more information on how Web proxies come into play. - If one uses a Certificate Authority (CA) scheme described [377]here, + If one uses a Certificate Authority (CA) scheme described [382]here, the wrapper script would use the CA cert instead of the server cert: 3') ss_vncviewer -verify ./cacert.crt far-away.east:0 - Update Jul/2006: we now provide an [378]Enhanced TightVNC Viewer + Update Jul/2006: we now provide an [383]Enhanced TightVNC Viewer (SSVNC) package that starts up STUNNEL automatically along with some other features. All binaries (stunnel, vncviewer, and some utilities) are provided in the package. It works on Unix, Mac OS X, and Windows. - Q-54: How do I use the Java applet VNC Viewer with built-in SSL + Q-55: How do I use the Java applet VNC Viewer with built-in SSL tunneling when going through a Web Proxy? The SSL enabled Java VNC Viewer and firewall Proxies: @@ -4667,36 +4798,36 @@ https://yourmachine.com/proxy.vnc?PORT=443 this is cleaner because it avoids editing the file, but requires more - parameters in the URL. See also the [379]-httpsredir x11vnc option - that will try to automate this for you. To use the GET [380]trick + parameters in the URL. See also the [384]-httpsredir x11vnc option + that will try to automate this for you. To use the GET [385]trick discussed above, do: https://yourmachine.com/proxy.vnc?GET=1&PORT=443 All of the x11vnc Java Viewer applet parameters are described in the file classes/ssl/README - Here is an example of Java Console and x11vnc output for the [381]Web + Here is an example of Java Console and x11vnc output for the [386]Web proxy case. - Note that both the [382]ss_vncviewer stunnel Unix wrapper script and - [383]Enhanced TightVNC Viewer (SSVNC) can use Web proxies as well even + Note that both the [387]ss_vncviewer stunnel Unix wrapper script and + [388]Enhanced TightVNC Viewer (SSVNC) can use Web proxies as well even though they do not involve a Web browser. - Q-55: Can Apache web server act as a gateway for users to connect via + Q-56: Can Apache web server act as a gateway for users to connect via SSL from the Internet with a Web browser to x11vnc running on their workstations behind a firewall? Yes. You will need to configure apache to forward these connections. - It is discussed [384]here. This provides a clean alternative to the + It is discussed [389]here. This provides a clean alternative to the traditional method where the user uses SSH to log in through the gateway to create the encrypted port redirection to x11vnc running on her desktop. - Q-56: Can I create and use my own SSL Certificate Authority (CA) with + Q-57: Can I create and use my own SSL Certificate Authority (CA) with x11vnc? - Yes, see [385]this page for how to do this and the utility commands + Yes, see [390]this page for how to do this and the utility commands x11vnc provides to create and manage many types of certificates and private keys. @@ -4704,7 +4835,7 @@ [Display Managers and Services] - Q-57: How can I run x11vnc as a "service" that is always available? + Q-58: How can I run x11vnc as a "service" that is always available? There are a number of ways to do this. The primary thing you need to decide is whether you want x11vnc to connect to the X session on the @@ -4715,14 +4846,14 @@ need to have sufficient permissions to connect to the X display. Here are some ideas: - * Use the description under "Continuously" in the [386]FAQ on x11vnc + * Use the description under "Continuously" in the [391]FAQ on x11vnc and Display Managers - * Use the description in the [387]FAQ on x11vnc and inetd(8) - * Use the description in the [388]FAQ on Unix user logins and + * Use the description in the [392]FAQ on x11vnc and inetd(8) + * Use the description in the [393]FAQ on Unix user logins and inetd(8) * Start x11vnc from your $HOME/.xsession (or $HOME/.xinitrc or autostart script or ...) - * Although less reliable, see the [389]x11vnc_loop rc.local hack + * Although less reliable, see the [394]x11vnc_loop rc.local hack below. The display manager scheme will not be specific to which user has the @@ -4744,9 +4875,9 @@ X startup scripts (traditionally .xsession/.xinitrc) may have to be in a different directory or have a different basename. One user recommends the description under 'Running Scripts Automatically' at - [390]this link. + [395]this link. - Firewalls: note all methods will require the host-level [391]firewall + Firewalls: note all methods will require the host-level [396]firewall to be configured to allow connections in on a port. E.g. 5900 (default VNC port) or 22 (default SSH port for tunnelling VNC.) Most systems these days have firewalls turned on by default, so you will actively @@ -4755,7 +4886,7 @@ (Yast, Firestarter, etc.) - Q-58: How can I use x11vnc to connect to an X login screen like xdm, + Q-59: How can I use x11vnc to connect to an X login screen like xdm, GNOME gdm, KDE kdm, or CDE dtlogin? (i.e. nobody is logged into an X session yet.) _________________________________________________________________ @@ -4768,7 +4899,7 @@ while running x11vnc as root, e.g. for the gnome display manager, gdm: x11vnc -auth /var/gdm/:0.Xauth -display :0 - (the [392]-auth option sets the XAUTHORITY variable for you.) + (the [397]-auth option sets the XAUTHORITY variable for you.) There will be a similar thing for xdm using however a different auth directory path (perhaps something like @@ -4790,15 +4921,31 @@ (or /etc/gdm/gdm.conf, etc.) avoids this. Otherwise, just restart x11vnc and then reconnect your viewer. Other display managers (kdm, etc) may also have a similar problem. One user reports having to alter - "gdm.conf-custom" as well. Update Nov/2008: See also the [393]-reopen - option for another possible workaround. + "gdm.conf-custom" as well. Note: Solaris: For dtlogin in addition to the above sort of trick (BTW, the auth file should be in /var/dt), you'll also need to add something like Dtlogin*grabServer:False to the Xconfig file (/etc/dt/config/Xconfig or /usr/dt/config/Xconfig on Solaris, see - [394]the example at the end of this FAQ.) Then restart dtlogin, e.g.: + [398]the example at the end of this FAQ.) Then restart dtlogin, e.g.: /etc/init.d/dtlogin stop; /etc/init.d/dtlogin start or reboot. + + Update Nov/2008: Regarding GDM KillInitClients: see the [399]-reopen + option for another possible workaround. + + Update Oct/2009: Regarding GDM KillInitClients: starting with x11vnc + 0.9.9 it will try to apply heuristics to detect if a window manager is + not running (i.e. whether the Display Manager Greeter Login panel is + still up.) If it thinks the display manager login is still up it will + delay creating windows or using XFIXES. The former is what GDM uses to + kill the initial clients, use of the latter can cause a different + problem: an Xorg server crash. So with 0.9.9 and later it should all + work without needing to set KillInitClients=false (which is a good + because recent GDM, v2.24, has removed this option) or use -noxfixes. + To disable the heuristics and delaying set X11VNC_AVOID_WINDOWS=never; + to set the delay time explicitly use, e.g., X11VNC_AVOID_WINDOWS=120 + (delays for 120 seconds after the VNC connection; you have that long + to log in.) _________________________________________________________________ Continuously: Have x11vnc reattach each time the X server is @@ -4810,7 +4957,7 @@ Please consider the security implications of this! The VNC display for the X session always accessible (but hopefully password protected.) - Add [395]-localhost if you only plan to access via a [396]SSH tunnel. + Add [400]-localhost if you only plan to access via a [401]SSH tunnel. The name of the display manager startup script file depends on desktop used and seem to be: @@ -4820,17 +4967,20 @@ XDM /etc/X11/xdm/Xsetup (or sometimes xdm/Xsetup_0) CDE /etc/dt/config/Xsetup - although the exact location can depend on operating system and - distribution. See the documentation for your display manager: gdm(1), - kdm(1), xdm(1), dtlogin(1) for additional details. There may also be - display number specific scripts: e.g. Xsetup_0 vs. Xsetup, you need to - watch out for. + although the exact location can be operating system, distribution, and + time dependent. See the documentation for your display manager: + gdm(1), kdm(1), xdm(1), dtlogin(1) for additional details. There may + also be display number specific scripts: e.g. Xsetup_0 vs. Xsetup, you + need to watch out for. Note: GDM: The above (in 'One time only') gdm setting of KillInitClients=false in /etc/X11/gdm/gdm.conf (or /etc/gdm/gdm.conf, etc.) for GDM is needed here as well. Other display managers (KDM, etc) may also have a similar problem. + Also see the Update Oct/2009 above where x11vnc 0.9.9 and later + automatically avoids being killed. + Note: DtLogin: The above (in 'One time only') Dtlogin*grabServer:False step for Solaris will be needed for dtlogin here as well. @@ -4841,7 +4991,7 @@ -forever -bg where you should customize the exact command to your needs (e.g. - [397]-localhost for SSH tunnel-only access; [398]-ssl SAVE for SSL + [402]-localhost for SSH tunnel-only access; [403]-ssl SAVE for SSL access; etc.) Happy, happy, joy, joy: Note that we do not need to specify -display @@ -4849,7 +4999,7 @@ and XAUTHORITY environment variables for the Xsetup script!!! You may also want to force the VNC port with something like "-rfbport - 5900" (or [399]-N) to avoid autoselecting one if 5900 is already + 5900" (or [404]-N) to avoid autoselecting one if 5900 is already taken. _________________________________________________________________ @@ -4865,7 +5015,7 @@ Then restart: /usr/sbin/gdm-restart (or reboot.) The KillInitClients=false setting is important: without it x11vnc will be - killed immediately after the user logs in. Here are [400]full details + killed immediately after the user logs in. Here are [405]full details on how to configure gdm _________________________________________________________________ @@ -4907,16 +5057,16 @@ If you do not want to deal with any display manager startup scripts, here is a kludgey script that can be run manually or out of a boot - file like rc.local: [401]x11vnc_loop It will need some local + file like rc.local: [406]x11vnc_loop It will need some local customization before running. Because the XAUTHORITY auth file must be guessed by this script, use of the display manager script method - described above is greatly preferred. There is also the [402]-loop + described above is greatly preferred. There is also the [407]-loop option that does something similar. If the machine is a traditional Xterminal you may want to read - [403]this FAQ. + [408]this FAQ. - Firewalls: note all methods will require the host-level [404]firewall + Firewalls: note all methods will require the host-level [409]firewall to be configured to allow connections in on a port. E.g. 5900 (default VNC port) or 22 (default SSH port for tunnelling VNC.) Most systems these days have firewalls turned on by default, so you will actively @@ -4925,14 +5075,14 @@ (Yast, Firestarter, etc.) - Q-59: Can I run x11vnc out of inetd(8)? How about xinetd(8)? + Q-60: Can I run x11vnc out of inetd(8)? How about xinetd(8)? Yes, perhaps a line something like this in /etc/inetd.conf will do it for you: 5900 stream tcp nowait root /usr/sbin/tcpd /usr/local/bin/x11vnc_sh - where the shell script /usr/local/bin/x11vnc_sh uses the [405]-inetd + where the shell script /usr/local/bin/x11vnc_sh uses the [410]-inetd option and looks something like (you'll need to customize to your settings.) #!/bin/sh @@ -4945,7 +5095,7 @@ and that confuses it greatly, causing it to abort.) If you do not use a wrapper script as above but rather call x11vnc directly in /etc/inetd.conf and do not redirect stderr to a file, then you must - specify the -q (aka [406]-quiet) option: "/usr/local/bin/x11vnc -q + specify the -q (aka [411]-quiet) option: "/usr/local/bin/x11vnc -q -inetd ...". When you supply both -q and -inet and no "-o logfile" then stderr will automatically be closed (to prevent, e.g. library stderr messages leaking out to the viewer.) The recommended practice @@ -4953,12 +5103,12 @@ script with "2>logfile" redirection because the errors and warnings printed out are very useful in troubleshooting problems. - Note also the need to set XAUTHORITY via [407]-auth to point to the + Note also the need to set XAUTHORITY via [412]-auth to point to the MIT-COOKIE auth file to get permission to connect to the X display (setting and exporting the XAUTHORITY variable accomplishes the same thing.) See the x11vnc_loop file in the previous question for more ideas on what that auth file may be, etc. The scheme described in the - [408]FAQ on Unix user logins and inetd(8) works around the XAUTHORITY + [413]FAQ on Unix user logins and inetd(8) works around the XAUTHORITY issue nicely. Note: On Solaris you cannot have the bare number 5900 in @@ -5038,14 +5188,14 @@ exec /usr/local/bin/x11vnc -inetd -o /var/log/x11vnc.log -find -env FD_XDM=1 - Q-60: Can I have x11vnc advertise its VNC service and port via mDNS / + Q-61: Can I have x11vnc advertise its VNC service and port via mDNS / Zeroconf (e.g. Avahi) so VNC viewers on the local network can detect it automatically? Yes, as of Feb/2007 x11vnc supports mDNS / Zeroconf advertising of its - service via the Avahi client library. Use the option [409]-avahi (same - as [410]-mdns or [411]-zeroconf) to enable it. Depending on your setup - you may need to install [412]Avahi (including the development/build + service via the Avahi client library. Use the option [414]-avahi (same + as [415]-mdns or [416]-zeroconf) to enable it. Depending on your setup + you may need to install [417]Avahi (including the development/build packages), enable the server: avahi-daemon and avahi-dnsconfd, and possibly open up UDP port 5353 on your firewall. @@ -5069,52 +5219,52 @@ other distros/OS's... - Q-61: Can I have x11vnc allow a user to log in with her UNIX username + Q-62: Can I have x11vnc allow a user to log in with her UNIX username and password and then have it find her X session display on that machine and then connect to it? How about starting an X session if one cannot be found? - The easiest way to do this is via [413]inetd(8) using the [414]-unixpw - and [415]-display WAIT options. The reason inetd(8) makes this easier + The easiest way to do this is via [418]inetd(8) using the [419]-unixpw + and [420]-display WAIT options. The reason inetd(8) makes this easier is that it starts a new x11vnc process for each new user connection. Otherwise a wrapper would have to listen for connections and spawn new - x11vnc's (see [416]this example and also the [417]-loopbg option.) + x11vnc's (see [421]this example and also the [422]-loopbg option.) Also with inetd(8) users always connect to a fixed VNC display, say hostname:0, and do not need to memorize a special VNC display number just for their personal use, etc. - Update: Use the [418]-find, [419]-create, [420]-svc, and [421]-xdmsvc + Update: Use the [423]-find, [424]-create, [425]-svc, and [426]-xdmsvc options that are shorthand for common FINDCREATEDISPLAY usage modes (e.g. terminal services) described below. (i.e. just use "-svc" instead of "-display WAIT:cmd=FINDCREATEDISPLAY-Xvfb -unixpw -users unixpw= -ssl SAVE") - The [422]-display WAIT option makes x11vnc wait until a VNC viewer is + The [427]-display WAIT option makes x11vnc wait until a VNC viewer is connected before attaching to the X display. Additionally it can be used to run an external command that returns the DISPLAY and XAUTHORITY data. We provide some useful builtin ones (FINDDISPLAY and FINDCREATEDISPLAY below), but in principle one could supply "-display WAIT:cmd=/path/to/find_display" where the script find_display might - look something like [423]this. + look something like [428]this. A default script somewhat like the above is used under "-display - WAIT:cmd=FINDDISPLAY" (same as [424]-find) (use + WAIT:cmd=FINDDISPLAY" (same as [429]-find) (use "WAIT:cmd=FINDDISPLAY-print" to print out the gnarly script.) The format for any such command is that it returns DISPLAY=:disp as the first line and any remaining lines are either XAUTHORITY=file or raw xauth data (the above example does the latter.) If applicable (-unixpw mode), the program is run as the Unix user name who logged in. - On Linux if the virtual terminal is known the program should append - ",VT=n" to the DISPLAY line; a chvt n will be attempted automatically. - Or if you only know the X server process ID and suspect a chvt will be - needed append ",XPID=n". + On Linux if the virtual terminal is known the program appends ",VT=n" + to the DISPLAY line; a chvt n will be attempted automatically. Or if + only X server process ID is known it appends ",XPID=n" (a chvt will be + attempted by x11vnc.) - Tip: Note that the [425]-find option is an alias for "-display + Tip: Note that the [430]-find option is an alias for "-display WAIT:cmd=FINDDISPLAY". Use it! - The [426]-unixpw option allows [427]UNIX password logins. It + The [431]-unixpw option allows [432]UNIX password logins. It conveniently knows the Unix username whose X display should be found. Here are a couple /etc/inetd.conf examples for this: 5900 stream tcp nowait nobody /usr/sbin/tcpd /usr/local/bin/x11vnc -inetd @@ -5128,16 +5278,16 @@ Note the very long lines have been split. An alternative is to use a wrapper script, e.g. /usr/local/bin/x11vnc.sh that has all of the - options. (see also the [428]-svc alias.) + options. (see also the [433]-svc alias.) In the first one x11vnc is run as user "nobody" and stays user nobody during the whole session. The permissions of the log files and certs directory will need to be set up to allow "nobody" to use them. In the second one x11vnc is run as root and switches to the user that - logs in due to the "[429]-users unixpw=" option. + logs in due to the "[434]-users unixpw=" option. - Note that [430]SSL is required for this mode because otherwise the + Note that [435]SSL is required for this mode because otherwise the Unix password would be passed in clear text over the network. In general -unixpw is not required for this sort of scheme, but it is convenient because it determines exactly who the Unix user is whose @@ -5145,17 +5295,17 @@ to use some method to work out DISPLAY, XAUTHORITY, etc (perhaps you use multiple inetd ports and hardwire usernames for different ports.) - If you really want to disable the SSL or SSH [431]-localhost + If you really want to disable the SSL or SSH [436]-localhost constraints (this is not recommended unless you really know what you are doing: Unix passwords sent in clear text is a very bad idea...) - read the [432]-unixpw documentation. + read the [437]-unixpw documentation. A inetd(8) scheme for a fixed user that doesn't use SSL or unix passwds could be: /usr/local/bin/x11vnc -inetd -users =fred -find -rfbauth /home/fred/.vnc/passwd -o /var/log/x11vnc.log - The "[433]-users =fred" option will cause x11vnc to switch to user + The "[438]-users =fred" option will cause x11vnc to switch to user fred and then find his X display. @@ -5164,29 +5314,31 @@ FINDDISPLAY method it will create an X server session for the user (i.e. desktop/terminal server.) This is the only time x11vnc actually tries to start up an X server. By default it will only try to start up - virtual (non-hardware) X servers: first [434]Xdummy and if that is not + virtual (non-hardware) X servers: first [439]Xdummy and if that is not available then Xvfb. Note that Xdummy requires root permission and only works on Linux whereas Xvfb works just about everywhere. So an inetd(8) example might look like: 5900 stream tcp nowait root /usr/sbin/tcpd /usr/local/bin/x11vnc -inetd \ - -o /var/log/x11vnc.log -http -ssl SAVE -unixpw -users unixpw= \ - -display WAIT:cmd=FINDCREATEDISPLAY -prog /usr/local/bin/x11vnc + -o /var/log/x11vnc.log -http -prog /usr/local/bin/x11vnc \ + -ssl SAVE -unixpw -users unixpw= -display WAIT:cmd=FINDCREATEDISPLAY Where the very long lines have been split. This will allow direct SSL - (e.g. [435]ss_vncviewer) access and also Java Web browers access via: + (e.g. [440]ss_vncviewer) access and also Java Web browers access via: https://hostname:5900/. - Tip: Note that the [436]-create option is an alias for "-display + Tip: Note that the [441]-create option is an alias for "-display WAIT:cmd=FINDCREATEDISPLAY-Xvfb". - Tip: Note that [437]-svc is a short hand for the long "-ssl SAVE + Tip: Note that [442]-svc is a short hand for the long "-ssl SAVE -unixpw -users unixpw= -display WAIT:cmd=FINDCREATEDISPLAY" part. Unlike -create, this alias also sets up SSL encryption and Unix - password login. + password login. The above example then simplifies to: +5900 stream tcp nowait root /usr/sbin/tcpd /usr/local/bin/x11vnc -inetd \ + -o /var/log/x11vnc.log -http -prog /usr/local/bin/x11vnc -svc Tip: In addition to the usual unixpw parameters, the user can specify - after his username (following a ":" see [438]-display WAIT for + after his username (following a ":" see [443]-display WAIT for details) for FINDCREATEDISPLAY they can add "geom=WxH" or "geom=WxHxD" to specify the width, height, and optionally the color depth. E.g. "fred:geom=800x600" at the login: prompt. Also if the env. var @@ -5212,18 +5364,22 @@ wait = no user = root server = /usr/local/bin/x11vnc - server_args = -inetd -o /var/log/x11vnc.log -http -ssl SAVE -unixpw - -users unixpw= -display WAIT:cmd=FINDCREATEDISPLAY -prog /usr/local/bin/x11vnc + server_args = -inetd -o /var/log/x11vnc.log -http -prog /usr/local/ +bin/x11vnc -ssl SAVE -unixpw -users unixpw= -display WAIT:cmd=FINDCREATEDISPLAY disable = no } + Or more simply the server_args becomes: + server_args = -inetd -o /var/log/x11vnc.log -http -prog /usr/local/ +bin/x11vnc -svc + To print out the script in this case use "-display WAIT:cmd=FINDCREATEDISPLAY-print". To change the preference of Xservers and which to try list them, e.g.: "-display WAIT:cmd=FINDCREATEDISPLAY-X,Xvfb,Xdummy". The "X" one means to try to start up a real, hardware X server, e.g. startx(1) (if there is already a real X server running this may only work on Linux and the - chvt program may [439]need to be run to switch to the correct Linux + chvt program may [444]need to be run to switch to the correct Linux virtual terminal.) x11vnc will try to run chvt automatically if it can determine which VT should be switched to. @@ -5250,7 +5406,7 @@ will also typically block UDP (port 177 for XDMCP) by default effectively limiting the UDP connections to localhost. - Tip: Note that [440]-xdmsvc is a short hand for the long "-ssl SAVE + Tip: Note that [445]-xdmsvc is a short hand for the long "-ssl SAVE -unixpw -users unixpw= -display WAIT:cmd=FINDCREATEDISPLAY-Xvfb.xdmcp" part. E.g.: service x11vnc @@ -5314,26 +5470,26 @@ (e.g. :0) and it switches based on username. - Q-62: Can I have x11vnc restart itself after it terminates? + Q-63: Can I have x11vnc restart itself after it terminates? One could do this in a shell script, but now there is an option - [441]-loop that makes it easier. Of course when x11vnc restarts it + [446]-loop that makes it easier. Of course when x11vnc restarts it needs to have permissions to connect to the (potentially new) X display. This mode could be useful if the X server restarts often. Use e.g. "-loop5000" to sleep 5000 ms between restarts. Also "-loop2000,5" to sleep 2000 ms and only restart 5 times. - One can also use the [442]-loopbg to emulate inetd(8) to some degree, + One can also use the [447]-loopbg to emulate inetd(8) to some degree, where each connected process runs in the background. It could be - combined, say, with the [443]-svc option to provide simple terminal + combined, say, with the [448]-svc option to provide simple terminal services without using inetd(8). - Q-63: How do I make x11vnc work with the Java VNC viewer applet in a + Q-64: How do I make x11vnc work with the Java VNC viewer applet in a web browser? To have x11vnc serve up a Java VNC viewer applet to any web browsers - that connect to it, run x11vnc with this [444]option: + that connect to it, run x11vnc with this [449]option: -httpdir /path/to/the/java/classes/dir (this directory will contain the files index.vnc and, for example, @@ -5352,7 +5508,7 @@ then you can connect to that URL with any Java enabled browser. Feel free to customize the default index.vnc file in the classes directory. - As of May/2005 the [445]-http option will try to guess where the Java + As of May/2005 the [450]-http option will try to guess where the Java classes jar file is by looking in expected locations and ones relative to the x11vnc binary. @@ -5361,7 +5517,7 @@ either the java or appletviewer commands to run the program. java -cp ./VncViewer.jar VncViewer HOST far-away.east PORT 5900 - Proxies: See the [446]discussion here if the web browser must use a + Proxies: See the [451]discussion here if the web browser must use a web proxy to connect to the internet. It is tricky to get Java applets to work in this case: a signed applet must be used so it can connect to the proxy and ask for the redirection to the VNC server. One way to @@ -5371,13 +5527,13 @@ in the URL or the file. - Q-64: Are reverse connections (i.e. the VNC server connecting to the + Q-65: Are reverse connections (i.e. the VNC server connecting to the VNC viewer) using "vncviewer -listen" and vncconnect(1) supported? As of Mar/2004 x11vnc supports reverse connections. On Unix one starts the VNC viewer in listen mode: "vncviewer -listen" (see your documentation for Windows, etc), and then starts up x11vnc with the - [447]-connect option. To connect immediately at x11vnc startup time + [452]-connect option. To connect immediately at x11vnc startup time use the "-connect host:port" option (use commas for a list of hosts to connect to.) The ":port" is optional (default is VNC listening port is 5500.) @@ -5386,11 +5542,11 @@ file is checked periodically (about once a second) for new hosts to connect to. - The [448]-remote control option (aka -R) can also be used to do this + The [453]-remote control option (aka -R) can also be used to do this during an active x11vnc session, e.g.: x11vnc -display :0 -R connect:hostname.domain - Use the "[449]-connect_or_exit" option to have x11vnc exit if the + Use the "[454]-connect_or_exit" option to have x11vnc exit if the reverse connection fails. Also, note the "-rfbport 0" option disables TCP listening for connections (potentially useful for reverse connection mode, assuming you do not want any "forward" connections.) @@ -5403,7 +5559,7 @@ X11VNC_REVERSE_CONNECTION_NO_AUTH=1" to x11vnc. Vncconnect command: To use the vncconnect(1) program (from the core - VNC package at www.realvnc.com) specify the [450]-vncconnect option to + VNC package at www.realvnc.com) specify the [455]-vncconnect option to x11vnc (Note: as of Dec/2004 -vncconnect is now the default.) vncconnect(1) must be pointed to the same X11 DISPLAY as x11vnc (since it uses X properties to communicate with x11vnc.) If you do not have @@ -5418,11 +5574,11 @@ xprop -root -f VNC_CONNECT 8s -set VNC_CONNECT "$1" - Q-65: Can reverse connections be made to go through a Web or SOCKS + Q-66: Can reverse connections be made to go through a Web or SOCKS proxy or SSH? Yes, as of Oct/2007 x11vnc supports reverse connections through - proxies: use the "[451]-proxy host:port" option. The default is to + proxies: use the "[456]-proxy host:port" option. The default is to assume the proxy is a Web proxy. Note that most Web proxies only allow proxy destination connections to ports 443 (HTTPS) and 563 (SNEWS) and so this might not be too useful unless the proxy has been modified @@ -5442,11 +5598,11 @@ connections. An experimental mode is "-proxy http://host:port/..." where the URL - (e.g. a CGI script) is retrieved via the GET method. See [452]-proxy + (e.g. a CGI script) is retrieved via the GET method. See [457]-proxy for more info. Another experimental mode is "-proxy ssh://user@host" in which case a - SSH tunnel is used for the proxying. See [453]-proxy for more info. + SSH tunnel is used for the proxying. See [458]-proxy for more info. Up to 3 proxies may be chained together by listing them by commas e.g.: "-proxy http://host1:port1,socks5://host2:port2" in case one @@ -5454,7 +5610,7 @@ listening viewer. - Q-66: Can I use x11vnc as a replacement for Xvnc? (i.e. not for a real + Q-67: Can I use x11vnc as a replacement for Xvnc? (i.e. not for a real display, but for a virtual one I keep around.) You can, but you would not be doing this for performance reasons (for @@ -5469,10 +5625,10 @@ Driver in XFree86/Xorg (see below.) In either case, one can view this desktop both remotely and also - [454]locally using vncviewer. Make sure vncviewer's "-encodings raw" + [459]locally using vncviewer. Make sure vncviewer's "-encodings raw" is in effect for local viewing (compression seems to slow things down locally.) For local viewing you set up a "bare" window manager that - just starts up vncviewer and nothing else ([455]See how below.) + just starts up vncviewer and nothing else ([460]See how below.) Here is one way to start up Xvfb: xinit -- /usr/X11R6/bin/Xvfb :1 -cc 4 -screen 0 1024x768x16 @@ -5492,19 +5648,19 @@ "screen scrape" it very efficiently (more than, say, 100X faster than normal video hardware.) - Update Nov/2006: See the [456]FINDCREATEDISPLAY discussion of the - "[457]-display WAIT:cmd=FINDDISPLAY" option where virtual (Xvfb or + Update Nov/2006: See the [461]FINDCREATEDISPLAY discussion of the + "[462]-display WAIT:cmd=FINDDISPLAY" option where virtual (Xvfb or Xdummy, or even real ones by changing an option) X servers are started automatically for new users connecting. This provides a "desktop service" for the machine. You either get your real X session or your virtual (Xvfb/Xdummy) one whenever you connect to the machine - (inetd(8) is a nice way to provide this service.) The [458]-find, - [459]-create, [460]-svc, and [461]-xdmsvc aliases can also come in + (inetd(8) is a nice way to provide this service.) The [463]-find, + [464]-create, [465]-svc, and [466]-xdmsvc aliases can also come in handy here. There are some annoyances WRT Xvfb however. The default keyboard mapping seems to be very poor. One should run x11vnc with - [462]-add_keysyms option to have keysyms added automatically. Also, to + [467]-add_keysyms option to have keysyms added automatically. Also, to add the Shift_R and Control_R modifiers something like this is needed: #!/bin/sh xmodmap -e "keycode any = Shift_R" @@ -5516,7 +5672,7 @@ xmodmap -e "keycode any = Meta_L" xmodmap -e "add Mod1 = Alt_L Alt_R Meta_L" - (note: these are applied automatically in the [463]FINDCREATEDISPLAY + (note: these are applied automatically in the [468]FINDCREATEDISPLAY mode of x11vnc.) Perhaps the Xvfb options -xkbdb or -xkbmap could be used to get a better default keyboard mapping... @@ -5531,11 +5687,11 @@ The main drawback to this method (besides requiring extra configuration and possibly root permission) is that it also does the - Linux Virtual Console/Terminal (VC/VT) [464]switching even though it + Linux Virtual Console/Terminal (VC/VT) [469]switching even though it does not need to (since it doesn't use a real framebuffer.) There are some "dual headed" (actually multi-headed/multi-user) patches to the X server that turn off the VT usage in the X server. Update: As of - Jul/2005 we have an LD_PRELOAD script [465]Xdummy that allows you to + Jul/2005 we have an LD_PRELOAD script [470]Xdummy that allows you to use a stock (i.e. unpatched) Xorg or XFree86 server with the "dummy" driver and not have any VT switching problems! Currently Xdummy needs to be run as root, but with some luck that may be relaxed in the @@ -5563,7 +5719,7 @@ vncviewer -geometry +0+0 -encodings raw -passwd $HOME/.vnc/passwd localhost:5 The display numbers (VNC and X) will likely be different (you could - also try [466]-find), and you may not need the -passwd. Recent RealVNC + also try [471]-find), and you may not need the -passwd. Recent RealVNC viewers might be this: #!/bin/sh x11vnc -display :5 -rfbport 5905 -bg @@ -5579,10 +5735,10 @@ For the general replacement of Xvnc by Xvfb+x11vnc, one user describes - a similar setup he created [467]here. + a similar setup he created [472]here. - Q-67: How can I use x11vnc on "headless" machines? Why might I want + Q-68: How can I use x11vnc on "headless" machines? Why might I want to? An interesting application of x11vnc is to let it export displays of @@ -5594,7 +5750,7 @@ An X server can be started on the headless machine (sometimes this requires configuring the X server to not fail if it cannot detect a keyboard or mouse, see the next paragraph.) Then you can export that X - display via x11vnc (e.g. see [468]this FAQ) and access it from + display via x11vnc (e.g. see [473]this FAQ) and access it from anywhere on the network via a VNC viewer. Some tips on getting X servers to start on machines without keyboard @@ -5618,15 +5774,15 @@ cards as it can hold to provide multiple simultaneous access or testing on different kinds of video hardware. - See also the [469]FINDCREATEDISPLAY discussion of the "[470]-display + See also the [474]FINDCREATEDISPLAY discussion of the "[475]-display WAIT:cmd=FINDDISPLAY" option where virtual Xvfb or Xdummy, or real X servers are started automatically for new users connecting. The - [471]-find, [472]-create, [473]-svc, and [474]-xdmsvc aliases can also + [476]-find, [477]-create, [478]-svc, and [479]-xdmsvc aliases can also come in handy here. [Resource Usage and Performance] - Q-68: I have lots of memory, but why does x11vnc fail with shmget: + Q-69: I have lots of memory, but why does x11vnc fail with shmget: No space left on device or Minor opcode of failed request: 1 (X_ShmAttach)? @@ -5644,7 +5800,7 @@ 19/03/2004 10:10:58 error creating tile-row shm for len=4 19/03/2004 10:10:58 reverting to single_copytile mode - Here is a shell script [475]shm_clear to list and prompt for removal + Here is a shell script [480]shm_clear to list and prompt for removal of your unattached shm segments (attached ones are skipped.) I use it while debugging x11vnc (I use "shm_clear -y" to assume "yes" for each prompt.) If x11vnc is regularly not cleaning up its shm segments, @@ -5678,49 +5834,49 @@ in /etc/system. See the next paragraph for more workarounds. To minimize the number of shm segments used by x11vnc try using the - [476]-onetile option (corresponds to only 3 shm segments used, and + [481]-onetile option (corresponds to only 3 shm segments used, and adding -fs 1.0 knocks it down to 2.) If you are having much trouble with shm segments, consider disabling shm completely via the - [477]-noshm option. Performance will be somewhat degraded but when + [482]-noshm option. Performance will be somewhat degraded but when done over local machine sockets it should be acceptable (see an - [478]earlier question discussing -noshm.) + [483]earlier question discussing -noshm.) - Q-69: How can I make x11vnc use less system resources? + Q-70: How can I make x11vnc use less system resources? - The [479]-nap (now on by default; use -nonap to disable) and - "[480]-wait n" (where n is the sleep between polls in milliseconds, + The [484]-nap (now on by default; use -nonap to disable) and + "[485]-wait n" (where n is the sleep between polls in milliseconds, the default is 30 or so) option are good places to start. In addition, - something like "[481]-sb 15" will cause x11vnc to go into a deep-sleep + something like "[486]-sb 15" will cause x11vnc to go into a deep-sleep mode after 15 seconds of no activity (instead of the default 60.) Reducing the X server bits per pixel depth (e.g. to 16bpp or even 8bpp) will further decrease memory I/O and network I/O. The ShadowFB X server setting will make x11vnc's screen polling less severe. Using - the [482]-onetile option will use less memory and use fewer shared - memory slots (add [483]-fs 1.0 for one less slot.) + the [487]-onetile option will use less memory and use fewer shared + memory slots (add [488]-fs 1.0 for one less slot.) - Q-70: How can I make x11vnc use MORE system resources? + Q-71: How can I make x11vnc use MORE system resources? - You can try [484]-threads (note this mode can be unstable and/or + You can try [489]-threads (note this mode can be unstable and/or crash; and as of May/2008 is strongly discouraged, see the option description) or dial down the wait time (e.g. -wait 1) and possibly - dial down [485]-defer as well. Note that if you try to increase the + dial down [490]-defer as well. Note that if you try to increase the "frame rate" too much you can bog down the server end with the extra work it needs to do compressing the framebuffer data, etc. That said, it is possible to "stream" video via x11vnc if the video window is small enough. E.g. a 256x192 xawtv TV capture window (using - the x11vnc [486]-id option) can be streamed over a LAN or wireless at + the x11vnc [491]-id option) can be streamed over a LAN or wireless at a reasonable frame rate. If the graphics card's framebuffer read rate - is [487]faster than normal then the video window size and frame rate - can be much higher. The use of [488]TurboVNC and/or TurboJPEG can make + is [492]faster than normal then the video window size and frame rate + can be much higher. The use of [493]TurboVNC and/or TurboJPEG can make the frame rate somewhat higher still (but most of this hinges on the graphics card's read rate.) - Q-71: I use x11vnc over a slow link with high latency (e.g. dialup + Q-72: I use x11vnc over a slow link with high latency (e.g. dialup modem or broadband), is there anything I can do to speed things up? Some things you might want to experiment with (many of which will help @@ -5732,7 +5888,7 @@ * Use a smaller desktop size (e.g. 1024x768 instead of 1280x1024) * Make sure the desktop background is a solid color (the background is resent every time it is re-exposed.) Consider using the - [489]-solid [color] option to try to do this automatically. + [494]-solid [color] option to try to do this automatically. * Configure your window manager or desktop "theme" to not use fancy images, shading, and gradients for the window decorations, etc. Disable window animations, etc. Maybe your desktop has a "low @@ -5741,9 +5897,9 @@ -> Use Smooth Scrolling (deselect it.) * Avoid small scrolls of large windows using the Arrow keys or scrollbar. Try to use PageUp/PageDown instead. (not so much of a - problem in x11vnc 0.7.2 if [490]-scrollcopyrect is active and + problem in x11vnc 0.7.2 if [495]-scrollcopyrect is active and detecting scrolls for the application.) - * If the [491]-wireframe option is not available (earlier than + * If the [496]-wireframe option is not available (earlier than x11vnc 0.7.2 or you have disabled it via -nowireframe) then Disable Opaque Moves and Resizes in the window manager/desktop. * However if -wireframe is active (on by default in x11vnc 0.7.2) @@ -5766,7 +5922,7 @@ noticed. VNC viewer parameters: - * Use a [492]TightVNC enabled viewer! (Actually, RealVNC 4.x viewer + * Use a [497]TightVNC enabled viewer! (Actually, RealVNC 4.x viewer with ZRLE encoding is not too bad either; some claim it is faster.) * Make sure the tight (or zrle) encoding is being used (look at @@ -5774,7 +5930,7 @@ * Request 8 bits per pixel using -bgr233 (up to 4X speedup over depth 24 TrueColor (32bpp), but colors will be off) * RealVNC 4.x viewer has some extremely low color modes (only 64 and - even 8 colors.) [493]SSVNC does too. The colors are poor, but it + even 8 colors.) [498]SSVNC does too. The colors are poor, but it is usually noticeably faster than bgr233 (256 colors.) * Try increasing the TightVNC -compresslevel (compresses more on server side before sending, but uses more CPU) @@ -5788,37 +5944,39 @@ file. x11vnc parameters: - * Make sure the [494]-wireframe option is active (it should be on by + * Make sure the [499]-wireframe option is active (it should be on by default) and you have Opaque Moves/Resizes Enabled in the window manager. - * Make sure the [495]-scrollcopyrect option is active (it should be + * Make sure the [500]-scrollcopyrect option is active (it should be on by default.) This detects scrolls in many (but not all) applications an applies the CopyRect encoding for a big speedup. * Enforce a solid background when VNC viewers are connected via - [496]-solid - * Specify [497]-speeds modem to force the wireframe and + [501]-solid + * Try x11vnc's client-side caching [502]client-side caching scheme: + [503]-ncache + * Specify [504]-speeds modem to force the wireframe and scrollcopyrect heuristic parameters (and any future ones) to those of a dialup modem connection (or supply the rd,bw,lat numerical values that characterize your link.) * If wireframe and scrollcopyrect aren't working, try using the more - drastic [498]-nodragging (no screen updates when dragging mouse, + drastic [505]-nodragging (no screen updates when dragging mouse, but sometimes you miss visual feedback) - * Set [499]-fs 1.0 (disables fullscreen updates) - * Try increasing [500]-wait or [501]-defer (reduces the maximum + * Set [506]-fs 1.0 (disables fullscreen updates) + * Try increasing [507]-wait or [508]-defer (reduces the maximum "frame rate", but won't help much for large screen changes) - * Try the [502]-progressive pixelheight mode with the block + * Try the [509]-progressive pixelheight mode with the block pixelheight 100 or so (delays sending vertical blocks since they may change while viewer is receiving earlier ones) - * If you just want to watch one (simple) window use [503]-id (cuts - down extraneous polling and updates, but can be buggy or - insufficient) - * Set [504]-nosel (disables all clipboard selection exchange) - * Use [505]-nocursor and [506]-nocursorpos (repainting the remote + * If you just want to watch one (simple) window use [510]-id or + [511]-appshare (cuts down extraneous polling and updates, but can + be buggy or insufficient) + * Set [512]-nosel (disables all clipboard selection exchange) + * Use [513]-nocursor and [514]-nocursorpos (repainting the remote cursor position and shape takes resources and round trips) * On very slow links (e.g. <= 28.8) you may need to increase the - [507]-readtimeout n setting if it sometimes takes more than 20sec + [515]-readtimeout n setting if it sometimes takes more than 20sec to paint the full screen, etc. - * Do not use [508]-fixscreen to automatically refresh the whole + * Do not use [516]-fixscreen to automatically refresh the whole screen, tap three Alt_L's then the screen has painting errors (rare problem.) @@ -5869,7 +6027,7 @@ * TBD. - Q-72: Does x11vnc support the X DAMAGE Xserver extension to find + Q-73: Does x11vnc support the X DAMAGE Xserver extension to find modified regions of the screen quickly and efficiently? Yes, as of Mar/2005 x11vnc will use the X DAMAGE extension by default @@ -5887,7 +6045,7 @@ Note that the DAMAGE extension does not speed up the actual reading of pixels from the video card framebuffer memory, by, say, mirroring them - in main memory. So reading the fb is still painfully [509]slow (e.g. + in main memory. So reading the fb is still painfully [517]slow (e.g. 5MB/sec), and so even using X DAMAGE when large changes occur on the screen the bulk of the time is still spent retrieving them. Not ideal, but use of the ShadowFB XFree86/Xorg option speeds up the reading @@ -5905,45 +6063,45 @@ DAMAGE rectangles to contain real damage. The larger rectangles are only used as hints to focus the traditional scanline polling (i.e. if a scanline doesn't intersect a recent DAMAGE rectangle, the scan is - skipped.) You can use the "[510]-xd_area A" option to adjust the size + skipped.) You can use the "[518]-xd_area A" option to adjust the size of the trusted DAMAGE rectangles. The default is 20000 pixels (e.g. a 140x140 square, etc.) Use "-xd_area 0" to disable the cutoff and trust all DAMAGE rectangles. - The option "[511]-xd_mem f" may also be of use in tuning the - algorithm. To disable using DAMAGE entirely use "[512]-noxdamage". + The option "[519]-xd_mem f" may also be of use in tuning the + algorithm. To disable using DAMAGE entirely use "[520]-noxdamage". - Q-73: My OpenGL application shows no screen updates unless I supply + Q-74: My OpenGL application shows no screen updates unless I supply the -noxdamage option to x11vnc. One user reports in his environment (MythTV using the NVIDIA OpenGL drivers) he gets no updates after the initial screen is drawn unless - he uses the "[513]-noxdamage" option. + he uses the "[521]-noxdamage" option. This seems to be a bug in the X DAMAGE implementation of that driver. You may have to use -noxdamage as well. A way to autodetect this will be tried, probably the best it will do is automatically stop using X DAMAGE. - A developer for [514]MiniMyth reports that the 'alphapulse' tag of the + A developer for [522]MiniMyth reports that the 'alphapulse' tag of the theme G.A.N.T. can also cause problems, and should be avoided when using VNC. - Update: see [515]this FAQ too. + Update: see [523]this FAQ too. - Q-74: When I drag windows around with the mouse or scroll up and down + Q-75: When I drag windows around with the mouse or scroll up and down things really bog down (unless I do the drag in a single, quick motion.) Is there anything to do to improve things? - This problem is primarily due to [516]slow hardware read rates from + This problem is primarily due to [524]slow hardware read rates from video cards: as you scroll or move a large window around the screen changes are much too rapid for x11vnc to keep up them (it can usually only read the video card at about 5-10 MB/sec, so it can take a good fraction of a second to read the changes induce from moving a large window, if this to be done a number of times in succession the window or scroll appears to "lurch" forward.) See the description in the - [517]-pointer_mode option for more info. The next bottleneck is + [525]-pointer_mode option for more info. The next bottleneck is compressing all of these changes and sending them out to connected viewers, however the VNC protocol is pretty much self-adapting with respect to that (updates are only packaged and sent when viewers ask @@ -5953,27 +6111,27 @@ default should now be much better than before and dragging small windows around should no longer be a huge pain. If for some reason these changes make matters worse, you can go back to the old way via - the "[518]-pointer_mode 1" option. + the "[526]-pointer_mode 1" option. - Also added was the [519]-nodragging option that disables all screen + Also added was the [527]-nodragging option that disables all screen updates while dragging with the mouse (i.e. mouse motion with a button held down.) This gives the snappiest response, but might be undesired in some circumstances when you want to see the visual feedback while dragging (e.g. menu traversal or text selection.) - As of Dec/2004 the [520]-pointer_mode n option was introduced. n=1 is + As of Dec/2004 the [528]-pointer_mode n option was introduced. n=1 is the original mode, n=2 an improvement, etc.. See the -pointer_mode n help for more info. - Also, in some circumstances the [521]-threads option can improve + Also, in some circumstances the [529]-threads option can improve response considerably. Be forewarned that if more than one vncviewer is connected at the same time then libvncserver may not be thread safe (try to get the viewers to use different VNC encodings, e.g. tight and ZRLE.) This option can be unstable and so as of Feb/2008 it is disabled by default. Set env. X11VNC_THREADED=1 to re-enable. - As of Apr/2005 two new options (see the [522]wireframe FAQ and - [523]scrollcopyrect FAQ below) provide schemes to sweep this problem + As of Apr/2005 two new options (see the [530]wireframe FAQ and + [531]scrollcopyrect FAQ below) provide schemes to sweep this problem under the rug for window moves or resizes and for some (but not all) window scrolls. These are the preferred way of avoiding the "lurching" problem, contact me if they are not working. Note on SuSE and some @@ -5986,7 +6144,7 @@ EndSection - Q-75: Why not do something like wireframe animations to avoid the + Q-76: Why not do something like wireframe animations to avoid the windows "lurching" when being moved or resized? Nice idea for a hack! As of Apr/2005 x11vnc by default will apply @@ -5997,8 +6155,8 @@ the window move/resize stops, it returns to normal processing: you should only see the window appear in the new position. This spares you from interacting with a "lurching" window between all of the - intermediate steps. BTW the lurching is due to [524]slow video card - read rates (see [525]here too.) A displacement, even a small one, of a + intermediate steps. BTW the lurching is due to [532]slow video card + read rates (see [533]here too.) A displacement, even a small one, of a large window requires a non-negligible amount of time, a good fraction of a second, to read in from the hardware framebuffer. @@ -6006,7 +6164,7 @@ for -wireframe to do any good. The mode is currently on by default because most people are afflicted - with the problem. It can be disabled with the [526]-nowireframe option + with the problem. It can be disabled with the [534]-nowireframe option (aka -nowf.) Why might one want to turn off the wireframing? Since x11vnc is merely guessing when windows are being moved/resized, it may guess poorly for your window-manager or desktop, or even for the way @@ -6052,13 +6210,13 @@ * Maximum time to show a wireframe animation. * Minimum time between sending wireframe outlines. - See the [527]"-wireframe tweaks" option for more details. On a slow + See the [535]"-wireframe tweaks" option for more details. On a slow link, e.g. dialup modem, the parameters may be automatically adjusted for better response. CopyRect encoding: In addition to the above there is the - [528]"-wirecopyrect mode" option. It is also on by default. This + [536]"-wirecopyrect mode" option. It is also on by default. This instructs x11vnc to not only show the wireframe animation, but to also instruct all connected VNC viewers to locally translate the window image data from the original position to the new position on the @@ -6089,7 +6247,7 @@ -nowirecopyrect if this or other painting errors are unacceptable. - Q-76: Can x11vnc try to apply heuristics to detect when a window is + Q-77: Can x11vnc try to apply heuristics to detect when a window is scrolling its contents and use the CopyRect encoding for a speedup? Another nice idea for a hack! As of May/2005 x11vnc will by default @@ -6106,7 +6264,7 @@ requiring the image data to be transmitted over the network. For fast links the speedup is primarily due to x11vnc not having to read the scrolled framebuffer data from the X server (recall that reading from - the hardware framebuffer is [529]slow.) + the hardware framebuffer is [537]slow.) To do this x11vnc uses the RECORD X extension to snoop the X11 protocol between the X client with the focus window and the X server. @@ -6133,10 +6291,10 @@ the X server display: if one falls too far behind it could become a mess... - The initial implementation of [530]-scrollcopyrect option is useful in + The initial implementation of [538]-scrollcopyrect option is useful in that it detects many scrolls and thus gives a much nicer working - environment (especially when combined with the [531]-wireframe - [532]-wirecopyrect [533]options, which are also on by default; and if + environment (especially when combined with the [539]-wireframe + [540]-wirecopyrect [541]options, which are also on by default; and if you are willing to enable the ShadowFB things are very fast.) The fact that there aren't long delays or lurches during scrolling is the primary improvement. @@ -6169,10 +6327,10 @@ One can tap the Alt_L key (Left "Alt" key) 3 times in a row to signal x11vnc to refresh the screen to all viewers. Your VNC-viewer may have its own screen refresh hot-key or button. See - also: [534]-fixscreen + also: [542]-fixscreen * Some applications, notably OpenOffice, do XCopyArea scrolls in weird ways that assume ancestor window clipping is taking place. - See the [535]-scr_skip option for ways to tweak this on a + See the [543]-scr_skip option for ways to tweak this on a per-application basis. * Selecting text while dragging the mouse may be slower, especially if the Button-down event happens near the window's edge. This is @@ -6189,7 +6347,7 @@ because it fails to detect scrolls in it. Sometimes clicking inside the application window or selecting some text in it to force the focus helps. - * When using the [536]-scale option there will be a quick CopyRect + * When using the [544]-scale option there will be a quick CopyRect scroll, but it needs to be followed by a slower "cleanup" update. This is because for a fixed finite screen resolution (e.g. 75 dpi) scaling and copyrect-ing are not exactly independent. Scaling @@ -6202,7 +6360,7 @@ If you find the -scrollcopyrect behavior too approximate or distracting you can go back to the standard polling-only update method - with the [537]-noscrollcopyrect (or -noscr for short.) If you find + with the [545]-noscrollcopyrect (or -noscr for short.) If you find some extremely bad and repeatable behavior for -scrollcopyrect please report a bug. @@ -6223,13 +6381,13 @@ errors. - Q-77: Can x11vnc do client-side caching of pixel data? I.e. so when + Q-78: Can x11vnc do client-side caching of pixel data? I.e. so when that pixel data is needed again it does not have to be retransmitted over the network. - As of Dec/2006 in the [538]0.9 development tarball there is an + As of Dec/2006 in the [546]0.9 development tarball there is an experimental client-side caching implementation enabled by the - "[539]-ncache n" option. In fact, during the test period it was on by + "[547]-ncache n" option. In fact, during the test period it was on by default with n set to 10. To disable it use "-noncache". It is a simple scheme where a (very large) lower portion of the @@ -6256,7 +6414,7 @@ there is a bug: you can scroll down in your viewer and see a strange "history" of windows on your desktop. This is working as intended. One will need to try to adjust the size of his VNC Viewer window so the - cache area cannot be seen. [540]SSVNC (see below) can do this + cache area cannot be seen. [548]SSVNC (see below) can do this automatically. At some point LibVNCServer may implement a "rfbFBCrop" pseudoencoding @@ -6266,7 +6424,7 @@ rendering...) The Enhanced TightVNC Viewer (SSVNC) Unix viewer has a nice - [541]-ycrop option to help hide the pixel cache area from view. It + [549]-ycrop option to help hide the pixel cache area from view. It will turn on automatically if the framebuffer appears to be very tall (height more than twice the width), or you can supply the actual value for the height. If the screen is resized by scaling, etc, the ycrop @@ -6297,7 +6455,7 @@ an additional factor of 2 in memory use. However, even in the smallest usage mode with n equal 2 and - [542]-ncache_no_rootpixmap set (this requires only 2X additional + [550]-ncache_no_rootpixmap set (this requires only 2X additional framebuffer memory) there is still a noticable improvement for many activities, although it is not as dramatic as with, say n equal 12 and rootpixmap (desktop background) caching enabled. @@ -6308,7 +6466,7 @@ be tuned to use less, or the VNC community will extend the protocol to allow caching and replaying of compressed blobs of data. - Another option to experiment with is "[543]-ncache_cr". By specifying + Another option to experiment with is "[551]-ncache_cr". By specifying it, x11vnc will try to do smooth opaque window moves instead of its wireframe. This can give a very nice effect (note: on Unix the realvnc viewer seems to be smoother than the tightvnc viewer), but can lead to @@ -6361,28 +6519,28 @@ improving VNC performance by client side caching. - Q-78: Does x11vnc support TurboVNC? + Q-79: Does x11vnc support TurboVNC? As of Feb/2009 (development tarball) there is an experimental kludge to let you build x11vnc using TurboVNC's modified TightVNC encoding. - [544]TurboVNC is part of the [545]VirtualGL project. It does two main + [552]TurboVNC is part of the [553]VirtualGL project. It does two main things to speed up the TightVNC encoding: * It eliminates bottlenecks, overheads, wait-times in the TightVNC encoding implementation and instead only worries about sending very well (and quickly) compressed JPEG data. * A fast proprietary JPEG implemention is used (Intel IPP on x86) - instead of the usual libjpeg implementation. [546]TurboJPEG is an + instead of the usual libjpeg implementation. [554]TurboJPEG is an interface library, libturbojpeg, provided by the project that achieves this. TurboVNC works very well over LAN and evidently fast Broadband too. When using it with x11vnc in such a situation you may want to dial - down the delays, e.g. "[547]-wait 5" and "[548]-defer 5" (or even a + down the delays, e.g. "[555]-wait 5" and "[556]-defer 5" (or even a smaller setting) to poll and pump things out more quickly. See the instructions in "x11vnc/misc/turbovnc/README" for how to build x11vnc with TurboVNC support. You will also need to download the - [549]TurboJPEG software. + [557]TurboJPEG software. In brief, the steps look like this: cd x11vnc-x.y.z/x11vnc/misc/turbovnc @@ -6394,22 +6552,22 @@ where you replace "/DIR" with the directory containing libturbojpeg.so you downloaded separately. If it works out well enough TurboVNC support will be integrated into x11vnc and more of its tuning features - will be implemented. Support for TurboVNC in [550]SSVNC viewer has + will be implemented. Support for TurboVNC in [558]SSVNC viewer has been added as an experiment as well. If you try either one, let us know how it went. There also may be some Linux.i686 and Darwin.i386 x11vnc binaries with - TurboVNC support in the [551]misc. bins directory. For other platforms + TurboVNC support in the [559]misc. bins directory. For other platforms you will need to compile yourself. On relatively cheap and old hardware (Althon64 X2 5000+ / GeForce - 6200) x11vnc and [552]SSVNC, both TurboVNC enabled, were able to + 6200) x11vnc and [560]SSVNC, both TurboVNC enabled, were able to sustain 13.5 frames/sec (fps) and 15 Megapixels/sec using the VirtualGL supplied OpenGL benchmark program glxspheres. VirtualGL on - higher-end hardware can sustain [553]20-30 fps with the glxspheres + higher-end hardware can sustain [561]20-30 fps with the glxspheres benchmark. - Potential Slowdown: As we describe [554]elsewhere, unless you use + Potential Slowdown: As we describe [562]elsewhere, unless you use x11vnc with an X server using, say, NVidia proprietary drivers (or a virtual X server like Xvfb or Xdummy, or in ShadowFB mode), then the read rate from the graphics card can be rather slow (e.g. 10 MB/sec) @@ -6434,7 +6592,7 @@ [Mouse Cursor Shapes] - Q-79: Why isn't the mouse cursor shape (the little icon shape where + Q-80: Why isn't the mouse cursor shape (the little icon shape where the mouse pointer is) correct as I move from window to window? On X servers supporting XFIXES or Solaris/IRIX Overlay extensions it @@ -6449,23 +6607,23 @@ this is because the cursor shape is often downloaded to the graphics hardware (video card), but I could be mistaken. - A simple kludge is provided by the "[555]-cursor X" option that + A simple kludge is provided by the "[563]-cursor X" option that changes the cursor when the mouse is on the root background (or any window has the same cursor as the root background.) Note that desktops like GNOME or KDE often cover up the root background, so this won't - work for those cases. Also see the "[556]-cursor some" option for + work for those cases. Also see the "[564]-cursor some" option for additional kludges. Note that as of Aug/2004 on Solaris using the SUN_OVL overlay extension and IRIX, x11vnc can show the correct mouse cursor when the - [557]-overlay option is supplied. See [558]this FAQ for more info. + [565]-overlay option is supplied. See [566]this FAQ for more info. Also as of Dec/2004 XFIXES X extension support has been added to allow exact extraction of the mouse cursor shape. XFIXES fixes the problem of the cursor-shape being write-only: x11vnc can now query the X server for the current shape and send it back to the connected viewers. XFIXES is available on recent Linux Xorg based distros and - [559]Solaris 10. + [567]Solaris 10. The only XFIXES issue is the handling of alpha channel transparency in cursors. If a cursor has any translucency then in general it must be @@ -6473,10 +6631,10 @@ situations where the cursor transparency can also handled exactly: when the VNC Viewer requires the cursor shape be drawn into the VNC framebuffer or if you apply a patch to your VNC Viewer to extract - hidden alpha channel data under 32bpp. [560]Details can be found here. + hidden alpha channel data under 32bpp. [568]Details can be found here. - Q-80: When using XFIXES cursorshape mode, some of the cursors look + Q-81: When using XFIXES cursorshape mode, some of the cursors look really bad with extra black borders around the cursor and other cruft. How can I improve their appearance? @@ -6506,17 +6664,17 @@ for most cursor themes and you don't have to worry about it. In case it still looks bad for your cursor theme, there are (of - course!) some tunable parameters. The "[561]-alphacut n" option lets + course!) some tunable parameters. The "[569]-alphacut n" option lets you set the threshold "n" (between 0 and 255): cursor pixels with alpha values below n will be considered completely transparent while values equal to or above n will be completely opaque. The default is - 240. The "[562]-alphafrac f" option tries to correct individual + 240. The "[570]-alphafrac f" option tries to correct individual cursors that did not fare well with the default -alphacut value: if a cursor has less than fraction f (between 0.0 and 1.0) of its pixels selected by the default -alphacut, the threshold is lowered until f of its pixels are selected. The default fraction is 0.33. - Finally, there is an option [563]-alpharemove that is useful for + Finally, there is an option [571]-alpharemove that is useful for themes where many cursors are light colored (e.g. "whiteglass".) XFIXES returns the cursor data with the RGB values pre-multiplied by the alpha value. If the white cursors look too grey, specify @@ -6534,7 +6692,7 @@ heavily on redglass) look fine with the apparent default of alphacut:255. - Q-81: In XFIXES mode, are there any hacks to handle cursor + Q-82: In XFIXES mode, are there any hacks to handle cursor transparency ("alpha channel") exactly? As of Jan/2005 libvncserver has been modified to allow an alpha @@ -6542,10 +6700,10 @@ alpha channel data to libvncserver. However, this data will only be used for VNC clients that do not support the CursorShapeUpdates VNC extension (or have disabled it.) It can be disabled for all clients - with the [564]-nocursorshape x11vnc option. In this case the cursor is + with the [572]-nocursorshape x11vnc option. In this case the cursor is drawn, correctly blended with the background, into the VNC framebuffer before being sent out to the client. So the alpha blending is done on - the x11vnc side. Use the [565]-noalphablend option to disable this + the x11vnc side. Use the [573]-noalphablend option to disable this behavior (always approximate transparent cursors with opaque RGB values.) @@ -6569,17 +6727,17 @@ example on how to change the Windows TightVNC viewer to achieve the same thing (send me the patch if you get that working.) - This patch is applied to the [566]Enhanced TightVNC Viewer (SSVNC) + This patch is applied to the [574]Enhanced TightVNC Viewer (SSVNC) package we provide. [Mouse Pointer] - Q-82: Why does the mouse arrow just stay in one corner in my + Q-83: Why does the mouse arrow just stay in one corner in my vncviewer, whereas my cursor (that does move) is just a dot? - This default takes advantage of a [567]tightvnc extension + This default takes advantage of a [575]tightvnc extension (CursorShapeUpdates) that allows specifying a cursor image shape for - the local VNC viewer. You may disable it with the [568]-nocursor + the local VNC viewer. You may disable it with the [576]-nocursor option to x11vnc if your viewer does not have this extension. Note: as of Aug/2004 this should be fixed: the default for @@ -6588,22 +6746,22 @@ can also be disabled via -nocursor. - Q-83: Can I take advantage of the TightVNC extension to the VNC + Q-84: Can I take advantage of the TightVNC extension to the VNC protocol where Cursor Positions Updates are sent back to all connected clients (i.e. passive viewers can see the mouse cursor being moved around by another viewer)? - Use the [569]-cursorpos option when starting x11vnc. A VNC viewer must + Use the [577]-cursorpos option when starting x11vnc. A VNC viewer must support the Cursor Positions Updates for the user to see the mouse motions (the TightVNC viewers support this.) As of Aug/2004 -cursorpos - is the default. See also [570]-nocursorpos and [571]-nocursorshape. + is the default. See also [578]-nocursorpos and [579]-nocursorshape. - Q-84: Is it possible to swap the mouse buttons (e.g. left-handed + Q-85: Is it possible to swap the mouse buttons (e.g. left-handed operation), or arbitrarily remap them? How about mapping button clicks to keystrokes, e.g. to partially emulate Mouse wheel scrolling? - You can remap the mouse buttons via something like: [572]-buttonmap + You can remap the mouse buttons via something like: [580]-buttonmap 13-31 (or perhaps 12-21.) Also, note that xmodmap(1) lets you directly adjust the X server's button mappings, but in some circumstances it might be more desirable to have x11vnc do it. @@ -6611,7 +6769,7 @@ One user had an X server with only one mouse button(!) and was able to map all of the VNC client mouse buttons to it via: -buttonmap 123-111. - Note that the [573]-debug_pointer option prints out much info for + Note that the [581]-debug_pointer option prints out much info for every mouse/pointer event and is handy in solving problems. To map mouse button clicks to keystrokes you can use the alternate @@ -6633,7 +6791,7 @@ Exactly what keystroke "scrolling" events they should be bound to depends on one's taste. If this method is too approximate, one could - consider not using [574]-buttonmap but rather configuring the X server + consider not using [582]-buttonmap but rather configuring the X server to think it has a mouse with 5 buttons even though the physical mouse does not. (e.g. 'Option "ZAxisMapping" "4 5"'.) @@ -6660,10 +6818,10 @@ "click" usually gives a multi-line scroll.) [Keyboard Issues] - Q-85: How can I get my AltGr and Shift modifiers to work between + Q-86: How can I get my AltGr and Shift modifiers to work between keyboards for different languages? - The option [575]-modtweak should help here. It is a mode that monitors + The option [583]-modtweak should help here. It is a mode that monitors the state of the Shift and AltGr Modifiers and tries to deduce the correct keycode to send, possibly by sending fake modifier key presses and releases in addition to the actual keystroke. @@ -6672,25 +6830,25 @@ to get the old behavior.) This was done because it was noticed on newer XFree86 setups even on bland "us" keyboards like "pc104 us" XFree86 included a "ghost" key with both "<" and ">" it. This key does - not exist on the keyboard (see [576]this FAQ for more info.) Without + not exist on the keyboard (see [584]this FAQ for more info.) Without -modtweak there was then an ambiguity in the reverse map keysym => keycode, making it so the "<" symbol could not be typed. - Also see the [577]FAQ about the -xkb option for a more powerful method + Also see the [585]FAQ about the -xkb option for a more powerful method of modifier tweaking for use on X servers with the XKEYBOARD extension. When trying to resolve keyboard mapping problems, note that the - [578]-debug_keyboard option prints out much info for every keystroke + [586]-debug_keyboard option prints out much info for every keystroke and so can be useful debugging things. Note that one user had a strange setup and none of the above helped. - His solution was to disable all of the above and use [579]-nomodtweak. + His solution was to disable all of the above and use [587]-nomodtweak. This is the simplest form of keystroke insertion and it actually solved the problem. Try it if the other options don't help. - Q-86: When I try to type a "<" (i.e. less than) instead I get ">" + Q-87: When I try to type a "<" (i.e. less than) instead I get ">" (i.e. greater than)! Strangely, typing ">" works OK!! Does your keyboard have a single key with both "<" and ">" on it? Even @@ -6698,9 +6856,9 @@ (e.g. pc105 in the XF86Config file when it should be something else, say pc104.) - Short Cut: Try the [580]-xkb or [581]-sloppy_keys options and see if + Short Cut: Try the [588]-xkb or [589]-sloppy_keys options and see if that helps the situation. The discussion below is a bit outdated (e.g. - [582]-modtweak is now the default) but it is useful reference for + [590]-modtweak is now the default) but it is useful reference for various tricks and so is kept. @@ -6743,25 +6901,25 @@ -remap less-comma These are convenient in that they do not modify the actual X server - settings. The former ([583]-modtweak) is a mode that monitors the + settings. The former ([591]-modtweak) is a mode that monitors the state of the Shift and AltGr modifiers and tries to deduce the correct keycode sequence to send. Since Jul/2004 -modtweak is now the default. - The latter ([584]-remap less-comma) is an immediate remapping of the + The latter ([592]-remap less-comma) is an immediate remapping of the keysym less to the keysym comma when it comes in from a client (so when Shift is down the comma press will yield "<".) - See also the [585]FAQ about the -xkb option as a possible workaround + See also the [593]FAQ about the -xkb option as a possible workaround using the XKEYBOARD extension. - Note that the [586]-debug_keyboard option prints out much info for + Note that the [594]-debug_keyboard option prints out much info for every keystroke to aid debugging keyboard problems. - Q-87: Extra Character Inserted, E.g.: When I try to type a "<" (i.e. + Q-88: Extra Character Inserted, E.g.: When I try to type a "<" (i.e. less than) instead I get "<," (i.e. an extra comma.) This is likely because you press "Shift" then "<" but then released - the Shift key before releasing the "<". Because of a [587]keymapping + the Shift key before releasing the "<". Because of a [595]keymapping ambiguity the last event "< up" is interpreted as "," because that key unshifted is the comma. @@ -6769,16 +6927,16 @@ characters: in general it can happen whenever the Shift key is released early. - This should not happen in [588]-xkb mode, because it works hard to + This should not happen in [596]-xkb mode, because it works hard to resolve the ambiguities. If you do not want to use -xkb, try the - option [589]-sloppy_keys to attempt a similar type of algorithm. + option [597]-sloppy_keys to attempt a similar type of algorithm. One user had this problem for Italian and German keyboards with the key containing ":" and "." When he typed ":" he would get an extra "." inserted after the ":". The solution was -sloppy_keys. - Q-88: I'm using an "international" keyboard (e.g. German "de", or + Q-89: I'm using an "international" keyboard (e.g. German "de", or Danish "dk") and the -modtweak mode works well if the VNC viewer is run on a Unix/Linux machine with a similar keyboard. But if I run the VNC viewer on Unix/Linux with a different keyboard (e.g. "us") or @@ -6799,7 +6957,7 @@ In both cases no AltGr is sent to the VNC server, but we know AltGr is needed on the physical international keyboard to type a "@". - This all worked fine with x11vnc running with the [590]-modtweak + This all worked fine with x11vnc running with the [598]-modtweak option (it figures out how to adjust the Modifier keys (Shift or AltGr) to get the "@".) However it fails under recent versions of XFree86 (and the X.org fork.) These run the XKEYBOARD extension by @@ -6816,7 +6974,7 @@ * there is a new option -xkb to use the XKEYBOARD extension API to do the Modifier key tweaking. - The [591]-xkb option seems to fix all of the missing keys: "@", "<", + The [599]-xkb option seems to fix all of the missing keys: "@", "<", ">", etc.: it is recommended that you try it if you have this sort of problem. Let us know if there are any remaining problems (see the next paragraph for some known problems.) If you specify the -debug_keyboard @@ -6824,7 +6982,7 @@ debugging output (send it along with any problems you report.) Update: as of Jun/2005 x11vnc will try to automatically enable - [592]-xkb if it appears that would be beneficial (e.g. if it sees any + [600]-xkb if it appears that would be beneficial (e.g. if it sees any of "@", "<", ">", "[" and similar keys are mapped in a way that needs the -xkb to access them.) To disable this automatic check use -noxkb. @@ -6839,7 +6997,7 @@ was attached to keycode 93 (no physical key generates this keycode) while ISO_Level3_Shift was attached to keycode 113. The keycode skipping option was used to disable the ghost key: - [593]-skip_keycodes 93 + [601]-skip_keycodes 93 * In implementing -xkb we noticed that some characters were still not getting through, e.g. "~" and "^". This is not really an XKEYBOARD problem. What was happening was the VNC viewer was @@ -6857,16 +7015,16 @@ What to do? In general the VNC protocol has not really solved this problem: what should be done if the VNC viewer sends a keysym not recognized by the VNC server side? Workarounds can possibly be - created using the [594]-remap x11vnc option: + created using the [602]-remap x11vnc option: -remap asciitilde-dead_tilde,asciicircum-dead_circumflex etc. Use -remap filename if the list is long. Please send us your workarounds for this problem on your keyboard. Perhaps we can have x11vnc adjust automatically at some point. Also see the - [595]-add_keysyms option in the next paragraph. - Update: for convenience "[596]-remap DEAD" does many of these + [603]-add_keysyms option in the next paragraph. + Update: for convenience "[604]-remap DEAD" does many of these mappings at once. - * To complement the above workaround using the [597]-remap, an - option [598]-add_keysyms was added. This option instructs x11vnc + * To complement the above workaround using the [605]-remap, an + option [606]-add_keysyms was added. This option instructs x11vnc to bind any unknown Keysyms coming in from VNC viewers to unused Keycodes in the X server. This modifies the global state of the X server. When x11vnc exits it removes the extra keymappings it @@ -6877,7 +7035,7 @@ disable. - Q-89: When typing I sometimes get double, triple, or more of my + Q-90: When typing I sometimes get double, triple, or more of my keystrokes repeated. I'm sure I only typed them once, what can I do? This may be due to an interplay between your X server's key autorepeat @@ -6885,7 +7043,7 @@ Short answer: disable key autorepeating by running the command "xset r off" on the Xserver where x11vnc is run (restore via "xset r on") or - use the new (Jul/2004) [599]-norepeat x11vnc option. You will still + use the new (Jul/2004) [607]-norepeat x11vnc option. You will still have autorepeating because that is taken care of on your VNC viewer side. @@ -6909,18 +7067,18 @@ off", does the problem go away? The workaround is to manually apply "xset r off" and "xset r on" as - needed, or to use the [600]-norepeat (which has since Dec/2004 been + needed, or to use the [608]-norepeat (which has since Dec/2004 been made the default.) Note that with X server autorepeat turned off the VNC viewer side of the connection will (nearly always) do its own autorepeating so there is no big loss here, unless someone is also working at the physical display and misses his autorepeating. - Q-90: The x11vnc -norepeat mode is in effect, but I still get repeated + Q-91: The x11vnc -norepeat mode is in effect, but I still get repeated keystrokes!! Are you using x11vnc to log in to an X session via display manager? - (as described in [601]this FAQ) If so, x11vnc is starting before your + (as described in [609]this FAQ) If so, x11vnc is starting before your session and it disables autorepeat when you connect, but then after you log in your session startup (GNOME, KDE, ...) could be resetting the autorepeat to be on. Or it could be something inside your desktop @@ -6940,7 +7098,7 @@ should figure out how to disable that somehow. - Q-91: After using x11vnc for a while, I find that I cannot type some + Q-92: After using x11vnc for a while, I find that I cannot type some (or any) characters or my mouse clicks and drags no longer have any effect, or they lead to strange effects. What happened? @@ -6981,11 +7139,11 @@ desktop manages these "warps". If the viewer is not notified it cannot know it needs to release the modifiers. - You can also use the [602]-clear_mods option to try to clear all of + You can also use the [610]-clear_mods option to try to clear all of the modifier keys at x11vnc startup. You will still have to be careful that you do not leave the modifier key pressed down during your session. It is difficult to prevent this problem from occurring (short - of using [603]-remap to prevent sending all of the problem modifier + of using [611]-remap to prevent sending all of the problem modifier keys, which would make the destkop pretty unusable.) During a session these x11vnc remote control commands can also help: @@ -6998,16 +7156,16 @@ Num_Lock down. When these are locked on the remote side it can sometimes lead to strange desktop behavior (e.g. cannot drag or click on windows.) As above you may not notice this because the lock isn't - down on the local (Viewer) side. See [604]this FAQ on lock keys - problem. These options may help avoid the problem: [605]-skip_lockkeys - and [606]-capslock. See also [607]-clear_all. + down on the local (Viewer) side. See [612]this FAQ on lock keys + problem. These options may help avoid the problem: [613]-skip_lockkeys + and [614]-capslock. See also [615]-clear_all. - Q-92: The machine where I run x11vnc has an AltGr key, but the local + Q-93: The machine where I run x11vnc has an AltGr key, but the local machine where I run the VNC viewer does not. Is there a way I can map a local unused key to send an AltGr? How about a Compose key as well? - Something like "[608]-remap Super_R-Mode_switch" x11vnc option may + Something like "[616]-remap Super_R-Mode_switch" x11vnc option may work. Note that Super_R is the "Right Windoze(tm) Flaggie" key; you may want to choose another. The -debug_keyboard option comes in handy in finding keysym names (so does xev(1).) @@ -7018,7 +7176,7 @@ specify remappings from a file. - Q-93: I have a Sun machine I run x11vnc on. Its Sun keyboard has just + Q-94: I have a Sun machine I run x11vnc on. Its Sun keyboard has just one Alt key labelled "Alt" and two Meta keys labelled with little diamonds. The machine where I run the VNC viewer only has Alt keys. How can I send a Meta keypress? (e.g. emacs needs this) @@ -7030,13 +7188,13 @@ Since xmodmap(1) modifies the X server mappings you may not want to do this (because it affects local work on that machine.) Something like - the [609]-remap Alt_L-Meta_L to x11vnc may be sufficient for ones + the [617]-remap Alt_L-Meta_L to x11vnc may be sufficient for ones needs, and does not modify the X server environment. Note that you cannot send Alt_L in this case, maybe -remap Super_L-Meta_L would be a better choice if the Super_L key is typically unused in Unix. - Q-94: Running x11vnc on HP-UX I cannot type "#" I just get a "3" + Q-95: Running x11vnc on HP-UX I cannot type "#" I just get a "3" instead. One user reports this problem on HP-UX Rel_B.11.23. The problem was @@ -7050,7 +7208,7 @@ and similar triple mappings (with two in the AltGr/Mode_switch group) of a keysum to a single keycode. - Use the [610]-nomodtweak option as a workaround. You can also use + Use the [618]-nomodtweak option as a workaround. You can also use xmodmap to correct these mappings in the server, e.g.: xmodmap -e "keycode 47 = 3 numbersign" @@ -7059,12 +7217,12 @@ handle these mappings better. - Q-95: Can I map a keystroke to a mouse button click on the remote + Q-96: Can I map a keystroke to a mouse button click on the remote machine? This can be done directly in some X servers using AccessX and Pointer_EnableKeys, but is a bit awkward. It may be more convenient to - have x11vnc do the remapping. This can be done via the [611]-remap + have x11vnc do the remapping. This can be done via the [619]-remap option using the fake "keysyms" Button1, Button2, etc. as the "to" keys (i.e. the ones after the "-") @@ -7073,7 +7231,7 @@ button "paste" because (using XFree86/Xorg Emulate3Buttons) you have to click both buttons on the touch pad at the same time. This remapping: - [612]-remap Super_R-Button2 + [620]-remap Super_R-Button2 maps the Super_R "flag" key press to the Button2 click, thereby making X pasting a bit easier. @@ -7082,7 +7240,7 @@ are generated immediately on the x11vnc side. When the key is released (i.e. goes up) no events are generated. - Q-96: How can I get Caps_Lock to work between my VNC viewer and + Q-97: How can I get Caps_Lock to work between my VNC viewer and x11vnc? This is a little tricky because it is possible to get the Caps_Lock @@ -7092,13 +7250,13 @@ Caps_Lock in the viewer your local machine goes into the Caps_Lock on state and sends keysym "A" say when you press "a". x11vnc will then fake things up so that Shift is held down to generate "A". The - [613]-skip_lockkeys option should help to accomplish this. For finer - grain control use something like: "[614]-remap Caps_Lock-None". + [621]-skip_lockkeys option should help to accomplish this. For finer + grain control use something like: "[622]-remap Caps_Lock-None". - Also try the [615]-nomodtweak and [616]-capslock options. + Also try the [623]-nomodtweak and [624]-capslock options. Another useful option that turns off any Lock keys on the remote side - at startup and end is the [617]-clear_all option. During a session you + at startup and end is the [625]-clear_all option. During a session you can run these remote control commands to modify the Lock keys: x11vnc -R clear_locks x11vnc -R clear_all @@ -7108,7 +7266,7 @@ etc.) [Screen Related Issues and Features] - Q-97: The remote display is larger (in number of pixels) than the + Q-98: The remote display is larger (in number of pixels) than the local display I am running the vncviewer on. I don't like the vncviewer scrollbars, what I can do? @@ -7127,15 +7285,15 @@ There may also be scaling viewers out there (e.g. TightVNC or UltraVNC on Windows) that automatically shrink or expand the remote framebuffer to fit the local display. Especially for hand-held devices. See also - [618]the next FAQ on x11vnc scaling. + [626]the next FAQ on x11vnc scaling. - Q-98: Does x11vnc support server-side framebuffer scaling? (E.g. to + Q-99: Does x11vnc support server-side framebuffer scaling? (E.g. to make the desktop smaller.) As of Jun/2004 x11vnc provides basic server-side scaling. It is a global scaling of the desktop, not a per-client setting. To enable it - use the "[619]-scale fraction" option. "fraction" can either be a + use the "[627]-scale fraction" option. "fraction" can either be a floating point number (e.g. -scale 0.75) or the alternative m/n fraction notation (e.g. -scale 3/4.) Note that if fraction is greater than one the display is magnified. @@ -7160,7 +7318,7 @@ One can also use the ":nb" with an integer scale factor (say "-scale 2:nb") to use x11vnc as a screen magnifier for vision impaired - [620]applications. Since with integer scale factors the framebuffers + [628]applications. Since with integer scale factors the framebuffers become huge and scaling operations time consuming, be sure to use ":nb" for the fastest response. @@ -7186,7 +7344,7 @@ If one desires per-client scaling for something like 1:1 from a workstation and 1:2 from a smaller device (e.g. handheld), currently the only option is to run two (or more) x11vnc processes with - different scalings listening on separate ports ([621]-rfbport option, + different scalings listening on separate ports ([629]-rfbport option, etc.) Update: As of May/2006 x11vnc also supports the UltraVNC server-side @@ -7196,8 +7354,8 @@ "-rfbversion 3.6" for this to be recognized by UltraVNC viewers. BTW, whenever you run two or more x11vnc's on the same X display and - use the [622]GUI, then to avoid all of the x11vnc's simultaneously - answering the gui you will need to use something like [623]"-connect + use the [630]GUI, then to avoid all of the x11vnc's simultaneously + answering the gui you will need to use something like [631]"-connect file1 -gui ..." with different connect files for each x11vnc you want to control via the gui (or remote-control.) The "-connect file1" usage gives separate communication channels between a x11vnc process and the @@ -7206,12 +7364,12 @@ Update: As of Mar/2005 x11vnc now scales the mouse cursor with the same scale factor as the screen. If you don't want that, use the - [624]"-scale_cursor frac" option to set the cursor scaling to a + [632]"-scale_cursor frac" option to set the cursor scaling to a different factor (e.g. use "-scale_cursor 1" to keep the cursor at its natural unscaled size.) - Q-99: Does x11vnc work with Xinerama? (i.e. multiple monitors joined + Q-100: Does x11vnc work with Xinerama? (i.e. multiple monitors joined together to form one big, single screen.) Yes, it should generally work because it simply polls the big @@ -7234,26 +7392,26 @@ screen is not rectangular (e.g. 1280x1024 and 1024x768 monitors joined together), then there will be "non-existent" areas on the screen. The X server will return "garbage" image data for these areas and so they - may be distracting to the viewer. The [625]-blackout x11vnc option + may be distracting to the viewer. The [633]-blackout x11vnc option allows you to blacken-out rectangles by manually specifying their WxH+X+Y geometries. If your system has the libXinerama library, the - [626]-xinerama x11vnc option can be used to have it automatically + [634]-xinerama x11vnc option can be used to have it automatically determine the rectangles to be blackened out. (Note on 8bpp PseudoColor displays the fill color may not be black.) Update: - [627]-xinerama is now on by default. + [635]-xinerama is now on by default. Some users have reported that the mouse does not behave properly for their Xinerama display: i.e. the mouse cannot be moved to all regions - of the large display. If this happens try using the [628]-xwarppointer + of the large display. If this happens try using the [636]-xwarppointer option. This instructs x11vnc to fake mouse pointer motions using the XWarpPointer function instead of the XTestFakeMotionEvent XTEST function. (This may be due to a bug in the X server for XTEST when - Xinerama is enabled.) Update: As of Dec/2006 [629]-xwarppointer will + Xinerama is enabled.) Update: As of Dec/2006 [637]-xwarppointer will be applied automatically if Xinerama is detected. To disable use: -noxwarppointer - Q-100: Can I use x11vnc on a multi-headed display that is not Xinerama + Q-101: Can I use x11vnc on a multi-headed display that is not Xinerama (i.e. separate screens :0.0, :0.1, ... for each monitor)? You can, but it is a little bit awkward: you must start separate @@ -7271,32 +7429,32 @@ Note: if you are running on Solaris 8 or earlier you can easily hit up against the maximum of 6 shm segments per process (for Xsun in this case) from running multiple x11vnc processes. You should modify - /etc/system as mentioned in another [630]FAQ to increase the limit. It - is probably also a good idea to run with the [631]-onetile option in + /etc/system as mentioned in another [638]FAQ to increase the limit. It + is probably also a good idea to run with the [639]-onetile option in this case (to limit each x11vnc to 3 shm segments), or even - [632]-noshm to use no shm segments. + [640]-noshm to use no shm segments. - Q-101: Can x11vnc show only a portion of the display? (E.g. for a + Q-102: Can x11vnc show only a portion of the display? (E.g. for a special purpose application or a very large screen.) - As of Mar/2005 x11vnc has the "[633]-clip WxH+X+Y" option to select a + As of Mar/2005 x11vnc has the "[641]-clip WxH+X+Y" option to select a rectangle of width W, height H and offset (X, Y). Thus the VNC screen will be the clipped sub-region of the display and be only WxH in size. - One user used -clip to split up a large [634]Xinerama screen into two + One user used -clip to split up a large [642]Xinerama screen into two more managable smaller screens. This also works to view a sub-region of a single application window if - the [635]-id or [636]-sid options are used. The offset is measured + the [643]-id or [644]-sid options are used. The offset is measured from the upper left corner of the selected window. - Q-102: Does x11vnc support the XRANDR (X Resize, Rotate and + Q-103: Does x11vnc support the XRANDR (X Resize, Rotate and Reflection) extension? Whenever I rotate or resize the screen x11vnc just seems to crash. As of Dec/2004 x11vnc supports XRANDR. You enable it with the - [637]-xrandr option to make x11vnc monitor XRANDR events and also trap + [645]-xrandr option to make x11vnc monitor XRANDR events and also trap X server errors if the screen change occurred in the middle of an X call like XGetImage. Once it traps the screen change it will create a new framebuffer using the new screen. @@ -7306,9 +7464,9 @@ then the viewer will automatically resize. Otherwise, the new framebuffer is fit as best as possible into the original viewer size (portions of the screen may be clipped, unused, etc.) For these - viewers you can try the [638]-padgeom option to make the region big + viewers you can try the [646]-padgeom option to make the region big enough to hold all resizes and rotations. We have fixed this problem - for the TightVNC Viewer on Unix: [639]SSVNC + for the TightVNC Viewer on Unix: [647]SSVNC If you specify "-xrandr newfbsize" then vnc viewers that do not support NewFBSize will be disconnected before the resize. If you @@ -7316,36 +7474,36 @@ terminate. - Q-103: Independent of any XRANDR, can I have x11vnc rotate and/or + Q-104: Independent of any XRANDR, can I have x11vnc rotate and/or reflect the screen that the VNC viewers see? (e.g. for a handheld whose screen is rotated 90 degrees.) - As of Jul/2006 there is the [640]-rotate option allow this. E.g's: + As of Jul/2006 there is the [648]-rotate option allow this. E.g's: "-rotate +90", "-rotate -90", "-rotate x", etc. - Q-104: Why is the view in my VNC viewer completely black? Or why is + Q-105: Why is the view in my VNC viewer completely black? Or why is everything flashing around randomly? See the next FAQ for a possible explanation. - Q-105: I use Linux Virtual Consoles (VC's) to implement 'Fast User + Q-106: I use Linux Virtual Terminals (VT's) to implement 'Fast User Switching' between users' sessions (e.g. Betty is on Ctrl-Alt-F7, Bobby is on Ctrl-Alt-F8, and Sid is on Ctrl-Alt-F1: they use those keystrokes to switch between their sessions.) How come the view in a VNC viewer connecting to x11vnc is either completely black or otherwise all messed up unless the X session x11vnc is attached to is - in the active VC? + in the active VT? This seems to have to do with how applications (the X server processes - in this case) must "play nicely" if they are not on the active VC - (sometimes called VT for virtual terminal.) That is, they should not + in this case) must "play nicely" if they are not on the active VT + (sometimes called VC for virtual console.) That is, they should not read from the keyboard or mouse or manage the video display unless - they have the active VC. Given that it appears the XGetImage() call + they have the active VT. Given that it appears the XGetImage() call must ultimately retrieve the framebuffer data from the video hardware itself, it would make sense x11vnc's polling wouldn't work unless the - X session had active control of the VC. + X session had active control of the VT. There does not seem to be an easy way to work around this. Even xwd(1) doesn't work in this case (try it.) Something would need to be done at @@ -7354,12 +7512,12 @@ memory) does not appear to fix the problem. If no one is sitting at the workstation and you just want to remotely - switch the VC over to the one associated with your X session (so + switch the VT over to the one associated with your X session (so x11vnc can poll it correctly), one can use the chvt(1) command, e.g. - "chvt 7" for VC #7. + "chvt 7" for VT #7. - Q-106: I am using x11vnc where my local machine has "popup/hidden + Q-107: I am using x11vnc where my local machine has "popup/hidden taskbars" and the remote display where x11vnc runs also has "popup/hidden taskbars" and they interfere and fight with each other. What can I do? @@ -7374,7 +7532,7 @@ click on the task bar panel, and uncheck "enable auto-hide" from the panel properties dialog box. This will make the panel always visible. - Q-107: Help! x11vnc and my KDE screensaver keep switching each other + Q-108: Help! x11vnc and my KDE screensaver keep switching each other on and off every few seconds. This is a new (Jul/2006) problem seen, say, on the version of KDE that @@ -7385,13 +7543,13 @@ This may be a bug in kdesktop_lock. For now the only workaround is to disable the screensaver. You can try using another one such as - straight xscreensaver (see the instructions [641]here for how to + straight xscreensaver (see the instructions [649]here for how to disable kdesktop_lock.) If you have more info on this or see it outside of KDE please let us know. Update: It appears this is due to kdesktop_lock enabling the screen saver when the Monitor is in DPMS low-power state (e.g. standby, - suspend, or off.) In Nov/2006 the x11vnc [642]-nodpms option was added + suspend, or off.) In Nov/2006 the x11vnc [650]-nodpms option was added as a workaround. Normally it is a good thing that the monitor powers down (since x11vnc can still poll the framebuffer in this state), but if you experience the kdesktop_lock problem you can specify the @@ -7401,22 +7559,22 @@ disable the screensaver.) Feel free to file a bug against kdesktop_lock with KDE. - Q-108: I am running the beryl 3D window manager (or compiz, MythTv, + Q-109: I am running the beryl 3D window manager (or compiz, MythTv, Google Earth, or some other OpenGL app) and I do not get screen updates in x11vnc. This appears to be because the 3D OpenGL/GLX hardware screen updates do not get reported via the XDAMAGE mechanism. So this is a bug in - [643]beryl/compiz or XDAMAGE/Xorg or the (possibly 3rd party) video + [651]beryl/compiz or XDAMAGE/Xorg or the (possibly 3rd party) video card driver. - As a workaround apply the [644]-noxdamage option. As of Feb/2007 + As a workaround apply the [652]-noxdamage option. As of Feb/2007 x11vnc will try to autodetect the problem and disable XDAMAGE if is appears to be missing a lot of updates. But if you know you are using - beryl you might as well always supply -noxdamage. Thanks to [645]this + beryl you might as well always supply -noxdamage. Thanks to [653]this user who reported the problem and discovered the workaround. - A developer for [646]MiniMyth reports that the 'alphapulse' tag of the + A developer for [654]MiniMyth reports that the 'alphapulse' tag of the theme G.A.N.T. can also cause problems, and should be avoided when using VNC. @@ -7425,7 +7583,7 @@ responsiveness (especially for typing) and also leads to unnecessary CPU and memory I/O load due to the extra polling. - Q-109: Can I use x11vnc to view my VMWare session remotely? + Q-110: Can I use x11vnc to view my VMWare session remotely? Yes, since VMWare usually runs as an X application you can view it via x11vnc in the normal way. @@ -7436,9 +7594,9 @@ * Fullscreen mode The way VMWare does Fullscreen mode on Linux is to display the Guest - desktop in a separate Virtual Console (e.g. VC 8) (see [647]this FAQ - on VC's for background.) Unfortunately, this Fullscreen VC is not an X - server. So x11vnc cannot access it (however, [648]see this discussion + desktop in a separate Virtual Terminal (e.g. VT 8) (see [655]this FAQ + on VT's for background.) Unfortunately, this Fullscreen VT is not an X + server. So x11vnc cannot access it (however, [656]see this discussion of -rawfb for a possible workaround.) x11vnc works fine with "Normal X application window" and "Quick-Switch mode" because these use X. @@ -7446,7 +7604,7 @@ x11vnc access does work. One user reports he left his machine with VMWare in the Fullscreen - mode, and even though his X session wasn't in the active VC, he could + mode, and even though his X session wasn't in the active VT, he could still connect x11vnc to the X session and pass the keystrokes Ctrl-Alt (typing "blind") to the VMWare X app. This induced VMWare to switch out of Fullscreen into Normal X mode and he could continue working in @@ -7459,14 +7617,14 @@ improve response. One can also cut the display depth (e.g. to 16bpp) in this 2nd X session to improve video performance. This 2nd X session emulates Fullscreen mode to some degree and can be viewed via x11vnc - as long as the VMWare X session [649]is in the active VC. + as long as the VMWare X session [657]is in the active VT. Also note that with a little bit of playing with "xwininfo -all -children" output one can extract the (non-toplevel) window-id of the of the Guest desktop only when VMWare is running as a normal X application. Then one can export just the guest desktop (i.e. without - the VMWare menu buttons) by use of the [650]-id windowid option. The - caveats are the X session VMWare is in must be in the active VC and + the VMWare menu buttons) by use of the [658]-id windowid option. The + caveats are the X session VMWare is in must be in the active VT and the window must be fully visible, so this mode is not terribly convenient, but could be useful in some circumstances (e.g. running VMWare on a very powerful server machine in a server room that happens @@ -7477,14 +7635,14 @@ [Exporting non-X11 devices via VNC] - Q-110: Can non-X devices (e.g. a raw framebuffer) be viewed (and even + Q-111: Can non-X devices (e.g. a raw framebuffer) be viewed (and even controlled) via VNC with x11vnc? As of Apr/2005 there is support for this. Two options were added: - "[651]-rawfb string" (to indicate the raw frame buffer device, file, - etc. and its parameters) and "[652]-pipeinput command" (to provide an + "[659]-rawfb string" (to indicate the raw frame buffer device, file, + etc. and its parameters) and "[660]-pipeinput command" (to provide an external program that will inject or otherwise process mouse and - keystroke input.) Some useful [653]-pipeinput schemes, VID, CONSOLE, + keystroke input.) Some useful [661]-pipeinput schemes, VID, CONSOLE, and UINPUT, have since been built into x11vnc for convenience. This non-X mode for x11vnc is somewhat experimental because it is so @@ -7524,9 +7682,9 @@ access method.) Only use file if map isn't working. BTW, "mmap" is an alias for "map" and if you do not supply a type and the file exists, map is assumed (see the -help output and below for some exceptions to - this.) The "snap:" setting applies the [654]-snapfb option with + this.) The "snap:" setting applies the [662]-snapfb option with "file:" type reading (this is useful for exporting webcams or TV tuner - video; see [655]the next FAQ for more info.) + video; see [663]the next FAQ for more info.) Also, if the string is of the form "setup:cmd" then cmd is run and the first line of its output retrieved and used as the rawfb string. This @@ -7553,10 +7711,10 @@ viewable.) In general some guessing may be required, especially for the bpp. Update: in "-rawfb console" mode x11vnc will use the linuxfb API to try to guess (it is still not always accurate.) Also try - "-rawfb vtN" for the N-th Linux text console (aka virtual terminal.) - If the number of Bytes Per Line is not WxHxB/8 (i.e. the framebuffer - lines are padded) you can specify this information after WxHxB via - "-BPL", e.g. @800x600x16-2048 + "-rawfb vtN" (on x11vnc 0.9.7 and later) for the N-th Linux text + console (aka virtual terminal.) If the number of Bytes Per Line is not + WxHxB/8 (i.e. the framebuffer lines are padded) you can specify this + information after WxHxB via "-BPL", e.g. @800x600x16-2048 Based on the bpp x11vnc will try to guess the red, green, and blue masks (these indicate which bits correspond to each color.) It if gets @@ -7571,7 +7729,7 @@ screen to either shm or a mapped file. The format of these is XWD and so the initial header should be skipped. BTW, since XWD is not strictly RGB the view will only be approximate, but usable. Of course - for the case of Xvfb x11vnc can poll it much better via the [656]X + for the case of Xvfb x11vnc can poll it much better via the [664]X API, but you get the idea. By default in -rawfb mode x11vnc will actually close any X display it @@ -7602,13 +7760,13 @@ tty1-tty6), or X graphical display (usually starting at tty7.) In addition to the text console other graphical ones may be viewed and interacted with as well, e.g. DirectFB or SVGAlib apps, VMWare non-X - fullscreen, or [657]Qt-embedded apps (PDAs/Handhelds.) By default the + fullscreen, or [665]Qt-embedded apps (PDAs/Handhelds.) By default the pipeinput mechanisms UINPUT and CONSOLE (keystrokes only) are automatically attempted in this mode under "-rawfb console". The Video4Linux Capture device, /dev/video0, etc is either a Webcam or a TV capture device and needs to have its driver enabled in the - kernel. See [658]this FAQ for details. If specified via "-rawfb Video" + kernel. See [666]this FAQ for details. If specified via "-rawfb Video" then the pipeinput method "VID" is applied (it lets you change video parameters dynamically via keystrokes.) @@ -7616,10 +7774,10 @@ also useful in testing. - All of the above [659]-rawfb options are just for viewing the raw + All of the above [667]-rawfb options are just for viewing the raw framebuffer (although some of the aliases do imply keystroke and mouse pipeinput methods.) That may be enough for certain applications of - this feature (e.g. suppose a [660]video camera mapped its framebuffer + this feature (e.g. suppose a [668]video camera mapped its framebuffer into memory and you just wanted to look at it via VNC.) To handle the pointer and keyboard input from the viewer users the "-pipeinput cmd" option was added to indicate a helper program to @@ -7657,14 +7815,14 @@ keystrokes into the Linux console (e.g. the virtual consoles: /dev/tty1, /dev/tty2, etc) in x11vnc/misc/vcinject.pl. It is based on the vncterm/LinuxVNC.c program also in the libvncserver CVS. So to - view and interact with VC #2 (assuming it is the [661]active VC) one + view and interact with VT #2 (assuming it is the [669]active VT) one can run something like: x11vnc -rawfb map:/dev/fb0@1024x768x16 -pipeinput './vcinject.pl 2' This assumes your Linux framebuffer device (/dev/fb0) is properly configured. See fbset(8) and other documentation. Try "file:/dev/fb0@WxHxB" as a last resort. Starting with x11vnc 0.8.1, - the above VC injection is built in, as well as WxHxB determination. + the above VT injection is built in, as well as WxHxB determination. Just use something like: x11vnc -rawfb console @@ -7712,7 +7870,7 @@ better to use the more accurate and faster LinuxVNC program. The advantage x11vnc -rawfb might have is that it can allow interaction with a non-text application, e.g. one based on SVGAlib or - [662]Qt-embedded Also, for example the [663]VMWare Fullscreen mode is + [670]Qt-embedded Also, for example the [671]VMWare Fullscreen mode is actually viewable under -rawfb and can be interacted with if uinput is enabled. @@ -7729,7 +7887,7 @@ program that passes the framebuffer to libvncserver. - Q-111: Can I export the Linux Console (Virtual Terminals) via VNC + Q-112: Can I export the Linux Console (Virtual Terminals) via VNC using x11vnc? Yes, you may need to be root to access the devices that make up the @@ -7759,7 +7917,8 @@ Another mode is specific to the Linux text Virtual Terminals, it shows their text and colors (but no graphics) regardless of whether it is - the active VT or not. Enable this mode like this: + the active VT or not. It is available on x11vnc 0.9.7 and later. + Enable this mode like this: x11vnc -rawfb vt x11vnc -rawfb vt2 @@ -7773,12 +7932,12 @@ startx (or similar, e.g. gdm) in the virtual terminal. A 2nd x11vnc could be used to see if the X server is now working correctly. - Q-112: Can I export via VNC a Webcam or TV tuner framebuffer using + Q-113: Can I export via VNC a Webcam or TV tuner framebuffer using x11vnc? - Yes, this is possible to some degree with the [664]-rawfb option. + Yes, this is possible to some degree with the [672]-rawfb option. There is no X11 involved: snapshots from the video capture device are - used for the screen image data. See the [665]previous FAQ on -rawfb + used for the screen image data. See the [673]previous FAQ on -rawfb for background. For best results, use x11vnc version 0.8.1 or later. Roughly, one would do something like this: @@ -7790,7 +7949,7 @@ snapshot to a file that you point -rawfb to; ask me if it is not clear what to do.) - The "snap:" enforces [666]-snapfb mode which appears to be necessary. + The "snap:" enforces [674]-snapfb mode which appears to be necessary. The read pointer for video capture devices cannot be repositioned (which would be needed for scanline polling), but you can read a full frame of data from the device. @@ -7812,7 +7971,7 @@ Many video4linux drivers tend to set the framebuffer to be 24bpp (as opposed to 32bpp.) Since this can cause problems with VNC viewers, - etc, the [667]-24to32 option will be automatically imposed when in + etc, the [675]-24to32 option will be automatically imposed when in 24bpp. Note that by its very nature, video capture involves rapid change in @@ -7820,7 +7979,7 @@ wavering in brightness is always happening. This can lead to much network bandwidth consumption for the VNC traffic and also local CPU and I/O resource usage. You may want to experiment with "dialing down" - the framerate via the [668]-wait, [669]-slow_fb, or [670]-defer + the framerate via the [676]-wait, [677]-slow_fb, or [678]-defer options. Decreasing the window size and bpp also helps. @@ -7909,16 +8068,16 @@ format to HI240, RGB565, RGB24, RGB32, RGB555, and GREY respectively. See -rawfb video for details. - See also the [671]-freqtab option to supply your own xawtv channel to + See also the [679]-freqtab option to supply your own xawtv channel to frequency mappings for your country (only ntsc-cable-us is built into x11vnc.) - Q-113: Can I connect via VNC to a Qt-embedded/Qtopia application + Q-114: Can I connect via VNC to a Qt-embedded/Qtopia application running on my handheld or PC using the Linux console framebuffer (i.e. not X11)? - Yes, the basic method for this is the [672]-rawfb scheme where the + Yes, the basic method for this is the [680]-rawfb scheme where the Linux console framebuffer (usually /dev/fb0) is polled and the uinput driver is used to inject keystrokes and mouse input. Often you will just have to type: @@ -7931,7 +8090,7 @@ x11vnc -rawfb /dev/fb0@640x480x16 Also, to force usage of the uinput injection method use "-pipeinput - UINPUT". See the [673]-pipeinput description for tunable parameters, + UINPUT". See the [681]-pipeinput description for tunable parameters, etc. One problem with the x11vnc uinput scheme is that it cannot guess the @@ -7947,7 +8106,7 @@ Even with the correct acceleration setting there is still some drift (probably because of the mouse threshold where the acceleration kicks in) and so x11vnc needs to reposition the cursor from 0,0 about 5 - times a second. See the [674]-pipeinput UINPUT option for tuning + times a second. See the [682]-pipeinput UINPUT option for tuning parameters that can be set (there are some experimental thresh=N tuning parameters as well) @@ -7979,10 +8138,10 @@ not work. - Q-114: Now that non-X11 devices can be exported via VNC using x11vnc, + Q-115: Now that non-X11 devices can be exported via VNC using x11vnc, can I build it with no dependencies on X11 header files and libraries? - Yes, as of Jul/2006 x11vnc enables building for [675]-rawfb only + Yes, as of Jul/2006 x11vnc enables building for [683]-rawfb only support. Just do something like when building: ./configure --without-x (plus any other flags) make @@ -7993,16 +8152,16 @@ know what you did. - Q-115: Does x11vnc support Mac OS X Aqua/Quartz displays natively + Q-116: Does x11vnc support Mac OS X Aqua/Quartz displays natively (i.e. no X11 involved)? Yes, since Nov/2006 in the development tree (x11vnc-0.8.4 tarball) there is support for native Mac OS X Aqua/Quartz displays using the - [676]-rawfb mechanism described above. The mouse and keyboard input is + [684]-rawfb mechanism described above. The mouse and keyboard input is achieved via Mac OS X API's. - So you can use x11vnc as an alternative to [677]OSXvnc (aka Vine - Server), or [678]Apple Remote Desktop (ARD). Perhaps there is some + So you can use x11vnc as an alternative to [685]OSXvnc (aka Vine + Server), or [686]Apple Remote Desktop (ARD). Perhaps there is some x11vnc feature you'd like to use on Mac OS X, etc. For a number of activities (e.g. window drags) it seems to be faster than OSXvnc. @@ -8012,7 +8171,7 @@ (XDarwin) running on Mac OS X (people often install this software to display remote X11 apps on their Mac OS X system, or use some old favorites locally such as xterm.) However in this case x11vnc will - only work reasonably in single window [679]-id windowid mode (and the + only work reasonably in single window [687]-id windowid mode (and the window may need to have mouse focus.) If you do not have the DISPLAY env. variable set, x11vnc will assume @@ -8030,9 +8189,9 @@ ./configure --without-x make - Win2VNC/x2vnc: One handy use is to use the [680]-nofb mode to + Win2VNC/x2vnc: One handy use is to use the [688]-nofb mode to redirect mouse and keyboard input to a nearby Mac (i.e. one to the - side of your desk) via [681]x2vnc or Win2VNC. See [682]this FAQ for + side of your desk) via [689]x2vnc or Win2VNC. See [690]this FAQ for more info. Options: Here are the Mac OS X specific x11vnc options: @@ -8102,17 +8261,17 @@ command for you.) Then once you are connected via VNC, iconify the Terminal windows (you can't delete them since that will kill x11vnc.) - Q-116: Can x11vnc be used as a VNC reflector/repeater to improve + Q-117: Can x11vnc be used as a VNC reflector/repeater to improve performance for the case of a large number of simultaneous VNC viewers (e.g. classroom broadcasting or a large demo)? - Yes, as of Feb/2007 there is the "[683]-reflect host:N" option to + Yes, as of Feb/2007 there is the "[691]-reflect host:N" option to connect to the VNC server "host:N" (either another x11vnc or any other VNC server) and re-export it. VNC viewers then connect to the x11vnc(s) running -reflect. The -reflect option is the same as: "-rawfb vnc:host:N". See the - [684]-rawfb description under "VNC HOST" for more details. + [692]-rawfb description under "VNC HOST" for more details. You can replace "host:N" with "listen" or "listen:port" for reverse connections. @@ -8173,18 +8332,18 @@ re-exports via VNC to its clients C.) However, CopyRect and CursorShape encodings are preserved in the reflection and that helps. Dragging windows with the mouse can be a problem (especially if S is - not doing wireframing somehow, consider [685]-nodragging if the + not doing wireframing somehow, consider [693]-nodragging if the problem is severe) For a really fast reflector/repeater it would have to be implemented from scratch with performance in mind. See these other projects: - [686]http://sourceforge.net/projects/vnc-reflector/, - [687]http://www.tightvnc.com/projector/ (closed source?), + [694]http://sourceforge.net/projects/vnc-reflector/, + [695]http://www.tightvnc.com/projector/ (closed source?), Automation via Reverse Connections: Instead of having the R's connect directly to S and then the C's connect directly to the R they should use, some convenience can be achieved by using reverse - connections (the x11vnc "[688]"-connect host1,host2,..." option.) + connections (the x11vnc "[696]"-connect host1,host2,..." option.) Suppose all the clients "C" are started up in Listen mode: client1> vncviewer -listen client2> vncviewer -listen @@ -8211,7 +8370,7 @@ us know what you did. A really nice thing would be some sort of auto-discovery of your repeater, etc... - Q-117: Can x11vnc be used during a Linux, Solaris, etc. system + Q-118: Can x11vnc be used during a Linux, Solaris, etc. system Installation so the Installation can be done remotely? This can be done, but it doesn't always work because it depends on how @@ -8243,7 +8402,7 @@ If the Solaris install is an older X-based one, there will be a menu for you to get a terminal window. From that window you might be able to retrieve x11vnc.static via wget, scp, or ftp. Remember to do "chmod - 755 ./x11vnc.static" and then find the -auth file as in [689]this FAQ. + 755 ./x11vnc.static" and then find the -auth file as in [697]this FAQ. If it is a Linux install that uses an X server (e.g. SuSE and probably Fedora), then you can often get a shell by pressing Ctrl-Alt-F2 or @@ -8252,7 +8411,7 @@ wget http://192.168.0.22/x11vnc.static chmod 755 ./x11vnc.static - Find the name of the auth file as in [690]this FAQ. (maybe run "ps + Find the name of the auth file as in [698]this FAQ. (maybe run "ps wwwwaux | grep auth".) Then run it like this: ./x11vnc.static -forever -nopw -display :0 -auth /tmp/wherever/the/authfile @@ -8261,7 +8420,7 @@ the display being :1, etc. If there is a firewall blocking incoming connections during the - install, use the [691]"-connect hostname" option option for a reverse + install, use the [699]"-connect hostname" option option for a reverse connection to the hostname running the VNC viewer in listen mode. Debian based installs are either console-text or console-framebuffer @@ -8304,36 +8463,73 @@ [Misc: Clipboard, File Transfer/Sharing, Printing, Sound, Beeps, Thanks, etc.] - Q-118: Does the Clipboard/Selection get transferred between the + Q-119: Does the Clipboard/Selection get transferred between the vncviewer and the X display? - As of Jan/2004 x11vnc supports the "CutText" part of the rfb protocol. - Furthermore, x11vnc is able to hold the PRIMARY and CLIPBOARD - selection (Xvnc does not seem to do this.) If you don't want the - Clipboard/Selection exchanged use the [692]-nosel option. If you don't - want the PRIMARY selection to be polled for changes use the - [693]-noprimary option. (with a similar thing for CLIPBOARD.) You can - also fine-tune it a bit with the [694]-seldir dir option and also - [695]-input. + As of Jan/2004 x11vnc supports the "CutText" part of the RFB (aka VNC) + protocol. When text is selected/copied in the X session that x11vnc is + polling it will be sent to connected VNC viewers. And when CutText is + received from a VNC viewer then x11vnc will set the X11 selections + PRIMARY, CLIPBOARD, and CUTBUFFER0 to it. x11vnc is able to hold the + PRIMARY and CLIPBOARD selections (Xvnc does not seem to do this.) + + The X11 selections can be confusing, especially to those coming from + Windows or MacOSX where there is just a single 'Clipboard'. The X11 + CLIPBOARD selection is a lot like that of Windows and MacOSX, e.g. + highlighted text is sent to the clipboard when the user activates + "Edit -> Copy" or presses "Control+C" (and pasting it via "Edit -> + Paste" or "Control+V".) The X11 PRIMARY selection has been described + as 'for power users' or 'an Easter Egg'. As soon as text is + highlighted it is set to the PRIMARY selection and so it is + immediately ready for pasting, usually via the Middle Mouse Button or + "Shift+Insert". See [700]this jwz link for more information. + + x11vnc's default behavior is to watch both CLIPBOARD and PRIMARY and + whenever one of them changes, it sends the new text to connected + viewers. Note that since the RFB protocol only has a single "CutText" + then both selections are "merged" to some degree (and this can lead to + confusing results.) One user was confused why x11vnc was "forgetting" + his CLIPBOARD selection and the reason was he also changed PRIMARY + some time after he copied text to the clipboard. Usually an app will + set PRIMARY as soon as any text is highlighted so it easy to see how + CLIPBOARD was forgotten. Use the -noprimary described below as a + workaround. Similarly, by default when x11vnc receives CutText it sets + both CLIPBOARD and PRIMARY to it (this is probably less confusing, but + could possibly lead to some failure modes as well.) + + You may not like these defaults. Here are ways to change the behavior: + * If you don't want the Clipboard/Selection exchanged at all use the + [701]-nosel option. + * If you want changes in PRIMARY to be ignored use the + [702]-noprimary option. + * If you want changes in CLIPBOARD to be ignored use the + [703]-noclipboard option. + * If you don't want x11vnc to set PRIMARY to the "CutText" received + from viewers use the [704]-nosetprimary option. + * If you don't want x11vnc to set CLIPBOARD to the "CutText" + received from viewers use the [705]-nosetclipboard option. + + You can also fine-tune it a bit with the [706]-seldir dir option and + also [707]-input. You may need to watch out for desktop utilities such as KDE's "Klipper" that do odd things with the selection, clipboard, and cutbuffers. - Q-119: Can I use x11vnc to record a Shock Wave Flash (or other format) + Q-120: Can I use x11vnc to record a Shock Wave Flash (or other format) video of my desktop, e.g. to record a tutorial or demo? Yes, it is possible with a number of tools that record VNC and transform it to swf format or others. One such popular tool is - [696]pyvnc2swf. There are a number of [697]tutorials (broken link?) on + [708]pyvnc2swf. There are a number of [709]tutorials (broken link?) on how to do this. Another option is to use the vnc2mpg that comes in the LibVNCServer package. An important thing to remember when doing this is that tuning parameters should be applied to x11vnc to speed up its polling for this sort of application, e.g. "-wait 10 -defer 10". - Q-120: Can I transfer files back and forth with x11vnc? + Q-121: Can I transfer files back and forth with x11vnc? As of Oct/2005 and May/2006 x11vnc enables, respectively, the TightVNC and UltraVNC file transfer implementations that were added to @@ -8341,11 +8537,11 @@ (and Windows viewers only support filetransfer it appears... but they do work to some degree under Wine on Linux.) - The [698]SSVNC Unix VNC viewer supports UltraVNC file transfer by use + The [710]SSVNC Unix VNC viewer supports UltraVNC file transfer by use of a Java helper program. TightVNC file transfer is off by default, if you want to enable it use - the [699]-tightfilexfer option. + the [711]-tightfilexfer option. UltraVNC file transfer is off by default, to enable it use something like "-rfbversion 3.6 -permitfiletransfer" @@ -8368,7 +8564,7 @@ IMPORTANT: please understand if -ultrafilexfer or -tightfilexfer is specified and you run x11vnc as root for, say, inetd or display manager (gdm, kdm, ...) access and you do not have it switch users via - the [700]-users option, then VNC Viewers that connect are able to do + the [712]-users option, then VNC Viewers that connect are able to do filetransfer reads and writes as *root*. The UltraVNC and TightVNC settings can be toggled on and off inside @@ -8381,13 +8577,13 @@ control you will probably be foiled by the "-rfbversion 3.6" issue. - Q-121: Which UltraVNC extensions are supported? + Q-122: Which UltraVNC extensions are supported? Some of them are supported. To get UltraVNC Viewers to attempt to use these extensions you will need to supply this option to x11vnc: -rfbversion 3.6 - Or use [701]-ultrafilexfer which is an alias for the above option and + Or use [713]-ultrafilexfer which is an alias for the above option and "-permitfiletransfer". UltraVNC evidently treats any other RFB version number as non-UltraVNC. @@ -8399,30 +8595,31 @@ * 1/n Server Scaling * rfbEncodingUltra compression encoding - The [702]SSVNC Unix VNC viewer supports these UltraVNC extensions. + The [714]SSVNC Unix VNC viewer supports these UltraVNC extensions. - To disable SingleWindow and ServerInput use [703]-noultraext (the + To disable SingleWindow and ServerInput use [715]-noultraext (the others are managed by LibVNCServer.) See this option too: - [704]-noserverdpms. + [716]-noserverdpms. - Also, the [705]UltraVNC repeater proxy is supported for use with - reverse connections: "[706]-connect repeater://host:port+ID:NNNN". Use + Also, the [717]UltraVNC repeater proxy is supported for use with + reverse connections: "[718]-connect repeater://host:port+ID:NNNN". Use it for both plaintext and SSL connections. This mode can send any string before switching to the VNC protocol, and so could be used with - other proxy/gateway tools. + other proxy/gateway tools. Also, a perl repeater implemention is here: + [719]ultravnc_repeater.pl - Q-122: Can x11vnc emulate UltraVNC's Single Click helpdesk mode for + Q-123: Can x11vnc emulate UltraVNC's Single Click helpdesk mode for Unix? I.e. something very simple for a naive user to initiate a reverse vnc connection from their Unix desktop to a helpdesk operator's VNC Viewer. - Yes, UltraVNC's [707]Single Click (SC) mode can be emulated fairly + Yes, UltraVNC's [720]Single Click (SC) mode can be emulated fairly well on Unix. We use the term "helpdesk" below, but it could be any sort of remote assistance you want to set up, e.g. something for Unix-using friends - or family to use. This includes [708]Mac OS X. + or family to use. This includes [721]Mac OS X. Assume you create a helpdesk directory "hd" on your website: http://www.mysite.com/hd (any website that you can upload files to @@ -8478,7 +8675,7 @@ So I guess this is about 3-4 clicks (start a terminal and paste) and pressing "Enter" instead of "single click"... - See [709]this page for some variations on this method, e.g. how to add + See [722]this page for some variations on this method, e.g. how to add a password, SSL Certificates, etc. @@ -8490,11 +8687,11 @@ A bit of obscurity security could be put in with a -passwd, -rfbauth options, etc. (note that x11vnc will require a password even for - reverse connections.) More info [710]here. + reverse connections.) More info [723]here. Firewalls: If the helpdesk (you) with the vncviewer is behind a - NAT/Firewall/Router the [711]router will have to be configured to + NAT/Firewall/Router the [724]router will have to be configured to redirect a port (i.e. 5500 or maybe different one if you like) to the vncviewer machine. If the vncviewer machine also has its own host-level firewall, you will have to open up the port there as well. @@ -8504,7 +8701,7 @@ configuring a router to do a port redirection (i.e. on your side, the HelpDesk.) To avoid modifying either firewall/router, one would need some public (IP address reachable on the internet) redirection/proxy - service. Perhaps such a thing exists. [712]http://sc.uvnc.com provides + service. Perhaps such a thing exists. [725]http://sc.uvnc.com provides this service for their UltraVNC Single Click users. @@ -8540,7 +8737,7 @@ As of Apr/2007 x11vnc supports reverse connections in SSL and so we can do this. On the Helpdesk side (Viewer) you will need STUNNEL or - better use the [713]Enhanced TightVNC Viewer (SSVNC) package we + better use the [726]Enhanced TightVNC Viewer (SSVNC) package we provide that automates all of the SSL for you. To do this create a file named "vncs" in the website "hd" directory @@ -8570,11 +8767,11 @@ with the hostnames or IP addresses customized to your case. - The only change from the "vnc" above is the addition of the [714]-ssl + The only change from the "vnc" above is the addition of the [727]-ssl option to x11vnc. This will create a temporary SSL cert: openssl(1) will need to be installed on the user's end. A fixed SSL cert file could be used to avoid this (and provide some authentication; more - info [715]here.) + info [728]here.) The naive user will be doing this: wget -qO - http://www.mysite.com/hd/vncs | sh - @@ -8583,7 +8780,7 @@ But before that, the helpdesk operator needs to have "vncviewer -listen" running as before, however he needs an SSL tunnel at his end. - The easiest way to do this is use [716]Enhanced TightVNC Viewer + The easiest way to do this is use [729]Enhanced TightVNC Viewer (SSVNC). Start it, and select Options -> 'Reverse VNC Connection (-listen)'. Then UN-select 'Verify All Certs' (this can be enabled later if you want; you'll need the x11vnc SSL certificate), and click @@ -8613,7 +8810,7 @@ answer the prompts with whatever you want; you can take the default for all of them if you like. The openssl(1) package must be installed. - See [717]this link and [718]this one too for more info on SSL certs. + See [730]this link and [731]this one too for more info on SSL certs. This creates $HOME/.vnc/certs/server-self:mystunnel.pem, then you would change the "stunnel.cfg" to look something like: foreground = yes @@ -8634,7 +8831,7 @@ then all bets are off!. More SSL variations and info about certificates can be found - [719]here. + [732]here. OpenSSL libssl.so.0.9.7 problems: @@ -8644,16 +8841,16 @@ distros are currently a bit of a mess regarding which version of libssl is installed. - You will find the [720]details here. + You will find the [733]details here. - Q-123: Can I (temporarily) mount my local (viewer-side) Windows/Samba + Q-124: Can I (temporarily) mount my local (viewer-side) Windows/Samba File share on the machine where x11vnc is running? You will have to use an external network redirection for this. Filesystem mounting is not part of the VNC protocol. - We show a simple [721]Samba example here. + We show a simple [734]Samba example here. First you will need a tunnel to redirect the SMB requests from the remote machine to the one you sitting at. We use an ssh tunnel: @@ -8693,17 +8890,17 @@ far-away> smbumount /home/fred/smb-haystack-pub At some point we hope to fold some automation for SMB ssh redir setup - into the [722]Enhanced TightVNC Viewer (SSVNC) package we provide (as + into the [735]Enhanced TightVNC Viewer (SSVNC) package we provide (as of Sep 2006 it is there for testing.) - Q-124: Can I redirect CUPS print jobs from the remote desktop where + Q-125: Can I redirect CUPS print jobs from the remote desktop where x11vnc is running to a printer on my local (viewer-side) machine? You will have to use an external network redirection for this. Printing is not part of the VNC protocol. - We show a simple Unix to Unix [723]CUPS example here. Non-CUPS port + We show a simple Unix to Unix [736]CUPS example here. Non-CUPS port redirections (e.g. LPD) should also be possible, but may be a bit more tricky. If you are viewing on Windows SMB and don't have a local cups server it may be trickier still (see below.) @@ -8785,11 +8982,11 @@ "localhost". At some point we hope to fold some automation for CUPS ssh redir setup - into the [724]Enhanced TightVNC Viewer (SSVNC) package we provide (as + into the [737]Enhanced TightVNC Viewer (SSVNC) package we provide (as of Sep 2006 it is there for testing.) - Q-125: How can I hear the sound (audio) from the remote applications + Q-126: How can I hear the sound (audio) from the remote applications on the desktop I am viewing via x11vnc? You will have to use an external network audio mechanism for this. @@ -8886,11 +9083,11 @@ the applications will fail to run because LD_PRELOAD will point to libraries of the wrong wordsize. * At some point we hope to fold some automation for esd or artsd ssh - redir setup into the [725]Enhanced TightVNC Viewer (SSVNC) package + redir setup into the [738]Enhanced TightVNC Viewer (SSVNC) package we provide (as of Sep/2006 it is there for testing.) - Q-126: Why don't I hear the "Beeps" in my X session (e.g. when typing + Q-127: Why don't I hear the "Beeps" in my X session (e.g. when typing tput bel in an xterm)? As of Dec/2003 "Beep" XBell events are tracked by default. The X @@ -8898,14 +9095,14 @@ in Solaris, see Xserver(1) for how to turn it on via +kb), and so you won't hear them if the extension is not present. - If you don't want to hear the beeps use the [726]-nobell option. If + If you don't want to hear the beeps use the [739]-nobell option. If you want to hear the audio from the remote applications, consider - trying a [727]redirector such as esd. + trying a [740]redirector such as esd. - Q-127: Does x11vnc work with IPv6? + Q-128: Does x11vnc work with IPv6? - Currently the only way to do this is via [728]inetd. You configure + Currently the only way to do this is via [741]inetd. You configure x11vnc to be run from inetd or xinetd and instruct it to listen on an IPv6 address. For xinetd the setting "flags = IPv6" will be needed. @@ -8914,7 +9111,7 @@ connection.) Some sort of ipv4-to-ipv6 redirector tool (perhaps even a perl script) could be useful to avoid this. - Also note that not all VNC Viewers are [729]IPv6 enabled, so a + Also note that not all VNC Viewers are [742]IPv6 enabled, so a redirector could even be needed on the client side. @@ -8922,7 +9119,7 @@ Contributions: - Q-128: Thanks for your program and for your help! Can I make a + Q-129: Thanks for your program or for your help! Can I make a donation? Please do (any amount is appreciated; very few have donated) and thank @@ -8951,716 +9148,729 @@ 17. http://www.karlrunge.com/x11vnc/faq.html#faq-tight139 18. http://www.karlrunge.com/x11vnc/faq.html#faq-krdcprob 19. http://www.karlrunge.com/x11vnc/faq.html#faq-tru64-crash - 20. http://www.karlrunge.com/x11vnc/faq.html#faq-build-customizations - 21. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc - 22. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc-8bpp - 23. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx-nofb - 24. http://www.karlrunge.com/x11vnc/faq.html#faq-8bpp - 25. http://www.karlrunge.com/x11vnc/faq.html#faq-overlays - 26. http://www.karlrunge.com/x11vnc/faq.html#faq-directcolor - 27. http://www.karlrunge.com/x11vnc/faq.html#faq-windowid - 28. http://www.karlrunge.com/x11vnc/faq.html#faq-transients-id - 29. http://www.karlrunge.com/x11vnc/faq.html#faq-24bpp - 30. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm - 31. http://www.karlrunge.com/x11vnc/faq.html#faq-xterminal-xauth - 32. http://www.karlrunge.com/x11vnc/faq.html#faq-sunrays - 33. http://www.karlrunge.com/x11vnc/faq.html#faq-stop-bg - 34. http://www.karlrunge.com/x11vnc/faq.html#faq-remote_control - 35. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd - 36. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd-noecho - 37. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile - 38. http://www.karlrunge.com/x11vnc/faq.html#faq-multipasswd - 39. http://www.karlrunge.com/x11vnc/faq.html#faq-unix-passwords - 40. http://www.karlrunge.com/x11vnc/faq.html#faq-custom-passwords - 41. http://www.karlrunge.com/x11vnc/faq.html#faq-forever-shared - 42. http://www.karlrunge.com/x11vnc/faq.html#faq-allow-opt - 43. http://www.karlrunge.com/x11vnc/faq.html#faq-tcp_wrappers - 44. http://www.karlrunge.com/x11vnc/faq.html#faq-listen-interface - 45. http://www.karlrunge.com/x11vnc/faq.html#faq-listen-localhost - 46. http://www.karlrunge.com/x11vnc/faq.html#faq-input-opt - 47. http://www.karlrunge.com/x11vnc/faq.html#faq-accept-opt - 48. http://www.karlrunge.com/x11vnc/faq.html#faq-users-opt - 49. http://www.karlrunge.com/x11vnc/faq.html#faq-blockdpy - 50. http://www.karlrunge.com/x11vnc/faq.html#faq-gone-lock - 51. http://www.karlrunge.com/x11vnc/faq.html#faq-ssh-unix - 52. http://www.karlrunge.com/x11vnc/faq.html#faq-ssh-putty - 53. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext - 54. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int - 55. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 56. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy - 57. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal - 58. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-ca - 59. http://www.karlrunge.com/x11vnc/faq.html#faq-service - 60. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager - 61. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 62. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi - 63. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin - 64. http://www.karlrunge.com/x11vnc/faq.html#faq-loop - 65. http://www.karlrunge.com/x11vnc/faq.html#faq-java-http - 66. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect - 67. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect-proxy - 68. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb - 69. http://www.karlrunge.com/x11vnc/faq.html#faq-headless - 70. http://www.karlrunge.com/x11vnc/faq.html#faq-solshm - 71. http://www.karlrunge.com/x11vnc/faq.html#faq-less-resource - 72. http://www.karlrunge.com/x11vnc/faq.html#faq-more-resource - 73. http://www.karlrunge.com/x11vnc/faq.html#faq-slow-link - 74. http://www.karlrunge.com/x11vnc/faq.html#faq-xdamage - 75. http://www.karlrunge.com/x11vnc/faq.html#faq-xdamage-opengl - 76. http://www.karlrunge.com/x11vnc/faq.html#faq-pointer-mode - 77. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe - 78. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollcopyrect - 79. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching - 80. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc - 81. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-shape - 82. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha - 83. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks - 84. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-arrow - 85. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-positions - 86. http://www.karlrunge.com/x11vnc/faq.html#faq-buttonmap-opt - 87. http://www.karlrunge.com/x11vnc/faq.html#faq-altgr - 88. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless - 89. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless-sloppy - 90. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak - 91. http://www.karlrunge.com/x11vnc/faq.html#faq-repeated-keys - 92. http://www.karlrunge.com/x11vnc/faq.html#faq-repeated-keys-still - 93. http://www.karlrunge.com/x11vnc/faq.html#faq-mod-stuck-down - 94. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-opt - 95. http://www.karlrunge.com/x11vnc/faq.html#faq-sun-alt-meta - 96. http://www.karlrunge.com/x11vnc/faq.html#faq-hpux-multi-key - 97. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-button-click - 98. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-capslock - 99. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollbars - 100. http://www.karlrunge.com/x11vnc/faq.html#faq-scaling - 101. http://www.karlrunge.com/x11vnc/faq.html#faq-xinerama - 102. http://www.karlrunge.com/x11vnc/faq.html#faq-multi-screen - 103. http://www.karlrunge.com/x11vnc/faq.html#faq-clip-screen - 104. http://www.karlrunge.com/x11vnc/faq.html#faq-xrandr - 105. http://www.karlrunge.com/x11vnc/faq.html#faq-rotate - 106. http://www.karlrunge.com/x11vnc/faq.html#faq-black-screen - 107. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 108. http://www.karlrunge.com/x11vnc/faq.html#faq-hidden-taskbars - 109. http://www.karlrunge.com/x11vnc/faq.html#faq-kde-screensaver - 110. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl - 111. http://www.karlrunge.com/x11vnc/faq.html#faq-vmware - 112. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb - 113. http://www.karlrunge.com/x11vnc/faq.html#faq-linux-vt - 114. http://www.karlrunge.com/x11vnc/faq.html#faq-video - 115. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded - 116. http://www.karlrunge.com/x11vnc/faq.html#faq-no-x11 - 117. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx - 118. http://www.karlrunge.com/x11vnc/faq.html#faq-reflect - 119. http://www.karlrunge.com/x11vnc/faq.html#faq-os-install - 120. http://www.karlrunge.com/x11vnc/faq.html#faq-clipboard - 121. http://www.karlrunge.com/x11vnc/faq.html#faq-record-swf - 122. http://www.karlrunge.com/x11vnc/faq.html#faq-filexfer - 123. http://www.karlrunge.com/x11vnc/faq.html#faq-ultravnc - 124. http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick - 125. http://www.karlrunge.com/x11vnc/faq.html#faq-smb-shares - 126. http://www.karlrunge.com/x11vnc/faq.html#faq-cups - 127. http://www.karlrunge.com/x11vnc/faq.html#faq-sound - 128. http://www.karlrunge.com/x11vnc/faq.html#faq-beeps - 129. http://www.karlrunge.com/x11vnc/faq.html#faq-ipv6 - 130. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks - 131. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display - 132. http://www.tldp.org/HOWTO/Remote-X-Apps.html - 133. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 134. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager - 135. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 136. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 137. http://www.karlrunge.com/x11vnc/index.html#firewalls - 138. http://www.karlrunge.com/x11vnc/miscbuild.html - 139. http://www.karlrunge.com/x11vnc/faq.html#infaq_libssl-problems - 140. http://www.karlrunge.com/x11vnc/index.html#solarisbuilding - 141. http://www.karlrunge.com/x11vnc/x11vnc_sunos4.html - 142. http://www.karlrunge.com/x11vnc/index.html#building - 143. http://www.karlrunge.com/x11vnc/faq.html#faq-build - 144. http://www.linuxpackages.net/search_view.php?by=name&name=x11vnc - 145. http://software.opensuse.org/search?baseproject=openSUSE%3A11.1&p=1&q=x11vnc - 146. http://gentoo-wiki.com/HOWTO_Use_VNC_to_connect_to_existing_X_Sessions - 147. http://gentoo-portage.com/x11-misc/x11vnc - 148. http://www.freebsd.org/cgi/ports.cgi?query=x11vnc&stype=all - 149. http://www.freshports.org/net/x11vnc - 150. http://pkgsrc.se/x11/x11vnc - 151. http://openports.se/x11/x11vnc - 152. http://www.archlinux.org/packages/search/?q=x11vnc - 153. http://mike.saunby.googlepages.com/ - 154. http://www.focv.com/ipkg/ - 155. http://packages.sw.be/x11vnc/ - 156. http://dag.wieers.com/rpm/packages/x11vnc/ - 157. http://packages.debian.org/x11vnc - 158. http://www.sunfreeware.com/ - 159. http://www.karlrunge.com/x11vnc/bins - 160. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir - 161. http://www.tightvnc.com/download.html - 162. http://www.realvnc.com/products/free/4.1/download.html - 163. http://sourceforge.net/projects/cotvnc/ - 164. http://www.ultravnc.com/ - 165. http://www.karlrunge.com/x11vnc/ssvnc.html - 166. http://www.karlrunge.com/x11vnc/x11vnc_opts.html - 167. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui - 168. http://www.karlrunge.com/x11vnc/faq.html#faq-gui-tray - 169. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui + 20. http://www.karlrunge.com/x11vnc/faq.html#faq-aix-freeze + 21. http://www.karlrunge.com/x11vnc/faq.html#faq-build-customizations + 22. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc + 23. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc-8bpp + 24. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx-nofb + 25. http://www.karlrunge.com/x11vnc/faq.html#faq-8bpp + 26. http://www.karlrunge.com/x11vnc/faq.html#faq-overlays + 27. http://www.karlrunge.com/x11vnc/faq.html#faq-directcolor + 28. http://www.karlrunge.com/x11vnc/faq.html#faq-windowid + 29. http://www.karlrunge.com/x11vnc/faq.html#faq-transients-id + 30. http://www.karlrunge.com/x11vnc/faq.html#faq-24bpp + 31. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm + 32. http://www.karlrunge.com/x11vnc/faq.html#faq-xterminal-xauth + 33. http://www.karlrunge.com/x11vnc/faq.html#faq-sunrays + 34. http://www.karlrunge.com/x11vnc/faq.html#faq-stop-bg + 35. http://www.karlrunge.com/x11vnc/faq.html#faq-remote_control + 36. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd + 37. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd-noecho + 38. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile + 39. http://www.karlrunge.com/x11vnc/faq.html#faq-multipasswd + 40. http://www.karlrunge.com/x11vnc/faq.html#faq-unix-passwords + 41. http://www.karlrunge.com/x11vnc/faq.html#faq-custom-passwords + 42. http://www.karlrunge.com/x11vnc/faq.html#faq-forever-shared + 43. http://www.karlrunge.com/x11vnc/faq.html#faq-allow-opt + 44. http://www.karlrunge.com/x11vnc/faq.html#faq-tcp_wrappers + 45. http://www.karlrunge.com/x11vnc/faq.html#faq-listen-interface + 46. http://www.karlrunge.com/x11vnc/faq.html#faq-listen-localhost + 47. http://www.karlrunge.com/x11vnc/faq.html#faq-input-opt + 48. http://www.karlrunge.com/x11vnc/faq.html#faq-accept-opt + 49. http://www.karlrunge.com/x11vnc/faq.html#faq-users-opt + 50. http://www.karlrunge.com/x11vnc/faq.html#faq-blockdpy + 51. http://www.karlrunge.com/x11vnc/faq.html#faq-gone-lock + 52. http://www.karlrunge.com/x11vnc/faq.html#faq-ssh-unix + 53. http://www.karlrunge.com/x11vnc/faq.html#faq-ssh-putty + 54. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext + 55. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int + 56. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers + 57. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy + 58. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal + 59. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-ca + 60. http://www.karlrunge.com/x11vnc/faq.html#faq-service + 61. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager + 62. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd + 63. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi + 64. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin + 65. http://www.karlrunge.com/x11vnc/faq.html#faq-loop + 66. http://www.karlrunge.com/x11vnc/faq.html#faq-java-http + 67. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect + 68. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect-proxy + 69. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb + 70. http://www.karlrunge.com/x11vnc/faq.html#faq-headless + 71. http://www.karlrunge.com/x11vnc/faq.html#faq-solshm + 72. http://www.karlrunge.com/x11vnc/faq.html#faq-less-resource + 73. http://www.karlrunge.com/x11vnc/faq.html#faq-more-resource + 74. http://www.karlrunge.com/x11vnc/faq.html#faq-slow-link + 75. http://www.karlrunge.com/x11vnc/faq.html#faq-xdamage + 76. http://www.karlrunge.com/x11vnc/faq.html#faq-xdamage-opengl + 77. http://www.karlrunge.com/x11vnc/faq.html#faq-pointer-mode + 78. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe + 79. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollcopyrect + 80. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching + 81. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc + 82. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-shape + 83. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha + 84. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks + 85. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-arrow + 86. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-positions + 87. http://www.karlrunge.com/x11vnc/faq.html#faq-buttonmap-opt + 88. http://www.karlrunge.com/x11vnc/faq.html#faq-altgr + 89. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless + 90. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless-sloppy + 91. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak + 92. http://www.karlrunge.com/x11vnc/faq.html#faq-repeated-keys + 93. http://www.karlrunge.com/x11vnc/faq.html#faq-repeated-keys-still + 94. http://www.karlrunge.com/x11vnc/faq.html#faq-mod-stuck-down + 95. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-opt + 96. http://www.karlrunge.com/x11vnc/faq.html#faq-sun-alt-meta + 97. http://www.karlrunge.com/x11vnc/faq.html#faq-hpux-multi-key + 98. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-button-click + 99. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-capslock + 100. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollbars + 101. http://www.karlrunge.com/x11vnc/faq.html#faq-scaling + 102. http://www.karlrunge.com/x11vnc/faq.html#faq-xinerama + 103. http://www.karlrunge.com/x11vnc/faq.html#faq-multi-screen + 104. http://www.karlrunge.com/x11vnc/faq.html#faq-clip-screen + 105. http://www.karlrunge.com/x11vnc/faq.html#faq-xrandr + 106. http://www.karlrunge.com/x11vnc/faq.html#faq-rotate + 107. http://www.karlrunge.com/x11vnc/faq.html#faq-black-screen + 108. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc + 109. http://www.karlrunge.com/x11vnc/faq.html#faq-hidden-taskbars + 110. http://www.karlrunge.com/x11vnc/faq.html#faq-kde-screensaver + 111. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl + 112. http://www.karlrunge.com/x11vnc/faq.html#faq-vmware + 113. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb + 114. http://www.karlrunge.com/x11vnc/faq.html#faq-linux-vt + 115. http://www.karlrunge.com/x11vnc/faq.html#faq-video + 116. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded + 117. http://www.karlrunge.com/x11vnc/faq.html#faq-no-x11 + 118. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx + 119. http://www.karlrunge.com/x11vnc/faq.html#faq-reflect + 120. http://www.karlrunge.com/x11vnc/faq.html#faq-os-install + 121. http://www.karlrunge.com/x11vnc/faq.html#faq-clipboard + 122. http://www.karlrunge.com/x11vnc/faq.html#faq-record-swf + 123. http://www.karlrunge.com/x11vnc/faq.html#faq-filexfer + 124. http://www.karlrunge.com/x11vnc/faq.html#faq-ultravnc + 125. http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick + 126. http://www.karlrunge.com/x11vnc/faq.html#faq-smb-shares + 127. http://www.karlrunge.com/x11vnc/faq.html#faq-cups + 128. http://www.karlrunge.com/x11vnc/faq.html#faq-sound + 129. http://www.karlrunge.com/x11vnc/faq.html#faq-beeps + 130. http://www.karlrunge.com/x11vnc/faq.html#faq-ipv6 + 131. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks + 132. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display + 133. http://www.tldp.org/HOWTO/Remote-X-Apps.html + 134. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth + 135. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager + 136. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 137. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users + 138. http://www.karlrunge.com/x11vnc/index.html#firewalls + 139. http://www.karlrunge.com/x11vnc/miscbuild.html + 140. http://www.karlrunge.com/x11vnc/faq.html#infaq_libssl-problems + 141. http://www.karlrunge.com/x11vnc/index.html#solarisbuilding + 142. http://www.karlrunge.com/x11vnc/x11vnc_sunos4.html + 143. http://www.karlrunge.com/x11vnc/index.html#building + 144. http://www.karlrunge.com/x11vnc/faq.html#faq-build + 145. http://www.linuxpackages.net/search_view.php?by=name&name=x11vnc + 146. http://software.opensuse.org/search?baseproject=openSUSE%3A11.1&p=1&q=x11vnc + 147. http://gentoo-wiki.com/HOWTO_Use_VNC_to_connect_to_existing_X_Sessions + 148. http://gentoo-portage.com/x11-misc/x11vnc + 149. http://www.freebsd.org/cgi/ports.cgi?query=x11vnc&stype=all + 150. http://www.freshports.org/net/x11vnc + 151. http://pkgsrc.se/x11/x11vnc + 152. http://openports.se/x11/x11vnc + 153. http://www.archlinux.org/packages/search/?q=x11vnc + 154. http://mike.saunby.googlepages.com/ + 155. http://www.focv.com/ipkg/ + 156. http://packages.debian.org/x11vnc + 157. http://packages.sw.be/x11vnc/ + 158. http://dag.wieers.com/rpm/packages/x11vnc/ + 159. http://www.sunfreeware.com/ + 160. http://www.karlrunge.com/x11vnc/bins + 161. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir + 162. http://www.tightvnc.com/download.html + 163. http://www.realvnc.com/products/free/4.1/download.html + 164. http://sourceforge.net/projects/cotvnc/ + 165. http://www.ultravnc.com/ + 166. http://www.karlrunge.com/x11vnc/ssvnc.html + 167. http://www.karlrunge.com/x11vnc/x11vnc_opts.html + 168. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui + 169. http://www.karlrunge.com/x11vnc/faq.html#faq-gui-tray 170. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui - 171. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N - 172. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-autoport - 173. http://www.karlrunge.com/x11vnc/index.html#firewalls - 174. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect - 175. http://www.karlrunge.com/x11vnc/index.html#ssl-tunnel - 176. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 177. http://www.karlrunge.com/x11vnc/vncxfer - 178. http://www.karlrunge.com/x11vnc/index.html#firewalls - 179. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect-proxy - 180. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 181. http://www.karlrunge.com/x11vnc/index.html#ssl-tunnel - 182. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssh - 183. http://www.karlrunge.com/x11vnc/ssvnc.html - 184. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-q, - 185. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-bg - 186. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-o - 187. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=389750 - 188. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399408 - 189. http://bugs.kde.org/show_bug.cgi?id=136924 - 190. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxrecord - 191. http://www.karlrunge.com/x11vnc/index.html#solarisbuilding - 192. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nofb - 193. http://fredrik.hubbe.net/x2vnc.html - 194. http://www.hubbe.net/~hubbe/win2vnc.html - 195. http://www.deboer.gmxhome.de/ - 196. http://sourceforge.net/projects/win2vnc/ - 197. http://fredrik.hubbe.net/x2vnc.html - 198. http://freshmeat.net/projects/x2x/ - 199. http://zapek.com/?page_id=26 - 200. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-visual - 201. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx - 202. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-flashcmap - 203. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 - 204. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-notruecolor - 205. http://www.karlrunge.com/x11vnc/faq.html#faq-8bpp - 206. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay - 207. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 - 208. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay - 209. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 - 210. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-flashcmap - 211. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen + 171. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui + 172. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N + 173. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-autoport + 174. http://www.karlrunge.com/x11vnc/index.html#firewalls + 175. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect + 176. http://www.karlrunge.com/x11vnc/ultravnc_repeater.pl + 177. http://www.karlrunge.com/x11vnc/index.html#ssl-tunnel + 178. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 179. http://www.karlrunge.com/x11vnc/vncxfer + 180. http://www.karlrunge.com/x11vnc/index.html#firewalls + 181. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect-proxy + 182. http://www.karlrunge.com/x11vnc/index.html#tunnelling + 183. http://www.karlrunge.com/x11vnc/index.html#ssl-tunnel + 184. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssh + 185. http://www.karlrunge.com/x11vnc/ssvnc.html + 186. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-q, + 187. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-bg + 188. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-o + 189. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=389750 + 190. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399408 + 191. http://bugs.kde.org/show_bug.cgi?id=136924 + 192. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxrecord + 193. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxrecord + 194. http://www.karlrunge.com/x11vnc/index.html#solarisbuilding + 195. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nofb + 196. http://fredrik.hubbe.net/x2vnc.html + 197. http://www.hubbe.net/~hubbe/win2vnc.html + 198. http://www.deboer.gmxhome.de/ + 199. http://sourceforge.net/projects/win2vnc/ + 200. http://fredrik.hubbe.net/x2vnc.html + 201. http://freshmeat.net/projects/x2x/ + 202. http://zapek.com/?page_id=26 + 203. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-visual + 204. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx + 205. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-flashcmap + 206. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 + 207. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-notruecolor + 208. http://www.karlrunge.com/x11vnc/faq.html#faq-8bpp + 209. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay + 210. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 + 211. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay 212. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 - 213. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 214. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 - 215. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay - 216. http://www.karlrunge.com/x11vnc/faq.html#faq-overlays - 217. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 218. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sid - 219. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-24to32 - 220. http://www.karlrunge.com/x11vnc/ssvnc.html - 221. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display - 222. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm - 223. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-flipbyteorder - 224. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 225. http://www.karlrunge.com/x11vnc/faq.html#infaq_xauth_pain - 226. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm - 227. http://www.sun.com/sunray/index.html - 228. http://www.karlrunge.com/x11vnc/sunray.html - 229. http://wiki.sun-rays.org/index.php/Remote_Control_Toolkit - 230. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote - 231. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-query - 232. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forever - 233. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-bg - 234. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_mods - 235. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_keys - 236. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all - 237. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote - 238. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-query - 239. http://www.karlrunge.com/x11vnc/faq.html#faq-config-file - 240. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui - 241. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-storepasswd - 242. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth - 243. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile - 244. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-usepw - 245. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-viewpasswd - 246. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwd - 247. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 248. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth - 249. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 250. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 251. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis - 252. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 253. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 254. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 255. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 256. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 257. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 258. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext - 259. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept - 260. http://www.karlrunge.com/x11vnc/faq.html#faq-accept-opt - 261. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd - 262. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 263. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 264. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd - 265. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 266. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 213. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-flashcmap + 214. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen + 215. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 + 216. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 217. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-appshare + 218. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 + 219. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay + 220. http://www.karlrunge.com/x11vnc/faq.html#faq-overlays + 221. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 222. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sid + 223. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-appshare + 224. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-24to32 + 225. http://www.karlrunge.com/x11vnc/ssvnc.html + 226. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display + 227. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm + 228. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-flipbyteorder + 229. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth + 230. http://www.karlrunge.com/x11vnc/faq.html#infaq_xauth_pain + 231. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm + 232. http://www.sun.com/sunray/index.html + 233. http://www.karlrunge.com/x11vnc/sunray.html + 234. http://wiki.sun-rays.org/index.php/Remote_Control_Toolkit + 235. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote + 236. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-query + 237. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forever + 238. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-bg + 239. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_mods + 240. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_keys + 241. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all + 242. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote + 243. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-query + 244. http://www.karlrunge.com/x11vnc/faq.html#faq-config-file + 245. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui + 246. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-storepasswd + 247. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth + 248. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile + 249. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-usepw + 250. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-viewpasswd + 251. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwd + 252. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 253. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth + 254. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 255. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 256. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis + 257. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 258. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 259. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 260. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 261. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 262. http://www.karlrunge.com/x11vnc/index.html#tunnelling + 263. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext + 264. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept + 265. http://www.karlrunge.com/x11vnc/faq.html#faq-accept-opt + 266. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd 267. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile 268. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 269. http://www.karlrunge.com/x11vnc/faq.html#faq-accept-opt - 270. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forever - 271. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-shared - 272. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 273. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 274. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd - 275. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile - 276. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allow - 277. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 278. http://www.karlrunge.com/x11vnc/faq.html#faq-tcp_wrappers - 279. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 280. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-listen + 269. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd + 270. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 271. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 272. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 273. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 274. http://www.karlrunge.com/x11vnc/faq.html#faq-accept-opt + 275. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forever + 276. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-shared + 277. http://www.karlrunge.com/x11vnc/index.html#tunnelling + 278. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 279. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd + 280. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile 281. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allow 282. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 283. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allow - 284. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 285. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-input - 286. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept - 287. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-viewonly - 288. ftp://ftp.x.org/ - 289. http://www.karlrunge.com/x11vnc/dtVncPopup - 290. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone - 291. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-afteraccept - 292. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 293. http://www.karlrunge.com/x11vnc/blockdpy.c - 294. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept + 283. http://www.karlrunge.com/x11vnc/faq.html#faq-tcp_wrappers + 284. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd + 285. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-listen + 286. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allow + 287. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 288. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allow + 289. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 290. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-input + 291. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept + 292. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-viewonly + 293. ftp://ftp.x.org/ + 294. http://www.karlrunge.com/x11vnc/dtVncPopup 295. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone - 296. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forcedpms - 297. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clientdpms - 298. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabkbd - 299. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabptr - 300. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabptr - 301. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone - 302. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-afteraccept - 303. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 304. http://www.karlrunge.com/x11vnc/ssvnc.html - 305. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 306. http://www.karlrunge.com/x11vnc/ssvnc.html - 307. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 308. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth - 309. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 310. http://www.karlrunge.com/x11vnc/chainingssh.html#gateway_double_ssh - 311. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 312. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 313. http://www.stunnel.org/ - 314. http://stunnel.mirt.net/ - 315. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 316. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 317. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 318. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int - 319. http://www.stunnel.org/ - 320. http://www.karlrunge.com/x11vnc/ssl.html - 321. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 322. http://www.karlrunge.com/x11vnc/ssvnc.html - 323. http://www.karlrunge.com/x11vnc/ssl.html - 324. http://www.securityfocus.com/infocus/1677 + 296. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-afteraccept + 297. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users + 298. http://www.karlrunge.com/x11vnc/blockdpy.c + 299. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept + 300. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone + 301. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forcedpms + 302. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clientdpms + 303. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabkbd + 304. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabptr + 305. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabptr + 306. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone + 307. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-afteraccept + 308. http://www.karlrunge.com/x11vnc/index.html#tunnelling + 309. http://www.karlrunge.com/x11vnc/ssvnc.html + 310. http://www.karlrunge.com/x11vnc/index.html#tunnelling + 311. http://www.karlrunge.com/x11vnc/ssvnc.html + 312. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 313. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth + 314. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile + 315. http://www.karlrunge.com/x11vnc/chainingssh.html#gateway_double_ssh + 316. http://www.karlrunge.com/x11vnc/index.html#tunnelling + 317. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect + 318. http://www.stunnel.org/ + 319. http://stunnel.mirt.net/ + 320. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 321. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 322. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 323. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int + 324. http://www.stunnel.org/ 325. http://www.karlrunge.com/x11vnc/ssl.html - 326. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-inetd - 327. http://sc.uvnc.com/javaviewer/index.html - 328. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 329. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 330. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir - 331. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http - 332. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 333. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https - 334. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 335. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 336. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 337. http://www.karlrunge.com/x11vnc/ssvnc.html - 338. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext - 339. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 340. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 341. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 342. http://www.openssl.org/ - 343. http://sourceforge.net/projects/vencrypt/ - 344. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt - 345. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls - 346. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 347. http://www.karlrunge.com/x11vnc/faq.html#infaq_ssl-vnc-viewers - 348. http://www.karlrunge.com/x11vnc/ssl.html - 349. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 350. http://www.karlrunge.com/x11vnc/ssl.html - 351. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 352. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 353. http://www.stunnel.org/ - 354. http://www.karlrunge.com/x11vnc/faq.html#infaq_viewer-side-stunnel - 355. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 356. http://www.karlrunge.com/x11vnc/ssvnc.html - 357. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir - 358. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http - 359. http://sc.uvnc.com/javaviewer/index.html - 360. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 361. http://www.karlrunge.com/x11vnc/faq.html#infaq_ssl-router-redir - 362. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https - 363. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal - 364. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy - 365. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal - 366. http://www.karlrunge.com/x11vnc/index.html#firewalls - 367. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir - 368. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport - 369. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpport - 370. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https - 371. http://www.karlrunge.com/x11vnc/ssl-output.html - 372. http://www.karlrunge.com/x11vnc/java_console_direct.html - 373. http://www.karlrunge.com/x11vnc/ssvnc.html - 374. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext - 375. http://www.karlrunge.com/x11vnc/ss_vncviewer - 376. http://www.karlrunge.com/x11vnc/ssl-portal.html - 377. http://www.karlrunge.com/x11vnc/ssl.html + 326. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer + 327. http://www.karlrunge.com/x11vnc/ssvnc.html + 328. http://www.karlrunge.com/x11vnc/ssl.html + 329. http://www.securityfocus.com/infocus/1677 + 330. http://www.karlrunge.com/x11vnc/ssl.html + 331. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-inetd + 332. http://sc.uvnc.com/javaviewer/index.html + 333. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 334. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers + 335. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir + 336. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http + 337. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 338. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https + 339. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 340. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 341. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer + 342. http://www.karlrunge.com/x11vnc/ssvnc.html + 343. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext + 344. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 345. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers + 346. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 347. http://www.openssl.org/ + 348. http://sourceforge.net/projects/vencrypt/ + 349. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt + 350. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls + 351. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers + 352. http://www.karlrunge.com/x11vnc/faq.html#infaq_ssl-vnc-viewers + 353. http://www.karlrunge.com/x11vnc/ssl.html + 354. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer + 355. http://www.karlrunge.com/x11vnc/ssl.html + 356. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 357. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel + 358. http://www.stunnel.org/ + 359. http://www.karlrunge.com/x11vnc/faq.html#infaq_viewer-side-stunnel + 360. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer + 361. http://www.karlrunge.com/x11vnc/ssvnc.html + 362. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir + 363. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http + 364. http://sc.uvnc.com/javaviewer/index.html + 365. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 366. http://www.karlrunge.com/x11vnc/faq.html#infaq_ssl-router-redir + 367. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https + 368. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal + 369. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy + 370. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal + 371. http://www.karlrunge.com/x11vnc/index.html#firewalls + 372. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir + 373. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport + 374. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpport + 375. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https + 376. http://www.karlrunge.com/x11vnc/ssl-output.html + 377. http://www.karlrunge.com/x11vnc/java_console_direct.html 378. http://www.karlrunge.com/x11vnc/ssvnc.html - 379. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir - 380. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 381. http://www.karlrunge.com/x11vnc/java_console_proxy.html - 382. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer + 379. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext + 380. http://www.karlrunge.com/x11vnc/ss_vncviewer + 381. http://www.karlrunge.com/x11vnc/ssl-portal.html + 382. http://www.karlrunge.com/x11vnc/ssl.html 383. http://www.karlrunge.com/x11vnc/ssvnc.html - 384. http://www.karlrunge.com/x11vnc/ssl-portal.html - 385. http://www.karlrunge.com/x11vnc/ssl.html - 386. http://www.karlrunge.com/x11vnc/faq.html#infaq_display-manager-continuously - 387. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 388. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin - 389. http://www.karlrunge.com/x11vnc/faq.html#infaq_x11vnc_loop - 390. http://club.mandriva.com/xwiki/bin/view/KB/XwinXset - 391. http://www.karlrunge.com/x11vnc/index.html#firewalls - 392. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 393. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen - 394. http://www.karlrunge.com/x11vnc/faq.html#infaq_dtlogin_solaris - 395. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 396. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 397. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 398. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 399. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N - 400. http://www.jirka.org/gdm-documentation/x241.html - 401. http://www.karlrunge.com/x11vnc/x11vnc_loop - 402. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 403. http://www.karlrunge.com/x11vnc/faq.html#faq-xterminal-xauth - 404. http://www.karlrunge.com/x11vnc/index.html#firewalls - 405. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-inetd - 406. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-q, - 407. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 408. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin - 409. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi - 410. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-mdns - 411. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf - 412. http://www.avahi.org/ - 413. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 414. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 415. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 416. http://www.karlrunge.com/x11vnc/faq.html#infaq_stunnel-inetd - 417. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 418. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 419. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 420. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 421. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 422. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 423. http://www.karlrunge.com/x11vnc/find_display.html - 424. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 425. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 426. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 427. http://www.karlrunge.com/x11vnc/faq.html#faq-unix-passwords - 428. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 429. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 430. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int - 431. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 432. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 433. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 434. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb - 435. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 436. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 437. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 438. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 439. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 440. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 441. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 442. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 443. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 444. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir - 445. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http - 446. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy - 447. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 448. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote - 449. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit - 450. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vncconnect - 451. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy - 452. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy - 453. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy - 454. http://www.karlrunge.com/x11vnc/faq.html#infaq_localaccess - 455. http://www.karlrunge.com/x11vnc/faq.html#infaq_localaccess - 456. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 457. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 458. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 459. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 460. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 461. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 462. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms - 463. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 464. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 465. http://www.karlrunge.com/x11vnc/Xdummy - 466. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 467. http://www.karlrunge.com/x11vnc/xdm_one_shot.html - 468. http://www.karlrunge.com/x11vnc/faq.html#infaq_display-manager-continuously - 469. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 470. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 384. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir + 385. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers + 386. http://www.karlrunge.com/x11vnc/java_console_proxy.html + 387. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer + 388. http://www.karlrunge.com/x11vnc/ssvnc.html + 389. http://www.karlrunge.com/x11vnc/ssl-portal.html + 390. http://www.karlrunge.com/x11vnc/ssl.html + 391. http://www.karlrunge.com/x11vnc/faq.html#infaq_display-manager-continuously + 392. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd + 393. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin + 394. http://www.karlrunge.com/x11vnc/faq.html#infaq_x11vnc_loop + 395. http://club.mandriva.com/xwiki/bin/view/KB/XwinXset + 396. http://www.karlrunge.com/x11vnc/index.html#firewalls + 397. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth + 398. http://www.karlrunge.com/x11vnc/faq.html#infaq_dtlogin_solaris + 399. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen + 400. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 401. http://www.karlrunge.com/x11vnc/index.html#tunnelling + 402. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 403. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 404. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N + 405. http://www.jirka.org/gdm-documentation/x241.html + 406. http://www.karlrunge.com/x11vnc/x11vnc_loop + 407. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop + 408. http://www.karlrunge.com/x11vnc/faq.html#faq-xterminal-xauth + 409. http://www.karlrunge.com/x11vnc/index.html#firewalls + 410. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-inetd + 411. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-q, + 412. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth + 413. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin + 414. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi + 415. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-mdns + 416. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf + 417. http://www.avahi.org/ + 418. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd + 419. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 420. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 421. http://www.karlrunge.com/x11vnc/faq.html#infaq_stunnel-inetd + 422. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop + 423. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 424. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 425. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 426. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 427. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 428. http://www.karlrunge.com/x11vnc/find_display.html + 429. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 430. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 431. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 432. http://www.karlrunge.com/x11vnc/faq.html#faq-unix-passwords + 433. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 434. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users + 435. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int + 436. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost + 437. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 438. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users + 439. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb + 440. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer + 441. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 442. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 443. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 444. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc + 445. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 446. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop + 447. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop + 448. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 449. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir + 450. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http + 451. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy + 452. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect + 453. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote + 454. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit + 455. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vncconnect + 456. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy + 457. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy + 458. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy + 459. http://www.karlrunge.com/x11vnc/faq.html#infaq_localaccess + 460. http://www.karlrunge.com/x11vnc/faq.html#infaq_localaccess + 461. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 462. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 463. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 464. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 465. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 466. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 467. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms + 468. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 469. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc + 470. http://www.karlrunge.com/x11vnc/Xdummy 471. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 472. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 473. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 474. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 475. http://www.karlrunge.com/x11vnc/shm_clear - 476. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile - 477. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm - 478. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm - 479. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nap - 480. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait - 481. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sb - 482. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile - 483. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs - 484. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads - 485. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer - 486. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 487. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 488. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc - 489. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid - 490. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 491. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 492. http://www.tightvnc.com/ - 493. http://www.karlrunge.com/x11vnc/ssvnc.html - 494. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 472. http://www.karlrunge.com/x11vnc/xdm_one_shot.html + 473. http://www.karlrunge.com/x11vnc/faq.html#infaq_display-manager-continuously + 474. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay + 475. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT + 476. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find + 477. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 478. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 479. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc + 480. http://www.karlrunge.com/x11vnc/shm_clear + 481. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile + 482. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm + 483. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm + 484. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nap + 485. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait + 486. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sb + 487. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile + 488. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs + 489. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads + 490. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer + 491. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 492. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow + 493. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc + 494. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid 495. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 496. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid - 497. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-speeds - 498. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging - 499. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs - 500. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait - 501. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer - 502. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-progressive - 503. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 504. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel - 505. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor - 506. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos - 507. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-readtimeout - 508. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen - 509. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 510. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_area - 511. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_mem - 512. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage - 513. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage - 514. http://minimyth.org/ - 515. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl - 516. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 517. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode - 518. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode - 519. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging - 520. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode - 521. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads - 522. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe - 523. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollcopyrect - 524. http://www.karlrunge.com/x11vnc/faq.html#faq-pointer-mode - 525. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 526. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 527. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 528. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 529. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 530. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 531. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 532. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wirecopyrect - 533. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe - 534. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen - 535. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scr_skip - 536. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale - 537. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 538. http://www.karlrunge.com/x11vnc/index.html#beta-test - 539. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache - 540. http://www.karlrunge.com/x11vnc/ssvnc.html - 541. http://www.karlrunge.com/x11vnc/ssvnc.html#ycrop - 542. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_no_rootpixmap - 543. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_cr - 544. http://www.virtualgl.org/About/TurboVNC - 545. http://www.virtualgl.org/ - 546. http://sourceforge.net/project/showfiles.php?group_id=117509&package_id=166100 - 547. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait - 548. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer - 549. http://sourceforge.net/project/showfiles.php?group_id=117509&package_id=166100 - 550. http://www.karlrunge.com/x11vnc/ssvnc.html - 551. http://www.karlrunge.com/x11vnc/bins - 552. http://www.karlrunge.com/x11vnc/ssvnc.html - 553. http://www.virtualgl.org/About/Reports - 554. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 555. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor - 556. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor - 557. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay - 558. http://www.karlrunge.com/x11vnc/faq.html#infaq_the-overlay-mode - 559. http://www.karlrunge.com/x11vnc/index.html#solaris10-build - 560. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks - 561. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphacut - 562. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphafrac - 563. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alpharemove - 564. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape - 565. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noalphablend - 566. http://www.karlrunge.com/x11vnc/ssvnc.html - 567. http://www.tightvnc.com/ - 568. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor - 569. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursorpos - 570. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos - 571. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape - 572. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap - 573. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_pointer - 574. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap - 575. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak - 576. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless - 577. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak - 578. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard - 579. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak - 580. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb - 581. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys - 582. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak + 496. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 497. http://www.tightvnc.com/ + 498. http://www.karlrunge.com/x11vnc/ssvnc.html + 499. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 500. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect + 501. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid + 502. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching + 503. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache + 504. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-speeds + 505. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging + 506. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs + 507. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait + 508. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer + 509. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-progressive + 510. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 511. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-appshare + 512. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel + 513. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor + 514. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos + 515. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-readtimeout + 516. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen + 517. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow + 518. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_area + 519. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_mem + 520. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage + 521. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage + 522. http://minimyth.org/ + 523. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl + 524. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow + 525. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode + 526. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode + 527. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging + 528. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode + 529. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads + 530. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe + 531. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollcopyrect + 532. http://www.karlrunge.com/x11vnc/faq.html#faq-pointer-mode + 533. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow + 534. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 535. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 536. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 537. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow + 538. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect + 539. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe + 540. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wirecopyrect + 541. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe + 542. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen + 543. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scr_skip + 544. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale + 545. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect + 546. http://www.karlrunge.com/x11vnc/index.html#beta-test + 547. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache + 548. http://www.karlrunge.com/x11vnc/ssvnc.html + 549. http://www.karlrunge.com/x11vnc/ssvnc.html#ycrop + 550. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_no_rootpixmap + 551. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_cr + 552. http://www.virtualgl.org/About/TurboVNC + 553. http://www.virtualgl.org/ + 554. http://sourceforge.net/project/showfiles.php?group_id=117509&package_id=166100 + 555. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait + 556. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer + 557. http://sourceforge.net/project/showfiles.php?group_id=117509&package_id=166100 + 558. http://www.karlrunge.com/x11vnc/ssvnc.html + 559. http://www.karlrunge.com/x11vnc/bins + 560. http://www.karlrunge.com/x11vnc/ssvnc.html + 561. http://www.virtualgl.org/About/Reports + 562. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow + 563. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor + 564. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor + 565. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay + 566. http://www.karlrunge.com/x11vnc/faq.html#infaq_the-overlay-mode + 567. http://www.karlrunge.com/x11vnc/index.html#solaris10-build + 568. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks + 569. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphacut + 570. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphafrac + 571. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alpharemove + 572. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape + 573. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noalphablend + 574. http://www.karlrunge.com/x11vnc/ssvnc.html + 575. http://www.tightvnc.com/ + 576. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor + 577. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursorpos + 578. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos + 579. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape + 580. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap + 581. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_pointer + 582. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap 583. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak - 584. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 584. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless 585. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak 586. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard - 587. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless + 587. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak 588. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb 589. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys 590. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak - 591. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb - 592. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb - 593. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_keycodes - 594. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 595. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms - 596. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 597. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 598. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms - 599. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat - 600. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat - 601. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager - 602. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_mods - 603. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 604. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-capslock - 605. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_lockkeys - 606. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock - 607. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all - 608. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 609. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 610. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak + 591. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak + 592. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 593. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak + 594. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard + 595. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless + 596. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb + 597. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys + 598. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak + 599. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb + 600. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb + 601. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_keycodes + 602. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 603. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms + 604. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 605. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 606. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms + 607. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat + 608. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat + 609. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager + 610. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_mods 611. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 612. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 612. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-capslock 613. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_lockkeys - 614. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 615. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak - 616. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock - 617. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all - 618. http://www.karlrunge.com/x11vnc/faq.html#faq-scaling - 619. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale - 620. http://people.pwf.cam.ac.uk/ssb22/setup/vnc-magnification.html - 621. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport - 622. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui - 623. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 624. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale_cursor - 625. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-blackout - 626. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama - 627. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama - 628. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer - 629. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer - 630. http://www.karlrunge.com/x11vnc/faq.html#faq-solshm - 631. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile - 632. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm - 633. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip - 634. http://www.karlrunge.com/x11vnc/faq.html#faq-xinerama - 635. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 636. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 637. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xrandr - 638. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-padgeom - 639. http://www.karlrunge.com/x11vnc/ssvnc.html - 640. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate - 641. http://www.jwz.org/xscreensaver/man1.html - 642. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms - 643. http://www.beryl-project.org/ - 644. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage - 645. http://www.dslinux.org/blogs/pepsiman/?p=73 - 646. http://minimyth.org/ - 647. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 648. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb - 649. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 650. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 651. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 652. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput - 653. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput - 654. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb - 655. http://www.karlrunge.com/x11vnc/faq.html#faq-video - 656. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb - 657. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded - 658. http://www.karlrunge.com/x11vnc/faq.html#faq-video + 614. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock + 615. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all + 616. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 617. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 618. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak + 619. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 620. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 621. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_lockkeys + 622. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap + 623. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak + 624. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock + 625. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all + 626. http://www.karlrunge.com/x11vnc/faq.html#faq-scaling + 627. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale + 628. http://people.pwf.cam.ac.uk/ssb22/setup/vnc-magnification.html + 629. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport + 630. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui + 631. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect + 632. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale_cursor + 633. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-blackout + 634. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama + 635. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama + 636. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer + 637. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer + 638. http://www.karlrunge.com/x11vnc/faq.html#faq-solshm + 639. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile + 640. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm + 641. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip + 642. http://www.karlrunge.com/x11vnc/faq.html#faq-xinerama + 643. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 644. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 645. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xrandr + 646. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-padgeom + 647. http://www.karlrunge.com/x11vnc/ssvnc.html + 648. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate + 649. http://www.jwz.org/xscreensaver/man1.html + 650. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms + 651. http://www.beryl-project.org/ + 652. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage + 653. http://www.dslinux.org/blogs/pepsiman/?p=73 + 654. http://minimyth.org/ + 655. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc + 656. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb + 657. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc + 658. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id 659. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 660. http://www.karlrunge.com/x11vnc/faq.html#faq-video - 661. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 662. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded - 663. http://www.karlrunge.com/x11vnc/faq.html#faq-vmware - 664. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 665. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb - 666. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb - 667. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-24to32 - 668. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait - 669. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-slow_fb - 670. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer - 671. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-freqtab - 672. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb - 673. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput - 674. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput - 675. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 676. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 677. http://www.testplant.com/products/vine_server/OS_X - 678. http://www.apple.com/remotedesktop/ - 679. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 680. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 681. http://fredrik.hubbe.net/x2vnc.html - 682. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc - 683. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect + 660. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput + 661. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput + 662. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb + 663. http://www.karlrunge.com/x11vnc/faq.html#faq-video + 664. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb + 665. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded + 666. http://www.karlrunge.com/x11vnc/faq.html#faq-video + 667. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 668. http://www.karlrunge.com/x11vnc/faq.html#faq-video + 669. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc + 670. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded + 671. http://www.karlrunge.com/x11vnc/faq.html#faq-vmware + 672. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 673. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb + 674. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb + 675. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-24to32 + 676. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait + 677. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-slow_fb + 678. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer + 679. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-freqtab + 680. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb + 681. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput + 682. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput + 683. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb 684. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 685. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging - 686. http://sourceforge.net/projects/vnc-reflector/ - 687. http://www.tightvnc.com/projector/ - 688. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 689. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager - 690. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager - 691. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 692. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel - 693. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noprimary - 694. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-seldir - 695. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-input - 696. http://www.unixuser.org/~euske/vnc2swf/ - 697. http://wolphination.com/linux/2006/06/30/how-to-record-videos-of-your-desktop/ - 698. http://www.karlrunge.com/x11vnc/ssvnc.html - 699. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-tightfilexfer - 700. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 701. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer - 702. http://www.karlrunge.com/x11vnc/ssvnc.html - 703. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noultraext - 704. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms - 705. http://www.uvnc.com/addons/repeater.html - 706. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 707. http://www.uvnc.com/addons/singleclick.html - 708. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx - 709. http://www.karlrunge.com/x11vnc/single-click.html - 710. http://www.karlrunge.com/x11vnc/single-click.html - 711. http://www.karlrunge.com/x11vnc/index.html#firewalls - 712. http://sc.uvnc.com/ - 713. http://www.karlrunge.com/x11vnc/ssvnc.html - 714. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 715. http://www.karlrunge.com/x11vnc/single-click.html - 716. http://www.karlrunge.com/x11vnc/ssvnc.html - 717. http://www.karlrunge.com/x11vnc/single-click.html - 718. http://www.karlrunge.com/x11vnc/ssl.html - 719. http://www.karlrunge.com/x11vnc/single-click.html - 720. http://www.karlrunge.com/x11vnc/single-click.html#libssl-problems - 721. http://www.samba.org/ - 722. http://www.karlrunge.com/x11vnc/ssvnc.html - 723. http://www.cups.org/ - 724. http://www.karlrunge.com/x11vnc/ssvnc.html - 725. http://www.karlrunge.com/x11vnc/ssvnc.html - 726. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell - 727. http://www.karlrunge.com/x11vnc/faq.html#faq-sound - 728. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 729. http://jungla.dit.upm.es/~acosta/paginas/vncIPv6.html + 685. http://www.testplant.com/products/vine_server/OS_X + 686. http://www.apple.com/remotedesktop/ + 687. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id + 688. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nofb + 689. http://fredrik.hubbe.net/x2vnc.html + 690. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc + 691. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect + 692. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb + 693. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging + 694. http://sourceforge.net/projects/vnc-reflector/ + 695. http://www.tightvnc.com/projector/ + 696. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect + 697. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager + 698. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager + 699. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect + 700. http://www.jwz.org/doc/x-cut-and-paste.html + 701. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel + 702. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noprimary + 703. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noclipboard + 704. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosetprimary + 705. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosetclipboard + 706. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-seldir + 707. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-input + 708. http://www.unixuser.org/~euske/vnc2swf/ + 709. http://wolphination.com/linux/2006/06/30/how-to-record-videos-of-your-desktop/ + 710. http://www.karlrunge.com/x11vnc/ssvnc.html + 711. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-tightfilexfer + 712. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users + 713. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer + 714. http://www.karlrunge.com/x11vnc/ssvnc.html + 715. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noultraext + 716. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms + 717. http://www.uvnc.com/addons/repeater.html + 718. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect + 719. http://www.karlrunge.com/x11vnc/ultravnc_repeater.pl + 720. http://www.uvnc.com/addons/singleclick.html + 721. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx + 722. http://www.karlrunge.com/x11vnc/single-click.html + 723. http://www.karlrunge.com/x11vnc/single-click.html + 724. http://www.karlrunge.com/x11vnc/index.html#firewalls + 725. http://sc.uvnc.com/ + 726. http://www.karlrunge.com/x11vnc/ssvnc.html + 727. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl + 728. http://www.karlrunge.com/x11vnc/single-click.html + 729. http://www.karlrunge.com/x11vnc/ssvnc.html + 730. http://www.karlrunge.com/x11vnc/single-click.html + 731. http://www.karlrunge.com/x11vnc/ssl.html + 732. http://www.karlrunge.com/x11vnc/single-click.html + 733. http://www.karlrunge.com/x11vnc/single-click.html#libssl-problems + 734. http://www.samba.org/ + 735. http://www.karlrunge.com/x11vnc/ssvnc.html + 736. http://www.cups.org/ + 737. http://www.karlrunge.com/x11vnc/ssvnc.html + 738. http://www.karlrunge.com/x11vnc/ssvnc.html + 739. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell + 740. http://www.karlrunge.com/x11vnc/faq.html#faq-sound + 741. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd + 742. http://jungla.dit.upm.es/~acosta/paginas/vncIPv6.html ======================================================================= http://www.karlrunge.com/x11vnc/chainingssh.html: @@ -10217,6 +10427,11 @@ far-away.east:0" where ./x11vnc.crt is the copied certificate x11vnc printed out. + As fourth example, our [5]SSVNC enhanced tightvnc viewer can also use + these certificate files for server authentication. You can load them + via the SSVNC 'Certs...' dialog and set 'ServerCert' to the + certificate file you safely copied there. + Note that in principle the copying of the certificate to the client machine(s) itself could be altered in a Man-In-The-Middle attack! You can't win. It is unlikely the attacker could predict how you were @@ -10247,7 +10462,7 @@ server. The ".pem" file contains both the certificate and the private key and should be kept secret. (If you don't like the default location ~/.vnc/certs, e.g. it is on an NFS share and you are worried about - local network sniffing, use the [5]-ssldir dir option to point to a + local network sniffing, use the [6]-ssldir dir option to point to a different directory.) So the next time you run "x11vnc -ssl SAVE ..." it will read the @@ -10312,7 +10527,7 @@ clients will run. * One or more x11vnc server certs and keys are generated. * The x11vnc server cert is signed with the CA private key. - * x11vnc is run using the server key. (e.g. "[6]-ssl SAVE") + * x11vnc is run using the server key. (e.g. "[7]-ssl SAVE") * VNC clients (viewers) can now authenticate the x11vnc server because they have the CA certificate. @@ -10336,7 +10551,7 @@ * The VNC client certs+keys are safely distributed to the corresponding client machines. * x11vnc is told to verify clients by using the CA cert. (e.g. - "[7]-sslverify CA") + "[8]-sslverify CA") * When VNC clients (viewers) connect, they must authenticate themselves to x11vnc by using their client key. @@ -10346,19 +10561,19 @@ no need to keep the client key on the CA machine that generated and signed it. You can keep the client certs if you like because they are public, and they could also be used let in only a subset of all the - clients. (see [8]-sslverify) + clients. (see [9]-sslverify) _________________________________________________________________ How to do the above CA steps with x11vnc: Some utility commands are provided to ease the cert+key creation, - signing, and management: [9]-sslGenCA, [10]-sslGenCert, - [11]-sslDelCert, [12]-sslEncKey, [13]-sslCertInfo. They basically run + signing, and management: [10]-sslGenCA, [11]-sslGenCert, + [12]-sslDelCert, [13]-sslEncKey, [14]-sslCertInfo. They basically run the openssl(1) command for you to manage the certs/keys. It is required that openssl(1) is installed on the machine and available in PATH. All commands can be pointed to an alternate toplevel certificate - directory via the [14]-ssldir option if you don't want to use the + directory via the [15]-ssldir option if you don't want to use the default ~/.vnc/certs. 1) To generate your Certificate Authority (CA) cert and key run this: @@ -10370,7 +10585,7 @@ ~/.vnc/certs/CA/cacert.pem (the CA public certificate) ~/.vnc/certs/CA/private/cakey.pem (the CA private key) - If you want to use a different directory use [15]-ssldir It must + If you want to use a different directory use [16]-ssldir It must supplied with all subsequent SSL utility options to point them to the correct directory. @@ -10389,7 +10604,7 @@ 3) Start up x11vnc using this server key: x11vnc -ssl SAVE -display :0 ... - (SAVE corresponds to server.pem, see [16]-sslGenCert server somename + (SAVE corresponds to server.pem, see [17]-sslGenCert server somename info on creating additional server keys, server-somename.crt ...) 4) Next, safely copy the CA certificate to the VNC viewer (client) @@ -10428,9 +10643,14 @@ (then point the VNC viewer to localhost:1). Here is an example for the Unix stunnel wrapper script - [17]ss_vncviewer: + [18]ss_vncviewer: ss_vncviewer -verify ./cacert.pem far-away.east:0 + Our [19]SSVNC enhanced tightvnc viewer can also use the certificate + file for server authentication. You can load it via the SSVNC + 'Certs...' dialog and set 'ServerCert' to the cacert.pem file you + safely copied there. + _________________________________________________________________ Tricks for server keys: @@ -10460,7 +10680,8 @@ You don't have to use your own CA cert+key you can use a third party's. Perhaps you have a company-wide CA or you can even have your x11vnc certificate signed by a professional CA (e.g. www.thawte.com or - www.verisign.com). + www.verisign.com or perhaps the free certificate service + www.startcom.org or www.cacert.org). The advantage to doing this is that the VNC client machines will already have the CA certificates installed and you don't have to @@ -10535,19 +10756,19 @@ Where client.crt would be an individual client certificate; client-hash-dir a directory of file names based on md5 hashes of the - certs (see [18]-sslverify); and certs.txt signifies a single file full + certs (see [20]-sslverify); and certs.txt signifies a single file full of client certificates. Finally, connect with your VNC viewer using the key. Here is an - example for the Unix stunnel wrapper script [19]ss_vncviewer: using + example for the Unix stunnel wrapper script [21]ss_vncviewer: using client authentication (and the standard server authentication with the CA cert): ss_vncviewer -mycert ./dilbert.pem -verify ./cacert.pem far-away.east:0 - Our [20]SSVNC enhanced tightvnc viewer can also use these openssl .pem + Our [22]SSVNC enhanced tightvnc viewer can also use these openssl .pem files (you can load them via Certs... -> MyCert dialog). - It is also possible to use [21]-sslverify on a per-client key basis, + It is also possible to use [23]-sslverify on a per-client key basis, and also using self-signed client keys (x11vnc -sslGenCert client self:dilbert) @@ -10569,9 +10790,9 @@ sufficient and can be read by Mozilla/Firefox and Java... If you have trouble getting your Java Runtime to import and use the - cert+key, there is a workaround for the [22]SSL-enabled Java applet. + cert+key, there is a workaround for the [24]SSL-enabled Java applet. On the Web browser URL that retrieves the VNC applet, simply add a - "/?oneTimeKey=..." applet parameter (see [23]ssl-portal for more + "/?oneTimeKey=..." applet parameter (see [25]ssl-portal for more details on applet parameters; you don't need to do the full portal setup though). The value of the oneTimeKey will be the very long string that is output of the onetimekey program found in the @@ -10582,14 +10803,14 @@ HTTPS site via password. A cgi program then makes a one time key for the logged in user to use: it is passed back over HTTPS as the applet parameter in the URL and so cannot be sniffed. x11vnc is run to use - that key via [24]-sslverify. + that key via [26]-sslverify. Update: as of Apr 2007 in the 0.9.1 x11vnc tarball there is a new - option setting "[25]-users sslpeer=" that will do a switch user much - like [26]-unixpw does, but this time using the emailAddress field of + option setting "[27]-users sslpeer=" that will do a switch user much + like [28]-unixpw does, but this time using the emailAddress field of the Certificate subject of the verified Client. This mode requires - [27]-sslverify turned on to verify the clients via SSL. This mode can - be useful in situations using [28]-create or [29]-svc where a new X + [29]-sslverify turned on to verify the clients via SSL. This mode can + be useful in situations using [30]-create or [31]-svc where a new X server needs to be started up as the authenticated user (but unlike in -unixpw mode, the unix username is not obviously known). @@ -10597,7 +10818,7 @@ Additional utlities: - You can get information about your keys via [30]-sslCertInfo. These + You can get information about your keys via [32]-sslCertInfo. These lists all your keys: x11vnc -sslCertInfo list x11vnc -sslCertInfo ll @@ -10626,9 +10847,9 @@ More info: - See also this [31]article for some some general info and examples + See also this [33]article for some some general info and examples using stunnel and openssl on Windows with VNC. Also - [32]http://www.stunnel.org/faq/certs.html + [34]http://www.stunnel.org/faq/certs.html References @@ -10636,34 +10857,36 @@ 2. http://stunnel.mirt.net/ 3. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext 4. http://www.karlrunge.com/x11vnc/ss_vncviewer - 5. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssldir - 6. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 7. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 5. http://www.karlrunge.com/x11vnc/ssvnc.html + 6. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssldir + 7. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl 8. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 9. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA - 10. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert - 11. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslDelCert - 12. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslEncKey - 13. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCertInfo - 14. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssldir + 9. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 10. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA + 11. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert + 12. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslDelCert + 13. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslEncKey + 14. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCertInfo 15. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssldir 16. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssldir - 17. http://www.karlrunge.com/x11vnc/ss_vncviewer - 18. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 19. http://www.karlrunge.com/x11vnc/ss_vncviewer - 20. http://www.karlrunge.com/x11vnc/ssvnc.html - 21. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 22. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 23. http://www.karlrunge.com/x11vnc/ssl-portal.html - 24. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 25. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 26. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 27. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 28. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 29. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 30. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCertInfo - 31. http://www.securityfocus.com/infocus/1677 - 32. http://www.stunnel.org/faq/certs.html + 17. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssldir + 18. http://www.karlrunge.com/x11vnc/ss_vncviewer + 19. http://www.karlrunge.com/x11vnc/ssvnc.html + 20. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 21. http://www.karlrunge.com/x11vnc/ss_vncviewer + 22. http://www.karlrunge.com/x11vnc/ssvnc.html + 23. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 24. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers + 25. http://www.karlrunge.com/x11vnc/ssl-portal.html + 26. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 27. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users + 28. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw + 29. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify + 30. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create + 31. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc + 32. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCertInfo + 33. http://www.securityfocus.com/infocus/1677 + 34. http://www.stunnel.org/faq/certs.html ======================================================================= http://www.karlrunge.com/x11vnc/ssl-portal.html: @@ -10671,7 +10894,8 @@ _________________________________________________________________ - Using Apache as an SSL Gateway to x11vnc servers inside a firewall: + Using Apache as an SSL Gateway to multiple x11vnc servers inside a + firewall: Background: @@ -10712,10 +10936,10 @@ with its -proxy option. Simpler Solutions: This apache solution may be too much for you. It is - mainly intended for automatically redirecting to multiple workstations + mainly intended for automatically redirecting to MULTIPLE workstations inside the firewall. If you only have one inside machine that you want to access, the method described here is overly complicated. See - [3]below for some simpler (non-SSH) encrypted setups. + [3]below for some simpler (and still non-SSH) encrypted setups. There are numerous ways to achieve this with Apache. We present one of the simplest ones here. @@ -10927,7 +11151,7 @@ that is able to interact with the internal proxy for the VNC connection. See [10]this FAQ for more info on how this works. Note: sometimes with the Proxy case if you see 'Bad Gateway' error you will - have to wait 10 or so seconds and then his reload. This seems to be + have to wait 10 or so seconds and then hit reload. This seems to be due to having to wait for a Connection Keepalive to terminate... For completeness, the "trust" cases that skip a VNC certificate dialog @@ -11519,6 +11743,7 @@ [ssvnc.gif] [ssvnc_windows.gif] [ssvnc_macosx.gif] [3]. [4]. + The Enhanced TightVNC Viewer, SSVNC, adds encryption security to VNC connections. @@ -11542,8 +11767,11 @@ GUI as an enhanced replacement for the xvncviewer, xtightvncviewer, etc., viewers. - SSVNC also supports the [6]VeNCrypt SSL/TLS extension to VNC (Unix and - Mac OS X only.) + In addition to normal SSL, SSVNC also supports the [6]VeNCrypt SSL/TLS + and Vino/ANONTLS encryption extensions to VNC on Unix, Mac OS X, and + Windows. Via the provided SSVNC VeNCrypt bridge, VeNCrypt and ANONTLS + encryption also works with any third party VNC Viewer (e.g. RealVNC, + TightVNC, UltraVNC, etc...) you select via 'Change VNC Viewer'. The short name for this project is "ssvnc" for SSL/SSH VNC Viewer. This is the name of the command to start it. @@ -11552,9 +11780,9 @@ simplified [8]Terminal-Services mode (tsvnc) for use with x11vnc on the remote side. - It is also possible (although not recommended) to disable all - encryption: -noenc cmdline option; Ctrl-E toggle; or Vnc:// host - prefix; see the online Help for details. + It is also possible (although not recommended) to disable encryption: + -noenc cmdline option; Ctrl-E toggle; or Vnc:// host prefix; see the + online Help for details. The tool has many additional features; see the descriptions below. @@ -11583,20 +11811,29 @@ _________________________________________________________________ - Wrappers and a tcl/tk GUI were written and patches were created for - the TightVNC 1.3.9 vnc_unixsrc tree to add these features: + Feature List: + + Wrapper scripts and a tcl/tk GUI were written to create these features + for Unix, Mac OS X, and Windows: * SSL support for connections using the bundled stunnel program. * Automatic SSH connections from the GUI (system ssh is used on Unix and MacOS X; bundled plink is used on Windows) * Ability to Save and Load VNC profiles for different hosts. + * You can also use your own VNC Viewer, e.g. UltraVNC or RealVNC, + with the SSVNC encryption GUI front-end if you prefer. * Create or Import SSL Certificates and Private Keys. * Reverse (viewer listening) VNC connections via SSL and SSH. - * Support for Web [13]Proxies, SOCKS Proxies, and the [14]UltraVNC + * VeNCrypt SSL/TLS VNC encryption support (used by [13]VeNCrypt, + QEMU, ggi, libvirt/virt-manager/xen, vinagre/gvncviewer/gtk-vnc) + * ANONTLS SSL/TLS VNC encryption support (used by Vino) + * VeNCrypt and ANONTLS are also enabled for any 3rd party VNC Viewer + (e.g. RealVNC, TightVNC, UltraVNC ...) on Unix, MacOSX, and + Windows via the provided SSVNC VeNCrypt Viewer Bridge tool (use + 'Change VNC Viewer' to select the one you want.) + * Support for Web [14]Proxies, SOCKS Proxies, and the [15]UltraVNC repeater proxy (e.g. repeater://host:port+ID:1234). Multiple proxies may be chained together (3 max). * Support for SSH Gateway connections and non-standard SSH ports. - * You can also use your own VNC Viewer, e.g. UltraVNC or RealVNC, - with the SSVNC encryption GUI front-end if you like. * Automatic Service tunnelling via SSH for CUPS and SMB Printing, ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem mounting. * Sets up any additional SSH port redirections that you want. @@ -11610,33 +11847,31 @@ * Support for native MacOS X usage with bundled Chicken of the VNC viewer (the Unix X11 viewer is also provided for MacOS X, and is better IMHO. It is now the default on MacOS X.) - * [15]Dynamic VNC Server Port determination and redirection (using + * [16]Dynamic VNC Server Port determination and redirection (using ssh's builtin SOCKS proxy, ssh -D) for servers like x11vnc that print out PORT= at startup. * Unix Username and Password entry for use with "x11vnc -unixpw" type login dialogs. - * Simplified mode launched by command "[16]sshvnc" that is SSH Only. - * Simplified mode launched by command "[17]tsvnc" that provides a + * Simplified mode launched by command "[17]sshvnc" that is SSH Only. + * Simplified mode launched by command "[18]tsvnc" that provides a VNC "Terminal Services" mode (uses x11vnc on the remote side). - [18]Unix TightVNC Viewer improvements (these only apply to the Unix - VNC viewer, including Mac OS X): + Patches to TightVNC 1.3.9 vnc_unixsrc tree were created for [19]Unix + TightVNC Viewer improvements (these only apply to the Unix VNC viewer, + including MacOSX XQuartz): * rfbNewFBSize VNC support (dynamic screen resizing) * Client-side Scaling of the Desktop in the viewer. * ZRLE VNC encoding support (RealVNC's encoding) * Support for the ZYWRLE encoding, a wavelet based extension to ZRLE to improve compression of motion video and photo regions. - * [19]TurboVNC support ([20]VirtualGL's modified TightVNC encoding; + * [20]TurboVNC support ([21]VirtualGL's modified TightVNC encoding; requires TurboJPEG library) * Pipelined Updates of the framebuffer as in TurboVNC (asks for the next update before the current one has finished downloading; this gives some speedup on high latency connections.) - * Cursor [21]alphablending with x11vnc at 32bpp (-alpha option) + * Cursor [22]alphablending with x11vnc at 32bpp (-alpha option) * Option "-unixpw ..." for use with "x11vnc -unixpw" type login dialogs. - * VeNCrypt SSL/TLS VNC encryption support (used by [22]VeNCrypt, - QEMU, ggi, libvirt/virt-manager/xen, vinagre/gvncviewer/gtk-vnc) - * ANONTLS SSL/TLS VNC encryption support (used by vino) * Support for UltraVNC extensions: 1/n Server side scaling, Text Chat, Single Window, Disable Server-side Input. Both UltraVNC and x11vnc servers support these extensions. @@ -11648,12 +11883,12 @@ * Support for UltraVNC [24]Single Click operation. (both unencrypted: SC I, and SSL encrypted: SC III) * Support for UltraVNC [25]DSM Encryption Plugin symmetric - encryption mode. (ARC4, AESV2, and MSRC4) + encryption mode. (ARC4, AESV2, MSRC4, and SecureVNC) * Support for UltraVNC [26]MS-Logon authentication (NOTE: the UltraVNC MS-Logon key exchange implementation is very weak; an eavesdropper on the network can recover your Windows password - easily; you need to use an additional encrypted tunnel with - MS-Logon.) + easily in a few seconds; you need to use an additional encrypted + tunnel with MS-Logon.) * Support for symmetric encryption (including blowfish and 3des ciphers) to Non-UltraVNC Servers. Any server using the same encryption method will work, [27]e.g.: x11vnc -enc @@ -11666,6 +11901,10 @@ * Local Port Protections for STUNNEL and SSH: avoid having for long periods of time a listening port on the the local (VNC viewer) side that redirects to the remote side. + * Reverse (viewer listening) VNC connections can show a Popup dialog + asking whether to accept the connection or not (-acceptpopup.) The + extra info provided by UltraVNC Single Click reverse connections + is also supported (-acceptpopupsc) * Extremely low color modes: 64 and 8 colors in 8bpp (-use64/-bgr222, -use8/-bgr111) * Medium color mode: 16bpp mode on a 32bpp Viewer display @@ -11715,7 +11954,10 @@ Alternatively, on Unix you can use the [30]conventional source tarball. - Here is the Quick Start info from the README for how to do that: + _________________________________________________________________ + + Here is the Quick Start info from the README for how to setup and use + SSVNC: Quick Start: ----------- @@ -11725,7 +11967,7 @@ Unpack the archive: - % gzip -dc ssvnc-1.0.22.tar.gz | tar xvf - + % gzip -dc ssvnc-1.0.24.tar.gz | tar xvf - Run the GUI: @@ -11733,7 +11975,7 @@ % ./ssvnc/MacOSX/ssvnc (for Mac OS X) - The smaller file "ssvnc_no_windows-1.0.22.tar.gz" + The smaller file "ssvnc_no_windows-1.0.24.tar.gz" could have been used as well. On MacOSX you could also click on the SSVNC app icon in the Finder. @@ -11779,8 +12021,8 @@ For the conventional source tarball it will compile and install, e.g.: - gzip -dc ssvnc-1.0.22.src.tar.gz | tar xvf - - cd ssvnc-1.0.22 + gzip -dc ssvnc-1.0.24.src.tar.gz | tar xvf - + cd ssvnc-1.0.24 make config make all make PREFIX=/my/install/dir install @@ -11793,7 +12035,7 @@ Unzip, using WinZip or a similar utility, the zip file: - ssvnc-1.0.22.zip + ssvnc-1.0.24.zip Run the GUI, e.g.: @@ -11805,7 +12047,7 @@ select Open, and then OK to launch it. - The smaller file "ssvnc_windows_only-1.0.22.zip" + The smaller file "ssvnc_windows_only-1.0.24.zip" could have been used as well. You can make a Windows shortcut to this program if you want to. @@ -12024,7 +12266,7 @@ -noraiseonbeep -passwd (standard VNC authentication) -user (Unix login authentication) - -encodings (e.g. "tight copyrect") + -encodings (e.g. "tight,copyrect") -bgr233 -owncmap -truecolour @@ -12076,6 +12318,16 @@ the network to put (many) desktops on your screen over a long window of time. Use -multilisten for no limit. + -acceptpopup In -listen (reverse connection listening) mode when + a reverse VNC connection comes in show a popup asking + whether to Accept or Reject the connection. The IP + address of the connecting host is shown. Same as + setting the env. var. SSVNC_ACCEPT_POPUP=1. + + -acceptpopupsc As in -acceptpopup except assume UltraVNC Single + Click (SC) server. Retrieve User and ComputerName + info from UltraVNC Server and display in the Popup. + -use64 In -bgr233 mode, use 64 colors instead of 256. -bgr222 Same as -use64. @@ -12135,6 +12387,30 @@ -rawlocal Prefer raw encoding for localhost, default is no, i.e. assumes you have a SSH tunnel instead. + -notty Try to avoid using the terminal for interactive + responses: use windows for messages and prompting + instead. Messages will also be printed to terminal. + + -sendclipboard Send the X CLIPBOARD selection (i.e. Ctrl+C, + Ctrl+V) instead of the X PRIMARY selection (mouse + select and middle button paste.) + + -sendalways Whenever the mouse enters the VNC viewer main + window, send the selection to the VNC server even if + it has not changed. This is like the Xt resource + translation SelectionToVNC(always) + + -recvtext str When cut text is received from the VNC server, + ssvncviewer will set both the X PRIMARY and the + X CLIPBOARD local selections. To control which + is set, specify 'str' as 'primary', 'clipboard', + or 'both' (the default.) + + -graball Grab the entire X server when in fullscreen mode, + needed by some old window managers like fvwm2. + + -popupfix Warp the popup back to the pointer position, + needed by some old window managers like fvwm2. -sendclipboard Send the X CLIPBOARD selection (i.e. Ctrl+C, Ctrl+V) instead of the X PRIMARY selection (mouse select and middle button paste.) @@ -12245,9 +12521,9 @@ IMPORTANT NOTE: The UltraVNC MS-Logon Diffie-Hellman exchange is very weak and can be brute forced to recover - your username and password in a few hours or seconds of CPU - time. To be safe, be sure to use an additional encrypted - tunnel (e.g. SSL or SSH) for the entire VNC session. + your username and password in a few seconds of CPU time. + To be safe, be sure to use an additional encrypted tunnel + (e.g. SSL or SSH) for the entire VNC session. -chatonly Try to be a client that only does UltraVNC text chat. This mode is used by x11vnc to present a chat window on the @@ -12332,7 +12608,8 @@ Cursor Shape: ~ -nocursorshape X11 Cursor: ~ -x11cursor Cursor Alphablend: ~ -alpha - Toggle Tight/ZRLE: ~ -encodings ... + Toggle Tight/Hextile: ~ -encodings hextile... + Toggle Tight/ZRLE: ~ -encodings zrle... Toggle ZRLE/ZYWRLE: ~ -encodings zywrle... Quality Level ~ -quality (both Tight and ZYWRLE) Compress Level ~ -compresslevel @@ -12422,25 +12699,25 @@ "ssvnc_unix_only" (or "ssvnc_no_windows" to recompile). On Mac OS X? Use "ssvnc_no_windows". On Windows? Use "ssvnc_windows_only". - [47]ssvnc_windows_only-1.0.22.zip Windows Binaries Only. No source incl + [47]ssvnc_windows_only-1.0.24.zip Windows Binaries Only. No source incl uded (~6MB) - [48]ssvnc_no_windows-1.0.22.tar.gz Unix and Mac OS X Only. No Windows bin + [48]ssvnc_no_windows-1.0.24.tar.gz Unix and Mac OS X Only. No Windows bin aries. Source included. (~9MB) - [49]ssvnc_unix_only-1.0.22.tar.gz Unix Binaries Only. No source incl + [49]ssvnc_unix_only-1.0.24.tar.gz Unix Binaries Only. No source incl uded. (~6.5MB) - [50]ssvnc_unix_minimal-1.0.22.tar.gz Unix Minimal. You must supply your ow + [50]ssvnc_unix_minimal-1.0.24.tar.gz Unix Minimal. You must supply your ow n vncviewer and stunnel. (~0.1MB) - [51]ssvnc-1.0.22.tar.gz All Unix, Mac OS X, and Windows binari + [51]ssvnc-1.0.24.tar.gz All Unix, Mac OS X, and Windows binari es and source TGZ. (~15MB) - [52]ssvnc-1.0.22.zip All Unix, Mac OS X, and Windows binari + [52]ssvnc-1.0.24.zip All Unix, Mac OS X, and Windows binari es and source ZIP. (~15MB) - [53]ssvnc_all-1.0.22.zip All Unix, Mac OS X, and Windows binari + [53]ssvnc_all-1.0.24.zip All Unix, Mac OS X, and Windows binari es and source AND full archives in the zip dir. (~18MB) Here is a conventional source tarball: - [54]ssvnc-1.0.22.src.tar.gz Conventional Source for SSVNC GUI and + [54]ssvnc-1.0.24.src.tar.gz Conventional Source for SSVNC GUI and Unix VNCviewer (~0.4MB) it will be of use to those who do not want the SSVNC @@ -12458,18 +12735,19 @@ "ssvnc_all", you may need to run the "./build.unix" script in the top directory to recompile for your operating system. - Here are the corresponding 1.0.23 development bundles: + Here are the corresponding 1.0.25 development bundles (Please help + testing them): - [56]ssvnc_windows_only-1.0.23.zip - [57]ssvnc_no_windows-1.0.23.tar.gz - [58]ssvnc_unix_only-1.0.23.tar.gz - [59]ssvnc_unix_minimal-1.0.23.tar.gz - - [60]ssvnc-1.0.23.tar.gz - [61]ssvnc-1.0.23.zip - [62]ssvnc_all-1.0.23.zip + [56]ssvnc_windows_only-1.0.25.zip + [57]ssvnc_no_windows-1.0.25.tar.gz + [58]ssvnc_unix_only-1.0.25.tar.gz + [59]ssvnc_unix_minimal-1.0.25.tar.gz + + [60]ssvnc-1.0.25.tar.gz + [61]ssvnc-1.0.25.zip + [62]ssvnc_all-1.0.25.zip - [63]ssvnc-1.0.23.src.tar.gz Conventional Source for SSVNC GUI and + [63]ssvnc-1.0.25.src.tar.gz Conventional Source for SSVNC GUI and Unix VNCviewer (~0.4MB) @@ -12488,6 +12766,8 @@ [67]Release 1.0.20 at Sourceforge.net [68]Release 1.0.21 at Sourceforge.net [69]Release 1.0.22 at Sourceforge.net + [70]Release 1.0.23 at Sourceforge.net + [71]Release 1.0.24 at Sourceforge.net Please help test the UltraVNC File Transfer support in the native Unix @@ -12530,16 +12810,16 @@ redistribute the above because of cryptographic software they contain or for other reasons. Please check out your situation and information at the following and related sites: - [70]http://www.stunnel.org - [71]http://stunnel.mirt.net - [72]http://www.openssl.org - [73]http://www.chiark.greenend.org.uk/~sgtatham/putty/ - [74]http://www.tightvnc.com - [75]http://www.realvnc.com - [76]http://sourceforge.net/projects/cotvnc/ + [72]http://www.stunnel.org + [73]http://stunnel.mirt.net + [74]http://www.openssl.org + [75]http://www.chiark.greenend.org.uk/~sgtatham/putty/ + [76]http://www.tightvnc.com + [77]http://www.realvnc.com + [78]http://sourceforge.net/projects/cotvnc/ _________________________________________________________________ - README: Here is the toplevel [77]README from the bundle. + README: Here is the toplevel [79]README from the bundle. References @@ -12555,16 +12835,16 @@ 10. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#source 11. http://www.debian.org/security/2008/dsa-1571 12. http://www.karlrunge.com/x11vnc/ssvnc_untrusted_local_users.html - 13. http://www.karlrunge.com/x11vnc/ssvnc-proxies.html - 14. http://www.uvnc.com/addons/repeater.html - 15. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#dynamic-port - 16. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#sshvnc - 17. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#tsvnc - 18. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#unix-patches - 19. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc - 20. http://www.virtualgl.org/ - 21. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks - 22. http://sourceforge.net/projects/vencrypt/ + 13. http://sourceforge.net/projects/vencrypt/ + 14. http://www.karlrunge.com/x11vnc/ssvnc-proxies.html + 15. http://www.uvnc.com/addons/repeater.html + 16. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#dynamic-port + 17. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#sshvnc + 18. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#tsvnc + 19. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#unix-patches + 20. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc + 21. http://www.virtualgl.org/ + 22. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks 23. http://www.uvnc.com/addons/repeater.html 24. http://www.uvnc.com/addons/singleclick.html 25. http://www.uvnc.com/features/encryption.html @@ -12589,37 +12869,39 @@ 44. http://www.karlrunge.com/x11vnc/faq.html#faq-cups 45. http://www.karlrunge.com/x11vnc/faq.html#faq-sound 46. http://sourceforge.net/projects/ssvnc - 47. http://downloads.sourceforge.net/ssvnc/ssvnc_windows_only-1.0.22.zip?use_mirror= - 48. http://downloads.sourceforge.net/ssvnc/ssvnc_no_windows-1.0.22.tar.gz?use_mirror= - 49. http://downloads.sourceforge.net/ssvnc/ssvnc_unix_only-1.0.22.tar.gz?use_mirror= - 50. http://downloads.sourceforge.net/ssvnc/ssvnc_unix_minimal-1.0.22.tar.gz?use_mirror= - 51. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.22.tar.gz - 52. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.22.zip - 53. http://downloads.sourceforge.net/ssvnc/ssvnc_all-1.0.22.zip?use_mirror= - 54. http://downloads.sourceforge.net/ssvnc/ssvnc-1.0.22.src.tar.gz?use_mirror= + 47. http://downloads.sourceforge.net/ssvnc/ssvnc_windows_only-1.0.24.zip?use_mirror= + 48. http://downloads.sourceforge.net/ssvnc/ssvnc_no_windows-1.0.24.tar.gz?use_mirror= + 49. http://downloads.sourceforge.net/ssvnc/ssvnc_unix_only-1.0.24.tar.gz?use_mirror= + 50. http://downloads.sourceforge.net/ssvnc/ssvnc_unix_minimal-1.0.24.tar.gz?use_mirror= + 51. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.24.tar.gz + 52. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.24.zip + 53. http://downloads.sourceforge.net/ssvnc/ssvnc_all-1.0.24.zip?use_mirror= + 54. http://downloads.sourceforge.net/ssvnc/ssvnc-1.0.24.src.tar.gz?use_mirror= 55. http://www.karlrunge.com/x11vnc/etv/README.src.txt - 56. http://ssvnc.sourceforge.net/dev/ssvnc_windows_only-1.0.23.zip - 57. http://ssvnc.sourceforge.net/dev/ssvnc_no_windows-1.0.23.tar.gz - 58. http://ssvnc.sourceforge.net/dev/ssvnc_unix_only-1.0.23.tar.gz - 59. http://ssvnc.sourceforge.net/dev/ssvnc_unix_minimal-1.0.23.tar.gz - 60. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.23.tar.gz - 61. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.23.zip - 62. http://ssvnc.sourceforge.net/dev/ssvnc_all-1.0.23.zip - 63. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.23.src.tar.gz + 56. http://ssvnc.sourceforge.net/dev/ssvnc_windows_only-1.0.25.zip + 57. http://ssvnc.sourceforge.net/dev/ssvnc_no_windows-1.0.25.tar.gz + 58. http://ssvnc.sourceforge.net/dev/ssvnc_unix_only-1.0.25.tar.gz + 59. http://ssvnc.sourceforge.net/dev/ssvnc_unix_minimal-1.0.25.tar.gz + 60. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.25.tar.gz + 61. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.25.zip + 62. http://ssvnc.sourceforge.net/dev/ssvnc_all-1.0.25.zip + 63. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.25.src.tar.gz 64. http://www.karlrunge.com/x11vnc/etv/ssvnc 65. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=636282 66. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=636337 67. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=636338 68. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=640923 69. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=652804 - 70. http://www.stunnel.org/ - 71. http://stunnel.mirt.net/ - 72. http://www.openssl.org/ - 73. http://www.chiark.greenend.org.uk/~sgtatham/putty/ - 74. http://www.tightvnc.com/ - 75. http://www.realvnc.com/ - 76. http://sourceforge.net/projects/cotvnc/ - 77. http://www.karlrunge.com/x11vnc/README.ssvnc.html + 70. http://sourceforge.net/projects/ssvnc/files/ssvnc/1.0.23/ + 71. http://sourceforge.net/projects/ssvnc/files/ssvnc/1.0.24/ + 72. http://www.stunnel.org/ + 73. http://stunnel.mirt.net/ + 74. http://www.openssl.org/ + 75. http://www.chiark.greenend.org.uk/~sgtatham/putty/ + 76. http://www.tightvnc.com/ + 77. http://www.realvnc.com/ + 78. http://sourceforge.net/projects/cotvnc/ + 79. http://www.karlrunge.com/x11vnc/README.ssvnc.html ======================================================================= http://www.karlrunge.com/x11vnc/x11vnc_opts.html: @@ -12632,98 +12914,100 @@ Here are all of x11vnc command line options: % x11vnc -opts (see below for -help long descriptions) -x11vnc: allow VNC connections to real X11 displays. 0.9.8 lastmod: 2009-06-14 +x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-21 x11vnc options: -display disp -auth file -N -autoport n -rfbport str -reopen -reflect host:N -id windowid -sid windowid - -clip WxH+X+Y -flashcmap -shiftcmap n - -notruecolor -advertise_truecolor -visual n - -overlay -overlay_nocursor -8to24 [opts] - -24to32 -scale fraction -geometry WxH - -scale_cursor frac -viewonly -shared - -once -forever -loop - -timeout n -sleepin n -inetd - -tightfilexfer -ultrafilexfer -http - -http_ssl -avahi -mdns - -zeroconf -connect string -connect_or_exit str - -proxy string -vncconnect -novncconnect - -allow host1[,host2..] -localhost -nolookup - -input string -grabkbd -grabptr - -grabalways -viewpasswd string -passwdfile filename - -unixpw [list] -unixpw_nis [list] -unixpw_cmd cmd - -find -finddpy -listdpy + -appshare -clip WxH+X+Y -flashcmap + -shiftcmap n -notruecolor -advertise_truecolor + -visual n -overlay -overlay_nocursor + -8to24 [opts] -24to32 -scale fraction + -geometry WxH -scale_cursor frac -viewonly + -shared -once -forever + -loop -timeout n -sleepin n + -inetd -tightfilexfer -ultrafilexfer + -http -http_ssl -avahi + -mdns -zeroconf -connect string + -connect_or_exit str -proxy string -vncconnect + -novncconnect -allow host1[,host2..] -localhost + -nolookup -input string -grabkbd + -grabptr -grabalways -viewpasswd string + -passwdfile filename -showrfbauth filename -unixpw [list] + -unixpw_nis [list] -unixpw_cmd cmd -find + -finddpy -listdpy -findauth [disp] -create -xdummy -xvnc -xvnc_redirect -svc -svc_xdummy -svc_xvnc -xdmsvc -sshxdmsvc - -redirect port -display WAIT:... -vencrypt mode - -anontls mode -sslonly -dhparams file - -nossl -ssl [pem] -ssltimeout n - -sslnofail -ssldir [dir] -sslverify [path] - -sslCRL path -sslGenCA [dir] -sslGenCert type name - -sslEncKey [pem] -sslCertInfo [pem] -sslDelCert [pem] - -stunnel [pem] -stunnel3 [pem] -enc cipher:keyfile - -https [port] -httpsredir [port] -http_oneport - -ssh user@host:disp -usepw -storepasswd pass file - -nopw -accept string -afteraccept string - -gone string -users list -noshm - -flipbyteorder -onetile -solid [color] - -blackout string -xinerama -noxinerama - -xtrap -xrandr [mode] -rotate string - -padgeom WxH -o logfile -flag file - -rmflag file -rc filename -norc - -env VAR=VALUE -prog /path/to/x11vnc -h, -help - -?, -opts -V, -version -license - -dbg -q, -quiet -v, -verbose - -bg -modtweak -nomodtweak - -xkb -noxkb -capslock - -skip_lockkeys -noskip_lockkeys -skip_keycodes string - -sloppy_keys -skip_dups -noskip_dups - -add_keysyms -noadd_keysyms -clear_mods - -clear_keys -clear_all -remap string - -norepeat -repeat -nofb - -nobell -nosel -noprimary - -nosetprimary -noclipboard -nosetclipboard - -seldir string -cursor [mode] -nocursor - -cursor_drag -arrow n -noxfixes - -alphacut n -alphafrac fraction -alpharemove - -noalphablend -nocursorshape -cursorpos - -nocursorpos -xwarppointer -noxwarppointer - -buttonmap string -nodragging -ncache n - -ncache_cr -ncache_no_moveraise -ncache_no_dtchange - -ncache_no_rootpixmap -ncache_keep_anims -ncache_old_wm - -ncache_pad n -debug_ncache -wireframe [str] - -nowireframe -nowireframelocal -wirecopyrect mode - -nowirecopyrect -debug_wireframe -scrollcopyrect mode - -noscrollcopyrect -scr_area n -scr_skip list - -scr_inc list -scr_keys list -scr_term list - -scr_keyrepeat lo-hi -scr_parms string -fixscreen string - -debug_scroll -noxrecord -grab_buster - -nograb_buster -debug_grabs -debug_sel - -pointer_mode n -input_skip n -allinput - -speeds rd,bw,lat -wmdt string -debug_pointer - -debug_keyboard -defer time -wait time - -wait_ui factor -setdefer n -nowait_bog - -slow_fb time -xrefresh time -nap - -nonap -sb time -readtimeout n - -ping n -nofbpm -fbpm - -nodpms -dpms -forcedpms - -clientdpms -noserverdpms -noultraext - -chatwindow -noxdamage -xd_area A - -xd_mem f -sigpipe string -threads - -nothreads -fs f -gaps n - -grow n -fuzz n -debug_tiles - -snapfb -rawfb string -freqtab file - -pipeinput cmd -macnodim -macnosleep - -macnosaver -macnowait -macwheel n - -macnoswap -macnoresize -maciconanim n - -macmenu -macuskbd -gui [gui-opts] - -remote command -query variable -QD variable - -sync -noremote -yesremote - -unsafe -safer -privremote - -nocmds -allowedcmds list -deny_all - + -unixpw_system_greeter -redirect port -display WAIT:... + -vencrypt mode -anontls mode -sslonly + -dhparams file -nossl -ssl [pem] + -ssltimeout n -sslnofail -ssldir [dir] + -sslverify [path] -sslCRL path -sslGenCA [dir] + -sslGenCert type name -sslEncKey [pem] -sslCertInfo [pem] + -sslDelCert [pem] -stunnel [pem] -stunnel3 [pem] + -enc cipher:keyfile -https [port] -httpsredir [port] + -http_oneport -ssh user@host:disp -usepw + -storepasswd pass file -nopw -accept string + -afteraccept string -gone string -users list + -noshm -flipbyteorder -onetile + -solid [color] -blackout string -xinerama + -noxinerama -xtrap -xrandr [mode] + -rotate string -padgeom WxH -o logfile + -flag file -rmflag file -rc filename + -norc -env VAR=VALUE -prog /path/to/x11vnc + -h, -help -?, -opts -V, -version + -license -dbg -q, -quiet + -v, -verbose -bg -modtweak + -nomodtweak -xkb -noxkb + -capslock -skip_lockkeys -noskip_lockkeys + -skip_keycodes string -sloppy_keys -skip_dups + -noskip_dups -add_keysyms -noadd_keysyms + -clear_mods -clear_keys -clear_all + -remap string -norepeat -repeat + -nofb -nobell -nosel + -noprimary -nosetprimary -noclipboard + -nosetclipboard -seldir string -cursor [mode] + -nocursor -cursor_drag -arrow n + -noxfixes -alphacut n -alphafrac fraction + -alpharemove -noalphablend -nocursorshape + -cursorpos -nocursorpos -xwarppointer + -noxwarppointer -buttonmap string -nodragging + -ncache n -ncache_cr -ncache_no_moveraise + -ncache_no_dtchange -ncache_no_rootpixmap -ncache_keep_anims + -ncache_old_wm -ncache_pad n -debug_ncache + -wireframe [str] -nowireframe -nowireframelocal + -wirecopyrect mode -nowirecopyrect -debug_wireframe + -scrollcopyrect mode -noscrollcopyrect -scr_area n + -scr_skip list -scr_inc list -scr_keys list + -scr_term list -scr_keyrepeat lo-hi -scr_parms string + -fixscreen string -debug_scroll -noxrecord + -grab_buster -nograb_buster -debug_grabs + -debug_sel -pointer_mode n -input_skip n + -allinput -speeds rd,bw,lat -wmdt string + -debug_pointer -debug_keyboard -defer time + -wait time -extra_fbur n -wait_ui factor + -setdefer n -nowait_bog -slow_fb time + -xrefresh time -nap -nonap + -sb time -readtimeout n -ping n + -nofbpm -fbpm -nodpms + -dpms -forcedpms -clientdpms + -noserverdpms -noultraext -chatwindow + -noxdamage -xd_area A -xd_mem f + -sigpipe string -threads -nothreads + -fs f -gaps n -grow n + -fuzz n -debug_tiles -snapfb + -rawfb string -freqtab file -pipeinput cmd + -macnodim -macnosleep -macnosaver + -macnowait -macwheel n -macnoswap + -macnoresize -maciconanim n -macmenu + -macuskbd -gui [gui-opts] -remote command + -query variable -QD variable -sync + -query_retries str -remote_prefix str -noremote + -yesremote -unsafe -safer + -privremote -nocmds -allowedcmds list + -deny_all libvncserver options: -rfbport port TCP port for RFB protocol @@ -12757,7 +13041,7 @@ % x11vnc -help -x11vnc: allow VNC connections to real X11 displays. 0.9.8 lastmod: 2009-06-14 +x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-21 (type "x11vnc -opts" to just list the options.) @@ -12821,6 +13105,17 @@ before startup. Same as -xauth file. See Xsecurity(7), xauth(1) man pages for more info. + Use '-auth guess' to have x11vnc use its -findauth + mechanism (described below) to try to guess the + XAUTHORITY filename and use it. + + XDM/GDM/KDM: if you are running x11vnc as root and want + to find the XAUTHORITY before anyone has logged into an + X session yet, use: x11vnc -env FD_XDM=1 -auth guess ... + (This will also find the XAUTHORITY if a user is already + logged into the X session.) When running as root, + FD_XDM=1 will be tried if the initial -auth guess fails. + -N If the X display is :N, try to set the VNC display to also be :N This just sets the -rfbport option to 5900+N The program will exit immediately if that port is not @@ -12842,7 +13137,18 @@ for display managers like GDM (KillInitClients option) that kill x11vnc just after the user logs into the X session. Note: the reopened state may be unstable. - Set X11VNC_REOPEN_DISPLAY=n to reopen n times. + Set X11VNC_REOPEN_DISPLAY=n to reopen n times and + set X11VNC_REOPEN_SLEEP_MAX to the number of seconds, + default 10, to keep trying to reopen the display (once + per second.) + + Update: as of 0.9.9, x11vnc tries to automatically avoid + being killed by the display manager by delaying creating + windows or using XFIXES. So you shouldn't need to use + KillInitClients=false as long as you log in quickly + enough (within 45 seconds of connecting.) You can + disable this by setting X11VNC_AVOID_WINDOWS=never. + You can also set it to the number of seconds to delay. -reflect host:N Instead of connecting to and polling an X display, connect to the remote VNC server host:N and be a @@ -12871,6 +13177,14 @@ shifts a root view to it: this shows SaveUnders menus, etc, although they will be clipped if they extend beyond the window. + +-appshare Simple application sharing based on the -id/-sid + mechanism. Every new toplevel window that the + application creates induces a new viewer window via + a reverse connection. The -id/-sid and -connect + options are required. Run 'x11vnc -appshare -help' + for more info. + -clip WxH+X+Y Only show the sub-region of the full display that corresponds to the rectangle geometry with size WxH and offset +X+Y. The VNC display has size WxH (i.e. smaller @@ -12975,10 +13289,10 @@ an improvement over -flashcmap because it avoids the flashing and shows each window in the correct color. - This method appear to work, but may still have bugs - and it does hog resources. If there are multiple 8bpp - windows using different colormaps, one may have to - iconify all but one for the colors to be correct. + This method works OK, but may still have bugs and it + does hog resources. If there are multiple 8bpp windows + using different colormaps, one may have to iconify all + but one for the colors to be correct. There may be painting errors for clipping and switching between windows of depths 8 and 24. Heuristics are @@ -13042,8 +13356,8 @@ is needed for the latter, feel free to ask). -scale fraction Scale the framebuffer by factor "fraction". Values - less than 1 shrink the fb, larger ones expand it. Note: - image may not be sharp and response may be slower. + less than 1 shrink the fb, larger ones expand it. Note: + the image may not be sharp and response may be slower. If "fraction" contains a decimal point "." it is taken as a floating point number, alternatively the notation "m/n" may be used to denote fractions @@ -13120,6 +13434,18 @@ -timeout n Exit unless a client connects within the first n seconds after startup. + If there have been no connection attempts after n + seconds x11vnc exits immediately. If a client is + trying to connect but has not progressed to the normal + operating state, x11vnc gives it a few more seconds + to finish and exits if it does not make it to the + normal state. + + For reverse connections via -connect or -connect_or_exit + a timeout of n seconds will be set for all reverse + connects. If the connect timeout alarm goes off, + x11vnc will exit immediately. + -sleepin n At startup sleep n seconds before proceeding (e.g. to allow redirs and listening clients to start up) @@ -13214,8 +13540,7 @@ Repeater mode: Some services provide an intermediate "vnc repeater": http://www.uvnc.com/addons/repeater.html (and also http://koti.mbnet.fi/jtko/ for linux port) - that acts as a proxy / gateway. Modes like these requir -e + that acts as a proxy/gateway. Modes like these require an initial string to be sent for the reverse connection before the VNC protocol is started. Here are the ways to do this: @@ -13324,6 +13649,15 @@ X11VNC_REMOTE channel, and this option disables/enables it as well. Default: -vncconnect + To use different names for these X11 properties (e.g. to + have separate communication channels for multiple + x11vnc's on the same display) set the VNC_CONNECT or + X11VNC_REMOTE env. vars. to the string you want, for + example: -env X11VNC_REMOTE=X11VNC_REMOTE_12345 + Both sides of the channel must use the same unique name. + The same can be done for the internal X11VNC_TICKER + property (heartbeat and timestamp) if desired. + -allow host1[,host2..] Only allow client connections from hosts matching the comma separated list of hostnames or IP addresses. Can also be a numerical IP prefix, e.g. "192.168.100." @@ -13479,19 +13813,22 @@ and last line be "__BEGIN_VIEWONLY__" to have 2 full-access passwords) +-showrfbauth filename Print to the screen the obscured VNC password kept in + the rfbauth file "filename" and then exit. + -unixpw [list] Use Unix username and password authentication. x11vnc - uses the su(1) program to verify the user's password. - [list] is an optional comma separated list of allowed - Unix usernames. If the [list] string begins with the - character "!" then the entire list is taken as an - exclude list. See below for per-user options that can - be applied. + will use the su(1) program to verify the user's + password. [list] is an optional comma separated list + of allowed Unix usernames. If the [list] string begins + with the character "!" then the entire list is taken + as an exclude list. See below for per-user options + that can be applied. A familiar "login:" and "Password:" dialog is presented to the user on a black screen inside the vncviewer. The connection is dropped if the user fails to supply the correct password in 3 tries or does not - send one before a 25 second timeout. Existing clients + send one before a 45 second timeout. Existing clients are view-only during this period. If the first character received is "Escape" then the @@ -13501,8 +13838,9 @@ Since the detailed behavior of su(1) can vary from OS to OS and for local configurations, test the mode - carefully. x11vnc will attempt to be conservative and - reject a login if anything abnormal occurs. + before deployment to make sure it is working properly. + x11vnc will attempt to be conservative and reject a + login if anything abnormal occurs. One case to note: FreeBSD and the other BSD's by default it is impossible for the user running x11vnc to @@ -13535,7 +13873,7 @@ to come from the same machine x11vnc is running on (e.g. from a ssh -L port redirection). And that the -stunnel SSL mode be used for encryption over the - network.(see the description of -stunnel below). + network. (see the description of -stunnel below). Note: as a convenience, if you ssh(1) in and start x11vnc it will check if the environment variable @@ -13550,20 +13888,24 @@ environment variables before starting x11vnc: Set UNIXPW_DISABLE_SSL=1 to disable requiring either - -ssl or -stunnel. Evidently you will be using a - different method to encrypt the data between the - vncviewer and x11vnc: perhaps ssh(1) or an IPSEC VPN. - - Note that use of -localhost with ssh(1) is roughly - the same as requiring a Unix user login (since a Unix - password or the user's public key authentication is - used by sshd on the machine where x11vnc runs and only - local connections from that machine are accepted). + -ssl or -stunnel (as under SSH_CONNECTION.) Evidently + you will be using a different method to encrypt the + data between the vncviewer and x11vnc: perhaps ssh(1) + or an IPSEC VPN. -localhost is still enforced (however, + see the next paragraph.) Set UNIXPW_DISABLE_LOCALHOST=1 to disable the -localhost - requirement in Method 2). One should never do this + requirement in -unixpw modes. One should never do this (i.e. allow the Unix passwords to be sniffed on the - network). + network.) This also disables the localhost requirement + for reverse connections (see below.) + + Note that use of -localhost with ssh(1) (and no -unixpw) + is roughly the same as requiring a Unix user login + (since a Unix password or the user's public key + authentication is used by sshd on the machine where + x11vnc runs and only local connections from that machine + are accepted). Regarding reverse connections (e.g. -R connect:host and -connect host), when the -localhost constraint is @@ -13581,7 +13923,7 @@ in -inetd mode (thereby bypassing inetd). See the FAQ for details. - The user names in the comma separated [list] can have + The user names in the comma separated [list] may have per-user options after a ":", e.g. "fred:opts" where "opts" is a "+" separated list of "viewonly", "fullaccess", "input=XXXX", or @@ -13589,13 +13931,13 @@ For "input=" it is the K,M,B,C described under -input. If an item in the list is "*" that means those - options apply to all users. It also means all users + options apply to all users. It ALSO implies all users are allowed to log in after supplying a valid password. Use "deny" to explicitly deny some users if you use - "*" to set a global option. If [list] begins with - the "!" character then "*" is ignored for checking - if the user is allowed, but the any value of options - associated with it does apply as normal. + "*" to set a global option. If [list] begins with the + "!" character then "*" is ignored for checking if + the user is allowed, but the option values associated + with it do apply as normal. There are also some utilities for testing password if [list] starts with the "%" character. See the @@ -13620,32 +13962,89 @@ NIS is not required for this mode to work (only that getpwnam(3) return the encrypted password is required), - but it is unlikely it will work for any most modern - environments unless x11vnc is run as root to be able - to access /etc/shadow (note running as root is often - done when running x11vnc from inetd and xdm/gdm/kdm). + but it is unlikely it will work (as an ordinary user) + for most modern environments unless NIS is available. + On the other hand, when x11vnc is run as root it will + be able to to access /etc/shadow even if NIS is not + available (note running as root is often done when + running x11vnc from inetd and xdm/gdm/kdm). Looked at another way, if you do not want to use the - su(1) method provided by -unixpw, you can run x11vnc - as root and use -unixpw_nis. Any users with passwords - in /etc/shadow can then be authenticated. You may want - to use -users unixpw= to switch the process user after - the user logs in. + su(1) method provided by -unixpw (i.e. su_verify()), you + can run x11vnc as root and use -unixpw_nis. Any users + with passwords in /etc/shadow can then be authenticated. + + In -unixpw_nis mode, under no circumstances is x11vnc's + user password verifying function based on su called + (i.e. the function su_verify() that runs /bin/su + in a pseudoterminal to verify passwords.) However, + if -unixpw_nis is used in conjunction with the -find + and -create -display WAIT:... modes then, if x11vnc is + running as root, /bin/su may be called externally to + run the find or create commands. -unixpw_cmd cmd As -unixpw above, however do not use su(1) but rather run the externally supplied command "cmd". The first - line of its stdin will the username and the second line - the received password. If the command exits with status - 0 (success) the VNC client will be accepted. It will be - rejected for any other return status. - - Dynamic passwords and non-unix passwords can be - implemented this way by providing your own custom helper - program. Note that under unixpw mode the remote viewer - is given 3 tries to enter the correct password. - - If a list of allowed users is needed use -unixpw [list] - in addition to this option. + line of its stdin will be the username and the second + line the received password. If the command exits + with status 0 (success) the VNC user will be accepted. + It will be rejected for any other return status. + + Dynamic passwords and non-unix passwords, e.g. LDAP, + can be implemented this way by providing your own custom + helper program. Note that the remote viewer is given 3 + tries to enter the correct password, and so the program + may be called in a row that many (or more) times. + + If a list of allowed users is needed to limit who can + log in, use -unixpw [list] in addition to this option. + + In FINDDISPLAY and FINDCREATEDISPLAY modes the "cmd" + will also be run with the RFB_UNIXPW_CMD_RUN env. var. + non-empty and set to the corresponding display + find/create command. The first two lines of input are + the username and passwd as in the normal case described + above. To support FINDDISPLAY and FINDCREATEDISPLAY, + "cmd" should run the requested command as the user + (and most likely refusing to run it if the password is + not correct.) Here is an example script (note it has + a hardwired bogus password "abc"!) + + #!/bin/sh + # Example x11vnc -unixpw_cmd script. + # Read the first two lines of stdin (user and passwd) + read user + read pass + + debug=0 + if [ $debug = 1 ]; then + echo "user: $user" 1>&2 + echo "pass: $pass" 1>&2 + env | egrep -i 'rfb|vnc' 1>&2 + fi + + # Check if the password is valid. + # (A real example would use ldap lookup, etc!) + if [ "X$pass" != "Xabc" ]; then + exit 1 # incorrect password + fi + + if [ "X$RFB_UNIXPW_CMD_RUN" = "X" ]; then + exit 0 # correct password + else + # Run the requested command (finddisplay) + if [ $debug = 1 ]; then + echo "run: $RFB_UNIXPW_CMD_RUN" 1>&2 + fi + exec /bin/su - "$user" -c "$RFB_UNIXPW_CMD_RUN" + fi + + In -unixpw_cmd mode, under no circumstances is x11vnc's + user password verifying function based on su called + (i.e. the function su_verify() that runs /bin/su in a + pseudoterminal to verify passwords.) It is up to the + supplied unixpw_cmd to do user switching if desired + and if it has the permissions to do so. -find Find the user's display using FINDDISPLAY. This is an alias for "-display WAIT:cmd=FINDDISPLAY". @@ -13662,6 +14061,25 @@ (i.e. all the X displays on the local machine that you have access rights to). +-findauth [disp] Apply the -find/-finddpy heuristics to try to guess + the XAUTHORITY file for DISPLAY 'disp'. If 'disp' + is not supplied, then the value in the -display on + the cmdline is used; failing that $DISPLAY is used; + and failing that ":0" is used. + + If nothing is printed out, that means no XAUTHORITY was + found for 'disp'; i.e. failure. If "XAUTHORITY=" + is printed out, that means use the default (i.e. do + not set XAUTHORITY). If "XAUTHORITY=/path/to/file" + is printed out, then use that file. + + XDM/GDM/KDM: if you are running x11vnc as root and want + to find the XAUTHORITY before anyone has logged into an + X session yet, use: x11vnc -env FD_XDM=1 -findauth ... + (This will also find the XAUTHORITY if a user is already + logged into the X session.) When running as root, + FD_XDM=1 will be tried if the initial -findauth fails. + -create First try to find the user's display using FINDDISPLAY, if that doesn't succeed create an X session via the FINDCREATEDISPLAY method. This is an alias for @@ -13692,6 +14110,10 @@ under -display WAIT:... for more details about XDM, etc configuration. + Remember to enable XDMCP in the xdm-config, gdm.conf, + or kdmrc configuration file. See -display WAIT: for + more info. + -sshxdmsvc Display manager Terminal services mode based on SSH. Alias for -display WAIT:cmd=FINDCREATEDISPLAY-Xvfb.xdmcp -localhost. @@ -13704,6 +14126,52 @@ under -display WAIT:... for more details about XDM, etc configuration. + Remember to enable XDMCP in the xdm-config, gdm.conf, + or kdmrc configuration file. See -display WAIT: for + more info. + +-unixpw_system_greeter Present a "Press 'Escape' for System Greeter" option + to the connecting VNC client in combined -unixpw + and xdmcp FINDCREATEDISPLAY modes (e.g. -xdmsvc). + + Normally in a -unixpw mode the VNC client must + supply a valid username and password to gain access. + However, if -unixpw_system_greeter is supplied AND + the FINDCREATEDISPLAY command matches 'xdmcp', then + the user has the option to press Escape and then get a + XDM/GDM/KDM login/greeter panel instead. They will then + supply a username and password directly to the greeter. + + Otherwise, in xdmcp FINDCREATEDISPLAY mode the user + must supply his username and password TWICE. First to + the initial unixpw login dialog, and second to the + subsequent XDM/GDM/KDM greeter. Note that if the user + re-connects and supplies his username and password in + the unixpw dialog the xdmcp greeter is skipped and + he is connected directly to his existing X session. + So the -unixpw_system_greeter option avoids the extra + password at X session creation time. + + Example: x11vnc -xdmsvc -unixpw_system_greeter + See -unixpw and -display WAIT:... for more info. + + The special options after a colon at the end of the + username (e.g. user:solid) described under -display + WAIT: are also applied in this mode if they are typed + in before the user hits Escape. The username is ignored + but the colon options are not. + + The default message is 2 lines in a small font, set + the env. var. X11VNC_SYSTEM_GREETER1=true for a 1 line + message in a larger font. + + If the user pressed Escape the FINDCREATEDISPLAY command + will be run with the env. var. X11VNC_XDM_ONLY=1. + + Remember to enable XDMCP in the xdm-config, gdm.conf, + or kdmrc configuration file. See -display WAIT: for + more info. + -redirect port As in FINDCREATEDISPLAY-Xvnc.redirect mode except redirect immediately (i.e. without X session finding or creation) to a VNC server listening on port. You @@ -13762,19 +14230,26 @@ xauth extract - $DISPLAY" - In the case of -unixpw (but not -unixpw_nis), then the - cmd= command is run as the user who just authenticated - via the login and password prompt. + In the case of -unixpw (and -unixpw_nis only if x11vnc + is running as root), then the cmd= command is run + as the user who just authenticated via the login and + password prompt. + + In the case of -unixpw_cmd, the commands will also be + run as the logged-in user, as long as the user-supplied + helper program supports RFB_UNIXPW_CMD_RUN (see the + -unixpw_cmd option.) Also in the case of -unixpw, the user logging in can place a colon at the end of her username and supply a few options: scale=, scale_cursor= (or sc=), solid - (or so), id=, clear_mods (or cm), clear_keys (or ck), - repeat, speeds= (or sp=), readtimeout= (or rd=), - rotate= (or ro=), or noncache (or nc), all separated by - commas if there is more than one. After the user logs - in successfully, these options will be applied to the - VNC screen. For example, + (or so), id=, clear_mods (or cm), clear_keys (or + ck), clear_all (or ca), repeat, speeds= (or sp=), + readtimeout= (or rd=), viewonly (or vo), nodisplay= + (or nd=), rotate= (or ro=), or noncache (or nc), + all separated by commas if there is more than one. + After the user logs in successfully, these options will + be applied to the VNC screen. For example, login: fred:scale=3/4,sc=1,repeat Password: ... @@ -13786,6 +14261,9 @@ your long "login:" line press the Up arrow once (before typing anything else). + In the login panel, press F1 to get a list of the + available options that you can add after the username. + Another option is "geom=WxH" or "geom=WxHxD" (or ge=). This only has an effect in FINDCREATEDISPLAY mode when a virtual X server such as Xvfb is going @@ -13797,6 +14275,12 @@ (same as "xterm") to have the created display use that mode for the user session. + Specify "tag=..." to set the unique FD_TAG desktop + session tag described below. Note: this option will + be ignored if the FD_TAG env. var. is already set or + if the viewer-side supplied value is not completely + composed of alphanumeric or '_' or '-' characters. + To disable the option setting set the environment variable X11VNC_NO_UNIXPW_OPTS=1 before starting x11vnc. To set any other options, the user can use the gui @@ -13842,6 +14326,12 @@ for how to disable this for dtgreet on Solaris and possibly for other greeters. + In -find/cmd=FINDDISPLAY mode, if you set FD_XDM=1, + e.g. 'x11vnc -env FD_XDM=1 -find ...' and x11vnc is + running as root (e.g. inetd) then it will try to find + the XAUTHORITY file of a running XDM/GDM/KDM login + greeter (i.e. no user has logged into an X session yet.) + As another special case, WAIT:cmd=HTTPONCE will allow x11vnc to service one http request and then exit. This is usually done in -inetd mode to run on, say, @@ -13861,7 +14351,9 @@ ignore in the finding process. The ":" is optional. Ranges n-m e.g. 0-20 can also be supplied. This string can also be set by the connecting user via "nd=" - using "+" instead of "," + using "+" instead of "," If "nd=all" or you set + X11VNC_SKIP_DISPLAY=all then all display finding fails + as if you set X11VNC_FINDDISPLAY_ALWAYS_FAILS=1 (below.) Automatic Creation of User X Sessions: @@ -13877,8 +14369,8 @@ It will start looking for an open display number at :20 Override via X11VNC_CREATE_STARTING_DISPLAY_NUMBER=n - By default FINDCREATEDISPLAY will try Xdummy and then - Xvfb: + By default FINDCREATEDISPLAY will try Xvfb and then + Xdummy: The Xdummy wrapper is part of the x11vnc source code (x11vnc/misc/Xdummy) It should be available in PATH and @@ -13917,6 +14409,8 @@ If for some reason you do not want x11vnc to ever try to find an existing display set the env. var X11VNC_FINDDISPLAY_ALWAYS_FAILS=1 (also -env ...) + This is the same as setting X11VNC_SKIP_DISPLAY=all or + supplying "nd=all" after "username:" Use WAIT:cmd=FINDCREATEDISPLAY-print to print out the script that is used for this. @@ -13945,12 +14439,15 @@ be the full path to the session/windowmanager program. More FD tricks: FD_CUPS=port or FD_CUPS=host:port - will set the cups printing environment. Similarly - for FD_ESD=port or FD_ESD=host:port for esddsp sound - redirection. FD_XDUMMY_NOROOT means the Xdummy server - does not need to be started as root (e.g. it will sudo - automatically). Set FD_EXTRA to a command to be run - a few seconds after the X server starts up. + will set the cups printing environment. Similarly for + FD_ESD=port or FD_ESD=host:port for esddsp sound + redirection. FD_XDUMMY_NOROOT means the Xdummy + server does not need to be started as root (e.g. it + will sudo automatically). Set FD_EXTRA to a command + to be run a few seconds after the X server starts up. + Set FD_TAG to be a unique name for the session, it is + set as an X property, that makes FINDDISPLAY only find + sessions with that tag value. If you want the FINDCREATEDISPLAY session to contact an XDMCP login manager (xdm/gdm/kdm) on the same machine, @@ -14030,8 +14527,9 @@ Otherwise in -unixpw mode the normal login panel is provided. - You *MUST* supply the -ssl option for VeNCrypt to be - active. This option only fine-tunes its operation. + You *MUST* supply the -ssl option for VeNCrypt to + be active. The -vencrypt option only fine-tunes its + operation. -anontls mode The ANONTLS extension to the VNC protocol allows encrypted SSL/TLS connections. If the -ssl mode is @@ -14066,8 +14564,9 @@ Long example: -anontls newdh:plain:support - You *MUST* supply the -ssl option for ANONTLS to be - active. This option only fine-tunes its operation. + You *MUST* supply the -ssl option for ANONTLS to + be active. The -anontls option only fine-tunes its + operation. -sslonly Same as: "-vencrypt never -anontls never" i.e. it disables the VeNCrypt and ANONTLS encryption methods @@ -14091,16 +14590,17 @@ -ssl [pem] Use the openssl library (www.openssl.org) to provide a built-in encrypted SSL/TLS tunnel between VNC viewers - and x11vnc. This requires libssl support to be compiled - into x11vnc at build time. If x11vnc is not built - with libssl support it will exit immediately when -ssl - is prescribed. + and x11vnc. This requires libssl support to be + compiled into x11vnc at build time. If x11vnc is not + built with libssl support it will exit immediately when + -ssl is prescribed. See the -stunnel option below for + an alternative. The VNC Viewer-side needs to support SSL/TLS as well. See this URL and also the discussion below for ideas on how to enable SSL support for the viewer: http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tun - nel-viewers x11vnc provides an SSL enabled Java + nel-viewers . x11vnc provides an SSL enabled Java viewer applet in the classes/ssl directory (-http or -httpdir options.) The SSVNC viewer package supports SSL tunnels too. @@ -14185,11 +14685,16 @@ Thus only passive network sniffing attacks are avoided: the "ANON" method is susceptible to Man-In-The-Middle attacks. "ANON" is not recommended; instead use - a SSL PEM you created or the defaut "SAVE" method. + a SSL PEM you created or the default "SAVE" method. See -ssldir below to use a directory besides the default ~/.vnc/certs + If your x11vnc binary was not compiled with OpenSSL + library support, use of the -ssl option will induce an + immediate failure and exit. For such binaries, consider + using the -stunnel option for SSL encrypted connections. + Misc Info: In temporary cert creation mode "TMP", set the env. var. X11VNC_SHOW_TMP_PEM=1 to have x11vnc print out the entire certificate, including the PRIVATE KEY @@ -14203,7 +14708,7 @@ Set to zero to poll forever. Set to a negative value to use the builtin setting. - Note that this value does not apply to the *initial* ssl + Note that this value does NOT apply to the *initial* ssl init connection. The default timeout for that is 20sec. Use -env SSL_INIT_TIMEOUT=n to modify it. @@ -14292,7 +14797,7 @@ NOTE: the following utilities, -sslGenCA, -sslGenCert, - -sslEncKey, and -sslCertInfo are provided for + -sslEncKey, -sslCertInfo, and -sslCRL are provided for completeness, but for casual usage they are overkill. They provide VNC Certificate Authority (CA) key creation @@ -14343,8 +14848,9 @@ the ss_vncviewer example script in the FAQ and SSVNC.) -sslCRL path Set the Certificate Revocation Lists (CRL) to "path". + This setting applies for both -ssl and -stunnel modes. - If path is a file, the file contains one more more CRLs + If path is a file, the file contains one or more CRLs in PEM format. If path is a directory, it contains hash named files of CRLs in the usual OpenSSL manner. See the OpenSSL and stunnel(8) documentation for @@ -14356,6 +14862,10 @@ The -sslCRL setting will be ignored when -sslverify is not specified. + Note that if a CRL's expiration date has passed, all + SSL connections will fail regardless of if they are + related to the subject of the CRL or not. + Only rarely will one's x11vnc -ssl infrastructure be so large that this option would be useful (since normally maintaining the contents of the -sslverify file or @@ -14467,11 +14977,13 @@ Similar to -sslGenCA, you will be prompted to fill in some information that will be recorded in the - certificate when it is created. Tip: if you know - the fully-qualified hostname other people will be - connecting to you can use that as the CommonName "CN" - to avoid some applications (e.g. web browsers and java - plugin) complaining it does not match the hostname. + certificate when it is created. + + Tip: if you know the fully-qualified hostname other + people will be connecting to, you can use that as the + CommonName "CN" to avoid some applications (e.g. web + browsers and java plugin) complaining that it does not + match the hostname. You will also need to supply the CA private key passphrase to unlock the private key created from @@ -14495,14 +15007,14 @@ the cert and private key. The .crt contains the certificate only. - NOTE: It is very important to know one should always + NOTE: It is very important to know one should generate new keys with a passphrase. Otherwise if an untrusted user steals the key file he could use it to masquerade as the x11vnc server (or VNC viewer client). You will be prompted whether to encrypt the key with a passphrase or not. It is recommended that you do. One inconvenience to a passphrase is that it must - be suppled every time x11vnc or the client app is + be typed in EVERY time x11vnc or the client app is started up. Examples: @@ -14598,16 +15110,30 @@ This external tunnel method was implemented prior to the integrated -ssl encryption described above. It still - works well. This requires stunnel to be installed - on the system and available via PATH (n.b. stunnel is - often installed in sbin directories). Version 4.x of - stunnel is assumed (but see -stunnel3 below.) + works well and avoids the requirement of linking with + the OpenSSL libraries. This mode requires stunnel + to be installed on the system and available via PATH + (n.b. stunnel is often installed in sbin directories). + Version 4.x of stunnel is assumed (but see -stunnel3 + below.) [pem] is optional, use "-stunnel /path/to/stunnel.pem" to specify a PEM certificate file to pass to stunnel. - Whether one is needed or not depends on your stunnel - configuration. stunnel often generates one at install - time. See the stunnel documentation for details. + See the -ssl option for more info on certificate files. + + Whether or not your stunnel has its own certificate + depends on your stunnel configuration; stunnel often + generates one at install time. See your stunnel + documentation for details. In any event, if you want to + use this certificate you must supply the full path to it + as [pem]. Note: the file may only be readable by root. + + [pem] may also be the special strings "TMP", "SAVE", + and "SAVE..." as described in the -ssl option. + If [pem] is not supplied, "SAVE" is assumed. + + Note that the VeNCrypt, ANONTLS, and "ANON" modes + are not supported in -stunnel mode. stunnel is started up as a child process of x11vnc and any SSL connections stunnel receives are decrypted and @@ -14615,22 +15141,37 @@ "The SSL VNC desktop is ..." and "SSLPORT=..." are printed out at startup to indicate this. - The -localhost option is enforced by default - to avoid people routing around the SSL channel. - Set STUNNEL_DISABLE_LOCALHOST=1 before starting x11vnc - to disable the requirement. - - Your VNC viewer will also need to be able to connect via - SSL. Unfortunately not too many do this. UltraVNC has - an encryption plugin but it does not seem to be SSL. - - Also, in the x11vnc distribution, a patched TightVNC - Java applet is provided in classes/ssl that does SSL - connections (only). - - It is also not too difficult to set up an stunnel or - other SSL tunnel on the viewer side. A simple example - on Unix using stunnel 3.x is: + The -localhost option is enforced by default to avoid + people routing around the SSL channel. Use -env + STUNNEL_DISABLE_LOCALHOST=1 to disable this security + requirement. + + Set -env STUNNEL_DEBUG=1 for more debugging printout. + + Your VNC viewer will also need to be able to connect + via SSL. Unfortunately not too many do this. See the + information about SSL viewers under the -ssl option. + + Also, in the x11vnc distribution, patched TightVNC + and UltraVNC Java applet jar files are provided in + the classes/ssl directory that do SSL connections. + Enable serving them with the -http, -http_ssl, -https, + or -httpdir (see the option descriptions for more info.) + + Note that for the Java viewer applet usage the + "?PORT=xxxx" in the various URLs printed at startup + will need to be supplied to the web browser to connect + properly. + + Currently the automatic "single port" HTTPS mode of + -ssl is not fully supported in -stunnel mode. However, + it can be emulated via: + + % x11vnc -stunnel -http_ssl -http_oneport ... + + In general, it is also not too difficult to set up + an stunnel or other SSL tunnel on the viewer side. + A simple example on Unix using stunnel 3.x is: % stunnel -c -d localhost:5901 -r remotehost:5900 % vncviewer localhost:1 @@ -14640,7 +15181,8 @@ and SSVNC for more examples. -stunnel3 [pem] Use version 3.x stunnel command line syntax instead of - version 4.x + version 4.x. The -http/-httpdir Java applet serving + is currently not available in this mode. -enc cipher:keyfile Use symmetric encryption with cipher "cipher" and secret key data in "keyfile". If keyfile is @@ -14659,7 +15201,7 @@ Note that this mode will NOT work with the UltraVNC DSM plugins because they alter the RFB protocol in addition to tunnelling with the symmetric cipher (an unfortunate - choice of implementation). + choice of implementation...) cipher can be one of: arc4, aesv2, aes-cfb, blowfish, aes256, or 3des. See the OpenSSL documentation for @@ -14732,9 +15274,9 @@ For both ways of using the viewer, you can specify the salt,ivec sizes (in GUI or, e.g. arc4@8,16). --https [port] Use a special, separate HTTPS port (-ssl mode only) - for HTTPS Java viewer applet downloading. I.e. not 5900 - and not 5800 (the defaults.) +-https [port] Use a special, separate HTTPS port (-ssl and + -stunnel modes only) for HTTPS Java viewer applet + downloading. I.e. not 5900 and not 5800 (the defaults.) BACKGROUND: In -ssl mode, it turns out you can use the single VNC port (e.g. 5900) for both VNC and HTTPS @@ -14754,6 +15296,8 @@ or VNC Viewer applet. That's right 3 separate "Are you sure you want to connect?" dialogs!) + END OF BACKGROUND. + USAGE: So use the -https option to provide a separate, more reliable HTTPS port that x11vnc will listen on. If [port] is not provided (or is 0), one is autoselected. @@ -14787,7 +15331,23 @@ to include the PORT= in the browser URL, simply supply "-httpsredir" to x11vnc. --http_oneport For un-encrypted connections mode (i.e. no -ssl, + This option does not work in -stunnel mode. + + More tricks: set the env var X11VNC_EXTRA_HTTPS_PARAMS + to be extra URL parameters to use. This way you do + not need to specify extra PARAMS in the index.vnc file. + E.g. x11vnc -env X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' ... + + If you do not want to expose the non-SSL HTTP port to + the network (i.e. you just want the single VNC/HTTPS + port, e.g. 5900, open for connections) then specify the + option -env X11VNC_HTTP_LISTEN_LOCALHOST=1 This way + the connection to the libvncserver httpd server will + only be available on localhost (note that in -ssl mode, + HTTPS requests are redirected from SSL to the non-SSL + libvncserver HTTP server.) + +-http_oneport For UN-encrypted connections mode (i.e. no -ssl, -stunnel, or -enc options), allow the Java VNC Viewer applet to be downloaded thru the VNC port via HTTP. @@ -14817,6 +15377,10 @@ mode when using an SSH tunnel as well as for router port redirections. + Note that the -env X11VNC_HTTP_LISTEN_LOCALHOST=1 + option described above under -httpsredir applies for + the libvncserver httpd server in all cases (ssl or not.) + -ssh user@host:disp Create a remote listening port on machine "host" via a SSH tunnel using the -R rport:localhost:lport method. lport will be the local x11vnc listening port, @@ -15105,15 +15669,20 @@ e.g. "darkblue" or numerical "#RRGGBB"). Currently this option only works on GNOME, KDE, CDE, - and classic X (i.e. with the background image on the - root window). The "gconftool-2" and "dcop" external - commands are run for GNOME and KDE respectively. - Other desktops won't work, e.g. Xfce (send us the - corresponding commands if you find them). If x11vnc is - running as root (inetd(8) or gdm(1)), the -users option - may be needed for GNOME and KDE. If x11vnc guesses - your desktop incorrectly, you can force it by prefixing - color with "gnome:", "kde:", "cde:" or "root:". + XFCE, and classic X (i.e. with the background image + on the root window). The "gconftool-2", "dcop" + and "xfconf-query" external commands are run for + GNOME, KDE, and XFCE respectively. This also works + on native MacOSX. (There is no color selection for + MacOSX or XFCE.) Other desktops won't work, (send + us the corresponding commands if you find them). + If x11vnc is running as root (inetd(8) or gdm(1)), + the -users option may be needed for GNOME, KDE, XFCE. + If x11vnc guesses your desktop incorrectly, you can + force it by prefixing color with "gnome:", "kde:", + "cde:", "xfce:", or "root:". + + Update: -solid no longer works on KDE4. This mode works in a limited way on the Mac OS X Console with one color ('kelp') using the screensaver writing @@ -15260,7 +15829,13 @@ "debug crash shell" when fatal errors are trapped. -q, -quiet Be quiet by printing less informational output to - stderr. + stderr. (use -noquiet to undo an earlier -quiet.) + + The -quiet option does not eliminate all informational + output, it only reduces it. It is ignored in most + auxiliary usage modes, e.g. -storepasswd. To eliminate + all output use: 2>/dev/null 1>&2, etc. + -v, -verbose Print out more information to stderr. -bg Go into the background after screen setup. Messages to @@ -15567,6 +16142,15 @@ -noxfixes Do not use the XFIXES extension to draw the exact cursor shape even if it is available. + + Note: To work around a crash in Xorg 1.5 and later + some people needed to use -noxfixes. The Xorg crash + occurred right after a Display Manager (e.g. GDM) login. + Starting with x11vnc 0.9.9 it tries to automatically + avoid using XFIXES until it is sure a window manager + is running. See the -reopen option for more info and + how to use X11VNC_AVOID_WINDOWS=never to disable it. + -alphacut n When using the XFIXES extension for the cursor shape, cursors with transparency will not usually be displayed exactly (but opaque ones will). This option sets n as @@ -15637,6 +16221,12 @@ -buttonmap currently does not work on MacOSX console or in -rawfb mode. + Workaround: use -buttonmap IJ...-LM...=n to limit the + number of mouse buttons to n, e.g. 123-123=3. This will + prevent x11vnc from crashing if the X server reports + there are 5 buttons (4/5 scroll wheel), but there are + only really 3. + -nodragging Do not update the display during mouse dragging events (mouse button held down). Greatly improves response on slow setups, but you lose all visual feedback for drags, @@ -15647,7 +16237,7 @@ (an integer) times that of the full display is allocated below the actual framebuffer to cache screen contents for rapid retrieval. So a W x H frambuffer is expanded - to a W x (n+1)*H one. Use 0 to disable. Default: XXX. + to a W x (n+1)*H one. Use 0 to disable. The "n" is actually optional, the default is 10. @@ -15655,13 +16245,17 @@ abbreviate "-ncache" with "-nc". Also, "-nonc" is the same as "-ncache 0" - This is an experimental option, currently implemented - in an awkward way in that in the VNC Viewer you can - see the cache contents if you scroll down, etc. So you + This is an experimental option, currently implemented in + an awkward way in that in the VNC Viewer you can see the + pixel cache contents if you scroll down, etc. So you will have to set things up so you can't see that region. If this method is successful, the changes required for clients to do this less awkwardly will be investigated. + The SSVNC viewer does a good job at automatically hiding + the pixel cache region. Or use SSVNC's -ycrop option + to explicitly hide the region. + Note that this mode consumes a huge amount of memory, both on the x11vnc server side and on the VNC Viewer side. If n=2 then the amount of RAM used is roughly @@ -16171,10 +16765,21 @@ Same as -dp and -dk, respectively. Use multiple times for more output. --defer time Time in ms to wait for updates before sending to client +-defer time Time in ms to delay sending updates to connected clients (deferUpdateTime) Default: 20 + -wait time Time in ms to pause between screen polls. Used to cut down on load. Default: 20 + +-extra_fbur n Perform extra FrameBufferUpdateRequests checks to + try to be in better sync with the client's requests. + What this does is perform extra polls of the client + socket at critical times (before '-defer' and '-wait' + calls.) The default is n=1. Set to a larger number to + insert more checks or set to n=0 to disable. A downside + of these extra calls is that more mouse input may be + processed than desired. + -wait_ui factor Factor by which to cut the -wait time if there has been recent user input (pointer or keyboard). Improves response, but increases the load whenever you @@ -16208,12 +16813,12 @@ Default: take naps -sb time Time in seconds after NO activity (e.g. screen blank) to really throttle down the screen polls (i.e. sleep - for about 1.5 secs). Use 0 to disable. Default: 20 + for about 1.5 secs). Use 0 to disable. Default: 60 -readtimeout n Set libvncserver rfbMaxClientWait to n seconds. On slow links that take a long time to paint the first screen libvncserver may hit the timeout and drop the - connection. Default: 60 seconds. + connection. Default: 20 seconds. -ping n Send a 1x1 framebuffer update to all clients every n seconds (e.g. to try to keep a network connection alive) @@ -16357,10 +16962,7 @@ for output) are created to handle each new client. Default: -nothreads. - NOTE: The -threads mode may be disabled due to its - unstable behavior. If it is disabled, a warning is - printed out. Stability has been improved in version - 0.9.8 and so the feature has been re-enabled. + Thread stability is much improved in version 0.9.8. Multiple clients in threaded mode should be stable for the ZRLE encoding on all platforms. The Tight and @@ -16368,9 +16970,15 @@ multiple clients. Compile with -DTLS=__thread if your OS and compiler and linker support it. + For resizes (randr, etc.) set this env. var. to the numb +er + of milliseconds to sleep: X11VNC_THREADS_NEW_FB_SLEEP + at various places in the do_new_fb() action. This is to + let various activities settle. Default is about 500ms. + Multiple clients in threaded mode could yield better - performance for 'class-room' broadcasting usage. - See also the -reflect option. + performance for 'class-room' broadcasting usage; also in + -appshare broadcast mode. See also the -reflect option. -fs f If the fraction of changed tiles in a poll is greater than f, the whole screen is updated. Default: 0.75 @@ -16986,6 +17594,28 @@ x11vnc server as long as X permissions, etc. permit communication between the two. + FONTS: On some systems the tk fonts can be too small, + jagged, or otherwise unreadable. There are 4 env vars + you can set to be the tk font you prefer: + + X11VNC_FONT_BOLD main font for menus and buttons. + X11VNC_FONT_FIXED font for fixed width text. + + X11VNC_FONT_BOLD_SMALL tray icon font. + X11VNC_FONT_REG_SMALL tray icon menu font. + + The last two only apply for the tray icon mode. + + Here are some examples: + + -env X11VNC_FONT_BOLD='Helvetica -16 bold' + -env X11VNC_FONT_FIXED='Courier -14' + -env X11VNC_FONT_REG_SMALL='Helvetica -12' + + You can put the lines like the above (without the + quotes) in your ~/.x11vncrc file to avoid having to + specify them on the x11vnc command line. + -remote command Remotely control some aspects of an already running x11vnc server. "-R" and "-r" are aliases for "-remote". After the remote control command is @@ -17009,12 +17639,34 @@ 'x11vnc -R shared' will enable shared connections, and 'x11vnc -R scale:3/4' will rescale the desktop. + To use a different name for the X11 property (e.g. to + have separate communication channels for multiple + x11vnc's on the same display) set the X11VNC_REMOTE + environment variable to the string you want, for + example: -env X11VNC_REMOTE=X11VNC_REMOTE_12345 + Both sides of the channel must use the same unique name. + + To run a bunch of commands in a sequence use something + like: x11vnc -R 'script:firstcmd;secondcmd;...' + + Use x11vnc -R script:file=/path/to/file to read commands + from a file (can be multi-line and use the comment '#' + character in the normal way. The ';' separator must + still be used to separate each command.) + + To not try to contact another x11vnc process and instead + just run the command (or query) directly, prefix the + command with the string "DIRECT:" + The following -remote/-R commands are supported: stop terminate the server, same as "quit" "exit" or "shutdown". ping see if the x11vnc server responds. - Return is: ans=ping: + return is: ans=ping: + ping:mystring as above, but use your own unique string +. + return is: ans=ping:mystring: blacken try to push a black fb update to all clients (due to timings a client could miss it). Same as "zero", also @@ -17024,6 +17676,12 @@ id:windowid set -id window to "windowid". empty or "root" to go back to root window sid:windowid set -sid window to "windowid" + id_cmd:cmd cmds: raise, lower, map, unmap, iconify, + move:dXdY, resize:dWdH, geom:WxH+X+Y. dX + dY, dW, and dH must have a leading "+" + or "-" e.g.: move:-30+10 resize:+20+35 + also: wm_delete, wm_name:string and + icon_name:string. Also id_cmd:win=N:cmd waitmapped wait until subwin is mapped. nowaitmapped do not wait until subwin is mapped. clip:WxH+X+Y set -clip mode to "WxH+X+Y" @@ -17103,6 +17761,7 @@ nograbptr disable -grabptr mode. grabalways enable -grabalways mode. nograbalways disable -grabalways mode. + grablocal:n set -grablocal to n. client_input:str set the K, M, B -input on a per-client basis. select which client as for disconnect, e.g. client_input:host:MB @@ -17185,6 +17844,9 @@ nosetclipboard enable -nosetclipboard mode. setclipboard disable -nosetclipboard mode. seldir:str set -seldir to "str" + resend_cutbuffer resend the most recent CUTBUFFER0 copy + resend_clipboard resend the most recent CLIPBOARD copy + resend_primary resend the most recent PRIMARY copy cursor:mode enable -cursor "mode". show_cursor enable showing a cursor. noshow_cursor disable showing a cursor. (same as @@ -17259,8 +17921,26 @@ nodebug_pointer disable -debug_pointer, same as "nodp" debug_keyboard enable -debug_keyboard, same as "dk" nodebug_keyboard disable -debug_keyboard, same as "nodk" + keycode:n inject keystroke 'keycode' (xmodmap -pk) + keycode:n,down inject 'keycode' (down=0,1) + keysym:str inject keystroke 'keysym' (number/name) + keysym:str,down inject 'keysym' (down=0,1) + ptr:x,y,mask inject pointer event x, y, button-mask + fakebuttonevent:button,down direct XTestFakeButtonEvent. + sleep:t sleep floating point time t. + get_xprop:p get X property named 'p'. + set_xprop:p:val set X property named 'p' to 'val'. + p -> id=NNN:p for hex/dec window id. + wininfo:id get info about X window id. use 'root' + for root window, use +id for children. + grab_state get state of pointer and keyboard grab. + pointer_pos print XQueryPointer x,y cursor position. + mouse_x print x11vnc's idea of cursor position. + mouse_y print x11vnc's idea of cursor position. + noop do nothing. defer:n set -defer to n ms,same as deferupdate:n wait:n set -wait to n ms. + extra_fbur:n set -extra_fbur to n. wait_ui:f set -wait_ui factor to f. setdefer:n set -setdefer to -2,-1,0,1, or 2. wait_bog disable -nowait_bog mode. @@ -17299,6 +17979,7 @@ nosnapfb disable -snapfb mode. rawfb:str set -rawfb mode to "str". uinput_accel:f set uinput_accel to f. + uinput_thresh:n set uinput_thresh to n. uinput_reset:n set uinput_reset to n ms. uinput_always:n set uinput_always to 1/0. progressive:n set libvncserver -progressive slice @@ -17317,7 +17998,9 @@ macresize disable -macnoresize mode. maciconanim:n set -maciconanim to n. macmenu enable -macmenu mode. - macnomenu disable -macnmenu mode. + macnomenu disable -macmenu mode. + macuskbd enable -macuskbd mode. + macnouskbd disable -macuskbd mode. httpport:n set -httpport to n. httpdir:dir set -httpdir to dir (and enable http). enablehttpproxy enable -enablehttpproxy mode. @@ -17353,6 +18036,100 @@ noremote disable the -remote command processing, it cannot be turned back on. + bcx_xattach:str This remote control command is for + use with the BARCO xattach program or the x2x program. + Both of these programs are for 'pointer and keyboard' + sharing between separate X displays. In general the + two displays are usually nearby, e.g. on the same desk, + and this allows the user to share a single pointer and + keyboard between them. The user moves the mouse to + an edge and then the mouse pointer appears to 'jump' + to the other display screen. Thus it emulates what a + single X server would do for two screens (e.g. :0.0 and + :0.1) The illusion of a single Xserver with multiple + screens is achieved by forwarding events to the 2nd + one via the XTEST extension. + + What the x11vnc bcx_xattach command does is to perform + some pointer movements to try to INDUCE xattach/x2x + to 'jump' to the other display. In what follows the + 'master' display refers to the one that when it has + 'focus' it is basically doing nothing besides watching + for the mouse to go over an edge. The 'slave' + display refers to the one to which the mouse and + keyboard is redirected to once an edge in the master + has been crossed. Note that the x11vnc executing the + bcx_xattach command MUST be the one connected to the + *master* display. + + Also note that when input is being redirected (via + XTEST) from the master display to the slave display, + the master display's pointer and keyboard are *grabbed* + by xattach/x2x. x11vnc can use this info to verify that + the master/slave mode change has taken place correctly. + If you specify the "ifneeded" option (see below) + and the initial grab state is that of the desired + final state, then no pointer movements are injected + and "DONE,GRAB_OK" is returned. + + "str" must contain one of "up", "down", "left", + or "right" to indicate the direction of the 'jump'. + "str" must also contain one of "master_to_slave" + or "slave_to_master" to indicate the type of mode + change induced by the jump. Use "M2S" and "S2M" + as shorter aliases. + + "str" may be a "+" separated list of additional + tuning options. The "shift=n" option indicates an + offset shift position away from (0,0) (default 20). + "final=x+y" specifies the final position of the cursor + at the end of the normal move sequence; default 30+30. + "extra_move=x+y" means to do one more pointer move + after "final" to x+y. "dt=n" sets the sleep time + in milliseconds between pointer moves (default: 40ms) + "retry=n" specifies the maximum number of retries if + the grab state change fails. "ifneeded" means to not + apply the pointer movements if the initial grab state is + that of the desired final state. "nograbcheck" means + to not check if the grab state changed as expected and + only apply the pointer movements (default is to check + the grab states.) + + If you do not specify "up", etc., to bcx_xattach + nothing will be attempted and the command returns + the string FAIL,NO_DIRECTION_SPECIFIED. If you do + not specify "master_to_slave" or "M2S", etc., to + bcx_xattach nothing will be attempted and the command + returns the string FAIL,NO_MODE_CHANGE_SPECIFIED. + + Otherwise, the returned string will contain "DONE". + It will be "DONE,GRAB_OK" if the grab state changed + as expected (or if "ifneeded" was supplied and + the initial grab state was already the desired + one.) If the initial grab state was incorrect, + but the final grab state was correct then it is + "DONE,GRAB_FAIL_INIT". If the initial grab state + was correct, but the final grab state was incorrect + then it is "DONE,GRAB_FAIL_FINAL". If both are + incorrect it will be "DONE,GRAB_FAIL". Under grab + failure the string will be followed by ":p1,k1-p2,k2" + where p1,k1 indicates the initial pointer and keyboard + grab states and p2,k2 the final ones. If GRAB_FAIL or + GRAB_FAIL_FINAL occurs, the action will be retried up + to 3 times; trying to reset the state and sleeping a + bit between each try. Set retry=n to adjust the number + of retries, zero to disable retries. + + Examples: + -R bcx_xattach:down+M2S + -R bcx_xattach:up+S2M + -R bcx_xattach:up+S2M+nograbcheck+dt=30 + -R bcx_xattach:down+M2S+extra_move=100+100 + + or use -Q instead of -R to retrieve the result text. + + End of the bcx_xattach:str description. + The vncconnect(1) command from standard VNC distributions may also be used if string is prefixed with "cmd=" E.g. 'vncconnect cmd=stop'. Under some @@ -17381,8 +18158,9 @@ query straight to the X11VNC_REMOTE property or connect file use "qry=..." instead of "cmd=..." - ans= stop quit exit shutdown ping blacken zero - refresh reset close disconnect id sid waitmapped + ans= stop quit exit shutdown ping resend_cutbuffer + resend_clipboard resend_primary blacken zero refresh + reset close disconnect id_cmd id sid waitmapped nowaitmapped clip flashcmap noflashcmap shiftcmap truecolor notruecolor overlay nooverlay overlay_cursor overlay_yescursor nooverlay_nocursor nooverlay_cursor @@ -17392,7 +18170,7 @@ once timeout tightfilexfer notightfilexfer ultrafilexfer noultrafilexfer rfbversion deny lock nodeny unlock avahi mdns zeroconf noavahi nomdns nozeroconf connect - proxy allowonce allow localhost nolocalhost listen + proxy allowonce allow localhost nolocalhost listen lookup nolookup accept afteraccept gone shm noshm flipbyteorder noflipbyteorder onetile noonetile solid_color solid nosolid blackout xinerama noxinerama @@ -17402,10 +18180,10 @@ sloppy_keys nosloppy_keys skip_dups noskip_dups add_keysyms noadd_keysyms clear_mods noclear_mods clear_keys noclear_keys clear_all clear_locks keystate - remap repeat norepeat fb nofb bell nobell sel nosel - primary noprimary setprimary nosetprimary clipboard - noclipboard setclipboard nosetclipboard seldir - cursorshape nocursorshape cursorpos nocursorpos + remap repeat norepeat fb nofb bell nobell sendbell + sel nosel primary noprimary setprimary nosetprimary + clipboard noclipboard setclipboard nosetclipboard + seldir cursorshape nocursorshape cursorpos nocursorpos cursor_drag nocursor_drag cursor show_cursor noshow_cursor nocursor arrow xfixes noxfixes xdamage noxdamage xd_area xd_mem alphacut alphafrac alpharemove @@ -17421,16 +18199,18 @@ nowireframe nowf wireframelocal wfl nowireframelocal nowfl wirecopyrect wcr nowirecopyrect nowcr scr_area scr_skip scr_inc scr_keys scr_term scr_keyrepeat - scr_parms scrollcopyrect scr noscrollcopyrect noscr - fixscreen noxrecord xrecord reset_record pointer_mode pm - input_skip allinput noallinput input grabkbd nograbkbd - grabptr nograbptr grabalways nograbalways grablocal - client_input ssltimeout speeds wmdt debug_pointer dp - nodebug_pointer nodp debug_keyboard dk nodebug_keyboard - nodk keycode deferupdate defer setdefer wait_ui - wait_bog nowait_bog slow_fb xrefresh wait readtimeout - nap nonap sb screen_blank fbpm nofbpm dpms nodpms - clientdpms noclientdpms forcedpms noforcedpms + scr_parms scrollcopyrect scr noscrollcopyrect + noscr fixscreen noxrecord xrecord reset_record + pointer_mode pm input_skip allinput noallinput input + grabkbd nograbkbd grabptr nograbptr grabalways + nograbalways grablocal client_input ssltimeout + speeds wmdt debug_pointer dp nodebug_pointer nodp + debug_keyboard dk nodebug_keyboard nodk keycode keysym + ptr fakebuttonevent sleep get_xprop set_xprop wininfo + bcx_xattach deferupdate defer setdefer extra_fbur + wait_ui wait_bog nowait_bog slow_fb xrefresh wait + readtimeout nap nonap sb screen_blank fbpm nofbpm dpms + nodpms clientdpms noclientdpms forcedpms noforcedpms noserverdpms serverdpms noultraext ultraext chatwindow nochatwindow chaton chatoff fs gaps grow fuzz snapfb nosnapfb rawfb uinput_accel uinput_thresh uinput_reset @@ -17448,21 +18228,23 @@ macnoresize macresize nomacnoresize maciconanim macmenu macnomenu nomacmenu macuskbd nomacuskbd noremote - aro= noop display vncdisplay desktopname guess_desktop + aro= noop display vncdisplay icon_mode autoport + loop loopbg desktopname guess_desktop guess_dbus http_url auth xauth users rootshift clipshift scale_str scaled_x scaled_y scale_numer scale_denom scale_fac_x scale_fac_y scaling_blend scaling_nomult4 scaling_pad scaling_interpolate inetd privremote unsafe safer nocmds passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem sslverify stunnel stunnel_pem https httpsredir - usepw using_shm logfile o flag rc norc h help V version - lastmod bg sigpipe threads readrate netrate netlatency - pipeinput clients client_count pid ext_xtest ext_xtrap - ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay - ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons - button_mask mouse_x mouse_y bpp depth indexed_color - dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y - coff_x coff_y rfbauth passwd viewpasswd + usepw using_shm logfile o flag rmflag rc norc h help + V version lastmod bg sigpipe threads readrate netrate + netlatency pipeinput clients client_count pid ext_xtest + ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama + ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin + num_buttons button_mask mouse_x mouse_y grab_state + pointer_pos bpp depth indexed_color dpy_x dpy_y wdpy_x + wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y rfbauth + passwd viewpasswd -QD variable Just like -query variable, but returns the default value for that parameter (no running x11vnc server @@ -17482,10 +18264,47 @@ the -query request is processed in the normal way. This allows for a reliable way to see if the -remote command was processed by querying for any new settings. - Note however that there is timeout of a few seconds so - if the x11vnc takes longer than that to process the - requests the requester will think that a failure has - taken place. + Note however that there is timeout of a few seconds + (see the next paragraph) so if the x11vnc takes longer + than that to process the requests the requester will + think that a failure has taken place. + + The default is to wait 3.5 seconds. Or if cmd=stop + only 1.0 seconds. If cmd matches 'script:' then it + will wait up to 10.0 seconds. Set X11VNC_SYNC_TIMEOUT + to the number of seconds you want it to wait. + +-query_retries str If a query fails to get a response from an x11vnc + server, retry up to n times. "str" is specified as + n[:t][/match] Optionally the delay between tries may + be specified by "t" a floating point time (default + 0.5 seconds.) Note: the response is not checked for + validity or whether it corresponds to the query sent. + The query "ping:mystring" may be used to help uniquely + identify the query. Optionally, a matching string after + a "/" will be used to check the result text. Up to + n retries will take place until the matching string is + found in the output text. If the match string is never + found the program's exit code is 1; if the match is + found it exits with 0. Note that there may be stdout + printed for each retry (i.e. multiple lines printed + out to stdout.) + Example: -query_retries 4:1.5/grab_state + +-remote_prefix str Enable a remote-control communication channel for + connected VNC clients. str is a non-empty string. If a + VNC client sends rfbCutText having the prefix "str" + then the part after it is processed as though it were + sent via 'x11vnc -remote ...'. If it begins with + neither 'cmd=' nor 'qry=' then 'qry=' is assumed. + Any corresponding output text for that remote control + command is sent back to all client as rfbCutText. + The returned output is also prefixed with "str". + Example: -remote_prefix DO_THIS: + + Note that enabling -remote_prefix allows the remote + VNC viewers to run x11vnc -remote commands. Do not + use this option if they are not to be trusted. -noremote Do not process any remote control commands or queries. -yesremote Do process remote control commands or queries. @@ -17532,7 +18351,7 @@ stunnel, ssl, unixpw, WAIT, zeroconf, id, accept, afteraccept, gone, pipeinput, v4l-info, rawfb-setup, dt, gui, ssh, storepasswd, passwdfile, custom_passwd, - crash. + findauth, crash. See each option's help to learn the associated external command. Note that the -nocmds option takes precedence diff -Nru x11vnc-0.9.8/x11vnc/remote.c x11vnc-0.9.9/x11vnc/remote.c --- x11vnc-0.9.8/x11vnc/remote.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/remote.c 2009-12-21 04:58:10.000000000 +0000 @@ -76,6 +76,7 @@ static void reset_httpport(int old, int new); static void reset_rfbport(int old, int new) ; +char *query_result = NULL; /* * for the wild-n-crazy -remote/-R interface. @@ -83,6 +84,11 @@ int send_remote_cmd(char *cmd, int query, int wait) { FILE *in = NULL; + if (query_result != NULL) { + free(query_result); + query_result = NULL; + } + if (client_connect_file) { umask(077); in = fopen(client_connect_file, "w"); @@ -118,13 +124,26 @@ if (query || wait) { char line[X11VNC_REMOTE_MAX]; - int rc=1, i=0, max=70, ms_sl=50; + int rc=1, i=0, max=140, ms_sl=25; if (!strcmp(cmd, "cmd=stop")) { - max = 20; + max = 40; + } + if (strstr(cmd, "script:")) { + max = 400; + } + if (strstr(cmd, "bcx_xattach:")) { + max = 400; + } + if (getenv("X11VNC_SYNC_TIMEOUT")) { + max = (int) ((1000. * atof(getenv("X11VNC_SYNC_TIMEOUT")))/ms_sl); } for (i=0; ilistenInterface; + if (getenv("X11VNC_HTTP_LISTEN_LOCALHOST")) { + rfbLog("http_connections: HTTP listen on localhost only. (not HTTPS)\n"); + screen->listenInterface = htonl(INADDR_LOOPBACK); + } + rfbHttpInitSockets(screen); + screen->listenInterface = iface; +} + void http_connections(int on) { if (!screen) { return; @@ -437,6 +498,7 @@ if (screen->httpPort == 0) { int port = find_free_port(5800, 5850); if (port) { + /* mutex */ screen->httpPort = port; } } @@ -444,7 +506,11 @@ screen->httpInitDone = FALSE; if (check_httpdir()) { screen->httpDir = http_dir; - rfbHttpInitSockets(screen); + rfb_http_init_sockets(); + if (screen->httpPort != 0 && screen->httpListenSock < 0) { + rfbLog("http_connections: failed to listen on http port: %d\n", screen->httpPort); + clean_up_exit(1); + } } } else { rfbLog("http_connections: turning off http service.\n"); @@ -466,6 +532,7 @@ rfbLog("reset_httpport: cannot set httpport: %d" " in inetd.\n", hp); } else if (screen) { + /* mutex */ screen->httpPort = hp; screen->httpInitDone = FALSE; if (screen->httpListenSock > -1) { @@ -473,7 +540,10 @@ } rfbLog("reset_httpport: setting httpport %d -> %d.\n", old == -1 ? hp : old, hp); - rfbHttpInitSockets(screen); + rfb_http_init_sockets(); + if (screen->httpPort != 0 && screen->httpListenSock < 0) { + rfbLog("reset_httpport: failed to listen on http port: %d\n", screen->httpPort); + } } } @@ -490,6 +560,7 @@ rfbClientIteratorPtr iter; rfbClientPtr cl; int maxfd; + /* mutex */ if (rp == 0) { screen->autoPort = TRUE; } else { @@ -601,7 +672,9 @@ } } + X_LOCK; xha = XListHosts(dpy, &n, &enabled); + X_UNLOCK; if (! enabled) { rfbLog("X access control is disabled, X clients can\n"); rfbLog(" connect from any host. Run 'xhost -'\n"); @@ -699,16 +772,95 @@ } } + strcpy(buf, ""); if (strstr(cmd, "cmd=") == cmd) { p += strlen("cmd="); + if (strstr(p, "script:") == p) { + char *s, *q, **pieces, tmp[1024]; + int k = 0, n = 0, dp = 1; + + p += strlen("script:"); + + if (strstr(p, "file=") == p) { + FILE *f; + struct stat sbuf; + + p += strlen("file="); + + rfbLog("reading script from file '%s'\n", p); + + if (stat(p, &sbuf) != 0) { + rfbLogPerror("stat"); + return NULL; + } + + f = fopen(p, "r"); + if (f == NULL) { + rfbLogPerror("fopen"); + return NULL; + } + + p = (char *) calloc(sbuf.st_size + 1, 1); + dp = 0; + while (fgets(tmp, 1024, f) != NULL) { + char *c = strchr(tmp, '#'); + if (c) *c = '\0'; + if (strlen(p) + strlen(tmp) > (size_t) sbuf.st_size) { + break; + } + strcat(p, tmp); + } + fclose(f); + } + + pieces = (char **) malloc(strlen(p) * sizeof(char *)); + if (dp) { + s = strdup(p); + } else { + s = p; + } + q = strtok(s, ";"); + + while (q) { + char *t = lblanks(q); + if (strstr(t, "cmd=") != t && strstr(t, "qry=") != t) { + strcpy(tmp, "cmd="); + } else { + strcpy(tmp, ""); + } + strncat(tmp, t, 1000); + pieces[n] = strdup(tmp); + n++; + q = strtok(NULL, ";"); + } + free(s); + + for (k=0; k < n; k++) { + char *c = pieces[k]; + char *t = c + strlen(c) - 1; /* shortest is "cmd=" */ + while (isspace((unsigned char) (*t))) { + *t = '\0'; + if (t <= c) break; + t--; + } + if (k < n - 1) { + process_remote_cmd(c, 1); + } else { + process_remote_cmd(c, 0); + } + } + for (k=0; k= X11VNC_REMOTE_MAX - 1) { @@ -797,6 +949,11 @@ /* * Maybe add: passwdfile logfile bg rfbauth passwd... */ + if (!strcmp(p, "")) { /* skip-cmd-list */ + NOTAPP + rfbLog("remote_cmd: empty command.\n"); + goto done; + } if (strstr(p, "CR:") == p) { /* skip-cmd-list */ /* CR:WxH+X+Y,dx,dy */ int w, h, x, y, dx, dy; @@ -829,7 +986,8 @@ close_all_clients(); goto done; } - if (!strcmp(p, "ping")) { + if (!strcmp(p, "ping") + || strstr(p, "ping:") == p) { /* skip-cmd-list */ query = 1; if (rfb_desktop_name) { snprintf(buf, bufn, "ans=%s:%s", p, rfb_desktop_name); @@ -839,6 +997,21 @@ goto qry; goto done; } + if (!strcmp(p, "resend_cutbuffer")) { + NOTAPP + resend_selection("cutbuffer"); + goto done; + } + if (!strcmp(p, "resend_clipboard")) { + NOTAPP + resend_selection("clipboard"); + goto done; + } + if (!strcmp(p, "resend_primary")) { + NOTAPP + resend_selection("primary"); + goto done; + } if (!strcmp(p, "blacken") || !strcmp(p, "zero")) { NOTAPP push_black_screen(4); @@ -901,6 +1074,13 @@ close_clients(p); goto done; } + if (strstr(p, "id_cmd") == p) { + NOTAPP + COLON_CHECK("id_cmd:") + p += strlen("id_cmd:"); + id_cmd(p); + goto done; + } if (strstr(p, "id") == p) { int ok = 0; Window twin; @@ -911,7 +1091,7 @@ goto qry; } p += strlen("id:"); - if (*p == '\0' || !strcmp("root", p)) { + if (*p == '\0' || !strcmp("root", p)) { /* skip-cmd-list */ /* back to root win */ twin = 0x0; ok = 1; @@ -953,7 +1133,7 @@ goto qry; } p += strlen("sid:"); - if (*p == '\0' || !strcmp("root", p)) { + if (*p == '\0' || !strcmp("root", p)) { /* skip-cmd-list */ /* back to root win */ twin = 0x0; ok = 1; @@ -1311,6 +1491,7 @@ rfbLog("remote_cmd: enable sharing.\n"); shared = 1; if (screen) { + /* mutex */ screen->alwaysShared = TRUE; screen->neverShared = FALSE; } @@ -1323,6 +1504,7 @@ rfbLog("remote_cmd: disable sharing.\n"); shared = 0; if (screen) { + /* mutex */ screen->alwaysShared = FALSE; screen->neverShared = TRUE; } @@ -1408,6 +1590,7 @@ } if (! screen->permitFileTransfer) { rfbLog("remote_cmd: enabling -ultrafilexfer for clients.\n"); + /* mutex */ screen->permitFileTransfer = TRUE; } goto done; @@ -1423,6 +1606,7 @@ } if (screen->permitFileTransfer) { rfbLog("remote_cmd: disabling -ultrafilexfer for clients.\n"); + /* mutex */ screen->permitFileTransfer = FALSE; } goto done; @@ -1441,6 +1625,7 @@ p += strlen("rfbversion:"); if (sscanf(p, "%d.%d", &maj, &min) == 2) { + /* mutex */ screen->protocolMajorVersion = maj; screen->protocolMinorVersion = min; rfbLog("remote_cmd: set rfbversion to: %d.%d\n", maj, min); @@ -1513,7 +1698,7 @@ free(connect_proxy); connect_proxy = NULL; } - if (!strcmp(p, "") || !strcasecmp(p, "none")) { + if (!strcmp(p, "") || !strcasecmp(p, "none")) { /* skip-cmd-list */ rfbLog("remote_cmd: disabled -proxy\n"); } else { connect_proxy = strdup(p); @@ -1612,6 +1797,7 @@ } listen_str = strdup("localhost"); + /* mutex */ screen->listenInterface = htonl(INADDR_LOOPBACK); rfbLog("listening on loopback network only.\n"); rfbLog("allow list is: '%s'\n", NONUL(allow_list)); @@ -1659,6 +1845,7 @@ } listen_str = NULL; + /* mutex */ screen->listenInterface = htonl(INADDR_ANY); rfbLog("listening on ALL network interfaces.\n"); rfbLog("allow list is: '%s'\n", NONUL(allow_list)); @@ -1699,6 +1886,7 @@ } ok = 1; + /* mutex */ if (listen_str == NULL || *listen_str == '\0' || !strcmp(listen_str, "any")) { screen->listenInterface = htonl(INADDR_ANY); @@ -3749,7 +3937,7 @@ goto qry; } p += strlen("input:"); - if (allowed_input_str && !strcmp(p, allowed_input_str)) { + if (allowed_input_str && !strcmp(p, allowed_input_str)) { /* skip-cmd-list */ doit = 0; } rfbLog("remote_cmd: setting input %s\n", p); @@ -3957,28 +4145,281 @@ goto done; } if (strstr(p, "keycode") == p) { - int kc; + int kc, down = -1; + char *c; NOTAPP COLON_CHECK("keycode:") p += strlen("keycode:"); kc = atoi(p); if (kc < 0) kc = 0; kc = kc % 256; - rfbLog("remote_cmd: insert keycode %d\n", kc); + c = strchr(p, ','); + if (c) down = atoi(c+1); + rfbLog("remote_cmd: insert keycode %d down=%d\n", kc, down); if (macosx_console) { #ifdef MACOSX - macosxCG_keycode_inject(1, kc); - usleep(100*1000); - macosxCG_keycode_inject(0, kc); + if (down == -1) { + macosxCG_keycode_inject(1, kc); + usleep(50*1000); + macosxCG_keycode_inject(0, kc); + } else { + macosxCG_keycode_inject(down, kc); + } #endif } else { - XTestFakeKeyEvent_wr(dpy, kc, 1, CurrentTime); - usleep(100*1000); - XTestFakeKeyEvent_wr(dpy, kc, 0, CurrentTime); + X_LOCK; + if (down == -1) { + XTestFakeKeyEvent_wr(dpy, kc, 1, CurrentTime); + usleep(50*1000); + XTestFakeKeyEvent_wr(dpy, kc, 0, CurrentTime); + } else { + XTestFakeKeyEvent_wr(dpy, kc, down, CurrentTime); + } + XFlush_wr(dpy); + X_UNLOCK; + } + goto done; + } + if (strstr(p, "keysym") == p) { + int down = -1; + unsigned int in; + KeySym ks; + char *c, *str; + NOTAPP + COLON_CHECK("keysym:") + p += strlen("keysym:"); + + c = strchr(p, ','); + if (c) { + down = atoi(c+1); + *c = '\0'; + } + + if (sscanf(p, "0x%x", &in) == 1) { + ks = (KeySym) in; + } else if (sscanf(p, "%u", &in) == 1) { + ks = (KeySym) in; + } else if ((ks = XStringToKeysym(p)) != NoSymbol) { + ; + } else { + rfbLog("remote_cmd: bad keysym: %s\n", p); + goto done; + } + str = XKeysymToString(ks); + str = str ? str : "NoSymbol"; + rfbLog("remote_cmd: insert keysym %s 0x%x '%s' down=%d\n", p, ks, str, down); + if (down == -1) { + keyboard(1, ks, NULL); + usleep(50*1000); + keyboard(0, ks, NULL); + } else { + keyboard(down, ks, NULL); + } + goto done; + } + if (strstr(p, "ptr") == p) { + int x, y, m = 0; + NOTAPP + COLON_CHECK("ptr:") + p += strlen("ptr:"); + rfbLog("remote_cmd: insert pointer event: %s\n", p); + if (sscanf(p, "%d,%d,%d", &x, &y, &m) == 3) { + pointer(m, x, y, NULL); + } else if (sscanf(p, "%d,%d", &x, &y) == 2) { + pointer(m, x, y, NULL); + } else { + rfbLog("remote_cmd: bad ptr:x,y,mask\n"); + } + + goto done; + } + if (strstr(p, "fakebuttonevent") == p) { + int mb, down = 0; + NOTAPP + COLON_CHECK("fakebuttonevent:") + p += strlen("fakebuttonevent:"); + rfbLog("remote_cmd: insert fakebuttonevent: %s\n", p); + if (sscanf(p, "%d,%d", &mb, &down) == 2) { + X_LOCK; + rfbLog("remote_cmd: XTestFakeButtonEvent(mb=%d, down=%d)\n", mb, down); + XTestFakeButtonEvent_wr(dpy, mb, down ? True : False, CurrentTime); + XFlush_wr(dpy); + X_UNLOCK; } + goto done; } + if (strstr(p, "sleep") == p) { + NOTAPP + COLON_CHECK("sleep:") + p += strlen("sleep:"); + rfbLog("remote_cmd: sleeping: %s\n", p); + usleep((int) (1.0e+6 * atof(p))); + rfbLog("remote_cmd: done sleeping.\n"); + goto done; + } + if (strstr(p, "get_xprop") == p) { + char *res; + unsigned long id; + Window win = None; /* None implies root in get_xprop() */ + + /* note we force query and assume the colon is there. */ + query = 1; + if (strstr(p, "get_xprop:") != p) { /* skip-cmd-list */ + snprintf(buf, bufn, "ans=%s:N/A", p); + goto qry; + } + p += strlen("get_xprop:"); + + if (strstr(p, "id=") == p) { /* skip-cmd-list */ + p += strlen("id="); + if (scan_hexdec(p, &id)) { + win = (Window) id; + } + if (strchr(p, ':')) { + p = strchr(p, ':') + 1; + } + } + + res = get_xprop(p, win); + if (res == NULL) { + res = strdup("NULL"); + } + snprintf(buf, bufn, "ans=get_xprop:%s:%s", p, res); + free(res); + + goto qry; + } + if (strstr(p, "set_xprop") == p) { + char *q; + int rc = -2; + unsigned long id; + Window win = None; /* None implies root in set_xprop() */ + + /* note we force query and assume the colon is there. */ + query = 1; + if (strstr(p, "set_xprop:") != p) { /* skip-cmd-list */ + snprintf(buf, bufn, "ans=%s:N/A", p); + goto qry; + } + p += strlen("set_xprop:"); + + if (strstr(p, "id=") == p) { /* skip-cmd-list */ + p += strlen("id="); + if (scan_hexdec(p, &id)) { + win = (Window) id; + } + if (strchr(p, ':')) { + p = strchr(p, ':') + 1; + } + } + + q = strchr(p, ':'); + if (q) { + *q = '\0'; + rc = set_xprop(p, win, q+1); + *q = ':'; + } + snprintf(buf, bufn, "ans=set_xprop:%s:%d", p, rc); + + goto qry; + } + if (strstr(p, "wininfo") == p) { + char *res, *t = ""; + unsigned long id; + Window win = None; + int show_children = 0; + + /* note we force query and assume the colon is there. */ + query = 1; + if (strstr(p, "wininfo:") != p) { /* skip-cmd-list */ + snprintf(buf, bufn, "ans=%s:N/A", p); + goto qry; + } + p += strlen("wininfo:"); + + if (p[0] == '+') { + show_children = 1; + t = "+"; + p++; + } + if (!strcmp(p, "root")) { /* skip-cmd-list */ + win = rootwin; + } else if (scan_hexdec(p, &id)) { + win = (Window) id; + } + + res = wininfo(win, show_children); + if (res == NULL) { + res = strdup("NULL"); + } + snprintf(buf, bufn, "ans=wininfo:%s%s:%s", t, p, res); + free(res); + + goto qry; + } + if (strstr(p, "bcx_xattach") == p) { + char *res; + int pg_init = -1, kg_init = -1; + int try = 0, max_tries = 4; + + /* note we force query and assume the colon is there. */ + query = 1; + if (strstr(p, "bcx_xattach:") != p) { /* skip-cmd-list */ + snprintf(buf, bufn, "ans=%s:N/A", p); + goto qry; + } + p += strlen("bcx_xattach:"); + + if (strstr(p, "retry=")) { /* skip-cmd-list */ + int n; + char *q = strstr(p, "retry="); /* skip-cmd-list */ + if (sscanf(q, "retry=%d", &n) == 1) { + if (n < 0) n = 0; + max_tries = 1 + n; + } + } + + try_again: + + res = bcx_xattach(p, &pg_init, &kg_init); + try++; + if (res == NULL) { + res = strdup("NULL"); + } else if (strstr(res, "GRAB_FAIL_INIT")) { + rfbLog("bcx_xattach: failed grab check for '%s': %s. Final state OK, not Retrying.\n", p, res); + } else if (strstr(res, "GRAB_FAIL") && try < max_tries) { + rfbLog("bcx_xattach: failed grab check for '%s': %s. Retrying[%d]...\n", p, res, try); + free(res); + pointer(0, dpy_x/2 + try, dpy_y/2 + try, NULL); +#if !NO_X11 + X_LOCK; + XFlush_wr(dpy); + if (dpy) { + if (try == 2) { + XSync(dpy, False); + } else if (try == 3) { + XSync(dpy, True); + } + } + X_UNLOCK; +#endif + if (try == 1) { + usleep(250*1000); + } else if (try <= 4) { + usleep(try*400*1000); + } else { + usleep(4*500*1000); + } + goto try_again; + } + + snprintf(buf, bufn, "ans=bcx_xattach:%s:%s", p, res); + free(res); + + goto qry; + } if (strstr(p, "deferupdate") == p) { int d; COLON_CHECK("deferupdate:") @@ -3996,6 +4437,7 @@ if (d < 0) d = 0; rfbLog("remote_cmd: setting defer to %d ms.\n", d); defer_update = d; + /* mutex */ screen->deferUpdateTime = d; got_defer = 1; goto done; @@ -4017,6 +4459,7 @@ if (d < 0) d = 0; rfbLog("remote_cmd: setting defer to %d ms.\n", d); defer_update = d; + /* mutex */ screen->deferUpdateTime = d; got_defer = 1; goto done; @@ -4032,6 +4475,17 @@ rfbLog("remote_cmd: setting set_defer to %d\n", set_defer); goto done; } + if (strstr(p, "extra_fbur") == p) { + COLON_CHECK("extra_fbur:") + if (query) { + snprintf(buf, bufn, "ans=%s%s%d", p, co, extra_fbur); + goto qry; + } + p += strlen("extra_fbur:"); + extra_fbur = atoi(p); + rfbLog("remote_cmd: setting extra_fbur to %d\n", extra_fbur); + goto done; + } if (strstr(p, "wait_ui") == p) { double w; COLON_CHECK("wait_ui:") @@ -4510,6 +4964,7 @@ if (f < 0) f = 0; rfbLog("remote_cmd: setting progressive %d -> %d.\n", screen->progressiveSliceHeight, f); + /* mutex */ screen->progressiveSliceHeight = f; goto done; } @@ -4598,6 +5053,7 @@ goto qry; } rfbLog("turning on enablehttpproxy.\n"); + /* mutex */ screen->httpEnableProxyConnect = 1; goto done; } @@ -4684,6 +5140,7 @@ free(rfb_desktop_name); } rfb_desktop_name = strdup(p); + /* mutex */ screen->desktopName = rfb_desktop_name; rfbLog("remote_cmd: setting desktop name to %s\n", rfb_desktop_name); @@ -5052,6 +5509,7 @@ passwds_new[0] = strdup(p); + /* mutex */ if (screen->authPasswdData && screen->passwordCheck == rfbCheckPasswordByList) { passwds_new[1] = passwds_old[1]; @@ -5151,6 +5609,10 @@ NONUL(vnc_desktop_name)); goto qry; } + if (!strcmp(p, "icon_mode")) { + snprintf(buf, bufn, "aro=%s:%d", p, icon_mode); + goto qry; + } if (!strcmp(p, "autoport")) { snprintf(buf, bufn, "aro=%s:%d", p, auto_port); goto qry; @@ -5169,6 +5631,11 @@ NONUL(guess_desktop())); goto qry; } + if (!strcmp(p, "guess_dbus")) { + snprintf(buf, bufn, "aro=%s:%s", p, + NONUL(dbus_session())); + goto qry; + } if (!strcmp(p, "http_url")) { if (!screen) { snprintf(buf, bufn, "aro=%s:", p); @@ -5448,6 +5915,38 @@ snprintf(buf, bufn, "aro=%s:%d", p, cursor_y); goto qry; } + if (!strcmp(p, "grab_state")) { + int ptr_grabbed, kbd_grabbed; + + grab_state(&ptr_grabbed, &kbd_grabbed); + snprintf(buf, bufn, "aro=%s:%d,%d", p, ptr_grabbed, kbd_grabbed); + rfbLog("remote_cmd: ptr,kbd: %s\n", buf); + goto qry; + } + + if (!strcmp(p, "pointer_pos")) { + int px = -1, py = -1; + int wx, wy; + unsigned int m; + Window r, c; + + + snprintf(buf, bufn, "aro=%s:%d,%d", p, px, py); + if (!dpy) { + goto qry; + } +#if NO_X11 + goto qry; +#else + X_LOCK; + XQueryPointer_wr(dpy, rootwin, &r, &c, &px, &py, &wx, &wy, &m); + X_UNLOCK; +#endif + + snprintf(buf, bufn, "aro=%s:%d,%d", p, px, py); + rfbLog("remote_cmd: pointer_pos: %s\n", buf); + goto qry; + } if (!strcmp(p, "bpp")) { snprintf(buf, bufn, "aro=%s:%d", p, bpp); goto qry; @@ -5546,8 +6045,10 @@ } } else { if (dpy) { /* raw_fb hack */ + X_LOCK; set_x11vnc_remote_prop(buf); XFlush_wr(dpy); + X_UNLOCK; } } #endif /* REMOTE_CONTROL */ diff -Nru x11vnc-0.9.8/x11vnc/remote.h x11vnc-0.9.9/x11vnc/remote.h --- x11vnc-0.9.8/x11vnc/remote.h 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/remote.h 2009-12-21 04:58:10.000000000 +0000 @@ -44,4 +44,7 @@ extern int remote_control_access_ok(void); extern char *process_remote_cmd(char *cmd, int stringonly); +extern char *query_result; + + #endif /* _X11VNC_REMOTE_H */ diff -Nru x11vnc-0.9.8/x11vnc/screen.c x11vnc-0.9.9/x11vnc/screen.c --- x11vnc-0.9.8/x11vnc/screen.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/screen.c 2009-12-21 04:58:10.000000000 +0000 @@ -125,6 +125,7 @@ if (! screen) { return; } + /* mutex */ if (screen->colourMap.data.shorts) { free(screen->colourMap.data.shorts); screen->colourMap.data.shorts = NULL; @@ -154,6 +155,7 @@ if (! screen) { return; } + /* mutex */ if (0) fprintf(stderr, "set_hi240_colormap: %s\n", raw_fb_pixfmt); if (screen->colourMap.data.shorts) { free(screen->colourMap.data.shorts); @@ -211,6 +213,7 @@ if (reset) { init = 1; ncolor = 0; + /* mutex */ if (screen->colourMap.data.shorts) { free(screen->colourMap.data.shorts); screen->colourMap.data.shorts = NULL; @@ -233,6 +236,7 @@ } else { ncolor = NCOLOR; } + /* mutex */ screen->colourMap.count = ncolor; screen->serverFormat.trueColour = FALSE; screen->colourMap.is16 = TRUE; @@ -649,6 +653,7 @@ if (! dpy && raw_fb_orig_dpy) { dpy = XOpenDisplay_wr(raw_fb_orig_dpy); + last_open_xdisplay = time(NULL); if (dpy) { if (! quiet) rfbLog("reopened DISPLAY: %s\n", raw_fb_orig_dpy); @@ -776,6 +781,7 @@ } main_fb = fb->data; rfb_fb = main_fb; + /* mutex */ screen->frameBuffer = rfb_fb; screen->displayHook = NULL; } @@ -812,13 +818,214 @@ } } +static char _lcs_tmp[128]; +static int _bytes0_size = 128, _bytes0[128]; + +static char *lcs(rfbClientPtr cl) { + sprintf(_lcs_tmp, "%d/%d/%d/%d/%d-%d/%d/%d", + !!(cl->newFBSizePending), + !!(cl->cursorWasChanged), + !!(cl->cursorWasMoved), + !!(cl->reverseConnection), + cl->state, + cl->modifiedRegion ? !!(sraRgnEmpty(cl->modifiedRegion)) : 2, + cl->requestedRegion ? !!(sraRgnEmpty(cl->requestedRegion)) : 2, + cl->copyRegion ? !!(sraRgnEmpty(cl->copyRegion)) : 2 + ); + return _lcs_tmp; +} + +static int lock_client_sends(int lock) { + static rfbClientPtr *cls = NULL; + static int cls_len = 0; + static int blocked = 0; + static int state = 0; + rfbClientIteratorPtr iter; + rfbClientPtr cl; + char *s; + + if (!use_threads || !screen) { + return 0; + } + if (lock < 0) { + return state; + } + state = lock; + + if (lock) { + if (cls_len < client_count + 128) { + if (cls != NULL) { + free(cls); + } + cls_len = client_count + 256; + cls = (rfbClientPtr *) calloc(cls_len * sizeof(rfbClientPtr), 1); + } + + iter = rfbGetClientIterator(screen); + blocked = 0; + while ((cl = rfbClientIteratorNext(iter)) != NULL) { + s = lcs(cl); + SEND_LOCK(cl); + rfbLog("locked client: %p %.6f %s\n", cl, dnowx(), s); + cls[blocked++] = cl; + } + rfbReleaseClientIterator(iter); + } else { + int i; + for (i=0; i < blocked; i++) { + cl = cls[i]; + if (cl != NULL) { + s = lcs(cl); + SEND_UNLOCK(cl) + rfbLog("unlocked client: %p %.6f %s\n", cl, dnowx(), s); + } + cls[i] = NULL; + } + blocked = 0; + } + return state; +} + +static void settle_clients(int init) { + rfbClientIteratorPtr iter; + rfbClientPtr cl; + int fb_pend, i, ms = 1000; + char *s; + + if (!use_threads || !screen) { + return; + } + + if (init) { + iter = rfbGetClientIterator(screen); + i = 0; + while ((cl = rfbClientIteratorNext(iter)) != NULL) { + if (i < _bytes0_size) { + _bytes0[i] = rfbStatGetSentBytesIfRaw(cl); + } + i++; + } + rfbReleaseClientIterator(iter); + + if (getenv("X11VNC_THREADS_NEW_FB_SLEEP")) { + ms = atoi(getenv("X11VNC_THREADS_NEW_FB_SLEEP")); + } else if (subwin) { + ms = 250; + } else { + ms = 500; + } + usleep(ms * 1000); + return; + } + + if (getenv("X11VNC_THREADS_NEW_FB_SLEEP")) { + ms = atoi(getenv("X11VNC_THREADS_NEW_FB_SLEEP")); + } else if (subwin) { + ms = 500; + } else { + ms = 1000; + } + usleep(ms * 1000); + + for (i=0; i < 5; i++) { + fb_pend = 0; + iter = rfbGetClientIterator(screen); + while ((cl = rfbClientIteratorNext(iter)) != NULL) { + s = lcs(cl); + if (cl->newFBSizePending) { + fb_pend++; + rfbLog("pending fb size: %p %.6f %s\n", cl, dnowx(), s); + } + } + rfbReleaseClientIterator(iter); + if (fb_pend > 0) { + rfbLog("do_new_fb: newFBSizePending extra -threads sleep (%d)\n", i+1); + usleep(ms * 1000); + } else { + break; + } + } + for (i=0; i < 5; i++) { + int stuck = 0, tot = 0, j = 0; + iter = rfbGetClientIterator(screen); + while ((cl = rfbClientIteratorNext(iter)) != NULL) { + if (j < _bytes0_size) { + int db = rfbStatGetSentBytesIfRaw(cl) - _bytes0[j]; + int Bpp = cl->format.bitsPerPixel / 8; + + s = lcs(cl); + rfbLog("addl bytes sent: %p %.6f %s %d %d\n", + cl, dnowx(), s, db, _bytes0[j]); + + if (i==0) { + if (db < Bpp * dpy_x * dpy_y) { + stuck++; + } + } else if (i==1) { + if (db < 0.5 * Bpp * dpy_x * dpy_y) { + stuck++; + } + } else { + if (db <= 0) { + stuck++; + } + } + } + tot++; + j++; + } + rfbReleaseClientIterator(iter); + if (stuck > 0) { + rfbLog("clients stuck: %d/%d sleep(%d)\n", stuck, tot, i); + usleep(2 * ms * 1000); + } else { + break; + } + } +} + +static void prep_clients_for_new_fb(void) { + rfbClientIteratorPtr iter; + rfbClientPtr cl; + + if (!use_threads || !screen) { + return; + } + iter = rfbGetClientIterator(screen); + while ((cl = rfbClientIteratorNext(iter)) != NULL) { + if (!cl->newFBSizePending) { + rfbLog("** set_new_fb_size_pending client: %p\n", cl); + cl->newFBSizePending = TRUE; + } + cl->cursorWasChanged = FALSE; + cl->cursorWasMoved = FALSE; + } + rfbReleaseClientIterator(iter); +} + void do_new_fb(int reset_mem) { XImage *fb; /* for threaded we really should lock libvncserver out. */ if (use_threads) { - rfbLog("warning: changing framebuffers while threaded may\n"); - rfbLog(" not work, do not use -threads if problems arise.\n"); + int ms = 1000; + if (getenv("X11VNC_THREADS_NEW_FB_SLEEP")) { + ms = atoi(getenv("X11VNC_THREADS_NEW_FB_SLEEP")); + } else if (subwin) { + ms = 500; + } else { + ms = 1000; + } + rfbLog("Warning: changing framebuffers in threaded mode may be unstable.\n"); + threads_drop_input = 1; + usleep(ms * 1000); + } + + INPUT_LOCK; + lock_client_sends(1); + + if (use_threads) { + settle_clients(1); } if (reset_mem == 1) { @@ -841,6 +1048,16 @@ if (ncache) { check_ncache(1, 0); } + + prep_clients_for_new_fb(); + lock_client_sends(0); + INPUT_UNLOCK; + + if (use_threads) { + /* need to let things settle... */ + settle_clients(0); + threads_drop_input = 0; + } } static void remove_fake_fb(void) { @@ -858,51 +1075,6 @@ fake_fb = NULL; } -static void lock_client_sends(int lock) { - static rfbClientPtr *cls = NULL; - static int cls_len = 0; - static int blocked = 0; - rfbClientIteratorPtr iter; - rfbClientPtr cl; - - if (!use_threads) { - return; - } - if (!screen) { - return; - } - - if (lock) { - if (cls_len < client_count + 128) { - if (cls != NULL) { - free(cls); - } - cls_len = client_count + 128; - cls = (rfbClientPtr *) calloc(cls_len * sizeof(rfbClientPtr), 1); - } - - iter = rfbGetClientIterator(screen); - blocked = 0; - while ((cl = rfbClientIteratorNext(iter)) != NULL) { - SEND_LOCK(cl); -rfbLog("locked client: %p\n", cl); - cls[blocked++] = cl; - } - rfbReleaseClientIterator(iter); - } else { - int i; - for (i=0; i < blocked; i++) { - cl = cls[i]; - if (cl != NULL) { - SEND_UNLOCK(cl) -rfbLog("unlocked client: %p\n", cl); - } - cls[i] = NULL; - } - blocked = 0; - } -} - static void rfb_new_framebuffer(rfbScreenInfoPtr rfbScreen, char *framebuffer, int width,int height, int bitsPerSample,int samplesPerPixel, int bytesPerPixel) { @@ -917,12 +1089,14 @@ if (! screen) { return; } + lock_client_sends(1); if (fake_fb) { free(fake_fb); } fake_fb = (char *) calloc(w*h*bpp/8, 1); if (! fake_fb) { rfbLog("could not create fake fb: %dx%d %d\n", w, h, bpp); + lock_client_sends(0); return; } bpc = guess_bits_per_color(bpp); @@ -930,7 +1104,6 @@ rfbLog("rfbNewFramebuffer(0x%x, 0x%x, %d, %d, %d, %d, %d)\n", screen, fake_fb, w, h, bpc, 1, bpp/8); - lock_client_sends(1); rfb_new_framebuffer(screen, fake_fb, w, h, bpc, 1, bpp/8); lock_client_sends(0); } @@ -1179,6 +1352,8 @@ char *q, *p, *str = getenv("X11VNC_REFLECT_PASSWORD"); int len = 110; + if (client) {} + if (str) { len += 2*strlen(str); } @@ -1364,7 +1539,7 @@ #define RAWFB_SHM 3 XImage *initialize_raw_fb(int reset) { - char *str, *q; + char *str, *rstr, *q; int w, h, b, shmid = 0; unsigned long rm = 0, gm = 0, bm = 0, tm; static XImage ximage_struct; /* n.b.: not (XImage *) */ @@ -1451,23 +1626,33 @@ return NULL; } + if (raw_fb_str[0] == '+') { + rstr = strdup(raw_fb_str+1); + closedpy = 0; + if (! window) { + window = rootwin; + } + } else { + rstr = strdup(raw_fb_str); + } + /* testing aliases */ - if (!strcasecmp(raw_fb_str, "NULL") || !strcasecmp(raw_fb_str, "ZERO") - || !strcasecmp(raw_fb_str, "NONE")) { - raw_fb_str = strdup("map:/dev/zero@640x480x32"); - } else if (!strcasecmp(raw_fb_str, "NULLBIG") || !strcasecmp(raw_fb_str, "NONEBIG")) { - raw_fb_str = strdup("map:/dev/zero@1024x768x32"); - } - if (!strcasecmp(raw_fb_str, "RAND")) { - raw_fb_str = strdup("file:/dev/urandom@128x128x16"); - } else if (!strcasecmp(raw_fb_str, "RANDBIG")) { - raw_fb_str = strdup("file:/dev/urandom@640x480x16"); - } else if (!strcasecmp(raw_fb_str, "RANDHUGE")) { - raw_fb_str = strdup("file:/dev/urandom@1024x768x16"); - } - if (strstr(raw_fb_str, "solid=") == raw_fb_str) { - char *n = raw_fb_str + strlen("solid="); - char tmp[] = "/tmp/solid.XXXXXX"; + if (!strcasecmp(rstr, "NULL") || !strcasecmp(rstr, "ZERO") + || !strcasecmp(rstr, "NONE")) { + rstr = strdup("map:/dev/zero@640x480x32"); + } else if (!strcasecmp(rstr, "NULLBIG") || !strcasecmp(rstr, "NONEBIG")) { + rstr = strdup("map:/dev/zero@1024x768x32"); + } + if (!strcasecmp(rstr, "RAND")) { + rstr = strdup("file:/dev/urandom@128x128x16"); + } else if (!strcasecmp(rstr, "RANDBIG")) { + rstr = strdup("file:/dev/urandom@640x480x16"); + } else if (!strcasecmp(rstr, "RANDHUGE")) { + rstr = strdup("file:/dev/urandom@1024x768x16"); + } + if (strstr(rstr, "solid=") == rstr) { + char *n = rstr + strlen("solid="); + char tmp[] = "/tmp/rawfb_solid.XXXXXX"; char str[100]; unsigned int vals[1024], val; int x, y, fd, w = 1024, h = 768; @@ -1493,9 +1678,9 @@ fd = open(tmp, O_WRONLY); unlink_me = strdup(tmp); sprintf(str, "map:%s@%dx%dx32", tmp, w, h); - raw_fb_str = strdup(str); - } else if (strstr(raw_fb_str, "swirl") == raw_fb_str) { - char tmp[] = "/tmp/solid.XXXXXX"; + rstr = strdup(str); + } else if (strstr(rstr, "swirl") == rstr) { + char tmp[] = "/tmp/rawfb_swirl.XXXXXX"; char str[100]; unsigned int val[1024]; unsigned int c1, c2, c3, c4; @@ -1515,11 +1700,11 @@ fd = open(tmp, O_WRONLY); unlink_me = strdup(tmp); sprintf(str, "map:%s@%dx%dx32", tmp, w, h); - raw_fb_str = strdup(str); + rstr = strdup(str); } - if ( (q = strstr(raw_fb_str, "setup:")) == raw_fb_str) { + if ( (q = strstr(rstr, "setup:")) == rstr) { FILE *pipe; char line[1024], *t; @@ -1561,16 +1746,7 @@ rfbLog("setup command returned: %s\n", str); } else { - str = strdup(raw_fb_str); - } - if (str[0] == '+') { - char *t = strdup(str+1); - free(str); - str = t; - closedpy = 0; - if (! window) { - window = rootwin; - } + str = strdup(rstr); } raw_fb_shm = 0; @@ -2271,6 +2447,8 @@ /* set up parameters for subwin or non-subwin cases: */ + again: + if (! subwin) { /* full screen */ window = rootwin; @@ -2364,19 +2542,27 @@ (int) XVisualIDFromVisual(default_visual)); } - again: if (subwin) { - int shift = 0; + int shift = 0, resize = 0; int subwin_x, subwin_y; int disp_x = DisplayWidth(dpy, scr); int disp_y = DisplayHeight(dpy, scr); Window twin; /* subwins can be a dicey if they are changing size... */ trapped_xerror = 0; - old_handler = XSetErrorHandler(trap_xerror); + old_handler = XSetErrorHandler(trap_xerror); /* reset in if(subwin) block below */ XTranslateCoordinates(dpy, window, rootwin, 0, 0, &subwin_x, &subwin_y, &twin); + if (wdpy_x > disp_x) { + resize = 1; + dpy_x = wdpy_x = disp_x - 4; + } + if (wdpy_y > disp_y) { + resize = 1; + dpy_y = wdpy_y = disp_y - 4; + } + if (subwin_x + wdpy_x > disp_x) { shift = 1; subwin_x = disp_x - wdpy_x - 3; @@ -2394,12 +2580,17 @@ subwin_y = 1; } + if (resize) { + XResizeWindow(dpy, window, wdpy_x, wdpy_y); + } if (shift) { XMoveWindow(dpy, window, subwin_x, subwin_y); + off_x = subwin_x; + off_y = subwin_y; } XMapRaised(dpy, window); XRaiseWindow(dpy, window); - XFlush_wr(dpy); + XSync(dpy, False); } try++; @@ -2417,7 +2608,9 @@ */ fb = XCreateImage_wr(dpy, default_visual, depth, ZPixmap, 0, NULL, dpy_x, dpy_y, BitmapPad(dpy), 0); - fb->data = (char *) malloc(fb->bytes_per_line * fb->height); + if (fb) { + fb->data = (char *) malloc(fb->bytes_per_line * fb->height); + } } else { fb = XGetImage_wr(dpy, window, 0, 0, dpy_x, dpy_y, AllPlanes, @@ -2430,7 +2623,7 @@ if (subwin) { XSetErrorHandler(old_handler); - if (trapped_xerror) { + if (trapped_xerror || fb == NULL) { rfbLog("trapped GetImage at SUBWIN creation.\n"); if (try < subwin_tries) { usleep(250 * 1000); @@ -2446,10 +2639,51 @@ } trapped_xerror = 0; - } else if (! fb && try == 1) { - /* try once more */ - usleep(250 * 1000); - goto again; + } else if (fb == NULL) { + XEvent xev; + rfbLog("initialize_xdisplay_fb: *** fb creation failed: 0x%x try: %d\n", fb, try); +#if LIBVNCSERVER_HAVE_LIBXRANDR + if (xrandr_present && xrandr_base_event_type) { + int cnt = 0; + while (XCheckTypedEvent(dpy, xrandr_base_event_type + RRScreenChangeNotify, &xev)) { + XRRScreenChangeNotifyEvent *rev; + rev = (XRRScreenChangeNotifyEvent *) &xev; + + rfbLog("initialize_xdisplay_fb: XRANDR event while redoing fb[%d]:\n", cnt++); + rfbLog(" serial: %d\n", (int) rev->serial); + rfbLog(" timestamp: %d\n", (int) rev->timestamp); + rfbLog(" cfg_timestamp: %d\n", (int) rev->config_timestamp); + rfbLog(" size_id: %d\n", (int) rev->size_index); + rfbLog(" sub_pixel: %d\n", (int) rev->subpixel_order); + rfbLog(" rotation: %d\n", (int) rev->rotation); + rfbLog(" width: %d\n", (int) rev->width); + rfbLog(" height: %d\n", (int) rev->height); + rfbLog(" mwidth: %d mm\n", (int) rev->mwidth); + rfbLog(" mheight: %d mm\n", (int) rev->mheight); + rfbLog("\n"); + rfbLog("previous WxH: %dx%d\n", wdpy_x, wdpy_y); + + xrandr_width = rev->width; + xrandr_height = rev->height; + xrandr_timestamp = rev->timestamp; + xrandr_cfg_time = rev->config_timestamp; + xrandr_rotation = (int) rev->rotation; + + rfbLog("initialize_xdisplay_fb: updating XRANDR config...\n"); + XRRUpdateConfiguration(&xev); + } + } +#endif + if (try < 5) { + XFlush_wr(dpy); + usleep(250 * 1000); + if (try < 3) { + XSync(dpy, False); + } else if (try >= 3) { + XSync(dpy, True); + } + goto again; + } } if (use_snapfb) { initialize_snap_fb(); @@ -2716,9 +2950,11 @@ } else if (ncache) { int save = ncache_xrootpmap; rfbLog("set_xlate_wrapper: clearing -ncache for new pixel format.\n"); + INPUT_LOCK; ncache_xrootpmap = 0; check_ncache(1, 0); ncache_xrootpmap = save; + INPUT_UNLOCK; } return rfbSetTranslateFunction(cl); } @@ -2733,7 +2969,8 @@ int create_screen = screen ? 0 : 1; int bits_per_color; int fb_bpp, fb_Bpl, fb_depth; - + int locked_sends = 0; + bpp = fb->bits_per_pixel; fb_bpp = (int) fb->bits_per_pixel; @@ -2842,15 +3079,24 @@ */ bits_per_color = guess_bits_per_color(fb_bpp); - lock_client_sends(1); + if (lock_client_sends(-1) == 0) { + lock_client_sends(1); + locked_sends = 1; + } /* n.b. samplesPerPixel (set = 1 here) seems to be unused. */ if (create_screen) { - if (use_openssl) { - openssl_init(0); - } else if (use_stunnel) { + if (use_stunnel) { setup_stunnel(0, argc, argv); } + if (use_openssl) { + if (use_stunnel && enc_str && !strcmp(enc_str, "none")) { + /* emulating HTTPS oneport */ + ; + } else { + openssl_init(0); + } + } screen = rfbGetScreen(argc, argv, width, height, bits_per_color, 1, fb_bpp/8); if (screen && http_dir) { @@ -3250,7 +3496,6 @@ /* may need, bpp, main_red_max, etc. */ parse_wireframe(); parse_scroll_copyrect(); - setup_cursors_and_push(); if (scaling || rotating || cmap8to24) { @@ -3273,10 +3518,13 @@ } rfbReleaseClientIterator(iter); if (!quiet) rfbLog(" done.\n"); - do_copy_screen = 1; /* done for framebuffer change case */ - lock_client_sends(0); + if (locked_sends) { + lock_client_sends(0); + } + + do_copy_screen = 1; return; } @@ -3352,7 +3600,10 @@ install_passwds(); - lock_client_sends(0); + if (locked_sends) { + lock_client_sends(0); + } + return; } #define DO_AVAHI \ @@ -3367,6 +3618,10 @@ char *host = this_host(); char *tvdt; + if (remote_direct) { + return; + } + if (! ssl) { tvdt = "The VNC desktop is: "; } else { @@ -3422,31 +3677,104 @@ } } -static void announce_http(int lport, int ssl, char *iface) { +static void announce_http(int lport, int ssl, char *iface, char *extra) { char *host = this_host(); char *jvu; + int http = 0; - if (enc_str && !strcmp(enc_str, "none")) { + if (enc_str && !strcmp(enc_str, "none") && !use_stunnel) { jvu = "Java viewer URL: http"; + http = 1; } else if (ssl == 1) { jvu = "Java SSL viewer URL: https"; } else if (ssl == 2) { jvu = "Java SSL viewer URL: http"; + http = 1; } else { jvu = "Java viewer URL: http"; + http = 1; } if (iface != NULL && *iface != '\0' && strcmp(iface, "any")) { host = iface; } + if (http && getenv("X11VNC_HTTP_LISTEN_LOCALHOST")) { + host = "localhost"; + } if (host != NULL) { if (! inetd) { - fprintf(stderr, "%s://%s:%d/\n", jvu, host, lport); - if (screen && enc_str && !strcmp(enc_str, "none")) { - fprintf(stderr, "%s://%s:%d/\n", jvu, host, screen->port); + fprintf(stderr, "%s://%s:%d/%s\n", jvu, host, lport, extra); + } + } +} + +void do_announce_http(void) { + if (!screen) { + return; + } + if (remote_direct) { + return; + } + + if (screen->httpListenSock > -1 && screen->httpPort) { + int enc_none = (enc_str && !strcmp(enc_str, "none")); + char *SPORT = " (single port)"; + if (use_openssl && ! enc_none) { + announce_http(screen->port, 1, listen_str, SPORT); + if (https_port_num >= 0) { + announce_http(https_port_num, 1, + listen_str, ""); + } + announce_http(screen->httpPort, 2, listen_str, ""); + } else if (use_stunnel) { + char pmsg[100]; + pmsg[0] = '\0'; + if (stunnel_port) { + sprintf(pmsg, "?PORT=%d", stunnel_port); + } + announce_http(screen->httpPort, 2, listen_str, pmsg); + if (stunnel_http_port > 0) { + announce_http(stunnel_http_port, 1, NULL, pmsg); + } + if (enc_none) { + strcat(pmsg, SPORT); + announce_http(stunnel_port, 1, NULL, pmsg); + } + } else { + announce_http(screen->httpPort, 0, listen_str, ""); + if (enc_none) { + announce_http(screen->port, 1, NULL, SPORT); + } + } + } +} + +void do_mention_java_urls(void) { + if (! quiet && screen) { + if (screen->httpListenSock > -1 && screen->httpPort) { + rfbLog("\n"); + rfbLog("The URLs printed out below ('Java ... viewer URL') can\n"); + rfbLog("be used for Java enabled Web browser connections.\n"); + if (!stunnel_port && enc_str && !strcmp(enc_str, "none")) { + ; + } else if (use_openssl || stunnel_port) { + rfbLog("Here are some additional possibilities:\n"); + rfbLog("\n"); + rfbLog("https://host:port/proxy.vnc (MUST be used if Web Proxy used)\n"); + rfbLog("\n"); + rfbLog("https://host:port/ultra.vnc (Use UltraVNC Java Viewer)\n"); + rfbLog("https://host:port/ultraproxy.vnc (Web Proxy with UltraVNC)\n"); + rfbLog("https://host:port/ultrasigned.vnc (Signed UltraVNC Filexfer)\n"); + rfbLog("\n"); + rfbLog("Where you replace \"host:port\" with that printed below, or\n"); + rfbLog("whatever is needed to reach the host e.g. Internet IP number\n"); + rfbLog("\n"); + rfbLog("Append ?GET=1 to a URL for faster loading or supply:\n"); + rfbLog("-env X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' to cmdline.\n"); } } + rfbLog("\n"); } } @@ -3456,30 +3784,12 @@ sprintf(vnc_desktop_name, "%s/inetd-no-further-clients", this_host()); } + if (remote_direct) { + return; + } if (screen->port) { - if (! quiet) { - if (screen->httpListenSock > -1 && screen->httpPort) { - rfbLog("\n"); - rfbLog("The URLs printed out below ('Java ... viewer URL') can\n"); - rfbLog("be used for Java enabled Web browser connections.\n"); - if (enc_str && !strcmp(enc_str, "none")) { - ; - } else if (use_openssl || stunnel_port) { - rfbLog("Here are some additional possibilities:\n"); - rfbLog("\n"); - rfbLog("https://host:port/proxy.vnc (MUST be used if Web Proxy used)\n"); - rfbLog("\n"); - rfbLog("https://host:port/ultra.vnc (Use UltraVNC Java Viewer)\n"); - rfbLog("https://host:port/ultraproxy.vnc (Web Proxy with UltraVNC)\n"); - rfbLog("https://host:port/ultrasigned.vnc (Signed UltraVNC Filexfer)\n"); - rfbLog("\n"); - rfbLog("Where you replace \"host:port\" with that printed below, or\n"); - rfbLog("whatever is needed to reach the host e.g. Internet IP number\n"); - } - } - rfbLog("\n"); - } + do_mention_java_urls(); if (use_openssl) { announce(screen->port, 1, listen_str); @@ -3489,24 +3799,8 @@ if (stunnel_port) { announce(stunnel_port, 1, NULL); } - if (screen->httpListenSock > -1 && screen->httpPort) { - if (use_openssl) { - if (enc_str && !strcmp(enc_str, "none")) { - ; - } else { - announce_http(screen->port, 1, listen_str); - } - if (https_port_num >= 0) { - announce_http(https_port_num, 1, - listen_str); - } - announce_http(screen->httpPort, 2, listen_str); - } else if (use_stunnel) { - announce_http(screen->httpPort, 2, listen_str); - } else { - announce_http(screen->httpPort, 0, listen_str); - } - } + + do_announce_http(); fflush(stderr); if (inetd) { @@ -3922,6 +4216,7 @@ while (1) { char msg[] = "new client: %s taking unixpw client off hold.\n"; + int skip_scan_for_updates = 0; got_user_input = 0; got_pointer_input = 0; @@ -3954,13 +4249,19 @@ * see quickly (just 1 rfbPE will likely * only process the subsequent "up" event) */ - if (tm < last_keyboard_time + 0.16) { + if (tm < last_keyboard_time + 0.20) { rfbPE(0); rfbPE(0); rfbPE(-1); rfbPE(0); rfbPE(0); } else { + if (extra_fbur > 0) { + int i; + for (i=0; i < extra_fbur; i++) { + rfbPE(0); + } + } rfbPE(-1); } if (x11vnc_current < last_new_client + 0.5) { @@ -4082,15 +4383,25 @@ } } - if (! screen || ! screen->clientHead) { - /* waiting for a client */ - if (first_conn_timeout) { + if (first_conn_timeout) { + int t = first_conn_timeout; + if (!clients_served) { if (time(NULL) - start > first_conn_timeout) { - rfbLog("No client after %d secs.\n", - first_conn_timeout); + rfbLog("No client after %d secs.\n", t); shut_down = 1; } + } else { + if (!client_normal_count) { + if (time(NULL) - start > t + 3) { + rfbLog("No valid client after %d secs.\n", t + 3); + shut_down = 1; + } + } } + } + + if (! screen || ! screen->clientHead) { + /* waiting for a client */ usleep(200 * 1000); continue; } @@ -4112,8 +4423,20 @@ if (x11vnc_current < last_new_client + 0.5 && !all_clients_initialized()) { continue; } + if (subwin && freeze_when_obscured) { + /* XXX not working */ + X_LOCK; + XFlush_wr(dpy); + X_UNLOCK; + check_xevents(0); + if (subwin_obscured) { + skip_scan_for_updates = 1; + } + } - if (button_mask && (!show_dragging || pointer_mode == 0)) { + if (skip_scan_for_updates) { + ; + } else if (button_mask && (!show_dragging || pointer_mode == 0)) { /* * if any button is pressed in this mode do * not update rfb screen, but do flush the @@ -4126,6 +4449,7 @@ } else { static double last_dt = 0.0; double xdamage_thrash = 0.4; + static int tilecut = -1; check_cursor_changes(); @@ -4140,6 +4464,7 @@ if (rawfb_vnc_reflect) { vnc_reflect_process_client(); } + dtime0(&tm); #if !NO_X11 @@ -4159,7 +4484,9 @@ } X_UNLOCK; } + X_LOCK; check_xrandr_event("before-scan"); + X_UNLOCK; } #endif if (use_snapfb) { @@ -4176,8 +4503,15 @@ last_dt = dt; } + if (tilecut < 0) { + if (getenv("TILECUT")) { + tilecut = atoi(getenv("TILECUT")); + } + if (tilecut < 0) tilecut = 4; + } + if ((debug_tiles || debug_scroll > 1 || debug_wireframe > 1) - && (tile_diffs > 4 || debug_tiles > 1)) { + && (tile_diffs > tilecut || debug_tiles > 1)) { double rate = (tile_x * tile_y * bpp/8 * tile_diffs) / dt; fprintf(stderr, "============================= TILES: %d dt: %.4f" " t: %.4f %.2f MB/s nap_ok: %d\n", tile_diffs, dt, @@ -4188,13 +4522,33 @@ /* sleep a bit to lessen load */ wait = choose_delay(dt); + if (urgent_update) { ; } else if (wait > 2*waitms) { /* bog case, break it up */ nap_sleep(wait, 10); } else { + double t1, t2; + int idt; + if (extra_fbur > 0) { + int i; + for (i=0; i <= extra_fbur; i++) { + int r = rfbPE(0); + if (!r) break; + } + } + + /* sometimes the sleep is too short, so measure it: */ + t1 = dnow(); usleep(wait * 1000); + t2 = dnow(); + + idt = (int) (1000. * (t2 - t1)); + if (idt > 0 && idt < wait) { + /* try to sleep the remainder */ + usleep((wait - idt) * 1000); + } } cnt++; diff -Nru x11vnc-0.9.8/x11vnc/selection.c x11vnc-0.9.9/x11vnc/selection.c --- x11vnc-0.9.8/x11vnc/selection.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/selection.c 2009-12-21 04:58:10.000000000 +0000 @@ -49,7 +49,7 @@ int set_clipboard = 1; int set_cutbuffer = 0; /* to avoid bouncing the CutText right back */ int sel_waittime = 15; /* some seconds to skip before first send */ -Window selwin; /* special window for our selection */ +Window selwin = None; /* special window for our selection */ Atom clipboard_atom = None; /* @@ -64,6 +64,7 @@ int check_sel_direction(char *dir, char *label, char *sel, int len); void cutbuffer_send(void); void selection_send(XEvent *ev); +void resend_selection(char *type); /* @@ -76,6 +77,9 @@ static char cutbuffer_str[PROP_MAX+1]; static char primary_str[PROP_MAX+1]; static char clipboard_str[PROP_MAX+1]; +static int cutbuffer_len = 0; +static int primary_len = 0; +static int clipboard_len = 0; /* * An X11 (not VNC) client on the local display has requested the selection @@ -346,7 +350,7 @@ if (!screen) { return; } - len = strlen(cutbuffer_str); + cutbuffer_len = len = strlen(cutbuffer_str); if (check_sel_direction("send", "cutbuffer_send", cutbuffer_str, len)) { rfbSendServerCutText(screen, cutbuffer_str, len); } @@ -492,6 +496,49 @@ } len = newlen; + if (ev->xselection.selection == XA_PRIMARY) { + primary_len = len; + } else if (clipboard_atom && ev->xselection.selection == clipboard_atom) { + clipboard_len = len; + } + if (check_sel_direction("send", "selection_send", selection_str, len)) { + rfbSendServerCutText(screen, selection_str, len); + } +#endif /* NO_X11 */ +} + +void resend_selection(char *type) { +#if NO_X11 + RAWFB_RET_VOID + if (!type) {} + return; +#else + char *selection_str = ""; + int len = 0; + + RAWFB_RET_VOID + + if (! all_clients_initialized()) { + rfbLog("selection_send: no send: uninitialized clients\n"); + return; /* some clients initializing, cannot send */ + } + if (unixpw_in_progress) { + return; + } + if (!screen) { + return; + } + + if (!strcmp(type, "cutbuffer")) { + selection_str = cutbuffer_str; + len = cutbuffer_len; + } else if (!strcmp(type, "clipboard")) { + selection_str = clipboard_str; + len = clipboard_len; + } else if (!strcmp(type, "primary")) { + selection_str = primary_str; + len = primary_len; + } if (check_sel_direction("send", "selection_send", selection_str, len)) { rfbSendServerCutText(screen, selection_str, len); } diff -Nru x11vnc-0.9.8/x11vnc/selection.h x11vnc-0.9.9/x11vnc/selection.h --- x11vnc-0.9.8/x11vnc/selection.h 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/selection.h 2009-12-21 04:58:10.000000000 +0000 @@ -50,5 +50,6 @@ extern int check_sel_direction(char *dir, char *label, char *sel, int len); extern void cutbuffer_send(void); extern void selection_send(XEvent *ev); +extern void resend_selection(char *type); #endif /* _X11VNC_SELECTION_H */ diff -Nru x11vnc-0.9.8/x11vnc/solid.c x11vnc-0.9.9/x11vnc/solid.c --- x11vnc-0.9.8/x11vnc/solid.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/solid.c 2009-12-21 04:58:10.000000000 +0000 @@ -37,9 +37,11 @@ #include "xwrappers.h" #include "connections.h" #include "cleanup.h" +#include "xevents.h" char *guess_desktop(void); void solid_bg(int restore); +char *dbus_session(void); static void usr_bin_path(int restore); @@ -550,31 +552,133 @@ #endif /* NO_X11 */ } +static char _dbus_str[1100]; + +char *dbus_session(void) { + char *dbus_env = getenv("DBUS_SESSION_BUS_ADDRESS"); + char tmp[1000]; + + if (dbus_env != NULL && strlen(dbus_env) > 0) { + return ""; + } +#if NO_X11 + return ""; +#else + { + Atom dbus_prop, dbus_pid; + Window r, w, *children; + int sbest = -1; + unsigned int ui; + int rc, i; + + memset(_dbus_str, 0, sizeof(_dbus_str)); + + X_LOCK; + dbus_prop = XInternAtom(dpy, "_DBUS_SESSION_BUS_ADDRESS", True); + dbus_pid = XInternAtom(dpy, "_DBUS_SESSION_BUS_PID", True); + X_UNLOCK; + if (dbus_prop == None) { + return ""; + } + + X_LOCK; + memset(tmp, 0, sizeof(tmp)); + get_prop(tmp, sizeof(tmp)-1, dbus_prop, None); + X_UNLOCK; + if (strcmp(tmp, "")) { + if (!strchr(tmp, '\'')) { + sprintf(_dbus_str, "env DBUS_SESSION_BUS_ADDRESS='%s'", tmp); + return _dbus_str; + } + } + + X_LOCK; + rc = XQueryTree_wr(dpy, rootwin, &r, &w, &children, &ui); + X_UNLOCK; + if (!rc || children == NULL || ui == 0) { + return ""; + } + for (i=0; i < (int) ui; i++) { + int pid = -1; + + X_LOCK; + memset(tmp, 0, sizeof(tmp)); + get_prop(tmp, sizeof(tmp)-1, dbus_prop, children[i]); + if (dbus_pid != None) { + Atom atype; + int aformat; + unsigned long nitems, bafter; + unsigned char *prop; + if (XGetWindowProperty(dpy, children[i], dbus_pid, + 0, 1, False, XA_CARDINAL, &atype, &aformat, + &nitems, &bafter, &prop) == Success + && atype == XA_CARDINAL) { + pid = *((int *) prop); + XFree_wr(prop); + } + } + X_UNLOCK; + + if (strcmp(tmp, "") && !strchr(tmp, '\'')) { + int score = 0; + if (1 < pid && pid < 10000000) { + struct stat sb; + char procfile[32]; + + sprintf(procfile, "/proc/%d", pid); + if (stat(procfile, &sb) == 0) { + score += 10000000; + } + score += pid; + } + if (getenv("X11VNC_DBUS_DEBUG")) fprintf(stderr, "win: 0x%lx pid: %8d score: %8d str: %s\n", children[i], pid, score, tmp); + if (score > sbest) { + sprintf(_dbus_str, "env DBUS_SESSION_BUS_ADDRESS='%s'", tmp); + sbest = score; + } + } + } + X_LOCK; + XFree_wr(children); + X_UNLOCK; + + return _dbus_str; + } +#endif +} + static void solid_gnome(char *color) { #if NO_X11 RAWFB_RET_VOID if (!color) {} return; #else - char get_color[] = "gconftool-2 --get " + char get_color[] = "%s gconftool-2 --get " "/desktop/gnome/background/primary_color"; - char set_color[] = "gconftool-2 --set " - "/desktop/gnome/background/primary_color --type string '%s'"; - char get_option[] = "gconftool-2 --get " + char set_color[] = "%s gconftool-2 --set --type string " + "/desktop/gnome/background/primary_color '%s'"; + char get_option[] = "%s gconftool-2 --get " "/desktop/gnome/background/picture_options"; - char set_option[] = "gconftool-2 --set " - "/desktop/gnome/background/picture_options --type string '%s'"; + char set_option[] = "%s gconftool-2 --set --type string " + "/desktop/gnome/background/picture_options '%s'"; #if 0 - char get_filename[] = "gconftool-2 --get " + char get_shading[] = "%s gconftool-2 --get " + "/desktop/gnome/background/color_shading_type"; + char set_shading[] = "%s gconftool-2 --set --type string " + "/desktop/gnome/background/color_shading_type '%s'"; + char get_filename[] = "%s gconftool-2 --get " "/desktop/gnome/background/picture_filename"; - char set_filename[] = "gconftool-2 --set " - "/desktop/gnome/background/picture_filename --type string '%s'"; + char set_filename[] = "%s gconftool-2 --set --type string " + "/desktop/gnome/background/picture_filename '%s'"; #endif static char *orig_color = NULL; static char *orig_option = NULL; - char *cmd; + char *cmd, *dbus = ""; RAWFB_RET_VOID + + dbus = dbus_session(); + rfbLog("guessed dbus: %s\n", dbus); if (! color) { if (! orig_color) { @@ -591,14 +695,12 @@ rfbLog("invalid option: %s\n", orig_option); return; } - cmd = (char *) malloc(strlen(set_option) - 2 + - strlen(orig_option) + 1); - sprintf(cmd, set_option, orig_option); + cmd = (char *) malloc(strlen(set_option) - 2 + strlen(orig_option) + strlen(dbus) + 1); + sprintf(cmd, set_option, dbus, orig_option); dt_cmd(cmd); free(cmd); - cmd = (char *) malloc(strlen(set_color) - 2 + - strlen(orig_color) + 1); - sprintf(cmd, set_color, orig_color); + cmd = (char *) malloc(strlen(set_color) - 2 + strlen(orig_color) + strlen(dbus) + 1); + sprintf(cmd, set_color, dbus, orig_color); dt_cmd(cmd); free(cmd); return; @@ -607,7 +709,10 @@ if (! orig_color) { char *q; if (cmd_ok("dt")) { - orig_color = strdup(cmd_output(get_color)); + cmd = (char *) malloc(strlen(get_color) + strlen(dbus) + 1); + sprintf(cmd, get_color, dbus); + orig_color = strdup(cmd_output(cmd)); + free(cmd); } else { orig_color = ""; } @@ -621,7 +726,10 @@ if (! orig_option) { char *q; if (cmd_ok("dt")) { - orig_option = strdup(cmd_output(get_option)); + cmd = (char *) malloc(strlen(get_option) + strlen(dbus) + 1); + sprintf(cmd, get_option, dbus); + orig_option = strdup(cmd_output(cmd)); + free(cmd); } else { orig_color = ""; } @@ -636,19 +744,19 @@ rfbLog("invalid color: %s\n", color); return; } - cmd = (char *) malloc(strlen(set_color) + strlen(color) + 1); - sprintf(cmd, set_color, color); + cmd = (char *) malloc(strlen(set_color) + strlen(color) + strlen(dbus) + 1); + sprintf(cmd, set_color, dbus, color); dt_cmd(cmd); free(cmd); - cmd = (char *) malloc(strlen(set_option) + strlen("none") + 1); - sprintf(cmd, set_option, "none"); + cmd = (char *) malloc(strlen(set_option) + strlen("none") + strlen(dbus) + 1); + sprintf(cmd, set_option, dbus, "none"); dt_cmd(cmd); free(cmd); #if 0 cmd = (char *) malloc(strlen(set_filename) + strlen("none") + 1); - sprintf(cmd, set_filename, "none"); + sprintf(cmd, set_filename, dbus, "none"); dt_cmd(cmd); free(cmd); #endif @@ -656,6 +764,114 @@ #endif /* NO_X11 */ } +static void solid_xfce(char *color) { +#if NO_X11 + RAWFB_RET_VOID + if (!color) {} + return; +#else + char get_image_show[] = "%s xfconf-query -v -c xfce4-desktop -p /backdrop/screen0/monitor0/image-show"; + char set_image_show[] = "%s xfconf-query -v -c xfce4-desktop -p /backdrop/screen0/monitor0/image-show -s '%s'"; + char get_color_style[] = "%s xfconf-query -v -c xfce4-desktop -p /backdrop/screen0/monitor0/color-style"; + char set_color_style[] = "%s xfconf-query -v -c xfce4-desktop -p /backdrop/screen0/monitor0/color-style -s '%s'"; + + static char *orig_image_show = NULL; + static char *orig_color_style = NULL; + char *cmd, *dbus = ""; + + RAWFB_RET_VOID + + dbus = dbus_session(); + rfbLog("guessed dbus: %s\n", dbus); + + if (! color) { + if (! orig_image_show) { + orig_image_show = "true"; + } + if (! orig_color_style) { + orig_color_style = "0"; + } + if (strstr(orig_image_show, "'") != NULL) { + rfbLog("invalid image show: %s\n", orig_image_show); + return; + } + if (strstr(orig_color_style, "'") != NULL) { + rfbLog("invalid color style: %s\n", orig_color_style); + return; + } + if (orig_image_show[0] != '\0') { + cmd = (char *) malloc(strlen(set_image_show) - 2 + strlen(orig_image_show) + strlen(dbus) + 1); + sprintf(cmd, set_image_show, dbus, orig_image_show); + dt_cmd(cmd); + free(cmd); + } + if (orig_color_style[0] != '\0') { + cmd = (char *) malloc(strlen(set_color_style) - 2 + strlen(orig_color_style) + strlen(dbus) + 1); + sprintf(cmd, set_color_style, dbus, orig_color_style); + dt_cmd(cmd); + free(cmd); + } + return; + } + + if (! orig_image_show) { + char *q; + orig_image_show = ""; + if (cmd_ok("dt")) { + cmd = (char *) malloc(strlen(get_image_show) + strlen(dbus) + 1); + sprintf(cmd, get_image_show, dbus); + orig_image_show = strdup(cmd_output(cmd)); + if ((q = strrchr(orig_image_show, '\n')) != NULL) { + *q = '\0'; + } + fprintf(stderr, "get_image_show returned: '%s'\n\n", orig_image_show); + free(cmd); + if (strcasecmp(orig_image_show, "false") && strcasecmp(orig_image_show, "true")) { + fprintf(stderr, "unrecognized image_show, disabling.\n"); + free(orig_image_show); + orig_image_show = ""; + } + } + } + if (! orig_color_style) { + char *q; + orig_color_style = ""; + if (cmd_ok("dt")) { + cmd = (char *) malloc(strlen(get_color_style) + strlen(dbus) + 1); + sprintf(cmd, get_color_style, dbus); + orig_color_style = strdup(cmd_output(cmd)); + if ((q = strrchr(orig_color_style, '\n')) != NULL) { + *q = '\0'; + } + fprintf(stderr, "get_color_style returned: '%s'\n\n", orig_color_style); + free(cmd); + if (strlen(orig_color_style) > 1 || !isdigit((unsigned char) (*orig_color_style))) { + fprintf(stderr, "unrecognized color_style, disabling.\n"); + free(orig_color_style); + orig_color_style = ""; + } + } + } + + if (strstr(color, "'") != NULL) { + rfbLog("invalid color: %s\n", color); + return; + } + + cmd = (char *) malloc(strlen(set_color_style) + strlen("0") + strlen(dbus) + 1); + sprintf(cmd, set_color_style, dbus, "0"); + dt_cmd(cmd); + free(cmd); + + cmd = (char *) malloc(strlen(set_image_show) + strlen("false") + strlen(dbus) + 1); + sprintf(cmd, set_image_show, dbus, "false"); + dt_cmd(cmd); + free(cmd); + +#endif /* NO_X11 */ +} + + static char *dcop_session(void) { char *empty = strdup(""); #if NO_X11 @@ -1140,6 +1356,8 @@ solid_kde(NULL); } else if (desktop == 3) { solid_cde(NULL); + } else if (desktop == 4) { + solid_xfce(NULL); } solid_on = 0; return; @@ -1161,6 +1379,8 @@ dtname = "kde"; } else if (strstr(solid_str, "cde:") == solid_str) { dtname = "cde"; + } else if (strstr(solid_str, "xfce:") == solid_str) { + dtname = "xfce"; } else { dtname = "root"; } @@ -1189,6 +1409,9 @@ } else if (!strcmp(dtname, "cde")) { desktop = 3; solid_cde(color); + } else if (!strcmp(dtname, "xfce")) { + desktop = 4; + solid_xfce(color); } else { desktop = 0; solid_root(color); diff -Nru x11vnc-0.9.8/x11vnc/solid.h x11vnc-0.9.9/x11vnc/solid.h --- x11vnc-0.9.8/x11vnc/solid.h 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/solid.h 2009-12-21 04:58:10.000000000 +0000 @@ -39,6 +39,7 @@ extern unsigned long get_pixel(char *color); extern XImage *solid_image(char *color); extern void solid_bg(int restore); +extern char *dbus_session(void); extern XImage *solid_root(char *color); extern void kde_no_animate(int restore); extern void gnome_no_animate(void); diff -Nru x11vnc-0.9.8/x11vnc/sslcmds.c x11vnc-0.9.9/x11vnc/sslcmds.c --- x11vnc-0.9.8/x11vnc/sslcmds.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/sslcmds.c 2009-12-21 04:58:10.000000000 +0000 @@ -49,7 +49,7 @@ void check_stunnel(void); -int start_stunnel(int stunnel_port, int x11vnc_port); +int start_stunnel(int stunnel_port, int x11vnc_port, int hport, int x11vnc_hport); void stop_stunnel(void); void setup_stunnel(int rport, int *argc, char **argv); char *get_Cert_dir(char *cdir_in, char **tmp_in); @@ -86,14 +86,14 @@ } } -int start_stunnel(int stunnel_port, int x11vnc_port) { +int start_stunnel(int stunnel_port, int x11vnc_port, int hport, int x11vnc_hport) { #ifdef SSLCMDS char extra[] = ":/usr/sbin:/usr/local/sbin:/dist/sbin"; char *path, *p, *exe; char *stunnel_path = NULL; struct stat verify_buf; struct stat crl_buf; - int status; + int status, tmp_pem = 0; if (stunnel_pid) { stop_stunnel(); @@ -167,9 +167,33 @@ " saved PEM.\n"); clean_up_exit(1); } + } else if (!stunnel_pem) { + stunnel_pem = create_tmp_pem(NULL, 0); + if (! stunnel_pem) { + rfbLog("start_stunnel: could not create temporary," + " self-signed PEM.\n"); + clean_up_exit(1); + } + tmp_pem = 1; + if (getenv("X11VNC_SHOW_TMP_PEM")) { + FILE *in = fopen(stunnel_pem, "r"); + if (in != NULL) { + char line[128]; + fprintf(stderr, "\n"); + while (fgets(line, 128, in) != NULL) { + fprintf(stderr, "%s", line); + } + fprintf(stderr, "\n"); + fclose(in); + } + } } if (ssl_verify) { + char *file = get_ssl_verify_file(ssl_verify); + if (file) { + ssl_verify = file; + } if (stat(ssl_verify, &verify_buf) != 0) { rfbLog("stunnel: %s does not exist.\n", ssl_verify); clean_up_exit(1); @@ -245,6 +269,7 @@ if (! in) { exit(1); } + fprintf(in, "foreground = yes\n"); fprintf(in, "pid =\n"); if (stunnel_pem) { @@ -263,7 +288,6 @@ } else { fprintf(in, "CAfile = %s\n", ssl_verify); } - /* XXX double check -v 2 */ fprintf(in, "verify = 2\n"); } fprintf(in, ";debug = 7\n\n"); @@ -271,8 +295,24 @@ fprintf(in, "accept = %d\n", stunnel_port); fprintf(in, "connect = %d\n", x11vnc_port); + if (hport > 0 && x11vnc_hport > 0) { + fprintf(in, "\n[x11vnc_http]\n"); + fprintf(in, "accept = %d\n", hport); + fprintf(in, "connect = %d\n", x11vnc_hport); + } + fflush(in); rewind(in); + + if (getenv("STUNNEL_DEBUG")) { + char line[1000]; + fprintf(stderr, "\nstunnel config contents:\n\n"); + while (fgets(line, sizeof(line), in) != NULL) { + fprintf(stderr, "%s", line); + } + fprintf(stderr, "\n"); + rewind(in); + } sprintf(fd, "%d", fileno(in)); execlp(stunnel_path, stunnel_path, "-fd", fd, (char *) NULL); @@ -280,9 +320,21 @@ } free(exe); - usleep(500 * 1000); + usleep(750 * 1000); waitpid(stunnel_pid, &status, WNOHANG); + + if (ssl_verify && strstr(ssl_verify, "/sslverify-tmp-load-")) { + /* temporary file */ + usleep(1000 * 1000); + unlink(ssl_verify); + } + if (tmp_pem) { + /* temporary cert */ + usleep(1500 * 1000); + unlink(stunnel_pem); + } + if (kill(stunnel_pid, 0) != 0) { waitpid(stunnel_pid, &status, WNOHANG); stunnel_pid = 0; @@ -315,13 +367,13 @@ } void setup_stunnel(int rport, int *argc, char **argv) { - int i, xport = 0; + int i, xport = 0, hport = 0, xhport = 0; + if (! rport && argc && argv) { for (i=0; i< *argc; i++) { if (argv[i] && !strcmp(argv[i], "-rfbport")) { if (i < *argc - 1) { rport = atoi(argv[i+1]); - break; } } } @@ -340,7 +392,36 @@ goto stunnel_fail; } - if (start_stunnel(rport, xport)) { + if (https_port_num > 0) { + hport = https_port_num; + } + + if (! hport && argc && argv) { + for (i=0; i< *argc; i++) { + if (argv[i] && !strcmp(argv[i], "-httpport")) { + if (i < *argc - 1) { + hport = atoi(argv[i+1]); + } + } + } + } + + if (! hport && http_try_it) { + hport = find_free_port(rport-100, rport-1); + if (! hport) { + goto stunnel_fail; + } + } + if (hport) { + xhport = find_free_port(5850, 5899); + if (! xhport) { + goto stunnel_fail; + } + stunnel_http_port = hport; + } + + + if (start_stunnel(rport, xport, hport, xhport)) { int tweaked = 0; char tmp[30]; sprintf(tmp, "%d", xport); diff -Nru x11vnc-0.9.8/x11vnc/sslcmds.h x11vnc-0.9.9/x11vnc/sslcmds.h --- x11vnc-0.9.8/x11vnc/sslcmds.h 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/sslcmds.h 2009-12-21 04:58:10.000000000 +0000 @@ -36,7 +36,7 @@ /* -- sslcmds.h -- */ extern void check_stunnel(void); -extern int start_stunnel(int stunnel_port, int x11vnc_port); +extern int start_stunnel(int stunnel_port, int x11vnc_port, int hport, int x11vnc_hport); extern void stop_stunnel(void); extern void setup_stunnel(int rport, int *argc, char **argv); extern char *get_Cert_dir(char *cdir_in, char **tmp_in); diff -Nru x11vnc-0.9.8/x11vnc/sslhelper.c x11vnc-0.9.9/x11vnc/sslhelper.c --- x11vnc-0.9.8/x11vnc/sslhelper.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/sslhelper.c 2009-12-21 04:58:10.000000000 +0000 @@ -73,80 +73,13 @@ void raw_xfer(int csock, int s_in, int s_out); -#if !LIBVNCSERVER_HAVE_LIBSSL -int openssl_present(void) {return 0;} -static void badnews(void) { - use_openssl = 0; - use_stunnel = 0; - rfbLog("** not compiled with libssl OpenSSL support **\n"); - clean_up_exit(1); -} -void openssl_init(int isclient) {badnews();} -void openssl_port(void) {badnews();} -void https_port(void) {badnews();} -void check_openssl(void) {if (use_openssl) badnews();} -void check_https(void) {if (use_openssl) badnews();} -void ssl_helper_pid(pid_t pid, int sock) {badnews(); sock = pid;} -void accept_openssl(int mode, int presock) {mode = 0; presock = 0; badnews();} -char *find_openssl_bin(void) {badnews(); return NULL;} -char *get_saved_pem(char *string, int create) {badnews(); return NULL;} -#else - -/* - * This is because on older systems both zlib.h and ssl.h define - * 'free_func' nothing we do below (currently) induces an external - * dependency on 'free_func'. - */ -#define free_func my_jolly_little_free_func - -#include -#include -#include - -int openssl_present(void); -void openssl_init(int isclient); -void openssl_port(void); -void check_openssl(void); -void check_https(void); -void ssl_helper_pid(pid_t pid, int sock); -void accept_openssl(int mode, int presock); -char *find_openssl_bin(void); +/* openssl(1) pem related functions: */ char *get_saved_pem(char *string, int create); +char *find_openssl_bin(void); +char *get_ssl_verify_file(char *str_in); +char *create_tmp_pem(char *path, int prompt); -static SSL_CTX *ctx = NULL; -static RSA *rsa_512 = NULL; -static RSA *rsa_1024 = NULL; -static SSL *ssl = NULL; -static X509_STORE *revocation_store = NULL; - - -static void init_prng(void); -static void sslerrexit(void); static char *get_input(char *tag, char **in); -static char *create_tmp_pem(char *path, int prompt); -static int ssl_init(int s_in, int s_out, int skip_vnc_tls, double last_https); -static void ssl_xfer(int csock, int s_in, int s_out, int is_https); - -#ifndef FORK_OK -void openssl_init(int isclient) { - rfbLog("openssl_init: fork is not supported. cannot create" - " ssl helper process.\n"); - clean_up_exit(1); -} -int openssl_present(void) {return 0;} -#else -int openssl_present(void) {return 1;} - -static void sslerrexit(void) { - unsigned long err = ERR_get_error(); - - if (err) { - char str[256]; - ERR_error_string(err, str); - fprintf(stderr, "ssl error: %s\n", str); - } - clean_up_exit(1); -} char *get_saved_pem(char *save, int create) { char *s = NULL, *path, *cdir, *tmp; @@ -263,7 +196,7 @@ gp = getenv("PATH"); if (! gp) { - fprintf(stderr, "could not find openssl(1) program in PATH.\n"); + fprintf(stderr, "could not find openssl(1) program in PATH. (null)\n"); return NULL; } @@ -289,6 +222,7 @@ if (! found_openssl) { fprintf(stderr, "could not find openssl(1) program in PATH.\n"); + fprintf(stderr, "PATH=%s\n", gp); fprintf(stderr, "(also checked: %s)\n", extra); return NULL; } @@ -297,7 +231,7 @@ /* uses /usr/bin/openssl to create a tmp cert */ -static char *create_tmp_pem(char *pathin, int prompt) { +char *create_tmp_pem(char *pathin, int prompt) { pid_t pid, pidw; FILE *in, *out; char cnf[] = "/tmp/x11vnc-cnf.XXXXXX"; @@ -411,6 +345,10 @@ days = "30"; } +#ifndef FORK_OK + rfbLog("not compiled with fork(2)\n"); + clean_up_exit(1); +#else /* make RSA key */ pid = fork(); if (pid < 0) { @@ -476,6 +414,8 @@ fclose(out); #endif +#endif /* FORK_OK */ + unlink(cnf); free(exe); @@ -543,15 +483,22 @@ } if (show_cert) { - char cmd[100]; - if (inetd) { - sprintf(cmd, "openssl x509 -text -in '%s' 1>&2", pem); - } else { - sprintf(cmd, "openssl x509 -text -in '%s'", pem); + exe = find_openssl_bin(); + if (!exe) { + exe = strdup("openssl"); + } + if (strlen(pem) + strlen(exe) < 4000) { + char cmd[5000]; + if (inetd) { + sprintf(cmd, "%s x509 -text -in '%s' 1>&2", exe, pem); + } else { + sprintf(cmd, "%s x509 -text -in '%s'", exe, pem); + } + fprintf(stderr, "\n"); + system(cmd); + fprintf(stderr, "\n"); } - fprintf(stderr, "\n"); - system(cmd); - fprintf(stderr, "\n"); + free(exe); } if (pathin) { @@ -562,39 +509,6 @@ } } -static int pem_passwd_callback(char *buf, int size, int rwflag, - void *userdata) { - char *q, line[1024]; - - if (! buf) { - exit(1); - } - - fprintf(stderr, "\nA passphrase is needed to unlock an OpenSSL " - "private key (PEM file).\n"); - fprintf(stderr, "Enter passphrase> "); - system("stty -echo"); - if(fgets(line, 1024, stdin) == NULL) { - fprintf(stdout, "\n"); - system("stty echo"); - exit(1); - } - system("stty echo"); - fprintf(stdout, "\n\n"); - q = strrchr(line, '\n'); - if (q) { - *q = '\0'; - } - line[1024 - 1] = '\0'; - strncpy(buf, line, size); - buf[size - 1] = '\0'; - - if (0) rwflag = 0; /* compiler warning. */ - if (0) userdata = 0; /* compiler warning. */ - - return strlen(buf); -} - static int appendfile(FILE *out, char *infile) { char line[1024]; FILE *in; @@ -623,7 +537,7 @@ return 1; } -static char *get_ssl_verify_file(char *str_in) { +char *get_ssl_verify_file(char *str_in) { char *p, *str, *cdir, *tmp; char *tfile, *tfile2; FILE *file; @@ -649,7 +563,7 @@ tfile = (char *) malloc(strlen(tmp) + 1024); tfile2 = (char *) malloc(strlen(tmp) + 1024); - sprintf(tfile, "%s/sslverify-load-%d.crts.XXXXXX", tmp, getpid()); + sprintf(tfile, "%s/sslverify-tmp-load-%d.crts.XXXXXX", tmp, getpid()); fd = mkstemp(tfile); if (fd < 0) { @@ -742,6 +656,140 @@ return tfile; } +int openssl_present(void); +void openssl_init(int isclient); +void openssl_port(void); +void https_port(void); +void check_openssl(void); +void check_https(void); +void ssl_helper_pid(pid_t pid, int sock); +void accept_openssl(int mode, int presock); + +static void lose_ram(void); +#define ABSIZE 16384 + +static int vencrypt_selected = 0; +static int anontls_selected = 0; + +/* to test no openssl libssl */ +#if 0 +#undef LIBVNCSERVER_HAVE_LIBSSL +#define LIBVNCSERVER_HAVE_LIBSSL 0 +#endif + +#if !LIBVNCSERVER_HAVE_LIBSSL + +static void badnews(char *name) { + use_openssl = 0; + use_stunnel = 0; + rfbLog("** %s: not compiled with libssl OpenSSL support **\n", name ? name : "???"); + clean_up_exit(1); +} + +int openssl_present(void) {return 0;} +void openssl_init(int isclient) {badnews("openssl_init");} + +#define SSL_ERROR_NONE 0 + +static int ssl_init(int s_in, int s_out, int skip_vnc_tls, double last_https) { + if (enc_str != NULL) { + return 1; + } + badnews("ssl_init"); + return 0; +} + +static void ssl_xfer(int csock, int s_in, int s_out, int is_https) { + if (enc_str != NULL && !strcmp(enc_str, "none")) { + usleep(250*1000); + rfbLog("doing '-enc none' raw transfer (no encryption)\n"); + raw_xfer(csock, s_in, s_out); + } else { + badnews("ssl_xfer"); + } +} + +#else /* LIBVNCSERVER_HAVE_LIBSSL */ + +/* + * This is because on older systems both zlib.h and ssl.h define + * 'free_func' nothing we do below (currently) induces an external + * dependency on 'free_func'. + */ +#define free_func my_jolly_little_free_func + +#include +#include +#include + +static SSL_CTX *ctx = NULL; +static RSA *rsa_512 = NULL; +static RSA *rsa_1024 = NULL; +static SSL *ssl = NULL; +static X509_STORE *revocation_store = NULL; + + +static void init_prng(void); +static void sslerrexit(void); +static int ssl_init(int s_in, int s_out, int skip_vnc_tls, double last_https); +static void ssl_xfer(int csock, int s_in, int s_out, int is_https); + +#ifndef FORK_OK +void openssl_init(int isclient) { + rfbLog("openssl_init: fork is not supported. cannot create" + " ssl helper process.\n"); + clean_up_exit(1); +} +int openssl_present(void) {return 0;} + +#else + +int openssl_present(void) {return 1;} + +static void sslerrexit(void) { + unsigned long err = ERR_get_error(); + + if (err) { + char str[256]; + ERR_error_string(err, str); + fprintf(stderr, "ssl error: %s\n", str); + } + clean_up_exit(1); +} + +static int pem_passwd_callback(char *buf, int size, int rwflag, + void *userdata) { + char *q, line[1024]; + + if (! buf) { + exit(1); + } + + fprintf(stderr, "\nA passphrase is needed to unlock an OpenSSL " + "private key (PEM file).\n"); + fprintf(stderr, "Enter passphrase> "); + system("stty -echo"); + if(fgets(line, 1024, stdin) == NULL) { + fprintf(stdout, "\n"); + system("stty echo"); + exit(1); + } + system("stty echo"); + fprintf(stdout, "\n\n"); + q = strrchr(line, '\n'); + if (q) { + *q = '\0'; + } + line[1024 - 1] = '\0'; + strncpy(buf, line, size); + buf[size - 1] = '\0'; + + if (0) rwflag = 0; /* compiler warning. */ + if (0) userdata = 0; /* compiler warning. */ + + return strlen(buf); +} + /* based on mod_ssl */ static int crl_callback(X509_STORE_CTX *callback_ctx) { X509_STORE_CTX store_ctx; @@ -890,9 +938,6 @@ #define rfbVencryptX509Vnc 261 #define rfbVencryptX509Plain 262 -static int vencrypt_selected = 0; -static int anontls_selected = 0; - static int ssl_client_mode = 0; static int switch_to_anon_dh(void); @@ -1168,7 +1213,7 @@ } else { SSL_CTX_set_verify(ctx, lvl, verify_callback); } - if (strstr(file, "tmp/sslverify-load-")) { + if (strstr(file, "/sslverify-tmp-load-")) { /* temporary file */ unlink(file); } @@ -1179,2810 +1224,2773 @@ rfbLog("\n"); } -void openssl_port(void) { - int sock, shutdown = 0; - static int port = 0; - static in_addr_t iface = INADDR_ANY; - int db = 0; - - if (! screen) { - rfbLog("openssl_port: no screen!\n"); - clean_up_exit(1); +static int read_exact(int sock, char *buf, int len) { + int n, fail = 0; + if (sock < 0) { + return 0; } - if (inetd) { - ssl_initialized = 1; - return; + while (len > 0) { + n = read(sock, buf, len); + if (n > 0) { + buf += n; + len -= n; + } else if (n == 0) { + fail = 1; + break; + } else if (n < 0 && (errno == EAGAIN || errno == EWOULDBLOCK)) { + usleep(10*1000); + } else if (n < 0 && errno != EINTR) { + fail = 1; + break; + } } - - if (screen->listenSock > -1 && screen->port > 0) { - port = screen->port; - shutdown = 1; - } - if (screen->listenInterface) { - iface = screen->listenInterface; - } - - if (shutdown) { - if (db) fprintf(stderr, "shutting down %d/%d\n", - port, screen->listenSock); -#if LIBVNCSERVER_HAS_SHUTDOWNSOCKETS - rfbShutdownSockets(screen); -#endif + if (fail) { + return 0; + } else { + return 1; } +} - sock = rfbListenOnTCPPort(port, iface); +static int write_exact(int sock, char *buf, int len) { + int n, fail = 0; if (sock < 0) { - rfbLog("openssl_port: could not reopen port %d\n", port); - clean_up_exit(1); + return 0; } - rfbLog("openssl_port: listen on port/sock %d/%d\n", port, sock); - if (!quiet) { - announce(port, 1, NULL); + while (len > 0) { + n = write(sock, buf, len); + if (n > 0) { + buf += n; + len -= n; + } else if (n == 0) { + fail = 1; + break; + } else if (n < 0 && (errno == EAGAIN || errno == EWOULDBLOCK)) { + usleep(10*1000); + } else if (n < 0 && errno != EINTR) { + fail = 1; + break; + } + } + if (fail) { + return 0; + } else { + return 1; } - openssl_sock = sock; - openssl_port_num = port; - - ssl_initialized = 1; } +/* XXX not in rfb.h: */ +void rfbClientSendString(rfbClientPtr cl, char *reason); -void https_port(void) { - int sock; - static int port = 0; - static in_addr_t iface = INADDR_ANY; - int db = 0; +static int finish_auth(rfbClientPtr client, char *type) { + int security_result, ret; - /* as openssl_port above: open a listening socket for pure https: */ - if (https_port_num < 0) { - return; - } - if (! screen) { - rfbLog("https_port: no screen!\n"); - clean_up_exit(1); - } - if (screen->listenInterface) { - iface = screen->listenInterface; - } + ret = 0; - if (https_port_num == 0) { - https_port_num = find_free_port(5801, 5851); - } - if (https_port_num <= 0) { - rfbLog("https_port: could not find port %d\n", https_port_num); - clean_up_exit(1); - } - port = https_port_num; +if (getenv("X11VNC_DEBUG_TLSPLAIN")) fprintf(stderr, "finish_auth type=%s\n", type); - sock = rfbListenOnTCPPort(port, iface); - if (sock < 0) { - rfbLog("https_port: could not open port %d\n", port); - clean_up_exit(1); - } - if (db) fprintf(stderr, "https_port: listen on port/sock %d/%d\n", - port, sock); + if (!strcmp(type, "None")) { + security_result = 0; /* success */ + if (write_exact(client->sock, (char *) &security_result, 4)) { + ret = 1; + } + rfbLog("finish_auth: using auth 'None'\n"); + client->state = RFB_INITIALISATION; - https_sock = sock; -} + } else if (!strcmp(type, "Vnc")) { + RAND_bytes(client->authChallenge, CHALLENGESIZE); + if (write_exact(client->sock, (char *) &client->authChallenge, CHALLENGESIZE)) { + ret = 1; + } + rfbLog("finish_auth: using auth 'Vnc', sent challenge.\n"); + client->state = RFB_AUTHENTICATION; -static void lose_ram(void) { - /* - * for a forked child that will be around for a long time - * without doing exec(). we really should re-exec, but a pain - * to redo all SSL ctx. - */ - free_old_fb(); + } else if (!strcmp(type, "Plain")) { + if (!unixpw) { + rfbLog("finish_auth: *Plain not allowed outside unixpw mode.\n"); + ret = 0; + } else { + char *un, *pw; + int unlen, pwlen; - free_tiles(); -} +if (getenv("X11VNC_DEBUG_TLSPLAIN")) fprintf(stderr, "*Plain begin: onHold=%d client=%p unixpw_client=%p\n", client->onHold, (void *) client, (void *) unixpw_client); -/* utility to keep track of existing helper processes: */ + if (!read_exact(client->sock, (char *)&unlen, 4)) goto fail; + unlen = Swap32IfLE(unlen); -void ssl_helper_pid(pid_t pid, int sock) { -# define HPSIZE 256 - static pid_t helpers[HPSIZE]; - static int sockets[HPSIZE], first = 1; - int i, empty, set, status; - static int db = 0; +if (getenv("X11VNC_DEBUG_TLSPLAIN")) fprintf(stderr, "unlen: %d\n", unlen); - if (first) { - for (i=0; i < HPSIZE; i++) { - helpers[i] = 0; - sockets[i] = 0; - } - if (getenv("SSL_HELPER_PID_DB")) { - db = 1; - } - first = 0; - } + if (!read_exact(client->sock, (char *)&pwlen, 4)) goto fail; + pwlen = Swap32IfLE(pwlen); +if (getenv("X11VNC_DEBUG_TLSPLAIN")) fprintf(stderr, "pwlen: %d\n", pwlen); - if (pid == 0) { - /* killall or waitall */ - for (i=0; i < HPSIZE; i++) { - if (helpers[i] == 0) { - sockets[i] = -1; - continue; - } - if (kill(helpers[i], 0) == 0) { - int kret = -2; - pid_t wret; - if (sock != -2) { - if (sockets[i] >= 0) { - close(sockets[i]); - } - kret = kill(helpers[i], SIGTERM); - if (kret == 0) { - usleep(20 * 1000); - } - } + un = (char *) malloc(unlen+1); + memset(un, 0, unlen+1); -#if LIBVNCSERVER_HAVE_SYS_WAIT_H && LIBVNCSERVER_HAVE_WAITPID - wret = waitpid(helpers[i], &status, WNOHANG); + pw = (char *) malloc(pwlen+2); + memset(pw, 0, pwlen+2); -if (db) fprintf(stderr, "waitpid(%d)\n", helpers[i]); -if (db) fprintf(stderr, " waitret1=%d\n", wret); + if (!read_exact(client->sock, un, unlen)) goto fail; + if (!read_exact(client->sock, pw, pwlen)) goto fail; - if (kret == 0 && wret != helpers[i]) { - int k; - for (k=0; k < 10; k++) { - usleep(100 * 1000); - wret = waitpid(helpers[i], &status, WNOHANG); -if (db) fprintf(stderr, " waitret2=%d\n", wret); - if (wret == helpers[i]) { - break; - } - } - } -#endif - if (sock == -2) { - continue; +if (getenv("X11VNC_DEBUG_TLSPLAIN")) fprintf(stderr, "*Plain: %d %d '%s' ... \n", unlen, pwlen, un); + strcat(pw, "\n"); + + if (unixpw_verify(un, pw)) { + security_result = 0; /* success */ + if (write_exact(client->sock, (char *) &security_result, 4)) { + ret = 1; + unixpw_verify_screen(un, pw); } + client->onHold = FALSE; + client->state = RFB_INITIALISATION; } - helpers[i] = 0; - sockets[i] = -1; + if (ret == 0) { + rfbClientSendString(client, "unixpw failed"); + } + + memset(un, 0, unlen+1); + memset(pw, 0, pwlen+2); + free(un); + free(pw); } - return; + } else { + rfbLog("finish_auth: unknown sub-type: %s\n", type); + ret = 0; } -if (db) fprintf(stderr, "ssl_helper_pid(%d, %d)\n", pid, sock); + fail: + return ret; +} - /* add (or delete for sock == -1) */ - set = 0; - empty = -1; - for (i=0; i < HPSIZE; i++) { - if (helpers[i] == pid) { - if (sock == -1) { -#if LIBVNCSERVER_HAVE_SYS_WAIT_H && LIBVNCSERVER_HAVE_WAITPID - pid_t wret; - wret = waitpid(helpers[i], &status, WNOHANG); +static int finish_vencrypt_auth(rfbClientPtr client, int subtype) { -if (db) fprintf(stderr, "waitpid(%d) 2\n", helpers[i]); -if (db) fprintf(stderr, " waitret1=%d\n", wret); -#endif - helpers[i] = 0; - } - sockets[i] = sock; - set = 1; - } else if (empty == -1 && helpers[i] == 0) { - empty = i; - } - } - if (set || sock == -1) { - return; /* done */ + if (subtype == rfbVencryptTlsNone || subtype == rfbVencryptX509None) { + return finish_auth(client, "None"); + } else if (subtype == rfbVencryptTlsVnc || subtype == rfbVencryptX509Vnc) { + return finish_auth(client, "Vnc"); + } else if (subtype == rfbVencryptTlsPlain || subtype == rfbVencryptX509Plain) { + return finish_auth(client, "Plain"); + } else { + rfbLog("finish_vencrypt_auth: unknown sub-type: %d\n", subtype); + return 0; } +} - /* now try to store */ - if (empty >= 0) { - helpers[empty] = pid; - sockets[empty] = sock; - return; - } - for (i=0; i < HPSIZE; i++) { - if (helpers[i] == 0) { - continue; - } - /* clear out stale pids: */ - if (kill(helpers[i], 0) != 0) { - helpers[i] = 0; - sockets[i] = -1; - - if (empty == -1) { - empty = i; - } - } + +static int add_anon_dh(void) { + pid_t pid, pidw; + char cnf[] = "/tmp/x11vnc-dh.XXXXXX"; + char *infile = NULL; + int status, cnf_fd; + DH *dh; + BIO *bio; + FILE *in; + double ds; + /* + * These are dh parameters (prime, generator), not dh keys. + * Evidently it is ok for them to be publicly known. + * openssl dhparam -out dh.out 1024 + */ + char *fixed_dh_params = +"-----BEGIN DH PARAMETERS-----\n" +"MIGHAoGBAL28w69ZnLYBvp8R2OeqtAIms+oatY19iBL4WhGI/7H1OMmkJjIe+OHs\n" +"PXoJfe5ucrnvno7Xm+HJZYa1jnPGQuWoa/VJKXdVjYdJVNzazJKM2daKKcQA4GDc\n" +"msFS5DxLbzUR5jy1n12K3EcbvpyFqDYVTJJXm7NuNuiWRfz3wTozAgEC\n" +"-----END DH PARAMETERS-----\n"; + + if (dhparams_file != NULL) { + infile = dhparams_file; + rfbLog("add_anon_dh: using %s\n", dhparams_file); + goto readin; } - if (empty >= 0) { - helpers[empty] = pid; - sockets[empty] = sock; + + cnf_fd = mkstemp(cnf); + if (cnf_fd < 0) { + return 0; } -} + infile = cnf; -static int is_ssl_readable(int s_in, double last_https, char *last_get, - int mode) { - int nfd, db = 0; - struct timeval tv; - fd_set rd; + if (create_fresh_dhparams) { - if (getenv("ACCEPT_OPENSSL_DEBUG")) { - db = atoi(getenv("ACCEPT_OPENSSL_DEBUG")); - } + if (new_dh_params != NULL) { + write(cnf_fd, new_dh_params, strlen(new_dh_params)); + close(cnf_fd); + } else { + char *exe = find_openssl_bin(); + struct stat sbuf; - /* - * we'll do a select() on s_in for reading. this is not an - * absolute proof that SSL_read is ready (XXX use SSL utility). - */ - tv.tv_sec = 2; - tv.tv_usec = 0; + if (no_external_cmds || !cmd_ok("ssl")) { + rfbLog("add_anon_dh: cannot run external commands.\n"); + return 0; + } - if (mode == OPENSSL_INETD) { - /* - * https via inetd is icky because x11vnc is restarted - * for each socket (and some clients send requests - * rapid fire). - */ - tv.tv_sec = 6; - } + close(cnf_fd); + if (exe == NULL) { + return 0; + } + ds = dnow(); + pid = fork(); + if (pid < 0) { + return 0; + } else if (pid == 0) { + int i; + for (i=0; i<256; i++) { + if (i == 2) continue; + close(i); + } + /* rather slow at 1024 */ + execlp(exe, exe, "dhparam", "-out", cnf, "1024", (char *)0); + exit(1); + } + pidw = waitpid(pid, &status, 0); + if (pidw != pid) { + return 0; + } + if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { + ; + } else { + return 0; + } + rfbLog("add_anon_dh: created new DH params in %.3f secs\n", dnow() - ds); - /* - * increase the timeout if we know HTTP traffic has occurred - * recently: - */ - if (dnow() < last_https + 30.0) { - tv.tv_sec = 10; - if (last_get && strstr(last_get, "VncViewer")) { - tv.tv_sec = 5; + if (stat(cnf, &sbuf) == 0 && sbuf.st_size > 0) { + /* save it to reuse during our process's lifetime: */ + int d = open(cnf, O_RDONLY); + if (d >= 0) { + int n, len = sbuf.st_size; + new_dh_params = (char *) calloc(len+1, 1); + n = read(d, new_dh_params, len); + close(d); + if (n != len) { + free(new_dh_params); + new_dh_params = NULL; + } else if (dhret != NULL) { + d = open(dhret, O_WRONLY); + if (d >= 0) { + write(d, new_dh_params, strlen(new_dh_params)); + close(d); + } + } + } + } } + } else { + write(cnf_fd, fixed_dh_params, strlen(fixed_dh_params)); + close(cnf_fd); } - if (getenv("X11VNC_HTTPS_VS_VNC_TIMEOUT")) { - tv.tv_sec = atoi(getenv("X11VNC_HTTPS_VS_VNC_TIMEOUT")); - } -if (db) fprintf(stderr, "tv_sec: %d - %s\n", (int) tv.tv_sec, last_get); - FD_ZERO(&rd); - FD_SET(s_in, &rd); - - do { - nfd = select(s_in+1, &rd, NULL, NULL, &tv); - } while (nfd < 0 && errno == EINTR); + readin: - if (db) fprintf(stderr, "https nfd: %d\n", nfd); + ds = dnow(); + in = fopen(infile, "r"); - if (nfd <= 0 || ! FD_ISSET(s_in, &rd)) { + if (in == NULL) { + rfbLogPerror("fopen"); + unlink(cnf); return 0; } - return 1; -} - -#define ABSIZE 16384 -static int watch_for_http_traffic(char *buf_a, int *n_a, int raw_sock) { - int is_http, err, n, n2; - char *buf; - int db = 0; - /* - * sniff the first couple bytes of the stream and try to see - * if it is http or not. if we read them OK, we must read the - * rest of the available data otherwise we may deadlock. - * what has been read is returned in buf_a and n_a. - * *buf_a is ABSIZE+1 long and zeroed. - */ - if (getenv("ACCEPT_OPENSSL_DEBUG")) { - db = atoi(getenv("ACCEPT_OPENSSL_DEBUG")); + bio = BIO_new_fp(in, BIO_CLOSE|BIO_FP_TEXT); + if (! bio) { + rfbLog("openssl_init: BIO_new_fp() failed.\n"); + unlink(cnf); + return 0; } - if (! buf_a || ! n_a) { + dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); + if (dh == NULL) { + rfbLog("openssl_init: PEM_read_bio_DHparams() failed.\n"); + unlink(cnf); + BIO_free(bio); return 0; } + BIO_free(bio); + SSL_CTX_set_tmp_dh(ctx, dh); + rfbLog("loaded Diffie Hellman %d bits, %.3fs\n", 8*DH_size(dh), dnow()-ds); + DH_free(dh); - buf = (char *) calloc((ABSIZE+1), 1); - *n_a = 0; + unlink(cnf); + return 1; +} - if (enc_str && !strcmp(enc_str, "none")) { - n = read(raw_sock, buf, 2); - err = SSL_ERROR_NONE; +static int switch_to_anon_dh(void) { + long mode; + + rfbLog("Using Anonymous Diffie-Hellman mode.\n"); + rfbLog("WARNING: Anonymous Diffie-Hellman uses encryption but is\n"); + rfbLog("WARNING: susceptible to a Man-In-The-Middle attack.\n"); + if (ssl_client_mode) { + ctx = SSL_CTX_new( SSLv23_client_method() ); } else { - n = SSL_read(ssl, buf, 2); - err = SSL_get_error(ssl, n); + ctx = SSL_CTX_new( SSLv23_server_method() ); } - - if (err != SSL_ERROR_NONE || n < 2) { - if (n > 0) { - strncpy(buf_a, buf, n); - *n_a = n; - } - if (db) fprintf(stderr, "watch_for_http_traffic ssl err: %d/%d\n", err, n); - return -1; + if (ctx == NULL) { + return 0; } - - /* look for GET, HEAD, POST, CONNECT */ - is_http = 0; - if (!strncmp("GE", buf, 2)) { - is_http = 1; - } else if (!strncmp("HE", buf, 2)) { - is_http = 1; - } else if (!strncmp("PO", buf, 2)) { - is_http = 1; - } else if (!strncmp("CO", buf, 2)) { - is_http = 1; + if (ssl_client_mode) { + return 1; } - if (db) fprintf(stderr, "watch_for_http_traffic read: '%s' %d\n", buf, n); - - /* - * better read all we can and fwd it along to avoid blocking - * in ssl_xfer(). - */ - - if (enc_str && !strcmp(enc_str, "none")) { - n2 = read(raw_sock, buf + n, ABSIZE - n); - } else { - n2 = SSL_read(ssl, buf + n, ABSIZE - n); + if (!SSL_CTX_set_cipher_list(ctx, "ADH:@STRENGTH")) { + return 0; } - if (n2 >= 0) { - n += n2; + if (!add_anon_dh()) { + return 0; } - *n_a = n; + mode = 0; + mode |= SSL_MODE_ENABLE_PARTIAL_WRITE; + mode |= SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER; + SSL_CTX_set_mode(ctx, mode); - if (db) fprintf(stderr, "watch_for_http_traffic readmore: %d\n", n2); + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH); + SSL_CTX_set_timeout(ctx, 300); + SSL_CTX_set_default_passwd_cb(ctx, pem_passwd_callback); + SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); - if (n > 0) { - memcpy(buf_a, buf, n); - } - if (db > 1) { - fprintf(stderr, "watch_for_http_traffic readmore: "); - write(2, buf_a, *n_a); - fprintf(stderr, "\n"); - } - if (db) fprintf(stderr, "watch_for_http_traffic return: %d\n", is_http); - return is_http; -} - -static int csock_timeout_sock = -1; - -static void csock_timeout (int sig) { - rfbLog("sig: %d, csock_timeout.\n", sig); - if (csock_timeout_sock >= 0) { - close(csock_timeout_sock); - csock_timeout_sock = -1; - } + return 1; } -#define PROXY_HACK 0 -#if PROXY_HACK +static int anontls_dialog(int s_in, int s_out) { -static int wait_conn(int sock) { - int conn; - struct sockaddr_in addr; -#ifdef __hpux - int addrlen = sizeof(addr); -#else - socklen_t addrlen = sizeof(addr); -#endif + if (s_in || s_out) {} + anontls_selected = 1; - signal(SIGALRM, csock_timeout); - csock_timeout_sock = sock; - - alarm(15); - conn = accept(sock, (struct sockaddr *)&addr, &addrlen); - alarm(0); + if (!switch_to_anon_dh()) { + rfbLog("anontls: Anonymous Diffie-Hellman failed.\n"); + return 0; + } - signal(SIGALRM, SIG_DFL); - return conn; + /* continue with SSL/TLS */ + return 1; } -/* no longer used */ +/* + * Using spec: + * http://www.mail-archive.com/qemu-devel@nongnu.org/msg08681.html + */ +static int vencrypt_dialog(int s_in, int s_out) { + char buf[256], buf2[256]; + int subtypes[16]; + int n, i, ival, ok, nsubtypes = 0; -int proxy_hack(int vncsock, int listen, int s_in, int s_out, char *cookie, - int mode) { - int sock1, db = 0; - char reply[] = "HTTP/1.1 200 OK\r\n" - "Content-Type: octet-stream\r\n" - "Pragma: no-cache\r\n\r\n"; - char reply0[] = "HTTP/1.0 200 OK\r\n" - "Content-Type: octet-stream\r\n" - "Content-Length: 9\r\n" - "Pragma: no-cache\r\n\r\nGO_AHEAD\n"; + vencrypt_selected = 0; - rfbLog("SSL: accept_openssl: detected https proxied connection" - " request.\n"); + /* send version 0.2 */ + buf[0] = 0; + buf[1] = 2; - if (getenv("ACCEPT_OPENSSL_DEBUG")) { - db = atoi(getenv("ACCEPT_OPENSSL_DEBUG")); + if (!write_exact(s_out, buf, 2)) { + close(s_in); close(s_out); + return 0; } - SSL_write(ssl, reply0, strlen(reply0)); - SSL_shutdown(ssl); - SSL_shutdown(ssl); - close(s_in); - close(s_out); - SSL_free(ssl); - - if (mode == OPENSSL_VNC) { - listen = openssl_sock; - } else if (mode == OPENSSL_HTTPS) { - listen = https_sock; - } else { - /* inetd */ + /* read client version 0.2 */ + memset(buf, 0, sizeof(buf)); + if (!read_exact(s_in, buf, 2)) { + close(s_in); close(s_out); return 0; } + rfbLog("vencrypt: received %d.%d client version.\n", (int) buf[0], (int) buf[1]); - sock1 = wait_conn(listen); - - if (csock_timeout_sock < 0 || sock1 < 0) { - close(sock1); + /* close 0.0 */ + if (buf[0] == 0 && buf[1] == 0) { + rfbLog("vencrypt: received 0.0 version, closing connection.\n"); + close(s_in); close(s_out); return 0; } -if (db) fprintf(stderr, "got applet input sock1: %d\n", sock1); + /* accept only 0.2 */ + if (buf[0] != 0 || buf[1] != 2) { + rfbLog("vencrypt: unsupported VeNCrypt version, closing connection.\n"); + buf[0] = (char) 255; + write_exact(s_out, buf, 1); + close(s_in); close(s_out); + return 0; + } - if (! ssl_init(sock1, sock1, 0, 0.0)) { -if (db) fprintf(stderr, "ssl_init FAILED\n"); - exit(1); + /* tell them OK */ + buf[0] = 0; + if (!write_exact(s_out, buf, 1)) { + close(s_in); close(s_out); + return 0; } - SSL_write(ssl, reply, strlen(reply)); + if (getenv("X11VNC_ENABLE_VENCRYPT_PLAIN_LOGIN")) { + vencrypt_enable_plain_login = atoi(getenv("X11VNC_ENABLE_VENCRYPT_PLAIN_LOGIN")); + } - { - char *buf; - int n = 0, ptr = 0; - - buf = (char *) calloc((8192+1), 1); - while (ptr < 8192) { - n = SSL_read(ssl, buf + ptr, 8192 - ptr); - if (n > 0) { - ptr += n; + /* load our list of sub-types: */ + n = 0; + if (!ssl_verify && vencrypt_kx != VENCRYPT_NODH) { + if (screen->authPasswdData != NULL) { + subtypes[n++] = rfbVencryptTlsVnc; + } else { + if (vencrypt_enable_plain_login && unixpw) { + subtypes[n++] = rfbVencryptTlsPlain; + } else { + subtypes[n++] = rfbVencryptTlsNone; } -if (db) fprintf(stderr, "buf: '%s'\n", buf); - if (strstr(buf, "\r\n\r\n")) { - break; + } + } + if (vencrypt_kx != VENCRYPT_NOX509) { + if (screen->authPasswdData != NULL) { + subtypes[n++] = rfbVencryptX509Vnc; + } else { + if (vencrypt_enable_plain_login && unixpw) { + subtypes[n++] = rfbVencryptX509Plain; + } else { + subtypes[n++] = rfbVencryptX509None; } } } - if (cookie) { - write(vncsock, cookie, strlen(cookie)); + nsubtypes = n; + for (i = 0; i < nsubtypes; i++) { + ((uint32_t *)buf)[i] = Swap32IfLE(subtypes[i]); } - ssl_xfer(vncsock, sock1, sock1, 0); - return 1; -} -#endif /* PROXY_HACK */ + /* send number first: */ + buf2[0] = (char) nsubtypes; + if (!write_exact(s_out, buf2, 1)) { + close(s_in); close(s_out); + return 0; + } + /* and now the list: */ + if (!write_exact(s_out, buf, 4*n)) { + close(s_in); close(s_out); + return 0; + } -static int check_ssl_access(char *addr) { - static char *save_allow_once = NULL; - static time_t time_allow_once = 0; + /* read client's selection: */ + if (!read_exact(s_in, (char *)&ival, 4)) { + close(s_in); close(s_out); + return 0; + } + ival = Swap32IfLE(ival); - /* due to "Fetch Cert" activities for SSL really need to "allow twice" */ - if (allow_once != NULL) { - save_allow_once = strdup(allow_once); - time_allow_once = time(NULL); - } else if (save_allow_once != NULL) { - if (getenv("X11VNC_NO_SSL_ALLOW_TWICE")) { - ; - } else if (time(NULL) < time_allow_once + 30) { - /* give them 30 secs to check and save the fetched cert. */ - allow_once = save_allow_once; - rfbLog("SSL: Permitting 30 sec grace period for allowonce.\n"); - rfbLog("SSL: Set X11VNC_NO_SSL_ALLOW_TWICE=1 to disable.\n"); + /* zero means no dice: */ + if (ival == 0) { + rfbLog("vencrypt: client selected no sub-type, closing connection.\n"); + close(s_in); close(s_out); + return 0; + } + + /* check if he selected a valid one: */ + ok = 0; + for (i = 0; i < nsubtypes; i++) { + if (ival == subtypes[i]) { + ok = 1; } - save_allow_once = NULL; - time_allow_once = 0; } - return check_access(addr); -} + if (!ok) { + rfbLog("vencrypt: client selected invalid sub-type: %d\n", ival); + close(s_in); close(s_out); + return 0; + } else { + char *st = "unknown!!"; + if (ival == rfbVencryptTlsNone) st = "rfbVencryptTlsNone"; + if (ival == rfbVencryptTlsVnc) st = "rfbVencryptTlsVnc"; + if (ival == rfbVencryptTlsPlain) st = "rfbVencryptTlsPlain"; + if (ival == rfbVencryptX509None) st = "rfbVencryptX509None"; + if (ival == rfbVencryptX509Vnc) st = "rfbVencryptX509Vnc"; + if (ival == rfbVencryptX509Plain) st = "rfbVencryptX509Plain"; + rfbLog("vencrypt: client selected sub-type: %d (%s)\n", ival, st); + } -static int write_exact(int sock, char *buf, int len); -static int read_exact(int sock, char *buf, int len); + vencrypt_selected = ival; -/* XXX not in rfb.h: */ -void rfbClientSendString(rfbClientPtr cl, char *reason); + /* not documented in spec, send OK: */ + buf[0] = 1; + if (!write_exact(s_out, buf, 1)) { + close(s_in); close(s_out); + return 0; + } -static int finish_auth(rfbClientPtr client, char *type) { - int security_result, ret; + if (vencrypt_selected == rfbVencryptTlsNone || + vencrypt_selected == rfbVencryptTlsVnc || + vencrypt_selected == rfbVencryptTlsPlain) { + /* these modes are Anonymous Diffie-Hellman */ + if (!switch_to_anon_dh()) { + rfbLog("vencrypt: Anonymous Diffie-Hellman failed.\n"); + return 0; + } + } - ret = 0; + /* continue with SSL/TLS */ + return 1; +} -if (getenv("X11VNC_DEBUG_TLSPLAIN")) fprintf(stderr, "finish_auth type=%s\n", type); +static int check_vnc_tls_mode(int s_in, int s_out, double last_https) { + double waited = 0.0, waitmax = 1.4, dt = 0.01, start = dnow(); + struct timeval tv; + int input = 0, i, n, ok; + int major, minor, sectype = -1; + char *proto = "RFB 003.008\n"; + char *stype = "unknown"; + char buf[256]; + + vencrypt_selected = 0; + anontls_selected = 0; - if (!strcmp(type, "None")) { - security_result = 0; /* success */ - if (write_exact(client->sock, (char *) &security_result, 4)) { - ret = 1; + if (vencrypt_mode == VENCRYPT_NONE && anontls_mode == ANONTLS_NONE) { + /* only normal SSL */ + return 1; + } + if (ssl_client_mode) { + if (vencrypt_mode == VENCRYPT_FORCE || anontls_mode == ANONTLS_FORCE) { + rfbLog("check_vnc_tls_mode: VENCRYPT_FORCE/ANONTLS_FORCE in client\n"); + rfbLog("check_vnc_tls_mode: connect mode.\n"); + /* this is OK, continue on below for dialog. */ + } else { + /* otherwise we must assume normal SSL (we send client hello) */ + return 1; } - rfbLog("finish_auth: using auth 'None'\n"); - client->state = RFB_INITIALISATION; + } + if (ssl_verify && vencrypt_mode != VENCRYPT_FORCE && anontls_mode == ANONTLS_FORCE) { + rfbLog("check_vnc_tls_mode: Cannot use ANONTLS_FORCE with -sslverify (Anon DH only)\n"); + /* fallback to normal SSL */ + return 1; + } - } else if (!strcmp(type, "Vnc")) { - RAND_bytes(client->authChallenge, CHALLENGESIZE); - if (write_exact(client->sock, (char *) &client->authChallenge, CHALLENGESIZE)) { - ret = 1; + if (last_https > 0.0) { + double now = dnow(); + if (now < last_https + 5.0) { + waitmax = 20.0; + } else if (now < last_https + 15.0) { + waitmax = 10.0; + } else if (now < last_https + 30.0) { + waitmax = 5.0; + } else if (now < last_https + 60.0) { + waitmax = 2.5; } - rfbLog("finish_auth: using auth 'Vnc', sent challenge.\n"); - client->state = RFB_AUTHENTICATION; - - } else if (!strcmp(type, "Plain")) { - if (!unixpw) { - rfbLog("finish_auth: *Plain not allowed outside unixpw mode.\n"); - ret = 0; - } else { - char *un, *pw; - int unlen, pwlen; + } -if (getenv("X11VNC_DEBUG_TLSPLAIN")) fprintf(stderr, "*Plain begin: onHold=%d client=%p unixpw_client=%p\n", client->onHold, (void *) client, (void *) unixpw_client); + while (waited < waitmax) { + fd_set rfds; + FD_ZERO(&rfds); + FD_SET(s_in, &rfds); + tv.tv_sec = 0; + tv.tv_usec = 0; + select(s_in+1, &rfds, NULL, NULL, &tv); + if (FD_ISSET(s_in, &rfds)) { + input = 1; + break; + } + usleep((int) (1000 * 1000 * dt)); + waited += dt; + } + rfbLog("check_vnc_tls_mode: waited: %f / %.2f input: %s\n", + dnow() - start, waitmax, input ? "SSL Handshake" : "(future) RFB Handshake"); - if (!read_exact(client->sock, (char *)&unlen, 4)) goto fail; - unlen = Swap32IfLE(unlen); + if (input) { + /* got SSL client hello, can only assume normal SSL */ + if (vencrypt_mode == VENCRYPT_FORCE || anontls_mode == ANONTLS_FORCE) { + rfbLog("check_vnc_tls_mode: VENCRYPT_FORCE/ANONTLS_FORCE prevents normal SSL\n"); + return 0; + } + return 1; + } -if (getenv("X11VNC_DEBUG_TLSPLAIN")) fprintf(stderr, "unlen: %d\n", unlen); + /* send RFB 003.008 -- there is no turning back from this point... */ + if (!write_exact(s_out, proto, strlen(proto))) { + close(s_in); close(s_out); + return 0; + } - if (!read_exact(client->sock, (char *)&pwlen, 4)) goto fail; - pwlen = Swap32IfLE(pwlen); + memset(buf, 0, sizeof(buf)); + if (!read_exact(s_in, buf, 12)) { + close(s_in); close(s_out); + return 0; + } -if (getenv("X11VNC_DEBUG_TLSPLAIN")) fprintf(stderr, "pwlen: %d\n", pwlen); + if (sscanf(buf, "RFB %03d.%03d\n", &major, &minor) != 2) { + int i; + rfbLog("check_vnc_tls_mode: abnormal handshake: '%s'\nbytes: ", buf); + for (i=0; i < 12; i++) { + fprintf(stderr, "%d.", (unsigned char) buf[i]); + } + fprintf(stderr, "\n"); + close(s_in); close(s_out); + return 0; + } + rfbLog("check_vnc_tls_mode: version: %d.%d\n", major, minor); + if (major != 3 || minor < 8) { + rfbLog("check_vnc_tls_mode: invalid version: '%s'\n", buf); + close(s_in); close(s_out); + return 0; + } - un = (char *) malloc(unlen+1); - memset(un, 0, unlen+1); + n = 1; + if (vencrypt_mode == VENCRYPT_FORCE) { + buf[n++] = rfbSecTypeVencrypt; + } else if (anontls_mode == ANONTLS_FORCE && !ssl_verify) { + buf[n++] = rfbSecTypeAnonTls; + } else if (vencrypt_mode == VENCRYPT_SOLE) { + buf[n++] = rfbSecTypeVencrypt; + } else if (anontls_mode == ANONTLS_SOLE && !ssl_verify) { + buf[n++] = rfbSecTypeAnonTls; + } else { + if (vencrypt_mode == VENCRYPT_SUPPORT) { + buf[n++] = rfbSecTypeVencrypt; + } + if (anontls_mode == ANONTLS_SUPPORT && !ssl_verify) { + buf[n++] = rfbSecTypeAnonTls; + } + } - pw = (char *) malloc(pwlen+2); - memset(pw, 0, pwlen+2); + n--; + buf[0] = (char) n; + if (!write_exact(s_out, buf, n+1)) { + close(s_in); close(s_out); + return 0; + } + if (0) fprintf(stderr, "wrote[%d] %d %d %d\n", n, buf[0], buf[1], buf[2]); - if (!read_exact(client->sock, un, unlen)) goto fail; - if (!read_exact(client->sock, pw, pwlen)) goto fail; + buf[0] = 0; + if (!read_exact(s_in, buf, 1)) { + close(s_in); close(s_out); + return 0; + } -if (getenv("X11VNC_DEBUG_TLSPLAIN")) fprintf(stderr, "*Plain: %d %d '%s' ... \n", unlen, pwlen, un); - strcat(pw, "\n"); + if (buf[0] == rfbSecTypeVencrypt) stype = "VeNCrypt"; + if (buf[0] == rfbSecTypeAnonTls) stype = "ANONTLS"; - if (unixpw_verify(un, pw)) { - security_result = 0; /* success */ - if (write_exact(client->sock, (char *) &security_result, 4)) { - ret = 1; - unixpw_verify_screen(un, pw); - } - client->onHold = FALSE; - client->state = RFB_INITIALISATION; - } - if (ret == 0) { - rfbClientSendString(client, "unixpw failed"); - } + rfbLog("check_vnc_tls_mode: reply: %d (%s)\n", (int) buf[0], stype); - memset(un, 0, unlen+1); - memset(pw, 0, pwlen+2); - free(un); - free(pw); + ok = 0; + for (i=1; i < n+1; i++) { + if (buf[0] == buf[i]) { + ok = 1; } - } else { - rfbLog("finish_auth: unknown sub-type: %s\n", type); - ret = 0; + } + if (!ok) { + char *msg = "check_vnc_tls_mode: invalid security-type"; + int len = strlen(msg); + rfbLog("%s: %d\n", msg, (int) buf[0]); + ((uint32_t *)buf)[0] = Swap32IfLE(len); + write_exact(s_out, buf, 4); + write_exact(s_out, msg, strlen(msg)); + close(s_in); close(s_out); + return 0; } - fail: - return ret; + sectype = (int) buf[0]; + + if (sectype == rfbSecTypeVencrypt) { + return vencrypt_dialog(s_in, s_out); + } else if (sectype == rfbSecTypeAnonTls) { + return anontls_dialog(s_in, s_out); + } else { + return 0; + } } -static int finish_vencrypt_auth(rfbClientPtr client, int subtype) { +static void pr_ssl_info(int verb) { + SSL_CIPHER *c; + SSL_SESSION *s; + char *proto = "unknown"; - if (subtype == rfbVencryptTlsNone || subtype == rfbVencryptX509None) { - return finish_auth(client, "None"); - } else if (subtype == rfbVencryptTlsVnc || subtype == rfbVencryptX509Vnc) { - return finish_auth(client, "Vnc"); - } else if (subtype == rfbVencryptTlsPlain || subtype == rfbVencryptX509Plain) { - return finish_auth(client, "Plain"); + if (verb) {} + + if (ssl == NULL) { + return; + } + c = SSL_get_current_cipher(ssl); + s = SSL_get_session(ssl); + + if (s == NULL) { + proto = "nosession"; + } else if (s->ssl_version == SSL2_VERSION) { + proto = "SSLv2"; + } else if (s->ssl_version == SSL3_VERSION) { + proto = "SSLv3"; + } else if (s->ssl_version == TLS1_VERSION) { + proto = "TLSv1"; + } + if (c != NULL) { + rfbLog("SSL: ssl_helper[%d]: Cipher: %s %s Proto: %s\n", getpid(), + SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c), proto); } else { - rfbLog("finish_vencrypt_auth: unknown sub-type: %d\n", subtype); - return 0; + rfbLog("SSL: ssl_helper[%d]: Proto: %s\n", getpid(), + proto); } } +static void ssl_timeout (int sig) { + int i; + rfbLog("sig: %d, ssl_init[%d] timed out.\n", sig, getpid()); + for (i=0; i < 256; i++) { + close(i); + } + exit(1); +} -void accept_openssl(int mode, int presock) { - int sock = -1, listen = -1, cport, csock, vsock; +static int ssl_init(int s_in, int s_out, int skip_vnc_tls, double last_https) { + unsigned char *sid = (unsigned char *) "x11vnc SID"; + char *name = NULL; int peerport = 0; - int status, n, i, db = 0; - struct sockaddr_in addr; -#ifdef __hpux - int addrlen = sizeof(addr); -#else - socklen_t addrlen = sizeof(addr); -#endif - rfbClientPtr client; - pid_t pid; - char uniq[] = "_evilrats_"; - char cookie[256], rcookie[256], *name = NULL; - int vencrypt_sel = 0; - int anontls_sel = 0; - static double last_https = 0.0; - static char last_get[256]; - static int first = 1; - unsigned char *rb; + int db = 0, rc, err; + int ssock = s_in; + double start = dnow(); + int timeout = 20; - openssl_last_helper_pid = 0; + if (enc_str != NULL) { + return 1; + } + if (getenv("SSL_DEBUG")) { + db = atoi(getenv("SSL_DEBUG")); + } + if (getenv("SSL_INIT_TIMEOUT")) { + timeout = atoi(getenv("SSL_INIT_TIMEOUT")); + } + if (db) fprintf(stderr, "ssl_init: %d/%d\n", s_in, s_out); - /* zero buffers for use below. */ - for (i=0; i<256; i++) { - if (first) { - last_get[i] = '\0'; - } - cookie[i] = '\0'; - rcookie[i] = '\0'; + if (skip_vnc_tls) { + rfbLog("SSL: ssl_helper[%d]: HTTPS mode, skipping check_vnc_tls_mode()\n", + getpid()); + } else if (!check_vnc_tls_mode(s_in, s_out, last_https)) { + return 0; } - first = 0; - if (getenv("ACCEPT_OPENSSL_DEBUG")) { - db = atoi(getenv("ACCEPT_OPENSSL_DEBUG")); + ssl = SSL_new(ctx); + if (ssl == NULL) { + fprintf(stderr, "SSL_new failed\n"); + return 0; } + if (db > 1) fprintf(stderr, "ssl_init: 1\n"); - /* do INETD, VNC, or HTTPS cases (result is client socket or pipe) */ - if (mode == OPENSSL_INETD) { - ssl_initialized = 1; + SSL_set_session_id_context(ssl, sid, strlen((char *)sid)); - } else if (mode == OPENSSL_VNC) { - sock = accept(openssl_sock, (struct sockaddr *)&addr, &addrlen); - if (sock < 0) { - rfbLog("SSL: accept_openssl: accept connection failed\n"); - rfbLogPerror("accept"); - if (ssl_no_fail) { - clean_up_exit(1); - } - return; + if (s_in == s_out) { + if (! SSL_set_fd(ssl, ssock)) { + fprintf(stderr, "SSL_set_fd failed\n"); + return 0; } - listen = openssl_sock; - - } else if (mode == OPENSSL_REVERSE) { - sock = presock; - if (sock < 0) { - rfbLog("SSL: accept_openssl: connection failed\n"); - if (ssl_no_fail) { - clean_up_exit(1); - } - return; + } else { + if (! SSL_set_rfd(ssl, s_in)) { + fprintf(stderr, "SSL_set_rfd failed\n"); + return 0; } - listen = -1; - - } else if (mode == OPENSSL_HTTPS) { - sock = accept(https_sock, (struct sockaddr *)&addr, &addrlen); - if (sock < 0) { - rfbLog("SSL: accept_openssl: accept connection failed\n"); - rfbLogPerror("accept"); - if (ssl_no_fail) { - clean_up_exit(1); - } - return; + if (! SSL_set_wfd(ssl, s_out)) { + fprintf(stderr, "SSL_set_wfd failed\n"); + return 0; } - listen = https_sock; } - if (db) fprintf(stderr, "SSL: accept_openssl: sock: %d\n", sock); + if (db > 1) fprintf(stderr, "ssl_init: 2\n"); - if (openssl_last_ip) { - free(openssl_last_ip); - openssl_last_ip = NULL; - } - if (mode == OPENSSL_INETD) { - openssl_last_ip = get_remote_host(fileno(stdin)); + if (ssl_client_mode) { + SSL_set_connect_state(ssl); } else { - openssl_last_ip = get_remote_host(sock); - } - - if (!check_ssl_access(openssl_last_ip)) { - rfbLog("SSL: accept_openssl: denying client %s\n", openssl_last_ip); - rfbLog("SSL: accept_openssl: does not match -allow (or other reason).\n"); - close(sock); - sock = -1; - if (ssl_no_fail) { - clean_up_exit(1); - } - return; + SSL_set_accept_state(ssl); } - /* now make a listening socket for child to connect back to us by: */ - - cport = find_free_port(20000, 0); - if (! cport) { - rfbLog("SSL: accept_openssl: could not find open port.\n"); - close(sock); - if (mode == OPENSSL_INETD || ssl_no_fail) { - clean_up_exit(1); - } - return; - } - if (db) fprintf(stderr, "accept_openssl: cport: %d\n", cport); + if (db > 1) fprintf(stderr, "ssl_init: 3\n"); - csock = rfbListenOnTCPPort(cport, htonl(INADDR_LOOPBACK)); + name = get_remote_host(ssock); + peerport = get_remote_port(ssock); - if (csock < 0) { - rfbLog("SSL: accept_openssl: could not listen on port %d.\n", - cport); - close(sock); - if (mode == OPENSSL_INETD || ssl_no_fail) { - clean_up_exit(1); - } - return; - } - if (db) fprintf(stderr, "accept_openssl: csock: %d\n", csock); + if (db > 1) fprintf(stderr, "ssl_init: 4\n"); - fflush(stderr); + while (1) { - /* - * make a simple cookie to id the child socket, not foolproof - * but hard to guess exactly (just worrying about local lusers - * here, since we use INADDR_LOOPBACK). - */ - rb = (unsigned char *) calloc(6, 1); - RAND_bytes(rb, 6); - sprintf(cookie, "RB=%d%d%d%d%d%d/%f%f/%p", - rb[0], rb[1], rb[2], rb[3], rb[4], rb[5], - dnow() - x11vnc_start, x11vnc_start, (void *)rb); + signal(SIGALRM, ssl_timeout); + alarm(timeout); - if (mode != OPENSSL_INETD) { - name = get_remote_host(sock); - peerport = get_remote_port(sock); - } else { - openssl_last_ip = get_remote_host(fileno(stdin)); - peerport = get_remote_port(fileno(stdin)); - if (openssl_last_ip) { - name = strdup(openssl_last_ip); + if (ssl_client_mode) { + if (db) fprintf(stderr, "calling SSL_connect...\n"); + rc = SSL_connect(ssl); } else { - name = strdup("unknown"); + if (db) fprintf(stderr, "calling SSL_accept...\n"); + rc = SSL_accept(ssl); } - } - if (name) { - if (mode == OPENSSL_INETD) { - rfbLog("SSL: (inetd) spawning helper process " - "to handle: %s:%d\n", name, peerport); + err = SSL_get_error(ssl, rc); + + alarm(0); + signal(SIGALRM, SIG_DFL); + + if (ssl_client_mode) { + if (db) fprintf(stderr, "SSL_connect %d/%d\n", rc, err); } else { - rfbLog("SSL: spawning helper process to handle: " - "%s:%d\n", name, peerport); + if (db) fprintf(stderr, "SSL_accept %d/%d\n", rc, err); } - free(name); - name = NULL; - } - - if (certret) { - free(certret); - } - if (certret_str) { - free(certret_str); - certret_str = NULL; - } - certret = strdup("/tmp/x11vnc-certret.XXXXXX"); - omode = umask(077); - certret_fd = mkstemp(certret); - umask(omode); - if (certret_fd < 0) { - free(certret); - certret = NULL; - certret_fd = -1; - } + if (err == SSL_ERROR_NONE) { + break; + } else if (err == SSL_ERROR_WANT_READ) { - if (dhret) { - free(dhret); - } - if (dhret_str) { - free(dhret_str); - dhret_str = NULL; - } - dhret = strdup("/tmp/x11vnc-dhret.XXXXXX"); - omode = umask(077); - dhret_fd = mkstemp(dhret); - umask(omode); - if (dhret_fd < 0) { - free(dhret); - dhret = NULL; - dhret_fd = -1; - } + if (db) fprintf(stderr, "got SSL_ERROR_WANT_READ\n"); + rfbLog("SSL: ssl_helper[%d]: SSL_accept() failed for: %s:%d\n", + getpid(), name, peerport); + pr_ssl_info(1); + return 0; + + } else if (err == SSL_ERROR_WANT_WRITE) { - /* now fork the child to handle the SSL: */ - pid = fork(); + if (db) fprintf(stderr, "got SSL_ERROR_WANT_WRITE\n"); + rfbLog("SSL: ssl_helper[%d]: SSL_accept() failed for: %s:%d\n", + getpid(), name, peerport); + pr_ssl_info(1); + return 0; - if (pid > 0) { - rfbLog("SSL: helper for peerport %d is pid %d: \n", - peerport, (int) pid); - } + } else if (err == SSL_ERROR_SYSCALL) { - if (pid < 0) { - rfbLog("SSL: accept_openssl: could not fork.\n"); - rfbLogPerror("fork"); - close(sock); - close(csock); - if (mode == OPENSSL_INETD || ssl_no_fail) { - clean_up_exit(1); - } - return; + if (db) fprintf(stderr, "got SSL_ERROR_SYSCALL\n"); + rfbLog("SSL: ssl_helper[%d]: SSL_accept() failed for: %s:%d\n", + getpid(), name, peerport); + pr_ssl_info(1); + return 0; - } else if (pid == 0) { - int s_in, s_out, httpsock = -1; - int vncsock; - int i, have_httpd = 0; - int f_in = fileno(stdin); - int f_out = fileno(stdout); - int skip_vnc_tls = mode == OPENSSL_HTTPS ? 1 : 0; + } else if (err == SSL_ERROR_ZERO_RETURN) { - if (db) fprintf(stderr, "helper pid in: %d %d %d %d\n", f_in, f_out, sock, listen); + if (db) fprintf(stderr, "got SSL_ERROR_ZERO_RETURN\n"); + rfbLog("SSL: ssl_helper[%d]: SSL_accept() failed for: %s:%d\n", + getpid(), name, peerport); + pr_ssl_info(1); + return 0; - /* reset all handlers to default (no interrupted() calls) */ - unset_signals(); + } else if (rc < 0) { + unsigned long err; + int cnt = 0; - /* close all non-essential fd's */ - for (i=0; i<256; i++) { - if (mode == OPENSSL_INETD) { - if (i == f_in || i == f_out) { - continue; + rfbLog("SSL: ssl_helper[%d]: SSL_accept() *FATAL: %d SSL FAILED\n", getpid(), rc); + while ((err = ERR_get_error()) != 0) { + rfbLog("SSL: %s\n", ERR_error_string(err, NULL)); + if (cnt++ > 100) { + break; } } - if (i == sock) { - continue; - } - if (i == 2) { - continue; - } - close(i); - } + pr_ssl_info(1); + return 0; - /* - * sadly, we are a long lived child and so the large - * framebuffer memory areas will soon differ from parent. - * try to free as much as possible. - */ - lose_ram(); + } else if (dnow() > start + 3.0) { - /* now connect back to parent socket: */ - vncsock = rfbConnectToTcpAddr("127.0.0.1", cport); - if (vncsock < 0) { - rfbLog("SSL: ssl_helper[%d]: could not connect" - " back to: %d\n", getpid(), cport); - rfbLog("SSL: ssl_helper[%d]: exit case 1 (no local vncsock)\n", getpid()); - exit(1); + rfbLog("SSL: ssl_helper[%d]: timeout looping SSL_accept() " + "fatal.\n", getpid()); + pr_ssl_info(1); + return 0; + + } else { + BIO *bio = SSL_get_rbio(ssl); + if (bio == NULL) { + rfbLog("SSL: ssl_helper[%d]: ssl BIO is null. " + "fatal.\n", getpid()); + pr_ssl_info(1); + return 0; + } + if (BIO_eof(bio)) { + rfbLog("SSL: ssl_helper[%d]: ssl BIO is EOF. " + "fatal.\n", getpid()); + pr_ssl_info(1); + return 0; + } } - if (db) fprintf(stderr, "vncsock %d\n", vncsock); + usleep(10 * 1000); + } - /* try to initialize SSL with the remote client */ + if (ssl_client_mode) { + rfbLog("SSL: ssl_helper[%d]: SSL_connect() succeeded for: %s:%d\n", getpid(), name, peerport); + } else { + rfbLog("SSL: ssl_helper[%d]: SSL_accept() succeeded for: %s:%d\n", getpid(), name, peerport); + } - if (mode == OPENSSL_INETD) { - s_in = fileno(stdin); - s_out = fileno(stdout); + pr_ssl_info(0); + + if (SSL_get_verify_result(ssl) == X509_V_OK) { + X509 *x; + FILE *cr = NULL; + if (certret != NULL) { + cr = fopen(certret, "w"); + } + + x = SSL_get_peer_certificate(ssl); + if (x == NULL) { + rfbLog("SSL: ssl_helper[%d]: accepted client %s x509 peer cert is null\n", getpid(), name); + if (cr != NULL) { + fprintf(cr, "NOCERT\n"); + fclose(cr); + } } else { - s_in = s_out = sock; + rfbLog("SSL: ssl_helper[%d]: accepted client %s x509 cert is:\n", getpid(), name); +#if LIBVNCSERVER_HAVE_X509_PRINT_EX_FP + X509_print_ex_fp(stderr, x, 0, XN_FLAG_MULTILINE); +#endif + if (cr != NULL) { +#if LIBVNCSERVER_HAVE_X509_PRINT_EX_FP + X509_print_ex_fp(cr, x, 0, XN_FLAG_MULTILINE); +#else + rfbLog("** not compiled with libssl X509_print_ex_fp() function **\n"); + if (users_list && strstr(users_list, "sslpeer=")) { + rfbLog("** -users sslpeer= will not work! **\n"); + } +#endif + fclose(cr); + } } + } + free(name); - if (! ssl_init(s_in, s_out, skip_vnc_tls, last_https)) { - close(vncsock); - rfbLog("SSL: ssl_helper[%d]: exit case 2 (ssl_init failed)\n", getpid()); - exit(1); - } + return 1; +} - if (vencrypt_selected != 0) { - char *tbuf; - tbuf = (char *) malloc(strlen(cookie) + 100); - sprintf(tbuf, "%s,VENCRYPT=%d,%s", uniq, vencrypt_selected, cookie); - write(vncsock, tbuf, strlen(cookie)); - goto wrote_cookie; - } else if (anontls_selected != 0) { - char *tbuf; - tbuf = (char *) malloc(strlen(cookie) + 100); - sprintf(tbuf, "%s,ANONTLS=%d,%s", uniq, anontls_selected, cookie); - write(vncsock, tbuf, strlen(cookie)); - goto wrote_cookie; - } +static void symmetric_encryption_xfer(int csock, int s_in, int s_out); - /* - * things get messy below since we are trying to do - * *both* VNC and Java applet httpd through the same - * SSL socket. - */ +static void ssl_xfer(int csock, int s_in, int s_out, int is_https) { + int dbxfer = 0, db = 0, check_pending, fdmax, nfd, n, i, err; + char cbuf[ABSIZE], sbuf[ABSIZE]; + int cptr, sptr, c_rd, c_wr, s_rd, s_wr; + fd_set rd, wr; + struct timeval tv; + int ssock, cnt = 0, ndata = 0; - if (! screen) { - close(vncsock); - exit(1); - } - if (screen->httpListenSock >= 0 && screen->httpPort > 0) { - have_httpd = 1; - } - if (screen->httpListenSock == -2) { - have_httpd = 1; - } - if (mode == OPENSSL_HTTPS && ! have_httpd) { - rfbLog("SSL: accept_openssl[%d]: no httpd socket for " - "-https mode\n", getpid()); - close(vncsock); - rfbLog("SSL: ssl_helper[%d]: exit case 3 (no httpd sock)\n", getpid()); - exit(1); - } + /* + * we want to switch to a longer timeout for long term VNC + * connections (in case the network is not working for periods of + * time), but we also want the timeout shorter at the beginning + * in case the client went away. + */ + double start, now; + int tv_https_early = 60; + int tv_https_later = 20; + int tv_vnc_early = 40; + int tv_vnc_later = 43200; /* was 300, stunnel: 43200 */ + int tv_cutover = 70; + int tv_closing = 60; + int tv_use; - if (have_httpd) { - int n = 0, is_http = 0; - int hport = screen->httpPort; - char *iface = NULL; - char *buf, *tbuf; + if (dbxfer) { + raw_xfer(csock, s_in, s_out); + return; + } + if (enc_str != NULL) { + if (!strcmp(enc_str, "none")) { + usleep(250*1000); + rfbLog("doing '-enc none' raw transfer (no encryption)\n"); + raw_xfer(csock, s_in, s_out); + } else { + symmetric_encryption_xfer(csock, s_in, s_out); + } + return; + } - buf = (char *) calloc((ABSIZE+1), 1); - tbuf = (char *) calloc((2*ABSIZE+1), 1); + if (getenv("SSL_DEBUG")) { + db = atoi(getenv("SSL_DEBUG")); + } - if (mode == OPENSSL_HTTPS) { - /* - * for this mode we know it is HTTP traffic - * so we skip trying to guess. - */ - is_http = 1; - n = 0; - goto connect_to_httpd; - } + if (db) fprintf(stderr, "ssl_xfer begin\n"); - /* - * Check if there is stuff to read from remote end - * if so it is likely a GET or HEAD. - */ - if (! is_ssl_readable(s_in, last_https, last_get, - mode)) { - goto write_cookie; - } + start = dnow(); + if (is_https) { + tv_use = tv_https_early; + } else { + tv_use = tv_vnc_early; + } - /* - * read first 2 bytes to try to guess. sadly, - * the user is often pondering a "non-verified - * cert" dialog for a long time before the GET - * is ever sent. So often we timeout here. - */ - if (db) fprintf(stderr, "watch_for_http_traffic\n"); + /* + * csock: clear text socket with libvncserver. "C" + * ssock: ssl data socket with remote vnc viewer. "S" + * + * to cover inetd mode, we have s_in and s_out, but in non-inetd + * mode they both ssock. + * + * cbuf[] is data from csock that we have read but not passed on to ssl + * sbuf[] is data from ssl that we have read but not passed on to csock + */ + for (i=0; i s_in) { + ssock = s_out; + } else { + ssock = s_in; + } - is_http = watch_for_http_traffic(buf, &n, s_in); + if (csock > ssock) { + fdmax = csock; + } else { + fdmax = ssock; + } - if (is_http < 0 || is_http == 0) { - /* - * error or http not detected, fall back - * to normal VNC socket. - */ - if (db) fprintf(stderr, "is_http err: %d n: %d\n", is_http, n); - write(vncsock, cookie, strlen(cookie)); - if (n > 0) { - write(vncsock, buf, n); - } - goto wrote_cookie; - } + c_rd = 1; /* clear text (libvncserver) socket open for reading */ + c_wr = 1; /* clear text (libvncserver) socket open for writing */ + s_rd = 1; /* ssl data (remote client) socket open for reading */ + s_wr = 1; /* ssl data (remote client) socket open for writing */ - if (db) fprintf(stderr, "is_http: %d n: %d\n", - is_http, n); - if (db) fprintf(stderr, "buf: '%s'\n", buf); + cptr = 0; /* offsets into ABSIZE buffers */ + sptr = 0; - if (strstr(buf, "/request.https.vnc.connection")) { - char reply[] = "HTTP/1.0 200 OK\r\n" - "Content-Type: octet-stream\r\n" - "Connection: Keep-Alive\r\n" - "Pragma: no-cache\r\n\r\n"; - /* - * special case proxy coming thru https - * instead of a direct SSL connection. - */ - rfbLog("Handling VNC request via https GET. [%d]\n", getpid()); - rfbLog("-- %s\n", buf); + if (vencrypt_selected > 0 || anontls_selected > 0) { + char tmp[16]; + /* read and discard the extra RFB version */ + memset(tmp, 0, sizeof(tmp)); + read(csock, tmp, 12); + if (0) fprintf(stderr, "extra: %s\n", tmp); + } - if (strstr(buf, "/reverse.proxy")) { - char *buf2; - int n, ptr; - SSL_write(ssl, reply, strlen(reply)); - - buf2 = (char *) calloc((8192+1), 1); - n = 0; - ptr = 0; - while (ptr < 8192) { - n = SSL_read(ssl, buf2 + ptr, 1); - if (n > 0) { - ptr += n; - } - if (db) fprintf(stderr, "buf2: '%s'\n", buf2); + while (1) { + int c_to_s, s_to_c, closing; - if (strstr(buf2, "\r\n\r\n")) { - break; - } - } - free(buf2); - } - goto write_cookie; + if ( s_wr && (c_rd || cptr > 0) ) { + /* + * S is writable and + * C is readable or some cbuf data remaining + */ + c_to_s = 1; + } else { + c_to_s = 0; + } - } else if (strstr(buf, "/check.https.proxy.connection")) { - char reply[] = "HTTP/1.0 200 OK\r\n" - "Connection: close\r\n" - "Content-Type: octet-stream\r\n" - "Pragma: no-cache\r\n\r\n"; + if ( c_wr && (s_rd || sptr > 0) ) { + /* + * C is writable and + * S is readable or some sbuf data remaining + */ + s_to_c = 1; + } else { + s_to_c = 0; + } - rfbLog("Handling Check HTTPS request via https GET. [%d]\n", getpid()); - rfbLog("-- %s\n", buf); + if (! c_to_s && ! s_to_c) { + /* + * nothing can be sent either direction. + * break out of the loop to finish all work. + */ + break; + } + cnt++; - SSL_write(ssl, reply, strlen(reply)); - SSL_shutdown(ssl); + /* set up the fd sets for the two sockets for read & write: */ - strcpy(tbuf, uniq); - strcat(tbuf, cookie); - write(vncsock, tbuf, strlen(tbuf)); - close(vncsock); + FD_ZERO(&rd); - rfbLog("SSL: ssl_helper[%d]: exit case 4 (check.https.proxy.connection)\n", getpid()); - exit(0); + if (c_rd && cptr < ABSIZE) { + /* we could read more from C since cbuf is not full */ + FD_SET(csock, &rd); + } + if (s_rd) { + /* + * we could read more from S since sbuf not full, + * OR ssl is waiting for more BIO to be able to + * read and we have some C data still buffered. + */ + if (sptr < ABSIZE || (cptr > 0 && SSL_want_read(ssl))) { + FD_SET(s_in, &rd); } - connect_to_httpd: + } + + FD_ZERO(&wr); + if (c_wr && sptr > 0) { + /* we could write more to C since sbuf is not empty */ + FD_SET(csock, &wr); + } + if (s_wr) { /* - * Here we go... no turning back. we have to - * send failure to parent and close socket to have - * http processed at all in a timely fashion... + * we could write more to S since cbuf not empty, + * OR ssl is waiting for more BIO to be able + * write and we haven't filled up sbuf yet. */ - - /* send the failure tag: */ - strcpy(tbuf, uniq); - - if (https_port_redir < 0 || (strstr(buf, "PORT=") || strstr(buf, "port="))) { - char *q = strstr(buf, "Host:"); - int fport = 443, match = 0; - char num[16]; - - if (q && strstr(q, "\n")) { - q += strlen("Host:") + 1; - while (*q != '\n') { - int p; - if (*q == ':' && sscanf(q, ":%d", &p) == 1) { - if (p > 0 && p < 65536) { - fport = p; - match = 1; - break; - } - } - q++; - } - } - if (!match || !https_port_redir) { - int p; - if (sscanf(buf, "PORT=%d,", &p) == 1) { - if (p > 0 && p < 65536) { - fport = p; - } - } else if (sscanf(buf, "port=%d,", &p) == 1) { - if (p > 0 && p < 65536) { - fport = p; - } - } - } - sprintf(num, "HP=%d,", fport); - strcat(tbuf, num); + if (cptr > 0 || (sptr < ABSIZE && SSL_want_write(ssl))) { + FD_SET(s_out, &wr); } + } - if (strstr(buf, "HTTP/") != NULL) { - char *q, *str; - /* - * Also send back the GET line for heuristics. - * (last_https, get file). - */ - str = strdup(buf); - q = strstr(str, "HTTP/"); - if (q != NULL) { - *q = '\0'; - strcat(tbuf, str); - } - free(str); + now = dnow(); + if (tv_cutover && now > start + tv_cutover) { + rfbLog("SSL: ssl_xfer[%d]: tv_cutover: %d\n", getpid(), + tv_cutover); + tv_cutover = 0; + if (is_https) { + tv_use = tv_https_later; + } else { + tv_use = tv_vnc_later; } + /* try to clean out some zombies if we can. */ + ssl_helper_pid(0, -2); + } + if (ssl_timeout_secs > 0) { + tv_use = ssl_timeout_secs; + } - /* - * Also send the cookie to pad out the number of - * bytes to more than the parent wants to read. - * Since this is the failure case, it does not - * matter that we send more than strlen(cookie). - */ - strcat(tbuf, cookie); - write(vncsock, tbuf, strlen(tbuf)); + if ( (s_rd && c_rd) || cptr || sptr) { + closing = 0; + } else { + closing = 1; + tv_use = tv_closing; + } - usleep(150*1000); - if (db) fprintf(stderr, "close vncsock: %d\n", vncsock); - close(vncsock); + tv.tv_sec = tv_use; + tv.tv_usec = 0; - /* now, finally, connect to the libvncserver httpd: */ - if (screen->listenInterface == htonl(INADDR_ANY) || - screen->listenInterface == htonl(INADDR_NONE)) { - iface = "127.0.0.1"; + /* do the select, repeat if interrupted */ + do { + if (ssl_timeout_secs == 0) { + nfd = select(fdmax+1, &rd, &wr, NULL, NULL); } else { - struct in_addr in; - in.s_addr = screen->listenInterface; - iface = inet_ntoa(in); - } - if (iface == NULL || !strcmp(iface, "")) { - iface = "127.0.0.1"; + nfd = select(fdmax+1, &rd, &wr, NULL, &tv); } - if (db) fprintf(stderr, "iface: %s:%d\n", iface, hport); - usleep(150*1000); + } while (nfd < 0 && errno == EINTR); - httpsock = rfbConnectToTcpAddr(iface, hport); + if (db > 1) fprintf(stderr, "nfd: %d\n", nfd); - if (httpsock < 0) { - /* UGH, after all of that! */ - rfbLog("Could not connect to httpd socket!\n"); - rfbLog("SSL: ssl_helper[%d]: exit case 5.\n", getpid()); - exit(1); - } - if (db) fprintf(stderr, "ssl_helper[%d]: httpsock: %d %d\n", - getpid(), httpsock, n); +if (0) fprintf(stderr, "nfd[%d]: %d w/r csock: %d %d s_in: %d %d\n", getpid(), nfd, FD_ISSET(csock, &wr), FD_ISSET(csock, &rd), FD_ISSET(s_out, &wr), FD_ISSET(s_in, &rd)); - /* - * send what we read to httpd, and then connect - * the rest of the SSL session to it: - */ - if (n > 0) { - if (db) fprintf(stderr, "sending http buffer httpsock: %d\n'%s'\n", httpsock, buf); - write(httpsock, buf, n); + if (nfd < 0) { + rfbLog("SSL: ssl_xfer[%d]: select error: %d\n", getpid(), nfd); + perror("select"); + /* connection finished */ + goto done; + } + + if (nfd == 0) { + if (!closing && tv_cutover && ndata > 25000) { + static int cn = 0; + /* probably ok, early windows iconify */ + if (cn++ < 2) { + rfbLog("SSL: ssl_xfer[%d]: early time" + "out: %d\n", getpid(), ndata); + } + continue; } - ssl_xfer(httpsock, s_in, s_out, is_http); - rfbLog("SSL: ssl_helper[%d]: exit case 6 (https ssl_xfer done)\n", getpid()); - exit(0); + rfbLog("SSL: ssl_xfer[%d]: connection timedout. %d tv_use: %d\n", + getpid(), ndata, tv_use); + /* connection finished */ + goto done; } - /* - * ok, back from the above https mess, simply send the - * cookie back to the parent (who will attach us to - * libvncserver), and connect the rest of the SSL session - * to it. - */ - write_cookie: - write(vncsock, cookie, strlen(cookie)); + /* used to see if SSL_pending() should be checked: */ + check_pending = 0; +/* AUDIT */ - wrote_cookie: - ssl_xfer(vncsock, s_in, s_out, 0); + if (c_wr && FD_ISSET(csock, &wr)) { - rfbLog("SSL: ssl_helper[%d]: exit case 7 (ssl_xfer done)\n", getpid()); - exit(0); - } - /* parent here */ + /* try to write some of our sbuf to C: */ + n = write(csock, sbuf, sptr); - if (mode != OPENSSL_INETD) { - close(sock); - } - if (db) fprintf(stderr, "helper process is: %d\n", pid); + if (n < 0) { + if (errno != EINTR) { + /* connection finished */ + goto done; + } + /* proceed */ + } else if (n == 0) { + /* connection finished XXX double check */ + goto done; + } else { + /* shift over the data in sbuf by n */ + memmove(sbuf, sbuf + n, sptr - n); + if (sptr == ABSIZE) { + check_pending = 1; + } + sptr -= n; - /* accept connection from our child. */ - signal(SIGALRM, csock_timeout); - csock_timeout_sock = csock; - alarm(20); + if (! s_rd && sptr == 0) { + /* finished sending last of sbuf */ + shutdown(csock, SHUT_WR); + c_wr = 0; + } + ndata += n; + } + } - vsock = accept(csock, (struct sockaddr *)&addr, &addrlen); + if (s_wr) { + if ((cptr > 0 && FD_ISSET(s_out, &wr)) || + (SSL_want_read(ssl) && FD_ISSET(s_in, &rd))) { - alarm(0); - signal(SIGALRM, SIG_DFL); - close(csock); + /* try to write some of our cbuf to S: */ + n = SSL_write(ssl, cbuf, cptr); + err = SSL_get_error(ssl, n); - if (vsock < 0) { - rfbLog("SSL: accept_openssl: connection from ssl_helper[%d] FAILED.\n", pid); - rfbLogPerror("accept"); + if (err == SSL_ERROR_NONE) { + /* shift over the data in cbuf by n */ + memmove(cbuf, cbuf + n, cptr - n); + cptr -= n; - kill(pid, SIGTERM); - waitpid(pid, &status, WNOHANG); - if (mode == OPENSSL_INETD || ssl_no_fail) { - clean_up_exit(1); - } - if (certret_fd >= 0) { - close(certret_fd); - certret_fd = -1; - } - if (certret) { - unlink(certret); - } - if (dhret_fd >= 0) { - close(dhret_fd); - dhret_fd = -1; - } - if (dhret) { - unlink(dhret); - } - return; - } - if (db) fprintf(stderr, "accept_openssl: vsock: %d\n", vsock); + if (! c_rd && cptr == 0 && s_wr) { + /* finished sending last cbuf */ + SSL_shutdown(ssl); + s_wr = 0; + } + ndata += n; - n = read(vsock, rcookie, strlen(cookie)); - if (n < 0 && errno != 0) { - rfbLogPerror("read"); - } + } else if (err == SSL_ERROR_WANT_WRITE + || err == SSL_ERROR_WANT_READ + || err == SSL_ERROR_WANT_X509_LOOKUP) { - if (certret) { - struct stat sbuf; - sbuf.st_size = 0; - if (certret_fd >= 0 && stat(certret, &sbuf) == 0 && sbuf.st_size > 0) { - certret_str = (char *) calloc(sbuf.st_size+1, 1); - read(certret_fd, certret_str, sbuf.st_size); - close(certret_fd); - certret_fd = -1; - } - if (certret_fd >= 0) { - close(certret_fd); - certret_fd = -1; - } - unlink(certret); - if (certret_str && strstr(certret_str, "NOCERT") == certret_str) { - free(certret_str); - certret_str = NULL; - } - if (0 && certret_str) { - fprintf(stderr, "certret_str[%d]:\n%s\n", (int) sbuf.st_size, certret_str); - } - } + ; /* proceed */ - if (dhret) { - struct stat sbuf; - sbuf.st_size = 0; - if (dhret_fd >= 0 && stat(dhret, &sbuf) == 0 && sbuf.st_size > 0) { - dhret_str = (char *) calloc(sbuf.st_size+1, 1); - read(dhret_fd, dhret_str, sbuf.st_size); - close(dhret_fd); - dhret_fd = -1; - } - if (dhret_fd >= 0) { - close(dhret_fd); - dhret_fd = -1; - } - unlink(dhret); - if (dhret_str && strstr(dhret_str, "NOCERT") == dhret_str) { - free(dhret_str); - dhret_str = NULL; - } - if (dhret_str) { - if (new_dh_params == NULL) { - fprintf(stderr, "dhret_str[%d]:\n%s\n", (int) sbuf.st_size, dhret_str); - new_dh_params = strdup(dhret_str); + } else if (err == SSL_ERROR_SYSCALL) { + if (n < 0 && errno != EINTR) { + /* connection finished */ + goto done; + } + /* proceed */ + } else if (err == SSL_ERROR_ZERO_RETURN) { + /* S finished */ + s_rd = 0; + s_wr = 0; + } else if (err == SSL_ERROR_SSL) { + /* connection finished */ + goto done; + } } } - } - if (0) { - fprintf(stderr, "rcookie: %s\n", rcookie); - fprintf(stderr, "cookie: %s\n", cookie); - } + if (c_rd && FD_ISSET(csock, &rd)) { - if (strstr(rcookie, uniq) == rcookie) { - char *q = strstr(rcookie, "RB="); - if (q && strstr(cookie, q) == cookie) { - vencrypt_sel = 0; - anontls_sel = 0; - q = strstr(rcookie, "VENCRYPT="); - if (q && sscanf(q, "VENCRYPT=%d,", &vencrypt_sel) == 1) { - if (vencrypt_sel != 0) { - rfbLog("SSL: VENCRYPT mode=%d accepted.\n", vencrypt_sel); - goto accept_client; + + /* try to read some data from C into our cbuf */ + + n = read(csock, cbuf + cptr, ABSIZE - cptr); + + if (n < 0) { + if (errno != EINTR) { + /* connection finished */ + goto done; } - } - q = strstr(rcookie, "ANONTLS="); - if (q && sscanf(q, "ANONTLS=%d,", &anontls_sel) == 1) { - if (anontls_sel != 0) { - rfbLog("SSL: ANONTLS mode=%d accepted.\n", anontls_sel); - goto accept_client; + /* proceed */ + } else if (n == 0) { + /* C is EOF */ + c_rd = 0; + if (cptr == 0 && s_wr) { + /* and no more in cbuf to send */ + SSL_shutdown(ssl); + s_wr = 0; } + } else { + /* good */ + + cptr += n; + ndata += n; } } - } - if (n != (int) strlen(cookie) || strncmp(cookie, rcookie, n)) { - rfbLog("SSL: accept_openssl: cookie from ssl_helper[%d] FAILED. %d\n", pid, n); - if (db) fprintf(stderr, "'%s'\n'%s'\n", cookie, rcookie); - close(vsock); + if (s_rd) { + if ((sptr < ABSIZE && FD_ISSET(s_in, &rd)) || + (SSL_want_write(ssl) && FD_ISSET(s_out, &wr)) || + (check_pending && SSL_pending(ssl))) { - if (strstr(rcookie, uniq) == rcookie) { - int i; - rfbLog("SSL: BUT WAIT! HTTPS for helper process[%d] succeeded. Good.\n", pid); - if (mode != OPENSSL_HTTPS) { - last_https = dnow(); - for (i=0; i<256; i++) { - last_get[i] = '\0'; - } - strncpy(last_get, rcookie, 100); - if (db) fprintf(stderr, "last_get: '%s'\n", last_get); - } - if (rcookie && strstr(rcookie, "VncViewer.class")) { - rfbLog("\n"); - rfbLog("***********************************************************\n"); - rfbLog("SSL: WARNING CLIENT ASKED FOR NONEXISTENT 'VncViewer.class'\n"); - rfbLog("SSL: USER NEEDS TO **RESTART** HIS WEB BROWSER.\n"); - rfbLog("***********************************************************\n"); - rfbLog("\n"); - } - ssl_helper_pid(pid, -2); + /* try to read some data from S into our sbuf */ - if (https_port_redir) { - double start; - int origport = screen->port; - int useport = screen->port; - int saw_httpsock = 0; - /* to expand $PORT correctly in index.vnc */ - if (https_port_redir < 0) { - char *q = strstr(rcookie, "HP="); - if (q) { - int p; - if (sscanf(q, "HP=%d,", &p) == 1) { - useport = p; + n = SSL_read(ssl, sbuf + sptr, ABSIZE - sptr); + err = SSL_get_error(ssl, n); + + if (err == SSL_ERROR_NONE) { + /* good */ + + sptr += n; + ndata += n; + + } else if (err == SSL_ERROR_WANT_WRITE + || err == SSL_ERROR_WANT_READ + || err == SSL_ERROR_WANT_X509_LOOKUP) { + + ; /* proceed */ + + } else if (err == SSL_ERROR_SYSCALL) { + if (n < 0) { + if(errno != EINTR) { + /* connection finished */ + goto done; } + /* proceed */ + } else { + /* S finished */ + s_rd = 0; + s_wr = 0; } - } else { - useport = https_port_redir; - } - screen->port = useport; - if (origport != useport) { - rfbLog("SSL: -httpsredir guess port: %d\n", screen->port); - } - - start = dnow(); - while (dnow() < start + 10.0) { - if (screen->httpSock >= 0) saw_httpsock = 1; - rfbPE(10000); - usleep(10000); - if (screen->httpSock >= 0) saw_httpsock = 1; - waitpid(pid, &status, WNOHANG); - if (kill(pid, 0) != 0) { - rfbPE(10000); - rfbPE(10000); - break; - } - if (saw_httpsock && screen->httpSock < 0) { - rfbLog("SSL: httpSock for helper[%d] went away\n", pid); - rfbPE(10000); - rfbPE(10000); - break; - } - } - screen->port = origport; - rfbLog("SSL: guessing child helper[%d] https finished. dt=%.6f\n", - pid, dnow() - start); - ssl_helper_pid(0, -2); - if (mode == OPENSSL_INETD) { - clean_up_exit(1); - } - } else if (mode == OPENSSL_INETD) { - double start; - int saw_httpsock = 0; - - /* to expand $PORT correctly in index.vnc */ - if (screen->port == 0) { - int fd = fileno(stdin); - if (getenv("X11VNC_INETD_PORT")) { - screen->port = atoi(getenv( - "X11VNC_INETD_PORT")); - } else { - int tport = get_local_port(fd); - if (tport > 0) { - screen->port = tport; - } - } - } - rfbLog("SSL: screen->port %d\n", screen->port); - - /* kludge for https fetch via inetd */ - start = dnow(); - while (dnow() < start + 10.0) { - if (screen->httpSock >= 0) saw_httpsock = 1; - rfbPE(10000); - usleep(10000); - if (screen->httpSock >= 0) saw_httpsock = 1; - waitpid(pid, &status, WNOHANG); - if (kill(pid, 0) != 0) { - rfbPE(10000); - rfbPE(10000); - break; + } else if (err == SSL_ERROR_ZERO_RETURN) { + /* S is EOF */ + s_rd = 0; + if (cptr == 0 && s_wr) { + /* and no more in cbuf to send */ + SSL_shutdown(ssl); + s_wr = 0; } - if (saw_httpsock && screen->httpSock < 0) { - rfbLog("SSL: httpSock for helper[%d] went away\n", pid); - rfbPE(10000); - rfbPE(10000); - break; + if (sptr == 0 && c_wr) { + /* and no more in sbuf to send */ + shutdown(csock, SHUT_WR); + c_wr = 0; } + } else if (err == SSL_ERROR_SSL) { + /* connection finished */ + goto done; } - rfbLog("SSL: OPENSSL_INETD guessing " - "child helper[%d] https finished. dt=%.6f\n", - pid, dnow() - start); - ssl_helper_pid(0, -2); - clean_up_exit(1); } - /* this will actually only get earlier https */ - ssl_helper_pid(0, -2); - return; } - kill(pid, SIGTERM); - waitpid(pid, &status, WNOHANG); - if (mode == OPENSSL_INETD || ssl_no_fail) { - clean_up_exit(1); - } - return; } - accept_client: + done: + rfbLog("SSL: ssl_xfer[%d]: closing sockets %d, %d, %d\n", + getpid(), csock, s_in, s_out); + close(csock); + close(s_in); + close(s_out); + return; +} - if (db) fprintf(stderr, "accept_openssl: cookie good: %s\n", cookie); +#define MSZ 4096 +static void init_prng(void) { + int db = 0, bytes, ubytes, fd; + char file[MSZ], dtmp[100]; + unsigned int sr; - rfbLog("SSL: handshake with helper process[%d] succeeded.\n", pid); + RAND_file_name(file, MSZ); - openssl_last_helper_pid = pid; - ssl_helper_pid(pid, vsock); + rfbLog("RAND_file_name: %s\n", file); - if (vnc_redirect) { - vnc_redirect_sock = vsock; - openssl_last_helper_pid = 0; - return; + bytes = RAND_load_file(file, -1); + if (db) fprintf(stderr, "bytes read: %d\n", bytes); + + ubytes = RAND_load_file("/dev/urandom", 64); + bytes += ubytes; + if (db) fprintf(stderr, "bytes read: %d / %d\n", bytes, ubytes); + + /* mix in more predictable stuff as well for fallback */ + sprintf(dtmp, "/tmp/p%.8f.XXXXXX", dnow()); + fd = mkstemp(dtmp); + RAND_add(dtmp, strlen(dtmp), 0); + if (fd >= 0) { + close(fd); + unlink(dtmp); } + sprintf(dtmp, "%d-%.8f", (int) getpid(), dnow()); + RAND_add(dtmp, strlen(dtmp), 0); - client = create_new_client(vsock, 0); - openssl_last_helper_pid = 0; + if (!RAND_status()) { + ubytes = -1; + rfbLog("calling RAND_poll()\n"); + RAND_poll(); + } + + RAND_bytes((unsigned char *)&sr, 4); + srand(sr); - if (client) { - if (db) fprintf(stderr, "accept_openssl: client %p\n", (void *) client); - if (db) fprintf(stderr, "accept_openssl: new_client %p\n", (void *) screen->newClientHook); - if (db) fprintf(stderr, "accept_openssl: new_client %p\n", (void *) new_client); - if (mode == OPENSSL_INETD) { - inetd_client = client; - client->clientGoneHook = client_gone; - } - if (openssl_last_ip && - strpbrk(openssl_last_ip, "0123456789") == openssl_last_ip) { - client->host = strdup(openssl_last_ip); - } - if (vencrypt_sel != 0) { - client->protocolMajorVersion = 3; - client->protocolMinorVersion = 8; - if (!finish_vencrypt_auth(client, vencrypt_sel)) { - rfbCloseClient(client); - client = NULL; - } - } else if (anontls_sel != 0) { - client->protocolMajorVersion = 3; - client->protocolMinorVersion = 8; - rfbAuthNewClient(client); - } - if (use_threads && client != NULL) { - rfbStartOnHoldClient(client); + if (bytes > 0) { + if (! quiet) { + rfbLog("initialized PRNG with %d random bytes.\n", + bytes); } - /* try to get RFB proto done now. */ - progress_client(); - } else { - rfbLog("SSL: accept_openssl: rfbNewClient failed.\n"); - close(vsock); - - kill(pid, SIGTERM); - waitpid(pid, &status, WNOHANG); - if (mode == OPENSSL_INETD || ssl_no_fail) { - clean_up_exit(1); + if (ubytes > 32 && rnow() < 0.25) { + RAND_write_file(file); } return; } + + bytes += RAND_load_file("/dev/random", 8); + if (db) fprintf(stderr, "bytes read: %d\n", bytes); + RAND_poll(); + + if (! quiet) { + rfbLog("initialized PRNG with %d random bytes.\n", bytes); + } } +#endif /* FORK_OK */ +#endif /* LIBVNCSERVER_HAVE_LIBSSL */ -static int read_exact(int sock, char *buf, int len) { - int n, fail = 0; - if (sock < 0) { - return 0; +void check_openssl(void) { + fd_set fds; + struct timeval tv; + int nfds; + static time_t last_waitall = 0; + static double last_check = 0.0; + double now; + + if (! use_openssl) { + return; } - while (len > 0) { - n = read(sock, buf, len); - if (n > 0) { - buf += n; - len -= n; - } else if (n == 0) { - fail = 1; - break; - } else if (n < 0 && (errno == EAGAIN || errno == EWOULDBLOCK)) { - usleep(10*1000); - } else if (n < 0 && errno != EINTR) { - fail = 1; - break; - } + + if (time(NULL) > last_waitall + 120) { + last_waitall = time(NULL); + ssl_helper_pid(0, -2); /* waitall */ } - if (fail) { - return 0; - } else { - return 1; + + if (openssl_sock < 0) { + return; } -} -static int write_exact(int sock, char *buf, int len) { - int n, fail = 0; - if (sock < 0) { - return 0; + now = dnow(); + if (now < last_check + 0.5) { + return; } - while (len > 0) { - n = write(sock, buf, len); - if (n > 0) { - buf += n; - len -= n; - } else if (n == 0) { - fail = 1; - break; - } else if (n < 0 && (errno == EAGAIN || errno == EWOULDBLOCK)) { - usleep(10*1000); - } else if (n < 0 && errno != EINTR) { - fail = 1; - break; - } - } - if (fail) { - return 0; - } else { - return 1; + last_check = now; + + FD_ZERO(&fds); + FD_SET(openssl_sock, &fds); + + tv.tv_sec = 0; + tv.tv_usec = 0; + + nfds = select(openssl_sock+1, &fds, NULL, NULL, &tv); + + if (nfds <= 0) { + return; } + + rfbLog("SSL: accept_openssl(OPENSSL_VNC)\n"); + accept_openssl(OPENSSL_VNC, -1); } -static int add_anon_dh(void) { - pid_t pid, pidw; - char cnf[] = "/tmp/x11vnc-dh.XXXXXX"; - char *infile = NULL; - int status, cnf_fd; - DH *dh; - BIO *bio; - FILE *in; - double ds; - /* - * These are dh parameters (prime, generator), not dh keys. - * Evidently it is ok for them to be publicly known. - * openssl dhparam -out dh.out 1024 - */ - char *fixed_dh_params = -"-----BEGIN DH PARAMETERS-----\n" -"MIGHAoGBAL28w69ZnLYBvp8R2OeqtAIms+oatY19iBL4WhGI/7H1OMmkJjIe+OHs\n" -"PXoJfe5ucrnvno7Xm+HJZYa1jnPGQuWoa/VJKXdVjYdJVNzazJKM2daKKcQA4GDc\n" -"msFS5DxLbzUR5jy1n12K3EcbvpyFqDYVTJJXm7NuNuiWRfz3wTozAgEC\n" -"-----END DH PARAMETERS-----\n"; +void check_https(void) { + fd_set fds; + struct timeval tv; + int nfds; + static double last_check = 0.0; + double now; - if (dhparams_file != NULL) { - infile = dhparams_file; - rfbLog("add_anon_dh: using %s\n", dhparams_file); - goto readin; + if (! use_openssl || https_sock < 0) { + return; } - cnf_fd = mkstemp(cnf); - if (cnf_fd < 0) { - return 0; + now = dnow(); + if (now < last_check + 0.5) { + return; } - infile = cnf; - - if (create_fresh_dhparams) { + last_check = now; - if (new_dh_params != NULL) { - write(cnf_fd, new_dh_params, strlen(new_dh_params)); - close(cnf_fd); - } else { - char *exe = find_openssl_bin(); - struct stat sbuf; + FD_ZERO(&fds); + FD_SET(https_sock, &fds); - if (no_external_cmds || !cmd_ok("ssl")) { - rfbLog("add_anon_dh: cannot run external commands.\n"); - return 0; - } + tv.tv_sec = 0; + tv.tv_usec = 0; - close(cnf_fd); - if (exe == NULL) { - return 0; - } - ds = dnow(); - pid = fork(); - if (pid < 0) { - return 0; - } else if (pid == 0) { - int i; - for (i=0; i<256; i++) { - if (i == 2) continue; - close(i); - } - /* rather slow at 1024 */ - execlp(exe, exe, "dhparam", "-out", cnf, "1024", (char *)0); - exit(1); - } - pidw = waitpid(pid, &status, 0); - if (pidw != pid) { - return 0; - } - if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { - ; - } else { - return 0; - } - rfbLog("add_anon_dh: created new DH params in %.3f secs\n", dnow() - ds); + nfds = select(https_sock+1, &fds, NULL, NULL, &tv); - if (stat(cnf, &sbuf) == 0 && sbuf.st_size > 0) { - /* save it to reuse during our process's lifetime: */ - int d = open(cnf, O_RDONLY); - if (d >= 0) { - int n, len = sbuf.st_size; - new_dh_params = (char *) calloc(len+1, 1); - n = read(d, new_dh_params, len); - close(d); - if (n != len) { - free(new_dh_params); - new_dh_params = NULL; - } else if (dhret != NULL) { - d = open(dhret, O_WRONLY); - if (d >= 0) { - write(d, new_dh_params, strlen(new_dh_params)); - close(d); - } - } - } - } - } - } else { - write(cnf_fd, fixed_dh_params, strlen(fixed_dh_params)); - close(cnf_fd); + if (nfds <= 0) { + return; } + rfbLog("SSL: accept_openssl(OPENSSL_HTTPS)\n"); + accept_openssl(OPENSSL_HTTPS, -1); +} - readin: - - ds = dnow(); - in = fopen(infile, "r"); +void openssl_port(void) { + int sock = -1, shutdown = 0; + static int port = -1; + static in_addr_t iface = INADDR_ANY; + int db = 0; - if (in == NULL) { - rfbLogPerror("fopen"); - unlink(cnf); - return 0; + if (! screen) { + rfbLog("openssl_port: no screen!\n"); + clean_up_exit(1); } - bio = BIO_new_fp(in, BIO_CLOSE|BIO_FP_TEXT); - if (! bio) { - rfbLog("openssl_init: BIO_new_fp() failed.\n"); - unlink(cnf); - return 0; + if (inetd) { + ssl_initialized = 1; + return; } - dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); - if (dh == NULL) { - rfbLog("openssl_init: PEM_read_bio_DHparams() failed.\n"); - unlink(cnf); - BIO_free(bio); - return 0; + + if (screen->listenSock > -1 && screen->port > 0) { + port = screen->port; + shutdown = 1; + } else if (screen->port == 0) { + port = screen->port; + } + if (screen->listenInterface) { + iface = screen->listenInterface; } - BIO_free(bio); - SSL_CTX_set_tmp_dh(ctx, dh); - rfbLog("loaded Diffie Hellman %d bits, %.3fs\n", 8*DH_size(dh), dnow()-ds); - DH_free(dh); - unlink(cnf); - return 1; -} + if (shutdown) { + if (db) fprintf(stderr, "shutting down %d/%d\n", + port, screen->listenSock); +#if LIBVNCSERVER_HAS_SHUTDOWNSOCKETS + rfbShutdownSockets(screen); +#endif + } -static int switch_to_anon_dh(void) { - long mode; - - rfbLog("Using Anonymous Diffie-Hellman mode.\n"); - rfbLog("WARNING: Anonymous Diffie-Hellman uses encryption but is\n"); - rfbLog("WARNING: susceptible to a Man-In-The-Middle attack.\n"); - if (ssl_client_mode) { - ctx = SSL_CTX_new( SSLv23_client_method() ); + if (port < 0) { + rfbLog("openssl_port: could not obtain listening port %d\n", port); + clean_up_exit(1); + } else if (port == 0) { + /* no listen case, i.e. -connect */ + sock = -1; } else { - ctx = SSL_CTX_new( SSLv23_server_method() ); + sock = rfbListenOnTCPPort(port, iface); + if (sock < 0) { + rfbLog("openssl_port: could not reopen port %d\n", port); + clean_up_exit(1); + } } - if (ctx == NULL) { - return 0; + rfbLog("openssl_port: listen on port/sock %d/%d\n", port, sock); + if (!quiet) { + announce(port, 1, NULL); } - if (ssl_client_mode) { - return 1; + openssl_sock = sock; + openssl_port_num = port; + + ssl_initialized = 1; +} + +void https_port(void) { + int sock; + static int port = 0; + static in_addr_t iface = INADDR_ANY; + int db = 0; + + /* as openssl_port above: open a listening socket for pure https: */ + if (https_port_num < 0) { + return; } - if (!SSL_CTX_set_cipher_list(ctx, "ADH:@STRENGTH")) { - return 0; + if (! screen) { + rfbLog("https_port: no screen!\n"); + clean_up_exit(1); } - if (!add_anon_dh()) { - return 0; + if (screen->listenInterface) { + iface = screen->listenInterface; } - mode = 0; - mode |= SSL_MODE_ENABLE_PARTIAL_WRITE; - mode |= SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER; - SSL_CTX_set_mode(ctx, mode); + if (https_port_num == 0) { + https_port_num = find_free_port(5801, 5851); + } + if (https_port_num <= 0) { + rfbLog("https_port: could not find port %d\n", https_port_num); + clean_up_exit(1); + } + port = https_port_num; - SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH); - SSL_CTX_set_timeout(ctx, 300); - SSL_CTX_set_default_passwd_cb(ctx, pem_passwd_callback); - SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); + if (port <= 0) { + rfbLog("https_port: could not obtain listening port %d\n", port); + clean_up_exit(1); + } + sock = rfbListenOnTCPPort(port, iface); + if (sock < 0) { + rfbLog("https_port: could not open port %d\n", port); + clean_up_exit(1); + } + if (db) fprintf(stderr, "https_port: listen on port/sock %d/%d\n", + port, sock); - return 1; + https_sock = sock; } -static int anontls_dialog(int s_in, int s_out) { +static void lose_ram(void) { + /* + * for a forked child that will be around for a long time + * without doing exec(). we really should re-exec, but a pain + * to redo all SSL ctx. + */ + free_old_fb(); - if (s_in || s_out) {} - anontls_selected = 1; + free_tiles(); +} - if (!switch_to_anon_dh()) { - rfbLog("anontls: Anonymous Diffie-Hellman failed.\n"); - return 0; +/* utility to keep track of existing helper processes: */ + +void ssl_helper_pid(pid_t pid, int sock) { +# define HPSIZE 256 + static pid_t helpers[HPSIZE]; + static int sockets[HPSIZE], first = 1; + int i, empty, set, status; + static int db = 0; + + if (first) { + for (i=0; i < HPSIZE; i++) { + helpers[i] = 0; + sockets[i] = 0; + } + if (getenv("SSL_HELPER_PID_DB")) { + db = 1; + } + first = 0; } - /* continue with SSL/TLS */ - return 1; -} -/* - * Using spec: - * http://www.mail-archive.com/qemu-devel@nongnu.org/msg08681.html - */ -static int vencrypt_dialog(int s_in, int s_out) { - char buf[256], buf2[256]; - int subtypes[16]; - int n, i, ival, ok, nsubtypes = 0; + if (pid == 0) { + /* killall or waitall */ + for (i=0; i < HPSIZE; i++) { + if (helpers[i] == 0) { + sockets[i] = -1; + continue; + } + if (kill(helpers[i], 0) == 0) { + int kret = -2; + pid_t wret; + if (sock != -2) { + if (sockets[i] >= 0) { + close(sockets[i]); + } + kret = kill(helpers[i], SIGTERM); + if (kret == 0) { + usleep(20 * 1000); + } + } - vencrypt_selected = 0; +#if LIBVNCSERVER_HAVE_SYS_WAIT_H && LIBVNCSERVER_HAVE_WAITPID + wret = waitpid(helpers[i], &status, WNOHANG); - /* send version 0.2 */ - buf[0] = 0; - buf[1] = 2; +if (db) fprintf(stderr, "waitpid(%d)\n", helpers[i]); +if (db) fprintf(stderr, " waitret1=%d\n", wret); - if (!write_exact(s_out, buf, 2)) { - close(s_in); close(s_out); - return 0; + if (kret == 0 && wret != helpers[i]) { + int k; + for (k=0; k < 10; k++) { + usleep(100 * 1000); + wret = waitpid(helpers[i], &status, WNOHANG); +if (db) fprintf(stderr, " waitret2=%d\n", wret); + if (wret == helpers[i]) { + break; + } + } + } +#endif + if (sock == -2) { + continue; + } + } + helpers[i] = 0; + sockets[i] = -1; + } + return; } - /* read client version 0.2 */ - memset(buf, 0, sizeof(buf)); - if (!read_exact(s_in, buf, 2)) { - close(s_in); close(s_out); - return 0; - } - rfbLog("vencrypt: received %d.%d client version.\n", (int) buf[0], (int) buf[1]); +if (db) fprintf(stderr, "ssl_helper_pid(%d, %d)\n", pid, sock); - /* close 0.0 */ - if (buf[0] == 0 && buf[1] == 0) { - rfbLog("vencrypt: received 0.0 version, closing connection.\n"); - close(s_in); close(s_out); - return 0; - } + /* add (or delete for sock == -1) */ + set = 0; + empty = -1; + for (i=0; i < HPSIZE; i++) { + if (helpers[i] == pid) { + if (sock == -1) { +#if LIBVNCSERVER_HAVE_SYS_WAIT_H && LIBVNCSERVER_HAVE_WAITPID + pid_t wret; + wret = waitpid(helpers[i], &status, WNOHANG); - /* accept only 0.2 */ - if (buf[0] != 0 || buf[1] != 2) { - rfbLog("vencrypt: unsupported VeNCrypt version, closing connection.\n"); - buf[0] = (char) 255; - write_exact(s_out, buf, 1); - close(s_in); close(s_out); - return 0; +if (db) fprintf(stderr, "waitpid(%d) 2\n", helpers[i]); +if (db) fprintf(stderr, " waitret1=%d\n", wret); +#endif + helpers[i] = 0; + } + sockets[i] = sock; + set = 1; + } else if (empty == -1 && helpers[i] == 0) { + empty = i; + } } - - /* tell them OK */ - buf[0] = 0; - if (!write_exact(s_out, buf, 1)) { - close(s_in); close(s_out); - return 0; + if (set || sock == -1) { + return; /* done */ } - if (getenv("X11VNC_ENABLE_VENCRYPT_PLAIN_LOGIN")) { - vencrypt_enable_plain_login = atoi(getenv("X11VNC_ENABLE_VENCRYPT_PLAIN_LOGIN")); + /* now try to store */ + if (empty >= 0) { + helpers[empty] = pid; + sockets[empty] = sock; + return; } - - /* load our list of sub-types: */ - n = 0; - if (!ssl_verify && vencrypt_kx != VENCRYPT_NODH) { - if (screen->authPasswdData != NULL) { - subtypes[n++] = rfbVencryptTlsVnc; - } else { - if (vencrypt_enable_plain_login && unixpw) { - subtypes[n++] = rfbVencryptTlsPlain; - } else { - subtypes[n++] = rfbVencryptTlsNone; - } + for (i=0; i < HPSIZE; i++) { + if (helpers[i] == 0) { + continue; } - } - if (vencrypt_kx != VENCRYPT_NOX509) { - if (screen->authPasswdData != NULL) { - subtypes[n++] = rfbVencryptX509Vnc; - } else { - if (vencrypt_enable_plain_login && unixpw) { - subtypes[n++] = rfbVencryptX509Plain; - } else { - subtypes[n++] = rfbVencryptX509None; + /* clear out stale pids: */ + if (kill(helpers[i], 0) != 0) { + helpers[i] = 0; + sockets[i] = -1; + + if (empty == -1) { + empty = i; } } } - - nsubtypes = n; - for (i = 0; i < nsubtypes; i++) { - ((uint32_t *)buf)[i] = Swap32IfLE(subtypes[i]); + if (empty >= 0) { + helpers[empty] = pid; + sockets[empty] = sock; } +} - /* send number first: */ - buf2[0] = (char) nsubtypes; - if (!write_exact(s_out, buf2, 1)) { - close(s_in); close(s_out); - return 0; - } - /* and now the list: */ - if (!write_exact(s_out, buf, 4*n)) { - close(s_in); close(s_out); - return 0; - } +static int is_ssl_readable(int s_in, double last_https, char *last_get, + int mode) { + int nfd, db = 0; + struct timeval tv; + fd_set rd; - /* read client's selection: */ - if (!read_exact(s_in, (char *)&ival, 4)) { - close(s_in); close(s_out); - return 0; + if (getenv("ACCEPT_OPENSSL_DEBUG")) { + db = atoi(getenv("ACCEPT_OPENSSL_DEBUG")); } - ival = Swap32IfLE(ival); - /* zero means no dice: */ - if (ival == 0) { - rfbLog("vencrypt: client selected no sub-type, closing connection.\n"); - close(s_in); close(s_out); - return 0; + /* + * we'll do a select() on s_in for reading. this is not an + * absolute proof that SSL_read is ready (XXX use SSL utility). + */ + tv.tv_sec = 2; + tv.tv_usec = 0; + + if (mode == OPENSSL_INETD) { + /* + * https via inetd is icky because x11vnc is restarted + * for each socket (and some clients send requests + * rapid fire). + */ + tv.tv_sec = 4; } - /* check if he selected a valid one: */ - ok = 0; - for (i = 0; i < nsubtypes; i++) { - if (ival == subtypes[i]) { - ok = 1; + /* + * increase the timeout if we know HTTP traffic has occurred + * recently: + */ + if (dnow() < last_https + 30.0) { + tv.tv_sec = 10; + if (last_get && strstr(last_get, "VncViewer")) { + tv.tv_sec = 5; } } + if (getenv("X11VNC_HTTPS_VS_VNC_TIMEOUT")) { + tv.tv_sec = atoi(getenv("X11VNC_HTTPS_VS_VNC_TIMEOUT")); + } +if (db) fprintf(stderr, "tv_sec: %d - '%s'\n", (int) tv.tv_sec, last_get); - if (!ok) { - rfbLog("vencrypt: client selected invalid sub-type: %d\n", ival); - close(s_in); close(s_out); - return 0; - } else { - char *st = "unknown!!"; - if (ival == rfbVencryptTlsNone) st = "rfbVencryptTlsNone"; - if (ival == rfbVencryptTlsVnc) st = "rfbVencryptTlsVnc"; - if (ival == rfbVencryptTlsPlain) st = "rfbVencryptTlsPlain"; - if (ival == rfbVencryptX509None) st = "rfbVencryptX509None"; - if (ival == rfbVencryptX509Vnc) st = "rfbVencryptX509Vnc"; - if (ival == rfbVencryptX509Plain) st = "rfbVencryptX509Plain"; - rfbLog("vencrypt: client selected sub-type: %d (%s)\n", ival, st); - } + FD_ZERO(&rd); + FD_SET(s_in, &rd); - vencrypt_selected = ival; + if (db) fprintf(stderr, "is_ssl_readable: begin select(%d secs) %.6f\n", (int) tv.tv_sec, dnow()); + do { + nfd = select(s_in+1, &rd, NULL, NULL, &tv); + } while (nfd < 0 && errno == EINTR); + if (db) fprintf(stderr, "is_ssl_readable: finish select(%d secs) %.6f\n", (int) tv.tv_sec, dnow()); - /* not documented in spec, send OK: */ - buf[0] = 1; - if (!write_exact(s_out, buf, 1)) { - close(s_in); close(s_out); - return 0; - } + if (db) fprintf(stderr, "https nfd: %d\n", nfd); - if (vencrypt_selected == rfbVencryptTlsNone || - vencrypt_selected == rfbVencryptTlsVnc || - vencrypt_selected == rfbVencryptTlsPlain) { - /* these modes are Anonymous Diffie-Hellman */ - if (!switch_to_anon_dh()) { - rfbLog("vencrypt: Anonymous Diffie-Hellman failed.\n"); - return 0; - } + if (nfd <= 0 || ! FD_ISSET(s_in, &rd)) { + return 0; } - - /* continue with SSL/TLS */ return 1; } -static int check_vnc_tls_mode(int s_in, int s_out, double last_https) { - double waited = 0.0, waitmax = 1.4, dt = 0.01, start = dnow(); - struct timeval tv; - int input = 0, i, n, ok; - int major, minor, sectype = -1; - char *proto = "RFB 003.008\n"; - char *stype = "unknown"; - char buf[256]; - - vencrypt_selected = 0; - anontls_selected = 0; - - if (vencrypt_mode == VENCRYPT_NONE && anontls_mode == ANONTLS_NONE) { - /* only normal SSL */ - return 1; - } - if (ssl_client_mode) { - if (vencrypt_mode == VENCRYPT_FORCE || anontls_mode == ANONTLS_FORCE) { - rfbLog("check_vnc_tls_mode: VENCRYPT_FORCE/ANONTLS_FORCE in client\n"); - rfbLog("check_vnc_tls_mode: connect mode.\n"); - /* this is OK, continue on below for dialog. */ - } else { - /* otherwise we must assume normal SSL (we send client hello) */ - return 1; - } +static int watch_for_http_traffic(char *buf_a, int *n_a, int raw_sock) { + int is_http, err, n, n2; + char *buf; + int db = 0; + /* + * sniff the first couple bytes of the stream and try to see + * if it is http or not. if we read them OK, we must read the + * rest of the available data otherwise we may deadlock. + * what has been read is returned in buf_a and n_a. + * *buf_a is ABSIZE+1 long and zeroed. + */ + if (getenv("ACCEPT_OPENSSL_DEBUG")) { + db = atoi(getenv("ACCEPT_OPENSSL_DEBUG")); } - if (ssl_verify && vencrypt_mode != VENCRYPT_FORCE && anontls_mode == ANONTLS_FORCE) { - rfbLog("check_vnc_tls_mode: Cannot use ANONTLS_FORCE with -sslverify (Anon DH only)\n"); - /* fallback to normal SSL */ - return 1; + if (! buf_a || ! n_a) { + return 0; } - if (last_https > 0.0) { - double now = dnow(); - if (now < last_https + 5.0) { - waitmax = 20.0; - } else if (now < last_https + 15.0) { - waitmax = 10.0; - } else if (now < last_https + 30.0) { - waitmax = 5.0; - } else if (now < last_https + 60.0) { - waitmax = 2.5; - } - } + buf = (char *) calloc((ABSIZE+1), 1); + *n_a = 0; - while (waited < waitmax) { - fd_set rfds; - FD_ZERO(&rfds); - FD_SET(s_in, &rfds); - tv.tv_sec = 0; - tv.tv_usec = 0; - select(s_in+1, &rfds, NULL, NULL, &tv); - if (FD_ISSET(s_in, &rfds)) { - input = 1; - break; - } - usleep((int) (1000 * 1000 * dt)); - waited += dt; + if (enc_str && !strcmp(enc_str, "none")) { + n = read(raw_sock, buf, 2); + err = SSL_ERROR_NONE; + } else { +#if LIBVNCSERVER_HAVE_LIBSSL + n = SSL_read(ssl, buf, 2); + err = SSL_get_error(ssl, n); +#else + err = n = 0; + badnews("1 in watch_for_http_traffic"); +#endif } - rfbLog("check_vnc_tls_mode: waited: %f / %.2f input: %s\n", - dnow() - start, waitmax, input ? "SSL Handshake" : "(future) RFB Handshake"); - if (input) { - /* got SSL client hello, can only assume normal SSL */ - if (vencrypt_mode == VENCRYPT_FORCE || anontls_mode == ANONTLS_FORCE) { - rfbLog("check_vnc_tls_mode: VENCRYPT_FORCE/ANONTLS_FORCE prevents normal SSL\n"); - return 0; + if (err != SSL_ERROR_NONE || n < 2) { + if (n > 0) { + strncpy(buf_a, buf, n); + *n_a = n; } - return 1; - } - - /* send RFB 003.008 -- there is no turning back from this point... */ - if (!write_exact(s_out, proto, strlen(proto))) { - close(s_in); close(s_out); - return 0; + if (db) fprintf(stderr, "watch_for_http_traffic ssl err: %d/%d\n", err, n); + return -1; } - memset(buf, 0, sizeof(buf)); - if (!read_exact(s_in, buf, 12)) { - close(s_in); close(s_out); - return 0; + /* look for GET, HEAD, POST, CONNECT */ + is_http = 0; + if (!strncmp("GE", buf, 2)) { + is_http = 1; + } else if (!strncmp("HE", buf, 2)) { + is_http = 1; + } else if (!strncmp("PO", buf, 2)) { + is_http = 1; + } else if (!strncmp("CO", buf, 2)) { + is_http = 1; } + if (db) fprintf(stderr, "watch_for_http_traffic read: '%s' %d\n", buf, n); - if (sscanf(buf, "RFB %03d.%03d\n", &major, &minor) != 2) { - int i; - rfbLog("check_vnc_tls_mode: abnormal handshake: '%s'\nbytes: ", buf); - for (i=0; i < 12; i++) { - fprintf(stderr, "%d.", (unsigned char) buf[i]); - } - fprintf(stderr, "\n"); - close(s_in); close(s_out); - return 0; - } - rfbLog("check_vnc_tls_mode: version: %d.%d\n", major, minor); - if (major != 3 || minor < 8) { - rfbLog("check_vnc_tls_mode: invalid version: '%s'\n", buf); - close(s_in); close(s_out); - return 0; - } + /* + * better read all we can and fwd it along to avoid blocking + * in ssl_xfer(). + */ - n = 1; - if (vencrypt_mode == VENCRYPT_FORCE) { - buf[n++] = rfbSecTypeVencrypt; - } else if (anontls_mode == ANONTLS_FORCE && !ssl_verify) { - buf[n++] = rfbSecTypeAnonTls; - } else if (vencrypt_mode == VENCRYPT_SOLE) { - buf[n++] = rfbSecTypeVencrypt; - } else if (anontls_mode == ANONTLS_SOLE && !ssl_verify) { - buf[n++] = rfbSecTypeAnonTls; + if (enc_str && !strcmp(enc_str, "none")) { + n2 = read(raw_sock, buf + n, ABSIZE - n); } else { - if (vencrypt_mode == VENCRYPT_SUPPORT) { - buf[n++] = rfbSecTypeVencrypt; - } - if (anontls_mode == ANONTLS_SUPPORT && !ssl_verify) { - buf[n++] = rfbSecTypeAnonTls; - } - } - - n--; - buf[0] = (char) n; - if (!write_exact(s_out, buf, n+1)) { - close(s_in); close(s_out); - return 0; +#if LIBVNCSERVER_HAVE_LIBSSL + n2 = SSL_read(ssl, buf + n, ABSIZE - n); +#else + n2 = 0; + badnews("2 in watch_for_http_traffic"); +#endif } - if (0) fprintf(stderr, "wrote[%d] %d %d %d\n", n, buf[0], buf[1], buf[2]); - - buf[0] = 0; - if (!read_exact(s_in, buf, 1)) { - close(s_in); close(s_out); - return 0; + if (n2 >= 0) { + n += n2; } - if (buf[0] == rfbSecTypeVencrypt) stype = "VeNCrypt"; - if (buf[0] == rfbSecTypeAnonTls) stype = "ANONTLS"; + *n_a = n; - rfbLog("check_vnc_tls_mode: reply: %d (%s)\n", (int) buf[0], stype); + if (db) fprintf(stderr, "watch_for_http_traffic readmore: %d\n", n2); - ok = 0; - for (i=1; i < n+1; i++) { - if (buf[0] == buf[i]) { - ok = 1; - } + if (n > 0) { + memcpy(buf_a, buf, n); } - if (!ok) { - char *msg = "check_vnc_tls_mode: invalid security-type"; - int len = strlen(msg); - rfbLog("%s: %d\n", msg, (int) buf[0]); - ((uint32_t *)buf)[0] = Swap32IfLE(len); - write_exact(s_out, buf, 4); - write_exact(s_out, msg, strlen(msg)); - close(s_in); close(s_out); - return 0; + if (db > 1) { + fprintf(stderr, "watch_for_http_traffic readmore: "); + write(2, buf_a, *n_a); + fprintf(stderr, "\n"); } + if (db) fprintf(stderr, "watch_for_http_traffic return: %d\n", is_http); + return is_http; +} - sectype = (int) buf[0]; +static int csock_timeout_sock = -1; - if (sectype == rfbSecTypeVencrypt) { - return vencrypt_dialog(s_in, s_out); - } else if (sectype == rfbSecTypeAnonTls) { - return anontls_dialog(s_in, s_out); - } else { - return 0; +static void csock_timeout (int sig) { + rfbLog("sig: %d, csock_timeout.\n", sig); + if (csock_timeout_sock >= 0) { + close(csock_timeout_sock); + csock_timeout_sock = -1; } } -static void pr_ssl_info(int verb) { - SSL_CIPHER *c; - SSL_SESSION *s; - char *proto = "unknown"; - - if (verb) {} - - if (ssl == NULL) { - return; - } - c = SSL_get_current_cipher(ssl); - s = SSL_get_session(ssl); +static int check_ssl_access(char *addr) { + static char *save_allow_once = NULL; + static time_t time_allow_once = 0; - if (s == NULL) { - proto = "nosession"; - } else if (s->ssl_version == SSL2_VERSION) { - proto = "SSLv2"; - } else if (s->ssl_version == SSL3_VERSION) { - proto = "SSLv3"; - } else if (s->ssl_version == TLS1_VERSION) { - proto = "TLSv1"; - } - if (c != NULL) { - rfbLog("SSL: ssl_helper[%d]: Cipher: %s %s Proto: %s\n", getpid(), - SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c), proto); - } else { - rfbLog("SSL: ssl_helper[%d]: Proto: %s\n", getpid(), - proto); + /* due to "Fetch Cert" activities for SSL really need to "allow twice" */ + if (allow_once != NULL) { + save_allow_once = strdup(allow_once); + time_allow_once = time(NULL); + } else if (save_allow_once != NULL) { + if (getenv("X11VNC_NO_SSL_ALLOW_TWICE")) { + ; + } else if (time(NULL) < time_allow_once + 30) { + /* give them 30 secs to check and save the fetched cert. */ + allow_once = save_allow_once; + rfbLog("SSL: Permitting 30 sec grace period for allowonce.\n"); + rfbLog("SSL: Set X11VNC_NO_SSL_ALLOW_TWICE=1 to disable.\n"); + } + save_allow_once = NULL; + time_allow_once = 0; } -} -static void ssl_timeout (int sig) { - int i; - rfbLog("sig: %d, ssl_init[%d] timed out.\n", sig, getpid()); - for (i=0; i < 256; i++) { - close(i); - } - exit(1); + return check_access(addr); } -static int ssl_init(int s_in, int s_out, int skip_vnc_tls, double last_https) { - unsigned char *sid = (unsigned char *) "x11vnc SID"; - char *name = NULL; +void accept_openssl(int mode, int presock) { + int sock = -1, listen = -1, cport, csock, vsock; int peerport = 0; - int db = 0, rc, err; - int ssock = s_in; - double start = dnow(); - int timeout = 20; + int status, n, i, db = 0; + struct sockaddr_in addr; +#ifdef __hpux + int addrlen = sizeof(addr); +#else + socklen_t addrlen = sizeof(addr); +#endif + rfbClientPtr client; + pid_t pid; + char uniq[] = "_evilrats_"; + char cookie[256], rcookie[256], *name = NULL; + int vencrypt_sel = 0; + int anontls_sel = 0; + static double last_https = 0.0; + static char last_get[256]; + static int first = 1; + unsigned char *rb; - if (enc_str != NULL) { - return 1; +#if !LIBVNCSERVER_HAVE_LIBSSL + if (enc_str == NULL || strcmp(enc_str, "none")) { + badnews("0 accept_openssl"); } - if (getenv("SSL_DEBUG")) { - db = atoi(getenv("SSL_DEBUG")); - } - if (getenv("SSL_INIT_TIMEOUT")) { - timeout = atoi(getenv("SSL_INIT_TIMEOUT")); - } - if (db) fprintf(stderr, "ssl_init: %d/%d\n", s_in, s_out); +#endif - if (skip_vnc_tls) { - rfbLog("SSL: ssl_helper[%d]: HTTPS mode, skipping check_vnc_tls_mode()\n", - getpid()); - } else if (!check_vnc_tls_mode(s_in, s_out, last_https)) { - return 0; + openssl_last_helper_pid = 0; + + /* zero buffers for use below. */ + for (i=0; i<256; i++) { + if (first) { + last_get[i] = '\0'; + } + cookie[i] = '\0'; + rcookie[i] = '\0'; } + first = 0; - ssl = SSL_new(ctx); - if (ssl == NULL) { - fprintf(stderr, "SSL_new failed\n"); - return 0; + if (getenv("ACCEPT_OPENSSL_DEBUG")) { + db = atoi(getenv("ACCEPT_OPENSSL_DEBUG")); } - if (db > 1) fprintf(stderr, "ssl_init: 1\n"); - SSL_set_session_id_context(ssl, sid, strlen((char *)sid)); + /* do INETD, VNC, or HTTPS cases (result is client socket or pipe) */ + if (mode == OPENSSL_INETD) { + ssl_initialized = 1; - if (s_in == s_out) { - if (! SSL_set_fd(ssl, ssock)) { - fprintf(stderr, "SSL_set_fd failed\n"); - return 0; + } else if (mode == OPENSSL_VNC) { + sock = accept(openssl_sock, (struct sockaddr *)&addr, &addrlen); + if (sock < 0) { + rfbLog("SSL: accept_openssl: accept connection failed\n"); + rfbLogPerror("accept"); + if (ssl_no_fail) { + clean_up_exit(1); + } + return; } - } else { - if (! SSL_set_rfd(ssl, s_in)) { - fprintf(stderr, "SSL_set_rfd failed\n"); - return 0; + listen = openssl_sock; + + } else if (mode == OPENSSL_REVERSE) { + sock = presock; + if (sock < 0) { + rfbLog("SSL: accept_openssl: connection failed\n"); + if (ssl_no_fail) { + clean_up_exit(1); + } + return; } - if (! SSL_set_wfd(ssl, s_out)) { - fprintf(stderr, "SSL_set_wfd failed\n"); - return 0; + listen = -1; + + } else if (mode == OPENSSL_HTTPS) { + sock = accept(https_sock, (struct sockaddr *)&addr, &addrlen); + if (sock < 0) { + rfbLog("SSL: accept_openssl: accept connection failed\n"); + rfbLogPerror("accept"); + if (ssl_no_fail) { + clean_up_exit(1); + } + return; } + listen = https_sock; } - if (db > 1) fprintf(stderr, "ssl_init: 2\n"); + if (db) fprintf(stderr, "SSL: accept_openssl: sock: %d\n", sock); - if (ssl_client_mode) { - SSL_set_connect_state(ssl); + if (openssl_last_ip) { + free(openssl_last_ip); + openssl_last_ip = NULL; + } + if (mode == OPENSSL_INETD) { + openssl_last_ip = get_remote_host(fileno(stdin)); } else { - SSL_set_accept_state(ssl); + openssl_last_ip = get_remote_host(sock); } - if (db > 1) fprintf(stderr, "ssl_init: 3\n"); - - name = get_remote_host(ssock); - peerport = get_remote_port(ssock); - - if (db > 1) fprintf(stderr, "ssl_init: 4\n"); - - while (1) { + if (!check_ssl_access(openssl_last_ip)) { + rfbLog("SSL: accept_openssl: denying client %s\n", openssl_last_ip); + rfbLog("SSL: accept_openssl: does not match -allow (or other reason).\n"); + close(sock); + sock = -1; + if (ssl_no_fail) { + clean_up_exit(1); + } + return; + } - signal(SIGALRM, ssl_timeout); - alarm(timeout); + /* now make a listening socket for child to connect back to us by: */ - if (ssl_client_mode) { - if (db) fprintf(stderr, "calling SSL_connect...\n"); - rc = SSL_connect(ssl); - } else { - if (db) fprintf(stderr, "calling SSL_accept...\n"); - rc = SSL_accept(ssl); + cport = find_free_port(20000, 0); + if (! cport) { + rfbLog("SSL: accept_openssl: could not find open port.\n"); + close(sock); + if (mode == OPENSSL_INETD || ssl_no_fail) { + clean_up_exit(1); } - err = SSL_get_error(ssl, rc); + return; + } + if (db) fprintf(stderr, "accept_openssl: cport: %d\n", cport); - alarm(0); - signal(SIGALRM, SIG_DFL); + csock = rfbListenOnTCPPort(cport, htonl(INADDR_LOOPBACK)); - if (ssl_client_mode) { - if (db) fprintf(stderr, "SSL_connect %d/%d\n", rc, err); - } else { - if (db) fprintf(stderr, "SSL_accept %d/%d\n", rc, err); + if (csock < 0) { + rfbLog("SSL: accept_openssl: could not listen on port %d.\n", + cport); + close(sock); + if (mode == OPENSSL_INETD || ssl_no_fail) { + clean_up_exit(1); } - if (err == SSL_ERROR_NONE) { - break; - } else if (err == SSL_ERROR_WANT_READ) { + return; + } + if (db) fprintf(stderr, "accept_openssl: csock: %d\n", csock); - if (db) fprintf(stderr, "got SSL_ERROR_WANT_READ\n"); - rfbLog("SSL: ssl_helper[%d]: SSL_accept() failed for: %s:%d\n", - getpid(), name, peerport); - pr_ssl_info(1); - return 0; - - } else if (err == SSL_ERROR_WANT_WRITE) { + fflush(stderr); - if (db) fprintf(stderr, "got SSL_ERROR_WANT_WRITE\n"); - rfbLog("SSL: ssl_helper[%d]: SSL_accept() failed for: %s:%d\n", - getpid(), name, peerport); - pr_ssl_info(1); - return 0; + /* + * make a simple cookie to id the child socket, not foolproof + * but hard to guess exactly (just worrying about local lusers + * here, since we use INADDR_LOOPBACK). + */ + rb = (unsigned char *) calloc(6, 1); +#if LIBVNCSERVER_HAVE_LIBSSL + RAND_bytes(rb, 6); +#endif + sprintf(cookie, "RB=%d%d%d%d%d%d/%f%f/%p", + rb[0], rb[1], rb[2], rb[3], rb[4], rb[5], + dnow() - x11vnc_start, x11vnc_start, (void *)rb); - } else if (err == SSL_ERROR_SYSCALL) { + if (mode != OPENSSL_INETD) { + name = get_remote_host(sock); + peerport = get_remote_port(sock); + } else { + openssl_last_ip = get_remote_host(fileno(stdin)); + peerport = get_remote_port(fileno(stdin)); + if (openssl_last_ip) { + name = strdup(openssl_last_ip); + } else { + name = strdup("unknown"); + } + } + if (name) { + if (mode == OPENSSL_INETD) { + rfbLog("SSL: (inetd) spawning helper process " + "to handle: %s:%d\n", name, peerport); + } else { + rfbLog("SSL: spawning helper process to handle: " + "%s:%d\n", name, peerport); + } + free(name); + name = NULL; + } - if (db) fprintf(stderr, "got SSL_ERROR_SYSCALL\n"); - rfbLog("SSL: ssl_helper[%d]: SSL_accept() failed for: %s:%d\n", - getpid(), name, peerport); - pr_ssl_info(1); - return 0; + if (certret) { + free(certret); + } + if (certret_str) { + free(certret_str); + certret_str = NULL; + } + certret = strdup("/tmp/x11vnc-certret.XXXXXX"); + omode = umask(077); + certret_fd = mkstemp(certret); + umask(omode); + if (certret_fd < 0) { + free(certret); + certret = NULL; + certret_fd = -1; + } - } else if (err == SSL_ERROR_ZERO_RETURN) { + if (dhret) { + free(dhret); + } + if (dhret_str) { + free(dhret_str); + dhret_str = NULL; + } + dhret = strdup("/tmp/x11vnc-dhret.XXXXXX"); + omode = umask(077); + dhret_fd = mkstemp(dhret); + umask(omode); + if (dhret_fd < 0) { + free(dhret); + dhret = NULL; + dhret_fd = -1; + } - if (db) fprintf(stderr, "got SSL_ERROR_ZERO_RETURN\n"); - rfbLog("SSL: ssl_helper[%d]: SSL_accept() failed for: %s:%d\n", - getpid(), name, peerport); - pr_ssl_info(1); - return 0; + /* now fork the child to handle the SSL: */ + pid = fork(); - } else if (rc < 0) { - unsigned long err; - int cnt = 0; + if (pid > 0) { + rfbLog("SSL: helper for peerport %d is pid %d: \n", + peerport, (int) pid); + } - rfbLog("SSL: ssl_helper[%d]: SSL_accept() *FATAL: %d SSL FAILED\n", getpid(), rc); - while ((err = ERR_get_error()) != 0) { - rfbLog("SSL: %s\n", ERR_error_string(err, NULL)); - if (cnt++ > 100) { - break; - } - } - pr_ssl_info(1); - return 0; + if (pid < 0) { + rfbLog("SSL: accept_openssl: could not fork.\n"); + rfbLogPerror("fork"); + close(sock); + close(csock); + if (mode == OPENSSL_INETD || ssl_no_fail) { + clean_up_exit(1); + } + return; - } else if (dnow() > start + 3.0) { + } else if (pid == 0) { + int s_in, s_out, httpsock = -1; + int vncsock; + int i, have_httpd = 0; + int f_in = fileno(stdin); + int f_out = fileno(stdout); + int skip_vnc_tls = mode == OPENSSL_HTTPS ? 1 : 0; - rfbLog("SSL: ssl_helper[%d]: timeout looping SSL_accept() " - "fatal.\n", getpid()); - pr_ssl_info(1); - return 0; + if (db) fprintf(stderr, "helper pid in: %d %d %d %d\n", f_in, f_out, sock, listen); - } else { - BIO *bio = SSL_get_rbio(ssl); - if (bio == NULL) { - rfbLog("SSL: ssl_helper[%d]: ssl BIO is null. " - "fatal.\n", getpid()); - pr_ssl_info(1); - return 0; + /* reset all handlers to default (no interrupted() calls) */ + unset_signals(); + + /* close all non-essential fd's */ + for (i=0; i<256; i++) { + if (mode == OPENSSL_INETD) { + if (i == f_in || i == f_out) { + continue; + } } - if (BIO_eof(bio)) { - rfbLog("SSL: ssl_helper[%d]: ssl BIO is EOF. " - "fatal.\n", getpid()); - pr_ssl_info(1); - return 0; + if (i == sock) { + continue; + } + if (i == 2) { + continue; } + close(i); } - usleep(10 * 1000); - } - - if (ssl_client_mode) { - rfbLog("SSL: ssl_helper[%d]: SSL_connect() succeeded for: %s:%d\n", getpid(), name, peerport); - } else { - rfbLog("SSL: ssl_helper[%d]: SSL_accept() succeeded for: %s:%d\n", getpid(), name, peerport); - } - pr_ssl_info(0); + /* + * sadly, we are a long lived child and so the large + * framebuffer memory areas will soon differ from parent. + * try to free as much as possible. + */ + lose_ram(); - if (SSL_get_verify_result(ssl) == X509_V_OK) { - X509 *x; - FILE *cr = NULL; - if (certret != NULL) { - cr = fopen(certret, "w"); + /* now connect back to parent socket: */ + vncsock = rfbConnectToTcpAddr("127.0.0.1", cport); + if (vncsock < 0) { + rfbLog("SSL: ssl_helper[%d]: could not connect" + " back to: %d\n", getpid(), cport); + rfbLog("SSL: ssl_helper[%d]: exit case 1 (no local vncsock)\n", getpid()); + exit(1); } - - x = SSL_get_peer_certificate(ssl); - if (x == NULL) { - rfbLog("SSL: ssl_helper[%d]: accepted client %s x509 peer cert is null\n", getpid(), name); - if (cr != NULL) { - fprintf(cr, "NOCERT\n"); - fclose(cr); - } + if (db) fprintf(stderr, "vncsock %d\n", vncsock); + + /* try to initialize SSL with the remote client */ + + if (mode == OPENSSL_INETD) { + s_in = fileno(stdin); + s_out = fileno(stdout); } else { - rfbLog("SSL: ssl_helper[%d]: accepted client %s x509 cert is:\n", getpid(), name); -#if LIBVNCSERVER_HAVE_X509_PRINT_EX_FP - X509_print_ex_fp(stderr, x, 0, XN_FLAG_MULTILINE); -#endif - if (cr != NULL) { -#if LIBVNCSERVER_HAVE_X509_PRINT_EX_FP - X509_print_ex_fp(cr, x, 0, XN_FLAG_MULTILINE); -#else - rfbLog("** not compiled with libssl X509_print_ex_fp() function **\n"); - if (users_list && strstr(users_list, "sslpeer=")) { - rfbLog("** -users sslpeer= will not work! **\n"); - } -#endif - fclose(cr); - } + s_in = s_out = sock; } - } - free(name); - - return 1; -} -static void symmetric_encryption_xfer(int csock, int s_in, int s_out); + if (! ssl_init(s_in, s_out, skip_vnc_tls, last_https)) { + close(vncsock); + rfbLog("SSL: ssl_helper[%d]: exit case 2 (ssl_init failed)\n", getpid()); + exit(1); + } -static void ssl_xfer(int csock, int s_in, int s_out, int is_https) { - int dbxfer = 0, db = 0, check_pending, fdmax, nfd, n, i, err; - char cbuf[ABSIZE], sbuf[ABSIZE]; - int cptr, sptr, c_rd, c_wr, s_rd, s_wr; - fd_set rd, wr; - struct timeval tv; - int ssock, cnt = 0, ndata = 0; + if (vencrypt_selected != 0) { + char *tbuf; + tbuf = (char *) malloc(strlen(cookie) + 100); + sprintf(tbuf, "%s,VENCRYPT=%d,%s", uniq, vencrypt_selected, cookie); + write(vncsock, tbuf, strlen(cookie)); + goto wrote_cookie; + } else if (anontls_selected != 0) { + char *tbuf; + tbuf = (char *) malloc(strlen(cookie) + 100); + sprintf(tbuf, "%s,ANONTLS=%d,%s", uniq, anontls_selected, cookie); + write(vncsock, tbuf, strlen(cookie)); + goto wrote_cookie; + } - /* - * we want to switch to a longer timeout for long term VNC - * connections (in case the network is not working for periods of - * time), but we also want the timeout shorter at the beginning - * in case the client went away. - */ - double start, now; - int tv_https_early = 60; - int tv_https_later = 20; - int tv_vnc_early = 40; - int tv_vnc_later = 43200; /* was 300, stunnel: 43200 */ - int tv_cutover = 70; - int tv_closing = 60; - int tv_use; + /* + * things get messy below since we are trying to do + * *both* VNC and Java applet httpd through the same + * SSL socket. + */ - if (dbxfer) { - raw_xfer(csock, s_in, s_out); - return; - } - if (enc_str != NULL) { - if (!strcmp(enc_str, "none")) { - usleep(250*1000); - rfbLog("doing '-enc none' raw transfer (no encryption)\n"); - raw_xfer(csock, s_in, s_out); - } else { - symmetric_encryption_xfer(csock, s_in, s_out); + if (! screen) { + close(vncsock); + exit(1); + } + if (screen->httpListenSock >= 0 && screen->httpPort > 0) { + have_httpd = 1; + } + if (screen->httpListenSock == -2) { + have_httpd = 1; + } + if (mode == OPENSSL_HTTPS && ! have_httpd) { + rfbLog("SSL: accept_openssl[%d]: no httpd socket for " + "-https mode\n", getpid()); + close(vncsock); + rfbLog("SSL: ssl_helper[%d]: exit case 3 (no httpd sock)\n", getpid()); + exit(1); } - return; - } - if (getenv("SSL_DEBUG")) { - db = atoi(getenv("SSL_DEBUG")); - } + if (have_httpd) { + int n = 0, is_http = 0; + int hport = screen->httpPort; + char *iface = NULL; + char *buf, *tbuf; - if (db) fprintf(stderr, "ssl_xfer begin\n"); + buf = (char *) calloc((ABSIZE+1), 1); + tbuf = (char *) calloc((2*ABSIZE+1), 1); - start = dnow(); - if (is_https) { - tv_use = tv_https_early; - } else { - tv_use = tv_vnc_early; - } - + if (mode == OPENSSL_HTTPS) { + /* + * for this mode we know it is HTTP traffic + * so we skip trying to guess. + */ + is_http = 1; + n = 0; + goto connect_to_httpd; + } - /* - * csock: clear text socket with libvncserver. "C" - * ssock: ssl data socket with remote vnc viewer. "S" - * - * to cover inetd mode, we have s_in and s_out, but in non-inetd - * mode they both ssock. - * - * cbuf[] is data from csock that we have read but not passed on to ssl - * sbuf[] is data from ssl that we have read but not passed on to csock - */ - for (i=0; i s_in) { - ssock = s_out; - } else { - ssock = s_in; - } + /* + * Check if there is stuff to read from remote end + * if so it is likely a GET or HEAD. + */ + if (! is_ssl_readable(s_in, last_https, last_get, + mode)) { + goto write_cookie; + } + + /* + * read first 2 bytes to try to guess. sadly, + * the user is often pondering a "non-verified + * cert" dialog for a long time before the GET + * is ever sent. So often we timeout here. + */ - if (csock > ssock) { - fdmax = csock; - } else { - fdmax = ssock; - } + if (db) fprintf(stderr, "watch_for_http_traffic\n"); - c_rd = 1; /* clear text (libvncserver) socket open for reading */ - c_wr = 1; /* clear text (libvncserver) socket open for writing */ - s_rd = 1; /* ssl data (remote client) socket open for reading */ - s_wr = 1; /* ssl data (remote client) socket open for writing */ + is_http = watch_for_http_traffic(buf, &n, s_in); - cptr = 0; /* offsets into ABSIZE buffers */ - sptr = 0; + if (is_http < 0 || is_http == 0) { + /* + * error or http not detected, fall back + * to normal VNC socket. + */ + if (db) fprintf(stderr, "is_http err: %d n: %d\n", is_http, n); + write(vncsock, cookie, strlen(cookie)); + if (n > 0) { + write(vncsock, buf, n); + } + goto wrote_cookie; + } - if (vencrypt_selected > 0 || anontls_selected > 0) { - char tmp[16]; - /* read and discard the extra RFB version */ - memset(tmp, 0, sizeof(tmp)); - read(csock, tmp, 12); - if (0) fprintf(stderr, "extra: %s\n", tmp); - } + if (db) fprintf(stderr, "is_http: %d n: %d\n", + is_http, n); + if (db) fprintf(stderr, "buf: '%s'\n", buf); - while (1) { - int c_to_s, s_to_c, closing; + if (strstr(buf, "/request.https.vnc.connection")) { + char reply[] = "HTTP/1.0 200 OK\r\n" + "Content-Type: octet-stream\r\n" + "Connection: Keep-Alive\r\n" + "Pragma: no-cache\r\n\r\n"; + /* + * special case proxy coming thru https + * instead of a direct SSL connection. + */ + rfbLog("Handling VNC request via https GET. [%d]\n", getpid()); + rfbLog("-- %s\n", buf); - if ( s_wr && (c_rd || cptr > 0) ) { - /* - * S is writable and - * C is readable or some cbuf data remaining - */ - c_to_s = 1; - } else { - c_to_s = 0; - } + if (strstr(buf, "/reverse.proxy")) { + char *buf2; + int n, ptr; +#if !LIBVNCSERVER_HAVE_LIBSSL + write(s_out, reply, strlen(reply)); +#else + SSL_write(ssl, reply, strlen(reply)); +#endif + + buf2 = (char *) calloc((8192+1), 1); + n = 0; + ptr = 0; + while (ptr < 8192) { +#if !LIBVNCSERVER_HAVE_LIBSSL + n = read(s_in, buf2 + ptr, 1); +#else + n = SSL_read(ssl, buf2 + ptr, 1); +#endif + if (n > 0) { + ptr += n; + } + if (db) fprintf(stderr, "buf2: '%s'\n", buf2); - if ( c_wr && (s_rd || sptr > 0) ) { - /* - * C is writable and - * S is readable or some sbuf data remaining - */ - s_to_c = 1; - } else { - s_to_c = 0; - } + if (strstr(buf2, "\r\n\r\n")) { + break; + } + } + free(buf2); + } + goto write_cookie; - if (! c_to_s && ! s_to_c) { - /* - * nothing can be sent either direction. - * break out of the loop to finish all work. - */ - break; - } - cnt++; + } else if (strstr(buf, "/check.https.proxy.connection")) { + char reply[] = "HTTP/1.0 200 OK\r\n" + "Connection: close\r\n" + "Content-Type: octet-stream\r\n" + "Pragma: no-cache\r\n\r\n"; - /* set up the fd sets for the two sockets for read & write: */ + rfbLog("Handling Check HTTPS request via https GET. [%d]\n", getpid()); + rfbLog("-- %s\n", buf); - FD_ZERO(&rd); +#if !LIBVNCSERVER_HAVE_LIBSSL + write(s_out, reply, strlen(reply)); +#else + SSL_write(ssl, reply, strlen(reply)); + SSL_shutdown(ssl); +#endif - if (c_rd && cptr < ABSIZE) { - /* we could read more from C since cbuf is not full */ - FD_SET(csock, &rd); - } - if (s_rd) { - /* - * we could read more from S since sbuf not full, - * OR ssl is waiting for more BIO to be able to - * read and we have some C data still buffered. - */ - if (sptr < ABSIZE || (cptr > 0 && SSL_want_read(ssl))) { - FD_SET(s_in, &rd); + strcpy(tbuf, uniq); + strcat(tbuf, cookie); + write(vncsock, tbuf, strlen(tbuf)); + close(vncsock); + + rfbLog("SSL: ssl_helper[%d]: exit case 4 (check.https.proxy.connection)\n", getpid()); + exit(0); } - } - - FD_ZERO(&wr); + connect_to_httpd: - if (c_wr && sptr > 0) { - /* we could write more to C since sbuf is not empty */ - FD_SET(csock, &wr); - } - if (s_wr) { /* - * we could write more to S since cbuf not empty, - * OR ssl is waiting for more BIO to be able - * write and we haven't filled up sbuf yet. + * Here we go... no turning back. we have to + * send failure to parent and close socket to have + * http processed at all in a timely fashion... */ - if (cptr > 0 || (sptr < ABSIZE && SSL_want_write(ssl))) { - FD_SET(s_out, &wr); - } - } - - now = dnow(); - if (tv_cutover && now > start + tv_cutover) { - rfbLog("SSL: ssl_xfer[%d]: tv_cutover: %d\n", getpid(), - tv_cutover); - tv_cutover = 0; - if (is_https) { - tv_use = tv_https_later; - } else { - tv_use = tv_vnc_later; - } - /* try to clean out some zombies if we can. */ - ssl_helper_pid(0, -2); - } - if (ssl_timeout_secs > 0) { - tv_use = ssl_timeout_secs; - } - if ( (s_rd && c_rd) || cptr || sptr) { - closing = 0; - } else { - closing = 1; - tv_use = tv_closing; - } + /* send the failure tag: */ + strcpy(tbuf, uniq); - tv.tv_sec = tv_use; - tv.tv_usec = 0; + if (https_port_redir < 0 || (strstr(buf, "PORT=") || strstr(buf, "port="))) { + char *q = strstr(buf, "Host:"); + int fport = 443, match = 0; + char num[16]; - /* do the select, repeat if interrupted */ - do { - if (ssl_timeout_secs == 0) { - nfd = select(fdmax+1, &rd, &wr, NULL, NULL); - } else { - nfd = select(fdmax+1, &rd, &wr, NULL, &tv); + if (q && strstr(q, "\n")) { + q += strlen("Host:") + 1; + while (*q != '\n') { + int p; + if (*q == ':' && sscanf(q, ":%d", &p) == 1) { + if (p > 0 && p < 65536) { + fport = p; + match = 1; + break; + } + } + q++; + } + } + if (!match || !https_port_redir) { + int p; + if (sscanf(buf, "PORT=%d,", &p) == 1) { + if (p > 0 && p < 65536) { + fport = p; + } + } else if (sscanf(buf, "port=%d,", &p) == 1) { + if (p > 0 && p < 65536) { + fport = p; + } + } + } + sprintf(num, "HP=%d,", fport); + strcat(tbuf, num); } - } while (nfd < 0 && errno == EINTR); - if (db > 1) fprintf(stderr, "nfd: %d\n", nfd); + if (strstr(buf, "HTTP/") != NULL) { + char *q, *str; + /* + * Also send back the GET line for heuristics. + * (last_https, get file). + */ + str = strdup(buf); + q = strstr(str, "HTTP/"); + if (q != NULL) { + *q = '\0'; + strcat(tbuf, str); + } + free(str); + } -if (0) fprintf(stderr, "nfd[%d]: %d w/r csock: %d %d s_in: %d %d\n", getpid(), nfd, FD_ISSET(csock, &wr), FD_ISSET(csock, &rd), FD_ISSET(s_out, &wr), FD_ISSET(s_in, &rd)); + /* + * Also send the cookie to pad out the number of + * bytes to more than the parent wants to read. + * Since this is the failure case, it does not + * matter that we send more than strlen(cookie). + */ + strcat(tbuf, cookie); + write(vncsock, tbuf, strlen(tbuf)); - if (nfd < 0) { - rfbLog("SSL: ssl_xfer[%d]: select error: %d\n", getpid(), nfd); - perror("select"); - /* connection finished */ - goto done; - } + usleep(150*1000); + if (db) fprintf(stderr, "close vncsock: %d\n", vncsock); + close(vncsock); - if (nfd == 0) { - if (!closing && tv_cutover && ndata > 25000) { - static int cn = 0; - /* probably ok, early windows iconify */ - if (cn++ < 2) { - rfbLog("SSL: ssl_xfer[%d]: early time" - "out: %d\n", getpid(), ndata); - } - continue; + /* now, finally, connect to the libvncserver httpd: */ + if (screen->listenInterface == htonl(INADDR_ANY) || + screen->listenInterface == htonl(INADDR_NONE)) { + iface = "127.0.0.1"; + } else { + struct in_addr in; + in.s_addr = screen->listenInterface; + iface = inet_ntoa(in); } - rfbLog("SSL: ssl_xfer[%d]: connection timedout. %d tv_use: %d\n", - getpid(), ndata, tv_use); - /* connection finished */ - goto done; - } + if (iface == NULL || !strcmp(iface, "")) { + iface = "127.0.0.1"; + } + if (db) fprintf(stderr, "iface: %s:%d\n", iface, hport); + usleep(150*1000); - /* used to see if SSL_pending() should be checked: */ - check_pending = 0; -/* AUDIT */ + httpsock = rfbConnectToTcpAddr(iface, hport); - if (c_wr && FD_ISSET(csock, &wr)) { + if (httpsock < 0) { + /* UGH, after all of that! */ + rfbLog("Could not connect to httpd socket!\n"); + rfbLog("SSL: ssl_helper[%d]: exit case 5.\n", getpid()); + exit(1); + } + if (db) fprintf(stderr, "ssl_helper[%d]: httpsock: %d %d\n", + getpid(), httpsock, n); - /* try to write some of our sbuf to C: */ - n = write(csock, sbuf, sptr); + /* + * send what we read to httpd, and then connect + * the rest of the SSL session to it: + */ + if (n > 0) { + char *s = getenv("X11VNC_EXTRA_HTTPS_PARAMS"); + int did_extra = 0; - if (n < 0) { - if (errno != EINTR) { - /* connection finished */ - goto done; - } - /* proceed */ - } else if (n == 0) { - /* connection finished XXX double check */ - goto done; - } else { - /* shift over the data in sbuf by n */ - memmove(sbuf, sbuf + n, sptr - n); - if (sptr == ABSIZE) { - check_pending = 1; + if (db) fprintf(stderr, "sending http buffer httpsock: %d n=%d\n'%s'\n", httpsock, n, buf); + if (s != NULL) { + char *q = strstr(buf, " HTTP/"); + if (q) { + int m; + *q = '\0'; + m = strlen(buf); + write(httpsock, buf, m); + write(httpsock, s, strlen(s)); + *q = ' '; + write(httpsock, q, n-m); + did_extra = 1; + } } - sptr -= n; - - if (! s_rd && sptr == 0) { - /* finished sending last of sbuf */ - shutdown(csock, SHUT_WR); - c_wr = 0; + if (!did_extra) { + write(httpsock, buf, n); } - ndata += n; } + ssl_xfer(httpsock, s_in, s_out, is_http); + rfbLog("SSL: ssl_helper[%d]: exit case 6 (https ssl_xfer done)\n", getpid()); + exit(0); } - if (s_wr) { - if ((cptr > 0 && FD_ISSET(s_out, &wr)) || - (SSL_want_read(ssl) && FD_ISSET(s_in, &rd))) { + /* + * ok, back from the above https mess, simply send the + * cookie back to the parent (who will attach us to + * libvncserver), and connect the rest of the SSL session + * to it. + */ + write_cookie: + write(vncsock, cookie, strlen(cookie)); + + wrote_cookie: + ssl_xfer(vncsock, s_in, s_out, 0); + rfbLog("SSL: ssl_helper[%d]: exit case 7 (ssl_xfer done)\n", getpid()); + if (0) usleep(50 * 1000); + exit(0); + } + /* parent here */ - /* try to write some of our cbuf to S: */ + if (mode != OPENSSL_INETD) { + close(sock); + } + if (db) fprintf(stderr, "helper process is: %d\n", pid); - n = SSL_write(ssl, cbuf, cptr); - err = SSL_get_error(ssl, n); + /* accept connection from our child. */ + signal(SIGALRM, csock_timeout); + csock_timeout_sock = csock; + alarm(20); - if (err == SSL_ERROR_NONE) { - /* shift over the data in cbuf by n */ - memmove(cbuf, cbuf + n, cptr - n); - cptr -= n; + vsock = accept(csock, (struct sockaddr *)&addr, &addrlen); - if (! c_rd && cptr == 0 && s_wr) { - /* finished sending last cbuf */ - SSL_shutdown(ssl); - s_wr = 0; - } - ndata += n; + alarm(0); + signal(SIGALRM, SIG_DFL); + close(csock); - } else if (err == SSL_ERROR_WANT_WRITE - || err == SSL_ERROR_WANT_READ - || err == SSL_ERROR_WANT_X509_LOOKUP) { - ; /* proceed */ + if (vsock < 0) { + rfbLog("SSL: accept_openssl: connection from ssl_helper[%d] FAILED.\n", pid); + rfbLogPerror("accept"); - } else if (err == SSL_ERROR_SYSCALL) { - if (n < 0 && errno != EINTR) { - /* connection finished */ - goto done; - } - /* proceed */ - } else if (err == SSL_ERROR_ZERO_RETURN) { - /* S finished */ - s_rd = 0; - s_wr = 0; - } else if (err == SSL_ERROR_SSL) { - /* connection finished */ - goto done; - } - } + kill(pid, SIGTERM); + waitpid(pid, &status, WNOHANG); + if (mode == OPENSSL_INETD || ssl_no_fail) { + clean_up_exit(1); + } + if (certret_fd >= 0) { + close(certret_fd); + certret_fd = -1; + } + if (certret) { + unlink(certret); + } + if (dhret_fd >= 0) { + close(dhret_fd); + dhret_fd = -1; + } + if (dhret) { + unlink(dhret); } + return; + } + if (db) fprintf(stderr, "accept_openssl: vsock: %d\n", vsock); - if (c_rd && FD_ISSET(csock, &rd)) { + n = read(vsock, rcookie, strlen(cookie)); + if (n < 0 && errno != 0) { + rfbLogPerror("read"); + } + if (certret) { + struct stat sbuf; + sbuf.st_size = 0; + if (certret_fd >= 0 && stat(certret, &sbuf) == 0 && sbuf.st_size > 0) { + certret_str = (char *) calloc(sbuf.st_size+1, 1); + read(certret_fd, certret_str, sbuf.st_size); + close(certret_fd); + certret_fd = -1; + } + if (certret_fd >= 0) { + close(certret_fd); + certret_fd = -1; + } + unlink(certret); + if (certret_str && strstr(certret_str, "NOCERT") == certret_str) { + free(certret_str); + certret_str = NULL; + } + if (0 && certret_str) { + fprintf(stderr, "certret_str[%d]:\n%s\n", (int) sbuf.st_size, certret_str); + } + } - /* try to read some data from C into our cbuf */ + if (dhret) { + struct stat sbuf; + sbuf.st_size = 0; + if (dhret_fd >= 0 && stat(dhret, &sbuf) == 0 && sbuf.st_size > 0) { + dhret_str = (char *) calloc(sbuf.st_size+1, 1); + read(dhret_fd, dhret_str, sbuf.st_size); + close(dhret_fd); + dhret_fd = -1; + } + if (dhret_fd >= 0) { + close(dhret_fd); + dhret_fd = -1; + } + unlink(dhret); + if (dhret_str && strstr(dhret_str, "NOCERT") == dhret_str) { + free(dhret_str); + dhret_str = NULL; + } + if (dhret_str) { + if (new_dh_params == NULL) { + fprintf(stderr, "dhret_str[%d]:\n%s\n", (int) sbuf.st_size, dhret_str); + new_dh_params = strdup(dhret_str); + } + } + } - n = read(csock, cbuf + cptr, ABSIZE - cptr); + if (0) { + fprintf(stderr, "rcookie: %s\n", rcookie); + fprintf(stderr, "cookie: %s\n", cookie); + } - if (n < 0) { - if (errno != EINTR) { - /* connection finished */ - goto done; + if (strstr(rcookie, uniq) == rcookie) { + char *q = strstr(rcookie, "RB="); + if (q && strstr(cookie, q) == cookie) { + vencrypt_sel = 0; + anontls_sel = 0; + q = strstr(rcookie, "VENCRYPT="); + if (q && sscanf(q, "VENCRYPT=%d,", &vencrypt_sel) == 1) { + if (vencrypt_sel != 0) { + rfbLog("SSL: VENCRYPT mode=%d accepted.\n", vencrypt_sel); + goto accept_client; } - /* proceed */ - } else if (n == 0) { - /* C is EOF */ - c_rd = 0; - if (cptr == 0 && s_wr) { - /* and no more in cbuf to send */ - SSL_shutdown(ssl); - s_wr = 0; + } + q = strstr(rcookie, "ANONTLS="); + if (q && sscanf(q, "ANONTLS=%d,", &anontls_sel) == 1) { + if (anontls_sel != 0) { + rfbLog("SSL: ANONTLS mode=%d accepted.\n", anontls_sel); + goto accept_client; } - } else { - /* good */ - - cptr += n; - ndata += n; } } + } - if (s_rd) { - if ((sptr < ABSIZE && FD_ISSET(s_in, &rd)) || - (SSL_want_write(ssl) && FD_ISSET(s_out, &wr)) || - (check_pending && SSL_pending(ssl))) { - - /* try to read some data from S into our sbuf */ - - n = SSL_read(ssl, sbuf + sptr, ABSIZE - sptr); - err = SSL_get_error(ssl, n); - - if (err == SSL_ERROR_NONE) { - /* good */ + if (n != (int) strlen(cookie) || strncmp(cookie, rcookie, n)) { + rfbLog("SSL: accept_openssl: cookie from ssl_helper[%d] FAILED. %d\n", pid, n); + if (db) fprintf(stderr, "'%s'\n'%s'\n", cookie, rcookie); + close(vsock); - sptr += n; - ndata += n; + if (strstr(rcookie, uniq) == rcookie) { + int i; + rfbLog("SSL: BUT WAIT! HTTPS for helper process[%d] succeeded. Good.\n", pid); + if (mode != OPENSSL_HTTPS) { + last_https = dnow(); + for (i=0; i<256; i++) { + last_get[i] = '\0'; + } + strncpy(last_get, rcookie, 100); + if (db) fprintf(stderr, "last_get: '%s'\n", last_get); + } + if (rcookie && strstr(rcookie, "VncViewer.class")) { + rfbLog("\n"); + rfbLog("***********************************************************\n"); + rfbLog("SSL: WARNING CLIENT ASKED FOR NONEXISTENT 'VncViewer.class'\n"); + rfbLog("SSL: USER NEEDS TO **RESTART** HIS WEB BROWSER.\n"); + rfbLog("***********************************************************\n"); + rfbLog("\n"); + } + ssl_helper_pid(pid, -2); - } else if (err == SSL_ERROR_WANT_WRITE - || err == SSL_ERROR_WANT_READ - || err == SSL_ERROR_WANT_X509_LOOKUP) { + if (https_port_redir) { + double start; + int origport = screen->port; + int useport = screen->port; + int saw_httpsock = 0; + /* to expand $PORT correctly in index.vnc */ + if (https_port_redir < 0) { + char *q = strstr(rcookie, "HP="); + if (q) { + int p; + if (sscanf(q, "HP=%d,", &p) == 1) { + useport = p; + } + } + } else { + useport = https_port_redir; + } + screen->port = useport; + if (origport != useport) { + rfbLog("SSL: -httpsredir guess port: %d\n", screen->port); + } - ; /* proceed */ + start = dnow(); + while (dnow() < start + 10.0) { + if (screen->httpSock >= 0) saw_httpsock = 1; + rfbPE(10000); + usleep(10000); + if (screen->httpSock >= 0) saw_httpsock = 1; + waitpid(pid, &status, WNOHANG); + if (kill(pid, 0) != 0) { + rfbPE(10000); + rfbPE(10000); + break; + } + if (saw_httpsock && screen->httpSock < 0) { + rfbLog("SSL: httpSock for helper[%d] went away\n", pid); + rfbPE(10000); + rfbPE(10000); + break; + } + } + screen->port = origport; + rfbLog("SSL: guessing child helper[%d] https finished. dt=%.6f\n", + pid, dnow() - start); + ssl_helper_pid(0, -2); + if (mode == OPENSSL_INETD) { + clean_up_exit(1); + } + } else if (mode == OPENSSL_INETD) { + double start; + int saw_httpsock = 0; - } else if (err == SSL_ERROR_SYSCALL) { - if (n < 0) { - if(errno != EINTR) { - /* connection finished */ - goto done; - } - /* proceed */ + /* to expand $PORT correctly in index.vnc */ + if (screen->port == 0) { + int fd = fileno(stdin); + if (getenv("X11VNC_INETD_PORT")) { + /* mutex */ + screen->port = atoi(getenv( + "X11VNC_INETD_PORT")); } else { - /* S finished */ - s_rd = 0; - s_wr = 0; + int tport = get_local_port(fd); + if (tport > 0) { + screen->port = tport; + } } - } else if (err == SSL_ERROR_ZERO_RETURN) { - /* S is EOF */ - s_rd = 0; - if (cptr == 0 && s_wr) { - /* and no more in cbuf to send */ - SSL_shutdown(ssl); - s_wr = 0; + } + rfbLog("SSL: screen->port %d\n", screen->port); + + /* kludge for https fetch via inetd */ + start = dnow(); + while (dnow() < start + 10.0) { + if (screen->httpSock >= 0) saw_httpsock = 1; + rfbPE(10000); + usleep(10000); + if (screen->httpSock >= 0) saw_httpsock = 1; + waitpid(pid, &status, WNOHANG); + if (kill(pid, 0) != 0) { + rfbPE(10000); + rfbPE(10000); + break; } - if (sptr == 0 && c_wr) { - /* and no more in sbuf to send */ - shutdown(csock, SHUT_WR); - c_wr = 0; + if (saw_httpsock && screen->httpSock < 0) { + rfbLog("SSL: httpSock for helper[%d] went away\n", pid); + rfbPE(10000); + rfbPE(10000); + break; } - } else if (err == SSL_ERROR_SSL) { - /* connection finished */ - goto done; } + rfbLog("SSL: OPENSSL_INETD guessing " + "child helper[%d] https finished. dt=%.6f\n", + pid, dnow() - start); + ssl_helper_pid(0, -2); + clean_up_exit(1); } + /* this will actually only get earlier https */ + ssl_helper_pid(0, -2); + return; + } + kill(pid, SIGTERM); + waitpid(pid, &status, WNOHANG); + if (mode == OPENSSL_INETD || ssl_no_fail) { + clean_up_exit(1); } - } - - done: - rfbLog("SSL: ssl_xfer[%d]: closing sockets %d, %d, %d\n", - getpid(), csock, s_in, s_out); - close(csock); - close(s_in); - close(s_out); - return; -} - -void check_openssl(void) { - fd_set fds; - struct timeval tv; - int nfds; - static time_t last_waitall = 0; - static double last_check = 0.0; - double now; - - if (! use_openssl) { - return; - } - - if (time(NULL) > last_waitall + 120) { - last_waitall = time(NULL); - ssl_helper_pid(0, -2); /* waitall */ - } - - if (openssl_sock < 0) { - return; - } - - now = dnow(); - if (now < last_check + 0.5) { - return; - } - last_check = now; - - FD_ZERO(&fds); - FD_SET(openssl_sock, &fds); - - tv.tv_sec = 0; - tv.tv_usec = 0; - - nfds = select(openssl_sock+1, &fds, NULL, NULL, &tv); - - if (nfds <= 0) { - return; - } - - rfbLog("SSL: accept_openssl(OPENSSL_VNC)\n"); - accept_openssl(OPENSSL_VNC, -1); -} - -void check_https(void) { - fd_set fds; - struct timeval tv; - int nfds; - static double last_check = 0.0; - double now; - - if (! use_openssl || https_sock < 0) { return; } - now = dnow(); - if (now < last_check + 0.5) { - return; - } - last_check = now; + accept_client: - FD_ZERO(&fds); - FD_SET(https_sock, &fds); + if (db) fprintf(stderr, "accept_openssl: cookie good: %s\n", cookie); - tv.tv_sec = 0; - tv.tv_usec = 0; + rfbLog("SSL: handshake with helper process[%d] succeeded.\n", pid); - nfds = select(https_sock+1, &fds, NULL, NULL, &tv); + openssl_last_helper_pid = pid; + ssl_helper_pid(pid, vsock); - if (nfds <= 0) { + if (vnc_redirect) { + vnc_redirect_sock = vsock; + openssl_last_helper_pid = 0; return; } - rfbLog("SSL: accept_openssl(OPENSSL_HTTPS)\n"); - accept_openssl(OPENSSL_HTTPS, -1); -} - -#define MSZ 4096 -static void init_prng(void) { - int db = 0, bytes, ubytes, fd; - char file[MSZ], dtmp[100]; - unsigned int sr; - - RAND_file_name(file, MSZ); - - rfbLog("RAND_file_name: %s\n", file); - - bytes = RAND_load_file(file, -1); - if (db) fprintf(stderr, "bytes read: %d\n", bytes); - - ubytes = RAND_load_file("/dev/urandom", 64); - bytes += ubytes; - if (db) fprintf(stderr, "bytes read: %d / %d\n", bytes, ubytes); - - /* mix in more predictable stuff as well for fallback */ - sprintf(dtmp, "/tmp/p%.8f.XXXXXX", dnow()); - fd = mkstemp(dtmp); - RAND_add(dtmp, strlen(dtmp), 0); - if (fd >= 0) { - close(fd); - unlink(dtmp); - } - sprintf(dtmp, "%d-%.8f", (int) getpid(), dnow()); - RAND_add(dtmp, strlen(dtmp), 0); - if (!RAND_status()) { - ubytes = -1; - rfbLog("calling RAND_poll()\n"); - RAND_poll(); - } - - RAND_bytes((unsigned char *)&sr, 4); - srand(sr); + client = create_new_client(vsock, 0); + openssl_last_helper_pid = 0; - if (bytes > 0) { - if (! quiet) { - rfbLog("initialized PRNG with %d random bytes.\n", - bytes); + if (client) { + if (db) fprintf(stderr, "accept_openssl: client %p\n", (void *) client); + if (db) fprintf(stderr, "accept_openssl: new_client %p\n", (void *) screen->newClientHook); + if (db) fprintf(stderr, "accept_openssl: new_client %p\n", (void *) new_client); + if (mode == OPENSSL_INETD) { + inetd_client = client; + client->clientGoneHook = client_gone; } - if (ubytes > 32 && rnow() < 0.25) { - RAND_write_file(file); + if (openssl_last_ip && + strpbrk(openssl_last_ip, "0123456789") == openssl_last_ip) { + client->host = strdup(openssl_last_ip); } - return; - } - - bytes += RAND_load_file("/dev/random", 8); - if (db) fprintf(stderr, "bytes read: %d\n", bytes); - RAND_poll(); + if (vencrypt_sel != 0) { + client->protocolMajorVersion = 3; + client->protocolMinorVersion = 8; +#if LIBVNCSERVER_HAVE_LIBSSL + if (!finish_vencrypt_auth(client, vencrypt_sel)) { + rfbCloseClient(client); + client = NULL; + } +#else + badnews("3 accept_openssl"); +#endif + } else if (anontls_sel != 0) { + client->protocolMajorVersion = 3; + client->protocolMinorVersion = 8; + rfbAuthNewClient(client); + } + if (use_threads && client != NULL) { + rfbStartOnHoldClient(client); + } + /* try to get RFB proto done now. */ + progress_client(); + } else { + rfbLog("SSL: accept_openssl: rfbNewClient failed.\n"); + close(vsock); - if (! quiet) { - rfbLog("initialized PRNG with %d random bytes.\n", bytes); + kill(pid, SIGTERM); + waitpid(pid, &status, WNOHANG); + if (mode == OPENSSL_INETD || ssl_no_fail) { + clean_up_exit(1); + } + return; } } -#endif /* FORK_OK */ -#endif /* LIBVNCSERVER_HAVE_LIBSSL */ void raw_xfer(int csock, int s_in, int s_out) { char buf0[8192]; @@ -4073,12 +4081,18 @@ #endif /* FORK_OK */ } +/* compile with -DENC_HAVE_OPENSSL=0 to disable enc stuff but still have ssl */ + #define ENC_MODULE + #if LIBVNCSERVER_HAVE_LIBSSL +#ifndef ENC_HAVE_OPENSSL #define ENC_HAVE_OPENSSL 1 +#endif #else #define ENC_HAVE_OPENSSL 0 #endif + #include "enc.h" static void symmetric_encryption_xfer(int csock, int s_in, int s_out) { diff -Nru x11vnc-0.9.8/x11vnc/sslhelper.h x11vnc-0.9.9/x11vnc/sslhelper.h --- x11vnc-0.9.8/x11vnc/sslhelper.h 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/sslhelper.h 2009-12-21 04:58:10.000000000 +0000 @@ -62,6 +62,8 @@ extern void accept_openssl(int mode, int presock); extern char *find_openssl_bin(void); extern char *get_saved_pem(char *string, int create); +extern char *get_ssl_verify_file(char *str_in); +extern char *create_tmp_pem(char *path, int prompt); #endif /* _X11VNC_SSLHELPER_H */ diff -Nru x11vnc-0.9.8/x11vnc/ssltools.h x11vnc-0.9.9/x11vnc/ssltools.h --- x11vnc-0.9.8/x11vnc/ssltools.h 2009-06-14 16:29:16.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/ssltools.h 2009-12-21 04:58:09.000000000 +0000 @@ -271,13 +271,13 @@ " -keyout \"$DIR/CA/private/cakey.pem\" \\\n" " -out \"$DIR/CA/cacert.pem\"\n" "\n" -"chmod go-rwx \"$DIR/CA/private/cakey.pem\"\n" -"\n" "if [ $? != 0 ]; then\n" " echo \"openssl failed.\"\n" " exit 1\n" "fi\n" "\n" +"chmod go-rwx \"$DIR/CA/private/cakey.pem\"\n" +"\n" "echo \"\"\n" "echo \"----------------------------------------------------------------------\"\n" "echo \"Your public x11vnc CA cert is:\"\n" @@ -785,6 +785,10 @@ " set -xv\n" "fi\n" "\n" +"if [ \"X$X11VNC_SKIP_DISPLAY\" = \"Xall\" ]; then\n" +" exit 1\n" +"fi\n" +"\n" "PATH=$PATH:/bin:/usr/bin:/usr/X11R6/bin:/usr/bin/X11:/usr/openwin/bin:/usr/ucb\n" "export PATH\n" "\n" @@ -798,6 +802,9 @@ " showxauth=\"\"\n" " shift\n" "fi\n" +"if [ \"X$FIND_DISPLAY_NO_SHOW_XAUTH\" != \"X\" ]; then\n" +" showxauth=\"\"\n" +"fi\n" "\n" "# -f means use this xauthority file:\n" "if [ \"X$1\" = \"X-f\" ]; then\n" @@ -886,14 +893,23 @@ "\n" "# save uname, netstat, and ps output:\n" "uname=`uname`\n" -"nsout=`netstat -an`\n" +"is_bsd=\"\"\n" +"if echo \"$uname\" | grep -i bsd > /dev/null; then\n" +" is_bsd=1\n" +"fi\n" +"\n" "if [ \"X$uname\" = \"XDarwin\" ]; then\n" -" psout=`ps aux 2>/dev/null | grep -wv PID | grep -v grep`\n" -" pslist=`echo \"$psout\" | awk '{print $2}'`\n" +" psout=`ps aux 2>/dev/null | grep -wv PID | grep -v grep`\n" +"elif [ \"X$uname\" = \"XLinux\" -o \"X$is_bsd\" = \"X1\" ]; then\n" +" psout=`ps wwwaux 2>/dev/null | grep -wv PID | grep -v grep`\n" +"elif [ \"X$uname\" = \"XSunOS\" -a -x /usr/ucb/ps ]; then\n" +" psout=`/usr/ucb/ps wwwaux 2>/dev/null | grep -wv PID | grep -v grep`\n" "else\n" " psout=`ps -ef 2>/dev/null | grep -wv PID | grep -v grep`\n" -" pslist=`echo \"$psout\" | awk '{print $2}'`\n" "fi\n" +"pslist=`echo \"$psout\" | awk '{print $2}'`\n" +"\n" +"nsout=`netstat -an`\n" "\n" "rchk() {\n" " rr=rr \n" @@ -904,7 +920,7 @@ " dL=\"-h\"\n" "fi\n" "\n" -"# a portable, but not absolutely safe, tmp file creator\n" +"# a portable tmp file creator\n" "mytmp() {\n" " tf=$1\n" " if type mktemp > /dev/null 2>&1; then\n" @@ -942,6 +958,9 @@ "\n" "skip_display() {\n" " dtry=$1\n" +" dtry1=`echo \"$dtry\" | sed -e 's/^://'`\n" +" dtry2=`echo \"$dtry\" | sed -e 's/\\.[0-9][0-9]*$//'`\n" +"\n" " if [ \"X$X11VNC_SKIP_DISPLAY\" = \"X\" ]; then\n" " # no skip list, return display:\n" " echo \"$dtry\"\n" @@ -983,19 +1002,38 @@ " else\n" " skip=\":$skip\"\n" " fi\n" -" if echo \"$skip\" | grep \":$dtry\\>\" > /dev/null; then\n" +" if echo \"$skip\" | grep \":$dtry1\\>\" > /dev/null; then\n" +" mat=1\n" +" break\n" +" elif echo \"$skip\" | grep \":$dtry2\\>\" > /dev/null; then\n" " mat=1\n" " break\n" " fi\n" " done\n" -" if [ \"X$mat\" = \"X1\" ]; then\n" -" echo \"\"\n" +" if [ \"X$X11VNC_SKIP_DISPLAY_NEGATE\" = \"X\" ]; then\n" +" if [ \"X$mat\" = \"X1\" ]; then\n" +" echo \"\"\n" +" else\n" +" echo \"$dtry\"\n" +" fi\n" " else\n" -" echo \"$dtry\"\n" +" if [ \"X$mat\" = \"X1\" ]; then\n" +" echo \"$dtry\"\n" +" else\n" +" echo \"\"\n" +" fi\n" " fi\n" " fi\n" "}\n" "\n" +"am_root=\"\"\n" +"if id | sed -e 's/ gid.*$//' | grep -w root > /dev/null; then\n" +" am_root=1\n" +"fi\n" +"am_gdm=\"\"\n" +"if id | sed -e 's/ gid.*$//' | grep -w gdm > /dev/null; then\n" +" am_gdm=1\n" +"fi\n" "\n" "# this mode is to try to grab a display manager (gdm, kdm, xdm...) display\n" "# when we are run as root (e.g. no one is logged in yet). We look at the\n" @@ -1016,42 +1054,72 @@ " #\n" " env XAUTHORITY=\"$xa\" xdpyinfo -display \"$da\" >/dev/null 2>&1\n" " if [ $? = 0 ]; then\n" -" env XAUTHORITY=/dev/null xdpyinfo -display \"$da\" >/dev/null 2>&1\n" -" if [ $? != 0 ]; then\n" -" y=`prdpy $da`\n" -" echo \"DISPLAY=$y\"\n" -" if [ \"X$showxauth\" != \"X\" ]; then\n" -" # copy the cookie:\n" -" cook=`xauth -f \"$xa\" list | head -n 1 | awk '{print $NF}'`\n" -" xtf=$HOME/.xat.$$\n" -" xtf=`mytmp \"$xtf\"`\n" -" if [ ! -f $xtf ]; then\n" -" xtf=/tmp/.xat.$$\n" -" xtf=`mytmp \"$xtf\"`\n" +" si_root=\"\"\n" +" si_gdm=\"\"\n" +" # recent gdm seems to use SI:localuser: for xauth.\n" +" if env DISPLAY=\"$da\" xhost 2>/dev/null | grep -i '^SI:localuser:root$' > /dev/null; then\n" +" si_root=1\n" +" fi\n" +" if env DISPLAY=\"$da\" xhost 2>/dev/null | grep -i '^SI:localuser:gdm$' > /dev/null; then\n" +" si_gdm=1\n" +" fi\n" +" env XAUTHORITY=/dev/null xdpyinfo -display \"$da\" >/dev/null 2>&1\n" +" rc=$?\n" +" if [ \"X$rc\" = \"X0\" ]; then\n" +" # assume it is ok for server interpreted case.\n" +" if [ \"X$am_root\" = \"X1\" -a \"X$si_root\" = \"X1\" ]; then\n" +" rc=5\n" +" elif [ \"X$am_gdm\" = \"X1\" -a \"X$si_gdm\" = \"X1\" ]; then\n" +" rc=6\n" " fi\n" -" if [ ! -f $xtf ]; then\n" -" xtf=/tmp/.xatb.$$\n" -" rm -f $xtf\n" -" if [ -f $xtf ]; then\n" -" exit 1\n" +" fi\n" +" if [ $rc != 0 ]; then\n" +" y=`prdpy $da`\n" +" if [ \"X$FIND_DISPLAY_NO_SHOW_DISPLAY\" = \"X\" ]; then\n" +" echo \"DISPLAY=$y\"\n" +" fi\n" +" if [ \"X$FIND_DISPLAY_XAUTHORITY_PATH\" != \"X\" ]; then\n" +" # caller wants XAUTHORITY printed out too.\n" +" if [ \"X$xa\" != \"X\" -a -f \"$xa\" ]; then\n" +" echo \"XAUTHORITY=$xa\"\n" +" else\n" +" echo \"XAUTHORITY=$XAUTHORITY\"\n" " fi\n" -" touch $xtf 2>/dev/null\n" -" chmod 600 $xtf 2>/dev/null\n" +" fi\n" +" if [ \"X$showxauth\" != \"X\" ]; then\n" +" # copy the cookie:\n" +" cook=`xauth -f \"$xa\" list | head -n 1 | awk '{print $NF}'`\n" +" xtf=$HOME/.xat.$$\n" +" xtf=`mytmp \"$xtf\"`\n" " if [ ! -f $xtf ]; then\n" -" exit 1\n" +" xtf=/tmp/.xat.$$\n" +" xtf=`mytmp \"$xtf\"`\n" " fi\n" +" if [ ! -f $xtf ]; then\n" +" xtf=/tmp/.xatb.$$\n" +" rm -f $xtf\n" +" if [ -f $xtf ]; then\n" +" exit 1\n" +" fi\n" +" touch $xtf 2>/dev/null\n" +" chmod 600 $xtf 2>/dev/null\n" +" if [ ! -f $xtf ]; then\n" +" exit 1\n" +" fi\n" +" fi\n" +" xauth -f $xtf add \"$da\" . $cook\n" +" xauth -f $xtf extract - \"$da\" 2>/dev/null\n" +" rm -f $xtf\n" " fi\n" -" xauth -f $xtf add \"$da\" . $cook\n" -" xauth -f $xtf extract - \"$da\" 2>/dev/null\n" -" rm -f $xtf\n" +" # DONE\n" +" exit 0\n" " fi\n" -" # DONE\n" -" exit 0\n" -" fi\n" " fi\n" " fi\n" " done\n" -" echo \"\" # failure\n" +" if [ \"X$FIND_DISPLAY_XAUTHORITY_PATH\" = \"X\" ]; then\n" +" echo \"\" # failure\n" +" fi\n" " if [ \"X$showxauth\" != \"X\" ]; then\n" " echo \"\"\n" " fi\n" @@ -1085,7 +1153,7 @@ " for xa in /tmp/.gdm* /tmp/.Xauth* /var/run/gdm/auth-for-*/database /var/run/gdm/auth-cookie-*-for-*\n" " do\n" " # try to be somewhat careful about the real owner of the file:\n" -" if id | sed -e 's/ gid.*$//' | grep -w root > /dev/null; then\n" +" if [ \"X$am_root\" = \"X1\" ]; then\n" " break\n" " fi\n" " if [ -f $xa -a -r $xa ]; then\n" @@ -1323,7 +1391,9 @@ "# append ,VT=n if applicable:\n" "dpy2=`prdpy \"$display\"`\n" "\n" -"echo \"DISPLAY=$dpy2\"\n" +"if [ \"X$FIND_DISPLAY_NO_SHOW_DISPLAY\" = \"X\" ]; then\n" +" echo \"DISPLAY=$dpy2\"\n" +"fi\n" "if [ \"X$FIND_DISPLAY_XAUTHORITY_PATH\" != \"X\" ]; then\n" " # caller wants XAUTHORITY printed out too.\n" " if [ \"X$xauth_use\" != \"X\" -a -f \"$xauth_use\" ]; then\n" @@ -1401,7 +1471,26 @@ " fi\n" " while [ $try -lt $sry ]\n" " do\n" -" if [ ! -f \"/tmp/.X${try}-lock\" ]; then\n" +" tlock=\"/tmp/.X${try}-lock\"\n" +" if [ -r $tlock ]; then\n" +" if echo \"$nsout\" | grep \"/tmp/.X11-unix/X${try}[ ]*\\$\" > /dev/null; then\n" +" :\n" +" else\n" +" pid=`head -n 1 $tlock 2>/dev/null | sed -e 's/[ ]//g' | grep '^[0-9][0-9]*$'`\n" +" if [ \"X$pid\" != \"X\" ]; then\n" +" exists=0\n" +" if [ -d /proc/$pid ]; then\n" +" exists=1\n" +" elif kill -0 $pid 2>/dev/null; then\n" +" exists=1\n" +" fi\n" +" if [ \"X$exists\" = \"X0\" ]; then\n" +" rm -f $tlock\n" +" fi\n" +" fi\n" +" fi\n" +" fi\n" +" if [ ! -f $tlock ]; then\n" " if echo \"$nsout\" | grep \"/tmp/.X11-unix/X${try}[ ]*\\$\" > /dev/null; then\n" " :\n" " else\n" @@ -1439,7 +1528,11 @@ " return\n" " fi\n" " if [ \"X$have_gnome_session\" != \"X\" -a \"X$FD_SESS\" = \"Xgnome\" ]; then\n" -" echo \"$have_gnome_session\"\n" +" if [ \"X$have_dbus_launch\" != \"X\" ]; then\n" +" echo \"$have_dbus_launch --exit-with-session $have_gnome_session\"\n" +" else\n" +" echo \"$have_gnome_session\"\n" +" fi\n" " return\n" " elif [ \"X$have_startkde\" != \"X\" -a \"X$FD_SESS\" = \"Xkde\" ]; then\n" " echo \"$have_startkde\"\n" @@ -1650,7 +1743,7 @@ " dL=\"-h\"\n" "fi\n" "\n" -"# a portable, but not absolutely safe, tmp file creator\n" +"# a portable tmp file creator\n" "mytmp() {\n" " tf=$1\n" " if type mktemp > /dev/null 2>&1; then\n" @@ -1692,8 +1785,10 @@ " DISPLAY=:$N\n" " export DISPLAY\n" " stmp=\"\"\n" +" noxauth=\"\"\n" " if [ \"X$have_root\" != \"X\" -a \"X$USER\" != \"Xroot\" ]; then\n" " sess=\"env DISPLAY=:$N $sess\"\n" +" noxauth=\"1\"\n" " fi\n" "\n" " redir_daemon=\"\"\n" @@ -1706,27 +1801,34 @@ " touch $stmp\n" " chmod 755 $stmp || exit 1\n" " echo \"#!/bin/sh\" > $stmp\n" +" #echo \"(id; env; env | grep XAUTHORITY | sed -e 's/XAUTHORITY=//' | xargs ls -l) > /tmp/ENV.OUT.$$\" >> $stmp\n" +" if [ \"X$noxauth\" = \"X1\" ]; then\n" +" echo \"unset XAUTHORITY\" >> $stmp\n" +" fi\n" " echo \"$sess\" >> $stmp\n" " echo \"sleep 1\" >> $stmp\n" " echo \"rm -f $stmp\" >> $stmp\n" " sess=$stmp\n" " rmf=\"$stmp\"\n" " fi\n" +"\n" " if [ \"X$have_root\" != \"X\" -a \"X$USER\" != \"Xroot\" ]; then\n" -" ctmp=/tmp/.xat$$`random`\n" -" ctmp=`mytmp \"$ctmp\"`\n" -" touch $ctmp\n" -" chmod 644 $ctmp || exit 1\n" -" $have_xauth -f $authfile nextract - :$N > $ctmp\n" -" su - $USER -c \"$have_xauth nmerge - < $ctmp\" 1>&2\n" -" $have_xauth -f $authfile nextract - `hostname`:$N > $ctmp\n" -" su - $USER -c \"$have_xauth nmerge - < $ctmp\" 1>&2\n" -" rm -f $ctmp\n" +" ctmp1=/tmp/.xat1_$$`random`\n" +" ctmp1=`mytmp \"$ctmp1\"`\n" +" ctmp2=/tmp/.xat2_$$`random`\n" +" ctmp2=`mytmp \"$ctmp2\"`\n" +" touch $ctmp1 $ctmp2\n" +" $have_xauth -f $authfile nextract - :$N > $ctmp1\n" +" $have_xauth -f $authfile nextract - `hostname`:$N > $ctmp2\n" +" chown $USER $ctmp1 $ctmp2\n" +" (unset XAUTHORITY; su - $USER -c \"$have_xauth nmerge - < $ctmp1\" 1>&2)\n" +" (unset XAUTHORITY; su - $USER -c \"$have_xauth nmerge - < $ctmp2\" 1>&2)\n" +" rm -f $ctmp1 $ctmp2\n" " XAUTHORITY=$authfile\n" " export XAUTHORITY\n" " sess=\"/bin/su - $USER -c $sess\"\n" " else\n" -" $have_xauth -f $authfile nextract - :$N | $have_xauth nmerge -\n" +" $have_xauth -f $authfile nextract - :$N | $have_xauth nmerge -\n" " $have_xauth -f $authfile nextract - `hostname`:$N | $have_xauth nmerge -\n" " fi\n" "\n" @@ -1742,7 +1844,12 @@ " # we cannot use -nolisten tcp\n" " echo \"$* -once -query localhost $FD_OPTS\" 1>&2\n" " if [ \"X$have_root\" != \"X\" ]; then\n" -" $have_nohup $* -once -query localhost $FD_OPTS 1>&2 &\n" +" if [ -r $authfile ]; then\n" +" $have_nohup $* -once -query localhost -auth $authfile $FD_OPTS 1>&2 &\n" +" else\n" +" # why did we have this?\n" +" $have_nohup $* -once -query localhost $FD_OPTS 1>&2 &\n" +" fi\n" " else\n" " if [ \"X$ns\" = \"X0\" ]; then\n" " $have_nohup sh -c \"$* -once -query localhost -auth $authfile $FD_OPTS\" 1>&2 &\n" @@ -1754,10 +1861,10 @@ " pid=$!\n" " sleep 10\n" " elif [ \"X$have_startx\" != \"X\" -o \"X$have_xinit\" != \"X\" ]; then\n" -" if [ \"X$have_startx\" != \"X\" ]; then\n" -" sxcmd=$have_startx\n" -" else\n" +" if [ \"X$have_xinit\" != \"X\" ]; then\n" " sxcmd=$have_xinit\n" +" else\n" +" sxcmd=$have_startx\n" " fi\n" " echo \"$sxcmd $sess -- $* $nolisten -auth $authfile $FD_OPTS\" 1>&2\n" " if [ \"X$have_root\" != \"X\" ]; then\n" @@ -1924,12 +2031,18 @@ " sarg=\"screen\"\n" " fi\n" " fi\n" -" # remember to put server args after sarg ... to work on Solaris 9 and 10.\n" +" margs=\"+kb\"\n" +"\n" +" # currently not enabled in Xvfb's we see.\n" +"# if $have_Xvfb -extension MOOMOO 2>&1 | grep -w RANDR >/dev/null; then\n" +"# margs=\"$margs +extension RANDR\"\n" +"# fi\n" +"\n" " if [ $depth -ge 16 ]; then\n" -" server $have_Xvfb :$N $sarg 0 ${geom}x${depth} +kb -cc 4\n" -" else\n" -" server $have_Xvfb :$N $sarg 0 ${geom}x${depth} +kb\n" +" # avoid DirectColor for default visual:\n" +" margs=\"$margs -cc 4\"\n" " fi\n" +" server $have_Xvfb :$N $sarg 0 ${geom}x${depth} $margs\n" "\n" " if [ \"X$result\" = \"X1\" -a \"X$have_xmodmap\" != \"X\" ]; then\n" " if [ \"X$have_root\" = \"X\" ]; then\n" @@ -2030,6 +2143,10 @@ " cook=`cookie`\n" " $have_xauth -f $tmp add :$N . $cook 1>&2\n" " $have_xauth -f $tmp add `hostname`:$N . $cook 1>&2\n" +" if [ \"X$CREATE_DISPLAY_EXEC\" != \"X\" ]; then\n" +" ls -l $tmp 1>&2\n" +" $have_xauth -f $tmp list 1>&2\n" +" fi\n" " echo \"$tmp\"\n" "}\n" "\n" @@ -2117,7 +2234,7 @@ " USER=`whoami`\n" "fi\n" "\n" -"PATH=$PATH:/usr/X11R6/bin:/usr/bin/X11:/usr/openwin/bin:/usr/dt/bin:/opt/kde3/bin:/opt/gnome/bin:/usr/bin:/bin:/usr/sfw/bin\n" +"PATH=$PATH:/usr/X11R6/bin:/usr/bin/X11:/usr/openwin/bin:/usr/dt/bin:/opt/kde4/bin:/opt/kde3/bin:/opt/gnome/bin:/usr/bin:/bin:/usr/sfw/bin\n" "\n" "have_root=\"\"\n" "id0=`id`\n" @@ -2130,7 +2247,7 @@ " p_ok=1\n" "fi\n" "\n" -"for prog in startx xinit xdm gdm kdm xterm Xdummy Xvfb Xvnc xauth xdpyinfo mcookie md5sum xmodmap startkde gnome-session blackbox fvwm2 mwm openbox twm windowmaker wmaker enlightenment metacity X Xorg XFree86 Xsun Xsession dtwm netstat nohup esddsp konsole gnome-terminal perl startxfce4 startxfce\n" +"for prog in startx xinit xdm gdm kdm xterm Xdummy Xvfb Xvnc xauth xdpyinfo mcookie md5sum xmodmap startkde dbus-launch gnome-session blackbox fvwm2 mwm openbox twm windowmaker wmaker enlightenment metacity X Xorg XFree86 Xsun Xsession dtwm netstat nohup esddsp konsole gnome-terminal x-terminal-emulator perl startxfce4 startxfce\n" "do\n" " p2=`echo \"$prog\" | sed -e 's/-/_/g'`\n" " eval \"have_$p2=''\"\n" @@ -2148,10 +2265,12 @@ " fi\n" "done\n" "if [ \"X$have_xterm\" = \"X\" ]; then\n" -" if [ \"X$have_konsole\" != \"X\" ]; then\n" -" have_xterm=$have_konsole\n" -" elif [ \"X$have_gnome_terminal\" != \"X\" ]; then\n" +" if [ \"X$have_gnome_terminal\" != \"X\" ]; then\n" " have_xterm=$have_gnome_terminal\n" +" elif [ \"X$have_konsole\" != \"X\" ]; then\n" +" have_xterm=$have_konsole\n" +" elif [ \"X$have_x_terminal_emulator\" != \"X\" ]; then\n" +" have_xterm=$have_x_terminal_emulator\n" " fi\n" "fi\n" "\n" @@ -2172,7 +2291,7 @@ "\n" "TRY=\"$1\"\n" "if [ \"X$TRY\" = \"X\" ]; then\n" -" TRY=Xdummy,Xvfb\n" +" TRY=Xvfb,Xdummy\n" "fi\n" "\n" "for curr_try in `echo \"$TRY\" | tr ',' ' '`\n" @@ -2182,9 +2301,15 @@ " if echo \"$curr_try\" | egrep '[+.-]xdmcp' > /dev/null; then\n" " use_xdmcp_query=1\n" " fi\n" +"\n" +" if [ \"X$X11VNC_XDM_ONLY\" = \"X1\" -a \"X$use_xdmcp_query\" = \"X0\" ]; then\n" +" echo \"SKIPPING NON-XDMCP item '$curr_try' in X11VNC_XDM_ONLY=1 mode.\" 1>&2\n" +" continue\n" +" fi\n" +" \n" " curr_try=`echo \"$curr_try\" | sed -e 's/[+.-]xdmcp//'`\n" " curr_try=`echo \"$curr_try\" | sed -e 's/[+.-]redirect//'`\n" -" \n" +"\n" " if echo \"$curr_try\" | grep -i '^Xdummy\\>' > /dev/null; then\n" " try_Xdummy\n" " elif echo \"$curr_try\" | grep -i '^Xvfb\\>' > /dev/null; then\n" diff -Nru x11vnc-0.9.8/x11vnc/tkx11vnc x11vnc-0.9.9/x11vnc/tkx11vnc --- x11vnc-0.9.8/x11vnc/tkx11vnc 2009-03-15 01:15:38.000000000 +0000 +++ x11vnc-0.9.9/x11vnc/tkx11vnc 2009-11-22 01:23:02.000000000 +0000 @@ -176,6 +176,7 @@ =GAL SubWindow:: id: sid: + =RA id_cmd: =GAL LOFF =GAL ResizeRotate:: = xrandr @@ -413,6 +414,7 @@ gaps: grow: fuzz: + extra_fbur: wait_ui: setdefer: nowait_bog @@ -749,7 +751,8 @@ non-standard listening port use \"host:port\". Pressing \"OK\" will initiate the reverse - connection. Use a blank hostname to skip it. + connection. Use a blank hostname to skip it, or + delete (\"X-out\") the window. " @@ -2719,6 +2722,7 @@ proc update_menu_vars {{query ""}} { global all_settings menu_var query_result_list + global x11vnc_icon_mode set debug [in_debug_mode] @@ -2732,6 +2736,14 @@ foreach piece $query_result_list { #puts stderr "UMV: $piece" + if [regexp {icon_mode:0} $piece] { + set x11vnc_icon_mode 0 + #puts stderr "x11vnc_icon_mode: $x11vnc_icon_mode" + } + if [regexp {icon_mode:1} $piece] { + set x11vnc_icon_mode 1 + #puts stderr "x11vnc_icon_mode: $x11vnc_icon_mode" + } if {[regexp {^([^:][^:]*):(.*)$} $piece m0 item val]} { if {[info exists menu_var($item)]} { set old $menu_var($item) @@ -2985,7 +2997,12 @@ } set cache_all_query_vars $qry -#puts $qry + global env + if [info exists env(TKX11VNC_PRINT_ALL_VARS)] { + puts "--------------- BEGIN ALL VARS ---------------" + puts $qry + puts "--------------- END ALL VARS ---------------" + } return $qry } @@ -4312,7 +4329,7 @@ } proc props_advanced {} { - global icon_mode icon_win props_win full_win + global icon_mode props_win full_win global props_advanced_first if ![info exists props_advanced_first] { @@ -4330,6 +4347,7 @@ set w $full_win wm minsize $w [winfo width $w] [winfo height $w] } + push_new_value "remote-cmd" "remote-cmd" "Q:clients" 1 } proc do_props {} { @@ -4468,17 +4486,20 @@ } set props_buttons [list] - set w .props - catch {destroy $w} - toplevel $w - wm title $w "x11vnc Properties" + set wp .props + set w $wp + catch {destroy $wp} + toplevel $wp + wm title $wp "x11vnc Properties" + frame $w.lf + set w $w.lf set b1 "$w.buttons1" frame $b1 - button $b1.ok -text OK -command "if {\[props_apply\]} {destroy $w}" -font $bfont - button $b1.cancel -text Cancel -command "destroy $w" -font $bfont + button $b1.ok -text OK -command "if {\[props_apply\]} {destroy $wp}" -font $bfont + button $b1.cancel -text Cancel -command "destroy $wp" -font $bfont button $b1.apply -text Apply -command "props_apply" -font $bfont - bind $w "destroy $w" + bind $w "destroy $wp" pack $b1.ok $b1.cancel $b1.apply -side left -expand 0 lappend props_buttons $b1.apply $b1.cancel $b1.ok @@ -4487,7 +4508,7 @@ frame $b2 button $b2.advanced -text " Advanced ... " \ - -command "destroy $w; props_advanced" -font $bfont + -command "destroy $wp; props_advanced" -font $bfont if {! $icon_noadvanced} { lappend props_buttons $b2.advanced pack $b2.advanced -side left -expand 0 @@ -4509,6 +4530,17 @@ entry $pw.e -show "*" -textvariable props_passwd -font $bfont pack $pw.e -fill x -expand 1 -padx 1m -pady $pady -side top + global x11vnc_icon_mode + if {! $x11vnc_icon_mode} { + catch { $pw.e configure -state disabled} + if {! $have_labelframes} { + catch { $pw.l configure -state disabled} + } + } else { + lappend props_buttons $pw.e + } + + set vp "$w.viewpw" if {$have_labelframes} { labelframe $vp -text "ViewOnly Password" -font $bfont @@ -4521,8 +4553,14 @@ entry $vp.e -show "*" -textvariable props_viewpasswd -font $bfont pack $vp.e -fill x -expand 1 -padx 1m -pady $pady -side top - - lappend props_buttons $vp.e + if {! $x11vnc_icon_mode} { + catch { $vp.e configure -state disabled} + if {! $have_labelframes} { + catch { $vp.l configure -state disabled} + } + } else { + lappend props_buttons $vp.e + } if {! $icon_mode_at_startup} { $vp.e configure -state disabled @@ -4535,8 +4573,6 @@ catch {$pw configure -foreground grey60} } - lappend props_buttons $pw.e - set sb "$w.solid" frame $sb checkbutton $sb.button -text "Solid Background Color" \ @@ -4597,17 +4633,21 @@ set show_props_instructions 1 } - wm withdraw $w + wm withdraw .props + + set wl $w + + pack $wl -side left if {$msg != ""} { set tw [textwidth $msg] set th [textheight $msg] set th [expr $th - 1] - set ms "$w.msg" + set ms ".props.msg" text $ms -font $ffont -relief ridge -width $tw -height $th $ms insert 1.0 $msg - set si "$w.instructions" + set si "$wl.instructions" frame $si checkbutton $si.button -text "Show Instructions" \ -variable show_props_instructions -anchor w -font $bfont \ @@ -4617,15 +4657,17 @@ pack $si -side bottom -fill x -pady 0m -padx $px if {$show_props_instructions} { - pack $ms -side bottom -fill x -pady $pady -padx $px + pack $ms -side left -fill both } update } + lappend props_buttons $ac.button $cf.button $vo.button $sh.button $zc.button $jv.button $sb.button + set w .props update wm resizable $w 1 0 center_win $w @@ -4640,7 +4682,7 @@ proc toggle_instructions {ms pady px} { global show_props_instructions if {$show_props_instructions} { - pack $ms -side bottom -fill x -pady $pady -padx $px + pack $ms -side left -fill both } else { pack forget $ms } @@ -4891,6 +4933,13 @@ if {$client_balloon == ""} { set client_balloon $noinfo } + if {! [info exists icon_win]} { + return + } elseif {$icon_win == ""} { + return + } elseif {! [winfo exists $icon_win]} { + return + } set x [expr [winfo rootx $icon_win] + ([winfo width $icon_win]/2)] set y [expr [winfo rooty $icon_win] + [winfo height $icon_win] + 4] @@ -4939,10 +4988,11 @@ proc icon_win_cfg {clients} { global icon_win client_tail client_sock client_info_read - if {![info exists icon_win]} { + if {! [info exists icon_win]} { return - } - if {$icon_win == ""} { + } elseif {$icon_win == ""} { + return + } elseif {! [winfo exists $icon_win]} { return } if {$clients > 0} { @@ -5102,6 +5152,14 @@ global icon_win set lab [get_icon_label] + + if {! [info exists icon_win]} { + return + } elseif {$icon_win == ""} { + return + } elseif {! [winfo exists $icon_win]} { + return + } if {[info exists icon_win]} { $icon_win configure -text $lab @@ -6261,14 +6319,26 @@ } if {$db} {puts stderr "run_remote_cmd_via_sock: $docmd \"$str\""} - puts $client_sock $str + catch {puts $client_sock $str} if {$db} {puts stderr "run_remote_cmd_via_sock: flush"} - flush $client_sock + catch {flush $client_sock} if {$db} {puts stderr "run_remote_cmd_via_sock: gets"} - gets $client_sock res + catch {gets $client_sock res} if {$db} {puts stderr "run_remote_cmd_via_sock: \"$res\""} set res [string trim $res] + if [regexp {=clients:} $res] { + regsub {^.*=clients:} $res "" cres + regsub {,aro=.*$} $cres "" cres + regsub {,ans=.*$} $cres "" cres + if {$cres == "none"} { + set cres "" + } + update_clients_menu $cres + set client_str $cres + set_client_balloon $cres + } + if [regexp {^clients:} $res] { regsub {^clients:} $res "" tmp if {$tmp == "none"} { @@ -6535,18 +6605,18 @@ } else { frame .pp.f -bd 1 -relief ridge -pady 2 } - label .pp.f.l -text "Port: " - entry .pp.f.e -width 8 -textvariable port_set + label .pp.f.l -text "Port: " -font $bfont + entry .pp.f.e -width 8 -textvariable port_set -font $ffont global enable_ssl; set enable_ssl 0 if [info exists env(X11VNC_SSL_ENABLED)] { set enable_ssl 1 } - checkbutton .pp.f.ssl -relief raised -pady 3 -padx 3 -text "Enable SSL" -variable enable_ssl + checkbutton .pp.f.ssl -relief raised -pady 3 -padx 3 -text "Enable SSL" -variable enable_ssl -font $bfont global localhost; set localhost 0 if [info exists env(X11VNC_LOCALHOST_ENABLED)] { set localhost 1 } - checkbutton .pp.f.loc -relief raised -pady 3 -padx 3 -text "Listen on localhost" -variable localhost + checkbutton .pp.f.loc -relief raised -pady 3 -padx 3 -text "Listen on localhost" -variable localhost -font $bfont pack .pp.f.l .pp.f.e -side left pack .pp.f.loc .pp.f.ssl -side right @@ -6559,15 +6629,15 @@ if [info exists env(X11VNC_FILETRANSFER_ENABLED)] { set file_transfer $env(X11VNC_FILETRANSFER_ENABLED) } - label .pp.t.l -text "File Transfer: " - radiobutton .pp.t.none -text "None" -variable file_transfer -value "none" - radiobutton .pp.t.ultra -text "UltraVNC" -variable file_transfer -value "ultra" - radiobutton .pp.t.tight -text "TightVNC" -variable file_transfer -value "tight" + label .pp.t.l -text "File Transfer: " -font $bfont + radiobutton .pp.t.none -text "None" -variable file_transfer -value "none" -font $bfont + radiobutton .pp.t.ultra -text "UltraVNC" -variable file_transfer -value "ultra" -font $bfont + radiobutton .pp.t.tight -text "TightVNC" -variable file_transfer -value "tight" -font $bfont pack .pp.t.l .pp.t.none .pp.t.ultra .pp.t.tight -side left frame .pp.o -bd 1 -relief ridge - button .pp.o.ok -text "OK" -command "set port_reply 1; destroy .pp" - button .pp.o.cancel -text "Cancel" -command "set port_reply 0; destroy .pp" + button .pp.o.ok -text "OK" -command "set port_reply 1; destroy .pp" -font $bfont + button .pp.o.cancel -text "Cancel" -command "set port_reply 0; destroy .pp" -font $bfont pack .pp.o.ok .pp.o.cancel -side left -fill x -expand 1 pack .pp.m -side top -fill x -expand 1 pack .pp.f .pp.t .pp.o -side top -fill x @@ -6656,7 +6726,6 @@ } proc setup_tray_embed {} { - global icon_win update set w [winfo width .] set h [winfo height .] @@ -6747,7 +6816,6 @@ } proc undo_tray_embed {} { - global icon_win set wid [winfo id .] push_new_value "remote-cmd" "remote-cmd" "trayunembed:$wid" 0 } @@ -6775,7 +6843,7 @@ global connected_to_x11vnc global cache_all_query_vars global last_query_all_time query_all_freq client_tail client_sock client_info_read -global icon_mode icon_mode_at_startup +global icon_mode icon_mode_at_startup x11vnc_icon_mode global tray_embed tray_running icon_setpasswd icon_embed_id global icon_noadvanced icon_minimal global make_gui_count text_area_str @@ -6794,6 +6862,24 @@ set snfont "-adobe-helvetica-medium-r-*-*-*-100-*-*-*-*-*-*" set ffont "fixed" +set got_helv 0 +catch { + foreach fam [font families] { + if {$fam == "helvetica"} { + set got_helv 1 + } + if {$fam == "Helvetica"} { + set got_helv 1 + } + } +} + +if {$got_helv} { + set bfont "Helvetica -12 bold" + set sfont "Helvetica -10 bold" + set snfont "Helvetica -10" +} + set ls "" catch {set ls [font metrics $bfont -linespace]} if {$ls != "" && $ls > 14} { @@ -6914,11 +7000,6 @@ puts ";" exit 0 } -if {"$argv" == "-portprompt"} { - do_port_prompt - exit 0 -} - set_view_variable "full" @@ -6977,6 +7058,19 @@ set x11vnc_gui_params "" } +if {[info exists env(X11VNC_FONT_BOLD)]} { + set bfont $env(X11VNC_FONT_BOLD) +} +if {[info exists env(X11VNC_FONT_BOLD_SMALL)]} { + set sfont $env(X11VNC_FONT_BOLD_SMALL) +} +if {[info exists env(X11VNC_FONT_REG_SMALL)]} { + set snfont $env(X11VNC_FONT_REG_SMALL) +} +if {[info exists env(X11VNC_FONT_FIXED)]} { + set ffont $env(X11VNC_FONT_FIXED) +} + if {[info exists env(X11VNC_CONNECT_FILE)]} { set x11vnc_connect_file $env(X11VNC_CONNECT_FILE); } else { @@ -7019,6 +7113,7 @@ } set icon_mode 0 +set x11vnc_icon_mode 0 set tray_embed 0 set tray_running 0 @@ -7086,6 +7181,11 @@ set bfont {system} } +if {"$argv" == "-portprompt"} { + do_port_prompt + exit 0 +} + #puts [exec env] #puts "x11vnc_xdisplay: $x11vnc_xdisplay" @@ -7121,11 +7221,11 @@ set do_props_msg "" if {$icon_setpasswd} { set m "\n" - set m " Note the x11vnc icon in the system tray \n" + set m "${m} Note the x11vnc icon in the system tray.\n" set m "${m} This panel is its 'Properties' dialog.\n" set m "${m}\n" set m "${m} To specify a Session Password and to\n" - set m "${m} allow VNC clients to connect, follow\n" + set m "${m} allow VNC viewers to connect, follow\n" set m "${m} these steps:\n" set m "${m}\n" set m "${m} Enter a passwd in the Password field\n" @@ -7135,9 +7235,12 @@ set m "${m} Set 'Accept Connections' and then Press \n" set m "${m} 'Apply' to allow incoming connections.\n" set m "${m}\n" + set m "${m} No Viewer can connect until you do this.\n" + set m "${m}\n" set m "${m} The passwords are only for this x11vnc\n" set m "${m} session and are not saved. Run x11vnc\n" - set m "${m} manually for more control.\n" + set m "${m} manually for more control (e.g. -rfbauth \n" + set m "${m} for a saved password.)\n" set m "${m}\n" set m "${m} See 'Help' for details on each option.\n" @@ -7199,6 +7302,7 @@ dtime G old_balloon check_setpasswd + push_new_value "remote-cmd" "remote-cmd" "Q:clients" 1 } else { make_gui "full" dtime G diff -Nru x11vnc-0.9.8/x11vnc/tkx11vnc.h x11vnc-0.9.9/x11vnc/tkx11vnc.h --- x11vnc-0.9.8/x11vnc/tkx11vnc.h 2009-06-19 15:41:48.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/tkx11vnc.h 2009-12-21 05:00:56.000000000 +0000 @@ -187,6 +187,7 @@ " =GAL SubWindow::\n" " id:\n" " sid:\n" +" =RA id_cmd:\n" " =GAL LOFF\n" " =GAL ResizeRotate::\n" " = xrandr\n" @@ -424,6 +425,7 @@ " gaps:\n" " grow:\n" " fuzz:\n" +" extra_fbur:\n" " wait_ui:\n" " setdefer:\n" " nowait_bog\n" @@ -760,7 +762,8 @@ " non-standard listening port use \\\"host:port\\\".\n" "\n" " Pressing \\\"OK\\\" will initiate the reverse\n" -" connection. Use a blank hostname to skip it.\n" +" connection. Use a blank hostname to skip it, or\n" +" delete (\\\"X-out\\\") the window.\n" " \n" "\"\n" "\n" @@ -2730,6 +2733,7 @@ "\n" "proc update_menu_vars {{query \"\"}} {\n" " global all_settings menu_var query_result_list\n" +" global x11vnc_icon_mode\n" "\n" " set debug [in_debug_mode]\n" "\n" @@ -2743,6 +2747,14 @@ "\n" " foreach piece $query_result_list {\n" "#puts stderr \"UMV: $piece\"\n" +" if [regexp {icon_mode:0} $piece] {\n" +" set x11vnc_icon_mode 0\n" +" #puts stderr \"x11vnc_icon_mode: $x11vnc_icon_mode\"\n" +" }\n" +" if [regexp {icon_mode:1} $piece] {\n" +" set x11vnc_icon_mode 1\n" +" #puts stderr \"x11vnc_icon_mode: $x11vnc_icon_mode\"\n" +" }\n" " if {[regexp {^([^:][^:]*):(.*)$} $piece m0 item val]} {\n" " if {[info exists menu_var($item)]} {\n" " set old $menu_var($item)\n" @@ -2996,7 +3008,12 @@ " }\n" " set cache_all_query_vars $qry\n" "\n" -"#puts $qry\n" +" global env\n" +" if [info exists env(TKX11VNC_PRINT_ALL_VARS)] {\n" +" puts \"--------------- BEGIN ALL VARS ---------------\"\n" +" puts $qry\n" +" puts \"--------------- END ALL VARS ---------------\"\n" +" }\n" "\n" " return $qry\n" "}\n" @@ -4323,7 +4340,7 @@ "}\n" "\n" "proc props_advanced {} {\n" -" global icon_mode icon_win props_win full_win\n" +" global icon_mode props_win full_win\n" " global props_advanced_first\n" "\n" " if ![info exists props_advanced_first] {\n" @@ -4341,6 +4358,7 @@ " set w $full_win\n" " wm minsize $w [winfo width $w] [winfo height $w]\n" " }\n" +" push_new_value \"remote-cmd\" \"remote-cmd\" \"Q:clients\" 1\n" "}\n" "\n" "proc do_props {} {\n" @@ -4479,17 +4497,20 @@ " }\n" " set props_buttons [list]\n" "\n" -" set w .props\n" -" catch {destroy $w}\n" -" toplevel $w\n" -" wm title $w \"x11vnc Properties\"\n" +" set wp .props\n" +" set w $wp\n" +" catch {destroy $wp}\n" +" toplevel $wp\n" +" wm title $wp \"x11vnc Properties\"\n" +" frame $w.lf\n" +" set w $w.lf\n" " set b1 \"$w.buttons1\"\n" " frame $b1\n" -" button $b1.ok -text OK -command \"if {\\[props_apply\\]} {destroy $w}\" -font $bfont\n" -" button $b1.cancel -text Cancel -command \"destroy $w\" -font $bfont\n" +" button $b1.ok -text OK -command \"if {\\[props_apply\\]} {destroy $wp}\" -font $bfont\n" +" button $b1.cancel -text Cancel -command \"destroy $wp\" -font $bfont\n" " button $b1.apply -text Apply -command \"props_apply\" -font $bfont\n" "\n" -" bind $w \"destroy $w\"\n" +" bind $w \"destroy $wp\"\n" "\n" " pack $b1.ok $b1.cancel $b1.apply -side left -expand 0\n" " lappend props_buttons $b1.apply $b1.cancel $b1.ok\n" @@ -4498,7 +4519,7 @@ " frame $b2\n" "\n" " button $b2.advanced -text \" Advanced ... \" \\\n" -" -command \"destroy $w; props_advanced\" -font $bfont\n" +" -command \"destroy $wp; props_advanced\" -font $bfont\n" " if {! $icon_noadvanced} {\n" " lappend props_buttons $b2.advanced\n" " pack $b2.advanced -side left -expand 0\n" @@ -4520,6 +4541,17 @@ " entry $pw.e -show \"*\" -textvariable props_passwd -font $bfont\n" " pack $pw.e -fill x -expand 1 -padx 1m -pady $pady -side top\n" "\n" +" global x11vnc_icon_mode\n" +" if {! $x11vnc_icon_mode} {\n" +" catch { $pw.e configure -state disabled}\n" +" if {! $have_labelframes} {\n" +" catch { $pw.l configure -state disabled}\n" +" }\n" +" } else {\n" +" lappend props_buttons $pw.e\n" +" }\n" +"\n" +"\n" " set vp \"$w.viewpw\"\n" " if {$have_labelframes} {\n" " labelframe $vp -text \"ViewOnly Password\" -font $bfont\n" @@ -4532,8 +4564,14 @@ " entry $vp.e -show \"*\" -textvariable props_viewpasswd -font $bfont\n" " pack $vp.e -fill x -expand 1 -padx 1m -pady $pady -side top\n" "\n" -"\n" -" lappend props_buttons $vp.e\n" +" if {! $x11vnc_icon_mode} {\n" +" catch { $vp.e configure -state disabled}\n" +" if {! $have_labelframes} {\n" +" catch { $vp.l configure -state disabled}\n" +" }\n" +" } else {\n" +" lappend props_buttons $vp.e\n" +" }\n" "\n" " if {! $icon_mode_at_startup} {\n" " $vp.e configure -state disabled\n" @@ -4546,8 +4584,6 @@ " catch {$pw configure -foreground grey60}\n" " }\n" "\n" -" lappend props_buttons $pw.e\n" -"\n" " set sb \"$w.solid\"\n" " frame $sb\n" " checkbutton $sb.button -text \"Solid Background Color\" \\\n" @@ -4608,17 +4644,21 @@ " set show_props_instructions 1\n" " }\n" "\n" -" wm withdraw $w\n" +" wm withdraw .props\n" +"\n" +" set wl $w\n" +"\n" +" pack $wl -side left\n" "\n" " if {$msg != \"\"} {\n" " set tw [textwidth $msg]\n" " set th [textheight $msg]\n" " set th [expr $th - 1]\n" -" set ms \"$w.msg\"\n" +" set ms \".props.msg\"\n" " text $ms -font $ffont -relief ridge -width $tw -height $th\n" " $ms insert 1.0 $msg\n" "\n" -" set si \"$w.instructions\"\n" +" set si \"$wl.instructions\"\n" " frame $si\n" " checkbutton $si.button -text \"Show Instructions\" \\\n" " -variable show_props_instructions -anchor w -font $bfont \\\n" @@ -4628,15 +4668,17 @@ " pack $si -side bottom -fill x -pady 0m -padx $px\n" "\n" " if {$show_props_instructions} {\n" -" pack $ms -side bottom -fill x -pady $pady -padx $px\n" +" pack $ms -side left -fill both\n" " }\n" "\n" " update\n" " }\n" "\n" +"\n" " lappend props_buttons $ac.button $cf.button $vo.button $sh.button $zc.button $jv.button $sb.button\n" "\n" " \n" +" set w .props\n" " update\n" " wm resizable $w 1 0\n" " center_win $w\n" @@ -4651,7 +4693,7 @@ "proc toggle_instructions {ms pady px} {\n" " global show_props_instructions\n" " if {$show_props_instructions} {\n" -" pack $ms -side bottom -fill x -pady $pady -padx $px\n" +" pack $ms -side left -fill both\n" " } else {\n" " pack forget $ms\n" " }\n" @@ -4902,6 +4944,13 @@ " if {$client_balloon == \"\"} {\n" " set client_balloon $noinfo\n" " }\n" +" if {! [info exists icon_win]} {\n" +" return\n" +" } elseif {$icon_win == \"\"} {\n" +" return\n" +" } elseif {! [winfo exists $icon_win]} {\n" +" return\n" +" }\n" "\n" " set x [expr [winfo rootx $icon_win] + ([winfo width $icon_win]/2)]\n" " set y [expr [winfo rooty $icon_win] + [winfo height $icon_win] + 4]\n" @@ -4950,10 +4999,11 @@ "proc icon_win_cfg {clients} {\n" " global icon_win client_tail client_sock client_info_read\n" "\n" -" if {![info exists icon_win]} {\n" +" if {! [info exists icon_win]} {\n" " return\n" -" }\n" -" if {$icon_win == \"\"} {\n" +" } elseif {$icon_win == \"\"} {\n" +" return\n" +" } elseif {! [winfo exists $icon_win]} {\n" " return\n" " }\n" " if {$clients > 0} {\n" @@ -5113,6 +5163,14 @@ " global icon_win\n" "\n" " set lab [get_icon_label]\n" +"\n" +" if {! [info exists icon_win]} {\n" +" return\n" +" } elseif {$icon_win == \"\"} {\n" +" return\n" +" } elseif {! [winfo exists $icon_win]} {\n" +" return\n" +" }\n" " \n" " if {[info exists icon_win]} {\n" " $icon_win configure -text $lab\n" @@ -6272,14 +6330,26 @@ " }\n" "\n" " if {$db} {puts stderr \"run_remote_cmd_via_sock: $docmd \\\"$str\\\"\"}\n" -" puts $client_sock $str\n" +" catch {puts $client_sock $str}\n" " if {$db} {puts stderr \"run_remote_cmd_via_sock: flush\"}\n" -" flush $client_sock\n" +" catch {flush $client_sock}\n" " if {$db} {puts stderr \"run_remote_cmd_via_sock: gets\"}\n" -" gets $client_sock res\n" +" catch {gets $client_sock res}\n" " if {$db} {puts stderr \"run_remote_cmd_via_sock: \\\"$res\\\"\"}\n" " set res [string trim $res]\n" "\n" +" if [regexp {=clients:} $res] {\n" +" regsub {^.*=clients:} $res \"\" cres\n" +" regsub {,aro=.*$} $cres \"\" cres\n" +" regsub {,ans=.*$} $cres \"\" cres\n" +" if {$cres == \"none\"} {\n" +" set cres \"\"\n" +" }\n" +" update_clients_menu $cres\n" +" set client_str $cres\n" +" set_client_balloon $cres\n" +" }\n" +"\n" " if [regexp {^clients:} $res] {\n" " regsub {^clients:} $res \"\" tmp\n" " if {$tmp == \"none\"} {\n" @@ -6546,18 +6616,18 @@ " } else {\n" " frame .pp.f -bd 1 -relief ridge -pady 2\n" " }\n" -" label .pp.f.l -text \"Port: \"\n" -" entry .pp.f.e -width 8 -textvariable port_set\n" +" label .pp.f.l -text \"Port: \" -font $bfont\n" +" entry .pp.f.e -width 8 -textvariable port_set -font $ffont\n" " global enable_ssl; set enable_ssl 0\n" " if [info exists env(X11VNC_SSL_ENABLED)] {\n" " set enable_ssl 1\n" " }\n" -" checkbutton .pp.f.ssl -relief raised -pady 3 -padx 3 -text \"Enable SSL\" -variable enable_ssl\n" +" checkbutton .pp.f.ssl -relief raised -pady 3 -padx 3 -text \"Enable SSL\" -variable enable_ssl -font $bfont\n" " global localhost; set localhost 0\n" " if [info exists env(X11VNC_LOCALHOST_ENABLED)] {\n" " set localhost 1\n" " }\n" -" checkbutton .pp.f.loc -relief raised -pady 3 -padx 3 -text \"Listen on localhost\" -variable localhost\n" +" checkbutton .pp.f.loc -relief raised -pady 3 -padx 3 -text \"Listen on localhost\" -variable localhost -font $bfont\n" " pack .pp.f.l .pp.f.e -side left\n" " pack .pp.f.loc .pp.f.ssl -side right\n" "\n" @@ -6570,15 +6640,15 @@ " if [info exists env(X11VNC_FILETRANSFER_ENABLED)] {\n" " set file_transfer $env(X11VNC_FILETRANSFER_ENABLED)\n" " }\n" -" label .pp.t.l -text \"File Transfer: \"\n" -" radiobutton .pp.t.none -text \"None\" -variable file_transfer -value \"none\"\n" -" radiobutton .pp.t.ultra -text \"UltraVNC\" -variable file_transfer -value \"ultra\"\n" -" radiobutton .pp.t.tight -text \"TightVNC\" -variable file_transfer -value \"tight\"\n" +" label .pp.t.l -text \"File Transfer: \" -font $bfont\n" +" radiobutton .pp.t.none -text \"None\" -variable file_transfer -value \"none\" -font $bfont\n" +" radiobutton .pp.t.ultra -text \"UltraVNC\" -variable file_transfer -value \"ultra\" -font $bfont\n" +" radiobutton .pp.t.tight -text \"TightVNC\" -variable file_transfer -value \"tight\" -font $bfont\n" " pack .pp.t.l .pp.t.none .pp.t.ultra .pp.t.tight -side left\n" "\n" " frame .pp.o -bd 1 -relief ridge\n" -" button .pp.o.ok -text \"OK\" -command \"set port_reply 1; destroy .pp\"\n" -" button .pp.o.cancel -text \"Cancel\" -command \"set port_reply 0; destroy .pp\"\n" +" button .pp.o.ok -text \"OK\" -command \"set port_reply 1; destroy .pp\" -font $bfont\n" +" button .pp.o.cancel -text \"Cancel\" -command \"set port_reply 0; destroy .pp\" -font $bfont\n" " pack .pp.o.ok .pp.o.cancel -side left -fill x -expand 1\n" " pack .pp.m -side top -fill x -expand 1 \n" " pack .pp.f .pp.t .pp.o -side top -fill x\n" @@ -6667,7 +6737,6 @@ "}\n" "\n" "proc setup_tray_embed {} {\n" -" global icon_win\n" " update\n" " set w [winfo width .]\n" " set h [winfo height .]\n" @@ -6758,7 +6827,6 @@ "}\n" "\n" "proc undo_tray_embed {} {\n" -" global icon_win\n" " set wid [winfo id .] \n" " push_new_value \"remote-cmd\" \"remote-cmd\" \"trayunembed:$wid\" 0\n" "}\n" @@ -6786,7 +6854,7 @@ "global connected_to_x11vnc\n" "global cache_all_query_vars\n" "global last_query_all_time query_all_freq client_tail client_sock client_info_read\n" -"global icon_mode icon_mode_at_startup\n" +"global icon_mode icon_mode_at_startup x11vnc_icon_mode\n" "global tray_embed tray_running icon_setpasswd icon_embed_id\n" "global icon_noadvanced icon_minimal\n" "global make_gui_count text_area_str\n" @@ -6805,6 +6873,24 @@ "set snfont \"-adobe-helvetica-medium-r-*-*-*-100-*-*-*-*-*-*\"\n" "set ffont \"fixed\"\n" "\n" +"set got_helv 0\n" +"catch {\n" +" foreach fam [font families] {\n" +" if {$fam == \"helvetica\"} {\n" +" set got_helv 1\n" +" }\n" +" if {$fam == \"Helvetica\"} {\n" +" set got_helv 1\n" +" }\n" +" }\n" +"}\n" +"\n" +"if {$got_helv} {\n" +" set bfont \"Helvetica -12 bold\"\n" +" set sfont \"Helvetica -10 bold\"\n" +" set snfont \"Helvetica -10\"\n" +"}\n" +"\n" "set ls \"\"\n" "catch {set ls [font metrics $bfont -linespace]}\n" "if {$ls != \"\" && $ls > 14} {\n" @@ -6925,11 +7011,6 @@ " puts \";\"\n" " exit 0\n" "}\n" -"if {\"$argv\" == \"-portprompt\"} {\n" -" do_port_prompt\n" -" exit 0\n" -"}\n" -"\n" "\n" "set_view_variable \"full\"\n" "\n" @@ -6988,6 +7069,19 @@ " set x11vnc_gui_params \"\"\n" "}\n" "\n" +"if {[info exists env(X11VNC_FONT_BOLD)]} {\n" +" set bfont $env(X11VNC_FONT_BOLD)\n" +"}\n" +"if {[info exists env(X11VNC_FONT_BOLD_SMALL)]} {\n" +" set sfont $env(X11VNC_FONT_BOLD_SMALL)\n" +"}\n" +"if {[info exists env(X11VNC_FONT_REG_SMALL)]} {\n" +" set snfont $env(X11VNC_FONT_REG_SMALL)\n" +"}\n" +"if {[info exists env(X11VNC_FONT_FIXED)]} {\n" +" set ffont $env(X11VNC_FONT_FIXED)\n" +"}\n" +"\n" "if {[info exists env(X11VNC_CONNECT_FILE)]} {\n" " set x11vnc_connect_file $env(X11VNC_CONNECT_FILE);\n" "} else {\n" @@ -7030,6 +7124,7 @@ "}\n" "\n" "set icon_mode 0\n" +"set x11vnc_icon_mode 0\n" "set tray_embed 0\n" "set tray_running 0\n" "\n" @@ -7097,6 +7192,11 @@ " set bfont {system}\n" "}\n" "\n" +"if {\"$argv\" == \"-portprompt\"} {\n" +" do_port_prompt\n" +" exit 0\n" +"}\n" +"\n" "#puts [exec env]\n" "#puts \"x11vnc_xdisplay: $x11vnc_xdisplay\"\n" "\n" @@ -7132,11 +7232,11 @@ " set do_props_msg \"\"\n" " if {$icon_setpasswd} {\n" " set m \"\\n\"\n" -" set m \" Note the x11vnc icon in the system tray \\n\" \n" +" set m \"${m} Note the x11vnc icon in the system tray.\\n\" \n" " set m \"${m} This panel is its 'Properties' dialog.\\n\" \n" " set m \"${m}\\n\" \n" " set m \"${m} To specify a Session Password and to\\n\" \n" -" set m \"${m} allow VNC clients to connect, follow\\n\" \n" +" set m \"${m} allow VNC viewers to connect, follow\\n\" \n" " set m \"${m} these steps:\\n\" \n" " set m \"${m}\\n\" \n" " set m \"${m} Enter a passwd in the Password field\\n\" \n" @@ -7146,9 +7246,12 @@ " set m \"${m} Set 'Accept Connections' and then Press \\n\" \n" " set m \"${m} 'Apply' to allow incoming connections.\\n\" \n" " set m \"${m}\\n\" \n" +" set m \"${m} No Viewer can connect until you do this.\\n\" \n" +" set m \"${m}\\n\" \n" " set m \"${m} The passwords are only for this x11vnc\\n\" \n" " set m \"${m} session and are not saved. Run x11vnc\\n\" \n" -" set m \"${m} manually for more control.\\n\" \n" +" set m \"${m} manually for more control (e.g. -rfbauth \\n\" \n" +" set m \"${m} for a saved password.)\\n\" \n" " set m \"${m}\\n\" \n" " set m \"${m} See 'Help' for details on each option.\\n\" \n" "\n" @@ -7210,6 +7313,7 @@ " dtime G\n" " old_balloon\n" " check_setpasswd\n" +" push_new_value \"remote-cmd\" \"remote-cmd\" \"Q:clients\" 1\n" "} else {\n" " make_gui \"full\"\n" " dtime G\n" diff -Nru x11vnc-0.9.8/x11vnc/unixpw.c x11vnc-0.9.9/x11vnc/unixpw.c --- x11vnc-0.9.8/x11vnc/unixpw.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/unixpw.c 2009-12-21 04:58:10.000000000 +0000 @@ -37,7 +37,9 @@ extern int grantpt(int); extern int unlockpt(int); extern char *ptsname(int); -/* XXX remove need for this */ +#endif + +#ifndef DO_NOT_DECLARE_CRYPT extern char *crypt(const char*, const char *); #endif @@ -50,6 +52,7 @@ #include "connections.h" #include "sslhelper.h" #include "cursor.h" +#include "rates.h" #include #if LIBVNCSERVER_HAVE_FORK @@ -96,6 +99,7 @@ void unixpw_deny(void); void unixpw_msg(char *msg, int delay); int su_verify(char *user, char *pass, char *cmd, char *rbuf, int *rbuf_size, int nodisp); +int unixpw_cmd_run(char *user, char *pass, char *cmd, char *line, int *n); int crypt_verify(char *user, char *pass); int cmd_verify(char *user, char *pass); void unixpw_verify_screen(char *user, char *pass); @@ -118,6 +122,235 @@ char *keep_unixpw_pass = NULL; char *keep_unixpw_opts = NULL; +static unsigned char default6x13FontData[2899]={ +0x00,0x00,0xA8,0x00,0x88,0x00,0x88,0x00,0x88,0x00,0xA8,0x00,0x00, /* 0 */ +0x00,0x00,0x00,0x00,0x20,0x70,0xF8,0x70,0x20,0x00,0x00,0x00,0x00, /* 1 */ +0xA8,0x54,0xA8,0x54,0xA8,0x54,0xA8,0x54,0xA8,0x54,0xA8,0x54,0xA8, /* 2 */ +0x00,0x00,0xA0,0xA0,0xE0,0xA0,0xA0,0x38,0x10,0x10,0x10,0x00,0x00, /* 3 */ +0x00,0x00,0xE0,0x80,0xC0,0x80,0xB8,0x20,0x30,0x20,0x20,0x00,0x00, /* 4 */ +0x00,0x00,0x60,0x80,0x80,0x60,0x30,0x28,0x30,0x28,0x28,0x00,0x00, /* 5 */ +0x00,0x00,0x80,0x80,0x80,0xE0,0x38,0x20,0x30,0x20,0x20,0x00,0x00, /* 6 */ +0x00,0x00,0x30,0x48,0x48,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 7 */ +0x00,0x00,0x00,0x20,0x20,0xF8,0x20,0x20,0x00,0xF8,0x00,0x00,0x00, /* 8 */ +0x00,0x00,0x90,0xD0,0xB0,0x90,0x20,0x20,0x20,0x20,0x38,0x00,0x00, /* 9 */ +0x00,0x00,0xA0,0xA0,0xA0,0x40,0x40,0x38,0x10,0x10,0x10,0x00,0x00, /* 10 */ +0x20,0x20,0x20,0x20,0x20,0x20,0xE0,0x00,0x00,0x00,0x00,0x00,0x00, /* 11 */ +0x00,0x00,0x00,0x00,0x00,0x00,0xE0,0x20,0x20,0x20,0x20,0x20,0x20, /* 12 */ +0x00,0x00,0x00,0x00,0x00,0x00,0x3C,0x20,0x20,0x20,0x20,0x20,0x20, /* 13 */ +0x20,0x20,0x20,0x20,0x20,0x20,0x3C,0x00,0x00,0x00,0x00,0x00,0x00, /* 14 */ +0x20,0x20,0x20,0x20,0x20,0x20,0xFC,0x20,0x20,0x20,0x20,0x20,0x20, /* 15 */ +0xFC,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 16 */ +0x00,0x00,0x00,0xFC,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 17 */ +0x00,0x00,0x00,0x00,0x00,0x00,0xFC,0x00,0x00,0x00,0x00,0x00,0x00, /* 18 */ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFC,0x00,0x00,0x00, /* 19 */ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFC, /* 20 */ +0x20,0x20,0x20,0x20,0x20,0x20,0x3C,0x20,0x20,0x20,0x20,0x20,0x20, /* 21 */ +0x20,0x20,0x20,0x20,0x20,0x20,0xE0,0x20,0x20,0x20,0x20,0x20,0x20, /* 22 */ +0x20,0x20,0x20,0x20,0x20,0x20,0xFC,0x00,0x00,0x00,0x00,0x00,0x00, /* 23 */ +0x00,0x00,0x00,0x00,0x00,0x00,0xFC,0x20,0x20,0x20,0x20,0x20,0x20, /* 24 */ +0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20, /* 25 */ +0x00,0x00,0x00,0x18,0x60,0x80,0x60,0x18,0x00,0xF8,0x00,0x00,0x00, /* 26 */ +0x00,0x00,0x00,0xC0,0x30,0x08,0x30,0xC0,0x00,0xF8,0x00,0x00,0x00, /* 27 */ +0x00,0x00,0x00,0x00,0x00,0xF8,0x50,0x50,0x50,0x50,0x50,0x00,0x00, /* 28 */ +0x00,0x00,0x00,0x00,0x00,0x08,0xF8,0x20,0xF8,0x80,0x00,0x00,0x00, /* 29 */ +0x00,0x00,0x30,0x48,0x40,0x40,0xE0,0x40,0x40,0x48,0xB0,0x00,0x00, /* 30 */ +0x00,0x00,0x00,0x00,0x00,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0x00, /* 31 */ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 32 */ +0x00,0x00,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x00,0x20,0x00,0x00, /* 33 */ +0x00,0x00,0x50,0x50,0x50,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 34 */ +0x00,0x00,0x00,0x50,0x50,0xF8,0x50,0xF8,0x50,0x50,0x00,0x00,0x00, /* 35 */ +0x00,0x00,0x20,0x78,0xA0,0xA0,0x70,0x28,0x28,0xF0,0x20,0x00,0x00, /* 36 */ +0x00,0x00,0x48,0xA8,0x50,0x10,0x20,0x40,0x50,0xA8,0x90,0x00,0x00, /* 37 */ +0x00,0x00,0x00,0x40,0xA0,0xA0,0x40,0xA0,0x98,0x90,0x68,0x00,0x00, /* 38 */ +0x00,0x00,0x20,0x20,0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 39 */ +0x00,0x10,0x20,0x20,0x40,0x40,0x40,0x40,0x40,0x20,0x20,0x10,0x00, /* 40 */ +0x00,0x40,0x20,0x20,0x10,0x10,0x10,0x10,0x10,0x20,0x20,0x40,0x00, /* 41 */ +0x00,0x00,0x00,0x20,0xA8,0xF8,0x70,0xF8,0xA8,0x20,0x00,0x00,0x00, /* 42 */ +0x00,0x00,0x00,0x00,0x20,0x20,0xF8,0x20,0x20,0x00,0x00,0x00,0x00, /* 43 */ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x30,0x20,0x40,0x00, /* 44 */ +0x00,0x00,0x00,0x00,0x00,0x00,0xF8,0x00,0x00,0x00,0x00,0x00,0x00, /* 45 */ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x70,0x20,0x00, /* 46 */ +0x00,0x00,0x08,0x08,0x10,0x10,0x20,0x40,0x40,0x80,0x80,0x00,0x00, /* 47 */ +0x00,0x00,0x20,0x50,0x88,0x88,0x88,0x88,0x88,0x50,0x20,0x00,0x00, /* 48 */ +0x00,0x00,0x20,0x60,0xA0,0x20,0x20,0x20,0x20,0x20,0xF8,0x00,0x00, /* 49 */ +0x00,0x00,0x70,0x88,0x88,0x08,0x10,0x20,0x40,0x80,0xF8,0x00,0x00, /* 50 */ +0x00,0x00,0xF8,0x08,0x10,0x20,0x70,0x08,0x08,0x88,0x70,0x00,0x00, /* 51 */ +0x00,0x00,0x10,0x10,0x30,0x50,0x50,0x90,0xF8,0x10,0x10,0x00,0x00, /* 52 */ +0x00,0x00,0xF8,0x80,0x80,0xB0,0xC8,0x08,0x08,0x88,0x70,0x00,0x00, /* 53 */ +0x00,0x00,0x70,0x88,0x80,0x80,0xF0,0x88,0x88,0x88,0x70,0x00,0x00, /* 54 */ +0x00,0x00,0xF8,0x08,0x10,0x10,0x20,0x20,0x40,0x40,0x40,0x00,0x00, /* 55 */ +0x00,0x00,0x70,0x88,0x88,0x88,0x70,0x88,0x88,0x88,0x70,0x00,0x00, /* 56 */ +0x00,0x00,0x70,0x88,0x88,0x88,0x78,0x08,0x08,0x88,0x70,0x00,0x00, /* 57 */ +0x00,0x00,0x00,0x00,0x20,0x70,0x20,0x00,0x00,0x20,0x70,0x20,0x00, /* 58 */ +0x00,0x00,0x00,0x00,0x20,0x70,0x20,0x00,0x00,0x30,0x20,0x40,0x00, /* 59 */ +0x00,0x00,0x08,0x10,0x20,0x40,0x80,0x40,0x20,0x10,0x08,0x00,0x00, /* 60 */ +0x00,0x00,0x00,0x00,0x00,0xF8,0x00,0x00,0xF8,0x00,0x00,0x00,0x00, /* 61 */ +0x00,0x00,0x80,0x40,0x20,0x10,0x08,0x10,0x20,0x40,0x80,0x00,0x00, /* 62 */ +0x00,0x00,0x70,0x88,0x88,0x08,0x10,0x20,0x20,0x00,0x20,0x00,0x00, /* 63 */ +0x00,0x00,0x70,0x88,0x88,0x98,0xA8,0xA8,0xB0,0x80,0x78,0x00,0x00, /* 64 */ +0x00,0x00,0x20,0x50,0x88,0x88,0x88,0xF8,0x88,0x88,0x88,0x00,0x00, /* 65 */ +0x00,0x00,0xF0,0x48,0x48,0x48,0x70,0x48,0x48,0x48,0xF0,0x00,0x00, /* 66 */ +0x00,0x00,0x70,0x88,0x80,0x80,0x80,0x80,0x80,0x88,0x70,0x00,0x00, /* 67 */ +0x00,0x00,0xF0,0x48,0x48,0x48,0x48,0x48,0x48,0x48,0xF0,0x00,0x00, /* 68 */ +0x00,0x00,0xF8,0x80,0x80,0x80,0xF0,0x80,0x80,0x80,0xF8,0x00,0x00, /* 69 */ +0x00,0x00,0xF8,0x80,0x80,0x80,0xF0,0x80,0x80,0x80,0x80,0x00,0x00, /* 70 */ +0x00,0x00,0x70,0x88,0x80,0x80,0x80,0x98,0x88,0x88,0x70,0x00,0x00, /* 71 */ +0x00,0x00,0x88,0x88,0x88,0x88,0xF8,0x88,0x88,0x88,0x88,0x00,0x00, /* 72 */ +0x00,0x00,0x70,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x70,0x00,0x00, /* 73 */ +0x00,0x00,0x38,0x10,0x10,0x10,0x10,0x10,0x10,0x90,0x60,0x00,0x00, /* 74 */ +0x00,0x00,0x88,0x88,0x90,0xA0,0xC0,0xA0,0x90,0x88,0x88,0x00,0x00, /* 75 */ +0x00,0x00,0x80,0x80,0x80,0x80,0x80,0x80,0x80,0x80,0xF8,0x00,0x00, /* 76 */ +0x00,0x00,0x88,0x88,0xD8,0xA8,0xA8,0x88,0x88,0x88,0x88,0x00,0x00, /* 77 */ +0x00,0x00,0x88,0xC8,0xC8,0xA8,0xA8,0x98,0x98,0x88,0x88,0x00,0x00, /* 78 */ +0x00,0x00,0x70,0x88,0x88,0x88,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 79 */ +0x00,0x00,0xF0,0x88,0x88,0x88,0xF0,0x80,0x80,0x80,0x80,0x00,0x00, /* 80 */ +0x00,0x00,0x70,0x88,0x88,0x88,0x88,0x88,0x88,0xA8,0x70,0x08,0x00, /* 81 */ +0x00,0x00,0xF0,0x88,0x88,0x88,0xF0,0xA0,0x90,0x88,0x88,0x00,0x00, /* 82 */ +0x00,0x00,0x70,0x88,0x80,0x80,0x70,0x08,0x08,0x88,0x70,0x00,0x00, /* 83 */ +0x00,0x00,0xF8,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x00,0x00, /* 84 */ +0x00,0x00,0x88,0x88,0x88,0x88,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 85 */ +0x00,0x00,0x88,0x88,0x88,0x88,0x50,0x50,0x50,0x20,0x20,0x00,0x00, /* 86 */ +0x00,0x00,0x88,0x88,0x88,0x88,0xA8,0xA8,0xA8,0xA8,0x50,0x00,0x00, /* 87 */ +0x00,0x00,0x88,0x88,0x50,0x50,0x20,0x50,0x50,0x88,0x88,0x00,0x00, /* 88 */ +0x00,0x00,0x88,0x88,0x50,0x50,0x20,0x20,0x20,0x20,0x20,0x00,0x00, /* 89 */ +0x00,0x00,0xF8,0x08,0x10,0x10,0x20,0x40,0x40,0x80,0xF8,0x00,0x00, /* 90 */ +0x00,0x70,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x70,0x00, /* 91 */ +0x00,0x00,0x80,0x80,0x40,0x40,0x20,0x10,0x10,0x08,0x08,0x00,0x00, /* 92 */ +0x00,0x70,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x70,0x00, /* 93 */ +0x00,0x00,0x20,0x50,0x88,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 94 */ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xF8,0x00, /* 95 */ +0x00,0x20,0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 96 */ +0x00,0x00,0x00,0x00,0x00,0x70,0x08,0x78,0x88,0x98,0x68,0x00,0x00, /* 97 */ +0x00,0x00,0x80,0x80,0x80,0xF0,0x88,0x88,0x88,0x88,0xF0,0x00,0x00, /* 98 */ +0x00,0x00,0x00,0x00,0x00,0x70,0x88,0x80,0x80,0x88,0x70,0x00,0x00, /* 99 */ +0x00,0x00,0x08,0x08,0x08,0x78,0x88,0x88,0x88,0x88,0x78,0x00,0x00, /* 100 */ +0x00,0x00,0x00,0x00,0x00,0x70,0x88,0xF8,0x80,0x88,0x70,0x00,0x00, /* 101 */ +0x00,0x00,0x30,0x48,0x40,0x40,0xF0,0x40,0x40,0x40,0x40,0x00,0x00, /* 102 */ +0x00,0x00,0x00,0x00,0x00,0x70,0x88,0x88,0x88,0x78,0x08,0x88,0x70, /* 103 */ +0x00,0x00,0x80,0x80,0x80,0xB0,0xC8,0x88,0x88,0x88,0x88,0x00,0x00, /* 104 */ +0x00,0x00,0x00,0x20,0x00,0x60,0x20,0x20,0x20,0x20,0x70,0x00,0x00, /* 105 */ +0x00,0x00,0x00,0x10,0x00,0x30,0x10,0x10,0x10,0x10,0x90,0x90,0x60, /* 106 */ +0x00,0x00,0x80,0x80,0x80,0x90,0xA0,0xC0,0xA0,0x90,0x88,0x00,0x00, /* 107 */ +0x00,0x00,0x60,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x70,0x00,0x00, /* 108 */ +0x00,0x00,0x00,0x00,0x00,0xD0,0xA8,0xA8,0xA8,0xA8,0x88,0x00,0x00, /* 109 */ +0x00,0x00,0x00,0x00,0x00,0xB0,0xC8,0x88,0x88,0x88,0x88,0x00,0x00, /* 110 */ +0x00,0x00,0x00,0x00,0x00,0x70,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 111 */ +0x00,0x00,0x00,0x00,0x00,0xF0,0x88,0x88,0x88,0xF0,0x80,0x80,0x80, /* 112 */ +0x00,0x00,0x00,0x00,0x00,0x78,0x88,0x88,0x88,0x78,0x08,0x08,0x08, /* 113 */ +0x00,0x00,0x00,0x00,0x00,0xB0,0xC8,0x80,0x80,0x80,0x80,0x00,0x00, /* 114 */ +0x00,0x00,0x00,0x00,0x00,0x70,0x88,0x60,0x10,0x88,0x70,0x00,0x00, /* 115 */ +0x00,0x00,0x00,0x40,0x40,0xF0,0x40,0x40,0x40,0x48,0x30,0x00,0x00, /* 116 */ +0x00,0x00,0x00,0x00,0x00,0x88,0x88,0x88,0x88,0x98,0x68,0x00,0x00, /* 117 */ +0x00,0x00,0x00,0x00,0x00,0x88,0x88,0x88,0x50,0x50,0x20,0x00,0x00, /* 118 */ +0x00,0x00,0x00,0x00,0x00,0x88,0x88,0xA8,0xA8,0xA8,0x50,0x00,0x00, /* 119 */ +0x00,0x00,0x00,0x00,0x00,0x88,0x50,0x20,0x20,0x50,0x88,0x00,0x00, /* 120 */ +0x00,0x00,0x00,0x00,0x00,0x88,0x88,0x88,0x98,0x68,0x08,0x88,0x70, /* 121 */ +0x00,0x00,0x00,0x00,0x00,0xF8,0x10,0x20,0x40,0x80,0xF8,0x00,0x00, /* 122 */ +0x00,0x18,0x20,0x20,0x20,0x20,0xC0,0x20,0x20,0x20,0x20,0x18,0x00, /* 123 */ +0x00,0x00,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x00,0x00, /* 124 */ +0x00,0xC0,0x20,0x20,0x20,0x20,0x18,0x20,0x20,0x20,0x20,0xC0,0x00, /* 125 */ +0x00,0x00,0x48,0xA8,0x90,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 126 */ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 160 */ +0x00,0x00,0x20,0x00,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x00,0x00, /* 161 */ +0x00,0x00,0x20,0x70,0xA8,0xA0,0xA0,0xA8,0x70,0x20,0x00,0x00,0x00, /* 162 */ +0x00,0x00,0x30,0x48,0x40,0x40,0xE0,0x40,0x40,0x48,0xB0,0x00,0x00, /* 163 */ +0x00,0x00,0x00,0x00,0x88,0x70,0x50,0x50,0x70,0x88,0x00,0x00,0x00, /* 164 */ +0x00,0x00,0x88,0x88,0x50,0x50,0xF8,0x20,0xF8,0x20,0x20,0x00,0x00, /* 165 */ +0x00,0x00,0x20,0x20,0x20,0x20,0x00,0x20,0x20,0x20,0x20,0x00,0x00, /* 166 */ +0x00,0x30,0x48,0x40,0x30,0x48,0x48,0x30,0x08,0x48,0x30,0x00,0x00, /* 167 */ +0x00,0x50,0x50,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 168 */ +0x00,0x70,0x88,0xA8,0xD8,0xC8,0xD8,0xA8,0x88,0x70,0x00,0x00,0x00, /* 169 */ +0x00,0x00,0x70,0x08,0x78,0x88,0x78,0x00,0xF8,0x00,0x00,0x00,0x00, /* 170 */ +0x00,0x00,0x00,0x00,0x28,0x50,0xA0,0xA0,0x50,0x28,0x00,0x00,0x00, /* 171 */ +0x00,0x00,0x00,0x00,0x00,0x00,0xF8,0x08,0x08,0x00,0x00,0x00,0x00, /* 172 */ +0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x00,0x00,0x00,0x00,0x00,0x00, /* 173 */ +0x00,0x70,0x88,0xE8,0xD8,0xD8,0xE8,0xD8,0x88,0x70,0x00,0x00,0x00, /* 174 */ +0x00,0x00,0xF8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 175 */ +0x00,0x00,0x30,0x48,0x48,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 176 */ +0x00,0x00,0x00,0x20,0x20,0xF8,0x20,0x20,0x00,0xF8,0x00,0x00,0x00, /* 177 */ +0x00,0x40,0xA0,0x20,0x40,0xE0,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 178 */ +0x00,0x40,0xA0,0x40,0x20,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 179 */ +0x00,0x10,0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 180 */ +0x00,0x00,0x00,0x00,0x00,0x88,0x88,0x88,0x88,0x98,0xE8,0x80,0x80, /* 181 */ +0x00,0x00,0x78,0xE8,0xE8,0xE8,0xE8,0x68,0x28,0x28,0x28,0x00,0x00, /* 182 */ +0x00,0x00,0x00,0x00,0x00,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0x00, /* 183 */ +0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10,0x20, /* 184 */ +0x00,0x40,0xC0,0x40,0x40,0xE0,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 185 */ +0x00,0x00,0x70,0x88,0x88,0x88,0x70,0x00,0xF8,0x00,0x00,0x00,0x00, /* 186 */ +0x00,0x00,0x00,0x00,0xA0,0x50,0x28,0x28,0x50,0xA0,0x00,0x00,0x00, /* 187 */ +0x00,0x40,0xC0,0x40,0x40,0xE0,0x08,0x18,0x28,0x38,0x08,0x00,0x00, /* 188 */ +0x00,0x40,0xC0,0x40,0x40,0xE0,0x10,0x28,0x08,0x10,0x38,0x00,0x00, /* 189 */ +0x00,0x40,0xA0,0x40,0x20,0xA0,0x48,0x18,0x28,0x38,0x08,0x00,0x00, /* 190 */ +0x00,0x00,0x20,0x00,0x20,0x20,0x40,0x80,0x88,0x88,0x70,0x00,0x00, /* 191 */ +0x00,0x40,0x20,0x00,0x20,0x50,0x88,0x88,0xF8,0x88,0x88,0x00,0x00, /* 192 */ +0x00,0x10,0x20,0x00,0x20,0x50,0x88,0x88,0xF8,0x88,0x88,0x00,0x00, /* 193 */ +0x00,0x30,0x48,0x00,0x20,0x50,0x88,0x88,0xF8,0x88,0x88,0x00,0x00, /* 194 */ +0x00,0x28,0x50,0x00,0x20,0x50,0x88,0x88,0xF8,0x88,0x88,0x00,0x00, /* 195 */ +0x00,0x50,0x50,0x00,0x20,0x50,0x88,0x88,0xF8,0x88,0x88,0x00,0x00, /* 196 */ +0x00,0x20,0x50,0x20,0x20,0x50,0x88,0x88,0xF8,0x88,0x88,0x00,0x00, /* 197 */ +0x00,0x00,0x58,0xA0,0xA0,0xA0,0xB0,0xE0,0xA0,0xA0,0xB8,0x00,0x00, /* 198 */ +0x00,0x00,0x70,0x88,0x80,0x80,0x80,0x80,0x80,0x88,0x70,0x20,0x40, /* 199 */ +0x00,0x40,0x20,0x00,0xF8,0x80,0x80,0xF0,0x80,0x80,0xF8,0x00,0x00, /* 200 */ +0x00,0x10,0x20,0x00,0xF8,0x80,0x80,0xF0,0x80,0x80,0xF8,0x00,0x00, /* 201 */ +0x00,0x30,0x48,0x00,0xF8,0x80,0x80,0xF0,0x80,0x80,0xF8,0x00,0x00, /* 202 */ +0x00,0x50,0x50,0x00,0xF8,0x80,0x80,0xF0,0x80,0x80,0xF8,0x00,0x00, /* 203 */ +0x00,0x40,0x20,0x00,0x70,0x20,0x20,0x20,0x20,0x20,0x70,0x00,0x00, /* 204 */ +0x00,0x10,0x20,0x00,0x70,0x20,0x20,0x20,0x20,0x20,0x70,0x00,0x00, /* 205 */ +0x00,0x30,0x48,0x00,0x70,0x20,0x20,0x20,0x20,0x20,0x70,0x00,0x00, /* 206 */ +0x00,0x50,0x50,0x00,0x70,0x20,0x20,0x20,0x20,0x20,0x70,0x00,0x00, /* 207 */ +0x00,0x00,0xF0,0x48,0x48,0x48,0xE8,0x48,0x48,0x48,0xF0,0x00,0x00, /* 208 */ +0x00,0x28,0x50,0x00,0x88,0x88,0xC8,0xA8,0x98,0x88,0x88,0x00,0x00, /* 209 */ +0x00,0x40,0x20,0x00,0x70,0x88,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 210 */ +0x00,0x10,0x20,0x00,0x70,0x88,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 211 */ +0x00,0x30,0x48,0x00,0x70,0x88,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 212 */ +0x00,0x28,0x50,0x00,0x70,0x88,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 213 */ +0x00,0x50,0x50,0x00,0x70,0x88,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 214 */ +0x00,0x00,0x00,0x00,0x00,0x88,0x50,0x20,0x50,0x88,0x00,0x00,0x00, /* 215 */ +0x00,0x08,0x70,0x98,0x98,0xA8,0xA8,0xA8,0xC8,0xC8,0x70,0x80,0x00, /* 216 */ +0x00,0x40,0x20,0x00,0x88,0x88,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 217 */ +0x00,0x10,0x20,0x00,0x88,0x88,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 218 */ +0x00,0x30,0x48,0x00,0x88,0x88,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 219 */ +0x00,0x50,0x50,0x00,0x88,0x88,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 220 */ +0x00,0x10,0x20,0x00,0x88,0x88,0x50,0x20,0x20,0x20,0x20,0x00,0x00, /* 221 */ +0x00,0x00,0x80,0xF0,0x88,0x88,0x88,0xF0,0x80,0x80,0x80,0x00,0x00, /* 222 */ +0x00,0x00,0x60,0x90,0x90,0xA0,0xA0,0x90,0x88,0x88,0xB0,0x00,0x00, /* 223 */ +0x00,0x00,0x40,0x20,0x00,0x70,0x08,0x78,0x88,0x98,0x68,0x00,0x00, /* 224 */ +0x00,0x00,0x10,0x20,0x00,0x70,0x08,0x78,0x88,0x98,0x68,0x00,0x00, /* 225 */ +0x00,0x00,0x30,0x48,0x00,0x70,0x08,0x78,0x88,0x98,0x68,0x00,0x00, /* 226 */ +0x00,0x00,0x28,0x50,0x00,0x70,0x08,0x78,0x88,0x98,0x68,0x00,0x00, /* 227 */ +0x00,0x00,0x50,0x50,0x00,0x70,0x08,0x78,0x88,0x98,0x68,0x00,0x00, /* 228 */ +0x00,0x30,0x48,0x30,0x00,0x70,0x08,0x78,0x88,0x98,0x68,0x00,0x00, /* 229 */ +0x00,0x00,0x00,0x00,0x00,0x70,0x28,0x70,0xA0,0xA8,0x50,0x00,0x00, /* 230 */ +0x00,0x00,0x00,0x00,0x00,0x70,0x88,0x80,0x80,0x88,0x70,0x20,0x40, /* 231 */ +0x00,0x00,0x40,0x20,0x00,0x70,0x88,0xF8,0x80,0x88,0x70,0x00,0x00, /* 232 */ +0x00,0x00,0x10,0x20,0x00,0x70,0x88,0xF8,0x80,0x88,0x70,0x00,0x00, /* 233 */ +0x00,0x00,0x30,0x48,0x00,0x70,0x88,0xF8,0x80,0x88,0x70,0x00,0x00, /* 234 */ +0x00,0x00,0x50,0x50,0x00,0x70,0x88,0xF8,0x80,0x88,0x70,0x00,0x00, /* 235 */ +0x00,0x00,0x40,0x20,0x00,0x60,0x20,0x20,0x20,0x20,0x70,0x00,0x00, /* 236 */ +0x00,0x00,0x10,0x20,0x00,0x60,0x20,0x20,0x20,0x20,0x70,0x00,0x00, /* 237 */ +0x00,0x00,0x30,0x48,0x00,0x60,0x20,0x20,0x20,0x20,0x70,0x00,0x00, /* 238 */ +0x00,0x00,0x50,0x50,0x00,0x60,0x20,0x20,0x20,0x20,0x70,0x00,0x00, /* 239 */ +0x00,0x50,0x20,0x60,0x10,0x70,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 240 */ +0x00,0x00,0x28,0x50,0x00,0xB0,0xC8,0x88,0x88,0x88,0x88,0x00,0x00, /* 241 */ +0x00,0x00,0x40,0x20,0x00,0x70,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 242 */ +0x00,0x00,0x10,0x20,0x00,0x70,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 243 */ +0x00,0x00,0x30,0x48,0x00,0x70,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 244 */ +0x00,0x00,0x28,0x50,0x00,0x70,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 245 */ +0x00,0x00,0x50,0x50,0x00,0x70,0x88,0x88,0x88,0x88,0x70,0x00,0x00, /* 246 */ +0x00,0x00,0x00,0x20,0x20,0x00,0xF8,0x00,0x20,0x20,0x00,0x00,0x00, /* 247 */ +0x00,0x00,0x00,0x00,0x08,0x70,0x98,0xA8,0xA8,0xC8,0x70,0x80,0x00, /* 248 */ +0x00,0x00,0x40,0x20,0x00,0x88,0x88,0x88,0x88,0x98,0x68,0x00,0x00, /* 249 */ +0x00,0x00,0x10,0x20,0x00,0x88,0x88,0x88,0x88,0x98,0x68,0x00,0x00, /* 250 */ +0x00,0x00,0x30,0x48,0x00,0x88,0x88,0x88,0x88,0x98,0x68,0x00,0x00, /* 251 */ +0x00,0x00,0x50,0x50,0x00,0x88,0x88,0x88,0x88,0x98,0x68,0x00,0x00, /* 252 */ +0x00,0x00,0x10,0x20,0x00,0x88,0x88,0x88,0x98,0x68,0x08,0x88,0x70, /* 253 */ +0x00,0x00,0x00,0x80,0x80,0xB0,0xC8,0x88,0x88,0xC8,0xB0,0x80,0x80, /* 254 */ +0x00,0x00,0x50,0x50,0x00,0x88,0x88,0x88,0x98,0x68,0x08,0x88,0x70, /* 255 */ +}; +static int default6x13FontMetaData[256*5]={ +0,6,13,0,-2,13,6,13,0,-2,26,6,13,0,-2,39,6,13,0,-2,52,6,13,0,-2,65,6,13,0,-2,78,6,13,0,-2,91,6,13,0,-2,104,6,13,0,-2,117,6,13,0,-2,130,6,13,0,-2,143,6,13,0,-2,156,6,13,0,-2,169,6,13,0,-2,182,6,13,0,-2,195,6,13,0,-2,208,6,13,0,-2,221,6,13,0,-2,234,6,13,0,-2,247,6,13,0,-2,260,6,13,0,-2,273,6,13,0,-2,286,6,13,0,-2,299,6,13,0,-2,312,6,13,0,-2,325,6,13,0,-2,338,6,13,0,-2,351,6,13,0,-2,364,6,13,0,-2,377,6,13,0,-2,390,6,13,0,-2,403,6,13,0,-2,416,6,13,0,-2,429,6,13,0,-2,442,6,13,0,-2,455,6,13,0,-2,468,6,13,0,-2,481,6,13,0,-2,494,6,13,0,-2,507,6,13,0,-2,520,6,13,0,-2,533,6,13,0,-2,546,6,13,0,-2,559,6,13,0,-2,572,6,13,0,-2,585,6,13,0,-2,598,6,13,0,-2,611,6,13,0,-2,624,6,13,0,-2,637,6,13,0,-2,650,6,13,0,-2,663,6,13,0,-2,676,6,13,0,-2,689,6,13,0,-2,702,6,13,0,-2,715,6,13,0,-2,728,6,13,0,-2,741,6,13,0,-2,754,6,13,0,-2,767,6,13,0,-2,780,6,13,0,-2,793,6,13,0,-2,806,6,13,0,-2,819,6,13,0,-2,832,6,13,0,-2,845,6,13,0,-2,858,6,13,0,-2,871,6,13,0,-2,884,6,13,0,-2,897,6,13,0,-2,910,6,13,0,-2,923,6,13,0,-2,936,6,13,0,-2,949,6,13,0,-2,962,6,13,0,-2,975,6,13,0,-2,988,6,13,0,-2,1001,6,13,0,-2,1014,6,13,0,-2,1027,6,13,0,-2,1040,6,13,0,-2,1053,6,13,0,-2,1066,6,13,0,-2,1079,6,13,0,-2,1092,6,13,0,-2,1105,6,13,0,-2,1118,6,13,0,-2,1131,6,13,0,-2,1144,6,13,0,-2,1157,6,13,0,-2,1170,6,13,0,-2,1183,6,13,0,-2,1196,6,13,0,-2,1209,6,13,0,-2,1222,6,13,0,-2,1235,6,13,0,-2,1248,6,13,0,-2,1261,6,13,0,-2,1274,6,13,0,-2,1287,6,13,0,-2,1300,6,13,0,-2,1313,6,13,0,-2,1326,6,13,0,-2,1339,6,13,0,-2,1352,6,13,0,-2,1365,6,13,0,-2,1378,6,13,0,-2,1391,6,13,0,-2,1404,6,13,0,-2,1417,6,13,0,-2,1430,6,13,0,-2,1443,6,13,0,-2,1456,6,13,0,-2,1469,6,13,0,-2,1482,6,13,0,-2,1495,6,13,0,-2,1508,6,13,0,-2,1521,6,13,0,-2,1534,6,13,0,-2,1547,6,13,0,-2,1560,6,13,0,-2,1573,6,13,0,-2,1586,6,13,0,-2,1599,6,13,0,-2,1612,6,13,0,-2,1625,6,13,0,-2,1638,6,13,0,-2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1651,6,13,0,-2,1664,6,13,0,-2,1677,6,13,0,-2,1690,6,13,0,-2,1703,6,13,0,-2,1716,6,13,0,-2,1729,6,13,0,-2,1742,6,13,0,-2,1755,6,13,0,-2,1768,6,13,0,-2,1781,6,13,0,-2,1794,6,13,0,-2,1807,6,13,0,-2,1820,6,13,0,-2,1833,6,13,0,-2,1846,6,13,0,-2,1859,6,13,0,-2,1872,6,13,0,-2,1885,6,13,0,-2,1898,6,13,0,-2,1911,6,13,0,-2,1924,6,13,0,-2,1937,6,13,0,-2,1950,6,13,0,-2,1963,6,13,0,-2,1976,6,13,0,-2,1989,6,13,0,-2,2002,6,13,0,-2,2015,6,13,0,-2,2028,6,13,0,-2,2041,6,13,0,-2,2054,6,13,0,-2,2067,6,13,0,-2,2080,6,13,0,-2,2093,6,13,0,-2,2106,6,13,0,-2,2119,6,13,0,-2,2132,6,13,0,-2,2145,6,13,0,-2,2158,6,13,0,-2,2171,6,13,0,-2,2184,6,13,0,-2,2197,6,13,0,-2,2210,6,13,0,-2,2223,6,13,0,-2,2236,6,13,0,-2,2249,6,13,0,-2,2262,6,13,0,-2,2275,6,13,0,-2,2288,6,13,0,-2,2301,6,13,0,-2,2314,6,13,0,-2,2327,6,13,0,-2,2340,6,13,0,-2,2353,6,13,0,-2,2366,6,13,0,-2,2379,6,13,0,-2,2392,6,13,0,-2,2405,6,13,0,-2,2418,6,13,0,-2,2431,6,13,0,-2,2444,6,13,0,-2,2457,6,13,0,-2,2470,6,13,0,-2,2483,6,13,0,-2,2496,6,13,0,-2,2509,6,13,0,-2,2522,6,13,0,-2,2535,6,13,0,-2,2548,6,13,0,-2,2561,6,13,0,-2,2574,6,13,0,-2,2587,6,13,0,-2,2600,6,13,0,-2,2613,6,13,0,-2,2626,6,13,0,-2,2639,6,13,0,-2,2652,6,13,0,-2,2665,6,13,0,-2,2678,6,13,0,-2,2691,6,13,0,-2,2704,6,13,0,-2,2717,6,13,0,-2,2730,6,13,0,-2,2743,6,13,0,-2,2756,6,13,0,-2,2769,6,13,0,-2,2782,6,13,0,-2,2795,6,13,0,-2,2808,6,13,0,-2,2821,6,13,0,-2,2834,6,13,0,-2,2847,6,13,0,-2,2860,6,13,0,-2,2873,6,13,0,-2,2886,6,13,0,-2,}; +static rfbFontData default6x13Font={default6x13FontData, default6x13FontMetaData}; + static int in_login = 0, in_passwd = 0, tries = 0; static int char_row = 0, char_col = 0; static int char_x = 0, char_y = 0, char_w = 8, char_h = 16; @@ -145,6 +378,35 @@ } } +int black_pixel(void) { + static unsigned long black_pix = 0, white_pix = 1, set = 0; + + RAWFB_RET(0x000000) + + if (depth <= 8 && ! set) { + X_LOCK; + black_pix = BlackPixel(dpy, scr); + white_pix = WhitePixel(dpy, scr); + X_UNLOCK; + set = 1; + } + if (depth <= 8) { + return (int) black_pix; + } else if (depth < 24) { + return 0x0000; + } else { + return 0x000000; + } +} + +static void unixpw_mark(void) { + if (scaling) { + mark_rect_as_modified(0, 0, scaled_x, scaled_y, 1); + } else { + mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0); + } +} + static int text_x(void) { return char_x + char_col * char_w; } @@ -156,6 +418,8 @@ static rfbScreenInfo fscreen; static rfbScreenInfoPtr pscreen; +static int f1_help = 0; + void unixpw_screen(int init) { if (unixpw_cmd) { ; /* OK */ @@ -179,7 +443,7 @@ mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0); x = nfix(dpy_x / 2 - strlen(log) * char_w, dpy_x); - y = dpy_y / 4; + y = (int) (dpy_y / 3.5); if (scaling) { x = (int) (x * scale_fac_x); @@ -197,6 +461,28 @@ pscreen = screen; } + if (pscreen && pscreen->width >= 640) { + rfbDrawString(pscreen, &default6x13Font, 8, 2+1*13, "F1-Help:", white_pixel()); + } + f1_help = 0; + + if (unixpw_system_greeter) { + unixpw_system_greeter_active = 0; + if (use_dpy && strstr(use_dpy, "xdmcp")) { + if (getenv("X11VNC_SYSTEM_GREETER1")) { + char moo[] = "Press 'Escape' for System Greeter"; + rfbDrawString(pscreen, &default8x16Font, x-90, y-30, moo, white_pixel()); + } else { + char moo1[] = "Press 'Escape' for New Session via System Greeter,"; + char moo2[] = "or otherwise login here for Existing Session: "; + rfbDrawString(pscreen, &default6x13Font, x-110, y-38, moo1, white_pixel()); + rfbDrawString(pscreen, &default6x13Font, x-110, y-25, moo2, white_pixel()); + } + set_env("X11VNC_XDM_ONLY", "0"); + unixpw_system_greeter_active = 1; + } + } + rfbDrawString(pscreen, &default8x16Font, x, y, log, white_pixel()); char_x = x; @@ -207,11 +493,7 @@ set_warrow_cursor(); } - if (scaling) { - mark_rect_as_modified(0, 0, scaled_x, scaled_y, 1); - } else { - mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0); - } + unixpw_mark(); } @@ -519,7 +801,7 @@ fprintf(stderr, "user='%s' pass='%s' realpw='%s' cr='%s'\n", user, pass, realpw, cr ? cr : "(null)"); } - if (cr == NULL) { + if (cr == NULL || cr[0] == '\0') { return 0; } if (!strcmp(cr, realpw)) { @@ -530,6 +812,82 @@ #endif /* UNIXPW_CRYPT */ } +int unixpw_cmd_run(char *user, char *pass, char *cmd, char *line, int *n) { + int i, len, rc; + char *str; + FILE *out; + + if (! user || ! pass) { + return 0; + } + if (! unixpw_cmd || *unixpw_cmd == '\0') { + return 0; + } + + if (! scheck(user, 100, "username")) { + return 0; + } + if (! scheck(pass, 100, "password")) { + return 0; + } + if (! unixpw_list_match(user)) { + return 0; + } + if (cmd == NULL) { + cmd = ""; + } + + len = strlen(user) + 1 + strlen(pass) + 1 + 1; + str = (char *) malloc(len); + if (! str) { + return 0; + } + str[0] = '\0'; + strcat(str, user); + strcat(str, "\n"); + strcat(str, pass); + if (!strchr(pass, '\n')) { + strcat(str, "\n"); + } + + out = tmpfile(); + if (out == NULL) { + rfbLog("unixpw_cmd_run tmpfile() failed.\n"); + clean_up_exit(1); + } + + set_env("RFB_UNIXPW_CMD_RUN", cmd); + + rc = run_user_command(unixpw_cmd, unixpw_client, "cmd_verify", + str, strlen(str), out); + + set_env("RFB_UNIXPW_CMD_RUN", ""); + + for (i=0; i < len; i++) { + str[i] = '\0'; + } + free(str); + + fflush(out); + rewind(out); + for (i=0; i < (*n) - 1; i++) { + int c = fgetc(out); + if (c == EOF) { + break; + } + line[i] = (char) c; + } + fclose(out); + *n = i; + + if (rc == 0) { + return 1; + } else { + return 0; + } +} + + int cmd_verify(char *user, char *pass) { int i, len, rc; char *str; @@ -596,12 +954,14 @@ pid_t pid, pidw; struct stat sbuf; static int first = 1; - char instr[32], cbuf[10]; + char instr[64], cbuf[10]; if (first) { set_db(); first = 0; } + rfbLog("su_verify: '%s' for %s.\n", user, cmd ? "command" : "login"); + fflush(stderr); if (! scheck(user, 100, "username")) { return 0; @@ -634,6 +994,7 @@ } if (bin_su == NULL) { rfbLogPerror("existence /bin/su"); + fflush(stderr); return 0; } @@ -648,6 +1009,7 @@ } if (bin_true == NULL) { rfbLogPerror("existence /bin/true"); + fflush(stderr); return 0; } @@ -655,6 +1017,7 @@ if (slave == NULL) { rfbLogPerror("get_pty failed."); + fflush(stderr); return 0; } @@ -663,6 +1026,7 @@ if (fd < 0) { rfbLogPerror("get_pty fd < 0"); + fflush(stderr); return 0; } @@ -671,6 +1035,7 @@ pid = fork(); if (pid < 0) { rfbLogPerror("fork"); + fflush(stderr); close(fd); return 0; } @@ -845,7 +1210,7 @@ * auth sufficient pam_self.so * it may be commented out without problem. */ - for (i=0; i<32; i++) { + for (i=0; i= 32-1) { + if (j >= sizeof(instr)-1) { rfbLog("su_verify: problem finding Password:\n"); + fflush(stderr); return 0; } instr[j++] = tolower((unsigned char)cbuf[0]); } - if (n <= 0 || strstr(pstr, instr) != pstr) { + problem = 0; + if (n <= 0) { + problem = 1; + } else if (strstr(pstr, instr) != pstr) { +#ifdef _AIX + if (UT.sysname && strstr(UT.sysname, "AIX")) { + /* handle: runge's Password: */ + char *luser = (char *) malloc(strlen(user) + 10); + + sprintf(luser, "%s's", user); + lowercase(luser); + if (strstr(luser, instr) == luser) { + if (!strcmp(luser, instr)) { + i = -1; + j = 0; + memset(instr, 0, sizeof(instr)); + free(luser); + continue; + } else { + i--; + if (i < -1) i = -1; + free(luser); + continue; + } + } else { + problem = 1; + } + free(luser); + } else +#endif + { + problem = 1; + } + } + + if (problem) { if (db) { fprintf(stderr, "\"Password:\" did not " @@ -1041,10 +1442,12 @@ if (cmd_verify(user, pass)) { rfbLog("unixpw_verify: cmd_verify login for '%s'" " succeeded.\n", user); + fflush(stderr); ok = 1; } else { - rfbLog("unixpw_verify: crypt_verify login for '%s'" + rfbLog("unixpw_verify: cmd_verify login for '%s'" " failed.\n", user); + fflush(stderr); usleep(3000*1000); ok = 0; } @@ -1052,10 +1455,12 @@ if (crypt_verify(user, pass)) { rfbLog("unixpw_verify: crypt_verify login for '%s'" " succeeded.\n", user); + fflush(stderr); ok = 1; } else { rfbLog("unixpw_verify: crypt_verify login for '%s'" " failed.\n", user); + fflush(stderr); usleep(3000*1000); ok = 0; } @@ -1063,10 +1468,12 @@ if (su_verify(user, pass, NULL, NULL, NULL, 1)) { rfbLog("unixpw_verify: su_verify login for '%s'" " succeeded.\n", user); + fflush(stderr); ok = 1; } else { rfbLog("unixpw_verify: su_verify login for '%s'" " failed.\n", user); + fflush(stderr); /* use su(1)'s sleep */ ok = 0; } @@ -1074,10 +1481,36 @@ return ok; } +static int skip_it = 0; + +static void progress_skippy(void) { + int i, msec = get_net_latency(); /* probabaly not set yet.. */ + + if (msec > 300) { + msec = 300; + } else if (msec <= 100) { + msec = 100; + } + + skip_it = 1; + for (i = 0; i < 5; i++) { + if (i == 2) { + rfbPE(msec * 1000); + } else { + rfbPE(-1); + } + usleep(10*1000); + } + skip_it = 0; + + usleep(50*1000); +} + void unixpw_verify_screen(char *user, char *pass) { int x, y; char li[] = "Login incorrect"; + char ls[] = "Login succeeded"; char log[] = "login: "; char *colon = NULL; ClientData *cd = NULL; @@ -1093,6 +1526,7 @@ *colon = '\0'; rfbLog("unixpw_verify: colon: '%s'\n", user); } + fflush(stderr); if (unixpw_client) { cd = (ClientData *) unixpw_client->clientData; if (cd) { @@ -1109,7 +1543,18 @@ ok = unixpw_verify(user, pass); if (ok) { + char_row++; + char_col = 0; + + x = text_x(); + y = text_y(); + rfbDrawString(pscreen, &default8x16Font, x, y, ls, white_pixel()); + unixpw_mark(); + + progress_skippy(); + unixpw_accept(user); + if (keep_unixpw) { keep_unixpw_user = strdup(user); keep_unixpw_pass = strdup(pass); @@ -1120,6 +1565,7 @@ } } if (colon) *colon = ':'; + return; } if (colon) *colon = ':'; @@ -1140,11 +1586,7 @@ char_col = strlen(log); - if (scaling) { - mark_rect_as_modified(0, 0, scaled_x, scaled_y, 1); - } else { - mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0); - } + unixpw_mark(); unixpw_last_try_time = time(NULL); unixpw_keystroke(0, 0, 2); @@ -1164,11 +1606,15 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) { int x, y, i, rc, nmax = 100; static char user_r[100], user[100], pass[100]; - static int u_cnt = 0, p_cnt = 0, first = 1; + static int u_cnt = 0, p_cnt = 0, t_cnt = 0, first = 1; static int echo = 1; char keystr[100]; char *str; + if (skip_it) { + return; + } + if (first) { set_db(); first = 0; @@ -1190,6 +1636,7 @@ u_cnt = 0; p_cnt = 0; + t_cnt = 0; for (i=0; iwidth >= 640) { + char h1[] = "F1-Help: For 'login:' type in the username and press Enter, then for 'Password:' type in the password."; + char h2[] = " Specify options after a ':' like this: username:opt,opt=val,... Where an opt may be any of:"; + char h3[] = " scale=... (n/m); scale_cursor=... (sc=); solid (so); id=; repeat; clear_mods (cm); clear_keys (ck);"; + char h4[] = " clear_all (ca); speeds=... (sp=); readtimeout=... (rd=) rotate=... (ro=); noncache (nc) (nc=n);"; + char h5[] = " geom=WxHxD (ge=); nodisplay=... (nd=); viewonly (vo); tag=...; gnome kde twm fvwm mwm dtwm wmaker"; + char h6[] = " xfce enlightenment Xsession failsafe. Examples: fred:3/4,so,cm wilma:geom=1024x768x16,kde"; + int ch = 13, p; + if (f1_help) { + p = black_pixel(); + f1_help = 0; + } else { + p = white_pixel(); + f1_help = 1; + unixpw_last_try_time = time(NULL) + 45; + } + rfbDrawString(pscreen, &default6x13Font, 8, 2+1*ch, h1, p); + rfbDrawString(pscreen, &default6x13Font, 8, 2+2*ch, h2, p); + rfbDrawString(pscreen, &default6x13Font, 8, 2+3*ch, h3, p); + rfbDrawString(pscreen, &default6x13Font, 8, 2+4*ch, h4, p); + rfbDrawString(pscreen, &default6x13Font, 8, 2+5*ch, h5, p); + rfbDrawString(pscreen, &default6x13Font, 8, 2+6*ch, h6, p); + if (!f1_help) { + rfbDrawString(pscreen, &default6x13Font, 8, 2+1*ch, "F1-Help:", white_pixel()); + } + unixpw_mark(); + return; + } + if (unixpw_system_greeter_active && keysym == XK_Escape) { + char *u = get_user_name(); + if (keep_unixpw) { + char *colon = strchr(user, ':'); + keep_unixpw_user = strdup(u); + keep_unixpw_pass = strdup(""); + if (colon) { + keep_unixpw_opts = strdup(colon+1); + } else { + keep_unixpw_opts = strdup(""); + } + } + unixpw_system_greeter_active = 2; + set_env("X11VNC_XDM_ONLY", "1"); + rfbLog("unixpw_system_greeter: VNC client pressed 'Escape'. Allowing\n"); + rfbLog("unixpw_system_greeter: a *FREE* (no password) connection to\n"); + rfbLog("unixpw_system_greeter: the system XDM/GDM/KDM login greeter.\n"); + if (1) { + char msg[] = " Please wait... "; + rfbDrawString(pscreen, &default8x16Font, + text_x(), text_y(), msg, white_pixel()); + unixpw_mark(); + + progress_skippy(); + } + unixpw_accept(u); + free(u); + return; + } + if (in_login && keysym == XK_Escape && u_cnt == 0) { echo = 0; rfbLog("unixpw_keystroke: echo off.\n"); return; } + t_cnt++; + if (in_login) { if (keysym == XK_BackSpace || keysym == XK_Delete) { if (u_cnt > 0) { @@ -1299,6 +1806,11 @@ return; } + if (t_cnt == 1) { + /* accidental initial return, e.g. from xterm */ + return; + } + in_login = 0; in_passwd = 1; @@ -1311,13 +1823,7 @@ white_pixel()); char_col = strlen(pw); - if (scaling) { - mark_rect_as_modified(0, 0, scaled_x, - scaled_y, 1); - } else { - mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0); - } - + unixpw_mark(); return; } @@ -1350,7 +1856,6 @@ char_col++; usleep(10*1000); } - return; } @@ -1415,6 +1920,15 @@ return; } + if (1) { + char msg[] = " Please wait... "; + rfbDrawString(pscreen, &default8x16Font, + text_x(), text_y(), msg, white_pixel()); + unixpw_mark(); + + progress_skippy(); + } + in_login = 0; in_passwd = 0; @@ -1552,7 +2066,9 @@ void unixpw_accept(char *user) { apply_opts(user); - ssl_helper_pid(0, -2); /* waitall */ + if (!use_stunnel) { + ssl_helper_pid(0, -2); /* waitall */ + } if (accept_cmd && strstr(accept_cmd, "popup") == accept_cmd) { if (use_dpy && strstr(use_dpy, "WAIT:") == use_dpy && @@ -1604,6 +2120,7 @@ unixpw_client->viewOnly = TRUE; } unixpw_in_progress = 0; + /* mutex */ screen->permitFileTransfer = unixpw_file_xfer_save; if ((tightfilexfer = unixpw_tightvnc_xfer_save)) { /* this doesn't work: the current client is never registered! */ @@ -1633,14 +2150,11 @@ y = char_y + char_row * char_h; rfbDrawString(pscreen, &default8x16Font, x, y, pd, white_pixel()); - if (scaling) { - mark_rect_as_modified(0, 0, scaled_x, scaled_y, 1); - } else { - mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0); - } + unixpw_mark(); for (i=0; i<5; i++) { rfbPE(-1); + rfbPE(-1); usleep(500 * 1000); } } @@ -1652,6 +2166,7 @@ } unixpw_in_progress = 0; + /* mutex */ screen->permitFileTransfer = unixpw_file_xfer_save; if ((tightfilexfer = unixpw_tightvnc_xfer_save)) { #ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER @@ -1672,14 +2187,13 @@ y = char_y + char_row * char_h; rfbDrawString(pscreen, &default8x16Font, x, y, msg, white_pixel()); - if (scaling) { - mark_rect_as_modified(0, 0, scaled_x, scaled_y, 1); - } else { - mark_rect_as_modified(0, 0, dpy_x, dpy_y, 0); - } + unixpw_mark(); for (i=0; i<5; i++) { rfbPE(-1); + rfbPE(-1); + rfbPE(50 * 1000); + rfbPE(-1); usleep(500 * 1000); if (i >= delay) { break; diff -Nru x11vnc-0.9.8/x11vnc/unixpw.h x11vnc-0.9.9/x11vnc/unixpw.h --- x11vnc-0.9.8/x11vnc/unixpw.h 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/unixpw.h 2009-12-21 04:58:10.000000000 +0000 @@ -42,6 +42,7 @@ extern void unixpw_deny(void); extern void unixpw_msg(char *msg, int delay); extern int su_verify(char *user, char *pass, char *cmd, char *rbuf, int *rbuf_size, int nodisp); +extern int unixpw_cmd_run(char *user, char *pass, char *cmd, char *line, int *n); extern int crypt_verify(char *user, char *pass); extern int cmd_verify(char *user, char *pass); extern int unixpw_verify(char *user, char *pass); diff -Nru x11vnc-0.9.8/x11vnc/user.c x11vnc-0.9.9/x11vnc/user.c --- x11vnc-0.9.8/x11vnc/user.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/user.c 2009-12-21 04:58:10.000000000 +0000 @@ -308,6 +308,9 @@ if (strstr(user2group[i], user) == user2group[i]) { char *w = user2group[i] + strlen(user); if (*w == '.') { +#if (SMALL_FOOTPRINT > 2) + gotgroup = 0; +#else struct group* gr = getgrnam(++w); if (! gr) { rfbLog("Invalid group: %s\n", w); @@ -320,6 +323,7 @@ did[i] = 1; } gotgroup = 1; +#endif } } i++; @@ -761,7 +765,7 @@ return 0; #else /* - * OK tricky here, we need to free the shm... otherwise + * OK, tricky here, we need to free the shm... otherwise * we won't be able to delete it as the other user... */ if (fb_mode == 1 && (using_shm && ! xform24to32)) { @@ -773,11 +777,13 @@ #if LIBVNCSERVER_HAVE_PWD_H if (getpwuid(uid) != NULL && getenv("X11VNC_SINGLE_GROUP") == NULL) { struct passwd *p = getpwuid(uid); - if (initgroups(p->pw_name, gid) == 0) { + /* another possibility is p->pw_gid instead of gid */ + if (setgid(gid) == 0 && initgroups(p->pw_name, gid) == 0) { grp_ok = 1; } else { rfbLogPerror("initgroups"); } + endgrent(); } #endif #endif @@ -1079,6 +1085,7 @@ passwds_new[0] = passwds_old[0]; passwds_new[1] = viewonly_passwd; passwds_new[2] = NULL; + /* mutex */ screen->authPasswdData = (void*) passwds_new; } else if (passwd_list) { int i = 0; @@ -1088,6 +1095,7 @@ if (begin_viewonly < 0) { begin_viewonly = i+1; } + /* mutex */ screen->authPasswdData = (void*) passwd_list; screen->authPasswdFirstViewOnly = begin_viewonly; } @@ -1161,6 +1169,7 @@ if (inetd || screen->httpPort == 0) { int port = find_free_port(5800, 5860); if (port) { + /* mutex */ screen->httpPort = port; } else { rfbLog("handle_one_http_request: no http port.\n"); @@ -1253,6 +1262,7 @@ "noncache", "nc", "nodisplay", "nd", "viewonly", "vo", + "tag", NULL }; @@ -1285,13 +1295,13 @@ if (scale_str) free(scale_str); scale_str = strdup(p); } else if (ok) { - if (strstr(p, "display=") == p) { + if (0 && strstr(p, "display=") == p) { if (use_dpy) free(use_dpy); use_dpy = strdup(p + strlen("display=")); - } else if (strstr(p, "auth=") == p) { + } else if (0 && strstr(p, "auth=") == p) { if (auth_file) free(auth_file); auth_file = strdup(p + strlen("auth=")); - } else if (!strcmp(p, "shared")) { + } else if (0 && !strcmp(p, "shared")) { shared = 1; } else if (strstr(p, "scale=") == p) { if (scale_str) free(scale_str); @@ -1437,8 +1447,16 @@ off_y = 0; } +void do_announce_http(void); +void do_mention_java_urls(void); + static void setup_service(void) { + if (remote_direct) { + return; + } if (!inetd) { + do_mention_java_urls(); + do_announce_http(); if (!use_openssl) { announce(screen->port, use_openssl, NULL); fprintf(stdout, "PORT=%d\n", screen->port); @@ -1558,9 +1576,12 @@ goto screen_check; } } - if (use_openssl && !inetd) { - check_openssl(); - check_https(); + if ((use_openssl || use_stunnel) && !inetd) { + int enc_none = (enc_str && !strcmp(enc_str, "none")); + if (!use_stunnel || enc_none) { + check_openssl(); + check_https(); + } /* * This is to handle an initial verify cert from viewer, * they disconnect right after fetching the cert. @@ -1573,7 +1594,7 @@ if (screen && screen->clientHead) { int i; if (unixpw) { - if (! unixpw_in_progress) { + if (! unixpw_in_progress && !vencrypt_enable_plain_login) { rfbLog("unixpw but no unixpw_in_progress\n"); clean_up_exit(1); } @@ -1631,7 +1652,7 @@ static void do_unixpw_loop(void) { if (unixpw) { - if (! unixpw_in_progress) { + if (! unixpw_in_progress && !vencrypt_enable_plain_login) { rfbLog("unixpw but no unixpw_in_progress\n"); clean_up_exit(1); } @@ -1649,6 +1670,15 @@ unixpw_in_rfbPE = 0; } if (unixpw_in_progress) { + static double lping = 0.0; + if (lping < dnow() + 5) { + mark_rect_as_modified(0, 0, 1, 1, 1); + lping = dnow(); + } + if (time(NULL) > unixpw_last_try_time + 45) { + rfbLog("unixpw_deny: timed out waiting for reply.\n"); + unixpw_deny(); + } usleep(20 * 1000); continue; } @@ -1677,6 +1707,7 @@ #if LIBVNCSERVER_HAVE_FORK if ((pid = fork()) > 0) { close(screen->httpListenSock); + /* mutex */ screen->httpListenSock = -2; usleep(500 * 1000); } else { @@ -1865,11 +1896,20 @@ char com[100]; int fd = mkstemp(tmp); if (fd >= 0) { + int ret; write(fd, find_display, strlen(find_display)); close(fd); set_env("FINDDISPLAY_run", "1"); - sprintf(com, "/bin/sh %s -n; rm -f %s", tmp, tmp); - system(com); + sprintf(com, "/bin/sh %s -n", tmp); + ret = system(com); + if (WIFEXITED(ret) && WEXITSTATUS(ret) != 0) { + if (got_findauth && !getenv("FD_XDM")) { + if (getuid() == 0 || geteuid() == 0) { + set_env("FD_XDM", "1"); + system(com); + } + } + } } unlink(tmp); exit(0); @@ -1994,7 +2034,7 @@ p++; } if (ok && strlen(q) < 32) { - sprintf(fdgeom, q); + sprintf(fdgeom, "%s", q); if (!quiet) { rfbLog("set create display geom: %s\n", fdgeom); } @@ -2014,6 +2054,35 @@ sprintf(fdesd, "%d", p); } } + if (!getenv("FD_TAG")) { + char *s = NULL; + + q = strstr(t, "tag="); + if (q) s = strchr(q, ','); + if (s) *s = '\0'; + + if (q && strlen(q) < 120) { + char *p; + int ok = 1; + q = strchr(q, '=') + 1; + p = q; + while (*p != '\0') { + char c = *p; + if (*p == '_' || *p == '-') { + ; + } else if (!isalnum((int) c)) { + ok = 0; + rfbLog("bad tag char: '%c' in '%s'\n", c, q); + break; + } + p++; + } + if (ok) { + sprintf(fdtag, "%s", q); + } + } + if (s) *s = ','; + } free(t); } if (fdgeom[0] == '\0' && getenv("FD_GEOM")) { @@ -2058,6 +2127,20 @@ snprintf(cdout, 120, "CREATE_DISPLAY_OUTPUT='%s'", getenv("CREATE_DISPLAY_OUTPUT")); } + if (strchr(fdgeom, '\'')) fdgeom[0] = '\0'; + if (strchr(fdopts, '\'')) fdopts[0] = '\0'; + if (strchr(fdextra, '\'')) fdextra[0] = '\0'; + if (strchr(fdprog, '\'')) fdprog[0] = '\0'; + if (strchr(fdxsrv, '\'')) fdxsrv[0] = '\0'; + if (strchr(fdcups, '\'')) fdcups[0] = '\0'; + if (strchr(fdesd, '\'')) fdesd[0] = '\0'; + if (strchr(fdnas, '\'')) fdnas[0] = '\0'; + if (strchr(fdsmb, '\'')) fdsmb[0] = '\0'; + if (strchr(fdtag, '\'')) fdtag[0] = '\0'; + if (strchr(fdxdum, '\'')) fdxdum[0] = '\0'; + if (strchr(fdsess, '\'')) fdsess[0] = '\0'; + if (strchr(cdout, '\'')) cdout[0] = '\0'; + set_env("FD_GEOM", fdgeom); set_env("FD_OPTS", fdopts); set_env("FD_EXTRA", fdextra); @@ -2076,6 +2159,9 @@ if (!uu) { uu = keep_unixpw_user; } + if (strchr(uu, '\'')) { + uu = ""; + } create_cmd = (char *) malloc(strlen(tmp)+1 + strlen("env USER='' ") + strlen("FD_GEOM='' ") @@ -2173,29 +2259,65 @@ return upeer; } -static void check_nodisplay(char **nd) { - if (unixpw && keep_unixpw_opts && keep_unixpw_opts[0] != '\0') { - char *q, *t = keep_unixpw_opts; +static void check_nodisplay(char **nd, char **tag) { + if (unixpw && !getenv("X11VNC_NO_UNIXPW_OPTS") && keep_unixpw_opts && keep_unixpw_opts[0] != '\0') { + char *q, *t2, *t = keep_unixpw_opts; q = strstr(t, "nd="); if (! q) q = strstr(t, "nodisplay="); if (q) { - char *t2; q = strchr(q, '=') + 1; t = strdup(q); q = t; t2 = strchr(t, ','); if (t2) *t2 = '\0'; + while (*t != '\0') { if (*t == '+') { *t = ','; } t++; } - if (!strchr(q, '\'')) { + if (!strchr(q, '\'') && !strpbrk(q, "[](){}`'\"$&*|<>")) { if (! quiet) rfbLog("set X11VNC_SKIP_DISPLAY: %s\n", q); *nd = q; } } + + q = strstr(keep_unixpw_opts, "tag="); + if (getenv("FD_TAG")) { + *tag = strdup(getenv("FD_TAG")); + } else if (q) { + q = strchr(q, '=') + 1; + t = strdup(q); + q = t; + t2 = strchr(t, ','); + if (t2) *t2 = '\0'; + + if (strlen(q) < 120) { + int ok = 1; + while (*t != '\0') { + char c = *t; + if (*t == '_' || *t == '-') { + ; + } else if (!isalnum((int) c)) { + ok = 0; + rfbLog("bad tag char: '%c' in '%s'\n", c, q); + break; + } + t++; + } + if (ok) { + if (! quiet) rfbLog("set FD_TAG: %s\n", q); + *tag = q; + } + } + } + } + if (unixpw_system_greeter_active == 2) { + if (!keep_unixpw_user) { + clean_up_exit(1); + } + *nd = strdup("all"); } } @@ -2235,15 +2357,65 @@ return upeer; } +static void do_try_switch(char *usslpeer, char *users_list_save) { + if (unixpw_system_greeter_active == 2) { + rfbLog("unixpw_system_greeter: not trying switch to user '%s'\n", usslpeer ? usslpeer : ""); + return; + } + if (usslpeer) { + char *u = (char *) malloc(strlen(usslpeer+2)); + sprintf(u, "+%s", usslpeer); + if (switch_user(u, 0)) { + rfbLog("sslpeer switched to user: %s\n", usslpeer); + } else { + rfbLog("sslpeer failed to switch to user: %s\n", usslpeer); + } + free(u); + + } else if (users_list_save && keep_unixpw_user) { + char *user = keep_unixpw_user; + char *u = (char *)malloc(strlen(user)+1); + + users_list = users_list_save; + + u[0] = '\0'; + if (!strcmp(users_list, "unixpw=")) { + sprintf(u, "+%s", user); + } else { + char *p, *str = strdup(users_list); + p = strtok(str + strlen("unixpw="), ","); + while (p) { + if (!strcmp(p, user)) { + sprintf(u, "+%s", user); + break; + } + p = strtok(NULL, ","); + } + free(str); + } + + if (u[0] == '\0') { + rfbLog("unixpw_accept skipping switch to user: %s (drc)\n", user); + } else if (switch_user(u, 0)) { + rfbLog("unixpw_accept switched to user: %s (drc)\n", user); + } else { + rfbLog("unixpw_accept failed to switch to user: %s (drc)\n", user); + } + free(u); + } +} + static int do_run_cmd(char *cmd, char *create_cmd, char *users_list_save, int created_disp, int db) { char tmp[] = "/tmp/x11vnc-find_display.XXXXXX"; char line1[1024], line2[16384]; char *q, *usslpeer = NULL; int n, nodisp = 0, saw_xdmcp = 0; int tmp_fd = -1; + int internal_cmd = 0; + int tried_switch = 0; - memset(line1, 0, 1024); - memset(line2, 0, 16384); + memset(line1, 0, sizeof(line1)); + memset(line2, 0, sizeof(line2)); if (users_list && strstr(users_list, "sslpeer=") == users_list) { usslpeer = get_usslpeer(); @@ -2251,6 +2423,7 @@ return 0; } } + if (getenv("DEBUG_RUN_CMD")) db = 1; /* only sets environment variables: */ run_user_command("", latest_client, "env", NULL, 0, NULL); @@ -2264,8 +2437,13 @@ if (!strcmp(cmd, "FINDDISPLAY") || strstr(cmd, "FINDCREATEDISPLAY") == cmd) { char *nd = ""; + char *tag = ""; char fdout[128]; + + internal_cmd = 1; + tmp_fd = mkstemp(tmp); + if (tmp_fd < 0) { rfbLog("wait_for_client: open failed: %s\n", tmp); rfbLogPerror("mkstemp"); @@ -2288,7 +2466,7 @@ if (getenv("X11VNC_SKIP_DISPLAY")) { nd = strdup(getenv("X11VNC_SKIP_DISPLAY")); } - check_nodisplay(&nd); + check_nodisplay(&nd, &tag); fdout[0] = '\0'; if (getenv("FIND_DISPLAY_OUTPUT")) { @@ -2296,27 +2474,40 @@ } cmd = (char *) malloc(strlen("env X11VNC_SKIP_DISPLAY='' ") - + strlen(nd) + strlen(tmp) + strlen("/bin/sh ") + strlen(fdout) + 1); - sprintf(cmd, "env X11VNC_SKIP_DISPLAY='%s' %s /bin/sh %s", nd, fdout, tmp); + + strlen(nd) + strlen(" FD_TAG='' ") + strlen(tag) + strlen(tmp) + strlen("/bin/sh ") + strlen(fdout) + 1); + + if (strcmp(tag, "")) { + sprintf(cmd, "env X11VNC_SKIP_DISPLAY='%s' FD_TAG='%s' %s /bin/sh %s", nd, tag, fdout, tmp); + } else { + sprintf(cmd, "env X11VNC_SKIP_DISPLAY='%s' %s /bin/sh %s", nd, fdout, tmp); + } } rfbLog("wait_for_client: running: %s\n", cmd); - if (unixpw) { + if (unixpw && !unixpw_nis) { int res = 0, k, j, i; char line[18000]; - memset(line, 0, 18000); + memset(line, 0, sizeof(line)); - if (keep_unixpw_user && keep_unixpw_pass) { - n = 18000; - res = su_verify(keep_unixpw_user, - keep_unixpw_pass, cmd, line, &n, nodisp); + if (unixpw_system_greeter_active == 2) { + rfbLog("unixpw_system_greeter: forcing find display failure.\n"); + res = 0; + } else if (keep_unixpw_user && keep_unixpw_pass) { + n = sizeof(line); + if (unixpw_cmd != NULL) { + res = unixpw_cmd_run(keep_unixpw_user, + keep_unixpw_pass, cmd, line, &n); + } else { + res = su_verify(keep_unixpw_user, + keep_unixpw_pass, cmd, line, &n, nodisp); + } } if (db) {fprintf(stderr, "line: "); write(2, line, n); write(2, "\n", 1); fprintf(stderr, "res=%d n=%d\n", res, n);} if (! res) { - rfbLog("wait_for_client: find display cmd failed\n"); + rfbLog("wait_for_client: find display cmd failed.\n"); } if (! res && create_cmd) { @@ -2331,9 +2522,15 @@ findcreatedisplay = 1; - if (getuid() != 0) { + if (unixpw_cmd != NULL) { + /* let the external unixpw command do it: */ + n = sizeof(line); + close_exec_fds(); + res = unixpw_cmd_run(keep_unixpw_user, + keep_unixpw_pass, create_cmd, line, &n); + } else if (getuid() != 0 && unixpw_system_greeter_active != 2) { /* if not root, run as the other user... */ - n = 18000; + n = sizeof(line); close_exec_fds(); res = su_verify(keep_unixpw_user, keep_unixpw_pass, create_cmd, line, &n, nodisp); @@ -2342,6 +2539,10 @@ } else { FILE *p; close_exec_fds(); + if (unixpw_system_greeter_active == 2) { + rfbLog("unixpw_system_greeter: not trying su_verify() to run\n"); + rfbLog("unixpw_system_greeter: create display command.\n"); + } rfbLog("wait_for_client: running: %s\n", create_cmd); p = popen(create_cmd, "r"); if (! p) { @@ -2364,7 +2565,7 @@ } } } - if (res && saw_xdmcp) { + if (res && saw_xdmcp && unixpw_system_greeter_active != 2) { xdmcp_insert = strdup(keep_unixpw_user); } } @@ -2411,6 +2612,7 @@ } if (db) write(2, line, 100); if (db) fprintf(stderr, "\n"); + } else { FILE *p; int rc; @@ -2428,9 +2630,22 @@ p = popen(c, "r"); free(c); + } else if (unixpw_nis && keep_unixpw_user) { + char *c; + if (getuid() == 0) { + c = (char *) malloc(strlen("su - '' -c \"") + + strlen(keep_unixpw_user) + strlen(cmd) + 1 + 1); + sprintf(c, "su - '%s' -c \"%s\"", keep_unixpw_user, cmd); + } else { + c = strdup(cmd); + } + p = popen(c, "r"); + free(c); + } else { p = popen(cmd, "r"); } + if (! p) { rfbLog("wait_for_client: cmd failed: %s\n", cmd); rfbLogPerror("popen"); @@ -2451,7 +2666,7 @@ rc = pclose(p); if (rc != 0) { - rfbLog("wait_for_client: find display cmd failed\n"); + rfbLog("wait_for_client: find display cmd failed.\n"); } if (create_cmd && rc != 0) { @@ -2575,49 +2790,13 @@ } } - if (usslpeer) { - char *u = (char *) malloc(strlen(usslpeer+2)); - sprintf(u, "+%s", usslpeer); - if (switch_user(u, 0)) { - rfbLog("sslpeer switched to user: %s\n", usslpeer); - } else { - rfbLog("sslpeer failed to switch to user: %s\n", usslpeer); - } - free(u); - - } else if (users_list_save && keep_unixpw_user) { - char *user = keep_unixpw_user; - char *u = (char *)malloc(strlen(user)+1); - - users_list = users_list_save; - - u[0] = '\0'; - if (!strcmp(users_list, "unixpw=")) { - sprintf(u, "+%s", user); - } else { - char *p, *str = strdup(users_list); - p = strtok(str + strlen("unixpw="), ","); - while (p) { - if (!strcmp(p, user)) { - sprintf(u, "+%s", user); - break; - } - p = strtok(NULL, ","); - } - free(str); - } - - if (u[0] == '\0') { - rfbLog("unixpw_accept skipping switch to user: %s\n", user); - } else if (switch_user(u, 0)) { - rfbLog("unixpw_accept switched to user: %s\n", user); - } else { - rfbLog("unixpw_accept failed to switch to user: %s\n", user); - } - free(u); + if (!tried_switch) { + do_try_switch(usslpeer, users_list_save); + tried_switch = 1; } if (unixpw) { + /* Some cleanup and messaging for -unixpw case: */ char str[32]; if (keep_unixpw_user && keep_unixpw_pass) { @@ -2702,7 +2881,9 @@ if (db) fprintf(stderr, "args %d %s\n", i, argv[i]); } if (!quiet && !strstr(use_dpy, "FINDDISPLAY-run")) { + rfbLog("\n"); rfbLog("wait_for_client: %s\n", use_dpy); + rfbLog("\n"); } str = strdup(use_dpy); @@ -2798,6 +2979,18 @@ initialize_screen(argc, argv, fb_image); + if (! inetd && ! use_openssl) { + if (! screen->port || screen->listenSock < 0) { + if (got_rfbport && got_rfbport_val == 0) { + ; + } else { + rfbLogEnable(1); + rfbLog("Error: could not obtain listening port.\n"); + clean_up_exit(1); + } + } + } + initialize_signals(); if (ssh_str != NULL) { diff -Nru x11vnc-0.9.8/x11vnc/userinput.c x11vnc-0.9.9/x11vnc/userinput.c --- x11vnc-0.9.8/x11vnc/userinput.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/userinput.c 2009-12-21 04:58:10.000000000 +0000 @@ -373,6 +373,7 @@ Colormap cmap; if (dpy && (bpp == 32 || bpp == 16)) { #if !NO_X11 + X_LOCK; cmap = DefaultColormap (dpy, scr); if (XParseColor(dpy, cmap, str, &cdef) && XAllocColor(dpy, cmap, &cdef)) { @@ -389,6 +390,7 @@ wireframe_shade = n; ok = 1; } + X_UNLOCK; #else r = g = b = 0; cmap = 0; diff -Nru x11vnc-0.9.8/x11vnc/util.c x11vnc-0.9.9/x11vnc/util.c --- x11vnc-0.9.8/x11vnc/util.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/util.c 2009-12-21 04:58:10.000000000 +0000 @@ -75,7 +75,7 @@ double rnow(void); double rfac(void); -void rfbPE(long usec); +int rfbPE(long usec); void rfbCFD(long usec); double rect_overlap(int x1, int y1, int x2, int y2, int X1, int Y1, @@ -173,6 +173,26 @@ } } +int is_decimal(char *str) { + char *p = str; + if (p != NULL) { + int first = 1; + while (*p != '\0') { + if (first && *p == '-') { + ; + } else if (isdigit((int) *p)) { + ; + } else { + return 0; + } + first = 0; + p++; + } + return 1; + } + return 0; +} + int scan_hexdec(char *str, unsigned long *num) { if (sscanf(str, "0x%lx", num) != 1) { if (sscanf(str, "%lu", num) != 1) { @@ -450,26 +470,35 @@ void check_allinput_rate(void) { static double last_all_input_check = 0.0; - static int set = 0; + static int set = 0, verb = -1; + if (use_threads) { return; } + if (verb < 0) { + verb = 0; + if (getenv("RATE_VERB")) verb = 1; + } if (! set) { set = 1; last_all_input_check = dnow(); } else { - int dt = 4; + int dt = 5; if (x11vnc_current > last_all_input_check + dt) { int n, nq = 0; while ((n = rfbCheckFds(screen, 0))) { nq += n; } - fprintf(stderr, "nqueued: %d\n", nq); - if (0 && nq > 25 * dt) { + if (verb) fprintf(stderr, "nqueued: %d\n", nq); + if (getenv("CHECK_RATE") && nq > 18 * dt) { double rate = nq / dt; - rfbLog("Client is sending %.1f extra requests per second for the\n", rate); - rfbLog("past %d seconds! Switching to -allpinput mode. (queued: %d)\n", dt, nq); - all_input = 1; + if (verb) rfbLog("check_allinput_rate:\n"); + if (verb) rfbLog("Client is sending %.1f extra requests per second for the\n", rate); + if (verb) rfbLog("past %d seconds! (queued: %d)\n", dt, nq); + if (strstr(getenv("CHECK_RATE"), "allinput") && !all_input) { + rfbLog("Switching to -allpinput mode.\n"); + all_input = 1; + } } set = 0; } @@ -478,8 +507,8 @@ static void do_allinput(long usec) { static double last = 0.0; - static int meas = 0; - int n, f = 1, cnt = 0; + static int meas = 0, verb = -1; + int n, f = 1, cnt = 0, m = 0; long usec0; double now; if (!screen || !screen->clientHead) { @@ -495,21 +524,26 @@ if (last == 0.0) { last = dnow(); } + if (verb < 0) { + verb = 0; + if (getenv("RATE_VERB")) verb = 1; + } while ((n = rfbCheckFds(screen, usec)) > 0) { if (f) { - fprintf(stderr, " *"); + if (verb) fprintf(stderr, " *"); f = 0; } if (cnt++ > 30) { break; } meas += n; + m += n; } - fprintf(stderr, "-%d", cnt); + if (verb) fprintf(stderr, "+%d/%d", cnt, m); now = dnow(); if (now > last + 2.0) { double rate = meas / (now - last); - fprintf(stderr, "\n%.2f ", rate); + if (verb) fprintf(stderr, "\n allinput rate: %.2f ", rate); meas = 0; last = dnow(); } @@ -520,15 +554,16 @@ * checks that we are not in threaded mode. */ #define USEC_MAX 999999 /* libvncsever assumes < 1 second */ -void rfbPE(long usec) { +int rfbPE(long usec) { int uip0 = unixpw_in_progress; static int check_rate = -1; + int res = 0; if (! screen) { - return; + return res; } if (unixpw && unixpw_in_progress && !unixpw_in_rfbPE) { rfbLog("unixpw_in_rfbPE: skipping rfbPE\n"); - return; + return res; } if (debug_tiles > 2) { @@ -541,7 +576,11 @@ usec = USEC_MAX; } if (! use_threads) { - rfbProcessEvents(screen, usec); + rfbBool r; + r = rfbProcessEvents(screen, usec); + if (r) { + res = 1; + } } if (unixpw && unixpw_in_progress && !uip0) { @@ -566,6 +605,7 @@ if (all_input) { do_allinput(usec); } + return res; } void rfbCFD(long usec) { @@ -664,7 +704,7 @@ char *choose_title(char *display) { static char title[(MAXN+10)]; - memset(title, 0, MAXN+10); + memset(title, 0, sizeof(title)); strcpy(title, "x11vnc"); if (display == NULL) { @@ -685,13 +725,33 @@ if (subwin && dpy && valid_window(subwin, NULL, 0)) { #if !NO_X11 char *name = NULL; + int do_appshare = getenv("X11VNC_APPSHARE_ACTIVE") ? 1 : 0; + if (0 && do_appshare) { + title[0] = '\0'; + } if (XFetchName(dpy, subwin, &name)) { if (name) { - strncat(title, " ", MAXN - strlen(title)); + if (title[0] != '\0') { + strncat(title, " ", MAXN - strlen(title)); + } strncat(title, name, MAXN - strlen(title)); free(name); } } + if (do_appshare) { + Window c; + int x, y; + if (xtranslate(subwin, rootwin, 0, 0, &x, &y, &c, 1)) { + char tmp[32]; + if (scaling) { + x *= scale_fac_x; + y *= scale_fac_y; + } + sprintf(tmp, " XY=%d,%d", x, y); + strncat(title, tmp, MAXN - strlen(title)); + } + rfbLog("appshare title: %s\n", title); + } #endif /* NO_X11 */ } X_UNLOCK; diff -Nru x11vnc-0.9.8/x11vnc/util.h x11vnc-0.9.9/x11vnc/util.h --- x11vnc-0.9.8/x11vnc/util.h 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/util.h 2009-12-21 04:58:10.000000000 +0000 @@ -63,7 +63,7 @@ extern double rnow(void); extern double rfac(void); -extern void rfbPE(long usec); +extern int rfbPE(long usec); extern void rfbCFD(long usec); extern double rect_overlap(int x1, int y1, int x2, int y2, int X1, int Y1, int X2, int Y2); @@ -72,6 +72,11 @@ #define NONUL(x) ((x) ? (x) : "") +/* + Put this in usleep2() for debug printout. + fprintf(stderr, "_mysleep: %08d %10.6f %s:%d\n", (x), dnow() - x11vnc_start, __FILE__, __LINE__); \ + */ + /* XXX usleep(3) is not thread safe on some older systems... */ extern struct timeval _mysleep; #define usleep2(x) \ @@ -96,6 +101,10 @@ */ #ifdef LIBVNCSERVER_HAVE_LIBPTHREAD extern MUTEX(x11Mutex); +extern MUTEX(scrollMutex); +MUTEX(clientMutex); +MUTEX(inputMutex); +MUTEX(pointerMutex); #endif #define X_INIT INIT_MUTEX(x11Mutex) @@ -105,26 +114,33 @@ #define X_UNLOCK UNLOCK(x11Mutex) #else extern int hxl; -#define X_LOCK fprintf(stderr, "*** X_LOCK**[%05d] %d%s\n", \ - __LINE__, hxl, hxl ? " BAD-PRE-LOCK":""); LOCK(x11Mutex); hxl = 1; -#define X_UNLOCK fprintf(stderr, " x_unlock[%05d] %d%s\n", \ - __LINE__, hxl, !hxl ? " BAD-PRE-UNLOCK":""); UNLOCK(x11Mutex); hxl = 0; +#define X_LOCK fprintf(stderr, "*** X_LOCK** %d%s %s:%d\n", \ + hxl, hxl ? " BAD-PRE-LOCK":"", __FILE__, __LINE__); LOCK(x11Mutex); hxl = 1; +#define X_UNLOCK fprintf(stderr, " x_unlock %d%s %s:%d\n", \ + hxl, !hxl ? " BAD-PRE-UNLOCK":"", __FILE__, __LINE__); UNLOCK(x11Mutex); hxl = 0; #endif -#ifdef LIBVNCSERVER_HAVE_LIBPTHREAD -extern MUTEX(scrollMutex); -#endif #define SCR_LOCK if (use_threads) {LOCK(scrollMutex);} #define SCR_UNLOCK if (use_threads) {UNLOCK(scrollMutex);} #define SCR_INIT INIT_MUTEX(scrollMutex) -#ifdef LIBVNCSERVER_HAVE_LIBPTHREAD -MUTEX(clientMutex); -#endif #define CLIENT_LOCK if (use_threads) {LOCK(clientMutex);} #define CLIENT_UNLOCK if (use_threads) {UNLOCK(clientMutex);} #define CLIENT_INIT INIT_MUTEX(clientMutex) +#if 1 +#define INPUT_LOCK if (use_threads) {LOCK(inputMutex);} +#define INPUT_UNLOCK if (use_threads) {UNLOCK(inputMutex);} +#else +#define INPUT_LOCK +#define INPUT_UNLOCK +#endif +#define INPUT_INIT INIT_MUTEX(inputMutex) + +#define POINTER_LOCK if (use_threads) {LOCK(pointerMutex);} +#define POINTER_UNLOCK if (use_threads) {UNLOCK(pointerMutex);} +#define POINTER_INIT INIT_MUTEX(pointerMutex) + /* * The sendMutex member was added to libvncserver 0.9.8 * rfb/rfb.h sets LIBVNCSERVER_SEND_MUTEX if present. diff -Nru x11vnc-0.9.8/x11vnc/win_utils.c x11vnc-0.9.9/x11vnc/win_utils.c --- x11vnc-0.9.8/x11vnc/win_utils.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/win_utils.c 2009-12-21 04:58:10.000000000 +0000 @@ -38,6 +38,7 @@ #include "cleanup.h" #include "xwrappers.h" #include "connections.h" +#include "xrandr.h" #include "macosx.h" winattr_t *stack_list = NULL; @@ -49,7 +50,7 @@ int valid_window(Window win, XWindowAttributes *attr_ret, int bequiet); Bool xtranslate(Window src, Window dst, int src_x, int src_y, int *dst_x, int *dst_y, Window *child, int bequiet); -int get_window_size(Window win, int *x, int *y); +int get_window_size(Window win, int *w, int *h); void snapshot_stack_list(int free_only, double allowed_age); int get_boff(void); int get_bwin(void); @@ -58,6 +59,7 @@ unsigned int mask_state(void); int pick_windowid(unsigned long *num); Window descend_pointer(int depth, Window start, char *name_info, int len); +void id_cmd(char *cmd); Window parent_window(Window win, char **name) { @@ -184,12 +186,12 @@ #endif /* NO_X11 */ } -int get_window_size(Window win, int *x, int *y) { +int get_window_size(Window win, int *w, int *h) { XWindowAttributes attr; /* valid_window? */ if (valid_window(win, &attr, 1)) { - *x = attr.width; - *y = attr.height; + *w = attr.width; + *h = attr.height; return 1; } else { return 0; @@ -609,3 +611,161 @@ #endif /* NO_X11 */ } +void id_cmd(char *cmd) { + int rc, dx = 0, dy = 0, dw = 0, dh = 0; + int x0, y0, w0, h0; + int x, y, w, h, do_move = 0, do_resize = 0; + int disp_x = DisplayWidth(dpy, scr); + int disp_y = DisplayHeight(dpy, scr); + Window win = subwin; + XWindowAttributes attr; + XErrorHandler old_handler = NULL; + Window twin; + + if (!cmd || !strcmp(cmd, "")) { + return; + } + if (strstr(cmd, "win=") == cmd) { + if (! scan_hexdec(cmd + strlen("win="), &win)) { + rfbLog("id_cmd: incorrect win= hex/dec number: %s\n", cmd); + return; + } else { + char *q = strchr(cmd, ':'); + if (!q) { + rfbLog("id_cmd: incorrect win=...: hex/dec number: %s\n", cmd); + return; + } + rfbLog("id_cmd:%s set window id to 0x%lx\n", cmd, win); + cmd = q+1; + } + } + if (!win) { + rfbLog("id_cmd:%s not in sub-window mode or no win=0xNNNN.\n", cmd); + return; + } +#if !NO_X11 + X_LOCK; + if (!valid_window(win, &attr, 1)) { + X_UNLOCK; + return; + } + w0 = w = attr.width; + h0 = h = attr.height; + old_handler = XSetErrorHandler(trap_xerror); + trapped_xerror = 0; + XTranslateCoordinates(dpy, win, rootwin, 0, 0, &x, &y, &twin); + x0 = x; + y0 = y; + if (strstr(cmd, "move:") == cmd) { + if (sscanf(cmd, "move:%d%d", &dx, &dy) == 2) { + x = x + dx; + y = y + dy; + do_move = 1; + } + } else if (strstr(cmd, "resize:") == cmd) { + if (sscanf(cmd, "resize:%d%d", &dw, &dh) == 2) { + w = w + dw; + h = h + dh; + do_move = 1; + do_resize = 1; + } + } else if (strstr(cmd, "geom:") == cmd) { + if (parse_geom(cmd+strlen("geom:"), &w, &h, &x, &y, disp_x, disp_y)) { + do_move = 1; + do_resize = 1; + if (w <= 0) { + w = w0; + } + if (h <= 0) { + h = h0; + } + if (scaling && getenv("X11VNC_APPSHARE_ACTIVE")) { + x /= scale_fac_x; + y /= scale_fac_y; + } + } + } else if (!strcmp(cmd, "raise")) { + rc = XRaiseWindow(dpy, win); + rfbLog("id_cmd:%s rc=%d\n", cmd, rc); + } else if (!strcmp(cmd, "lower")) { + rc = XLowerWindow(dpy, win); + rfbLog("id_cmd:%s rc=%d\n", cmd, rc); + } else if (!strcmp(cmd, "map")) { + rc= XMapRaised(dpy, win); + rfbLog("id_cmd:%s rc=%d\n", cmd, rc); + } else if (!strcmp(cmd, "unmap")) { + rc= XUnmapWindow(dpy, win); + rfbLog("id_cmd:%s rc=%d\n", cmd, rc); + } else if (!strcmp(cmd, "iconify")) { + rc= XIconifyWindow(dpy, win, scr); + rfbLog("id_cmd:%s rc=%d\n", cmd, rc); + } else if (strstr(cmd, "wm_name:") == cmd) { + rc= XStoreName(dpy, win, cmd+strlen("wm_name:")); + rfbLog("id_cmd:%s rc=%d\n", cmd, rc); + } else if (strstr(cmd, "icon_name:") == cmd) { + rc= XSetIconName(dpy, win, cmd+strlen("icon_name:")); + rfbLog("id_cmd:%s rc=%d\n", cmd, rc); + } else if (!strcmp(cmd, "wm_delete")) { + XClientMessageEvent ev; + memset(&ev, 0, sizeof(ev)); + ev.type = ClientMessage; + ev.send_event = True; + ev.display = dpy; + ev.window = win; + ev.message_type = XInternAtom(dpy, "WM_PROTOCOLS", False); + ev.format = 32; + ev.data.l[0] = XInternAtom(dpy, "WM_DELETE_WINDOW", False); + rc = XSendEvent(dpy, win, False, 0, (XEvent *) &ev); + rfbLog("id_cmd:%s rc=%d\n", cmd, rc); + } else { + rfbLog("id_cmd:%s unrecognized command.\n", cmd); + } + if (do_move || do_resize) { + if (w >= disp_x) { + w = disp_x - 4; + } + if (h >= disp_y) { + h = disp_y - 4; + } + if (w < 1) { + w = 1; + } + if (h < 1) { + h = 1; + } + if (x + w > disp_x) { + x = disp_x - w - 1; + } + if (y + h > disp_y) { + y = disp_y - h - 1; + } + if (x < 0) { + x = 1; + } + if (y < 0) { + y = 1; + } + rc = 0; + rc += XMoveWindow(dpy, win, x, y); + off_x = x; + off_y = y; + + rc += XResizeWindow(dpy, win, w, h); + + rfbLog("id_cmd:%s rc=%d dx=%d dy=%d dw=%d dh=%d %dx%d+%d+%d -> %dx%d+%d+%d\n", + cmd, rc, dx, dy, dw, dh, w0, h0, x0, y0, w, h, x, h); + } + XSync(dpy, False); + XSetErrorHandler(old_handler); + if (trapped_xerror) { + rfbLog("id_cmd:%s trapped_xerror.\n", cmd); + } + trapped_xerror = 0; + if (do_resize) { + rfbLog("id_cmd:%s calling check_xrandr_event.\n", cmd); + check_xrandr_event("id_cmd"); + } + X_UNLOCK; +#endif +} + diff -Nru x11vnc-0.9.8/x11vnc/win_utils.h x11vnc-0.9.9/x11vnc/win_utils.h --- x11vnc-0.9.8/x11vnc/win_utils.h 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/win_utils.h 2009-12-21 04:58:10.000000000 +0000 @@ -45,7 +45,7 @@ extern int valid_window(Window win, XWindowAttributes *attr_ret, int bequiet); extern Bool xtranslate(Window src, Window dst, int src_x, int src_y, int *dst_x, int *dst_y, Window *child, int bequiet); -extern int get_window_size(Window win, int *x, int *y); +extern int get_window_size(Window win, int *w, int *h); extern void snapshot_stack_list(int free_only, double allowed_age); extern int get_boff(void); extern int get_bwin(void); @@ -54,5 +54,6 @@ extern unsigned int mask_state(void); extern int pick_windowid(unsigned long *num); extern Window descend_pointer(int depth, Window start, char *name_info, int len); +extern void id_cmd(char *cmd); #endif /* _X11VNC_WIN_UTILS_H */ diff -Nru x11vnc-0.9.8/x11vnc/x11vnc.1 x11vnc-0.9.9/x11vnc/x11vnc.1 --- x11vnc-0.9.8/x11vnc/x11vnc.1 2009-06-19 15:41:50.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/x11vnc.1 2009-12-21 05:00:57.000000000 +0000 @@ -1,8 +1,8 @@ .\" This file was automatically generated from x11vnc -help output. -.TH X11VNC "1" "June 2009" "x11vnc " "User Commands" +.TH X11VNC "1" "December 2009" "x11vnc " "User Commands" .SH NAME x11vnc - allow VNC connections to real X11 displays - version: 0.9.8, lastmod: 2009-06-14 + version: 0.9.9, lastmod: 2009-12-21 .SH SYNOPSIS .B x11vnc [OPTION]... @@ -76,6 +76,17 @@ , .IR xauth (1) man pages for more info. +.IP +Use '-auth guess' to have x11vnc use its \fB-findauth\fR +mechanism (described below) to try to guess the +XAUTHORITY filename and use it. +.IP +XDM/GDM/KDM: if you are running x11vnc as root and want +to find the XAUTHORITY before anyone has logged into an +X session yet, use: x11vnc \fB-env\fR FD_XDM=1 \fB-auth\fR guess ... +(This will also find the XAUTHORITY if a user is already +logged into the X session.) When running as root, +FD_XDM=1 will be tried if the initial \fB-auth\fR guess fails. .PP \fB-N\fR .IP @@ -106,7 +117,18 @@ for display managers like GDM (KillInitClients option) that kill x11vnc just after the user logs into the X session. Note: the reopened state may be unstable. -Set X11VNC_REOPEN_DISPLAY=n to reopen n times. +Set X11VNC_REOPEN_DISPLAY=n to reopen n times and +set X11VNC_REOPEN_SLEEP_MAX to the number of seconds, +default 10, to keep trying to reopen the display (once +per second.) +.IP +Update: as of 0.9.9, x11vnc tries to automatically avoid +being killed by the display manager by delaying creating +windows or using XFIXES. So you shouldn't need to use +KillInitClients=false as long as you log in quickly +enough (within 45 seconds of connecting.) You can +disable this by setting X11VNC_AVOID_WINDOWS=never. +You can also set it to the number of seconds to delay. .PP \fB-reflect\fR \fIhost:N\fR .IP @@ -146,6 +168,15 @@ etc, although they will be clipped if they extend beyond the window. .PP +\fB-appshare\fR +.IP +Simple application sharing based on the \fB-id/-sid\fR +mechanism. Every new toplevel window that the +application creates induces a new viewer window via +a reverse connection. The \fB-id/-sid\fR and \fB-connect\fR +options are required. Run 'x11vnc \fB-appshare\fR \fB-help'\fR +for more info. +.PP \fB-clip\fR \fIWxH+X+Y\fR .IP Only show the sub-region of the full display that @@ -276,10 +307,10 @@ an improvement over \fB-flashcmap\fR because it avoids the flashing and shows each window in the correct color. .IP -This method appear to work, but may still have bugs -and it does hog resources. If there are multiple 8bpp -windows using different colormaps, one may have to -iconify all but one for the colors to be correct. +This method works OK, but may still have bugs and it +does hog resources. If there are multiple 8bpp windows +using different colormaps, one may have to iconify all +but one for the colors to be correct. .IP There may be painting errors for clipping and switching between windows of depths 8 and 24. Heuristics are @@ -347,8 +378,8 @@ \fB-scale\fR \fIfraction\fR .IP Scale the framebuffer by factor \fIfraction\fR. Values -less than 1 shrink the fb, larger ones expand it. Note: -image may not be sharp and response may be slower. +less than 1 shrink the fb, larger ones expand it. Note: +the image may not be sharp and response may be slower. If \fIfraction\fR contains a decimal point "." it is taken as a floating point number, alternatively the notation "m/n" may be used to denote fractions @@ -444,6 +475,18 @@ .IP Exit unless a client connects within the first n seconds after startup. +.IP +If there have been no connection attempts after n +seconds x11vnc exits immediately. If a client is +trying to connect but has not progressed to the normal +operating state, x11vnc gives it a few more seconds +to finish and exits if it does not make it to the +normal state. +.IP +For reverse connections via \fB-connect\fR or \fB-connect_or_exit\fR +a timeout of n seconds will be set for all reverse +connects. If the connect timeout alarm goes off, +x11vnc will exit immediately. .PP \fB-sleepin\fR \fIn\fR .IP @@ -568,7 +611,7 @@ Repeater mode: Some services provide an intermediate "vnc repeater": http://www.uvnc.com/addons/repeater.html (and also http://koti.mbnet.fi/jtko/ for linux port) -that acts as a proxy / gateway. Modes like these require +that acts as a proxy/gateway. Modes like these require an initial string to be sent for the reverse connection before the VNC protocol is started. Here are the ways to do this: @@ -686,6 +729,15 @@ work (see the FAQ). The \fB-remote\fR control mechanism uses X11VNC_REMOTE channel, and this option disables/enables it as well. Default: \fB-vncconnect\fR +.IP +To use different names for these X11 properties (e.g. to +have separate communication channels for multiple +x11vnc's on the same display) set the VNC_CONNECT or +X11VNC_REMOTE env. vars. to the string you want, for +example: \fB-env\fR X11VNC_REMOTE=X11VNC_REMOTE_12345 +Both sides of the channel must use the same unique name. +The same can be done for the internal X11VNC_TICKER +property (heartbeat and timestamp) if desired. .PP \fB-allow\fR \fIhost1[,host2..]\fR .IP @@ -868,23 +920,28 @@ and last line be "__BEGIN_VIEWONLY__" to have 2 full-access passwords) .PP +\fB-showrfbauth\fR \fIfilename\fR +.IP +Print to the screen the obscured VNC password kept in +the rfbauth file \fIfilename\fR and then exit. +.PP \fB-unixpw\fR \fI[list]\fR .IP Use Unix username and password authentication. x11vnc -uses the +will use the .IR su (1) -program to verify the user's password. -[list] is an optional comma separated list of allowed -Unix usernames. If the [list] string begins with the -character "!" then the entire list is taken as an -exclude list. See below for per-user options that can -be applied. +program to verify the user's +password. [list] is an optional comma separated list +of allowed Unix usernames. If the [list] string begins +with the character "!" then the entire list is taken +as an exclude list. See below for per-user options +that can be applied. .IP A familiar "login:" and "Password:" dialog is presented to the user on a black screen inside the vncviewer. The connection is dropped if the user fails to supply the correct password in 3 tries or does not -send one before a 25 second timeout. Existing clients +send one before a 45 second timeout. Existing clients are view-only during this period. .IP If the first character received is "Escape" then the @@ -896,8 +953,9 @@ .IR su (1) can vary from OS to OS and for local configurations, test the mode -carefully. x11vnc will attempt to be conservative and -reject a login if anything abnormal occurs. +before deployment to make sure it is working properly. +x11vnc will attempt to be conservative and reject a +login if anything abnormal occurs. .IP One case to note: FreeBSD and the other BSD's by default it is impossible for the user running x11vnc to @@ -932,7 +990,7 @@ to come from the same machine x11vnc is running on (e.g. from a ssh \fB-L\fR port redirection). And that the \fB-stunnel\fR SSL mode be used for encryption over the -network.(see the description of \fB-stunnel\fR below). +network. (see the description of \fB-stunnel\fR below). .IP Note: as a convenience, if you .IR ssh (1) @@ -949,24 +1007,27 @@ environment variables before starting x11vnc: .IP Set UNIXPW_DISABLE_SSL=1 to disable requiring either -\fB-ssl\fR or \fB-stunnel.\fR Evidently you will be using a -different method to encrypt the data between the -vncviewer and x11vnc: perhaps -.IR ssh (1) -or an IPSEC VPN. -.IP -Note that use of \fB-localhost\fR with +\fB-ssl\fR or \fB-stunnel\fR (as under SSH_CONNECTION.) Evidently +you will be using a different method to encrypt the +data between the vncviewer and x11vnc: perhaps .IR ssh (1) -is roughly -the same as requiring a Unix user login (since a Unix -password or the user's public key authentication is -used by sshd on the machine where x11vnc runs and only -local connections from that machine are accepted). +or an IPSEC VPN. \fB-localhost\fR is still enforced (however, +see the next paragraph.) .IP Set UNIXPW_DISABLE_LOCALHOST=1 to disable the \fB-localhost\fR -requirement in Method 2). One should never do this +requirement in \fB-unixpw\fR modes. One should never do this (i.e. allow the Unix passwords to be sniffed on the -network). +network.) This also disables the localhost requirement +for reverse connections (see below.) +.IP +Note that use of \fB-localhost\fR with +.IR ssh (1) +(and no \fB-unixpw)\fR +is roughly the same as requiring a Unix user login +(since a Unix password or the user's public key +authentication is used by sshd on the machine where +x11vnc runs and only local connections from that machine +are accepted). .IP Regarding reverse connections (e.g. \fB-R\fR connect:host and \fB-connect\fR host), when the \fB-localhost\fR constraint is @@ -984,7 +1045,7 @@ in \fB-inetd\fR mode (thereby bypassing inetd). See the FAQ for details. .IP -The user names in the comma separated [list] can have +The user names in the comma separated [list] may have per-user options after a ":", e.g. "fred:opts" where "opts" is a "+" separated list of "viewonly", "fullaccess", "input=XXXX", or @@ -992,13 +1053,13 @@ For "input=" it is the K,M,B,C described under \fB-input.\fR .IP If an item in the list is "*" that means those -options apply to all users. It also means all users +options apply to all users. It ALSO implies all users are allowed to log in after supplying a valid password. Use "deny" to explicitly deny some users if you use -"*" to set a global option. If [list] begins with -the "!" character then "*" is ignored for checking -if the user is allowed, but the any value of options -associated with it does apply as normal. +"*" to set a global option. If [list] begins with the +"!" character then "*" is ignored for checking if +the user is allowed, but the option values associated +with it do apply as normal. .IP There are also some utilities for testing password if [list] starts with the "%" character. See the @@ -1032,18 +1093,27 @@ NIS is not required for this mode to work (only that .IR getpwnam (3) return the encrypted password is required), -but it is unlikely it will work for any most modern -environments unless x11vnc is run as root to be able -to access /etc/shadow (note running as root is often -done when running x11vnc from inetd and xdm/gdm/kdm). +but it is unlikely it will work (as an ordinary user) +for most modern environments unless NIS is available. +On the other hand, when x11vnc is run as root it will +be able to to access /etc/shadow even if NIS is not +available (note running as root is often done when +running x11vnc from inetd and xdm/gdm/kdm). .IP Looked at another way, if you do not want to use the .IR su (1) -method provided by \fB-unixpw,\fR you can run x11vnc -as root and use \fB-unixpw_nis.\fR Any users with passwords -in /etc/shadow can then be authenticated. You may want -to use \fB-users\fR unixpw= to switch the process user after -the user logs in. +method provided by \fB-unixpw\fR (i.e. su_verify()), you +can run x11vnc as root and use \fB-unixpw_nis.\fR Any users +with passwords in /etc/shadow can then be authenticated. +.IP +In \fB-unixpw_nis\fR mode, under no circumstances is x11vnc's +user password verifying function based on su called +(i.e. the function su_verify() that runs /bin/su +in a pseudoterminal to verify passwords.) However, +if \fB-unixpw_nis\fR is used in conjunction with the \fB-find\fR +and \fB-create\fR \fB-display\fR WAIT:... modes then, if x11vnc is +running as root, /bin/su may be called externally to +run the find or create commands. .PP \fB-unixpw_cmd\fR \fIcmd\fR .IP @@ -1051,18 +1121,66 @@ .IR su (1) but rather run the externally supplied command \fIcmd\fR. The first -line of its stdin will the username and the second line -the received password. If the command exits with status -0 (success) the VNC client will be accepted. It will be -rejected for any other return status. -.IP -Dynamic passwords and non-unix passwords can be -implemented this way by providing your own custom helper -program. Note that under unixpw mode the remote viewer -is given 3 tries to enter the correct password. -.IP -If a list of allowed users is needed use \fB-unixpw\fR [list] -in addition to this option. +line of its stdin will be the username and the second +line the received password. If the command exits +with status 0 (success) the VNC user will be accepted. +It will be rejected for any other return status. +.IP +Dynamic passwords and non-unix passwords, e.g. LDAP, +can be implemented this way by providing your own custom +helper program. Note that the remote viewer is given 3 +tries to enter the correct password, and so the program +may be called in a row that many (or more) times. +.IP +If a list of allowed users is needed to limit who can +log in, use \fB-unixpw\fR [list] in addition to this option. +.IP +In FINDDISPLAY and FINDCREATEDISPLAY modes the \fIcmd\fR +will also be run with the RFB_UNIXPW_CMD_RUN env. var. +non-empty and set to the corresponding display +find/create command. The first two lines of input are +the username and passwd as in the normal case described +above. To support FINDDISPLAY and FINDCREATEDISPLAY, +\fIcmd\fR should run the requested command as the user +(and most likely refusing to run it if the password is +not correct.) Here is an example script (note it has +a hardwired bogus password "abc"!) +.IP +#!/bin/sh +# Example x11vnc \fB-unixpw_cmd\fR script. +# Read the first two lines of stdin (user and passwd) +read user +read pass +.IP +debug=0 +if [ $debug = 1 ]; then +echo "user: $user" 1>&2 +echo "pass: $pass" 1>&2 +env | egrep \fB-i\fR 'rfb|vnc' 1>&2 +fi +.IP +# Check if the password is valid. +# (A real example would use ldap lookup, etc!) +if [ "X$pass" != "Xabc" ]; then +exit 1 # incorrect password +fi +.IP +if [ "X$RFB_UNIXPW_CMD_RUN" = "X" ]; then +exit 0 # correct password +else +# Run the requested command (finddisplay) +if [ $debug = 1 ]; then +echo "run: $RFB_UNIXPW_CMD_RUN" 1>&2 +fi +exec /bin/su - "$user" \fB-c\fR "$RFB_UNIXPW_CMD_RUN" +fi +.IP +In \fB-unixpw_cmd\fR mode, under no circumstances is x11vnc's +user password verifying function based on su called +(i.e. the function su_verify() that runs /bin/su in a +pseudoterminal to verify passwords.) It is up to the +supplied unixpw_cmd to do user switching if desired +and if it has the permissions to do so. .PP \fB-find\fR .IP @@ -1086,6 +1204,27 @@ (i.e. all the X displays on the local machine that you have access rights to). .PP +\fB-findauth\fR \fI[disp]\fR +.IP +Apply the \fB-find/-finddpy\fR heuristics to try to guess +the XAUTHORITY file for DISPLAY 'disp'. If 'disp' +is not supplied, then the value in the \fB-display\fR on +the cmdline is used; failing that $DISPLAY is used; +and failing that ":0" is used. +.IP +If nothing is printed out, that means no XAUTHORITY was +found for 'disp'; i.e. failure. If "XAUTHORITY=" +is printed out, that means use the default (i.e. do +not set XAUTHORITY). If "XAUTHORITY=/path/to/file" +is printed out, then use that file. +.IP +XDM/GDM/KDM: if you are running x11vnc as root and want +to find the XAUTHORITY before anyone has logged into an +X session yet, use: x11vnc \fB-env\fR FD_XDM=1 \fB-findauth\fR ... +(This will also find the XAUTHORITY if a user is already +logged into the X session.) When running as root, +FD_XDM=1 will be tried if the initial \fB-findauth\fR fails. +.PP \fB-create\fR .IP First try to find the user's display using FINDDISPLAY, @@ -1134,6 +1273,10 @@ only require the \fB-unixpw\fR password. See the discussion under \fB-display\fR WAIT:... for more details about XDM, etc configuration. +.IP +Remember to enable XDMCP in the xdm-config, gdm.conf, +or kdmrc configuration file. See \fB-display\fR WAIT: for +more info. .PP \fB-sshxdmsvc\fR .IP @@ -1148,6 +1291,54 @@ only only require the SSH login. See the discussion under \fB-display\fR WAIT:... for more details about XDM, etc configuration. +.IP +Remember to enable XDMCP in the xdm-config, gdm.conf, +or kdmrc configuration file. See \fB-display\fR WAIT: for +more info. +.PP +\fB-unixpw_system_greeter\fR +.IP +Present a "Press 'Escape' for System Greeter" option +to the connecting VNC client in combined \fB-unixpw\fR +and xdmcp FINDCREATEDISPLAY modes (e.g. \fB-xdmsvc).\fR +.IP +Normally in a \fB-unixpw\fR mode the VNC client must +supply a valid username and password to gain access. +However, if \fB-unixpw_system_greeter\fR is supplied AND +the FINDCREATEDISPLAY command matches 'xdmcp', then +the user has the option to press Escape and then get a +XDM/GDM/KDM login/greeter panel instead. They will then +supply a username and password directly to the greeter. +.IP +Otherwise, in xdmcp FINDCREATEDISPLAY mode the user +must supply his username and password TWICE. First to +the initial unixpw login dialog, and second to the +subsequent XDM/GDM/KDM greeter. Note that if the user +re-connects and supplies his username and password in +the unixpw dialog the xdmcp greeter is skipped and +he is connected directly to his existing X session. +So the \fB-unixpw_system_greeter\fR option avoids the extra +password at X session creation time. +.IP +Example: x11vnc \fB-xdmsvc\fR \fB-unixpw_system_greeter\fR +See \fB-unixpw\fR and \fB-display\fR WAIT:... for more info. +.IP +The special options after a colon at the end of the +username (e.g. user:solid) described under \fB-display\fR +WAIT: are also applied in this mode if they are typed +in before the user hits Escape. The username is ignored +but the colon options are not. +.IP +The default message is 2 lines in a small font, set +the env. var. X11VNC_SYSTEM_GREETER1=true for a 1 line +message in a larger font. +.IP +If the user pressed Escape the FINDCREATEDISPLAY command +will be run with the env. var. X11VNC_XDM_ONLY=1. +.IP +Remember to enable XDMCP in the xdm-config, gdm.conf, +or kdmrc configuration file. See \fB-display\fR WAIT: for +more info. .PP \fB-redirect\fR \fIport\fR .IP @@ -1214,19 +1405,26 @@ .IP xauth extract - $DISPLAY" .IP -In the case of \fB-unixpw\fR (but not \fB-unixpw_nis),\fR then the -cmd= command is run as the user who just authenticated -via the login and password prompt. +In the case of \fB-unixpw\fR (and \fB-unixpw_nis\fR only if x11vnc +is running as root), then the cmd= command is run +as the user who just authenticated via the login and +password prompt. +.IP +In the case of \fB-unixpw_cmd,\fR the commands will also be +run as the logged-in user, as long as the user-supplied +helper program supports RFB_UNIXPW_CMD_RUN (see the +\fB-unixpw_cmd\fR option.) .IP Also in the case of \fB-unixpw,\fR the user logging in can place a colon at the end of her username and supply a few options: scale=, scale_cursor= (or sc=), solid -(or so), id=, clear_mods (or cm), clear_keys (or ck), -repeat, speeds= (or sp=), readtimeout= (or rd=), -rotate= (or ro=), or noncache (or nc), all separated by -commas if there is more than one. After the user logs -in successfully, these options will be applied to the -VNC screen. For example, +(or so), id=, clear_mods (or cm), clear_keys (or +ck), clear_all (or ca), repeat, speeds= (or sp=), +readtimeout= (or rd=), viewonly (or vo), nodisplay= +(or nd=), rotate= (or ro=), or noncache (or nc), +all separated by commas if there is more than one. +After the user logs in successfully, these options will +be applied to the VNC screen. For example, .IP login: fred:scale=3/4,sc=1,repeat Password: ... @@ -1238,6 +1436,9 @@ your long "login:" line press the Up arrow once (before typing anything else). .IP +In the login panel, press F1 to get a list of the +available options that you can add after the username. +.IP Another option is "geom=WxH" or "geom=WxHxD" (or ge=). This only has an effect in FINDCREATEDISPLAY mode when a virtual X server such as Xvfb is going @@ -1249,6 +1450,12 @@ (same as "xterm") to have the created display use that mode for the user session. .IP +Specify "tag=..." to set the unique FD_TAG desktop +session tag described below. Note: this option will +be ignored if the FD_TAG env. var. is already set or +if the viewer-side supplied value is not completely +composed of alphanumeric or '_' or '-' characters. +.IP To disable the option setting set the environment variable X11VNC_NO_UNIXPW_OPTS=1 before starting x11vnc. To set any other options, the user can use the gui @@ -1299,6 +1506,12 @@ for how to disable this for dtgreet on Solaris and possibly for other greeters. .IP +In \fB-find/cmd=FINDDISPLAY\fR mode, if you set FD_XDM=1, +e.g. 'x11vnc \fB-env\fR FD_XDM=1 \fB-find\fR ...' and x11vnc is +running as root (e.g. inetd) then it will try to find +the XAUTHORITY file of a running XDM/GDM/KDM login +greeter (i.e. no user has logged into an X session yet.) +.IP As another special case, WAIT:cmd=HTTPONCE will allow x11vnc to service one http request and then exit. This is usually done in \fB-inetd\fR mode to run on, say, @@ -1317,7 +1530,9 @@ ignore in the finding process. The ":" is optional. Ranges n-m e.g. 0-20 can also be supplied. This string can also be set by the connecting user via "nd=" -using "+" instead of "," +using "+" instead of "," If "nd=all" or you set +X11VNC_SKIP_DISPLAY=all then all display finding fails +as if you set X11VNC_FINDDISPLAY_ALWAYS_FAILS=1 (below.) .IP Automatic Creation of User X Sessions: .IP @@ -1333,8 +1548,8 @@ It will start looking for an open display number at :20 Override via X11VNC_CREATE_STARTING_DISPLAY_NUMBER=n .IP -By default FINDCREATEDISPLAY will try Xdummy and then -Xvfb: +By default FINDCREATEDISPLAY will try Xvfb and then +Xdummy: .IP The Xdummy wrapper is part of the x11vnc source code (x11vnc/misc/Xdummy) It should be available in PATH and @@ -1377,6 +1592,8 @@ If for some reason you do not want x11vnc to ever try to find an existing display set the env. var X11VNC_FINDDISPLAY_ALWAYS_FAILS=1 (also \fB-env\fR ...) +This is the same as setting X11VNC_SKIP_DISPLAY=all or +supplying "nd=all" after "username:" .IP Use WAIT:cmd=FINDCREATEDISPLAY-print to print out the script that is used for this. @@ -1410,12 +1627,15 @@ be the full path to the session/windowmanager program. .IP More FD tricks: FD_CUPS=port or FD_CUPS=host:port -will set the cups printing environment. Similarly -for FD_ESD=port or FD_ESD=host:port for esddsp sound -redirection. FD_XDUMMY_NOROOT means the Xdummy server -does not need to be started as root (e.g. it will sudo -automatically). Set FD_EXTRA to a command to be run -a few seconds after the X server starts up. +will set the cups printing environment. Similarly for +FD_ESD=port or FD_ESD=host:port for esddsp sound +redirection. FD_XDUMMY_NOROOT means the Xdummy +server does not need to be started as root (e.g. it +will sudo automatically). Set FD_EXTRA to a command +to be run a few seconds after the X server starts up. +Set FD_TAG to be a unique name for the session, it is +set as an X property, that makes FINDDISPLAY only find +sessions with that tag value. .IP If you want the FINDCREATEDISPLAY session to contact an XDMCP login manager (xdm/gdm/kdm) on the same machine, @@ -1497,8 +1717,9 @@ Otherwise in \fB-unixpw\fR mode the normal login panel is provided. .IP -You *MUST* supply the \fB-ssl\fR option for VeNCrypt to be -active. This option only fine-tunes its operation. +You *MUST* supply the \fB-ssl\fR option for VeNCrypt to +be active. The \fB-vencrypt\fR option only fine-tunes its +operation. .PP \fB-anontls\fR \fImode\fR .IP @@ -1535,8 +1756,9 @@ .IP Long example: \fB-anontls\fR newdh:plain:support .IP -You *MUST* supply the \fB-ssl\fR option for ANONTLS to be -active. This option only fine-tunes its operation. +You *MUST* supply the \fB-ssl\fR option for ANONTLS to +be active. The \fB-anontls\fR option only fine-tunes its +operation. .PP \fB-sslonly\fR .IP @@ -1567,16 +1789,17 @@ .IP Use the openssl library (www.openssl.org) to provide a built-in encrypted SSL/TLS tunnel between VNC viewers -and x11vnc. This requires libssl support to be compiled -into x11vnc at build time. If x11vnc is not built -with libssl support it will exit immediately when \fB-ssl\fR -is prescribed. +and x11vnc. This requires libssl support to be +compiled into x11vnc at build time. If x11vnc is not +built with libssl support it will exit immediately when +\fB-ssl\fR is prescribed. See the \fB-stunnel\fR option below for +an alternative. .IP The VNC Viewer-side needs to support SSL/TLS as well. See this URL and also the discussion below for ideas on how to enable SSL support for the viewer: http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tun -nel-viewers x11vnc provides an SSL enabled Java +nel-viewers . x11vnc provides an SSL enabled Java viewer applet in the classes/ssl directory (-http or \fB-httpdir\fR options.) The SSVNC viewer package supports SSL tunnels too. @@ -1669,11 +1892,16 @@ Thus only passive network sniffing attacks are avoided: the "ANON" method is susceptible to Man-In-The-Middle attacks. "ANON" is not recommended; instead use -a SSL PEM you created or the defaut "SAVE" method. +a SSL PEM you created or the default "SAVE" method. .IP See \fB-ssldir\fR below to use a directory besides the default ~/.vnc/certs .IP +If your x11vnc binary was not compiled with OpenSSL +library support, use of the \fB-ssl\fR option will induce an +immediate failure and exit. For such binaries, consider +using the \fB-stunnel\fR option for SSL encrypted connections. +.IP Misc Info: In temporary cert creation mode "TMP", set the env. var. X11VNC_SHOW_TMP_PEM=1 to have x11vnc print out the entire certificate, including the PRIVATE KEY @@ -1689,7 +1917,7 @@ Set to zero to poll forever. Set to a negative value to use the builtin setting. .IP -Note that this value does not apply to the *initial* ssl +Note that this value does NOT apply to the *initial* ssl init connection. The default timeout for that is 20sec. Use \fB-env\fR SSL_INIT_TIMEOUT=n to modify it. .PP @@ -1783,7 +2011,7 @@ how to set up and manage the CA framework. .IP NOTE: the following utilities, \fB-sslGenCA,\fR \fB-sslGenCert,\fR -\fB-sslEncKey,\fR and \fB-sslCertInfo\fR are provided for +\fB-sslEncKey,\fR \fB-sslCertInfo,\fR and \fB-sslCRL\fR are provided for completeness, but for casual usage they are overkill. .IP They provide VNC Certificate Authority (CA) key creation @@ -1837,8 +2065,9 @@ \fB-sslCRL\fR \fIpath\fR .IP Set the Certificate Revocation Lists (CRL) to \fIpath\fR. +This setting applies for both \fB-ssl\fR and \fB-stunnel\fR modes. .IP -If path is a file, the file contains one more more CRLs +If path is a file, the file contains one or more CRLs in PEM format. If path is a directory, it contains hash named files of CRLs in the usual OpenSSL manner. See the OpenSSL and @@ -1852,6 +2081,10 @@ The \fB-sslCRL\fR setting will be ignored when \fB-sslverify\fR is not specified. .IP +Note that if a CRL's expiration date has passed, all +SSL connections will fail regardless of if they are +related to the subject of the CRL or not. +.IP Only rarely will one's x11vnc \fB-ssl\fR infrastructure be so large that this option would be useful (since normally maintaining the contents of the \fB-sslverify\fR file or @@ -1970,11 +2203,13 @@ .IP Similar to \fB-sslGenCA,\fR you will be prompted to fill in some information that will be recorded in the -certificate when it is created. Tip: if you know -the fully-qualified hostname other people will be -connecting to you can use that as the CommonName "CN" -to avoid some applications (e.g. web browsers and java -plugin) complaining it does not match the hostname. +certificate when it is created. +.IP +Tip: if you know the fully-qualified hostname other +people will be connecting to, you can use that as the +CommonName "CN" to avoid some applications (e.g. web +browsers and java plugin) complaining that it does not +match the hostname. .IP You will also need to supply the CA private key passphrase to unlock the private key created from @@ -1998,14 +2233,14 @@ the cert and private key. The .crt contains the certificate only. .IP -NOTE: It is very important to know one should always +NOTE: It is very important to know one should generate new keys with a passphrase. Otherwise if an untrusted user steals the key file he could use it to masquerade as the x11vnc server (or VNC viewer client). You will be prompted whether to encrypt the key with a passphrase or not. It is recommended that you do. One inconvenience to a passphrase is that it must -be suppled every time x11vnc or the client app is +be typed in EVERY time x11vnc or the client app is started up. .IP Examples: @@ -2116,16 +2351,30 @@ .IP This external tunnel method was implemented prior to the integrated \fB-ssl\fR encryption described above. It still -works well. This requires stunnel to be installed -on the system and available via PATH (n.b. stunnel is -often installed in sbin directories). Version 4.x of -stunnel is assumed (but see \fB-stunnel3\fR below.) +works well and avoids the requirement of linking with +the OpenSSL libraries. This mode requires stunnel +to be installed on the system and available via PATH +(n.b. stunnel is often installed in sbin directories). +Version 4.x of stunnel is assumed (but see \fB-stunnel3\fR +below.) .IP [pem] is optional, use "\fB-stunnel\fR \fI/path/to/stunnel.pem\fR" to specify a PEM certificate file to pass to stunnel. -Whether one is needed or not depends on your stunnel -configuration. stunnel often generates one at install -time. See the stunnel documentation for details. +See the \fB-ssl\fR option for more info on certificate files. +.IP +Whether or not your stunnel has its own certificate +depends on your stunnel configuration; stunnel often +generates one at install time. See your stunnel +documentation for details. In any event, if you want to +use this certificate you must supply the full path to it +as [pem]. Note: the file may only be readable by root. +.IP +[pem] may also be the special strings "TMP", "SAVE", +and "SAVE..." as described in the \fB-ssl\fR option. +If [pem] is not supplied, "SAVE" is assumed. +.IP +Note that the VeNCrypt, ANONTLS, and "ANON" modes +are not supported in \fB-stunnel\fR mode. .IP stunnel is started up as a child process of x11vnc and any SSL connections stunnel receives are decrypted and @@ -2133,22 +2382,37 @@ "The SSL VNC desktop is ..." and "SSLPORT=..." are printed out at startup to indicate this. .IP -The \fB-localhost\fR option is enforced by default -to avoid people routing around the SSL channel. -Set STUNNEL_DISABLE_LOCALHOST=1 before starting x11vnc -to disable the requirement. -.IP -Your VNC viewer will also need to be able to connect via -SSL. Unfortunately not too many do this. UltraVNC has -an encryption plugin but it does not seem to be SSL. -.IP -Also, in the x11vnc distribution, a patched TightVNC -Java applet is provided in classes/ssl that does SSL -connections (only). -.IP -It is also not too difficult to set up an stunnel or -other SSL tunnel on the viewer side. A simple example -on Unix using stunnel 3.x is: +The \fB-localhost\fR option is enforced by default to avoid +people routing around the SSL channel. Use \fB-env\fR +STUNNEL_DISABLE_LOCALHOST=1 to disable this security +requirement. +.IP +Set \fB-env\fR STUNNEL_DEBUG=1 for more debugging printout. +.IP +Your VNC viewer will also need to be able to connect +via SSL. Unfortunately not too many do this. See the +information about SSL viewers under the \fB-ssl\fR option. +.IP +Also, in the x11vnc distribution, patched TightVNC +and UltraVNC Java applet jar files are provided in +the classes/ssl directory that do SSL connections. +Enable serving them with the \fB-http,\fR \fB-http_ssl,\fR \fB-https,\fR +or \fB-httpdir\fR (see the option descriptions for more info.) +.IP +Note that for the Java viewer applet usage the +"?PORT=xxxx" in the various URLs printed at startup +will need to be supplied to the web browser to connect +properly. +.IP +Currently the automatic "single port" HTTPS mode of +\fB-ssl\fR is not fully supported in \fB-stunnel\fR mode. However, +it can be emulated via: +.IP +% x11vnc \fB-stunnel\fR \fB-http_ssl\fR \fB-http_oneport\fR ... +.IP +In general, it is also not too difficult to set up +an stunnel or other SSL tunnel on the viewer side. +A simple example on Unix using stunnel 3.x is: .IP % stunnel \fB-c\fR \fB-d\fR localhost:5901 \fB-r\fR remotehost:5900 % vncviewer localhost:1 @@ -2160,7 +2424,8 @@ \fB-stunnel3\fR \fI[pem]\fR .IP Use version 3.x stunnel command line syntax instead of -version 4.x +version 4.x. The \fB-http/-httpdir\fR Java applet serving +is currently not available in this mode. .PP \fB-enc\fR \fIcipher:keyfile\fR .IP @@ -2181,7 +2446,7 @@ Note that this mode will NOT work with the UltraVNC DSM plugins because they alter the RFB protocol in addition to tunnelling with the symmetric cipher (an unfortunate -choice of implementation). +choice of implementation...) .IP cipher can be one of: arc4, aesv2, aes-cfb, blowfish, aes256, or 3des. See the OpenSSL documentation for @@ -2257,9 +2522,9 @@ .PP \fB-https\fR \fI[port]\fR .IP -Use a special, separate HTTPS port (-ssl mode only) -for HTTPS Java viewer applet downloading. I.e. not 5900 -and not 5800 (the defaults.) +Use a special, separate HTTPS port (-ssl and +\fB-stunnel\fR modes only) for HTTPS Java viewer applet +downloading. I.e. not 5900 and not 5800 (the defaults.) .IP BACKGROUND: In \fB-ssl\fR mode, it turns out you can use the single VNC port (e.g. 5900) for both VNC and HTTPS @@ -2279,6 +2544,8 @@ or VNC Viewer applet. That's right 3 separate "Are you sure you want to connect?" dialogs!) .IP +END OF BACKGROUND. +.IP USAGE: So use the \fB-https\fR option to provide a separate, more reliable HTTPS port that x11vnc will listen on. If [port] is not provided (or is 0), one is autoselected. @@ -2313,10 +2580,26 @@ https://mygateway.com:8000/?PORT=8000. To avoid having to include the PORT= in the browser URL, simply supply "\fB-httpsredir\fR" to x11vnc. +.IP +This option does not work in \fB-stunnel\fR mode. +.IP +More tricks: set the env var X11VNC_EXTRA_HTTPS_PARAMS +to be extra URL parameters to use. This way you do +not need to specify extra PARAMS in the index.vnc file. +E.g. x11vnc \fB-env\fR X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' ... +.IP +If you do not want to expose the non-SSL HTTP port to +the network (i.e. you just want the single VNC/HTTPS +port, e.g. 5900, open for connections) then specify the +option \fB-env\fR X11VNC_HTTP_LISTEN_LOCALHOST=1 This way +the connection to the libvncserver httpd server will +only be available on localhost (note that in \fB-ssl\fR mode, +HTTPS requests are redirected from SSL to the non-SSL +libvncserver HTTP server.) .PP \fB-http_oneport\fR .IP -For un-encrypted connections mode (i.e. no \fB-ssl,\fR +For UN-encrypted connections mode (i.e. no \fB-ssl,\fR \fB-stunnel,\fR or \fB-enc\fR options), allow the Java VNC Viewer applet to be downloaded thru the VNC port via HTTP. .IP @@ -2345,6 +2628,10 @@ The \fB-httpsredir\fR option may also be useful for this mode when using an SSH tunnel as well as for router port redirections. +.IP +Note that the \fB-env\fR X11VNC_HTTP_LISTEN_LOCALHOST=1 +option described above under \fB-httpsredir\fR applies for +the libvncserver httpd server in all cases (ssl or not.) .PP \fB-ssh\fR \fIuser@host:disp\fR .IP @@ -2684,19 +2971,24 @@ e.g. "darkblue" or numerical "#RRGGBB"). .IP Currently this option only works on GNOME, KDE, CDE, -and classic X (i.e. with the background image on the -root window). The "gconftool-2" and "dcop" external -commands are run for GNOME and KDE respectively. -Other desktops won't work, e.g. Xfce (send us the -corresponding commands if you find them). If x11vnc is -running as root ( +XFCE, and classic X (i.e. with the background image +on the root window). The "gconftool-2", "dcop" +and "xfconf-query" external commands are run for +GNOME, KDE, and XFCE respectively. This also works +on native MacOSX. (There is no color selection for +MacOSX or XFCE.) Other desktops won't work, (send +us the corresponding commands if you find them). +If x11vnc is running as root ( .IR inetd (8) or .IR gdm (1) -), the \fB-users\fR option -may be needed for GNOME and KDE. If x11vnc guesses -your desktop incorrectly, you can force it by prefixing -color with "gnome:", "kde:", "cde:" or "root:". +), +the \fB-users\fR option may be needed for GNOME, KDE, XFCE. +If x11vnc guesses your desktop incorrectly, you can +force it by prefixing color with "gnome:", "kde:", +"cde:", "xfce:", or "root:". +.IP +Update: \fB-solid\fR no longer works on KDE4. .IP This mode works in a limited way on the Mac OS X Console with one color ('kelp') using the screensaver writing @@ -2886,7 +3178,12 @@ \fB-q,\fR \fB-quiet\fR .IP Be quiet by printing less informational output to -stderr. +stderr. (use \fB-noquiet\fR to undo an earlier \fB-quiet.)\fR +.IP +The \fB-quiet\fR option does not eliminate all informational +output, it only reduces it. It is ignored in most +auxiliary usage modes, e.g. \fB-storepasswd.\fR To eliminate +all output use: 2>/dev/null 1>&2, etc. .PP \fB-v,\fR \fB-verbose\fR .IP @@ -3267,6 +3564,14 @@ .IP Do not use the XFIXES extension to draw the exact cursor shape even if it is available. +.IP +Note: To work around a crash in Xorg 1.5 and later +some people needed to use \fB-noxfixes.\fR The Xorg crash +occurred right after a Display Manager (e.g. GDM) login. +Starting with x11vnc 0.9.9 it tries to automatically +avoid using XFIXES until it is sure a window manager +is running. See the \fB-reopen\fR option for more info and +how to use X11VNC_AVOID_WINDOWS=never to disable it. .PP \fB-alphacut\fR \fIn\fR .IP @@ -3364,6 +3669,12 @@ .IP \fB-buttonmap\fR currently does not work on MacOSX console or in \fB-rawfb\fR mode. +.IP +Workaround: use \fB-buttonmap\fR IJ...-LM...=n to limit the +number of mouse buttons to n, e.g. 123-123=3. This will +prevent x11vnc from crashing if the X server reports +there are 5 buttons (4/5 scroll wheel), but there are +only really 3. .PP \fB-nodragging\fR .IP @@ -3379,7 +3690,7 @@ (an integer) times that of the full display is allocated below the actual framebuffer to cache screen contents for rapid retrieval. So a W x H frambuffer is expanded -to a W x (n+1)*H one. Use 0 to disable. Default: XXX. +to a W x (n+1)*H one. Use 0 to disable. .IP The \fIn\fR is actually optional, the default is 10. .IP @@ -3387,13 +3698,17 @@ abbreviate "\fB-ncache\fR" with "\fB-nc\fR". Also, "\fB-nonc\fR" is the same as "\fB-ncache\fR \fI0\fR" .IP -This is an experimental option, currently implemented -in an awkward way in that in the VNC Viewer you can -see the cache contents if you scroll down, etc. So you +This is an experimental option, currently implemented in +an awkward way in that in the VNC Viewer you can see the +pixel cache contents if you scroll down, etc. So you will have to set things up so you can't see that region. If this method is successful, the changes required for clients to do this less awkwardly will be investigated. .IP +The SSVNC viewer does a good job at automatically hiding +the pixel cache region. Or use SSVNC's \fB-ycrop\fR option +to explicitly hide the region. +.IP Note that this mode consumes a huge amount of memory, both on the x11vnc server side and on the VNC Viewer side. If n=2 then the amount of RAM used is roughly @@ -3977,7 +4292,7 @@ .PP \fB-defer\fR \fItime\fR .IP -Time in ms to wait for updates before sending to client +Time in ms to delay sending updates to connected clients (deferUpdateTime) Default: 20 .PP \fB-wait\fR \fItime\fR @@ -3985,6 +4300,17 @@ Time in ms to pause between screen polls. Used to cut down on load. Default: 20 .PP +\fB-extra_fbur\fR \fIn\fR +.IP +Perform extra FrameBufferUpdateRequests checks to +try to be in better sync with the client's requests. +What this does is perform extra polls of the client +socket at critical times (before '-defer' and '-wait' +calls.) The default is n=1. Set to a larger number to +insert more checks or set to n=0 to disable. A downside +of these extra calls is that more mouse input may be +processed than desired. +.PP \fB-wait_ui\fR \fIfactor\fR .IP Factor by which to cut the \fB-wait\fR time if there @@ -4040,14 +4366,14 @@ .IP Time in seconds after NO activity (e.g. screen blank) to really throttle down the screen polls (i.e. sleep -for about 1.5 secs). Use 0 to disable. Default: 20 +for about 1.5 secs). Use 0 to disable. Default: 60 .PP \fB-readtimeout\fR \fIn\fR .IP Set libvncserver rfbMaxClientWait to n seconds. On slow links that take a long time to paint the first screen libvncserver may hit the timeout and drop the -connection. Default: 60 seconds. +connection. Default: 20 seconds. .PP \fB-ping\fR \fIn\fR .IP @@ -4222,10 +4548,7 @@ for output) are created to handle each new client. Default: \fB-nothreads.\fR .IP -NOTE: The \fB-threads\fR mode may be disabled due to its -unstable behavior. If it is disabled, a warning is -printed out. Stability has been improved in version -0.9.8 and so the feature has been re-enabled. +Thread stability is much improved in version 0.9.8. .IP Multiple clients in threaded mode should be stable for the ZRLE encoding on all platforms. The Tight and @@ -4233,9 +4556,14 @@ multiple clients. Compile with \fB-DTLS=__thread\fR if your OS and compiler and linker support it. .IP +For resizes (randr, etc.) set this env. var. to the number +of milliseconds to sleep: X11VNC_THREADS_NEW_FB_SLEEP +at various places in the do_new_fb() action. This is to +let various activities settle. Default is about 500ms. +.IP Multiple clients in threaded mode could yield better -performance for 'class-room' broadcasting usage. -See also the \fB-reflect\fR option. +performance for 'class-room' broadcasting usage; also in +\fB-appshare\fR broadcast mode. See also the \fB-reflect\fR option. .PP \fB-fs\fR \fIf\fR .IP @@ -4923,6 +5251,28 @@ gui process can run on a different machine from the x11vnc server as long as X permissions, etc. permit communication between the two. +.IP +FONTS: On some systems the tk fonts can be too small, +jagged, or otherwise unreadable. There are 4 env vars +you can set to be the tk font you prefer: +.IP +X11VNC_FONT_BOLD main font for menus and buttons. +X11VNC_FONT_FIXED font for fixed width text. +.IP +X11VNC_FONT_BOLD_SMALL tray icon font. +X11VNC_FONT_REG_SMALL tray icon menu font. +.IP +The last two only apply for the tray icon mode. +.IP +Here are some examples: +.IP +\fB-env\fR X11VNC_FONT_BOLD='Helvetica \fB-16\fR bold' +\fB-env\fR X11VNC_FONT_FIXED='Courier \fB-14'\fR +\fB-env\fR X11VNC_FONT_REG_SMALL='Helvetica \fB-12'\fR +.IP +You can put the lines like the above (without the +quotes) in your ~/.x11vncrc file to avoid having to +specify them on the x11vnc command line. .PP \fB-remote\fR \fIcommand\fR .IP @@ -4949,6 +5299,25 @@ \'x11vnc \fB-R\fR shared' will enable shared connections, and \'x11vnc \fB-R\fR scale:3/4' will rescale the desktop. .IP +To use a different name for the X11 property (e.g. to +have separate communication channels for multiple +x11vnc's on the same display) set the X11VNC_REMOTE +environment variable to the string you want, for +example: \fB-env\fR X11VNC_REMOTE=X11VNC_REMOTE_12345 +Both sides of the channel must use the same unique name. +.IP +To run a bunch of commands in a sequence use something +like: x11vnc \fB-R\fR 'script:firstcmd;secondcmd;...' +.IP +Use x11vnc \fB-R\fR script:file=/path/to/file to read commands +from a file (can be multi-line and use the comment '#' +character in the normal way. The ';' separator must +still be used to separate each command.) +.IP +To not try to contact another x11vnc process and instead +just run the command (or query) directly, prefix the +command with the string "DIRECT:" +.IP .IP The following \fB-remote/-R\fR commands are supported: .IP @@ -4956,7 +5325,10 @@ "exit" or "shutdown". .IP ping see if the x11vnc server responds. -Return is: ans=ping: +return is: ans=ping: +.IP +ping:mystring as above, but use your own unique string. +return is: ans=ping:mystring: .IP blacken try to push a black fb update to all clients (due to timings a client @@ -4972,6 +5344,13 @@ .IP sid:windowid set \fB-sid\fR window to "windowid" .IP +id_cmd:cmd cmds: raise, lower, map, unmap, iconify, +move:dXdY, resize:dWdH, geom:WxH+X+Y. dX +dY, dW, and dH must have a leading "+" +or "-" e.g.: move:-30+10 resize:+20+35 +also: wm_delete, wm_name:string and +icon_name:string. Also id_cmd:win=N:cmd +.IP waitmapped wait until subwin is mapped. .IP nowaitmapped do not wait until subwin is mapped. @@ -5110,6 +5489,8 @@ .IP nograbalways disable \fB-grabalways\fR mode. .IP +grablocal:n set \fB-grablocal\fR to n. +.IP client_input:str set the K, M, B \fB-input\fR on a per-client basis. select which client as for disconnect, e.g. client_input:host:MB @@ -5258,6 +5639,12 @@ .IP seldir:str set \fB-seldir\fR to "str" .IP +resend_cutbuffer resend the most recent CUTBUFFER0 copy +.IP +resend_clipboard resend the most recent CLIPBOARD copy +.IP +resend_primary resend the most recent PRIMARY copy +.IP cursor:mode enable \fB-cursor\fR "mode". .IP show_cursor enable showing a cursor. @@ -5401,10 +5788,44 @@ .IP nodebug_keyboard disable \fB-debug_keyboard,\fR same as "nodk" .IP +keycode:n inject keystroke 'keycode' (xmodmap \fB-pk)\fR +.IP +keycode:n,down inject 'keycode' (down=0,1) +.IP +keysym:str inject keystroke 'keysym' (number/name) +.IP +keysym:str,down inject 'keysym' (down=0,1) +.IP +ptr:x,y,mask inject pointer event x, y, button-mask +.IP +fakebuttonevent:button,down direct XTestFakeButtonEvent. +.IP +sleep:t sleep floating point time t. +.IP +get_xprop:p get X property named 'p'. +.IP +set_xprop:p:val set X property named 'p' to 'val'. +p -> id=NNN:p for hex/dec window id. +.IP +wininfo:id get info about X window id. use 'root' +for root window, use +id for children. +.IP +grab_state get state of pointer and keyboard grab. +.IP +pointer_pos print XQueryPointer x,y cursor position. +.IP +mouse_x print x11vnc's idea of cursor position. +.IP +mouse_y print x11vnc's idea of cursor position. +.IP +noop do nothing. +.IP defer:n set \fB-defer\fR to n ms,same as deferupdate:n .IP wait:n set \fB-wait\fR to n ms. .IP +extra_fbur:n set \fB-extra_fbur\fR to n. +.IP wait_ui:f set \fB-wait_ui\fR factor to f. .IP setdefer:n set \fB-setdefer\fR to \fB-2,-1,0,1,\fR or 2. @@ -5481,6 +5902,8 @@ .IP uinput_accel:f set uinput_accel to f. .IP +uinput_thresh:n set uinput_thresh to n. +.IP uinput_reset:n set uinput_reset to n ms. .IP uinput_always:n set uinput_always to 1/0. @@ -5514,7 +5937,11 @@ .IP macmenu enable \fB-macmenu\fR mode. .IP -macnomenu disable \fB-macnmenu\fR mode. +macnomenu disable \fB-macmenu\fR mode. +.IP +macuskbd enable \fB-macuskbd\fR mode. +.IP +macnouskbd disable \fB-macuskbd\fR mode. .IP httpport:n set \fB-httpport\fR to n. .IP @@ -5580,33 +6007,116 @@ it cannot be turned back on. .IP .IP +bcx_xattach:str This remote control command is for +use with the BARCO xattach program or the x2x program. +Both of these programs are for 'pointer and keyboard' +sharing between separate X displays. In general the +two displays are usually nearby, e.g. on the same desk, +and this allows the user to share a single pointer and +keyboard between them. The user moves the mouse to +an edge and then the mouse pointer appears to 'jump' +to the other display screen. Thus it emulates what a +single X server would do for two screens (e.g. :0.0 and +:0.1) The illusion of a single Xserver with multiple +screens is achieved by forwarding events to the 2nd +one via the XTEST extension. +.IP +What the x11vnc bcx_xattach command does is to perform +some pointer movements to try to INDUCE xattach/x2x +to 'jump' to the other display. In what follows the +\'master' display refers to the one that when it has +\'focus' it is basically doing nothing besides watching +for the mouse to go over an edge. The 'slave' +display refers to the one to which the mouse and +keyboard is redirected to once an edge in the master +has been crossed. Note that the x11vnc executing the +bcx_xattach command MUST be the one connected to the +*master* display. +.IP +Also note that when input is being redirected (via +XTEST) from the master display to the slave display, +the master display's pointer and keyboard are *grabbed* +by xattach/x2x. x11vnc can use this info to verify that +the master/slave mode change has taken place correctly. +If you specify the "ifneeded" option (see below) +and the initial grab state is that of the desired +final state, then no pointer movements are injected +and "DONE,GRAB_OK" is returned. +.IP +"str" must contain one of "up", "down", "left", +or "right" to indicate the direction of the 'jump'. +"str" must also contain one of "master_to_slave" +or "slave_to_master" to indicate the type of mode +change induced by the jump. Use "M2S" and "S2M" +as shorter aliases. +.IP +"str" may be a "+" separated list of additional +tuning options. The "shift=n" option indicates an +offset shift position away from (0,0) (default 20). +"final=x+y" specifies the final position of the cursor +at the end of the normal move sequence; default 30+30. +"extra_move=x+y" means to do one more pointer move +after "final" to x+y. "dt=n" sets the sleep time +in milliseconds between pointer moves (default: 40ms) +"retry=n" specifies the maximum number of retries if +the grab state change fails. "ifneeded" means to not +apply the pointer movements if the initial grab state is +that of the desired final state. "nograbcheck" means +to not check if the grab state changed as expected and +only apply the pointer movements (default is to check +the grab states.) +.IP +If you do not specify "up", etc., to bcx_xattach +nothing will be attempted and the command returns +the string FAIL,NO_DIRECTION_SPECIFIED. If you do +not specify "master_to_slave" or "M2S", etc., to +bcx_xattach nothing will be attempted and the command +returns the string FAIL,NO_MODE_CHANGE_SPECIFIED. +.IP +Otherwise, the returned string will contain "DONE". +It will be "DONE,GRAB_OK" if the grab state changed +as expected (or if "ifneeded" was supplied and +the initial grab state was already the desired +one.) If the initial grab state was incorrect, +but the final grab state was correct then it is +"DONE,GRAB_FAIL_INIT". If the initial grab state +was correct, but the final grab state was incorrect +then it is "DONE,GRAB_FAIL_FINAL". If both are +incorrect it will be "DONE,GRAB_FAIL". Under grab +failure the string will be followed by ":p1,k1-p2,k2" +where p1,k1 indicates the initial pointer and keyboard +grab states and p2,k2 the final ones. If GRAB_FAIL or +GRAB_FAIL_FINAL occurs, the action will be retried up +to 3 times; trying to reset the state and sleeping a +bit between each try. Set retry=n to adjust the number +of retries, zero to disable retries. +.IP +Examples: +\fB-R\fR bcx_xattach:down+M2S +\fB-R\fR bcx_xattach:up+S2M +\fB-R\fR bcx_xattach:up+S2M+nograbcheck+dt=30 +\fB-R\fR bcx_xattach:down+M2S+extra_move=100+100 +.IP +or use \fB-Q\fR instead of \fB-R\fR to retrieve the result text. +.IP +End of the bcx_xattach:str description. +.IP The .IR vncconnect (1) command from standard VNC -.IP distributions may also be used if string is prefixed -.IP with "cmd=" E.g. 'vncconnect cmd=stop'. Under some -.IP circumstances .IR xprop (1) can used if it supports \fB-set\fR -.IP (see the FAQ). .IP -.IP If "\fB-connect\fR \fI/path/to/file\fR" has been supplied to the -.IP running x11vnc server then that file can be used as a -.IP communication channel (this is the only way to remote -.IP control one of many x11vnc's polling the same X display) -.IP Simply run: 'x11vnc \fB-connect\fR /path/to/file \fB-remote\fR ...' -.IP or you can directly write to the file via something -.IP like: "echo cmd=stop > /path/to/file", etc. .PP \fB-query\fR \fIvariable\fR @@ -5625,8 +6135,9 @@ query straight to the X11VNC_REMOTE property or connect file use "qry=..." instead of "cmd=..." .IP -ans= stop quit exit shutdown ping blacken zero -refresh reset close disconnect id sid waitmapped +ans= stop quit exit shutdown ping resend_cutbuffer +resend_clipboard resend_primary blacken zero refresh +reset close disconnect id_cmd id sid waitmapped nowaitmapped clip flashcmap noflashcmap shiftcmap truecolor notruecolor overlay nooverlay overlay_cursor overlay_yescursor nooverlay_nocursor nooverlay_cursor @@ -5636,7 +6147,7 @@ once timeout tightfilexfer notightfilexfer ultrafilexfer noultrafilexfer rfbversion deny lock nodeny unlock avahi mdns zeroconf noavahi nomdns nozeroconf connect -proxy allowonce allow localhost nolocalhost listen +proxy allowonce allow localhost nolocalhost listen lookup nolookup accept afteraccept gone shm noshm flipbyteorder noflipbyteorder onetile noonetile solid_color solid nosolid blackout xinerama noxinerama @@ -5646,10 +6157,10 @@ sloppy_keys nosloppy_keys skip_dups noskip_dups add_keysyms noadd_keysyms clear_mods noclear_mods clear_keys noclear_keys clear_all clear_locks keystate -remap repeat norepeat fb nofb bell nobell sel nosel -primary noprimary setprimary nosetprimary clipboard -noclipboard setclipboard nosetclipboard seldir -cursorshape nocursorshape cursorpos nocursorpos +remap repeat norepeat fb nofb bell nobell sendbell +sel nosel primary noprimary setprimary nosetprimary +clipboard noclipboard setclipboard nosetclipboard +seldir cursorshape nocursorshape cursorpos nocursorpos cursor_drag nocursor_drag cursor show_cursor noshow_cursor nocursor arrow xfixes noxfixes xdamage noxdamage xd_area xd_mem alphacut alphafrac alpharemove @@ -5665,16 +6176,18 @@ nowireframe nowf wireframelocal wfl nowireframelocal nowfl wirecopyrect wcr nowirecopyrect nowcr scr_area scr_skip scr_inc scr_keys scr_term scr_keyrepeat -scr_parms scrollcopyrect scr noscrollcopyrect noscr -fixscreen noxrecord xrecord reset_record pointer_mode pm -input_skip allinput noallinput input grabkbd nograbkbd -grabptr nograbptr grabalways nograbalways grablocal -client_input ssltimeout speeds wmdt debug_pointer dp -nodebug_pointer nodp debug_keyboard dk nodebug_keyboard -nodk keycode deferupdate defer setdefer wait_ui -wait_bog nowait_bog slow_fb xrefresh wait readtimeout -nap nonap sb screen_blank fbpm nofbpm dpms nodpms -clientdpms noclientdpms forcedpms noforcedpms +scr_parms scrollcopyrect scr noscrollcopyrect +noscr fixscreen noxrecord xrecord reset_record +pointer_mode pm input_skip allinput noallinput input +grabkbd nograbkbd grabptr nograbptr grabalways +nograbalways grablocal client_input ssltimeout +speeds wmdt debug_pointer dp nodebug_pointer nodp +debug_keyboard dk nodebug_keyboard nodk keycode keysym +ptr fakebuttonevent sleep get_xprop set_xprop wininfo +bcx_xattach deferupdate defer setdefer extra_fbur +wait_ui wait_bog nowait_bog slow_fb xrefresh wait +readtimeout nap nonap sb screen_blank fbpm nofbpm dpms +nodpms clientdpms noclientdpms forcedpms noforcedpms noserverdpms serverdpms noultraext ultraext chatwindow nochatwindow chaton chatoff fs gaps grow fuzz snapfb nosnapfb rawfb uinput_accel uinput_thresh uinput_reset @@ -5692,21 +6205,23 @@ macnoresize macresize nomacnoresize maciconanim macmenu macnomenu nomacmenu macuskbd nomacuskbd noremote .IP -aro= noop display vncdisplay desktopname guess_desktop +aro= noop display vncdisplay icon_mode autoport +loop loopbg desktopname guess_desktop guess_dbus http_url auth xauth users rootshift clipshift scale_str scaled_x scaled_y scale_numer scale_denom scale_fac_x scale_fac_y scaling_blend scaling_nomult4 scaling_pad scaling_interpolate inetd privremote unsafe safer nocmds passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem sslverify stunnel stunnel_pem https httpsredir -usepw using_shm logfile o flag rc norc h help V version -lastmod bg sigpipe threads readrate netrate netlatency -pipeinput clients client_count pid ext_xtest ext_xtrap -ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay -ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons -button_mask mouse_x mouse_y bpp depth indexed_color -dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y -coff_x coff_y rfbauth passwd viewpasswd +usepw using_shm logfile o flag rmflag rc norc h help +V version lastmod bg sigpipe threads readrate netrate +netlatency pipeinput clients client_count pid ext_xtest +ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama +ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin +num_buttons button_mask mouse_x mouse_y grab_state +pointer_pos bpp depth indexed_color dpy_x dpy_y wdpy_x +wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y rfbauth +passwd viewpasswd .PP \fB-QD\fR \fIvariable\fR .IP @@ -5730,10 +6245,51 @@ the \fB-query\fR request is processed in the normal way. This allows for a reliable way to see if the \fB-remote\fR command was processed by querying for any new settings. -Note however that there is timeout of a few seconds so -if the x11vnc takes longer than that to process the -requests the requester will think that a failure has -taken place. +Note however that there is timeout of a few seconds +(see the next paragraph) so if the x11vnc takes longer +than that to process the requests the requester will +think that a failure has taken place. +.IP +The default is to wait 3.5 seconds. Or if cmd=stop +only 1.0 seconds. If cmd matches 'script:' then it +will wait up to 10.0 seconds. Set X11VNC_SYNC_TIMEOUT +to the number of seconds you want it to wait. +.PP +\fB-query_retries\fR \fIstr\fR +.IP +If a query fails to get a response from an x11vnc +server, retry up to n times. \fIstr\fR is specified as +n[:t][/match] Optionally the delay between tries may +be specified by "t" a floating point time (default +0.5 seconds.) Note: the response is not checked for +validity or whether it corresponds to the query sent. +The query "ping:mystring" may be used to help uniquely +identify the query. Optionally, a matching string after +a "/" will be used to check the result text. Up to +n retries will take place until the matching string is +found in the output text. If the match string is never +found the program's exit code is 1; if the match is +found it exits with 0. Note that there may be stdout +printed for each retry (i.e. multiple lines printed +out to stdout.) +Example: \fB-query_retries\fR 4:1.5/grab_state +.PP +\fB-remote_prefix\fR \fIstr\fR +.IP +Enable a remote-control communication channel for +connected VNC clients. str is a non-empty string. If a +VNC client sends rfbCutText having the prefix \fIstr\fR +then the part after it is processed as though it were +sent via 'x11vnc \fB-remote\fR ...'. If it begins with +neither 'cmd=' nor 'qry=' then 'qry=' is assumed. +Any corresponding output text for that remote control +command is sent back to all client as rfbCutText. +The returned output is also prefixed with \fIstr\fR. +Example: \fB-remote_prefix\fR DO_THIS: +.IP +Note that enabling \fB-remote_prefix\fR allows the remote +VNC viewers to run x11vnc \fB-remote\fR commands. Do not +use this option if they are not to be trusted. .PP \fB-noremote,\fR \fB-yesremote\fR .IP @@ -5802,7 +6358,7 @@ stunnel, ssl, unixpw, WAIT, zeroconf, id, accept, afteraccept, gone, pipeinput, v4l-info, rawfb-setup, dt, gui, ssh, storepasswd, passwdfile, custom_passwd, -crash. +findauth, crash. .IP See each option's help to learn the associated external command. Note that the \fB-nocmds\fR option takes precedence @@ -5827,7 +6383,7 @@ \fB-rfbauth\fR \fIpasswd-file\fR .IP use authentication on RFB protocol -(use 'storepasswd' to create a password file) +(use 'x11vnc \fB-storepasswd\fR pass file' to create a password file) .PP \fB-rfbversion\fR \fI3.x\fR .IP diff -Nru x11vnc-0.9.8/x11vnc/x11vnc.c x11vnc-0.9.9/x11vnc/x11vnc.c --- x11vnc-0.9.8/x11vnc/x11vnc.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/x11vnc.c 2009-12-21 04:58:10.000000000 +0000 @@ -8,7 +8,8 @@ * * This is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. + * the Free Software Foundation; version 2 of the License, or (at + * your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -171,6 +172,7 @@ static void immediate_switch_user(int argc, char* argv[]); static void print_settings(int try_http, int bg, char *gui_str); static void check_loop_mode(int argc, char* argv[], int force); +static void check_appshare_mode(int argc, char* argv[]); static int tsdo_timeout_flag; @@ -456,7 +458,7 @@ int p0, p, found = -1, jzero = -1; int conn = -1; - get_prop(num, 32, atom[i]); + get_prop(num, 32, atom[i], None); p0 = atoi(num); for (j = TSSTK-1; j >= 0; j--) { @@ -654,7 +656,7 @@ prop[0] = '\0'; a = XInternAtom(dpy, "TS_REDIR_LIST", False); if (a != None) { - get_prop(prop, 512, a); + get_prop(prop, 512, a, None); } if (db) fprintf(stderr, "TS_REDIR_LIST Atom: %d = '%s'\n", (int) a, prop); @@ -784,14 +786,14 @@ a = XInternAtom(dpy, "TS_REDIR_PID", False); if (a != None) { prop[0] = '\0'; - get_prop(prop, 512, a); + get_prop(prop, 512, a, None); if (prop[0] != '\0') { pid = (pid_t) atoi(prop); } } if (db) fprintf(stderr, "TS_REDIR_PID Atom: %d = '%s'\n", (int) a, prop); - if (getenv("FD_TAG")) { + if (getenv("FD_TAG") && strcmp(getenv("FD_TAG"), "")) { a = XInternAtom(dpy, "FD_TAG", False); if (a != None) { Window rwin = RootWindow(dpy, DefaultScreen(dpy)); @@ -806,7 +808,7 @@ prop[0] = '\0'; a = XInternAtom(dpy, "TS_REDIR", False); if (a != None) { - get_prop(prop, 512, a); + get_prop(prop, 512, a, None); } if (db) fprintf(stderr, "TS_REDIR Atom: %d = '%s'\n", (int) a, prop); if (prop[0] == '\0') { @@ -1701,6 +1703,24 @@ #endif } } + +extern int appshare_main(int argc, char* argv[]); + +static void check_appshare_mode(int argc, char* argv[]) { + int i; + + for (i=1; i < argc; i++) { + char *p = argv[i]; + if (strstr(p, "--") == p) { + p++; + } + if (strstr(p, "-appshare") == p) { + appshare_main(argc, argv); + exit(0); + } + } +} + static void store_homedir_passwd(char *file) { char str1[32], str2[32], *p, *h, *f; struct stat sbuf; @@ -1717,6 +1737,7 @@ fprintf(stderr, "Enter VNC password: "); system("stty -echo"); if (fgets(str1, 32, stdin) == NULL) { + perror("fgets"); system("stty echo"); exit(1); } @@ -1724,6 +1745,7 @@ fprintf(stderr, "Verify password: "); if (fgets(str2, 32, stdin) == NULL) { + perror("fgets"); system("stty echo"); exit(1); } @@ -1774,6 +1796,7 @@ fprintf(stderr, "Write password to %s? [y]/n ", f); if (fgets(str2, 32, stdin) == NULL) { + perror("fgets"); exit(1); } if (str2[0] == 'n' || str2[0] == 'N') { @@ -1782,14 +1805,16 @@ } if (rfbEncryptAndStorePasswd(str1, f) != 0) { - fprintf(stderr, "** error creating password.\n"); + fprintf(stderr, "** error creating password: %s\n", f); perror("storepasswd"); exit(1); } - fprintf(stderr, "Password written to: %s\n", f); if (stat(f, &sbuf) != 0) { + fprintf(stderr, "** error creating password: %s\n", f); + perror("stat"); exit(1); } + fprintf(stdout, "Password written to: %s\n", f); exit(0); } @@ -1851,6 +1876,9 @@ if (quiet) { return; } + if (remote_direct) { + return; + } if (nofb) { return; } @@ -1859,7 +1887,7 @@ #endif if (ncache == 0) { - fprintf(stderr, msg2); + fprintf(stderr, "%s", msg2); ncache0 = ncache = 0; } else { fprintf(stderr, msg, ncache); @@ -1903,7 +1931,86 @@ } } +static void check_guess_auth_file(void) { + if (!strcasecmp(auth_file, "guess")) { + char line[4096], *cmd, *q, *disp = use_dpy ? use_dpy: ""; + FILE *p; + int n; + if (!program_name) { + rfbLog("-auth guess: no program_name found.\n"); + clean_up_exit(1); + } + if (strpbrk(program_name, " \t\r\n")) { + rfbLog("-auth guess: whitespace in program_name '%s'\n", program_name); + clean_up_exit(1); + } + if (no_external_cmds || !cmd_ok("findauth")) { + rfbLog("-auth guess: cannot run external commands in -nocmds mode:\n"); + clean_up_exit(1); + } + + cmd = (char *)malloc(100 + strlen(program_name) + strlen(disp)); + sprintf(cmd, "%s -findauth %s -env _D_XDM=1", program_name, disp); + p = popen(cmd, "r"); + if (!p) { + rfbLog("-auth guess: could not run cmd '%s'\n", cmd); + clean_up_exit(1); + } + memset(line, 0, sizeof(line)); + n = fread(line, 1, sizeof(line), p); + pclose(p); + q = strrchr(line, '\n'); + if (q) *q = '\0'; + if (!strcmp(disp, "")) { + disp = getenv("DISPLAY"); + if (!disp) { + disp = "unset"; + } + } + if (strstr(line, "XAUTHORITY=") != line && !getenv("FD_XDM")) { + if (use_dpy == NULL || strstr(use_dpy, "cmd=FIND") == NULL) { + if (getuid() == 0 || geteuid() == 0) { + char *q = strstr(cmd, "_D_XDM=1"); + if (q) { + *q = 'F'; + rfbLog("-auth guess: failed for display='%s'\n", disp); + rfbLog("-auth guess: since we are root, retrying with FD_XDM=1\n"); + p = popen(cmd, "r"); + if (!p) { + rfbLog("-auth guess: could not run cmd '%s'\n", cmd); + clean_up_exit(1); + } + memset(line, 0, sizeof(line)); + n = fread(line, 1, sizeof(line), p); + pclose(p); + q = strrchr(line, '\n'); + if (q) *q = '\0'; + } + } + } + } + if (!strcmp(line, "")) { + rfbLog("-auth guess: failed for display='%s'\n", disp); + clean_up_exit(1); + } else if (strstr(line, "XAUTHORITY=") != line) { + rfbLog("-auth guess: failed. '%s' for display='%s'\n", line, disp); + clean_up_exit(1); + } else if (!strcmp(line, "XAUTHORITY=")) { + rfbLog("-auth guess: using default XAUTHORITY for display='%s'\n", disp); + q = getenv("XAUTHORITY"); + if (q) { + *(q-2) = '_'; /* yow */ + } + auth_file = NULL; + } else { + rfbLog("-auth guess: using '%s' for disp='%s'\n", line, disp); + auth_file = strdup(line + strlen("XAUTHORITY=")); + } + } +} + extern int dragum(void); +extern int is_decimal(char *); int main(int argc, char* argv[]) { @@ -1913,6 +2020,9 @@ int remote_sync = 0; char *remote_cmd = NULL; char *query_cmd = NULL; + int query_retries = 0; + double query_delay = 0.5; + char *query_match = NULL; char *gui_str = NULL; int got_gui_pw = 0; int pw_loc = -1, got_passwd = 0, got_rfbauth = 0, nopw = NOPW; @@ -1928,19 +2038,32 @@ char *got_rfbport_str = NULL; int got_rfbport_pos = -1; int got_tls = 0; + int got_inetd = 0; + int got_noxrandr = 0; /* used to pass args we do not know about to rfbGetScreen(): */ int argc_vnc_max = 1024; int argc_vnc = 1; char *argv_vnc[2048]; - /* check for -loop mode: */ check_loop_mode(argc, argv, 0); + /* check for -appshare mode: */ + check_appshare_mode(argc, argv); + dtime0(&x11vnc_start); + for (i=1; i < argc; i++) { + if (!strcmp(argv[i], "-inetd")) { + got_inetd = 1; + } + } + if (!getuid() || !geteuid()) { started_as_root = 1; + if (0 && !got_inetd) { + rfbLog("getuid: %d geteuid: %d\n", getuid(), geteuid()); + } /* check for '-users =bob' */ immediate_switch_user(argc, argv); @@ -2083,6 +2206,17 @@ exit(0); continue; } + if (!strcmp(arg, "-findauth")) { + got_findauth = 1; + if (argc > i+1) { + char *s = argv[i+1]; + if (s[0] != '-') { + set_env("FINDAUTH_DISPLAY", argv[i+1]); + i++; + } + } + continue; + } if (!strcmp(arg, "-create")) { use_dpy = strdup("WAIT:cmd=FINDCREATEDISPLAY-Xvfb"); continue; @@ -2276,6 +2410,14 @@ ; /* handled above */ continue; } + if (strstr(arg, "-appshare") == arg) { + ; /* handled above */ + continue; + } + if (strstr(arg, "-freeze_when_obscured") == arg) { + freeze_when_obscured = 1; + continue; + } if (!strcmp(arg, "-timeout")) { CHECK_ARGC first_conn_timeout = atoi(argv[++i]); @@ -2440,6 +2582,10 @@ got_localhost = 1; continue; } + if (!strcmp(arg, "-unixpw_system_greeter")) { + unixpw_system_greeter = 1; + continue; + } if (!strcmp(arg, "-unixpw_cmd") || !strcmp(arg, "-unixpw_cmd_unsafe")) { CHECK_ARGC @@ -2482,6 +2628,9 @@ if (unixpw_list) { unixpw_list = NULL; } + if (unixpw_cmd) { + unixpw_cmd = NULL; + } continue; } if (!strcmp(arg, "-vencrypt")) { @@ -2690,7 +2839,11 @@ stunnel_pem = strdup(s); } i++; + } else { + stunnel_pem = strdup("SAVE"); } + } else { + stunnel_pem = strdup("SAVE"); } continue; } @@ -2706,7 +2859,11 @@ stunnel_pem = strdup(s); } i++; + } else { + stunnel_pem = strdup("SAVE"); } + } else { + stunnel_pem = strdup("SAVE"); } continue; } @@ -2759,15 +2916,31 @@ } if (argc >= i+4 || rfbEncryptAndStorePasswd(argv[i+1], argv[i+2]) != 0) { - fprintf(stderr, "-storepasswd failed\n"); + perror("storepasswd"); + fprintf(stderr, "-storepasswd failed for file: %s\n", + argv[i+2]); exit(1); } else { - fprintf(stderr, "stored passwd in file %s\n", + fprintf(stderr, "stored passwd in file: %s\n", argv[i+2]); exit(0); } continue; } + if (!strcmp(arg, "-showrfbauth")) { + if (argc >= i+2) { + char *f = argv[i+1]; + char *s = rfbDecryptPasswdFromFile(f); + if (!s) { + perror("showrfbauth"); + fprintf(stderr, "rfbDecryptPasswdFromFile failed: %s\n", f); + exit(1); + } + fprintf(stdout, "rfbDecryptPasswdFromFile file: %s\n", f); + fprintf(stdout, "rfbDecryptPasswdFromFile pass: %s\n", s); + } + exit(0); + } if (!strcmp(arg, "-accept")) { CHECK_ARGC accept_cmd = strdup(argv[++i]); @@ -2840,6 +3013,7 @@ if (!strcmp(arg, "-noxrandr")) { xrandr = 0; xrandr_maybe = 0; + got_noxrandr = 1; continue; } if (!strcmp(arg, "-rotate")) { @@ -2925,6 +3099,10 @@ quiet = 1; continue; } + if (!strcmp(arg, "-noquiet")) { + quiet = 0; + continue; + } if (!strcmp(arg, "-v") || !strcmp(arg, "-verbose")) { verbose = 1; continue; @@ -2934,7 +3112,9 @@ bg = 1; opts_bg = bg; #else - fprintf(stderr, "warning: -bg mode not supported.\n"); + if (!got_inetd) { + fprintf(stderr, "warning: -bg mode not supported.\n"); + } #endif continue; } @@ -3331,8 +3511,10 @@ *p = '\0'; } if (atoi(s) < 1 || atoi(s) > pointer_mode_max) { - rfbLog("pointer_mode out of range 1-%d: %d\n", - pointer_mode_max, atoi(s)); + if (!got_inetd) { + rfbLog("pointer_mode out of range 1-%d: %d\n", + pointer_mode_max, atoi(s)); + } } else { pointer_mode = atoi(s); got_pointer_mode = pointer_mode; @@ -3394,6 +3576,11 @@ got_waitms = 1; continue; } + if (!strcmp(arg, "-extra_fbur")) { + CHECK_ARGC + extra_fbur = atoi(argv[++i]); + continue; + } if (!strcmp(arg, "-wait_ui")) { CHECK_ARGC wait_ui = atof(argv[++i]); @@ -3471,7 +3658,9 @@ if (!strcmp(arg, "-chatwindow")) { chat_window = 1; if (argc_vnc + 1 < argc_vnc_max) { - rfbLog("setting '-rfbversion 3.6' for -chatwindow.\n"); + if (!got_inetd) { + rfbLog("setting '-rfbversion 3.6' for -chatwindow.\n"); + } argv_vnc[argc_vnc++] = strdup("-rfbversion"); argv_vnc[argc_vnc++] = strdup("3.6"); } @@ -3525,14 +3714,16 @@ /* we re-enable it due to threaded mode bugfixes. */ use_threads = 1; } else { - rfbLog("\n"); - rfbLog("The -threads mode is unstable and not tested or maintained.\n"); - rfbLog("It is disabled in the source code. If you really need\n"); - rfbLog("the feature you can reenable it at build time by setting\n"); - rfbLog("-DX11VNC_THREADED in CPPFLAGS. Or set X11VNC_THREADED=1\n"); - rfbLog("in your runtime environment.\n"); - rfbLog("\n"); - usleep(500*1000); + if (!got_inetd) { + rfbLog("\n"); + rfbLog("The -threads mode is unstable and not tested or maintained.\n"); + rfbLog("It is disabled in the source code. If you really need\n"); + rfbLog("the feature you can reenable it at build time by setting\n"); + rfbLog("-DX11VNC_THREADED in CPPFLAGS. Or set X11VNC_THREADED=1\n"); + rfbLog("in your runtime environment.\n"); + rfbLog("\n"); + usleep(500*1000); + } } #endif continue; @@ -3697,17 +3888,39 @@ remote_cmd = str; } } - quiet = 1; + if (!getenv("QUERY_VERBOSE")) { + quiet = 1; + } xkbcompat = 0; continue; } if (!strcmp(arg, "-query") || !strcmp(arg, "-Q")) { CHECK_ARGC query_cmd = strdup(argv[++i]); - quiet = 1; + if (!getenv("QUERY_VERBOSE")) { + quiet = 1; + } xkbcompat = 0; continue; } + if (!strcmp(arg, "-query_retries")) { + char *s; + CHECK_ARGC + s = strdup(argv[++i]); + /* n[:t][/match] */ + if (strchr(s, '/')) { + char *q = strchr(s, '/'); + query_match = strdup(q+1); + *q = '\0'; + } + if (strchr(s, ':')) { + char *q = strchr(s, ':'); + query_delay = atof(q+1); + } + query_retries = atoi(s); + free(s); + continue; + } if (!strcmp(arg, "-QD")) { CHECK_ARGC query_cmd = strdup(argv[++i]); @@ -3722,6 +3935,11 @@ remote_sync = 0; continue; } + if (!strcmp(arg, "-remote_prefix")) { + CHECK_ARGC + remote_prefix = strdup(argv[++i]); + continue; + } if (!strcmp(arg, "-noremote")) { accept_remote_cmds = 0; continue; @@ -3781,10 +3999,25 @@ } if (!strcmp(arg, "-rfbport") && i < argc-1) { got_rfbport = 1; + if (!strcasecmp(argv[i+1], "prompt")) { + ; + } else if (!is_decimal(argv[i+1])) { + if (!got_inetd) { + rfbLog("Invalid -rfbport value: '%s'\n", argv[i+1]); + rfbLog("setting it to '-1' to induce failure.\n"); + argv[i+1] = strdup("-1"); + } + } got_rfbport_str = strdup(argv[i+1]); got_rfbport_pos = argc_vnc+1; got_rfbport_val = atoi(argv[i+1]); } + if (!strcmp(arg, "-httpport") && i < argc-1) { + if (!is_decimal(argv[i+1])) { + rfbLog("Invalid -httpport value: '%s'\n", argv[i+1]); + clean_up_exit(1); + } + } if (!strcmp(arg, "-alwaysshared ")) { got_alwaysshared = 1; } @@ -3812,6 +4045,38 @@ set_env("LIBXCB_ALLOW_SLOPPY_LOCK", "1"); } + if (getenv("PATH") == NULL || !strcmp(getenv("PATH"), "")) { + /* set a minimal PATH, usually only null in inetd. */ + set_env("PATH", "/bin:/usr/bin"); + } + + /* handle -findauth case now that cmdline has been read */ + if (got_findauth) { + char *s; + int ic = 0; + if (use_dpy != NULL) { + set_env("DISPLAY", use_dpy); + } + use_dpy = strdup("WAIT:cmd=FINDDISPLAY-run"); + + s = getenv("FINDAUTH_DISPLAY"); + if (s && strcmp("", s)) { + set_env("DISPLAY", s); + } + s = getenv("DISPLAY"); + if (s && strcmp("", s)) { + set_env("X11VNC_SKIP_DISPLAY", s); + } else { + set_env("X11VNC_SKIP_DISPLAY", ":0"); + } + set_env("X11VNC_SKIP_DISPLAY_NEGATE", "1"); + set_env("FIND_DISPLAY_XAUTHORITY_PATH", "1"); + set_env("FIND_DISPLAY_NO_SHOW_XAUTH", "1"); + set_env("FIND_DISPLAY_NO_SHOW_DISPLAY", "1"); + wait_for_client(&ic, NULL, 0); + exit(0); + } + /* set OS struct UT */ uname(&UT); @@ -3828,6 +4093,12 @@ "mode\n"); } bg = 0; + } else if (!bg && getenv("X11VNC_LOOP_MODE_BG")) { + if (! quiet) { + fprintf(stderr, "enabling -bg in -loopbg " + "mode\n"); + } + bg = 1; } if (inetd) { if (! quiet) { @@ -3867,7 +4138,9 @@ client_connect_file = str; } if (client_connect_file) { - rfbLog("MacOS X: set -connect file to %s\n", client_connect_file); + if (!got_inetd) { + rfbLog("MacOS X: set -connect file to %s\n", client_connect_file); + } } } } @@ -3888,7 +4161,9 @@ rfbLog("Port prompt indicated cancel.\n"); clean_up_exit(1); } - rfbLog("Port prompt selected: %d\n", got_rfbport_val); + if (!got_inetd) { + rfbLog("Port prompt selected: %d\n", got_rfbport_val); + } sprintf(tport, "%d", got_rfbport_val); argv_vnc[got_rfbport_pos] = strdup(tport); free(opts); @@ -3952,8 +4227,9 @@ q = t + strlen(pstr); } logfile = new; - if (!quiet) { + if (!quiet && !got_inetd) { rfbLog("Expanded logfile to '%s'\n", new); + } free(s); } @@ -3987,7 +4263,7 @@ q = t + strlen(pstr); } logfile = new; - if (!quiet) { + if (!quiet && !got_inetd) { rfbLog("Expanded logfile to '%s'\n", new); } free(s); @@ -4049,8 +4325,25 @@ * similar for query_default. */ if (client_connect_file || query_default) { - int rc = do_remote_query(remote_cmd, query_cmd, - remote_sync, query_default); + int i, rc = 1; + for (i=0; i <= query_retries; i++) { + rc = do_remote_query(remote_cmd, query_cmd, + remote_sync, query_default); + if (rc == 0) { + if (query_match) { + if (query_result && strstr(query_result, query_match)) { + break; + } + rc = 1; + } else { + break; + } + } + if (i < query_retries) { + fprintf(stderr, "sleep: %.3f\n", query_delay); + usleep( (int) (query_delay * 1000 * 1000) ); + } + } fflush(stderr); fflush(stdout); exit(rc); @@ -4207,7 +4500,7 @@ if (1) { /* mix things up a little bit */ unsigned char buf[CHALLENGESIZE]; - int k, kmax = (int) (500 * rfac()) + 100; + int k, kmax = (int) (50 * rfac()) + 10; for (k=0; k < kmax; k++) { rfbRandomBytes(buf); } @@ -4304,10 +4597,18 @@ use_stunnel = 0; } if (! use_stunnel && ! use_openssl) { - if (getenv("UNIXPW_DISABLE_LOCALHOST")) { + if (getenv("UNIXPW_DISABLE_SSL")) { rfbLog("Skipping -ssl/-stunnel requirement" " due to\n"); - rfbLog("UNIXPW_DISABLE_LOCALHOST setting.\n"); + rfbLog("UNIXPW_DISABLE_SSL setting.\n"); + + if (!getenv("UNIXPW_DISABLE_LOCALHOST")) { + if (!got_localhost) { + rfbLog("Forcing -localhost mode.\n"); + } + allow_list = strdup("127.0.0.1"); + got_localhost = 1; + } } else if (have_ssh_env()) { char *s = getenv("SSH_CONNECTION"); if (! s) s = getenv("SSH_CLIENT"); @@ -4318,13 +4619,17 @@ rfbLog("assuming your SSH encryption" " is:\n"); rfbLog(" %s\n", s); - rfbLog("Setting -localhost in SSH + -unixpw" - " mode.\n"); + + if (!getenv("UNIXPW_DISABLE_LOCALHOST")) { + if (!got_localhost) { + rfbLog("Setting -localhost in SSH + -unixpw mode.\n"); + } + allow_list = strdup("127.0.0.1"); + got_localhost = 1; + } + rfbLog("If you *actually* want SSL, restart" " with -ssl on the cmdline\n"); - fprintf(stderr, "\n"); - allow_list = strdup("127.0.0.1"); - got_localhost = 1; if (! nopw) { usleep(2000*1000); } @@ -4341,10 +4646,12 @@ use_stunnel = 1; } } + rfbLog("\n"); } if (use_threads && !getenv("UNIXPW_THREADS")) { if (! quiet) { rfbLog("disabling -threads under -unixpw\n"); + rfbLog("\n"); } use_threads = 0; } @@ -4368,6 +4675,13 @@ exit(1); } + if (use_threads && !got_noxrandr) { + xrandr = 1; + if (! quiet) { + rfbLog("enabling -xrandr in -threads mode.\n"); + } + } + /* fixup settings that do not make sense */ if (use_threads && nofb && cursor_pos_updates) { @@ -4423,6 +4737,8 @@ } } + http_try_it = try_http; + if (flip_byte_order && using_shm && ! quiet) { rfbLog("warning: -flipbyte order only works with -noshm\n"); } @@ -4442,6 +4758,7 @@ /* increase rfbwait if threaded */ if (use_threads && ! got_rfbwait) { + /* ??? lower this ??? */ rfbMaxClientWait = 604800000; } @@ -4489,11 +4806,13 @@ } if (debug_pointer || debug_keyboard) { - if (bg || quiet) { - rfbLog("disabling -bg/-q under -debug_pointer" - "/-debug_keyboard\n"); - bg = 0; - quiet = 0; + if (!logfile) { + if (bg || quiet) { + rfbLog("disabling -bg/-q under -debug_pointer" + "/-debug_keyboard\n"); + bg = 0; + quiet = 0; + } } } @@ -4518,7 +4837,7 @@ if (verbose) { print_settings(try_http, bg, gui_str); } - rfbLog("x11vnc version: %s\n", lastmod); + rfbLog("x11vnc version: %s pid: %d\n", lastmod, getpid()); } else { rfbLogEnable(0); } @@ -4526,12 +4845,11 @@ X_INIT; SCR_INIT; CLIENT_INIT; + INPUT_INIT; + POINTER_INIT; /* open the X display: */ - if (auth_file) { - set_env("XAUTHORITY", auth_file); -if (0) fprintf(stderr, "XA: %s\n", getenv("XAUTHORITY")); - } + #if LIBVNCSERVER_HAVE_XKEYBOARD /* * Disable XKEYBOARD before calling XOpenDisplay() @@ -4598,6 +4916,9 @@ rfbLog("warning: -display does not make sense in " "\"lurk=\" mode...\n"); } + if (auth_file != NULL && strcmp(auth_file, "guess")) { + set_env("XAUTHORITY", auth_file); + } lurk_loop(users_list); } else if (use_dpy && strstr(use_dpy, "WAIT:") == use_dpy) { @@ -4612,12 +4933,19 @@ } } + if (auth_file) { + check_guess_auth_file(); + if (auth_file != NULL) { + set_env("XAUTHORITY", auth_file); + } + } + #ifdef MACOSX if (use_dpy && !strcmp(use_dpy, "console")) { ; } else #endif - if (use_dpy) { + if (use_dpy && strcmp(use_dpy, "")) { dpy = XOpenDisplay_wr(use_dpy); #ifdef MACOSX } else if (!subwin && getenv("DISPLAY") @@ -4626,11 +4954,36 @@ rfbLog("MacOSX: Ignoring $DISPLAY '%s'\n", getenv("DISPLAY")); rfbLog("MacOSX: Use -display $DISPLAY to force it.\n"); #endif + } else if (raw_fb_str != NULL && raw_fb_str[0] != '+' && !got_noviewonly) { + rfbLog("Not opening DISPLAY in -rawfb mode (force via -rawfb +str)\n"); + dpy = NULL; /* don't open it. */ } else if ( (use_dpy = getenv("DISPLAY")) ) { + if (strstr(use_dpy, "localhost") == use_dpy) { + rfbLog("\n"); + rfbLog("WARNING: DISPLAY starts with localhost: '%s'\n", use_dpy); + rfbLog("WARNING: Is this an SSH X11 port forwarding? You most\n"); + rfbLog("WARNING: likely don't want x11vnc to use that DISPLAY.\n"); + rfbLog("WARNING: You probably should supply something\n"); + rfbLog("WARNING: like: -display :0 to access the physical\n"); + rfbLog("WARNING: X display on the machine where x11vnc is running.\n"); + rfbLog("\n"); + usleep(500 * 1000); + } else if (using_shm && use_dpy[0] != ':') { + rfbLog("\n"); + rfbLog("WARNING: DISPLAY might not be local: '%s'\n", use_dpy); + rfbLog("WARNING: Is this the DISPLAY of another machine? Usually,\n"); + rfbLog("WARNING: x11vnc is run on the same machine with the\n"); + rfbLog("WARNING: physical X display to be exported by VNC. If\n"); + rfbLog("WARNING: that is what you really meant, supply something\n"); + rfbLog("WARNING: like: -display :0 on the x11vnc command line.\n"); + rfbLog("\n"); + usleep(250 * 1000); + } dpy = XOpenDisplay_wr(use_dpy); } else { dpy = XOpenDisplay_wr(""); } + last_open_xdisplay = time(NULL); if (terminal_services_daemon != NULL) { terminal_services(terminal_services_daemon); @@ -4644,8 +4997,7 @@ #endif if (! dpy && raw_fb_str) { - rfbLog("continuing without X display in -rawfb mode, " - "hold on tight..\n"); + rfbLog("Continuing without X display in -rawfb mode.\n"); goto raw_fb_pass_go_and_collect_200_dollars; } @@ -4664,6 +5016,7 @@ fprintf(stderr, "\n"); use_dpy = ":0"; dpy = XOpenDisplay_wr(use_dpy); + last_open_xdisplay = time(NULL); if (dpy) { rfbLog("*** XOpenDisplay of \":0\" successful.\n"); } @@ -4698,6 +5051,10 @@ if (dpy) { Window w = XCreateSimpleWindow(dpy, rootwin, 0, 0, 1, 1, 0, 0, 0); if (! quiet) rfbLog("rootwin: 0x%lx reswin: 0x%lx dpy: 0x%x\n", rootwin, w, dpy); + if (w != None) { + XDestroyWindow(dpy, w); + } + XSync(dpy, False); } #endif @@ -4725,14 +5082,38 @@ window = save; } - if (! quiet && ! raw_fb_str) { - rfbLog("\n"); - rfbLog("------------------ USEFUL INFORMATION ------------------\n"); - } - - if (remote_cmd || query_cmd) { - int rc = do_remote_query(remote_cmd, query_cmd, remote_sync, - query_default); + if ( (remote_cmd && strstr(remote_cmd, "DIRECT:") == remote_cmd) + || (query_cmd && strstr(query_cmd, "DIRECT:") == query_cmd )) { + /* handled below after most everything is setup. */ + if (getenv("QUERY_VERBOSE")) { + quiet = 0; + } else { + quiet = 1; + remote_direct = 1; + } + if (!auto_port) { + auto_port = 5970; + } + } else if (remote_cmd || query_cmd) { + int i, rc = 1; + for (i=0; i <= query_retries; i++) { + rc = do_remote_query(remote_cmd, query_cmd, remote_sync, + query_default); + if (rc == 0) { + if (query_match) { + if (query_result && strstr(query_result, query_match)) { + break; + } + rc = 1; + } else { + break; + } + } + if (i < query_retries) { + fprintf(stderr, "sleep: %.3f\n", query_delay); + usleep( (int) (query_delay * 1000 * 1000) ); + } + } XFlush_wr(dpy); fflush(stderr); fflush(stdout); @@ -4741,6 +5122,11 @@ exit(rc); } + if (! quiet && ! raw_fb_str) { + rfbLog("\n"); + rfbLog("------------------ USEFUL INFORMATION ------------------\n"); + } + if (priv_remote) { if (! remote_control_access_ok()) { rfbLog("** Disabling remote commands in -privremote mode.\n"); @@ -5265,6 +5651,10 @@ if (speeds_read_rate_measured > 80) { /* framebuffer read is fast at > 80 MB/sec */ + int same = 0; + if (waitms == defer_update) { + same = 1; + } if (! got_waitms) { waitms /= 2; if (waitms < 5) { @@ -5276,7 +5666,11 @@ } if (! got_deferupdate && ! got_defer) { if (defer_update > 10) { - defer_update = 10; + if (same) { + defer_update = waitms; + } else { + defer_update = 10; + } if (screen) { screen->deferUpdateTime = defer_update; } @@ -5319,6 +5713,13 @@ ncache_beta_tester_message(); } + if (remote_cmd || query_cmd) { + /* This is DIRECT: case */ + do_remote_query(remote_cmd, query_cmd, remote_sync, query_default); + if (getenv("SLEEP")) sleep(atoi(getenv("SLEEP"))); + clean_up_exit(0); + } + #if LIBVNCSERVER_HAVE_FORK && LIBVNCSERVER_HAVE_SETSID if (bg) { int p, n; @@ -5379,4 +5780,3 @@ } - diff -Nru x11vnc-0.9.8/x11vnc/x11vnc_defs.c x11vnc-0.9.9/x11vnc/x11vnc_defs.c --- x11vnc-0.9.8/x11vnc/x11vnc_defs.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/x11vnc_defs.c 2009-12-21 04:58:10.000000000 +0000 @@ -47,7 +47,7 @@ int xdamage_base_event_type = 0; /* date +'lastmod: %Y-%m-%d' */ -char lastmod[] = "0.9.8 lastmod: 2009-06-14"; +char lastmod[] = "0.9.9 lastmod: 2009-12-21"; /* X display info */ @@ -157,7 +157,7 @@ unsigned char *tile_has_xdamage_diff = NULL, *tile_row_has_xdamage_diff = NULL; /* times of recent events */ -time_t last_event = 0, last_input = 0, last_client = 0; +time_t last_event = 0, last_input = 0, last_client = 0, last_open_xdisplay = 0; time_t last_local_input = 0; time_t last_keyboard_input = 0, last_pointer_input = 0; time_t last_fb_bytes_sent = 0; @@ -195,6 +195,7 @@ int client_count = 0; int clients_served = 0; +int client_normal_count = 0; /* more transient kludge variables: */ int cursor_x = 0, cursor_y = 0; /* x and y from the viewer(s) */ diff -Nru x11vnc-0.9.8/x11vnc/x11vnc.h x11vnc-0.9.9/x11vnc/x11vnc.h --- x11vnc-0.9.8/x11vnc/x11vnc.h 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/x11vnc.h 2009-12-21 04:58:10.000000000 +0000 @@ -520,7 +520,7 @@ extern unsigned char *tile_has_xdamage_diff, *tile_row_has_xdamage_diff; /* times of recent events */ -extern time_t last_event, last_input, last_client; +extern time_t last_event, last_input, last_client, last_open_xdisplay; extern time_t last_keyboard_input, last_pointer_input; extern time_t last_local_input; /* macosx */ extern time_t last_fb_bytes_sent; @@ -558,6 +558,7 @@ extern int client_count; extern int clients_served; +extern int client_normal_count; /* more transient kludge variables: */ extern int cursor_x, cursor_y; /* x and y from the viewer(s) */ diff -Nru x11vnc-0.9.8/x11vnc/xdamage.c x11vnc-0.9.9/x11vnc/xdamage.c --- x11vnc-0.9.8/x11vnc/xdamage.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/xdamage.c 2009-12-21 04:58:10.000000000 +0000 @@ -56,6 +56,8 @@ double xdamage_memory = 1.0; /* in units of NSCAN */ int xdamage_tile_count = 0, xdamage_direct_count = 0; double xdamage_scheduled_mark = 0.0; +double xdamage_crazy_time = 0.0; +double xdamage_crazy_delay = 300.0; sraRegionPtr xdamage_scheduled_mark_region = NULL; sraRegionPtr *xdamage_regions = NULL; int xdamage_ticker = 0; @@ -400,6 +402,7 @@ #define DUPSZ 32 int dup_x[DUPSZ], dup_y[DUPSZ], dup_w[DUPSZ], dup_h[DUPSZ]; double tm, dt; + int mark_all = 0, retries = 0, too_many = 1000, tot_ev = 0; RAWFB_RET(0) @@ -443,6 +446,9 @@ X_LOCK; if (0) XFlush_wr(dpy); if (0) XEventsQueued(dpy, QueuedAfterFlush); + + come_back_for_more: + while (XCheckTypedEvent(dpy, xdamage_base_event_type+XDamageNotify, &ev)) { /* * TODO max cut off time in this loop? @@ -450,6 +456,26 @@ * screen. */ ecount++; + tot_ev++; + + if (mark_all) { + continue; + } + if (ecount == too_many) { + int nqa = XEventsQueued(dpy, QueuedAlready); + if (nqa >= too_many) { + static double last_msg = 0.0; + tmpregion = sraRgnCreateRect(0, 0, dpy_x, dpy_y); + sraRgnOr(reg, tmpregion); + sraRgnDestroy(tmpregion); + if (dnow() > last_msg + xdamage_crazy_delay) { + rfbLog("collect_xdamage: too many xdamage events %d+%d\n", ecount, nqa); + last_msg = dnow(); + } + mark_all = 1; + } + } + if (ev.type != xdamage_base_event_type + XDamageNotify) { break; } @@ -537,12 +563,37 @@ rect_count++; ccount++; } + + if (mark_all) { + if (ecount + XEventsQueued(dpy, QueuedAlready) >= 3 * too_many && retries < 3) { + retries++; + XFlush_wr(dpy); + usleep(20 * 1000); + XFlush_wr(dpy); + ecount = 0; + goto come_back_for_more; + } + } + /* clear the whole damage region for next time. XXX check */ if (call == 1) { XDamageSubtract(dpy, xdamage, None, None); } X_UNLOCK; + if (tot_ev > 20 * too_many) { + rfbLog("collect_xdamage: xdamage has gone crazy (screensaver or game?) ev: %d ret: %d\n", tot_ev, retries); + rfbLog("collect_xdamage: disabling xdamage for %d seconds.\n", (int) xdamage_crazy_delay); + destroy_xdamage_if_needed(); + X_LOCK; + XSync(dpy, False); + while (XCheckTypedEvent(dpy, xdamage_base_event_type+XDamageNotify, &ev)) { + ; + } + X_UNLOCK; + xdamage_crazy_time = dnow(); + } + if (0 && xdamage_direct_count) { fb_push(); } @@ -720,13 +771,15 @@ RAWFB_RET_VOID + if (force) {} + #if LIBVNCSERVER_HAVE_LIBXDAMAGE if (! xdamage || force) { X_LOCK; xdamage = XDamageCreate(dpy, window, XDamageReportRawRectangles); XDamageSubtract(dpy, xdamage, None, None); X_UNLOCK; - rfbLog("created xdamage object: 0x%lx\n", xdamage); + rfbLog("created xdamage object: 0x%lx\n", xdamage); } #endif } @@ -762,6 +815,9 @@ * Create or destroy the Damage object as needed, we don't want * one if no clients are connected. */ + if (xdamage_crazy_time > 0.0 && dnow() < xdamage_crazy_time + xdamage_crazy_delay) { + return; + } if (client_count && use_xdamage) { create_xdamage_if_needed(0); if (xdamage_scheduled_mark > 0.0 && dnow() > diff -Nru x11vnc-0.9.8/x11vnc/xdamage.h x11vnc-0.9.9/x11vnc/xdamage.h --- x11vnc-0.9.8/x11vnc/xdamage.h 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/xdamage.h 2009-12-21 04:58:10.000000000 +0000 @@ -44,6 +44,8 @@ extern double xdamage_memory; extern int xdamage_tile_count, xdamage_direct_count; extern double xdamage_scheduled_mark; +extern double xdamage_crazy_time; +extern double xdamage_crazy_delay; extern sraRegionPtr xdamage_scheduled_mark_region; extern sraRegionPtr *xdamage_regions; extern int xdamage_ticker; diff -Nru x11vnc-0.9.8/x11vnc/xevents.c x11vnc-0.9.9/x11vnc/xevents.c --- x11vnc-0.9.8/x11vnc/xevents.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/xevents.c 2009-12-21 04:58:10.000000000 +0000 @@ -76,7 +76,8 @@ void set_text_chat(rfbClientPtr cl, int l, char *t); int get_keyboard_led_state_hook(rfbScreenInfoPtr s); int get_file_transfer_permitted(rfbClientPtr cl); -void get_prop(char *str, int len, Atom prop); +void get_prop(char *str, int len, Atom prop, Window w); +int guess_dm_gone(int t1, int t2); static void initialize_xevents(int reset); static void print_xevent_bases(void); @@ -86,18 +87,28 @@ void initialize_vnc_connect_prop(void) { + char *prop_str; vnc_connect_str[0] = '\0'; RAWFB_RET_VOID #if !NO_X11 + prop_str = getenv("VNC_CONNECT"); + if (prop_str == NULL) { + prop_str = "VNC_CONNECT"; + } vnc_connect_prop = XInternAtom(dpy, "VNC_CONNECT", False); #endif } void initialize_x11vnc_remote_prop(void) { + char *prop_str; x11vnc_remote_str[0] = '\0'; RAWFB_RET_VOID #if !NO_X11 - x11vnc_remote_prop = XInternAtom(dpy, "X11VNC_REMOTE", False); + prop_str = getenv("X11VNC_REMOTE"); + if (prop_str == NULL) { + prop_str = "X11VNC_REMOTE"; + } + x11vnc_remote_prop = XInternAtom(dpy, prop_str, False); #endif } @@ -119,6 +130,189 @@ #endif /* NO_X11 */ } +/* + we observed these strings: + + 6 gdm_string: Gnome-power-manager + 6 gdm_string: Gnome-session + 6 gdm_string: Gnome-settings-daemon + 6 gdm_string: Login Window + 6 gdm_string: Notify-osd + 6 gdm_string: Panel + 12 gdm_string: Metacity + 12 gdm_string: gnome-power-manager + 12 gdm_string: gnome-session + 12 gdm_string: gnome-settings-daemon + 12 gdm_string: notify-osd + 18 gdm_string: Gdm-simple-greeter + 24 gdm_string: metacity + 36 gdm_string: gdm-simple-greeter + */ + +static int gdm_string(char *str) { + if (str == NULL) { + return 0; + } + if (str[0] == '\0') { + return 0; + } + if (0) fprintf(stderr, "gdm_string: %s\n", str); + if (strstr(str, "gdm-") == str || strstr(str, "Gdm-") == str) { + if (strstr(str, "-greeter") != NULL) { + return 1; + } + } + return 0; +} + +static int gdm_still_running(void) { +#if NO_X11 + return 0; +#else + Window r, parent; + Window *winlist; + unsigned int nc; + int rc, i; + static XClassHint *classhint = NULL; + XErrorHandler old_handler; + int saw_gdm_name = 0; + + /* some times a window can go away before we get to it */ + trapped_xerror = 0; + old_handler = XSetErrorHandler(trap_xerror); + + if (! classhint) { + classhint = XAllocClassHint(); + } + + /* we are xlocked. */ + rc = XQueryTree_wr(dpy, DefaultRootWindow(dpy), &r, &parent, &winlist, &nc); + if (!rc || winlist == NULL || nc == 0) { + nc = 0; + } + for (i=0; i < (int) nc; i++) { + char *name = NULL; + Window w = winlist[i]; + if (XFetchName(dpy, w, &name) && name != NULL) { + saw_gdm_name += gdm_string(name); + XFree_wr(name); + } + classhint->res_name = NULL; + classhint->res_class = NULL; + if (XGetClassHint(dpy, w, classhint)) { + name = classhint->res_name; + if (name != NULL) { + saw_gdm_name += gdm_string(name); + XFree_wr(name); + } + name = classhint->res_class; + if (name != NULL) { + saw_gdm_name += gdm_string(name); + XFree_wr(name); + } + } + if (saw_gdm_name > 0) { + break; + } + } + if (winlist != NULL) { + XFree_wr(winlist); + } + + XSync(dpy, False); + XSetErrorHandler(old_handler); + trapped_xerror = 0; + + return saw_gdm_name; +#endif +} + +static int wm_running(void) { + char *s = getenv("DEBUG_WM_RUNNING"); + RAWFB_RET(0) +#if NO_X11 + return 0; +#else + /* + * Unfortunately with recent GDM (v2.28), they run gnome-session, + * dbus-launch, and metacity for the Login greeter! So the simple + * XInternAtom checks below no longer work. + */ + if (gdm_still_running()) { + return 0; + } + + /* we are xlocked. */ + if (XInternAtom(dpy, "_NET_SUPPORTED", True) != None) { + if (s) rfbLog("wm is running (_NET_SUPPORTED).\n"); + return 1; + } + if (XInternAtom(dpy, "_WIN_PROTOCOLS", True) != None) { + if (s) rfbLog("wm is running (_WIN_PROTOCOLS).\n"); + return 1; + } + if (XInternAtom(dpy, "_XROOTPMAP_ID", True) != None) { + if (s) rfbLog("wm is running (_XROOTPMAP_ID).\n"); + return 1; + } + if (XInternAtom(dpy, "_MIT_PRIORITY_COLORS", True) != None) { + if (s) rfbLog("wm is running (_MIT_PRIORITY_COLORS).\n"); + return 1; + } + if (s) rfbLog("wm is not running.\n"); + return 0; +#endif /* NO_X11 */ + +} + +int guess_dm_gone(int t1, int t2) { + int wait = t2; + char *avoid = getenv("X11VNC_AVOID_WINDOWS"); + time_t tcheck = last_client; + + if (last_open_xdisplay > last_client) { + /* better time for -display WAIT:... */ + tcheck = last_open_xdisplay; + } + + if (avoid && !strcmp(avoid, "never")) { + return 1; + } + if (!screen || !screen->clientHead) { + return 0; + } + if (avoid) { + int n = atoi(avoid); + if (n > 1) { + wait = n; + } else { + wait = 90; + } + } else { + static time_t saw_wm = 0; + + wait = t2; + + X_LOCK; + if (wm_running()) { + if (saw_wm == 0) { + saw_wm = time(NULL); + } else if (time(NULL) <= saw_wm + 2) { + /* try to wait a few seconds after transition */ + ; + } else { + wait = t1; + } + } + X_UNLOCK; + } + /* we assume they've logged in OK after wait seconds... */ + if (time(NULL) <= tcheck + wait) { + return 0; + } + return 1; +} + static void initialize_xevents(int reset) { #if NO_X11 RAWFB_RET_VOID @@ -156,17 +350,27 @@ X_LOCK; xselectinput_rootwin |= PropertyChangeMask; XSelectInput_wr(dpy, rootwin, xselectinput_rootwin); + + if (subwin && freeze_when_obscured) { + XSelectInput_wr(dpy, subwin, VisibilityChangeMask); + } X_UNLOCK; did_xselect_input = 1; } if (watch_selection && !did_xcreate_simple_window) { /* create fake window for our selection ownership, etc */ - X_LOCK; - selwin = XCreateSimpleWindow(dpy, rootwin, 0, 0, 1, 1, 0, 0, 0); - X_UNLOCK; - did_xcreate_simple_window = 1; - if (0) rfbLog("selwin: 0x%lx\n", selwin); + /* + * We try to delay creating selwin until we are past + * any GDM, (or other KillInitClients=true) manager. + */ + if (guess_dm_gone(5, 45)) { + X_LOCK; + selwin = XCreateSimpleWindow(dpy, rootwin, 3, 2, 1, 1, 0, 0, 0); + X_UNLOCK; + did_xcreate_simple_window = 1; + if (! quiet) rfbLog("created selwin: 0x%lx\n", selwin); + } } if ((xrandr || xrandr_maybe) && !did_xrandr) { @@ -190,8 +394,16 @@ did_clipboard_atom = 1; } if (xfixes_present && use_xfixes && !did_xfixes) { - initialize_xfixes(); - did_xfixes = 1; + /* + * We try to delay creating initializing xfixes until + * we are past the display manager, due to Xorg bug: + * http://bugs.freedesktop.org/show_bug.cgi?id=18451 + */ + if (guess_dm_gone(5, 45)) { + initialize_xfixes(); + did_xfixes = 1; + if (! quiet) rfbLog("called initialize_xfixes()\n"); + } } if (xdamage_present && !did_xdamage) { initialize_xdamage(); @@ -212,7 +424,7 @@ fprintf(stderr, " SelClear=%d, Expose=%d\n", SelectionClear, Expose); } -void get_prop(char *str, int len, Atom prop) { +void get_prop(char *str, int len, Atom prop, Window w) { int i; #if !NO_X11 Atom type; @@ -235,9 +447,12 @@ #else slen = 0; - + if (w == None) { + w = DefaultRootWindow(dpy); + } + do { - if (XGetWindowProperty(dpy, DefaultRootWindow(dpy), + if (XGetWindowProperty(dpy, w, prop, nitems/4, len/16, False, AnyPropertyType, &type, &format, &nitems, &bytes_after, &data) == Success) { @@ -529,6 +744,7 @@ char propval[200]; int ev, er, maj, min; int db = 0; + char *ticker_str = "X11VNC_TICKER"; RAWFB_RET_VOID @@ -566,7 +782,10 @@ usleep(3 * sleep); - ticker_atom = XInternAtom(dpy, "X11VNC_TICKER", False); + if (getenv("X11VNC_TICKER")) { + ticker_str = getenv("X11VNC_TICKER"); + } + ticker_atom = XInternAtom(dpy, ticker_str, False); if (! ticker_atom) { fprintf(stderr, "grab_buster_watch: no ticker atom\n"); return; @@ -584,7 +803,7 @@ break; } - get_prop(propval, 128, ticker_atom); + get_prop(propval, 128, ticker_atom, None); if (db) fprintf(stderr, "got_prop: %s\n", propval); if (!process_watch(propval, parent, db)) { @@ -660,7 +879,11 @@ } if (! ticker_atom) { - ticker_atom = XInternAtom(dpy, "X11VNC_TICKER", False); + char *ticker_str = "X11VNC_TICKER"; + if (getenv("X11VNC_TICKER")) { + ticker_str = getenv("X11VNC_TICKER"); + } + ticker_atom = XInternAtom(dpy, ticker_str, False); } if (! ticker_atom) { return; @@ -871,20 +1094,48 @@ } } else { if (idle_reset) { - int i, state[256]; + int i, state[256], didmsg = 0, pressed = 0; + int mwt = 600, mmax = 20; + static int msgcnt = 0; + static double lastmsg = 0.0; + for (i=0; i<256; i++) { state[i] = 0; } if (use_threads) {X_LOCK;} get_keystate(state); if (use_threads) {X_UNLOCK;} + for (i=0; i<256; i++) { if (state[i] != 0) { /* better wait until all keys are up */ - rfbLog("active keyboard: waiting until" - " all keys are up. key_down=%d\n", i); - return; + pressed++; + if (msgcnt < mmax || dnow() > lastmsg + mwt) { + char *str = "unset"; +#if !NO_X11 + if (use_threads) {X_LOCK;} + str = XKeysymToString(XKeycodeToKeysym(dpy, i, 0)); + if (use_threads) {X_UNLOCK;} +#endif + str = str ? str : "nosymbol"; + didmsg++; + rfbLog("active keyboard: waiting until " + "all keys are up. key_down=%d %s. " + "If the key is inaccessible via keyboard, " + "consider 'x11vnc -R clear_all'\n", i, str); + } + } + } + if (didmsg > 0) { + msgcnt++; + if (msgcnt == mmax) { + rfbLog("active keyboard: last such " + "message for %d secs.\n", mwt); } + lastmsg = dnow(); + } + if (pressed > 0) { + return; } } if (idle_reset) { @@ -1055,38 +1306,99 @@ last_call = now; } - /* check for CUT_BUFFER0 and VNC_CONNECT changes: */ + if (freeze_when_obscured) { + if (XCheckTypedEvent(dpy, VisibilityNotify, &xev)) { + if (xev.type == VisibilityNotify && xev.xany.window == subwin) { + int prev = subwin_obscured; + if (xev.xvisibility.state == VisibilityUnobscured) { + subwin_obscured = 0; + } else if (xev.xvisibility.state == VisibilityPartiallyObscured) { + subwin_obscured = 1; + } else { + subwin_obscured = 2; + } + rfbLog("subwin_obscured: %d -> %d\n", prev, subwin_obscured); + } + } + } + + /* check for CUT_BUFFER0, VNC_CONNECT, X11VNC_REMOTE changes: */ if (XCheckTypedEvent(dpy, PropertyNotify, &xev)) { - if (xev.type == PropertyNotify) { - if (xev.xproperty.atom == XA_CUT_BUFFER0) { - /* - * Go retrieve CUT_BUFFER0 and send it. - * - * set_cutbuffer is a flag to try to avoid - * processing our own cutbuffer changes. - */ - if (have_clients && watch_selection - && ! set_cutbuffer) { - cutbuffer_send(); - sent_some_sel = 1; - } - set_cutbuffer = 0; - } else if (vnc_connect && vnc_connect_prop != None - && xev.xproperty.atom == vnc_connect_prop) { - /* - * Go retrieve VNC_CONNECT string. - */ - read_vnc_connect_prop(0); - } else if (vnc_connect && x11vnc_remote_prop != None - && xev.xproperty.atom == x11vnc_remote_prop) { - /* - * Go retrieve X11VNC_REMOTE string. - */ - read_x11vnc_remote_prop(0); + int got_cutbuffer = 0; + int got_vnc_connect = 0; + int got_x11vnc_remote = 0; + static int prop_dbg = -1; + + /* to avoid piling up between calls, read all PropertyNotify now */ + do { + if (xev.type == PropertyNotify) { + if (xev.xproperty.atom == XA_CUT_BUFFER0) { + got_cutbuffer++; + } else if (vnc_connect && vnc_connect_prop != None + && xev.xproperty.atom == vnc_connect_prop) { + got_vnc_connect++; + } else if (vnc_connect && x11vnc_remote_prop != None + && xev.xproperty.atom == x11vnc_remote_prop) { + got_x11vnc_remote++; + } + set_prop_atom(xev.xproperty.atom); + } + } while (XCheckTypedEvent(dpy, PropertyNotify, &xev)); + if (prop_dbg < 0) { + prop_dbg = 0; + if (getenv("PROP_DBG")) { + prop_dbg = 1; + } + } + if (prop_dbg && (got_cutbuffer > 1 || got_vnc_connect > 1 || got_x11vnc_remote > 1)) { + static double lastmsg = 0.0; + static int count = 0; + double now = dnow(); + + if (1 && now > lastmsg + 300.0) { + if (got_cutbuffer > 1) { + rfbLog("check_xevents: warning: %d cutbuffer events since last check.\n", got_cutbuffer); + } + if (got_vnc_connect > 1) { + rfbLog("check_xevents: warning: %d vnc_connect events since last check.\n", got_vnc_connect); + } + if (got_x11vnc_remote > 1) { + rfbLog("check_xevents: warning: %d x11vnc_remote events since last check.\n", got_x11vnc_remote); + } + count++; + if (count >= 3) { + lastmsg = now; + count = 0; + } } - set_prop_atom(xev.xproperty.atom); + } + + if (got_cutbuffer) { + /* + * Go retrieve CUT_BUFFER0 and send it. + * + * set_cutbuffer is a flag to try to avoid + * processing our own cutbuffer changes. + */ + if (have_clients && watch_selection && !set_cutbuffer) { + cutbuffer_send(); + sent_some_sel = 1; + } + set_cutbuffer = 0; + } + if (got_vnc_connect) { + /* + * Go retrieve VNC_CONNECT string. + */ + read_vnc_connect_prop(0); + } + if (got_x11vnc_remote) { + /* + * Go retrieve X11VNC_REMOTE string. + */ + read_x11vnc_remote_prop(0); } } @@ -1106,7 +1418,7 @@ } #endif #if LIBVNCSERVER_HAVE_LIBXFIXES - if (xfixes_present && use_xfixes && xfixes_base_event_type) { + if (xfixes_present && use_xfixes && xfixes_first_initialized && xfixes_base_event_type) { if (XCheckTypedEvent(dpy, xfixes_base_event_type + XFixesCursorNotify, &xev)) { got_xfixes_cursor_notify++; @@ -1184,7 +1496,7 @@ req = "CLIPBOARD"; } if (which != 0 && ! own && have_clients && - XGetSelectionOwner(dpy, atom) != None) { + XGetSelectionOwner(dpy, atom) != None && selwin != None) { XConvertSelection(dpy, atom, XA_STRING, XA_STRING, selwin, CurrentTime); if (debug_sel) { @@ -1348,6 +1660,10 @@ void xcut_receive(char *text, int len, rfbClientPtr cl) { allowed_input_t input; + if (threads_drop_input) { + return; + } + if (unixpw_in_progress) { rfbLog("xcut_receive: unixpw_in_progress, skipping.\n"); return; @@ -1366,33 +1682,91 @@ if (!input.clipboard) { return; } + INPUT_LOCK; + + if (remote_prefix != NULL && strstr(text, remote_prefix) == text) { + char *result, *rcmd = text + strlen(remote_prefix); + char *tmp = (char *) calloc(len + 8, 1); + + if (strstr(rcmd, "cmd=") != rcmd && strstr(rcmd, "qry=") != rcmd) { + strcat(tmp, "qry="); + } + strncat(tmp, rcmd, len - strlen(remote_prefix)); + rfbLog("remote_prefix command: '%s'\n", tmp); + + if (use_threads) { + if (client_connect_file) { + FILE *f = fopen(client_connect_file, "w"); + if (f) { + fprintf(f, "%s\n", tmp); + fclose(f); + free(tmp); + INPUT_UNLOCK; + return; + } + } + if (vnc_connect) { + sprintf(x11vnc_remote_str, "%s", tmp); + free(tmp); + INPUT_UNLOCK; + return; + } + } + INPUT_UNLOCK; + + + result = process_remote_cmd(tmp, 1); + if (result == NULL ) { + result = strdup("null"); + } else if (!strcmp(result, "")) { + free(result); + result = strdup("none"); + } + rfbLog("remote_prefix result: '%s'\n", result); + + free(tmp); + tmp = (char *) calloc(strlen(remote_prefix) + strlen(result) + 1, 1); + + strcat(tmp, remote_prefix); + strcat(tmp, result); + free(result); + + rfbSendServerCutText(screen, tmp, strlen(tmp)); + free(tmp); + + return; + } if (! check_sel_direction("recv", "xcut_receive", text, len)) { + INPUT_UNLOCK; return; } #ifdef MACOSX if (macosx_console) { macosx_set_sel(text, len); + INPUT_UNLOCK; return; } #endif if (rawfb_vnc_reflect) { vnc_reflect_send_cuttext(text, len); + INPUT_UNLOCK; return; } RAWFB_RET_VOID #if NO_X11 + INPUT_UNLOCK; return; #else X_LOCK; /* associate this text with PRIMARY (and SECONDARY...) */ - if (set_primary && ! own_primary) { + if (set_primary && ! own_primary && selwin != None) { own_primary = 1; /* we need to grab the PRIMARY selection */ XSetSelectionOwner(dpy, XA_PRIMARY, selwin, CurrentTime); @@ -1402,7 +1776,7 @@ } } - if (set_clipboard && ! own_clipboard && clipboard_atom != None) { + if (set_clipboard && ! own_clipboard && clipboard_atom != None && selwin != None) { own_clipboard = 1; /* we need to grab the CLIPBOARD selection */ XSetSelectionOwner(dpy, clipboard_atom, selwin, CurrentTime); @@ -1444,6 +1818,7 @@ XFlush_wr(dpy); X_UNLOCK; + INPUT_UNLOCK; set_cutbuffer = 1; #endif /* NO_X11 */ @@ -1649,6 +2024,7 @@ return; } + /* mutex */ new_save = screen->newClientHook; screen->newClientHook = new_client_chat_helper; diff -Nru x11vnc-0.9.8/x11vnc/xevents.h x11vnc-0.9.9/x11vnc/xevents.h --- x11vnc-0.9.8/x11vnc/xevents.h 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/xevents.h 2009-12-21 04:58:10.000000000 +0000 @@ -59,7 +59,8 @@ extern void set_text_chat(rfbClientPtr cl, int l, char *t); extern int get_keyboard_led_state_hook(rfbScreenInfoPtr s); extern int get_file_transfer_permitted(rfbClientPtr cl); -extern void get_prop(char *str, int len, Atom prop); +extern void get_prop(char *str, int len, Atom prop, Window w); +extern int guess_dm_gone(int t1, int t2); #endif /* _X11VNC_XEVENTS_H */ diff -Nru x11vnc-0.9.8/x11vnc/xinerama.c x11vnc-0.9.9/x11vnc/xinerama.c --- x11vnc-0.9.8/x11vnc/xinerama.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/xinerama.c 2009-12-21 04:58:10.000000000 +0000 @@ -344,12 +344,14 @@ RAWFB_RET_VOID + X_LOCK; if (! XineramaQueryExtension(dpy, &ev, &er)) { if (verbose) { rfbLog("Xinerama: disabling: display does not support it.\n"); } xinerama = 0; xinerama_present = 0; + X_UNLOCK; return; } if (! XineramaIsActive(dpy)) { @@ -359,6 +361,7 @@ } xinerama = 0; xinerama_present = 0; + X_UNLOCK; return; } xinerama_present = 1; @@ -385,6 +388,7 @@ rfbLog("\n"); } XFree_wr(xineramas); + X_UNLOCK; return; /* must be OK w/o change */ } @@ -406,6 +410,7 @@ sc++; } XFree_wr(xineramas); + X_UNLOCK; if (sraRgnEmpty(black_region)) { diff -Nru x11vnc-0.9.8/x11vnc/xrandr.c x11vnc-0.9.9/x11vnc/xrandr.c --- x11vnc-0.9.8/x11vnc/xrandr.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/xrandr.c 2009-12-21 04:58:10.000000000 +0000 @@ -143,6 +143,8 @@ RAWFB_RET_VOID + /* assumes no X_LOCK */ + /* sanity check xrandr_mode */ if (! xrandr_mode) { xrandr_mode = strdup("default"); @@ -184,6 +186,8 @@ RAWFB_RET(0) + /* it is assumed that X_LOCK is on at this point. */ + if (subwin) { return handle_subwin_resize(msg); } @@ -235,8 +239,13 @@ if (wdpy_x == rev->width && wdpy_y == rev->height && xrandr_rotation == (int) rev->rotation) { - rfbLog("check_xrandr_event: no change detected.\n"); + rfbLog("check_xrandr_event: no change detected.\n"); do_change = 0; + if (! xrandr) { + rfbLog("check_xrandr_event: " + "enabling full XRANDR trapping anyway.\n"); + xrandr = 1; + } } else { do_change = 1; if (! xrandr) { @@ -256,6 +265,7 @@ XRRUpdateConfiguration(&xev); if (do_change) { + /* under do_change caller normally returns before its X_UNLOCK */ X_UNLOCK; handle_xrandr_change(rev->width, rev->height); } diff -Nru x11vnc-0.9.8/x11vnc/xwrappers.c x11vnc-0.9.9/x11vnc/xwrappers.c --- x11vnc-0.9.8/x11vnc/xwrappers.c 2009-06-14 16:29:17.000000000 +0100 +++ x11vnc-0.9.9/x11vnc/xwrappers.c 2009-12-21 04:58:10.000000000 +0000 @@ -755,7 +755,6 @@ del = 0; while (len > 0) { n = read(raw_fb_fd, dst + del, len); -//if (db > 2) fprintf(stderr, "len: %d n: %d\n", len, n); if (n > 0) { del += n; @@ -767,7 +766,6 @@ } } if (bpl > sz) { -//if (db > 1) fprintf(stderr, "bpl>sz %d %d\n", bpl, sz); off = (off_t) (bpl - sz); lseek(raw_fb_fd, off, SEEK_CUR); }